wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto
History
Ken Goldman ea7d2c5808 Admit unknown pkey types at security level 0 
The check_key_level() function currently fails when the public key
cannot be extracted from the certificate because its algorithm is not
supported.  However, the public key is not needed for the last
certificate in the chain.

This change moves the check for level 0 before the check for a
non-NULL public key.

For background, this is the TPM 1.2 endorsement key certificate.
I.e., this is a real application with millions of certificates issued.
The key is an RSA-2048 key.

The TCG (for a while) specified

     Public Key Algorithm: rsaesOaep

rather than the commonly used

     Public Key Algorithm: rsaEncryption

because the key is an encryption key rather than a signing key.
The X509 certificate parser fails to get the public key.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7906)
2018-12-20 03:10:55 -05:00
..
aes Update copyright year 2018-09-11 13:45:17 +01:00
aria
asn1 Make EVP_PKEY_asn1_add0() stricter about its input 2018-12-07 11:59:11 +01:00
async arch/async_posix.h: improve portability. 2018-10-19 10:31:04 +02:00
bf Harmonize the make variables across all known platforms families 2018-02-14 17:13:53 +01:00
bio Fix the BIO callback return code handling 2018-10-04 14:20:27 +01:00
blake2
bn bn/bn_{div|shift}.c: introduce fixed-top interfaces. 2018-12-05 10:38:22 +00:00
buffer Update copyright year 2018-04-03 13:57:12 +01:00
camellia Update copyright year 2018-09-11 13:45:17 +01:00
cast Harmonize the make variables across all known platforms families 2018-02-14 17:13:53 +01:00
chacha chacha/asm/chacha-x86_64.pl: add dedicated path for 128-byte inputs. 2018-07-03 19:02:02 +02:00
cmac Update copyright year 2018-04-17 15:18:40 +02:00
cms Add missing OPENSSL_clear_free before using ec->key 2018-12-13 10:10:02 +00:00
comp Fix last(?) batch of malloc-NULL places 2018-04-26 14:02:24 -04:00
conf Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
ct Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
des Update copyright year 2018-04-03 13:57:12 +01:00
dh Harmonize the error handling codepath 2018-09-05 15:22:35 +03:00
dsa DSA: Check for sanity of input parameters 2018-11-14 13:07:54 +01:00
dso Preserve errno on dlopen 2018-12-10 10:22:05 +00:00
ec Disallow Ed448 signature malleability 2018-12-11 11:58:40 +00:00
engine eng_devcrypto: make sure digest can do copy 2018-12-10 13:22:14 +01:00
err ERR: preserve system error number in a few more places 2018-12-14 23:17:06 +01:00
evp make update 2018-12-10 10:08:32 +01:00
hmac Fix HMAC SHA3-224 and HMAC SHA3-256. 2018-09-04 08:09:12 +10:00
idea
include/internal bn/bn_{div|shift}.c: introduce fixed-top interfaces. 2018-12-05 10:38:22 +00:00
kdf Reset the HKDF state between operations 2018-10-29 14:11:40 +00:00
lhash Update copyright year 2018-09-11 13:45:17 +01:00
md2
md4
md5 Harmonize the make variables across all known platforms families 2018-02-14 17:13:53 +01:00
mdc2
modes Update copyright year 2018-09-11 13:45:17 +01:00
objects Make OBJ_NAME case insensitive. 2018-09-04 07:35:45 +10:00
ocsp Update copyright year 2018-09-11 13:45:17 +01:00
pem key zeroisation for pvkfmt now done on all branch paths 2018-09-05 05:14:02 +10:00
perlasm Update copyright year 2018-09-11 13:45:17 +01:00
pkcs7 Update copyright year 2018-09-11 13:45:17 +01:00
pkcs12 Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
poly1305 Fix a nit of copyright date range 2018-10-10 09:51:03 +08:00
rand Fix issues with do_rand_init/rand_cleanup_int 2018-11-09 13:37:38 +01:00
rc2
rc4 Update copyright year 2018-09-11 13:45:17 +01:00
rc5 Harmonize the make variables across all known platforms families 2018-02-14 17:13:53 +01:00
