[openssl/openssl] e9b407: crypto/rand/randfile.c: avoid signed integer overf...
0 views
Skip to first unread message
esyr
Sep 9, 2025, 2:23:38 PM (3 days ago) Sep 9
to openssl...@openssl.org
Branch: refs/heads/openssl-3.3
Home: https://github.com/openssl/openssl
Commit: e9b4071c663d559d917281401eab4c2b8a3be2e7
https://github.com/openssl/openssl/commit/e9b4071c663d559d917281401eab4c2b8a3be2e7
Author: Eugene Syromiatnikov <es...@openssl.org>
Date: 2025-09-09 (Tue, 09 Sep 2025)
Changed paths:
M crypto/rand/randfile.c
M doc/man3/RAND_load_file.pod
Log Message:
-----------
crypto/rand/randfile.c: avoid signed integer overflow in RAND_load_file
If a file supplied to RAND_load_file is too big (more than INT_MAX bytes),
it is possible to trigger a signer integer overflow during ret calculation.
Avoid it by returning early when we are about to hit it on the next
iteration.
Reported-by: Liu-Ermeng <liuer...@huawei.com>
Resolves: https://github.com/openssl/openssl/issues/28375
Signed-off-by: Eugene Syromiatnikov <es...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28379)
(cherry picked from commit 35db6a15d436aa4d981ebcd581eded55fc8c8fb6)
Commit: c3ee9d5b386ed5ca575917396c75f5c4b61be679
https://github.com/openssl/openssl/commit/c3ee9d5b386ed5ca575917396c75f5c4b61be679
Author: Eugene Syromiatnikov <es...@openssl.org>
Date: 2025-09-09 (Tue, 09 Sep 2025)
Changed paths:
M doc/man3/RAND_load_file.pod
Log Message:
-----------
doc/man3/RAND_load_file.pod: RAND_load_file on non-regular files with bytes=-1
Mention that RAND_load_file attempts to read only RAND_DRBG_STRENGTH
bytes on non-regular files if the number of bytes to be read
is not specified explicitly.
Signed-off-by: Eugene Syromiatnikov <es...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28379)
(cherry picked from commit 0daaf33275196dd5af9535d69b0d521b9e4d03de)
Compare: https://github.com/openssl/openssl/compare/c94331eab063...c3ee9d5b386e
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: e9b4071c663d559d917281401eab4c2b8a3be2e7
https://github.com/openssl/openssl/commit/e9b4071c663d559d917281401eab4c2b8a3be2e7
Author: Eugene Syromiatnikov <es...@openssl.org>
Date: 2025-09-09 (Tue, 09 Sep 2025)
Changed paths:
M crypto/rand/randfile.c
M doc/man3/RAND_load_file.pod
Log Message:
-----------
crypto/rand/randfile.c: avoid signed integer overflow in RAND_load_file
If a file supplied to RAND_load_file is too big (more than INT_MAX bytes),
it is possible to trigger a signer integer overflow during ret calculation.
Avoid it by returning early when we are about to hit it on the next
iteration.
Reported-by: Liu-Ermeng <liuer...@huawei.com>
Resolves: https://github.com/openssl/openssl/issues/28375
Signed-off-by: Eugene Syromiatnikov <es...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28379)
(cherry picked from commit 35db6a15d436aa4d981ebcd581eded55fc8c8fb6)
Commit: c3ee9d5b386ed5ca575917396c75f5c4b61be679
https://github.com/openssl/openssl/commit/c3ee9d5b386ed5ca575917396c75f5c4b61be679
Author: Eugene Syromiatnikov <es...@openssl.org>
Date: 2025-09-09 (Tue, 09 Sep 2025)
Changed paths:
M doc/man3/RAND_load_file.pod
Log Message:
-----------
doc/man3/RAND_load_file.pod: RAND_load_file on non-regular files with bytes=-1
Mention that RAND_load_file attempts to read only RAND_DRBG_STRENGTH
bytes on non-regular files if the number of bytes to be read
is not specified explicitly.
Signed-off-by: Eugene Syromiatnikov <es...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28379)
(cherry picked from commit 0daaf33275196dd5af9535d69b0d521b9e4d03de)
Compare: https://github.com/openssl/openssl/compare/c94331eab063...c3ee9d5b386e
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages