diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-01-24 18:04:19 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-02-02 12:04:00 +0100 |
| commit | bbaddbc0682a4cd3271ee41f58550f7c26e8194e (patch) | |
| tree | a8abaf3558363c2112bf62000db1cc904f38b6c7 /util | |
| parent | 0943d5dd6179e2e824ec9a38b7ea6caa17a84ebd (diff) | |
X509: Refactor X509_verify() and X509_REQ_verify() for better streamlining
The solution to incorporate the SM2 identity processing was an off
the side hack that more or less duplicated the ASN1_item_verify()
code with just a few lines being different. We replace this with
a new function ASN1_item_verify_ctx(), which takes an EVP_MD_CTX
pointer instead of an EVP_PKEY pointer, just like its sibling
ASN1_item_sign_ctx().
This allows us to refactor X509_verify() and X509_REQ_verify() to
simply create a local EVP_MD_CTX and an attached EVP_PKEY_CTX,
which gets to hold the SM2 identity, if there is one, and then let
ASN1_item_verify_ctx() to its job.
This will also make it easier to adapt ASN1_item_verify_ctx() for
provider based keys.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10942)
Diffstat (limited to 'util')
| -rw-r--r-- | util/libcrypto.num | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/util/libcrypto.num b/util/libcrypto.num index 8bec3443b6..9dc3f76e15 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4917,3 +4917,4 @@ PKCS8_pkey_add1_attr ? 3_0_0 EXIST::FUNCTION: PKCS8_pkey_add1_attr_by_OBJ ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_private_check ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_pairwise_check ? 3_0_0 EXIST::FUNCTION: +ASN1_item_verify_ctx ? 3_0_0 EXIST::FUNCTION: |