From 0bc2f365558ed5980ce87d6b2704ca8649ca2a4a Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Thu, 2 Jul 2015 08:49:54 -0400 Subject: [PATCH] Remove obsolete key formats. Remove support for RSA_NET and Netscape key format (-keyform n). Also removed documentation of SGC. Reviewed-by: Viktor Dukhovni --- apps/apps.c | 72 +----------- apps/apps.h | 1 - apps/opt.c | 14 +-- apps/rsa.c | 13 --- apps/x509.c | 10 -- crypto/asn1/Makefile | 16 +-- crypto/asn1/asn1_err.c | 3 - crypto/asn1/n_pkey.c | 231 ------------------------------------- crypto/asn1/x_nx509.c | 72 ------------ crypto/crypto-lib.com | 2 +- doc/apps/x509v3_config.pod | 4 +- include/openssl/asn1.h | 10 -- include/openssl/rsa.h | 16 --- test/tx509 | 18 --- util/libeay.num | 20 ++-- 15 files changed, 20 insertions(+), 482 deletions(-) delete mode 100644 crypto/asn1/x_nx509.c diff --git a/apps/apps.c b/apps/apps.c index 3f2c049404..80e777774f 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -163,12 +163,6 @@ static int set_table_opts(unsigned long *flags, const char *arg, static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl); -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) -/* Looks like this stuff is worth moving into separate function */ -static EVP_PKEY *load_netscape_key(BIO *key, const char *file, - const char *key_descrip, int format); -#endif - int app_init(long mesgwin); int chopup_args(ARGS *arg, char *buf) @@ -695,22 +689,7 @@ X509 *load_cert(const char *file, int format, if (format == FORMAT_ASN1) x = d2i_X509_bio(cert, NULL); - else if (format == FORMAT_NETSCAPE) { - NETSCAPE_X509 *nx; - nx = ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509), cert, NULL); - if (nx == NULL) - goto end; - - if ((strncmp(NETSCAPE_CERT_HDR, (char *)nx->header->data, - nx->header->length) != 0)) { - NETSCAPE_X509_free(nx); - BIO_printf(bio_err, "Error reading header on certificate\n"); - goto end; - } - x = nx->cert; - nx->cert = NULL; - NETSCAPE_X509_free(nx); - } else if (format == FORMAT_PEM) + else if (format == FORMAT_PEM) x = PEM_read_bio_X509_AUX(cert, NULL, (pem_password_cb *)password_callback, NULL); else if (format == FORMAT_PKCS12) { @@ -803,10 +782,6 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, (pem_password_cb *)password_callback, &cb_data); } -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) - else if (format == FORMAT_NETSCAPE) - pkey = load_netscape_key(key, file, key_descrip, format); -#endif else if (format == FORMAT_PKCS12) { if (!load_pkcs12(key, key_descrip, (pem_password_cb *)password_callback, &cb_data, @@ -903,10 +878,6 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, (pem_password_cb *)password_callback, &cb_data); } -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) - else if (format == FORMAT_NETSCAPE) - pkey = load_netscape_key(key, file, key_descrip, format); -#endif #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) else if (format == FORMAT_MSBLOB) pkey = b2i_PublicKey_bio(key); @@ -918,47 +889,6 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, return (pkey); } -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) -static EVP_PKEY *load_netscape_key(BIO *key, const char *file, - const char *key_descrip, int format) -{ - EVP_PKEY *pkey; - BUF_MEM *buf; - RSA *rsa; - const unsigned char *p; - int size, i; - - buf = BUF_MEM_new(); - pkey = EVP_PKEY_new(); - size = 0; - if (buf == NULL || pkey == NULL) - goto error; - for (;;) { - if (!BUF_MEM_grow_clean(buf, size + 1024 * 10)) - goto error; - i = BIO_read(key, &(buf->data[size]), 1024 * 10); - size += i; - if (i == 0) - break; - if (i < 0) { - BIO_printf(bio_err, "Error reading %s %s", key_descrip, file); - goto error; - } - } - p = (unsigned char *)buf->data; - rsa = d2i_RSA_NET(NULL, &p, (long)size, NULL, 0); - if (rsa == NULL) - goto error; - BUF_MEM_free(buf); - EVP_PKEY_set1_RSA(pkey, rsa); - return pkey; - error: - BUF_MEM_free(buf); - EVP_PKEY_free(pkey); - return NULL; -} -#endif /* ndef OPENSSL_NO_RC4 */ - static int load_certs_crls(const char *file, int format, const char *pass, ENGINE *e, const char *desc, STACK_OF(X509) **pcerts, diff --git a/apps/apps.h b/apps/apps.h index b83d4b2aee..2823cbcadf 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -532,7 +532,6 @@ void store_setup_crl_download(X509_STORE *st); # define FORMAT_ASN1 1 # define FORMAT_TEXT 2 # define FORMAT_PEM 3 -# define FORMAT_NETSCAPE 4 # define FORMAT_PKCS12 5 # define FORMAT_SMIME 6 # define FORMAT_ENGINE 7 diff --git a/apps/opt.c b/apps/opt.c index b81cec4fa7..bfb039e872 100644 --- a/apps/opt.c +++ b/apps/opt.c @@ -256,15 +256,11 @@ int opt_format(const char *s, unsigned long flags, int *result) break; case 'N': case 'n': - if (strcmp(s, "NSS") == 0 || strcmp(s, "nss") == 0) { - if ((flags & OPT_FMT_NSS) == 0) - return opt_format_error(s, flags); - *result = FORMAT_NSS; - } else { - if ((flags & OPT_FMT_NETSCAPE) == 0) - return opt_format_error(s, flags); - *result = FORMAT_NETSCAPE; - } + if ((flags & OPT_FMT_NSS) == 0) + return opt_format_error(s, flags); + if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0) + return opt_format_error(s, flags); + *result = FORMAT_NSS; break; case 'S': case 's': diff --git a/apps/rsa.c b/apps/rsa.c index f6961d9baf..c7ad44b75d 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -352,19 +352,6 @@ int rsa_main(int argc, char **argv) i = i2d_RSAPrivateKey_bio(out, rsa); } } -# ifndef OPENSSL_NO_RC4 - else if (outformat == FORMAT_NETSCAPE) { - unsigned char *p, *save; - int size = i2d_RSA_NET(rsa, NULL, NULL, 0); - - save = p = app_malloc(size, "RSA i2d buffer"); - assert(private); - i2d_RSA_NET(rsa, &p, NULL, 0); - BIO_write(out, (char *)save, size); - OPENSSL_free(save); - i = 1; - } -# endif else if (outformat == FORMAT_PEM) { if (pubout || pubin) { if (pubout == 2) diff --git a/apps/x509.c b/apps/x509.c index 18e13e7921..2fd92f4dcf 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -913,16 +913,6 @@ int x509_main(int argc, char **argv) i = PEM_write_bio_X509_AUX(out, x); else i = PEM_write_bio_X509(out, x); - } else if (outformat == FORMAT_NETSCAPE) { - NETSCAPE_X509 nx; - ASN1_OCTET_STRING hdr; - - hdr.data = (unsigned char *)NETSCAPE_CERT_HDR; - hdr.length = strlen(NETSCAPE_CERT_HDR); - nx.header = &hdr; - nx.cert = x; - - i = ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509), out, &nx); } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile index 66b0ef2e63..a566dfa016 100644 --- a/crypto/asn1/Makefile +++ b/crypto/asn1/Makefile @@ -20,7 +20,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \ x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_bignum.c \ x_long.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \ - x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ + d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \ tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \ tasn_prn.c tasn_scn.c ameth_lib.c \ @@ -34,7 +34,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \ x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_bignum.o \ x_long.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \ - x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ + d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \ tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \ tasn_prn.o tasn_scn.o ameth_lib.o \ @@ -793,18 +793,6 @@ x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x_long.o: ../include/internal/cryptlib.h x_long.c -x_nx509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -x_nx509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -x_nx509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -x_nx509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -x_nx509.