wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Check GOST parameters are not NULL (CVE-2012-0027)

Browse source
This commit is contained in:
Dr. Stephen Henson 2012-01-04 23:03:40 +00:00
parent be71c37296
commit 6bf896d9b1
3 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGES
View file

@ -261,6 +261,9 @@
*) Add support for SCTP.
[Robin Seggelmann <seggelmann@fh-muenster.de>]
*) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
[Andrey Kulikov <amdeich@gmail.com>]
*) Prevent malformed RFC3779 data triggering an assertion failure.
Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)

4
engines/ccgost/gost2001_keyx.c
View file

@ -280,6 +280,10 @@ int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t * key_l
}
param = get_encryption_params(gkt->key_agreement_info->cipher);
if(!param){
goto err;
}
gost_init(&ctx,param->sblock);
OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);

4
engines/ccgost/gost94_keyx.c
View file

@ -261,6 +261,10 @@ int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *key_len
}
param = get_encryption_params(gkt->key_agreement_info->cipher);
if(!param){
goto err;
}
gost_init(&cctx,param->sblock);
OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);