mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
a64c48cff8
openssl/crypto
History
Bernd Edlinger a64c48cff8 Fix stack corruption in ui_read 
This is an alternative to #20893

Additionally this fixes also a possible issue in UI_UTIL_read_pw:

When UI_new returns NULL, the result code would still be zero
as if UI_UTIL_read_pw succeeded, but the password buffer is left
uninitialized, with subsequent possible stack corruption or worse.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20957)
2023-05-17 12:07:02 +02:00
..
aes fix aes-xts bug on aarch64 big-endian env. 2023-04-28 09:19:49 +02:00
aria Change loops conditions to make zero loop risk more obvious. 2022-05-24 14:11:20 +10:00
asn1 Add negative integer check when using ASN1_BIT_STRING 2023-05-04 09:08:23 +10:00
async Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
bf Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
bio bss_dgram.c: Use BIO_ADDR_sockaddr() and BIO_ADDR_sockaddr_size() 2023-03-07 15:24:54 +01:00
bn Fix a typo found by codespell in a variable name 2023-05-11 12:26:00 +10:00
buffer Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
camellia Rename x86-32 assembly files from .s to .S. 2022-05-24 13:16:06 +10:00
cast Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
chacha Ensure there's only one copy of OPENSSL_armcap_P in libcrypto.a 2023-03-29 12:21:31 +02:00
cmac Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
cmp CMP client: fix checking new cert enrolled with oldcert and without private key 2023-05-12 10:46:27 +02:00
cms Fix size_t/int mismatch in cms_ec.c and rsa_sig.c 2023-03-15 08:24:42 +11:00
comp Add zlib oneshot compression 2022-11-07 11:23:13 +01:00
conf Prevent a fuzzing timeout in the conf fuzzer 2023-05-08 10:33:48 +01:00
crmf crmf_lib.c: clean up coments on OSSL_CRMF_CERTTEMPLATE*() 2023-04-18 08:16:01 +02:00
ct Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
des Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
dh FFC cleanups 2023-04-03 10:31:04 +02:00
dsa FFC cleanups 2023-04-03 10:31:04 +02:00
dso crypto/dso/dso_vms.c: Better definition of DSO_MALLOC() 2022-10-28 12:11:30 +02:00
ec ecp_nistp256.c: Fix exponent in comment 2023-05-11 19:45:34 +02:00
encode_decode Coverity 1515953: negative loop bound 2022-10-14 12:53:02 +11:00
engine Fix memory leak in engine_cleanup_add_first() 2023-05-09 17:31:43 +02:00
err QUIC MSST: make update 2023-05-12 14:47:13 +01:00
ess Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
evp Fixed EVP_PKEY_CTX_set_ec_paramgen_curve_nid() for SM2 in ENGINEs 2023-05-15 12:04:55 +02:00
ffc FFC cleanups 2023-04-03 10:31:04 +02:00
hmac
hpke Fix a HPKE API to put libctx, propq as last (optional parameters). 2023-04-14 13:11:24 +10:00
http http proxy handling: Use ossl_safe_getenv() instead of getenv() 2023-04-28 09:55:27 +02:00
idea Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
kdf
lhash Change all references to OpenSSL 3.1 to OpenSSL 3.2 in the master branch 2022-10-07 10:05:50 +02:00
md2 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
md4 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
md5 fix md5 bug on aarch64 big-endian plantform. 2023-04-28 14:36:35 +02:00
mdc2 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
modes aes-gcm-armv8_64 asm support bigdian 2023-05-09 16:21:04 +02:00
objects Don't call OPENSSL_init_crypto from inside a RUN_ONCE 2023-04-04 09:36:42 +02:00
ocsp Fix incomplete check on X509V3_add1_i2d() 2023-01-31 11:05:51 +11:00
pem Avoid dangling ptrs in header and data params for PEM_read_bio_ex 2023-02-07 17:05:10 +01:00
perlasm riscv: GCM: Simplify GCM calculation 2023-03-16 13:12:19 +11:00
pkcs7 Support signedAndEnveloped content in PKCS7_decrypt() 2023-02-07 17:05:10 +01:00
pkcs12 Fix PKCS12_newpass() to work with PBES2. 2023-03-15 08:49:03 +11:00
poly1305 Ensure there's only one copy of OPENSSL_armcap_P in libcrypto.a 2023-03-29 12:21:31 +02:00
property Only call OPENSSL_init_crypto on fetch if using the default libctx 2023-02-22 10:03:14 +11:00
rand rand: trust user supplied entropy when configured without a random source 2023-05-03 07:51:21 +10:00
rc2 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
rc4 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
rc5 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
ripemd Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
rsa Add libctx to x931 keygen. 2023-05-05 17:11:16 +01:00
seed Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
sha Ensure there's only one copy of OPENSSL_armcap_P in libcrypto.a 2023-03-29 12:21:31 +02:00
siphash crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
sm2 Fix mem leak in ECDSA_sign(). 2023-03-31 14:57:47 -04:00
sm3 Add ROTATE inline asm support for SM3 2022-06-22 12:46:50 +02:00
sm4 Fix SM4-XTS build failure on Mac mini M1 2023-02-06 12:36:07 +01:00
srp add a check for the return of sk_SRP_gN_new_null() so that capture the potential memory error in time 2022-10-20 19:04:44 +11:00
stack stack: fix searching when the stack isn't sorted. 2023-04-28 09:24:06 +02:00
store crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
thread Fix compilation error when using clang-cl 16 or higher 2023-04-03 08:19:43 +10:00
ts crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
txt_db txt_db: fix -Wunused-but-set-variable 2022-10-21 15:56:32 +02:00
ui Fix stack corruption in ui_read 2023-05-17 12:07:02 +02:00
whrlpool Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
x509 x509: sort stacks before finds 2023-05-01 17:14:42 +10:00
alphacpuid.pl
arm64cpuid.pl Update copyright year 2022-05-03 13:34:51 +01:00
arm_arch.h Apply aes-gcm unroll8+eor3 optimization patch to Neoverse V2 2023-02-08 16:54:57 +01:00
armcap.c Ensure there's only one copy of OPENSSL_armcap_P in libcrypto.a 2023-03-29 12:21:31 +02:00
armv4cpuid.pl Ensure there's only one copy of OPENSSL_armcap_P in libcrypto.a 2023-03-29 12:21:31 +02:00
asn1_dsa.c
bsearch.c
build.info Refactor build.info 2023-03-30 11:14:16 +01:00
c64xpluscpuid.pl
context.c Fix calling pthread_key_delete on uninitialized data 2023-04-24 11:31:57 +02:00
core_algorithm.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
core_fetch.c "Reserve" the method store when constructing methods 2022-07-20 07:28:17 +01:00
core_namemap.c Add deprecation macro for 3.1 and deprecate OPENSSL_LH_stats 2022-06-22 09:36:14 +02:00
cpt_err.c err: add additional errors 2022-01-12 20:10:21 +11:00
cpuid.c Update copyright year 2022-05-03 13:34:51 +01:00
cryptlib.c Fix UEFI support on win32 2023-04-13 10:25:55 +01:00
ctype.c Fixed typos in documentation and comments 2023-01-04 12:53:05 +01:00
cversion.c
der_writer.c der_writer: Use uint32_t instead of long. 2022-06-27 10:58:40 +02:00
deterministic_nonce.c Address coverity issue CID 1517105 2022-12-16 18:57:42 +01:00
dllmain.c Update copyright year 2022-05-03 13:34:51 +01:00
ebcdic.c
ex_data.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
getenv.c Update copyright year 2022-05-03 13:34:51 +01:00
ia64cpuid.S
info.c info.c: Fix typos in seed macro name and description string 2023-01-10 12:15:42 +01:00
init.c Add ZSTD compression support (RFC8478bis) 2022-10-18 09:30:21 -04:00
initthread.c Update copyright year 2022-05-03 13:34:51 +01:00
loongarch64cpuid.pl Add LoongArch64 cpuid and OPENSSL_loongarchcap_P 2022-10-12 18:02:12 +11:00
loongarch_arch.h Add LoongArch64 cpuid and OPENSSL_loongarchcap_P 2022-10-12 18:02:12 +11:00
loongarchcap.c Add LoongArch64 cpuid and OPENSSL_loongarchcap_P 2022-10-12 18:02:12 +11:00
LPdir_nyi.c
LPdir_unix.c Update copyright year 2022-05-03 13:34:51 +01:00
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_sec.c Do not check definition of a macro and use it in a single condition 2023-01-12 10:46:52 +01:00
mem.c ERR: Make CRYPTO_malloc() and friends report ERR_R_MALLOC_FAILURE 2022-08-27 09:40:09 +02:00
mips_arch.h
o_dir.c Update copyright year 2022-05-03 13:34:51 +01:00
o_fopen.c crypto: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
o_init.c Update copyright year 2022-05-03 13:34:51 +01:00
o_str.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
o_time.c
packet.c Rationalize FIPS sources 2023-02-08 16:20:55 +01:00
param_build_set.c Update copyright year 2022-05-03 13:34:51 +01:00
param_build.c OSSL_PARAM_BLD and BIGNUM; ensure at least one byte is allocated 2023-01-11 23:38:13 +01:00
params_dup.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
params_from_text.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
params.c params: add helper functions to allocate & copy params 2023-04-26 08:01:46 +10:00
pariscid.pl
passphrase.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
ppccap.c Update copyright year 2022-05-03 13:34:51 +01:00
ppccpuid.pl Update copyright year 2022-05-03 13:34:51 +01:00
provider_child.c Fix a potential memory leak in crypto/provider_child.c 2023-02-01 08:20:08 +11:00
provider_conf.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
provider_core.c provider_core: sort provider stack on find 2023-05-01 17:14:42 +10:00
provider_local.h
provider_predefined.c
provider.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
punycode.c Add more punycode tests and remove ossl_a2ucompare() 2023-02-08 16:17:37 +01:00
quic_vlint.c QUIC: Enable building with QUIC support disabled 2023-01-13 13:20:16 +00:00
README-sparse_array.md
riscv32cpuid.pl Add RISC-V 32 cpuid support 2022-09-05 10:20:30 +10:00
riscv64cpuid.pl Add basic RISC-V cpuid and OPENSSL_riscvcap 2022-05-19 16:32:49 +10:00
riscvcap.c Add basic RISC-V cpuid and OPENSSL_riscvcap 2022-05-19 16:32:49 +10:00
s390x_arch.h S390X: Accelerate keccak XOF 2023-03-07 18:21:51 +01:00
s390xcap.c S390x: Support ME and CRT offloading 2023-02-08 16:53:12 +01:00
s390xcpuid.pl
self_test_core.c Update copyright year 2022-05-03 13:34:51 +01:00
sleep.c Fix UEFI support on win32 2023-04-13 10:25:55 +01:00
sparccpuid.S
sparcv9cap.c
sparse_array.c Coverity 1507376: Dereference after null check 2022-07-22 14:42:13 +02:00
threads_lib.c Define threads_lib.c functions only for OPENSSL_SYS_UNIX 2022-11-14 07:47:53 +00:00
threads_none.c CRYPTO_THREAD_lock_new(): Avoid infinite recursion on allocation error 2022-10-05 10:20:10 +11:00
threads_pthread.c CRYPTO_THREAD_lock_new(): Avoid infinite recursion on allocation error 2022-10-05 10:20:10 +11:00
threads_win.c VC++ 2010 x86 compilers do not have InterlockedOr64 2023-03-22 14:45:29 +01:00
time.c Fix UEFI support on win32 2023-04-13 10:25:55 +01:00
trace.c add OSSL_TRACE_STRING(), OSSL_TRACE_STRING_MAX, and OSSL_trace_string() 2023-01-26 09:16:51 +01:00
uid.c
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl