From a17b5d5a4f50f50f46d27fc52158455d12833196 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 4 Jan 2012 23:03:20 +0000 Subject: Check GOST parameters are not NULL (CVE-2012-0027) --- CHANGES | 3 +++ engines/ccgost/gost2001_keyx.c | 4 ++++ engines/ccgost/gost94_keyx.c | 4 ++++ 3 files changed, 11 insertions(+) diff --git a/CHANGES b/CHANGES index c5f58e8fcf..338e49d95c 100644 --- a/CHANGES +++ b/CHANGES @@ -10,6 +10,9 @@ *) Add support for SCTP. [Robin Seggelmann ] + *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027) + [Andrey Kulikov ] + *) Prevent malformed RFC3779 data triggering an assertion failure. Thanks to Andrew Chi, BBN Technologies, for discovering the flaw and Rob Austein for fixing it. (CVE-2011-4577) diff --git a/engines/ccgost/gost2001_keyx.c b/engines/ccgost/gost2001_keyx.c index 00759bcab0..c748102857 100644 --- a/engines/ccgost/gost2001_keyx.c +++ b/engines/ccgost/gost2001_keyx.c @@ -280,6 +280,10 @@ int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t * key_l } param = get_encryption_params(gkt->key_agreement_info->cipher); + if(!param){ + goto err; + } + gost_init(&ctx,param->sblock); OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8); memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8); diff --git a/engines/ccgost/gost94_keyx.c b/engines/ccgost/gost94_keyx.c index 624be586a5..0d7d3ffe6a 100644 --- a/engines/ccgost/gost94_keyx.c +++ b/engines/ccgost/gost94_keyx.c @@ -261,6 +261,10 @@ int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *key_len } param = get_encryption_params(gkt->key_agreement_info->cipher); + if(!param){ + goto err; + } + gost_init(&cctx,param->sblock); OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8); memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8); -- cgit v1.2.3