Remove legacy sign/verify from EVP_MD.

This removes m_dss.c, m_dss1.c, and m_ecdsa.c and the corresponding
public API EVP_{dss,dss1,ecdsa}().

This is basically the following OpenSSL commit. The mentioned change in
RSA is already present in rsa/rsa_pmeth.c.

ok inoguchi jsing

commit 7f572e958b13041056f377a62d3219633cfb1e8a
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Wed Dec 2 13:57:04 2015 +0000

    Remove legacy sign/verify from EVP_MD.

    Remove sign/verify and required_pkey_type fields of EVP_MD: these are a
    legacy from when digests were linked to public key types. All signing is
    now handled by the corresponding EVP_PKEY_METHOD.

    Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms
    already block unsupported types.

    Remove now obsolete EVP_dss1() and EVP_ecdsa().

    Reviewed-by: Richard Levitte <levitte@openssl.org>

Plus OpenSSL commit 625a9baf11c1dd94f17e5876b6ee8d6271b3921d for m_dss.c

20 files changed, 62 insertions, 657 deletions

diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
index 6bbe8ad9de..00cd2e0721 100644
--- a/src/lib/libcrypto/Makefile
+++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.70 2022/01/14 08:12:31 tb Exp $
+# $OpenBSD: Makefile,v 1.71 2022/01/14 08:38:05 tb Exp $
 
 LIB=    crypto
 LIBREBUILD=y
@@ -175,8 +175,7 @@ SRCS+= encode.c digest.c evp_enc.c evp_key.c
 SRCS+= e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c
 SRCS+= e_rc4.c e_aes.c names.c
 SRCS+= e_xcbc_d.c e_rc2.c e_cast.c
-SRCS+= m_null.c m_md4.c m_md5.c m_sha1.c m_sm3.c m_wp.c
-SRCS+= m_dss.c m_dss1.c m_ripemd.c m_ecdsa.c
+SRCS+= m_null.c m_md4.c m_md5.c m_ripemd.c m_sha1.c m_sm3.c m_wp.c
 SRCS+= p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c
 SRCS+= bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c
 SRCS+= c_all.c evp_lib.c
diff --git a/src/lib/libcrypto/asn1/asn1_item.c b/src/lib/libcrypto/asn1/asn1_item.c
index 7dad8e0df1..108f272b8c 100644
--- a/src/lib/libcrypto/asn1/asn1_item.c
+++ b/src/lib/libcrypto/asn1/asn1_item.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_item.c,v 1.3 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: asn1_item.c,v 1.4 2022/01/14 08:38:05 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -265,15 +265,12 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
                 rv = 2;
 
         if (rv == 2) {
-                if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
-                        if (!pkey->ameth ||
-                            !OBJ_find_sigid_by_algs(&signid,
-                                EVP_MD_nid(type), pkey->ameth->pkey_id)) {
-                                ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
-                                return 0;
-                        }
-                } else
-                        signid = type->pkey_type;
+                if (!pkey->ameth ||
+                    !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type),
+                    pkey->ameth->pkey_id)) {
+                        ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+                        return 0;
+                }
 
                 if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
                         paramtype = V_ASN1_NULL;
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c
index 9e9d39d5ab..690215c8e8 100644
--- a/src/lib/libcrypto/evp/c_all.c
+++ b/src/lib/libcrypto/evp/c_all.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: c_all.c,v 1.26 2019/03/17 18:07:41 tb Exp $ */
+/* $OpenBSD: c_all.c,v 1.27 2022/01/14 08:38:05 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -263,24 +263,10 @@ OpenSSL_add_all_digests_internal(void)
         EVP_add_digest_alias(SN_md5, "ssl3-md5");
 #endif
 
-#if !defined(OPENSSL_NO_SHA)
-#ifndef OPENSSL_NO_DSA
-        EVP_add_digest(EVP_dss());
-#endif
-#endif
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
         EVP_add_digest(EVP_sha1());
         EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
         EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
-#ifndef OPENSSL_NO_DSA
-        EVP_add_digest(EVP_dss1());
-        EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
-        EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
-        EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
-#endif
-#ifndef OPENSSL_NO_ECDSA
-        EVP_add_digest(EVP_ecdsa());
-#endif
 #endif
 
