diff options
| author | Matt Caswell <matt@openssl.org> | 2020-09-13 11:09:20 +0100 |
|---|---|---|
| committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2020-09-17 11:12:08 +0300 |
| commit | d8025f4ac002f6de775a8c3c7936036d0722eed6 (patch) | |
| tree | 22d60990cab760b182fb7c6f3523d8b49e2841d3 | |
| parent | b0002eb09ac744d0c702c85648b2517e214580ea (diff) | |
Correctly display the signing/hmac algorithm in the dgst app
In OpenSSL 1.1.1 doing an HMAC operation with (say) SHA1 would produce
output like this:
HMAC-SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1
Prior to this change master would instead display this like so:
SHA1(README.md)= 553154e4c0109ddc320bb495735906ad7135c2f1
The problem is that dgst was using EVP_PKEY_asn1_get0_info() to get
the algorithm name from the EVP_PKEY. This doesn't work with provider
based keys. Instead we introduce a new EVP_PKEY_get0_first_alg_name()
function, and an equivalent EVP_KEYMGMT_get0_first_name() function.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)
| -rw-r--r-- | apps/dgst.c | 9 | ||||
| -rw-r--r-- | crypto/evp/evp_pkey.c | 17 | ||||
| -rw-r--r-- | crypto/evp/keymgmt_meth.c | 5 | ||||
| -rw-r--r-- | include/openssl/evp.h | 3 | ||||
| -rw-r--r-- | util/libcrypto.num | 2 |
5 files changed, 29 insertions, 7 deletions
diff --git a/apps/dgst.c b/apps/dgst.c index 7fc7da1e53..650115b468 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -406,13 +406,8 @@ int dgst_main(int argc, char **argv) } else { const char *sig_name = NULL; if (!out_bin) { - if (sigkey != NULL) { - const EVP_PKEY_ASN1_METHOD *ameth; - ameth = EVP_PKEY_get0_asn1(sigkey); - if (ameth) - EVP_PKEY_asn1_get0_info(NULL, NULL, - NULL, NULL, &sig_name, ameth); - } + if (sigkey != NULL) + sig_name = EVP_PKEY_get0_first_alg_name(sigkey); } ret = 0; for (i = 0; i < argc; i++) { diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index d435c86087..f31d1d68f8 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -163,3 +163,20 @@ int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, return 1; return 0; } + +const char *EVP_PKEY_get0_first_alg_name(const EVP_PKEY *key) +{ + const EVP_PKEY_ASN1_METHOD *ameth; + const char *name = NULL; + + if (key->keymgmt != NULL) + return EVP_KEYMGMT_get0_first_name(key->keymgmt); + + /* Otherwise fallback to legacy */ + ameth = EVP_PKEY_get0_asn1(key); + if (ameth != NULL) + EVP_PKEY_asn1_get0_info(NULL, NULL, + NULL, NULL, &name, ameth); + + return name; +} diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index 1459b64f0e..5453ceadda 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -249,6 +249,11 @@ int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt) return keymgmt->name_id; } +const char *EVP_KEYMGMT_get0_first_name(const EVP_KEYMGMT *keymgmt) +{ + return evp_first_name(keymgmt->prov, keymgmt->name_id); +} + int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name) { return evp_is_a(keymgmt->prov, keymgmt->name_id, NULL, name); diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 4d0cc9d560..ff97198542 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1496,6 +1496,8 @@ int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, const void *id, int len); int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id); int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len); +const char *EVP_PKEY_get0_first_alg_name(const EVP_PKEY *key); + # define EVP_PKEY_OP_UNDEFINED 0 # define EVP_PKEY_OP_PARAMGEN (1<<1) # define EVP_PKEY_OP_KEYGEN (1<<2) @@ -1573,6 +1575,7 @@ EVP_KEYMGMT *EVP_KEYMGMT_fetch(OPENSSL_CTX *ctx, const char *algorithm, int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt); const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt); +const char *EVP_KEYMGMT_get0_first_name(const EVP_KEYMGMT *keymgmt); int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt); int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name); void EVP_KEYMGMT_do_all_provided(OPENSSL_CTX *libctx, diff --git a/util/libcrypto.num b/util/libcrypto.num index 6070b570a5..a1b8ce0be1 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5280,3 +5280,5 @@ EVP_PKEY_CTX_get1_id_len ? 3_0_0 EXIST::FUNCTION: CMS_AuthEnvelopedData_create ? 3_0_0 EXIST::FUNCTION:CMS CMS_AuthEnvelopedData_create_with_libctx ? 3_0_0 EXIST::FUNCTION:CMS EVP_PKEY_CTX_set_ec_param_enc ? 3_0_0 EXIST::FUNCTION:EC +EVP_PKEY_get0_first_alg_name ? 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_get0_first_name ? 3_0_0 EXIST::FUNCTION: |