summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2012-01-04 23:03:20 +0000
committerDr. Stephen Henson <steve@openssl.org>2012-01-04 23:03:20 +0000
commita17b5d5a4f50f50f46d27fc52158455d12833196 (patch)
tree62322d9b0977002df7a3e2d12ed3ef4786406751
parent2f97765bc37cccdac6d6ae5d46aee76b2b445582 (diff)
Check GOST parameters are not NULL (CVE-2012-0027)
Diffstat
-rw-r--r--CHANGES3
-rw-r--r--engines/ccgost/gost2001_keyx.c4
-rw-r--r--engines/ccgost/gost94_keyx.c4
3 files changed, 11 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index c5f58e8fcf..338e49d95c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -10,6 +10,9 @@
*) Add support for SCTP.
[Robin Seggelmann <seggelmann@fh-muenster.de>]
+ *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
+ [Andrey Kulikov <amdeich@gmail.com>]
+
*) Prevent malformed RFC3779 data triggering an assertion failure.
Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
diff --git a/engines/ccgost/gost2001_keyx.c b/engines/ccgost/gost2001_keyx.c
index 00759bcab0..c748102857 100644
--- a/engines/ccgost/gost2001_keyx.c
+++ b/engines/ccgost/gost2001_keyx.c
@@ -280,6 +280,10 @@ int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t * key_l
}
param = get_encryption_params(gkt->key_agreement_info->cipher);
+ if(!param){
+ goto err;
+ }
+
gost_init(&ctx,param->sblock);
OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);
diff --git a/engines/ccgost/gost94_keyx.c b/engines/ccgost/gost94_keyx.c
index 624be586a5..0d7d3ffe6a 100644
--- a/engines/ccgost/gost94_keyx.c
+++ b/engines/ccgost/gost94_keyx.c
@@ -261,6 +261,10 @@ int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *key_len
}
param = get_encryption_params(gkt->key_agreement_info->cipher);
+ if(!param){
+ goto err;
+ }
+
gost_init(&cctx,param->sblock);
OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 12:14:24 +0000