Skip to content

CAPI engine: add support for RSA_NO_PADDING [1.0.2]#7132

Closed
levitte wants to merge 2 commits intoopenssl:OpenSSL_1_0_2-stablefrom
levitte:fix-e_capi-20180906
Closed

CAPI engine: add support for RSA_NO_PADDING [1.0.2]#7132
levitte wants to merge 2 commits intoopenssl:OpenSSL_1_0_2-stablefrom
levitte:fix-e_capi-20180906

Conversation

@levitte
Copy link
Member

@levitte levitte commented Sep 6, 2018

Since the SSL code started using RSA_NO_PADDING, the CAPI engine became
unusable. This change fixes that.

Fixes #7131

@levitte
CAPI engine: add support for RSA_NO_PADDING
4ea54e8 
Since the SSL code started using RSA_NO_PADDING, the CAPI engine became
unusable.  This change fixes that.

Fixes openssl#7131
@levitte levitte added branch: master Applies to master branch branch: 1.0.2 Applies to OpenSSL_1_0_2-stable branch (EOL) 1.1.0 branch: 1.1.1 Applies to OpenSSL_1_1_1-stable branch (EOL) labels Sep 6, 2018
@levitte levitte mentioned this pull request Sep 6, 2018
Closed
@mattcaswell mattcaswell added this to the Assessed milestone Sep 7, 2018
bernd-edlinger
bernd-edlinger reviewed Sep 10, 2018
View reviewed changes
engines/e_capi.c
if (!CryptDecrypt(capi_key->key, 0, TRUE, flags, tmpbuf, &flen)) {
CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR);
capi_addlasterror();
OPENSSL_free(tmpbuf);
Copy link
Member

@bernd-edlinger bernd-edlinger Sep 10, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tmpbuf will need a OPENSSL_cleanse (especially in the successful code path, of course)

Copy link
Member Author

@levitte levitte Sep 10, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, fixing

@levitte levitte changed the title WIP: CAPI engine: add support for RSA_NO_PADDING [1.0.2] CAPI engine: add support for RSA_NO_PADDING [1.0.2] Sep 10, 2018
@levitte
Copy link
Member Author

levitte commented Sep 10, 2018

I took this out of WIP (had forgotten about that...)

t-j-h
t-j-h approved these changes Sep 11, 2018
View reviewed changes
Copy link
Member

@t-j-h t-j-h left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error handling code isn't particularly nice - but that isn't what you are changing in this PR so leaving that for later.

@t-j-h t-j-h added the approval: done This pull request has the required number of approvals label Sep 11, 2018
@t-j-h t-j-h modified the milestones: Assessed, 1.1.1 Sep 11, 2018
@levitte levitte mentioned this pull request Sep 11, 2018
Closed
@levitte
Copy link
Member Author

levitte commented Sep 11, 2018

This didn't cherry-pick cleanly up the releases, so there's a port in #7174

@levitte levitte removed 1.1.0 branch: 1.1.1 Applies to OpenSSL_1_1_1-stable branch (EOL) branch: master Applies to master branch labels Sep 11, 2018
levitte added a commit that referenced this pull request Sep 11, 2018
@levitte @mattcaswell
CAPI engine: add support for RSA_NO_PADDING
fb953d2 
Since the SSL code started using RSA_NO_PADDING, the CAPI engine became
unusable.  This change fixes that.

Fixes #7131

Reviewed-by: Bernd Edlinger <[email protected]>
Reviewed-by: Tim Hudson <[email protected]>
(Merged from #7132)
@mattcaswell
Copy link
Member

mattcaswell commented Sep 11, 2018

Pushed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@t-j-h t-j-h t-j-h approved these changes

@bernd-edlinger bernd-edlinger bernd-edlinger approved these changes

Assignees

No one assigned

Labels

approval: done This pull request has the required number of approvals branch: 1.0.2 Applies to OpenSSL_1_0_2-stable branch (EOL)

Projects

None yet

Milestone

1.1.1

Development

Successfully merging this pull request may close these issues.

4 participants

@levitte @mattcaswell @t-j-h @bernd-edlinger