diff options
| author | Richard Levitte <levitte@openssl.org> | 2019-12-04 09:54:35 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-02-22 01:07:16 +0100 |
| commit | 1b6ea3080d86e8c3a249cda92fbd20417e942704 (patch) | |
| tree | 204c2f45cc6171537e5a34f76780dfe480a897a4 /providers | |
| parent | ae9e0698df7672977f0c7c88f3b3c2b695c14611 (diff) | |
| download | openssl-1b6ea3080d86e8c3a249cda92fbd20417e942704.zip openssl-1b6ea3080d86e8c3a249cda92fbd20417e942704.tar.gz openssl-1b6ea3080d86e8c3a249cda92fbd20417e942704.tar.bz2 | |
PROV: Avoid MDC2 in the RSA signature implementation in the FIPS module
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/implementations/signature/rsa.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index 3f941b1..6b0f55a 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -308,6 +308,7 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen, return 0; } +#ifndef FIPS_MODE if (EVP_MD_is_a(prsactx->md, OSSL_DIGEST_NAME_MDC2)) { unsigned int sltmp; @@ -326,6 +327,7 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen, ret = sltmp; goto end; } +#endif switch (prsactx->pad_mode) { case RSA_X931_PADDING: @@ -401,7 +403,7 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen, prsactx->pad_mode); } -#ifdef LEGACY_MODE +#ifndef FIPS_MODE end: #endif if (ret <= 0) { |