Neil Horman a552c23c65 Harden asn1 oid loader to invalid inputs ... In the event that a config file contains this sequence: ======= openssl_conf = openssl_init config_diagnostics = 1 [openssl_init] oid_section = oids [oids] testoid1 = 1.2.3.4.1 testoid2 = A Very Long OID Name, 1.2.3.4.2 testoid3 = ,1.2.3.4.3 ====== The leading comma in testoid3 can cause a heap buffer overflow, as the parsing code will move the string pointer back 1 character, thereby pointing to an invalid memory space correct the parser to detect this condition and handle it by treating it as if the comma doesn't exist (i.e. an empty long oid name) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22957)		2023-12-13 11:10:36 -05:00
..
aes	remove duplicated typedef for u64	2023-12-12 20:01:34 +01:00
aria
asn1	Harden asn1 oid loader to invalid inputs	2023-12-13 11:10:36 -05:00
async
bf
bio	Deprecate SPT threading support on NonStop.	2023-12-12 10:39:54 -05:00
bn	Avoid an infinite loop in BN_GF2m_mod_inv	2023-12-12 16:08:59 +00:00
buffer
camellia
cast	Copyright year updates	2023-09-07 09:59:15 +01:00
chacha	riscv: Provide a vector implementation of CHACHA20 cipher.	2023-10-26 15:55:50 +01:00
cmac	Copyright year updates	2023-09-07 09:59:15 +01:00
cmp	CMP: fix OSSL_CMP_MSG_http_perform() by adding option OSSL_CMP_OPT_USE_TLS	2023-10-10 20:36:06 +02:00
cms	Fix a possible memleak in CMS_sign_receipt	2023-11-22 09:31:03 +01:00
comp	Copyright year updates	2023-09-07 09:59:15 +01:00
conf	Add notes on use of strdup	2023-10-24 17:30:58 +01:00
crmf	Copyright year updates	2023-09-07 09:59:15 +01:00
ct
des	Copyright year updates	2023-09-07 09:59:15 +01:00
dh	Make DH_check_pub_key() and DH_generate_key() safer yet	2023-11-06 07:55:01 +00:00
dsa	DH_check_pub_key() should not fail when setting result code	2023-10-11 16:22:27 +02:00
dso	Copyright year updates	2023-09-07 09:59:15 +01:00
ec	Correct comment in crypto/ec/curve448/ed448.h	2023-11-01 17:34:05 +01:00
encode_decode	ossl_decoder_cache_flush(): Do not raise an error if there is no cache	2023-12-06 13:59:13 +01:00
engine	Improved detection of engine-provided private "classic" keys	2023-10-04 11:02:00 +11:00
err	Make DH_check_pub_key() and DH_generate_key() safer yet	2023-11-06 07:55:01 +00:00
ess
evp	Add EVP_DigestSqueeze() API.	2023-11-10 13:27:00 +01:00
ffc	DH_check_pub_key() should not fail when setting result code	2023-10-11 16:22:27 +02:00
hmac
hpke	Add additional internal HPKE hardening checks resulting from code audit.	2023-11-03 09:10:19 +01:00
http	Fix some invalid use of sscanf	2023-12-12 16:12:32 +00:00
idea
kdf
lhash	All lh_stats functions were deprecated in 3.1	2023-10-04 07:52:41 +11:00
md2
md4
md5	Enable BTI feature for md5 on aarch64	2023-12-13 10:41:34 +01:00
mdc2
modes	Provide additional AES-GCM test patterns to enhance test coverage.	2023-10-26 15:55:50 +01:00
objects	ensure that ossl_obj_nid_lock is allocated before use	2023-10-18 16:52:45 +02:00
ocsp	Copyright year updates	2023-09-07 09:59:15 +01:00
pem	Copyright year updates	2023-09-28 14:23:29 +01:00
perlasm	x86_64-xlate.pl: Fix build with icx and nvc compilers	2023-11-24 17:21:39 +01:00
pkcs7	Fix possible memleak in PKCS7_add0_attrib_signing_time	2023-11-22 09:49:02 +01:00
pkcs12	Copyright year updates	2023-09-28 14:23:29 +01:00
poly1305	Copyright year updates	2023-09-07 09:59:15 +01:00
property	Add overflow checks to parse_number/parse_hex/parse_oct	2023-12-07 12:07:43 -05:00
rand	internal/common.h: rename macro (un)likely to ossl_(un)likely	2023-11-03 21:08:22 +01:00
rc2	Copyright year updates	2023-09-07 09:59:15 +01:00
rc4	Copyright year updates	2023-09-07 09:59:15 +01:00
rc5	Copyright year updates	2023-09-07 09:59:15 +01:00
ripemd
rsa	rsa: Add SP800-56Br2 6.4.1.2.1 (3.c) check	2023-10-25 09:26:51 +01:00
seed
sha	SHA3_squeeze(): The next argument is int	2023-11-23 15:13:53 +00:00
siphash
sm2	Copyright year updates	2023-09-07 09:59:15 +01:00
sm3	riscv: Support sm3 on platforms with vlen >= 128.	2023-10-26 15:55:50 +01:00
