generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
11,936 Commits 16 Branches 258 Tags
Commit Graph

28 Commits

Author SHA1 Message Date
Dr. Stephen Henson
4b22cce381 Reject invalid PSS parameters. 
Fix a bug where invalid PSS parameters are not rejected resulting in a
NULL pointer exception. This can be triggered during certificate
verification so could be a DoS attack against a client or a server
enabling client authentication.

Thanks to Brian Carpenter for reporting this issues.

CVE-2015-0208

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-03-19 12:58:35 +00:00
Matt Caswell
ae5c8664e5 Run util/openssl-format-source -v -c . 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:31:38 +00:00
Kurt Roeckx
57c932dafd RT2626: Change default_bits from 1K to 2K 
This is a more comprehensive fix.  It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1.  This is from
Kurt's upstream Debian changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 44e0c2bae4bfd87d770480902618dbccde84fd81)
 2014-09-08 17:23:37 -04:00
Martin Kaiser
42d73874ed remove duplicate 0x for default RSASSA-PSS salt len 
(cherry picked from commit 3820fec3a09faecba7fe9912aa20ef7fcda8337b)
 2014-05-29 13:32:41 +01:00
Dr. Stephen Henson
66243398bb Workaround for some CMS signature formats. 
Some CMS SignedData structure use a signature algorithm OID such
as SHA1WithRSA instead of the RSA algorithm OID. Workaround this
case by tolerating the signature if we recognise the OID.
(cherry picked from commit 3a98f9cf20c6af604799ee079bec496b296bb5cc)
 2014-03-19 17:29:55 +00:00
Dr. Stephen Henson
dc427fc8e2 Return correct enveloped data type in ASN1 methods. 
For RSA and DSA keys return an appropriate RecipientInfo type. By setting
CMS_RECIPINFO_NONE for DSA keys an appropriate error is returned if
an attempt is made to use DSA with enveloped data.
(cherry picked from commit 41b920ef01abeb4c4b1c0f11e647370ae6533d02)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
af7d6b936b CMS RSA-OAEP and RSA-PSS support. 
Extend RSA ASN1 method to support CMS PSS signatures for both sign
and verify.

For signing the EVP_PKEY_CTX parameters are read and the appropriate
CMS structures set up.

For verification the CMS structures are analysed and the corresponding
parameters in the EVP_PKEY_CTX set.

Also add RSA-OAEP support.

For encrypt the EVP_PKEY_CTX parameters are used.

For decrypt the CMS structure is uses to set the appropriate EVP_PKEY_CTX
parameters.
(cherry picked from commit 0574cadf857b19485465b9d71b7dec9549857a4d)

Also sync error codes with OpenSSL 1.0.1 and add new ones.
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
233ebcb543 Fix PSS signature printing. 
Fix PSS signature printing: consistently use 0x prefix for hex values for
padding length and trailer fields.
(cherry picked from commit deb24ad53147f5a8dd63416224a5edd7bbc0e74a)
 2013-06-05 15:06:02 +01:00
Dr. Stephen Henson
9309ea6617 Backport PSS signature support from HEAD. 2011-10-09 23:13:50 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more 
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
 2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Geoff Thorpe
1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism, 
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
 2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
4f1aa191b3 Initial support for enveloped data decrypt. Extent runex.pl to cover these 
examples. All RFC4134 examples can not be processed.
 2008-03-15 23:21:33 +00:00
Dr. Stephen Henson
8931b30d84 And so it begins... 
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.
 2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
5c95c2ac23 Fix various error codes to match functions. 2006-07-17 16:33:31 +00:00
Dr. Stephen Henson
03919683f9 Add support for default public key digest type ctrl. 2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
a78568b7e9 Replace RSA specific PKCS7_RECIP_INFO set up with an public key algorithm 
ctrl.
 2006-04-27 18:20:34 +00:00
Dr. Stephen Henson
ee1d9ec019 Remove link between digests and signature algorithms. 
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
 2006-04-19 17:05:59 +00:00
Dr. Stephen Henson
492a9e2415 Allow public key ASN1 methods to set PKCS#7 SignerInfo structures. 2006-04-17 17:12:23 +00:00
Dr. Stephen Henson
c20276e4ae Fix (most) WIN32 warnings and errors. 2006-04-17 12:08:22 +00:00
Dr. Stephen Henson
09b88a4a55 Update copyright notices on a few files where all original SSLeay code has 
been deleted.
 2006-04-14 17:36:18 +00:00
Dr. Stephen Henson
e42633140e Add support for legacy PEM format private keys in EVP_PKEY_ASN1_METHOD. 2006-03-23 18:02:23 +00:00
Dr. Stephen Henson
d82e2718e2 Add information and pem strings. Update dependencies. 2006-03-23 11:54:51 +00:00
Dr. Stephen Henson
18e377b4ff Make EVP_PKEY_ASN1_METHOD opaque. Add application level functions to 
initialize it. Initial support for application added public key ASN1.
 2006-03-22 17:59:49 +00:00
Dr. Stephen Henson
35208f368c Gather printing routines into EVP_PKEY_ASN1_METHOD. 2006-03-22 13:09:35 +00:00
Dr. Stephen Henson
6f81892e6b Transfer parameter handling and key comparison to algorithm methods. 2006-03-20 17:56:05 +00:00
Dr. Stephen Henson
448be74335 Initial support for pluggable public key ASN1 support. Process most public 
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move
the spaghetti algorithm specific code to a single ASN1 module for each
algorithm.
 2006-03-20 12:22:24 +00:00