diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-04-27 19:07:46 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2022-05-05 09:52:27 +0200 |
| commit | de56f726e163e99128ff93a04d74a8461f5a724b (patch) | |
| tree | dccb01da7ccf5cc4ab426d6b65e85f17632229a0 /crypto/crmf | |
| parent | X509{,_LOOKUP}: Improve distinction between not found and fatal/internal error (diff) | |
| download | openssl-de56f726e163e99128ff93a04d74a8461f5a724b.tar.xz openssl-de56f726e163e99128ff93a04d74a8461f5a724b.zip | |
crmf_lib.c: Make sure Ed signature for POPO is called without digest
Fixes #18184
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18230)
Diffstat (limited to 'crypto/crmf')
| -rw-r--r-- | crypto/crmf/crmf_lib.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index ea1e2dda09..11351e33d1 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -369,6 +369,8 @@ static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps, EVP_PKEY *pkey, const EVP_MD *digest, OSSL_LIB_CTX *libctx, const char *propq) { + char name[80] = ""; + if (ps == NULL || cr == NULL || pkey == NULL) { ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return 0; @@ -379,6 +381,10 @@ static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps, return 0; } + if (EVP_PKEY_get_default_digest_name(pkey, name, sizeof(name)) > 0 + && strcmp(name, "UNDEF") == 0) /* at least for Ed25519, Ed448 */ + digest = NULL; + return ASN1_item_sign_ex(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST), ps->algorithmIdentifier, NULL, ps->signature, cr, NULL, pkey, digest, libctx, propq); |