wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11117 commits 20 branches 302 tags 153 MiB
Commit graph

81 commits

Author SHA1 Message Date
Rich Salz
12650153ec RT4044: Remove .cvsignore files. 
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 3be39dc1e3)
 2015-09-15 12:00:18 -04:00
Dr. Stephen Henson
2d17250368 Fix memory leak if setup fails. 
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 891eac4604)

Conflicts:
	crypto/cms/cms_enc.c
 2015-08-12 14:24:08 +01:00
Dr. Stephen Henson
aa701624b1 Err isn't always malloc failure. 
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit a187e08d85)

Conflicts:
	crypto/cms/cms_smime.c
 2015-08-12 14:23:48 +01:00
Dr. Stephen Henson
dd90a91d87 Fix infinite loop in CMS 
Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting
to verify and a digest is not recognised. Reported by Johannes Bauer.

CVE-2015-1792

Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-06-11 15:02:21 +01:00
Richard Levitte
eb797fde3f Fix the update target and remove duplicate file updates 
We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in.  This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.

This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0f539dc1a2)

Conflicts:
	Makefile.org
	apps/Makefile
	test/Makefile
 2015-05-23 11:22:10 +02:00
Viktor Dukhovni
c70908d247 Code style: space after 'if' 
Reviewed-by: Matt Caswell <gitlab@openssl.org>
 2015-04-16 13:51:51 -04:00
Matt Caswell
750190567a Fix RAND_(pseudo_)?_bytes returns 
Ensure all calls to RAND_bytes and RAND_pseudo_bytes have their return
value checked correctly

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 8f8e4e4f52)

Conflicts:
	crypto/evp/e_des3.c
 2015-03-25 12:45:17 +00:00
Matt Caswell
9f11421950 Unchecked malloc fixes 
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 918bb86529)

Conflicts:
	crypto/bio/bss_dgram.c

Conflicts:
	apps/cms.c
	apps/s_cb.c
	apps/s_server.c
	apps/speed.c
	crypto/dh/dh_pmeth.c
	ssl/s3_pkt.c
 2015-03-05 09:22:50 +00:00
Matt Caswell
10621efd32 Run util/openssl-format-source -v -c . 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:38:39 +00:00
Ben Laurie
3ed6327571 Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259). 
(cherry picked from commit c1d1b0114e)
 2014-07-10 17:52:37 +01:00
Dr. Stephen Henson
48f5b3efce Set version number correctly. 
PR#3249
(cherry picked from commit 8909bf20269035d295743fca559207ef2eb84eb3)
 2014-05-29 14:12:14 +01:00
Dr. Stephen Henson
d61be85581 Return an error if no recipient type matches. 
If the key type does not match any CMS recipient type return
an error instead of using a random key (MMA mitigation). This
does not leak any useful information to an attacker.

