Complain about a missing digest when doing deterministic ECDSA

We need a digest for the none when doing deterministic ECDSA. Give a better error message if one hasn't been supplied. See openssl/openssl#25012 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25057)
2024-11-27 05:21:51 +08:00 · 2024-07-31 14:08:40 +01:00 · 2024-07-31 14:08:40 +01:00 · 8cc0a97d60
commit 8cc0a97d60
parent 5d6322741a
2 changed files with 9 additions and 1 deletions
--- a/crypto/ec/ecdsa_ossl.c
+++ b/crypto/ec/ecdsa_ossl.c
@ -106,6 +106,10 @@ int ossl_ecdsa_deterministic_sign(const unsigned char *dgst, int dlen,
        ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER);
        return 0;
    }
+    if (digestname == NULL) {
+        ERR_raise(ERR_LIB_EC, EC_R_INVALID_DIGEST);
+        return 0;
+    }

    *siglen = 0;
    if (!ecdsa_sign_setup(eckey, NULL, &kinv, &r, dgst, dlen,
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
@ -338,9 +338,13 @@ static int ecdsa_sign_directly(void *vctx,
        return 0;

    if (ctx->nonce_type != 0) {
+        const char *mdname = NULL;
+
+        if (ctx->mdname[0] != '\0')
+            mdname = ctx->mdname;
        ret = ossl_ecdsa_deterministic_sign(tbs, tbslen, sig, &sltmp,
                                            ctx->ec, ctx->nonce_type,
-                                            ctx->mdname,
+                                            mdname,
                                            ctx->libctx, ctx->propq);
    } else {
        ret = ECDSA_sign_ex(0, tbs, tbslen, sig, &sltmp, ctx->kinv, ctx->r,