From: tb Date: Fri, 14 Jan 2022 08:38:05 +0000 (+0000) Subject: Remove legacy sign/verify from EVP_MD. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=66c3bd61e7ddabeaa154f9caffd2e6810168cc87;p=openbsd Remove legacy sign/verify from EVP_MD. This removes m_dss.c, m_dss1.c, and m_ecdsa.c and the corresponding public API EVP_{dss,dss1,ecdsa}(). This is basically the following OpenSSL commit. The mentioned change in RSA is already present in rsa/rsa_pmeth.c. ok inoguchi jsing commit 7f572e958b13041056f377a62d3219633cfb1e8a Author: Dr. Stephen Henson Date: Wed Dec 2 13:57:04 2015 +0000 Remove legacy sign/verify from EVP_MD. Remove sign/verify and required_pkey_type fields of EVP_MD: these are a legacy from when digests were linked to public key types. All signing is now handled by the corresponding EVP_PKEY_METHOD. Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms already block unsupported types. Remove now obsolete EVP_dss1() and EVP_ecdsa(). Reviewed-by: Richard Levitte Plus OpenSSL commit 625a9baf11c1dd94f17e5876b6ee8d6271b3921d for m_dss.c --- diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile index 6bbe8ad9de6..00cd2e07214 100644 --- a/lib/libcrypto/Makefile +++ b/lib/libcrypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.70 2022/01/14 08:12:31 tb Exp $ +# $OpenBSD: Makefile,v 1.71 2022/01/14 08:38:05 tb Exp $ LIB= crypto LIBREBUILD=y @@ -175,8 +175,7 @@ SRCS+= encode.c digest.c evp_enc.c evp_key.c SRCS+= e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c SRCS+= e_rc4.c e_aes.c names.c SRCS+= e_xcbc_d.c e_rc2.c e_cast.c -SRCS+= m_null.c m_md4.c m_md5.c m_sha1.c m_sm3.c m_wp.c -SRCS+= m_dss.c m_dss1.c m_ripemd.c m_ecdsa.c +SRCS+= m_null.c m_md4.c m_md5.c m_ripemd.c m_sha1.c m_sm3.c m_wp.c SRCS+= p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c SRCS+= bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c SRCS+= c_all.c evp_lib.c diff --git a/lib/libcrypto/asn1/asn1_item.c b/lib/libcrypto/asn1/asn1_item.c index 7dad8e0df1c..108f272b8c5 100644 --- a/lib/libcrypto/asn1/asn1_item.c +++ b/lib/libcrypto/asn1/asn1_item.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_item.c,v 1.3 2021/12/25 13:17:48 jsing Exp $ */ +/* $OpenBSD: asn1_item.c,v 1.4 2022/01/14 08:38:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -265,15 +265,12 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, rv = 2; if (rv == 2) { - if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - if (!pkey->ameth || - !OBJ_find_sigid_by_algs(&signid, - EVP_MD_nid(type), pkey->ameth->pkey_id)) { - ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); - return 0; - } - } else - signid = type->pkey_type; + if (!pkey->ameth || + !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type), + pkey->ameth->pkey_id)) { + ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); + return 0; + } if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) paramtype = V_ASN1_NULL; diff --git a/lib/libcrypto/evp/c_all.c b/lib/libcrypto/evp/c_all.c index 9e9d39d5aba..690215c8e85 100644 --- a/lib/libcrypto/evp/c_all.c +++ b/lib/libcrypto/evp/c_all.c @@ -1,4 +1,4 @@ -/* $OpenBSD: c_all.c,v 1.26 2019/03/17 18:07:41 tb Exp $ */ +/* $OpenBSD: c_all.c,v 1.27 2022/01/14 08:38:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -263,24 +263,10 @@ OpenSSL_add_all_digests_internal(void) EVP_add_digest_alias(SN_md5, "ssl3-md5"); #endif -#if !defined(OPENSSL_NO_SHA) -#ifndef OPENSSL_NO_DSA - EVP_add_digest(EVP_dss()); -#endif -#endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -#ifndef OPENSSL_NO_DSA - EVP_add_digest(EVP_dss1()); - EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); - EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); - EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); -#endif -#ifndef OPENSSL_NO_ECDSA - EVP_add_digest(EVP_ecdsa()); -#endif #endif #ifndef OPENSSL_NO_GOST diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h index acf0650f9ad..a80cf189fce 100644 --- a/lib/libcrypto/evp/evp.h +++ b/lib/libcrypto/evp/evp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp.h,v 1.98 2022/01/14 08:04:14 tb Exp $ */ +/* $OpenBSD: evp.h,v 1.99 2022/01/14 08:38:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -128,15 +128,6 @@ extern "C" { #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single * block */ -#define EVP_MD_FLAG_PKEY_DIGEST 0x0002 /* digest is a "clone" digest used - * which is a copy of an existing - * one for a specific public key type. - * EVP_dss1() etc */ - -/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */ - -#define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004 - /* DigestAlgorithmIdentifier flags... */ #define EVP_MD_FLAG_DIGALGID_MASK 0x0018 @@ -166,38 +157,6 @@ extern "C" { #define EVP_MD_CTRL_ALG_CTRL 0x1000 -#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} - -#ifndef OPENSSL_NO_DSA -#define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ - (evp_verify_method *)DSA_verify, \ - {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ - EVP_PKEY_DSA4,0} -#else -#define EVP_PKEY_DSA_method EVP_PKEY_NULL_method -#endif - -#ifndef OPENSSL_NO_ECDSA -#define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ - (evp_verify_method *)ECDSA_verify, \ - {EVP_PKEY_EC,0,0,0} -#else -#define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method -#endif - -#ifndef OPENSSL_NO_RSA -#define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ - (evp_verify_method *)RSA_verify, \ - {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ - (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ - (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ - {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -#else -#define EVP_PKEY_RSA_method EVP_PKEY_NULL_method -#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method -#endif - #endif /* !EVP_MD */ /* values for EVP_MD_CTX flags */ @@ -598,9 +557,6 @@ const EVP_MD *EVP_md5_sha1(void); #endif #ifndef OPENSSL_NO_SHA const EVP_MD *EVP_sha1(void); -const EVP_MD *EVP_dss(void); -const EVP_MD *EVP_dss1(void); -const EVP_MD *EVP_ecdsa(void); #endif #ifndef OPENSSL_NO_SHA256 const EVP_MD *EVP_sha224(void); diff --git a/lib/libcrypto/evp/evp_locl.h b/lib/libcrypto/evp/evp_locl.h index f0b47a497c8..c3d9a6a718e 100644 --- a/lib/libcrypto/evp/evp_locl.h +++ b/lib/libcrypto/evp/evp_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_locl.h,v 1.21 2022/01/14 08:04:14 tb Exp $ */ +/* $OpenBSD: evp_locl.h,v 1.22 2022/01/14 08:38:05 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -116,9 +116,6 @@ struct env_md_st { int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from); int (*cleanup)(EVP_MD_CTX *ctx); - evp_sign_method *sign; - evp_verify_method *verify; - int required_pkey_type[5]; /*EVP_PKEY_xxx */ int block_size; int ctx_size; /* how big does the ctx->md_data need to be */ /* control function */ diff --git a/lib/libcrypto/evp/m_dss.c b/lib/libcrypto/evp/m_dss.c deleted file mode 100644 index 45f09dde5da..00000000000 --- a/lib/libcrypto/evp/m_dss.c +++ /dev/null @@ -1,119 +0,0 @@ -/* $OpenBSD: m_dss.c,v 1.17 2021/12/12 21:30:13 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#include -#include -#include - -#ifndef OPENSSL_NO_DSA -#include -#endif - -#include "evp_locl.h" - -#ifndef OPENSSL_NO_SHA - -static int -init(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int -update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data, data, count); -} - -static int -final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md, ctx->md_data); -} - -static const EVP_MD dsa_md = { - .type = NID_dsaWithSHA, - .pkey_type = NID_dsaWithSHA, - .md_size = SHA_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_DIGEST, - .init = init, - .update = update, - .final = final, - .copy = NULL, - .cleanup = NULL, -#ifndef OPENSSL_NO_DSA - .sign = (evp_sign_method *)DSA_sign, - .verify = (evp_verify_method *)DSA_verify, - .required_pkey_type = { - EVP_PKEY_DSA, EVP_PKEY_DSA2, EVP_PKEY_DSA3, EVP_PKEY_DSA4, 0, - }, -#endif - .block_size = SHA_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD * -EVP_dss(void) -{ - return (&dsa_md); -} -#endif diff --git a/lib/libcrypto/evp/m_dss1.c b/lib/libcrypto/evp/m_dss1.c deleted file mode 100644 index 283672cc1ee..00000000000 --- a/lib/libcrypto/evp/m_dss1.c +++ /dev/null @@ -1,119 +0,0 @@ -/* $OpenBSD: m_dss1.c,v 1.17 2021/12/12 21:30:13 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#ifndef OPENSSL_NO_SHA - -#include -#include -#include - -#ifndef OPENSSL_NO_DSA -#include -#endif - -#include "evp_locl.h" - -static int -init(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int -update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data, data, count); -} - -static int -final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md, ctx->md_data); -} - -static const EVP_MD dss1_md = { - .type = NID_dsa, - .pkey_type = NID_dsaWithSHA1, - .md_size = SHA_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_DIGEST, - .init = init, - .update = update, - .final = final, - .copy = NULL, - .cleanup = NULL, -#ifndef OPENSSL_NO_DSA - .sign = (evp_sign_method *)DSA_sign, - .verify = (evp_verify_method *)DSA_verify, - .required_pkey_type = { - EVP_PKEY_DSA, EVP_PKEY_DSA2, EVP_PKEY_DSA3, EVP_PKEY_DSA4, 0, - }, -#endif - .block_size = SHA_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD * -EVP_dss1(void) -{ - return (&dss1_md); -} -#endif diff --git a/lib/libcrypto/evp/m_ecdsa.c b/lib/libcrypto/evp/m_ecdsa.c deleted file mode 100644 index b4bd21f7b0e..00000000000 --- a/lib/libcrypto/evp/m_ecdsa.c +++ /dev/null @@ -1,168 +0,0 @@ -/* $OpenBSD: m_ecdsa.c,v 1.9 2021/12/12 21:30:13 tb Exp $ */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#include -#include -#include - -#include "evp_locl.h" - -#ifndef OPENSSL_NO_SHA - -static int -init(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int -update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data, data, count); -} - -static int -final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md, ctx->md_data); -} - -static const EVP_MD ecdsa_md = { - .type = NID_ecdsa_with_SHA1, - .pkey_type = NID_ecdsa_with_SHA1, - .md_size = SHA_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_DIGEST, - .init = init, - .update = update, - .final = final, - .copy = NULL, - .cleanup = NULL, -#ifndef OPENSSL_NO_ECDSA - .sign = (evp_sign_method *)ECDSA_sign, - .verify = (evp_verify_method *)ECDSA_verify, - .required_pkey_type = { - EVP_PKEY_EC, 0, 0, 0, - }, -#endif - .block_size = SHA_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD * -EVP_ecdsa(void) -{ - return (&ecdsa_md); -} -#endif diff --git a/lib/libcrypto/evp/m_gostr341194.c b/lib/libcrypto/evp/m_gostr341194.c index 40de2323444..f479675baae 100644 --- a/lib/libcrypto/evp/m_gostr341194.c +++ b/lib/libcrypto/evp/m_gostr341194.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_gostr341194.c,v 1.3 2021/12/12 21:30:13 tb Exp $ */ +/* $OpenBSD: m_gostr341194.c,v 1.4 2022/01/14 08:38:05 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -84,7 +84,7 @@ static const EVP_MD gostr341194_md = { .type = NID_id_GostR3411_94, .pkey_type = NID_undef, .md_size = GOSTR341194_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, + .flags = 0, .init = gostr341194_init, .update = gostr341194_update, .final = gostr341194_final, diff --git a/lib/libcrypto/evp/m_md4.c b/lib/libcrypto/evp/m_md4.c index 57298079860..977565283fa 100644 --- a/lib/libcrypto/evp/m_md4.c +++ b/lib/libcrypto/evp/m_md4.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_md4.c,v 1.17 2021/12/12 21:30:13 tb Exp $ */ +/* $OpenBSD: m_md4.c,v 1.18 2022/01/14 08:38:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -101,13 +101,6 @@ static const EVP_MD md4_md = { .final = final, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = MD4_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(MD4_CTX), }; diff --git a/lib/libcrypto/evp/m_md5.c b/lib/libcrypto/evp/m_md5.c index dbdc5676168..daa7aee7b0f 100644 --- a/lib/libcrypto/evp/m_md5.c +++ b/lib/libcrypto/evp/m_md5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_md5.c,v 1.16 2021/12/12 21:30:13 tb Exp $ */ +/* $OpenBSD: m_md5.c,v 1.17 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -101,13 +101,6 @@ static const EVP_MD md5_md = { .final = final, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = MD5_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(MD5_CTX), }; diff --git a/lib/libcrypto/evp/m_md5_sha1.c b/lib/libcrypto/evp/m_md5_sha1.c index aaddbe9c813..f8bec10d18c 100644 --- a/lib/libcrypto/evp/m_md5_sha1.c +++ b/lib/libcrypto/evp/m_md5_sha1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_md5_sha1.c,v 1.3 2021/12/12 21:30:13 tb Exp $ */ +/* $OpenBSD: m_md5_sha1.c,v 1.4 2022/01/14 08:38:06 tb Exp $ */ /* * Copyright (c) 2017 Joel Sing * @@ -80,13 +80,6 @@ static const EVP_MD md5_sha1_md = { .final = md5_sha1_final, .block_size = MD5_CBLOCK, /* MD5_CBLOCK == SHA_CBLOCK */ .ctx_size = sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx), -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif }; const EVP_MD * diff --git a/lib/libcrypto/evp/m_null.c b/lib/libcrypto/evp/m_null.c index 86f5a086888..4334decb992 100644 --- a/lib/libcrypto/evp/m_null.c +++ b/lib/libcrypto/evp/m_null.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_null.c,v 1.10 2021/12/12 21:30:13 tb Exp $ */ +/* $OpenBSD: m_null.c,v 1.11 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -92,11 +92,6 @@ static const EVP_MD null_md = { .final = final, .copy = NULL, .cleanup = NULL, - .sign = NULL, - .verify = NULL, - .required_pkey_type = { - 0, 0, 0, 0, - }, .block_size = 0, .ctx_size = sizeof(EVP_MD *), }; diff --git a/lib/libcrypto/evp/m_ripemd.c b/lib/libcrypto/evp/m_ripemd.c index b3369ab53f3..47397833def 100644 --- a/lib/libcrypto/evp/m_ripemd.c +++ b/lib/libcrypto/evp/m_ripemd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_ripemd.c,v 1.13 2021/12/12 21:30:13 tb Exp $ */ +/* $OpenBSD: m_ripemd.c,v 1.14 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -101,13 +101,6 @@ static const EVP_MD ripemd160_md = { .final = final, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = RIPEMD160_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX), }; diff --git a/lib/libcrypto/evp/m_sha1.c b/lib/libcrypto/evp/m_sha1.c index 396f00aa135..a6fb53641e5 100644 --- a/lib/libcrypto/evp/m_sha1.c +++ b/lib/libcrypto/evp/m_sha1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_sha1.c,v 1.18 2021/12/12 21:30:13 tb Exp $ */ +/* $OpenBSD: m_sha1.c,v 1.19 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -94,19 +94,12 @@ static const EVP_MD sha1_md = { .type = NID_sha1, .pkey_type = NID_sha1WithRSAEncryption, .md_size = SHA_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = init, .update = update, .final = final, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SHA_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX), }; @@ -151,19 +144,12 @@ static const EVP_MD sha224_md = { .type = NID_sha224, .pkey_type = NID_sha224WithRSAEncryption, .md_size = SHA224_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = init224, .update = update256, .final = final256, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SHA256_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SHA256_CTX), }; @@ -178,19 +164,12 @@ static const EVP_MD sha256_md = { .type = NID_sha256, .pkey_type = NID_sha256WithRSAEncryption, .md_size = SHA256_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = init256, .update = update256, .final = final256, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SHA256_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SHA256_CTX), }; @@ -231,19 +210,12 @@ static const EVP_MD sha384_md = { .type = NID_sha384, .pkey_type = NID_sha384WithRSAEncryption, .md_size = SHA384_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = init384, .update = update512, .final = final512, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SHA512_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SHA512_CTX), }; @@ -258,19 +230,12 @@ static const EVP_MD sha512_md = { .type = NID_sha512, .pkey_type = NID_sha512WithRSAEncryption, .md_size = SHA512_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = init512, .update = update512, .final = final512, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SHA512_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SHA512_CTX), }; diff --git a/lib/libcrypto/evp/m_sm3.c b/lib/libcrypto/evp/m_sm3.c index 614be5d7809..ae8b342e82c 100644 --- a/lib/libcrypto/evp/m_sm3.c +++ b/lib/libcrypto/evp/m_sm3.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_sm3.c,v 1.2 2021/12/12 21:30:13 tb Exp $ */ +/* $OpenBSD: m_sm3.c,v 1.3 2022/01/14 08:38:06 tb Exp $ */ /* * Copyright (c) 2018, Ribose Inc * @@ -49,19 +49,12 @@ static const EVP_MD sm3_md = { .type = NID_sm3, .pkey_type = NID_sm3WithRSAEncryption, .md_size = SM3_DIGEST_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .flags = EVP_MD_FLAG_DIGALGID_ABSENT, .init = sm3_init, .update = sm3_update, .final = sm3_final, .copy = NULL, .cleanup = NULL, -#ifndef OPENSSL_NO_RSA - .sign = (evp_sign_method *)RSA_sign, - .verify = (evp_verify_method *)RSA_verify, - .required_pkey_type = { - EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, - }, -#endif .block_size = SM3_CBLOCK, .ctx_size = sizeof(EVP_MD *) + sizeof(SM3_CTX), }; diff --git a/lib/libcrypto/evp/m_streebog.c b/lib/libcrypto/evp/m_streebog.c index cd6c312b028..3f825e3a0e4 100644 --- a/lib/libcrypto/evp/m_streebog.c +++ b/lib/libcrypto/evp/m_streebog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_streebog.c,v 1.3 2021/12/12 21:30:13 tb Exp $ */ +/* $OpenBSD: m_streebog.c,v 1.4 2022/01/14 08:38:06 tb Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -99,7 +99,7 @@ static const EVP_MD streebog256_md = { .type = NID_id_tc26_gost3411_2012_256, .pkey_type = NID_undef, .md_size = STREEBOG256_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, + .flags = 0, .init = streebog_init256, .update = streebog_update256, .final = streebog_final256, @@ -111,7 +111,7 @@ static const EVP_MD streebog512_md = { .type = NID_id_tc26_gost3411_2012_512, .pkey_type = NID_undef, .md_size = STREEBOG512_LENGTH, - .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, + .flags = 0, .init = streebog_init512, .update = streebog_update512, .final = streebog_final512, diff --git a/lib/libcrypto/evp/m_wp.c b/lib/libcrypto/evp/m_wp.c index dd777565cf8..07ae7ca5514 100644 --- a/lib/libcrypto/evp/m_wp.c +++ b/lib/libcrypto/evp/m_wp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_wp.c,v 1.9 2021/12/12 21:30:13 tb Exp $ */ +/* $OpenBSD: m_wp.c,v 1.10 2022/01/14 08:38:06 tb Exp $ */ #include @@ -41,11 +41,6 @@ static const EVP_MD whirlpool_md = { .final = final, .copy = NULL, .cleanup = NULL, - .sign = NULL, - .verify = NULL, - .required_pkey_type = { - 0, 0, 0, 0, - }, .block_size = WHIRLPOOL_BBLOCK / 8, .ctx_size = sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX), }; diff --git a/lib/libcrypto/evp/p_sign.c b/lib/libcrypto/evp/p_sign.c index 34dafd87fe7..1e33cfbe7fc 100644 --- a/lib/libcrypto/evp/p_sign.c +++ b/lib/libcrypto/evp/p_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_sign.c,v 1.15 2021/12/12 21:30:13 tb Exp $ */ +/* $OpenBSD: p_sign.c,v 1.16 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -71,9 +71,10 @@ EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; - int i = 0, ok = 0, v; EVP_MD_CTX tmp_ctx; EVP_PKEY_CTX *pkctx = NULL; + size_t sltmp; + int ret = 0; *siglen = 0; EVP_MD_CTX_init(&tmp_ctx); @@ -83,43 +84,21 @@ EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, goto err; EVP_MD_CTX_cleanup(&tmp_ctx); - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - size_t sltmp = (size_t)EVP_PKEY_size(pkey); - i = 0; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!pkctx) - goto err; - if (EVP_PKEY_sign_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; - if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) - goto err; - *siglen = sltmp; - i = 1; -err: - EVP_PKEY_CTX_free(pkctx); - return i; - } + sltmp = (size_t)EVP_PKEY_size(pkey); - for (i = 0; i < 4; i++) { - v = ctx->digest->required_pkey_type[i]; - if (v == 0) - break; - if (pkey->type == v) { - ok = 1; - break; - } - } - if (!ok) { - EVPerror(EVP_R_WRONG_PUBLIC_KEY_TYPE); - return (0); - } + if ((pkctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) + goto err; + if (EVP_PKEY_sign_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; + if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) + goto err; + *siglen = sltmp; + + ret = 1; - if (ctx->digest->sign == NULL) { - EVPerror(EVP_R_NO_SIGN_FUNCTION_CONFIGURED); - return (0); - } - return(ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen, - pkey->pkey.ptr)); + err: + EVP_PKEY_CTX_free(pkctx); + return ret; } diff --git a/lib/libcrypto/evp/p_verify.c b/lib/libcrypto/evp/p_verify.c index 6ecdef07878..d51d1b4a0a8 100644 --- a/lib/libcrypto/evp/p_verify.c +++ b/lib/libcrypto/evp/p_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_verify.c,v 1.14 2021/12/12 21:30:13 tb Exp $ */ +/* $OpenBSD: p_verify.c,v 1.15 2022/01/14 08:38:06 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -71,9 +71,9 @@ EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; - int i = 0, ok = 0, v; EVP_MD_CTX tmp_ctx; EVP_PKEY_CTX *pkctx = NULL; + int ret = 0; EVP_MD_CTX_init(&tmp_ctx); if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) @@ -82,39 +82,16 @@ EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, goto err; EVP_MD_CTX_cleanup(&tmp_ctx); - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - i = -1; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!pkctx) - goto err; - if (EVP_PKEY_verify_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; - i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); -err: - EVP_PKEY_CTX_free(pkctx); - return i; - } - - for (i = 0; i < 4; i++) { - v = ctx->digest->required_pkey_type[i]; - if (v == 0) - break; - if (pkey->type == v) { - ok = 1; - break; - } - } - if (!ok) { - EVPerror(EVP_R_WRONG_PUBLIC_KEY_TYPE); - return (-1); - } - if (ctx->digest->verify == NULL) { - EVPerror(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); - return (0); - } + ret = -1; + if ((pkctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) + goto err; + if (EVP_PKEY_verify_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; + ret = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); - return(ctx->digest->verify(ctx->digest->type, m, m_len, - sigbuf, siglen, pkey->pkey.ptr)); + err: + EVP_PKEY_CTX_free(pkctx); + return ret; }