Matt Caswell

Getting an annoying error from github when trying to comment on one of the threads above...so I'll post my comment here instead: > At least in the original design the...

I don't see why this wouldn't be possible already with the current provider API. Basically it would essentially be a "proxy" provider to pass along all calls to some remote...

Analysing the second one leads me to this code: https://github.com/openssl/openssl/blob/7e5e91176b770a68bdaf73a5c647f1fc0d7f2900/crypto/encode_decode/decoder_lib.c#L213-L244 Your error injection code can cause `ossl_decoder_parsed_properties()` in the above code to return NULL. This appears to leak the `decoder`...

Fix for the second issue in #18410

For the first issue there are some oddities in the stack trace which I can't quite line up with the code (did you have compiler optimisations switched on?). Anyway my...

Probable fix for the first issue in #18411

This doesn't look quite right: https://github.com/openssl/openssl/blob/7e5e91176b770a68bdaf73a5c647f1fc0d7f2900/crypto/provider_core.c#L1401-L1435 If the `cb` call on 1404 fails part way through processing a stack of providers we goto finish without resetting `curr` to -1 (like...

Possible fix in #18413

Fix for this latest issue in #18417

My other fixes are all now merged. Probable fix for this latest issue in #18458.