summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/cms (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.tb2019-10-043-4/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (Note that the CMS code is currently disabled.) Port of Edlinger's Fix for CVE-2019-1563 from OpenSSL 1.1.1 (old license) tests from bluhm@ ok jsing commit e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Sun Sep 1 00:16:28 2019 +0200 Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey An attack is simple, if the first CMS_recipientInfo is valid but the second CMS_recipientInfo is chosen ciphertext. If the second recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct encryption key will be replaced by garbage, and the message cannot be decoded, but if the RSA decryption fails, the correct encryption key is used and the recipient will not notice the attack. As a work around for this potential attack the length of the decrypted key must be equal to the cipher default key length, in case the certifiate is not given and all recipientInfo are tried out. The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9777) (cherry picked from commit 5840ed0cd1e6487d247efbc1a04136a41d7b3a37)
* Provide a local version of X509_get0_subject_key_id()jsing2019-08-121-3/+11
| | | | | It seems that the CMS code is currently the only code in existence that uses this function.
* Inline the equivalent of ASN1_TYPE_unpack_sequence().jsing2019-08-121-3/+6
|
* Use ERR_asprintf_error_data() instead of ERR_add_error_data().jsing2019-08-111-3/+3
|
* Remove unsupported GOST 2012 NIDs.jsing2019-08-111-3/+1
|
* Disable DES3 since we do not currently provide DES3 keywrap.jsing2019-08-111-1/+7
|
* Remove label that is now unused (due to arc4random_buf() returning void).jsing2019-08-111-3/+2
|
* Fix loading of CMS error strings.jsing2019-08-111-5/+5
|
* Include string.h for explicit_bzero().jsing2019-08-112-2/+6
|
* Expand M_ASN1_new_of and M_ASN1_free_of macros.jsing2019-08-119-39/+39
|
* Use arc4random_buf() instead of RAND_bytes().jsing2019-08-113-12/+8
| | | | This also removes return checks since arc4random_buf() does not fail.
* Include string.h for memcmp()/memcpy().jsing2019-08-115-5/+15
|
* Use freezero() rather than OPENSSL_clear_free().jsing2019-08-115-15/+15
|
* Use explicit_bzero() instead of OPENSSL_cleanse().jsing2019-08-112-5/+5
|
* Use malloc(3) and free(3), rather than OPENSSL_{malloc,free}().jsing2019-08-116-33/+33
|
* Convert CMSerr() to CMSerror().jsing2019-08-1111-240/+191
|
* Switch ASN.1 INT32 back to LONG.jsing2019-08-112-28/+28
|
* Expand a new macro that tried to get away...jsing2019-08-111-2/+8
|
* Expand ASN.1 macros.jsing2019-08-118-273/+1544
|
* We use DECLARE_STACK_OF rather than DEFINE_STACK_OF.jsing2019-08-112-7/+7
|
* Unlike OpenSSL we do not have our own special ssize_t.jsing2019-08-113-9/+9
|
* Fix style(9) and whitespace.jsing2019-08-101-210/+205
|
* More style(9) and whitespace.jsing2019-08-101-335/+294
|
* More style(9), whitespace and readability fixes.jsing2019-08-1014-675/+903
| | | | Files are identical once whitespace and newlines are removed.
* First pass at style(9).jsing2019-08-1014-4174/+4174
| | | | Whitespace only and no change according to diff -w.
* Fix includes for non-installed headers.jsing2019-08-109-25/+25
|
* Include cms.h instead of cmserr.h.jsing2019-08-101-2/+2
|
* Add $OpenBSD$ tag.jsing2019-08-101-0/+1
|
* Restore the per-file license for cms.h.jsing2019-08-101-5/+49
| | | | | This reverts the removal from OpenSSL 21dcbebc6e35419f1842f39a125374ea1ba45693.
* Provide cms.h.jsing2019-08-101-0/+515
| | | | | This is OpenSSL 1.1.1 cms.h and cmserr.h combined, essentially reverting OpenSSL 52df25cf2e656146cb3b206d8220124f0417d03f.
* Add $OpenBSD$ tags.jsing2019-08-1015-0/+15
|
* Restore the original per-file licenses for CMS.jsing2019-08-1014-70/+686
| | | | These were removed in OpenSSL b1322259d93cf6b6286f9febcd468b6a9f577d91.
* Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto.jsing2019-08-1015-0/+6172
| | | | | | | | | | | | | | | | Cryptographic Message Syntax (CMS) is a standard for cryptographically protecting messages, as defined in RFC 5652. It is derived from PKCS #7 version 1.5 and utilises various ASN.1 structures, making it complex and fairly heavyweight. Various protocols - including RPKI (RFC 6480) - have been built on top of it, which means it is necessary to support CMS, in order to support RPKI. This imports around 6,000 lines of code from OpenSSL 1.1.1, which is still under the original OpenSSL license. Further work will occur in tree. Requested by and discussed with many. ok deraadt@ tb@
* Remove cms.jsing2016-09-0415-7541/+0
| | | | ok beck@, guenther@, tedu@
* X509_free(3) is NULL-safe, so remove NULL checks before its calls.mmcc2016-03-112-8/+5
| | | | ok doug@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-104-14/+14
| | | | ok miod@
* Expand another wall of ASN.1 template macros - no change to generatedjsing2015-07-251-224/+1357
| | | | assembly.
* Avoid an infinite loop that can occur when verifying a message with anlibressl-v2.2.0jsing2015-06-111-2/+2
| | | | | | | | | | unknown hash function OID. Diff based on OpenSSL. Fixes CVE-2015-1792 (however, this code is not enabled/built in LibreSSL). ok doug@ miod@
* Fix return paths with missing EVP_CIPHER_CTX_cleanup() calls.jsg2015-05-151-4/+4
| | | | ok doug@
* Guenther has plans for OPENSSL_NO_CMS, so revert this for the moment.beck2015-02-111-1/+3
|
* get rid of OPENSSL_NO_CMS code we do not use.beck2015-02-111-3/+1
| | | | ok miod@
* get rid of OPENSSL_NO_COMP code we don't use.beck2015-02-111-4/+1
| | | | jajaja miod@
* GOST crypto algorithms (well, most of them), ported from the removed GOSTmiod2014-11-091-1/+3
| | | | | | | | | | | | engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov; libcrypto bits only for now. This is a verbatim import of Dmitry's work, and does not compile in this state; the forthcoming commits will address these issues. None of the GOST code is enabled in libcrypto yet, for it still gets compiled with OPENSSL_NO_GOST defined. However, the public header gost.h will be installed.
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-223-14/+13
| | | | | | | | arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@
* None of these need to include <openssl/rand.h>jsing2014-10-181-2/+1
|
* BIO_free() returns immediately when the sole input is NULL.doug2014-07-251-3/+2
| | | | | | Remove unnecessary NULL check. ok miod@
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-123-13/+8
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Avoid invoking EVP_CIPHER_CTX_cleanup() on uninitialized memory; frommiod2014-07-111-2/+2
| | | | Coverity via OpenSSL trunk
* Fix version number processing in cms_sd_set_version(); OpenSSL PR #3249 viamiod2014-07-111-3/+3
| | | | OpenSSL trunk.
* Make CMS_decrypt_set1_pkey() return an error if no recipient type matches,miod2014-07-111-3/+4
| | | | instead of returning a random key; OpenSSL PR #3348 via OpenSSL trunk
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 22:15:55 +0000