Remove RSA_FLAG_SIGN_VER flag.

Remove RSA_FLAG_SIGN_VER: this was origininally used to retain binary
compatibility after RSA_METHOD was extended to include rsa_sign and
rsa_verify fields. It is no longer needed.

Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 9f4649aef963e254881e8f06264ab8e9ad00c633..3aea4e4bdd5622db0d8754fc6abe1fa3c84a155e 100644 (file)
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -77,7 +77,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
     const unsigned char *s = NULL;
     X509_ALGOR algor;
     ASN1_OCTET_STRING digest;
-    if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
+    if (rsa->meth->rsa_sign) {
         return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
     }
     /* Special case: SSL signature, just check the length */
@@ -271,7 +271,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
                const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
 {
 
-    if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
+    if (rsa->meth->rsa_verify) {
         return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
     }
 

diff --git a/doc/crypto/RSA_set_method.pod b/doc/crypto/RSA_set_method.pod
index 5191844e72477644328a0127e5b327372fe2a045..d09fed22acea08465224443d2f5e95cd8cefcdcc 100644 (file)
--- a/doc/crypto/RSA_set_method.pod
+++ b/doc/crypto/RSA_set_method.pod
@@ -115,22 +115,15 @@ the default method is used.
      /* RSA_FLAG_EXT_PKEY        - rsa_mod_exp is called for private key
       *                            operations, even if p,q,dmp1,dmq1,iqmp
       *                            are NULL
-      * RSA_FLAG_SIGN_VER        - enable rsa_sign and rsa_verify
       * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
       */
        int flags;
 
        char *app_data; /* ?? */
 
-     /* sign. For backward compatibility, this is used only
-      * if (flags & RSA_FLAG_SIGN_VER)
-      */
        int (*rsa_sign)(int type,
                const unsigned char *m, unsigned int m_length,
                unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-     /* verify. For backward compatibility, this is used only
-      * if (flags & RSA_FLAG_SIGN_VER)
-      */
        int (*rsa_verify)(int dtype,
                const unsigned char *m, unsigned int m_length,
                const unsigned char *sigbuf, unsigned int siglen,

diff --git a/engines/e_capi.c b/engines/e_capi.c
index b2ae577987d6e96bd6c9cc73546553b1d56af4eb..1e41b267e431360da26535518e070e616fa702fe 100644 (file)
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -436,7 +436,7 @@ static RSA_METHOD capi_rsa_method = {
     0,                          /* bn_mod_exp */
     0,                          /* init */
     capi_rsa_free,              /* finish */
-    RSA_FLAG_SIGN_VER,          /* flags */
+    0,                          /* flags */
     NULL,                       /* app_data */
     capi_rsa_sign,              /* rsa_sign */
     0                           /* rsa_verify */

diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 734a32767ffb7a853d02a6ae8ea6e5380863792a..d47eeb179a69df453c3674f02d363bf18ba36ea8 100644 (file)
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -107,9 +107,7 @@ struct rsa_meth_st {
      * New sign and verify functions: some libraries don't allow arbitrary
      * data to be signed/verified: this allows them to be used. Note: for
      * this to work the RSA_public_decrypt() and RSA_private_encrypt() should
-     * *NOT* be used RSA_sign(), RSA_verify() should be used instead. Note:
-     * for backwards compatibility this functionality is only enabled if the
-     * RSA_FLAG_SIGN_VER option is set in 'flags'.
+     * *NOT* be used RSA_sign(), RSA_verify() should be used instead.
      */
     int (*rsa_sign) (int type,
                      const unsigned char *m, unsigned int m_length,
@@ -195,12 +193,6 @@ struct rsa_st {
  */
 # define RSA_FLAG_EXT_PKEY               0x0020
 
-/*
- * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify
- * functions.
- */
-# define RSA_FLAG_SIGN_VER               0x0040
-
 /*
  * new with 0.9.6j and 0.9.7b; the built-in
  * RSA implementation now uses blinding by