[openssl] master update

Richard Levitte levitte at openssl.org
Wed May 20 19:11:33 UTC 2020


The branch master has been updated
       via  e637d47c9122d74d4f3a40a8cbe867de29468ba3 (commit)
      from  a30027b680c4ccf69f0600b3a5406821b2d7fe0b (commit)


- Log -----------------------------------------------------------------
commit e637d47c9122d74d4f3a40a8cbe867de29468ba3
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue May 19 12:52:07 2020 +0200

    rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md|
    
    In the FIPS module, the code as written generate an unconditional
    error.
    
    Fixes #11865
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/11869)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rsa/rsa_oaep.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index 8ffde9ff18..ce98802070 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -67,13 +67,14 @@ int rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(OPENSSL_CTX *libctx,
     unsigned char seedmask[EVP_MAX_MD_SIZE];
     int mdlen, dbmask_len = 0;
 
+    if (md == NULL) {
 #ifndef FIPS_MODULE
-    if (md == NULL)
         md = EVP_sha1();
 #else
         RSAerr(0, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
 #endif
+    }
     if (mgf1md == NULL)
         mgf1md = md;
 


More information about the openssl-commits mailing list