mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-06 13:26:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
43da9a14f0
openssl/crypto/evp
History
Matt Caswell 43da9a14f0 Prevent an overflow if an application supplies a buffer that is too small 
If an application bug means that a buffer smaller than is necessary is
passed to various functions then OpenSSL does not spot that the buffer
is too small and fills it anyway. This PR prevents that.

Since it requires an application bug to hit this problem, no CVE is
allocated.

Thanks to David Benjamin for reporting this issue.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
2021-10-22 08:43:26 +01:00
..
asymcipher.c Adapt all public EVP_XXX_do_all_provided() for the changed evp_generic_do_all() 2021-06-15 16:21:32 +02:00
bio_b64.c Update copyright year 2021-06-17 13:24:59 +01:00
bio_enc.c Update copyright year 2021-06-17 13:24:59 +01:00
bio_md.c evp: remove TODOs 2021-06-02 16:30:15 +10:00
bio_ok.c bio: improve error checking fixing coverity 1485659 & 1485665 2021-06-08 19:32:17 +10:00
build.info Remove unused code from the fips module 2021-05-08 20:44:41 +10:00
c_allc.c
c_alld.c
cmeth_lib.c Fix EVP_MD_meth_dup and EVP_CIPHER_meth_dup 2021-07-28 09:36:54 +10:00
ctrl_params_translate.c ctrl_params_translate: Fix leak of BN_CTX 2021-10-12 16:45:21 +02:00
dh_ctrl.c todo: remove TODO(3.0) from the sources. 2021-05-20 09:00:22 +01:00
dh_support.c Fixes related to separation of DH and DHX types 2021-04-26 19:52:11 +02:00
digest.c fips module header inclusion fine-tunning 2021-07-06 10:52:27 +10:00
dsa_ctrl.c todo: remove TODO(3.0) from the sources. 2021-05-20 09:00:22 +01:00
e_aes_cbc_hmac_sha1.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
e_aes_cbc_hmac_sha256.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
e_aes.c s390x: AES OFB/CFB: Maintain running IV from cipher context 2021-08-16 13:02:50 +02:00
e_aria.c evp: fix improper use of negative value issues 2021-06-08 19:32:17 +10:00
e_bf.c Update copyright year 2021-06-17 13:24:59 +01:00
e_camellia.c Split bignum code out of the sparcv9cap.c 2021-07-15 09:33:04 +02:00
e_cast.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
e_chacha20_poly1305.c Update copyright year 2021-04-22 14:38:44 +01:00
e_des3.c Split bignum code out of the sparcv9cap.c 2021-07-15 09:33:04 +02:00
e_des.c Split bignum code out of the sparcv9cap.c 2021-07-15 09:33:04 +02:00
e_idea.c Update copyright year 2021-06-17 13:24:59 +01:00
e_null.c Update copyright year 2021-04-22 14:38:44 +01:00
e_old.c
e_rc2.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
e_rc4_hmac_md5.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
e_rc4.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
e_rc5.c Update copyright year 2021-06-17 13:24:59 +01:00
e_seed.c
e_sm4.c evp: fix improper use of negative value issues 2021-06-08 19:32:17 +10:00
e_xcbc_d.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
ec_ctrl.c todo: remove TODO(3.0) from the sources. 2021-05-20 09:00:22 +01:00
ec_support.c Add convenience functions and macros for asymmetric key generation 2021-05-11 12:46:42 +02:00
encode.c
evp_cnf.c Don't try and load the config file while already loading the config file 2021-07-28 10:35:06 +10:00
evp_enc.c EVP_CIPHER_CTX_set_key_length: Raise error when key length is not settable 2021-08-11 17:11:47 +02:00
evp_err.c err: rename err_load_xxx_strings_int functions 2021-05-26 13:01:47 +10:00
evp_fetch.c Don't try and load the config file while already loading the config file 2021-07-28 10:35:06 +10:00
