From 2a284011fbab2624ef09302d0c806c76dd42b2c9 Mon Sep 17 00:00:00 2001 From: tb <> Date: Fri, 14 Jan 2022 08:38:06 +0000 Subject: Remove legacy sign/verify from EVP_MD. This removes m_dss.c, m_dss1.c, and m_ecdsa.c and the corresponding public API EVP_{dss,dss1,ecdsa}(). This is basically the following OpenSSL commit. The mentioned change in RSA is already present in rsa/rsa_pmeth.c. ok inoguchi jsing commit 7f572e958b13041056f377a62d3219633cfb1e8a Author: Dr. Stephen Henson Date: Wed Dec 2 13:57:04 2015 +0000 Remove legacy sign/verify from EVP_MD. Remove sign/verify and required_pkey_type fields of EVP_MD: these are a legacy from when digests were linked to public key types. All signing is now handled by the corresponding EVP_PKEY_METHOD. Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms already block unsupported types. Remove now obsolete EVP_dss1() and EVP_ecdsa(). Reviewed-by: Richard Levitte Plus OpenSSL commit 625a9baf11c1dd94f17e5876b6ee8d6271b3921d for m_dss.c --- src/lib/libcrypto/evp/p_sign.c | 57 +++++++++++++----------------------------- 1 file changed, 18 insertions(+), 39 deletions(-) (limited to 'src/lib/libcrypto/evp/p_sign.c') diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c index 34dafd87fe..1e33cfbe7f 100644 --- a/src/lib/libcrypto/evp/p_sign.c +++ b/src/lib/libcrypto/evp/p_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_sign.c,v 1.15 2021/12/12 21:30:13 tb Exp $ */ +/* $OpenBSD: p_sign.c,v 1.16 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -71,9 +71,10 @@ EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; - int i = 0, ok = 0, v; EVP_MD_CTX tmp_ctx; EVP_PKEY_CTX *pkctx = NULL; + size_t sltmp; + int ret = 0; *siglen = 0; EVP_MD_CTX_init(&tmp_ctx); @@ -83,43 +84,21 @@ EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, goto err; EVP_MD_CTX_cleanup(&tmp_ctx); - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - size_t sltmp = (size_t)EVP_PKEY_size(pkey); - i = 0; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!pkctx) - goto err; - if (EVP_PKEY_sign_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; - if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) - goto err; - *siglen = sltmp; - i = 1; -err: - EVP_PKEY_CTX_free(pkctx); - return i; - } + sltmp = (size_t)EVP_PKEY_size(pkey); - for (i = 0; i < 4; i++) { - v = ctx->digest->required_pkey_type[i]; - if (v == 0) - break; - if (pkey->type == v) { - ok = 1; - break; - } - } - if (!ok) { - EVPerror(EVP_R_WRONG_PUBLIC_KEY_TYPE); - return (0); - } + if ((pkctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) + goto err; + if (EVP_PKEY_sign_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; + if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) + goto err; + *siglen = sltmp; + + ret = 1; - if (ctx->digest->sign == NULL) { - EVPerror(EVP_R_NO_SIGN_FUNCTION_CONFIGURED); - return (0); - } - return(ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen, - pkey->pkey.ptr)); + err: + EVP_PKEY_CTX_free(pkctx); + return ret; } -- cgit v1.2.3-55-g6feb