From 19c6d3ea2d3b4e0ad3e978e42cc7cbdf0c09891f Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 2 Dec 2015 14:30:39 +0000 Subject: [PATCH] Remove RSA_FLAG_SIGN_VER flag. Remove RSA_FLAG_SIGN_VER: this was origininally used to retain binary compatibility after RSA_METHOD was extended to include rsa_sign and rsa_verify fields. It is no longer needed. Reviewed-by: Richard Levitte --- crypto/rsa/rsa_sign.c | 4 ++-- doc/crypto/RSA_set_method.pod | 7 ------- engines/e_capi.c | 2 +- include/openssl/rsa.h | 10 +--------- 4 files changed, 4 insertions(+), 19 deletions(-) diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 9f4649aef9..3aea4e4bdd 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -77,7 +77,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, const unsigned char *s = NULL; X509_ALGOR algor; ASN1_OCTET_STRING digest; - if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) { + if (rsa->meth->rsa_sign) { return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); } /* Special case: SSL signature, just check the length */ @@ -271,7 +271,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen, RSA *rsa) { - if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) { + if (rsa->meth->rsa_verify) { return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); } diff --git a/doc/crypto/RSA_set_method.pod b/doc/crypto/RSA_set_method.pod index 5191844e72..d09fed22ac 100644 --- a/doc/crypto/RSA_set_method.pod +++ b/doc/crypto/RSA_set_method.pod @@ -115,22 +115,15 @@ the default method is used. /* RSA_FLAG_EXT_PKEY - rsa_mod_exp is called for private key * operations, even if p,q,dmp1,dmq1,iqmp * are NULL - * RSA_FLAG_SIGN_VER - enable rsa_sign and rsa_verify * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match */ int flags; char *app_data; /* ?? */ - /* sign. For backward compatibility, this is used only - * if (flags & RSA_FLAG_SIGN_VER) - */ int (*rsa_sign)(int type, const unsigned char *m, unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const RSA *rsa); - /* verify. For backward compatibility, this is used only - * if (flags & RSA_FLAG_SIGN_VER) - */ int (*rsa_verify)(int dtype, const unsigned char *m, unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, diff --git a/engines/e_capi.c b/engines/e_capi.c index b2ae577987..1e41b267e4 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -436,7 +436,7 @@ static RSA_METHOD capi_rsa_method = { 0, /* bn_mod_exp */ 0, /* init */ capi_rsa_free, /* finish */ - RSA_FLAG_SIGN_VER, /* flags */ + 0, /* flags */ NULL, /* app_data */ capi_rsa_sign, /* rsa_sign */ 0 /* rsa_verify */ diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 734a32767f..d47eeb179a 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -107,9 +107,7 @@ struct rsa_meth_st { * New sign and verify functions: some libraries don't allow arbitrary * data to be signed/verified: this allows them to be used. Note: for * this to work the RSA_public_decrypt() and RSA_private_encrypt() should - * *NOT* be used RSA_sign(), RSA_verify() should be used instead. Note: - * for backwards compatibility this functionality is only enabled if the - * RSA_FLAG_SIGN_VER option is set in 'flags'. + * *NOT* be used RSA_sign(), RSA_verify() should be used instead. */ int (*rsa_sign) (int type, const unsigned char *m, unsigned int m_length, @@ -195,12 +193,6 @@ struct rsa_st { */ # define RSA_FLAG_EXT_PKEY 0x0020 -/* - * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify - * functions. - */ -# define RSA_FLAG_SIGN_VER 0x0040 - /* * new with 0.9.6j and 0.9.7b; the built-in * RSA implementation now uses blinding by