From: Dr. David von Oheimb Date: Mon, 18 May 2020 08:50:30 +0000 (+0200) Subject: Fix too strict checks of ossl_cmp_calc_protection() X-Git-Tag: openssl-3.0.0-alpha4~127 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ce0465edc7a55fb7fb7d1a5e724b6467ede30f42;p=oweals%2Fopenssl.git Fix too strict checks of ossl_cmp_calc_protection() Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) --- diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index 97600a7266..5d70c174ee 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -26,8 +26,8 @@ DEFINE_STACK_OF(X509) * Calculate protection for given PKImessage utilizing the given credentials * and the algorithm parameters set inside the message header's protectionAlg. * - * Either secret or pkey must be set, the other must be NULL. Attempts doing - * PBMAC in case 'secret' is set and signature if 'pkey' is set - but will only + * secret or pkey must be set. Attempts doing PBMAC in case 'secret' is set + * and else signature if 'pkey' is set - but will only * do the protection already marked in msg->header->protectionAlg. * * returns ptr to ASN1_BIT_STRING containing protection on success, else NULL @@ -73,7 +73,7 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_MSG *msg, } X509_ALGOR_get0(&algorOID, &pptype, &ppval, msg->header->protectionAlg); - if (secret != NULL && pkey == NULL) { + if (secret != NULL) { if (ppval == NULL) { CMPerr(0, CMP_R_ERROR_CALCULATING_PROTECTION); goto end; @@ -94,7 +94,7 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_MSG *msg, secret->data, secret->length, &protection, &sig_len)) goto end; - } else if (secret == NULL && pkey != NULL) { + } else if (pkey != NULL) { /* TODO combine this with large parts of CRMF_poposigningkey_init() */ /* EVP_DigestSignInit() checks that pkey type is correct for the alg */