The branch master has been updated
via 2e1bc081007db167d7ce4740fcc6f185f62c9881 (commit)
via a158f8cfb9588634831615128a9b9d4b92204cff (commit)
from e841938349a2897def004c9c8cf0131d158a0c29 (commit)
- Log -----------------------------------------------------------------
commit 2e1bc081007db167d7ce4740fcc6f185f62c9881
Author: Richard Levitte <levi...@openssl.org>
Date: Wed Dec 9 17:50:20 2020 +0100
Remove unnecessary guards around MSBLOB and PVK readers and writers
The OPENSSL_NO_RC4 guard remain around protected PVK tests in
test/endecoder_test.c.
Reviewed-by: Paul Dale <paul.d...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13648)
commit a158f8cfb9588634831615128a9b9d4b92204cff
Author: Richard Levitte <levi...@openssl.org>
Date: Wed Dec 9 17:30:01 2020 +0100
PEM: Unlock MSBLOB and PVK functions from 'no-dsa' and 'no-rc4'
All these functions are usable with RSA keys, there's no reason why
they should be unaccessible when DSA or RC4 are disabled.
When DSA is disabled, it's not possible to use these functions for
DSA EVP_PKEYs. That's fine, and supported.
When RC4 is disabled, it's not possible to use these functions to
write encrypted PVK output. That doesn't even depend on the
definition of OPENSSL_NO_RC4, but if the RC4 algorithm is accessible
via EVP, something that isn't known when building libcrypto.
Reviewed-by: Paul Dale <paul.d...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13648)
-----------------------------------------------------------------------
Summary of changes:
crypto/pem/pvkfmt.c | 190 +++++++++++++--------
engines/e_loader_attic.c | 8 -
include/crypto/pem.h | 6 -
include/openssl/pem.h | 4 -
providers/decoders.inc | 6 -
providers/implementations/encode_decode/build.info | 5 +-
.../implementations/encode_decode/decode_ms2key.c | 16 --
test/endecode_test.c | 53 +++---
util/libcrypto.num | 16 +-
9 files changed, 146 insertions(+), 158 deletions(-)
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index d10cf7a349..b0aa76b3f5 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -13,7 +13,7 @@
*/
/*
- * DSA low level APIs are deprecated for public use, but still ok for
+ * RSA and DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
@@ -23,9 +23,8 @@
#include "crypto/pem.h"
#include <openssl/rand.h>
#include <openssl/bn.h>
-#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
-# include <openssl/dsa.h>
-# include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/rsa.h>
/*
* Utility function: read a DWORD (4 byte unsigned integer) in little endian
@@ -36,6 +35,7 @@ static unsigned int read_ledword(const unsigned char **in)
{
const unsigned char *p = *in;
unsigned int ret;
+
ret = (unsigned int)*p++;
ret |= (unsigned int)*p++ << 8;
ret |= (unsigned int)*p++ << 16;
@@ -87,14 +87,17 @@ static int read_lebn(const unsigned char **in, unsigned int
nbyte, BIGNUM **r)
static EVP_PKEY *b2i_rsa(const unsigned char **in,
unsigned int bitlen, int ispub);
+#ifndef OPENSSL_NO_DSA
static EVP_PKEY *b2i_dss(const unsigned char **in,
unsigned int bitlen, int ispub);
+#endif
int ossl_do_blob_header(const unsigned char **in, unsigned int length,
unsigned int *pmagic, unsigned int *pbitlen,
int *pisdss, int *pispub)
{
const unsigned char *p = *in;
+
if (length < 16)
return 0;
/* bType */
@@ -110,8 +113,9 @@ int ossl_do_blob_header(const unsigned char **in, unsigned
int length,
return 0;
}
*pispub = 0;
- } else
+ } else {
return 0;
+ }
p++;
/* Version */
if (*p++ != 0x2) {
@@ -155,9 +159,9 @@ int ossl_do_blob_header(const unsigned char **in, unsigned
int length,
static unsigned int blob_length(unsigned bitlen, int isdss, int ispub)
{
- unsigned int nbyte, hnbyte;
- nbyte = (bitlen + 7) >> 3;
- hnbyte = (bitlen + 15) >> 4;
+ unsigned int nbyte = (bitlen + 7) >> 3;
