summaryrefslogtreecommitdiff
path: root/lib/libcrypto/cms
AgeCommit message (Collapse)Author
2023-12-22Clean up includes in cms_smime.cTheo Buehler
2023-12-20Clean up includes in cms_pwri.cTheo Buehler
2023-10-26Tidy includesTheo Buehler
2023-10-18Use X509_ALGOR_set_evp_md() in CMS_add1_signer()Theo Buehler
Contrary to X509_ALGOR_set_md() this allows for error checking. Avoid local complications by freeing in the exit path and use a const version of X509_ALGOR for walking a STACK_OF() to avoid a bad free. Clean up includes ok jsing
2023-10-18cms_DigestedData_create() use X509_ALGOR_set_evp_md()Theo Buehler
Our internal version allows for error checking and this avoids a silent failure leading to corruption later on. Clean up includes while there. ok jsing
2023-09-11Small cleanups in cms_sd_asn1_ctrl():Theo Buehler
Compare explicitly against NULL and use ret instead of i.
2023-09-11Rewrite CMS_SignerInfo_{sign,verify}()Theo Buehler
Convert to using one-shot signing and verification. This is simpler than doing Init/Update/Final and necessary for Ed25519 support (RFC 8419). Use a single exit idiom, don't reuse the same buffer for decoding and signing and simplify a few other things. ok jsing
2023-08-24cms_content_bio() is not used outside of cms_lib.cTheo Buehler
Make it a static function and remove its prototype from the internal header.
2023-08-24Some tweaking of cms_content_bio()Theo Buehler
More idiomatic error checking and drop an always false test for !*pos. Use a slightly closer approximation to actual English sentences in comments. ok jsing
2023-08-24Better names for the BIOs in CMS_dataInit()Theo Buehler
Rename cmsbio into cms_bio and use {,in_}content_bio for {,i}cont. ok jsing
2023-08-22Pull the NULL check for cmsbio into the switchTheo Buehler
ok jsing
2023-08-22Plug a leak of cont in CMS_dataInit()Theo Buehler
This and ts/ts_rsp_sign.c r1.32 were part of OpenSSL 309e73df. ok jsing
2023-07-28Provide CMS{,_SignerInfo}_get_versionTheo Buehler
Add accessors for the syntax versions of ContentInfo and SignerInfo. These will be used soon in rpki-client for some more compliance checks. ok job jsing
2023-07-08Hide symbols in cms, comp, conf, and bufferBob Beck
ok jsing@
2023-07-07Remove symbols already declared in the public headerTheo Buehler
ok bcook beck jsing
2023-06-11Unifdef ZLIBTheo Buehler
This has long been unused code and compilation with -DZLIB was broken for a long time after BIO was made opaque. ok jsing
2023-06-06Fix typo in comment: exta -> extraTheo Buehler
2023-05-23cms_asn1.c: zap stray tabsTheo Buehler
2023-04-26KNF nitTheo Buehler
2023-04-25Move low level BIO_new_NDEF API to internal-onlyTheo Buehler
2023-04-21cms_io: sort includesTheo Buehler
2023-04-21cms_io: reverse polarity of an if statement to unindentTheo Buehler
2023-04-21cms_io: Remove a stupid else branchTheo Buehler
If you can initialize with functions, you can also initialize with constants...
2023-04-21Rewrap some lines. No binary changeTheo Buehler
2023-04-21Unwrap a lineTheo Buehler
2023-03-12pk7_cb() and cms_cb()Theo Buehler
Add and fix FALLTHROUGH statement. I was confused for way too long since I hadn't noticed that this case fell through to the next. Also add and move some empty lines in the cms_cb() to make this resemble KNF more.
2022-11-26Make header guards of internal headers consistentTheo Buehler
Not all of them, only those that didn't leak into a public header... Yes.
2022-11-26Make internal header file names consistentTheo Buehler
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
2022-08-28Plug memory leak in CMS_add_simple_smimecap() in the unlikely event thatTheo Buehler
ASN1_INTEGER_set() fails. ok jsing
2022-07-12Remove mkerr.pl remnants from LibreSSLKlemens Nanni
This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
2022-01-20Add check for EVP_CIPHER_CTX_set_key_length return valueKinichiro Inoguchi
It returns 1 on success and 0 for failure, never negative value. ok jsing@ millert@ tb@
2022-01-19Check return value from EVP_CIPHER_CTX_new in cms_pwri.cKinichiro Inoguchi
CID 345137 ok jsing@ tb@
2022-01-14Garbage collect the app_items field of ASN1_ADBTheo Buehler
This is unused and was removed in OpenSSL 5b70372d when it was replaced with an ASN.1 ADB callback (which we don't support). ok inoguchi jsing
2021-11-01Move the now internal X.509-related structs into x509_lcl.h.Theo Buehler
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and fix a couple of unnecessary reacharounds. ok jsing
2021-09-08Fix leak in cms_RecipientInfo_kekri_decrypt()Theo Buehler
Free ec->key before reassigning it. From OpenSSL 1.1.1, 58e1e397 ok inoguchi
2020-06-05Remove remaining error *_str_functs[]Joel Sing
A number of years ago we dropped the concept of having function names in errors, since it is not that useful and very quickly gets out of sync when refactoring. It would seem that some new ones got imported and some missed the last clean up. ok tb@ beck@ "kill it with fire"
2019-10-04Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.Theo Buehler
(Note that the CMS code is currently disabled.) Port of Edlinger's Fix for CVE-2019-1563 from OpenSSL 1.1.1 (old license) tests from bluhm@ ok jsing commit e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Sun Sep 1 00:16:28 2019 +0200 Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey An attack is simple, if the first CMS_recipientInfo is valid but the second CMS_recipientInfo is chosen ciphertext. If the second recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct encryption key will be replaced by garbage, and the message cannot be decoded, but if the RSA decryption fails, the correct encryption key is used and the recipient will not notice the attack. As a work around for this potential attack the length of the decrypted key must be equal to the cipher default key length, in case the certifiate is not given and all recipientInfo are tried out. The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9777) (cherry picked from commit 5840ed0cd1e6487d247efbc1a04136a41d7b3a37)
2019-08-12Provide a local version of X509_get0_subject_key_id()Joel Sing
It seems that the CMS code is currently the only code in existence that uses this function.
2019-08-12Inline the equivalent of ASN1_TYPE_unpack_sequence().Joel Sing
2019-08-11Use ERR_asprintf_error_data() instead of ERR_add_error_data().Joel Sing
2019-08-11Remove unsupported GOST 2012 NIDs.Joel Sing
2019-08-11Disable DES3 since we do not currently provide DES3 keywrap.Joel Sing
2019-08-11Remove label that is now unused (due to arc4random_buf() returning void).Joel Sing
2019-08-11Fix loading of CMS error strings.Joel Sing
2019-08-11Include string.h for explicit_bzero().Joel Sing
2019-08-11Expand M_ASN1_new_of and M_ASN1_free_of macros.Joel Sing
2019-08-11Use arc4random_buf() instead of RAND_bytes().Joel Sing
This also removes return checks since arc4random_buf() does not fail.
2019-08-11Include string.h for memcmp()/memcpy().Joel Sing
2019-08-11Use freezero() rather than OPENSSL_clear_free().Joel Sing
2019-08-11Use explicit_bzero() instead of OPENSSL_cleanse().Joel Sing