diff options
| author | Richard Levitte <levitte@openssl.org> | 2024-08-28 16:36:31 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-08-30 11:54:13 +0200 |
| commit | d1c2c054a4b585eed8c883367d80e2a972c4846f (patch) | |
| tree | b6c535e896a2f08d75d521b6480331ea98079d78 | |
| parent | Refactor OpenSSL 'ECDSA' EVP_SIGNATURE to also include ECDSA+hash composites (diff) | |
| download | openssl-d1c2c054a4b585eed8c883367d80e2a972c4846f.tar.xz openssl-d1c2c054a4b585eed8c883367d80e2a972c4846f.zip | |
fix: ossl_digest_get_approved_nid() returns NID_undef on invalid digest
We checked using 'md_nid < 0', which is faulty.
Impact: DSA and ECDSA signature provider implementations
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24992)
| -rw-r--r-- | providers/implementations/signature/dsa_sig.c | 2 | ||||
| -rw-r--r-- | providers/implementations/signature/ecdsa_sig.c | 2 | ||||
| -rw-r--r-- | providers/implementations/signature/rsa_sig.c | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c index a14fa796e9..12cbd97c66 100644 --- a/providers/implementations/signature/dsa_sig.c +++ b/providers/implementations/signature/dsa_sig.c @@ -168,7 +168,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, if (md == NULL) ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, "%s could not be fetched", mdname); - if (md_nid < 0) + if (md_nid == NID_undef) ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, "digest=%s", mdname); if (mdname_len >= sizeof(ctx->mdname)) diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c index 4cbad1c38e..3f3a596168 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c @@ -197,7 +197,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, goto err; } md_nid = ossl_digest_get_approved_nid(md); - if (md_nid < 0) { + if (md_nid == NID_undef) { ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, "digest=%s", mdname); goto err; diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c index 45c36899e4..c5a4acb970 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c @@ -387,7 +387,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, goto err; } md_nid = ossl_digest_rsa_sign_get_md_nid(md); - if (md_nid <= 0) { + if (md_nid == NID_undef) { ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, "digest=%s", mdname); goto err; |