 #ifndef OPENSSL_NO_GOST
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index acf0650f9a..a80cf189fc 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.98 2022/01/14 08:04:14 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.99 2022/01/14 08:38:05 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -128,15 +128,6 @@ extern "C" {
 #define EVP_MD_FLAG_ONESHOT     0x0001 /* digest can only handle a single
                                         * block */
 
-#define EVP_MD_FLAG_PKEY_DIGEST 0x0002 /* digest is a "clone" digest used
-                                        * which is a copy of an existing
-                                        * one for a specific public key type.
-                                        * EVP_dss1() etc */
-
-/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */
-
-#define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE       0x0004
-
 /* DigestAlgorithmIdentifier flags... */
 
 #define EVP_MD_FLAG_DIGALGID_MASK               0x0018
@@ -166,38 +157,6 @@ extern "C" {
 
 #define EVP_MD_CTRL_ALG_CTRL                    0x1000
 
-#define EVP_PKEY_NULL_method    NULL,NULL,{0,0,0,0}
-
-#ifndef OPENSSL_NO_DSA
-#define EVP_PKEY_DSA_method     (evp_sign_method *)DSA_sign, \
-                                (evp_verify_method *)DSA_verify, \
-                                {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
-                                        EVP_PKEY_DSA4,0}
-#else
-#define EVP_PKEY_DSA_method     EVP_PKEY_NULL_method
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
-#define EVP_PKEY_ECDSA_method   (evp_sign_method *)ECDSA_sign, \
-                                (evp_verify_method *)ECDSA_verify, \
-                                 {EVP_PKEY_EC,0,0,0}
-#else
-#define EVP_PKEY_ECDSA_method   EVP_PKEY_NULL_method
-#endif
-
-#ifndef OPENSSL_NO_RSA
-#define EVP_PKEY_RSA_method     (evp_sign_method *)RSA_sign, \
-                                (evp_verify_method *)RSA_verify, \
-                                {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
-#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
-                                (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \
-                                (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \
-                                {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
-#else
-#define EVP_PKEY_RSA_method     EVP_PKEY_NULL_method
-#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method
-#endif
-
 #endif /* !EVP_MD */
 
 /* values for EVP_MD_CTX flags */
@@ -598,9 +557,6 @@ const EVP_MD *EVP_md5_sha1(void);
 #endif
 #ifndef OPENSSL_NO_SHA
 const EVP_MD *EVP_sha1(void);
-const EVP_MD *EVP_dss(void);
-const EVP_MD *EVP_dss1(void);
-const EVP_MD *EVP_ecdsa(void);
 #endif
 #ifndef OPENSSL_NO_SHA256
 const EVP_MD *EVP_sha224(void);
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
index f0b47a497c..c3d9a6a718 100644
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_locl.h,v 1.21 2022/01/14 08:04:14 tb Exp $ */
+/* $OpenBSD: evp_locl.h,v 1.22 2022/01/14 08:38:05 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -116,9 +116,6 @@ struct env_md_st {
         int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from);
         int (*cleanup)(EVP_MD_CTX *ctx);
 
