We read every piece of feedback, and take your input very seriously.
2 parents 7c7b2e6 + d1a12e2 commit 87085bdCopy full SHA for 87085bd
openssl-sys/CHANGELOG.md
@@ -2,6 +2,12 @@
2
3
## [Unreleased]
4
5
+## [v0.9.107] - 2025-04-04
6
+
7
+### Added
8
9
+* Support for building with AWS-LC.
10
11
## [v0.9.106] - 2025-02-15
12
13
### Added
@@ -636,7 +642,8 @@ Fixed builds against OpenSSL built with `no-cast`.
636
642
* Added `X509_verify` and `X509_REQ_verify`.
637
643
* Added `EVP_MD_type` and `EVP_GROUP_get_curve_name`.
638
644
639
-[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.106..master
645
+[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.107..master
646
+[v0.9.107]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.106...openssl-sys-v0.9.107
640
647
[v0.9.106]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.105...openssl-sys-v0.9.106
641
648
[v0.9.105]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.104...openssl-sys-v0.9.105
649
[v0.9.104]: https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.103...openssl-sys-v0.9.104
openssl-sys/Cargo.toml
@@ -1,6 +1,6 @@
1
[package]
name = "openssl-sys"
-version = "0.9.106"
+version = "0.9.107"
authors = [
"Alex Crichton <alex@alexcrichton.com>",
"Steven Fackler <sfackler@gmail.com>",
openssl/CHANGELOG.md
@@ -2,6 +2,16 @@
+## [v0.10.72] - 2025-04-04
+### Fixed
+* Fixed use-after-free in `Md::fetch` and `Cipher::fetch` when `properties` is `Some(...)`. In practice this use-after-free most likely resulted in OpenSSL treating the `properties` as `b""`.
14
15
## [v0.10.71] - 2025-02-15
16
17
@@ -959,7 +969,8 @@
959
969
960
970
Look at the [release tags] for information about older releases.
961
971
962
-[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.71...master
972
+[Unreleased]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.72...master
973
+[v0.10.72]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.71...openssl-v0.10.72
963
974
[v0.10.71]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.70...openssl-v0.10.71
964
975
[v0.10.70]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.69...openssl-v0.10.70
965
976
[v0.10.69]: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.68...openssl-v0.10.69
openssl/Cargo.toml
name = "openssl"
-version = "0.10.71"
+version = "0.10.72"
authors = ["Steven Fackler <sfackler@gmail.com>"]
license = "Apache-2.0"
description = "OpenSSL bindings"
@@ -32,7 +32,7 @@ libc = "0.2"
32
once_cell = "1.5.2"
33
34
openssl-macros = { version = "0.1.1", path = "../openssl-macros" }
35
-ffi = { package = "openssl-sys", version = "0.9.106", path = "../openssl-sys" }
+ffi = { package = "openssl-sys", version = "0.9.107", path = "../openssl-sys" }
36
37
[dev-dependencies]
38
hex = "0.4"
openssl/src/cipher.rs
@@ -146,7 +146,7 @@ impl Cipher {
146
let ptr = cvt_p(ffi::EVP_CIPHER_fetch(
147
ctx.map_or(ptr::null_mut(), ForeignTypeRef::as_ptr),
148
algorithm.as_ptr(),
149
- properties.map_or(ptr::null_mut(), |s| s.as_ptr()),
+ properties.as_ref().map_or(ptr::null_mut(), |s| s.as_ptr()),
150
))?;
151
152
Ok(Cipher::from_ptr(ptr))
@@ -595,3 +595,15 @@ impl CipherRef {
595
unsafe { EVP_CIPHER_block_size(self.as_ptr()) as usize }
596
}
597
598
599
+#[cfg(test)]
600
+mod test {
601
+ #[cfg(ossl300)]
602
+ use super::Cipher;
603
604
+ #[test]
605
606
+ fn test_cipher_fetch_properties() {
607
+ assert!(Cipher::fetch(None, "AES-128-GCM", Some("provider=gibberish")).is_err());
608
+ }
609
+}
openssl/src/lib.rs
@@ -60,19 +60,19 @@
60
//! override the automatic detection logic.
61
//!
62
//! * `OPENSSL_DIR` - If specified, the directory of an OpenSSL installation. The directory should contain `lib` and
63
-//! `include` subdirectories containing the libraries and headers respectively.
+//! `include` subdirectories containing the libraries and headers respectively.
64
//! * `OPENSSL_LIB_DIR` and `OPENSSL_INCLUDE_DIR` - If specified, the directories containing the OpenSSL libraries and
65
-//! headers respectively. This can be used if the OpenSSL installation is split in a nonstandard directory layout.
+//! headers respectively. This can be used if the OpenSSL installation is split in a nonstandard directory layout.
66
//! * `OPENSSL_STATIC` - If set, the crate will statically link to OpenSSL rather than dynamically link.
67
//! * `OPENSSL_LIBS` - If set, a `:`-separated list of library names to link to (e.g. `ssl:crypto`). This can be used
68
-//! if nonstandard library names were used for whatever reason.
+//! if nonstandard library names were used for whatever reason.
69
//! * `OPENSSL_NO_VENDOR` - If set, always find OpenSSL in the system, even if the `vendored` feature is enabled.
70
71
//! If the `vendored` Cargo feature is enabled, the following environment variable can also be used to further configure
72
//! the OpenSSL build.
73
74
//! * `OPENSSL_CONFIG_DIR` - If set, the copy of OpenSSL built by the `openssl-src` crate will be configured to look for
75
-//! configuration files and root certificates in this directory.
+//! configuration files and root certificates in this directory.
76
77
//! Additionally, these variables can be prefixed with the upper-cased target architecture (e.g.
78
//! `X86_64_UNKNOWN_LINUX_GNU_OPENSSL_DIR`), which can be useful when cross compiling.
openssl/src/md.rs
@@ -109,7 +109,7 @@ impl Md {
109
let ptr = cvt_p(ffi::EVP_MD_fetch(
110
111
112
113
114
115
Ok(Md::from_ptr(ptr))
@@ -233,3 +233,15 @@ impl MdRef {
233
unsafe { Nid::from_raw(ffi::EVP_MD_type(self.as_ptr())) }
234
235
236
237
238
239
240
+ use super::Md;
241
242
243
244
+ fn test_md_fetch_properties() {
245
+ assert!(Md::fetch(None, "SHA-256", Some("provider=gibberish")).is_err());
246
247