commit c3ae38b4f86e56738729e6261674712c8cd6edb7
author David Benjamin <davidben@chromium.org> Fri Nov 20 17:50:41 2015 -0500
committer Adam Langley <agl@google.com> Wed Dec 16 17:38:06 2015 +0000
tree 51af71e1c98f1bf0cde6a9d1141f97720487e3e5
parent 7100ee9832b5579e8497d1c90df5c2db8c5913cc

Remove DH EVP_PKEY hooks.

They would never work. Better notice when callers depend on it than fail at
runtime.

This depends on https://android-review.googlesource.com/#/c/183610/ in
Conscrypt.

Change-Id: I3411f291416df834cf85850890617625a2e76939
Reviewed-on: https://boringssl-review.googlesource.com/6552
Reviewed-by: Adam Langley <agl@google.com>

crypto/evp/evp.c

diff --git a/crypto/evp/evp.c b/crypto/evp/evp.c
index 097a31c..afe5c38 100644
--- a/crypto/evp/evp.c
+++ b/crypto/evp/evp.c
@@ -60,7 +60,6 @@
 #include <string.h>
 
 #include <openssl/bio.h>
-#include <openssl/dh.h>
 #include <openssl/dsa.h>
 #include <openssl/ec.h>
 #include <openssl/err.h>
@@ -303,27 +302,6 @@
   return ec_key;
 }
 
-int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) {
-  if (EVP_PKEY_assign_DH(pkey, key)) {
-    DH_up_ref(key);
-    return 1;
-  }
-  return 0;
-}
-
-int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key) {
-  return EVP_PKEY_assign(pkey, EVP_PKEY_DH, key);
-}
-
-DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) {
-  if (pkey->type != EVP_PKEY_DH) {
-    OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_DH_KEY);
-    return NULL;
-  }
-  DH_up_ref(pkey->pkey.dh);
-  return pkey->pkey.dh;
-}
-
 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) {
   if (!EVP_PKEY_set_type(pkey, type)) {
     return 0;

include/openssl/evp.h

diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index e479e5e..be2ea33 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -163,16 +163,10 @@
 OPENSSL_EXPORT EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
 OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
 
-OPENSSL_EXPORT int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
-OPENSSL_EXPORT int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
-OPENSSL_EXPORT DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
-
 #define EVP_PKEY_NONE NID_undef
 #define EVP_PKEY_RSA NID_rsaEncryption
 #define EVP_PKEY_RSA2 NID_rsa
 #define EVP_PKEY_DSA NID_dsa
-#define EVP_PKEY_DH NID_dhKeyAgreement
-#define EVP_PKEY_DHX NID_dhpublicnumber
 #define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
 
 /* EVP_PKEY_assign sets the underlying key of |pkey| to |key|, which must be of
@@ -648,6 +642,10 @@
 
 /* Deprecated functions. */
 
+/* EVP_PKEY_DH is defined for compatibility, but it is impossible to create an
+ * |EVP_PKEY| of that type. */
+#define EVP_PKEY_DH NID_dhKeyAgreement
+
 /* OpenSSL_add_all_algorithms does nothing. */
 OPENSSL_EXPORT void OpenSSL_add_all_algorithms(void);