diff options
author | Richard Levitte <levitte@openssl.org> | 2020-01-13 08:49:44 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-01-23 17:59:12 +0100 |
commit | ead0d2347a348f0916d6d25818d16d702f1d1156 (patch) | |
tree | 46ec463c875a8f05e9f5af28d56bea142cab0895 /crypto/evp/m_sigver.c | |
parent | Add internal maxsize macros (diff) | |
download | openssl-ead0d2347a348f0916d6d25818d16d702f1d1156.tar.xz openssl-ead0d2347a348f0916d6d25818d16d702f1d1156.zip |
EVP: Add EVP_PKEY_get_default_digest_name() and use it
It is the provider version of EVP_PKEY_get_default_digest_nid(). We make
sure to use it in the non-legacy section of do_sigver_init() (internal
implementation for EVP_DigestSignInit() and EVP_DigestVerifyInit())
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10824)
Diffstat (limited to 'crypto/evp/m_sigver.c')
-rw-r--r-- | crypto/evp/m_sigver.c | 46 |
1 files changed, 22 insertions, 24 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 79099b1e35..05dc46e3b1 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -33,6 +33,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, EVP_SIGNATURE *signature = NULL; EVP_KEYMGMT *tmp_keymgmt = NULL; const char *supported_sig = NULL; + char locmdname[80] = ""; /* 80 chars should be enough */ void *provkey = NULL; int ret; @@ -63,22 +64,6 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, if (locpctx->keytype == NULL) goto legacy; - if (mdname == NULL) { - if (type != NULL) { - mdname = EVP_MD_name(type); - } else if (pkey != NULL) { - /* - * TODO(v3.0) work out a better way for EVP_PKEYs with no legacy - * component. - */ - if (pkey->pkey.ptr != NULL) { - int def_nid; - if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) - mdname = OBJ_nid2sn(def_nid); - } - } - } - /* Ensure that the key is provided. If not, go legacy */ tmp_keymgmt = locpctx->keymgmt; provkey = evp_pkey_make_provided(locpctx->pkey, locpctx->libctx, @@ -131,6 +116,9 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, /* No more legacy from here down to legacy: */ + if (pctx != NULL) + *pctx = locpctx; + locpctx->op.sig.signature = signature; locpctx->operation = ver ? EVP_PKEY_OP_VERIFYCTX : EVP_PKEY_OP_SIGNCTX; @@ -142,15 +130,25 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, } if (type != NULL) { ctx->reqdigest = type; + if (mdname == NULL) + mdname = EVP_MD_name(type); } else { - /* - * This might be requested by a later call to EVP_MD_CTX_md(). In that - * case the "explicit fetch" rules apply for that function (as per - * man pages), i.e. the ref count is not updated so the EVP_MD should - * not be used beyound the lifetime of the EVP_MD_CTX. - */ - ctx->reqdigest = ctx->fetched_digest = - EVP_MD_fetch(locpctx->libctx, mdname, props); + if (mdname == NULL + && EVP_PKEY_get_default_digest_name(locpctx->pkey, locmdname, + sizeof(locmdname))) + mdname = locmdname; + + if (mdname != NULL) { + /* + * This might be requested by a later call to EVP_MD_CTX_md(). + * In that case the "explicit fetch" rules apply for that + * function (as per man pages), i.e. the ref count is not updated + * so the EVP_MD should not be used beyound the lifetime of the + * EVP_MD_CTX. + */ + ctx->reqdigest = ctx->fetched_digest = + EVP_MD_fetch(locpctx->libctx, mdname, props); + } } if (ver) { |