[openssl] openssl-3.0 update
Dr. Paul Dale
pauli at openssl.org
Tue Oct 26 22:38:40 UTC 2021
The branch openssl-3.0 has been updated
via d146811f6cce155eeb1a87396943c953acb08fb6 (commit)
from 1682a8524652c4f1386852f0d0c1dec75895b7da (commit)
- Log -----------------------------------------------------------------
commit d146811f6cce155eeb1a87396943c953acb08fb6
Author: x2018 <xkernel.wang at foxmail.com>
Date: Fri Oct 22 22:50:27 2021 +0800
add checks for the return values of BN_new(), sk_RSA_PRIME_INFO_new_reserve(),
EVP_PKEY_CTX_new_from_pkey() and EVP_CIPHER_CTX_new().
Otherwise may result in memory errors.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16892)
(cherry picked from commit 9dddcd90a1350fa63486cbf3226c3eee79f9aff5)
-----------------------------------------------------------------------
Summary of changes:
crypto/cms/cms_pwri.c | 4 ++++
crypto/dsa/dsa_sign.c | 3 ++-
crypto/ec/ec_asn1.c | 3 ++-
crypto/evp/p_lib.c | 2 ++
crypto/pem/pvkfmt.c | 5 +++++
crypto/rsa/rsa_backend.c | 2 ++
6 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index bc2b5179b7..380240561f 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -85,6 +85,10 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
goto merr;
}
ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) {
ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index 6e87bd1657..21b0cbd5fb 100644
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -65,7 +65,8 @@ DSA_SIG *d2i_DSA_SIG(DSA_SIG **psig, const unsigned char **ppin, long len)
sig->r = BN_new();
if (sig->s == NULL)
sig->s = BN_new();
- if (ossl_decode_der_dsa_sig(sig->r, sig->s, ppin, (size_t)len) == 0) {
+ if (sig->r == NULL || sig->s == NULL
+ || ossl_decode_der_dsa_sig(sig->r, sig->s, ppin, (size_t)len) == 0) {
if (psig == NULL || *psig == NULL)
DSA_SIG_free(sig);
return NULL;
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 31519137c6..6323131a22 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -1223,7 +1223,8 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **psig, const unsigned char **ppin, long len)
sig->r = BN_new();
if (sig->s == NULL)
sig->s = BN_new();
- if (ossl_decode_der_dsa_sig(sig->r, sig->s, ppin, (size_t)len) == 0) {
+ if (sig->r == NULL || sig->s == NULL
+ || ossl_decode_der_dsa_sig(sig->r, sig->s, ppin, (size_t)len) == 0) {
if (psig == NULL || *psig == NULL)
ECDSA_SIG_free(sig);
return NULL;
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 38e22f3b6c..2552dd702a 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1850,6 +1850,8 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx,
if (tmp_keymgmt == NULL) {
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pk, propquery);
+ if (ctx == NULL)
+ goto end;
tmp_keymgmt = ctx->keymgmt;
ctx->keymgmt = NULL;
EVP_PKEY_CTX_free(ctx);
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 11ac0a7c40..21b16f5928 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -832,6 +832,11 @@ static void *do_PVK_body_key(const unsigned char **in,
#endif
EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
+ if (cctx == NULL) {
+ ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
if (saltlen) {
#ifndef OPENSSL_NO_RC4
unsigned int magic;
diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c
index 85ad54e4cf..46283265d2 100644
--- a/crypto/rsa/rsa_backend.c
+++ b/crypto/rsa/rsa_backend.c
@@ -392,6 +392,8 @@ RSA *ossl_rsa_dup(const RSA *rsa, int selection)
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
&& (pnum = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) > 0) {
dupkey->prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum);
+ if (dupkey->prime_infos == NULL)
+ goto err;
for (i = 0; i < pnum; i++) {
const RSA_PRIME_INFO *pinfo = NULL;
RSA_PRIME_INFO *duppinfo = NULL;
More information about the openssl-commits
mailing list