[openssl] master update

Dr. Paul Dale pauli at openssl.org
Fri Jun 4 08:03:52 UTC 2021


The branch master has been updated
       via  51cda01c61870c2433fbbd54d69f2267362ea608 (commit)
      from  6a2f82b439924a2e096ec3288041b7f2d02f58fc (commit)


- Log -----------------------------------------------------------------
commit 51cda01c61870c2433fbbd54d69f2267362ea608
Author: Pauli <pauli at openssl.org>
Date:   Thu Jun 3 14:27:28 2021 +1000

    req: detect a bad choice of digest early
    
    This is a regression against 1.1.1 when an unknown digest was detected
    early.
    
    Fixes #15285
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15602)

-----------------------------------------------------------------------

Summary of changes:
 apps/req.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/apps/req.c b/apps/req.c
index acb98e3560..9fbe4e250f 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -242,6 +242,7 @@ int req_main(int argc, char **argv)
     X509 *new_x509 = NULL, *CAcert = NULL;
     X509_REQ *req = NULL;
     EVP_CIPHER *cipher = NULL;
+    EVP_MD *md = NULL;
     int ext_copy = EXT_COPY_UNSET;
     BIO *addext_bio = NULL;
     char *extensions = NULL;
@@ -527,7 +528,15 @@ int req_main(int argc, char **argv)
     if (!add_oid_section(req_conf))
         goto end;
 
-    if (digest == NULL) {
+    /* Check that any specified digest is fetchable */
+    if (digest != NULL) {
+        if (!opt_md(digest, &md)) {
+            ERR_clear_error();
+            goto opthelp;
+        }
+        EVP_MD_free(md);
+    } else {
+        /* No digest specified, default to configuration */
         p = NCONF_get_string(req_conf, section, "default_md");
         if (p == NULL)
             ERR_clear_error();


More information about the openssl-commits mailing list