Replace EVP_PKEY_supports_digest_nid

The EVP_PKEY_supports_digest_nid() is renamed to EVP_PKEY_digestsign_supports_digest() and implemented via EVP_DigestSignInit_ex(). Fixes #14343 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15198)
author: Tomas Mraz <tomas@openssl.org> 2021-05-07 17:44:26 +0200
committer: Tomas Mraz <tomas@openssl.org> 2021-05-13 13:19:39 +0200
commit: e9fe0f7e9df7e0909ca52a024b889e48616a29d9 (patch)
tree: 0063dedfae3fa67b80e46e5572743298a3eb2037 /ssl/t1_lib.c
parent: 3c39bd9b89198c6b3834c369c7da6f582788f645 (diff)
1 files changed, 8 insertions, 5 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 14c16e355d..1dc57af43a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3052,15 +3052,18 @@ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x,
     const SIGALG_LOOKUP *lu;
     int mdnid, pknid, supported;
     size_t i;
+    const char *mdname = NULL;
 
     /*
-     * If the given EVP_PKEY cannot supporting signing with this sigalg,
+     * If the given EVP_PKEY cannot support signing with this digest,
      * the answer is simply 'no'.
      */
-    ERR_set_mark();
-    supported = EVP_PKEY_supports_digest_nid(pkey, sig->hash);
-    ERR_pop_to_mark();
-    if (supported == 0)
+    if (sig->hash != NID_undef)
+        mdname = OBJ_nid2sn(sig->hash);
+    supported = EVP_PKEY_digestsign_supports_digest(pkey, s->ctx->libctx,
+                                                    mdname,
+                                                    s->ctx->propq);
+    if (supported <= 0)
         return 0;
 
     /*
author	Tomas Mraz <tomas@openssl.org>	2021-05-07 17:44:26 +0200
committer	Tomas Mraz <tomas@openssl.org>	2021-05-13 13:19:39 +0200
commit	e9fe0f7e9df7e0909ca52a024b889e48616a29d9 (patch)
tree	0063dedfae3fa67b80e46e5572743298a3eb2037 /ssl/t1_lib.c
parent	3c39bd9b89198c6b3834c369c7da6f582788f645 (diff)