From d55d0935deb1a8af9cb9a76bf4ca21da47ba8184 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Tue, 1 Sep 2020 17:56:11 +0200
Subject: [PATCH] ASN1: Make ASN1_item_verify_ctx() work with provider-native
 keys

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
---
 crypto/asn1/a_verify.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index 2b2c46a8543..e3471c81412 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -163,7 +163,7 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
         }
 
         /* Check public key OID matches public key type */
-        if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
+        if (!EVP_PKEY_is_a(pkey, OBJ_nid2sn(pknid))) {
             ASN1err(0, ASN1_R_WRONG_PUBLIC_KEY_TYPE);
             goto err;
         }
-- 
2.47.2