Reverse the changes made to openssl plugin for signature verification

3 files changed, 0 insertions, 63 deletions

diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index 9c59ba798..37bba77d1 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -26,7 +26,6 @@ ENUM(key_type_names, KEY_ANY, KEY_DSA,
 
 ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521,
 	"UNKNOWN",
-	"RSA_SHA1"
 	"RSA_EMSA_PKCS1_NULL",
 	"RSA_EMSA_PKCS1_MD5",
 	"RSA_EMSA_PKCS1_SHA1",
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index 303d0b592..fdbe17f2c 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -60,8 +60,6 @@ extern enum_name_t *key_type_names;
 enum signature_scheme_t {
 	/** Unknown signature scheme                                       */
 	SIGN_UNKNOWN,
-	/** Generic PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1  */
-	SIGN_RSA_SHA1,
 	/** EMSA-PKCS1_v1.5 signature over digest without digestInfo       */
 	SIGN_RSA_EMSA_PKCS1_NULL,
 	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5       */
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index 00f131423..a24bae5d6 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -116,64 +116,6 @@ error:
 	return valid;
 }
 
-/**
- * Verification of an EMPSA PKCS1 signature described in PKCS#1
- */
-static bool verify_signature(private_openssl_rsa_public_key_t *this,
-										int type, chunk_t data, chunk_t signature)
-{
-	bool valid = FALSE;
-	int rsa_size = RSA_size(this->rsa);
-
-	/* OpenSSL expects a signature of exactly RSA size (no leading 0x00) */
-	if (signature.len > rsa_size)
-	{
-		signature = chunk_skip(signature, signature.len - rsa_size);
-	}
-
-	if (type == NID_undef)
-	{
-		chunk_t hash = chunk_alloc(rsa_size);
-
-		hash.len = RSA_public_decrypt(signature.len, signature.ptr, hash.ptr,
-									  this->rsa, RSA_PKCS1_PADDING);
-		valid = chunk_equals(data, hash);
-		free(hash.ptr);
-	}
-	else
-	{
-		EVP_PKEY *key;
-		RSA *rsa = NULL;
-
-		key = EVP_PKEY_new();
-		if (!EVP_PKEY_set1_RSA(key, this->rsa))
-		{
-			goto error;
-		}
-		rsa = EVP_PKEY_get1_RSA(key);
-		if (!rsa)
-		{
-			goto error;
-		}
-
-		valid = (RSA_verify(type, data.ptr, data.len,
-							signature.ptr, signature.len, rsa) == 1);
-
-error:
-		if (key)
-		{
-			EVP_PKEY_free(key);
-		}
-		if (rsa)
-		{
-			RSA_free(rsa);
-		}
-	}
-
-	return valid;
-}
-
-
 METHOD(public_key_t, get_type, key_type_t,
 	private_openssl_rsa_public_key_t *this)
 {
@@ -186,8 +128,6 @@ METHOD(public_key_t, verify, bool,
 {
 	switch (scheme)
 	{
-		case SIGN_RSA_SHA1:
-			return verify_signature(this, NID_sha1, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_NULL:
 			return verify_emsa_pkcs1_signature(this, NID_undef, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA1: