diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2015-12-02 13:57:04 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2015-12-02 17:52:01 +0000 |
| commit | 7f572e958b13041056f377a62d3219633cfb1e8a (patch) | |
| tree | e25e20a9a52529c804812272317c7fbc03e5d978 /crypto/evp/p_verify.c | |
| parent | 0aca86b313d286be979629a3193a12e17bf7171a (diff) | |
| download | openssl-7f572e958b13041056f377a62d3219633cfb1e8a.tar.gz | |
Remove legacy sign/verify from EVP_MD.
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a
legacy from when digests were linked to public key types. All signing is
now handled by the corresponding EVP_PKEY_METHOD.
Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms
already block unsupported types.
Remove now obsolete EVP_dss1() and EVP_ecdsa().
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/evp/p_verify.c')
| -rw-r--r-- | crypto/evp/p_verify.c | 47 |
1 files changed, 12 insertions, 35 deletions
diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c index 892c646b36..9802dccbae 100644 --- a/crypto/evp/p_verify.c +++ b/crypto/evp/p_verify.c @@ -67,7 +67,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len = 0; - int i = 0, ok = 0, v = 0; + int i = 0; EVP_PKEY_CTX *pkctx = NULL; if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { @@ -85,39 +85,16 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, return 0; } - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - i = -1; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (pkctx == NULL) - goto err; - if (EVP_PKEY_verify_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; - i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); + i = -1; + pkctx = EVP_PKEY_CTX_new(pkey, NULL); + if (pkctx == NULL) + goto err; + if (EVP_PKEY_verify_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; + i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: - EVP_PKEY_CTX_free(pkctx); - return i; - } - - for (i = 0; i < 4; i++) { - v = ctx->digest->required_pkey_type[i]; - if (v == 0) - break; - if (pkey->type == v) { - ok = 1; - break; - } - } - if (!ok) { - EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); - return (-1); - } - if (ctx->digest->verify == NULL) { - EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); - return (0); - } - - return (ctx->digest->verify(ctx->digest->type, m, m_len, - sigbuf, siglen, pkey->pkey.ptr)); + EVP_PKEY_CTX_free(pkctx); + return i; } |