gname, gname_sz, gname_len);
}
-int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid)
+int EVP_PKEY_digestsign_supports_digest(EVP_PKEY *pkey, OSSL_LIB_CTX *libctx,
+ const char *name, const char *propq)
{
- int rv = -2, default_nid;
+ int rv;
+ EVP_MD_CTX *ctx = NULL;
- if (rv == -2) {
- /*
- * If there is a mandatory default digest and this isn't it, then
- * the answer is 'no'.
- */
- rv = EVP_PKEY_get_default_digest_nid(pkey, &default_nid);
- if (rv == 2)
- return (nid == default_nid);
- /* zero is an error from EVP_PKEY_get_default_digest_nid() */
- if (rv == 0)
- return -1;
- }
+ if ((ctx = EVP_MD_CTX_new()) == NULL)
+ return -1;
+
+ ERR_set_mark();
+ rv = EVP_DigestSignInit_ex(ctx, NULL, name, libctx,
+ propq, pkey, NULL);
+ ERR_pop_to_mark();
+
+ EVP_MD_CTX_free(ctx);
return rv;
}
GENERATE[html/man3/EVP_PKEY_derive.html]=man3/EVP_PKEY_derive.pod
DEPEND[man/man3/EVP_PKEY_derive.3]=man3/EVP_PKEY_derive.pod
GENERATE[man/man3/EVP_PKEY_derive.3]=man3/EVP_PKEY_derive.pod
+DEPEND[html/man3/EVP_PKEY_digestsign_supports_digest.html]=man3/EVP_PKEY_digestsign_supports_digest.pod
+GENERATE[html/man3/EVP_PKEY_digestsign_supports_digest.html]=man3/EVP_PKEY_digestsign_supports_digest.pod
+DEPEND[man/man3/EVP_PKEY_digestsign_supports_digest.3]=man3/EVP_PKEY_digestsign_supports_digest.pod
+GENERATE[man/man3/EVP_PKEY_digestsign_supports_digest.3]=man3/EVP_PKEY_digestsign_supports_digest.pod
DEPEND[html/man3/EVP_PKEY_encapsulate.html]=man3/EVP_PKEY_encapsulate.pod
GENERATE[html/man3/EVP_PKEY_encapsulate.html]=man3/EVP_PKEY_encapsulate.pod
DEPEND[man/man3/EVP_PKEY_encapsulate.3]=man3/EVP_PKEY_encapsulate.pod
GENERATE[html/man3/EVP_PKEY_size.html]=man3/EVP_PKEY_size.pod
DEPEND[man/man3/EVP_PKEY_size.3]=man3/EVP_PKEY_size.pod
GENERATE[man/man3/EVP_PKEY_size.3]=man3/EVP_PKEY_size.pod
-DEPEND[html/man3/EVP_PKEY_supports_digest_nid.html]=man3/EVP_PKEY_supports_digest_nid.pod
-GENERATE[html/man3/EVP_PKEY_supports_digest_nid.html]=man3/EVP_PKEY_supports_digest_nid.pod
-DEPEND[man/man3/EVP_PKEY_supports_digest_nid.3]=man3/EVP_PKEY_supports_digest_nid.pod
-GENERATE[man/man3/EVP_PKEY_supports_digest_nid.3]=man3/EVP_PKEY_supports_digest_nid.pod
DEPEND[html/man3/EVP_PKEY_todata.html]=man3/EVP_PKEY_todata.pod
GENERATE[html/man3/EVP_PKEY_todata.html]=man3/EVP_PKEY_todata.pod
DEPEND[man/man3/EVP_PKEY_todata.3]=man3/EVP_PKEY_todata.pod
html/man3/EVP_PKEY_decapsulate.html \
html/man3/EVP_PKEY_decrypt.html \
html/man3/EVP_PKEY_derive.html \
+html/man3/EVP_PKEY_digestsign_supports_digest.html \
html/man3/EVP_PKEY_encapsulate.html \
html/man3/EVP_PKEY_encrypt.html \
html/man3/EVP_PKEY_fromdata.html \
html/man3/EVP_PKEY_settable_params.html \
html/man3/EVP_PKEY_sign.html \
html/man3/EVP_PKEY_size.html \
-html/man3/EVP_PKEY_supports_digest_nid.html \
html/man3/EVP_PKEY_todata.html \
html/man3/EVP_PKEY_verify.html \
html/man3/EVP_PKEY_verify_recover.html \
man/man3/EVP_PKEY_decapsulate.3 \
man/man3/EVP_PKEY_decrypt.3 \
man/man3/EVP_PKEY_derive.3 \
+man/man3/EVP_PKEY_digestsign_supports_digest.3 \
man/man3/EVP_PKEY_encapsulate.3 \
man/man3/EVP_PKEY_encrypt.3 \
man/man3/EVP_PKEY_fromdata.3 \
man/man3/EVP_PKEY_settable_params.3 \
man/man3/EVP_PKEY_sign.3 \
man/man3/EVP_PKEY_size.3 \
-man/man3/EVP_PKEY_supports_digest_nid.3 \
man/man3/EVP_PKEY_todata.3 \
man/man3/EVP_PKEY_verify.3 \
man/man3/EVP_PKEY_verify_recover.3 \
The pkey_ctrl() method adds extra algorithm specific control.
It's called by L<EVP_PKEY_get_default_digest_nid(3)>,
-L<EVP_PKEY_supports_digest_nid(3)>,
L<EVP_PKEY_set1_encoded_public_key(3)>,
L<EVP_PKEY_get1_encoded_public_key(3)>, L<PKCS7_SIGNER_INFO_set(3)>,
L<PKCS7_RECIP_INFO_set(3)>, ...
--- /dev/null
+=pod
+
+=head1 NAME
+
+EVP_PKEY_digestsign_supports_digest - indicate support for signature digest
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+ int EVP_PKEY_digestsign_supports_digest(EVP_PKEY *pkey, OSSL_LIB_CTX *libctx,
+ const char *name, const char *propq);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_digestsign_supports_digest() function queries whether the message
+digest I<name> is supported for public key signature operations associated with
+key I<pkey>. The query is done within an optional library context I<libctx> and
+with an optional property query I<propq>.
+
+=head1 RETURN VALUES
+
+The EVP_PKEY_digestsign_supports_digest() function returns 1 if the message
+digest algorithm identified by I<name> can be used for public key signature
+operations associated with key I<pkey> and 0 if it cannot be used. It returns
+a negative value for failure.
+
+=head1 SEE ALSO
+
+L<EVP_DigestSignInit_ex(3)>,
+
+=head1 HISTORY
+
+The EVP_PKEY_digestsign_supports_digest() function was added in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
L<EVP_PKEY_CTX_new(3)>,
L<EVP_PKEY_sign(3)>,
-L<EVP_PKEY_supports_digest_nid(3)>,
+L<EVP_PKEY_digestsign_supports_digest(3)>,
L<EVP_PKEY_verify(3)>,
L<EVP_PKEY_verify_recover(3)>,
+++ /dev/null
-=pod
-
-=head1 NAME
-
-EVP_PKEY_supports_digest_nid - indicate support for signature digest
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
- int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid);
-
-=head1 DESCRIPTION
-
-The EVP_PKEY_supports_digest_nid() function queries whether the message digest
-NID B<nid> is supported for public key signature operations associated with key
-B<pkey>.
-
-=head1 NOTES
-
-If the EVP_PKEY implementation does not explicitly support this method, but
-L<EVP_PKEY_get_default_digest_nid(3)> returns a mandatory digest result, then
-only that mandatory digest will be supported.
-
-=head1 RETURN VALUES
-
-The EVP_PKEY_supports_digest_nid() function returns 1 if the message digest
-algorithm identified by B<nid> can be used for public key signature operations
-associated with key B<pkey> and 0 if it cannot be used. It returns a negative
-value for failure. In particular a return value of -2 indicates the query
-operation is not supported by the public key algorithm.
-
-=head1 SEE ALSO
-
-L<EVP_PKEY_CTX_new(3)>,
-L<EVP_PKEY_get_default_digest_nid(3)>,
-L<EVP_PKEY_sign(3)>,
-L<EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verify_recover(3)>,
-
-=head1 HISTORY
-
-The EVP_PKEY_supports_digest_nid() function was added in OpenSSL 3.0.
-
-=head1 COPYRIGHT
-
-Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the Apache License 2.0 (the "License"). You may not use
-this file except in compliance with the License. You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey,
char *mdname, size_t mdname_sz);
-int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid);
+int EVP_PKEY_digestsign_supports_digest(EVP_PKEY *pkey, OSSL_LIB_CTX *libctx,
+ const char *name, const char *propq);
# ifndef OPENSSL_NO_DEPRECATED_3_0
/*
const SIGALG_LOOKUP *lu;
int mdnid, pknid, supported;
size_t i;
+ const char *mdname = NULL;
/*
- * If the given EVP_PKEY cannot supporting signing with this sigalg,
+ * If the given EVP_PKEY cannot support signing with this digest,
* the answer is simply 'no'.
*/
- ERR_set_mark();
- supported = EVP_PKEY_supports_digest_nid(pkey, sig->hash);
- ERR_pop_to_mark();
- if (supported == 0)
+ if (sig->hash != NID_undef)
+ mdname = OBJ_nid2sn(sig->hash);
+ supported = EVP_PKEY_digestsign_supports_digest(pkey, s->ctx->libctx,
+ mdname,
+ s->ctx->propq);
+ if (supported <= 0)
return 0;
/*
EVP_MAC_final ? 3_0_0 EXIST::FUNCTION:
EVP_MAC_finalXOF ? 3_0_0 EXIST::FUNCTION:
OSSL_EC_curve_nid2name ? 3_0_0 EXIST::FUNCTION:
-EVP_PKEY_supports_digest_nid ? 3_0_0 EXIST::FUNCTION:
+EVP_PKEY_digestsign_supports_digest ? 3_0_0 EXIST::FUNCTION:
SRP_VBASE_add0_user ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
SRP_user_pwd_new ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
SRP_user_pwd_set_gN ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
projects / openssl.git / commitdiff