summaryrefslogtreecommitdiffstats
path: root/crypto/pkcs7
AgeCommit message (Collapse)Author
2015-06-11PKCS#7: Fix NULL dereference with missing EncryptedContent.Emilia Kasper
CVE-2015-1790 Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-22Fix the update target and remove duplicate file updatesRichard Levitte
We had updates of certain header files in both Makefile.org and the Makefile in the directory the header file lived in. This is error prone and also sometimes generates slightly different results (usually just a comment that differs) depending on which way the update was done. This removes the file update targets from the top level Makefile, adds an update: target in all Makefiles and has it depend on the depend: or local_depend: targets, whichever is appropriate, so we don't get a double run through the whole file tree. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-14make dependRichard Levitte
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-14Identify and move common internal libcrypto header filesRichard Levitte
There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-11Use p==NULL not !p (in if statements, mainly)Rich Salz
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-01free null cleanup finaleRich Salz
Don't check for NULL before calling OPENSSL_free Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30free cleanup almost the finaleRich Salz
Add OPENSSL_clear_free which merges cleanse and free. (Names was picked to be similar to BN_clear_free, etc.) Removed OPENSSL_freeFunc macro. Fixed the small simple ones that are left: CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30free NULL cleanup 5aRich Salz
Don't check for NULL before calling a free routine. This gets X509_.*free: x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free X509_STORE_free X509_STORE_CTX_free X509_PKEY_free X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-11free NULL cleanup 9Rich Salz
Ongoing work to skip NULL check before calling free routine. This gets: ecp_nistz256_pre_comp_free nistp224_pre_comp_free nistp256_pre_comp_free nistp521_pre_comp_free PKCS7_free PKCS7_RECIP_INFO_free PKCS7_SIGNER_INFO_free sk_PKCS7_pop_free PKCS8_PRIV_KEY_INFO_free PKCS12_free PKCS12_SAFEBAG_free PKCS12_free sk_PKCS12_SAFEBAG_pop_free SSL_CONF_CTX_free SSL_CTX_free SSL_SESSION_free SSL_free ssl_cert_free ssl_sess_cert_free Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-31Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevantRichard Levitte
With no more symlinks, there's no need for those variables, or the links target. This also goes for all install: and uninstall: targets that do nothing but copy $(EXHEADER) files, since that's now taken care of by the top Makefile. Also, removed METHTEST from test/Makefile. It looks like an old test that's forgotten... Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31Stop symlinking, move files to intended directoryRichard Levitte
Rather than making include/openssl/foo.h a symlink to crypto/foo/foo.h, this change moves the file to include/openssl/foo.h once and for all. Likewise, move crypto/foo/footest.c to test/footest.c, instead of symlinking it there. Originally-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-28free NULL cleanupRich Salz
EVP_.*free; this gets: EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-25free NULL cleanupRich Salz
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free BIO_free BIO_free_all BIO_vfree Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-25RAND_bytes updatesMatt Caswell
Ensure RAND_bytes return value is checked correctly, and that we no longer use RAND_pseudo_bytes. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-24make dependDr. Stephen Henson
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24Move some ASN.1 internals to asn1_int.hDr. Stephen Henson
Move ASN.1 internals used across multiple directories into new internal header file asn1_int.h remove crypto/Makefile hack which allowed other directories to include "asn1_locl.h" Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-23Remove old ASN.1 code.Dr. Stephen Henson
Remove old M_ASN1_ macros and replace any occurences with the corresponding function. Remove d2i_ASN1_bytes, d2i_ASN1_SET, i2d_ASN1_SET: no longer used internally. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-19PKCS#7: avoid NULL pointer dereferences with missing contentEmilia Kasper