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -x_nx509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_nx509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_nx509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_nx509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -x_nx509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_nx509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_nx509.o: ../../include/openssl/x509_vfy.h x_nx509.c x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index b7fbd9d99b..5dfd21be4a 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -169,8 +169,6 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"}, {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"}, - {ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"}, - {ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"}, {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, @@ -182,7 +180,6 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"}, {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"}, {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"}, - {ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"}, {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"}, {ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"}, {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"}, diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c index 1b8c4c0a8d..0c9c4c48c3 100644 --- a/crypto/asn1/n_pkey.c +++ b/crypto/asn1/n_pkey.c @@ -102,237 +102,6 @@ DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY) IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) -static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey); - -int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, - int (*cb) (char *buf, int len, const char *prompt, - int verify)) -{ - return i2d_RSA_NET(a, pp, cb, 0); -} - -int i2d_RSA_NET(const RSA *a, unsigned char **pp, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey) -{ - int i, j, ret = 0; - int rsalen, pkeylen, olen; - NETSCAPE_PKEY *pkey = NULL; - NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; - unsigned char buf[256], *zz; - unsigned char key[EVP_MAX_KEY_LENGTH]; - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - - if (a == NULL) - return (0); - - if ((pkey = NETSCAPE_PKEY_new()) == NULL) - goto err; - if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) - goto err; - pkey->version = 0; - - pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); - if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL) - goto err; - pkey->algor->parameter->type = V_ASN1_NULL; - - rsalen = i2d_RSAPrivateKey(a, NULL); - - /* - * Fake some octet strings just for the initial length calculation. - */ - - pkey->private_key->length = rsalen; - - pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL); - - enckey->enckey->digest->length = pkeylen; - - enckey->os->length = 11; /* "private-key" */ - - enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4); - if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL) - goto err; - enckey->enckey->algor->parameter->type = V_ASN1_NULL; - - if (pp == NULL) { - olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL); - NETSCAPE_PKEY_free(pkey); - NETSCAPE_ENCRYPTED_PKEY_free(enckey); - return olen; - } - - /* Since its RC4 encrypted length is actual length */ - if ((zz = OPENSSL_malloc(rsalen)) == NULL) { - ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); - goto err; - } - - pkey->private_key->data = zz; - /* Write out private key encoding */ - i2d_RSAPrivateKey(a, &zz); - - if ((zz = OPENSSL_malloc(pkeylen)) == NULL) { - ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!ASN1_STRING_set(enckey->os, "private-key", -1)) { - ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); - goto err; - } - enckey->enckey->digest->data = zz; - i2d_NETSCAPE_PKEY(pkey, &zz); - - /* Wipe the private key encoding */ - OPENSSL_cleanse(pkey->private_key->data, rsalen); - - if (cb == NULL) - cb = EVP_read_pw_string; - i = cb((char *)buf, 256, "Enter Private Key password:", 1); - if (i != 0) { - ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ); - goto err; - } - i = strlen((char *)buf); - /* If the key is used for SGC the algorithm is modified a little. */ - if (sgckey) { - if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) - goto err; - memcpy(buf + 16, "SGCKEYSALT", 10); - i = 26; - } - - if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL)) - goto err; - OPENSSL_cleanse(buf, 256); - - /* Encrypt private key in place */ - zz = enckey->enckey->digest->data; - if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL)) - goto err; - if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen)) - goto err; - if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j)) - goto err; - - ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); - err: - EVP_CIPHER_CTX_cleanup(&ctx); - NETSCAPE_ENCRYPTED_PKEY_free(enckey); - NETSCAPE_PKEY_free(pkey); - return (ret); -} - -RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, - int (*cb) (char *buf, int len, const char *prompt, - int verify)) -{ - return d2i_RSA_NET(a, pp, length, cb, 0); -} - -RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey) -{ - RSA *ret = NULL; - const unsigned char *p; - NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; - - p = *pp; - - enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); - if (!enckey) { - ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR); - return NULL; - } - - if ((enckey->os->length != 11) || (strncmp("private-key", - (char *)enckey->os->data, - 11) != 0)) { - ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING); - NETSCAPE_ENCRYPTED_PKEY_free(enckey); - return NULL; - } - if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) { - ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); - goto err; - } - if (cb == NULL) - cb = EVP_read_pw_string; - if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL) - goto err; - - *pp = p; - - err: - NETSCAPE_ENCRYPTED_PKEY_free(enckey); - return ret; - -} - -static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey) -{ - NETSCAPE_PKEY *pkey = NULL; - RSA *ret = NULL; - int i, j; - unsigned char buf[256]; - const unsigned char *zz; - unsigned char key[EVP_MAX_KEY_LENGTH]; - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - - i = cb((char *)buf, 256, "Enter Private Key password:", 0); - if (i != 0) { - ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ); - goto err; - } - - i = strlen((char *)buf); - if (sgckey) { - if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) - goto err; - memcpy(buf + 16, "SGCKEYSALT", 10); - i = 26; - } - - if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL)) - goto err; - OPENSSL_cleanse(buf, 256); - - if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL)) - goto err; - if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length)) - goto err; - if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j)) - goto err; - os->length = i + j; - - zz = os->data; - - if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) { - ASN1err(ASN1_F_D2I_RSA_NET_2, - ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); - goto err; - } - - zz = pkey->private_key->data; - if ((ret = d2i_RSAPrivateKey(a, &zz, pkey->private_key->length)) == NULL) { - ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY); - goto err; - } - err: - EVP_CIPHER_CTX_cleanup(&ctx); - NETSCAPE_PKEY_free(pkey); - return (ret); -} - # endif /* OPENSSL_NO_RC4 */ #else /* !OPENSSL_NO_RSA */ diff --git a/crypto/asn1/x_nx509.c b/crypto/asn1/x_nx509.c deleted file mode 100644 index 5aa0ed58b4..0000000000 --- a/crypto/asn1/x_nx509.c +++ /dev/null @@ -1,72 +0,0 @@ -/* x_nx509.c */ -/* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2005. - */ -/* ==================================================================== - * Copyright (c) 2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include -#include - -/* Old netscape certificate wrapper format */ - -ASN1_SEQUENCE(NETSCAPE_X509) = { - ASN1_SIMPLE(NETSCAPE_X509, header, ASN1_OCTET_STRING), - ASN1_OPT(NETSCAPE_X509, cert, X509) -} ASN1_SEQUENCE_END(NETSCAPE_X509) - -IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509) diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index 5a2694dcfa..f668c1c580 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -308,7 +308,7 @@ $ LIB_ASN1_1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ - "a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ - "x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ - "x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ - - "x_nx509,d2i_pu,d2i_pr,i2d_pu,i2d_pr" + "d2i_pu,d2i_pr,i2d_pu,i2d_pr" $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ - "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ - "tasn_prn,tasn_scn,ameth_lib,"+ - diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod index 26b327c184..d1e67883d7 100644 --- a/doc/apps/x509v3_config.pod +++ b/doc/apps/x509v3_config.pod @@ -118,14 +118,12 @@ following PKIX, NS and MS values are meaningful: msCodeInd Microsoft Individual Code Signing (authenticode) msCodeCom Microsoft Commercial Code Signing (authenticode) msCTLSign Microsoft Trust List Signing - msSGC Microsoft Server Gated Crypto msEFS Microsoft Encrypted File System - nsSGC Netscape Server Gated Crypto Examples: extendedKeyUsage=critical,codeSigning,1.2.3.4 - extendedKeyUsage=nsSGC,msSGC + extendedKeyUsage=serverAuth,clientAuth =head2 Subject Key Identifier. diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 06ee0369db..5b3b7d3bbb 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -509,11 +509,6 @@ typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) -typedef struct NETSCAPE_X509_st { - ASN1_OCTET_STRING *header; - X509 *cert; -} NETSCAPE_X509; - /* This is used to contain a list of bit names */ typedef struct BIT_STRING_BITNAME_st { int bitnum; @@ -797,8 +792,6 @@ const char *ASN1_tag2str(int tag); /* Used to load and write netscape format cert */ -DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509) - int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); @@ -1014,8 +1007,6 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_D2I_NETSCAPE_RSA_2 153 # define ASN1_F_D2I_PRIVATEKEY 154 # define ASN1_F_D2I_PUBLICKEY 155 -# define ASN1_F_D2I_RSA_NET 200 -# define ASN1_F_D2I_RSA_NET_2 201 # define ASN1_F_D2I_X509 156 # define ASN1_F_D2I_X509_CINF 157 # define ASN1_F_D2I_X509_PKEY 159 @@ -1027,7 +1018,6 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_I2D_EC_PUBKEY 181 # define ASN1_F_I2D_PRIVATEKEY 163 # define ASN1_F_I2D_PUBLICKEY 164 -# define ASN1_F_I2D_RSA_NET 162 # define ASN1_F_I2D_RSA_PUBKEY 165 # define ASN1_F_LONG_C2I 166 # define ASN1_F_OID_MODULE_INIT 174 diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 727b9df4c4..9abb2a1eda 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -396,22 +396,6 @@ int RSA_print_fp(FILE *fp, const RSA *r, int offset); int RSA_print(BIO *bp, const RSA *r, int offset); -# ifndef OPENSSL_NO_RC4 -int i2d_RSA_NET(const RSA *a, unsigned char **pp, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey); -RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey); - -int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, - int (*cb) (char *buf, int len, const char *prompt, - int verify)); -RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, - int (*cb) (char *buf, int len, const char *prompt, - int verify)); -# endif - /* * The following 2 functions sign and verify a X509_SIG ASN1 object inside * PKCS#1 padded RSA encryption diff --git a/test/tx509 b/test/tx509 index 3185ce11cd..dc9abc680d 100644 --- a/test/tx509 +++ b/test/tx509 @@ -13,42 +13,24 @@ cp $t x509-fff.p echo "p -> d" $cmd -in x509-fff.p -inform p -outform d >x509-f.d || exit 1 -echo "p -> n" -$cmd -in x509-fff.p -inform p -outform n >x509-f.n || exit 1 echo "p -> p" $cmd -in x509-fff.p -inform p -outform p >x509-f.p || exit 1 echo "d -> d" $cmd -in x509-f.d -inform d -outform d >x509-ff.d1 || exit 1 -echo "n -> d" -$cmd -in x509-f.n -inform n -outform d >x509-ff.d2 || exit 1 echo "p -> d" $cmd -in x509-f.p -inform p -outform d >x509-ff.d3 || exit 1 -echo "d -> n" -$cmd -in x509-f.d -inform d -outform n >x509-ff.n1 || exit 1 -echo "n -> n" -$cmd -in x509-f.n -inform n -outform n >x509-ff.n2 || exit 1 -echo "p -> n" -$cmd -in x509-f.p -inform p -outform n >x509-ff.n3 || exit 1 - echo "d -> p" $cmd -in x509-f.d -inform d -outform p >x509-ff.p1 || exit 1 -echo "n -> p" -$cmd -in x509-f.n -inform n -outform p >x509-ff.p2 || exit 1 echo "p -> p" $cmd -in x509-f.p -inform p -outform p >x509-ff.p3 || exit 1 cmp x509-fff.p x509-f.p || exit 1 cmp x509-fff.p x509-ff.p1 || exit 1 -cmp x509-fff.p x509-ff.p2 || exit 1 cmp x509-fff.p x509-ff.p3 || exit 1 -cmp x509-f.n x509-ff.n1 || exit 1 -cmp x509-f.n x509-ff.n2 || exit 1 -cmp x509-f.n x509-ff.n3 || exit 1 cmp x509-f.p x509-ff.p1 || exit 1 -cmp x509-f.p x509-ff.p2 || exit 1 cmp x509-f.p x509-ff.p3 || exit 1 /bin/rm -f x509-f.* x509-ff.* x509-fff.* diff --git a/util/libeay.num b/util/libeay.num index 4d3642f071..731db227c6 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -725,7 +725,7 @@ d2i_DSAPublicKey 731 EXIST::FUNCTION:DSA d2i_DSAparams 732 EXIST::FUNCTION:DSA d2i_NETSCAPE_SPKAC 733 EXIST::FUNCTION: d2i_NETSCAPE_SPKI 734 EXIST::FUNCTION: -d2i_Netscape_RSA 735 EXIST::FUNCTION:RC4,RSA +d2i_Netscape_RSA 735 NOEXIST::FUNCTION: d2i_PKCS7 736 EXIST::FUNCTION: d2i_PKCS7_DIGEST 737 EXIST::FUNCTION: d2i_PKCS7_ENCRYPT 738 EXIST::FUNCTION: @@ -827,7 +827,7 @@ i2d_DSAPublicKey 834 EXIST::FUNCTION:DSA i2d_DSAparams 835 EXIST::FUNCTION:DSA i2d_NETSCAPE_SPKAC 836 EXIST::FUNCTION: i2d_NETSCAPE_SPKI 837 EXIST::FUNCTION: -i2d_Netscape_RSA 838 EXIST::FUNCTION:RC4,RSA +i2d_Netscape_RSA 838 NOEXIST::FUNCTION: i2d_PKCS7 839 EXIST::FUNCTION: i2d_PKCS7_DIGEST 840 EXIST::FUNCTION: i2d_PKCS7_ENCRYPT 841 EXIST::FUNCTION: @@ -1816,9 +1816,9 @@ RAND_egd_bytes 2402 EXIST::FUNCTION: X509_REQ_get1_email 2403 EXIST::FUNCTION: X509_get1_email 2404 EXIST::FUNCTION: X509_email_free 2405 EXIST::FUNCTION: -i2d_RSA_NET 2406 EXIST::FUNCTION:RC4,RSA +i2d_RSA_NET 2406 NOEXIST::FUNCTION: d2i_RSA_NET_2 2407 NOEXIST::FUNCTION: -d2i_RSA_NET 2408 EXIST::FUNCTION:RC4,RSA +d2i_RSA_NET 2408 NOEXIST::FUNCTION: DSO_bind_func 2409 EXIST::FUNCTION: CRYPTO_get_new_dynlockid 2410 EXIST::FUNCTION: sk_new_null 2411 EXIST::FUNCTION: @@ -3796,7 +3796,7 @@ CRYPTO_THREADID_cmp 4176 EXIST::FUNCTION: TS_REQ_ext_free 4177 EXIST::FUNCTION: EVP_PKEY_asn1_set_free 4178 EXIST::FUNCTION: EVP_PKEY_get0_asn1 4179 EXIST::FUNCTION: -d2i_NETSCAPE_X509 4180 EXIST::FUNCTION: +d2i_NETSCAPE_X509 4180 NOEXIST::FUNCTION: EVP_PKEY_verify_recover_init 4181 EXIST::FUNCTION: EVP_PKEY_CTX_set_data 4182 EXIST::FUNCTION: EVP_PKEY_keygen_init 4183 EXIST::FUNCTION: @@ -3864,7 +3864,7 @@ ASN1_PCTX_get_nm_flags 4242 EXIST::FUNCTION: EVP_PKEY_meth_set_sign 4243 EXIST::FUNCTION: CRYPTO_THREADID_current 4244 EXIST::FUNCTION: EVP_PKEY_decrypt_init 4245 EXIST::FUNCTION: -NETSCAPE_X509_free 4246 EXIST::FUNCTION: +NETSCAPE_X509_free 4246 NOEXIST::FUNCTION: i2b_PVK_bio 4247 EXIST::FUNCTION:RC4 EVP_PKEY_print_private 4248 EXIST::FUNCTION: GENERAL_NAME_get0_value 4249 EXIST::FUNCTION: @@ -3994,8 +3994,8 @@ WHIRLPOOL_Final 4370 EXIST::FUNCTION:WHIRLPOOL X509_CRL_METHOD_new 4371 EXIST::FUNCTION: EVP_DigestSignFinal 4372 EXIST::FUNCTION: TS_RESP_CTX_set_def_policy 4373 EXIST::FUNCTION: -NETSCAPE_X509_it 4374 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -NETSCAPE_X509_it 4374 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +NETSCAPE_X509_it 4374 NOEXIST::FUNCTION: +NETSCAPE_X509_it 4374 NOEXIST::FUNCTION: TS_RESP_create_response 4375 EXIST::FUNCTION: PKCS7_SIGNER_INFO_get0_algs 4376 EXIST::FUNCTION: TS_TST_INFO_get_nonce 4377 EXIST::FUNCTION: @@ -4046,7 +4046,7 @@ TS_REQ_get_ext_d2i 4420 EXIST::FUNCTION: GENERAL_NAME_set0_othername 4421 EXIST::FUNCTION: TS_TST_INFO_get_ext_count 4422 EXIST::FUNCTION: TS_RESP_CTX_get_request 4423 EXIST::FUNCTION: -i2d_NETSCAPE_X509 4424 EXIST::FUNCTION: +i2d_NETSCAPE_X509 4424 NOEXIST::FUNCTION: ENGINE_get_pkey_meth_engine 4425 EXIST::FUNCTION:ENGINE EVP_PKEY_meth_set_signctx 4426 EXIST::FUNCTION: EVP_PKEY_asn1_copy 4427 EXIST::FUNCTION: @@ -4109,7 +4109,7 @@ PKCS7_stream 4481 EXIST::FUNCTION: TS_RESP_CTX_set_certs 4482 EXIST::FUNCTION: TS_CONF_set_def_policy 4483 EXIST::FUNCTION: ASN1_GENERALIZEDTIME_adj 4484 EXIST::FUNCTION: -NETSCAPE_X509_new 4485 EXIST::FUNCTION: +NETSCAPE_X509_new 4485 NOEXIST::FUNCTION: TS_ACCURACY_free 4486 EXIST::FUNCTION: TS_RESP_get_tst_info 4487 EXIST::FUNCTION: EVP_PKEY_derive_set_peer 4488 EXIST::FUNCTION: -- 2.34.1