summaryrefslogtreecommitdiffstats
path: root/crypto/pem
AgeCommit message (Collapse)Author
2016-05-17Don't require any length of password when decryptingRichard Levitte
RT#2534 Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-28Reject inappropriate private key encryption ciphers.Dr. Stephen Henson
The traditional private key encryption algorithm doesn't function properly if the IV length of the cipher is zero. These ciphers (e.g. ECB mode) are not suitable for private key encryption anyway. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit d78df5dfd650e6de159a19a033513481064644f5)
2016-03-04Sanity check PVK file fields.Dr. Stephen Henson
PVK files with abnormally large length or salt fields can cause an integer overflow which can result in an OOB read and heap corruption. However this is an rarely used format and private key files do not normally come from untrusted sources the security implications not significant. Fix by limiting PVK length field to 100K and salt to 10K: these should be more than enough to cover any files encountered in practice. Issue reported by Guido Vranken. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 5f57abe2b150139b8b057313d52b1fe8f126c952)
2015-11-09Fix missing malloc return value checksMatt Caswell
During work on a larger change in master a number of locations were identified where return value checks were missing. This backports the relevant fixes. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-23Remove useless codeAlessandro Ghedini
RT#4081 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 070c23325af4526c9a8532a60d63522c58d5554b)
2015-10-23Fix memory leaks and other mistakes on errorsAlessandro Ghedini
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 3f6c7691870d1cd2ad0e0c83638cef3f35a0b548)
2015-09-15RT4044: Remove .cvsignore files.Rich Salz
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-28check for error when creating PKCS#8 structureDr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 2849707fa65d2803e6d1c1603fdd3fd1fdc4c6cc)
2015-05-23Fix the update target and remove duplicate file updatesRichard Levitte
We had updates of certain header files in both Makefile.org and the Makefile in the directory the header file lived in. This is error prone and also sometimes generates slightly different results (usually just a comment that differs) depending on which way the update was done. This removes the file update targets from the top level Makefile, adds an update: target in all Makefiles and has it depend on the depend: or local_depend: targets, whichever is appropriate, so we don't get a double run through the whole file tree. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 0f539dc1a2f45580435c39dada44dd276e79cb88) Conflicts: Makefile.org apps/Makefile test/Makefile
2015-01-22Fix formatting error in pem.hMatt Caswell
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-22Re-align some comments after running the reformat script.OpenSSL_1_0_2-post-reformatMatt Caswell
This should be a one off operation (subsequent invokation of the script should not move them) This commit is for the 1.0.2 changes Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Run util/openssl-format-source -v -c .Matt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Further comment amendments to preserve formatting prior to source reformatMatt Caswell
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5) Conflicts: crypto/x509v3/pcy_tree.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-02RT3140: Possibly-unit variable in pem_lib.cClang via Jeffrey Walton
Can't really happen, but the flow of control isn't obvious. Add an initializer. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 0ff3687eab8b0915198ad84d83da5998860b11b3)
2014-07-06Sanity check keylength in PVK files.Dr. Stephen Henson
PR#2277 (cherry picked from commit 733a6c882e92f8221bd03a51643bb47f5f81bb81)
2014-01-29Fix warning.Ben Laurie
2013-09-10Constification.Ben Laurie
2013-08-06Fix for PEM_X509_INFO_read_bio.Kaspar Brand
PR: 3028 Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys correctly if they appeared first. (cherry picked from commit 5ae8d6bcbaff99423a2608559d738a3fcf7ed6dc)
2013-01-07In FIPS mode use PKCS#8 format when writing private keys:Dr. Stephen Henson
traditional format uses MD5 which is prohibited in FIPS mode.
2012-06-03Reduce version skew: trivia (I hope).Ben Laurie
2012-04-07transparently handle X9.42 DH parametersDr. Stephen Henson
(backport from HEAD)
2012-04-07Initial experimental support for X9.42 DH parameter format to handleDr. Stephen Henson
RFC5114 parameters and X9.42 DH public and private keys. (backport from HEAD)
2011-06-03Backport libcrypto audit: check return values of EVP functions insteadDr. Stephen Henson
of assuming they will always suceed.
2010-06-15Fix warnings (From HEAD, original patch by Ben).Dr. Stephen Henson
2010-04-06PR: 2220Dr. Stephen Henson
Fixes to make OpenSSL compile with no-rc4
2010-03-27PR: 1904Dr. Stephen Henson
Submitted by: David Woodhouse <dwmw2@infradead.org> Pass passphrase minimum length down to UI.
2009-10-01PR: 2059Dr. Stephen Henson
Submitted by: Julia Lawall <julia@diku.dk> Approved by: steve@openssl.org Correct EVP_SealInit error handling in pem_seal.c
2009-04-23Make no-rsa, no-dsa and no-dh compile again.Dr. Stephen Henson
2009-03-09Update from stable branch.Dr. Stephen Henson
2009-01-15Make PKCS#8 the standard write format for private keys, replacing theDr. Stephen Henson
ancient SSLeay format.
2008-11-12Revert the size_t modifications from HEAD that had led to moreGeoff Thorpe
knock-on work than expected - they've been extracted into a patch series that can be completed elsewhere, or in a different branch, before merging back to HEAD.
2008-11-11Tolerate -----BEGIN PKCS #7 SIGNED DATA----- header lines as used by someDr. Stephen Henson
implementations.
2008-11-05Update obsolete email address...Dr. Stephen Henson
2008-11-01More size_tification.Ben Laurie
2008-06-04More type-checking.Ben Laurie
2008-03-22Update dependencies.Dr. Stephen Henson
2008-03-16Fix a variety of warnings generated by some elevated compiler-fascism,Geoff Thorpe
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-12And so it begins...Dr. Stephen Henson
Initial support for CMS. Add zlib compression BIO. Add AES key wrap implementation. Generalize S/MIME MIME code to support CMS and/or PKCS7.
2007-06-07Finish gcc 4.2 changes.Dr. Stephen Henson
2007-06-04Avoid use of function pointer casts in pem library. Modify safestack toDr. Stephen Henson
always use inline functions.
2007-04-05Don't dereference NULL argument. Coverity ID 52.Ben Laurie
2007-02-21Update from 0.9.7-stable.Dr. Stephen Henson
2007-01-21Constify version strings and some structures.Dr. Stephen Henson
2006-12-19remove trailing '\'Nils Larsch
PR: 1438
2006-11-21Update from 0.9.8 stable. Eliminate duplicate error codes.Dr. Stephen Henson
2006-11-06remove SSLEAY_MACROS codeNils Larsch
2006-06-09Camellia cipher, contributed by NTTBodo Möller
Submitted by: Masashi Fujita Reviewed by: Bodo Moeller
2006-06-05Complete EVP_PKEY_ASN1_METHOD ENGINE support.Dr. Stephen Henson
2006-05-24Fix warnings.Dr. Stephen Henson
2006-05-15Update old **EVIL** PEM_X509_INFO_read_bio() function to correctly assignDr. Stephen Henson
private keys. FIXME: this function should really be rewritten because it is *horrible*.
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-04 08:12:41 +0000