+ unsigned int hnbyte = (bitlen + 15) >> 4;
+
if (isdss) {
/*
@@ -191,6 +195,7 @@ EVP_PKEY *ossl_b2i(const unsigned char **in, unsigned int
length, int *ispub)
const unsigned char *p = *in;
unsigned int bitlen, magic;
int isdss;
+
if (ossl_do_blob_header(&p, length, &magic, &bitlen, &isdss, ispub) <= 0) {
ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
return NULL;
@@ -200,10 +205,15 @@ EVP_PKEY *ossl_b2i(const unsigned char **in, unsigned int
length, int *ispub)
ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_TOO_SHORT);
return NULL;
}
- if (isdss)
- return b2i_dss(&p, bitlen, *ispub);
- else
+ if (!isdss)
return b2i_rsa(&p, bitlen, *ispub);
+#ifndef OPENSSL_NO_DSA
+ else
+ return b2i_dss(&p, bitlen, *ispub);
+#endif
+
+ ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+ return NULL;
}
EVP_PKEY *ossl_b2i_bio(BIO *in, int *ispub)
@@ -213,6 +223,7 @@ EVP_PKEY *ossl_b2i_bio(BIO *in, int *ispub)
unsigned int bitlen, magic, length;
int isdss;
EVP_PKEY *ret = NULL;
+
if (BIO_read(in, hdr_buf, 16) != 16) {
ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_TOO_SHORT);
return NULL;
@@ -237,16 +248,22 @@ EVP_PKEY *ossl_b2i_bio(BIO *in, int *ispub)
goto err;
}
- if (isdss)
- ret = b2i_dss(&p, bitlen, *ispub);
- else
+ if (!isdss)
ret = b2i_rsa(&p, bitlen, *ispub);
+#ifndef OPENSSL_NO_DSA
+ else
+ ret = b2i_dss(&p, bitlen, *ispub);
+#endif
+
+ if (ret == NULL)
+ ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
err:
OPENSSL_free(buf);
return ret;
}
+#ifndef OPENSSL_NO_DSA
static EVP_PKEY *b2i_dss(const unsigned char **in,
unsigned int bitlen, int ispub)
{
@@ -254,11 +271,9 @@ static EVP_PKEY *b2i_dss(const unsigned char **in,
EVP_PKEY *ret = NULL;
DSA *dsa = NULL;
BN_CTX *ctx = NULL;
- unsigned int nbyte;
BIGNUM *pbn = NULL, *qbn = NULL, *gbn = NULL, *priv_key = NULL;
BIGNUM *pub_key = NULL;
-
- nbyte = (bitlen + 7) >> 3;
+ unsigned int nbyte = (bitlen + 7) >> 3;
dsa = DSA_new();
ret = EVP_PKEY_new();
@@ -321,6 +336,7 @@ static EVP_PKEY *b2i_dss(const unsigned char **in,
BN_CTX_free(ctx);
return NULL;
}
+#endif
static EVP_PKEY *b2i_rsa(const unsigned char **in,
unsigned int bitlen, int ispub)
@@ -330,9 +346,9 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in,
BIGNUM *e = NULL, *n = NULL, *d = NULL;
BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
RSA *rsa = NULL;
- unsigned int nbyte, hnbyte;
- nbyte = (bitlen + 7) >> 3;
- hnbyte = (bitlen + 15) >> 4;
+ unsigned int nbyte = (bitlen + 7) >> 3;
+ unsigned int hnbyte = (bitlen + 15) >> 4;
+
rsa = RSA_new();
ret = EVP_PKEY_new();
if (rsa == NULL || ret == NULL)
@@ -419,6 +435,7 @@ EVP_PKEY *b2i_PublicKey_bio(BIO *in)
static void write_ledword(unsigned char **out, unsigned int dw)
{
unsigned char *p = *out;
+
*p++ = dw & 0xff;
*p++ = (dw >> 8) & 0xff;
*p++ = (dw >> 16) & 0xff;
@@ -433,25 +450,29 @@ static void write_lebn(unsigned char **out, const BIGNUM
*bn, int len)
}
static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
-static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
-
static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
+
+#ifndef OPENSSL_NO_DSA
+static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
+#endif
static int do_i2b(unsigned char **out, const EVP_PKEY *pk, int ispub)
{
unsigned char *p;
- unsigned int bitlen, magic = 0, keyalg;
+ unsigned int bitlen = 0, magic = 0, keyalg = 0;
int outlen, noinc = 0;
int pktype = EVP_PKEY_id(pk);
- if (pktype == EVP_PKEY_DSA) {
- bitlen = check_bitlen_dsa(EVP_PKEY_get0_DSA(pk), ispub, &magic);
- keyalg = MS_KEYALG_DSS_SIGN;
- } else if (pktype == EVP_PKEY_RSA) {
+
+ if (pktype == EVP_PKEY_RSA) {
bitlen = check_bitlen_rsa(EVP_PKEY_get0_RSA(pk), ispub, &magic);
keyalg = MS_KEYALG_RSA_KEYX;
- } else
- return -1;
+#ifndef OPENSSL_NO_DSA
+ } else if (pktype == EVP_PKEY_DSA) {
+ bitlen = check_bitlen_dsa(EVP_PKEY_get0_DSA(pk), ispub, &magic);
+ keyalg = MS_KEYALG_DSS_SIGN;
+#endif
+ }
if (bitlen == 0)
return -1;
outlen = 16 + blob_length(bitlen,
@@ -478,10 +499,12 @@ static int do_i2b(unsigned char **out, const EVP_PKEY
*pk, int ispub)
write_ledword(&p, keyalg);
write_ledword(&p, magic);
write_ledword(&p, bitlen);
- if (keyalg == MS_KEYALG_DSS_SIGN)
- write_dsa(&p, EVP_PKEY_get0_DSA(pk), ispub);
- else
+ if (keyalg == MS_KEYALG_RSA_KEYX)
write_rsa(&p, EVP_PKEY_get0_RSA(pk), ispub);
+#ifndef OPENSSL_NO_DSA
+ else
+ write_dsa(&p, EVP_PKEY_get0_DSA(pk), ispub);
+#endif
if (!noinc)
*out += outlen;
return outlen;
@@ -491,6 +514,7 @@ static int do_i2b_bio(BIO *out, const EVP_PKEY *pk, int
ispub)
{
unsigned char *tmp = NULL;
int outlen, wrlen;
+
outlen = do_i2b(&tmp, pk, ispub);
if (outlen < 0)
return -1;
@@ -501,34 +525,6 @@ static int do_i2b_bio(BIO *out, const EVP_PKEY *pk, int
ispub)
return -1;
}
-static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
-{
- int bitlen;
- const BIGNUM *p = NULL, *q = NULL, *g = NULL;
- const BIGNUM *pub_key = NULL, *priv_key = NULL;
-
- DSA_get0_pqg(dsa, &p, &q, &g);
- DSA_get0_key(dsa, &pub_key, &priv_key);
- bitlen = BN_num_bits(p);
- if ((bitlen & 7) || (BN_num_bits(q) != 160)
- || (BN_num_bits(g) > bitlen))
- goto badkey;
- if (ispub) {
- if (BN_num_bits(pub_key) > bitlen)
- goto badkey;
- *pmagic = MS_DSS1MAGIC;
- } else {
- if (BN_num_bits(priv_key) > 160)
- goto badkey;
- *pmagic = MS_DSS2MAGIC;
- }
-
- return bitlen;
- badkey:
- ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
- return 0;
-}
-
static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
{
int nbyte, hnbyte, bitlen;
@@ -591,6 +587,35 @@ static void write_rsa(unsigned char **out, RSA *rsa, int
ispub)
write_lebn(out, d, nbyte);
}
+#ifndef OPENSSL_NO_DSA
+static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
+{
+ int bitlen;
+ const BIGNUM *p = NULL, *q = NULL, *g = NULL;
+ const BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, &priv_key);
+ bitlen = BN_num_bits(p);
+ if ((bitlen & 7) || (BN_num_bits(q) != 160)
+ || (BN_num_bits(g) > bitlen))
+ goto badkey;
+ if (ispub) {
+ if (BN_num_bits(pub_key) > bitlen)
+ goto badkey;
+ *pmagic = MS_DSS1MAGIC;
+ } else {
+ if (BN_num_bits(priv_key) > 160)
+ goto badkey;
+ *pmagic = MS_DSS2MAGIC;
+ }
+
+ return bitlen;
+ badkey:
+ ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
+ return 0;
+}
+
static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
{
int nbyte;
@@ -612,6 +637,7 @@ static void write_dsa(unsigned char **out, DSA *dsa, int
ispub)
*out += 24;
return;
}
+#endif
int i2b_PrivateKey_bio(BIO *out, const EVP_PKEY *pk)
{
@@ -623,8 +649,6 @@ int i2b_PublicKey_bio(BIO *out, const EVP_PKEY *pk)
return do_i2b_bio(out, pk, 1);
}
-# ifndef OPENSSL_NO_RC4
-
int ossl_do_PVK_header(const unsigned char **in, unsigned int length,
int skip_magic,
unsigned int *psaltlen, unsigned int *pkeylen)
@@ -669,12 +693,14 @@ int ossl_do_PVK_header(const unsigned char **in, unsigned
int length,
return 1;
}
+#ifndef OPENSSL_NO_RC4
static int derive_pvk_key(unsigned char *key,
const unsigned char *salt, unsigned int saltlen,
const unsigned char *pass, int passlen)
{
EVP_MD_CTX *mctx = EVP_MD_CTX_new();
int rv = 1;
+
if (mctx == NULL
|| !EVP_DigestInit_ex(mctx, EVP_sha1(), NULL)
|| !EVP_DigestUpdate(mctx, salt, saltlen)
@@ -685,6 +711,7 @@ static int derive_pvk_key(unsigned char *key,
EVP_MD_CTX_free(mctx);
return rv;
}
+#endif
static EVP_PKEY *do_PVK_body(const unsigned char **in,
unsigned int saltlen, unsigned int keylen,
@@ -692,14 +719,17 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
{
EVP_PKEY *ret = NULL;
const unsigned char *p = *in;
