diff options
| author | David Benjamin <davidben@chromium.org> | 2014-11-01 12:49:35 -0400 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-11-04 00:27:19 +0000 |
| commit | 2a0ee112c4a9cef8209a416602858444cf0eba77 (patch) | |
| tree | b474c9006533e7fe1a87df9e94905ac9d9dd4fdf | |
| parent | a0ca1b742f426abd879adea8567fa1c9a774447e (diff) | |
| download | src-2a0ee112c4a9cef8209a416602858444cf0eba77.tar.gz | |
Remove remnants of EVP_MD_FLAG_PKEY_METHOD_SIGNATURE.
Some archaeology: it was added in upstream's
ee1d9ec019a7584482bd95891404f1cad66a4a0a. This seems to come from upstream's
arrangement where an EVP_MD can specify both the signing algorithm and the
message digest. (Most of the usual hash algorithms were tied to RSA.)
The flag is set on EVP_MDs that should use the EVP_PKEY's method table in
EVP_Sign* rather than the one attached to the EVP_MD (there's also
required_pkey_type to filter on EVP_PKEY to prevent a mismatch). Without the
flag, the old codepath is hit where they're tied together.
Interestingly, EVP_md5 does not have the flag, but I suppose this is because no
one would sign ECDSA + MD5. EVP_DigestSign* also postdates this and doesn't use
the legacy mechanism anyway. Upstream also has, e.g., EVP_ecdsa(). Although
those too have since also gained the flag in
bce1af776247fee153223ea156228810779483ce.
Let's get rid of these TODOs. We don't have the old codepath. It's unclear if
upstream really does either at this point.
Note: EVP_PKEY_RSA_method in upstream is actually a macro that expands to three
fields, which is why it's so difficult to figure out what's going on with those
structs.
Change-Id: I1aea4d3f79f1eb1755063bb96c1c65276c6e3643
Reviewed-on: https://boringssl-review.googlesource.com/2122
Reviewed-by: Adam Langley <agl@google.com>
| -rw-r--r-- | crypto/evp/sign.c | 11 |
1 files changed, 0 insertions, 11 deletions
diff --git a/crypto/evp/sign.c b/crypto/evp/sign.c index c32e5ce..1faf7c6 100644 --- a/crypto/evp/sign.c +++ b/crypto/evp/sign.c @@ -91,12 +91,6 @@ int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig, } EVP_MD_CTX_cleanup(&tmp_ctx); -/* TODO(fork): this used to be used only with SHA-family hashes. Now we've - * removed the flag completely. Why was it added for just those hashes? */ -#if 0 - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { -#endif - pkctx = EVP_PKEY_CTX_new(pkey, NULL); if (!pkctx || EVP_PKEY_sign_init(pkctx) <= 0 || EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0 || @@ -142,11 +136,6 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig, size_t sig_len, } EVP_MD_CTX_cleanup(&tmp_ctx); -/* TODO(fork): this used to be used only with SHA-family hashes. Now we've - * removed the flag completely. Why was it added for just those hashes? */ -#if 0 - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { -#endif pkctx = EVP_PKEY_CTX_new(pkey, NULL); if (!pkctx || EVP_PKEY_verify_init(pkctx) <= 0 || |