Remove the pkey_{,public_,param_}check() handlers

This disables the EVP_PKEY_*check() API and makes it fail (more precisely indicate lack of support) on all key types. This is an intermediate step to full removal. Removal is ok beck jsing
author: tb <> 2024-08-29 16:58:19 +0000
committer: tb <> 2024-08-29 16:58:19 +0000
commit: de7d0ab1c83083dedcf2e492963189bc2ba71ef0 (patch)
tree: ac80a4e15f4c62b0c198aacafcfe36bca5b92794 /src/lib/libcrypto/evp
parent: dabf625eeca30be23d1bdf73a58eb6f7fd1bed35 (diff)
download: openbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.tar.gz
openbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.tar.bz2
openbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.zip
2 files changed, 12 insertions, 58 deletions
diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h
index 5d541ffec4..54cd65d0af 100644
--- a/src/lib/libcrypto/evp/evp_local.h
+++ b/src/lib/libcrypto/evp/evp_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_local.h,v 1.24 2024/08/28 07:15:04 tb Exp $ */
+/* $OpenBSD: evp_local.h,v 1.25 2024/08/29 16:58:19 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -140,10 +140,6 @@ struct evp_pkey_asn1_method_st {
        int (*item_sign)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
            X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig);
-        int (*pkey_check)(const EVP_PKEY *pk);
-        int (*pkey_public_check)(const EVP_PKEY *pk);
-        int (*pkey_param_check)(const EVP_PKEY *pk);
        int (*set_priv_key)(EVP_PKEY *pk, const unsigned char *private_key,
            size_t len);
        int (*set_pub_key)(EVP_PKEY *pk, const unsigned char *public_key,
@@ -322,10 +318,6 @@ struct evp_pkey_method_st {
            const unsigned char *tbs, size_t tbslen);
        int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
            size_t siglen, const unsigned char *tbs, size_t tbslen);
-        int (*check)(EVP_PKEY *pkey);
-        int (*public_check)(EVP_PKEY *pkey);
-        int (*param_check)(EVP_PKEY *pkey);
 } /* EVP_PKEY_METHOD */;
 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c
index 1c355e594a..415690cd0e 100644
--- a/src/lib/libcrypto/evp/pmeth_gn.c
+++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_gn.c,v 1.19 2024/04/17 08:24:11 tb Exp $ */
+/* $OpenBSD: pmeth_gn.c,v 1.20 2024/08/29 16:58:19 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -226,68 +226,30 @@ merr:
 }
 LCRYPTO_ALIAS(EVP_PKEY_new_mac_key);
+/*
+ * XXX - remove the API below in the next bump.
+ */
 int
 EVP_PKEY_check(EVP_PKEY_CTX *ctx)
 {
-        EVP_PKEY *pkey;
+        EVPerror(ERR_R_DISABLED);
+        return -2;
-        if ((pkey = ctx->pkey) == NULL) {
-                EVPerror(EVP_R_NO_KEY_SET);
-                return 0;
-        }
-        if (ctx->pmeth->check != NULL)
-                return ctx->pmeth->check(pkey);
-        if (pkey->ameth == NULL || pkey->ameth->pkey_check == NULL) {
-                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-                return -2;
-        }
-        return pkey->ameth->pkey_check(pkey);
 }
 LCRYPTO_ALIAS(EVP_PKEY_check);
 int
 EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
 {
-        EVP_PKEY *pkey;
+        EVPerror(ERR_R_DISABLED);
+        return -2;
-        if ((pkey = ctx->pkey) == NULL) {
-                EVPerror(EVP_R_NO_KEY_SET);
-                return 0;
-        }
-        if (ctx->pmeth->public_check != NULL)
-                return ctx->pmeth->public_check(pkey);
-        if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL) {
-                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-                return -2;
-        }
-        return pkey->ameth->pkey_public_check(pkey);
 }
 LCRYPTO_ALIAS(EVP_PKEY_public_check);
 int
 EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
 {
-        EVP_PKEY *pkey;
+        EVPerror(ERR_R_DISABLED);
+        return -2;
-        if ((pkey = ctx->pkey) == NULL) {
-                EVPerror(EVP_R_NO_KEY_SET);
-                return 0;
-        }
-        if (ctx->pmeth->param_check != NULL)
-                return ctx->pmeth->param_check(pkey);
-        if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL) {
-                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-                return -2;
-        }
-        return pkey->ameth->pkey_param_check(pkey);
 }
 LCRYPTO_ALIAS(EVP_PKEY_param_check);
author	tb <>	2024-08-29 16:58:19 +0000
committer	tb <>	2024-08-29 16:58:19 +0000
commit	de7d0ab1c83083dedcf2e492963189bc2ba71ef0 (patch)
tree	ac80a4e15f4c62b0c198aacafcfe36bca5b92794 /src/lib/libcrypto/evp
parent	dabf625eeca30be23d1bdf73a58eb6f7fd1bed35 (diff)
download	openbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.tar.gz openbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.tar.bz2 openbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.zip

diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h index 5d541ffec4..54cd65d0af 100644 --- a/src/lib/libcrypto/evp/evp_local.h +++ b/src/lib/libcrypto/evp/evp_local.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_local.h,v 1.24 2024/08/28 07:15:04 tb Exp $ */	1	/* $OpenBSD: evp_local.h,v 1.25 2024/08/29 16:58:19 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2000.	3	* project 2000.
4	*/	4	*/
@@ -140,10 +140,6 @@ struct evp_pkey_asn1_method_st {
140	int (item_sign)(EVP_MD_CTX ctx, const ASN1_ITEM it, void asn,	140	int (item_sign)(EVP_MD_CTX ctx, const ASN1_ITEM it, void asn,
141	X509_ALGOR alg1, X509_ALGOR alg2, ASN1_BIT_STRING *sig);	141	X509_ALGOR alg1, X509_ALGOR alg2, ASN1_BIT_STRING *sig);
142		142
143	int (pkey_check)(const EVP_PKEY pk);
144	int (pkey_public_check)(const EVP_PKEY pk);
145	int (pkey_param_check)(const EVP_PKEY pk);
146
147	int (set_priv_key)(EVP_PKEY pk, const unsigned char *private_key,	143	int (set_priv_key)(EVP_PKEY pk, const unsigned char *private_key,
148	size_t len);	144	size_t len);
149	int (set_pub_key)(EVP_PKEY pk, const unsigned char *public_key,	145	int (set_pub_key)(EVP_PKEY pk, const unsigned char *public_key,
@@ -322,10 +318,6 @@ struct evp_pkey_method_st {
322	const unsigned char *tbs, size_t tbslen);	318	const unsigned char *tbs, size_t tbslen);
323	int (digestverify) (EVP_MD_CTX ctx, const unsigned char *sig,	319	int (digestverify) (EVP_MD_CTX ctx, const unsigned char *sig,
324	size_t siglen, const unsigned char *tbs, size_t tbslen);	320	size_t siglen, const unsigned char *tbs, size_t tbslen);
325
326	int (check)(EVP_PKEY pkey);
327	int (public_check)(EVP_PKEY pkey);
328	int (param_check)(EVP_PKEY pkey);
329	} /* EVP_PKEY_METHOD */;	321	} /* EVP_PKEY_METHOD */;
330		322
331	void evp_pkey_set_cb_translate(BN_GENCB cb, EVP_PKEY_CTX ctx);	323	void evp_pkey_set_cb_translate(BN_GENCB cb, EVP_PKEY_CTX ctx);


diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c index 1c355e594a..415690cd0e 100644 --- a/src/lib/libcrypto/evp/pmeth_gn.c +++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pmeth_gn.c,v 1.19 2024/04/17 08:24:11 tb Exp $ */	1	/* $OpenBSD: pmeth_gn.c,v 1.20 2024/08/29 16:58:19 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -226,68 +226,30 @@ merr:
226	}	226	}
227	LCRYPTO_ALIAS(EVP_PKEY_new_mac_key);	227	LCRYPTO_ALIAS(EVP_PKEY_new_mac_key);
228		228
		229	/*
		230	* XXX - remove the API below in the next bump.
		231	*/
		232
229	int	233	int
230	EVP_PKEY_check(EVP_PKEY_CTX *ctx)	234	EVP_PKEY_check(EVP_PKEY_CTX *ctx)
231	{	235	{
232	EVP_PKEY *pkey;	236	EVPerror(ERR_R_DISABLED);
233		237	return -2;
234	if ((pkey = ctx->pkey) == NULL) {
235	EVPerror(EVP_R_NO_KEY_SET);
236	return 0;
237	}
238
239	if (ctx->pmeth->check != NULL)
240	return ctx->pmeth->check(pkey);
241
242	if (pkey->ameth == NULL \|\| pkey->ameth->pkey_check == NULL) {
243	EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
244	return -2;
245	}
246
247	return pkey->ameth->pkey_check(pkey);
248	}	238	}
249	LCRYPTO_ALIAS(EVP_PKEY_check);	239	LCRYPTO_ALIAS(EVP_PKEY_check);
250		240
251	int	241	int
252	EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)	242	EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
253	{	243	{
254	EVP_PKEY *pkey;	244	EVPerror(ERR_R_DISABLED);
255		245	return -2;
256	if ((pkey = ctx->pkey) == NULL) {
257	EVPerror(EVP_R_NO_KEY_SET);
258	return 0;
259	}
260
261	if (ctx->pmeth->public_check != NULL)
262	return ctx->pmeth->public_check(pkey);
263
264	if (pkey->ameth == NULL \|\| pkey->ameth->pkey_public_check == NULL) {
265	EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
266	return -2;
267	}
268
269	return pkey->ameth->pkey_public_check(pkey);
270	}	246	}
271	LCRYPTO_ALIAS(EVP_PKEY_public_check);	247	LCRYPTO_ALIAS(EVP_PKEY_public_check);
272		248
273	int	249	int
274	EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)	250	EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
275	{	251	{
276	EVP_PKEY *pkey;	252	EVPerror(ERR_R_DISABLED);
277		253	return -2;
278	if ((pkey = ctx->pkey) == NULL) {
279	EVPerror(EVP_R_NO_KEY_SET);
280	return 0;
281	}
282
283	if (ctx->pmeth->param_check != NULL)
284	return ctx->pmeth->param_check(pkey);
285
286	if (pkey->ameth == NULL \|\| pkey->ameth->pkey_param_check == NULL) {
287	EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
288	return -2;
289	}
290
291	return pkey->ameth->pkey_param_check(pkey);
292	}	254	}
293	LCRYPTO_ALIAS(EVP_PKEY_param_check);	255	LCRYPTO_ALIAS(EVP_PKEY_param_check);