Matt Caswell
ae5c8664e5
Run util/openssl-format-source -v -c .
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:38 +00:00
Ben Laurie
5e189b4b8d
Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259).
...
(cherry picked from commit c1d1b0114e
)
2014-07-10 17:49:53 +01:00
Dr. Stephen Henson
1788072b9e
Set version number correctly.
...
PR#3249
(cherry picked from commit 8909bf20269035d295743fca559207ef2eb84eb3)
2014-05-29 14:08:54 +01:00
Dr. Stephen Henson
2c4144638a
Return an error if no recipient type matches.
...
If the key type does not match any CMS recipient type return
an error instead of using a random key (MMA mitigation). This
does not leak any useful information to an attacker.
PR#3348
(cherry picked from commit bd43b4cf778a53ffa5d77510ecd408a009dc00d2)
2014-05-09 14:24:53 +01:00
Dr. Stephen Henson
1047b8c84d
Set Enveloped data version to 2 if ktri version not zero.
...
(cherry picked from commit 546b1b4384
)
2014-05-06 14:00:11 +01:00
Dr. Stephen Henson
eb70d4407f
Remove duplicate statement.
...
(cherry picked from commit 5a7652c3e5
)
2014-02-15 01:29:24 +00:00
Dr. Stephen Henson
bc35b8e435
make update
2013-12-01 23:09:44 +00:00
Dr. Stephen Henson
233069f8db
Add CMS_SignerInfo_get0_signature function.
...
Add function to retrieve the signature from a CMS_SignerInfo structure:
applications can then read or modify it.
(cherry picked from commit e8df6cec4c09b9a94c4c07abcf0402d31ec82cc1)
2013-11-09 15:09:22 +00:00
Dr. Stephen Henson
5c4ff8ad37
Add KDF for DH.
...
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.
Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
(cherry picked from commit dc1ce3bc64
)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
8c798690ce
CMS support for key agreeement recipient info.
...
Add hooks to support key agreement recipient info type (KARI) using
algorithm specific code in the relevant public key ASN1 method.
(cherry picked from commit 17c2764d2e
)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
5c49a98c5e
Set CMS EnvelopedData version correctly.
...
(cherry picked from commit ff7b6ce9db
)
2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
869772ff08
Initialise CMS signature buffer length properly.
...
(cherry picked from commit e0f7cfda68
)
2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
f2edf3181e
CMS public key parameter support.
...
Add support for customisation of CMS handling of signed and enveloped
data from custom public key parameters.
This will provide support for RSA-PSS and RSA-OAEP but could also be
applied to other algorithms.
(cherry picked from commit e365352d6a
)
2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
e1dee801b9
Add function CMS_RecipientInfo_encrypt
...
Add CMS_RecipientInfo_encrypt: this function encrypts an existing content
encryption key to match the key in the RecipientInfo structure: this is
useful if a new recpient is added to and existing enveloped data structure.
Add documentation.
(cherry picked from commit e1f1d28f34
)
2013-02-26 17:06:08 +00:00
Dr. Stephen Henson
1db4354b53
Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set
2013-01-23 01:11:05 +00:00
Ben Laurie
68d2cf51bc
Reduce version skew: trivia (I hope).
2012-06-03 22:03:37 +00:00
Dr. Stephen Henson
24547c23ca
Reported by: Solar Designer of Openwall
...
Make sure tkeylen is initialised properly when encrypting CMS messages.
2012-05-10 13:44:24 +00:00
Dr. Stephen Henson
8186c00ef3
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
...
continue with symmetric decryption process to avoid leaking timing
information to an attacker.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 16:27:50 +00:00
Bodo Möller
67f8de9ab8
"make update"
2011-10-19 15:24:44 +00:00
Dr. Stephen Henson
cb70355d87
Backport ossl_ssize_t type from HEAD.
2011-10-10 22:33:50 +00:00
Dr. Stephen Henson
dc100d87b5
Backport of password based CMS support from HEAD.
2011-10-09 15:28:02 +00:00
Dr. Stephen Henson
e34a303ce1
make depend
2011-09-16 23:15:22 +00:00
Dr. Stephen Henson
0ae7c43fa5
Improved error checking for DRBG calls.
