#
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
|
#
29bbe7d0 |
| 04-Oct-2023 |
Dr. David von Oheimb |
{CMS,PKCS7}_verify(): use 'certs' parameter ('-certfile' option) also for chain building Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
{CMS,PKCS7}_verify(): use 'certs' parameter ('-certfile' option) also for chain building Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18916)
show more ...
|
#
6d2a01cd |
| 07-Sep-2023 |
Bernd Edlinger |
Fix error handling in CMS_EncryptedData_encrypt That caused several memory leaks in case of error. Also when the CMS object that is created by CMS_EncryptedData_encrypt is not used i
Fix error handling in CMS_EncryptedData_encrypt That caused several memory leaks in case of error. Also when the CMS object that is created by CMS_EncryptedData_encrypt is not used in the normal way, but instead just deleted by CMS_ContentInfo_free some memory was lost. Fixes #21985 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22031)
show more ...
|
#
3e3aadd5 |
| 17-Nov-2023 |
Bernd Edlinger |
Fix a possible memleak in CMS_sign_receipt When an error happens after cms_encode_Receipt the ASN1_OCTET_STRING object "os" may be leaked. Reviewed-by: Shane Lontis <shane.lonti
Fix a possible memleak in CMS_sign_receipt When an error happens after cms_encode_Receipt the ASN1_OCTET_STRING object "os" may be leaked. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22758)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
69b995c6 |
| 02-Jan-2023 |
Dr. David von Oheimb |
CMS_decrypt_set1_*(): fix NULL deref on unsuitable content type Fixes #19975 for CMS_decrypt_set1_pkey_and_peer() in the obvious way, and a related potential crash in CMS_decrypt_set
CMS_decrypt_set1_*(): fix NULL deref on unsuitable content type Fixes #19975 for CMS_decrypt_set1_pkey_and_peer() in the obvious way, and a related potential crash in CMS_decrypt_set1_password(). The point is that the input might have an unexpected content type, so a guard is needed at both places after `ec` is obtained. Note that in CMS_decrypt_set1_pkey_and_peer() there was no such ec != NULL guard for ``` if (ris != NULL) debug = ec->debug; ``` maybe because it is implied here by ris != NULL. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19981)
show more ...
|
#
60ea150b |
| 18-Oct-2022 |
Dr. David von Oheimb |
CMS_decrypt_set1_*(): remove misleading error queue entry when recipient mismatch was not the issue Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
CMS_decrypt_set1_*(): remove misleading error queue entry when recipient mismatch was not the issue Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19222)
show more ...
|
#
911045af |
| 14-Oct-2022 |
Dr. David von Oheimb |
CMS_decrypt_set1_password(): prevent mem leak on any previously set decryption key Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by:
CMS_decrypt_set1_password(): prevent mem leak on any previously set decryption key Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19222)
show more ...
|
#
25dd7804 |
| 15-Sep-2022 |
Dr. David von Oheimb |
CMS_decrypt*(): fix misconceptions and mem leak Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb
CMS_decrypt*(): fix misconceptions and mem leak Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19222)
show more ...
|
#
59d21298 |
| 17-Aug-2022 |
Todd Short |
Convert ZLIB defines to OPENSSL_NO_ZLIB Use the normal OPENSSL_NO_ prefix to enable/disable ZLIB Make `BIO_f_zlib()` always available. Reviewed-by: Matt Caswell <matt@openssl.or
Convert ZLIB defines to OPENSSL_NO_ZLIB Use the normal OPENSSL_NO_ prefix to enable/disable ZLIB Make `BIO_f_zlib()` always available. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
show more ...
|
#
e077455e |
| 29-Sep-2022 |
Richard Levitte |
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from,
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
show more ...
|
#
f69ec4b4 |
| 31-Aug-2022 |
Dr. David von Oheimb |
PKCS7: add notes to pkcs7.h.in and minor code cleanup in crypto/{pkcs7,cms}/ Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David
PKCS7: add notes to pkcs7.h.in and minor code cleanup in crypto/{pkcs7,cms}/ Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18915)
show more ...
|
#
67c0460b |
| 26-Jul-2022 |
Alon Bar-Lev |
Handle SMIME_crlf_copy return code Currently the SMIME_crlf_copy result is ignored in all usages. It does return failure when memory allocation fails. This patch handles the SMI
Handle SMIME_crlf_copy return code Currently the SMIME_crlf_copy result is ignored in all usages. It does return failure when memory allocation fails. This patch handles the SMIME_crlf_copy return code in all occurrences. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18876)
show more ...
|
#
b0375613 |
| 26-Jul-2022 |
Alon Bar-Lev |
REGRESSION: CMS_final: do not ignore CMS_dataFinal result The CMS_dataFinal result is important as signature may fail, however, it is ignored while returning success from CMS_final.
REGRESSION: CMS_final: do not ignore CMS_dataFinal result The CMS_dataFinal result is important as signature may fail, however, it is ignored while returning success from CMS_final. The SMIME_crlf_copy result is returned while it is ignored in the rest of the openssl code. Prefer the CMS_dataFinal result. This is regression from openssl-1. Blame finds c1669f41ei as root cause of regression. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18876)
show more ...
|
#
48b571fe |
| 28-May-2022 |
Peiwei Hu |
Fix the checks of BIO_get_cipher_status Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged
Fix the checks of BIO_get_cipher_status Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18424)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16 |
|
#
07342bad |
| 28-Apr-2021 |
Viktor Söderqvist |
CMS sign digest CLI changes: New parameter -digest to CLI command openssl cms, to provide pre-computed digest for use with -sign. API changes: New function CMS_final_digest(), l
CMS sign digest CLI changes: New parameter -digest to CLI command openssl cms, to provide pre-computed digest for use with -sign. API changes: New function CMS_final_digest(), like CMS_final() but uses a pre-computed digest instead of computing it from the data. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/15348)
show more ...
|
#
79b2a2f2 |
| 18-Dec-2021 |
Dr. David von Oheimb |
add OSSL_STACK_OF_X509_free() for commonly used pattern Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17307)
|
#
ed5b26ce |
| 10-Nov-2021 |
Pauli |
Add return value NULL checks that were missing Issues located by Brian Carpenter of Geeknik's Farm. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/o
Add return value NULL checks that were missing Issues located by Brian Carpenter of Geeknik's Farm. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17007)
show more ...
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
Revision tags: openssl-3.0.0-alpha15 |
|
#
27344bb8 |
| 15-Apr-2021 |
Pauli |
cms: remove most references to EVP_sha1() Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14881)
|
Revision tags: openssl-3.0.0-alpha14, OpenSSL_1_1_1k |
|
#
63b64f19 |
| 12-Mar-2021 |
Dr. David von Oheimb |
TS and CMS CAdES-BES: Refactor check_signing_certs() funcs into common ESS func Also constify related CMS/PKCS7 functions and improve error codes thrown. Reviewed-by: Tomas Mraz <to
TS and CMS CAdES-BES: Refactor check_signing_certs() funcs into common ESS func Also constify related CMS/PKCS7 functions and improve error codes thrown. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14503)
show more ...
|
Revision tags: openssl-3.0.0-alpha13, openssl-3.0.0-alpha12 |
|
#
53155f1c |
| 18-Feb-2021 |
Shane Lontis |
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged f
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
show more ...
|
Revision tags: OpenSSL_1_1_1j, openssl-3.0.0-alpha11 |
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|
Revision tags: openssl-3.0.0-alpha10 |
|
#
84af8027 |
| 11-Dec-2020 |
Shane Lontis |
CMS: Fix NULL access if d2i_CMS_bio() is not passed a CMS_ContentInfo**. Fixes #13624 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (
CMS: Fix NULL access if d2i_CMS_bio() is not passed a CMS_ContentInfo**. Fixes #13624 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13668)
show more ...
|