wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11385 commits 20 branches 302 tags 153 MiB
Commit graph

87 commits

Author SHA1 Message Date
Matt Caswell
e0d2139045 Fixed NULL pointer dereference in PKCS7_dataDecode reported by David Ramos in PR#3339 2014-05-07 23:23:15 +01:00
Ben Laurie
3b21abfd6c Fix double frees. 
Conflicts:
	CHANGES
 2014-04-22 17:00:52 +01:00
Dr. Stephen Henson
b1cef8d984 Submitted by: Markus Friedl <mfriedl@gmail.com> 
Fix memory leaks in 'goto err' cases.
 2012-03-22 15:43:28 +00:00
Dr. Stephen Henson
8186c00ef3 Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and 
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
 2012-03-12 16:27:50 +00:00
Dr. Stephen Henson
24d7159abd Backport libcrypto audit: check return values of EVP functions instead 
of assuming they will always suceed.
 2011-06-03 20:53:00 +00:00
Dr. Stephen Henson
e97359435e Fix warnings (From HEAD, original patch by Ben). 2010-06-15 17:25:15 +00:00
Ben Laurie
48bd505c0b If you're going to check for negative, use an signed integer! Coverity ID 122. 2007-04-05 17:31:29 +00:00
Nils Larsch
907e99623c check return value of ASN1_item_i2d(), Coverity ID 55 2007-04-04 19:41:20 +00:00
Ben Laurie
4f1a0b2c21 Handle bad content type. Coverity ID 99. 2007-04-04 15:31:17 +00:00
Nils Larsch
689f9faba4 fix potential memory leaks 
PR: 1462
 2007-02-03 09:55:42 +00:00
Dr. Stephen Henson
559d50138f Add bit I missed from PKCS#7 streaming encoder. 2006-12-24 16:46:47 +00:00
Ben Laurie
777c47acbe Make things static that should be. Declare stuff in headers that should be. 
Fix warnings.
 2006-08-28 17:01:04 +00:00
Dr. Stephen Henson
786aa98da1 Use correct pointer types for various functions. 2006-07-20 16:56:47 +00:00
Dr. Stephen Henson
b7683e3a5d Allow digests to supply S/MIME micalg values from a ctrl. 
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
 2006-07-10 18:36:55 +00:00
Dr. Stephen Henson
0e3453536e Fix warnings. 2006-05-24 13:29:32 +00:00
Dr. Stephen Henson
5531192151 Add -resign and -md options to smime command to support resigning an 
existing structure and using alternative digest for signing.
 2006-05-18 23:44:44 +00:00
Dr. Stephen Henson
76fa8f1838 More S/MIME tidy. Place some common attribute operations in utility 
functions.
 2006-05-18 17:20:23 +00:00
Dr. Stephen Henson
f2b139ed1f Remove old digest type hacks for non RSA keys. 2006-05-18 13:05:20 +00:00
Dr. Stephen Henson
7144c4212a Update PKCS#7 decrypt routines to use new API. 2006-05-08 16:38:19 +00:00
Dr. Stephen Henson
399a6f0bd1 Update PKCS#7 enveloped data to new API. 2006-05-08 12:44:25 +00:00
Dr. Stephen Henson
3d153f7985 Remove dss1 hack from S/MIME code. 2006-04-19 17:47:15 +00:00
Dr. Stephen Henson
f733a5ef0e Initial functions for main EVP_PKEY_METHOD operations. 
No method implementations yet.
 2006-04-07 16:42:09 +00:00
Dr. Stephen Henson
8f2e4fdf86 Allow PKCS7_decrypt() to work if no cert supplied. 2005-08-04 22:15:22 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes. 
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
 2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
a0e7c8eede Add lots of checks for memory allocation failure, error codes to indicate 
failure and freeing up memory if a failure occurs.

PR:620
 2004-12-05 01:03:15 +00:00
Dr. Stephen Henson
216659eb87 Enhance EVP code to generate random symmetric keys of the 
appropriate form, for example correct DES parity.

