diff options
| author | Pauli <pauli@openssl.org> | 2021-06-03 06:27:28 +0200 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2021-06-04 10:03:25 +0200 |
| commit | 51cda01c61870c2433fbbd54d69f2267362ea608 (patch) | |
| tree | f837383f807b57de6874c02a8bf2b72ee0399e31 /apps | |
| parent | req: fix default bits handling for -newkey (diff) | |
| download | openssl-51cda01c61870c2433fbbd54d69f2267362ea608.tar.xz openssl-51cda01c61870c2433fbbd54d69f2267362ea608.zip | |
req: detect a bad choice of digest early
This is a regression against 1.1.1 when an unknown digest was detected
early.
Fixes #15285
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15602)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/req.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/apps/req.c b/apps/req.c index acb98e3560..9fbe4e250f 100644 --- a/apps/req.c +++ b/apps/req.c @@ -242,6 +242,7 @@ int req_main(int argc, char **argv) X509 *new_x509 = NULL, *CAcert = NULL; X509_REQ *req = NULL; EVP_CIPHER *cipher = NULL; + EVP_MD *md = NULL; int ext_copy = EXT_COPY_UNSET; BIO *addext_bio = NULL; char *extensions = NULL; @@ -527,7 +528,15 @@ int req_main(int argc, char **argv) if (!add_oid_section(req_conf)) goto end; - if (digest == NULL) { + /* Check that any specified digest is fetchable */ + if (digest != NULL) { + if (!opt_md(digest, &md)) { + ERR_clear_error(); + goto opthelp; + } + EVP_MD_free(md); + } else { + /* No digest specified, default to configuration */ p = NCONF_get_string(req_conf, section, "default_md"); if (p == NULL) ERR_clear_error(); |