openssl/ssl
Norman Ashley 36871717ac Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign
OCSP_basic_sign_ctx() in ocsp_srv.c , does not check for RSA_METHOD_FLAG_NO_CHECK.
If a key has RSA_METHOD_FLAG_NO_CHECK set, OCSP sign operations can fail
because the X509_check_private_key() can fail.

The check for the RSA_METHOD_FLAG_NO_CHECK was moved to crypto/rsa/rsa_ameth.c
as a common place to check. Checks in ssl_rsa.c were removed.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12419)

(cherry picked from commit 56e8fe0b4e)
2020-09-21 11:33:08 +02:00
..
record TLS fixes for CBC mode and no-deprecated 2020-09-09 17:59:08 +10:00
statem Disallow certs with explicit curve in verification chain 2020-09-17 17:15:15 +02:00
bio_ssl.c Update copyright year 2020-05-15 14:09:49 +01:00
build.info TLS fixes for CBC mode and no-deprecated 2020-09-09 17:59:08 +10:00
d1_lib.c Reorganize local header files 2019-09-28 20:26:35 +02:00
d1_msg.c Reorganize local header files 2019-09-28 20:26:35 +02:00
d1_srtp.c Fix safestack issues in ssl.h 2020-09-13 11:09:45 +01:00
ktls.c Move KTLS inline functions only used by libssl into ssl/ktls.c. 2020-08-31 09:34:19 +01:00
methods.c Update some inclusions of <openssl/macros.h> 2019-11-07 11:37:25 +01:00
pqueue.c Reorganize local header files 2019-09-28 20:26:35 +02:00
s3_cbc.c TLS fixes for CBC mode and no-deprecated 2020-09-09 17:59:08 +10:00
s3_enc.c Improve some error messages if a digest is not available 2020-08-29 17:56:20 +10:00
s3_lib.c Fix safestack issues in x509.h 2020-09-13 11:09:45 +01:00
s3_msg.c Reorganize local header files 2019-09-28 20:26:35 +02:00
ssl_asn1.c Explicitly test against NULL; do not use !p or similar 2019-10-09 21:32:15 +02:00
ssl_cert_table.h Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
ssl_cert.c Fix safestack issues in x509.h 2020-09-13 11:09:45 +01:00
ssl_ciph.c Ignore unused return values from some sk_*() macros 2020-09-13 11:11:57 +01:00
ssl_conf.c Fix safestack issues in x509.h 2020-09-13 11:09:45 +01:00
ssl_err.c Improve some error messages if a digest is not available 2020-08-29 17:56:20 +10:00
ssl_init.c Providerized libssl fallout: cleanup init 2020-07-11 15:13:09 -07:00
ssl_lib.c Fix safestack issues in ct.h 2020-09-13 11:10:41 +01:00
ssl_local.h Increase PSK_MAX_PSK_LEN to 512 2020-09-21 10:26:08 +02:00
ssl_mcnf.c Update copyright year 2020-08-06 13:22:30 +01:00
ssl_rsa.c Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign 2020-09-21 11:33:08 +02:00
ssl_sess.c Fix safestack issues in x509.h 2020-09-13 11:09:45 +01:00
ssl_stat.c Reorganize local header files 2019-09-28 20:26:35 +02:00
ssl_txt.c Update copyright year 2020-04-23 13:55:52 +01:00
ssl_utst.c Reorganize local header files 2019-09-28 20:26:35 +02:00
t1_enc.c Add helper functions for FreeBSD KTLS. 2020-08-31 09:34:19 +01:00
t1_lib.c Fix safestack issues in x509.h 2020-09-13 11:09:45 +01:00
t1_trce.c t1_trce: Fix remaining places where the 24 bit shift overflow happens 2020-05-20 17:31:56 +02:00
tls13_enc.c Support for KTLS TX on FreeBSD for TLS 1.3. 2020-08-31 09:34:19 +01:00
tls_srp.c Update copyright year 2020-04-23 13:55:52 +01:00