[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Fri Jun 4 08:03:52 UTC 2021
The branch master has been updated
via 51cda01c61870c2433fbbd54d69f2267362ea608 (commit)
from 6a2f82b439924a2e096ec3288041b7f2d02f58fc (commit)
- Log -----------------------------------------------------------------
commit 51cda01c61870c2433fbbd54d69f2267362ea608
Author: Pauli <pauli at openssl.org>
Date: Thu Jun 3 14:27:28 2021 +1000
req: detect a bad choice of digest early
This is a regression against 1.1.1 when an unknown digest was detected
early.
Fixes #15285
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15602)
-----------------------------------------------------------------------
Summary of changes:
apps/req.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/apps/req.c b/apps/req.c
index acb98e3560..9fbe4e250f 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -242,6 +242,7 @@ int req_main(int argc, char **argv)
X509 *new_x509 = NULL, *CAcert = NULL;
X509_REQ *req = NULL;
EVP_CIPHER *cipher = NULL;
+ EVP_MD *md = NULL;
int ext_copy = EXT_COPY_UNSET;
BIO *addext_bio = NULL;
char *extensions = NULL;
@@ -527,7 +528,15 @@ int req_main(int argc, char **argv)
if (!add_oid_section(req_conf))
goto end;
- if (digest == NULL) {
+ /* Check that any specified digest is fetchable */
+ if (digest != NULL) {
+ if (!opt_md(digest, &md)) {
+ ERR_clear_error();
+ goto opthelp;
+ }
+ EVP_MD_free(md);
+ } else {
+ /* No digest specified, default to configuration */
p = NCONF_get_string(req_conf, section, "default_md");
if (p == NULL)
ERR_clear_error();
More information about the openssl-commits
mailing list