mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-19 19:50:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

Replace EVP_PKEY_supports_digest_nid

Browse Source 
The EVP_PKEY_supports_digest_nid() is renamed to
EVP_PKEY_digestsign_supports_digest() and implemented
via EVP_DigestSignInit_ex().

Fixes #14343

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15198)
This commit is contained in:
Tomas Mraz 2021-05-07 17:44:26 +02:00
parent 3c39bd9b89
commit e9fe0f7e9d
9 changed files with 75 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
crypto/evp/p_lib.c
View File

@ -1335,22 +1335,21 @@ int EVP_PKEY_get_group_name(const EVP_PKEY *pkey, char *gname, size_t gname_sz,
gname, gname_sz, gname_len);
}
int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid)
int EVP_PKEY_digestsign_supports_digest(EVP_PKEY *pkey, OSSL_LIB_CTX *libctx,
const char *name, const char *propq)
{
int rv = -2, default_nid;
int rv;
EVP_MD_CTX *ctx = NULL;
if (rv == -2) {
/*
* If there is a mandatory default digest and this isn't it, then
* the answer is 'no'.
*/
rv = EVP_PKEY_get_default_digest_nid(pkey, &default_nid);
if (rv == 2)
return (nid == default_nid);
/* zero is an error from EVP_PKEY_get_default_digest_nid() */
if (rv == 0)
return -1;
}
if ((ctx = EVP_MD_CTX_new()) == NULL)
return -1;
ERR_set_mark();
rv = EVP_DigestSignInit_ex(ctx, NULL, name, libctx,
propq, pkey, NULL);
ERR_pop_to_mark();
EVP_MD_CTX_free(ctx);
return rv;
}

