The branch OpenSSL_1_0_2-stable has been updated
via 8a8534620da8e13c8a7ab123ecd7fc0226f999bf (commit)
via df70ef22c88eac65ee84201547084cf8f14d512e (commit)
via d04e651feadebd13cbe6f6d58b78a08e7b8e2994 (commit)
from 41d23d435221411b4d70c08b6c5424d0afcf4c19 (commit)
- Log -----------------------------------------------------------------
commit 8a8534620da8e13c8a7ab123ecd7fc0226f999bf
Author: Nick Mathewson <[email protected]>
Date: Thu May 24 15:23:15 2018 -0400
Improve the example getpass() implementation to show an error return
Also, modernize the code, so that it isn't trying to store a size_t
into an int, and then check the int's sign. :/
Reviewed-by: Rich Salz <[email protected]>
Reviewed-by: Richard Levitte <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/6271)
(cherry picked from commit c8c250333cd254ab3f4d709ebc5ed86a7c065721)
(cherry picked from commit 50d06d1c7d2682b0042e921a76beb509d7ea68e1)
commit df70ef22c88eac65ee84201547084cf8f14d512e
Author: Richard Levitte <[email protected]>
Date: Thu Jun 21 19:01:28 2018 +0200
doc/crypto/pem.pod: modernise the example code
Reviewed-by: Rich Salz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/6552)
commit d04e651feadebd13cbe6f6d58b78a08e7b8e2994
Author: Nick Mathewson <[email protected]>
Date: Wed May 16 11:07:48 2018 -0400
Update documentation for PEM callback: error is now -1.
In previous versions of OpenSSL, the documentation for PEM_read_*
said:
The callback B<must> return the number of characters in the
passphrase or 0 if an error occurred.
But since c82c3462267afdbbaa5, 0 is now treated as a non-error
return value. Applications that want to indicate an error need to
return -1 instead.
Reviewed-by: Rich Salz <[email protected]>
Reviewed-by: Richard Levitte <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/6271)
(cherry picked from commit bbbf752a3c8b5a966bcb48fc71a3dc03832e7b27)
(cherry picked from commit e4b47f7f19392e3be604e44f6999de2bc9e7ecf3)
-----------------------------------------------------------------------
Summary of changes:
doc/crypto/pem.pod | 93 +++++++++++++++++++++++++-----------------------------
1 file changed, 43 insertions(+), 50 deletions(-)
diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod
index 763eb6f..de9ecca 100644
--- a/doc/crypto/pem.pod
+++ b/doc/crypto/pem.pod
@@ -342,7 +342,7 @@ for it twice) if B<rwflag> is 1. The B<u> parameter has the
same
value as the B<u> parameter passed to the PEM routine. It allows
arbitrary data to be passed to the callback by the application
(for example a window handle in a GUI application). The callback
-B<must> return the number of characters in the passphrase or 0 if
+B<must> return the number of characters in the passphrase or -1 if
an error occurred.
=head1 EXAMPLES
@@ -354,84 +354,77 @@ Read a certificate in PEM format from a BIO:
X509 *x;
x = PEM_read_bio_X509(bp, NULL, 0, NULL);
- if (x == NULL)
- {
- /* Error */
- }
+ if (x == NULL) {
+ /* Error */
+ }
Alternative method:
X509 *x = NULL;
- if (!PEM_read_bio_X509(bp, &x, 0, NULL))
- {
- /* Error */
- }
+ if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
+ /* Error */
+ }
Write a certificate to a BIO:
- if (!PEM_write_bio_X509(bp, x))
- {
- /* Error */
- }
+ if (!PEM_write_bio_X509(bp, x)) {
+ /* Error */
+ }
Write an unencrypted private key to a FILE pointer:
- if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL))
- {
- /* Error */
- }
+ if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
+ /* Error */
+ }
Write a private key (using traditional format) to a BIO using
triple DES encryption, the pass phrase is prompted for:
- if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL))
- {
- /* Error */
- }
+ if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL))
{
+ /* Error */
+ }
Write a private key (using PKCS#8 format) to a BIO using triple
DES encryption, using the pass phrase "hello":
- if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0,
"hello"))
- {
- /* Error */
- }
+ if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0,
"hello")) {
+ /* Error */
+ }
Read a private key from a BIO using the pass phrase "hello":
key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
- if (key == NULL)
- {
- /* Error */
- }
+ if (key == NULL) {
+ /* Error */
+ }
Read a private key from a BIO using a pass phrase callback:
key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
- if (key == NULL)
- {
- /* Error */
- }
+ if (key == NULL) {
+ /* Error */
+ }
Skeleton pass phrase callback:
- int pass_cb(char *buf, int size, int rwflag, void *u);
- {
- int len;
- char *tmp;
- /* We'd probably do something else if 'rwflag' is 1 */
- printf("Enter pass phrase for \"%s\"\n", u);
-
- /* get pass phrase, length 'len' into 'tmp' */
- tmp = "hello";
- len = strlen(tmp);
-
- if (len <= 0) return 0;
- /* if too long, truncate */
- if (len > size) len = size;
- memcpy(buf, tmp, len);
- return len;
- }
+ int pass_cb(char *buf, int size, int rwflag, void *u)
+ {
+
+ /* We'd probably do something else if 'rwflag' is 1 */
+ printf("Enter pass phrase for \"%s\"\n", u);
+
+ /* get pass phrase, length 'len' into 'tmp' */
+ char *tmp = "hello";
+ if (tmp == NULL) /* An error occurred */
+ return -1;
+
+ size_t len = strlen(tmp);
+
+ if (len > size)
+ len = size;
+ memcpy(buf, tmp, len);
+ return len;
+ }
=head1 NOTES
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