-        evp_sign_method *sign;
-        evp_verify_method *verify;
-        int required_pkey_type[5]; /*EVP_PKEY_xxx */
         int block_size;
         int ctx_size; /* how big does the ctx->md_data need to be */
         /* control function */
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
deleted file mode 100644
index 45f09dde5d..0000000000
--- a/src/lib/libcrypto/evp/m_dss.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/* $OpenBSD: m_dss.c,v 1.17 2021/12/12 21:30:13 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/sha.h>
-
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#include "evp_locl.h"
-
-#ifndef OPENSSL_NO_SHA
-
-static int
-init(EVP_MD_CTX *ctx)
-{
-        return SHA1_Init(ctx->md_data);
-}
-
-static int
-update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-        return SHA1_Update(ctx->md_data, data, count);
-}
-
-static int
-final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-        return SHA1_Final(md, ctx->md_data);
-}
-
-static const EVP_MD dsa_md = {
-        .type = NID_dsaWithSHA,
-        .pkey_type = NID_dsaWithSHA,
-        .md_size = SHA_DIGEST_LENGTH,
-        .flags = EVP_MD_FLAG_PKEY_DIGEST,
-        .init = init,
-        .update = update,
-        .final = final,
-        .copy = NULL,
-        .cleanup = NULL,
-#ifndef OPENSSL_NO_DSA
-        .sign = (evp_sign_method *)DSA_sign,
-        .verify = (evp_verify_method *)DSA_verify,
-        .required_pkey_type = {
-                EVP_PKEY_DSA, EVP_PKEY_DSA2, EVP_PKEY_DSA3, EVP_PKEY_DSA4, 0,
-        },
-#endif
-        .block_size = SHA_CBLOCK,
-        .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX),
-};
-
-const EVP_MD *
-EVP_dss(void)
-{
-        return (&dsa_md);
-}
-#endif
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c
deleted file mode 100644
index 283672cc1e..0000000000
--- a/src/lib/libcrypto/evp/m_dss1.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/* $OpenBSD: m_dss1.c,v 1.17 2021/12/12 21:30:13 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_NO_SHA
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/sha.h>
-
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#include "evp_locl.h"
-
-static int
-init(EVP_MD_CTX *ctx)
-{
-        return SHA1_Init(ctx->md_data);
-}
-
-static int
-update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-        return SHA1_Update(ctx->md_data, data, count);
-}
-
-static int
-final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-        return SHA1_Final(md, ctx->md_data);
-}
-
-static const EVP_MD dss1_md = {
-        .type = NID_dsa,
-        .pkey_type = NID_dsaWithSHA1,
-        .md_size = SHA_DIGEST_LENGTH,
-        .flags = EVP_MD_FLAG_PKEY_DIGEST,
-        .init = init,
-        .update = update,
-        .final = final,
-        .copy = NULL,
-        .cleanup = NULL,
-#ifndef OPENSSL_NO_DSA
-        .sign = (evp_sign_method *)DSA_sign,
-        .verify = (evp_verify_method *)DSA_verify,
-        .required_pkey_type = {
-                EVP_PKEY_DSA, EVP_PKEY_DSA2, EVP_PKEY_DSA3, EVP_PKEY_DSA4, 0,
-        },
-#endif
-        .block_size = SHA_CBLOCK,
-        .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX),
-};
-
-const EVP_MD *
-EVP_dss1(void)
-{
-        return (&dss1_md);
-}
-#endif
diff --git a/src/lib/libcrypto/evp/m_ecdsa.c b/src/lib/libcrypto/evp/m_ecdsa.c
deleted file mode 100644
index b4bd21f7b0..0000000000
--- a/src/lib/libcrypto/evp/m_ecdsa.c
+++ /dev/null
@@ -1,168 +0,0 @@
-/* $OpenBSD: m_ecdsa.c,v 1.9 2021/12/12 21:30:13 tb Exp $ */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-#include "evp_locl.h"
-
-#ifndef OPENSSL_NO_SHA
-
-static int
-init(EVP_MD_CTX *ctx)
-{
-        return SHA1_Init(ctx->md_data);
-}
-
-static int
-update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-        return SHA1_Update(ctx->md_data, data, count);
-}
-
-static int
-final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-        return SHA1_Final(md, ctx->md_data);
-}
-
-static const EVP_MD ecdsa_md = {
-        .type = NID_ecdsa_with_SHA1,
