mirror of https://github.com/openssl/openssl.git
9c44916ce5
As of the previous commit, when a zero-length (string) parameter is present in the parameters passed to a provider for a given operation, we will produce an object corresponding to that zero-length parameter, indicating to the underlying cryptographic operation that the parameter was passed. However, rsa_cms_decrypt() was relying on the previous behavior, and unconditionally tried to call EVP_PKEY_CTX_set0_rsa_oaep_label() even when the implicit default label was used (and thus the relevant local variable was still NULL). In the new setup that distinguishes present-but-empty and absent more clearly, it is an error to attempt to set a NULL parameter, even if it is zero-length. Exercise more caution when setting parameters, and do not call EVP_PKEY_CTX_set0_rsa_oaep_label() when there is not actually a label provided. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11920) |
||
|---|---|---|
| .. | ||
| build.info | ||
| rsa_ameth.c | ||
| rsa_asn1.c | ||
| rsa_backend.c | ||
| rsa_chk.c | ||
| rsa_crpt.c | ||
| rsa_depr.c | ||
| rsa_err.c | ||
| rsa_gen.c | ||
| rsa_lib.c | ||
| rsa_local.h | ||
| rsa_meth.c | ||
| rsa_mp.c | ||
| rsa_mp_names.c | ||
| rsa_none.c | ||
| rsa_oaep.c | ||
| rsa_ossl.c | ||
| rsa_pk1.c | ||
| rsa_pmeth.c | ||
| rsa_prn.c | ||
| rsa_pss.c | ||
| rsa_saos.c | ||
| rsa_schemes.c | ||
| rsa_sign.c | ||
| rsa_sp800_56b_check.c | ||
| rsa_sp800_56b_gen.c | ||
| rsa_ssl.c | ||
| rsa_x931.c | ||
| rsa_x931g.c | ||