mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-19 19:50:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove obsolete key formats.

Browse Source 
Remove support for RSA_NET and Netscape key format (-keyform n).

Also removed documentation of SGC.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
Rich Salz 2015-07-02 08:49:54 -04:00 committed by Rich Salz
parent 31d6c0b2b0
commit 0bc2f36555
15 changed files with 20 additions and 482 deletions

72
apps/apps.c

@ -163,12 +163,6 @@ static int set_table_opts(unsigned long *flags, const char *arg,
static int set_multi_opts(unsigned long *flags, const char *arg,
const NAME_EX_TBL * in_tbl);
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
/* Looks like this stuff is worth moving into separate function */
static EVP_PKEY *load_netscape_key(BIO *key, const char *file,
const char *key_descrip, int format);
#endif
int app_init(long mesgwin);
int chopup_args(ARGS *arg, char *buf)
@ -695,22 +689,7 @@ X509 *load_cert(const char *file, int format,
if (format == FORMAT_ASN1)
x = d2i_X509_bio(cert, NULL);
else if (format == FORMAT_NETSCAPE) {
NETSCAPE_X509 *nx;
nx = ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509), cert, NULL);
if (nx == NULL)
goto end;
if ((strncmp(NETSCAPE_CERT_HDR, (char *)nx->header->data,
nx->header->length) != 0)) {
NETSCAPE_X509_free(nx);
BIO_printf(bio_err, "Error reading header on certificate\n");
goto end;
}
x = nx->cert;
nx->cert = NULL;
NETSCAPE_X509_free(nx);
} else if (format == FORMAT_PEM)
else if (format == FORMAT_PEM)
x = PEM_read_bio_X509_AUX(cert, NULL,
(pem_password_cb *)password_callback, NULL);
else if (format == FORMAT_PKCS12) {
@ -803,10 +782,6 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
(pem_password_cb *)password_callback,
&cb_data);
}
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
else if (format == FORMAT_NETSCAPE)
pkey = load_netscape_key(key, file, key_descrip, format);
#endif
else if (format == FORMAT_PKCS12) {
if (!load_pkcs12(key, key_descrip,
(pem_password_cb *)password_callback, &cb_data,
@ -903,10 +878,6 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
(pem_password_cb *)password_callback,
&cb_data);
}
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
else if (format == FORMAT_NETSCAPE)
pkey = load_netscape_key(key, file, key_descrip, format);
#endif
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
else if (format == FORMAT_MSBLOB)
pkey = b2i_PublicKey_bio(key);
@ -918,47 +889,6 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
return (pkey);
}
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
static EVP_PKEY *load_netscape_key(BIO *key, const char *file,
const char *key_descrip, int format)
{
EVP_PKEY *pkey;
BUF_MEM *buf;
RSA *rsa;
const unsigned char *p;
int size, i;
buf = BUF_MEM_new();
pkey = EVP_PKEY_new();
size = 0;
if (buf == NULL || pkey == NULL)
goto error;
for (;;) {
if (!BUF_MEM_grow_clean(buf, size + 1024 * 10))
goto error;
i = BIO_read(key, &(buf->data[size]), 1024 * 10);
size += i;
if (i == 0)
break;
if (i < 0) {
BIO_printf(bio_err, "Error reading %s %s", key_descrip, file);
goto error;
}
}
p = (unsigned char *)buf->data;
rsa = d2i_RSA_NET(NULL, &p, (long)size, NULL, 0);
if (rsa == NULL)
goto error;
BUF_MEM_free(buf);
EVP_PKEY_set1_RSA(pkey, rsa);
return pkey;
error:
BUF_MEM_free(buf);
EVP_PKEY_free(pkey);
return NULL;
}
#endif /* ndef OPENSSL_NO_RC4 */
static int load_certs_crls(const char *file, int format,
const char *pass, ENGINE *e, const char *desc,
STACK_OF(X509) **pcerts,

1
apps/apps.h

@ -532,7 +532,6 @@ void store_setup_crl_download(X509_STORE *st);
# define FORMAT_ASN1 1
# define FORMAT_TEXT 2
# define FORMAT_PEM 3
# define FORMAT_NETSCAPE 4
# define FORMAT_PKCS12 5
# define FORMAT_SMIME 6
# define FORMAT_ENGINE 7

