diff options
author | tb <> | 2024-08-29 16:58:19 +0000 |
---|---|---|
committer | tb <> | 2024-08-29 16:58:19 +0000 |
commit | de7d0ab1c83083dedcf2e492963189bc2ba71ef0 (patch) | |
tree | ac80a4e15f4c62b0c198aacafcfe36bca5b92794 /src/lib/libcrypto/dh | |
parent | dabf625eeca30be23d1bdf73a58eb6f7fd1bed35 (diff) | |
download | openbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.tar.gz openbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.tar.bz2 openbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.zip |
Remove the pkey_{,public_,param_}check() handlers
This disables the EVP_PKEY_*check() API and makes it fail (more precisely
indicate lack of support) on all key types.
This is an intermediate step to full removal.
Removal is ok beck jsing
Diffstat (limited to 'src/lib/libcrypto/dh')
-rw-r--r-- | src/lib/libcrypto/dh/dh_ameth.c | 32 |
1 files changed, 1 insertions, 31 deletions
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c index d51a5bea4c..13141761d4 100644 --- a/src/lib/libcrypto/dh/dh_ameth.c +++ b/src/lib/libcrypto/dh/dh_ameth.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: dh_ameth.c,v 1.40 2024/01/04 17:01:26 tb Exp $ */ | 1 | /* $OpenBSD: dh_ameth.c,v 1.41 2024/08/29 16:58:19 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 2006. | 3 | * project 2006. |
4 | */ | 4 | */ |
@@ -496,32 +496,6 @@ DHparams_print_fp(FILE *fp, const DH *x) | |||
496 | } | 496 | } |
497 | LCRYPTO_ALIAS(DHparams_print_fp); | 497 | LCRYPTO_ALIAS(DHparams_print_fp); |
498 | 498 | ||
499 | static int | ||
500 | dh_pkey_public_check(const EVP_PKEY *pkey) | ||
501 | { | ||
502 | DH *dh = pkey->pkey.dh; | ||
503 | |||
504 | if (dh->pub_key == NULL) { | ||
505 | DHerror(DH_R_MISSING_PUBKEY); | ||
506 | return 0; | ||
507 | } | ||
508 | |||
509 | return DH_check_pub_key_ex(dh, dh->pub_key); | ||
510 | } | ||
511 | |||
512 | static int | ||
513 | dh_pkey_param_check(const EVP_PKEY *pkey) | ||
514 | { | ||
515 | DH *dh = pkey->pkey.dh; | ||
516 | |||
517 | /* | ||
518 | * It would have made more sense to support EVP_PKEY_check() for DH | ||
519 | * keys and call DH_check_ex() there and keeping this as a wrapper | ||
520 | * for DH_param_check_ex(). We follow OpenSSL's choice. | ||
521 | */ | ||
522 | return DH_check_ex(dh); | ||
523 | } | ||
524 | |||
525 | const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { | 499 | const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { |
526 | .base_method = &dh_asn1_meth, | 500 | .base_method = &dh_asn1_meth, |
527 | .pkey_id = EVP_PKEY_DH, | 501 | .pkey_id = EVP_PKEY_DH, |
@@ -550,8 +524,4 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { | |||
550 | .param_print = dh_param_print, | 524 | .param_print = dh_param_print, |
551 | 525 | ||
552 | .pkey_free = dh_free, | 526 | .pkey_free = dh_free, |
553 | |||
554 | .pkey_check = NULL, | ||
555 | .pkey_public_check = dh_pkey_public_check, | ||
556 | .pkey_param_check = dh_pkey_param_check, | ||
557 | }; | 527 | }; |