summaryrefslogtreecommitdiffstats
path: root/crypto/evp/m_sigver.c
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2019-12-18 13:24:27 +0100
committerRichard Levitte <levitte@openssl.org>2020-01-09 15:01:28 +0100
commitf23bc0b770efd229e27519786d9f28da56752d0a (patch)
tree9ed18bbd3e8a3cc97c6a78a387fc1f7c585c78cd /crypto/evp/m_sigver.c
parentCORE & EVP: Specify OP_query_operation_name() for KEYMGMT (diff)
downloadopenssl-f23bc0b770efd229e27519786d9f28da56752d0a.tar.xz
openssl-f23bc0b770efd229e27519786d9f28da56752d0a.zip
EVP: Adapt KEYEXCH, SIGNATURE and ASYM_CIPHER to handle key types better
The adaptation is to handle the case when key types and operations that use these keys have different names. For example, EC keys can be used for ECDSA and ECDH. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10647)
Diffstat (limited to 'crypto/evp/m_sigver.c')
-rw-r--r--crypto/evp/m_sigver.c34
1 files changed, 22 insertions, 12 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 9d12e9b96a..ff94063181 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -52,7 +52,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
locpctx = ctx->pctx;
evp_pkey_ctx_free_old_ops(locpctx);
- if (locpctx->algorithm == NULL)
+ if (locpctx->keytype == NULL)
goto legacy;
if (mdname == NULL) {
@@ -71,18 +71,28 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
}
}
- /*
- * Because we cleared out old ops, we shouldn't need to worry about
- * checking if signature is already there. Keymgmt is a different
- * matter, as it isn't tied to a specific EVP_PKEY op.
- */
- signature = EVP_SIGNATURE_fetch(locpctx->libctx, locpctx->algorithm,
- locpctx->propquery);
- if (signature != NULL && locpctx->keymgmt == NULL) {
- int name_id = EVP_SIGNATURE_number(signature);
+ if (locpctx->keymgmt == NULL)
+ locpctx->keymgmt = EVP_KEYMGMT_fetch(locpctx->libctx, locpctx->keytype,
+ locpctx->propquery);
+ if (locpctx->keymgmt != NULL) {
+ const char *supported_sig = NULL;
+
+ if (locpctx->keymgmt->query_operation_name != NULL)
+ supported_sig =
+ locpctx->keymgmt->query_operation_name(OSSL_OP_SIGNATURE);
+
+ /*
+ * If we didn't get a supported sig, assume there is one with the
+ * same name as the key type.
+ */
+ if (supported_sig == NULL)
+ supported_sig = locpctx->keytype;
- locpctx->keymgmt =
- evp_keymgmt_fetch_by_number(locpctx->libctx, name_id,
+ /*
+ * Because we cleared out old ops, we shouldn't need to worry about
+ * checking if signature is already there.
+ */
+ signature = EVP_SIGNATURE_fetch(locpctx->libctx, supported_sig,
locpctx->propquery);
}