Dr. Stephen Henson
146b52edd1
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
...
continue with symmetric decryption process to avoid leaking timing
information to an attacker.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 16:31:39 +00:00
Ben Laurie
ae55176091
Fix some warnings caused by __owur. Temporarily (I hope) remove the more
...
aspirational __owur annotations.
2011-11-14 00:36:10 +00:00
Dr. Stephen Henson
df6de39fe7
Change AR to ARX to allow exclusion of fips object modules
2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
eb1c48be6f
Add new type ossl_ssize_t instead of ssize_t and move definitions to
...
e_os2.h, this should fix WIN32 compilation issues and hopefully avoid
conflicts with other headers which may workaround ssize_t in different ways.
2010-07-26 18:15:59 +00:00
Dr. Stephen Henson
3cbb15ee81
add CVE-2010-0742 and CVS-2010-1633 fixes
2010-06-01 14:39:01 +00:00
Dr. Stephen Henson
31d66c2a98
update cms code to use X509_ALGOR_set_md instead of internal function
2010-03-11 13:29:39 +00:00
Dr. Stephen Henson
2712a2f625
tolerate broken CMS/PKCS7 implementations using signature OID instead of digest
2010-02-02 14:30:39 +00:00
Dr. Stephen Henson
031c78901b
make update
2010-01-15 15:24:19 +00:00
Dr. Stephen Henson
d2a53c2238
Experimental CMS password based recipient Info support.
2009-11-26 18:57:39 +00:00
Dr. Stephen Henson
d71061122c
PR: 2058
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct EVP_DigestVerifyFinal error handling.
2009-09-30 23:49:11 +00:00
Dr. Stephen Henson
b6dcdbfc94
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
a25f33d28a
Submitted by: Julia Lawall <julia@diku.dk>
...
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:29:29 +00:00
Dr. Stephen Henson
73ba116e96
Update from stable branch.
2009-03-25 12:54:14 +00:00
Dr. Stephen Henson
54571ba004
Use correct ctx name.
2009-03-15 14:03:47 +00:00
Dr. Stephen Henson
237d7b6cae
Fix from stable branch.
2009-03-15 13:37:34 +00:00
Dr. Stephen Henson
d0c3628834
Set memory BIOs up properly when stripping text headers from S/MIME messages.
2008-11-21 18:18:13 +00:00
Dr. Stephen Henson
6d6c47980e
Correctly handle errors in CMS I/O code.
2008-08-05 15:55:53 +00:00
Dr. Stephen Henson
19048b5c8d
New function CMS_add1_crl().
2008-05-02 17:27:01 +00:00
Dr. Stephen Henson
e6ef05d5f3
Make certs argument work in CMS_sign() add test case.
...
PR:1664
2008-04-18 11:18:20 +00:00
Dr. Stephen Henson
852bd35065
Fix prototype for CMS_decrypt(), don't free up detached content.
2008-04-11 23:45:52 +00:00
Dr. Stephen Henson
a5db50d005
Revert argument swap change... oops CMS_uncompress() was consistent...
2008-04-11 23:23:18 +00:00
Dr. Stephen Henson
529d329ce1
Make CMS_uncompress() argument order consistent with other functions.
2008-04-11 17:34:13 +00:00
Dr. Stephen Henson
c02b6b6b21
Fix for compression and updated CMS_final().
2008-04-11 17:07:01 +00:00
Dr. Stephen Henson
e0fbd07309
Add additional parameter to CMS_final() to handle detached content.
2008-04-10 11:22:14 +00:00
Dr. Stephen Henson
eaee098e1f
Ignore nonsensical flags for signed receipts.
2008-04-10 11:12:42 +00:00
Dr. Stephen Henson
853eae51e0
Implement CMS_NOCRL.
2008-04-07 11:00:44 +00:00
Dr. Stephen Henson
ff80280b01
Set contentType attribute just before signing to allow encapsulated content
...
type to be set at any time in applications.
2008-04-06 16:29:47 +00:00
Dr. Stephen Henson
e45641bd17
Fix typo and add header files to err library.
2008-04-06 15:53:29 +00:00
Dr. Stephen Henson
d5a37b0293
Give consistent return value and add error code for duplicate certificates.
2008-04-06 15:41:25 +00:00
Dr. Stephen Henson
a5cdb7d5bd
Avoid warnings.
2008-04-01 16:29:42 +00:00
Dr. Stephen Henson
2e86f0d8d7
Use correct headers for signed receipts. Use consistent naming.
...
Update cms-test.pl to support OpenSSL 0.9.8.
2008-03-31 15:03:55 +00:00
Dr. Stephen Henson
e2a29d49ca
Update dependencies.
2008-03-29 21:11:25 +00:00
Dr. Stephen Henson
b99674103d
Remove unnecessary header.
2008-03-29 21:08:37 +00:00
Dr. Stephen Henson
36309aa2be
Signed receipt generation code.
2008-03-28 19:43:16 +00:00
Dr. Stephen Henson
eb9d8d8cd4
Support for verification of signed receipts.
2008-03-28 13:15:39 +00:00
Dr. Stephen Henson
f5e2354c9d
Add support for signed receipt request printout and generation.
2008-03-26 17:40:22 +00:00
Dr. Stephen Henson
f4cc56f494
Signed Receipt Request utility functions and option on CMS utility to
...
print out receipt requests.
2008-03-26 13:10:21 +00:00
Dr. Stephen Henson
be86c7fc87
Add signed receipt ASN1 structures. Initial GENERAL_NAME utility functions.
2008-03-24 22:14:02 +00:00
Dr. Stephen Henson
fe591284be
Update dependencies.
2008-03-22 18:52:03 +00:00
Geoff Thorpe
5ffba305c8
Comment out a (currently) unused CMS function. (Sorry Steve, but I need
...
-Werror right now to help me code-by-domino :-)
2008-03-19 23:08:20 +00:00
Dr. Stephen Henson
054307e7ed
Allow alternate eContentType oids to be set in cms utility.
...
Add id-ct-asciiTextWithCRLF OID.
Give more meaninful error message is attempt to use key ID from a certificate
without a key ID.
2008-03-19 19:34:30 +00:00
Dr. Stephen Henson
8cd358bef8
Rebuild CMS error codes.
2008-03-19 18:42:02 +00:00
Dr. Stephen Henson
eeb9cdfc94
Add support for KEK decrypt in cms utility.
2008-03-19 18:39:51 +00:00
Dr. Stephen Henson
ab12438030
Add support for KEKRecipientInfo in cms application.
2008-03-19 13:53:52 +00:00
Dr. Stephen Henson
f7e85c371e
Uninitialized variable bug fix.
2008-03-18 18:18:25 +00:00
Dr. Stephen Henson
e4f0e40eac
Various tidies/fixes:
...
Make streaming support in cms cleaner.
Note errors in various S/MIME functions if CMS_final() fails.
Add streaming support for enveloped data.
2008-03-18 13:45:43 +00:00
Dr. Stephen Henson
6e3bc4f073
More support for KEK RecipientInfo.
...
Generalise RecipientInfo and enveloped data handling so applications can
add their own key lookup routines as well as using the standard ones.
2008-03-18 01:00:38 +00:00
Dr. Stephen Henson
c36e936b60
Partial support for KEKRecipientInfo type.
2008-03-17 18:11:27 +00:00
Dr. Stephen Henson
761ffa729f
Preliminary support for enveloped data content type creation.
...
Fix signed data creation so versions are only corrected if structure is
being created.
2008-03-17 13:38:51 +00:00
Geoff Thorpe
1e26a8baed
Fix a variety of warnings generated by some elevated compiler-fascism,
...
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00