If no digest is specified, the code looks for a default digest per PKEY via the
evp_keymgmt_util_get_deflt_digest_name() call. If this call returns NULL,
indicating no digest found, the code continues regardless. If the verify/sign
init later fails, it returns an error without raising one. This change raises
an error in this case.
Fixes #15372
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16015)
mdname, provkey, params);
}
- goto end;
+ /*
+ * If the operation was not a success and no digest was found, an error
+ * needs to be raised.
+ */
+ if (ret > 0 || mdname != NULL)
+ goto end;
+ if (type == NULL) /* This check is redundant but clarifies matters */
+ ERR_raise(ERR_LIB_EVP, EVP_R_NO_DEFAULT_DIGEST);
err:
evp_pkey_ctx_free_old_ops(locpctx);