[openssl/openssl] 6207f2: Don't add the msblob/pvk decoders if they're not s...

Matt Caswell noreply at github.com
Tue Aug 1 18:11:19 UTC 2023 

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 6207f2b657b5ba1823681b49c7c34c619da0dd00
      https://github.com/openssl/openssl/commit/6207f2b657b5ba1823681b49c7c34c619da0dd00
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-08-01 (Tue, 01 Aug 2023)

  Changed paths:
    M providers/implementations/encode_decode/decode_msblob2key.c
    M providers/implementations/encode_decode/decode_pvk2key.c

  Log Message:
  -----------
  Don't add the msblob/pvk decoders if they're not suitable

msblob only decodes public/private keys (not just params).
pvk only decodes private keys.

If the requested selection doesn't intersect with the above then don't
consider those decoders.

Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21603)


  Commit: 564e5b754a4680dfad38585dd73bcf025567b448
      https://github.com/openssl/openssl/commit/564e5b754a4680dfad38585dd73bcf025567b448
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-08-01 (Tue, 01 Aug 2023)

  Changed paths:
    M crypto/encode_decode/decoder_lib.c

  Log Message:
  -----------
  Always add a suitable error if we fail to decode

We're always supposed to add the fallback "unsupported" error if we don't
have anything better. However in some cases this wasn't happening because
we were incorrectly setting "flag_construct_called" - even though the
construct function had failed.

Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21603)


  Commit: 0d0791eedff7f0747503d816184810aa093f523e
      https://github.com/openssl/openssl/commit/0d0791eedff7f0747503d816184810aa093f523e
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-08-01 (Tue, 01 Aug 2023)

  Changed paths:
    M crypto/pem/pem_pkey.c

  Log Message:
  -----------
  The PEM_read_bio_Parameters() function should not ask for a password

The PEM_read_bio_Parameters[_ex] function does not have the capability
of specifying a password callback. We should not use the fallback password
callback in this case because it will attempt to send a prompt for the
password which might not be the correct thing to do. We should just not
use a password in that case.

Fixes #21588

Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21603)


  Commit: df3d609030bdb0868d1ccca14227bb6829ad954c
      https://github.com/openssl/openssl/commit/df3d609030bdb0868d1ccca14227bb6829ad954c
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-08-01 (Tue, 01 Aug 2023)

  Changed paths:
    M test/pemtest.c

  Log Message:
  -----------
  Add a test for PEM_read_bio_Parameters()

We must not ask for a password when attempting to read parameters.

Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21603)


Compare: https://github.com/openssl/openssl/compare/780ce3849f9e...df3d609030bd

More information about the openssl-commits mailing list