In PKCS#7, the ASN.1 content component is optional. This typically applies to inner content (detached signatures), however we must also handle unexpected missing outer content correctly. This patch only addresses functions reachable from parsing, decryption and verification, and functions otherwise associated with reading potentially untrusted data. Correcting all low-level API calls requires further work. CVE-2015-0289 Thanks to Michal Zalewski (Google) for reporting this issue. Reviewed-by: Steve Henson <steve@openssl.org>
2015-03-16Make X509_ATTRIBUTE opaque.Dr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-12Remove obsolete declarations.Dr. Stephen Henson
Remove DECLARE_ASN1_SET_OF and DECLARE_PKCS12_STACK_OF these haven't been used internally in OpenSSL for some time. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-01-30Dead code removal: #if 0 asn1, pkcs7Rich Salz
Keep one #if 0 but rename the symbol to be more descriptive of what it's doing (you can disable support for old broken Netscape software). Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-23ifdef cleanup part 3: OPENSSL_SYSNAMERich Salz
Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx Remove MS_STATIC; it's a relic from platforms <32 bits. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Run util/openssl-format-source -v -c .Matt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-14Cleanup OPENSSL_NO_xxx, part 1master-pre-reformatRich Salz
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO Two typo's on #endif comments fixed: OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-30mark all block comments that need format preserving so thatTim Hudson
indent will not alter them when reformatting comments Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-08Remove fipscanister build functionality from makefiles.Dr. Stephen Henson
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-28Remove all .cvsignore filesRich Salz
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-06Removed duplicate definition of PKCS7_type_is_encryptedMatt Caswell
Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also remove duplicate definition of PKCS7_type_is_digest. PR#3551 Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-06-26Remove ancient obsolete files under pkcs7.Dr. Stephen Henson
2014-05-07Fixed NULL pointer dereference in PKCS7_dataDecode reported by David Ramos ↵Matt Caswell
in PR#3339
2014-04-22Fix double frees.Ben Laurie
2014-02-13Add suppot for ASCII with CRLF canonicalisation.Dr. Stephen Henson
2013-09-05misspellings fixes by https://github.com/vlajos/misspell_fixerVeres Lajos
2012-03-22Submitted by: Markus Friedl <mfriedl@gmail.com>Dr. Stephen Henson
Fix memory leaks in 'goto err' cases.
2012-03-12Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key andDr. Stephen Henson
continue with symmetric decryption process to avoid leaking timing information to an attacker. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this issue. (CVE-2012-0884)
2012-03-08check return value of BIO_write in PKCS7_decryptDr. Stephen Henson
2012-02-27Detect symmetric crypto errors in PKCS7_decrypt.Dr. Stephen Henson
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2011-10-14more vxworks patchesDr. Stephen Henson
2011-01-26Change AR to ARX to allow exclusion of fips object modulesDr. Stephen Henson
2010-06-12Fix warnings.Ben Laurie
2010-01-05PR: 2102Dr. Stephen Henson
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com> Remove duplicate definitions.
2009-09-23Audit libcrypto for unchecked return values: fix all cases enounteredDr. Stephen Henson
2009-03-15Fix from stable branch.Dr. Stephen Henson
2008-12-26pval must always be set when pk7_cb() does anything (Coverity ID 146).Ben Laurie
2008-11-21Set memory BIOs up properly when stripping text headers from S/MIME messages.Dr. Stephen Henson
2008-11-05Update obsolete email address...Dr. Stephen Henson
2008-04-04Delete nonexistant function from pkcs7.h header file. WIN32 build fix fromDr. Stephen Henson
stable branch. Sync and update ordinals.
2008-03-31Use correct headers for signed receipts. Use consistent naming.Dr. Stephen Henson
Update cms-test.pl to support OpenSSL 0.9.8.
2008-03-12And so it begins...Dr. Stephen Henson
Initial support for CMS. Add zlib compression BIO. Add AES key wrap implementation. Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-01-03Netware support.Dr. Stephen Henson
Submitted by: Guenter Knauf <eflash@gmx.net>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-22 07:50:26 +0000