[openssl] master update
Richard Levitte
levitte at openssl.org
Sat Mar 14 03:34:29 UTC 2020
The branch master has been updated
via ca7f7b951825e23dddb798f6a61f50a04225d25a (commit)
from ca50d69cfe51f742ca052201fe4c5d851b28ae6c (commit)
- Log -----------------------------------------------------------------
commit ca7f7b951825e23dddb798f6a61f50a04225d25a
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Mar 12 06:26:34 2020 +0100
Fix RSA structure
The first field was called 'pad', but not for the reason one might
think. It was really a padding int that was always zero, and was
placed first on purpose. This is to pick up programming errors where
an RSA pointer was passed when an EVP_PKEY pointer should have been,
an makes it look like an EVP_PKEY structure with type EVP_PKEY_NONE,
which effectively avoids any further processing (and unintended
corruption of the RSA structure).
This is only relevant for legacy structure and EVP_PKEY_METHODs. With
providers, EVP_PKEYs aren't passed to the backend anyway.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11315)
-----------------------------------------------------------------------
Summary of changes:
crypto/rsa/rsa_local.h | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
index ac8856207e..a5c7b0a811 100644
--- a/crypto/rsa/rsa_local.h
+++ b/crypto/rsa/rsa_local.h
@@ -29,13 +29,15 @@ DECLARE_ASN1_ITEM(RSA_PRIME_INFO)
DEFINE_STACK_OF(RSA_PRIME_INFO)
struct rsa_st {
- OPENSSL_CTX *libctx;
-
/*
- * The first parameter is used to pickup errors where this is passed
- * instead of an EVP_PKEY, it is set to 0
+ * #legacy
+ * The first field is used to pickup errors where this is passed
+ * instead of an EVP_PKEY. It is always zero.
+ * THIS MUST REMAIN THE FIRST FIELD.
*/
- int pad;
+ int dummy_zero;
+
+ OPENSSL_CTX *libctx;
int32_t version;
const RSA_METHOD *meth;
/* functional reference if 'meth' is ENGINE-provided */
More information about the openssl-commits
mailing list