[openssl/openssl] 8d60a4: Fix error reporting in EVP_PKEY_{sign,verify,verif...

Richard Levitte noreply at github.com
Wed Jan 31 10:43:59 UTC 2024


  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 8d60a4f1da13199c727cbc21a9bb807f02509985
      https://github.com/openssl/openssl/commit/8d60a4f1da13199c727cbc21a9bb807f02509985
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2024-01-31 (Wed, 31 Jan 2024)

  Changed paths:
    M crypto/evp/signature.c

  Log Message:
  -----------
  Fix error reporting in EVP_PKEY_{sign,verify,verify_recover}

For some reason, those functions (and the _init functions too) would
raise EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE when the passed
ctx is NULL, and then not check if the provider supplied the function
that would support these libcrypto functions.

This corrects the situation, and has all those libcrypto functions
raise ERR_R_PASS_NULL_PARAMETER if ctx is NULL, and then check for the
corresponding provider supplied, and only when that one is missing,
raise EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE.

Because 0 doesn't mean error for EVP_PKEY_verify(), -1 is returned when
ERR_R_PASSED_NULL_PARAMETER is raised.  This is done consistently for all
affected functions.

Reviewed-by: Tom Cosgrove <tom.cosgrove at arm.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23411)

(cherry picked from commit 5a25177d1b07ef6e754fec1747b57ee90ab1e028)




More information about the openssl-commits mailing list