From c9ac0421f3c602498a17af8497f481a49c75cc26 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 9 Oct 2023 10:32:44 +0200 Subject: [PATCH 1/9] Avoid using gets as an argument name in a prototype This otherwise breaks compilation of applications using ssl.h on MingW. Fixes #22296 Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Tim Hudson Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/22316) (cherry picked from commit 2e471a740b621481b3f3236f82fdd677414900a1) Signed-off-by: fly2x --- include/openssl/bio.h.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/openssl/bio.h.in b/include/openssl/bio.h.in index c521e41e4a..cdc395b783 100644 --- a/include/openssl/bio.h.in +++ b/include/openssl/bio.h.in @@ -844,7 +844,7 @@ int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *)); int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_gets(BIO_METHOD *biom, - int (*gets) (BIO *, char *, int)); + int (*ossl_gets) (BIO *, char *, int)); long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *)); -- Gitee From 332ab498154e7f46d8455b40a12edb7f854018fa Mon Sep 17 00:00:00 2001 From: Alexey Fofanov Date: Wed, 25 Oct 2023 14:29:06 +0300 Subject: [PATCH 2/9] return 0 if an error occurred Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/22504) Signed-off-by: fly2x --- crypto/http/http_client.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index e3ccc6c4cc..4b96a6b9e9 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -487,13 +487,17 @@ static int parse_http_line1(char *line, int *found_keep_alive) static int check_set_resp_len(OSSL_HTTP_REQ_CTX *rctx, size_t len) { - if (rctx->max_resp_len != 0 && len > rctx->max_resp_len) + if (rctx->max_resp_len != 0 && len > rctx->max_resp_len) { ERR_raise_data(ERR_LIB_HTTP, HTTP_R_MAX_RESP_LEN_EXCEEDED, "length=%zu, max=%zu", len, rctx->max_resp_len); - if (rctx->resp_len != 0 && rctx->resp_len != len) + return 0; + } + if (rctx->resp_len != 0 && rctx->resp_len != len) { ERR_raise_data(ERR_LIB_HTTP, HTTP_R_INCONSISTENT_CONTENT_LENGTH, "ASN.1 length=%zu, Content-Length=%zu", len, rctx->resp_len); + return 0; + } rctx->resp_len = len; return 1; } -- Gitee From 0bb5cc0b374d88fbe2d18d3538a621138e007dec Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 18 Oct 2023 15:50:30 +0200 Subject: [PATCH 3/9] bn: Properly error out if aliasing return value with modulus Test case amended from code initially written by Bernd Edlinger. Fixes #21110 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Paul Dale Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/22421) (cherry picked from commit af0025fc40779cc98c06db7e29936f9d5de8cc9e) Signed-off-by: fly2x --- crypto/bn/bn_exp.c | 21 ++++++++ crypto/bn/bn_mod.c | 10 ++++ doc/man3/BN_add.pod | 5 ++ doc/man3/BN_mod_inverse.pod | 6 ++- test/bntest.c | 104 ++++++++++++++++++++++++++++++++++++ 5 files changed, 145 insertions(+), 1 deletion(-) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 4e169ae1f9..598a592ca1 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -243,6 +243,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, wstart = bits - 1; /* The top bit of the window */ wend = 0; /* The bottom bit of the window */ + if (r == p) { + BIGNUM *p_dup = BN_CTX_get(ctx); + + if (p_dup == NULL || BN_copy(p_dup, p) == NULL) + goto err; + p = p_dup; + } + if (!BN_one(r)) goto err; @@ -1317,6 +1325,11 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return 0; } + if (r == m) { + ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + bits = BN_num_bits(p); if (bits == 0) { /* x**0 mod 1, or x**0 mod -1 is still zero. */ @@ -1362,6 +1375,14 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, wstart = bits - 1; /* The top bit of the window */ wend = 0; /* The bottom bit of the window */ + if (r == p) { + BIGNUM *p_dup = BN_CTX_get(ctx); + + if (p_dup == NULL || BN_copy(p_dup, p) == NULL) + goto err; + p = p_dup; + } + if (!BN_one(r)) goto err; diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c index 7f5afa25ec..2dda2e3442 100644 --- a/crypto/bn/bn_mod.c +++ b/crypto/bn/bn_mod.c @@ -17,6 +17,11 @@ int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) * always holds) */ + if (r == d) { + ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + if (!(BN_mod(r, m, d, ctx))) return 0; if (!r->neg) @@ -186,6 +191,11 @@ int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) { + if (r == m) { + ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + if (!BN_sub(r, a, b)) return 0; if (r->neg) diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod index 9561d55431..35cfdd1495 100644 --- a/doc/man3/BN_add.pod +++ b/doc/man3/BN_add.pod @@ -114,6 +114,11 @@ temporary variables; see L. Unless noted otherwise, the result B must be different from the arguments. +=head1 NOTES + +For modular operations such as BN_nnmod() or BN_mod_exp() it is an error +to use the same B object for the modulus as for the output. + =head1 RETURN VALUES The BN_mod_sqrt() returns the result (possibly incorrect if I

is diff --git a/doc/man3/BN_mod_inverse.pod b/doc/man3/BN_mod_inverse.pod index 5dbb5c3cc2..f88e0e63fa 100644 --- a/doc/man3/BN_mod_inverse.pod +++ b/doc/man3/BN_mod_inverse.pod @@ -18,7 +18,11 @@ places the result in B (C<(a*r)%n==1>). If B is NULL, a new B is created. B is a previously allocated B used for temporary -variables. B may be the same B as B or B. +variables. B may be the same B as B. + +=head1 NOTES + +It is an error to use the same B as B. =head1 RETURN VALUES diff --git a/test/bntest.c b/test/bntest.c index c5894c157b..ee8b692618 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -2927,6 +2927,108 @@ err: return res; } +static int test_mod_inverse(void) +{ + int res = 0; + char *str = NULL; + BIGNUM *a = NULL; + BIGNUM *b = NULL; + BIGNUM *r = NULL; + + if (!TEST_true(BN_dec2bn(&a, "5193817943"))) + goto err; + if (!TEST_true(BN_dec2bn(&b, "3259122431"))) + goto err; + if (!TEST_ptr(r = BN_new())) + goto err; + if (!TEST_ptr_eq(BN_mod_inverse(r, a, b, ctx), r)) + goto err; + if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL)) + goto err; + if (!TEST_int_eq(strcmp(str, "2609653924"), 0)) + goto err; + + /* Note that this aliases the result with the modulus. */ + if (!TEST_ptr_null(BN_mod_inverse(b, a, b, ctx))) + goto err; + + res = 1; + +err: + BN_free(a); + BN_free(b); + BN_free(r); + OPENSSL_free(str); + return res; +} + +static int test_mod_exp_alias(int idx) +{ + int res = 0; + char *str = NULL; + BIGNUM *a = NULL; + BIGNUM *b = NULL; + BIGNUM *c = NULL; + BIGNUM *r = NULL; + + if (!TEST_true(BN_dec2bn(&a, "15"))) + goto err; + if (!TEST_true(BN_dec2bn(&b, "10"))) + goto err; + if (!TEST_true(BN_dec2bn(&c, "39"))) + goto err; + if (!TEST_ptr(r = BN_new())) + goto err; + + if (!TEST_int_eq((idx == 0 ? BN_mod_exp_simple + : BN_mod_exp_recp)(r, a, b, c, ctx), 1)) + goto err; + if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL)) + goto err; + if (!TEST_str_eq(str, "36")) + goto err; + + OPENSSL_free(str); + str = NULL; + + BN_copy(r, b); + + /* Aliasing with exponent must work. */ + if (!TEST_int_eq((idx == 0 ? BN_mod_exp_simple + : BN_mod_exp_recp)(r, a, r, c, ctx), 1)) + goto err; + if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL)) + goto err; + if (!TEST_str_eq(str, "36")) + goto err; + + OPENSSL_free(str); + str = NULL; + + /* Aliasing with modulus should return failure for the simple call. */ + if (idx == 0) { + if (!TEST_int_eq(BN_mod_exp_simple(c, a, b, c, ctx), 0)) + goto err; + } else { + if (!TEST_int_eq(BN_mod_exp_recp(c, a, b, c, ctx), 1)) + goto err; + if (!TEST_ptr_ne(str = BN_bn2dec(c), NULL)) + goto err; + if (!TEST_str_eq(str, "36")) + goto err; + } + + res = 1; + +err: + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(r); + OPENSSL_free(str); + return res; +} + static int file_test_run(STANZA *s) { static const FILETEST filetests[] = { @@ -3036,6 +3138,8 @@ int setup_tests(void) ADD_ALL_TESTS(test_signed_mod_replace_ab, OSSL_NELEM(signed_mod_tests)); ADD_ALL_TESTS(test_signed_mod_replace_ba, OSSL_NELEM(signed_mod_tests)); ADD_TEST(test_mod); + ADD_TEST(test_mod_inverse); + ADD_ALL_TESTS(test_mod_exp_alias, 2); ADD_TEST(test_modexp_mont5); ADD_TEST(test_kronecker); ADD_TEST(test_rand); -- Gitee From 9f565855994c5aab5020f067be1210078ced7198 Mon Sep 17 00:00:00 2001 From: Todd Short Date: Fri, 13 Oct 2023 10:18:52 -0400 Subject: [PATCH 4/9] Fix potential NULL deref in ssl_old_test.c Fix #22367 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/22383) (cherry picked from commit 42772df59bef7422060fbe70551c72d804bc669a) Signed-off-by: fly2x --- test/ssl_old_test.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c index 6b56754b82..9830c35c9e 100644 --- a/test/ssl_old_test.c +++ b/test/ssl_old_test.c @@ -894,7 +894,8 @@ int main(int argc, char *argv[]) { APP_CALLBACK_STRING, 0 }; SSL_CTX *c_ctx = NULL; const SSL_METHOD *meth = NULL; - SSL *c_ssl, *s_ssl; + SSL *c_ssl = NULL; + SSL *s_ssl = NULL; int number = 1, reuse = 0; int should_reuse = -1; int no_ticket = 0; @@ -1759,6 +1760,8 @@ int main(int argc, char *argv[]) c_ssl = SSL_new(c_ctx); s_ssl = SSL_new(s_ctx); + if (c_ssl == NULL || s_ssl == NULL) + goto end; if (sn_client) SSL_set_tlsext_host_name(c_ssl, sn_client); @@ -1819,10 +1822,11 @@ int main(int argc, char *argv[]) case BIO_IPV4: case BIO_IPV6: ret = EXIT_FAILURE; - goto err; + goto end; #endif } - if (ret != EXIT_SUCCESS) break; + if (ret != EXIT_SUCCESS) + break; } if (should_negotiate && ret == EXIT_SUCCESS && @@ -1832,13 +1836,13 @@ int main(int argc, char *argv[]) if (version < 0) { BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate); ret = EXIT_FAILURE; - goto err; + goto end; } if (SSL_version(c_ssl) != version) { BIO_printf(bio_err, "Unexpected version negotiated. " "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl)); ret = EXIT_FAILURE; - goto err; + goto end; } } @@ -1849,20 +1853,20 @@ int main(int argc, char *argv[]) "Expected: %d, server: %d, client: %d\n", should_reuse, SSL_session_reused(s_ssl), SSL_session_reused(c_ssl)); ret = EXIT_FAILURE; - goto err; + goto end; } } if (server_sess_out != NULL) { if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) { ret = EXIT_FAILURE; - goto err; + goto end; } } if (client_sess_out != NULL) { if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) { ret = EXIT_FAILURE; - goto err; + goto end; } } @@ -1888,11 +1892,9 @@ int main(int argc, char *argv[]) #endif } - err: + end: SSL_free(s_ssl); SSL_free(c_ssl); - - end: SSL_CTX_free(s_ctx); SSL_CTX_free(s_ctx2); SSL_CTX_free(c_ctx); -- Gitee From fec9215ac92a5a5382230b396f73ac696c3116bb Mon Sep 17 00:00:00 2001 From: Damian Hobson-Garcia Date: Thu, 22 Dec 2022 16:36:05 -0500 Subject: [PATCH 5/9] x509_print_ex:Use correct constant for nmflag comparison The X509_FLAG_COMPAT constant is defined as a value of the X509_print_ex() cflags argument, and so it should not be used to compare against values for use with X509_NAME_print flags. Use XN_FLAG_COMPAT, which has the same value, instead. Reviewed-by: Tomas Mraz Reviewed-by: Todd Short (Merged from https://github.com/openssl/openssl/pull/19963) (cherry picked from commit da2dd3b51ddd69aae0fd840c0d23afa954c24ded) Signed-off-by: fly2x --- crypto/x509/t_req.c | 2 +- crypto/x509/t_x509.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c index 095c165100..f9cbbecd36 100644 --- a/crypto/x509/t_req.c +++ b/crypto/x509/t_req.c @@ -49,7 +49,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, nmindent = 12; } - if (nmflags == X509_FLAG_COMPAT) + if (nmflags == XN_FLAG_COMPAT) nmindent = 16; if (!(cflag & X509_FLAG_NO_HEADER)) { diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 95ee5f519f..8f7ea53b3e 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -60,7 +60,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, nmindent = 12; } - if (nmflags == X509_FLAG_COMPAT) { + if (nmflags == XN_FLAG_COMPAT) { nmindent = 16; printok = 1; } -- Gitee From a7a2ea271715f27e420f0d32f7f8b40d04befc55 Mon Sep 17 00:00:00 2001 From: Damian Hobson-Garcia Date: Thu, 22 Dec 2022 17:04:39 -0500 Subject: [PATCH 6/9] Fix X509_REQ_print_ex bug Similar to the bug fixed in 02db7354fe7 (Fix bug in X509_print_ex). The error return value from X509_NAME_print_ex() is different depending on whether the flags are XN_FLAG_COMPAT or not. Apply a similar fix to what was done for X509_print_ex here as well. Reviewed-by: Tomas Mraz Reviewed-by: Todd Short (Merged from https://github.com/openssl/openssl/pull/19963) (cherry picked from commit 2b5e028a2f70de216458a5140bcf4ec3d9236eeb) Signed-off-by: fly2x --- crypto/x509/t_req.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c index f9cbbecd36..22f824ee48 100644 --- a/crypto/x509/t_req.c +++ b/crypto/x509/t_req.c @@ -42,15 +42,17 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, EVP_PKEY *pkey; STACK_OF(X509_EXTENSION) *exts; char mlch = ' '; - int nmindent = 0; + int nmindent = 0, printok = 0; if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { mlch = '\n'; nmindent = 12; } - if (nmflags == XN_FLAG_COMPAT) + if (nmflags == XN_FLAG_COMPAT) { nmindent = 16; + printok = 1; + } if (!(cflag & X509_FLAG_NO_HEADER)) { if (BIO_write(bp, "Certificate Request:\n", 21) <= 0) @@ -72,7 +74,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, if (BIO_printf(bp, " Subject:%c", mlch) <= 0) goto err; if (X509_NAME_print_ex(bp, X509_REQ_get_subject_name(x), - nmindent, nmflags) < 0) + nmindent, nmflags) < printok) goto err; if (BIO_write(bp, "\n", 1) <= 0) goto err; -- Gitee From 3b51aacc4fc83c3f0f99faf4282d0c0ce43593f9 Mon Sep 17 00:00:00 2001 From: Damian Hobson-Garcia Date: Thu, 22 Dec 2022 17:15:55 -0500 Subject: [PATCH 7/9] x509_print_ex: Remove unused setting when XN_FLAG_COMPAT is set Calling X509_NAME_print_ex with XN_FLAG_COMPAT falls back to calling X509_NAME_print(). The obase parameter to X509_NAME_print() is not used, so setting it to a different value has no effect. Reviewed-by: Tomas Mraz Reviewed-by: Todd Short (Merged from https://github.com/openssl/openssl/pull/19963) (cherry picked from commit 2126ca3dba3907f49b232442c06db1cae8bee0c3) Signed-off-by: fly2x --- crypto/x509/t_req.c | 4 +--- crypto/x509/t_x509.c | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c index 22f824ee48..63626c0d98 100644 --- a/crypto/x509/t_req.c +++ b/crypto/x509/t_req.c @@ -49,10 +49,8 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, nmindent = 12; } - if (nmflags == XN_FLAG_COMPAT) { - nmindent = 16; + if (nmflags == XN_FLAG_COMPAT) printok = 1; - } if (!(cflag & X509_FLAG_NO_HEADER)) { if (BIO_write(bp, "Certificate Request:\n", 21) <= 0) diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 8f7ea53b3e..5b0282bc13 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -60,10 +60,8 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, nmindent = 12; } - if (nmflags == XN_FLAG_COMPAT) { - nmindent = 16; + if (nmflags == XN_FLAG_COMPAT) printok = 1; - } if (!