PR#3348
 2014-05-09 14:24:51 +01:00
Dr. Stephen Henson
9c5d953a07 Set Enveloped data version to 2 if ktri version not zero. 2014-05-06 14:02:38 +01:00
Dr. Stephen Henson
b45b3efd5d Remove duplicate statement. 
(cherry picked from commit 5a7652c3e5)
 2014-02-15 01:29:36 +00:00
Dr. Stephen Henson
c776a3f398 make update 2014-01-06 13:33:27 +00:00
Dr. Stephen Henson
60df657b3a make update 2013-12-08 13:23:14 +00:00
Dr. Stephen Henson
ffcf4c6164 Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set 2013-01-23 01:07:23 +00:00
Ben Laurie
af454b5bb0 Reduce version skew. 2012-06-08 09:18:47 +00:00
Dr. Stephen Henson
5b9d0995a1 Reported by: Solar Designer of Openwall 
Make sure tkeylen is initialised properly when encrypting CMS messages.
 2012-05-10 13:34:22 +00:00
Dr. Stephen Henson
8186c00ef3 Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and 
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
 2012-03-12 16:27:50 +00:00
Bodo Möller
67f8de9ab8 "make update" 2011-10-19 15:24:44 +00:00
Dr. Stephen Henson
cb70355d87 Backport ossl_ssize_t type from HEAD. 2011-10-10 22:33:50 +00:00
Dr. Stephen Henson
dc100d87b5 Backport of password based CMS support from HEAD. 2011-10-09 15:28:02 +00:00
Dr. Stephen Henson
e34a303ce1 make depend 2011-09-16 23:15:22 +00:00
Dr. Stephen Henson
0ae7c43fa5 Improved error checking for DRBG calls. 
New functionality to allow default DRBG type to be set during compilation
or during runtime.
 2011-09-16 23:08:57 +00:00
Dr. Stephen Henson
24d7159abd Backport libcrypto audit: check return values of EVP functions instead 
of assuming they will always suceed.
 2011-06-03 20:53:00 +00:00
Dr. Stephen Henson
618265e645 Fix CVE-2010-1633 and CVE-2010-0742. 2010-06-01 13:17:06 +00:00
Dr. Stephen Henson
45acdd6f6d tolerate broken CMS/PKCS7 implementations using signature OID instead of digest 2010-02-02 14:26:32 +00:00
Dr. Stephen Henson
43f21e62aa PR: 2058 
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct EVP_DigestVerifyFinal error handling.
 2009-09-30 23:50:10 +00:00
Dr. Stephen Henson
80afb40ae3 Submitted by: Julia Lawall <julia@diku.dk> 
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
 2009-09-13 11:27:27 +00:00
Dr. Stephen Henson
73ba116e96 Update from stable branch. 2009-03-25 12:54:14 +00:00
Dr. Stephen Henson
54571ba004 Use correct ctx name. 2009-03-15 14:03:47 +00:00
Dr. Stephen Henson
237d7b6cae Fix from stable branch. 2009-03-15 13:37:34 +00:00
Dr. Stephen Henson
d0c3628834 Set memory BIOs up properly when stripping text headers from S/MIME messages. 2008-11-21 18:18:13 +00:00
Dr. Stephen Henson
6d6c47980e Correctly handle errors in CMS I/O code. 2008-08-05 15:55:53 +00:00
Dr. Stephen Henson
19048b5c8d New function CMS_add1_crl(). 2008-05-02 17:27:01 +00:00
Dr. Stephen Henson
e6ef05d5f3 Make certs argument work in CMS_sign() add test case. 
PR:1664
 2008-04-18 11:18:20 +00:00
Dr. Stephen Henson
852bd35065 Fix prototype for CMS_decrypt(), don't free up detached content. 2008-04-11 23:45:52 +00:00
Dr. Stephen Henson
a5db50d005 Revert argument swap change... oops CMS_uncompress() was consistent... 2008-04-11 23:23:18 +00:00
Dr. Stephen Henson
529d329ce1 Make CMS_uncompress() argument order consistent with other functions. 2008-04-11 17:34:13 +00:00
Dr. Stephen Henson
c02b6b6b21 Fix for compression and updated CMS_final(). 2008-04-11 17:07:01 +00:00
Dr. Stephen Henson
e0fbd07309 Add additional parameter to CMS_final() to handle detached content. 2008-04-10 11:22:14 +00:00
Dr. Stephen Henson
eaee098e1f Ignore nonsensical flags for signed receipts. 2008-04-10 11:12:42 +00:00
Dr. Stephen Henson
853eae51e0 Implement CMS_NOCRL. 2008-04-07 11:00:44 +00:00
Dr. Stephen Henson
ff80280b01 Set contentType attribute just before signing to allow encapsulated content 
type to be set at any time in applications.
 2008-04-06 16:29:47 +00:00
Dr. Stephen Henson
e45641bd17 Fix typo and add header files to err library. 2008-04-06 15:53:29 +00:00
Dr. Stephen Henson
d5a37b0293 Give consistent return value and add error code for duplicate certificates. 2008-04-06 15:41:25 +00:00
Dr. Stephen Henson
a5cdb7d5bd Avoid warnings. 2008-04-01 16:29:42 +00:00
Dr. Stephen Henson
2e86f0d8d7 Use correct headers for signed receipts. Use consistent naming. 
Update cms-test.pl to support OpenSSL 0.9.8.
 2008-03-31 15:03:55 +00:00
Dr. Stephen Henson
e2a29d49ca Update dependencies. 2008-03-29 21:11:25 +00:00