Dr. Stephen Henson
e93c8748ab
Remove duplicate code.
...
Update code to use ASN1_TYPE_pack_sequence and ASN1_TYPE_unpack_sequence
instead of performing the same operation manually.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-30 22:01:31 +01:00
Rich Salz
c5ba2d9904
free NULL cleanup
...
EVP_.*free; this gets:
EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free
EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it
EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-28 10:54:15 -04:00
Rich Salz
ca3a82c3b3
free NULL cleanup
...
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-25 11:31:18 -04:00
Matt Caswell
266483d2f5
RAND_bytes updates
...
Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-25 12:38:07 +00:00
Dr. Stephen Henson
86d20cb6fd
make depend
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 12:05:05 +00:00
Dr. Stephen Henson
5fe736e5fc
Move some ASN.1 internals to asn1_int.h
...
Move ASN.1 internals used across multiple directories into new internal
header file asn1_int.h remove crypto/Makefile hack which allowed other
directories to include "asn1_locl.h"
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 12:03:36 +00:00
Matt Caswell
918bb86529
Unchecked malloc fixes
...
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-05 09:09:57 +00:00
Richard Levitte
c6ef15c494
clang on Linux x86_64 complains about unreachable code.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-01-29 01:54:09 +01:00
Matt Caswell
0f113f3ee4
Run util/openssl-format-source -v -c .
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Matt Caswell
fd0ba77717
make update
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-11 23:52:47 +00:00
Geoff Thorpe
e52a3c3d14
Include <openssl/foo.h> instead of "foo.h"
...
Exported headers shouldn't be included as "foo.h" by code from the same
module, it should only do so for module-internal headers. This is
because the symlinking of exported headers (from include/openssl/foo.h
to crypto/foo/foo.h) is being removed, and the exported headers are
being moved to the include/openssl/ directory instead.
Change-Id: I4c1d80849544713308ddc6999a549848afc25f94
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-08 14:21:35 -05:00
Dr. Stephen Henson
f072785eb4
Remove fipscanister build functionality from makefiles.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:23:45 +00:00
Rich Salz
8cfe08b4ec
Remove all .cvsignore files
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28 18:32:43 -05:00
Jonas Maebe
36f7ed5040
cms_SignerInfo_content_sign: free sig on failure path
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-15 22:38:19 +02:00
Ben Laurie
c1d1b0114e
Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259).
2014-07-10 17:49:02 +01:00
Dr. Stephen Henson
46d889f33e
Set version number correctly.
...
PR#3249
2014-05-29 14:33:32 +01:00
Dr. Stephen Henson
0bcb17a777
Return an error if no recipient type matches.
...
If the key type does not match any CMS recipient type return
an error instead of using a random key (MMA mitigation). This
does not leak any useful information to an attacker.
PR#3348
2014-05-09 14:24:54 +01:00
Dr. Stephen Henson
546b1b4384
Set Enveloped data version to 2 if ktri version not zero.
2014-05-06 13:59:05 +01:00
Dr. Stephen Henson
4cfeb00be9
make depend
2014-02-19 20:09:08 +00:00
Dr. Stephen Henson
5a7652c3e5
Remove duplicate statement.
2014-02-15 01:27:56 +00:00
Dr. Stephen Henson
847865d0f9
Add suppot for ASCII with CRLF canonicalisation.
2014-02-13 14:35:56 +00:00
Dr. Stephen Henson
cd30f03ac5
Canonicalise input in CMS_verify.
...
If content is detached and not binary mode translate the input to
CRLF format. Before this change the input was verified verbatim
which lead to a discrepancy between sign and verify.
2013-12-22 00:35:29 +00:00
Dr. Stephen Henson
da15c61608
Add CMS_SignerInfo_get0_signature function.
...
Add function to retrieve the signature from a CMS_SignerInfo structure:
applications can then read or modify it.
2013-11-09 15:09:23 +00:00
Dr. Stephen Henson
dc1ce3bc64
Add KDF for DH.
...
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.
Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
17c2764d2e
CMS support for key agreeement recipient info.
...
Add hooks to support key agreement recipient info type (KARI) using
algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
ff7b6ce9db
Set CMS EnvelopedData version correctly.
2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
e0f7cfda68
Initialise CMS signature buffer length properly.
2013-07-02 22:12:19 +01:00
Dr. Stephen Henson
e365352d6a
CMS public key parameter support.
...
Add support for customisation of CMS handling of signed and enveloped
data from custom public key parameters.
This will provide support for RSA-PSS and RSA-OAEP but could also be
applied to other algorithms.
2013-06-21 21:33:00 +01:00
Dr. Stephen Henson
e1f1d28f34
Add function CMS_RecipientInfo_encrypt
...
Add CMS_RecipientInfo_encrypt: this function encrypts an existing content
encryption key to match the key in the RecipientInfo structure: this is
useful if a new recpient is added to and existing enveloped data structure.
Add documentation.
2013-02-26 16:59:56 +00:00
Dr. Stephen Henson
1703627ba8
Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set
2013-01-23 01:09:38 +00:00
Ben Laurie
5762f7778d
Fix warning.
