Matt Caswell
fd0ba77717
make update
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-11 23:52:47 +00:00
Geoff Thorpe
e52a3c3d14
Include <openssl/foo.h> instead of "foo.h"
...
Exported headers shouldn't be included as "foo.h" by code from the same
module, it should only do so for module-internal headers. This is
because the symlinking of exported headers (from include/openssl/foo.h
to crypto/foo/foo.h) is being removed, and the exported headers are
being moved to the include/openssl/ directory instead.
Change-Id: I4c1d80849544713308ddc6999a549848afc25f94
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-08 14:21:35 -05:00
Dr. Stephen Henson
f072785eb4
Remove fipscanister build functionality from makefiles.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:45 +00:00
Rich Salz
8cfe08b4ec
Remove all .cvsignore files
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Jonas Maebe
36f7ed5040
cms_SignerInfo_content_sign: free sig on failure path
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:38:19 +02:00
Ben Laurie
c1d1b0114e
Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259).
2014-07-10 17:49:02 +01:00
Dr. Stephen Henson
46d889f33e
Set version number correctly.
...
PR#3249
2014-05-29 14:33:32 +01:00
Dr. Stephen Henson
0bcb17a777
Return an error if no recipient type matches.
...
If the key type does not match any CMS recipient type return
an error instead of using a random key (MMA mitigation). This
does not leak any useful information to an attacker.
PR#3348
2014-05-09 14:24:54 +01:00
Dr. Stephen Henson
546b1b4384
Set Enveloped data version to 2 if ktri version not zero.
2014-05-06 13:59:05 +01:00
Dr. Stephen Henson
4cfeb00be9
make depend
2014-02-19 20:09:08 +00:00
Dr. Stephen Henson
5a7652c3e5
Remove duplicate statement.
2014-02-15 01:27:56 +00:00
Dr. Stephen Henson
847865d0f9
Add suppot for ASCII with CRLF canonicalisation.
2014-02-13 14:35:56 +00:00
Dr. Stephen Henson
cd30f03ac5
Canonicalise input in CMS_verify.
...
If content is detached and not binary mode translate the input to
CRLF format. Before this change the input was verified verbatim
which lead to a discrepancy between sign and verify.
2013-12-22 00:35:29 +00:00
Dr. Stephen Henson
da15c61608
Add CMS_SignerInfo_get0_signature function.
...
Add function to retrieve the signature from a CMS_SignerInfo structure:
applications can then read or modify it.
2013-11-09 15:09:23 +00:00
Dr. Stephen Henson
dc1ce3bc64
Add KDF for DH.
...
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.
Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
17c2764d2e
CMS support for key agreeement recipient info.
...
Add hooks to support key agreement recipient info type (KARI) using
algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
ff7b6ce9db
Set CMS EnvelopedData version correctly.
2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
e0f7cfda68
Initialise CMS signature buffer length properly.
2013-07-02 22:12:19 +01:00
Dr. Stephen Henson
e365352d6a
CMS public key parameter support.
...
Add support for customisation of CMS handling of signed and enveloped
data from custom public key parameters.
This will provide support for RSA-PSS and RSA-OAEP but could also be
applied to other algorithms.
2013-06-21 21:33:00 +01:00
Dr. Stephen Henson
e1f1d28f34
Add function CMS_RecipientInfo_encrypt
...
Add CMS_RecipientInfo_encrypt: this function encrypts an existing content
encryption key to match the key in the RecipientInfo structure: this is
useful if a new recpient is added to and existing enveloped data structure.
Add documentation.
2013-02-26 16:59:56 +00:00
Dr. Stephen Henson
1703627ba8
Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set
2013-01-23 01:09:38 +00:00
Ben Laurie
5762f7778d
Fix warning.
2012-05-10 20:29:00 +00:00
Dr. Stephen Henson
225055c30b
Reported by: Solar Designer of Openwall
...
Make sure tkeylen is initialised properly when encrypting CMS messages.
