Ask for signature length before allocating a buffer.

This fixes a potential heap buffer overflow that may happen when a signature is longer than the private key, as with X9.62 ECDSA (#609).
pyca · hynek · Jul 20, 2017 · Jul 19, 2017 · Jul 19, 2017 · Jul 20, 2017
commit 36f8d81b1d82add6ee6dcfbc80cc50c52127c722
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
@@ -2801,9 +2801,13 @@ def sign(pkey, data, digest):
     _lib.EVP_SignInit(md_ctx, digest_obj)
     _lib.EVP_SignUpdate(md_ctx, data, len(data))
 
-    pkey_length = (PKey.bits(pkey) + 7) // 8
-    signature_buffer = _ffi.new("unsigned char[]", pkey_length)
-    signature_length = _ffi.new("unsigned int*")
+    # obtain the length of the signature.
+    signature_length = _ffi.new("unsigned int[]", 1)
+    len_result = _lib.EVP_SignFinal(
+        md_ctx, _ffi.NULL, signature_length, pkey._pkey)
+    _openssl_assert(len_result == 1)
+
+    signature_buffer = _ffi.new("unsigned char[]", signature_length[0])
     final_result = _lib.EVP_SignFinal(
         md_ctx, signature_buffer, signature_length, pkey._pkey)
     _openssl_assert(final_result == 1)