- unsigned int magic;
- unsigned char *enctmp = NULL, *q;
+ unsigned char *enctmp = NULL;
unsigned char keybuf[20];
EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
if (saltlen) {
+#ifndef OPENSSL_NO_RC4
+ unsigned int magic;
char psbuf[PEM_BUFSIZE];
int enctmplen, inlen;
+ unsigned char *q;
+
if (cb)
inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
@@ -749,6 +779,10 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
}
}
p = enctmp;
+#else
+ ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER);
+ goto err;
+#endif
}
ret = b2i_PrivateKey(&p, keylen);
@@ -768,6 +802,7 @@ EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
int buflen;
EVP_PKEY *ret = NULL;
unsigned int saltlen, keylen;
+
if (BIO_read(in, pvk_hdr, 24) != 24) {
ERR_raise(ERR_LIB_PEM, PEM_R_PVK_DATA_TOO_SHORT);
return NULL;
@@ -798,8 +833,12 @@ static int i2b_PVK(unsigned char **out, const EVP_PKEY
*pk, int enclevel,
pem_password_cb *cb, void *u)
{
int outlen = 24, pklen;
- unsigned char *p = NULL, *start = NULL, *salt = NULL;
+ unsigned char *p = NULL, *start = NULL;
EVP_CIPHER_CTX *cctx = NULL;
+#ifndef OPENSSL_NO_RC4
+ unsigned char *salt = NULL;
+#endif
+
if (enclevel)
outlen += PVK_SALTLEN;
pklen = do_i2b(NULL, pk, 0);
@@ -824,24 +863,30 @@ static int i2b_PVK(unsigned char **out, const EVP_PKEY
*pk, int enclevel,
write_ledword(&p, MS_PVKMAGIC);
write_ledword(&p, 0);
- if (EVP_PKEY_id(pk) == EVP_PKEY_DSA)
- write_ledword(&p, MS_KEYTYPE_SIGN);
- else
+ if (EVP_PKEY_id(pk) == EVP_PKEY_RSA)
write_ledword(&p, MS_KEYTYPE_KEYX);
+#ifndef OPENSSL_NO_DSA
+ else
+ write_ledword(&p, MS_KEYTYPE_SIGN);
+#endif
write_ledword(&p, enclevel ? 1 : 0);
write_ledword(&p, enclevel ? PVK_SALTLEN : 0);
write_ledword(&p, pklen);
if (enclevel) {
+#ifndef OPENSSL_NO_RC4
if (RAND_bytes(p, PVK_SALTLEN) <= 0)
goto error;
salt = p;
p += PVK_SALTLEN;
+#endif
}
do_i2b(&p, pk, 0);
if (enclevel != 0) {
+#ifndef OPENSSL_NO_RC4
char psbuf[PEM_BUFSIZE];
unsigned char keybuf[20];
int enctmplen, inlen;
+
if (cb)
inlen = cb(psbuf, PEM_BUFSIZE, 1, u);
else
@@ -863,6 +908,10 @@ static int i2b_PVK(unsigned char **out, const EVP_PKEY
*pk, int enclevel,
goto error;
if (!EVP_EncryptFinal_ex(cctx, p + enctmplen, &enctmplen))
goto error;
+#else
+ ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER);
+ goto error;
+#endif
}
EVP_CIPHER_CTX_free(cctx);
@@ -884,6 +933,7 @@ int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel,
{
unsigned char *tmp = NULL;
int outlen, wrlen;
+
outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
if (outlen < 0)
return -1;
@@ -895,7 +945,3 @@ int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel,
ERR_raise(ERR_LIB_PEM, PEM_R_BIO_WRITE_FAILURE);
return -1;
}
-
-# endif
-
-#endif
diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c
index 936faa98b3..586a21df41 100644
--- a/engines/e_loader_attic.c
+++ b/engines/e_loader_attic.c
@@ -1338,9 +1338,6 @@ static int file_read_pem(BIO *bp, char **pem_name, char
**pem_header,
static OSSL_STORE_INFO *file_try_read_msblob(BIO *bp, int *matchcount)
{
-#ifdef OPENSSL_NO_DSA
- return NULL;
-#else
OSSL_STORE_INFO *result = NULL;
int ispub = -1;
@@ -1372,16 +1369,12 @@ static OSSL_STORE_INFO *file_try_read_msblob(BIO *bp,
int *matchcount)
}
return result;
-#endif
}
static OSSL_STORE_INFO *file_try_read_PVK(BIO *bp, const UI_METHOD *ui_method,
void *ui_data, const char *uri,
int *matchcount)
{
-#if defined(OPENSSL_NO_DSA) || defined(OPENSSL_NO_RC4)
- return NULL;
-#else
OSSL_STORE_INFO *result = NULL;
{
@@ -1411,7 +1404,6 @@ static OSSL_STORE_INFO *file_try_read_PVK(BIO *bp, const
UI_METHOD *ui_method,
}
return result;
-#endif
}
static int file_read_asn1(BIO *bp, unsigned char **data, long *len)
diff --git a/include/crypto/pem.h b/include/crypto/pem.h
