Why does EVP_get_digestbyname("md4") return non-NULL if the legacy
provider isn't loaded? Similarly, why does it return non-NULL for "md5"
after doing EVP_set_default_properties(NULL, "fips=yes")? This seems
unintuitive. Legacy code that does not know about EVP_MD_fetch() checks
the return value of EVP_get_digestbyname(). Isn't that where the error
should be detected? Why let it get all the way to BIO_set_md() (or
EVP_DigestInit() or whatever) before the error is detected?
Tom.III
||
On 12/5/22 02:24, Tomas Mraz wrote:
Hi,
there is an error in your code - see my comment below.
On Mon, 2022-12-05 at 08:45 +0000, Zhongyan Wang wrote:
...
md = EVP_get_digestbyname(dgst);
if (!md) {
printf("Error EVP_get_digestbyname %s\n", dgst);
goto err_exit;
}
in = BIO_new_file(datain, "rb");
if (!in) {
printf("Error BIO_new_file %s\n", datain);
goto err_exit;
}
out = BIO_new(BIO_s_mem());
if (!out) {
printf("Error BIO_new out\n");
goto err_exit;
}
rbio = in;
bmd = BIO_new(BIO_f_md());
if (!bmd){
printf("Error BIO_new bmd\n");
goto err_exit;
}
BIO_set_md(bmd, md);
You do not check the return value here. This call will return <= 0
return value in case the legacy provider is not loaded.
