In OpenSSL 1.1.1 doing an HMAC operation with (say) SHA1 would produce
output like this:
HMAC-SHA1(README.md)=
553154e4c0109ddc320bb495735906ad7135c2f1
Prior to this change master would instead display this like so:
SHA1(README.md)=
553154e4c0109ddc320bb495735906ad7135c2f1
The problem is that dgst was using EVP_PKEY_asn1_get0_info() to get
the algorithm name from the EVP_PKEY. This doesn't work with provider
based keys. Instead we introduce a new EVP_PKEY_get0_first_alg_name()
function, and an equivalent EVP_KEYMGMT_get0_first_name() function.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12850)
} else {
const char *sig_name = NULL;
if (!out_bin) {
- if (sigkey != NULL) {
- const EVP_PKEY_ASN1_METHOD *ameth;
- ameth = EVP_PKEY_get0_asn1(sigkey);
- if (ameth)
- EVP_PKEY_asn1_get0_info(NULL, NULL,
- NULL, NULL, &sig_name, ameth);
- }
+ if (sigkey != NULL)
+ sig_name = EVP_PKEY_get0_first_alg_name(sigkey);
}
ret = 0;
for (i = 0; i < argc; i++) {
return 1;
return 0;
}
+
+const char *EVP_PKEY_get0_first_alg_name(const EVP_PKEY *key)
+{
+ const EVP_PKEY_ASN1_METHOD *ameth;
+ const char *name = NULL;
+
+ if (key->keymgmt != NULL)
+ return EVP_KEYMGMT_get0_first_name(key->keymgmt);
+
+ /* Otherwise fallback to legacy */
+ ameth = EVP_PKEY_get0_asn1(key);
+ if (ameth != NULL)
+ EVP_PKEY_asn1_get0_info(NULL, NULL,
+ NULL, NULL, &name, ameth);
+
+ return name;
+}
return keymgmt->name_id;
}
+const char *EVP_KEYMGMT_get0_first_name(const EVP_KEYMGMT *keymgmt)
+{
+ return evp_first_name(keymgmt->prov, keymgmt->name_id);
+}
+
int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name)
{
return evp_is_a(keymgmt->prov, keymgmt->name_id, NULL, name);
int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id);
int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len);
+const char *EVP_PKEY_get0_first_alg_name(const EVP_PKEY *key);
+
# define EVP_PKEY_OP_UNDEFINED 0
# define EVP_PKEY_OP_PARAMGEN (1<<1)
# define EVP_PKEY_OP_KEYGEN (1<<2)
int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt);
void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt);
const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt);
+const char *EVP_KEYMGMT_get0_first_name(const EVP_KEYMGMT *keymgmt);
int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt);
int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name);
void EVP_KEYMGMT_do_all_provided(OPENSSL_CTX *libctx,
CMS_AuthEnvelopedData_create ? 3_0_0 EXIST::FUNCTION:CMS
CMS_AuthEnvelopedData_create_with_libctx ? 3_0_0 EXIST::FUNCTION:CMS
EVP_PKEY_CTX_set_ec_param_enc ? 3_0_0 EXIST::FUNCTION:EC
+EVP_PKEY_get0_first_alg_name ? 3_0_0 EXIST::FUNCTION:
+EVP_KEYMGMT_get0_first_name ? 3_0_0 EXIST::FUNCTION: