early-access version 2698

externals/libressl/crypto/evp/p_verify.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p_verify.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: p_verify.c,v 1.15 2022/01/14 08:38:06 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -63,15 +63,17 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
+#include "evp_locl.h"
+
 int
 EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
     unsigned int siglen, EVP_PKEY *pkey)
 {
 	unsigned char m[EVP_MAX_MD_SIZE];
 	unsigned int m_len;
-	int i = 0, ok = 0, v;
 	EVP_MD_CTX tmp_ctx;
 	EVP_PKEY_CTX *pkctx = NULL;
+	int ret = 0;
 
 	EVP_MD_CTX_init(&tmp_ctx);
 	if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
@@ -80,39 +82,16 @@ EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
 		goto err;
 	EVP_MD_CTX_cleanup(&tmp_ctx);
 
-	if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
-		i = -1;
-		pkctx = EVP_PKEY_CTX_new(pkey, NULL);
-		if (!pkctx)
-			goto err;
-		if (EVP_PKEY_verify_init(pkctx) <= 0)
-			goto err;
-		if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
-			goto err;
-		i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
-err:
-		EVP_PKEY_CTX_free(pkctx);
-		return i;
-	}
+	ret = -1;
+	if ((pkctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL)
+		goto err;
+	if (EVP_PKEY_verify_init(pkctx) <= 0)
+		goto err;
+	if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
+		goto err;
+	ret = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
 
-	for (i = 0; i < 4; i++) {
-		v = ctx->digest->required_pkey_type[i];
-		if (v == 0)
-			break;
-		if (pkey->type == v) {
-			ok = 1;
-			break;
-		}
-	}
-	if (!ok) {
-		EVPerror(EVP_R_WRONG_PUBLIC_KEY_TYPE);
-		return (-1);
-	}
-	if (ctx->digest->verify == NULL) {
-		EVPerror(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
-		return (0);
-	}
-
-	return(ctx->digest->verify(ctx->digest->type, m, m_len,
-	    sigbuf, siglen, pkey->pkey.ptr));
+ err:
+	EVP_PKEY_CTX_free(pkctx);
+	return ret;
 }