[openssl] master update

Dr. Paul Dale pauli at openssl.org
Thu Jul 8 10:22:42 UTC 2021

The branch master has been updated
       via  e278127cbfa2709d864ca9628a8ddb160c5c5331 (commit)
      from  daf4b2437f38bd104400517cf8ff2c8121813b1a (commit)

- Log -----------------------------------------------------------------
commit e278127cbfa2709d864ca9628a8ddb160c5c5331
Author: Pauli <pauli at openssl.org>
Date:   Wed Jul 7 16:32:16 2021 +1000

    evp: detect and raise an error if no digest is found for a sign/verify operation
    If no digest is specified, the code looks for a default digest per PKEY via the
    evp_keymgmt_util_get_deflt_digest_name() call.  If this call returns NULL,
    indicating no digest found, the code continues regardless.  If the verify/sign
    init later fails, it returns an error without raising one.  This change raises
    an error in this case.
    Fixes #15372
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16015)


Summary of changes:
 crypto/evp/m_sigver.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 5c5ed05876..63360a94bc 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -208,7 +208,14 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                           mdname, provkey, params);
-    goto end;
+    /*
+     * If the operation was not a success and no digest was found, an error
+     * needs to be raised.
+     */
+    if (ret > 0 || mdname != NULL)
+        goto end;
+    if (type == NULL)   /* This check is redundant but clarifies matters */

More information about the openssl-commits mailing list