wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
12282 commits 20 branches 302 tags 153 MiB
Commit graph

18 commits

Author SHA1 Message Date
Matt Caswell
ad64a69e02 Change usage of RAND_pseudo_bytes to RAND_bytes 
RAND_pseudo_bytes() allows random data to be returned even in low entropy
conditions. Sometimes this is ok. Many times it is not. For the avoidance
of any doubt, replace existing usage of RAND_pseudo_bytes() with
RAND_bytes().

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-06-27 15:00:08 +01:00
Dr. Stephen Henson
6e216ba689 Only set CMS parameter when encrypting 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 708cf5ded2)
 2016-05-06 21:13:56 +01:00
Dr. Stephen Henson
493d732ab1 Always try to set ASN.1 parameters for CMS. 
Try to set the ASN.1 parameters for CMS encryption even if the IV
length is zero as the underlying cipher should still set the type.

This will correctly result in errors if an attempt is made to use
an unsupported cipher type.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 3fd60dc422)

Conflicts:
	crypto/cms/cms_enc.c
 2016-05-05 23:55:10 +01:00
Dr. Stephen Henson
056df45ed1 Fix memory leak if setup fails. 
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 891eac4604)

Conflicts:
	crypto/cms/cms_enc.c
 2015-08-12 14:12:02 +01:00
Matt Caswell
ae5c8664e5 Run util/openssl-format-source -v -c . 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:31:38 +00:00
Ben Laurie
68d2cf51bc Reduce version skew: trivia (I hope). 2012-06-03 22:03:37 +00:00
Dr. Stephen Henson
24547c23ca Reported by: Solar Designer of Openwall 
Make sure tkeylen is initialised properly when encrypting CMS messages.
 2012-05-10 13:44:24 +00:00
Dr. Stephen Henson
8186c00ef3 Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and 
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
 2012-03-12 16:27:50 +00:00
Dr. Stephen Henson
b99674103d Remove unnecessary header. 2008-03-29 21:08:37 +00:00
Dr. Stephen Henson
761ffa729f Preliminary support for enveloped data content type creation. 
Fix signed data creation so versions are only corrected if structure is
being created.
 2008-03-17 13:38:51 +00:00
Geoff Thorpe
1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism, 
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
 2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
a981e2adbc Add support for random key generation: this will be needed by enveloped data. 2008-03-16 13:05:03 +00:00
Dr. Stephen Henson
4f1aa191b3 Initial support for enveloped data decrypt. Extent runex.pl to cover these 
examples. All RFC4134 examples can not be processed.
 2008-03-15 23:21:33 +00:00
Dr. Stephen Henson
e540d1cd77 Check for cipher BIO errors and set key length after parameter decode. 2008-03-15 13:37:32 +00:00
Dr. Stephen Henson
d9f5f07e28 Initial support for Encrypted Data type generation. 2008-03-14 23:30:56 +00:00
Dr. Stephen Henson
320bfc1be7 Reorganise encrypted content info code to avoid duplication and be more 
consistent with other content types.
 2008-03-14 19:37:56 +00:00
Dr. Stephen Henson
b820455c6e Encrypted Data type processing. Add options to cms utility and run section 7 
tests in RFC4134.
 2008-03-14 13:21:48 +00:00
Dr. Stephen Henson
5c4436c977 New utility functions for encryptedData content type which will also be used 
by envelopedData.

Use PRE and not POST when freeing up RecipientInfo.
 2008-03-14 00:58:43 +00:00