zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openssl/crypto
History
Richard Levitte d63b3e7959 Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate 
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form.  For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier.

To mitigate this, a restriction on the size that OBJ_obj2txt() will
translate to canonical numeric text form is added, based on RFC 2578
(STD 58), which says this:

> 3.5. OBJECT IDENTIFIER values
>
> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
> For the SMIv2, each number in the list is referred to as a sub-identifier,
> there are at most 128 sub-identifiers in a value, and each sub-identifier
> has a maximum value of 2^32-1 (4294967295 decimal).

Fixes otc/security#96
Fixes CVE-2023-2650

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
2023-06-06 10:48:50 +02:00
..
aes
fix aes-xts bug on aarch64 big-endian env.
2023-04-28 09:19:49 +02:00
aria
Change loops conditions to make zero loop risk more obvious.
2022-05-24 14:11:20 +10:00
asn1
SMIME_crlf_copy(): check for NULL pointer arguments
2023-06-01 09:56:20 +02:00
async
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
bf
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
bio
bss_dgram.c: Use BIO_ADDR_sockaddr() and BIO_ADDR_sockaddr_size()
2023-03-07 15:24:54 +01:00
bn
Fix a typo found by codespell in a variable name
2023-05-11 12:26:00 +10:00
buffer
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
camellia
Rename x86-32 assembly files from .s to .S.
2022-05-24 13:16:06 +10:00
cast
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
chacha
Ensure there's only one copy of OPENSSL_armcap_P in libcrypto.a
2023-03-29 12:21:31 +02:00
cmac
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
cmp
allow to disable http
2023-06-06 11:05:02 +10:00
cms
CMS_ContentInfo_free(): fix mem leak on encrypted content key
2023-06-01 09:56:20 +02:00
comp
Add zlib oneshot compression
2022-11-07 11:23:13 +01:00
conf
Prevent a fuzzing timeout in the conf fuzzer
2023-05-08 10:33:48 +01:00
crmf
CMS, PKCS7, and CRMF: simplify use of EVP_PKEY_decrypt() by helper function
2023-05-30 22:02:10 +02:00
ct
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
des
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
dh
FFC cleanups
2023-04-03 10:31:04 +02:00
dsa
FFC cleanups
2023-04-03 10:31:04 +02:00
dso
crypto/dso/dso_vms.c: Better definition of DSO_MALLOC()
2022-10-28 12:11:30 +02:00
ec
ecp_nistp256.c: Fix exponent in comment
2023-05-11 19:45:34 +02:00
encode_decode
Coverity 1515953: negative loop bound
2022-10-14 12:53:02 +11:00
engine
Fix memory leak in engine_cleanup_add_first()
2023-05-09 17:31:43 +02:00
err
allow to disable http
2023-06-06 11:05:02 +10:00
ess
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
evp
Ignore the fetch error when a legacy algorithm is found
2023-06-01 09:50:28 +02:00
ffc
FFC cleanups
2023-04-03 10:31:04 +02:00
hmac
Adapt other parts of the source to the changed EVP_Q_digest() and EVP_Q_mac()
2021-06-23 23:00:36 +02:00
hpke
Fix a HPKE API to put libctx, propq as last (optional parameters).
2023-04-14 13:11:24 +10:00
http
http proxy handling: Use ossl_safe_getenv() instead of getenv()
2023-04-28 09:55:27 +02:00
idea
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
kdf
lhash
Change all references to OpenSSL 3.1 to OpenSSL 3.2 in the master branch
2022-10-07 10:05:50 +02:00
md2
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
md4
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
md5
fix md5 bug on aarch64 big-endian plantform.
2023-04-28 14:36:35 +02:00
mdc2
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
modes
Fix arm64 asm code back compatible issue with gcc 4.9.4
2023-05-31 10:50:28 +10:00
objects
Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate
2023-06-06 10:48:50 +02:00
ocsp
Fix incomplete check on X509V3_add1_i2d()
2023-01-31 11:05:51 +11:00
pem
Avoid dangling ptrs in header and data params for PEM_read_bio_ex
2023-02-07 17:05:10 +01:00
perlasm
riscv: GCM: Simplify GCM calculation
2023-03-16 13:12:19 +11:00
pkcs7
CMS, PKCS7, and CRMF: simplify use of EVP_PKEY_decrypt() by helper function
2023-05-30 22:02:10 +02:00
pkcs12
Ignore the fetch error when a legacy algorithm is found
2023-06-01 09:50:28 +02:00
poly1305
Ensure there's only one copy of OPENSSL_armcap_P in libcrypto.a
2023-03-29 12:21:31 +02:00
property
Only call OPENSSL_init_crypto on fetch if using the default libctx
2023-02-22 10:03:14 +11:00
rand
Avoid taking a write lock in RAND_get_rand_method()
2023-05-30 17:19:11 +01:00
rc2
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
rc4
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
rc5
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
ripemd
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
rsa
Compute RSA-PSS algorithm params in libcrypto for legacy
2023-06-01 10:02:28 +10:00
seed
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
sha
Ensure there's only one copy of OPENSSL_armcap_P in libcrypto.a
2023-03-29 12:21:31 +02:00
siphash
crypto/*: Fix various typos, repeated words, align some spelling to LDP.
