diff options
| author | Matt Caswell <matt@openssl.org> | 2020-01-17 14:47:18 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-02-13 14:14:30 +0000 |
| commit | afb638f137958205b6b089da8967f4775b4c9bb6 (patch) | |
| tree | b11c87c306131476dfad7eb0444d291e42713893 /crypto/rsa/rsa_oaep.c | |
| parent | 1b72105076bb2e73f3c8461f9c0ca5ecefe007c8 (diff) | |
Make the RSA ASYM_CIPHER implementation available inside the FIPS module
RSA ASYM_CIPHER was already available within the default provider. We
now make it also available from inside the FIPS module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10881)
Diffstat (limited to 'crypto/rsa/rsa_oaep.c')
| -rw-r--r-- | crypto/rsa/rsa_oaep.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 1ae7ed287f..d1150f09a8 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -57,8 +57,14 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, unsigned char seedmask[EVP_MAX_MD_SIZE]; int mdlen, dbmask_len = 0; +#ifndef FIPS_MODE if (md == NULL) md = EVP_sha1(); +#else + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, + ERR_R_PASSED_NULL_PARAMETER); + return 0; +#endif if (mgf1md == NULL) mgf1md = md; @@ -147,8 +153,15 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, phash[EVP_MAX_MD_SIZE]; int mdlen; - if (md == NULL) + if (md == NULL) { +#ifndef FIPS_MODE md = EVP_sha1(); +#else + RSAerr(0, ERR_R_PASSED_NULL_PARAMETER); + return -1; +#endif + } + if (mgf1md == NULL) mgf1md = md; @@ -272,13 +285,19 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, to[i] = constant_time_select_8(mask, db[i + mdlen + 1], to[i]); } +#ifndef FIPS_MODE /* * To avoid chosen ciphertext attacks, the error message should not * reveal which kind of decoding error happened. + * + * This trick doesn't work in the FIPS provider because libcrypto manages + * the error stack. Instead we opt not to put an error on the stack at all + * in case of padding failure in the FIPS provider. */ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, RSA_R_OAEP_DECODING_ERROR); err_clear_last_constant_time(1 & good); +#endif cleanup: OPENSSL_cleanse(seed, sizeof(seed)); OPENSSL_clear_free(db, dblen); |