Correctly display the signing/hmac algorithm in the dgst app

In OpenSSL 1.1.1 doing an HMAC operation with (say) SHA1 would produce output like this: HMAC-SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1 Prior to this change master would instead display this like so: SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1 The problem is that dgst was using EVP_PKEY_asn1_get0_info() to get the algorithm name from the EVP_PKEY. This doesn't work with provider based keys. Instead we introduce a new EVP_PKEY_get0_first_alg_name() function, and an equivalent EVP_KEYMGMT_get0_first_name() function. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12850)
2024-11-21 01:15:20 +08:00 · 2020-09-13 11:09:20 +01:00 · 2020-09-13 11:09:20 +01:00 · d8025f4ac0
commit d8025f4ac0
parent b0002eb09a
5 changed files with 29 additions and 7 deletions
--- a/apps/dgst.c
+++ b/apps/dgst.c
@ -406,13 +406,8 @@ int dgst_main(int argc, char **argv)
    } else {
        const char *sig_name = NULL;
        if (!out_bin) {
-            if (sigkey != NULL) {
-                const EVP_PKEY_ASN1_METHOD *ameth;
-                ameth = EVP_PKEY_get0_asn1(sigkey);
-                if (ameth)
-                    EVP_PKEY_asn1_get0_info(NULL, NULL,
-                                            NULL, NULL, &sig_name, ameth);
-            }
+            if (sigkey != NULL)
+                sig_name = EVP_PKEY_get0_first_alg_name(sigkey);
        }
        ret = 0;
        for (i = 0; i < argc; i++) {
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@ -163,3 +163,20 @@ int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
        return 1;
    return 0;
 }
+
+const char *EVP_PKEY_get0_first_alg_name(const EVP_PKEY *key)
+{
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    const char *name = NULL;
+
+    if (key->keymgmt != NULL)
+        return EVP_KEYMGMT_get0_first_name(key->keymgmt);
+
+    /* Otherwise fallback to legacy */
+    ameth = EVP_PKEY_get0_asn1(key);
+    if (ameth != NULL)
+        EVP_PKEY_asn1_get0_info(NULL, NULL,
+                                NULL, NULL, &name, ameth);
+
+    return name;
+}
--- a/crypto/evp/keymgmt_meth.c
+++ b/crypto/evp/keymgmt_meth.c
@ -249,6 +249,11 @@ int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt)
    return keymgmt->name_id;
 }

+const char *EVP_KEYMGMT_get0_first_name(const EVP_KEYMGMT *keymgmt)
+{
+    return evp_first_name(keymgmt->prov, keymgmt->name_id);
+}
+
 int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name)
 {
    return evp_is_a(keymgmt->prov, keymgmt->name_id, NULL, name);
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@ -1496,6 +1496,8 @@ int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, const void *id, int len);
 int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id);
 int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len);

+const char *EVP_PKEY_get0_first_alg_name(const EVP_PKEY *key);
+
 # define EVP_PKEY_OP_UNDEFINED           0
 # define EVP_PKEY_OP_PARAMGEN            (1<<1)
 # define EVP_PKEY_OP_KEYGEN              (1<<2)
@ -1573,6 +1575,7 @@ EVP_KEYMGMT *EVP_KEYMGMT_fetch(OPENSSL_CTX *ctx, const char *algorithm,
 int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt);
 void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt);
 const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt);
+const char *EVP_KEYMGMT_get0_first_name(const EVP_KEYMGMT *keymgmt);
 int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt);
 int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name);
 void EVP_KEYMGMT_do_all_provided(OPENSSL_CTX *libctx,
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@ -5280,3 +5280,5 @@ EVP_PKEY_CTX_get1_id_len                ?	3_0_0	EXIST::FUNCTION:
 CMS_AuthEnvelopedData_create            ?	3_0_0	EXIST::FUNCTION:CMS
 CMS_AuthEnvelopedData_create_with_libctx ?	3_0_0	EXIST::FUNCTION:CMS
 EVP_PKEY_CTX_set_ec_param_enc           ?	3_0_0	EXIST::FUNCTION:EC
+EVP_PKEY_get0_first_alg_name            ?	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_get0_first_name             ?	3_0_0	EXIST::FUNCTION: