diff options
| author | Matt Caswell <matt@openssl.org> | 2024-07-31 15:08:40 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-09-09 09:51:50 +0200 |
| commit | 8cc0a97d60f4b77def4df9fee41740ffb2fb5563 (patch) | |
| tree | 86172c3df8aa28d4fc49b2e1be0015aa63c1ff65 /providers | |
| parent | Add missing security rules about NULL check to various manpages (diff) | |
| download | openssl-8cc0a97d60f4b77def4df9fee41740ffb2fb5563.tar.xz openssl-8cc0a97d60f4b77def4df9fee41740ffb2fb5563.zip | |
Complain about a missing digest when doing deterministic ECDSA
We need a digest for the none when doing deterministic ECDSA. Give a
better error message if one hasn't been supplied.
See openssl/openssl#25012
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25057)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/implementations/signature/ecdsa_sig.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c index 59e02f4cc4..440b176783 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c @@ -338,9 +338,13 @@ static int ecdsa_sign_directly(void *vctx, return 0; if (ctx->nonce_type != 0) { + const char *mdname = NULL; + + if (ctx->mdname[0] != '\0') + mdname = ctx->mdname; ret = ossl_ecdsa_deterministic_sign(tbs, tbslen, sig, &sltmp, ctx->ec, ctx->nonce_type, - ctx->mdname, + mdname, ctx->libctx, ctx->propq); } else { ret = ECDSA_sign_ex(0, tbs, tbslen, sig, &sltmp, ctx->kinv, ctx->r, |