openssl/crypto
Matt Caswell 4cabbb9f48 Limit ASN.1 constructed types recursive definition depth
Constructed types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. Therefore we limit the stack depth.

CVE-2018-0739

Credit to OSSFuzz for finding this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2018-03-27 10:22:49 +01:00
..
aes Update copyright year 2018-03-20 13:08:46 +00:00
aria Fix potential null problem. 2017-09-01 09:30:18 +10:00
asn1 Limit ASN.1 constructed types recursive definition depth 2018-03-27 10:22:49 +01:00
async Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
bf Harmonize the make variables across all known platforms families 2018-02-14 17:13:53 +01:00
bio bio/bss_log.c: on DJGPP syslog facility is part of sockets library. 2018-03-22 11:49:17 +01:00
blake2 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
bn Update copyright year 2018-03-20 13:08:46 +00:00
buffer Remove parentheses of return. 2017-10-18 16:05:06 +01:00
camellia Harmonize the make variables across all known platforms families 2018-02-14 17:13:53 +01:00
cast Harmonize the make variables across all known platforms families 2018-02-14 17:13:53 +01:00
chacha Harmonize the make variables across all known platforms families 2018-02-14 17:13:53 +01:00
cmac Don't use deprecated EVP_CIPHER_CTX_cleanup() internally 2017-03-01 11:42:50 +01:00
cms Check for malloc failure 2017-11-27 14:47:42 -05:00
comp Add comments to NULL func ptrs in bio_method_st 2017-12-18 07:04:48 +10:00
conf Revise and cleanup; use strict,warnings 2018-03-19 10:23:28 -04:00
ct Null pointer used. 2017-09-18 06:52:13 +10:00
des Harmonize the make variables across all known platforms families 2018-02-14 17:13:53 +01:00
dh Convert _meth_get_ functions to const getters 2018-03-21 10:37:05 +00:00
dsa Convert _meth_get_ functions to const getters 2018-03-21 10:37:05 +00:00
dso Add dladdr() for AIX 2018-03-20 21:33:50 -04:00
ec curve448/field.h: relax alignment, as it doesn't work universally. 2018-03-22 11:50:44 +01:00
engine Update copyright year 2018-03-20 13:08:46 +00:00
err Limit ASN.1 constructed types recursive definition depth 2018-03-27 10:22:49 +01:00
evp Convert _meth_get_ functions to const getters 2018-03-21 10:37:05 +00:00
hmac Update copyright year 2018-03-20 13:08:46 +00:00
idea Remove parentheses of return. 2017-10-18 16:05:06 +01:00
include/internal Move the handling of dso_scheme to dso_conf.h 2018-03-23 01:02:08 +01:00
kdf Update copyright year 2018-03-20 13:08:46 +00:00
lhash Remove unused num.pl,segregnam scripts 2018-02-22 15:36:27 -05:00
md2 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
md4 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
md5 Harmonize the make variables across all known platforms families 2018-02-14 17:13:53 +01:00
mdc2 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
modes Harmonize the make variables across all known platforms families 2018-02-14 17:13:53 +01:00
objects Update copyright year 2018-03-20 13:08:46 +00:00
ocsp Update copyright year 2018-02-13 13:59:25 +00:00
pem Update copyright year 2018-03-20 13:08:46 +00:00
perlasm Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
pkcs7 Update copyright year 2018-03-20 13:08:46 +00:00
pkcs12 Add checks for alloc failing. 2017-09-06 09:52:16 -04:00
poly1305 Update copyright year 2018-03-20 13:08:46 +00:00
rand DRBG: Use the EVP layer to do AES encryption 2018-03-21 21:32:47 +01:00
rc2 Remove email addresses from source code. 2017-10-13 10:06:59 -04:00
rc4 Update copyright year 2018-03-20 13:08:46 +00:00
rc5 Harmonize the make variables across all known platforms families 2018-02-14 17:13:53 +01:00
ripemd Harmonize the make variables across all known platforms families 2018-02-14 17:13:53 +01:00
rsa Convert _meth_get_ functions to const getters 2018-03-21 10:37:05 +00:00
seed
sha Update copyright year 2018-03-20 13:08:46 +00:00
siphash Update copyright year 2018-03-20 13:08:46 +00:00
sm2 Update copyright year 2018-03-20 13:08:46 +00:00
sm3 SM3: restructure to EVP internal and update doc to right location 2017-11-06 07:21:15 +08:00
sm4 SM4: Add SM4 block cipher to EVP 2017-10-31 15:19:14 +10:00
srp update SRP copyright notice 2018-03-13 18:33:44 +10:00
stack Add sk_TYPE_new_reserve() function 2017-10-26 09:35:36 +10:00
store store/loader_file.c: rename variables causing conflicts with Android NDK. 2018-03-13 19:31:44 +01:00
ts Update copyright year 2018-03-20 13:08:46 +00:00
txt_db Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ui Removre comment with user's name 2017-11-08 10:37:52 -05:00
whrlpool Harmonize the make variables across all known platforms families 2018-02-14 17:13:53 +01:00
x509 Update copyright year 2018-03-20 13:08:46 +00:00
x509v3 Update copyright year 2018-02-27 13:59:42 +00:00
alphacpuid.pl
arm64cpuid.pl Update copyright year 2018-02-13 13:59:25 +00:00
arm_arch.h Update copyright year 2018-02-13 13:59:25 +00:00
armcap.c crypto/armcap.c: mask SHA512 hardware detection on iOS. 2018-03-06 23:18:24 +01:00
armv4cpuid.pl
build.info Display the library building flags 2018-03-09 14:07:59 +01:00
c64xpluscpuid.pl Many spelling fixes/typo's corrected. 2017-11-11 19:03:10 -05:00
cpt_err.c make error tables const and separate header file 2017-06-07 15:12:03 -04:00
cryptlib.c Make OPENSSL_rdtsc universally available. 2018-02-07 10:08:15 +10:00
ctype.c Check for EOF in ASCII conversions. 2017-08-25 06:42:17 +10:00
cversion.c Fix SOURCE_DATE_EPOCH bug; use UTC 2017-11-27 14:34:14 -05:00
dllmain.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ebcdic.c Remove email addresses from source code. 2017-10-13 10:06:59 -04:00
ex_data.c Update copyright year 2018-02-13 13:59:25 +00:00
ia64cpuid.S Fix typo in files in crypto folder 2017-08-05 20:42:06 +02:00
init.c Include "internal/dso_conf.h" where needed and appropriate 2018-03-23 01:05:23 +01:00
LPdir_nyi.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_unix.c Adjust LPdir_unix.c on VMS for OpenSSL expectations 2018-03-12 23:01:02 +01:00
LPdir_vms.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win32.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_wince.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
mem.c Avoid unconditional store in CRYPTO_malloc. 2018-03-06 13:21:49 -05:00
mem_clr.c
mem_dbg.c Update copyright year 2018-02-13 13:59:25 +00:00
mem_sec.c mem_sec.c: portability fixup. 2018-03-12 11:03:17 +01:00
mips_arch.h
o_dir.c Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
o_fips.c Clean up references to FIPS 2017-02-28 15:26:25 +01:00
o_fopen.c o_fopen.c: compensate for e_os.h omission. 2018-03-22 11:48:43 +01:00
o_init.c Use "" not <> on e_os.h include 2017-08-22 11:07:56 -04:00
o_str.c Revert "GH614: Use memcpy()/strdup() when possible" 2017-09-14 10:26:54 +10:00
o_time.c Fix typo in files in crypto folder 2017-08-05 20:42:06 +02:00
pariscid.pl
ppc_arch.h
ppccap.c crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X. 2017-04-02 20:45:59 +02:00
ppccpuid.pl
s390x_arch.h s390x assembly pack: add KMAC code path for aes-ccm 2018-02-06 19:39:52 +01:00
s390xcap.c s390x assembly pack: extend s390x capability vector. 2017-10-30 14:31:32 +01:00
s390xcpuid.pl s390x assembly pack: implement OPENSSL_rdtsc as STCKF 2018-02-13 20:34:38 +01:00
sparc_arch.h
sparccpuid.S Clean up references to FIPS 2017-02-28 15:26:25 +01:00
sparcv9cap.c Create a prototype for OPENSSL_rdtsc 2017-11-25 14:30:11 +01:00
threads_none.c Add atomic write call 2017-10-10 08:45:53 +10:00
threads_pthread.c Return a value from atomic read on Windows. 2017-10-11 09:47:54 +10:00
threads_win.c Return a value from atomic read on Windows. 2017-10-11 09:47:54 +10:00
uid.c Cleaning UEFI Build with additional OPENSSL_SYS_UEFI flags 2017-03-29 07:35:59 +02:00
vms_rms.h
x86_64cpuid.pl Fix issues in ia32 RDRAND asm leading to reduced entropy 2018-03-08 10:27:49 -05:00
x86cpuid.pl Fix issues in ia32 RDRAND asm leading to reduced entropy 2018-03-08 10:27:49 -05:00