From 20f343279cc3fa9330806f533c4e43196fca6f81 Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 19 Nov 2022 04:32:49 +0000 Subject: Remove HMAC PRIVATE KEY support This is an undocumented feature of openssl genpkey for testing purposes. Emilia removed support for this 'bogus private key format' from OpenSSL in 2017 in commit c26f655fdd18ac19016c1c0496105f5256a1e84d. ok jsing --- src/lib/libcrypto/hmac/hm_ameth.c | 65 +-------------------------------------- 1 file changed, 1 insertion(+), 64 deletions(-) diff --git a/src/lib/libcrypto/hmac/hm_ameth.c b/src/lib/libcrypto/hmac/hm_ameth.c index 818fec7d39..dfd7169ba0 100644 --- a/src/lib/libcrypto/hmac/hm_ameth.c +++ b/src/lib/libcrypto/hmac/hm_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hm_ameth.c,v 1.16 2022/11/18 20:03:36 tb Exp $ */ +/* $OpenBSD: hm_ameth.c,v 1.17 2022/11/19 04:32:49 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2007. */ @@ -68,13 +68,6 @@ #include "evp_locl.h" #include "hmac_local.h" -#define HMAC_TEST_PRIVATE_KEY_FORMAT - -/* HMAC "ASN1" method. This is just here to indicate the - * maximum HMAC output length and to free up an HMAC - * key. - */ - static int hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { @@ -157,57 +150,6 @@ hmac_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv, size_t *len) return CBS_write_bytes(&cbs, priv, *len, len); } -#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT -/* A bogus private key format for test purposes. This is simply the - * HMAC key with "HMAC PRIVATE KEY" in the headers. When enabled the - * genpkey utility can be used to "generate" HMAC keys. - */ - -static int -old_hmac_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) -{ - ASN1_OCTET_STRING *os; - - os = ASN1_OCTET_STRING_new(); - if (os == NULL) - goto err; - if (ASN1_OCTET_STRING_set(os, *pder, derlen) == 0) - goto err; - if (EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os) == 0) - goto err; - return 1; - -err: - ASN1_OCTET_STRING_free(os); - return 0; -} - -static int -old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder) -{ - int inc; - ASN1_OCTET_STRING *os = pkey->pkey.ptr; - - if (pder) { - if (!*pder) { - *pder = malloc(os->length); - if (*pder == NULL) - return -1; - inc = 0; - } else - inc = 1; - - memcpy(*pder, os->data, os->length); - - if (inc) - *pder += os->length; - } - - return os->length; -} - -#endif - const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { .pkey_id = EVP_PKEY_HMAC, .pkey_base_id = EVP_PKEY_HMAC, @@ -222,11 +164,6 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { .pkey_free = hmac_key_free, .pkey_ctrl = hmac_pkey_ctrl, -#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT - .old_priv_decode = old_hmac_decode, - .old_priv_encode = old_hmac_encode, -#endif - .set_priv_key = hmac_set_priv_key, .get_priv_key = hmac_get_priv_key, }; -- cgit v1.2.3-55-g6feb