-        .pkey_type = NID_ecdsa_with_SHA1,
-        .md_size = SHA_DIGEST_LENGTH,
-        .flags = EVP_MD_FLAG_PKEY_DIGEST,
-        .init = init,
-        .update = update,
-        .final = final,
-        .copy = NULL,
-        .cleanup = NULL,
-#ifndef OPENSSL_NO_ECDSA
-        .sign = (evp_sign_method *)ECDSA_sign,
-        .verify = (evp_verify_method *)ECDSA_verify,
-        .required_pkey_type = {
-                EVP_PKEY_EC, 0, 0, 0,
-        },
-#endif
-        .block_size = SHA_CBLOCK,
-        .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX),
-};
-
-const EVP_MD *
-EVP_ecdsa(void)
-{
-        return (&ecdsa_md);
-}
-#endif
diff --git a/src/lib/libcrypto/evp/m_gostr341194.c b/src/lib/libcrypto/evp/m_gostr341194.c
index 40de232344..f479675baa 100644
--- a/src/lib/libcrypto/evp/m_gostr341194.c
+++ b/src/lib/libcrypto/evp/m_gostr341194.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: m_gostr341194.c,v 1.3 2021/12/12 21:30:13 tb Exp $ */
+/* $OpenBSD: m_gostr341194.c,v 1.4 2022/01/14 08:38:05 tb Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -84,7 +84,7 @@ static const EVP_MD gostr341194_md = {
         .type = NID_id_GostR3411_94,
         .pkey_type = NID_undef,
         .md_size = GOSTR341194_LENGTH,
-        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+        .flags = 0,
         .init = gostr341194_init,
         .update = gostr341194_update,
         .final = gostr341194_final,
diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c
index 5729807986..977565283f 100644
--- a/src/lib/libcrypto/evp/m_md4.c
+++ b/src/lib/libcrypto/evp/m_md4.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: m_md4.c,v 1.17 2021/12/12 21:30:13 tb Exp $ */
+/* $OpenBSD: m_md4.c,v 1.18 2022/01/14 08:38:05 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -101,13 +101,6 @@ static const EVP_MD md4_md = {
         .final = final,
         .copy = NULL,
         .cleanup = NULL,
-#ifndef OPENSSL_NO_RSA
-        .sign = (evp_sign_method *)RSA_sign,
-        .verify = (evp_verify_method *)RSA_verify,
-        .required_pkey_type = {
-                EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0,
-        },
-#endif
         .block_size = MD4_CBLOCK,
         .ctx_size = sizeof(EVP_MD *) + sizeof(MD4_CTX),
 };
diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c
index dbdc567616..daa7aee7b0 100644
--- a/src/lib/libcrypto/evp/m_md5.c
+++ b/src/lib/libcrypto/evp/m_md5.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: m_md5.c,v 1.16 2021/12/12 21:30:13 tb Exp $ */
+/* $OpenBSD: m_md5.c,v 1.17 2022/01/14 08:38:06 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -101,13 +101,6 @@ static const EVP_MD md5_md = {
         .final = final,
         .copy = NULL,
         .cleanup = NULL,
-#ifndef OPENSSL_NO_RSA
-        .sign = (evp_sign_method *)RSA_sign,
-        .verify = (evp_verify_method *)RSA_verify,
-        .required_pkey_type = {
-                EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0,
-        },
-#endif
         .block_size = MD5_CBLOCK,
         .ctx_size = sizeof(EVP_MD *) + sizeof(MD5_CTX),
 };
diff --git a/src/lib/libcrypto/evp/m_md5_sha1.c b/src/lib/libcrypto/evp/m_md5_sha1.c
index aaddbe9c81..f8bec10d18 100644
--- a/src/lib/libcrypto/evp/m_md5_sha1.c
+++ b/src/lib/libcrypto/evp/m_md5_sha1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: m_md5_sha1.c,v 1.3 2021/12/12 21:30:13 tb Exp $ */
+/* $OpenBSD: m_md5_sha1.c,v 1.4 2022/01/14 08:38:06 tb Exp $ */
 /*
  * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
  *
@@ -80,13 +80,6 @@ static const EVP_MD md5_sha1_md = {
         .final = md5_sha1_final,
         .block_size = MD5_CBLOCK, /* MD5_CBLOCK == SHA_CBLOCK */
         .ctx_size = sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx),
-#ifndef OPENSSL_NO_RSA
-        .sign = (evp_sign_method *)RSA_sign,
-        .verify = (evp_verify_method *)RSA_verify,
-        .required_pkey_type = {
-                EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0,
-        },
-#endif
 };
 
