Commit graph

86 commits

Author SHA1 Message Date
Matt Caswell
fd0ba77717 make update
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-11 23:52:47 +00:00
Geoff Thorpe
e52a3c3d14 Include <openssl/foo.h> instead of "foo.h"
Exported headers shouldn't be included as "foo.h" by code from the same
module, it should only do so for module-internal headers. This is
because the symlinking of exported headers (from include/openssl/foo.h
to crypto/foo/foo.h) is being removed, and the exported headers are
being moved to the include/openssl/ directory instead.

Change-Id: I4c1d80849544713308ddc6999a549848afc25f94
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-08 14:21:35 -05:00
Dr. Stephen Henson
f072785eb4 Remove fipscanister build functionality from makefiles.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:45 +00:00
Rich Salz
8cfe08b4ec Remove all .cvsignore files
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Jonas Maebe
36f7ed5040 cms_SignerInfo_content_sign: free sig on failure path
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:38:19 +02:00
Ben Laurie
c1d1b0114e Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259). 2014-07-10 17:49:02 +01:00
Dr. Stephen Henson
46d889f33e Set version number correctly.
PR#3249
2014-05-29 14:33:32 +01:00
Dr. Stephen Henson
0bcb17a777 Return an error if no recipient type matches.
If the key type does not match any CMS recipient type return
an error instead of using a random key (MMA mitigation). This
does not leak any useful information to an attacker.

PR#3348
2014-05-09 14:24:54 +01:00
Dr. Stephen Henson
546b1b4384 Set Enveloped data version to 2 if ktri version not zero. 2014-05-06 13:59:05 +01:00
Dr. Stephen Henson
4cfeb00be9 make depend 2014-02-19 20:09:08 +00:00
Dr. Stephen Henson
5a7652c3e5 Remove duplicate statement. 2014-02-15 01:27:56 +00:00
Dr. Stephen Henson
847865d0f9 Add suppot for ASCII with CRLF canonicalisation. 2014-02-13 14:35:56 +00:00
Dr. Stephen Henson
cd30f03ac5 Canonicalise input in CMS_verify.
If content is detached and not binary mode translate the input to
CRLF format. Before this change the input was verified verbatim
which lead to a discrepancy between sign and verify.
2013-12-22 00:35:29 +00:00
Dr. Stephen Henson
da15c61608 Add CMS_SignerInfo_get0_signature function.
Add function to retrieve the signature from a CMS_SignerInfo structure:
applications can then read or modify it.
2013-11-09 15:09:23 +00:00
Dr. Stephen Henson
dc1ce3bc64 Add KDF for DH.
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.

Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
17c2764d2e CMS support for key agreeement recipient info.
Add hooks to support key agreement recipient info type (KARI) using
algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
ff7b6ce9db Set CMS EnvelopedData version correctly. 2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
e0f7cfda68 Initialise CMS signature buffer length properly. 2013-07-02 22:12:19 +01:00
Dr. Stephen Henson
e365352d6a CMS public key parameter support.
Add support for customisation of CMS handling of signed and enveloped
data from custom public key parameters.

This will provide support for RSA-PSS and RSA-OAEP but could also be
applied to other algorithms.
2013-06-21 21:33:00 +01:00
Dr. Stephen Henson
e1f1d28f34 Add function CMS_RecipientInfo_encrypt
Add CMS_RecipientInfo_encrypt: this function encrypts an existing content
encryption key to match the key in the RecipientInfo structure: this is
useful if a new recpient is added to and existing enveloped data structure.

