----- Original Message ----- From: "Tim Jackson via RT" <[email protected]> Cc: <[email protected]> Sent: Tuesday, April 12, 2011 9:13 AM Subject: [openssl.org #2497] [PATCH] Improve RSAOaep Error Handling
> Currently, OpenSSL doesn't check the return code of EVP_DigestFinal_ex() in rsa_oaep.c. However, EVP_DigestFinal_ex can return an error, which leads to confusion for the caller of RSA Oaep. This patch makes it so we return an error code if something goes wrong. This compiles against 1.0.0d. > > diff -ur ../openssl-1.0.0d/crypto/rsa/rsa_oaep.c src/crypto/rsa/rsa_oaep.c > --- ../openssl-1.0.0d/crypto/rsa/rsa_oaep.c 2009-06-26 16:14:11.000000000 -0700 > +++ src/crypto/rsa/rsa_oaep.c 2011-03-25 11:23:40.000000000 -0700 > @@ -188,7 +188,7 @@ > unsigned char cnt[4]; > EVP_MD_CTX c; > unsigned char md[EVP_MAX_MD_SIZE]; > - int mdlen; > + int mdlen = 0, result = 0; > A new 'result' variable is added that later remain unused. Gilles ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
