diff options
Diffstat (limited to 'crypto/pkcs7/pk7_doit.c')
-rw-r--r-- | crypto/pkcs7/pk7_doit.c | 60 |
1 files changed, 0 insertions, 60 deletions
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index c7a50ff57e..964b1367b2 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -122,12 +122,6 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, if (EVP_PKEY_encrypt_init(pctx) <= 0) goto err; - if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CTRL_ERROR); - goto err; - } - if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0) goto err; @@ -171,12 +165,6 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, if (EVP_PKEY_decrypt_init(pctx) <= 0) goto err; - if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, - EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CTRL_ERROR); - goto err; - } - if (EVP_PKEY_decrypt(pctx, NULL, &eklen, ri->enc_key->data, ri->enc_key->length) <= 0) goto err; @@ -932,30 +920,6 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) NULL) <= 0) goto err; - /* - * TODO(3.0): This causes problems when providers are in use, so disabled - * for now. Can we get rid of this completely? AFAICT this ctrl has never - * been used since it was first put in. All internal implementations just - * return 1 and ignore this ctrl and have always done so by the looks of - * things. To fix this we could convert this ctrl into a param, which would - * require us to send all the signer info data as a set of params...but that - * is non-trivial and since this isn't used by anything it may be better - * just to remove it. The original commit that added it had this - * justification in CHANGES: - * - * "During PKCS7 signing pass the PKCS7 SignerInfo structure to the - * EVP_PKEY_METHOD before and after signing via the - * EVP_PKEY_CTRL_PKCS7_SIGN ctrl. It can then customise the structure - * before and/or after signing if necessary." - */ -#if 0 - if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, - EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CTRL_ERROR); - goto err; - } -#endif - alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf, ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); if (!abuf) @@ -972,30 +936,6 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) goto err; - /* - * TODO(3.0): This causes problems when providers are in use, so disabled - * for now. Can we get rid of this completely? AFAICT this ctrl has never - * been used since it was first put in. All internal implementations just - * return 1 and ignore this ctrl and have always done so by the looks of - * things. To fix this we could convert this ctrl into a param, which would - * require us to send all the signer info data as a set of params...but that - * is non-trivial and since this isn't used by anything it may be better - * just to remove it. The original commit that added it had this - * justification in CHANGES: - * - * "During PKCS7 signing pass the PKCS7 SignerInfo structure to the - * EVP_PKEY_METHOD before and after signing via the - * EVP_PKEY_CTRL_PKCS7_SIGN ctrl. It can then customise the structure - * before and/or after signing if necessary." - */ -#if 0 - if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, - EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CTRL_ERROR); - goto err; - } -#endif - EVP_MD_CTX_free(mctx); ASN1_STRING_set0(si->enc_digest, abuf, siglen); |