Add documentation.
2013-02-26 16:59:56 +00:00
Dr. Stephen Henson
1703627ba8 Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set 2013-01-23 01:09:38 +00:00
Ben Laurie
5762f7778d Fix warning. 2012-05-10 20:29:00 +00:00
Dr. Stephen Henson
225055c30b Reported by: Solar Designer of Openwall
Make sure tkeylen is initialised properly when encrypting CMS messages.
2012-05-10 13:46:09 +00:00
Dr. Stephen Henson
146b52edd1 Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 16:31:39 +00:00
Ben Laurie
ae55176091 Fix some warnings caused by __owur. Temporarily (I hope) remove the more
aspirational __owur annotations.
2011-11-14 00:36:10 +00:00
Dr. Stephen Henson
df6de39fe7 Change AR to ARX to allow exclusion of fips object modules 2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
eb1c48be6f Add new type ossl_ssize_t instead of ssize_t and move definitions to
e_os2.h, this should fix WIN32 compilation issues and hopefully avoid
conflicts with other headers which may workaround ssize_t in different ways.
2010-07-26 18:15:59 +00:00
Dr. Stephen Henson
3cbb15ee81 add CVE-2010-0742 and CVS-2010-1633 fixes 2010-06-01 14:39:01 +00:00
Dr. Stephen Henson
31d66c2a98 update cms code to use X509_ALGOR_set_md instead of internal function 2010-03-11 13:29:39 +00:00
Dr. Stephen Henson
2712a2f625 tolerate broken CMS/PKCS7 implementations using signature OID instead of digest 2010-02-02 14:30:39 +00:00
Dr. Stephen Henson
031c78901b make update 2010-01-15 15:24:19 +00:00
Dr. Stephen Henson
d2a53c2238 Experimental CMS password based recipient Info support. 2009-11-26 18:57:39 +00:00
Dr. Stephen Henson
d71061122c PR: 2058
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct EVP_DigestVerifyFinal error handling.
2009-09-30 23:49:11 +00:00
Dr. Stephen Henson
b6dcdbfc94 Audit libcrypto for unchecked return values: fix all cases enountered 2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
a25f33d28a Submitted by: Julia Lawall <julia@diku.dk>
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:29:29 +00:00
Dr. Stephen Henson
73ba116e96 Update from stable branch. 2009-03-25 12:54:14 +00:00
Dr. Stephen Henson
54571ba004 Use correct ctx name. 2009-03-15 14:03:47 +00:00
Dr. Stephen Henson
237d7b6cae Fix from stable branch. 2009-03-15 13:37:34 +00:00
Dr. Stephen Henson
d0c3628834 Set memory BIOs up properly when stripping text headers from S/MIME messages. 2008-11-21 18:18:13 +00:00
Dr. Stephen Henson
6d6c47980e Correctly handle errors in CMS I/O code. 2008-08-05 15:55:53 +00:00
Dr. Stephen Henson
19048b5c8d New function CMS_add1_crl(). 2008-05-02 17:27:01 +00:00
Dr. Stephen Henson
e6ef05d5f3 Make certs argument work in CMS_sign() add test case.
PR:1664
2008-04-18 11:18:20 +00:00
Dr. Stephen Henson
852bd35065 Fix prototype for CMS_decrypt(), don't free up detached content. 2008-04-11 23:45:52 +00:00
Dr. Stephen Henson
a5db50d005 Revert argument swap change... oops CMS_uncompress() was consistent... 2008-04-11 23:23:18 +00:00
Dr. Stephen Henson
529d329ce1 Make CMS_uncompress() argument order consistent with other functions. 2008-04-11 17:34:13 +00:00
Dr. Stephen Henson
c02b6b6b21 Fix for compression and updated CMS_final(). 2008-04-11 17:07:01 +00:00
Dr. Stephen Henson
e0fbd07309 Add additional parameter to CMS_final() to handle detached content. 2008-04-10 11:22:14 +00:00
Dr. Stephen Henson
eaee098e1f Ignore nonsensical flags for signed receipts. 2008-04-10 11:12:42 +00:00
Dr. Stephen Henson
853eae51e0 Implement CMS_NOCRL. 2008-04-07 11:00:44 +00:00
Dr. Stephen Henson
ff80280b01 Set contentType attribute just before signing to allow encapsulated content
type to be set at any time in applications.
2008-04-06 16:29:47 +00:00