From 563f9c951d9b050378b9d3659a932c98ab587b21 Mon Sep 17 00:00:00 2001 From: Petr Gotthard Date: Sat, 17 Jul 2021 21:22:28 +0200 Subject: FAPI Test: Call EVP_DigestSignInit in the correct order MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The EVP_DigestSignInit should be called only once and before calling EVP_PKEY_CTX_set_rsa_padding. See a corresponding example [here](https://www.openssl.org/docs/man1.0.2/man3/EVP_PKEY_sign_init.html) Current code works with OpenSSL 1.x, but fails with OpenSSL 3.0. This PR makes the code compatible with OpenSSL 1.0 through 3.0. Signed-off-by: Petr Gotthard --- test/integration/fapi-data-crypt.int.c | 8 ++------ test/integration/fapi-key-create-policy-signed.int.c | 8 ++------ 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/test/integration/fapi-data-crypt.int.c b/test/integration/fapi-data-crypt.int.c index b2d20b28..d42466db 100644 --- a/test/integration/fapi-data-crypt.int.c +++ b/test/integration/fapi-data-crypt.int.c @@ -129,8 +129,8 @@ signatureCallback( mdctx = EVP_MD_CTX_create(); chknull(mdctx); - if (1 != EVP_DigestSignInit(mdctx, &pctx, NULL, NULL, priv_key)) { - goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL digest sign init.", + if (1 != EVP_DigestSignInit(mdctx, &pctx, ossl_hash, NULL, priv_key)) { + goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL sign init.", error_cleanup); } if (EVP_PKEY_type(EVP_PKEY_id(priv_key)) == EVP_PKEY_RSA) { @@ -140,10 +140,6 @@ signatureCallback( error_cleanup); } } - if (1 != EVP_DigestSignInit(mdctx, &pctx, ossl_hash, NULL, priv_key)) { - goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL sign init.", - error_cleanup); - } if (1 != EVP_DigestSignUpdate(mdctx, dataToSign, dataToSignSize)) { goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL sign update.", error_cleanup); diff --git a/test/integration/fapi-key-create-policy-signed.int.c b/test/integration/fapi-key-create-policy-signed.int.c index e51289a6..b903dec0 100644 --- a/test/integration/fapi-key-create-policy-signed.int.c +++ b/test/integration/fapi-key-create-policy-signed.int.c @@ -144,8 +144,8 @@ signatureCallback( mdctx = EVP_MD_CTX_create(); chknull(mdctx); - if (1 != EVP_DigestSignInit(mdctx, &pctx, NULL, NULL, priv_key)) { - goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL digest sign init.", + if (1 != EVP_DigestSignInit(mdctx, &pctx, ossl_hash, NULL, priv_key)) { + goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL sign init.", error_cleanup); } if (EVP_PKEY_type(EVP_PKEY_id(priv_key)) == EVP_PKEY_RSA) { @@ -155,10 +155,6 @@ signatureCallback( error_cleanup); } } - if (1 != EVP_DigestSignInit(mdctx, &pctx, ossl_hash, NULL, priv_key)) { - goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL sign init.", - error_cleanup); - } if (1 != EVP_DigestSignUpdate(mdctx, dataToSign, dataToSignSize)) { goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "OSSL sign update.", error_cleanup); -- 2.26.3