mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-05 14:10:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

drbg: streamline test for allowed digests

Browse Source 
Under FIPS, we've got a whitelist of algorithms.  There is no need to then
also check for XOF digests because they aren't possible.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25007)
This commit is contained in:
Pauli 2024-07-26 11:59:09 +10:00
parent 4811efe12f
commit 9c57eb736e
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
providers/implementations/rands/drbg.c
View File

@ -1029,11 +1029,12 @@ int ossl_drbg_verify_digest(PROV_DRBG *drbg, OSSL_LIB_CTX *libctx,
return 0;
}
}
#endif
#else /* FIPS_MODULE */
/* Outside of FIPS, any digests that are not XOF are allowed */
if ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0) {
ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED);
return 0;
}
#endif /* FIPS_MODULE */
return 1;
}