diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-01-24 18:04:19 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-02-02 12:04:00 +0100 |
| commit | bbaddbc0682a4cd3271ee41f58550f7c26e8194e (patch) | |
| tree | a8abaf3558363c2112bf62000db1cc904f38b6c7 /include | |
| parent | 0943d5dd6179e2e824ec9a38b7ea6caa17a84ebd (diff) | |
X509: Refactor X509_verify() and X509_REQ_verify() for better streamlining
The solution to incorporate the SM2 identity processing was an off
the side hack that more or less duplicated the ASN1_item_verify()
code with just a few lines being different. We replace this with
a new function ASN1_item_verify_ctx(), which takes an EVP_MD_CTX
pointer instead of an EVP_PKEY pointer, just like its sibling
ASN1_item_sign_ctx().
This allows us to refactor X509_verify() and X509_REQ_verify() to
simply create a local EVP_MD_CTX and an attached EVP_PKEY_CTX,
which gets to hold the SM2 identity, if there is one, and then let
ASN1_item_verify_ctx() to its job.
This will also make it easier to adapt ASN1_item_verify_ctx() for
provider based keys.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10942)
Diffstat (limited to 'include')
| -rw-r--r-- | include/openssl/x509.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 4cd17d24f5..5e553ef4d3 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -637,6 +637,9 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey); +int ASN1_item_verify_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, void *data, + EVP_MD_CTX *ctx); int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data, |