Merge lp://staging/~zseil/pyopenssl/privatekey-callback-fixes into lp://staging/~exarkun/pyopenssl/trunk
Status: | Needs review |
---|---|
Proposed branch: | lp://staging/~zseil/pyopenssl/privatekey-callback-fixes |
Merge into: | lp://staging/~exarkun/pyopenssl/trunk |
Diff against target: |
385 lines (+197/-66) 2 files modified
src/crypto/crypto.c (+91/-66) test/test_crypto.py (+106/-0) |
To merge this branch: | bzr merge lp://staging/~zseil/pyopenssl/privatekey-callback-fixes |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Jean-Paul Calderone | Pending | ||
Review via email:
|
Unmerged revisions
- 131. By Ziga Seilnacht
-
Unify code formatting in recently changed functions to what seems to be the currently preferred style.
- 130. By Ziga Seilnacht
-
Add a few more error checks around OpenSSL API calls.
These errors can only occur in low memory conditions, so there
is no reasonable way to test them. - 129. By Ziga Seilnacht
-
Raise an error if a passphrase is used with a private key format that does not support encryption.
Otherwise users might get an unpleasant surprise once they learn that their private key, which they
thought was secure, is in fact readable by everyone. - 128. By Ziga Seilnacht
-
Additional error checks and a refcount fix for global_
passphrase_ callback. There were two really big problems in this function: the first one was the
silent truncation of passphrases, the second was the refcounting bug,
which kept the passphrase in memory until the process exited. See tests
for details. - 127. By Ziga Seilnacht
-
Don't overwrite the error raised by the callback.
- 126. By Ziga Seilnacht
-
Whitespace cleanup.
This branch fixes the bugs mentioned in Bug #499628 and contains the tests for the parts that can be tested without introducing some kind of C level fault injector.
The branch contains two backwards incompatible changes:
- {load, dump}_privatekey now raise an error when called with a passphrase and FILETYPE_ASN1
- they raise an error when the passphrase callback returns a passphrase longer than 1024 bytes.
I can change load_privatekey to only issue a warning in these conditions, but I think that the current behaviour is too dangerous for dump_privatekey and should be changed to raise an error immediately.