summaryrefslogtreecommitdiffstats
path: root/crypto/pkcs7
AgeCommit message (Collapse)Author
2018-09-03Remove redundant ASN1_INTEGER_set callEric Brown
This trivial patch removes a duplicated call to ASN1_INTEGER_set. Fixes Issue #6977 Signed-off-by: Eric Brown <browne@vmware.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6984) (cherry picked from commit 59701e6363531cddef5b2114c0127b8453deb1f3)
2018-03-12Improve error handling in pk7_doitMatt Caswell
If a mem allocation failed we would ignore it. This commit fixes it to always check. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5596) (cherry picked from commit 4718f449a3ecd5efac62b22d0fa9a759a7895dbc)
2016-08-19Fix NULL-return checks in 1.0.2Rich Salz
RT4386: Add sanity checks for BN_new() RT4384: Missing Sanity Checks for RSA_new_method() RT4384: Missing Sanity Check plus potential NULL pointer deref RT4382: Missing Sanity Check(s) for BUF_strdup() RT4380: Missing Sanity Checks for EVP_PKEY_new() RT4377: Prevent potential NULL pointer dereference RT4375: Missing sanity checks for OPENSSL_malloc() RT4374: Potential for NULL pointer dereferences RT4371: Missing Sanity Check for malloc() RT4370: Potential for NULL pointer dereferences Also expand tabs, make update, typo fix (rsalz) Minor tweak by Paul Dale. Some minor internal review feedback. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-27Change usage of RAND_pseudo_bytes to RAND_bytesMatt Caswell
RAND_pseudo_bytes() allows random data to be returned even in low entropy conditions. Sometimes this is ok. Many times it is not. For the avoidance of any doubt, replace existing usage of RAND_pseudo_bytes() with RAND_bytes(). Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-23RT4175: Fix PKCS7_verify() regression with Authenticode signaturesDavid Woodhouse
This is a partial revert of commit c8491de39 ("GH354: Memory leak fixes"), which was cherry-picked from commit 55500ea7c in OpenSSL 1.1. That commit introduced a change in behaviour which is a regression for software implementing Microsoft Authenticode — which requires a PKCS#7 signature to be validated against explicit external data, even though it's a non-detached signature with its own embedded data. The is fixed differently in OpenSSL 1.1 by commit 6b2ebe433 ("Add PKCS7_NO_DUAL_CONTENT flag"), but that approach isn't viable in the 1.0.2 stable branch, so just comment the offending check back out again. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-09Fix missing malloc return value checksMatt Caswell
During work on a larger change in master a number of locations were identified where return value checks were missing. This backports the relevant fixes. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-23Remove useless codeAlessandro Ghedini
RT#4081 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 070c23325af4526c9a8532a60d63522c58d5554b)
2015-09-15RT4044: Remove .cvsignore files.Rich Salz
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-28GH354: Memory leak fixesAlessandro Ghedini
Fix more potential leaks in X509_verify_cert() Fix memory leak in ClientHello test Fix memory leak in gost2814789 test Fix potential memory leak in PKCS7_verify() Fix potential memory leaks in X509_add1_reject_object() Refactor to use "goto err" in cleanup. Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 55500ea7c46c27a150a46832e1260891aaad8e52)
2015-06-11PKCS#7: Fix NULL dereference with missing EncryptedContent.Emilia Kasper
CVE-2015-1790 Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-23Fix the update target and remove duplicate file updatesRichard Levitte
We had updates of certain header files in both Makefile.org and the Makefile in the directory the header file lived in. This is error prone and also sometimes generates slightly different results (usually just a comment that differs) depending on which way the update was done. This removes the file update targets from the top level Makefile, adds an update: target in all Makefiles and has it depend on the depend: or local_depend: targets, whichever is appropriate, so we don't get a double run through the whole file tree. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 0f539dc1a2f45580435c39dada44dd276e79cb88) Conflicts: Makefile.org apps/Makefile test/Makefile
2015-03-19PKCS#7: avoid NULL pointer dereferences with missing contentEmilia Kasper
In PKCS#7, the ASN.1 content component is optional. This typically applies to inner content (detached signatures), however we must also handle unexpected missing outer content correctly. This patch only addresses functions reachable from parsing, decryption and verification, and functions otherwise associated with reading potentially untrusted data. Correcting all low-level API calls requires further work. CVE-2015-0289 Thanks to Michal Zalewski (Google) for reporting this issue. Reviewed-by: Steve Henson <steve@openssl.org>
2015-01-22Run util/openssl-format-source -v -c .Matt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22mark all block comments that need format preserving so thatTim Hudson
indent will not alter them when reformatting comments (cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960) Conflicts: crypto/bn/bn_lcl.h crypto/bn/bn_prime.c crypto/engine/eng_all.c crypto/rc4/rc4_utl.c crypto/sha/sha.h ssl/kssl.c ssl/t1_lib.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-06Removed duplicate definition of PKCS7_type_is_encryptedMatt Caswell
Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also remove duplicate definition of PKCS7_type_is_digest. PR#3551 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit e0fdea3e49e7454aa76bd5ecf3a3747641354c68)
2014-06-27Remove ancient obsolete files under pkcs7.Dr. Stephen Henson
(cherry picked from commit 7be6b27aaf5ed77f13c93dc89a2c27a42082db3f)
2014-05-07Fixed NULL pointer dereference in PKCS7_dataDecode reported by David Ramos ↵Matt Caswell
in PR#3339
2014-04-22Fix double frees.Ben Laurie
Conflicts: CHANGES
2012-06-03Reduce version skew: trivia (I hope).Ben Laurie
2012-03-22Submitted by: Markus Friedl <mfriedl@gmail.com>Dr. Stephen Henson
Fix memory leaks in 'goto err' cases.
2012-03-12Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key andDr. Stephen Henson
continue with symmetric decryption process to avoid leaking timing information to an attacker. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this issue. (CVE-2012-0884)
2012-03-08check return value of BIO_write in PKCS7_decryptDr. Stephen Henson
2012-02-27Detect symmetric crypto errors in PKCS7_decrypt.Dr. Stephen Henson
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2011-06-03Backport libcrypto audit: check return values of EVP functions insteadDr. Stephen Henson
of assuming they will always suceed.
2010-06-15Fix warnings (From HEAD, original patch by Ben).Dr. Stephen Henson
2010-01-05PR: 2102Dr. Stephen Henson
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com> Remove duplicate definitions.
2009-03-15Fix from stable branch.Dr. Stephen Henson
2008-12-26pval must always be set when pk7_cb() does anything (Coverity ID 146).Ben Laurie
2008-11-21Set memory BIOs up properly when stripping text headers from S/MIME messages.Dr. Stephen Henson
2008-11-05Update obsolete email address...Dr. Stephen Henson
2008-04-04Delete nonexistant function from pkcs7.h header file. WIN32 build fix fromDr. Stephen Henson
stable branch. Sync and update ordinals.
2008-03-31Use correct headers for signed receipts. Use consistent naming.Dr. Stephen Henson
Update cms-test.pl to support OpenSSL 0.9.8.
2008-03-12And so it begins...Dr. Stephen Henson
Initial support for CMS. Add zlib compression BIO. Add AES key wrap implementation. Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-01-03Netware support.Dr. Stephen Henson
Submitted by: Guenter Knauf <eflash@gmx.net>
2007-09-19Fix dependencies. Make depend.Ben Laurie
2007-08-12Fix warnings.Dr. Stephen Henson
2007-06-07Finish gcc 4.2 changes.Dr. Stephen Henson
2007-05-16Fix error code name.Dr. Stephen Henson
2007-05-10Improve error detection when streaming S/MIME.Dr. Stephen Henson
Only use streaming when appropriate for detached data in smime utility.
2007-04-24fix function codes for errorBodo Möller
2007-04-23Add SEED encryption algorithm.Bodo Möller
PR: 1503 Submitted by: KISA Reviewed by: Bodo Moeller
2007-04-13Flush b64 BIO.Dr. Stephen Henson
2007-04-13Don't finalize signerinfo if reuse and partial both set.Dr. Stephen Henson
2007-04-13Update smime utility to support streaming for -encrypt and -sign -nodetachDr. Stephen Henson
options. Add new streaming i2d (though strictly speaking it is BER format when streaming) and PEM functions. These all process content on the fly without storing it all in memory.
2007-04-05If you're going to check for negative, use an signed integer! Coverity ID 122.Ben Laurie
2007-04-04check return value of ASN1_item_i2d(), Coverity ID 55Nils Larsch
2007-04-04Handle bad content type. Coverity ID 99.Ben Laurie
2007-04-01Fix warning.Ben Laurie
2007-02-26remove dead codeNils Larsch
2007-02-03fix potential memory leaksNils Larsch
PR: 1462
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-20 03:56:43 +0000