summaryrefslogtreecommitdiffstats
path: root/crypto/evp/m_sigver.c
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2020-01-13 08:49:44 +0100
committerRichard Levitte <levitte@openssl.org>2020-01-23 17:59:12 +0100
commitead0d2347a348f0916d6d25818d16d702f1d1156 (patch)
tree46ec463c875a8f05e9f5af28d56bea142cab0895 /crypto/evp/m_sigver.c
parentAdd internal maxsize macros (diff)
downloadopenssl-ead0d2347a348f0916d6d25818d16d702f1d1156.tar.xz
openssl-ead0d2347a348f0916d6d25818d16d702f1d1156.zip
EVP: Add EVP_PKEY_get_default_digest_name() and use it
It is the provider version of EVP_PKEY_get_default_digest_nid(). We make sure to use it in the non-legacy section of do_sigver_init() (internal implementation for EVP_DigestSignInit() and EVP_DigestVerifyInit()) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10824)
Diffstat (limited to 'crypto/evp/m_sigver.c')
-rw-r--r--crypto/evp/m_sigver.c46
1 files changed, 22 insertions, 24 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 79099b1e35..05dc46e3b1 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -33,6 +33,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
EVP_SIGNATURE *signature = NULL;
EVP_KEYMGMT *tmp_keymgmt = NULL;
const char *supported_sig = NULL;
+ char locmdname[80] = ""; /* 80 chars should be enough */
void *provkey = NULL;
int ret;
@@ -63,22 +64,6 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
if (locpctx->keytype == NULL)
goto legacy;
- if (mdname == NULL) {
- if (type != NULL) {
- mdname = EVP_MD_name(type);
- } else if (pkey != NULL) {
- /*
- * TODO(v3.0) work out a better way for EVP_PKEYs with no legacy
- * component.
- */
- if (pkey->pkey.ptr != NULL) {
- int def_nid;
- if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
- mdname = OBJ_nid2sn(def_nid);
- }
- }
- }
-
/* Ensure that the key is provided. If not, go legacy */
tmp_keymgmt = locpctx->keymgmt;
provkey = evp_pkey_make_provided(locpctx->pkey, locpctx->libctx,
@@ -131,6 +116,9 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
/* No more legacy from here down to legacy: */
+ if (pctx != NULL)
+ *pctx = locpctx;
+
locpctx->op.sig.signature = signature;
locpctx->operation = ver ? EVP_PKEY_OP_VERIFYCTX
: EVP_PKEY_OP_SIGNCTX;
@@ -142,15 +130,25 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
}
if (type != NULL) {
ctx->reqdigest = type;
+ if (mdname == NULL)
+ mdname = EVP_MD_name(type);
} else {
- /*
- * This might be requested by a later call to EVP_MD_CTX_md(). In that
- * case the "explicit fetch" rules apply for that function (as per
- * man pages), i.e. the ref count is not updated so the EVP_MD should
- * not be used beyound the lifetime of the EVP_MD_CTX.
- */
- ctx->reqdigest = ctx->fetched_digest =
- EVP_MD_fetch(locpctx->libctx, mdname, props);
+ if (mdname == NULL
+ && EVP_PKEY_get_default_digest_name(locpctx->pkey, locmdname,
+ sizeof(locmdname)))
+ mdname = locmdname;
+
+ if (mdname != NULL) {
+ /*
+ * This might be requested by a later call to EVP_MD_CTX_md().
+ * In that case the "explicit fetch" rules apply for that
+ * function (as per man pages), i.e. the ref count is not updated
+ * so the EVP_MD should not be used beyound the lifetime of the
+ * EVP_MD_CTX.
+ */
+ ctx->reqdigest = ctx->fetched_digest =
+ EVP_MD_fetch(locpctx->libctx, mdname, props);
+ }
}
if (ver) {