Impact
TLS clients using GOST engine when ciphersuite TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC is agreed and server uses 512 bit GOST secret keys are vulnerable to buffer overrun.
Patches
Users should update GOST engine to version 3.0.1
Workarounds
Disabling ciphersuite TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC is a possible workaround
References
RFC 9189 specifies 2 variants of GOST key wrap into blob in section 4.2.4. Both of them require the same approach for checking the passed values. OpenSSL passes a big enough buffer in case of the variant described in 4.2.4.2 but not enough buffer in case of 4.2.4.1.
See also OpenSSL upstream PR openssl/openssl#18381
For more information
If you have any questions or comments about this advisory:
BuHToPe3 Analyst
Impact
TLS clients using GOST engine when ciphersuite TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC is agreed and server uses 512 bit GOST secret keys are vulnerable to buffer overrun.
Patches
Users should update GOST engine to version 3.0.1
Workarounds
Disabling ciphersuite TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC is a possible workaround
References
RFC 9189 specifies 2 variants of GOST key wrap into blob in section 4.2.4. Both of them require the same approach for checking the passed values. OpenSSL passes a big enough buffer in case of the variant described in 4.2.4.2 but not enough buffer in case of 4.2.4.1.
See also OpenSSL upstream PR openssl/openssl#18381
For more information
If you have any questions or comments about this advisory: