Age | Commit message (Collapse) | Author |
|
RT#2534
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
The traditional private key encryption algorithm doesn't function
properly if the IV length of the cipher is zero. These ciphers
(e.g. ECB mode) are not suitable for private key encryption
anyway.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit d78df5dfd650e6de159a19a033513481064644f5)
|
|
PVK files with abnormally large length or salt fields can cause an
integer overflow which can result in an OOB read and heap corruption.
However this is an rarely used format and private key files do not
normally come from untrusted sources the security implications not
significant.
Fix by limiting PVK length field to 100K and salt to 10K: these should be
more than enough to cover any files encountered in practice.
Issue reported by Guido Vranken.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 5f57abe2b150139b8b057313d52b1fe8f126c952)
|
|
During work on a larger change in master a number of locations were
identified where return value checks were missing. This backports the
relevant fixes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
RT#4081
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 070c23325af4526c9a8532a60d63522c58d5554b)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 3f6c7691870d1cd2ad0e0c83638cef3f35a0b548)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2849707fa65d2803e6d1c1603fdd3fd1fdc4c6cc)
|
|
We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in. This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.
This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0f539dc1a2f45580435c39dada44dd276e79cb88)
Conflicts:
Makefile.org
apps/Makefile
test/Makefile
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
This should be a one off operation (subsequent invokation of the
script should not move them)
This commit is for the 1.0.2 changes
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5)
Conflicts:
crypto/x509v3/pcy_tree.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Can't really happen, but the flow of control isn't obvious.
Add an initializer.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 0ff3687eab8b0915198ad84d83da5998860b11b3)
|
|
PR#2277
(cherry picked from commit 733a6c882e92f8221bd03a51643bb47f5f81bb81)
|
|
|
|
|
|
PR: 3028
Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
correctly if they appeared first.
(cherry picked from commit 5ae8d6bcbaff99423a2608559d738a3fcf7ed6dc)
|
|
traditional format uses MD5 which is prohibited in FIPS mode.
|
|
|
|
(backport from HEAD)
|
|
RFC5114 parameters and X9.42 DH public and private keys.
(backport from HEAD)
|
|
of assuming they will always suceed.
|
|
|
|
Fixes to make OpenSSL compile with no-rc4
|
|
Submitted by: David Woodhouse <dwmw2@infradead.org>
Pass passphrase minimum length down to UI.
|
|
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct EVP_SealInit error handling in pem_seal.c
|
|
|
|
|
|
ancient SSLeay format.
|
|
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
|
|
implementations.
|
|
|
|
|
|
|
|
|
|
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
|
|
Initial support for CMS.
Add zlib compression BIO.
Add AES key wrap implementation.
Generalize S/MIME MIME code to support CMS and/or PKCS7.
|
|
|
|
always use inline functions.
|
|
|
|
|
|
|
|
PR: 1438
|
|
|
|
|
|
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
|
|
|
|
|
|
private keys.
FIXME: this function should really be rewritten because it is *horrible*.
|