From: Benjamin Kaduk Date: Fri, 22 May 2020 18:13:24 +0000 (-0700) Subject: RSA: Do not set NULL OAEP labels X-Git-Tag: openssl-3.0.0-alpha3~22 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=9c44916ce555a0280170c5fc519a0ebf693292f8;p=oweals%2Fopenssl.git RSA: Do not set NULL OAEP labels As of the previous commit, when a zero-length (string) parameter is present in the parameters passed to a provider for a given operation, we will produce an object corresponding to that zero-length parameter, indicating to the underlying cryptographic operation that the parameter was passed. However, rsa_cms_decrypt() was relying on the previous behavior, and unconditionally tried to call EVP_PKEY_CTX_set0_rsa_oaep_label() even when the implicit default label was used (and thus the relevant local variable was still NULL). In the new setup that distinguishes present-but-empty and absent more clearly, it is an error to attempt to set a NULL parameter, even if it is zero-length. Exercise more caution when setting parameters, and do not call EVP_PKEY_CTX_set0_rsa_oaep_label() when there is not actually a label provided. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11920) --- diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 6628e38342..22c06a2139 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -1007,7 +1007,8 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) goto err; if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) goto err; - if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) + if (label != NULL + && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) goto err; /* Carry on */ rv = 1;