2022-10-12 16:55:01 +11:00
sm2
Fix mem leak in ECDSA_sign().
2023-03-31 14:57:47 -04:00
sm3
Fix arm64 asm code back compatible issue with gcc 4.9.4
2023-05-31 10:50:28 +10:00
sm4
Fix SM4-XTS build failure on Mac mini M1
2023-02-06 12:36:07 +01:00
srp
add a check for the return of sk_SRP_gN_new_null() so that capture the potential memory error in time
2022-10-20 19:04:44 +11:00
stack
stack: fix searching when the stack isn't sorted.
2023-04-28 09:24:06 +02:00
store
crypto/*: Fix various typos, repeated words, align some spelling to LDP.
2022-10-12 16:55:01 +11:00
thread
Fix compilation error when using clang-cl 16 or higher
2023-04-03 08:19:43 +10:00
ts
crypto/*: Fix various typos, repeated words, align some spelling to LDP.
2022-10-12 16:55:01 +11:00
txt_db
txt_db: fix -Wunused-but-set-variable
2022-10-21 15:56:32 +02:00
ui
Fix stack corruption in ui_read
2023-05-17 12:07:02 +02:00
whrlpool
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
x509
allow to disable http
2023-06-06 11:05:02 +10:00
alphacpuid.pl
arm64cpuid.pl
Update copyright year
2022-05-03 13:34:51 +01:00
arm_arch.h
Apply aes-gcm unroll8+eor3 optimization patch to Neoverse V2
2023-02-08 16:54:57 +01:00
armcap.c
Ensure there's only one copy of OPENSSL_armcap_P in libcrypto.a
2023-03-29 12:21:31 +02:00
armv4cpuid.pl
Ensure there's only one copy of OPENSSL_armcap_P in libcrypto.a
2023-03-29 12:21:31 +02:00
asn1_dsa.c
Update copyright year
2021-04-08 13:04:41 +01:00
bsearch.c
build.info
params: provide a faster TRIE based param lookup.
2023-06-02 15:13:20 +10:00
c64xpluscpuid.pl
context.c
Fix calling pthread_key_delete on uninitialized data
2023-04-24 11:31:57 +02:00
core_algorithm.c
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
core_fetch.c
"Reserve" the method store when constructing methods
2022-07-20 07:28:17 +01:00
core_namemap.c
Add deprecation macro for 3.1 and deprecate OPENSSL_LH_stats
2022-06-22 09:36:14 +02:00
cpt_err.c
err: add additional errors
2022-01-12 20:10:21 +11:00
cpuid.c
Update copyright year
2022-05-03 13:34:51 +01:00
cryptlib.c
Fix UEFI support on win32
2023-04-13 10:25:55 +01:00
ctype.c
Fixed typos in documentation and comments
2023-01-04 12:53:05 +01:00
cversion.c
der_writer.c
der_writer: Use uint32_t instead of long.
2022-06-27 10:58:40 +02:00
deterministic_nonce.c
Address coverity issue CID 1517105
2022-12-16 18:57:42 +01:00
dllmain.c
Update copyright year
2022-05-03 13:34:51 +01:00
ebcdic.c
ex_data.c
When we're just reading EX_CALLBACK data just get a read lock
2023-05-30 17:26:02 +01:00
getenv.c
Update copyright year
2022-05-03 13:34:51 +01:00
ia64cpuid.S
info.c
info.c: Fix typos in seed macro name and description string
2023-01-10 12:15:42 +01:00
init.c
Add ZSTD compression support (RFC8478bis)
2022-10-18 09:30:21 -04:00
initthread.c
Update copyright year
2022-05-03 13:34:51 +01:00
loongarch64cpuid.pl
Add LoongArch64 cpuid and OPENSSL_loongarchcap_P
2022-10-12 18:02:12 +11:00
loongarch_arch.h
Add LoongArch64 cpuid and OPENSSL_loongarchcap_P
2022-10-12 18:02:12 +11:00
loongarchcap.c
Add LoongArch64 cpuid and OPENSSL_loongarchcap_P
2022-10-12 18:02:12 +11:00
LPdir_nyi.c
LPdir_unix.c
Update copyright year
2022-05-03 13:34:51 +01:00
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_sec.c
Do not check definition of a macro and use it in a single condition
2023-01-12 10:46:52 +01:00
mem.c
ERR: Make CRYPTO_malloc() and friends report ERR_R_MALLOC_FAILURE
2022-08-27 09:40:09 +02:00
mips_arch.h
o_dir.c
Update copyright year
2022-05-03 13:34:51 +01:00
o_fopen.c
crypto: Fix various typos, repeated words, align some spelling to LDP.
