Copyright year updates


Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes

{CMS,PKCS7}_verify(): use 'certs' parameter ('-certfile' option) also for chain building

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

{CMS,PKCS7}_verify(): use 'certs' parameter ('-certfile' option) also for chain building

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18916)

show more ...

Fix error handling in CMS_EncryptedData_encrypt

That caused several memory leaks in case of error.
Also when the CMS object that is created by CMS_EncryptedData_encrypt
is not used i

Fix error handling in CMS_EncryptedData_encrypt

That caused several memory leaks in case of error.
Also when the CMS object that is created by CMS_EncryptedData_encrypt
is not used in the normal way, but instead just deleted
by CMS_ContentInfo_free some memory was lost.

Fixes #21985

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22031)

show more ...

Fix a possible memleak in CMS_sign_receipt

When an error happens after cms_encode_Receipt
the ASN1_OCTET_STRING object "os" may be leaked.

Reviewed-by: Shane Lontis <shane.lonti

Fix a possible memleak in CMS_sign_receipt

When an error happens after cms_encode_Receipt
the ASN1_OCTET_STRING object "os" may be leaked.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22758)

show more ...

Copyright year updates


Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

CMS_decrypt_set1_*(): fix NULL deref on unsuitable content type

Fixes #19975
for CMS_decrypt_set1_pkey_and_peer() in the obvious way,
and a related potential crash in CMS_decrypt_set

CMS_decrypt_set1_*(): fix NULL deref on unsuitable content type

Fixes #19975
for CMS_decrypt_set1_pkey_and_peer() in the obvious way,
and a related potential crash in CMS_decrypt_set1_password().

The point is that the input might have an unexpected content type,
so a guard is needed at both places after `ec` is obtained.

Note that in CMS_decrypt_set1_pkey_and_peer() there was
no such ec != NULL guard for
```
if (ris != NULL)
debug = ec->debug;
```
maybe because it is implied here by ris != NULL.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19981)

show more ...

CMS_decrypt_set1_*(): remove misleading error queue entry when recipient mismatch was not the issue

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

CMS_decrypt_set1_*(): remove misleading error queue entry when recipient mismatch was not the issue

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19222)

show more ...

CMS_decrypt_set1_password(): prevent mem leak on any previously set decryption key

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by:

CMS_decrypt_set1_password(): prevent mem leak on any previously set decryption key

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19222)

show more ...

CMS_decrypt*(): fix misconceptions and mem leak

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb

CMS_decrypt*(): fix misconceptions and mem leak

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19222)

show more ...

Convert ZLIB defines to OPENSSL_NO_ZLIB

Use the normal OPENSSL_NO_ prefix to enable/disable ZLIB
Make `BIO_f_zlib()` always available.

Reviewed-by: Matt Caswell <matt@openssl.or

Convert ZLIB defines to OPENSSL_NO_ZLIB

Use the normal OPENSSL_NO_ prefix to enable/disable ZLIB
Make `BIO_f_zlib()` always available.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)

show more ...

Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,

Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called. Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)

show more ...

PKCS7: add notes to pkcs7.h.in and minor code cleanup in crypto/{pkcs7,cms}/

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David

PKCS7: add notes to pkcs7.h.in and minor code cleanup in crypto/{pkcs7,cms}/

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18915)

show more ...

Handle SMIME_crlf_copy return code

Currently the SMIME_crlf_copy result is ignored in all usages. It does
return failure when memory allocation fails.

This patch handles the SMI

Handle SMIME_crlf_copy return code

Currently the SMIME_crlf_copy result is ignored in all usages. It does
return failure when memory allocation fails.

This patch handles the SMIME_crlf_copy return code in all occurrences.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18876)

show more ...

REGRESSION: CMS_final: do not ignore CMS_dataFinal result

The CMS_dataFinal result is important as signature may fail, however, it
is ignored while returning success from CMS_final.

REGRESSION: CMS_final: do not ignore CMS_dataFinal result

The CMS_dataFinal result is important as signature may fail, however, it
is ignored while returning success from CMS_final.

The SMIME_crlf_copy result is returned while it is ignored in the rest
of the openssl code.

Prefer the CMS_dataFinal result.

This is regression from openssl-1.

Blame finds c1669f41ei as root cause of regression.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18876)

show more ...

Fix the checks of BIO_get_cipher_status

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged

Fix the checks of BIO_get_cipher_status

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18424)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes

CMS sign digest

CLI changes: New parameter -digest to CLI command openssl cms, to
provide pre-computed digest for use with -sign.

API changes: New function CMS_final_digest(), l

CMS sign digest

CLI changes: New parameter -digest to CLI command openssl cms, to
provide pre-computed digest for use with -sign.

API changes: New function CMS_final_digest(), like CMS_final() but
uses a pre-computed digest instead of computing it from the data.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/15348)

show more ...

add OSSL_STACK_OF_X509_free() for commonly used pattern

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17307)

Add return value NULL checks that were missing

Issues located by Brian Carpenter of Geeknik's Farm.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/o

Add return value NULL checks that were missing

Issues located by Brian Carpenter of Geeknik's Farm.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17007)

show more ...

Rename all getters to use get/get0 in name

For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_,

Rename all getters to use get/get0 in name

For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)

show more ...

cms: remove most references to EVP_sha1()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)

TS and CMS CAdES-BES: Refactor check_signing_certs() funcs into common ESS func

Also constify related CMS/PKCS7 functions and improve error codes thrown.

Reviewed-by: Tomas Mraz <to

TS and CMS CAdES-BES: Refactor check_signing_certs() funcs into common ESS func

Also constify related CMS/PKCS7 functions and improve error codes thrown.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14503)

show more ...

Fix external symbols for cms.

Partial fix for #12964

This adds ossl_ names for symbols related to cms_* and ess_*

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged f

Fix external symbols for cms.

Partial fix for #12964

This adds ossl_ names for symbols related to cms_* and ess_*

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14241)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)

CMS: Fix NULL access if d2i_CMS_bio() is not passed a CMS_ContentInfo**.

Fixes #13624

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(

CMS: Fix NULL access if d2i_CMS_bio() is not passed a CMS_ContentInfo**.

Fixes #13624

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13668)

show more ...