[openssl-dev] [openssl.org #4001] Bug in branch OpenSSL-fips-2_0-stable, file fips_rsa_sign.c

Stuart, Harold via RT Mon, 10 Aug 2015 17:11:38 -0700

The Blue Coat Systems cryptography team is reviewing our usage of OpenSSL and 
has discovered the following minor bug. We do not believe that this bug is 
exploitable.


In branch OpenSSL-fips-2_0-stable, file fips_rsa_sign.c observe the function 
FIPS_rsa_verify_digest. At line 353 the code looks like this:

    if (!mhash && rsa_pad_mode == RSA_PKCS1_PADDING)
        md_type = saltlen;
    else
        md_type = M_EVP_MD_type(mhash);

Note that mhash can be accessed in the else statement, even if it is NULL.

_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4001] Bug in branch OpenSSL-fips-2_0-stable, file fips_rsa_sign.c

Reply via email to