2012-05-10 20:29:00 +00:00
Dr. Stephen Henson
225055c30b
Reported by: Solar Designer of Openwall
...
Make sure tkeylen is initialised properly when encrypting CMS messages.
2012-05-10 13:46:09 +00:00
Dr. Stephen Henson
146b52edd1
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
...
continue with symmetric decryption process to avoid leaking timing
information to an attacker.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 16:31:39 +00:00
Ben Laurie
ae55176091
Fix some warnings caused by __owur. Temporarily (I hope) remove the more
...
aspirational __owur annotations.
2011-11-14 00:36:10 +00:00
Dr. Stephen Henson
df6de39fe7
Change AR to ARX to allow exclusion of fips object modules
2011-01-26 16:08:08 +00:00
Dr. Stephen Henson
eb1c48be6f
Add new type ossl_ssize_t instead of ssize_t and move definitions to
...
e_os2.h, this should fix WIN32 compilation issues and hopefully avoid
conflicts with other headers which may workaround ssize_t in different ways.
2010-07-26 18:15:59 +00:00
Dr. Stephen Henson
3cbb15ee81
add CVE-2010-0742 and CVS-2010-1633 fixes
2010-06-01 14:39:01 +00:00
Dr. Stephen Henson
31d66c2a98
update cms code to use X509_ALGOR_set_md instead of internal function
2010-03-11 13:29:39 +00:00
Dr. Stephen Henson
2712a2f625
tolerate broken CMS/PKCS7 implementations using signature OID instead of digest
2010-02-02 14:30:39 +00:00
Dr. Stephen Henson
031c78901b
make update
2010-01-15 15:24:19 +00:00
Dr. Stephen Henson
d2a53c2238
Experimental CMS password based recipient Info support.
2009-11-26 18:57:39 +00:00
Dr. Stephen Henson
d71061122c
PR: 2058
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct EVP_DigestVerifyFinal error handling.
2009-09-30 23:49:11 +00:00
Dr. Stephen Henson
b6dcdbfc94
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
a25f33d28a
Submitted by: Julia Lawall <julia@diku.dk>
...
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:29:29 +00:00
Dr. Stephen Henson
73ba116e96
Update from stable branch.
2009-03-25 12:54:14 +00:00
Dr. Stephen Henson
54571ba004
Use correct ctx name.
2009-03-15 14:03:47 +00:00
Dr. Stephen Henson
237d7b6cae
Fix from stable branch.
2009-03-15 13:37:34 +00:00
Dr. Stephen Henson
d0c3628834
Set memory BIOs up properly when stripping text headers from S/MIME messages.
2008-11-21 18:18:13 +00:00
Dr. Stephen Henson
6d6c47980e
Correctly handle errors in CMS I/O code.
2008-08-05 15:55:53 +00:00
Dr. Stephen Henson
19048b5c8d
New function CMS_add1_crl().
2008-05-02 17:27:01 +00:00
Dr. Stephen Henson
e6ef05d5f3
Make certs argument work in CMS_sign() add test case.
...
PR:1664
2008-04-18 11:18:20 +00:00
Dr. Stephen Henson
852bd35065
Fix prototype for CMS_decrypt(), don't free up detached content.
2008-04-11 23:45:52 +00:00
Dr. Stephen Henson
a5db50d005
Revert argument swap change... oops CMS_uncompress() was consistent...
2008-04-11 23:23:18 +00:00
Dr. Stephen Henson
529d329ce1
Make CMS_uncompress() argument order consistent with other functions.
2008-04-11 17:34:13 +00:00
Dr. Stephen Henson
c02b6b6b21
Fix for compression and updated CMS_final().
2008-04-11 17:07:01 +00:00
Dr. Stephen Henson
e0fbd07309
Add additional parameter to CMS_final() to handle detached content.
2008-04-10 11:22:14 +00:00
Dr. Stephen Henson
eaee098e1f
Ignore nonsensical flags for signed receipts.
2008-04-10 11:12:42 +00:00
Dr. Stephen Henson
853eae51e0
Implement CMS_NOCRL.
2008-04-07 11:00:44 +00:00
Dr. Stephen Henson
ff80280b01
Set contentType attribute just before signing to allow encapsulated content
...
type to be set at any time in applications.
2008-04-06 16:29:47 +00:00
Dr. Stephen Henson
e45641bd17
Fix typo and add header files to err library.
2008-04-06 15:53:29 +00:00
Dr. Stephen Henson
d5a37b0293
Give consistent return value and add error code for duplicate certificates.
2008-04-06 15:41:25 +00:00
Dr. Stephen Henson
a5cdb7d5bd
Avoid warnings.
2008-04-01 16:29:42 +00:00
Dr. Stephen Henson
2e86f0d8d7
Use correct headers for signed receipts. Use consistent naming.
...
Update cms-test.pl to support OpenSSL 0.9.8.
2008-03-31 15:03:55 +00:00
Dr. Stephen Henson
e2a29d49ca
Update dependencies.
