]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fdcddd9) | patch
Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign
authorNorman Ashley <nashley@cisco.com>
Fri, 10 Jul 2020 23:01:32 +0000 (19:01 -0400)
committerTomas Mraz <tmraz@fedoraproject.org>
Mon, 21 Sep 2020 09:29:52 +0000 (11:29 +0200)
commit56e8fe0b4efbf582e40ae91319727c9d176c5e1e
tree5175e5940e86afeec3f2d4e6e9ef9266ee6684cctree
parentfdcddd9357fcda1f0507fda0307d94e8244f2b51commit | diff
Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign

OCSP_basic_sign_ctx() in ocsp_srv.c , does not check for RSA_METHOD_FLAG_NO_CHECK.
If a key has RSA_METHOD_FLAG_NO_CHECK set, OCSP sign operations can fail
because the X509_check_private_key() can fail.

The check for the RSA_METHOD_FLAG_NO_CHECK was moved to crypto/rsa/rsa_ameth.c
as a common place to check. Checks in ssl_rsa.c were removed.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12419)
crypto/rsa/rsa_ameth.c diff | blob | blame | history
ssl/ssl_rsa.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git