diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-12-02 13:57:04 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-12-02 17:52:01 +0000 |
commit | 7f572e958b13041056f377a62d3219633cfb1e8a (patch) | |
tree | e25e20a9a52529c804812272317c7fbc03e5d978 /crypto/rsa | |
parent | 0aca86b313d286be979629a3193a12e17bf7171a (diff) |
Remove legacy sign/verify from EVP_MD.
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a
legacy from when digests were linked to public key types. All signing is
now handled by the corresponding EVP_PKEY_METHOD.
Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms
already block unsupported types.
Remove now obsolete EVP_dss1() and EVP_ecdsa().
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/rsa')
-rw-r--r-- | crypto/rsa/rsa_pmeth.c | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index a2022bb6a2..8c8e0e86e4 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -377,20 +377,43 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, static int check_padding_md(const EVP_MD *md, int padding) { + int mdnid; if (!md) return 1; + mdnid = EVP_MD_type(md); + if (padding == RSA_NO_PADDING) { RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE); return 0; } if (padding == RSA_X931_PADDING) { - if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) { + if (RSA_X931_hash_id(mdnid) == -1) { RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_X931_DIGEST); return 0; } - return 1; + } else { + switch(mdnid) { + /* List of all supported RSA digests */ + case NID_sha1: + case NID_sha224: + case NID_sha256: + case NID_sha384: + case NID_sha512: + case NID_md5: + case NID_md5_sha1: + case NID_md2: + case NID_md4: + case NID_mdc2: + case NID_ripemd160: + return 1; + + default: + RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_DIGEST); + return 0; + + } } return 1; |