diff options
author | Richard Levitte <levitte@openssl.org> | 2023-03-08 11:53:34 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-06-15 14:04:33 +0200 |
commit | 3c4a3593e4bfa9824a676c7f6be3b939876ce2b3 (patch) | |
tree | b80c8927a5e593cb12075d405e37573621d8e214 /apps | |
parent | fd1520e0b9435fd0b37604c80bf51b7936410e91 (diff) |
apps/ca.c: Handle EVP_PKEY_get_default_digest_name() returning 1 with "UNDEF"
EVP_PKEY_get_default_digest_name() may return 1 with the returned digest
name "UNDEF". This case hasn't been documented, and the meaning has been
left undefined, until now.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20460)
(cherry picked from commit af99d55078582fb2ac35787043d56e0c10b1fe97)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/ca.c | 11 |
1 files changed, 8 insertions, 3 deletions
@@ -806,15 +806,20 @@ end_of_options: /* * EVP_PKEY_get_default_digest_name() returns 2 if the digest is * mandatory for this algorithm. + * + * That call may give back the name "UNDEF", which has these meanings: + * + * when def_ret == 2: the user MUST leave the digest unspecified + * when def_ret == 1: the user MAY leave the digest unspecified */ if (def_ret == 2 && strcmp(def_dgst, "UNDEF") == 0) { - /* The signing algorithm requires there to be no digest */ dgst = NULL; } else if (dgst == NULL - && (dgst = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL) { + && (dgst = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL + && strcmp(def_dgst, "UNDEF") != 0) { goto end; } else { - if (strcmp(dgst, "default") == 0) { + if (strcmp(dgst, "default") == 0 || strcmp(def_dgst, "UNDEF") == 0) { if (def_ret <= 0) { BIO_puts(bio_err, "no default digest\n"); goto end; |