Commit 19c6d3ea authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Remove RSA_FLAG_SIGN_VER flag. 



Remove RSA_FLAG_SIGN_VER: this was origininally used to retain binary
compatibility after RSA_METHOD was extended to include rsa_sign and
rsa_verify fields. It is no longer needed.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent a1d3f3d1

crypto/rsa/rsa_sign.c

+2 −2
Original line number Diff line number Diff line
@@ -77,7 +77,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, 
    const unsigned char *s = NULL;

    X509_ALGOR algor;

    ASN1_OCTET_STRING digest;

    if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {

    if (rsa->meth->rsa_sign) {

        return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);

    }

    /* Special case: SSL signature, just check the length */
@@ -271,7 +271,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, 
               const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)

{



    if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {

    if (rsa->meth->rsa_verify) {

        return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);

    }

doc/crypto/RSA_set_method.pod

+0 −7
Original line number Diff line number Diff line
@@ -115,22 +115,15 @@ the default method is used. 
     /* RSA_FLAG_EXT_PKEY        - rsa_mod_exp is called for private key

      *                            operations, even if p,q,dmp1,dmq1,iqmp

      *                            are NULL

      * RSA_FLAG_SIGN_VER        - enable rsa_sign and rsa_verify

      * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match

      */

	int flags;



	char *app_data; /* ?? */



     /* sign. For backward compatibility, this is used only

      * if (flags & RSA_FLAG_SIGN_VER)

      */

	int (*rsa_sign)(int type,

		const unsigned char *m, unsigned int m_length,

		unsigned char *sigret, unsigned int *siglen, const RSA *rsa);

     /* verify. For backward compatibility, this is used only

      * if (flags & RSA_FLAG_SIGN_VER)

      */

	int (*rsa_verify)(int dtype,

		const unsigned char *m, unsigned int m_length,

		const unsigned char *sigbuf, unsigned int siglen,

engines/e_capi.c

+1 −1
Original line number Diff line number Diff line
@@ -436,7 +436,7 @@ static RSA_METHOD capi_rsa_method = { 
    0,                          /* bn_mod_exp */

    0,                          /* init */

    capi_rsa_free,              /* finish */

    RSA_FLAG_SIGN_VER,          /* flags */

    0,                          /* flags */

    NULL,                       /* app_data */

    capi_rsa_sign,              /* rsa_sign */

    0                           /* rsa_verify */

include/openssl/rsa.h

+1 −9
Original line number Diff line number Diff line
@@ -107,9 +107,7 @@ struct rsa_meth_st { 
     * New sign and verify functions: some libraries don't allow arbitrary

     * data to be signed/verified: this allows them to be used. Note: for

     * this to work the RSA_public_decrypt() and RSA_private_encrypt() should

     * *NOT* be used RSA_sign(), RSA_verify() should be used instead. Note:

     * for backwards compatibility this functionality is only enabled if the

     * RSA_FLAG_SIGN_VER option is set in 'flags'.

     * *NOT* be used RSA_sign(), RSA_verify() should be used instead.

     */

    int (*rsa_sign) (int type,

                     const unsigned char *m, unsigned int m_length,
@@ -195,12 +193,6 @@ struct rsa_st { 
 */

# define RSA_FLAG_EXT_PKEY               0x0020



/*

 * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify

 * functions.

 */

# define RSA_FLAG_SIGN_VER               0x0040



/*

 * new with 0.9.6j and 0.9.7b; the built-in

 * RSA implementation now uses blinding by