Commit graph

98 commits

Author SHA1 Message Date
Rich Salz
4b45c6e52b free cleanup almost the finale
Add OPENSSL_clear_free which merges cleanse and free.
(Names was picked to be similar to BN_clear_free, etc.)
Removed OPENSSL_freeFunc macro.
Fixed the small simple ones that are left:
        CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:57:32 -04:00
Rich Salz
222561fe8e free NULL cleanup 5a
Don't check for NULL before calling a free routine.  This gets X509_.*free:
    x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
    X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
    X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:33:59 -04:00
Rich Salz
c5ba2d9904 free NULL cleanup
EVP_.*free; this gets:
        EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free
        EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it
        EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-28 10:54:15 -04:00
Rich Salz
ca3a82c3b3 free NULL cleanup
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-25 11:31:18 -04:00
Matt Caswell
266483d2f5 RAND_bytes updates
Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-25 12:38:07 +00:00
Dr. Stephen Henson
f422a51486 Remove old ASN.1 code.
Remove old M_ASN1_ macros and replace any occurences with the corresponding
function.

Remove d2i_ASN1_bytes, d2i_ASN1_SET, i2d_ASN1_SET: no longer used internally.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-23 13:15:06 +00:00
Emilia Kasper
c225c3cf9b PKCS#7: avoid NULL pointer dereferences with missing content
In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.

This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.

Correcting all low-level API calls requires further work.

CVE-2015-0289

Thanks to Michal Zalewski (Google) for reporting this issue.

Reviewed-by: Steve Henson <steve@openssl.org>
2015-03-19 13:01:13 +00:00
Dr. Stephen Henson
9b0a453190 Make X509_ATTRIBUTE opaque.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-16 15:54:19 +00:00
Rich Salz
02a938c953 Dead code removal: #if 0 asn1, pkcs7
Keep one #if 0 but rename the symbol to be more descriptive of what
it's doing (you can disable support for old broken Netscape software).

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-30 15:35:49 -05:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
2d2e0479eb Fixed NULL pointer dereference in PKCS7_dataDecode reported by David Ramos in PR#3339 2014-05-07 23:21:02 +01:00
Ben Laurie
4ba5e63bfd Fix double frees. 2014-04-22 16:58:43 +01:00
Veres Lajos
478b50cf67 misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
Dr. Stephen Henson
f404acfa2c Submitted by: Markus Friedl <mfriedl@gmail.com>
Fix memory leaks in 'goto err' cases.
2012-03-22 15:44:51 +00:00
Dr. Stephen Henson
146b52edd1 Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 16:31:39 +00:00
Ben Laurie
c8bbd98a2b Fix warnings. 2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
b6dcdbfc94 Audit libcrypto for unchecked return values: fix all cases enountered 2009-09-23 23:43:49 +00:00
Ben Laurie
48bd505c0b If you're going to check for negative, use an signed integer! Coverity ID 122. 2007-04-05 17:31:29 +00:00
Nils Larsch
907e99623c check return value of ASN1_item_i2d(), Coverity ID 55 2007-04-04 19:41:20 +00:00
Ben Laurie
4f1a0b2c21 Handle bad content type. Coverity ID 99. 2007-04-04 15:31:17 +00:00
Nils Larsch
689f9faba4 fix potential memory leaks
PR: 1462
2007-02-03 09:55:42 +00:00
Dr. Stephen Henson
559d50138f Add bit I missed from PKCS#7 streaming encoder. 2006-12-24 16:46:47 +00:00
Ben Laurie
777c47acbe Make things static that should be. Declare stuff in headers that should be.
Fix warnings.
2006-08-28 17:01:04 +00:00
Dr. Stephen Henson
786aa98da1 Use correct pointer types for various functions. 2006-07-20 16:56:47 +00:00
Dr. Stephen Henson
b7683e3a5d Allow digests to supply S/MIME micalg values from a ctrl.
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
2006-07-10 18:36:55 +00:00
Dr. Stephen Henson
0e3453536e Fix warnings. 2006-05-24 13:29:32 +00:00
Dr. Stephen Henson
5531192151 Add -resign and -md options to smime command to support resigning an
existing structure and using alternative digest for signing.
2006-05-18 23:44:44 +00:00
Dr. Stephen Henson
76fa8f1838 More S/MIME tidy. Place some common attribute operations in utility
functions.
2006-05-18 17:20:23 +00:00
Dr. Stephen Henson
f2b139ed1f Remove old digest type hacks for non RSA keys. 2006-05-18 13:05:20 +00:00
Dr. Stephen Henson
7144c4212a Update PKCS#7 decrypt routines to use new API. 2006-05-08 16:38:19 +00:00
Dr. Stephen Henson
399a6f0bd1 Update PKCS#7 enveloped data to new API. 2006-05-08 12:44:25 +00:00
Dr. Stephen Henson
3d153f7985 Remove dss1 hack from S/MIME code. 2006-04-19 17:47:15 +00:00
Dr. Stephen Henson
f733a5ef0e Initial functions for main EVP_PKEY_METHOD operations.
No method implementations yet.
2006-04-07 16:42:09 +00:00
Dr. Stephen Henson
8f2e4fdf86 Allow PKCS7_decrypt() to work if no cert supplied. 2005-08-04 22:15:22 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes.
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
a0e7c8eede Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.

PR:620
2004-12-05 01:03:15 +00:00
Dr. Stephen Henson
216659eb87 Enhance EVP code to generate random symmetric keys of the
appropriate form, for example correct DES parity.

Update S/MIME code and EVP_SealInit to use new functions.

PR: 700
2004-03-28 17:38:00 +00:00
Dr. Stephen Henson
c5a5546389 Add support for digested data PKCS#7 type. 2003-10-11 22:11:45 +00:00
Dr. Stephen Henson
77fe058c10 Simplify cipher and digest lookup in PKCS#7 code. 2003-10-11 16:46:40 +00:00
Dr. Stephen Henson
caf044cb3e Retrieve correct content to sign when the
type is "other".
2003-10-10 23:25:43 +00:00
Dr. Stephen Henson
beab098d53 Various S/MIME bug and compatibility fixes. 2003-06-01 20:51:58 +00:00
Richard Levitte
4579924b7e Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Bodo Möller
5488bb6197 get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead)
Submitted by: Nils Larsch
2002-08-12 08:47:41 +00:00
Dr. Stephen Henson
b12540520d Always init ctx_tmp in PKCS7_dataFinal since it is always cleaned up. 2002-02-26 19:33:24 +00:00
Bodo Möller
4d94ae00d5 ECDSA support
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Richard Levitte
67fec850e1 Allow verification of other types than DATA.
Submitted by Leonard Janke <leonard@votehere.net>
2002-01-02 11:54:38 +00:00
Dr. Stephen Henson
f3e24baddf Don't overwrite signing time. 2001-12-07 00:36:32 +00:00
Dr. Stephen Henson
581f1c8494 Modify EVP cipher behaviour in a similar way
to digests to retain compatibility.
2001-10-17 00:37:12 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00