sm4	Update for Zvkb extension.	2023-10-26 15:55:50 +01:00
srp	Copyright year updates	2023-09-28 14:23:29 +01:00
stack	Copyright year updates	2023-09-07 09:59:15 +01:00
store	Copyright year updates	2023-09-28 14:23:29 +01:00
thread	Copyright year updates	2023-09-07 09:59:15 +01:00
ts	Copyright year updates	2023-09-07 09:59:15 +01:00
txt_db	Copyright year updates	2023-09-07 09:59:15 +01:00
ui	Copyright year updates	2023-09-07 09:59:15 +01:00
whrlpool	Copyright year updates	2023-09-07 09:59:15 +01:00
x509	Fix a possible memory leak in do_othername	2023-12-12 13:43:08 +01:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h	Optimize AES-CTR for ARM Neoverse V1 and V2.	2023-11-29 18:10:31 +01:00
armcap.c	Optimize AES-CTR for ARM Neoverse V1 and V2.	2023-11-29 18:10:31 +01:00
armv4cpuid.pl	Copyright year updates	2023-09-07 09:59:15 +01:00
asn1_dsa.c
bsearch.c
build.info	Do not include sparse_array.o in libssl	2023-09-22 20:42:48 +02:00
c64xpluscpuid.pl
context.c	Copyright year updates	2023-09-07 09:59:15 +01:00
core_algorithm.c
core_fetch.c
core_namemap.c	Copyright year updates	2023-09-07 09:59:15 +01:00
cpt_err.c
cpuid.c	Copyright year updates	2023-09-28 14:23:29 +01:00
cryptlib.c	Copyright year updates	2023-09-07 09:59:15 +01:00
ctype.c	Copyright year updates	2023-09-07 09:59:15 +01:00
cversion.c
der_writer.c
deterministic_nonce.c	Copyright year updates	2023-09-07 09:59:15 +01:00
dllmain.c
ebcdic.c
ex_data.c	Fix error handling in CRYPTO_get_ex_new_index	2023-09-21 14:43:08 +02:00
getenv.c
ia64cpuid.S
info.c	Copyright year updates	2023-09-07 09:59:15 +01:00
init.c	Copyright year updates	2023-09-07 09:59:15 +01:00
initthread.c	crypto/initthread.c: fix misspelled OSSL_provider_init() in comment	2023-10-26 15:45:41 +01:00
loongarch64cpuid.pl
loongarch_arch.h	Copyright year updates	2023-09-07 09:59:15 +01:00
loongarchcap.c	Copyright year updates	2023-09-07 09:59:15 +01:00
LPdir_nyi.c
LPdir_unix.c	Copyright year updates	2023-09-07 09:59:15 +01:00
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_sec.c	Add locking to CRYPTO_secure_used	2023-12-01 09:03:04 -05:00
mem.c	Windows: use srand() instead of srandom()	2023-10-13 15:04:42 +02:00
mips_arch.h
o_dir.c
o_fopen.c
o_init.c
o_str.c	Copyright year updates	2023-09-28 14:23:29 +01:00
o_time.c
packet.c	Copyright year updates	2023-09-07 09:59:15 +01:00
param_build_set.c	ossl_param_build_set_multi_key_bn(): Do not set NULL BIGNUMs	2023-10-18 18:07:13 +02:00
param_build.c	ossl-params: check length returned by strlen()	2023-12-12 19:55:19 +01:00
params_dup.c
params_from_text.c
params_idx.c.in
params.c	Copyright year updates	2023-09-07 09:59:15 +01:00
pariscid.pl
passphrase.c
ppccap.c
ppccpuid.pl
provider_child.c	Copyright year updates	2023-09-07 09:59:15 +01:00
provider_conf.c	Copyright year updates	2023-09-07 09:59:15 +01:00
provider_core.c	After initializing a provider, check if its output dispatch table is NULL	2023-12-04 15:12:34 +01:00
provider_local.h
provider_predefined.c
provider.c	Copyright year updates	2023-09-07 09:59:15 +01:00
punycode.c	Copyright year updates	2023-09-07 09:59:15 +01:00
quic_vlint.c
README-sparse_array.md
riscv32cpuid.pl
riscv64cpuid.pl	riscv: Add basic vector extension support	2023-10-26 15:55:49 +01:00
riscvcap.c	riscv: Add basic vector extension support	2023-10-26 15:55:49 +01:00
s390x_arch.h	Copyright year updates	2023-09-07 09:59:15 +01:00
s390xcap.c	Copyright year updates	2023-09-07 09:59:15 +01:00
s390xcpuid.pl
self_test_core.c
sleep.c	Copyright year updates	2023-09-07 09:59:15 +01:00
sparccpuid.S
sparcv9cap.c
sparse_array.c
threads_lib.c
threads_none.c	Copyright year updates	2023-09-07 09:59:15 +01:00
threads_pthread.c	Copyright year updates	2023-09-07 09:59:15 +01:00
threads_win.c	Copyright year updates	2023-09-07 09:59:15 +01:00
time.c	Copyright year updates	2023-09-07 09:59:15 +01:00
trace.c	"foo * bar" should be "foo *bar"	2023-09-11 10:15:30 +02:00
uid.c	Copyright year updates	2023-09-07 09:59:15 +01:00
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl