generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

RT2547: Tighten perms on generated privkey files

Browse Source 
When generating a private key, try to make the output file be readable
only by the owner.  Put it in CHANGES file since it might be noticeable.

Add "int private" flag to apps that write private keys, and check that it's
set whenever we do write a private key.  Checked via assert so that this
bug (security-related) gets fixed.  Thanks to Viktor for help in tracing
the code-paths where private keys are written.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
Rich Salz
2015-05-02 10:01:33 -04:00
committed by Rich Salz
parent d31fb0b5b3
commit 3b061a00e3
22 changed files with 184 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
apps/opt.c
View File

@@ -49,7 +49,6 @@
/* #define COMPILE_STANDALONE_TEST_DRIVER */
#include "apps.h"
#include <assert.h>
#include <string.h>
#if !defined(OPENSSL_SYS_MSDOS)
# include OPENSSL_UNISTD