From e637d47c9122d74d4f3a40a8cbe867de29468ba3 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 19 May 2020 12:52:07 +0200 Subject: [PATCH] rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md| In the FIPS module, the code as written generate an unconditional error. Fixes #11865 Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11869) --- crypto/rsa/rsa_oaep.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 8ffde9ff18..ce98802070 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -67,13 +67,14 @@ int rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(OPENSSL_CTX *libctx, unsigned char seedmask[EVP_MAX_MD_SIZE]; int mdlen, dbmask_len = 0; + if (md == NULL) { #ifndef FIPS_MODULE - if (md == NULL) md = EVP_sha1(); #else RSAerr(0, ERR_R_PASSED_NULL_PARAMETER); return 0; #endif + } if (mgf1md == NULL) mgf1md = md; -- 2.25.1