File openssl-1_1-ossl-sli-015-sigver-hashing.patch of Package openssl-1_1

From 3f811487344e0e587561b08e640a261e723eefdc Mon Sep 17 00:00:00 2001
From: Christopher Dickerman <chrisd@atsec.com>
Date: Fri, 2 Aug 2024 10:58:41 -0500
Subject: [PATCH] 1224272 Signature procedures regarding hashing and
 sign/verify

---
 crypto/rsa/rsa_pmeth.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 34bef3e..ffb904e 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -128,7 +128,11 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
     int ret;
     RSA_PKEY_CTX *rctx = ctx->data;
     RSA *rsa = ctx->pkey->pkey.rsa;
-
+    
+    // A very tentative solution, not sure how to detect a pre-hashed message
+    if (rctx->md == NULL) {
+        fips_sli_disapprove_EVP_PKEY_CTX(ctx);
+    }
     fips_sli_check_key_rsa_siggen_EVP_PKEY_CTX(ctx, rsa);
     if (rctx->md) {
         if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
@@ -216,6 +220,10 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
     int ret;
     RSA_PKEY_CTX *rctx = ctx->data;
 
+    if (rctx->md == NULL) {
+        fips_sli_disapprove_EVP_PKEY_CTX(ctx);
+    }
+
     if (rctx->md) {
         if (rctx->pad_mode == RSA_X931_PADDING) {
             if (!setup_tbuf(rctx, ctx))
@@ -283,6 +291,10 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
     RSA_PKEY_CTX *rctx = ctx->data;
     RSA *rsa = ctx->pkey->pkey.rsa;
     size_t rslen;
+
+    if (rctx->md == NULL) {
+        fips_sli_disapprove_EVP_PKEY_CTX(ctx);
+    }
     fips_sli_check_key_rsa_sigver_EVP_PKEY_CTX(ctx, rsa);
 
     if (rctx->md) {
-- 
2.39.3 (Apple Git-146)