Commit 48b788cad3 for openssl.org
commit 48b788cad3e66b51b48a88f44881bbd4b865bad8
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Mon Jan 5 14:27:15 2026 +0100
Fix a possible crash in ASN1_generate_nconf
Due to an out of memory error, the i2d_ASN1_TYPE might fail
and cause a segfault.
This adds a missing check for NULL pointer and a test case
that exercises IMPLICIT and EXPLICT tagging in generate_v3,
since there was no test coverage at all for this code section.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Jan 8 10:13:43 2026
(Merged from https://github.com/openssl/openssl/pull/29545)
diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c
index 4561b227b1..e15991302b 100644
--- a/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
@@ -149,6 +149,8 @@ static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
ASN1_TYPE_free(ret);
ret = NULL;
+ if (orig_der == NULL)
+ return NULL;
/* Set point to start copying for modified encoding */
cpy_start = orig_der;
diff --git a/test/recipes/04-test_asn1_parse.t b/test/recipes/04-test_asn1_parse.t
index f3af436592..d745f34d59 100644
--- a/test/recipes/04-test_asn1_parse.t
+++ b/test/recipes/04-test_asn1_parse.t
@@ -12,7 +12,7 @@ use OpenSSL::Test::Utils;
setup("test_asn1_parse");
-plan tests => 3;
+plan tests => 4;
$ENV{OPENSSL_CONF} = srctop_file("test", "test_asn1_parse.cnf");
@@ -24,3 +24,6 @@ ok(run(app(([ 'openssl', 'asn1parse',
ok(run(app(([ 'openssl', 'asn1parse',
'-genstr', 'OID:1.2.3.4.3']))));
+
+ok(run(app(([ 'openssl', 'asn1parse',
+ '-genconf', srctop_file("test", "test_asn1_genconf.cnf")]))));
diff --git a/test/test_asn1_genconf.cnf b/test/test_asn1_genconf.cnf
new file mode 100644
index 0000000000..946bab7962
--- /dev/null
+++ b/test/test_asn1_genconf.cnf
@@ -0,0 +1,5 @@
+asn1=SEQUENCE:seq
+
+[seq]
+impl=IMPLICIT:1,BOOL:true
+expl=EXPLICIT:2,BITWRAP,OCT:X