Remove a CMS key downgrade

We were downgrading a key in the CMS code. This is no longer necessary. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13088)
author: Matt Caswell <matt@openssl.org> 2020-10-02 11:25:25 +0100
committer: Matt Caswell <matt@openssl.org> 2020-10-15 10:00:19 +0100
commit: 99b3b762c33fad9383cb2d1791be9c9f7d44710a (patch)
tree: ea2e7ad7ff164ce30a99315760a94b915fa75330
parent: 5b70206cb316024c6dc30ce54f585ce5cf001a56 (diff)
1 files changed, 0 insertions, 46 deletions
diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c
index 82a03e6c6b..13f7e78d37 100644
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@@ -261,26 +261,6 @@ int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
     size_t ceklen;
     CMS_EncryptedContentInfo *ec;
 
-    {
-        /*
-         * TODO(3.0) Remove this when we have functionality to deserialize
-         * parameters in EVP_PKEY form from an X509_ALGOR.
-         * This is needed to be able to replace the EC_KEY specific decoding
-         * that happens in ecdh_cms_set_peerkey() (crypto/ec/ec_ameth.c)
-         *
-         * THIS IS TEMPORARY
-         */
-        EVP_PKEY_CTX *pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
-        EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
-
-        EVP_PKEY_get0(pkey);
-        if (EVP_PKEY_id(pkey) == EVP_PKEY_NONE) {
-            CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_DECRYPT,
-                   CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
-            goto err;
-        }
-    }
-
     enckeylen = rek->encryptedKey->length;
     enckey = rek->encryptedKey->data;
     /* Setup all parameters to derive KEK */
@@ -499,32 +479,6 @@ int cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms,
     STACK_OF(CMS_RecipientEncryptedKey) *reks;
     int i;
 
-    {
-        /*
-         * TODO(3.0) Remove this when we have figured out all the details
-         * need to set up encryption right.  With legacy keys, a *lot* is
-         * happening in the CMS specific EVP_PKEY_ASN1_METHOD functions,
-         * such as automatically setting a default KDF type, KDF digest,
-         * all that kind of stuff.
-         * With EVP_SIGNATURE, setting a default digest is done by getting
-         * the default MD for the key, and then inject that back into the
-         * signature implementation...  we could do something similar with
-         * CMS, possibly using CMS specific OSSL_PARAM keys, just like we
-         * have for certain AlgorithmIdentifier retrievals.
-         *
-         * THIS IS TEMPORARY
-         */
-        EVP_PKEY_CTX *pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
-        EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
-
-        EVP_PKEY_get0(pkey);
-        if (EVP_PKEY_id(pkey) == EVP_PKEY_NONE) {
-            CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT,
-                   CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
-            return 0;
-        }
-    }
-
     if (ri->type != CMS_RECIPINFO_AGREE) {
         CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT, CMS_R_NOT_KEY_AGREEMENT);
         return 0;
author	Matt Caswell <matt@openssl.org>	2020-10-02 11:25:25 +0100
committer	Matt Caswell <matt@openssl.org>	2020-10-15 10:00:19 +0100
commit	99b3b762c33fad9383cb2d1791be9c9f7d44710a (patch)
tree	ea2e7ad7ff164ce30a99315760a94b915fa75330
parent	5b70206cb316024c6dc30ce54f585ce5cf001a56 (diff)