diff options
author | Richard Levitte <levitte@openssl.org> | 2020-04-20 09:29:16 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-04-23 11:44:37 +0200 |
commit | 4c627d86351996d63d607960a0569248b96e63a8 (patch) | |
tree | b87c7addec43a7e63c2250b0c5799a998bacc976 | |
parent | EVP: add internal evp_keymgmt_util_get_deflt_digest_name() and use it (diff) | |
download | openssl-4c627d86351996d63d607960a0569248b96e63a8.tar.xz openssl-4c627d86351996d63d607960a0569248b96e63a8.zip |
EVP: Fix EVP_Digest{Sign,Verify}Init() to handle no default digest
EVP_DigestSignInit() and EVP_DigestVerifyInit() would detect if there
is no default digest when using legacy (EVP_PKEY_ASN1_METHOD)
implementations. However, it doesn't do that when provider side keys
are used.
Furthermore, because EVP_PKEY_get_default_digest_name() was used in
the portion of the code that uses the provider implementation, the
EVP_PKEY_ASN1_METHOD would be used if the key has one attached. This
is now changed to use evp_keymgmt_util_get_deflt_digest_name()
instead.
Finally, we make sure to detect if the provider implementation
supports the digest name parameters (default or mandatory), and
returns with error if not. This is what the legacy portion of the
code does.
Fixes #11571
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11576)
-rw-r--r-- | crypto/evp/m_sigver.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 8dd4207d17..148d29fd90 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -152,10 +152,16 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, if (mdname == NULL) mdname = canon_mdname(EVP_MD_name(type)); } else { - if (mdname == NULL - && EVP_PKEY_get_default_digest_name(locpctx->pkey, locmdname, - sizeof(locmdname))) - mdname = canon_mdname(locmdname); + if (mdname == NULL) { + if (evp_keymgmt_util_get_deflt_digest_name(tmp_keymgmt, provkey, + locmdname, + sizeof(locmdname)) > 0) { + mdname = canon_mdname(locmdname); + } else { + EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST); + return 0; + } + } if (mdname != NULL) { /* |