The branch master has been updated
via e637d47c9122d74d4f3a40a8cbe867de29468ba3 (commit)
from a30027b680c4ccf69f0600b3a5406821b2d7fe0b (commit)
- Log -----------------------------------------------------------------
commit e637d47c9122d74d4f3a40a8cbe867de29468ba3
Author: Richard Levitte <[email protected]>
Date: Tue May 19 12:52:07 2020 +0200
rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md|
In the FIPS module, the code as written generate an unconditional
error.
Fixes #11865
Reviewed-by: Bernd Edlinger <[email protected]>
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Paul Dale <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/11869)
-----------------------------------------------------------------------
Summary of changes:
crypto/rsa/rsa_oaep.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index 8ffde9ff18..ce98802070 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -67,13 +67,14 @@ int rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(OPENSSL_CTX
*libctx,
unsigned char seedmask[EVP_MAX_MD_SIZE];
int mdlen, dbmask_len = 0;
+ if (md == NULL) {
#ifndef FIPS_MODULE
- if (md == NULL)
md = EVP_sha1();
#else
RSAerr(0, ERR_R_PASSED_NULL_PARAMETER);
return 0;
#endif
+ }
if (mgf1md == NULL)
mgf1md = md;
