Dr. Stephen Henson
f422a51486
Remove old ASN.1 code.
...
Remove old M_ASN1_ macros and replace any occurences with the corresponding
function.
Remove d2i_ASN1_bytes, d2i_ASN1_SET, i2d_ASN1_SET: no longer used internally.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-23 13:15:06 +00:00
Emilia Kasper
c225c3cf9b
PKCS#7: avoid NULL pointer dereferences with missing content
...
In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.
This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.
Correcting all low-level API calls requires further work.
CVE-2015-0289
Thanks to Michal Zalewski (Google) for reporting this issue.
Reviewed-by: Steve Henson <steve@openssl.org>
2015-03-19 13:01:13 +00:00
Dr. Stephen Henson
9b0a453190
Make X509_ATTRIBUTE opaque.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-16 15:54:19 +00:00
Rich Salz
02a938c953
Dead code removal: #if 0 asn1, pkcs7
...
Keep one #if 0 but rename the symbol to be more descriptive of what
it's doing (you can disable support for old broken Netscape software).
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-30 15:35:49 -05:00
Matt Caswell
0f113f3ee4
Run util/openssl-format-source -v -c .
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
2d2e0479eb
Fixed NULL pointer dereference in PKCS7_dataDecode reported by David Ramos in PR#3339
2014-05-07 23:21:02 +01:00
Ben Laurie
4ba5e63bfd
Fix double frees.
2014-04-22 16:58:43 +01:00
Veres Lajos
478b50cf67
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
Dr. Stephen Henson
f404acfa2c
Submitted by: Markus Friedl <mfriedl@gmail.com>
...
Fix memory leaks in 'goto err' cases.
2012-03-22 15:44:51 +00:00
Dr. Stephen Henson
146b52edd1
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
...
continue with symmetric decryption process to avoid leaking timing
information to an attacker.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 16:31:39 +00:00
Ben Laurie
c8bbd98a2b
Fix warnings.
2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
b6dcdbfc94
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
Ben Laurie
48bd505c0b
If you're going to check for negative, use an signed integer! Coverity ID 122.
2007-04-05 17:31:29 +00:00
Nils Larsch
907e99623c
check return value of ASN1_item_i2d(), Coverity ID 55
2007-04-04 19:41:20 +00:00
Ben Laurie
4f1a0b2c21
Handle bad content type. Coverity ID 99.
2007-04-04 15:31:17 +00:00
Nils Larsch
689f9faba4
fix potential memory leaks
...
PR: 1462
2007-02-03 09:55:42 +00:00
Dr. Stephen Henson
559d50138f
Add bit I missed from PKCS#7 streaming encoder.
2006-12-24 16:46:47 +00:00
Ben Laurie
777c47acbe
Make things static that should be. Declare stuff in headers that should be.
...
Fix warnings.
2006-08-28 17:01:04 +00:00
Dr. Stephen Henson
786aa98da1
Use correct pointer types for various functions.
2006-07-20 16:56:47 +00:00
Dr. Stephen Henson
b7683e3a5d
Allow digests to supply S/MIME micalg values from a ctrl.
...
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
2006-07-10 18:36:55 +00:00
Dr. Stephen Henson
0e3453536e
Fix warnings.
2006-05-24 13:29:32 +00:00
Dr. Stephen Henson
5531192151
Add -resign and -md options to smime command to support resigning an
...
existing structure and using alternative digest for signing.
2006-05-18 23:44:44 +00:00
Dr. Stephen Henson
76fa8f1838
More S/MIME tidy. Place some common attribute operations in utility
...
functions.
2006-05-18 17:20:23 +00:00
Dr. Stephen Henson
f2b139ed1f
Remove old digest type hacks for non RSA keys.
2006-05-18 13:05:20 +00:00
Dr. Stephen Henson
7144c4212a
Update PKCS#7 decrypt routines to use new API.
2006-05-08 16:38:19 +00:00
Dr. Stephen Henson
399a6f0bd1
Update PKCS#7 enveloped data to new API.
2006-05-08 12:44:25 +00:00
Dr. Stephen Henson
3d153f7985
Remove dss1 hack from S/MIME code.
2006-04-19 17:47:15 +00:00
Dr. Stephen Henson
f733a5ef0e
Initial functions for main EVP_PKEY_METHOD operations.
...
No method implementations yet.
2006-04-07 16:42:09 +00:00
Dr. Stephen Henson
8f2e4fdf86
Allow PKCS7_decrypt() to work if no cert supplied.
2005-08-04 22:15:22 +00:00
Bodo Möller
8afca8d9c6
Fix more error codes.
...
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
a0e7c8eede
Add lots of checks for memory allocation failure, error codes to indicate
...
failure and freeing up memory if a failure occurs.
PR:620
2004-12-05 01:03:15 +00:00
Dr. Stephen Henson
216659eb87
Enhance EVP code to generate random symmetric keys of the
...
appropriate form, for example correct DES parity.
Update S/MIME code and EVP_SealInit to use new functions.
PR: 700
2004-03-28 17:38:00 +00:00
Dr. Stephen Henson
c5a5546389
Add support for digested data PKCS#7 type.
2003-10-11 22:11:45 +00:00
Dr. Stephen Henson
77fe058c10
Simplify cipher and digest lookup in PKCS#7 code.
2003-10-11 16:46:40 +00:00
Dr. Stephen Henson
caf044cb3e
Retrieve correct content to sign when the
...
type is "other".
2003-10-10 23:25:43 +00:00
Dr. Stephen Henson
beab098d53
Various S/MIME bug and compatibility fixes.
2003-06-01 20:51:58 +00:00
Richard Levitte
4579924b7e
Cleanse memory using the new OPENSSL_cleanse() function.
...
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Bodo Möller
5488bb6197
get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead)
...
Submitted by: Nils Larsch
2002-08-12 08:47:41 +00:00
Dr. Stephen Henson
b12540520d
Always init ctx_tmp in PKCS7_dataFinal since it is always cleaned up.
2002-02-26 19:33:24 +00:00
Bodo Möller
4d94ae00d5
ECDSA support
...
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Richard Levitte
67fec850e1
Allow verification of other types than DATA.
...
Submitted by Leonard Janke <leonard@votehere.net>
2002-01-02 11:54:38 +00:00
Dr. Stephen Henson
f3e24baddf
Don't overwrite signing time.
2001-12-07 00:36:32 +00:00
Dr. Stephen Henson
581f1c8494
Modify EVP cipher behaviour in a similar way
...
to digests to retain compatibility.
2001-10-17 00:37:12 +00:00
Dr. Stephen Henson
20d2186c87
Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
...
with existing code.
Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Geoff Thorpe
79aa04ef27
Make the necessary changes to work with the recent "ex_data" overhaul.
...
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Ben Laurie
dbad169019
Really add the EVP and all of the DES changes.
2001-07-30 23:57:25 +00:00
Richard Levitte
4ac881ede3
Fix couple of memory leaks in PKCS7_dataDecode().
...
(provided by Stephen)
2001-04-05 10:19:12 +00:00
Richard Levitte
271da5a2e0
avoid linking problems when OpenSSL is built with no-dsa. Spotted by Hellan,Kim KHE <khe@kmd.dk>
2001-03-20 15:36:59 +00:00
Bodo Möller
5277d7cb7c
Fix ERR_R_... problems.
2001-03-07 01:19:07 +00:00