diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-05-06 21:44:58 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-05-14 12:16:35 +0200 |
| commit | 2c6094baca6476d8b024dc7d9f461dae597ae797 (patch) | |
| tree | b86aadf58bb549dbc052a83ff5cd6ecd02017b79 /crypto/evp | |
| parent | ea297dca509b16190ad0a915f1324777b08ed8d8 (diff) | |
EVP: For SIGNATURE operations, pass the propquery early
Instead of passing it with signature->digest_verify_init() and
signature->digest_sign_init(), we pass it with signature->newctx().
This allows the digests that are indicated by RSA PSS parameters
to have a useful propquery.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
Diffstat (limited to 'crypto/evp')
| -rw-r--r-- | crypto/evp/m_sigver.c | 9 | ||||
| -rw-r--r-- | crypto/evp/signature.c | 3 |
2 files changed, 8 insertions, 4 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index c77683a69d..44e7cab1af 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -71,6 +71,9 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, locpctx = ctx->pctx; evp_pkey_ctx_free_old_ops(locpctx); + if (props == NULL) + props = locpctx->propquery; + /* * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark() * calls can be removed. @@ -142,7 +145,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, locpctx->operation = ver ? EVP_PKEY_OP_VERIFYCTX : EVP_PKEY_OP_SIGNCTX; locpctx->op.sig.sigprovctx - = signature->newctx(ossl_provider_ctx(signature->prov)); + = signature->newctx(ossl_provider_ctx(signature->prov), props); if (locpctx->op.sig.sigprovctx == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; @@ -182,14 +185,14 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, goto err; } ret = signature->digest_verify_init(locpctx->op.sig.sigprovctx, - mdname, props, provkey); + mdname, provkey); } else { if (signature->digest_sign_init == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); goto err; } ret = signature->digest_sign_init(locpctx->op.sig.sigprovctx, - mdname, props, provkey); + mdname, provkey); } return ret ? 1 : 0; diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c index b7a7f79606..595a93e66e 100644 --- a/crypto/evp/signature.c +++ b/crypto/evp/signature.c @@ -417,7 +417,8 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation) /* No more legacy from here down to legacy: */ ctx->op.sig.signature = signature; - ctx->op.sig.sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov)); + ctx->op.sig.sigprovctx = + signature->newctx(ossl_provider_ctx(signature->prov), ctx->propquery); if (ctx->op.sig.sigprovctx == NULL) { /* The provider key can stay in the cache */ EVPerr(0, EVP_R_INITIALIZATION_ERROR); |