Remove HMAC PRIVATE KEY support

This is an undocumented feature of openssl genpkey for testing purposes. Emilia removed support for this 'bogus private key format' from OpenSSL in 2017 in commit c26f655fdd18ac19016c1c0496105f5256a1e84d. ok jsing
author: tb <> 2022-11-19 04:32:49 +0000
committer: tb <> 2022-11-19 04:32:49 +0000
commit: 20f343279cc3fa9330806f533c4e43196fca6f81 (patch)
tree: e0ed8bb4bac8d652b68efc1bd525f85b8bcbb8d5
parent: 56bbf4102673c77ee6fb342c6a79ef36eddaacf7 (diff)
download: openbsd-20f343279cc3fa9330806f533c4e43196fca6f81.tar.gz
openbsd-20f343279cc3fa9330806f533c4e43196fca6f81.tar.bz2
openbsd-20f343279cc3fa9330806f533c4e43196fca6f81.zip
1 files changed, 1 insertions, 64 deletions
diff --git a/src/lib/libcrypto/hmac/hm_ameth.c b/src/lib/libcrypto/hmac/hm_ameth.c
index 818fec7d39..dfd7169ba0 100644
--- a/src/lib/libcrypto/hmac/hm_ameth.c
+++ b/src/lib/libcrypto/hmac/hm_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hm_ameth.c,v 1.16 2022/11/18 20:03:36 tb Exp $ */
+/* $OpenBSD: hm_ameth.c,v 1.17 2022/11/19 04:32:49 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2007.
 */
@@ -68,13 +68,6 @@
 #include "evp_locl.h"
 #include "hmac_local.h"
-#define HMAC_TEST_PRIVATE_KEY_FORMAT
-/* HMAC "ASN1" method. This is just here to indicate the
- * maximum HMAC output length and to free up an HMAC
- * key.
- */
 static int
 hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
 {
@@ -157,57 +150,6 @@ hmac_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv, size_t *len)
        return CBS_write_bytes(&cbs, priv, *len, len);
 }
-#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
-/* A bogus private key format for test purposes. This is simply the
- * HMAC key with "HMAC PRIVATE KEY" in the headers. When enabled the
- * genpkey utility can be used to "generate" HMAC keys.
- */
-static int
-old_hmac_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
-{
-        ASN1_OCTET_STRING *os;
-        os = ASN1_OCTET_STRING_new();
-        if (os == NULL)
-                goto err;
-        if (ASN1_OCTET_STRING_set(os, *pder, derlen) == 0)
-                goto err;
-        if (EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os) == 0)
-                goto err;
-        return 1;
-err:
-        ASN1_OCTET_STRING_free(os);
-        return 0;
-}
-static int
-old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder)
-{
-        int inc;
-        ASN1_OCTET_STRING *os = pkey->pkey.ptr;
-        if (pder) {
-                if (!*pder) {
-                        *pder = malloc(os->length);
-                        if (*pder == NULL)
-                                return -1;
-                        inc = 0;
-                } else
-                        inc = 1;
-                memcpy(*pder, os->data, os->length);
-                if (inc)
-                        *pder += os->length;
-        }
-        return os->length;
-}
-#endif
 const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
        .pkey_id = EVP_PKEY_HMAC,
        .pkey_base_id = EVP_PKEY_HMAC,
@@ -222,11 +164,6 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
        .pkey_free = hmac_key_free,
        .pkey_ctrl = hmac_pkey_ctrl,
-#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
-        .old_priv_decode = old_hmac_decode,
-        .old_priv_encode = old_hmac_encode,
-#endif
        .set_priv_key = hmac_set_priv_key,
        .get_priv_key = hmac_get_priv_key,
 };
author	tb <>	2022-11-19 04:32:49 +0000
committer	tb <>	2022-11-19 04:32:49 +0000
commit	20f343279cc3fa9330806f533c4e43196fca6f81 (patch)
tree	e0ed8bb4bac8d652b68efc1bd525f85b8bcbb8d5
parent	56bbf4102673c77ee6fb342c6a79ef36eddaacf7 (diff)
download	openbsd-20f343279cc3fa9330806f533c4e43196fca6f81.tar.gz openbsd-20f343279cc3fa9330806f533c4e43196fca6f81.tar.bz2 openbsd-20f343279cc3fa9330806f533c4e43196fca6f81.zip

diff --git a/src/lib/libcrypto/hmac/hm_ameth.c b/src/lib/libcrypto/hmac/hm_ameth.c index 818fec7d39..dfd7169ba0 100644 --- a/src/lib/libcrypto/hmac/hm_ameth.c +++ b/src/lib/libcrypto/hmac/hm_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: hm_ameth.c,v 1.16 2022/11/18 20:03:36 tb Exp $ */	1	/* $OpenBSD: hm_ameth.c,v 1.17 2022/11/19 04:32:49 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2007.	3	* project 2007.
4	*/	4	*/
@@ -68,13 +68,6 @@
68	#include "evp_locl.h"	68	#include "evp_locl.h"
69	#include "hmac_local.h"	69	#include "hmac_local.h"
70		70
71	#define HMAC_TEST_PRIVATE_KEY_FORMAT
72
73	/* HMAC "ASN1" method. This is just here to indicate the
74	* maximum HMAC output length and to free up an HMAC
75	* key.
76	*/
77
78	static int	71	static int
79	hmac_pkey_public_cmp(const EVP_PKEY a, const EVP_PKEY b)	72	hmac_pkey_public_cmp(const EVP_PKEY a, const EVP_PKEY b)
80	{	73	{
@@ -157,57 +150,6 @@ hmac_get_priv_key(const EVP_PKEY pkey, unsigned char priv, size_t *len)
157	return CBS_write_bytes(&cbs, priv, *len, len);	150	return CBS_write_bytes(&cbs, priv, *len, len);
158	}	151	}
159		152
160	#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
161	/* A bogus private key format for test purposes. This is simply the
162	* HMAC key with "HMAC PRIVATE KEY" in the headers. When enabled the
163	* genpkey utility can be used to "generate" HMAC keys.
164	*/
165
166	static int
167	old_hmac_decode(EVP_PKEY pkey, const unsigned char *pder, int derlen)
168	{
169	ASN1_OCTET_STRING *os;
170
171	os = ASN1_OCTET_STRING_new();
172	if (os == NULL)
173	goto err;
174	if (ASN1_OCTET_STRING_set(os, *pder, derlen) == 0)
175	goto err;
176	if (EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os) == 0)
177	goto err;
178	return 1;
179
180	err:
181	ASN1_OCTET_STRING_free(os);
182	return 0;
183	}
184
185	static int
186	old_hmac_encode(const EVP_PKEY pkey, unsigned char *pder)
187	{
188	int inc;
189	ASN1_OCTET_STRING *os = pkey->pkey.ptr;
190
191	if (pder) {
192	if (!*pder) {
193	*pder = malloc(os->length);
194	if (*pder == NULL)
195	return -1;
196	inc = 0;
197	} else
198	inc = 1;
199
200	memcpy(*pder, os->data, os->length);
201
202	if (inc)
203	*pder += os->length;
204	}
205
206	return os->length;
207	}
208
209	#endif
210
211	const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {	153	const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
212	.pkey_id = EVP_PKEY_HMAC,	154	.pkey_id = EVP_PKEY_HMAC,
213	.pkey_base_id = EVP_PKEY_HMAC,	155	.pkey_base_id = EVP_PKEY_HMAC,
@@ -222,11 +164,6 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
222	.pkey_free = hmac_key_free,	164	.pkey_free = hmac_key_free,
223	.pkey_ctrl = hmac_pkey_ctrl,	165	.pkey_ctrl = hmac_pkey_ctrl,
224		166
225	#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
226	.old_priv_decode = old_hmac_decode,
227	.old_priv_encode = old_hmac_encode,
228	#endif
229
230	.set_priv_key = hmac_set_priv_key,	167	.set_priv_key = hmac_set_priv_key,
231	.get_priv_key = hmac_get_priv_key,	168	.get_priv_key = hmac_get_priv_key,
232	};	169	};