index b6a10241f3..e3ec8b24cb 100644
--- a/include/crypto/pem.h
+++ b/include/crypto/pem.h
@@ -12,20 +12,14 @@
# include <openssl/pem.h>
-# ifndef OPENSSL_NO_DSA
/* Found in crypto/pem/pvkfmt.c */
int ossl_do_blob_header(const unsigned char **in, unsigned int length,
unsigned int *pmagic, unsigned int *pbitlen,
int *pisdss, int *pispub);
-# ifndef OPENSSL_NO_RC4
int ossl_do_PVK_header(const unsigned char **in, unsigned int length,
int skip_magic,
unsigned int *psaltlen, unsigned int *pkeylen);
-# endif
-
EVP_PKEY *ossl_b2i(const unsigned char **in, unsigned int length, int *ispub);
EVP_PKEY *ossl_b2i_bio(BIO *in, int *ispub);
-# endif
-
#endif
diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index d054b01d2e..bb6955297e 100644
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -513,19 +513,15 @@ EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY
**x,
EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x);
-# ifndef OPENSSL_NO_DSA
EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
EVP_PKEY *b2i_PublicKey_bio(BIO *in);
int i2b_PrivateKey_bio(BIO *out, const EVP_PKEY *pk);
int i2b_PublicKey_bio(BIO *out, const EVP_PKEY *pk);
-# ifndef OPENSSL_NO_RC4
EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel,
pem_password_cb *cb, void *u);
-# endif
-# endif
# ifdef __cplusplus
}
diff --git a/providers/decoders.inc b/providers/decoders.inc
index a9119cad79..c9f0dea638 100644
--- a/providers/decoders.inc
+++ b/providers/decoders.inc
@@ -50,9 +50,7 @@ DECODER_w_structure("DSA", der, SubjectPublicKeyInfo, dsa,
yes),
DECODER_w_structure("DSA", der, type_specific, dsa, yes),
DECODER_w_structure("DSA", der, DSA, dsa, yes),
DECODER("DSA", msblob, dsa, yes),
-# ifndef OPENSSL_NO_RC4
DECODER("DSA", pvk, dsa, yes),
-# endif
#endif
#ifndef OPENSSL_NO_EC
DECODER_w_structure("EC", der, PKCS8, ec, yes),
@@ -74,11 +72,7 @@ DECODER_w_structure("RSA", der, type_specific_keypair, rsa,
yes),
DECODER_w_structure("RSA", der, RSA, rsa, yes),
DECODER_w_structure("RSA-PSS", der, PKCS8, rsapss, yes),
DECODER_w_structure("RSA-PSS", der, SubjectPublicKeyInfo, rsapss, yes),
-#ifndef OPENSSL_NO_DSA
DECODER("RSA", msblob, rsa, yes),
-# ifndef OPENSSL_NO_RC4
DECODER("RSA", pvk, rsa, yes),
-# endif
-#endif
DECODER("DER", pem, der, yes),
diff --git a/providers/implementations/encode_decode/build.info
b/providers/implementations/encode_decode/build.info
index 97e2264418..0188589a61 100644
--- a/providers/implementations/encode_decode/build.info
+++ b/providers/implementations/encode_decode/build.info
@@ -12,10 +12,7 @@ $EC_GOAL=../../libimplementations.a
SOURCE[$ENCODER_GOAL]=endecoder_common.c
-SOURCE[$DECODER_GOAL]=decode_der2key.c decode_pem2der.c
-IF[{- !$disabled{dsa} -}]
- SOURCE[$DECODER_GOAL]=decode_ms2key.c
-ENDIF
+SOURCE[$DECODER_GOAL]=decode_der2key.c decode_pem2der.c decode_ms2key.c
SOURCE[$DECODER_GOAL]=encode_key2any.c encode_key2text.c
DEPEND[encode_key2any.o]=../../common/include/prov/der_rsa.h
diff --git a/providers/implementations/encode_decode/decode_ms2key.c
b/providers/implementations/encode_decode/decode_ms2key.c
index 573f9c9a56..339b347fa0 100644
--- a/providers/implementations/encode_decode/decode_ms2key.c
+++ b/providers/implementations/encode_decode/decode_ms2key.c
@@ -28,7 +28,6 @@
#include "prov/implementations.h"
#include "endecoder_local.h"
-#ifndef OPENSSL_NO_DSA
static EVP_PKEY *read_msblob(PROV_CTX *provctx, OSSL_CORE_BIO *cin, int *ispub)
{
BIO *in = bio_new_from_core_bio(provctx, cin);
@@ -38,7 +37,6 @@ static EVP_PKEY *read_msblob(PROV_CTX *provctx, OSSL_CORE_BIO
*cin, int *ispub)
return pkey;
}
-# ifndef OPENSSL_NO_RC4
static EVP_PKEY *read_pvk(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
{
@@ -56,19 +54,13 @@ static EVP_PKEY *read_pvk(PROV_CTX *provctx, OSSL_CORE_BIO
