APPS/pkeyutl: remove wrong check for -verifyrecover regarding too long sign/verify...

Fixed #25898

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25903)

diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index ca2575bc179cbe0eb3e45c2d020f1f0a228c7461..64c5d5871a69d12612a1bb8dcd563f1c4224160d 100644 (file)
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -490,8 +490,7 @@ int pkeyutl_main(int argc, char **argv)
 
     /* Sanity check the input if the input is not raw */
     if (!rawin
-        && (pkey_op == EVP_PKEY_OP_SIGN || pkey_op == EVP_PKEY_OP_VERIFY
-            || pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) {
+        && (pkey_op == EVP_PKEY_OP_SIGN || pkey_op == EVP_PKEY_OP_VERIFY)) {
         if (buf_inlen > EVP_MAX_MD_SIZE) {
             BIO_printf(bio_err,
                        "Error: The non-raw input data length %d is too long - max supported hashed size is %d\n",

diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t
index d78e74d38abdc3392084d9897aab9e7be30ad131..abdbac7541299673a41b17f2d969f5d01dc0d28e 100644 (file)
--- a/test/recipes/20-test_pkeyutl.t
+++ b/test/recipes/20-test_pkeyutl.t
@@ -17,7 +17,7 @@ use File::Compare qw/compare_text compare/;
 
 setup("test_pkeyutl");
 
-plan tests => 23;
+plan tests => 24;
 
 # For the tests below we use the cert itself as the TBS file
 
@@ -92,6 +92,7 @@ SKIP: {
                   "Verify an Ed448 signature against a piece of data, no -rawin");
 }
 
+my $sigfile;
 sub tsignverify {
     my $testtext = shift;
     my $privkey = shift;
@@ -100,7 +101,7 @@ sub tsignverify {
 
     my $data_to_sign = srctop_file('test', 'data.bin');
     my $other_data = srctop_file('test', 'data2.bin');
-    my $sigfile = basename($privkey, '.pem') . '.sig';
+    $sigfile = basename($privkey, '.pem') . '.sig';
 
     my @args = ();
     plan tests => 5;
@@ -149,7 +150,7 @@ sub tsignverify {
 }
 
 SKIP: {
-    skip "RSA is not supported by this OpenSSL build", 1
+    skip "RSA is not supported by this OpenSSL build", 3
         if disabled("rsa");
 
     subtest "RSA CLI signature generation and verification" => sub {
@@ -159,6 +160,10 @@ SKIP: {
                     "-rawin", "-digest", "sha256");
     };
 
+    ok(run(app((['openssl', 'pkeyutl', '-verifyrecover', '-in', $sigfile,
+                 '-pubin', '-inkey', srctop_file('test', 'testrsapub.pem')]))),
+       "RSA: Verify signature with -verifyrecover");
+
     subtest "RSA CLI signature and verification with pkeyopt" => sub {
         tsignverify("RSA",
                     srctop_file("test","testrsa.pem"),
@@ -166,6 +171,7 @@ SKIP: {
                     "-rawin", "-digest", "sha256",
                     "-pkeyopt", "rsa_padding_mode:pss");
     };
+
 }
 
 SKIP: {
@@ -228,7 +234,7 @@ SKIP: {
 # openssl pkeyutl -decap -inkey rsa_priv.pem -in encap_out.bin -out decap_out.bin
 # decap_out is equal to secret
 SKIP: {
-    skip "RSA is not supported by this OpenSSL build", 3
+    skip "RSA is not supported by this OpenSSL build", 5
         if disabled("rsa");
 
     # Self-compat