wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11119 commits 20 branches 302 tags 153 MiB
Commit graph

714 commits

Author SHA1 Message Date
Dr. Stephen Henson
534656a997 Add license info. 
(cherry picked from commit 55707a36cc)
 2014-07-04 18:43:06 +01:00
Dr. Stephen Henson
9223a31eb7 ASN1 sanity check. 
Primitive encodings shouldn't use indefinite length constructed
form.

PR#2438 (partial).
(cherry picked from commit 398e99fe5e)
 2014-07-02 00:59:44 +01:00
Dr. Stephen Henson
22228d2d40 Tolerate critical AKID in CRLs. 
PR#3014
(cherry picked from commit 11da66f8b1)
 2014-06-27 18:50:19 +01:00
Dr. Stephen Henson
e42c208235 Memory leak and NULL dereference fixes. 
PR#3403
(cherry picked from commit d2aea03829)
 2014-06-27 14:52:36 +01:00
Dr. Stephen Henson
08b172b975 Set default global mask to UTF8 only. 
(cherry picked from commit 3009244da4)
 2014-06-01 15:04:21 +01:00
Dr. Stephen Henson
e9b4b8afbd Don't try and verify signatures if key is NULL (CVE-2013-0166) 
Add additional check to catch this in ASN1_item_verify too.
(cherry picked from commit 66e8211c0b)
 2014-04-01 16:39:35 +01:00
Scott Schaefer
0413ea5801 Fix various spelling errors 
(cherry picked from commit 2b4ffc659e)
 2014-02-14 22:35:15 +00:00
Dr. Stephen Henson
bc35b8e435 make update 2013-12-01 23:09:44 +00:00
Dr. Stephen Henson
5c4ff8ad37 Add KDF for DH. 
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.

Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
(cherry picked from commit dc1ce3bc64)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
904348a492 Time difference functions. 
Backport of ASN1_TIME_diff and OPENSSL_gmtime_diff functions from master
branch.
 2013-08-19 21:55:07 +01:00
Dr. Stephen Henson
d7e429b91d Encode INTEGER correctly. 
If an ASN1_INTEGER structure is allocated but not explicitly set encode
it as zero: don't generate an invalid zero length INTEGER.
(cherry picked from commit 1643edc63c)
 2013-03-18 14:22:01 +00:00
Dr. Stephen Henson
6a10f38daa initial support for delta CRL generations by diffing two full CRLs 2013-01-17 18:51:50 +00:00
Dr. Stephen Henson
2aa3ef78b6 print out issuer and subject unique identifier fields in certificates 2013-01-16 15:08:34 +00:00
Dr. Stephen Henson
bd9fc1d667 New functions to retrieve certificate signatures and signature OID NID. 
(backport from HEAD)
 2012-12-26 14:31:05 +00:00
Bodo Möller
abf1e32f2f Fix Valgrind warning. 
Submitted by: Adam Langley
 2012-09-24 19:49:25 +00:00
Ben Laurie
68d2cf51bc Reduce version skew: trivia (I hope). 2012-06-03 22:03:37 +00:00
Dr. Stephen Henson
482f238069 PR: 2813 
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>

Fix possible deadlock when decoding public keys.
 2012-05-11 13:53:23 +00:00
Dr. Stephen Henson
564a503b1b Check for potentially exploitable overflows in asn1_d2i_read_bio 
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
 2012-04-19 16:19:07 +00:00
Dr. Stephen Henson
491734eb21 Initial experimental support for X9.42 DH parameter format to handle 
RFC5114 parameters and X9.42 DH public and private keys.
(backport from HEAD)
 2012-04-07 20:22:11 +00:00
Andy Polyakov
2fee1e0666 ans1/tasn_prn.c: avoid bool in variable names [from HEAD]. 
PR: 2776
 2012-03-29 19:11:59 +00:00
Dr. Stephen Henson
f0729fc3e0 corrected fix to PR#2711 and also cover mime_param_cmp 2012-03-12 16:29:47 +00:00
Dr. Stephen Henson
a8595879ec PR: 2742 
Reported by: Dmitry Belyavsky <beldmit@gmail.com>

If resigning with detached content in CMS just copy data across.
 2012-02-29 14:01:53 +00:00
Dr. Stephen Henson
33a688e806 Fix memory leak cause by race condition when creating public keys. 
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
 2012-02-28 14:47:16 +00:00
Dr. Stephen Henson
250f979237 PR: 2736 
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.
 2012-02-27 18:45:18 +00:00
Dr. Stephen Henson
0a082e9b37 free headers after use in error message 2012-02-27 16:27:09 +00:00
Dr. Stephen Henson
697e4edcad PR: 2711 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Tolerate bad MIME headers in parser.
 2012-02-23 21:50:32 +00:00
Dr. Stephen Henson
9138e3c061 fix warning 2012-01-15 13:30:52 +00:00
Andy Polyakov
9b2a29660b Sanitize usage of <ctype.h> functions. It's important that characters 
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
 2012-01-12 16:28:03 +00:00
Andy Polyakov
958e6a75a1 asn1/t_x509.c: fix serial number print, harmonize with a_int.c [from HEAD]. 
PR: 2675
Submitted by: Annie Yousar
 2012-01-11 21:12:47 +00:00
Bodo Möller
67f8de9ab8 "make update" 2011-10-19 15:24:44 +00:00
Dr. Stephen Henson
6841abe842 update pkey method initialisation and copy 2011-10-11 18:16:02 +00:00
Dr. Stephen Henson
9309ea6617 Backport PSS signature support from HEAD. 2011-10-09 23:13:50 +00:00
Dr. Stephen Henson
5473b6bc2f Fix memory leak. From HEAD. 2011-10-09 16:04:17 +00:00
Dr. Stephen Henson
dc100d87b5 Backport of password based CMS support from HEAD. 2011-10-09 15:28:02 +00:00
Dr. Stephen Henson
e34a303ce1 make depend 2011-09-16 23:15:22 +00:00
Dr. Stephen Henson
0ae7c43fa5 Improved error checking for DRBG calls. 
New functionality to allow default DRBG type to be set during compilation
or during runtime.
 2011-09-16 23:08:57 +00:00
Bodo Möller
7f1022a8b1 Fix memory leak on bad inputs. 2011-09-05 09:57:15 +00:00
Dr. Stephen Henson
91e97cbe4c Don't use *from++ in tolower as this is implemented as a macro on some 
platforms. Thanks to Shayne Murray <Shayne.Murray@Polycom.com> for
reporting this issue.
 2011-09-02 11:28:18 +00:00
Dr. Stephen Henson
2305ae5d8c PR: 2556 (partial) 
Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve

Fix OID routines.

Check on encoding leading zero rejection should start at beginning of
encoding.

Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.
 2011-07-14 12:01:36 +00:00
Dr. Stephen Henson
33c98a28ac correctly encode OIDs near 2^32 2011-06-22 15:15:48 +00:00
Dr. Stephen Henson
24d7159abd Backport libcrypto audit: check return values of EVP functions instead 
of assuming they will always suceed.
 2011-06-03 20:53:00 +00:00
Dr. Stephen Henson
d99e6b5014 New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier) from a digest algorithm (backport from HEAD). 2011-06-03 18:35:49 +00:00
Dr. Stephen Henson
260d08b814 Backport CMAC support from HEAD. 2011-06-03 15:08:42 +00:00
Dr. Stephen Henson
dca30c44f5 no need to include memory.h 2011-04-30 23:38:05 +00:00
Dr. Stephen Henson
d3203b931e PR: 2433 
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve

Constify ASN1_STRING_set_default_mask_asc().
 2011-01-24 16:20:05 +00:00
Dr. Stephen Henson
bbbf0d45ba stop warning with no-engine 2011-01-13 15:42:47 +00:00
Dr. Stephen Henson
e501dbb658 Fix escaping code for string printing. If *any* escaping is enabled we 
must escape the escape character itself (backslash).
 2011-01-03 01:30:58 +00:00
Dr. Stephen Henson
945ba0300d Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), 
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
 2010-10-03 18:56:25 +00:00
Dr. Stephen Henson
e97359435e Fix warnings (From HEAD, original patch by Ben). 2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
06226df1a9 The OID sanity check was incorrect. It should only disallow *leading* 0x80 
values.
 2010-03-07 16:40:19 +00:00