*cin,
return pkey;
}
-# endif
-#endif
static OSSL_FUNC_decoder_freectx_fn ms2key_freectx;
static OSSL_FUNC_decoder_gettable_params_fn ms2key_gettable_params;
static OSSL_FUNC_decoder_get_params_fn msblob2key_get_params;
-#ifndef OPENSSL_NO_RC4
static OSSL_FUNC_decoder_get_params_fn pvk2key_get_params;
-#endif
static OSSL_FUNC_decoder_decode_fn msblob2key_decode;
-#ifndef OPENSSL_NO_RC4
static OSSL_FUNC_decoder_decode_fn pvk2key_decode;
-#endif
static OSSL_FUNC_decoder_export_object_fn ms2key_export_object;
typedef void *(extract_key_fn)(EVP_PKEY *);
@@ -134,7 +126,6 @@ static int msblob2key_get_params(OSSL_PARAM params[])
return 1;
}
-#ifndef OPENSSL_NO_RC4
static int pvk2key_get_params(OSSL_PARAM params[])
{
OSSL_PARAM *p;
@@ -145,7 +136,6 @@ static int pvk2key_get_params(OSSL_PARAM params[])
return 1;
}
-#endif
static int ms2key_post(struct ms2key_ctx_st *ctx, EVP_PKEY *pkey,
OSSL_CALLBACK *data_cb, void *data_cbarg)
@@ -207,7 +197,6 @@ static int msblob2key_decode(void *vctx, OSSL_CORE_BIO
*cin, int selection,
return ok;
}
-#ifndef OPENSSL_NO_RC4
static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
OSSL_CALLBACK *data_cb, void *data_cbarg,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
@@ -223,7 +212,6 @@ static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin,
int selection,
EVP_PKEY_free(pkey);
return ok;
}
-#endif
static int ms2key_export_object(void *vctx,
const void *reference, size_t reference_sz,
@@ -278,12 +266,8 @@ static int ms2key_export_object(void *vctx,
#ifndef OPENSSL_NO_DSA
IMPLEMENT_TYPE("DSA", DSA, dsa, EVP_PKEY_get1_DSA, DSA_free);
IMPLEMENT_MS(msblob, dsa);
-# ifndef OPENSSL_NO_RC4
IMPLEMENT_MS(pvk, dsa);
-# endif
#endif
IMPLEMENT_TYPE("RSA", RSA, rsa, EVP_PKEY_get1_RSA, RSA_free);
IMPLEMENT_MS(msblob, rsa);
-#ifndef OPENSSL_NO_RC4
IMPLEMENT_MS(pvk, rsa);
-#endif
diff --git a/test/endecode_test.c b/test/endecode_test.c
index 76b32a8aa9..6e67dd1835 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -333,7 +333,6 @@ static int encode_EVP_PKEY_legacy_PEM(void **encoded, long
*encoded_len,
return ok;
}
-#ifndef OPENSSL_NO_DSA
static int encode_EVP_PKEY_MSBLOB(void **encoded, long *encoded_len,
void *object, int selection,
ossl_unused const char *output_type,
@@ -371,7 +370,6 @@ static int encode_EVP_PKEY_MSBLOB(void **encoded, long
*encoded_len,
return ok;
}
-# ifndef OPENSSL_NO_RC4
static pem_password_cb pass_pw;
static int pass_pw(char *buf, int size, int rwflag, void *userdata)
{
@@ -410,8 +408,6 @@ static int encode_EVP_PKEY_PVK(void **encoded, long
*encoded_len,
BIO_free(mem_ser);
return ok;
}
-# endif
-#endif
static int test_text(const void *data1, size_t data1_len,
const void *data2, size_t data2_len)
@@ -598,7 +594,6 @@ static int test_unprotected_via_legacy_PEM(const char
*type, EVP_PKEY *key)
dump_pem, 0);
}
-#ifndef OPENSSL_NO_DSA
static int check_MSBLOB(const char *type, const void *data, size_t data_len)
{
const unsigned char *datap = data;
@@ -620,7 +615,6 @@ static int test_unprotected_via_MSBLOB(const char *type,
EVP_PKEY *key)
dump_der, 0);
}
-# ifndef OPENSSL_NO_RC4
static int check_PVK(const char *type, const void *data, size_t data_len)
{
const unsigned char *in = data;
@@ -640,8 +634,6 @@ static int test_unprotected_via_PVK(const char *type,
EVP_PKEY *key)
test_mem, check_PVK,
dump_der, 0);
}
-# endif
-#endif
static const char *pass_cipher = "AES-256-CBC";
static const char *pass = "the holy handgrenade of antioch";
@@ -713,7 +705,7 @@ static int test_protected_via_legacy_PEM(const char *type,
EVP_PKEY *key)
dump_pem, 0);
}
-#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
+#ifndef OPENSSL_NO_RC4
static int test_protected_via_PVK(const char *type, EVP_PKEY *key)
{
return test_encode_decode(type, key,
