#
723bccac |
| 14-Jan-2024 |
tb <tb@openbsd.org> |
Tidy a few more includes in cms/
|
#
ead8f799 |
| 08-Jul-2023 |
beck <beck@openbsd.org> |
Hide symbols in cms, comp, conf, and buffer
ok jsing@
|
#
c9675a23 |
| 26-Nov-2022 |
tb <tb@openbsd.org> |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_l
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
show more ...
|
#
3cd888ac |
| 08-Sep-2021 |
tb <tb@openbsd.org> |
Fix leak in cms_RecipientInfo_kekri_decrypt()
Free ec->key before reassigning it.
From OpenSSL 1.1.1, 58e1e397
ok inoguchi
|
#
0ae7bae4 |
| 04-Oct-2019 |
tb <tb@openbsd.org> |
Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. (Note that the CMS code is currently disabled.)
Port of Edlinger's Fix for CVE-2019-1563 from OpenSSL 1.1.1 (old license)
tests f
Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. (Note that the CMS code is currently disabled.)
Port of Edlinger's Fix for CVE-2019-1563 from OpenSSL 1.1.1 (old license)
tests from bluhm@ ok jsing
commit e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Sun Sep 1 00:16:28 2019 +0200
Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
An attack is simple, if the first CMS_recipientInfo is valid but the second CMS_recipientInfo is chosen ciphertext. If the second recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct encryption key will be replaced by garbage, and the message cannot be decoded, but if the RSA decryption fails, the correct encryption key is used and the recipient will not notice the attack.
As a work around for this potential attack the length of the decrypted key must be equal to the cipher default key length, in case the certifiate is not given and all recipientInfo are tried out.
The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag.
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9777)
(cherry picked from commit 5840ed0cd1e6487d247efbc1a04136a41d7b3a37)
show more ...
|
#
abe36fe2 |
| 11-Aug-2019 |
jsing <jsing@openbsd.org> |
Include string.h for explicit_bzero().
|
#
f2f5f7c4 |
| 11-Aug-2019 |
jsing <jsing@openbsd.org> |
Expand M_ASN1_new_of and M_ASN1_free_of macros.
|
#
5bc2796f |
| 11-Aug-2019 |
jsing <jsing@openbsd.org> |
Use freezero() rather than OPENSSL_clear_free().
|
#
70aa0396 |
| 11-Aug-2019 |
jsing <jsing@openbsd.org> |
Use explicit_bzero() instead of OPENSSL_cleanse().
|
#
4ff91afb |
| 11-Aug-2019 |
jsing <jsing@openbsd.org> |
Use malloc(3) and free(3), rather than OPENSSL_{malloc,free}().
|
#
be6ec861 |
| 11-Aug-2019 |
jsing <jsing@openbsd.org> |
Convert CMSerr() to CMSerror().
|
#
72419cc7 |
| 10-Aug-2019 |
jsing <jsing@openbsd.org> |
More style(9), whitespace and readability fixes.
Files are identical once whitespace and newlines are removed.
|
#
cbf7632f |
| 10-Aug-2019 |
jsing <jsing@openbsd.org> |
First pass at style(9).
Whitespace only and no change according to diff -w.
|
#
1b72b2a7 |
| 10-Aug-2019 |
jsing <jsing@openbsd.org> |
Fix includes for non-installed headers.
|
#
bcc4e92e |
| 10-Aug-2019 |
jsing <jsing@openbsd.org> |
Add $OpenBSD$ tags.
|
#
f29d8588 |
| 10-Aug-2019 |
jsing <jsing@openbsd.org> |
Restore the original per-file licenses for CMS.
These were removed in OpenSSL b1322259d93cf6b6286f9febcd468b6a9f577d91.
|
#
b8b016bf |
| 10-Aug-2019 |
jsing <jsing@openbsd.org> |
Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto.
Cryptographic Message Syntax (CMS) is a standard for cryptographically protecting messages, as defined in RFC 5652. It is der
Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto.
Cryptographic Message Syntax (CMS) is a standard for cryptographically protecting messages, as defined in RFC 5652. It is derived from PKCS #7 version 1.5 and utilises various ASN.1 structures, making it complex and fairly heavyweight. Various protocols - including RPKI (RFC 6480) - have been built on top of it, which means it is necessary to support CMS, in order to support RPKI.
This imports around 6,000 lines of code from OpenSSL 1.1.1, which is still under the original OpenSSL license. Further work will occur in tree.
Requested by and discussed with many.
ok deraadt@ tb@
show more ...
|
#
0f777b12 |
| 10-Sep-2015 |
jsing <jsing@openbsd.org> |
Correct spelling of OPENSSL_cleanse.
ok miod@
|
#
03a67d2e |
| 18-Oct-2014 |
jsing <jsing@openbsd.org> |
None of these need to include <openssl/rand.h>
|
#
6d04a7b1 |
| 12-Jul-2014 |
miod <miod@openbsd.org> |
if (x) FOO_free(x) -> FOO_free(x). Improves readability, keeps the code smaller so that it is warmer in your cache.
review & ok deraadt@
|
#
b6ab114e |
| 11-Jul-2014 |
jsing <jsing@openbsd.org> |
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need t
Only import cryptlib.h in the four source files that actually need it. Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes.
ok beck@ miod@
show more ...
|
#
c3d6a26a |
| 12-Jun-2014 |
deraadt <deraadt@openbsd.org> |
tags as requested by miod and tedu
|
#
0d446b2e |
| 24-May-2014 |
jsing <jsing@openbsd.org> |
KNF.
|
#
23438649 |
| 22-May-2014 |
miod <miod@openbsd.org> |
if (x) free(x) -> free(x); semantic patch generated with coccinelle, carefully eyeballed before applying. Contributed by Cyril Roelandt on tech@
|
#
6f3a6cb1 |
| 17-Apr-2014 |
beck <beck@openbsd.org> |
Change library to use intrinsic memory allocation functions instead of OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
|