From: Richard Levitte <levitte@openssl.org>
Date: Tue, 19 May 2020 10:52:07 +0000 (+0200)
Subject: rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md|
X-Git-Tag: openssl-3.0.0-alpha3~65
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=e637d47c9122d74d4f3a40a8cbe867de29468ba3;p=oweals%2Fopenssl.git

rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md|

In the FIPS module, the code as written generate an unconditional
error.

Fixes #11865

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11869)
---

diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index 8ffde9ff18..ce98802070 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -67,13 +67,14 @@ int rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(OPENSSL_CTX *libctx,
     unsigned char seedmask[EVP_MAX_MD_SIZE];
     int mdlen, dbmask_len = 0;
 
+    if (md == NULL) {
 #ifndef FIPS_MODULE
-    if (md == NULL)
         md = EVP_sha1();
 #else
         RSAerr(0, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
 #endif
+    }
     if (mgf1md == NULL)
         mgf1md = md;