Commit graph

752 commits

Author SHA1 Message Date
Raphael Spreitzer
f9fb43e176 RT2400: ASN1_STRING_to_UTF8 missing initializer
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-27 22:59:05 -04:00
Justin Blanchard
f756fb430e RT1815: More const'ness improvements
Add a dozen more const declarations where appropriate.
These are from Justin; while adding his patch, I noticed
ASN1_BIT_STRING_check could be fixed, too.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-18 11:49:16 -04:00
Jonas Maebe
1c4b688cb4 multi_split: check for NULL when allocating parts and bpart, and for failure of sk_BIO_push()
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:37:48 +02:00
Jonas Maebe
8957278869 mime_hdr_addparam: free tmpname, tmpval and mparam on error path, and check whether sk_MIME_PARAM_push succeeds
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:37:14 +02:00
Jonas Maebe
15297d962c mime_hdr_new: free mhdr, tmpname, tmpval on error path
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:36:54 +02:00
Jonas Maebe
c9c63b0180 ASN1_verify, ASN1_item_verify: cleanse and free buf_in on error path
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:36:34 +02:00
Jonas Maebe
b9b9f853b5 SetBlob: free rgSetBlob on error path
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:35:11 +02:00
Frédéric Giudicelli
c753e71e0a RT783: Minor optimization to ASN1_INTEGER_set
Remove local variable and avoid extra assignment.

Reviewed-by: Emilia Kasper <emilia@silkandcyanide.net>
2014-08-15 10:54:43 -04:00
Hans Wennborg
01e438f288 RT3023: Redundant logical expressions
Remove some redundant logical expressions

Reviewed-by: Emilia Kasper <emilia@silkandcyanide.net>
2014-08-15 10:45:00 -04:00
Dr Stephen Henson
b00f586a81 Fix d4a4370050
Fully remove old error, per drH
Reviewed-by: rsalz
2014-08-11 17:32:57 -04:00
Scott Schaefer
d4a4370050 RT 2517: Various typo's.
Reviewed-by: Emilia Kasper

Many of these were already fixed, this catches the last
few that were missed.
2014-08-11 13:43:31 -04:00
Emilia Kasper
0042fb5fd1 Fix OID handling:
- Upon parsing, reject OIDs with invalid base-128 encoding.
- Always NUL-terminate the destination buffer in OBJ_obj2txt printing function.

CVE-2014-3508

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-06 20:36:41 +01:00
Dr. Stephen Henson
55707a36cc Add license info. 2014-07-04 18:41:45 +01:00
Dr. Stephen Henson
398e99fe5e ASN1 sanity check.
Primitive encodings shouldn't use indefinite length constructed
form.

PR#2438 (partial).
2014-07-02 00:59:26 +01:00
Dr. Stephen Henson
0e7bda79a1 Handle BER length encoding.
Tolerate BER length encoding which may include leading zeroes.

PR#2746
2014-06-29 00:07:08 +01:00
Dr. Stephen Henson
11da66f8b1 Tolerate critical AKID in CRLs.
PR#3014
2014-06-27 18:49:32 +01:00
Dr. Stephen Henson
d2aea03829 Memory leak and NULL dereference fixes.
PR#3403
2014-06-27 14:35:07 +01:00
Dr. Stephen Henson
3009244da4 Set default global mask to UTF8 only. 2014-06-01 15:03:00 +01:00
Dr. Stephen Henson
b48310627d Don't try and verify signatures if key is NULL (CVE-2013-0166)
Add additional check to catch this in ASN1_item_verify too.
(cherry picked from commit 66e8211c0b)
2014-04-01 16:37:51 +01:00
Dr. Stephen Henson
2514fa79ac Add functions returning security bits.
Add functions to return the "bits of security" for various public key
algorithms. Based on SP800-57.
2014-03-28 14:49:04 +00:00
Dr. Stephen Henson
4cfeb00be9 make depend 2014-02-19 20:09:08 +00:00
Dr. Stephen Henson
84917787b5 Remove references to o_time.h 2014-02-19 20:06:13 +00:00
Scott Schaefer
2b4ffc659e Fix various spelling errors 2014-02-14 22:29:12 +00:00
Dr. Stephen Henson
847865d0f9 Add suppot for ASCII with CRLF canonicalisation. 2014-02-13 14:35:56 +00:00
Dr. Stephen Henson
85c9ba2342 Support setting of "no purpose" for trust.
If the oid parameter is set to NULL in X509_add1_trust_object
create an empty list of trusted purposes corresponding to
"no purpose" if trust is checked.
2013-11-11 22:39:23 +00:00
Ben Laurie
79b9209883 More diagnostics for invalid OIDs. 2013-09-20 14:38:36 +01:00
Veres Lajos
478b50cf67 misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
Dr. Stephen Henson
dc1ce3bc64 Add KDF for DH.
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.

Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
5de18d5d0d Encode INTEGER correctly.
If an ASN1_INTEGER structure is allocated but not explicitly set encode
it as zero: don't generate an invalid zero length INTEGER.
(cherry picked from commit 1643edc63c)
2013-03-18 14:22:08 +00:00
Ben Laurie
975dfb1c6c make depend. 2013-02-21 18:17:38 +00:00
Ben Laurie
a6bbbf2ff5 Make "make depend" work on MacOS out of the box. 2013-01-19 14:14:30 +00:00
Dr. Stephen Henson
2e8cb108dc initial support for delta CRL generations by diffing two full CRLs 2012-12-04 18:35:36 +00:00
Dr. Stephen Henson
46a6cec699 Reorganise parameters for OPENSSL_gmtime_diff.
Make ASN1_UTCTIME_cmp_time_t more robust by using the new time functions.
2012-11-21 14:13:20 +00:00
Dr. Stephen Henson
360ef6769e first parameter is difference in days, not years 2012-11-20 15:19:53 +00:00
Dr. Stephen Henson
d223dfe641 make depend 2012-11-19 15:13:33 +00:00
Dr. Stephen Henson
1c455bc084 new function ASN1_TIME_diff to calculate difference between two ASN1_TIME structures 2012-11-19 15:12:07 +00:00
Dr. Stephen Henson
98a7edf9f0 make depend 2012-11-19 13:18:09 +00:00
Dr. Stephen Henson
918e613a32 oops, add missing asn_mstbl.c 2012-10-24 13:27:46 +00:00
Dr. Stephen Henson
30765fed55 New config module for string tables. This can be used to add new
multi string components (as used in DN fields or request attributes)
or change the values of existing ones.
2012-10-22 13:05:54 +00:00
Dr. Stephen Henson
d35c0ff30b fix ASN1_STRING_TABLE_add so it can override existing string table values 2012-10-19 15:06:31 +00:00
Bodo Möller
7f429a5dbf Fix Valgrind warning.
Submitted by: Adam Langley
2012-09-24 19:49:16 +00:00
Dr. Stephen Henson
dfcf48f499 New functions to retrieve certificate signatures and signature OID NID. 2012-06-13 13:08:12 +00:00
Dr. Stephen Henson
4b9e0b5f74 print out issuer and subject unique identifier fields in certificates 2012-06-12 13:41:18 +00:00
Dr. Stephen Henson
4242a090c7 PR: 2813
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>

Fix possible deadlock when decoding public keys.
2012-05-11 13:53:37 +00:00
Dr. Stephen Henson
d9a9d10f4f Check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
2012-04-19 16:19:56 +00:00
Andy Polyakov
6da165c631 ans1/tasn_prn.c: avoid bool in variable names.
PR: 2776
2012-03-29 17:48:19 +00:00
Dr. Stephen Henson
78dfd43955 corrected fix to PR#2711 and also cover mime_param_cmp 2012-03-12 16:32:19 +00:00
Dr. Stephen Henson
3c6a7cd44b PR: 2742
Reported by: Dmitry Belyavsky <beldmit@gmail.com>

If resigning with detached content in CMS just copy data across.
2012-02-29 14:02:02 +00:00
Dr. Stephen Henson
dc4f678cdc Fix memory leak cause by race condition when creating public keys.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-28 14:47:02 +00:00
Dr. Stephen Henson
68a7b5ae1e PR: 2736
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.
2012-02-27 18:45:28 +00:00