From 97aa4127b6cc6e37778f560da430e8b1d1a13ed6 Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@openssl.org>
Date: Fri, 29 Aug 2025 10:02:39 +0200
Subject: [PATCH 1/4] crypto/rand/randfile.c: avoid signed integer overflow in
 RAND_load_file
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If a file supplied to RAND_load_file is too big (more than INT_MAX bytes),
it is possible to trigger a signer integer overflow during ret calculation.
Avoid it by returning early when we are about to hit it on the next
iteration.

Reported-by: Liu-Ermeng <liuermeng2@huawei.com>
Resolves: https://github.com/openssl/openssl/issues/28375

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28379)

(cherry picked from commit 35db6a15d436aa4d981ebcd581eded55fc8c8fb6)
Signed-off-by: jing-wang177 <wangjing561@huawei.com>
---
 crypto/rand/randfile.c      | 4 ++++
 doc/man3/RAND_load_file.pod | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 86c322473c..01f3b611d9 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -167,6 +167,10 @@ int RAND_load_file(const char *file, long bytes)
         /* If given a bytecount, and we did it, break. */
         if (bytes > 0 && (bytes -= i) <= 0)
             break;
+
+        /* We can hit a signed integer overflow on the next iteration */
+        if (ret > INT_MAX - RAND_LOAD_BUF_SIZE)
+            break;
     }
 
     OPENSSL_cleanse(buf, sizeof(buf));
diff --git a/doc/man3/RAND_load_file.pod b/doc/man3/RAND_load_file.pod
index baca54cb3c..fd00bf883d 100644
--- a/doc/man3/RAND_load_file.pod
+++ b/doc/man3/RAND_load_file.pod
@@ -20,6 +20,8 @@ RAND_load_file() reads a number of bytes from file B<filename> and
 adds them to the PRNG. If B<max_bytes> is nonnegative,
 up to B<max_bytes> are read;
 if B<max_bytes> is -1, the complete file is read.
+RAND_load_file() can read less than the complete file or the requested number
+of bytes if it doesn't fit in the return value type.
 Do not load the same file multiple times unless its contents have
 been updated by RAND_write_file() between reads.
 Also, note that B<filename> should be adequately protected so that an
-- 
Gitee


From 302d77be74cf543137bd7f3dd4c2a6eb5e86132c Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <dev@ddvo.net>
Date: Thu, 28 Aug 2025 18:33:06 +0200
Subject: [PATCH 2/4] X509_VERIFY_PARAM_get0(): add check to defend on
 out-of-bound table access

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28404)

(cherry picked from commit 4ed6cfce586f7a78c0e7e3d314c2b785ac16f1a9)
Signed-off-by: jing-wang177 <wangjing561@huawei.com>
---
 crypto/x509/x509_vpm.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index b4f4c45998..fa87bdd028 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -608,6 +608,11 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
 {
     int num = OSSL_NELEM(default_table);
 
+    if (id < 0) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
+        return NULL;
+    }
+
     if (id < num)
         return default_table + id;
     return sk_X509_VERIFY_PARAM_value(param_table, id - num);
-- 
Gitee


From ca8afdbff7bdac326c5531109a3a3985f0080075 Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@openssl.org>
Date: Mon, 1 Sep 2025 14:05:33 +0200
Subject: [PATCH 3/4] apps/enc.c: avoid signed integer overflow on bufsize
 assignment

The calculated option value, while being long-typed, is not checked
for fitting into int-sized bufsize.  Avoid overflow by throwing error
if it is bigger than INT_MAX and document that behaviour.

Fixes: 7e1b7485706c "Big apps cleanup (option-parsing, etc)"
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665149
References: https://github.com/openssl/project/issues/1362

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28408)

(cherry picked from commit 98cb959999e4db9be524a972dccaf6b0c8167431)
Signed-off-by: jing-wang177 <wangjing561@huawei.com>
---
 apps/enc.c                  | 2 ++
 doc/man1/openssl-enc.pod.in | 1 +
 2 files changed, 3 insertions(+)

diff --git a/apps/enc.c b/apps/enc.c
index b3bf4cc259..5375fd8eb3 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -234,6 +234,8 @@ int enc_main(int argc, char **argv)
                 goto opthelp;
             if (k)
                 n *= 1024;
+            if (n > INT_MAX)
+                goto opthelp;
             bsize = (int)n;
             break;
         case OPT_K:
diff --git a/doc/man1/openssl-enc.pod.in b/doc/man1/openssl-enc.pod.in
index e6d5103bd9..35405ed381 100644
--- a/doc/man1/openssl-enc.pod.in
+++ b/doc/man1/openssl-enc.pod.in
@@ -177,6 +177,7 @@ or decryption.
 =item B<-bufsize> I<number>
 
 Set the buffer size for I/O.
+The maximum size that can be specified is B<2^31-1> (2147483647) bytes.
 
 =item B<-nopad>
 
-- 
Gitee


From 9815d5891bcfcf5c3396ec07a913e5c681a41801 Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@openssl.org>
Date: Mon, 1 Sep 2025 16:42:15 +0200
Subject: [PATCH 4/4] apps/ocsp.c: avoid using NULL resp

There are some code paths where resp is used without a previous check
for being non-NULL (specifically, OCSP_response_create() can return
NULL, and do_responder() can return -1, that would also lead to resp
being NULL).  Avoid hitting NULL dereferences by wrapping the code that
uses resp in "if (resp != NULL)".

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665155
References: https://github.com/openssl/project/issues/1362

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28408)

(cherry picked from commit e59fa197bafa0dbbff33ce2dee772539a6e70e9e)
Signed-off-by: jing-wang177 <wangjing561@huawei.com>
---
 apps/ocsp.c | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 821e224c6c..fe759c08ed 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -666,7 +666,8 @@ redo_accept:
                 resp =
                     OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST,
                                          NULL);
-                send_ocsp_response(cbio, resp);
+                if (resp != NULL)
+                    send_ocsp_response(cbio, resp);
             }
             goto done_resp;
         }
@@ -764,16 +765,18 @@ redo_accept:
         BIO_free(derbio);
     }
 
-    i = OCSP_response_status(resp);
-    if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
-        BIO_printf(out, "Responder Error: %s (%d)\n",
-                   OCSP_response_status_str(i), i);
-        if (!ignore_err)
+    if (resp != NULL) {
+        i = OCSP_response_status(resp);
+        if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+            BIO_printf(out, "Responder Error: %s (%d)\n",
+                       OCSP_response_status_str(i), i);
+            if (!ignore_err)
                 goto end;
-    }
+        }
 
-    if (resp_text)
-        OCSP_RESPONSE_print(out, resp, 0);
+        if (resp_text)
+            OCSP_RESPONSE_print(out, resp, 0);
+    }
 
     /* If running as responder don't verify our own response */
     if (cbio != NULL) {
-- 
Gitee