Raphael Spreitzer
f9fb43e176
RT2400: ASN1_STRING_to_UTF8 missing initializer
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-27 22:59:05 -04:00
Justin Blanchard
f756fb430e
RT1815: More const'ness improvements
...
Add a dozen more const declarations where appropriate.
These are from Justin; while adding his patch, I noticed
ASN1_BIT_STRING_check could be fixed, too.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-18 11:49:16 -04:00
Jonas Maebe
1c4b688cb4
multi_split: check for NULL when allocating parts and bpart, and for failure of sk_BIO_push()
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:37:48 +02:00
Jonas Maebe
8957278869
mime_hdr_addparam: free tmpname, tmpval and mparam on error path, and check whether sk_MIME_PARAM_push succeeds
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:37:14 +02:00
Jonas Maebe
15297d962c
mime_hdr_new: free mhdr, tmpname, tmpval on error path
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:36:54 +02:00
Jonas Maebe
c9c63b0180
ASN1_verify, ASN1_item_verify: cleanse and free buf_in on error path
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:36:34 +02:00
Jonas Maebe
b9b9f853b5
SetBlob: free rgSetBlob on error path
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:35:11 +02:00
Frédéric Giudicelli
c753e71e0a
RT783: Minor optimization to ASN1_INTEGER_set
...
Remove local variable and avoid extra assignment.
Reviewed-by: Emilia Kasper <emilia@silkandcyanide.net>
2014-08-15 10:54:43 -04:00
Hans Wennborg
01e438f288
RT3023: Redundant logical expressions
...
Remove some redundant logical expressions
Reviewed-by: Emilia Kasper <emilia@silkandcyanide.net>
2014-08-15 10:45:00 -04:00
Dr Stephen Henson
b00f586a81
Fix d4a4370050
...
Fully remove old error, per drH
Reviewed-by: rsalz
2014-08-11 17:32:57 -04:00
Scott Schaefer
d4a4370050
RT 2517: Various typo's.
...
Reviewed-by: Emilia Kasper
Many of these were already fixed, this catches the last
few that were missed.
2014-08-11 13:43:31 -04:00
Emilia Kasper
0042fb5fd1
Fix OID handling:
...
- Upon parsing, reject OIDs with invalid base-128 encoding.
- Always NUL-terminate the destination buffer in OBJ_obj2txt printing function.
CVE-2014-3508
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-06 20:36:41 +01:00
Dr. Stephen Henson
55707a36cc
Add license info.
2014-07-04 18:41:45 +01:00
Dr. Stephen Henson
398e99fe5e
ASN1 sanity check.
...
Primitive encodings shouldn't use indefinite length constructed
form.
PR#2438 (partial).
2014-07-02 00:59:26 +01:00
Dr. Stephen Henson
0e7bda79a1
Handle BER length encoding.
...
Tolerate BER length encoding which may include leading zeroes.
PR#2746
2014-06-29 00:07:08 +01:00
Dr. Stephen Henson
11da66f8b1
Tolerate critical AKID in CRLs.
...
PR#3014
2014-06-27 18:49:32 +01:00
Dr. Stephen Henson
d2aea03829
Memory leak and NULL dereference fixes.
...
PR#3403
2014-06-27 14:35:07 +01:00
Dr. Stephen Henson
3009244da4
Set default global mask to UTF8 only.
2014-06-01 15:03:00 +01:00
Dr. Stephen Henson
b48310627d
Don't try and verify signatures if key is NULL (CVE-2013-0166)
...
Add additional check to catch this in ASN1_item_verify too.
(cherry picked from commit 66e8211c0b
)
2014-04-01 16:37:51 +01:00
Dr. Stephen Henson
2514fa79ac
Add functions returning security bits.
...
Add functions to return the "bits of security" for various public key
algorithms. Based on SP800-57.
2014-03-28 14:49:04 +00:00
Dr. Stephen Henson
4cfeb00be9
make depend
2014-02-19 20:09:08 +00:00
Dr. Stephen Henson
84917787b5
Remove references to o_time.h
2014-02-19 20:06:13 +00:00
Scott Schaefer
2b4ffc659e
Fix various spelling errors
2014-02-14 22:29:12 +00:00
Dr. Stephen Henson
847865d0f9
Add suppot for ASCII with CRLF canonicalisation.
