diff options
author | Rich Salz <rsalz@akamai.com> | 2015-07-02 08:49:54 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-07-16 01:06:48 -0400 |
commit | 0bc2f365558ed5980ce87d6b2704ca8649ca2a4a (patch) | |
tree | 65f840378f1c01678812874a251b9c40824c51fa /crypto/asn1 | |
parent | 31d6c0b2b043bad5c63b797a327109eb26ff8d2a (diff) | |
download | openssl-0bc2f365558ed5980ce87d6b2704ca8649ca2a4a.tar.gz |
Remove obsolete key formats.
Remove support for RSA_NET and Netscape key format (-keyform n).
Also removed documentation of SGC.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Diffstat (limited to 'crypto/asn1')
-rw-r--r-- | crypto/asn1/Makefile | 16 | ||||
-rw-r--r-- | crypto/asn1/asn1_err.c | 3 | ||||
-rw-r--r-- | crypto/asn1/n_pkey.c | 231 | ||||
-rw-r--r-- | crypto/asn1/x_nx509.c | 72 |
4 files changed, 2 insertions, 320 deletions
diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile index 66b0ef2e63..a566dfa016 100644 --- a/crypto/asn1/Makefile +++ b/crypto/asn1/Makefile @@ -20,7 +20,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \ x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_bignum.c \ x_long.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \ - x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ + d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \ tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \ tasn_prn.c tasn_scn.c ameth_lib.c \ @@ -34,7 +34,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \ x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_bignum.o \ x_long.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \ - x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ + d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \ tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \ tasn_prn.o tasn_scn.o ameth_lib.o \ @@ -793,18 +793,6 @@ x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x_long.o: ../include/internal/cryptlib.h x_long.c -x_nx509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -x_nx509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -x_nx509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -x_nx509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -x_nx509.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -x_nx509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_nx509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_nx509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_nx509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -x_nx509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_nx509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_nx509.o: ../../include/openssl/x509_vfy.h x_nx509.c x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index b7fbd9d99b..5dfd21be4a 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -169,8 +169,6 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"}, {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"}, - {ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"}, - {ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"}, {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, @@ -182,7 +180,6 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"}, {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"}, {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"}, - {ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"}, {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"}, {ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"}, {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"}, diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c index 1b8c4c0a8d..0c9c4c48c3 100644 --- a/crypto/asn1/n_pkey.c +++ b/crypto/asn1/n_pkey.c @@ -102,237 +102,6 @@ DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY) IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) -static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey); - -int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, - int (*cb) (char *buf, int len, const char *prompt, - int verify)) -{ - return i2d_RSA_NET(a, pp, cb, 0); -} - -int i2d_RSA_NET(const RSA *a, unsigned char **pp, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey) -{ - int i, j, ret = 0; - int rsalen, pkeylen, olen; - NETSCAPE_PKEY *pkey = NULL; - NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; - unsigned char buf[256], *zz; - unsigned char key[EVP_MAX_KEY_LENGTH]; - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - - if (a == NULL) - return (0); - - if ((pkey = NETSCAPE_PKEY_new()) == NULL) - goto err; - if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) - goto err; - pkey->version = 0; - - pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); - if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL) - goto err; - pkey->algor->parameter->type = V_ASN1_NULL; - - rsalen = i2d_RSAPrivateKey(a, NULL); - - /* - * Fake some octet strings just for the initial length calculation. - */ - - pkey->private_key->length = rsalen; - - pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL); - - enckey->enckey->digest->length = pkeylen; - - enckey->os->length = 11; /* "private-key" */ - - enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4); - if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL) - goto err; - enckey->enckey->algor->parameter->type = V_ASN1_NULL; - - if (pp == NULL) { - olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL); - NETSCAPE_PKEY_free(pkey); - NETSCAPE_ENCRYPTED_PKEY_free(enckey); - return olen; - } - - /* Since its RC4 encrypted length is actual length */ - if ((zz = OPENSSL_malloc(rsalen)) == NULL) { - ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); - goto err; - } - - pkey->private_key->data = zz; - /* Write out private key encoding */ - i2d_RSAPrivateKey(a, &zz); - - if ((zz = OPENSSL_malloc(pkeylen)) == NULL) { - ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!ASN1_STRING_set(enckey->os, "private-key", -1)) { - ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); - goto err; - } - enckey->enckey->digest->data = zz; - i2d_NETSCAPE_PKEY(pkey, &zz); - - /* Wipe the private key encoding */ - OPENSSL_cleanse(pkey->private_key->data, rsalen); - - if (cb == NULL) - cb = EVP_read_pw_string; - i = cb((char *)buf, 256, "Enter Private Key password:", 1); - if (i != 0) { - ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ); - goto err; - } - i = strlen((char *)buf); - /* If the key is used for SGC the algorithm is modified a little. */ - if (sgckey) { - if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) - goto err; - memcpy(buf + 16, "SGCKEYSALT", 10); - i = 26; - } - - if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL)) - goto err; - OPENSSL_cleanse(buf, 256); - - /* Encrypt private key in place */ - zz = enckey->enckey->digest->data; - if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL)) - goto err; - if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen)) - goto err; - if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j)) - goto err; - - ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); - err: - EVP_CIPHER_CTX_cleanup(&ctx); - NETSCAPE_ENCRYPTED_PKEY_free(enckey); - NETSCAPE_PKEY_free(pkey); - return (ret); -} - -RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, - int (*cb) (char *buf, int len, const char *prompt, - int verify)) -{ - return d2i_RSA_NET(a, pp, length, cb, 0); -} - -RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey) -{ - RSA *ret = NULL; - const unsigned char *p; - NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; - - p = *pp; - - enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); - if (!enckey) { - ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR); - return NULL; - } - - if ((enckey->os->length != 11) || (strncmp("private-key", - (char *)enckey->os->data, - 11) != 0)) { - ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING); - NETSCAPE_ENCRYPTED_PKEY_free(enckey); - return NULL; - } - if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) { - ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); - goto err; - } - if (cb == NULL) - cb = EVP_read_pw_string; - if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL) - goto err; - - *pp = p; - - err: - NETSCAPE_ENCRYPTED_PKEY_free(enckey); - return ret; - -} - -static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey) -{ - NETSCAPE_PKEY *pkey = NULL; - RSA *ret = NULL; - int i, j; - unsigned char buf[256]; - const unsigned char *zz; - unsigned char key[EVP_MAX_KEY_LENGTH]; - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - - i = cb((char *)buf, 256, "Enter Private Key password:", 0); - if (i != 0) { - ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ); - goto err; - } - - i = strlen((char *)buf); - if (sgckey) { - if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) - goto err; - memcpy(buf + 16, "SGCKEYSALT", 10); - i = 26; - } - - if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL)) - goto err; - OPENSSL_cleanse(buf, 256); - - if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL)) - goto err; - if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length)) - goto err; - if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j)) - goto err; - os->length = i + j; - - zz = os->data; - - if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) { - ASN1err(ASN1_F_D2I_RSA_NET_2, - ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); - goto err; - } - - zz = pkey->private_key->data; - if ((ret = d2i_RSAPrivateKey(a, &zz, pkey->private_key->length)) == NULL) { - ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY); - goto err; - } - err: - EVP_CIPHER_CTX_cleanup(&ctx); - NETSCAPE_PKEY_free(pkey); - return (ret); -} - # endif /* OPENSSL_NO_RC4 */ #else /* !OPENSSL_NO_RSA */ diff --git a/crypto/asn1/x_nx509.c b/crypto/asn1/x_nx509.c deleted file mode 100644 index 5aa0ed58b4..0000000000 --- a/crypto/asn1/x_nx509.c +++ /dev/null @@ -1,72 +0,0 @@ -/* x_nx509.c */ -/* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2005. - */ -/* ==================================================================== - * Copyright (c) 2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include <stddef.h> -#include <openssl/x509.h> -#include <openssl/asn1.h> -#include <openssl/asn1t.h> - -/* Old netscape certificate wrapper format */ - -ASN1_SEQUENCE(NETSCAPE_X509) = { - ASN1_SIMPLE(NETSCAPE_X509, header, ASN1_OCTET_STRING), - ASN1_OPT(NETSCAPE_X509, cert, X509) -} ASN1_SEQUENCE_END(NETSCAPE_X509) - -IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509) |