zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openssl/crypto
History
Viktor Dukhovni 0890cd13d4 Avoid type errors in EAI-related name check logic. 
The incorrectly typed data is read only, used in a compare operation, so
neither remote code execution, nor memory content disclosure were possible.
However, applications performing certificate name checks were vulnerable to
denial of service.

The GENERAL_TYPE data type is a union, and we must take care to access the
correct member, based on `gen->type`, not all the member fields have the same
structure, and a segfault is possible if the wrong member field is read.

The code in question was lightly refactored with the intent to make it more
obviously correct.

Fixes CVE-2024-6119

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
2024-09-03 11:58:40 +02:00
..
aes
enable AES-XTS optimization for AIX
2024-05-30 18:46:43 +02:00
aria
Change loops conditions to make zero loop risk more obvious.
2022-05-24 14:11:20 +10:00
asn1
When calling ASN1_item_i2d () check both returned length and allocated pointer
2024-08-20 11:45:14 +02:00
async
posix_async: FreeBSD also defines {make|swap|get|set}context
2024-04-04 08:45:13 +02:00
bf
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
bio
that open brace { should be on the previous line
2024-07-22 06:55:35 -04:00
bn
Missing .rodata for AVX2/AVX512 codepaths
2024-09-02 10:26:45 +02:00
buffer
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
camellia
Unable to run asm code on OpenBSD (amd64)
2024-04-17 09:38:06 +02:00
cast
Copyright year updates
2023-09-07 09:59:15 +01:00
chacha
chacha-riscv64-v-zbb.pl: better format
2024-05-08 11:10:45 +02:00
cmac
Add FIPS indicator to CMAC.
2024-07-31 09:04:17 +10:00
cmp
open brace '{' following struct go on the same line
2024-07-22 06:55:35 -04:00
cms
When calling ASN1_item_i2d () check both returned length and allocated pointer
2024-08-20 11:45:14 +02:00
comp
Copyright year updates
2023-09-07 09:59:15 +01:00
conf
Fix line continuation check in config parser
2024-07-16 21:32:40 +02:00
crmf
CMP: add support for requesting cert template using genm/genp
2024-06-20 13:38:13 +02:00
ct
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
des
that open brace { should be on the previous line
2024-07-22 06:55:35 -04:00
dh
Copyright year updates
2024-04-09 13:43:26 +02:00
dsa
fix: drop DSA <=> dsaWithSHA1 aliasing
2024-07-12 11:20:23 +02:00
dso
Copyright year updates
2024-04-09 13:43:26 +02:00
ec
FIPS: Add EDDSA public key validation.
2024-08-23 21:23:53 +02:00
encode_decode
Copyright year updates
2024-04-09 13:43:26 +02:00
engine
convert users of build time defaults to use new defaults api
2024-07-09 04:01:44 -04:00
err
Add ED25519 and ED448 support for EVP_PKEY_{sign,verify}_init_ex2()
2024-08-29 19:13:07 +02:00
ess
ess_lib.c: Changed ERR_LIB_CMS to ERR_LIB_ESS
2024-04-30 09:21:30 +02:00
evp
Improve base64 BIO correctness and error reporting
2024-08-30 15:09:10 +02:00
ffc
EVP_MD_size() updates
2024-08-29 10:29:53 +02:00
hashtable
ossl_ht_insert(): Allow for 4 iterations of grow_hashtable()
2024-08-22 14:52:43 +02:00
hmac
s390x: Fix HMAC digest detection
2024-09-02 10:23:22 +02:00
hpke
open brace '{' following struct go on the same line
2024-07-22 06:55:35 -04:00
http
Copyright year updates
2024-04-09 13:43:26 +02:00
idea
that open brace { should be on the previous line
2024-07-22 06:55:35 -04:00
kdf
lhash
Copyright year updates
2024-04-09 13:43:26 +02:00
md2
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
md4
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
md5
md5: add assembly implementation for loongarch64
2023-12-27 10:15:29 +01:00
mdc2
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
modes
Missing .rodata for AVX2/AVX512 codepaths
2024-09-02 10:26:45 +02:00
objects
fix: alias auditEntity OID
2024-08-26 10:38:44 +01:00
ocsp
EVP_MD_size() updates
2024-08-29 10:29:53 +02:00
pem
Remove trailing whitespace
2024-07-22 06:55:35 -04:00
perlasm
MASM: Need to strip arguments after .pdata or .xdata
2024-06-26 12:03:45 +02:00
pkcs7
When calling ASN1_item_i2d () check both returned length and allocated pointer
2024-08-20 11:45:14 +02:00
pkcs12
EVP_MD_size() updates
2024-08-29 10:29:53 +02:00
poly1305
poly1305.c: fix typo on POLY1305_BLOCK_SIZE
2024-04-17 09:41:14 +02:00
property
Set down_load factor on hash table when culling items in doall
2024-07-16 06:05:14 -04:00
rand
Explicitly include e_os.h for close()
2024-08-19 12:27:41 +02:00
rc2
Copyright year updates
2023-09-07 09:59:15 +01:00
rc4
Copyright year updates
2023-09-07 09:59:15 +01:00
rc5
Copyright year updates
2023-09-07 09:59:15 +01:00
ripemd
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
rsa
EVP_MD_size() updates
2024-08-29 10:29:53 +02:00
seed
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
sha
s390x: support CPACF sha3/shake performance improvements
2024-08-29 19:26:06 +02:00
siphash
crypto/*: Fix various typos, repeated words, align some spelling to LDP.
