req: detect a bad choice of digest early

This is a regression against 1.1.1 when an unknown digest was detected
early.

Fixes #15285

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15602)

diff --git a/apps/req.c b/apps/req.c
index acb98e3560c1c8fc3b9e377bc08e10c9792955c2..9fbe4e250f4416d5d9096b5e5d67322599b5bd92 100644 (file)
--- a/apps/req.c
+++ b/apps/req.c
@@ -242,6 +242,7 @@ int req_main(int argc, char **argv)
     X509 *new_x509 = NULL, *CAcert = NULL;
     X509_REQ *req = NULL;
     EVP_CIPHER *cipher = NULL;
+    EVP_MD *md = NULL;
     int ext_copy = EXT_COPY_UNSET;
     BIO *addext_bio = NULL;
     char *extensions = NULL;
@@ -527,7 +528,15 @@ int req_main(int argc, char **argv)
     if (!add_oid_section(req_conf))
         goto end;
 
-    if (digest == NULL) {
+    /* Check that any specified digest is fetchable */
+    if (digest != NULL) {
+        if (!opt_md(digest, &md)) {
+            ERR_clear_error();
+            goto opthelp;
+        }
+        EVP_MD_free(md);
+    } else {
+        /* No digest specified, default to configuration */
         p = NCONF_get_string(req_conf, section, "default_md");
         if (p == NULL)
             ERR_clear_error();