evp_key.c Update copyright year 2021-06-17 13:24:59 +01:00
evp_lib.c Fix EVP_MD_meth_dup and EVP_CIPHER_meth_dup 2021-07-28 09:36:54 +10:00
evp_local.h Refactor evp_generic_do_all() to behave like evp_generic_fetch() 2021-06-15 16:21:32 +02:00
evp_pbe.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
evp_pkey.c EVP: Add EVP_PKEY_get0_provider() and EVP_PKEY_CTX_get0_provider() 2021-07-26 12:11:54 +02:00
evp_rand.c fips module header inclusion fine-tunning 2021-07-06 10:52:27 +10:00
evp_utils.c Rename the field 'provctx and data' to 'algctx' inside some objects containing 2021-05-24 10:12:18 +10:00
exchange.c Adapt all public EVP_XXX_do_all_provided() for the changed evp_generic_do_all() 2021-06-15 16:21:32 +02:00
kdf_lib.c fips module header inclusion fine-tunning 2021-07-06 10:52:27 +10:00
kdf_meth.c Adapt all public EVP_XXX_do_all_provided() for the changed evp_generic_do_all() 2021-06-15 16:21:32 +02:00
kem.c Adapt all public EVP_XXX_do_all_provided() for the changed evp_generic_do_all() 2021-06-15 16:21:32 +02:00
keymgmt_lib.c Fix lock leak in evp_keymgmt_util_export_to_provider() 2021-10-16 10:22:42 +02:00
keymgmt_meth.c ENCODER & DECODER: Make a tighter coupling between en/decoders and keymgmt 2021-06-29 17:03:45 +10:00
legacy_blake2.c Add "origin" field to EVP_CIPHER, EVP_MD 2021-04-18 10:03:07 +02:00
legacy_md2.c Update copyright year 2021-04-22 14:38:44 +01:00
legacy_md4.c Update copyright year 2021-04-22 14:38:44 +01:00
legacy_md5_sha1.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
legacy_md5.c Update copyright year 2021-04-22 14:38:44 +01:00
legacy_mdc2.c Update copyright year 2021-04-22 14:38:44 +01:00
legacy_meth.h Update copyright year 2021-06-17 13:24:59 +01:00
legacy_ripemd.c Update copyright year 2021-04-22 14:38:44 +01:00
legacy_sha.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
legacy_wp.c Update copyright year 2021-04-22 14:38:44 +01:00
m_null.c Update copyright year 2021-04-22 14:38:44 +01:00
m_sigver.c Prevent an overflow if an application supplies a buffer that is too small 2021-10-22 08:43:26 +01:00
mac_lib.c EVP: Change the output size type of EVP_Q_digest() and EVP_Q_mac() 2021-06-23 23:00:36 +02:00
mac_meth.c Adapt all public EVP_XXX_do_all_provided() for the changed evp_generic_do_all() 2021-06-15 16:21:32 +02:00
names.c Update copyright year 2021-03-11 13:27:36 +00:00
p5_crpt2.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
p5_crpt.c Update copyright year 2021-06-17 13:24:59 +01:00
p_dec.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
p_enc.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
p_legacy.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
p_lib.c Prevent an overflow if an application supplies a buffer that is too small 2021-10-22 08:43:26 +01:00
p_open.c
p_seal.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
p_sign.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
p_verify.c Update copyright year 2021-04-22 14:38:44 +01:00
pbe_scrypt.c Add library context and property query support into the PKCS12 API 2021-04-30 09:15:50 +10:00
pmeth_check.c Make EVP_PKEY_check() be an alias for EVP_PKEY_pairwise_check() 2021-07-15 10:54:25 +10:00
pmeth_gn.c fips module header inclusion fine-tunning 2021-07-06 10:52:27 +10:00
pmeth_lib.c Fix double free in EVP_PKEY_CTX_dup() 2021-09-03 12:31:59 +02:00
signature.c Prevent an overflow if an application supplies a buffer that is too small 2021-10-22 08:43:26 +01:00