Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-05-29 | Set version number correctly. | Dr. Stephen Henson | |
PR#3249 (cherry picked from commit 8909bf20269035d295743fca559207ef2eb84eb3) | |||
2014-05-08 | Return an error if no recipient type matches. | Dr. Stephen Henson | |
If the key type does not match any CMS recipient type return an error instead of using a random key (MMA mitigation). This does not leak any useful information to an attacker. PR#3348 (cherry picked from commit 83a3182e0560f76548f4378325393461f6275493) | |||
2014-05-06 | Set Enveloped data version to 2 if ktri version not zero. | Dr. Stephen Henson | |
(cherry picked from commit 9c5d953a07f472452ae2cb578e39eddea2de2b9c) | |||
2014-02-15 | Remove duplicate statement. | Dr. Stephen Henson | |
(cherry picked from commit 5a7652c3e585e970e5b778074c92e617e48fde38) | |||
2013-01-23 | Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set | Dr. Stephen Henson | |
2012-05-10 | Reported by: Solar Designer of Openwall | Dr. Stephen Henson | |
Make sure tkeylen is initialised properly when encrypting CMS messages. | |||
2012-03-12 | Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and | Dr. Stephen Henson | |
continue with symmetric decryption process to avoid leaking timing information to an attacker. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this issue. (CVE-2012-0884) | |||
2012-03-06 | return failure code if I/O error | Dr. Stephen Henson | |
2010-06-01 | Fix CVE-2010-0742 | Dr. Stephen Henson | |
2010-02-02 | tolerate broken CMS/PKCS7 implementations using signature OID instead of digest | Dr. Stephen Henson | |
2009-09-13 | Submitted by: Julia Lawall <julia@diku.dk> | Dr. Stephen Henson | |
The functions ENGINE_ctrl(), OPENSSL_isservice(), CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix so the return code is checked correctly. | |||
2009-03-25 | Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com> | Dr. Stephen Henson | |
Approved by: steve@openssl.org Check return code properly in CMS_SignerInfo_verify_content(). | |||
2009-03-15 | Oops. | Dr. Stephen Henson | |
2009-03-15 | Don't force S/MIME signing purpose: allow it to be overridden by store | Dr. Stephen Henson | |
settings. Don't set default values in X509_VERIFY_PARAM_new(): it stops parameters being inherited properly. | |||
2009-01-07 | Properly check EVP_VerifyFinal() and similar return values | Dr. Stephen Henson | |
(CVE-2008-5077). Submitted by: Ben Laurie, Bodo Moeller, Google Security Team | |||
2008-11-21 | Update from HEAD. | Dr. Stephen Henson | |
2008-09-16 | Merge changes to build system from fips branch. | Dr. Stephen Henson | |
2008-08-05 | Fix from HEAD. | Dr. Stephen Henson | |
2008-04-18 | Update from HEAD. | Dr. Stephen Henson | |
2008-04-12 | Update from HEAD. | Dr. Stephen Henson | |
2008-04-11 | Revert change from HEAD. | Dr. Stephen Henson | |
2008-04-11 | Fix from HEAD. | Dr. Stephen Henson | |
2008-04-07 | Fix from HEAD. | Dr. Stephen Henson | |
2008-04-06 | Update from HEAD. | Dr. Stephen Henson | |
2008-04-06 | Fix from HEAD. | Dr. Stephen Henson | |
2008-04-06 | Update error codes. | Dr. Stephen Henson | |
2008-04-06 | Fix from HEAD. | Dr. Stephen Henson | |
2008-04-03 | Delete functions not implemented in 0.9.8 from cms.h | Dr. Stephen Henson | |
2008-04-03 | Backport of CMS code to 0.9.8-stable branch. Disabled by default. | Dr. Stephen Henson | |