diff options
author | Matt Caswell <matt@openssl.org> | 2020-01-17 14:47:18 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-02-13 14:14:30 +0000 |
commit | afb638f137958205b6b089da8967f4775b4c9bb6 (patch) | |
tree | b11c87c306131476dfad7eb0444d291e42713893 /crypto/rsa/rsa_pk1.c | |
parent | 1b72105076bb2e73f3c8461f9c0ca5ecefe007c8 (diff) |
Make the RSA ASYM_CIPHER implementation available inside the FIPS module
RSA ASYM_CIPHER was already available within the default provider. We
now make it also available from inside the FIPS module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10881)
Diffstat (limited to 'crypto/rsa/rsa_pk1.c')
-rw-r--r-- | crypto/rsa/rsa_pk1.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index 007e9b8cd5..eedc558e3f 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -251,8 +251,15 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, } OPENSSL_clear_free(em, num); +#ifndef FIPS_MODE + /* + * This trick doesn't work in the FIPS provider because libcrypto manages + * the error stack. Instead we opt not to put an error on the stack at all + * in case of padding failure in the FIPS provider. + */ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR); err_clear_last_constant_time(1 & good); +#endif return constant_time_select_int(good, mlen, -1); } |