Problem
On OpenSSL 3.x, both get_md_bynid() (lines 179–215) and get_message_digest() (lines 225–248) contain identical switch(hash_method) blocks that translate a NID to an algorithm name string. When a new hash is added (e.g. SHA-3), both switch tables must be updated independently — omitting one will cause sign()/verify() to work (they use get_md_bynid) while get_message_digest croaks, or vice-versa.
Why This Matters
Divergence between the two tables would cause silent inconsistency: signing would succeed but produce a digest computed with a different algorithm than what the EVP context expects, giving a signature that always fails verification.
Suggested Fix
Have get_message_digest() on 3.x use get_md_bynid() to obtain the EVP_MD*, then call EVP_Q_digest with that EVP_MD* (or use EVP_Digest), eliminating the duplicate name table. One switch table, one source of truth.
Details
|
|
| Severity |
🟡 Medium |
| Category |
duplication |
| Location |
RSA.xs:177-283 |
| Effort |
⚡ Quick fix |
🤖 Created by Kōan from audit session
Problem
On OpenSSL 3.x, both
get_md_bynid()(lines 179–215) andget_message_digest()(lines 225–248) contain identicalswitch(hash_method)blocks that translate a NID to an algorithm name string. When a new hash is added (e.g. SHA-3), both switch tables must be updated independently — omitting one will causesign()/verify()to work (they useget_md_bynid) whileget_message_digestcroaks, or vice-versa.Why This Matters
Divergence between the two tables would cause silent inconsistency: signing would succeed but produce a digest computed with a different algorithm than what the EVP context expects, giving a signature that always fails verification.
Suggested Fix
Have
get_message_digest()on 3.x useget_md_bynid()to obtain theEVP_MD*, then callEVP_Q_digestwith thatEVP_MD*(or useEVP_Digest), eliminating the duplicate name table. One switch table, one source of truth.Details
RSA.xs:177-283🤖 Created by Kōan from audit session