28cd304e9d
OpenSSL 3.0 FIPS mode is now detected correctly Upstream fixes on top of 36.0.1: - Fix error check from EVP_PKEY_CTX_set_signature_md - Block 3DES in FIPS mode - Disable DSA tests in FIPS mode - Enable SHA1 signatures in test suite - Fix serialization of keyusage ext with no bits Related: rhbz#2060787
27 lines
1.1 KiB
Diff
27 lines
1.1 KiB
Diff
From 20bafea414bcc08bfcb5b669ecbf9a3438ff7b78 Mon Sep 17 00:00:00 2001
|
|
From: Alex Gaynor <alex.gaynor@gmail.com>
|
|
Date: Thu, 3 Mar 2022 15:44:02 -0500
|
|
Subject: [PATCH 3/5] fixes #6927 -- handle negative return values from openssl
|
|
(#6928)
|
|
|
|
---
|
|
src/cryptography/hazmat/backends/openssl/rsa.py | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py
|
|
index 9bef49d24..dd5d4990b 100644
|
|
--- a/src/cryptography/hazmat/backends/openssl/rsa.py
|
|
+++ b/src/cryptography/hazmat/backends/openssl/rsa.py
|
|
@@ -208,7 +208,7 @@ def _rsa_sig_setup(backend, padding, algorithm, key, init_func):
|
|
if algorithm is not None:
|
|
evp_md = backend._evp_md_non_null_from_algorithm(algorithm)
|
|
res = backend._lib.EVP_PKEY_CTX_set_signature_md(pkey_ctx, evp_md)
|
|
- if res == 0:
|
|
+ if res <= 0:
|
|
backend._consume_errors()
|
|
raise UnsupportedAlgorithm(
|
|
"{} is not supported by this backend for RSA signing.".format(
|
|
--
|
|
2.35.1
|
|
|