 const EVP_MD *
diff --git a/src/lib/libcrypto/evp/m_null.c b/src/lib/libcrypto/evp/m_null.c
index 86f5a08688..4334decb99 100644
--- a/src/lib/libcrypto/evp/m_null.c
+++ b/src/lib/libcrypto/evp/m_null.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: m_null.c,v 1.10 2021/12/12 21:30:13 tb Exp $ */
+/* $OpenBSD: m_null.c,v 1.11 2022/01/14 08:38:06 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -92,11 +92,6 @@ static const EVP_MD null_md = {
         .final = final,
         .copy = NULL,
         .cleanup = NULL,
-        .sign = NULL,
-        .verify = NULL,
-        .required_pkey_type = {
-                0, 0, 0, 0,
-        },
         .block_size = 0,
         .ctx_size = sizeof(EVP_MD *),
 };
diff --git a/src/lib/libcrypto/evp/m_ripemd.c b/src/lib/libcrypto/evp/m_ripemd.c
index b3369ab53f..47397833de 100644
--- a/src/lib/libcrypto/evp/m_ripemd.c
+++ b/src/lib/libcrypto/evp/m_ripemd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: m_ripemd.c,v 1.13 2021/12/12 21:30:13 tb Exp $ */
+/* $OpenBSD: m_ripemd.c,v 1.14 2022/01/14 08:38:06 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -101,13 +101,6 @@ static const EVP_MD ripemd160_md = {
         .final = final,
         .copy = NULL,
         .cleanup = NULL,
-#ifndef OPENSSL_NO_RSA
-        .sign = (evp_sign_method *)RSA_sign,
-        .verify = (evp_verify_method *)RSA_verify,
-        .required_pkey_type = {
-                EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0,
-        },
-#endif
         .block_size = RIPEMD160_CBLOCK,
         .ctx_size = sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX),
 };
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
index 396f00aa13..a6fb53641e 100644
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: m_sha1.c,v 1.18 2021/12/12 21:30:13 tb Exp $ */
+/* $OpenBSD: m_sha1.c,v 1.19 2022/01/14 08:38:06 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -94,19 +94,12 @@ static const EVP_MD sha1_md = {
         .type = NID_sha1,
         .pkey_type = NID_sha1WithRSAEncryption,
         .md_size = SHA_DIGEST_LENGTH,
-        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
+        .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
         .init = init,
         .update = update,
         .final = final,
         .copy = NULL,
         .cleanup = NULL,
-#ifndef OPENSSL_NO_RSA
-        .sign = (evp_sign_method *)RSA_sign,
-        .verify = (evp_verify_method *)RSA_verify,
-        .required_pkey_type = {
-                EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0,
-        },
-#endif
         .block_size = SHA_CBLOCK,
         .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX),
 };
@@ -151,19 +144,12 @@ static const EVP_MD sha224_md = {
         .type = NID_sha224,
         .pkey_type = NID_sha224WithRSAEncryption,
         .md_size = SHA224_DIGEST_LENGTH,
-        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
+        .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
         .init = init224,
         .update = update256,
         .final = final256,
         .copy = NULL,
         .cleanup = NULL,
-#ifndef OPENSSL_NO_RSA
-        .sign = (evp_sign_method *)RSA_sign,
-        .verify = (evp_verify_method *)RSA_verify,
-        .required_pkey_type = {
-                EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0,
-        },
-#endif
         .block_size = SHA256_CBLOCK,
         .ctx_size = sizeof(EVP_MD *) + sizeof(SHA256_CTX),
 };
@@ -178,19 +164,12 @@ static const EVP_MD sha256_md = {
         .type = NID_sha256,
         .pkey_type = NID_sha256WithRSAEncryption,
         .md_size = SHA256_DIGEST_LENGTH,
-        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
+        .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
         .init = init256,
         .update = update256,
         .final = final256,
         .copy = NULL,
         .cleanup = NULL,
-#ifndef OPENSSL_NO_RSA
-        .sign = (evp_sign_method *)RSA_sign,
-        .verify = (evp_verify_method *)RSA_verify,
-        .required_pkey_type = {
-                EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0,
-        },
-#endif
         .block_size = SHA256_CBLOCK,
         .ctx_size = sizeof(EVP_MD *) + sizeof(SHA256_CTX),
