openssl/crypto
Viktor Dukhovni 748f478f81 Fix type confusion in nc_match_single()
This function assumes that if the "gen" is an OtherName, then the "base"
is a rfc822Name constraint. This assumption is not true in all cases.
If the end-entity certificate contains an OtherName SAN of any type besides
SmtpUtf8Mailbox and the CA certificate contains a name constraint of
OtherName (of any type), then "nc_email_eai" will be invoked, with the
OTHERNAME "base" being incorrectly interpreted as a ASN1_IA5STRING.

Reported by Corey Bonnell from Digicert.

CVE-2022-4203

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
2023-02-07 17:05:10 +01:00
..
aes Add vpaes-loongarch64.pl module. 2022-10-12 18:02:12 +11:00
aria
asn1 PKCS12 - Add additional libctx and propq support. 2023-01-16 17:17:31 +01:00
async Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
bf Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
bio Implement BIO_s_dgram_mem() reusing the BIO_s_dgram_pair() code 2023-01-27 16:11:38 +01:00
bn Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
buffer Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
camellia
cast Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
chacha Fix big-endian issue in chacha20 SVE implementation on aarch64 2023-01-16 17:03:34 +01:00
cmac Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
cmp Fix Coverity 1520485: logically dead code 2023-01-26 10:25:33 +01:00
cms Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID 2022-12-22 11:01:06 +01:00
comp Add zlib oneshot compression 2022-11-07 11:23:13 +01:00
conf stack: Do not add error if pop/shift/value accesses outside of the stack 2022-10-21 18:02:35 +02:00
crmf Compensate for CMP-related TODOs removed by PR #15539 2022-12-07 21:57:36 +01:00
ct Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
des Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
dh DH_check[_params]() use libctx of the dh for prime checks 2022-11-18 06:57:17 +00:00
dsa Implement deterministic ECDSA sign (RFC6979) 2022-11-30 07:31:53 +00:00
dso crypto/dso/dso_vms.c: Better definition of DSO_MALLOC() 2022-10-28 12:11:30 +02:00
ec Support all five EdDSA instances from RFC 8032 2023-01-13 07:09:09 +00:00
encode_decode Coverity 1515953: negative loop bound 2022-10-14 12:53:02 +11:00
engine crypto: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
err Write SSL_R alerts to error state to keep updated strings 2023-01-05 19:48:01 +01:00
ess Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
evp Fix incomplete checks for EVP_CIPHER_asn1_to_param 2023-01-25 14:27:14 +00:00
ffc Fix incorrect check on RAND_bytes_ex() in generate_q_fips186_4() 2023-01-23 10:40:26 +01:00
hmac
hpke prevent HPKE sender setting seq unwisely 2022-12-08 10:59:03 +01:00
http OSSL_HTTP_REQ_CTX_nbio(): use OSSL_TRACE_STRING() for msg body where it makes sense 2023-01-26 09:16:52 +01:00
idea Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
kdf
lhash Change all references to OpenSSL 3.1 to OpenSSL 3.2 in the master branch 2022-10-07 10:05:50 +02:00
md2 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
md4 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
md5 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
mdc2 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
modes Do not build P10-specific AES-GCM assembler on AIX 2022-12-14 12:53:05 +01:00
objects Allow OBJ_create() to create an OBJ and NID with a NULL OID 2022-12-13 15:40:16 +01:00
ocsp Fix incomplete check on X509V3_add1_i2d() 2023-01-31 11:05:51 +11:00
pem When using PEM_read_bio_PrivateKey_ex() the public key is optional 2022-11-25 10:32:18 +01:00
perlasm Add two new build targets to enable the possibility of using clang-cl as 2022-11-24 06:36:47 +00:00
pkcs7 Fix incomplete check on EVP_CIPHER_param_to_asn1() 2023-02-02 10:14:12 +11:00
pkcs12 PKCS12 - Add additional libctx and propq support. 2023-01-16 17:17:31 +01:00
poly1305
property Correct property EBNF for unquoted strings 2023-01-20 10:15:53 +11:00
rand Release the drbg in the global default context before engines 2022-11-02 11:01:20 +01:00
rc2 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
rc4 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
rc5 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
ripemd Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
rsa Make RSA_generate_multi_prime_key() not segfault if e is NULL. 2023-01-12 10:46:22 -05:00
seed Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
sha crypto/sha/asm/sha512-ia64.pl: When checking assembler file names, ignore case 2022-11-04 10:37:13 +01:00
