Dr. Stephen Henson
00e86a74bd
ASN1 sanity check.
...
Primitive encodings shouldn't use indefinite length constructed
form.
PR#2438 (partial).
(cherry picked from commit 398e99fe5e
)
2014-07-02 01:01:55 +01:00
Dr. Stephen Henson
9fb10cfe6b
Memory leak and NULL dereference fixes.
...
PR#3403
(cherry picked from commit d2aea03829
)
Conflicts:
apps/crl2p7.c
crypto/asn1/a_utctm.c
crypto/asn1/ameth_lib.c
crypto/asn1/bio_asn1.c
2014-06-27 15:33:18 +01:00
Dr. Stephen Henson
61e6e80fe5
Set default global mask to UTF8 only.
...
(cherry picked from commit 3009244da4
)
2014-06-01 15:04:49 +01:00
Dr. Stephen Henson
1cbd7456aa
Print out DSA key if parameters absent.
...
In DSA_print DSA parameters can be absent (e.g inherited) it is
not a fatal error.
2013-04-07 22:50:55 +01:00
Dr. Stephen Henson
1643edc63c
Encode INTEGER correctly.
...
If an ASN1_INTEGER structure is allocated but not explicitly set encode
it as zero: don't generate an invalid zero length INTEGER.
2013-03-18 14:19:40 +00:00
Dr. Stephen Henson
66e8211c0b
Don't try and verify signatures if key is NULL (CVE-2013-0166)
...
Add additional check to catch this in ASN1_item_verify too.
2013-02-05 16:50:31 +00:00
Bodo Möller
f7d2402cab
Fix Valgrind warning.
...
Submitted by: Adam Langley
2012-09-24 19:50:07 +00:00
Dr. Stephen Henson
4baee3031c
PR: 2813
...
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>
Fix possible deadlock when decoding public keys.
2012-05-11 13:49:15 +00:00
Dr. Stephen Henson
556e27b14f
Check for potentially exploitable overflows in asn1_d2i_read_bio
...
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
2012-04-19 11:36:09 +00:00
Dr. Stephen Henson
215276243d
corrected fix to PR#2711 and also cover mime_param_cmp
2012-03-12 15:25:53 +00:00
Dr. Stephen Henson
f0be325f88
Fix memory leak cause by race condition when creating public keys.
...
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-28 14:47:36 +00:00
Dr. Stephen Henson
b66af23aa9
free headers after use in error message
2012-02-27 16:26:32 +00:00
Dr. Stephen Henson
8a4e81a269
PR: 2711
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Tolerate bad MIME headers in parser.
2012-02-23 21:50:13 +00:00
Bodo Möller
1c7c69a8a5
Fix memory leak on bad inputs.
2011-09-05 09:56:48 +00:00
Dr. Stephen Henson
82a5049f6a
PR: 2556 (partial)
...
Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve
Fix OID routines.
Check on encoding leading zero rejection should start at beginning of
encoding.
Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.
2011-07-14 12:01:08 +00:00
Dr. Stephen Henson
102bcbce8d
correctly encode OIDs near 2^32
2011-06-22 15:15:20 +00:00
Dr. Stephen Henson
a3dc628d86
PR: 2433
...
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve
Constify ASN1_STRING_set_default_mask_asc().
2011-01-24 16:21:00 +00:00
Dr. Stephen Henson
9ad765173f
Fix escaping code for string printing. If *any* escaping is enabled we
...
must escape the escape character itself (backslash).
2011-01-03 01:26:33 +00:00
Dr. Stephen Henson
6cb5746b65
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
...
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-10-03 18:55:57 +00:00
Ben Laurie
d886975835
Fix gcc 4.6 warnings. Check TLS server hello extension length.
2010-06-12 13:18:58 +00:00
Dr. Stephen Henson
5e8e7054f7
The OID sanity check was incorrect. It should only disallow *leading* 0x80
...
values.
2010-03-07 16:40:31 +00:00
Dr. Stephen Henson
b61a87b26c
check new_der for NULL too
2009-11-10 00:46:57 +00:00
Dr. Stephen Henson
2c6b141931
PR: 2090
...
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org
Improve error checking in asn1_gen.c
2009-11-10 00:40:42 +00:00
Dr. Stephen Henson
381a9f04a0
Fix unitialized warnings
2009-10-04 16:53:18 +00:00
Dr. Stephen Henson
6d73e9d8e8
PR: 2056
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_wirte error handling in asn1_par.c
2009-10-01 00:12:49 +00:00
Dr. Stephen Henson
17b08b6a64
PR: 1644
...
Submitted by: steve@openssl.org
Fix to make DHparams_dup() et al work in C++.
For 0.9.8, we just change the macro to avoid making incompatible changes to
the API.
2009-09-06 15:46:46 +00:00
Dr. Stephen Henson
3af16cf694
Backport GeneralizedTime fractional seconds support from HEAD.
2009-08-10 15:15:27 +00:00
Dr. Stephen Henson
059230b320
Reject leading 0x80 in OID subidentifiers.
2009-08-06 16:22:57 +00:00
Dr. Stephen Henson
c60dca1f95
PR: 1868
...
Submitted by: Paolo Ganci <Paolo.Ganci@AdNovum.CH>
Approved by: steve@openssl.org
Don't set fields to NULL when freeing them up in ASN1 code. On some platforms
with sizeof(long) < sizeof(char *) this can cause a crash.
2009-03-25 10:42:34 +00:00
Dr. Stephen Henson
f021b7cca6
Reject BMPStrings and UniversalStrings of invalid length. This prevents
...
a crash in ASN1_STRING_print_ex() which assumes they are valid.
2009-03-25 10:35:57 +00:00
Dr. Stephen Henson
044855e146
Permit nested ASN1 string encoding but with a maximum depth to avoid
...
stack overflow.
2009-03-14 18:33:25 +00:00
Dr. Stephen Henson
ee4041b8bd
PR: 1841
...
Submitted by: Martin Kaiser <lists@kaiser.cx>
Reviewed by: steve@openssl.org
Remove unused code.
2009-03-08 23:05:34 +00:00
Dr. Stephen Henson
72f6453c48
PR: 1835
...
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org
Fix various typos.
2009-02-14 21:50:14 +00:00
Dr. Stephen Henson
73cb37295d
Update from HEAD.
2009-01-28 12:55:36 +00:00
Dr. Stephen Henson
1f35508ae6
Support NumericString for name components.
2009-01-28 12:35:10 +00:00
Dr. Stephen Henson
3795297af8
Change old obsolete email address...
2008-11-05 18:36:57 +00:00
Dr. Stephen Henson
33fd33d423
Fix from HEAD.
2008-11-05 18:29:49 +00:00
Dr. Stephen Henson
c0e9f540e0
Check for errors in ASN1 sign and verify routines.
2008-09-25 16:38:07 +00:00
Dr. Stephen Henson
e852835da6
Make update: delete duplicate error code.
2008-09-17 17:11:09 +00:00
Dr. Stephen Henson
d83dde6180
Merge changes to build system from fips branch.
2008-09-16 21:44:57 +00:00
Dr. Stephen Henson
405f382144
Fix from HEAD.
2008-08-05 15:56:11 +00:00
Bodo Möller
0ff3766b0e
Make sure not to read beyond end of buffer
2008-07-16 18:10:28 +00:00
Dr. Stephen Henson
aa9c7e4b8c
Oops... PEM_write_bio_ASN1_stream() shouldn't be in 0.9.8 CMS backport.
2008-05-20 12:10:28 +00:00
Ben Laurie
56bef2df4f
Fix warning.
2008-05-20 03:05:50 +00:00
Dr. Stephen Henson
8e42429c9d
Update default CFLAGS and dependencies.
2008-04-03 23:18:27 +00:00
Dr. Stephen Henson
94b2c29f9d
Backport of CMS code to 0.9.8-stable branch. Disabled by default.
2008-04-03 23:03:56 +00:00
Dr. Stephen Henson
090f931a35
Add -DOPENSSL_NO_DEPRECATED to debug-steve* targets. Add headers to make
...
build work.
2008-04-02 14:51:09 +00:00
Dr. Stephen Henson
9e7459fc5d
Backport some useful ASN1 utility functions from HEAD.
2008-04-02 11:11:51 +00:00
Dr. Stephen Henson
30aa23fea2
Update from HEAD.
2008-03-31 14:59:13 +00:00
Andy Polyakov
7c52b7706f
Source readability fix, which incidentally works around XLC compiler bug
...
[from HEAD].
PR: 1272
2008-02-11 13:18:40 +00:00