EVP: Adapt KEYEXCH, SIGNATURE and ASYM_CIPHER to handle key types better

The adaptation is to handle the case when key types and operations that use these keys have different names. For example, EC keys can be used for ECDSA and ECDH. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10647)
author: Richard Levitte <levitte@openssl.org> 2019-12-18 13:24:27 +0100
committer: Richard Levitte <levitte@openssl.org> 2020-01-09 15:01:28 +0100
commit: f23bc0b770efd229e27519786d9f28da56752d0a (patch)
tree: 9ed18bbd3e8a3cc97c6a78a387fc1f7c585c78cd /crypto/evp/m_sigver.c
parent: e62a45b60e3166d995eb83840f437debf575c328 (diff)
1 files changed, 22 insertions, 12 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 9d12e9b96a..ff94063181 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -52,7 +52,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
     locpctx = ctx->pctx;
     evp_pkey_ctx_free_old_ops(locpctx);
 
-    if (locpctx->algorithm == NULL)
+    if (locpctx->keytype == NULL)
         goto legacy;
 
     if (mdname == NULL) {
@@ -71,18 +71,28 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
         }
     }
 
-    /*
-     * Because we cleared out old ops, we shouldn't need to worry about
-     * checking if signature is already there.  Keymgmt is a different
-     * matter, as it isn't tied to a specific EVP_PKEY op.
-     */
-    signature = EVP_SIGNATURE_fetch(locpctx->libctx, locpctx->algorithm,
-                                    locpctx->propquery);
-    if (signature != NULL && locpctx->keymgmt == NULL) {
-        int name_id = EVP_SIGNATURE_number(signature);
+    if (locpctx->keymgmt == NULL)
+        locpctx->keymgmt = EVP_KEYMGMT_fetch(locpctx->libctx, locpctx->keytype,
+                                             locpctx->propquery);
+    if (locpctx->keymgmt != NULL) {
+        const char *supported_sig = NULL;
+
+        if (locpctx->keymgmt->query_operation_name != NULL)
+            supported_sig =
+                locpctx->keymgmt->query_operation_name(OSSL_OP_SIGNATURE);
+
+        /*
+         * If we didn't get a supported sig, assume there is one with the
+         * same name as the key type.
+         */
+        if (supported_sig == NULL)
+            supported_sig = locpctx->keytype;
 
-        locpctx->keymgmt =
-            evp_keymgmt_fetch_by_number(locpctx->libctx, name_id,
+        /*
+         * Because we cleared out old ops, we shouldn't need to worry about
+         * checking if signature is already there.
+         */
+        signature = EVP_SIGNATURE_fetch(locpctx->libctx, supported_sig,
                                         locpctx->propquery);
     }
author	Richard Levitte <levitte@openssl.org>	2019-12-18 13:24:27 +0100
committer	Richard Levitte <levitte@openssl.org>	2020-01-09 15:01:28 +0100
commit	f23bc0b770efd229e27519786d9f28da56752d0a (patch)
tree	9ed18bbd3e8a3cc97c6a78a387fc1f7c585c78cd /crypto/evp/m_sigver.c
parent	e62a45b60e3166d995eb83840f437debf575c328 (diff)