Dev news

Commit 48d311ee55 for openssl.org

commit 48d311ee5525324c0e81f6d3ac9072495cf5d330
Author: Matt Caswell <matt@openssl.org>
Date:   Mon Dec 15 15:31:08 2025 +0000

    Remove EVP_PKEY_asn1_add0()

    We remove the ability to add application defined EVP_PKEY_ASN1_METHODs
    via the `EVP_PKEY_asn1_add0()` function. We also remove the related function
    `EVP_PKEY_asn1_add_alias()`.

    Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
    Reviewed-by: Neil Horman <nhorman@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/29405)

diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index de63ea96bd..08d1ccbbca 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -22,7 +22,6 @@
 #include "standard_methods.h"

 typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
-static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL;

 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
     const EVP_PKEY_ASN1_METHOD *, ameth);
@@ -39,20 +38,17 @@ IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
 int EVP_PKEY_asn1_get_count(void)
 {
     int num = OSSL_NELEM(standard_methods);
-    if (app_methods)
-        num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods);
     return num;
 }

 const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx)
 {
     int num = OSSL_NELEM(standard_methods);
-    if (idx < 0)
+
+    if (idx < 0 || idx >= num)
         return NULL;
-    if (idx < num)
-        return standard_methods[idx];
-    idx -= num;
-    return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
+
+    return standard_methods[idx];
 }

 static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
@@ -61,12 +57,6 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
     const EVP_PKEY_ASN1_METHOD *t = &tmp, **ret;

     tmp.pkey_id = type;
-    if (app_methods) {
-        int idx;
-        idx = sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp);
-        if (idx >= 0)
-            return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
-    }
     ret = OBJ_bsearch_ameth(&t, standard_methods, OSSL_NELEM(standard_methods));
     if (ret == NULL || *ret == NULL)
         return NULL;
@@ -116,61 +106,6 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
     return NULL;
 }

-int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
-{
-    EVP_PKEY_ASN1_METHOD tmp = {
-        0,
-    };
-
-    /*
-     * One of the following must be true:
-     *
-     * pem_str == NULL AND ASN1_PKEY_ALIAS is set
-     * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
-     *
-     * Anything else is an error and may lead to a corrupt ASN1 method table
-     */
-    if (!((ameth->pem_str == NULL
-              && (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0)
-            || (ameth->pem_str != NULL
-                && (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) {
-        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT);
-        return 0;
-    }
-
-    if (app_methods == NULL) {
-        app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
-        if (app_methods == NULL)
-            return 0;
-    }
-
-    tmp.pkey_id = ameth->pkey_id;
-    if (sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp) >= 0) {
-        ERR_raise(ERR_LIB_EVP,
-            EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED);
-        return 0;
-    }
-
-    if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth))
-        return 0;
-    sk_EVP_PKEY_ASN1_METHOD_sort(app_methods);
-    return 1;
-}
-
-int EVP_PKEY_asn1_add_alias(int to, int from)
-{
-    EVP_PKEY_ASN1_METHOD *ameth;
-    ameth = EVP_PKEY_asn1_new(from, ASN1_PKEY_ALIAS, NULL, NULL);
-    if (ameth == NULL)
-        return 0;
-    ameth->pkey_base_id = to;
-    if (!EVP_PKEY_asn1_add0(ameth)) {
-        EVP_PKEY_asn1_free(ameth);
-        return 0;
-    }
-    return 1;
-}
-
 int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id,
     int *ppkey_flags, const char **pinfo,
     const char **ppem_str,
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index dd6ebe3b98..ea8c4b0fd1 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1520,8 +1520,6 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
 OSSL_DEPRECATEDIN_3_6
 const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
     const char *str, int len);
-OSSL_DEPRECATEDIN_3_6 int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth);
-OSSL_DEPRECATEDIN_3_6 int EVP_PKEY_asn1_add_alias(int to, int from);
 OSSL_DEPRECATEDIN_3_6
 int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id,
     int *ppkey_flags, const char **pinfo,
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 0323b02e3f..da161aad73 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1335,8 +1335,6 @@ EVP_PKEY_asn1_get_count                 ?	4_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_6
 EVP_PKEY_asn1_get0                      ?	4_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_6
 EVP_PKEY_asn1_find                      ?	4_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_6
 EVP_PKEY_asn1_find_str                  ?	4_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_6
-EVP_PKEY_asn1_add0                      ?	4_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_6
-EVP_PKEY_asn1_add_alias                 ?	4_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_6
 EVP_PKEY_asn1_get0_info                 ?	4_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_6
 EVP_PKEY_get0_asn1                      ?	4_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_6
 EVP_PKEY_asn1_new                       ?	4_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_6