diff options
| author | Tomas Mraz <tomas@openssl.org> | 2021-04-01 17:14:43 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-04-06 09:10:11 +0200 |
| commit | 0cfbc828e03ad69c50ae51e0c88920d90906498a (patch) | |
| tree | 1d931bc42093e7d9b119815785f7ada3330b8b6e /crypto/evp | |
| parent | Include BN assembler alongside CPUID code (diff) | |
| download | openssl-0cfbc828e03ad69c50ae51e0c88920d90906498a.tar.xz openssl-0cfbc828e03ad69c50ae51e0c88920d90906498a.zip | |
Deprecate the EVP_PKEY controls for CMS and PKCS#7
Improve the ossl_rsa_check_key() to prevent non-signature
operations with PSS keys.
Do not invoke the EVP_PKEY controls for CMS and PKCS#7 anymore
as they are not needed anymore and deprecate them.
Fixes #14276
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14760)
Diffstat (limited to 'crypto/evp')
| -rw-r--r-- | crypto/evp/ctrl_params_translate.c | 38 |
1 files changed, 0 insertions, 38 deletions
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index 4863b81db9..2d09f182cf 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -1432,34 +1432,6 @@ static int fix_hkdf_mode(enum state state, return 1; } -static int hack_pkcs7_cms(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - int ret = 1; - - /* Make sure that this has no further effect */ - ctx->action_type = 0; - - switch (state) { - case PRE_CTRL_TO_PARAMS: - /* TODO (3.0) Temporary hack, this should probe */ - if (EVP_PKEY_is_a(EVP_PKEY_CTX_get0_pkey(ctx->pctx), "RSASSA-PSS")) { - ERR_raise(ERR_LIB_EVP, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - ret = -2; - } - break; - case POST_CTRL_TO_PARAMS: - break; - default: - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - ret = -2; - break; - } - return ret; -} - /*- * Payload getters * =============== @@ -2121,16 +2093,6 @@ static const struct translation_st evp_pkey_ctx_translations[] = { EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, "rsa_keygen_primes", NULL, OSSL_PKEY_PARAM_RSA_PRIMES, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - /* PKCS#7 and CMS hacks */ - { SET, -1, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_PKCS7_ENCRYPT, NULL, NULL, NULL, 0, hack_pkcs7_cms }, - { SET, -1, -1, EVP_PKEY_OP_DECRYPT, - EVP_PKEY_CTRL_PKCS7_DECRYPT, NULL, NULL, NULL, 0, hack_pkcs7_cms }, - { SET, -1, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_CMS_ENCRYPT, NULL, NULL, NULL, 0, hack_pkcs7_cms }, - { SET, -1, -1, EVP_PKEY_OP_DECRYPT, - EVP_PKEY_CTRL_CMS_DECRYPT, NULL, NULL, NULL, 0, hack_pkcs7_cms }, - /*- * TLS1-PRF * ======== |