diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-04-01 17:14:43 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-04-06 09:10:11 +0200 |
commit | 0cfbc828e03ad69c50ae51e0c88920d90906498a (patch) | |
tree | 1d931bc42093e7d9b119815785f7ada3330b8b6e /crypto/cms/cms_sd.c | |
parent | 5ad3e6c56eb1c295a7de92de5bb2f54614d5c277 (diff) | |
download | openssl-0cfbc828e03ad69c50ae51e0c88920d90906498a.tar.gz |
Deprecate the EVP_PKEY controls for CMS and PKCS#7
Improve the ossl_rsa_check_key() to prevent non-signature
operations with PSS keys.
Do not invoke the EVP_PKEY controls for CMS and PKCS#7 anymore
as they are not needed anymore and deprecate them.
Fixes #14276
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14760)
Diffstat (limited to 'crypto/cms/cms_sd.c')
-rw-r--r-- | crypto/cms/cms_sd.c | 36 |
1 files changed, 0 insertions, 36 deletions
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index c98d118f4b..287021fc21 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -749,24 +749,6 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) si->pctx = pctx; } - /* - * TODO(3.0): This causes problems when providers are in use, so disabled - * for now. Can we get rid of this completely? AFAICT this ctrl has been - * present since CMS was first put in - but has never been used to do - * anything. All internal implementations just return 1 and ignore this ctrl - * and have always done so by the looks of things. To fix this we could - * convert this ctrl into a param, which would require us to send all the - * signer info data as a set of params...but that is non-trivial and since - * this isn't used by anything it may be better just to remove it. - */ -#if 0 - if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, - EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_ERROR); - goto err; - } -#endif - alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, ASN1_ITEM_rptr(CMS_Attributes_Sign)); if (!abuf) @@ -782,24 +764,6 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) goto err; - /* - * TODO(3.0): This causes problems when providers are in use, so disabled - * for now. Can we get rid of this completely? AFAICT this ctrl has been - * present since CMS was first put in - but has never been used to do - * anything. All internal implementations just return 1 and ignore this ctrl - * and have always done so by the looks of things. To fix this we could - * convert this ctrl into a param, which would require us to send all the - * signer info data as a set of params...but that is non-trivial and since - * this isn't used by anything it may be better just to remove it. - */ -#if 0 - if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, - EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_ERROR); - goto err; - } -#endif - EVP_MD_CTX_reset(mctx); ASN1_STRING_set0(si->signature, abuf, siglen); |