[openssl] master update

Richard Levitte levitte at openssl.org
Sat Mar 14 03:34:29 UTC 2020

The branch master has been updated
       via  ca7f7b951825e23dddb798f6a61f50a04225d25a (commit)
      from  ca50d69cfe51f742ca052201fe4c5d851b28ae6c (commit)

- Log -----------------------------------------------------------------
commit ca7f7b951825e23dddb798f6a61f50a04225d25a
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Mar 12 06:26:34 2020 +0100

    Fix RSA structure
    The first field was called 'pad', but not for the reason one might
    think.  It was really a padding int that was always zero, and was
    placed first on purpose.  This is to pick up programming errors where
    an RSA pointer was passed when an EVP_PKEY pointer should have been,
    an makes it look like an EVP_PKEY structure with type EVP_PKEY_NONE,
    which effectively avoids any further processing (and unintended
    corruption of the RSA structure).
    This is only relevant for legacy structure and EVP_PKEY_METHODs.  With
    providers, EVP_PKEYs aren't passed to the backend anyway.
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/11315)


Summary of changes:
 crypto/rsa/rsa_local.h | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
index ac8856207e..a5c7b0a811 100644
--- a/crypto/rsa/rsa_local.h
+++ b/crypto/rsa/rsa_local.h
@@ -29,13 +29,15 @@ DECLARE_ASN1_ITEM(RSA_PRIME_INFO)
 struct rsa_st {
-    OPENSSL_CTX *libctx;
-     * The first parameter is used to pickup errors where this is passed
-     * instead of an EVP_PKEY, it is set to 0
+     * #legacy
+     * The first field is used to pickup errors where this is passed
+     * instead of an EVP_PKEY.  It is always zero.
-    int pad;
+    int dummy_zero;
+    OPENSSL_CTX *libctx;
     int32_t version;
     const RSA_METHOD *meth;
     /* functional reference if 'meth' is ENGINE-provided */

More information about the openssl-commits mailing list