APPS: dgst: Support properties when signing

author Clemens Lang <cllang@redhat.com>

Mon, 4 Jul 2022 14:15:07 +0000 (16:15 +0200)

committer Dmitry Belyavskiy <beldmit@gmail.com>

Wed, 17 Aug 2022 07:20:41 +0000 (09:20 +0200)
author Clemens Lang <cllang@redhat.com>
Mon, 4 Jul 2022 14:15:07 +0000 (16:15 +0200)
committer Dmitry Belyavskiy <beldmit@gmail.com>
Wed, 17 Aug 2022 07:20:41 +0000 (09:20 +0200)
diff --git a/apps/dgst.c b/apps/dgst.c

index 37e440acfe83ab94d3121b8cc16217a743984566..f009df8093e0c276a43f6b2dda896576e9859a4e 100644 (file)
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -322,8 +322,10 @@ int dgst_main(int argc, char **argv)
      }
  
      if (hmac_key != NULL) {
-        if (md == NULL)
+        if (md == NULL) {
              md = (EVP_MD *)EVP_sha256();
+            digestname = SN_sha256;
+        }
          sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
                                                (unsigned char *)hmac_key,
                                                strlen(hmac_key));
@@ -341,9 +343,19 @@ int dgst_main(int argc, char **argv)
              goto end;
          }
          if (do_verify)
-            res = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
+            if (impl == NULL)
+                res = EVP_DigestVerifyInit_ex(mctx, &pctx, digestname,
+                                              app_get0_libctx(),
+                                              app_get0_propq(), sigkey, NULL);
+            else
+                res = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
          else
-            res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
+            if (impl == NULL)
+                res = EVP_DigestSignInit_ex(mctx, &pctx, digestname,
+                                            app_get0_libctx(),
+                                            app_get0_propq(), sigkey, NULL);
+            else
+                res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
          if (res == 0) {
              BIO_printf(bio_err, "Error setting context\n");
              goto end;
@@ -468,7 +480,7 @@ static void show_digests(const OBJ_NAME *name, void *arg)
          return;
  
      /* Filter out message digests that we cannot use */
-    md = EVP_get_digestbyname(name->name);
+    md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq());
      if (md == NULL)
          return;
  
diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t

index bb5660dc3c5efd325d4cf0ba7b1f51029033c217..36567653f99eb7b372add8f25250bdbc8afc3a9d 100644 (file)
--- a/test/recipes/20-test_cli_fips.t
+++ b/test/recipes/20-test_cli_fips.t
@@ -67,7 +67,7 @@ sub pubfrompriv {
  
  }
  
-my $tsignverify_count = 8;
+my $tsignverify_count = 9;
  sub tsignverify {
      my $prefix = shift;
      my $fips_key = shift;
@@ -148,6 +148,18 @@ sub tsignverify {
                   $tbs_data])),
         $testtext);
  
+    $testtext = $prefix.': '.
+        'Verify something with a non-FIPS key'.
+               ' in FIPS mode but with a non-FIPS property query';
+    ok(run(app(['openssl', 'dgst',
+                               '-provider', 'default',
+                               '-propquery', '?fips!=yes',
+                               '-sha256',
+                '-verify', $nonfips_pub_key,
+                '-signature', $sigfile,
+                $tbs_data])),
+       $testtext);
+
      $testtext = $prefix.': '.
          'Verify a valid signature against the wrong data with a non-FIPS key'.
          ' (should fail)';
author	Clemens Lang <cllang@redhat.com>
	Mon, 4 Jul 2022 14:15:07 +0000 (16:15 +0200)
committer	Dmitry Belyavskiy <beldmit@gmail.com>
	Wed, 17 Aug 2022 07:20:41 +0000 (09:20 +0200)
apps/dgst.c		patch \| blob \| history
test/recipes/20-test_cli_fips.t		patch \| blob \| history