Remove a CMS key downgrade

We were downgrading a key in the CMS code. This is no longer necessary. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13088)
2025-02-17 14:32:04 +08:00 · 2020-10-02 11:25:25 +01:00 · 2020-10-02 11:25:25 +01:00 · 99b3b762c3
commit 99b3b762c3
parent 5b70206cb3
1 changed files with 0 additions and 46 deletions
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@ -261,26 +261,6 @@ int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
    size_t ceklen;
    CMS_EncryptedContentInfo *ec;

-    {
-        /*
-         * TODO(3.0) Remove this when we have functionality to deserialize
-         * parameters in EVP_PKEY form from an X509_ALGOR.
-         * This is needed to be able to replace the EC_KEY specific decoding
-         * that happens in ecdh_cms_set_peerkey() (crypto/ec/ec_ameth.c)
-         *
-         * THIS IS TEMPORARY
-         */
-        EVP_PKEY_CTX *pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
-        EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
-
-        EVP_PKEY_get0(pkey);
-        if (EVP_PKEY_id(pkey) == EVP_PKEY_NONE) {
-            CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_DECRYPT,
-                   CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
-            goto err;
-        }
-    }
-
    enckeylen = rek->encryptedKey->length;
    enckey = rek->encryptedKey->data;
    /* Setup all parameters to derive KEK */
@ -499,32 +479,6 @@ int cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms,
    STACK_OF(CMS_RecipientEncryptedKey) *reks;
    int i;

-    {
-        /*
-         * TODO(3.0) Remove this when we have figured out all the details
-         * need to set up encryption right.  With legacy keys, a *lot* is
-         * happening in the CMS specific EVP_PKEY_ASN1_METHOD functions,
-         * such as automatically setting a default KDF type, KDF digest,
-         * all that kind of stuff.
-         * With EVP_SIGNATURE, setting a default digest is done by getting
-         * the default MD for the key, and then inject that back into the
-         * signature implementation...  we could do something similar with
-         * CMS, possibly using CMS specific OSSL_PARAM keys, just like we
-         * have for certain AlgorithmIdentifier retrievals.
-         *
-         * THIS IS TEMPORARY
-         */
-        EVP_PKEY_CTX *pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
-        EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
-
-        EVP_PKEY_get0(pkey);
-        if (EVP_PKEY_id(pkey) == EVP_PKEY_NONE) {
-            CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT,
-                   CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
-            return 0;
-        }
-    }
-
    if (ri->type != CMS_RECIPINFO_AGREE) {
        CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT, CMS_R_NOT_KEY_AGREEMENT);
        return 0;