[openssl/openssl] 1383dc: Don't add the msblob/pvk decoders if they're not s...

Matt Caswell noreply at github.com
Tue Aug 1 18:11:37 UTC 2023 

  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 1383dc6044883edb18d60b5faa3630dd2c46540b
      https://github.com/openssl/openssl/commit/1383dc6044883edb18d60b5faa3630dd2c46540b
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-08-01 (Tue, 01 Aug 2023)

  Changed paths:
    M providers/implementations/encode_decode/decode_msblob2key.c
    M providers/implementations/encode_decode/decode_pvk2key.c

  Log Message:
  -----------
  Don't add the msblob/pvk decoders if they're not suitable

msblob only decodes public/private keys (not just params).
pvk only decodes private keys.

If the requested selection doesn't intersect with the above then don't
consider those decoders.

Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21603)

(cherry picked from commit 6207f2b657b5ba1823681b49c7c34c619da0dd00)


  Commit: bc34490fa14f9cb69feb245b9cbbef625cf70c00
      https://github.com/openssl/openssl/commit/bc34490fa14f9cb69feb245b9cbbef625cf70c00
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-08-01 (Tue, 01 Aug 2023)

  Changed paths:
    M crypto/encode_decode/decoder_lib.c

  Log Message:
  -----------
  Always add a suitable error if we fail to decode

We're always supposed to add the fallback "unsupported" error if we don't
have anything better. However in some cases this wasn't happening because
we were incorrectly setting "flag_construct_called" - even though the
construct function had failed.

Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21603)

(cherry picked from commit 564e5b754a4680dfad38585dd73bcf025567b448)


  Commit: 5ac7a04471370da6010bd653af83fec5559ca202
      https://github.com/openssl/openssl/commit/5ac7a04471370da6010bd653af83fec5559ca202
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-08-01 (Tue, 01 Aug 2023)

  Changed paths:
    M crypto/pem/pem_pkey.c

  Log Message:
  -----------
  The PEM_read_bio_Parameters() function should not ask for a password

The PEM_read_bio_Parameters[_ex] function does not have the capability
of specifying a password callback. We should not use the fallback password
callback in this case because it will attempt to send a prompt for the
password which might not be the correct thing to do. We should just not
use a password in that case.

Fixes #21588

Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21603)

(cherry picked from commit 0d0791eedff7f0747503d816184810aa093f523e)


  Commit: 1f2dce172bb76168dd6829934a1015a5e2b35c02
      https://github.com/openssl/openssl/commit/1f2dce172bb76168dd6829934a1015a5e2b35c02
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-08-01 (Tue, 01 Aug 2023)

  Changed paths:
    M test/pemtest.c

  Log Message:
  -----------
  Add a test for PEM_read_bio_Parameters()

We must not ask for a password when attempting to read parameters.

Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21603)

(cherry picked from commit df3d609030bdb0868d1ccca14227bb6829ad954c)


Compare: https://github.com/openssl/openssl/compare/6a26a09c423c...1f2dce172bb7

More information about the openssl-commits mailing list