Remove EVP_PKEY_*check again

This API turned out to be a really bad idea. OpenSSL 3 extended it, with
the result that basically every key type had its own DoS issues fixed in
a recent security release. We eschewed these by having some upper bounds
that kick in when keys get insanely large.

Initially added on tobhe's request who fortunately never used it in iked,
this was picked up only by ruby/openssl (one of the rare projects doing
proper configure checks rather than branching on VERSION defines) and of
course xca, since it uses everything it can. So it was easy to get rid of
this again.

ok beck jsing

1 files changed, 1 insertions, 29 deletions

diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c
index 415690cd0e..bc1c5bd7d2 100644
--- a/src/lib/libcrypto/evp/pmeth_gn.c
+++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_gn.c,v 1.20 2024/08/29 16:58:19 tb Exp $ */
+/* $OpenBSD: pmeth_gn.c,v 1.21 2024/08/31 09:14:21 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -225,31 +225,3 @@ merr:
         return mac_key;
 }
 LCRYPTO_ALIAS(EVP_PKEY_new_mac_key);
-
-/*
- * XXX - remove the API below in the next bump.
- */
-
-int
-EVP_PKEY_check(EVP_PKEY_CTX *ctx)
-{
-        EVPerror(ERR_R_DISABLED);
-        return -2;
-}
-LCRYPTO_ALIAS(EVP_PKEY_check);
-
-int
-EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
-{
-        EVPerror(ERR_R_DISABLED);
-        return -2;
-}
-LCRYPTO_ALIAS(EVP_PKEY_public_check);
-
-int
-EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
-{
-        EVPerror(ERR_R_DISABLED);
-        return -2;
-}
-LCRYPTO_ALIAS(EVP_PKEY_param_check);