...
New functionality to allow default DRBG type to be set during compilation
or during runtime.
2011-09-16 23:08:57 +00:00
Dr. Stephen Henson
24d7159abd
Backport libcrypto audit: check return values of EVP functions instead
...
of assuming they will always suceed.
2011-06-03 20:53:00 +00:00
Dr. Stephen Henson
618265e645
Fix CVE-2010-1633 and CVE-2010-0742.
2010-06-01 13:17:06 +00:00
Dr. Stephen Henson
45acdd6f6d
tolerate broken CMS/PKCS7 implementations using signature OID instead of digest
2010-02-02 14:26:32 +00:00
Dr. Stephen Henson
43f21e62aa
PR: 2058
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct EVP_DigestVerifyFinal error handling.
2009-09-30 23:50:10 +00:00
Dr. Stephen Henson
80afb40ae3
Submitted by: Julia Lawall <julia@diku.dk>
...
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:27:27 +00:00
Dr. Stephen Henson
73ba116e96
Update from stable branch.
2009-03-25 12:54:14 +00:00
Dr. Stephen Henson
54571ba004
Use correct ctx name.
2009-03-15 14:03:47 +00:00
Dr. Stephen Henson
237d7b6cae
Fix from stable branch.
2009-03-15 13:37:34 +00:00
Dr. Stephen Henson
d0c3628834
Set memory BIOs up properly when stripping text headers from S/MIME messages.
2008-11-21 18:18:13 +00:00
Dr. Stephen Henson
6d6c47980e
Correctly handle errors in CMS I/O code.
2008-08-05 15:55:53 +00:00
Dr. Stephen Henson
19048b5c8d
New function CMS_add1_crl().
2008-05-02 17:27:01 +00:00
Dr. Stephen Henson
e6ef05d5f3
Make certs argument work in CMS_sign() add test case.
...
PR:1664
2008-04-18 11:18:20 +00:00
Dr. Stephen Henson
852bd35065
Fix prototype for CMS_decrypt(), don't free up detached content.
2008-04-11 23:45:52 +00:00
Dr. Stephen Henson
a5db50d005
Revert argument swap change... oops CMS_uncompress() was consistent...
2008-04-11 23:23:18 +00:00
Dr. Stephen Henson
529d329ce1
Make CMS_uncompress() argument order consistent with other functions.
2008-04-11 17:34:13 +00:00
Dr. Stephen Henson
c02b6b6b21
Fix for compression and updated CMS_final().
2008-04-11 17:07:01 +00:00
Dr. Stephen Henson
e0fbd07309
Add additional parameter to CMS_final() to handle detached content.
2008-04-10 11:22:14 +00:00
Dr. Stephen Henson
eaee098e1f
Ignore nonsensical flags for signed receipts.
2008-04-10 11:12:42 +00:00
Dr. Stephen Henson
853eae51e0
Implement CMS_NOCRL.
2008-04-07 11:00:44 +00:00
Dr. Stephen Henson
ff80280b01
Set contentType attribute just before signing to allow encapsulated content
...
type to be set at any time in applications.
2008-04-06 16:29:47 +00:00
Dr. Stephen Henson
e45641bd17
Fix typo and add header files to err library.
2008-04-06 15:53:29 +00:00
Dr. Stephen Henson
d5a37b0293
Give consistent return value and add error code for duplicate certificates.
2008-04-06 15:41:25 +00:00
Dr. Stephen Henson
a5cdb7d5bd
Avoid warnings.
2008-04-01 16:29:42 +00:00
Dr. Stephen Henson
2e86f0d8d7
Use correct headers for signed receipts. Use consistent naming.
...
Update cms-test.pl to support OpenSSL 0.9.8.
2008-03-31 15:03:55 +00:00
Dr. Stephen Henson
e2a29d49ca
Update dependencies.
2008-03-29 21:11:25 +00:00
Dr. Stephen Henson
b99674103d
Remove unnecessary header.
2008-03-29 21:08:37 +00:00
Dr. Stephen Henson
36309aa2be
Signed receipt generation code.
2008-03-28 19:43:16 +00:00