2008-03-29 21:11:25 +00:00
Dr. Stephen Henson
b99674103d
Remove unnecessary header.
2008-03-29 21:08:37 +00:00
Dr. Stephen Henson
36309aa2be
Signed receipt generation code.
2008-03-28 19:43:16 +00:00
Dr. Stephen Henson
eb9d8d8cd4
Support for verification of signed receipts.
2008-03-28 13:15:39 +00:00
Dr. Stephen Henson
f5e2354c9d
Add support for signed receipt request printout and generation.
2008-03-26 17:40:22 +00:00
Dr. Stephen Henson
f4cc56f494
Signed Receipt Request utility functions and option on CMS utility to
...
print out receipt requests.
2008-03-26 13:10:21 +00:00
Dr. Stephen Henson
be86c7fc87
Add signed receipt ASN1 structures. Initial GENERAL_NAME utility functions.
2008-03-24 22:14:02 +00:00
Dr. Stephen Henson
fe591284be
Update dependencies.
2008-03-22 18:52:03 +00:00
Geoff Thorpe
5ffba305c8
Comment out a (currently) unused CMS function. (Sorry Steve, but I need
...
-Werror right now to help me code-by-domino :-)
2008-03-19 23:08:20 +00:00
Dr. Stephen Henson
054307e7ed
Allow alternate eContentType oids to be set in cms utility.
...
Add id-ct-asciiTextWithCRLF OID.
Give more meaninful error message is attempt to use key ID from a certificate
without a key ID.
2008-03-19 19:34:30 +00:00
Dr. Stephen Henson
8cd358bef8
Rebuild CMS error codes.
2008-03-19 18:42:02 +00:00
Dr. Stephen Henson
eeb9cdfc94
Add support for KEK decrypt in cms utility.
2008-03-19 18:39:51 +00:00
Dr. Stephen Henson
ab12438030
Add support for KEKRecipientInfo in cms application.
2008-03-19 13:53:52 +00:00
Dr. Stephen Henson
f7e85c371e
Uninitialized variable bug fix.
2008-03-18 18:18:25 +00:00
Dr. Stephen Henson
e4f0e40eac
Various tidies/fixes:
...
Make streaming support in cms cleaner.
Note errors in various S/MIME functions if CMS_final() fails.
Add streaming support for enveloped data.
2008-03-18 13:45:43 +00:00
Dr. Stephen Henson
6e3bc4f073
More support for KEK RecipientInfo.
...
Generalise RecipientInfo and enveloped data handling so applications can
add their own key lookup routines as well as using the standard ones.
2008-03-18 01:00:38 +00:00
Dr. Stephen Henson
c36e936b60
Partial support for KEKRecipientInfo type.
2008-03-17 18:11:27 +00:00
Dr. Stephen Henson
761ffa729f
Preliminary support for enveloped data content type creation.
...
Fix signed data creation so versions are only corrected if structure is
being created.
2008-03-17 13:38:51 +00:00
Geoff Thorpe
1e26a8baed
Fix a variety of warnings generated by some elevated compiler-fascism,
...
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
7c337e00d2
Fix some warnings.
2008-03-16 20:59:10 +00:00
Dr. Stephen Henson
deb21fbae9
Remove deleted function from header file, update mkfiles.pl
2008-03-16 18:41:20 +00:00
Dr. Stephen Henson
a981e2adbc
Add support for random key generation: this will be needed by enveloped data.
2008-03-16 13:05:03 +00:00
Dr. Stephen Henson
4f1aa191b3
Initial support for enveloped data decrypt. Extent runex.pl to cover these
...
examples. All RFC4134 examples can not be processed.
2008-03-15 23:21:33 +00:00
Dr. Stephen Henson
e540d1cd77
Check for cipher BIO errors and set key length after parameter decode.
2008-03-15 13:37:32 +00:00
Dr. Stephen Henson
fd47c36136
Return error if no cipher set for encrypted data type.
...
Update CHANGES.
2008-03-15 00:02:23 +00:00
Dr. Stephen Henson
d9f5f07e28
Initial support for Encrypted Data type generation.
2008-03-14 23:30:56 +00:00
Dr. Stephen Henson
320bfc1be7
Reorganise encrypted content info code to avoid duplication and be more
...
consistent with other content types.
2008-03-14 19:37:56 +00:00
Dr. Stephen Henson
b820455c6e
Encrypted Data type processing. Add options to cms utility and run section 7
...
tests in RFC4134.
2008-03-14 13:21:48 +00:00
Dr. Stephen Henson
5c4436c977
New utility functions for encryptedData content type which will also be used
...
by envelopedData.
Use PRE and not POST when freeing up RecipientInfo.
2008-03-14 00:58:43 +00:00
Dr. Stephen Henson
31d3c84422
.cvignore file for cms
2008-03-13 00:50:02 +00:00
Dr. Stephen Henson
afff52a3ba
Free up additional data in RecipientInfo structure
2008-03-13 00:48:59 +00:00
Dr. Stephen Henson
8931b30d84
And so it begins...
...
Initial support for CMS.
Add zlib compression BIO.
Add AES key wrap implementation.
Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00