 };
@@ -231,19 +210,12 @@ static const EVP_MD sha384_md = {
         .type = NID_sha384,
         .pkey_type = NID_sha384WithRSAEncryption,
         .md_size = SHA384_DIGEST_LENGTH,
-        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
+        .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
         .init = init384,
         .update = update512,
         .final = final512,
         .copy = NULL,
         .cleanup = NULL,
-#ifndef OPENSSL_NO_RSA
-        .sign = (evp_sign_method *)RSA_sign,
-        .verify = (evp_verify_method *)RSA_verify,
-        .required_pkey_type = {
-                EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0,
-        },
-#endif
         .block_size = SHA512_CBLOCK,
         .ctx_size = sizeof(EVP_MD *) + sizeof(SHA512_CTX),
 };
@@ -258,19 +230,12 @@ static const EVP_MD sha512_md = {
         .type = NID_sha512,
         .pkey_type = NID_sha512WithRSAEncryption,
         .md_size = SHA512_DIGEST_LENGTH,
-        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
+        .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
         .init = init512,
         .update = update512,
         .final = final512,
         .copy = NULL,
         .cleanup = NULL,
-#ifndef OPENSSL_NO_RSA
-        .sign = (evp_sign_method *)RSA_sign,
-        .verify = (evp_verify_method *)RSA_verify,
-        .required_pkey_type = {
-                EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0,
-        },
-#endif
         .block_size = SHA512_CBLOCK,
         .ctx_size = sizeof(EVP_MD *) + sizeof(SHA512_CTX),
 };
diff --git a/src/lib/libcrypto/evp/m_sm3.c b/src/lib/libcrypto/evp/m_sm3.c
index 614be5d780..ae8b342e82 100644
--- a/src/lib/libcrypto/evp/m_sm3.c
+++ b/src/lib/libcrypto/evp/m_sm3.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: m_sm3.c,v 1.2 2021/12/12 21:30:13 tb Exp $    */
+/*      $OpenBSD: m_sm3.c,v 1.3 2022/01/14 08:38:06 tb Exp $    */
 /*
  * Copyright (c) 2018, Ribose Inc
  *
@@ -49,19 +49,12 @@ static const EVP_MD sm3_md = {
         .type = NID_sm3,
         .pkey_type = NID_sm3WithRSAEncryption,
         .md_size = SM3_DIGEST_LENGTH,
-        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
+        .flags = EVP_MD_FLAG_DIGALGID_ABSENT,
         .init = sm3_init,
         .update = sm3_update,
         .final = sm3_final,
         .copy = NULL,
         .cleanup = NULL,
-#ifndef OPENSSL_NO_RSA
-        .sign = (evp_sign_method *)RSA_sign,
-        .verify = (evp_verify_method *)RSA_verify,
-        .required_pkey_type = {
-                EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0,
-        },
-#endif
         .block_size = SM3_CBLOCK,
         .ctx_size = sizeof(EVP_MD *) + sizeof(SM3_CTX),
 };
diff --git a/src/lib/libcrypto/evp/m_streebog.c b/src/lib/libcrypto/evp/m_streebog.c
index cd6c312b02..3f825e3a0e 100644
--- a/src/lib/libcrypto/evp/m_streebog.c
+++ b/src/lib/libcrypto/evp/m_streebog.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: m_streebog.c,v 1.3 2021/12/12 21:30:13 tb Exp $ */
+/* $OpenBSD: m_streebog.c,v 1.4 2022/01/14 08:38:06 tb Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -99,7 +99,7 @@ static const EVP_MD streebog256_md = {
         .type = NID_id_tc26_gost3411_2012_256,
         .pkey_type = NID_undef,
         .md_size = STREEBOG256_LENGTH,
-        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+        .flags = 0,
         .init = streebog_init256,
         .update = streebog_update256,
         .final = streebog_final256,
@@ -111,7 +111,7 @@ static const EVP_MD streebog512_md = {
         .type = NID_id_tc26_gost3411_2012_512,
         .pkey_type = NID_undef,
         .md_size = STREEBOG512_LENGTH,
-        .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
+        .flags = 0,
         .init = streebog_init512,
         .update = streebog_update512,
         .final = streebog_final512,
diff --git a/src/lib/libcrypto/evp/m_wp.c b/src/lib/libcrypto/evp/m_wp.c
index dd777565cf..07ae7ca551 100644
--- a/src/lib/libcrypto/evp/m_wp.c
+++ b/src/lib/libcrypto/evp/m_wp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: m_wp.c,v 1.9 2021/12/12 21:30:13 tb Exp $ */
+/* $OpenBSD: m_wp.c,v 1.10 2022/01/14 08:38:06 tb Exp $ */
 
 #include <stdio.h>
 
@@ -41,11 +41,6 @@ static const EVP_MD whirlpool_md = {
         .final = final,
         .copy = NULL,
         .cleanup = NULL,
-        .sign = NULL,
-        .verify = NULL,
-        .required_pkey_type = {
-                0, 0, 0, 0,
-        },
         .block_size = WHIRLPOOL_BBLOCK / 8,
         .ctx_size = sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX),
 };
diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c
index 34dafd87fe..1e33cfbe7f 100644
--- a/src/lib/libcrypto/evp/p_sign.c
+++ b/src/lib/libcrypto/evp/p_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_sign.c,v 1.15 2021/12/12 21:30:13 tb Exp $ */
+/* $OpenBSD: p_sign.c,v 1.16 2022/01/14 08:38:06 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -71,9 +71,10 @@ EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
 {
         unsigned char m[EVP_MAX_MD_SIZE];
         unsigned int m_len;
-        int i = 0, ok = 0, v;
         EVP_MD_CTX tmp_ctx;
         EVP_PKEY_CTX *pkctx = NULL;
+        size_t sltmp;
+        int ret = 0;
 
         *siglen = 0;
         EVP_MD_CTX_init(&tmp_ctx);
@@ -83,43 +84,21 @@ EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
                 goto err;
         EVP_MD_CTX_cleanup(&tmp_ctx);
 
-        if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
-                size_t sltmp = (size_t)EVP_PKEY_size(pkey);
-                i = 0;
-                pkctx = EVP_PKEY_CTX_new(pkey, NULL);
-                if (!pkctx)
-                        goto err;
-                if (EVP_PKEY_sign_init(pkctx) <= 0)
-                        goto err;
-                if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
-                        goto err;
-                if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
-                        goto err;
-                *siglen = sltmp;
-                i = 1;
-err:
-                EVP_PKEY_CTX_free(pkctx);
-                return i;
-        }
+        sltmp = (size_t)EVP_PKEY_size(pkey);
 
-        for (i = 0; i < 4; i++) {
-                v = ctx->digest->required_pkey_type[i];
-                if (v == 0)
-                        break;
-                if (pkey->type == v) {
-                        ok = 1;
-                        break;
-                }
-        }
-        if (!ok) {
-                EVPerror(EVP_R_WRONG_PUBLIC_KEY_TYPE);
-                return (0);
-        }
+        if ((pkctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL)
+                goto err;
+        if (EVP_PKEY_sign_init(pkctx) <= 0)
+                goto err;
+        if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
+                goto err;
+        if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
+                goto err;
+        *siglen = sltmp;
+
+        ret = 1;
 
-        if (ctx->digest->sign == NULL) {
-                EVPerror(EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
-                return (0);
-        }
-        return(ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen,
-            pkey->pkey.ptr));
+ err:
+        EVP_PKEY_CTX_free(pkctx);
+        return ret;
 }
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c
index 6ecdef0787..d51d1b4a0a 100644
--- a/src/lib/libcrypto/evp/p_verify.c
+++ b/src/lib/libcrypto/evp/p_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_verify.c,v 1.14 2021/12/12 21:30:13 tb Exp $ */
+/* $OpenBSD: p_verify.c,v 1.15 2022/01/14 08:38:06 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -71,9 +71,9 @@ EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
 {
         unsigned char m[EVP_MAX_MD_SIZE];
         unsigned int m_len;
-        int i = 0, ok = 0, v;
         EVP_MD_CTX tmp_ctx;
         EVP_PKEY_CTX *pkctx = NULL;
+        int ret = 0;
 
         EVP_MD_CTX_init(&tmp_ctx);
         if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
@@ -82,39 +82,16 @@ EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
                 goto err;
         EVP_MD_CTX_cleanup(&tmp_ctx);
 
-        if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
-                i = -1;
-                pkctx = EVP_PKEY_CTX_new(pkey, NULL);
-                if (!pkctx)
-                        goto err;
-                if (EVP_PKEY_verify_init(pkctx) <= 0)
-                        goto err;
-                if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
-                        goto err;
-                i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
-err:
-                EVP_PKEY_CTX_free(pkctx);
-                return i;
-        }
-
-        for (i = 0; i < 4; i++) {
-                v = ctx->digest->required_pkey_type[i];
-                if (v == 0)
-                        break;
-                if (pkey->type == v) {
-                        ok = 1;
-                        break;
-                }
-        }
-        if (!ok) {
-                EVPerror(EVP_R_WRONG_PUBLIC_KEY_TYPE);
-                return (-1);
-        }
-        if (ctx->digest->verify == NULL) {
-                EVPerror(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
-                return (0);
-        }
+        ret = -1;
+        if ((pkctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL)
+                goto err;
+        if (EVP_PKEY_verify_init(pkctx) <= 0)
+                goto err;
+        if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
+                goto err;
+        ret = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
 
-        return(ctx->digest->verify(ctx->digest->type, m, m_len,
-            sigbuf, siglen, pkey->pkey.ptr));
+ err:
+        EVP_PKEY_CTX_free(pkctx);
+        return ret;
 }