ripemd Harmonize the make variables across all known platforms families 2018-02-14 17:13:53 +01:00
rsa add missing check for BN_mod_inverse 2018-12-13 09:59:10 +00:00
seed Update copyright year 2018-09-11 13:45:17 +01:00
sha sha/asm/sha512p8-ppc.pl: optimize epilogue. 2018-11-16 09:26:29 +01:00
siphash Fix SipHash init order. 2018-11-12 07:16:58 +01:00
sm2 EVP module documentation pass 2018-10-17 13:31:59 +03:00
sm3
sm4
srp Make ck_errf.pl ignore commented out error generation 2018-06-12 12:31:45 +02:00
stack Revert "stack/stack.c: omit redundant NULL checks." 2018-08-09 14:37:10 +01:00
store crypto/*: address standard-compilance nits. 2018-07-20 13:40:30 +02:00
ts Check conversion return in ASN1_INTEGER_print_bio. 2018-07-31 11:37:05 +10:00
txt_db Update copyright year 2018-04-03 13:57:12 +01:00
ui crypto/ui/ui_openssl.c: make sure to recognise ENXIO and EIO too 2018-09-20 06:40:52 +02:00
whrlpool Harmonize the make variables across all known platforms families 2018-02-14 17:13:53 +01:00
x509 Admit unknown pkey types at security level 0 2018-12-20 03:10:55 -05:00
x509v3 Update copyright year 2018-09-11 13:45:17 +01:00
alphacpuid.pl
arm64cpuid.pl {arm64|x86_64}cpuid.pl: add special 16-byte case to OPENSSL_memcmp. 2018-06-03 21:15:18 +02:00
arm_arch.h Fix building linux-armv4 with --strict-warnings 2018-04-20 15:49:33 +02:00
armcap.c crypto/armcap.c: mask SHA512 hardware detection on iOS. 2018-03-06 23:18:24 +01:00
armv4cpuid.pl Update copyright year 2018-05-01 13:34:30 +01:00
build.info Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
c64xpluscpuid.pl
cpt_err.c Fix last(?) batch of malloc-NULL places 2018-04-26 14:02:24 -04:00
cryptlib.c minor fixes for Windows 2018-09-12 09:18:25 +02:00
ctype.c
cversion.c
dllmain.c Update copyright year 2018-09-11 13:45:17 +01:00
ebcdic.c
ex_data.c Ensure the thread keys are always allocated in the same order 2018-04-20 15:45:06 +02:00
getenv.c Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
ia64cpuid.S
init.c crypto/init.c: improve destructor_key's portability. 2018-08-22 21:46:01 +02:00
LPdir_nyi.c
LPdir_unix.c typo-fixes: miscellaneous typo fixes 2018-09-21 23:59:02 +02:00
LPdir_vms.c
LPdir_win.c
LPdir_win32.c
LPdir_wince.c
mem.c crypto/mem.c: switch to tsan_assist.h in CRYPTO_MDEBUG. 2018-08-07 09:08:50 +02:00
mem_clr.c
mem_dbg.c Update copyright year 2018-02-13 13:59:25 +00:00
mem_sec.c test/secmemtest: test secure memory only if it is implemented 2018-10-05 12:23:34 +02:00
mips_arch.h
o_dir.c
o_fips.c
o_fopen.c Add missing include file. 2018-09-17 12:54:20 +10:00
o_init.c
o_str.c
o_time.c Update copyright year 2018-04-03 13:57:12 +01:00
pariscid.pl PA-RISC assembly pack: make it work with GNU assembler for HP-UX. 2018-06-25 16:45:48 +02:00
ppc_arch.h
ppccap.c crypto/ppccap.c: wire new ChaCha20_ctr32_vsx. 2018-06-06 22:14:15 +02:00
ppccpuid.pl
s390x_arch.h s390x assembly pack: add KIMD/KLMD code path for sha3/shake 2018-08-06 12:04:52 +02:00
s390xcap.c
s390xcpuid.pl s390x assembly pack: add KIMD/KLMD code path for sha3/shake 2018-08-06 12:04:52 +02:00
sparc_arch.h
sparccpuid.S
sparcv9cap.c
threads_none.c crypto/threads_*: remove CRYPTO_atomic_{read|write}. 2018-08-17 12:40:39 +02:00
threads_pthread.c crypto/threads_*: remove CRYPTO_atomic_{read|write}. 2018-08-17 12:40:39 +02:00
threads_win.c crypto/threads_*: remove CRYPTO_atomic_{read|write}. 2018-08-17 12:40:39 +02:00
uid.c Update copyright year 2018-09-11 13:45:17 +01:00
vms_rms.h
x86_64cpuid.pl {arm64|x86_64}cpuid.pl: add special 16-byte case to OPENSSL_memcmp. 2018-06-03 21:15:18 +02:00
x86cpuid.pl Fix issues in ia32 RDRAND asm leading to reduced entropy 2018-03-08 10:27:49 -05:00