EVP_SIGNATURE *signature = NULL;
EVP_KEYMGMT *tmp_keymgmt = NULL;
const char *supported_sig = NULL;
+ char locmdname[80] = ""; /* 80 chars should be enough */
void *provkey = NULL;
int ret;
if (locpctx->keytype == NULL)
goto legacy;
- if (mdname == NULL) {
- if (type != NULL) {
- mdname = EVP_MD_name(type);
- } else if (pkey != NULL) {
- /*
- * TODO(v3.0) work out a better way for EVP_PKEYs with no legacy
- * component.
- */
- if (pkey->pkey.ptr != NULL) {
- int def_nid;
- if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
- mdname = OBJ_nid2sn(def_nid);
- }
- }
- }
-
/* Ensure that the key is provided. If not, go legacy */
tmp_keymgmt = locpctx->keymgmt;
provkey = evp_pkey_make_provided(locpctx->pkey, locpctx->libctx,
/* No more legacy from here down to legacy: */
+ if (pctx != NULL)
+ *pctx = locpctx;
+
locpctx->op.sig.signature = signature;
locpctx->operation = ver ? EVP_PKEY_OP_VERIFYCTX
: EVP_PKEY_OP_SIGNCTX;
}
if (type != NULL) {
ctx->reqdigest = type;
+ if (mdname == NULL)
+ mdname = EVP_MD_name(type);
} else {
- /*
- * This might be requested by a later call to EVP_MD_CTX_md(). In that
- * case the "explicit fetch" rules apply for that function (as per
- * man pages), i.e. the ref count is not updated so the EVP_MD should
- * not be used beyound the lifetime of the EVP_MD_CTX.
- */
- ctx->reqdigest = ctx->fetched_digest =
- EVP_MD_fetch(locpctx->libctx, mdname, props);
+ if (mdname == NULL
+ && EVP_PKEY_get_default_digest_name(locpctx->pkey, locmdname,
+ sizeof(locmdname)))
+ mdname = locmdname;
+
+ if (mdname != NULL) {
+ /*
+ * This might be requested by a later call to EVP_MD_CTX_md().
+ * In that case the "explicit fetch" rules apply for that
+ * function (as per man pages), i.e. the ref count is not updated
+ * so the EVP_MD should not be used beyound the lifetime of the
+ * EVP_MD_CTX.
+ */
+ ctx->reqdigest = ctx->fetched_digest =
+ EVP_MD_fetch(locpctx->libctx, mdname, props);
+ }
}
if (ver) {
pctx);
}
+static int legacy_asn1_ctrl_to_param(EVP_PKEY *pkey, int op,
+ int arg1, void *arg2)
+{
+ if (pkey->pkeys[0].keymgmt == NULL)
+ return 0;
+ switch (op) {
+ case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+ {
+ char mdname[80] = "";
+ int nid;
+ int rv = EVP_PKEY_get_default_digest_name(pkey, mdname,
+ sizeof(mdname));
+
+ if (rv <= 0)
+ return rv;
+ nid = OBJ_sn2nid(mdname);
+ if (nid == NID_undef)
+ nid = OBJ_ln2nid(mdname);
+ if (nid == NID_undef)
+ return 0;
+ *(int *)arg2 = nid;
+ return 1;
+ }
+ default:
+ return -2;
+ }
+}
+
static int evp_pkey_asn1_ctrl(EVP_PKEY *pkey, int op, int arg1, void *arg2)
{
- if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
+ if (pkey->ameth == NULL)
+ return legacy_asn1_ctrl_to_param(pkey, op, arg1, arg2);
+ if (pkey->ameth->pkey_ctrl == NULL)
return -2;
return pkey->ameth->pkey_ctrl(pkey, op, arg1, arg2);
}
return evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, 0, pnid);
}
+int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey,
+ char *mdname, size_t mdname_sz)
+{
+ if (pkey->ameth == NULL) {
+ OSSL_PARAM params[3];
+ char mddefault[100] = "";
+ char mdmandatory[100] = "";
+
+ params[0] =
+ OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST,
+ mddefault, sizeof(mddefault));
+ params[1] =
+ OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST,
+ mdmandatory,
+ sizeof(mdmandatory));
+ params[2] = OSSL_PARAM_construct_end();
+ if (!evp_keymgmt_get_key_params(pkey->pkeys[0].keymgmt,
+ pkey->pkeys[0].provdata,
+ params))
+ return 0;
+ if (mdmandatory[0] != '\0') {
+ OPENSSL_strlcpy(mdname, mdmandatory, mdname_sz);
+ return 2;
+ }
+ OPENSSL_strlcpy(mdname, mddefault, mdname_sz);
+ return 1;
+ }
+
+ {
+ int nid = NID_undef;
+ int rv = EVP_PKEY_get_default_digest_nid(pkey, &nid);
+ const char *name = rv > 0 ? OBJ_nid2sn(nid) : NULL;
+
+ if (rv > 0)
+ OPENSSL_strlcpy(mdname, name, mdname_sz);
+ return rv;
+ }
+}
+
int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid)
{
int rv, default_nid;
=head1 NAME
-EVP_PKEY_get_default_digest_nid - get default signature digest
+EVP_PKEY_get_default_digest_nid, EVP_PKEY_get_default_digest_name
+- get default signature digest
=head1 SYNOPSIS
#include <openssl/evp.h>
+
+ int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey,
+ char *mdname, size_t mdname_sz)
int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
=head1 DESCRIPTION
-The EVP_PKEY_get_default_digest_nid() function sets B<pnid> to the default
-message digest NID for the public key signature operations associated with key
-B<pkey>. Note that some signature algorithms (i.e. Ed25519 and Ed448) do not use
-a digest during signing. In this case B<pnid> will be set to NID_undef.
+EVP_PKEY_get_default_digest_name() fills in the default message digest
+name for the public key signature operations associated with key
+I<pkey> into I<mdname>, up to at most I<mdname_sz> bytes including the
+ending NUL byte.
+
+EVP_PKEY_get_default_digest_nid() sets I<pnid> to the default message
+digest NID for the public key signature operations associated with key
+I<pkey>. Note that some signature algorithms (i.e. Ed25519 and Ed448)
+do not use a digest during signing. In this case I<pnid> will be set
+to NID_undef. This function is only reliable for legacy keys, which
+are keys with a B<EVP_PKEY_ASN1_METHOD>; these keys have typically
+been loaded from engines, or created with L<EVP_PKEY_assign_RSA(3)> or
+similar.
=head1 NOTES
=head1 RETURN VALUES
-The EVP_PKEY_get_default_digest_nid() function returns 1 if the message digest
-is advisory (that is other digests can be used) and 2 if it is mandatory (other
-digests can not be used). It returns 0 or a negative value for failure. In
-particular a return value of -2 indicates the operation is not supported by the
-public key algorithm.
+EVP_PKEY_get_default_digest_name() and EVP_PKEY_get_default_digest_nid()
+both return 1 if the message digest is advisory (that is other digests
+can be used) and 2 if it is mandatory (other digests can not be used).
+They return 0 or a negative value for failure. In particular a return
+value of -2 indicates the operation is not supported by the public key
+algorithm.
=head1 SEE ALSO
#define OSSL_PKEY_PARAM_BITS "bits" /* integer */
#define OSSL_PKEY_PARAM_MAX_SIZE "max-size" /* integer */
#define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits" /* integer */
+#define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest" /* utf8 string */
+#define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest" /* utf8 string */
/* Diffie-Hellman/DSA Parameters */
#define OSSL_PKEY_PARAM_FFC_P "p"
int indent, ASN1_PCTX *pctx);
int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
+int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey,
+ char *mdname, size_t mdname_sz);
int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid);
int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
ASN1_GENERALIZEDTIME_dup ? 3_0_0 EXIST::FUNCTION:
RAND_priv_bytes_ex ? 3_0_0 EXIST::FUNCTION:
RAND_bytes_ex ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_get_default_digest_name ? 3_0_0 EXIST::FUNCTION:
projects / openssl.git / commitdiff