summaryrefslogtreecommitdiffstats
path: root/crypto/pem
AgeCommit message (Collapse)Author
2018-08-14Update copyright yearMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6955)
2018-06-28Zero-fill IV by default.Rich Salz
Fixes uninitialized memory read reported by Nick Mathewson Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6603) (cherry picked from commit 10c3c1c1ec41ce16e51b92bb18fab92d1a42b49c)
2018-05-12In cases where we ask PEM_def_callback for minimum 0 length, accept 0 lengthRichard Levitte
Fixes #4716 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6173) (cherry picked from commit c82c3462267afdbbaa53e11da0508ce4e03c02b3)
2018-04-26PEM_def_callback(): use same parameter names as for pem_password_cbRichard Levitte
Add a bit more commentary to explain what's going on. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6080) (cherry picked from commit d6d94d339756332bbabe2a1032ac511ae31b3fdc)
2018-04-26PEM_def_callback(): don't loop because of too short password givenRichard Levitte
That error is already caught by EVP_read_pw_string_min, and causes this function to return -1, so the code detecting too short passwords in this function is practically dead. Fixes #5465 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6080) (cherry picked from commit 4977b4e9281c981efcf6a8b31378b8bbd6a8a96f)
2017-12-08Standardize syntax around sizeof(foo)Rich Salz
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4875)
2017-08-22Use casts for arguments to ctype functions.Pauli
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4212)
2017-07-29Clean password buffer on stack for PEM_read_bio_PrivateKeyBernd Edlinger
and d2i_PKCS8PrivateKey_bio before it goes out of scope. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4047) (cherry picked from commit 02fd47c8b0930dff9b188fd13bfb9da5e59444a8)
2016-08-16make update to have PEM_R_HEADER_TOO_LONG definedRichard Levitte
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16Limit reads in do_b2i_bio()Dr. Stephen Henson
Apply a limit to the maximum blob length which can be read in do_d2i_bio() to avoid excessive allocation. Thanks to Shi Lei for reporting this. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 66bcba145740e4f1210499ba6e5033035a2a4647)
2016-06-27Change usage of RAND_pseudo_bytes to RAND_bytesMatt Caswell
RAND_pseudo_bytes() allows random data to be returned even in low entropy conditions. Sometimes this is ok. Many times it is not. For the avoidance of any doubt, replace existing usage of RAND_pseudo_bytes() with RAND_bytes(). Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-17Don't require any length of password when decryptingRichard Levitte
RT#2534 Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-28Reject inappropriate private key encryption ciphers.Dr. Stephen Henson
The traditional private key encryption algorithm doesn't function properly if the IV length of the cipher is zero. These ciphers (e.g. ECB mode) are not suitable for private key encryption anyway. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit d78df5dfd650e6de159a19a033513481064644f5)
2016-03-04Sanity check PVK file fields.Dr. Stephen Henson
PVK files with abnormally large length or salt fields can cause an integer overflow which can result in an OOB read and heap corruption. However this is an rarely used format and private key files do not normally come from untrusted sources the security implications not significant. Fix by limiting PVK length field to 100K and salt to 10K: these should be more than enough to cover any files encountered in practice. Issue reported by Guido Vranken. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 5f57abe2b150139b8b057313d52b1fe8f126c952)
2015-11-09Fix missing malloc return value checksMatt Caswell
During work on a larger change in master a number of locations were identified where return value checks were missing. This backports the relevant fixes. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-23Remove useless codeAlessandro Ghedini
RT#4081 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 070c23325af4526c9a8532a60d63522c58d5554b)
2015-10-23Fix memory leaks and other mistakes on errorsAlessandro Ghedini
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 3f6c7691870d1cd2ad0e0c83638cef3f35a0b548)
2015-09-15RT4044: Remove .cvsignore files.Rich Salz
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-28check for error when creating PKCS#8 structureDr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 2849707fa65d2803e6d1c1603fdd3fd1fdc4c6cc)
2015-05-23Fix the update target and remove duplicate file updatesRichard Levitte
We had updates of certain header files in both Makefile.org and the Makefile in the directory the header file lived in. This is error prone and also sometimes generates slightly different results (usually just a comment that differs) depending on which way the update was done. This removes the file update targets from the top level Makefile, adds an update: target in all Makefiles and has it depend on the depend: or local_depend: targets, whichever is appropriate, so we don't get a double run through the whole file tree. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 0f539dc1a2f45580435c39dada44dd276e79cb88) Conflicts: Makefile.org apps/Makefile test/Makefile
2015-01-22Fix formatting error in pem.hMatt Caswell
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-22Re-align some comments after running the reformat script.OpenSSL_1_0_2-post-reformatMatt Caswell
This should be a one off operation (subsequent invokation of the script should not move them) This commit is for the 1.0.2 changes Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Run util/openssl-format-source -v -c .Matt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Further comment amendments to preserve formatting prior to source reformatMatt Caswell
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5) Conflicts: crypto/x509v3/pcy_tree.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-02RT3140: Possibly-unit variable in pem_lib.cClang via Jeffrey Walton
Can't really happen, but the flow of control isn't obvious. Add an initializer. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 0ff3687eab8b0915198ad84d83da5998860b11b3)
2014-07-06Sanity check keylength in PVK files.Dr. Stephen Henson
PR#2277 (cherry picked from commit 733a6c882e92f8221bd03a51643bb47f5f81bb81)
2014-01-29Fix warning.Ben Laurie
2013-09-10Constification.Ben Laurie
2013-08-06Fix for PEM_X509_INFO_read_bio.Kaspar Brand
PR: 3028 Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys correctly if they appeared first. (cherry picked from commit 5ae8d6bcbaff99423a2608559d738a3fcf7ed6dc)
2013-01-07In FIPS mode use PKCS#8 format when writing private keys:Dr. Stephen Henson
traditional format uses MD5 which is prohibited in FIPS mode.
2012-06-03Reduce version skew: trivia (I hope).Ben Laurie
2012-04-07transparently handle X9.42 DH parametersDr. Stephen Henson
(backport from HEAD)
2012-04-07Initial experimental support for X9.42 DH parameter format to handleDr. Stephen Henson
RFC5114 parameters and X9.42 DH public and private keys. (backport from HEAD)
2011-06-03Backport libcrypto audit: check return values of EVP functions insteadDr. Stephen Henson
of assuming they will always suceed.
2010-06-15Fix warnings (From HEAD, original patch by Ben).Dr. Stephen Henson
2010-04-06PR: 2220Dr. Stephen Henson
Fixes to make OpenSSL compile with no-rc4
2010-03-27PR: 1904Dr. Stephen Henson
Submitted by: David Woodhouse <dwmw2@infradead.org> Pass passphrase minimum length down to UI.
2009-10-01PR: 2059Dr. Stephen Henson
Submitted by: Julia Lawall <julia@diku.dk> Approved by: steve@openssl.org Correct EVP_SealInit error handling in pem_seal.c
2009-04-23Make no-rsa, no-dsa and no-dh compile again.Dr. Stephen Henson
2009-03-09Update from stable branch.Dr. Stephen Henson
2009-01-15Make PKCS#8 the standard write format for private keys, replacing theDr. Stephen Henson
ancient SSLeay format.
2008-11-12Revert the size_t modifications from HEAD that had led to moreGeoff Thorpe
knock-on work than expected - they've been extracted into a patch series that can be completed elsewhere, or in a different branch, before merging back to HEAD.
2008-11-11Tolerate -----BEGIN PKCS #7 SIGNED DATA----- header lines as used by someDr. Stephen Henson
implementations.
2008-11-05Update obsolete email address...Dr. Stephen Henson
2008-11-01More size_tification.Ben Laurie
2008-06-04More type-checking.Ben Laurie
2008-03-22Update dependencies.Dr. Stephen Henson
2008-03-16Fix a variety of warnings generated by some elevated compiler-fascism,Geoff Thorpe
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-12And so it begins...Dr. Stephen Henson
Initial support for CMS. Add zlib compression BIO. Add AES key wrap implementation. Generalize S/MIME MIME code to support CMS and/or PKCS7.
2007-06-07Finish gcc 4.2 changes.Dr. Stephen Henson
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-20 03:03:17 +0000