2012-05-10 13:46:09 +00:00
Dr. Stephen Henson
146b52edd1
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
...
continue with symmetric decryption process to avoid leaking timing
information to an attacker.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 16:31:39 +00:00
Ben Laurie
ae55176091
Fix some warnings caused by __owur. Temporarily (I hope) remove the more
...
aspirational __owur annotations.
2011-11-14 00:36:10 +00:00
Dr. Stephen Henson
df6de39fe7
Change AR to ARX to allow exclusion of fips object modules
2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
eb1c48be6f
Add new type ossl_ssize_t instead of ssize_t and move definitions to
...
e_os2.h, this should fix WIN32 compilation issues and hopefully avoid
conflicts with other headers which may workaround ssize_t in different ways.
2010-07-26 18:15:59 +00:00
Dr. Stephen Henson
3cbb15ee81
add CVE-2010-0742 and CVS-2010-1633 fixes
2010-06-01 14:39:01 +00:00
Dr. Stephen Henson
31d66c2a98
update cms code to use X509_ALGOR_set_md instead of internal function
2010-03-11 13:29:39 +00:00
Dr. Stephen Henson
2712a2f625
tolerate broken CMS/PKCS7 implementations using signature OID instead of digest
2010-02-02 14:30:39 +00:00
Dr. Stephen Henson
031c78901b
make update
2010-01-15 15:24:19 +00:00
Dr. Stephen Henson
d2a53c2238
Experimental CMS password based recipient Info support.
2009-11-26 18:57:39 +00:00
Dr. Stephen Henson
d71061122c
PR: 2058
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct EVP_DigestVerifyFinal error handling.
2009-09-30 23:49:11 +00:00
Dr. Stephen Henson
b6dcdbfc94
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
a25f33d28a
Submitted by: Julia Lawall <julia@diku.dk>
...
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:29:29 +00:00
Dr. Stephen Henson
73ba116e96
Update from stable branch.
2009-03-25 12:54:14 +00:00
Dr. Stephen Henson
54571ba004
Use correct ctx name.
2009-03-15 14:03:47 +00:00
Dr. Stephen Henson
237d7b6cae
Fix from stable branch.
2009-03-15 13:37:34 +00:00
Dr. Stephen Henson
d0c3628834
Set memory BIOs up properly when stripping text headers from S/MIME messages.
2008-11-21 18:18:13 +00:00
Dr. Stephen Henson
6d6c47980e
Correctly handle errors in CMS I/O code.
2008-08-05 15:55:53 +00:00
Dr. Stephen Henson
19048b5c8d
New function CMS_add1_crl().
2008-05-02 17:27:01 +00:00
Dr. Stephen Henson
e6ef05d5f3
Make certs argument work in CMS_sign() add test case.
...
PR:1664
2008-04-18 11:18:20 +00:00
Dr. Stephen Henson
852bd35065
Fix prototype for CMS_decrypt(), don't free up detached content.
2008-04-11 23:45:52 +00:00
Dr. Stephen Henson
a5db50d005
Revert argument swap change... oops CMS_uncompress() was consistent...
2008-04-11 23:23:18 +00:00
Dr. Stephen Henson
529d329ce1
Make CMS_uncompress() argument order consistent with other functions.
2008-04-11 17:34:13 +00:00
Dr. Stephen Henson
c02b6b6b21
Fix for compression and updated CMS_final().
2008-04-11 17:07:01 +00:00
Dr. Stephen Henson
e0fbd07309
Add additional parameter to CMS_final() to handle detached content.
2008-04-10 11:22:14 +00:00
Dr. Stephen Henson
eaee098e1f
Ignore nonsensical flags for signed receipts.
2008-04-10 11:12:42 +00:00
Dr. Stephen Henson
853eae51e0
Implement CMS_NOCRL.
2008-04-07 11:00:44 +00:00
Dr. Stephen Henson
ff80280b01
Set contentType attribute just before signing to allow encapsulated content
...
type to be set at any time in applications.
2008-04-06 16:29:47 +00:00