Complain about a missing digest when doing deterministic ECDSA

We need a digest for the none when doing deterministic ECDSA. Give a
better error message if one hasn't been supplied.

See openssl/openssl#25012

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25057)
This commit is contained in:
Matt Caswell 2024-07-31 14:08:40 +01:00 committed by Tomas Mraz
parent 5d6322741a
commit 8cc0a97d60
2 changed files with 9 additions and 1 deletions

View File

@ -106,6 +106,10 @@ int ossl_ecdsa_deterministic_sign(const unsigned char *dgst, int dlen,
ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER);
return 0; return 0;
} }
if (digestname == NULL) {
ERR_raise(ERR_LIB_EC, EC_R_INVALID_DIGEST);
return 0;
}
*siglen = 0; *siglen = 0;
if (!ecdsa_sign_setup(eckey, NULL, &kinv, &r, dgst, dlen, if (!ecdsa_sign_setup(eckey, NULL, &kinv, &r, dgst, dlen,

View File

@ -338,9 +338,13 @@ static int ecdsa_sign_directly(void *vctx,
return 0; return 0;
if (ctx->nonce_type != 0) { if (ctx->nonce_type != 0) {
const char *mdname = NULL;
if (ctx->mdname[0] != '\0')
mdname = ctx->mdname;
ret = ossl_ecdsa_deterministic_sign(tbs, tbslen, sig, &sltmp, ret = ossl_ecdsa_deterministic_sign(tbs, tbslen, sig, &sltmp,
ctx->ec, ctx->nonce_type, ctx->ec, ctx->nonce_type,
ctx->mdname, mdname,
ctx->libctx, ctx->propq); ctx->libctx, ctx->propq);
} else { } else {
ret = ECDSA_sign_ex(0, tbs, tbslen, sig, &sltmp, ctx->kinv, ctx->r, ret = ECDSA_sign_ex(0, tbs, tbslen, sig, &sltmp, ctx->kinv, ctx->r,