kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
929fd44f92
boringssl/crypto/pem
History
David Benjamin 01e8e625ad Don't allow RC4 in PEM. 
This fixes uninitialized memory read reported by Nick Mathewson in
https://github.com/openssl/openssl/issues/6347.

It imports the memset from upstream's 2c739f72e5236a8e0c351c00047c77083dcdb77f,
but I believe that fix is incorrect and instead RC4 shouldn't be allowed in
this context. See
https://github.com/openssl/openssl/pull/6603#issuecomment-413066462 for
details.

Update-Note: Decoding a password-protected PEM block with RC4 will, rather than
derive garbage from uninitialized memory, simply fail. Trying to encode a
password-protect PEM block with an unsupported cipher will also fail, rather
than output garbage (e.g. tag-less AES-GCM).

Change-Id: Ib7e23dbf5514f0a523730926daad3c0bdb989417
Reviewed-on: https://boringssl-review.googlesource.com/31084
Reviewed-by: Adam Langley <agl@google.com>
2018-08-16 15:33:43 +00:00
..
CMakeLists.txt
pem_all.c Add a bunch of compatibility functions for PKCS#7. 2018-06-26 18:42:49 +00:00
pem_info.c Remove redundant calls to |OPENSSL_cleanse| and |OPENSSL_realloc_clean|. 2017-09-18 19:16:51 +00:00
pem_lib.c Don't allow RC4 in PEM. 2018-08-16 15:33:43 +00:00
pem_oth.c
pem_pk8.c OPENSSL_cleanse some buffers. 2017-08-09 00:17:52 +00:00
pem_pkey.c Remove redundant calls to |OPENSSL_cleanse| and |OPENSSL_realloc_clean|. 2017-09-18 19:16:51 +00:00
pem_test.cc Don't allow RC4 in PEM. 2018-08-16 15:33:43 +00:00
pem_x509.c
pem_xaux.c Delete some dead code from crypto/x509. 2017-06-09 19:58:08 +00:00