[openssl/openssl] 1a97cb: crypto/rand/randfile.c: avoid signed integer overf...
0 views
Skip to first unread message
esyr
Sep 9, 2025, 2:23:38 PM (3 days ago) Sep 9
to openssl...@openssl.org
Branch: refs/heads/openssl-3.2
Home: https://github.com/openssl/openssl
Commit: 1a97cbcc21e0bd7b9ced40a03927e695ca0fe70b
https://github.com/openssl/openssl/commit/1a97cbcc21e0bd7b9ced40a03927e695ca0fe70b
Author: Eugene Syromiatnikov <es...@openssl.org>
Date: 2025-09-09 (Tue, 09 Sep 2025)
Changed paths:
M crypto/rand/randfile.c
M doc/man3/RAND_load_file.pod
Log Message:
-----------
crypto/rand/randfile.c: avoid signed integer overflow in RAND_load_file
If a file supplied to RAND_load_file is too big (more than INT_MAX bytes),
it is possible to trigger a signer integer overflow during ret calculation.
Avoid it by returning early when we are about to hit it on the next
iteration.
Reported-by: Liu-Ermeng <liuer...@huawei.com>
Resolves: https://github.com/openssl/openssl/issues/28375
Signed-off-by: Eugene Syromiatnikov <es...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28379)
(cherry picked from commit 35db6a15d436aa4d981ebcd581eded55fc8c8fb6)
Commit: c8536f06cfc40c939084b9c4d2f72539fe25ddd5
https://github.com/openssl/openssl/commit/c8536f06cfc40c939084b9c4d2f72539fe25ddd5
Author: Eugene Syromiatnikov <es...@openssl.org>
Date: 2025-09-09 (Tue, 09 Sep 2025)
Changed paths:
M doc/man3/RAND_load_file.pod
Log Message:
-----------
doc/man3/RAND_load_file.pod: RAND_load_file on non-regular files with bytes=-1
Mention that RAND_load_file attempts to read only RAND_DRBG_STRENGTH
bytes on non-regular files if the number of bytes to be read
is not specified explicitly.
Signed-off-by: Eugene Syromiatnikov <es...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28379)
(cherry picked from commit 0daaf33275196dd5af9535d69b0d521b9e4d03de)
Compare: https://github.com/openssl/openssl/compare/c06e51cce3ae...c8536f06cfc4
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: 1a97cbcc21e0bd7b9ced40a03927e695ca0fe70b
https://github.com/openssl/openssl/commit/1a97cbcc21e0bd7b9ced40a03927e695ca0fe70b
Author: Eugene Syromiatnikov <es...@openssl.org>
Date: 2025-09-09 (Tue, 09 Sep 2025)
Changed paths:
M crypto/rand/randfile.c
M doc/man3/RAND_load_file.pod
Log Message:
-----------
crypto/rand/randfile.c: avoid signed integer overflow in RAND_load_file
If a file supplied to RAND_load_file is too big (more than INT_MAX bytes),
it is possible to trigger a signer integer overflow during ret calculation.
Avoid it by returning early when we are about to hit it on the next
iteration.
Reported-by: Liu-Ermeng <liuer...@huawei.com>
Resolves: https://github.com/openssl/openssl/issues/28375
Signed-off-by: Eugene Syromiatnikov <es...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28379)
(cherry picked from commit 35db6a15d436aa4d981ebcd581eded55fc8c8fb6)
Commit: c8536f06cfc40c939084b9c4d2f72539fe25ddd5
https://github.com/openssl/openssl/commit/c8536f06cfc40c939084b9c4d2f72539fe25ddd5
Author: Eugene Syromiatnikov <es...@openssl.org>
Date: 2025-09-09 (Tue, 09 Sep 2025)
Changed paths:
M doc/man3/RAND_load_file.pod
Log Message:
-----------
doc/man3/RAND_load_file.pod: RAND_load_file on non-regular files with bytes=-1
Mention that RAND_load_file attempts to read only RAND_DRBG_STRENGTH
bytes on non-regular files if the number of bytes to be read
is not specified explicitly.
Signed-off-by: Eugene Syromiatnikov <es...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Saša Nedvědický <sas...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28379)
(cherry picked from commit 0daaf33275196dd5af9535d69b0d521b9e4d03de)
Compare: https://github.com/openssl/openssl/compare/c06e51cce3ae...c8536f06cfc4
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages