From: Richard Levitte <levitte@openssl.org>
Date: Tue, 1 Sep 2020 15:56:11 +0000 (+0200)
Subject: ASN1: Make ASN1_item_verify_ctx() work with provider-native keys
X-Git-Tag: openssl-3.0.0-alpha7~391
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d55d0935deb1a8af9cb9a76bf4ca21da47ba8184;p=thirdparty%2Fopenssl.git

ASN1: Make ASN1_item_verify_ctx() work with provider-native keys

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
---

diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index 2b2c46a8543..e3471c81412 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -163,7 +163,7 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
         }
 
         /* Check public key OID matches public key type */
-        if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
+        if (!EVP_PKEY_is_a(pkey, OBJ_nid2sn(pknid))) {
             ASN1err(0, ASN1_R_WRONG_PUBLIC_KEY_TYPE);
             goto err;
         }