Reverse the changes made to openssl plugin for signature verification

1 files changed, 0 insertions, 60 deletions

diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index 00f131423..a24bae5d6 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -116,64 +116,6 @@ error:
 	return valid;
 }
 
-/**
- * Verification of an EMPSA PKCS1 signature described in PKCS#1
- */
-static bool verify_signature(private_openssl_rsa_public_key_t *this,
-										int type, chunk_t data, chunk_t signature)
-{
-	bool valid = FALSE;
-	int rsa_size = RSA_size(this->rsa);
-
-	/* OpenSSL expects a signature of exactly RSA size (no leading 0x00) */
-	if (signature.len > rsa_size)
-	{
-		signature = chunk_skip(signature, signature.len - rsa_size);
-	}
-
-	if (type == NID_undef)
-	{
-		chunk_t hash = chunk_alloc(rsa_size);
-
-		hash.len = RSA_public_decrypt(signature.len, signature.ptr, hash.ptr,
-									  this->rsa, RSA_PKCS1_PADDING);
-		valid = chunk_equals(data, hash);
-		free(hash.ptr);
-	}
-	else
-	{
-		EVP_PKEY *key;
-		RSA *rsa = NULL;
-
-		key = EVP_PKEY_new();
-		if (!EVP_PKEY_set1_RSA(key, this->rsa))
-		{
-			goto error;
-		}
-		rsa = EVP_PKEY_get1_RSA(key);
-		if (!rsa)
-		{
-			goto error;
-		}
-
-		valid = (RSA_verify(type, data.ptr, data.len,
-							signature.ptr, signature.len, rsa) == 1);
-
-error:
-		if (key)
-		{
-			EVP_PKEY_free(key);
-		}
-		if (rsa)
-		{
-			RSA_free(rsa);
-		}
-	}
-
-	return valid;
-}
-
-
 METHOD(public_key_t, get_type, key_type_t,
 	private_openssl_rsa_public_key_t *this)
 {
@@ -186,8 +128,6 @@ METHOD(public_key_t, verify, bool,
 {
 	switch (scheme)
 	{
-		case SIGN_RSA_SHA1:
-			return verify_signature(this, NID_sha1, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_NULL:
 			return verify_emsa_pkcs1_signature(this, NID_undef, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA1: