From 00f473b3cc959d598ce7676f16b3dcdf01b88014 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 4 Jan 2012 15:16:20 +0000
Subject: [PATCH] Check GOST parameters are not NULL (CVE-2012-0027)

---
 CHANGES                        | 3 +++
 engines/ccgost/gost2001_keyx.c | 4 ++++
 engines/ccgost/gost94_keyx.c   | 4 ++++
 3 files changed, 11 insertions(+)

diff --git a/CHANGES b/CHANGES
index 901a3c3e6d..0fc2b70b25 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 1.0.0e and 1.0.0f [xx XXX xxxx]
 
+  *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
+     [Andrey Kulikov <amdeich@gmail.com>]
+
   *) Prevent malformed RFC3779 data triggering an assertion failure.
      Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
      and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
diff --git a/engines/ccgost/gost2001_keyx.c b/engines/ccgost/gost2001_keyx.c
index 00759bcab0..c748102857 100644
--- a/engines/ccgost/gost2001_keyx.c
+++ b/engines/ccgost/gost2001_keyx.c
@@ -280,6 +280,10 @@ int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t * key_l
 		}
 		
 	param = get_encryption_params(gkt->key_agreement_info->cipher);
+    if(!param){
+        goto err;
+    }
+
 	gost_init(&ctx,param->sblock);	
 	OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
 	memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);
diff --git a/engines/ccgost/gost94_keyx.c b/engines/ccgost/gost94_keyx.c
index 624be586a5..0d7d3ffe6a 100644
--- a/engines/ccgost/gost94_keyx.c
+++ b/engines/ccgost/gost94_keyx.c
@@ -261,6 +261,10 @@ int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *key_len
 		}
 
 	param = get_encryption_params(gkt->key_agreement_info->cipher);
+    if(!param){
+        goto err;
+    }
+	
 	gost_init(&cctx,param->sblock);	
 	OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
 	memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);
-- 
2.25.1