From ce0465edc7a55fb7fb7d1a5e724b6467ede30f42 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Mon, 18 May 2020 10:50:30 +0200 Subject: [PATCH] Fix too strict checks of ossl_cmp_calc_protection() Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) --- crypto/cmp/cmp_protect.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index 97600a7266..5d70c174ee 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -26,8 +26,8 @@ DEFINE_STACK_OF(X509) * Calculate protection for given PKImessage utilizing the given credentials * and the algorithm parameters set inside the message header's protectionAlg. * - * Either secret or pkey must be set, the other must be NULL. Attempts doing - * PBMAC in case 'secret' is set and signature if 'pkey' is set - but will only + * secret or pkey must be set. Attempts doing PBMAC in case 'secret' is set + * and else signature if 'pkey' is set - but will only * do the protection already marked in msg->header->protectionAlg. * * returns ptr to ASN1_BIT_STRING containing protection on success, else NULL @@ -73,7 +73,7 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_MSG *msg, } X509_ALGOR_get0(&algorOID, &pptype, &ppval, msg->header->protectionAlg); - if (secret != NULL && pkey == NULL) { + if (secret != NULL) { if (ppval == NULL) { CMPerr(0, CMP_R_ERROR_CALCULATING_PROTECTION); goto end; @@ -94,7 +94,7 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_MSG *msg, secret->data, secret->length, &protection, &sig_len)) goto end; - } else if (secret == NULL && pkey != NULL) { + } else if (pkey != NULL) { /* TODO combine this with large parts of CRMF_poposigningkey_init() */ /* EVP_DigestSignInit() checks that pkey type is correct for the alg */ -- 2.25.1