2022-10-12 16:55:01 +11:00
sm2
EVP_MD_size() updates
2024-08-29 10:29:53 +02:00
sm3
riscv: Fix cpuid_obj asm checks for sm4/sm3
2024-07-12 11:09:02 +01:00
sm4
that open brace { should be on the previous line
2024-07-22 06:55:35 -04:00
srp
Copyright year updates
2023-09-28 14:23:29 +01:00
stack
Copyright year updates
2024-04-09 13:43:26 +02:00
store
Prefer ARRAY_SIZE(...)
2024-07-22 06:55:35 -04:00
thread
Copyright year updates
2023-09-07 09:59:15 +01:00
ts
EVP_MD_size() updates
2024-08-29 10:29:53 +02:00
txt_db
Copyright year updates
2023-09-07 09:59:15 +01:00
ui
Copyright year updates
2023-09-07 09:59:15 +01:00
whrlpool
Unable to run asm code on OpenBSD (amd64)
2024-04-17 09:38:06 +02:00
x509
Avoid type errors in EAI-related name check logic.
2024-09-03 11:58:40 +02:00
alphacpuid.pl
arm64cpuid.pl
Update copyright year
2022-05-03 13:34:51 +01:00
arm_arch.h
Copyright year updates
2024-04-09 13:43:26 +02:00
armcap.c
Add support for elf_aux_info() on OpenBSD
2024-09-02 16:12:48 +02:00
armv4cpuid.pl
Copyright year updates
2023-09-07 09:59:15 +01:00
asn1_dsa.c
bsearch.c
build.info
Add FIPS indicator callback.
2024-07-11 08:29:43 +10:00
c64xpluscpuid.pl
comp_methods.c
Move stack of compression methods from libssl to OSSL_LIB_CTX
2024-05-28 08:56:13 +02:00
context.c
Add FIPS indicator callback.
2024-07-11 08:29:43 +10:00
core_algorithm.c
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
core_fetch.c
"Reserve" the method store when constructing methods
2022-07-20 07:28:17 +01:00
core_namemap.c
core_namemap.c: 2048 hashtable buckets should be sufficient
2024-08-21 15:21:26 +02:00
cpt_err.c
Use the new hashtable for core_namemap
2024-08-21 15:21:26 +02:00
cpuid.c
Copyright year updates
2023-09-28 14:23:29 +01:00
cryptlib.c
Copyright year updates
2023-09-07 09:59:15 +01:00
ctype.c
Copyright year updates
2023-09-07 09:59:15 +01:00
cversion.c
Allow OPENSSLDIR/ENGINESDIR/MODULESDIR to be NULL
2024-07-09 04:01:44 -04:00
defaults.c
Fix typos found by codespell
2024-08-07 19:09:43 +02:00
der_writer.c
der_writer: Use uint32_t instead of long.
2022-06-27 10:58:40 +02:00
deterministic_nonce.c
Correct top for EC/DSA nonces if BN_DEBUG is on
2024-05-02 09:21:30 +02:00
dllmain.c
Update copyright year
2022-05-03 13:34:51 +01:00
ebcdic.c
ex_data.c
Fix error handling in CRYPTO_get_ex_new_index
2023-09-21 14:43:08 +02:00
getenv.c
Update copyright year
2022-05-03 13:34:51 +01:00
ia64cpuid.S
indicator_core.c
Add FIPS indicator callback.
