APPS/pkeyutl: remove wrong check for -verifyrecover regarding too long sign/verify input

Fixed #25898 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25903)
2024-11-07 21:55:53 +01:00 · 2024-11-07 21:55:53 +01:00 · fe07cbf9c3
commit fe07cbf9c3
parent b10cfd93fd
2 changed files with 11 additions and 6 deletions
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@ -490,8 +490,7 @@ int pkeyutl_main(int argc, char **argv)

    /* Sanity check the input if the input is not raw */
    if (!rawin
-        && (pkey_op == EVP_PKEY_OP_SIGN || pkey_op == EVP_PKEY_OP_VERIFY
-            || pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) {
+        && (pkey_op == EVP_PKEY_OP_SIGN || pkey_op == EVP_PKEY_OP_VERIFY)) {
        if (buf_inlen > EVP_MAX_MD_SIZE) {
            BIO_printf(bio_err,
                       "Error: The non-raw input data length %d is too long - max supported hashed size is %d\n",
--- a/test/recipes/20-test_pkeyutl.t
+++ b/test/recipes/20-test_pkeyutl.t
@ -17,7 +17,7 @@ use File::Compare qw/compare_text compare/;

 setup("test_pkeyutl");

-plan tests => 23;
+plan tests => 24;

 # For the tests below we use the cert itself as the TBS file

@ -92,6 +92,7 @@ SKIP: {
                  "Verify an Ed448 signature against a piece of data, no -rawin");
 }

+my $sigfile;
 sub tsignverify {
    my $testtext = shift;
    my $privkey = shift;
@ -100,7 +101,7 @@ sub tsignverify {

    my $data_to_sign = srctop_file('test', 'data.bin');
    my $other_data = srctop_file('test', 'data2.bin');
-    my $sigfile = basename($privkey, '.pem') . '.sig';
+    $sigfile = basename($privkey, '.pem') . '.sig';

    my @args = ();
    plan tests => 5;
@ -149,7 +150,7 @@ sub tsignverify {
 }

 SKIP: {
-    skip "RSA is not supported by this OpenSSL build", 1
+    skip "RSA is not supported by this OpenSSL build", 3
        if disabled("rsa");

    subtest "RSA CLI signature generation and verification" => sub {
@ -159,6 +160,10 @@ SKIP: {
                    "-rawin", "-digest", "sha256");
    };

+    ok(run(app((['openssl', 'pkeyutl', '-verifyrecover', '-in', $sigfile,
+                 '-pubin', '-inkey', srctop_file('test', 'testrsapub.pem')]))),
+       "RSA: Verify signature with -verifyrecover");
+
    subtest "RSA CLI signature and verification with pkeyopt" => sub {
        tsignverify("RSA",
                    srctop_file("test","testrsa.pem"),
@ -166,6 +171,7 @@ SKIP: {
                    "-rawin", "-digest", "sha256",
                    "-pkeyopt", "rsa_padding_mode:pss");
    };
+
 }

 SKIP: {
@ -228,7 +234,7 @@ SKIP: {
 # openssl pkeyutl -decap -inkey rsa_priv.pem -in encap_out.bin -out decap_out.bin
 # decap_out is equal to secret
 SKIP: {
-    skip "RSA is not supported by this OpenSSL build", 3
+    skip "RSA is not supported by this OpenSSL build", 5
        if disabled("rsa");

    # Self-compat