siphash crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
sm2 Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
sm3
sm4 Fix SM4-XTS build failure on Mac mini M1 2023-02-06 12:36:07 +01:00
srp add a check for the return of sk_SRP_gN_new_null() so that capture the potential memory error in time 2022-10-20 19:04:44 +11:00
stack Errors raised from OPENSSL_sk_set should have ERR_LIB_CRYPTO 2022-10-21 18:02:35 +02:00
store crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
thread Don't set cancel state/type 2022-12-01 15:34:38 +01:00
ts crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
txt_db txt_db: fix -Wunused-but-set-variable 2022-10-21 15:56:32 +02:00
ui Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
whrlpool Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
x509 Fix type confusion in nc_match_single() 2023-02-07 17:05:10 +01:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h Apply SM4 optimization patch to Kunpeng-920 2022-11-02 08:45:10 +11:00
armcap.c Enable AES optimisation on Apple Silicon M2-based systems 2023-01-30 09:49:13 +11:00
armv4cpuid.pl
asn1_dsa.c
bsearch.c
build.info Do not include sparse_array.o in libssl with no-shared 2023-01-31 11:10:22 +11:00
c64xpluscpuid.pl
context.c Add functions supporting thread pool only when it is enabled 2022-11-22 17:08:23 +01:00
core_algorithm.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
core_fetch.c
core_namemap.c
cpt_err.c
cpuid.c
cryptlib.c
ctype.c Fixed typos in documentation and comments 2023-01-04 12:53:05 +01:00
cversion.c
der_writer.c
deterministic_nonce.c Address coverity issue CID 1517105 2022-12-16 18:57:42 +01:00
dllmain.c
ebcdic.c
ex_data.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
getenv.c
ia64cpuid.S
info.c info.c: Fix typos in seed macro name and description string 2023-01-10 12:15:42 +01:00
init.c Add ZSTD compression support (RFC8478bis) 2022-10-18 09:30:21 -04:00
initthread.c
loongarch64cpuid.pl Add LoongArch64 cpuid and OPENSSL_loongarchcap_P 2022-10-12 18:02:12 +11:00
loongarch_arch.h Add LoongArch64 cpuid and OPENSSL_loongarchcap_P 2022-10-12 18:02:12 +11:00
loongarchcap.c Add LoongArch64 cpuid and OPENSSL_loongarchcap_P 2022-10-12 18:02:12 +11:00
LPdir_nyi.c
LPdir_unix.c
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_sec.c Do not check definition of a macro and use it in a single condition 2023-01-12 10:46:52 +01:00
mem.c
mips_arch.h
o_dir.c
o_fopen.c crypto: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
o_init.c
o_str.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
o_time.c
packet.c QUIC: Enable building with QUIC support disabled 2023-01-13 13:20:16 +00:00
param_build_set.c
param_build.c OSSL_PARAM_BLD and BIGNUM; ensure at least one byte is allocated 2023-01-11 23:38:13 +01:00
params_dup.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
params_from_text.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
params.c In OSSL_PARAM_set_BN(), make sure that the data_size field is at least 1 2023-01-11 23:38:13 +01:00
pariscid.pl
passphrase.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
ppccap.c
ppccpuid.pl
provider_child.c Fix a potential memory leak in crypto/provider_child.c 2023-02-01 08:20:08 +11:00
provider_conf.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
provider_core.c Implement OSSL_PROVIDER_get0_default_search_path, add docs and tests. 2022-12-06 18:24:06 +01:00
provider_local.h
provider_predefined.c
provider.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
punycode.c punycode: update to use WPACKET instead of using custom range checking 2022-11-11 08:14:47 +11:00
quic_vlint.c QUIC: Enable building with QUIC support disabled 2023-01-13 13:20:16 +00:00
README-sparse_array.md
riscv32cpuid.pl
riscv64cpuid.pl
riscvcap.c
s390x_arch.h
s390xcap.c
s390xcpuid.pl
self_test_core.c
sleep.c Rename ossl_sleep() to OSSL_sleep() and make it public 2022-10-06 08:01:09 +02:00
sparccpuid.S
sparcv9cap.c
sparse_array.c
threads_lib.c Define threads_lib.c functions only for OPENSSL_SYS_UNIX 2022-11-14 07:47:53 +00:00
threads_none.c CRYPTO_THREAD_lock_new(): Avoid infinite recursion on allocation error 2022-10-05 10:20:10 +11:00
threads_pthread.c CRYPTO_THREAD_lock_new(): Avoid infinite recursion on allocation error 2022-10-05 10:20:10 +11:00
threads_win.c CRYPTO_THREAD_lock_new(): Avoid infinite recursion on allocation error 2022-10-05 10:20:10 +11:00
time.c
trace.c add OSSL_TRACE_STRING(), OSSL_TRACE_STRING_MAX, and OSSL_trace_string() 2023-01-26 09:16:51 +01:00
uid.c
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl