CVE-2023-0401

A NULL pointer can be dereferenced when signatures are being<br /> verified on PKCS7 signed or signedAndEnveloped data. In case the hash<br /> algorithm used for the signature is known to the OpenSSL library but<br /> the implementation of the hash algorithm is not available the digest<br /> initialization will fail. There is a missing check for the return<br /> value from the initialization function which later leads to invalid<br /> usage of the digest API most likely leading to a crash.<br /> <br /> The unavailability of an algorithm can be caused by using FIPS<br /> enabled configuration of providers or more commonly by not loading<br /> the legacy provider.<br /> <br /> PKCS7 data is processed by the SMIME library calls and also by the<br /> time stamp (TS) library calls. The TLS implementation in OpenSSL does<br /> not call these functions however third party applications would be<br /> affected if they call these functions to verify signatures on untrusted<br /> data.