From b77e5a1b663a8cfa0cfa90fd052a23eb70e9e31d Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Sat, 23 Oct 2021 14:37:02 -0400
Subject: Remove the OpenSSL provider

Starting in OpenSSL 3.0, most of the functionality which we need to
implement the OpenSSL provider is deprecated. Rather than reimplement
the whole provider in order to allow it to continue to work in the
future, just remove it. Efforts would be better spent doing more
optimization work rather than chasing OpenSSL's API changes.
---
 src/lib/pubkey/ecdh/ecdh.cpp   | 19 --------------
 src/lib/pubkey/ecdsa/ecdsa.cpp | 34 -------------------------
 src/lib/pubkey/pk_algs.cpp     | 19 --------------
 src/lib/pubkey/rsa/rsa.cpp     | 57 ------------------------------------------
 4 files changed, 129 deletions(-)

(limited to 'src/lib/pubkey')

diff --git a/src/lib/pubkey/ecdh/ecdh.cpp b/src/lib/pubkey/ecdh/ecdh.cpp
index 6775a2545..585bc4a87 100644
--- a/src/lib/pubkey/ecdh/ecdh.cpp
+++ b/src/lib/pubkey/ecdh/ecdh.cpp
@@ -11,10 +11,6 @@
 #include <botan/numthry.h>
 #include <botan/internal/pk_ops_impl.h>
 
-#if defined(BOTAN_HAS_OPENSSL)
-  #include <botan/internal/openssl.h>
-#endif
-
 namespace Botan {
 
 std::unique_ptr<Public_Key> ECDH_PrivateKey::public_key() const
@@ -67,21 +63,6 @@ ECDH_PrivateKey::create_key_agreement_op(RandomNumberGenerator& rng,
                                          const std::string& params,
                                          const std::string& provider) const
    {
-#if defined(BOTAN_HAS_OPENSSL)
-   if(provider == "openssl" || provider.empty())
-      {
-      try
-         {
-         return make_openssl_ecdh_ka_op(*this, params);
-         }
-      catch(Lookup_Error&)
-         {
-         if(provider == "openssl")
-            throw;
-         }
-      }
-#endif
-
    if(provider == "base" || provider.empty())
       return std::make_unique<ECDH_KA_Operation>(*this, params, rng);
 
diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp
index 2c81fa3ad..9b17b183e 100644
--- a/src/lib/pubkey/ecdsa/ecdsa.cpp
+++ b/src/lib/pubkey/ecdsa/ecdsa.cpp
@@ -19,10 +19,6 @@
   #include <botan/internal/rfc6979.h>
 #endif
 
-#if defined(BOTAN_HAS_OPENSSL)
-  #include <botan/internal/openssl.h>
-#endif
-
 namespace Botan {
 
 namespace {
@@ -272,21 +268,6 @@ std::unique_ptr<PK_Ops::Verification>
 ECDSA_PublicKey::create_verification_op(const std::string& params,
                                         const std::string& provider) const
    {
-#if defined(BOTAN_HAS_OPENSSL)
-   if(provider == "openssl" || provider.empty())
-      {
-      try
-         {
-         return make_openssl_ecdsa_ver_op(*this, params);
-         }
-      catch(Lookup_Error& e)
-         {
-         if(provider == "openssl")
-            throw;
-         }
-      }
-#endif
-
    if(provider == "base" || provider.empty())
       return std::make_unique<ECDSA_Verification_Operation>(*this, params);
 
@@ -298,21 +279,6 @@ ECDSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng,
                                       const std::string& params,
                                       const std::string& provider) const
    {
-#if defined(BOTAN_HAS_OPENSSL)
-   if(provider == "openssl" || provider.empty())
-      {
-      try
-         {
-         return make_openssl_ecdsa_sig_op(*this, params);
-         }
-      catch(Lookup_Error& e)
-         {
-         if(provider == "openssl")
-            throw;
-         }
-      }
-#endif
-
    if(provider == "base" || provider.empty())
       return std::make_unique<ECDSA_Signature_Operation>(*this, params, rng);
 
diff --git a/src/lib/pubkey/pk_algs.cpp b/src/lib/pubkey/pk_algs.cpp
index f1f6c5974..eec6a147c 100644
--- a/src/lib/pubkey/pk_algs.cpp
+++ b/src/lib/pubkey/pk_algs.cpp
@@ -72,10 +72,6 @@
   #include <botan/sm2.h>
 #endif
 
-#if defined(BOTAN_HAS_OPENSSL)
-  #include <botan/internal/openssl.h>
-#endif
-
 namespace Botan {
 
 std::unique_ptr<Public_Key>
@@ -318,16 +314,6 @@ create_private_key(const std::string& alg_name,
    if(alg_name == "RSA")
       {
       const size_t rsa_bits = (params.empty() ? 3072 : to_u32bit(params));
-#if defined(BOTAN_HAS_OPENSSL)
-      if(provider.empty() || provider == "openssl")
-         {
-         auto pk = make_openssl_rsa_private_key(rng, rsa_bits);
-
-         // Return nullptr if openssl was specifically requested
-         if(pk || !provider.empty())
-            return pk;
-         }
-#endif
       return std::make_unique<RSA_PrivateKey>(rng, rsa_bits);
       }
 #endif
@@ -420,11 +406,6 @@ probe_provider_private_key(const std::string& alg_name,
       {
       if(prov == "base")
          providers.push_back(prov);
-
-#if defined(BOTAN_HAS_OPENSSL)
-      if(prov == "openssl" && alg_name == "RSA")
-         providers.push_back(prov);
-#endif
       }
 
    BOTAN_UNUSED(alg_name);
diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp
index b551a33c8..32979acc9 100644
--- a/src/lib/pubkey/rsa/rsa.cpp
+++ b/src/lib/pubkey/rsa/rsa.cpp
@@ -17,10 +17,6 @@
 #include <botan/internal/divide.h>
 #include <botan/internal/monty_exp.h>
 
-#if defined(BOTAN_HAS_OPENSSL)
-  #include <botan/internal/openssl.h>
-#endif
-
 #if defined(BOTAN_HAS_THREAD_UTILS)
   #include <botan/internal/thread_pool.h>
 #endif
@@ -655,26 +651,6 @@ RSA_PublicKey::create_encryption_op(RandomNumberGenerator& /*rng*/,
                                     const std::string& params,
                                     const std::string& provider) const
    {
-#if defined(BOTAN_HAS_OPENSSL)
-   if(provider == "openssl" || provider.empty())
-      {
-      try
-         {
-         return make_openssl_rsa_enc_op(*this, params);
-         }
-      catch(Exception& e)
-         {
-         /*
-         * If OpenSSL for some reason could not handle this (eg due to OAEP params),
-         * throw if openssl was specifically requested but otherwise just fall back
-         * to the normal version.
-         */
-         if(provider == "openssl")
-            throw Lookup_Error("OpenSSL RSA provider rejected key:" + std::string(e.what()));
-         }
-      }
-#endif
-
    if(provider == "base" || provider.empty())
       return std::make_unique<RSA_Encryption_Operation>(*this, params);
    throw Provider_Not_Found(algo_name(), provider);
@@ -694,15 +670,6 @@ std::unique_ptr<PK_Ops::Verification>
 RSA_PublicKey::create_verification_op(const std::string& params,
                                       const std::string& provider) const
    {
-#if defined(BOTAN_HAS_OPENSSL)
-   if(provider == "openssl" || provider.empty())
-      {
-      std::unique_ptr<PK_Ops::Verification> res = make_openssl_rsa_ver_op(*this, params);
-      if(res)
-         return res;
-      }
-#endif
-
    if(provider == "base" || provider.empty())
       return std::make_unique<RSA_Verify_Operation>(*this, params);
 
@@ -714,21 +681,6 @@ RSA_PrivateKey::create_decryption_op(RandomNumberGenerator& rng,
                                      const std::string& params,
                                      const std::string& provider) const
    {
-#if defined(BOTAN_HAS_OPENSSL)
-   if(provider == "openssl" || provider.empty())
-      {
-      try
-         {
-         return make_openssl_rsa_dec_op(*this, params);
-         }
-      catch(Exception& e)
-         {
-         if(provider == "openssl")
-            throw Lookup_Error("OpenSSL RSA provider rejected key:" + std::string(e.what()));
-         }
-      }
-#endif
-
    if(provider == "base" || provider.empty())
       return std::make_unique<RSA_Decryption_Operation>(*this, params, rng);
 
@@ -751,15 +703,6 @@ RSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng,
                                     const std::string& params,
                                     const std::string& provider) const
    {
-#if defined(BOTAN_HAS_OPENSSL)
-   if(provider == "openssl" || provider.empty())
-      {
-      std::unique_ptr<PK_Ops::Signature> res = make_openssl_rsa_sig_op(*this, params);
-      if(res)
-         return res;
-      }
-#endif
-
    if(provider == "base" || provider.empty())
       return std::make_unique<RSA_Signature_Operation>(*this, params, rng);
 
-- 
cgit v1.2.3