[openssl-dev] [openssl.org #4001] Bug in branch OpenSSL-fips-2_0-stable, file fips_rsa_sign.c
Stuart, Harold via RT
rt at openssl.org
Tue Aug 11 00:09:50 UTC 2015
The Blue Coat Systems cryptography team is reviewing our usage of OpenSSL and has discovered the following minor bug. We do not believe that this bug is exploitable.
In branch OpenSSL-fips-2_0-stable, file fips_rsa_sign.c observe the function FIPS_rsa_verify_digest. At line 353 the code looks like this:
if (!mhash && rsa_pad_mode == RSA_PKCS1_PADDING)
md_type = saltlen;
else
md_type = M_EVP_MD_type(mhash);
Note that mhash can be accessed in the else statement, even if it is NULL.
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list