Browse Source

PROV: Avoid MDC2 in the RSA signature implementation in the FIPS module

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
master
Richard Levitte 3 years ago
parent
commit
1b6ea3080d
1 changed files with 3 additions and 1 deletions
  1. +3
    -1
      providers/implementations/signature/rsa.c

+ 3
- 1
providers/implementations/signature/rsa.c View File

@ -308,6 +308,7 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen,
return 0;
}
#ifndef FIPS_MODE
if (EVP_MD_is_a(prsactx->md, OSSL_DIGEST_NAME_MDC2)) {
unsigned int sltmp;
@ -326,6 +327,7 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen,
ret = sltmp;
goto end;
}
#endif
switch (prsactx->pad_mode) {
case RSA_X931_PADDING:
@ -401,7 +403,7 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen,
prsactx->pad_mode);
}
#ifdef LEGACY_MODE
#ifndef FIPS_MODE
end:
#endif
if (ret <= 0) {


Loading…
Cancel
Save