12
doc/build.info
View File

@ -1198,6 +1198,10 @@ DEPEND[html/man3/EVP_PKEY_derive.html]=man3/EVP_PKEY_derive.pod
GENERATE[html/man3/EVP_PKEY_derive.html]=man3/EVP_PKEY_derive.pod
DEPEND[man/man3/EVP_PKEY_derive.3]=man3/EVP_PKEY_derive.pod
GENERATE[man/man3/EVP_PKEY_derive.3]=man3/EVP_PKEY_derive.pod
DEPEND[html/man3/EVP_PKEY_digestsign_supports_digest.html]=man3/EVP_PKEY_digestsign_supports_digest.pod
GENERATE[html/man3/EVP_PKEY_digestsign_supports_digest.html]=man3/EVP_PKEY_digestsign_supports_digest.pod
DEPEND[man/man3/EVP_PKEY_digestsign_supports_digest.3]=man3/EVP_PKEY_digestsign_supports_digest.pod
GENERATE[man/man3/EVP_PKEY_digestsign_supports_digest.3]=man3/EVP_PKEY_digestsign_supports_digest.pod
DEPEND[html/man3/EVP_PKEY_encapsulate.html]=man3/EVP_PKEY_encapsulate.pod
GENERATE[html/man3/EVP_PKEY_encapsulate.html]=man3/EVP_PKEY_encapsulate.pod
DEPEND[man/man3/EVP_PKEY_encapsulate.3]=man3/EVP_PKEY_encapsulate.pod
@ -1274,10 +1278,6 @@ DEPEND[html/man3/EVP_PKEY_size.html]=man3/EVP_PKEY_size.pod
GENERATE[html/man3/EVP_PKEY_size.html]=man3/EVP_PKEY_size.pod
DEPEND[man/man3/EVP_PKEY_size.3]=man3/EVP_PKEY_size.pod
GENERATE[man/man3/EVP_PKEY_size.3]=man3/EVP_PKEY_size.pod
DEPEND[html/man3/EVP_PKEY_supports_digest_nid.html]=man3/EVP_PKEY_supports_digest_nid.pod
GENERATE[html/man3/EVP_PKEY_supports_digest_nid.html]=man3/EVP_PKEY_supports_digest_nid.pod
DEPEND[man/man3/EVP_PKEY_supports_digest_nid.3]=man3/EVP_PKEY_supports_digest_nid.pod
GENERATE[man/man3/EVP_PKEY_supports_digest_nid.3]=man3/EVP_PKEY_supports_digest_nid.pod
DEPEND[html/man3/EVP_PKEY_todata.html]=man3/EVP_PKEY_todata.pod
GENERATE[html/man3/EVP_PKEY_todata.html]=man3/EVP_PKEY_todata.pod
DEPEND[man/man3/EVP_PKEY_todata.3]=man3/EVP_PKEY_todata.pod
@ -3001,6 +3001,7 @@ html/man3/EVP_PKEY_copy_parameters.html \
html/man3/EVP_PKEY_decapsulate.html \
html/man3/EVP_PKEY_decrypt.html \
html/man3/EVP_PKEY_derive.html \
html/man3/EVP_PKEY_digestsign_supports_digest.html \
html/man3/EVP_PKEY_encapsulate.html \
html/man3/EVP_PKEY_encrypt.html \
html/man3/EVP_PKEY_fromdata.html \
@ -3020,7 +3021,6 @@ html/man3/EVP_PKEY_set_type.html \
html/man3/EVP_PKEY_settable_params.html \
html/man3/EVP_PKEY_sign.html \
html/man3/EVP_PKEY_size.html \
html/man3/EVP_PKEY_supports_digest_nid.html \
html/man3/EVP_PKEY_todata.html \
html/man3/EVP_PKEY_verify.html \
html/man3/EVP_PKEY_verify_recover.html \
@ -3589,6 +3589,7 @@ man/man3/EVP_PKEY_copy_parameters.3 \
man/man3/EVP_PKEY_decapsulate.3 \
man/man3/EVP_PKEY_decrypt.3 \
man/man3/EVP_PKEY_derive.3 \
man/man3/EVP_PKEY_digestsign_supports_digest.3 \
man/man3/EVP_PKEY_encapsulate.3 \
man/man3/EVP_PKEY_encrypt.3 \
man/man3/EVP_PKEY_fromdata.3 \
@ -3608,7 +3609,6 @@ man/man3/EVP_PKEY_set_type.3 \
man/man3/EVP_PKEY_settable_params.3 \
man/man3/EVP_PKEY_sign.3 \
man/man3/EVP_PKEY_size.3 \
man/man3/EVP_PKEY_supports_digest_nid.3 \
man/man3/EVP_PKEY_todata.3 \
man/man3/EVP_PKEY_verify.3 \
man/man3/EVP_PKEY_verify_recover.3 \

1
doc/man3/EVP_PKEY_ASN1_METHOD.pod
View File

@ -257,7 +257,6 @@ L<EVP_PKEY_set_type_str(3)>, and L<EVP_PKEY_assign(3)>.
The pkey_ctrl() method adds extra algorithm specific control.
It's called by L<EVP_PKEY_get_default_digest_nid(3)>,
L<EVP_PKEY_supports_digest_nid(3)>,
L<EVP_PKEY_set1_encoded_public_key(3)>,
L<EVP_PKEY_get1_encoded_public_key(3)>, L<PKCS7_SIGNER_INFO_set(3)>,
L<PKCS7_RECIP_INFO_set(3)>, ...

44
doc/man3/EVP_PKEY_digestsign_supports_digest.pod Normal file
View File

@ -0,0 +1,44 @@
=pod
=head1 NAME
EVP_PKEY_digestsign_supports_digest - indicate support for signature digest
=head1 SYNOPSIS
#include <openssl/evp.h>
int EVP_PKEY_digestsign_supports_digest(EVP_PKEY *pkey, OSSL_LIB_CTX *libctx,
const char *name, const char *propq);
=head1 DESCRIPTION
The EVP_PKEY_digestsign_supports_digest() function queries whether the message
digest I<name> is supported for public key signature operations associated with
key I<pkey>. The query is done within an optional library context I<libctx> and
with an optional property query I<propq>.
=head1 RETURN VALUES
The EVP_PKEY_digestsign_supports_digest() function returns 1 if the message
digest algorithm identified by I<name> can be used for public key signature
operations associated with key I<pkey> and 0 if it cannot be used. It returns
a negative value for failure.
=head1 SEE ALSO
L<EVP_DigestSignInit_ex(3)>,
=head1 HISTORY
The EVP_PKEY_digestsign_supports_digest() function was added in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