Update S/MIME code and EVP_SealInit to use new functions.

PR: 700
 2004-03-28 17:38:00 +00:00
Dr. Stephen Henson
c5a5546389 Add support for digested data PKCS#7 type. 2003-10-11 22:11:45 +00:00
Dr. Stephen Henson
77fe058c10 Simplify cipher and digest lookup in PKCS#7 code. 2003-10-11 16:46:40 +00:00
Dr. Stephen Henson
caf044cb3e Retrieve correct content to sign when the 
type is "other".
 2003-10-10 23:25:43 +00:00
Dr. Stephen Henson
beab098d53 Various S/MIME bug and compatibility fixes. 2003-06-01 20:51:58 +00:00
Richard Levitte
4579924b7e Cleanse memory using the new OPENSSL_cleanse() function. 
I've covered all the memset()s I felt safe modifying, but may have missed some.
 2002-11-28 08:04:36 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Bodo Möller
5488bb6197 get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead) 
Submitted by: Nils Larsch
 2002-08-12 08:47:41 +00:00
Dr. Stephen Henson
b12540520d Always init ctx_tmp in PKCS7_dataFinal since it is always cleaned up. 2002-02-26 19:33:24 +00:00
Bodo Möller
4d94ae00d5 ECDSA support 
Submitted by: Nils Larsch <nla@trustcenter.de>
 2002-02-13 18:21:51 +00:00
Richard Levitte
67fec850e1 Allow verification of other types than DATA. 
Submitted by Leonard Janke <leonard@votehere.net>
 2002-01-02 11:54:38 +00:00
Dr. Stephen Henson
f3e24baddf Don't overwrite signing time. 2001-12-07 00:36:32 +00:00
Dr. Stephen Henson
581f1c8494 Modify EVP cipher behaviour in a similar way 
to digests to retain compatibility.
 2001-10-17 00:37:12 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal() 
with existing code.

Modify library to use digest *_ex() functions.
 2001-10-16 01:24:29 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul. 
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
 2001-09-01 20:02:13 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Richard Levitte
4ac881ede3 Fix couple of memory leaks in PKCS7_dataDecode(). 
(provided by Stephen)
 2001-04-05 10:19:12 +00:00
Richard Levitte
271da5a2e0 avoid linking problems when OpenSSL is built with no-dsa. Spotted by Hellan,Kim KHE <khe@kmd.dk> 2001-03-20 15:36:59 +00:00
Bodo Möller
5277d7cb7c Fix ERR_R_... problems. 2001-03-07 01:19:07 +00:00
Dr. Stephen Henson
db4a465974 Stop PKCS7_verify() core dumping with unknown public 
key algorithms and leaking if the signature verify
fails.
 2001-02-24 01:38:56 +00:00
Dr. Stephen Henson
bb5ea36b96 Initial support for ASN1_ITEM_FUNCTION option to 
change the way ASN1 modules are exported.

Still needs a bit of work for example the hack which a
dummy function prototype to avoid compilers warning about
multiple ;s.
 2001-02-23 03:16:09 +00:00
Dr. Stephen Henson
ec5add8784 Fix the S/MIME code so it now works again and 
uses the new ASN1 code.
 2000-12-31 17:31:57 +00:00
Dr. Stephen Henson
9d6b1ce644 Merge from the ASN1 branch of new ASN1 code 
to main trunk.

Lets see if the makes it to openssl-cvs :-)
 2000-12-08 19:09:35 +00:00
Richard Levitte
62324627aa Use sk_*_new_null() instead of sk_*_new(NULL), since that takes care 
of complaints from the compiler about data pointers and function
pointers not being compatible with each other.
 2000-09-17 18:21:27 +00:00
Dr. Stephen Henson
cfd3bb1785 Add docs for BIO_find_type() and friends. 
Added function BIO_next() otherwise you can't
traverse a chain without accessing BIO internals.
 2000-09-07 13:04:27 +00:00