Google Git
Sign in
boringssl/boringssl.git/75a1dd0dbe655c0ea0d29f8c052de55f389dce69^!/.
commit
75a1dd0dbe655c0ea0d29f8c052de55f389dce69
[log]
author
David Benjamin <davidben@chromium.org>
Thu Oct 09 13:04:29 2014 -0400
committer
Adam Langley <agl@google.com>
Thu Oct 09 21:07:32 2014 +0000
tree
699fb39a2e36074c57acf51bc722901b634cdc51
parent
f4b495271901e9850612d99ded4a6b0aec2e7bea [diff]
Remove EVP_PKEY_CTX case in rsa_pss_to_ctx.

We only ever use the EVP_PKEY case, not the EVP_PKEY_CTX one.

Change-Id: Ibead854f793663da0a9e474599507d9c3ff920cb
Reviewed-on: https://boringssl-review.googlesource.com/1915
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/evp/p_rsa_asn1.c b/crypto/evp/p_rsa_asn1.c
index b8d4a37..1bb69f3 100644
--- a/crypto/evp/p_rsa_asn1.c
+++ b/crypto/evp/p_rsa_asn1.c

@@ -583,16 +583,14 @@
   return NULL;
 }
 
-/* From PSS AlgorithmIdentifier set public key parameters. If pkey
- * isn't NULL then the EVP_MD_CTX is setup and initalised. If it
- * is NULL parameters are passed to pkctx instead. */
-static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
-                          X509_ALGOR *sigalg, EVP_PKEY *pkey) {
+/* From PSS AlgorithmIdentifier set public key parameters. */
+static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, EVP_PKEY *pkey) {
   int ret = 0;
   int saltlen;
   const EVP_MD *mgf1md = NULL, *md = NULL;
   RSA_PSS_PARAMS *pss;
   X509_ALGOR *maskHash;
+  EVP_PKEY_CTX *pkctx;
 
   /* Sanity check: make sure it is PSS */
   if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
@@ -634,22 +632,8 @@
     goto err;
   }
 
-  if (pkey) {
-    if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey)) {
-      goto err;
-    }
-  } else {
-    const EVP_MD *checkmd;
-    if (EVP_PKEY_CTX_get_signature_md(pkctx, &checkmd) <= 0) {
-      goto err;
-    }
-    if (EVP_MD_type(md) != EVP_MD_type(checkmd)) {
-      OPENSSL_PUT_ERROR(EVP, rsa_pss_to_ctx, EVP_R_DIGEST_DOES_NOT_MATCH);
-      goto err;
-    }
-  }
-
-  if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0 ||
+  if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey) ||
+      EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0 ||
       EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0 ||
       EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) {
     goto err;
@@ -676,7 +660,7 @@
     OPENSSL_PUT_ERROR(EVP, rsa_item_verify, EVP_R_UNSUPPORTED_SIGNATURE_TYPE);
     return -1;
   }
-  if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey)) {
+  if (rsa_pss_to_ctx(ctx, sigalg, pkey)) {
     /* Carry on */
     return 2;
   }