2
doc/man3/EVP_PKEY_get_default_digest_nid.pod
View File

@ -47,7 +47,7 @@ algorithm.
L<EVP_PKEY_CTX_new(3)>,
L<EVP_PKEY_sign(3)>,
L<EVP_PKEY_supports_digest_nid(3)>,
L<EVP_PKEY_digestsign_supports_digest(3)>,
L<EVP_PKEY_verify(3)>,
L<EVP_PKEY_verify_recover(3)>,

53
doc/man3/EVP_PKEY_supports_digest_nid.pod
View File

@ -1,53 +0,0 @@
=pod
=head1 NAME
EVP_PKEY_supports_digest_nid - indicate support for signature digest
=head1 SYNOPSIS
#include <openssl/evp.h>
int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid);
=head1 DESCRIPTION
The EVP_PKEY_supports_digest_nid() function queries whether the message digest
NID B<nid> is supported for public key signature operations associated with key
B<pkey>.
=head1 NOTES
If the EVP_PKEY implementation does not explicitly support this method, but
L<EVP_PKEY_get_default_digest_nid(3)> returns a mandatory digest result, then
only that mandatory digest will be supported.
=head1 RETURN VALUES
The EVP_PKEY_supports_digest_nid() function returns 1 if the message digest
algorithm identified by B<nid> can be used for public key signature operations
associated with key B<pkey> and 0 if it cannot be used. It returns a negative
value for failure. In particular a return value of -2 indicates the query
operation is not supported by the public key algorithm.
=head1 SEE ALSO
L<EVP_PKEY_CTX_new(3)>,
L<EVP_PKEY_get_default_digest_nid(3)>,
L<EVP_PKEY_sign(3)>,
L<EVP_PKEY_verify(3)>,
L<EVP_PKEY_verify_recover(3)>,
=head1 HISTORY
The EVP_PKEY_supports_digest_nid() function was added in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

3
include/openssl/evp.h
View File

@ -1398,7 +1398,8 @@ int EVP_PKEY_print_params_fp(FILE *fp, const EVP_PKEY *pkey,
int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey,
char *mdname, size_t mdname_sz);
int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid);
int EVP_PKEY_digestsign_supports_digest(EVP_PKEY *pkey, OSSL_LIB_CTX *libctx,
const char *name, const char *propq);
# ifndef OPENSSL_NO_DEPRECATED_3_0
/*

13
ssl/t1_lib.c
View File

@ -3052,15 +3052,18 @@ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x,
const SIGALG_LOOKUP *lu;
int mdnid, pknid, supported;
size_t i;
const char *mdname = NULL;
/*
* If the given EVP_PKEY cannot supporting signing with this sigalg,
* If the given EVP_PKEY cannot support signing with this digest,
* the answer is simply 'no'.
*/
ERR_set_mark();
supported = EVP_PKEY_supports_digest_nid(pkey, sig->hash);
ERR_pop_to_mark();
if (supported == 0)
if (sig->hash != NID_undef)
mdname = OBJ_nid2sn(sig->hash);
supported = EVP_PKEY_digestsign_supports_digest(pkey, s->ctx->libctx,
mdname,
s->ctx->propq);
if (supported <= 0)
return 0;
/*

2
util/libcrypto.num
View File

@ -4414,7 +4414,7 @@ EVP_MAC_update ? 3_0_0 EXIST::FUNCTION:
EVP_MAC_final ? 3_0_0 EXIST::FUNCTION:
EVP_MAC_finalXOF ? 3_0_0 EXIST::FUNCTION:
OSSL_EC_curve_nid2name ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_supports_digest_nid ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_digestsign_supports_digest ? 3_0_0 EXIST::FUNCTION:
SRP_VBASE_add0_user ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
SRP_user_pwd_new ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
SRP_user_pwd_set_gN ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP