Disable EVP_PKEY_meth_* extensibility

This removes the global pkey_app_methods stack that was never cleaned up
and makes EVP_PKEY_meth_add0() always fail and push an error on the stack.
EVP_PKEY_meth_find() can now walk the list of PKEY_METHODs forward and
things become a bit cleaner. It's still all way more complicated than it
needs to be...

ok jsing

diff --git a/lib/libcrypto/evp/pmeth_lib.c b/lib/libcrypto/evp/pmeth_lib.c
index cf27862..604181d 100644 (file)
--- a/lib/libcrypto/evp/pmeth_lib.c
+++ b/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_lib.c,v 1.35 2023/11/29 21:35:57 tb Exp $ */
+/* $OpenBSD: pmeth_lib.c,v 1.36 2024/01/04 20:15:01 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -71,9 +71,6 @@
 #include "asn1_local.h"
 #include "evp_local.h"
 
-DECLARE_STACK_OF(EVP_PKEY_METHOD)
-STACK_OF(EVP_PKEY_METHOD) *pkey_app_methods = NULL;
-
 extern const EVP_PKEY_METHOD cmac_pkey_meth;
 extern const EVP_PKEY_METHOD dh_pkey_meth;
 extern const EVP_PKEY_METHOD dsa_pkey_meth;
@@ -102,43 +99,15 @@ static const EVP_PKEY_METHOD *pkey_methods[] = {
        &x25519_pkey_meth,
 };
 
-static const size_t pkey_methods_count =
-    sizeof(pkey_methods) / sizeof(pkey_methods[0]);
-
-int
-evp_pkey_meth_get_count(void)
-{
-       int num = pkey_methods_count;
-
-       if (pkey_app_methods != NULL)
-               num += sk_EVP_PKEY_METHOD_num(pkey_app_methods);
-
-       return num;
-}
-
-const EVP_PKEY_METHOD *
-evp_pkey_meth_get0(int idx)
-{
-       int num = pkey_methods_count;
-
-       if (idx < 0)
-               return NULL;
-       if (idx < num)
-               return pkey_methods[idx];
-
-       idx -= num;
-
-       return sk_EVP_PKEY_METHOD_value(pkey_app_methods, idx);
-}
+#define N_PKEY_METHODS (sizeof(pkey_methods) / sizeof(pkey_methods[0]))
 
 const EVP_PKEY_METHOD *
 EVP_PKEY_meth_find(int type)
 {
-       const EVP_PKEY_METHOD *pmeth;
-       int i;
+       size_t i;
 
-       for (i = evp_pkey_meth_get_count() - 1; i >= 0; i--) {
-               pmeth = evp_pkey_meth_get0(i);
+       for (i = 0; i < N_PKEY_METHODS; i++) {
+               const EVP_PKEY_METHOD *pmeth = pkey_methods[i];
                if (pmeth->pkey_id == type)
                        return pmeth;
        }
@@ -275,16 +244,8 @@ EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
 int
 EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
 {
-       if (pkey_app_methods == NULL) {
-               pkey_app_methods = sk_EVP_PKEY_METHOD_new(NULL);
-               if (pkey_app_methods == NULL)
-                       return 0;
-       }
-
-       if (!sk_EVP_PKEY_METHOD_push(pkey_app_methods, pmeth))
-               return 0;
-
-       return 1;
+       EVPerror(ERR_R_DISABLED);
+       return 0;
 }
 
 void