(cflag & X509_FLAG_NO_HEADER)) { if (BIO_write(bp, "Certificate:\n", 13) <= 0) -- Gitee From 033df6cc756d52827a8af80d7d6d8786de9a4c6d Mon Sep 17 00:00:00 2001 From: James Muir Date: Tue, 24 Oct 2023 20:08:54 -0400 Subject: [PATCH 8/9] free oaep label-octet-string on error When X509_ALGOR_set0() fails, ownership of the the ASN1 object "los" (label octet string) has not been passed on to the X509_ALGOR object "oaep->pSourceFunc", so we need to free "los" in that case. Check return value of X509_ALGOR_set0(), change the scope of "los" and ensure it is freed on failure (on success, set it to NULL so it is not freed inside the function). Fixes #22336 Testing: You can use the following script to test cms encryption with rsa-oaep: #!/bin/bash -x OSSLCMD="apps/openssl" # check we are calling the right openssl app LD_LIBRARY_PATH=. valgrind $OSSLCMD version echo "this is a confidential message." > msg.txt LD_LIBRARY_PATH=. valgrind $OSSLCMD cms -encrypt -in msg.txt \ -stream -out msg.txt.cms \ -recip test/smime-certs/smrsa1.pem \ -keyopt rsa_padding_mode:oaep \ -keyopt rsa_oaep_md:sha256 \ -keyopt rsa_oaep_label:deadbeef Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22556) Signed-off-by: fly2x --- crypto/cms/cms_rsa.c | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c index 61fd43fb54..68545e5fb7 100644 --- a/crypto/cms/cms_rsa.c +++ b/crypto/cms/cms_rsa.c @@ -114,6 +114,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) const EVP_MD *md, *mgf1md; RSA_OAEP_PARAMS *oaep = NULL; ASN1_STRING *os = NULL; + ASN1_OCTET_STRING *los = NULL; X509_ALGOR *alg; EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen; @@ -125,10 +126,10 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) return 0; } - if (pad_mode == RSA_PKCS1_PADDING) { - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); - return 1; - } + if (pad_mode == RSA_PKCS1_PADDING) + return X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), + V_ASN1_NULL, NULL); + /* Not supported */ if (pad_mode != RSA_PKCS1_OAEP_PADDING) return 0; @@ -147,30 +148,32 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) if (!ossl_x509_algor_md_to_mgf1(&oaep->maskGenFunc, mgf1md)) goto err; if (labellen > 0) { - ASN1_OCTET_STRING *los; - oaep->pSourceFunc = X509_ALGOR_new(); if (oaep->pSourceFunc == NULL) goto err; los = ASN1_OCTET_STRING_new(); if (los == NULL) goto err; - if (!ASN1_OCTET_STRING_set(los, label, labellen)) { - ASN1_OCTET_STRING_free(los); + if (!ASN1_OCTET_STRING_set(los, label, labellen)) goto err; - } - X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified), - V_ASN1_OCTET_STRING, los); + + if (!X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified), + V_ASN1_OCTET_STRING, los)) + goto err; + + los = NULL; } - /* create string with pss parameter encoding. */ + /* create string with oaep parameter encoding. */ if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os)) - goto err; - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os); + goto err; + if (!X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os)) + goto err; os = NULL; rv = 1; err: RSA_OAEP_PARAMS_free(oaep); ASN1_STRING_free(os); + ASN1_OCTET_STRING_free(los); return rv; } -- Gitee From 42d4782a4f9fb7f19a8fc97a44f1563b0af2900f Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Wed, 1 Nov 2023 08:05:30 +0100 Subject: [PATCH 9/9] Fix a possible memory leak in load_builtin_compressions Reviewed-by: Dmitry Belyavskiy Reviewed-by: Paul Dale Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/22585) (cherry picked from commit daf26c2d7a4d29ec1040fc0d5d4215cfc2dcf4a7) Signed-off-by: fly2x --- ssl/ssl_ciph.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 73a821289d..9e32417e75 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -465,7 +465,8 @@ DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions) comp->method = method; comp->id = SSL_COMP_ZLIB_IDX; comp->name = COMP_get_name(method); - sk_SSL_COMP_push(ssl_comp_methods, comp); + if (!sk_SSL_COMP_push(ssl_comp_methods, comp)) + OPENSSL_free(comp); sk_SSL_COMP_sort(ssl_comp_methods); } } -- Gitee