From 068d0f16a0c01c1282b13eee497c555ff6c37d01 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sun, 14 Jul 2024 16:04:10 +0000
Subject: Disable most EVP_PKEY_*attr* API

There is a single consumer of this entire family of function, namely
the openssl(1) pkcs12 command uses EVP_PKEY_add1_attr_by_NID, so leave
that one intact for now.

ok jsing
---
 src/lib/libcrypto/evp/evp_pkey.c | 31 +++++++++++++++++--------------
 1 file changed, 17 insertions(+), 14 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index 591d066f4f..655ec107ff 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_pkey.c,v 1.28 2024/04/09 13:55:02 beck Exp $ */
+/* $OpenBSD: evp_pkey.c,v 1.29 2024/07/14 16:04:10 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -141,19 +141,23 @@ error:
 }
 LCRYPTO_ALIAS(EVP_PKEY2PKCS8);
 
-/* EVP_PKEY attribute functions */
+/*
+ * XXX - delete all the garbage below in the next bump.
+ */
 
 int
 EVP_PKEY_get_attr_count(const EVP_PKEY *key)
 {
-	return X509at_get_attr_count(key->attributes);
+	EVPerror(ERR_R_DISABLED);
+	return 0;
 }
 LCRYPTO_ALIAS(EVP_PKEY_get_attr_count);
 
 int
 EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos)
 {
-	return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
+	EVPerror(ERR_R_DISABLED);
+	return -1;
 }
 LCRYPTO_ALIAS(EVP_PKEY_get_attr_by_NID);
 
@@ -161,29 +165,31 @@ int
 EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj,
     int lastpos)
 {
-	return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
+	EVPerror(ERR_R_DISABLED);
+	return -1;
 }
 LCRYPTO_ALIAS(EVP_PKEY_get_attr_by_OBJ);
 
 X509_ATTRIBUTE *
 EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)
 {
-	return X509at_get_attr(key->attributes, loc);
+	EVPerror(ERR_R_DISABLED);
+	return NULL;
 }
 LCRYPTO_ALIAS(EVP_PKEY_get_attr);
 
 X509_ATTRIBUTE *
 EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)
 {
-	return X509at_delete_attr(key->attributes, loc);
+	EVPerror(ERR_R_DISABLED);
+	return NULL;
 }
 LCRYPTO_ALIAS(EVP_PKEY_delete_attr);
 
 int
 EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)
 {
-	if (X509at_add1_attr(&key->attributes, attr))
-		return 1;
+	EVPerror(ERR_R_DISABLED);
 	return 0;
 }
 LCRYPTO_ALIAS(EVP_PKEY_add1_attr);
@@ -192,8 +198,7 @@ int
 EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, const ASN1_OBJECT *obj, int type,
     const unsigned char *bytes, int len)
 {
-	if (X509at_add1_attr_by_OBJ(&key->attributes, obj, type, bytes, len))
-		return 1;
+	EVPerror(ERR_R_DISABLED);
 	return 0;
 }
 LCRYPTO_ALIAS(EVP_PKEY_add1_attr_by_OBJ);
@@ -212,9 +217,7 @@ int
 EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, const char *attrname, int type,
     const unsigned char *bytes, int len)
 {
-	if (X509at_add1_attr_by_txt(&key->attributes, attrname, type,
-	    bytes, len))
-		return 1;
+	EVPerror(ERR_R_DISABLED);
 	return 0;
 }
 LCRYPTO_ALIAS(EVP_PKEY_add1_attr_by_txt);
-- 
cgit v1.2.3-55-g6feb