diff options
author | Richard Levitte <levitte@openssl.org> | 2019-12-18 13:24:27 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-01-09 15:01:28 +0100 |
commit | f23bc0b770efd229e27519786d9f28da56752d0a (patch) | |
tree | 9ed18bbd3e8a3cc97c6a78a387fc1f7c585c78cd /crypto/evp/m_sigver.c | |
parent | CORE & EVP: Specify OP_query_operation_name() for KEYMGMT (diff) | |
download | openssl-f23bc0b770efd229e27519786d9f28da56752d0a.tar.xz openssl-f23bc0b770efd229e27519786d9f28da56752d0a.zip |
EVP: Adapt KEYEXCH, SIGNATURE and ASYM_CIPHER to handle key types better
The adaptation is to handle the case when key types and operations
that use these keys have different names. For example, EC keys can be
used for ECDSA and ECDH.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10647)
Diffstat (limited to 'crypto/evp/m_sigver.c')
-rw-r--r-- | crypto/evp/m_sigver.c | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 9d12e9b96a..ff94063181 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -52,7 +52,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, locpctx = ctx->pctx; evp_pkey_ctx_free_old_ops(locpctx); - if (locpctx->algorithm == NULL) + if (locpctx->keytype == NULL) goto legacy; if (mdname == NULL) { @@ -71,18 +71,28 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, } } - /* - * Because we cleared out old ops, we shouldn't need to worry about - * checking if signature is already there. Keymgmt is a different - * matter, as it isn't tied to a specific EVP_PKEY op. - */ - signature = EVP_SIGNATURE_fetch(locpctx->libctx, locpctx->algorithm, - locpctx->propquery); - if (signature != NULL && locpctx->keymgmt == NULL) { - int name_id = EVP_SIGNATURE_number(signature); + if (locpctx->keymgmt == NULL) + locpctx->keymgmt = EVP_KEYMGMT_fetch(locpctx->libctx, locpctx->keytype, + locpctx->propquery); + if (locpctx->keymgmt != NULL) { + const char *supported_sig = NULL; + + if (locpctx->keymgmt->query_operation_name != NULL) + supported_sig = + locpctx->keymgmt->query_operation_name(OSSL_OP_SIGNATURE); + + /* + * If we didn't get a supported sig, assume there is one with the + * same name as the key type. + */ + if (supported_sig == NULL) + supported_sig = locpctx->keytype; - locpctx->keymgmt = - evp_keymgmt_fetch_by_number(locpctx->libctx, name_id, + /* + * Because we cleared out old ops, we shouldn't need to worry about + * checking if signature is already there. + */ + signature = EVP_SIGNATURE_fetch(locpctx->libctx, supported_sig, locpctx->propquery); } |