diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-05-18 10:50:30 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-06-13 15:13:21 +0200 |
commit | ce0465edc7a55fb7fb7d1a5e724b6467ede30f42 (patch) | |
tree | 6d15bc87d2709675b949f979a7139d78e3243d44 /crypto | |
parent | ffb6c86663f8d1048b8bac4023c0e41d3ec5891d (diff) |
Fix too strict checks of ossl_cmp_calc_protection()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/cmp/cmp_protect.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index 97600a7266..5d70c174ee 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -26,8 +26,8 @@ DEFINE_STACK_OF(X509) * Calculate protection for given PKImessage utilizing the given credentials * and the algorithm parameters set inside the message header's protectionAlg. * - * Either secret or pkey must be set, the other must be NULL. Attempts doing - * PBMAC in case 'secret' is set and signature if 'pkey' is set - but will only + * secret or pkey must be set. Attempts doing PBMAC in case 'secret' is set + * and else signature if 'pkey' is set - but will only * do the protection already marked in msg->header->protectionAlg. * * returns ptr to ASN1_BIT_STRING containing protection on success, else NULL @@ -73,7 +73,7 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_MSG *msg, } X509_ALGOR_get0(&algorOID, &pptype, &ppval, msg->header->protectionAlg); - if (secret != NULL && pkey == NULL) { + if (secret != NULL) { if (ppval == NULL) { CMPerr(0, CMP_R_ERROR_CALCULATING_PROTECTION); goto end; @@ -94,7 +94,7 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_MSG *msg, secret->data, secret->length, &protection, &sig_len)) goto end; - } else if (secret == NULL && pkey != NULL) { + } else if (pkey != NULL) { /* TODO combine this with large parts of CRMF_poposigningkey_init() */ /* EVP_DigestSignInit() checks that pkey type is correct for the alg */ |