2022-10-12 16:55:01 +11:00
o_init.c
Update copyright year
2022-05-03 13:34:51 +01:00
o_str.c
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
o_time.c
Update copyright year
2021-03-11 13:27:36 +00:00
packet.c
Rationalize FIPS sources
2023-02-08 16:20:55 +01:00
param_build_set.c
Update copyright year
2022-05-03 13:34:51 +01:00
param_build.c
OSSL_PARAM_BLD and BIGNUM; ensure at least one byte is allocated
2023-01-11 23:38:13 +01:00
params_dup.c
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
params_from_text.c
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
params_idx.c.in
params: provide a faster TRIE based param lookup.
2023-06-02 15:13:20 +10:00
params.c
crypto/params: drop float for UEFI
2023-05-22 07:45:10 +01:00
pariscid.pl
passphrase.c
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
ppccap.c
Update copyright year
2022-05-03 13:34:51 +01:00
ppccpuid.pl
Update copyright year
2022-05-03 13:34:51 +01:00
provider_child.c
Fix a potential memory leak in crypto/provider_child.c
2023-02-01 08:20:08 +11:00
provider_conf.c
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
provider_core.c
Avoid taking a write lock in ossl_provider_doall_activated()
2023-06-02 09:12:42 +10:00
provider_local.h
make struct provider_info_st a full type
2021-06-24 14:48:15 +01:00
provider_predefined.c
make struct provider_info_st a full type
2021-06-24 14:48:15 +01:00
provider.c
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
punycode.c
Add more punycode tests and remove ossl_a2ucompare()
2023-02-08 16:17:37 +01:00
quic_vlint.c
QUIC: Enable building with QUIC support disabled
2023-01-13 13:20:16 +00:00
README-sparse_array.md
riscv32cpuid.pl
Add RISC-V 32 cpuid support
2022-09-05 10:20:30 +10:00
riscv64cpuid.pl
Add basic RISC-V cpuid and OPENSSL_riscvcap
2022-05-19 16:32:49 +10:00
riscvcap.c
Add basic RISC-V cpuid and OPENSSL_riscvcap
2022-05-19 16:32:49 +10:00
s390x_arch.h
S390X: Accelerate keccak XOF
2023-03-07 18:21:51 +01:00
s390xcap.c
S390x: Support ME and CRT offloading
2023-02-08 16:53:12 +01:00
s390xcpuid.pl
self_test_core.c
Update copyright year
2022-05-03 13:34:51 +01:00
sleep.c
OSSL_sleep(): Calling sleep() function if sleepTime > 1sec
2023-05-30 21:10:03 +02:00
sparccpuid.S
sparcv9cap.c
Split bignum code out of the sparcv9cap.c
2021-07-15 09:33:04 +02:00
sparse_array.c
Coverity 1507376: Dereference after null check
2022-07-22 14:42:13 +02:00
threads_lib.c
Define threads_lib.c functions only for OPENSSL_SYS_UNIX
2022-11-14 07:47:53 +00:00
threads_none.c
QUIC: Fix bugs where threading is disabled
2023-05-24 10:34:54 +01:00
threads_pthread.c
QUIC: Fix bugs where threading is disabled
2023-05-24 10:34:54 +01:00
threads_win.c
Add note about Windows LONG
2023-05-24 10:34:55 +01:00
time.c
Fix UEFI support on win32
2023-04-13 10:25:55 +01:00
trace.c
add OSSL_TRACE_STRING(), OSSL_TRACE_STRING_MAX, and OSSL_trace_string()
2023-01-26 09:16:51 +01:00
uid.c
Openssl fails to compile on Debian with kfreebsd kernels
2021-09-02 10:02:32 +10:00
vms_rms.h
x86_64cpuid.pl
Update copyright year
2021-04-08 13:04:41 +01:00
x86cpuid.pl