summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dh
diff options
context:
space:
mode:
authortb <>2024-08-29 16:58:19 +0000
committertb <>2024-08-29 16:58:19 +0000
commitde7d0ab1c83083dedcf2e492963189bc2ba71ef0 (patch)
treeac80a4e15f4c62b0c198aacafcfe36bca5b92794 /src/lib/libcrypto/dh
parentdabf625eeca30be23d1bdf73a58eb6f7fd1bed35 (diff)
downloadopenbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.tar.gz
openbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.tar.bz2
openbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.zip
Remove the pkey_{,public_,param_}check() handlers
This disables the EVP_PKEY_*check() API and makes it fail (more precisely indicate lack of support) on all key types. This is an intermediate step to full removal. Removal is ok beck jsing
Diffstat (limited to 'src/lib/libcrypto/dh')
-rw-r--r--src/lib/libcrypto/dh/dh_ameth.c32
1 files changed, 1 insertions, 31 deletions
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
index d51a5bea4c..13141761d4 100644
--- a/src/lib/libcrypto/dh/dh_ameth.c
+++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_ameth.c,v 1.40 2024/01/04 17:01:26 tb Exp $ */ 1/* $OpenBSD: dh_ameth.c,v 1.41 2024/08/29 16:58:19 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -496,32 +496,6 @@ DHparams_print_fp(FILE *fp, const DH *x)
496} 496}
497LCRYPTO_ALIAS(DHparams_print_fp); 497LCRYPTO_ALIAS(DHparams_print_fp);
498 498
499static int
500dh_pkey_public_check(const EVP_PKEY *pkey)
501{
502 DH *dh = pkey->pkey.dh;
503
504 if (dh->pub_key == NULL) {
505 DHerror(DH_R_MISSING_PUBKEY);
506 return 0;
507 }
508
509 return DH_check_pub_key_ex(dh, dh->pub_key);
510}
511
512static int
513dh_pkey_param_check(const EVP_PKEY *pkey)
514{
515 DH *dh = pkey->pkey.dh;
516
517 /*
518 * It would have made more sense to support EVP_PKEY_check() for DH
519 * keys and call DH_check_ex() there and keeping this as a wrapper
520 * for DH_param_check_ex(). We follow OpenSSL's choice.
521 */
522 return DH_check_ex(dh);
523}
524
525const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { 499const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
526 .base_method = &dh_asn1_meth, 500 .base_method = &dh_asn1_meth,
527 .pkey_id = EVP_PKEY_DH, 501 .pkey_id = EVP_PKEY_DH,
@@ -550,8 +524,4 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
550 .param_print = dh_param_print, 524 .param_print = dh_param_print,
551 525
552 .pkey_free = dh_free, 526 .pkey_free = dh_free,
553
554 .pkey_check = NULL,
555 .pkey_public_check = dh_pkey_public_check,
556 .pkey_param_check = dh_pkey_param_check,
557}; 527};