@@ -765,7 +757,6 @@ static int test_public_via_PEM(const char *type, EVP_PKEY
*key)
test_text, check_public_PEM, dump_pem, 0);
}
-#ifndef OPENSSL_NO_DSA
static int check_public_MSBLOB(const char *type,
const void *data, size_t data_len)
{
@@ -785,7 +776,6 @@ static int test_public_via_MSBLOB(const char *type,
EVP_PKEY *key)
encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov,
test_mem, check_public_MSBLOB, dump_der, 0);
}
-#endif
#define KEYS(KEYTYPE) \
static EVP_PKEY *key_##KEYTYPE = NULL
@@ -868,12 +858,11 @@ static int test_public_via_MSBLOB(const char *type,
EVP_PKEY *key)
test_protected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \
}
-#define ADD_TEST_SUITE_LEGACY(KEYTYPE) \
- ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM); \
+#define ADD_TEST_SUITE_LEGACY(KEYTYPE) \
+ ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM); \
ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM)
-#ifndef OPENSSL_NO_DSA
-# define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr) \
+#define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr) \
static int test_unprotected_##KEYTYPE##_via_MSBLOB(void) \
{ \
return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \
@@ -883,12 +872,12 @@ static int test_public_via_MSBLOB(const char *type,
EVP_PKEY *key)
return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \
}
-# define ADD_TEST_SUITE_MSBLOB(KEYTYPE) \
- ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB); \
+#define ADD_TEST_SUITE_MSBLOB(KEYTYPE) \
+ ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB); \
ADD_TEST(test_public_##KEYTYPE##_via_MSBLOB)
-# ifndef OPENSSL_NO_RC4
-# define IMPLEMENT_TEST_SUITE_PVK(KEYTYPE, KEYTYPEstr) \
+#ifndef OPENSSL_NO_RC4
+# define IMPLEMENT_TEST_SUITE_PVK(KEYTYPE, KEYTYPEstr) \
static int test_unprotected_##KEYTYPE##_via_PVK(void) \
{ \
return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \
@@ -898,10 +887,18 @@ static int test_public_via_MSBLOB(const char *type,
EVP_PKEY *key)
return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \
}
-# define ADD_TEST_SUITE_PVK(KEYTYPE) \
- ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK); \
+# define ADD_TEST_SUITE_PVK(KEYTYPE) \
+ ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK); \
ADD_TEST(test_protected_##KEYTYPE##_via_PVK)
-# endif
+#else
+# define IMPLEMENT_TEST_SUITE_PVK(KEYTYPE, KEYTYPEstr) \
+ static int test_unprotected_##KEYTYPE##_via_PVK(void) \
+ { \
+ return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \
+ }
+
+# define ADD_TEST_SUITE_PVK(KEYTYPE) \
+ ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK)
#endif
#ifndef OPENSSL_NO_DH
@@ -922,9 +919,7 @@ IMPLEMENT_TEST_SUITE(DSA, "DSA")
IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
-# ifndef OPENSSL_NO_RC4
IMPLEMENT_TEST_SUITE_PVK(DSA, "DSA")
-# endif
#endif
#ifndef OPENSSL_NO_EC
DOMAIN_KEYS(EC);
@@ -967,12 +962,8 @@ IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS")
* RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
* so no legacy tests.
*/
-#ifndef OPENSSL_NO_DSA
IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA")
-# ifndef OPENSSL_NO_RC4
IMPLEMENT_TEST_SUITE_PVK(RSA, "RSA")
-# endif
-#endif
#ifndef OPENSSL_NO_EC
/* Explicit parameters that match a named curve */
@@ -1252,9 +1243,7 @@ int setup_tests(void)
ADD_TEST_SUITE_PARAMS(DSA);
ADD_TEST_SUITE_LEGACY(DSA);
ADD_TEST_SUITE_MSBLOB(DSA);
-# ifndef OPENSSL_NO_RC4
ADD_TEST_SUITE_PVK(DSA);
-# endif
#endif
#ifndef OPENSSL_NO_EC
ADD_TEST_SUITE(EC);
@@ -1286,12 +1275,8 @@ int setup_tests(void)
* RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
* so no legacy tests.
*/
-#ifndef OPENSSL_NO_DSA
ADD_TEST_SUITE_MSBLOB(RSA);
-# ifndef OPENSSL_NO_RC4
ADD_TEST_SUITE_PVK(RSA);
-# endif
-#endif
}
return 1;
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 50f0885f0b..ca3d14ad64 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1,5 +1,5 @@
d2i_EC_PUBKEY 1 3_0_0 EXIST::FUNCTION:EC
-b2i_PVK_bio 2 3_0_0 EXIST::FUNCTION:DSA,RC4
+b2i_PVK_bio 2 3_0_0 EXIST::FUNCTION:
PEM_read_bio_NETSCAPE_CERT_SEQUENCE 3 3_0_0 EXIST::FUNCTION:
X509_STORE_CTX_get0_chain 4 3_0_0 EXIST::FUNCTION:
COMP_expand_block 5 3_0_0 EXIST::FUNCTION:COMP
@@ -209,7 +209,7 @@ RSA_X931_hash_id 212 3_0_0
EXIST::FUNCTION:DEPRECATEDIN_3
EC_KEY_set_method 213 3_0_0 EXIST::FUNCTION:EC
PEM_write_PKCS8_PRIV_KEY_INFO 214 3_0_0 EXIST::FUNCTION:STDIO
X509at_get0_data_by_OBJ 215 3_0_0 EXIST::FUNCTION:
-b2i_PublicKey_bio 216 3_0_0 EXIST::FUNCTION:DSA
+b2i_PublicKey_bio 216 3_0_0 EXIST::FUNCTION:
s2i_ASN1_OCTET_STRING 217 3_0_0 EXIST::FUNCTION:
POLICYINFO_it 218 3_0_0 EXIST::FUNCTION:
OBJ_create 219 3_0_0 EXIST::FUNCTION:
@@ -228,7 +228,7 @@ DIST_POINT_NAME_new 231 3_0_0
EXIST::FUNCTION:
X509_LOOKUP_file 232 3_0_0 EXIST::FUNCTION:
EVP_PKEY_meth_set_decrypt 233 3_0_0
EXIST::FUNCTION:DEPRECATEDIN_3_0
EVP_rc2_ecb 234 3_0_0 EXIST::FUNCTION:RC2
-i2b_PublicKey_bio 235 3_0_0 EXIST::FUNCTION:DSA
+i2b_PublicKey_bio 235 3_0_0 EXIST::FUNCTION:
d2i_ASN1_SET_ANY 236 3_0_0 EXIST::FUNCTION:
ASN1_item_i2d 238 3_0_0 EXIST::FUNCTION:
OCSP_copy_nonce 239 3_0_0 EXIST::FUNCTION:OCSP
@@ -1290,7 +1290,7 @@ RAND_event 1318 3_0_0
EXIST:_WIN32:FUNCTION:DEPRECA
i2d_PKCS12_fp 1319 3_0_0 EXIST::FUNCTION:STDIO
EVP_PKEY_meth_get_init 1320 3_0_0
EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_check_trust 1321 3_0_0 EXIST::FUNCTION:
-b2i_PrivateKey 1322 3_0_0 EXIST::FUNCTION:DSA
+b2i_PrivateKey 1322 3_0_0 EXIST::FUNCTION:
HMAC_Init_ex 1323 3_0_0
EXIST::FUNCTION:DEPRECATEDIN_3_0
SMIME_read_CMS 1324 3_0_0 EXIST::FUNCTION:CMS
X509_subject_name_cmp 1325 3_0_0 EXIST::FUNCTION:
@@ -1658,7 +1658,7 @@ ENGINE_ctrl_cmd 1695 3_0_0
EXIST::FUNCTION:DEPRECATEDIN_
PKCS12_SAFEBAG_get_bag_nid 1696 3_0_0 EXIST::FUNCTION:
TS_CONF_set_digests 1697 3_0_0 EXIST::FUNCTION:TS
PKCS7_SIGNED_it 1698 3_0_0 EXIST::FUNCTION:
-b2i_PublicKey 1699 3_0_0 EXIST::FUNCTION:DSA
+b2i_PublicKey 1699 3_0_0 EXIST::FUNCTION:
X509_PURPOSE_cleanup 1700 3_0_0 EXIST::FUNCTION:
ESS_SIGNING_CERT_dup 1701 3_0_0 EXIST::FUNCTION:
ENGINE_set_default_DSA 1702 3_0_0
EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
@@ -1812,7 +1812,7 @@ UI_method_set_reader 1854 3_0_0
EXIST::FUNCTION:
BIO_next 1855 3_0_0 EXIST::FUNCTION:
ASN1_STRING_set_default_mask_asc 1856 3_0_0 EXIST::FUNCTION:
X509_CRL_new 1857 3_0_0 EXIST::FUNCTION:
-i2b_PrivateKey_bio 1858 3_0_0 EXIST::FUNCTION:DSA
+i2b_PrivateKey_bio 1858 3_0_0 EXIST::FUNCTION:
ASN1_STRING_length_set 1859 3_0_0
EXIST::FUNCTION:DEPRECATEDIN_3_0
PEM_write_PKCS8 1860 3_0_0 EXIST::FUNCTION:STDIO
PKCS7_digest_from_attributes 1861 3_0_0 EXIST::FUNCTION:
@@ -2750,7 +2750,7 @@ ENGINE_register_all_DH 2809 3_0_0
EXIST::FUNCTION:DEPRECATEDIN_
ERR_clear_error 2810 3_0_0 EXIST::FUNCTION:
EC_KEY_dup 2811 3_0_0 EXIST::FUNCTION:EC
X509_LOOKUP_init 2812 3_0_0 EXIST::FUNCTION:
-i2b_PVK_bio 2813 3_0_0 EXIST::FUNCTION:DSA,RC4
+i2b_PVK_bio 2813 3_0_0 EXIST::FUNCTION:
OCSP_ONEREQ_free 2814 3_0_0 EXIST::FUNCTION:OCSP
X509V3_EXT_print_fp 2815 3_0_0 EXIST::FUNCTION:STDIO
OBJ_bsearch_ex_ 2816 3_0_0 EXIST::FUNCTION:
@@ -3112,7 +3112,7 @@ i2d_PKCS7_bio_stream 3176 3_0_0
EXIST::FUNCTION:
i2a_ACCESS_DESCRIPTION 3178 3_0_0 EXIST::FUNCTION:
EC_KEY_set_enc_flags 3179 3_0_0 EXIST::FUNCTION:EC
i2d_PUBKEY_fp 3180 3_0_0 EXIST::FUNCTION:STDIO
-b2i_PrivateKey_bio 3181 3_0_0 EXIST::FUNCTION:DSA
+b2i_PrivateKey_bio 3181 3_0_0 EXIST::FUNCTION:
OCSP_REQUEST_add_ext 3182 3_0_0 EXIST::FUNCTION:OCSP
SXNET_add_id_INTEGER 3183 3_0_0 EXIST::FUNCTION:
CTLOG_get0_public_key 3184 3_0_0 EXIST::FUNCTION:CT
