From: Matt Caswell <matt@openssl.org>
Date: Thu, 29 Aug 2019 16:15:16 +0000 (+0100)
Subject: Fix pkeyutl -verifyrecover
X-Git-Tag: OpenSSL_1_1_1e~70
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=0efc1154e552ba736732424f128c1ef04d30731e;p=oweals%2Fopenssl.git

Fix pkeyutl -verifyrecover

When performing a pkeyutl -verifyrecover operation the input file is not
a hash - it is the signature itself. Therefore don't do the check to make
sure it looks like a hash.

Fixes #9658

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9731)

(cherry picked from commit 5ffc33244cd4d66e47dfa66ce89cb38d0f3074cc)
---

diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 2c4e524b69..ea779b6748 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -299,8 +299,7 @@ int pkeyutl_main(int argc, char **argv)
     /* Sanity check the input */
     if (buf_inlen > EVP_MAX_MD_SIZE
             && (pkey_op == EVP_PKEY_OP_SIGN
-                || pkey_op == EVP_PKEY_OP_VERIFY
-                || pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) {
+                || pkey_op == EVP_PKEY_OP_VERIFY)) {
         BIO_printf(bio_err,
                    "Error: The input data looks too long to be a hash\n");
         goto end;