mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-27 06:21:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
bbaddbc068
openssl/include
History
Richard Levitte bbaddbc068 X509: Refactor X509_verify() and X509_REQ_verify() for better streamlining 
The solution to incorporate the SM2 identity processing was an off
the side hack that more or less duplicated the ASN1_item_verify()
code with just a few lines being different.  We replace this with
a new function ASN1_item_verify_ctx(), which takes an EVP_MD_CTX
pointer instead of an EVP_PKEY pointer, just like its sibling
ASN1_item_sign_ctx().

This allows us to refactor X509_verify() and X509_REQ_verify() to
simply create a local EVP_MD_CTX and an attached EVP_PKEY_CTX,
which gets to hold the SM2 identity, if there is one, and then let
ASN1_item_verify_ctx() to its job.

This will also make it easier to adapt ASN1_item_verify_ctx() for
provider based keys.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10942)
2020-02-02 12:04:00 +01:00
..
crypto Add support for DH 'modp' group parameters (RFC 3526) 2020-01-31 08:18:46 +10:00
internal Add support for DH 'modp' group parameters (RFC 3526) 2020-01-31 08:18:46 +10:00
openssl X509: Refactor X509_verify() and X509_REQ_verify() for better streamlining 2020-02-02 12:04:00 +01:00