projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9c13b49) | patch
Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign
authorNorman Ashley <nashley@cisco.com>
Fri, 10 Jul 2020 23:01:32 +0000 (19:01 -0400)
committerTomas Mraz <tmraz@fedoraproject.org>
Mon, 21 Sep 2020 09:33:08 +0000 (11:33 +0200)
commit36871717ac83fe049f8620ff82be4a5d36e0d97d
tree37006893701f735d456aa5c3a3a142af871dd170tree | snapshot
parent9c13b49a9f22d91c7f0576377975157f4f67984ccommit | diff
Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign

OCSP_basic_sign_ctx() in ocsp_srv.c , does not check for RSA_METHOD_FLAG_NO_CHECK.
If a key has RSA_METHOD_FLAG_NO_CHECK set, OCSP sign operations can fail
because the X509_check_private_key() can fail.

The check for the RSA_METHOD_FLAG_NO_CHECK was moved to crypto/rsa/rsa_ameth.c
as a common place to check. Checks in ssl_rsa.c were removed.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12419)

(cherry picked from commit 56e8fe0b4efbf582e40ae91319727c9d176c5e1e)
crypto/rsa/rsa_ameth.c diff | blob | history
ssl/ssl_rsa.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.