[openssl] master update

Dr. Paul Dale pauli at openssl.org
Tue Jul 6 00:08:31 UTC 2021


The branch master has been updated
       via  643ce3108f88751c44348335bed91e475d50677d (commit)
      from  0a02c81f8173e0c5d554bd16daa68b7594f4cbd8 (commit)


- Log -----------------------------------------------------------------
commit 643ce3108f88751c44348335bed91e475d50677d
Author: Tomas Mraz <tomas at openssl.org>
Date:   Fri Jul 2 15:29:13 2021 +0200

    rsa_cms_verify: Avoid negative return with missing pss parameters
    
    Fixes #15984
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15985)

-----------------------------------------------------------------------

Summary of changes:
 crypto/cms/cms_rsa.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
index b9e895aed4..20ed816918 100644
--- a/crypto/cms/cms_rsa.c
+++ b/crypto/cms/cms_rsa.c
@@ -222,7 +222,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si)
     CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
     nid = OBJ_obj2nid(alg->algorithm);
     if (nid == EVP_PKEY_RSA_PSS)
-        return ossl_rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
+        return ossl_rsa_pss_to_ctx(NULL, pkctx, alg, NULL) > 0;
     /* Only PSS allowed for PSS keys */
     if (EVP_PKEY_is_a(pkey, "RSA-PSS")) {
         ERR_raise(ERR_LIB_RSA, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);


More information about the openssl-commits mailing list