From 20f5677a8c991e7c272541cf565fbca636cdd3bc Mon Sep 17 00:00:00 2001
From: JiashengJiang <jiasheng@purdue.edu>
Date: Mon, 5 May 2025 13:46:53 -0400
Subject: [PATCH 1/5] crypto/x509/v3_lib.c: Free tmpext if X509V3_EXT_add()
 fails to avoid memory leak
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add OPENSSL_free to free tmpext if X509V3_EXT_add() fails to avoid memory leak.

Fixes: 878dc8dd95 ("Join the x509 and x509v3 directories")

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27566)

(cherry picked from commit 5f661e4e96bc3bfa52b4e0735f407cb41f162869)
Signed-off-by: 王静 <wangjing561@huawei.com>
---
 crypto/x509/v3_lib.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/crypto/x509/v3_lib.c b/crypto/x509/v3_lib.c
index 5ffeb75d9f..f0b82bb220 100644
--- a/crypto/x509/v3_lib.c
+++ b/crypto/x509/v3_lib.c
@@ -99,7 +99,11 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from)
     *tmpext = *ext;
     tmpext->ext_nid = nid_to;
     tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
-    return X509V3_EXT_add(tmpext);
+    if (!X509V3_EXT_add(tmpext)) {
+        OPENSSL_free(tmpext);
+        return 0;
+    }
+    return 1;
 }
 
 void X509V3_EXT_cleanup(void)
-- 
Gitee


From 9ba8c207b6b38eb6f52bfed947f07ce370117cc7 Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Thu, 5 Jun 2025 09:56:45 +1000
Subject: [PATCH 2/5] rand: add unit test exhibiting memory overrun

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27767)

Signed-off-by: jing-wang177 <wangjing561@huawei.com>
---
 test/rand_test.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/test/rand_test.c b/test/rand_test.c
index c6cf32610e..8de32fd4dd 100644
--- a/test/rand_test.c
+++ b/test/rand_test.c
@@ -19,6 +19,7 @@ static int test_rand(void)
     OSSL_PARAM params[2], *p = params;
     unsigned char entropy1[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 };
     unsigned char entropy2[] = { 0xff, 0xfe, 0xfd };
+    unsigned char nonce[] = { 0x00, 0x01, 0x02, 0x03, 0x04 };
     unsigned char outbuf[3];
 
     *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
@@ -41,6 +42,14 @@ static int test_rand(void)
             || !TEST_int_gt(RAND_priv_bytes(outbuf, sizeof(outbuf)), 0)
             || !TEST_mem_eq(outbuf, sizeof(outbuf), entropy2, sizeof(outbuf)))
         return 0;
+
+    *params = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
+                                                nonce, sizeof(nonce));
+    if (!TEST_true(EVP_RAND_CTX_set_params(privctx, params))
+            || !TEST_true(EVP_RAND_nonce(privctx, outbuf, sizeof(outbuf)))
+            || !TEST_mem_eq(outbuf, sizeof(outbuf), nonce, sizeof(outbuf)))
+        return 0;
+
     return 1;
 }
 
-- 
Gitee


From 63ee9191baf862350d5b91f592863d9bfa920b75 Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Thu, 5 Jun 2025 09:57:00 +1000
Subject: [PATCH 3/5] rand: fix memory overrun bug

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27767)

Signed-off-by: jing-wang177 <wangjing561@huawei.com>
---
 providers/implementations/rands/test_rng.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/providers/implementations/rands/test_rng.c b/providers/implementations/rands/test_rng.c
index 4e7fed0fc7..d974537ca5 100644
--- a/providers/implementations/rands/test_rng.c
+++ b/providers/implementations/rands/test_rng.c
@@ -125,16 +125,18 @@ static int test_rng_reseed(ossl_unused void *vtest,
 static size_t test_rng_nonce(void *vtest, unsigned char *out,
                              unsigned int strength,
                              ossl_unused size_t min_noncelen,
-                             ossl_unused size_t max_noncelen)
+                             size_t max_noncelen)
 {
     PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest;
+    size_t i;
 
     if (t->nonce == NULL || strength > t->strength)
         return 0;
 
+    i = t->nonce_len > max_noncelen ? max_noncelen : t->nonce_len;
     if (out != NULL)
-        memcpy(out, t->nonce, t->nonce_len);
-    return t->nonce_len;
+        memcpy(out, t->nonce, i);
+    return i;
 }
 
 static int test_rng_get_ctx_params(void *vtest, OSSL_PARAM params[])
-- 
Gitee


From 6094c3d48f8fa951e4c14230d0113725b71dfe6c Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Thu, 5 Jun 2025 09:57:13 +1000
Subject: [PATCH 4/5] rand: produce correct return from EVP_RAND_nonce

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27767)

Signed-off-by: jing-wang177 <wangjing561@huawei.com>
---
 crypto/evp/evp_rand.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c
index c36dbdc56c..1e97b1359f 100644
--- a/crypto/evp/evp_rand.c
+++ b/crypto/evp/evp_rand.c
@@ -634,10 +634,8 @@ static int evp_rand_nonce_locked(EVP_RAND_CTX *ctx, unsigned char *out,
 {
     unsigned int str = evp_rand_strength_locked(ctx);
 
-    if (ctx->meth->nonce == NULL)
-        return 0;
-    if (ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen))
-        return 1;
+    if (ctx->meth->nonce != NULL)
+        return ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen) > 0;
     return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0);
 }
 
-- 
Gitee


From 33a837942fa94df8eccb0898cad253cd16634cfe Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Thu, 5 Jun 2025 12:03:50 +1000
Subject: [PATCH 5/5] rand: document the EVP_RAND_nonce() return correctly

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27767)

Signed-off-by: jing-wang177 <wangjing561@huawei.com>
---
 doc/man3/EVP_RAND.pod | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/doc/man3/EVP_RAND.pod b/doc/man3/EVP_RAND.pod
index 11ea807cc3..e4f84ac7be 100644
--- a/doc/man3/EVP_RAND.pod
+++ b/doc/man3/EVP_RAND.pod
@@ -151,11 +151,8 @@ operating system.  If I<prediction_resistance> is specified, fresh entropy
 from a live source will be sought.  This call operates as per NIST SP 800-90A
 and SP 800-90C.
 
-EVP_RAND_nonce() creates a nonce in I<out> of maximum length I<outlen>
-bytes from the RAND I<ctx>. The function returns the length of the generated
-nonce. If I<out> is NULL, the length is still returned but no generation
-takes place. This allows a caller to dynamically allocate a buffer of the
-appropriate size.
+EVP_RAND_nonce() creates a nonce in I<out> of length I<outlen>
+bytes from the RAND I<ctx>.
 
 EVP_RAND_enable_locking() enables locking for the RAND I<ctx> and all of
 its parents.  After this I<ctx> will operate in a thread safe manner, albeit
@@ -376,7 +373,7 @@ B<EVP_RAND_CTX> structure or NULL if an error occurred.
 
 EVP_RAND_CTX_free() does not return a value.
 
-EVP_RAND_nonce() returns the length of the nonce.
+EVP_RAND_nonce() returns 1 on success, 0 on error.
 
 EVP_RAND_get_strength() returns the strength of the random number generator
 in bits.
-- 
Gitee