diff options
author | Michael Baentsch <57787676+baentsch@users.noreply.github.com> | 2022-09-26 17:32:05 +0200 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-02-24 11:02:48 +1100 |
commit | ee58915cfd9d0ad67f52d43cc1a2ce549049d248 (patch) | |
tree | e892900c53900bd693498bdc9ff2152ae14bcbe6 /crypto | |
parent | 1817dcaf556df559a32eed14d0947ff961be7b4f (diff) | |
download | openssl-new-ee58915cfd9d0ad67f52d43cc1a2ce549049d248.tar.gz |
first cut at sigalg loading
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19312)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509/x509_set.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index e804380a64..1d400a6b90 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -210,7 +210,7 @@ int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, /* Modify *siginf according to alg and sig. Return 1 on success, else 0. */ static int x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg, - const ASN1_STRING *sig) + const ASN1_STRING *sig, const EVP_PKEY *pubkey) { int pknid, mdnid; const EVP_MD *md; @@ -232,12 +232,20 @@ static int x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg, case NID_undef: /* If we have one, use a custom handler for this algorithm */ ameth = EVP_PKEY_asn1_find(NULL, pknid); - if (ameth == NULL || ameth->siginf_set == NULL - || !ameth->siginf_set(siginf, alg, sig)) { - ERR_raise(ERR_LIB_X509, X509_R_ERROR_USING_SIGINF_SET); - return 0; + if (ameth != NULL && ameth->siginf_set != NULL + && ameth->siginf_set(siginf, alg, sig)) + break; + if (pubkey != NULL) { + int secbits; + + secbits = EVP_PKEY_get_security_bits(pubkey); + if (secbits != 0) { + siginf->secbits = secbits; + break; + } } - break; + ERR_raise(ERR_LIB_X509, X509_R_ERROR_USING_SIGINF_SET); + return 0; /* * SHA1 and MD5 are known to be broken. Reduce security bits so that * they're no longer accepted at security level 1. @@ -288,5 +296,6 @@ static int x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg, /* Returns 1 on success, 0 on failure */ int ossl_x509_init_sig_info(X509 *x) { - return x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature); + return x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature, + X509_PUBKEY_get0(x->cert_info.key)); } |