[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Wed Dec 2 18:23:40 UTC 2015
The branch master has been updated
via 19c6d3ea2d3b4e0ad3e978e42cc7cbdf0c09891f (commit)
from a1d3f3d1d0711eeece52f132e73b533d814770ac (commit)
- Log -----------------------------------------------------------------
commit 19c6d3ea2d3b4e0ad3e978e42cc7cbdf0c09891f
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Dec 2 14:30:39 2015 +0000
Remove RSA_FLAG_SIGN_VER flag.
Remove RSA_FLAG_SIGN_VER: this was origininally used to retain binary
compatibility after RSA_METHOD was extended to include rsa_sign and
rsa_verify fields. It is no longer needed.
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/rsa/rsa_sign.c | 4 ++--
doc/crypto/RSA_set_method.pod | 7 -------
engines/e_capi.c | 2 +-
include/openssl/rsa.h | 10 +---------
4 files changed, 4 insertions(+), 19 deletions(-)
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 9f4649a..3aea4e4 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -77,7 +77,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
const unsigned char *s = NULL;
X509_ALGOR algor;
ASN1_OCTET_STRING digest;
- if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
+ if (rsa->meth->rsa_sign) {
return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
}
/* Special case: SSL signature, just check the length */
@@ -271,7 +271,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
{
- if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
+ if (rsa->meth->rsa_verify) {
return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
}
diff --git a/doc/crypto/RSA_set_method.pod b/doc/crypto/RSA_set_method.pod
index 5191844..d09fed2 100644
--- a/doc/crypto/RSA_set_method.pod
+++ b/doc/crypto/RSA_set_method.pod
@@ -115,22 +115,15 @@ the default method is used.
/* RSA_FLAG_EXT_PKEY - rsa_mod_exp is called for private key
* operations, even if p,q,dmp1,dmq1,iqmp
* are NULL
- * RSA_FLAG_SIGN_VER - enable rsa_sign and rsa_verify
* RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
*/
int flags;
char *app_data; /* ?? */
- /* sign. For backward compatibility, this is used only
- * if (flags & RSA_FLAG_SIGN_VER)
- */
int (*rsa_sign)(int type,
const unsigned char *m, unsigned int m_length,
unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
- /* verify. For backward compatibility, this is used only
- * if (flags & RSA_FLAG_SIGN_VER)
- */
int (*rsa_verify)(int dtype,
const unsigned char *m, unsigned int m_length,
const unsigned char *sigbuf, unsigned int siglen,
diff --git a/engines/e_capi.c b/engines/e_capi.c
index b2ae577..1e41b26 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -436,7 +436,7 @@ static RSA_METHOD capi_rsa_method = {
0, /* bn_mod_exp */
0, /* init */
capi_rsa_free, /* finish */
- RSA_FLAG_SIGN_VER, /* flags */
+ 0, /* flags */
NULL, /* app_data */
capi_rsa_sign, /* rsa_sign */
0 /* rsa_verify */
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 734a327..d47eeb1 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -107,9 +107,7 @@ struct rsa_meth_st {
* New sign and verify functions: some libraries don't allow arbitrary
* data to be signed/verified: this allows them to be used. Note: for
* this to work the RSA_public_decrypt() and RSA_private_encrypt() should
- * *NOT* be used RSA_sign(), RSA_verify() should be used instead. Note:
- * for backwards compatibility this functionality is only enabled if the
- * RSA_FLAG_SIGN_VER option is set in 'flags'.
+ * *NOT* be used RSA_sign(), RSA_verify() should be used instead.
*/
int (*rsa_sign) (int type,
const unsigned char *m, unsigned int m_length,
@@ -196,12 +194,6 @@ struct rsa_st {
# define RSA_FLAG_EXT_PKEY 0x0020
/*
- * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify
- * functions.
- */
-# define RSA_FLAG_SIGN_VER 0x0040
-
-/*
* new with 0.9.6j and 0.9.7b; the built-in
* RSA implementation now uses blinding by
* default (ignoring RSA_FLAG_BLINDING),
More information about the openssl-commits
mailing list