14
apps/opt.c

@ -256,15 +256,11 @@ int opt_format(const char *s, unsigned long flags, int *result)
break;
case 'N':
case 'n':
if (strcmp(s, "NSS") == 0 || strcmp(s, "nss") == 0) {
if ((flags & OPT_FMT_NSS) == 0)
return opt_format_error(s, flags);
*result = FORMAT_NSS;
} else {
if ((flags & OPT_FMT_NETSCAPE) == 0)
return opt_format_error(s, flags);
*result = FORMAT_NETSCAPE;
}
if ((flags & OPT_FMT_NSS) == 0)
return opt_format_error(s, flags);
if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0)
return opt_format_error(s, flags);
*result = FORMAT_NSS;
break;
case 'S':
case 's':

13
apps/rsa.c

@ -352,19 +352,6 @@ int rsa_main(int argc, char **argv)
i = i2d_RSAPrivateKey_bio(out, rsa);
}
}
# ifndef OPENSSL_NO_RC4
else if (outformat == FORMAT_NETSCAPE) {
unsigned char *p, *save;
int size = i2d_RSA_NET(rsa, NULL, NULL, 0);
save = p = app_malloc(size, "RSA i2d buffer");
assert(private);
i2d_RSA_NET(rsa, &p, NULL, 0);
BIO_write(out, (char *)save, size);
OPENSSL_free(save);
i = 1;
}
# endif
else if (outformat == FORMAT_PEM) {
if (pubout || pubin) {
if (pubout == 2)

10
apps/x509.c

@ -913,16 +913,6 @@ int x509_main(int argc, char **argv)
i = PEM_write_bio_X509_AUX(out, x);
else
i = PEM_write_bio_X509(out, x);
} else if (outformat == FORMAT_NETSCAPE) {
NETSCAPE_X509 nx;
ASN1_OCTET_STRING hdr;
hdr.data = (unsigned char *)NETSCAPE_CERT_HDR;
hdr.length = strlen(NETSCAPE_CERT_HDR);
nx.header = &hdr;
nx.cert = x;
i = ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509), out, &nx);
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;

16
crypto/asn1/Makefile

@ -20,7 +20,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_bignum.c \
x_long.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
tasn_prn.c tasn_scn.c ameth_lib.c \
@ -34,7 +34,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_bignum.o \
x_long.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
tasn_prn.o tasn_scn.o ameth_lib.o \
@ -793,18 +793,6 @@ x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_long.o: ../include/internal/cryptlib.h x_long.c
x_nx509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
x_nx509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
x_nx509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
x_nx509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
x_nx509.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
x_nx509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
x_nx509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x_nx509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
x_nx509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x_nx509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_nx509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_nx509.o: ../../include/openssl/x509_vfy.h x_nx509.c
x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

3
crypto/asn1/asn1_err.c

@ -169,8 +169,6 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"},
{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
{ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
{ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"},
{ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"},
{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
@ -182,7 +180,6 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
{ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
{ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"},
{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
{ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"},
{ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"},

231
crypto/asn1/n_pkey.c

@ -102,237 +102,6 @@ DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
int (*cb) (char *buf, int len, const char *prompt,
int verify), int sgckey);
int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
int (*cb) (char *buf, int len, const char *prompt,
int verify))
{
return i2d_RSA_NET(a, pp, cb, 0);
}
int i2d_RSA_NET(const RSA *a, unsigned char **pp,
int (*cb) (char *buf, int len, const char *prompt,
int verify), int sgckey)
{
int i, j, ret = 0;
int rsalen, pkeylen, olen;
NETSCAPE_PKEY *pkey = NULL;
NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
unsigned char buf[256], *zz;
unsigned char key[EVP_MAX_KEY_LENGTH];
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
if (a == NULL)
return (0);
if ((pkey = NETSCAPE_PKEY_new()) == NULL)
goto err;
if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL)
goto err;
pkey->version = 0;
pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL)
goto err;
pkey->algor->parameter->type = V_ASN1_NULL;
rsalen = i2d_RSAPrivateKey(a, NULL);
/*
* Fake some octet strings just for the initial length calculation.
*/
pkey->private_key->length = rsalen;
pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL);
enckey->enckey->digest->length = pkeylen;
enckey->os->length = 11; /* "private-key" */
enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4);
if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL)
goto err;
enckey->enckey->algor->parameter->type = V_ASN1_NULL;
if (pp == NULL) {
olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
NETSCAPE_PKEY_free(pkey);
NETSCAPE_ENCRYPTED_PKEY_free(enckey);
return olen;
}
/* Since its RC4 encrypted length is actual length */
if ((zz = OPENSSL_malloc(rsalen)) == NULL) {
ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
goto err;
}
pkey->private_key->data = zz;
/* Write out private key encoding */
i2d_RSAPrivateKey(a, &zz);
if ((zz = OPENSSL_malloc(pkeylen)) == NULL) {
ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
goto err;
}
enckey->enckey->digest->data = zz;
i2d_NETSCAPE_PKEY(pkey, &zz);
/* Wipe the private key encoding */
OPENSSL_cleanse(pkey->private_key->data, rsalen);
if (cb == NULL)
cb = EVP_read_pw_string;
i = cb((char *)buf, 256, "Enter Private Key password:", 1);
if (i != 0) {
ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
goto err;
}
i = strlen((char *)buf);
/* If the key is used for SGC the algorithm is modified a little. */
if (sgckey) {
if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
goto err;
memcpy(buf + 16, "SGCKEYSALT", 10);
i = 26;
}
if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL))
goto err;
OPENSSL_cleanse(buf, 256);
/* Encrypt private key in place */
zz = enckey->enckey->digest->data;
if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
goto err;
if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen))
goto err;
if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j))
goto err;
ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
err:
EVP_CIPHER_CTX_cleanup(&ctx);
NETSCAPE_ENCRYPTED_PKEY_free(enckey);
NETSCAPE_PKEY_free(pkey);
return (ret);
}
RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
int (*cb) (char *buf, int len, const char *prompt,
int verify))
{
return d2i_RSA_NET(a, pp, length, cb, 0);
}
RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
int (*cb) (char *buf, int len, const char *prompt,
int verify), int sgckey)
{
RSA *ret = NULL;
const unsigned char *p;
NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
p = *pp;
enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
if (!enckey) {
ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR);
return NULL;
}
if ((enckey->os->length != 11) || (strncmp("private-key",
(char *)enckey->os->data,
11) != 0)) {
ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING);
NETSCAPE_ENCRYPTED_PKEY_free(enckey);
return NULL;
}
if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
goto err;
}
if (cb == NULL)
cb = EVP_read_pw_string;
if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL)
goto err;
*pp = p;
err:
NETSCAPE_ENCRYPTED_PKEY_free(enckey);
return ret;
}
static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
int (*cb) (char *buf, int len, const char *prompt,
int verify), int sgckey)
{
NETSCAPE_PKEY *pkey = NULL;
RSA *ret = NULL;
int i, j;
unsigned char buf[256];
const unsigned char *zz;
unsigned char key[EVP_MAX_KEY_LENGTH];
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
i = cb((char *)buf, 256, "Enter Private Key password:", 0);
if (i != 0) {
ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ);
goto err;
}
i = strlen((char *)buf);
if (sgckey) {
if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
goto err;
memcpy(buf + 16, "SGCKEYSALT", 10);
i = 26;
}
if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL))
goto err;
OPENSSL_cleanse(buf, 256);
if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
goto err;
if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length))
goto err;
if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j))
goto err;
os->length = i + j;
zz = os->data;
if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
ASN1err(ASN1_F_D2I_RSA_NET_2,
ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
goto err;
}
zz = pkey->private_key->data;
if ((ret = d2i_RSAPrivateKey(a, &zz, pkey->private_key->length)) == NULL) {
ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
goto err;
}
err:
EVP_CIPHER_CTX_cleanup(&ctx);
NETSCAPE_PKEY_free(pkey);
return (ret);
}
# endif /* OPENSSL_NO_RC4 */
#else /* !OPENSSL_NO_RSA */

72
crypto/asn1/x_nx509.c

@ -1,72 +0,0 @@
/* x_nx509.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2005.
*/
/* ====================================================================
* Copyright (c) 2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stddef.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
/* Old netscape certificate wrapper format */
ASN1_SEQUENCE(NETSCAPE_X509) = {
ASN1_SIMPLE(NETSCAPE_X509, header, ASN1_OCTET_STRING),
ASN1_OPT(NETSCAPE_X509, cert, X509)
} ASN1_SEQUENCE_END(NETSCAPE_X509)
IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509)

2
crypto/crypto-lib.com

@ -308,7 +308,7 @@ $ LIB_ASN1_1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
"a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
"x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ -
"x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ -
"x_nx509,d2i_pu,d2i_pr,i2d_pu,i2d_pr"
"d2i_pu,d2i_pr,i2d_pu,i2d_pr"
$ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ -
"tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ -
"tasn_prn,tasn_scn,ameth_lib,"+ -

4
doc/apps/x509v3_config.pod

@ -118,14 +118,12 @@ following PKIX, NS and MS values are meaningful:
msCodeInd Microsoft Individual Code Signing (authenticode)
msCodeCom Microsoft Commercial Code Signing (authenticode)
msCTLSign Microsoft Trust List Signing
msSGC Microsoft Server Gated Crypto
msEFS Microsoft Encrypted File System
nsSGC Netscape Server Gated Crypto
Examples:
extendedKeyUsage=critical,codeSigning,1.2.3.4
extendedKeyUsage=nsSGC,msSGC
extendedKeyUsage=serverAuth,clientAuth
=head2 Subject Key Identifier.

10
include/openssl/asn1.h

@ -509,11 +509,6 @@ typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
typedef struct NETSCAPE_X509_st {
ASN1_OCTET_STRING *header;
X509 *cert;
} NETSCAPE_X509;
/* This is used to contain a list of bit names */
typedef struct BIT_STRING_BITNAME_st {
int bitnum;
@ -797,8 +792,6 @@ const char *ASN1_tag2str(int tag);
/* Used to load and write netscape format cert */
DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509)
int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
@ -1014,8 +1007,6 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_D2I_NETSCAPE_RSA_2 153
# define ASN1_F_D2I_PRIVATEKEY 154
# define ASN1_F_D2I_PUBLICKEY 155
# define ASN1_F_D2I_RSA_NET 200
# define ASN1_F_D2I_RSA_NET_2 201
# define ASN1_F_D2I_X509 156
# define ASN1_F_D2I_X509_CINF 157
# define ASN1_F_D2I_X509_PKEY 159
@ -1027,7 +1018,6 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_I2D_EC_PUBKEY 181
# define ASN1_F_I2D_PRIVATEKEY 163
# define ASN1_F_I2D_PUBLICKEY 164
# define ASN1_F_I2D_RSA_NET 162
# define ASN1_F_I2D_RSA_PUBKEY 165
# define ASN1_F_LONG_C2I 166
# define ASN1_F_OID_MODULE_INIT 174

16
include/openssl/rsa.h

@ -396,22 +396,6 @@ int RSA_print_fp(FILE *fp, const RSA *r, int offset);
int RSA_print(BIO *bp, const RSA *r, int offset);
# ifndef OPENSSL_NO_RC4
int i2d_RSA_NET(const RSA *a, unsigned char **pp,
int (*cb) (char *buf, int len, const char *prompt,
int verify), int sgckey);
RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
int (*cb) (char *buf, int len, const char *prompt,
int verify), int sgckey);
int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
int (*cb) (char *buf, int len, const char *prompt,
int verify));
RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
int (*cb) (char *buf, int len, const char *prompt,
int verify));
# endif
/*
* The following 2 functions sign and verify a X509_SIG ASN1 object inside
* PKCS#1 padded RSA encryption

18
test/tx509

@ -13,42 +13,24 @@ cp $t x509-fff.p
echo "p -> d"
$cmd -in x509-fff.p -inform p -outform d >x509-f.d || exit 1
echo "p -> n"
$cmd -in x509-fff.p -inform p -outform n >x509-f.n || exit 1
echo "p -> p"
$cmd -in x509-fff.p -inform p -outform p >x509-f.p || exit 1
echo "d -> d"
$cmd -in x509-f.d -inform d -outform d >x509-ff.d1 || exit 1
echo "n -> d"
$cmd -in x509-f.n -inform n -outform d >x509-ff.d2 || exit 1
echo "p -> d"
$cmd -in x509-f.p -inform p -outform d >x509-ff.d3 || exit 1
echo "d -> n"
$cmd -in x509-f.d -inform d -outform n >x509-ff.n1 || exit 1
echo "n -> n"
$cmd -in x509-f.n -inform n -outform n >x509-ff.n2 || exit 1
echo "p -> n"
$cmd -in x509-f.p -inform p -outform n >x509-ff.n3 || exit 1
echo "d -> p"
$cmd -in x509-f.d -inform d -outform p >x509-ff.p1 || exit 1
echo "n -> p"
$cmd -in x509-f.n -inform n -outform p >x509-ff.p2 || exit 1
echo "p -> p"
$cmd -in x509-f.p -inform p -outform p >x509-ff.p3 || exit 1
cmp x509-fff.p x509-f.p || exit 1
cmp x509-fff.p x509-ff.p1 || exit 1
cmp x509-fff.p x509-ff.p2 || exit 1
cmp x509-fff.p x509-ff.p3 || exit 1
cmp x509-f.n x509-ff.n1 || exit 1
cmp x509-f.n x509-ff.n2 || exit 1
cmp x509-f.n x509-ff.n3 || exit 1
cmp x509-f.p x509-ff.p1 || exit 1
cmp x509-f.p x509-ff.p2 || exit 1
cmp x509-f.p x509-ff.p3 || exit 1
/bin/rm -f x509-f.* x509-ff.* x509-fff.*

20
util/libeay.num

@ -725,7 +725,7 @@ d2i_DSAPublicKey 731 EXIST::FUNCTION:DSA
d2i_DSAparams 732 EXIST::FUNCTION:DSA
d2i_NETSCAPE_SPKAC 733 EXIST::FUNCTION:
d2i_NETSCAPE_SPKI 734 EXIST::FUNCTION:
d2i_Netscape_RSA 735 EXIST::FUNCTION:RC4,RSA
d2i_Netscape_RSA 735 NOEXIST::FUNCTION:
d2i_PKCS7 736 EXIST::FUNCTION:
d2i_PKCS7_DIGEST 737 EXIST::FUNCTION:
d2i_PKCS7_ENCRYPT 738 EXIST::FUNCTION:
@ -827,7 +827,7 @@ i2d_DSAPublicKey 834 EXIST::FUNCTION:DSA
i2d_DSAparams 835 EXIST::FUNCTION:DSA
i2d_NETSCAPE_SPKAC 836 EXIST::FUNCTION:
i2d_NETSCAPE_SPKI 837 EXIST::FUNCTION:
i2d_Netscape_RSA 838 EXIST::FUNCTION:RC4,RSA
i2d_Netscape_RSA 838 NOEXIST::FUNCTION:
i2d_PKCS7 839 EXIST::FUNCTION:
i2d_PKCS7_DIGEST 840 EXIST::FUNCTION:
i2d_PKCS7_ENCRYPT 841 EXIST::FUNCTION:
@ -1816,9 +1816,9 @@ RAND_egd_bytes 2402 EXIST::FUNCTION:
X509_REQ_get1_email 2403 EXIST::FUNCTION:
X509_get1_email 2404 EXIST::FUNCTION:
X509_email_free 2405 EXIST::FUNCTION:
i2d_RSA_NET 2406 EXIST::FUNCTION:RC4,RSA
i2d_RSA_NET 2406 NOEXIST::FUNCTION:
d2i_RSA_NET_2 2407 NOEXIST::FUNCTION:
d2i_RSA_NET 2408 EXIST::FUNCTION:RC4,RSA
d2i_RSA_NET 2408 NOEXIST::FUNCTION:
DSO_bind_func 2409 EXIST::FUNCTION:
CRYPTO_get_new_dynlockid 2410 EXIST::FUNCTION:
sk_new_null 2411 EXIST::FUNCTION:
@ -3796,7 +3796,7 @@ CRYPTO_THREADID_cmp 4176 EXIST::FUNCTION:
TS_REQ_ext_free 4177 EXIST::FUNCTION:
EVP_PKEY_asn1_set_free 4178 EXIST::FUNCTION:
EVP_PKEY_get0_asn1 4179 EXIST::FUNCTION:
d2i_NETSCAPE_X509 4180 EXIST::FUNCTION:
d2i_NETSCAPE_X509 4180 NOEXIST::FUNCTION:
EVP_PKEY_verify_recover_init 4181 EXIST::FUNCTION:
EVP_PKEY_CTX_set_data 4182 EXIST::FUNCTION:
EVP_PKEY_keygen_init 4183 EXIST::FUNCTION:
@ -3864,7 +3864,7 @@ ASN1_PCTX_get_nm_flags 4242 EXIST::FUNCTION:
EVP_PKEY_meth_set_sign 4243 EXIST::FUNCTION:
CRYPTO_THREADID_current 4244 EXIST::FUNCTION:
EVP_PKEY_decrypt_init 4245 EXIST::FUNCTION:
NETSCAPE_X509_free 4246 EXIST::FUNCTION:
NETSCAPE_X509_free 4246 NOEXIST::FUNCTION:
i2b_PVK_bio 4247 EXIST::FUNCTION:RC4
EVP_PKEY_print_private 4248 EXIST::FUNCTION:
GENERAL_NAME_get0_value 4249 EXIST::FUNCTION:
@ -3994,8 +3994,8 @@ WHIRLPOOL_Final 4370 EXIST::FUNCTION:WHIRLPOOL
X509_CRL_METHOD_new 4371 EXIST::FUNCTION:
EVP_DigestSignFinal 4372 EXIST::FUNCTION:
TS_RESP_CTX_set_def_policy 4373 EXIST::FUNCTION:
NETSCAPE_X509_it 4374 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
NETSCAPE_X509_it 4374 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
NETSCAPE_X509_it 4374 NOEXIST::FUNCTION:
NETSCAPE_X509_it 4374 NOEXIST::FUNCTION:
TS_RESP_create_response 4375 EXIST::FUNCTION:
PKCS7_SIGNER_INFO_get0_algs 4376 EXIST::FUNCTION:
TS_TST_INFO_get_nonce 4377 EXIST::FUNCTION:
@ -4046,7 +4046,7 @@ TS_REQ_get_ext_d2i 4420 EXIST::FUNCTION:
GENERAL_NAME_set0_othername 4421 EXIST::FUNCTION:
TS_TST_INFO_get_ext_count 4422 EXIST::FUNCTION:
TS_RESP_CTX_get_request 4423 EXIST::FUNCTION:
i2d_NETSCAPE_X509 4424 EXIST::FUNCTION:
i2d_NETSCAPE_X509 4424 NOEXIST::FUNCTION:
ENGINE_get_pkey_meth_engine 4425 EXIST::FUNCTION:ENGINE
EVP_PKEY_meth_set_signctx 4426 EXIST::FUNCTION:
EVP_PKEY_asn1_copy 4427 EXIST::FUNCTION:
@ -4109,7 +4109,7 @@ PKCS7_stream 4481 EXIST::FUNCTION:
TS_RESP_CTX_set_certs 4482 EXIST::FUNCTION:
TS_CONF_set_def_policy 4483 EXIST::FUNCTION:
ASN1_GENERALIZEDTIME_adj 4484 EXIST::FUNCTION:
NETSCAPE_X509_new 4485 EXIST::FUNCTION:
NETSCAPE_X509_new 4485 NOEXIST::FUNCTION:
TS_ACCURACY_free 4486 EXIST::FUNCTION:
TS_RESP_get_tst_info 4487 EXIST::FUNCTION:
EVP_PKEY_derive_set_peer 4488 EXIST::FUNCTION: