EVP: legacy_ctrl_to_param() to handle provider side keys
authorRichard Levitte <levitte@openssl.org>
Thu, 9 Apr 2020 04:07:54 +0000 (06:07 +0200)
committerRichard Levitte <levitte@openssl.org>
Fri, 10 Apr 2020 20:15:25 +0000 (22:15 +0200)
There was one spot where this function would look at ctx->pmeth
directly to determine if it's for RSASSA-PSS, which fails when
presented with an EVP_PKEY_CTX holding a provider side key.
Switching to use EVP_PKEY_is_a() should make things better.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11501)

crypto/evp/pmeth_lib.c

index da50ebf18adf762fc93a0e632d98f7977c1ff8d7..f36a7363db52dae735e96979ccb3a87c31e3afdd 100644 (file)
@@ -890,7 +890,8 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype,
         case EVP_PKEY_CTRL_CMS_DECRYPT:
         case EVP_PKEY_CTRL_CMS_ENCRYPT:
 # endif
-            if (ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
+            /* TODO (3.0) Temporary hack, this should probe */
+            if (!EVP_PKEY_is_a(EVP_PKEY_CTX_get0_pkey(ctx), "RSASSA-PSS"))
                 return 1;
             ERR_raise(ERR_LIB_EVP,
                       EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);