2024-07-11 08:29:43 +10:00
info.c
JITTER: implement error handling from jitter library
2024-07-31 14:44:51 +10:00
init.c
Copyright year updates
2024-04-09 13:43:26 +02:00
initthread.c
crypto/initthread.c: fix misspelled OSSL_provider_init() in comment
2023-10-26 15:45:41 +01:00
loongarch64cpuid.pl
LoongArch64 assembly pack: Really implement OPENSSL_rdtsc
2023-12-19 18:34:34 +01:00
loongarch_arch.h
Copyright year updates
2023-09-07 09:59:15 +01:00
loongarchcap.c
Copyright year updates
2023-09-07 09:59:15 +01:00
LPdir_nyi.c
LPdir_unix.c
Copyright year updates
2023-09-07 09:59:15 +01:00
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_sec.c
open brace '{' following struct go on the same line
2024-07-22 06:55:35 -04:00
mem.c
Introduce new internal hashtable implementation
2024-04-24 12:03:30 +10:00
mips_arch.h
o_dir.c
Update copyright year
2022-05-03 13:34:51 +01:00
o_fopen.c
o_fopen: fix coding style and build error with VS2010
2024-07-12 11:23:56 +01:00
o_init.c
Update copyright year
2022-05-03 13:34:51 +01:00
o_str.c
crypto: factorize to hex chars conversion code.
2024-08-07 19:25:10 +02:00
o_time.c
packet.c
Copyright year updates
2023-09-07 09:59:15 +01:00
param_build_set.c
ossl_param_build_set_multi_key_bn(): Do not set NULL BIGNUMs
2023-10-18 18:07:13 +02:00
param_build.c
params: drop INT_MAX checks
2023-12-29 10:21:10 +01:00
params_dup.c
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
params_from_text.c
Copyright year updates
2024-04-09 13:43:26 +02:00
params_idx.c.in
params: provide a faster TRIE based param lookup.
2023-06-02 15:13:20 +10:00
params.c
uefi: move variables
2024-05-30 18:38:12 +02:00
pariscid.pl
passphrase.c
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
ppccap.c
Add support for elf_aux_info() on OpenBSD
2024-09-02 16:12:48 +02:00
ppccpuid.pl
Update copyright year
2022-05-03 13:34:51 +01:00
provider_child.c
Copyright year updates
2023-09-07 09:59:15 +01:00
provider_conf.c
Fix remaining provider config settings to be decisive in value
2023-12-27 09:32:48 +01:00
provider_core.c
Add FIPS indicator callback.
2024-07-11 08:29:43 +10:00
provider_local.h
make struct provider_info_st a full type
2021-06-24 14:48:15 +01:00
provider_predefined.c
make struct provider_info_st a full type
2021-06-24 14:48:15 +01:00
provider.c
Copyright year updates
2023-09-07 09:59:15 +01:00
punycode.c
Copyright year updates
2023-09-07 09:59:15 +01:00
quic_vlint.c
QUIC: Enable building with QUIC support disabled
2023-01-13 13:20:16 +00:00
rcu_internal.h
Copyright year updates
2024-04-09 13:43:26 +02:00
README-sparse_array.md
riscv32cpuid.pl
Implement riscv_vlen_asm for riscv32
2024-05-10 17:02:49 +02:00
riscv64cpuid.pl
riscv: Add basic vector extension support
2023-10-26 15:55:49 +01:00
riscvcap.c
crypto/riscvcap: fix function declaration for hwprobe_to_cap
2024-05-14 15:24:26 +02:00
s390x_arch.h
s390x: support CPACF sha3/shake performance improvements
2024-08-29 19:26:06 +02:00
s390xcap.c
Copyright year updates
2023-09-07 09:59:15 +01:00
s390xcpuid.pl
s390x: support CPACF sha3/shake performance improvements
2024-08-29 19:26:06 +02:00
self_test_core.c
open brace '{' following struct go on the same line
2024-07-22 06:55:35 -04:00
sleep.c
For Unix, refactor OSSL_sleep() to use nanosleep() instead of usleep()
2024-05-22 09:59:32 +02:00
sparccpuid.S
sparcv9cap.c
Split bignum code out of the sparcv9cap.c
2021-07-15 09:33:04 +02:00
sparse_array.c
typo fix
2024-04-04 08:34:17 +02:00
threads_lib.c
Define threads_lib.c functions only for OPENSSL_SYS_UNIX
2022-11-14 07:47:53 +00:00
threads_none.c
threads_win: fix build error with VS2010 x86
2024-07-01 10:02:02 +02:00
threads_pthread.c
disable rwlocks on nonstop klt model
2024-07-31 08:05:53 -04:00
threads_win.c
Detect MinGW 32 bit for NO_INTERLOCKEDOR64
2024-09-02 10:24:58 +02:00
time.c
Copyright year updates
2023-09-07 09:59:15 +01:00
trace.c
"foo * bar" should be "foo *bar"
2023-09-11 10:15:30 +02:00
uid.c
Copyright year updates
2023-09-07 09:59:15 +01:00
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl