[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Thu Jul 16 05:07:13 UTC 2015
The branch master has been updated
via 0bc2f365558ed5980ce87d6b2704ca8649ca2a4a (commit)
from 31d6c0b2b043bad5c63b797a327109eb26ff8d2a (commit)
- Log -----------------------------------------------------------------
commit 0bc2f365558ed5980ce87d6b2704ca8649ca2a4a
Author: Rich Salz <rsalz at akamai.com>
Date: Thu Jul 2 08:49:54 2015 -0400
Remove obsolete key formats.
Remove support for RSA_NET and Netscape key format (-keyform n).
Also removed documentation of SGC.
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 72 +-------------
apps/apps.h | 1 -
apps/opt.c | 14 +--
apps/rsa.c | 13 ---
apps/x509.c | 10 --
crypto/asn1/Makefile | 16 +---
crypto/asn1/asn1_err.c | 3 -
crypto/asn1/n_pkey.c | 231 ---------------------------------------------
crypto/asn1/x_nx509.c | 72 --------------
crypto/crypto-lib.com | 2 +-
doc/apps/x509v3_config.pod | 4 +-
include/openssl/asn1.h | 10 --
include/openssl/rsa.h | 16 ----
test/tx509 | 18 ----
util/libeay.num | 20 ++--
15 files changed, 20 insertions(+), 482 deletions(-)
delete mode 100644 crypto/asn1/x_nx509.c
diff --git a/apps/apps.c b/apps/apps.c
index 3f2c049..80e7777 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -163,12 +163,6 @@ static int set_table_opts(unsigned long *flags, const char *arg,
static int set_multi_opts(unsigned long *flags, const char *arg,
const NAME_EX_TBL * in_tbl);
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-/* Looks like this stuff is worth moving into separate function */
-static EVP_PKEY *load_netscape_key(BIO *key, const char *file,
- const char *key_descrip, int format);
-#endif
-
int app_init(long mesgwin);
int chopup_args(ARGS *arg, char *buf)
@@ -695,22 +689,7 @@ X509 *load_cert(const char *file, int format,
if (format == FORMAT_ASN1)
x = d2i_X509_bio(cert, NULL);
- else if (format == FORMAT_NETSCAPE) {
- NETSCAPE_X509 *nx;
- nx = ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509), cert, NULL);
- if (nx == NULL)
- goto end;
-
- if ((strncmp(NETSCAPE_CERT_HDR, (char *)nx->header->data,
- nx->header->length) != 0)) {
- NETSCAPE_X509_free(nx);
- BIO_printf(bio_err, "Error reading header on certificate\n");
- goto end;
- }
- x = nx->cert;
- nx->cert = NULL;
- NETSCAPE_X509_free(nx);
- } else if (format == FORMAT_PEM)
+ else if (format == FORMAT_PEM)
x = PEM_read_bio_X509_AUX(cert, NULL,
(pem_password_cb *)password_callback, NULL);
else if (format == FORMAT_PKCS12) {
@@ -803,10 +782,6 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
(pem_password_cb *)password_callback,
&cb_data);
}
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
- else if (format == FORMAT_NETSCAPE)
- pkey = load_netscape_key(key, file, key_descrip, format);
-#endif
else if (format == FORMAT_PKCS12) {
if (!load_pkcs12(key, key_descrip,
(pem_password_cb *)password_callback, &cb_data,
@@ -903,10 +878,6 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
(pem_password_cb *)password_callback,
&cb_data);
}
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
- else if (format == FORMAT_NETSCAPE)
- pkey = load_netscape_key(key, file, key_descrip, format);
-#endif
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
else if (format == FORMAT_MSBLOB)
pkey = b2i_PublicKey_bio(key);
@@ -918,47 +889,6 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
return (pkey);
}
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-static EVP_PKEY *load_netscape_key(BIO *key, const char *file,
- const char *key_descrip, int format)
-{
- EVP_PKEY *pkey;
- BUF_MEM *buf;
- RSA *rsa;
- const unsigned char *p;
- int size, i;
-
- buf = BUF_MEM_new();
- pkey = EVP_PKEY_new();
- size = 0;
- if (buf == NULL || pkey == NULL)
- goto error;
- for (;;) {
- if (!BUF_MEM_grow_clean(buf, size + 1024 * 10))
- goto error;
- i = BIO_read(key, &(buf->data[size]), 1024 * 10);
- size += i;
- if (i == 0)
- break;
- if (i < 0) {
- BIO_printf(bio_err, "Error reading %s %s", key_descrip, file);
- goto error;
- }
- }
- p = (unsigned char *)buf->data;
- rsa = d2i_RSA_NET(NULL, &p, (long)size, NULL, 0);
- if (rsa == NULL)
- goto error;
- BUF_MEM_free(buf);
- EVP_PKEY_set1_RSA(pkey, rsa);
- return pkey;
- error:
- BUF_MEM_free(buf);
- EVP_PKEY_free(pkey);
- return NULL;
-}
-#endif /* ndef OPENSSL_NO_RC4 */
-
static int load_certs_crls(const char *file, int format,
const char *pass, ENGINE *e, const char *desc,
STACK_OF(X509) **pcerts,
diff --git a/apps/apps.h b/apps/apps.h
index b83d4b2..2823cbc 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -532,7 +532,6 @@ void store_setup_crl_download(X509_STORE *st);
# define FORMAT_ASN1 1
# define FORMAT_TEXT 2
# define FORMAT_PEM 3
-# define FORMAT_NETSCAPE 4
# define FORMAT_PKCS12 5
# define FORMAT_SMIME 6
# define FORMAT_ENGINE 7
diff --git a/apps/opt.c b/apps/opt.c
index b81cec4..bfb039e 100644
--- a/apps/opt.c
+++ b/apps/opt.c
@@ -256,15 +256,11 @@ int opt_format(const char *s, unsigned long flags, int *result)
break;
case 'N':
case 'n':
- if (strcmp(s, "NSS") == 0 || strcmp(s, "nss") == 0) {
- if ((flags & OPT_FMT_NSS) == 0)
- return opt_format_error(s, flags);
- *result = FORMAT_NSS;
- } else {
- if ((flags & OPT_FMT_NETSCAPE) == 0)
- return opt_format_error(s, flags);
- *result = FORMAT_NETSCAPE;
- }
+ if ((flags & OPT_FMT_NSS) == 0)
+ return opt_format_error(s, flags);
+ if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0)
+ return opt_format_error(s, flags);
+ *result = FORMAT_NSS;
break;
case 'S':
case 's':
diff --git a/apps/rsa.c b/apps/rsa.c
index f6961d9..c7ad44b 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -352,19 +352,6 @@ int rsa_main(int argc, char **argv)
i = i2d_RSAPrivateKey_bio(out, rsa);
}
}
-# ifndef OPENSSL_NO_RC4
- else if (outformat == FORMAT_NETSCAPE) {
- unsigned char *p, *save;
- int size = i2d_RSA_NET(rsa, NULL, NULL, 0);
-
- save = p = app_malloc(size, "RSA i2d buffer");
- assert(private);
- i2d_RSA_NET(rsa, &p, NULL, 0);
- BIO_write(out, (char *)save, size);
- OPENSSL_free(save);
- i = 1;
- }
-# endif
else if (outformat == FORMAT_PEM) {
if (pubout || pubin) {
if (pubout == 2)
diff --git a/apps/x509.c b/apps/x509.c
index 18e13e7..2fd92f4 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -913,16 +913,6 @@ int x509_main(int argc, char **argv)
i = PEM_write_bio_X509_AUX(out, x);
else
i = PEM_write_bio_X509(out, x);
- } else if (outformat == FORMAT_NETSCAPE) {
- NETSCAPE_X509 nx;
- ASN1_OCTET_STRING hdr;
-
- hdr.data = (unsigned char *)NETSCAPE_CERT_HDR;
- hdr.length = strlen(NETSCAPE_CERT_HDR);
- nx.header = &hdr;
- nx.cert = x;
-
- i = ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509), out, &nx);
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile
index 66b0ef2..a566dfa 100644
--- a/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
@@ -20,7 +20,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_bignum.c \
x_long.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
- x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+ d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
tasn_prn.c tasn_scn.c ameth_lib.c \
@@ -34,7 +34,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_bignum.o \
x_long.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
- x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+ d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
tasn_prn.o tasn_scn.o ameth_lib.o \
@@ -793,18 +793,6 @@ x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_long.o: ../include/internal/cryptlib.h x_long.c
-x_nx509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-x_nx509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-x_nx509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-x_nx509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x_nx509.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-x_nx509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_nx509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_nx509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_nx509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_nx509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_nx509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_nx509.o: ../../include/openssl/x509_vfy.h x_nx509.c
x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index b7fbd9d..5dfd21b 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -169,8 +169,6 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"},
{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
{ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
- {ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"},
- {ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"},
{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
@@ -182,7 +180,6 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
{ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
- {ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"},
{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
{ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"},
{ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"},
diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
index 1b8c4c0..0c9c4c4 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -102,237 +102,6 @@ DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify), int sgckey);
-
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify))
-{
- return i2d_RSA_NET(a, pp, cb, 0);
-}
-
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify), int sgckey)
-{
- int i, j, ret = 0;
- int rsalen, pkeylen, olen;
- NETSCAPE_PKEY *pkey = NULL;
- NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
- unsigned char buf[256], *zz;
- unsigned char key[EVP_MAX_KEY_LENGTH];
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
-
- if (a == NULL)
- return (0);
-
- if ((pkey = NETSCAPE_PKEY_new()) == NULL)
- goto err;
- if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL)
- goto err;
- pkey->version = 0;
-
- pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
- if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL)
- goto err;
- pkey->algor->parameter->type = V_ASN1_NULL;
-
- rsalen = i2d_RSAPrivateKey(a, NULL);
-
- /*
- * Fake some octet strings just for the initial length calculation.
- */
-
- pkey->private_key->length = rsalen;
-
- pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL);
-
- enckey->enckey->digest->length = pkeylen;
-
- enckey->os->length = 11; /* "private-key" */
-
- enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4);
- if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL)
- goto err;
- enckey->enckey->algor->parameter->type = V_ASN1_NULL;
-
- if (pp == NULL) {
- olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
- NETSCAPE_PKEY_free(pkey);
- NETSCAPE_ENCRYPTED_PKEY_free(enckey);
- return olen;
- }
-
- /* Since its RC4 encrypted length is actual length */
- if ((zz = OPENSSL_malloc(rsalen)) == NULL) {
- ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- pkey->private_key->data = zz;
- /* Write out private key encoding */
- i2d_RSAPrivateKey(a, &zz);
-
- if ((zz = OPENSSL_malloc(pkeylen)) == NULL) {
- ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
- ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- enckey->enckey->digest->data = zz;
- i2d_NETSCAPE_PKEY(pkey, &zz);
-
- /* Wipe the private key encoding */
- OPENSSL_cleanse(pkey->private_key->data, rsalen);
-
- if (cb == NULL)
- cb = EVP_read_pw_string;
- i = cb((char *)buf, 256, "Enter Private Key password:", 1);
- if (i != 0) {
- ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
- goto err;
- }
- i = strlen((char *)buf);
- /* If the key is used for SGC the algorithm is modified a little. */
- if (sgckey) {
- if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
- goto err;
- memcpy(buf + 16, "SGCKEYSALT", 10);
- i = 26;
- }
-
- if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL))
- goto err;
- OPENSSL_cleanse(buf, 256);
-
- /* Encrypt private key in place */
- zz = enckey->enckey->digest->data;
- if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
- goto err;
- if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen))
- goto err;
- if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j))
- goto err;
-
- ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
- err:
- EVP_CIPHER_CTX_cleanup(&ctx);
- NETSCAPE_ENCRYPTED_PKEY_free(enckey);
- NETSCAPE_PKEY_free(pkey);
- return (ret);
-}
-
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify))
-{
- return d2i_RSA_NET(a, pp, length, cb, 0);
-}
-
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify), int sgckey)
-{
- RSA *ret = NULL;
- const unsigned char *p;
- NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-
- p = *pp;
-
- enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
- if (!enckey) {
- ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR);
- return NULL;
- }
-
- if ((enckey->os->length != 11) || (strncmp("private-key",
- (char *)enckey->os->data,
- 11) != 0)) {
- ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING);
- NETSCAPE_ENCRYPTED_PKEY_free(enckey);
- return NULL;
- }
- if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
- ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
- goto err;
- }
- if (cb == NULL)
- cb = EVP_read_pw_string;
- if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL)
- goto err;
-
- *pp = p;
-
- err:
- NETSCAPE_ENCRYPTED_PKEY_free(enckey);
- return ret;
-
-}
-
-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify), int sgckey)
-{
- NETSCAPE_PKEY *pkey = NULL;
- RSA *ret = NULL;
- int i, j;
- unsigned char buf[256];
- const unsigned char *zz;
- unsigned char key[EVP_MAX_KEY_LENGTH];
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
-
- i = cb((char *)buf, 256, "Enter Private Key password:", 0);
- if (i != 0) {
- ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ);
- goto err;
- }
-
- i = strlen((char *)buf);
- if (sgckey) {
- if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
- goto err;
- memcpy(buf + 16, "SGCKEYSALT", 10);
- i = 26;
- }
-
- if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL))
- goto err;
- OPENSSL_cleanse(buf, 256);
-
- if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
- goto err;
- if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length))
- goto err;
- if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j))
- goto err;
- os->length = i + j;
-
- zz = os->data;
-
- if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
- ASN1err(ASN1_F_D2I_RSA_NET_2,
- ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
- goto err;
- }
-
- zz = pkey->private_key->data;
- if ((ret = d2i_RSAPrivateKey(a, &zz, pkey->private_key->length)) == NULL) {
- ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
- goto err;
- }
- err:
- EVP_CIPHER_CTX_cleanup(&ctx);
- NETSCAPE_PKEY_free(pkey);
- return (ret);
-}
-
# endif /* OPENSSL_NO_RC4 */
#else /* !OPENSSL_NO_RSA */
diff --git a/crypto/asn1/x_nx509.c b/crypto/asn1/x_nx509.c
deleted file mode 100644
index 5aa0ed5..0000000
--- a/crypto/asn1/x_nx509.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/* x_nx509.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stddef.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-/* Old netscape certificate wrapper format */
-
-ASN1_SEQUENCE(NETSCAPE_X509) = {
- ASN1_SIMPLE(NETSCAPE_X509, header, ASN1_OCTET_STRING),
- ASN1_OPT(NETSCAPE_X509, cert, X509)
-} ASN1_SEQUENCE_END(NETSCAPE_X509)
-
-IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509)
diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com
index 5a2694d..f668c1c 100644
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -308,7 +308,7 @@ $ LIB_ASN1_1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
"a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
"x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ -
"x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ -
- "x_nx509,d2i_pu,d2i_pr,i2d_pu,i2d_pr"
+ "d2i_pu,d2i_pr,i2d_pu,i2d_pr"
$ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ -
"tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ -
"tasn_prn,tasn_scn,ameth_lib,"+ -
diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod
index 26b327c..d1e6788 100644
--- a/doc/apps/x509v3_config.pod
+++ b/doc/apps/x509v3_config.pod
@@ -118,14 +118,12 @@ following PKIX, NS and MS values are meaningful:
msCodeInd Microsoft Individual Code Signing (authenticode)
msCodeCom Microsoft Commercial Code Signing (authenticode)
msCTLSign Microsoft Trust List Signing
- msSGC Microsoft Server Gated Crypto
msEFS Microsoft Encrypted File System
- nsSGC Netscape Server Gated Crypto
Examples:
extendedKeyUsage=critical,codeSigning,1.2.3.4
- extendedKeyUsage=nsSGC,msSGC
+ extendedKeyUsage=serverAuth,clientAuth
=head2 Subject Key Identifier.
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index 06ee036..5b3b7d3 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -509,11 +509,6 @@ typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
-typedef struct NETSCAPE_X509_st {
- ASN1_OCTET_STRING *header;
- X509 *cert;
-} NETSCAPE_X509;
-
/* This is used to contain a list of bit names */
typedef struct BIT_STRING_BITNAME_st {
int bitnum;
@@ -797,8 +792,6 @@ const char *ASN1_tag2str(int tag);
/* Used to load and write netscape format cert */
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509)
-
int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
@@ -1014,8 +1007,6 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_D2I_NETSCAPE_RSA_2 153
# define ASN1_F_D2I_PRIVATEKEY 154
# define ASN1_F_D2I_PUBLICKEY 155
-# define ASN1_F_D2I_RSA_NET 200
-# define ASN1_F_D2I_RSA_NET_2 201
# define ASN1_F_D2I_X509 156
# define ASN1_F_D2I_X509_CINF 157
# define ASN1_F_D2I_X509_PKEY 159
@@ -1027,7 +1018,6 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_I2D_EC_PUBKEY 181
# define ASN1_F_I2D_PRIVATEKEY 163
# define ASN1_F_I2D_PUBLICKEY 164
-# define ASN1_F_I2D_RSA_NET 162
# define ASN1_F_I2D_RSA_PUBKEY 165
# define ASN1_F_LONG_C2I 166
# define ASN1_F_OID_MODULE_INIT 174
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 727b9df..9abb2a1 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -396,22 +396,6 @@ int RSA_print_fp(FILE *fp, const RSA *r, int offset);
int RSA_print(BIO *bp, const RSA *r, int offset);
-# ifndef OPENSSL_NO_RC4
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify), int sgckey);
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify), int sgckey);
-
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify));
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify));
-# endif
-
/*
* The following 2 functions sign and verify a X509_SIG ASN1 object inside
* PKCS#1 padded RSA encryption
diff --git a/test/tx509 b/test/tx509
index 3185ce1..dc9abc6 100644
--- a/test/tx509
+++ b/test/tx509
@@ -13,42 +13,24 @@ cp $t x509-fff.p
echo "p -> d"
$cmd -in x509-fff.p -inform p -outform d >x509-f.d || exit 1
-echo "p -> n"
-$cmd -in x509-fff.p -inform p -outform n >x509-f.n || exit 1
echo "p -> p"
$cmd -in x509-fff.p -inform p -outform p >x509-f.p || exit 1
echo "d -> d"
$cmd -in x509-f.d -inform d -outform d >x509-ff.d1 || exit 1
-echo "n -> d"
-$cmd -in x509-f.n -inform n -outform d >x509-ff.d2 || exit 1
echo "p -> d"
$cmd -in x509-f.p -inform p -outform d >x509-ff.d3 || exit 1
-echo "d -> n"
-$cmd -in x509-f.d -inform d -outform n >x509-ff.n1 || exit 1
-echo "n -> n"
-$cmd -in x509-f.n -inform n -outform n >x509-ff.n2 || exit 1
-echo "p -> n"
-$cmd -in x509-f.p -inform p -outform n >x509-ff.n3 || exit 1
-
echo "d -> p"
$cmd -in x509-f.d -inform d -outform p >x509-ff.p1 || exit 1
-echo "n -> p"
-$cmd -in x509-f.n -inform n -outform p >x509-ff.p2 || exit 1
echo "p -> p"
$cmd -in x509-f.p -inform p -outform p >x509-ff.p3 || exit 1
cmp x509-fff.p x509-f.p || exit 1
cmp x509-fff.p x509-ff.p1 || exit 1
-cmp x509-fff.p x509-ff.p2 || exit 1
cmp x509-fff.p x509-ff.p3 || exit 1
-cmp x509-f.n x509-ff.n1 || exit 1
-cmp x509-f.n x509-ff.n2 || exit 1
-cmp x509-f.n x509-ff.n3 || exit 1
cmp x509-f.p x509-ff.p1 || exit 1
-cmp x509-f.p x509-ff.p2 || exit 1
cmp x509-f.p x509-ff.p3 || exit 1
/bin/rm -f x509-f.* x509-ff.* x509-fff.*
diff --git a/util/libeay.num b/util/libeay.num
index 4d3642f..731db22 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -725,7 +725,7 @@ d2i_DSAPublicKey 731 EXIST::FUNCTION:DSA
d2i_DSAparams 732 EXIST::FUNCTION:DSA
d2i_NETSCAPE_SPKAC 733 EXIST::FUNCTION:
d2i_NETSCAPE_SPKI 734 EXIST::FUNCTION:
-d2i_Netscape_RSA 735 EXIST::FUNCTION:RC4,RSA
+d2i_Netscape_RSA 735 NOEXIST::FUNCTION:
d2i_PKCS7 736 EXIST::FUNCTION:
d2i_PKCS7_DIGEST 737 EXIST::FUNCTION:
d2i_PKCS7_ENCRYPT 738 EXIST::FUNCTION:
@@ -827,7 +827,7 @@ i2d_DSAPublicKey 834 EXIST::FUNCTION:DSA
i2d_DSAparams 835 EXIST::FUNCTION:DSA
i2d_NETSCAPE_SPKAC 836 EXIST::FUNCTION:
i2d_NETSCAPE_SPKI 837 EXIST::FUNCTION:
-i2d_Netscape_RSA 838 EXIST::FUNCTION:RC4,RSA
+i2d_Netscape_RSA 838 NOEXIST::FUNCTION:
i2d_PKCS7 839 EXIST::FUNCTION:
i2d_PKCS7_DIGEST 840 EXIST::FUNCTION:
i2d_PKCS7_ENCRYPT 841 EXIST::FUNCTION:
@@ -1816,9 +1816,9 @@ RAND_egd_bytes 2402 EXIST::FUNCTION:
X509_REQ_get1_email 2403 EXIST::FUNCTION:
X509_get1_email 2404 EXIST::FUNCTION:
X509_email_free 2405 EXIST::FUNCTION:
-i2d_RSA_NET 2406 EXIST::FUNCTION:RC4,RSA
+i2d_RSA_NET 2406 NOEXIST::FUNCTION:
d2i_RSA_NET_2 2407 NOEXIST::FUNCTION:
-d2i_RSA_NET 2408 EXIST::FUNCTION:RC4,RSA
+d2i_RSA_NET 2408 NOEXIST::FUNCTION:
DSO_bind_func 2409 EXIST::FUNCTION:
CRYPTO_get_new_dynlockid 2410 EXIST::FUNCTION:
sk_new_null 2411 EXIST::FUNCTION:
@@ -3796,7 +3796,7 @@ CRYPTO_THREADID_cmp 4176 EXIST::FUNCTION:
TS_REQ_ext_free 4177 EXIST::FUNCTION:
EVP_PKEY_asn1_set_free 4178 EXIST::FUNCTION:
EVP_PKEY_get0_asn1 4179 EXIST::FUNCTION:
-d2i_NETSCAPE_X509 4180 EXIST::FUNCTION:
+d2i_NETSCAPE_X509 4180 NOEXIST::FUNCTION:
EVP_PKEY_verify_recover_init 4181 EXIST::FUNCTION:
EVP_PKEY_CTX_set_data 4182 EXIST::FUNCTION:
EVP_PKEY_keygen_init 4183 EXIST::FUNCTION:
@@ -3864,7 +3864,7 @@ ASN1_PCTX_get_nm_flags 4242 EXIST::FUNCTION:
EVP_PKEY_meth_set_sign 4243 EXIST::FUNCTION:
CRYPTO_THREADID_current 4244 EXIST::FUNCTION:
EVP_PKEY_decrypt_init 4245 EXIST::FUNCTION:
-NETSCAPE_X509_free 4246 EXIST::FUNCTION:
+NETSCAPE_X509_free 4246 NOEXIST::FUNCTION:
i2b_PVK_bio 4247 EXIST::FUNCTION:RC4
EVP_PKEY_print_private 4248 EXIST::FUNCTION:
GENERAL_NAME_get0_value 4249 EXIST::FUNCTION:
@@ -3994,8 +3994,8 @@ WHIRLPOOL_Final 4370 EXIST::FUNCTION:WHIRLPOOL
X509_CRL_METHOD_new 4371 EXIST::FUNCTION:
EVP_DigestSignFinal 4372 EXIST::FUNCTION:
TS_RESP_CTX_set_def_policy 4373 EXIST::FUNCTION:
-NETSCAPE_X509_it 4374 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NETSCAPE_X509_it 4374 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+NETSCAPE_X509_it 4374 NOEXIST::FUNCTION:
+NETSCAPE_X509_it 4374 NOEXIST::FUNCTION:
TS_RESP_create_response 4375 EXIST::FUNCTION:
PKCS7_SIGNER_INFO_get0_algs 4376 EXIST::FUNCTION:
TS_TST_INFO_get_nonce 4377 EXIST::FUNCTION:
@@ -4046,7 +4046,7 @@ TS_REQ_get_ext_d2i 4420 EXIST::FUNCTION:
GENERAL_NAME_set0_othername 4421 EXIST::FUNCTION:
TS_TST_INFO_get_ext_count 4422 EXIST::FUNCTION:
TS_RESP_CTX_get_request 4423 EXIST::FUNCTION:
-i2d_NETSCAPE_X509 4424 EXIST::FUNCTION:
+i2d_NETSCAPE_X509 4424 NOEXIST::FUNCTION:
ENGINE_get_pkey_meth_engine 4425 EXIST::FUNCTION:ENGINE
EVP_PKEY_meth_set_signctx 4426 EXIST::FUNCTION:
EVP_PKEY_asn1_copy 4427 EXIST::FUNCTION:
@@ -4109,7 +4109,7 @@ PKCS7_stream 4481 EXIST::FUNCTION:
TS_RESP_CTX_set_certs 4482 EXIST::FUNCTION:
TS_CONF_set_def_policy 4483 EXIST::FUNCTION:
ASN1_GENERALIZEDTIME_adj 4484 EXIST::FUNCTION:
-NETSCAPE_X509_new 4485 EXIST::FUNCTION:
+NETSCAPE_X509_new 4485 NOEXIST::FUNCTION:
TS_ACCURACY_free 4486 EXIST::FUNCTION:
TS_RESP_get_tst_info 4487 EXIST::FUNCTION:
EVP_PKEY_derive_set_peer 4488 EXIST::FUNCTION:
More information about the openssl-commits
mailing list