Fix pkeyutl -verifyrecover
authorMatt Caswell <matt@openssl.org>
Thu, 29 Aug 2019 16:15:16 +0000 (17:15 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 30 Aug 2019 08:42:17 +0000 (09:42 +0100)
When performing a pkeyutl -verifyrecover operation the input file is not
a hash - it is the signature itself. Therefore don't do the check to make
sure it looks like a hash.

Fixes #9658

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9731)

apps/pkeyutl.c

index c8cac0d676afb69b5ca30acdc3e14a803a26239e..6b012211e429c710ee11365198438a8a865d37b3 100644 (file)
@@ -398,8 +398,7 @@ int pkeyutl_main(int argc, char **argv)
     if (!rawin
             && buf_inlen > EVP_MAX_MD_SIZE
             && (pkey_op == EVP_PKEY_OP_SIGN
-                || pkey_op == EVP_PKEY_OP_VERIFY
-                || pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) {
+                || pkey_op == EVP_PKEY_OP_VERIFY)) {
         BIO_printf(bio_err,
                    "Error: The input data looks too long to be a hash\n");
         goto end;