2014-02-13 14:35:56 +00:00
Dr. Stephen Henson
85c9ba2342
Support setting of "no purpose" for trust.
...
If the oid parameter is set to NULL in X509_add1_trust_object
create an empty list of trusted purposes corresponding to
"no purpose" if trust is checked.
2013-11-11 22:39:23 +00:00
Ben Laurie
79b9209883
More diagnostics for invalid OIDs.
2013-09-20 14:38:36 +01:00
Veres Lajos
478b50cf67
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
Dr. Stephen Henson
dc1ce3bc64
Add KDF for DH.
...
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.
Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
5de18d5d0d
Encode INTEGER correctly.
...
If an ASN1_INTEGER structure is allocated but not explicitly set encode
it as zero: don't generate an invalid zero length INTEGER.
(cherry picked from commit 1643edc63c
)
2013-03-18 14:22:08 +00:00
Ben Laurie
975dfb1c6c
make depend.
2013-02-21 18:17:38 +00:00
Ben Laurie
a6bbbf2ff5
Make "make depend" work on MacOS out of the box.
2013-01-19 14:14:30 +00:00
Dr. Stephen Henson
2e8cb108dc
initial support for delta CRL generations by diffing two full CRLs
2012-12-04 18:35:36 +00:00
Dr. Stephen Henson
46a6cec699
Reorganise parameters for OPENSSL_gmtime_diff.
...
Make ASN1_UTCTIME_cmp_time_t more robust by using the new time functions.
2012-11-21 14:13:20 +00:00
Dr. Stephen Henson
360ef6769e
first parameter is difference in days, not years
2012-11-20 15:19:53 +00:00
Dr. Stephen Henson
d223dfe641
make depend
2012-11-19 15:13:33 +00:00
Dr. Stephen Henson
1c455bc084
new function ASN1_TIME_diff to calculate difference between two ASN1_TIME structures
2012-11-19 15:12:07 +00:00
Dr. Stephen Henson
98a7edf9f0
make depend
2012-11-19 13:18:09 +00:00
Dr. Stephen Henson
918e613a32
oops, add missing asn_mstbl.c
2012-10-24 13:27:46 +00:00
Dr. Stephen Henson
30765fed55
New config module for string tables. This can be used to add new
...
multi string components (as used in DN fields or request attributes)
or change the values of existing ones.
2012-10-22 13:05:54 +00:00
Dr. Stephen Henson
d35c0ff30b
fix ASN1_STRING_TABLE_add so it can override existing string table values
2012-10-19 15:06:31 +00:00
Bodo Möller
7f429a5dbf
Fix Valgrind warning.
...
Submitted by: Adam Langley
2012-09-24 19:49:16 +00:00
Dr. Stephen Henson
dfcf48f499
New functions to retrieve certificate signatures and signature OID NID.
2012-06-13 13:08:12 +00:00
Dr. Stephen Henson
4b9e0b5f74
print out issuer and subject unique identifier fields in certificates
2012-06-12 13:41:18 +00:00
Dr. Stephen Henson
4242a090c7
PR: 2813
...
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>
Fix possible deadlock when decoding public keys.
2012-05-11 13:53:37 +00:00
Dr. Stephen Henson
d9a9d10f4f
Check for potentially exploitable overflows in asn1_d2i_read_bio
...
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
2012-04-19 16:19:56 +00:00
Andy Polyakov
6da165c631
ans1/tasn_prn.c: avoid bool in variable names.
...
PR: 2776
2012-03-29 17:48:19 +00:00
Dr. Stephen Henson
78dfd43955
corrected fix to PR#2711 and also cover mime_param_cmp
2012-03-12 16:32:19 +00:00
Dr. Stephen Henson
3c6a7cd44b
PR: 2742
...
Reported by: Dmitry Belyavsky <beldmit@gmail.com>
If resigning with detached content in CMS just copy data across.
2012-02-29 14:02:02 +00:00
Dr. Stephen Henson
dc4f678cdc
Fix memory leak cause by race condition when creating public keys.
...
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-28 14:47:02 +00:00
Dr. Stephen Henson
68a7b5ae1e
PR: 2736
...
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>
Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.
2012-02-27 18:45:28 +00:00