[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Thu Jul 8 10:22:42 UTC 2021
The branch master has been updated
via e278127cbfa2709d864ca9628a8ddb160c5c5331 (commit)
from daf4b2437f38bd104400517cf8ff2c8121813b1a (commit)
- Log -----------------------------------------------------------------
commit e278127cbfa2709d864ca9628a8ddb160c5c5331
Author: Pauli <pauli at openssl.org>
Date: Wed Jul 7 16:32:16 2021 +1000
evp: detect and raise an error if no digest is found for a sign/verify operation
If no digest is specified, the code looks for a default digest per PKEY via the
evp_keymgmt_util_get_deflt_digest_name() call. If this call returns NULL,
indicating no digest found, the code continues regardless. If the verify/sign
init later fails, it returns an error without raising one. This change raises
an error in this case.
Fixes #15372
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16015)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/m_sigver.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 5c5ed05876..63360a94bc 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -208,7 +208,14 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
mdname, provkey, params);
}
- goto end;
+ /*
+ * If the operation was not a success and no digest was found, an error
+ * needs to be raised.
+ */
+ if (ret > 0 || mdname != NULL)
+ goto end;
+ if (type == NULL) /* This check is redundant but clarifies matters */
+ ERR_raise(ERR_LIB_EVP, EVP_R_NO_DEFAULT_DIGEST);
err:
evp_pkey_ctx_free_old_ops(locpctx);
More information about the openssl-commits
mailing list