evp: detect and raise an error if no digest is found for a sign/verify operation

If no digest is specified, the code looks for a default digest per PKEY via the evp_keymgmt_util_get_deflt_digest_name() call. If this call returns NULL, indicating no digest found, the code continues regardless. If the verify/sign init later fails, it returns an error without raising one. This change raises an error in this case. Fixes #15372 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16015)
author: Pauli <pauli@openssl.org> 2021-07-07 16:32:16 +1000
committer: Pauli <pauli@openssl.org> 2021-07-08 20:22:21 +1000
commit: e278127cbfa2709d864ca9628a8ddb160c5c5331 (patch)
tree: 38681a2785da6d18108e40b3864e6ada95df8614 /crypto
parent: daf4b2437f38bd104400517cf8ff2c8121813b1a (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 5c5ed05876..63360a94bc 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -208,7 +208,14 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                           mdname, provkey, params);
     }
 
-    goto end;
+    /*
+     * If the operation was not a success and no digest was found, an error
+     * needs to be raised.
+     */
+    if (ret > 0 || mdname != NULL)
+        goto end;
+    if (type == NULL)   /* This check is redundant but clarifies matters */
+        ERR_raise(ERR_LIB_EVP, EVP_R_NO_DEFAULT_DIGEST);
 
  err:
     evp_pkey_ctx_free_old_ops(locpctx);
author	Pauli <pauli@openssl.org>	2021-07-07 16:32:16 +1000
committer	Pauli <pauli@openssl.org>	2021-07-08 20:22:21 +1000
commit	e278127cbfa2709d864ca9628a8ddb160c5c5331 (patch)
tree	38681a2785da6d18108e40b3864e6ada95df8614 /crypto
parent	daf4b2437f38bd104400517cf8ff2c8121813b1a (diff)