diff options
author | Matt Caswell <matt@openssl.org> | 2021-05-25 14:39:29 +0100 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2021-05-31 09:16:47 +1000 |
commit | 0a4e660a273d6d33cfc1608ed48d6e560ae970ed (patch) | |
tree | 6c27bc6d5c2f9c58045660141cbb91c5fdbf756d /crypto/x509/v3_purp.c | |
parent | 3811e0019aa8340b413e65fcf81d4b726f437c93 (diff) | |
download | openssl-new-0a4e660a273d6d33cfc1608ed48d6e560ae970ed.tar.gz |
Update check_sig_alg_match() to work with provided keys
Use EVP_PKEY_is_a() to check whether an EVP_PKEY is compatible with the
given signature.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15528)
Diffstat (limited to 'crypto/x509/v3_purp.c')
-rw-r--r-- | crypto/x509/v3_purp.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index ede556d8ef..bcec4194fa 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -366,16 +366,15 @@ static int setup_crldp(X509 *x) /* Check that issuer public key algorithm matches subject signature algorithm */ static int check_sig_alg_match(const EVP_PKEY *issuer_key, const X509 *subject) { - int signer_nid, subj_sig_nid; + int subj_sig_nid; if (issuer_key == NULL) return X509_V_ERR_NO_ISSUER_PUBLIC_KEY; - signer_nid = EVP_PKEY_base_id(issuer_key); if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm), NULL, &subj_sig_nid) == 0) return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM; - if (signer_nid == EVP_PKEY_type(subj_sig_nid) - || (signer_nid == NID_rsaEncryption && subj_sig_nid == NID_rsassaPss)) + if (EVP_PKEY_is_a(issuer_key, OBJ_nid2sn(subj_sig_nid)) + || (EVP_PKEY_is_a(issuer_key, "RSA") && subj_sig_nid == NID_rsassaPss)) return X509_V_OK; return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH; } |