From a59efbfc7ecb0197a48655b27a6d7e808d4a3040 Mon Sep 17 00:00:00 2001
From: Sean Kannanaikal <stk5106@rit.edu>
Date: Wed, 22 Jan 2025 07:38:47 -0500
Subject: [PATCH] Fix magic + 20 in PEM_ASN1_write_bio

Fixes #26476

In the file crypto/pem/pem_lib.c the function had a +20 to account for
padding in the data size, however this was recognized to not be up to
standard quality. Instead it has now been updated to use the static
maximum block size and uses that for the calculation as opposed to a +20.

CLA: trivial

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26526)
---
 crypto/pem/pem_lib.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 5eff44dbbba..307c9108ab9 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -356,9 +356,8 @@ PEM_ASN1_write_bio_internal(
         dsize = 0;
         goto err;
     }
-    /* dsize + 8 bytes are needed */
-    /* actually it needs the cipher block size extra... */
-    data = OPENSSL_malloc((unsigned int)dsize + 20);
+    /* Allocate enough space for one extra cipher block */
+    data = OPENSSL_malloc((unsigned int)dsize + EVP_MAX_BLOCK_LENGTH);
     if (data == NULL)
         goto err;
     p = data;
-- 
2.47.2