diff options
| author | Richard Levitte <levitte@openssl.org> | 2019-09-14 16:35:08 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2019-09-19 14:58:17 +0200 |
| commit | 7cfa1717b812a126ce6f8e4cc32139164c89d789 (patch) | |
| tree | 6baeb081c8d404bb4e82cabe0d42b5c78a356e19 /crypto | |
| parent | f7c16d48a945e80f22f6f02550ee3fe14edb52fa (diff) | |
Modify providers that keep track of underlying algorithms
With some provider implementations, there are underlying ciphers,
digests and macs. For some of them, the name was retrieved from the
method, but since the methods do not store those any more, we add
different mechanics.
For code that needs to pass on the name of a cipher or diges via
parameters, we simply locally store the name that was used when
fetching said cipher or digest. This will ensure that any underlying
code that needs to fetch that same cipher or digest does so with the
exact same name instead of any random name from the set of names
associated with the algorithm.
For code that needs to check what kind of algorithm was passed, we
provide EVP_{type}_is_a(), that returns true if the given method has
the given name as one of its names.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9897)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/evp/evp_fetch.c | 8 | ||||
| -rw-r--r-- | crypto/evp/evp_lib.c | 5 | ||||
| -rw-r--r-- | crypto/evp/evp_locl.h | 1 | ||||
| -rw-r--r-- | crypto/evp/mac_meth.c | 5 | ||||
| -rw-r--r-- | crypto/evp/pkey_mac.c | 4 |
5 files changed, 21 insertions, 2 deletions
diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 79520c0b7f..6e31af79f2 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -385,3 +385,11 @@ const char *evp_first_name(OSSL_PROVIDER *prov, int name_id) return ossl_namemap_num2name(namemap, name_id, 0); } + +int evp_is_a(OSSL_PROVIDER *prov, int number, const char *name) +{ + OPENSSL_CTX *libctx = ossl_provider_library_context(prov); + OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); + + return ossl_namemap_name2num(namemap, name) == number; +} diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 000d6e9623..e48c63037e 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -448,6 +448,11 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) return ctx->cipher->nid; } +int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name) +{ + return evp_is_a(cipher->prov, cipher->name_id, name); +} + const char *EVP_CIPHER_name(const EVP_CIPHER *cipher) { if (cipher->prov != NULL) diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index cd58ba33b5..ebfa3acd08 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -250,3 +250,4 @@ void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx); /* OSSL_PROVIDER * is only used to get the library context */ const char *evp_first_name(OSSL_PROVIDER *prov, int name_id); +int evp_is_a(OSSL_PROVIDER *prov, int number, const char *name); diff --git a/crypto/evp/mac_meth.c b/crypto/evp/mac_meth.c index 3dc58c1f3b..8c47a6c6e8 100644 --- a/crypto/evp/mac_meth.c +++ b/crypto/evp/mac_meth.c @@ -168,6 +168,11 @@ void EVP_MAC_free(EVP_MAC *mac) evp_mac_free(mac); } +int EVP_MAC_is_a(const EVP_MAC *mac, const char *name) +{ + return evp_is_a(mac->prov, mac->name_id, name); +} + const char *EVP_MAC_name(const EVP_MAC *mac) { return evp_first_name(mac->prov, mac->name_id); diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c index fc600fb845..1343e19e76 100644 --- a/crypto/evp/pkey_mac.c +++ b/crypto/evp/pkey_mac.c @@ -221,8 +221,8 @@ static int pkey_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) && (ctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) != 0; if (set_key) { - if (strcmp(OBJ_nid2sn(EVP_PKEY_id(EVP_PKEY_CTX_get0_pkey(ctx))), - EVP_MAC_name(EVP_MAC_CTX_mac(hctx->ctx))) != 0) + if (!EVP_MAC_is_a(EVP_MAC_CTX_mac(hctx->ctx), + OBJ_nid2sn(EVP_PKEY_id(EVP_PKEY_CTX_get0_pkey(ctx))))) return 0; key = EVP_PKEY_get0(EVP_PKEY_CTX_get0_pkey(ctx)); if (key == NULL) |