Remove obsolete key formats.

Remove support for RSA_NET and Netscape key format (-keyform n).

Also removed documentation of SGC.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

apps/apps.c

@@ -163,12 +163,6 @@ static int set_table_opts(unsigned long *flags, const char *arg,
 static int set_multi_opts(unsigned long *flags, const char *arg,
                           const NAME_EX_TBL * in_tbl);
 
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-/* Looks like this stuff is worth moving into separate function */
-static EVP_PKEY *load_netscape_key(BIO *key, const char *file,
-                                   const char *key_descrip, int format);
-#endif
-
 int app_init(long mesgwin);
 
 int chopup_args(ARGS *arg, char *buf)
@@ -695,22 +689,7 @@ X509 *load_cert(const char *file, int format,
 
     if (format == FORMAT_ASN1)
         x = d2i_X509_bio(cert, NULL);
-    else if (format == FORMAT_NETSCAPE) {
-        NETSCAPE_X509 *nx;
-        nx = ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509), cert, NULL);
-        if (nx == NULL)
-            goto end;
-
-        if ((strncmp(NETSCAPE_CERT_HDR, (char *)nx->header->data,
-                     nx->header->length) != 0)) {
-            NETSCAPE_X509_free(nx);
-            BIO_printf(bio_err, "Error reading header on certificate\n");
-            goto end;
-        }
-        x = nx->cert;
-        nx->cert = NULL;
-        NETSCAPE_X509_free(nx);
-    } else if (format == FORMAT_PEM)
+    else if (format == FORMAT_PEM)
         x = PEM_read_bio_X509_AUX(cert, NULL,
                                   (pem_password_cb *)password_callback, NULL);
     else if (format == FORMAT_PKCS12) {
@@ -803,10 +782,6 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
                                        (pem_password_cb *)password_callback,
                                        &cb_data);
     }
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-    else if (format == FORMAT_NETSCAPE)
-        pkey = load_netscape_key(key, file, key_descrip, format);
-#endif
     else if (format == FORMAT_PKCS12) {
         if (!load_pkcs12(key, key_descrip,
                          (pem_password_cb *)password_callback, &cb_data,
@@ -903,10 +878,6 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
                                    (pem_password_cb *)password_callback,
                                    &cb_data);
     }
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-    else if (format == FORMAT_NETSCAPE)
-        pkey = load_netscape_key(key, file, key_descrip, format);
-#endif
 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
     else if (format == FORMAT_MSBLOB)
         pkey = b2i_PublicKey_bio(key);
@@ -918,47 +889,6 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
     return (pkey);
 }
 
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-static EVP_PKEY *load_netscape_key(BIO *key, const char *file,
-                                   const char *key_descrip, int format)
-{
-    EVP_PKEY *pkey;
-    BUF_MEM *buf;
-    RSA *rsa;
-    const unsigned char *p;
-    int size, i;
-
-    buf = BUF_MEM_new();
-    pkey = EVP_PKEY_new();
-    size = 0;
-    if (buf == NULL || pkey == NULL)
-        goto error;
-    for (;;) {
-        if (!BUF_MEM_grow_clean(buf, size + 1024 * 10))
-            goto error;
-        i = BIO_read(key, &(buf->data[size]), 1024 * 10);
-        size += i;
-        if (i == 0)
-            break;
-        if (i < 0) {
-            BIO_printf(bio_err, "Error reading %s %s", key_descrip, file);
-            goto error;
-        }
-    }
-    p = (unsigned char *)buf->data;
-    rsa = d2i_RSA_NET(NULL, &p, (long)size, NULL, 0);
-    if (rsa == NULL)
-        goto error;
-    BUF_MEM_free(buf);
-    EVP_PKEY_set1_RSA(pkey, rsa);
-    return pkey;
- error:
-    BUF_MEM_free(buf);
-    EVP_PKEY_free(pkey);
-    return NULL;
-}
-#endif                          /* ndef OPENSSL_NO_RC4 */
-
 static int load_certs_crls(const char *file, int format,
                            const char *pass, ENGINE *e, const char *desc,
                            STACK_OF(X509) **pcerts,

apps/apps.h

@@ -532,7 +532,6 @@ void store_setup_crl_download(X509_STORE *st);
 # define FORMAT_ASN1     1
 # define FORMAT_TEXT     2
 # define FORMAT_PEM      3
-# define FORMAT_NETSCAPE 4
 # define FORMAT_PKCS12   5
 # define FORMAT_SMIME    6
 # define FORMAT_ENGINE   7

apps/opt.c

@@ -256,15 +256,11 @@ int opt_format(const char *s, unsigned long flags, int *result)
         break;
     case 'N':
     case 'n':
-        if (strcmp(s, "NSS") == 0 || strcmp(s, "nss") == 0) {
-            if ((flags & OPT_FMT_NSS) == 0)
-                return opt_format_error(s, flags);
-            *result = FORMAT_NSS;
-        } else {
-            if ((flags & OPT_FMT_NETSCAPE) == 0)
-                return opt_format_error(s, flags);
-            *result = FORMAT_NETSCAPE;
-        }
+        if ((flags & OPT_FMT_NSS) == 0)
+            return opt_format_error(s, flags);
+        if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_NSS;
         break;
     case 'S':
     case 's':

apps/rsa.c

@@ -352,19 +352,6 @@ int rsa_main(int argc, char **argv)
             i = i2d_RSAPrivateKey_bio(out, rsa);
         }
     }
-# ifndef OPENSSL_NO_RC4
-    else if (outformat == FORMAT_NETSCAPE) {
-        unsigned char *p, *save;
-        int size = i2d_RSA_NET(rsa, NULL, NULL, 0);
-
-        save = p = app_malloc(size, "RSA i2d buffer");
-        assert(private);
-        i2d_RSA_NET(rsa, &p, NULL, 0);
-        BIO_write(out, (char *)save, size);
-        OPENSSL_free(save);
-        i = 1;
-    }
-# endif
     else if (outformat == FORMAT_PEM) {
         if (pubout || pubin) {
             if (pubout == 2)

apps/x509.c

@@ -913,16 +913,6 @@ int x509_main(int argc, char **argv)
             i = PEM_write_bio_X509_AUX(out, x);
         else
             i = PEM_write_bio_X509(out, x);
-    } else if (outformat == FORMAT_NETSCAPE) {
-        NETSCAPE_X509 nx;
-        ASN1_OCTET_STRING hdr;
-
-        hdr.data = (unsigned char *)NETSCAPE_CERT_HDR;
-        hdr.length = strlen(NETSCAPE_CERT_HDR);
-        nx.header = &hdr;
-        nx.cert = x;
-
-        i = ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509), out, &nx);
     } else {
         BIO_printf(bio_err, "bad output format specified for outfile\n");
         goto end;

crypto/asn1/Makefile

@@ -20,7 +20,7 @@ LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
 	a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
 	x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_bignum.c \
 	x_long.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
-	x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+	d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
 	t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
 	tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
 	tasn_prn.c tasn_scn.c ameth_lib.c \
@@ -34,7 +34,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
 	a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
 	x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_bignum.o \
 	x_long.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
-	x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+	d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
 	t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
 	tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
 	tasn_prn.o tasn_scn.o ameth_lib.o \
@@ -793,18 +793,6 @@ x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 x_long.o: ../include/internal/cryptlib.h x_long.c
-x_nx509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-x_nx509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-x_nx509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-x_nx509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-x_nx509.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-x_nx509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_nx509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_nx509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_nx509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_nx509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_nx509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_nx509.o: ../../include/openssl/x509_vfy.h x_nx509.c
 x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

crypto/asn1/asn1_err.c

@@ -169,8 +169,6 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
     {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"},
     {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
     {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
-    {ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"},
-    {ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"},
     {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
     {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
     {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
@@ -182,7 +180,6 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
     {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
     {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
     {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
-    {ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"},
     {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
     {ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"},
     {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"},

crypto/asn1/n_pkey.c

@@ -102,237 +102,6 @@ DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
 IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
 
-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-                          int (*cb) (char *buf, int len, const char *prompt,
-                                     int verify), int sgckey);
-
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
-                     int (*cb) (char *buf, int len, const char *prompt,
-                                int verify))
-{
-    return i2d_RSA_NET(a, pp, cb, 0);
-}
-
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
-                int (*cb) (char *buf, int len, const char *prompt,
-                           int verify), int sgckey)
-{
-    int i, j, ret = 0;
-    int rsalen, pkeylen, olen;
-    NETSCAPE_PKEY *pkey = NULL;
-    NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-    unsigned char buf[256], *zz;
-    unsigned char key[EVP_MAX_KEY_LENGTH];
-    EVP_CIPHER_CTX ctx;
-    EVP_CIPHER_CTX_init(&ctx);
-
-    if (a == NULL)
-        return (0);
-
-    if ((pkey = NETSCAPE_PKEY_new()) == NULL)
-        goto err;
-    if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL)
-        goto err;
-    pkey->version = 0;
-
-    pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
-    if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL)
-        goto err;
-    pkey->algor->parameter->type = V_ASN1_NULL;
-
-    rsalen = i2d_RSAPrivateKey(a, NULL);
-
-    /*
-     * Fake some octet strings just for the initial length calculation.
-     */
-
-    pkey->private_key->length = rsalen;
-
-    pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL);
-
-    enckey->enckey->digest->length = pkeylen;
-
-    enckey->os->length = 11;    /* "private-key" */
-
-    enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4);
-    if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL)
-        goto err;
-    enckey->enckey->algor->parameter->type = V_ASN1_NULL;
-
-    if (pp == NULL) {
-        olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
-        NETSCAPE_PKEY_free(pkey);
-        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-        return olen;
-    }
-
-    /* Since its RC4 encrypted length is actual length */
-    if ((zz = OPENSSL_malloc(rsalen)) == NULL) {
-        ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    pkey->private_key->data = zz;
-    /* Write out private key encoding */
-    i2d_RSAPrivateKey(a, &zz);
-
-    if ((zz = OPENSSL_malloc(pkeylen)) == NULL) {
-        ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
-        ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    enckey->enckey->digest->data = zz;
-    i2d_NETSCAPE_PKEY(pkey, &zz);
-
-    /* Wipe the private key encoding */
-    OPENSSL_cleanse(pkey->private_key->data, rsalen);
-
-    if (cb == NULL)
-        cb = EVP_read_pw_string;
-    i = cb((char *)buf, 256, "Enter Private Key password:", 1);
-    if (i != 0) {
-        ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
-        goto err;
-    }
-    i = strlen((char *)buf);
-    /* If the key is used for SGC the algorithm is modified a little. */
-    if (sgckey) {
-        if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
-            goto err;
-        memcpy(buf + 16, "SGCKEYSALT", 10);
-        i = 26;
-    }
-
-    if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL))
-        goto err;
-    OPENSSL_cleanse(buf, 256);
-
-    /* Encrypt private key in place */
-    zz = enckey->enckey->digest->data;
-    if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
-        goto err;
-    if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen))
-        goto err;
-    if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j))
-        goto err;
-
-    ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
- err:
-    EVP_CIPHER_CTX_cleanup(&ctx);
-    NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-    NETSCAPE_PKEY_free(pkey);
-    return (ret);
-}
-
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
-                      int (*cb) (char *buf, int len, const char *prompt,
-                                 int verify))
-{
-    return d2i_RSA_NET(a, pp, length, cb, 0);
-}
-
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
-                 int (*cb) (char *buf, int len, const char *prompt,
-                            int verify), int sgckey)
-{
-    RSA *ret = NULL;
-    const unsigned char *p;
-    NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-
-    p = *pp;
-
-    enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
-    if (!enckey) {
-        ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR);
-        return NULL;
-    }
-
-    if ((enckey->os->length != 11) || (strncmp("private-key",
-                                               (char *)enckey->os->data,
-                                               11) != 0)) {
-        ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING);
-        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-        return NULL;
-    }
-    if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
-        ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
-        goto err;
-    }
-    if (cb == NULL)
-        cb = EVP_read_pw_string;
-    if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL)
-        goto err;
-
-    *pp = p;
-
- err:
-    NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-    return ret;
-
-}
-
-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-                          int (*cb) (char *buf, int len, const char *prompt,
-                                     int verify), int sgckey)
-{
-    NETSCAPE_PKEY *pkey = NULL;
-    RSA *ret = NULL;
-    int i, j;
-    unsigned char buf[256];
-    const unsigned char *zz;
-    unsigned char key[EVP_MAX_KEY_LENGTH];
-    EVP_CIPHER_CTX ctx;
-    EVP_CIPHER_CTX_init(&ctx);
-
-    i = cb((char *)buf, 256, "Enter Private Key password:", 0);
-    if (i != 0) {
-        ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ);
-        goto err;
-    }
-
-    i = strlen((char *)buf);
-    if (sgckey) {
-        if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
-            goto err;
-        memcpy(buf + 16, "SGCKEYSALT", 10);
-        i = 26;
-    }
-
-    if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL))
-        goto err;
-    OPENSSL_cleanse(buf, 256);
-
-    if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
-        goto err;
-    if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length))
-        goto err;
-    if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j))
-        goto err;
-    os->length = i + j;
-
-    zz = os->data;
-
-    if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
-        ASN1err(ASN1_F_D2I_RSA_NET_2,
-                ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
-        goto err;
-    }
-
-    zz = pkey->private_key->data;
-    if ((ret = d2i_RSAPrivateKey(a, &zz, pkey->private_key->length)) == NULL) {
-        ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
-        goto err;
-    }
- err:
-    EVP_CIPHER_CTX_cleanup(&ctx);
-    NETSCAPE_PKEY_free(pkey);
-    return (ret);
-}
-
 # endif                         /* OPENSSL_NO_RC4 */
 
 #else                           /* !OPENSSL_NO_RSA */

crypto/asn1/x_nx509.c

@@ -1,72 +0,0 @@
-/* x_nx509.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stddef.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-/* Old netscape certificate wrapper format */
-
-ASN1_SEQUENCE(NETSCAPE_X509) = {
-        ASN1_SIMPLE(NETSCAPE_X509, header, ASN1_OCTET_STRING),
-        ASN1_OPT(NETSCAPE_X509, cert, X509)
-} ASN1_SEQUENCE_END(NETSCAPE_X509)
-
-IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509)

crypto/crypto-lib.com

@@ -308,7 +308,7 @@ $ LIB_ASN1_1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
 	"a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
 	"x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ -
 	"x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ -
-	"x_nx509,d2i_pu,d2i_pr,i2d_pu,i2d_pr"
+	"d2i_pu,d2i_pr,i2d_pu,i2d_pr"
 $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ -
 	"tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ -
 	"tasn_prn,tasn_scn,ameth_lib,"+ -

doc/apps/x509v3_config.pod

@@ -118,14 +118,12 @@ following PKIX, NS and MS values are meaningful:
  msCodeInd		Microsoft Individual Code Signing (authenticode)
  msCodeCom		Microsoft Commercial Code Signing (authenticode)
  msCTLSign		Microsoft Trust List Signing
- msSGC			Microsoft Server Gated Crypto
  msEFS			Microsoft Encrypted File System
- nsSGC			Netscape Server Gated Crypto
 
 Examples:
 
  extendedKeyUsage=critical,codeSigning,1.2.3.4
- extendedKeyUsage=nsSGC,msSGC
+ extendedKeyUsage=serverAuth,clientAuth
 
 
 =head2 Subject Key Identifier.

include/openssl/asn1.h

@@ -509,11 +509,6 @@ typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
 
-typedef struct NETSCAPE_X509_st {
-    ASN1_OCTET_STRING *header;
-    X509 *cert;
-} NETSCAPE_X509;
-
 /* This is used to contain a list of bit names */
 typedef struct BIT_STRING_BITNAME_st {
     int bitnum;
@@ -797,8 +792,6 @@ const char *ASN1_tag2str(int tag);
 
 /* Used to load and write netscape format cert */
 
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509)
-
 int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
 
 int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
@@ -1014,8 +1007,6 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_F_D2I_NETSCAPE_RSA_2                        153
 # define ASN1_F_D2I_PRIVATEKEY                            154
 # define ASN1_F_D2I_PUBLICKEY                             155
-# define ASN1_F_D2I_RSA_NET                               200
-# define ASN1_F_D2I_RSA_NET_2                             201
 # define ASN1_F_D2I_X509                                  156
 # define ASN1_F_D2I_X509_CINF                             157
 # define ASN1_F_D2I_X509_PKEY                             159
@@ -1027,7 +1018,6 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_F_I2D_EC_PUBKEY                             181
 # define ASN1_F_I2D_PRIVATEKEY                            163
 # define ASN1_F_I2D_PUBLICKEY                             164
-# define ASN1_F_I2D_RSA_NET                               162
 # define ASN1_F_I2D_RSA_PUBKEY                            165
 # define ASN1_F_LONG_C2I                                  166
 # define ASN1_F_OID_MODULE_INIT                           174

include/openssl/rsa.h

@@ -396,22 +396,6 @@ int RSA_print_fp(FILE *fp, const RSA *r, int offset);
 
 int RSA_print(BIO *bp, const RSA *r, int offset);
 
-# ifndef OPENSSL_NO_RC4
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
-                int (*cb) (char *buf, int len, const char *prompt,
-                           int verify), int sgckey);
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
-                 int (*cb) (char *buf, int len, const char *prompt,
-                            int verify), int sgckey);
-
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
-                     int (*cb) (char *buf, int len, const char *prompt,
-                                int verify));
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
-                      int (*cb) (char *buf, int len, const char *prompt,
-                                 int verify));
-# endif
-
 /*
  * The following 2 functions sign and verify a X509_SIG ASN1 object inside
  * PKCS#1 padded RSA encryption

test/tx509

@@ -13,42 +13,24 @@ cp $t x509-fff.p
 
 echo "p -> d"
 $cmd -in x509-fff.p -inform p -outform d >x509-f.d || exit 1
-echo "p -> n"
-$cmd -in x509-fff.p -inform p -outform n >x509-f.n || exit 1
 echo "p -> p"
 $cmd -in x509-fff.p -inform p -outform p >x509-f.p || exit 1
 
 echo "d -> d"
 $cmd -in x509-f.d -inform d -outform d >x509-ff.d1 || exit 1
-echo "n -> d"
-$cmd -in x509-f.n -inform n -outform d >x509-ff.d2 || exit 1
 echo "p -> d"
 $cmd -in x509-f.p -inform p -outform d >x509-ff.d3 || exit 1
 
-echo "d -> n"
-$cmd -in x509-f.d -inform d -outform n >x509-ff.n1 || exit 1
-echo "n -> n"
-$cmd -in x509-f.n -inform n -outform n >x509-ff.n2 || exit 1
-echo "p -> n"
-$cmd -in x509-f.p -inform p -outform n >x509-ff.n3 || exit 1
-
 echo "d -> p"
 $cmd -in x509-f.d -inform d -outform p >x509-ff.p1 || exit 1
-echo "n -> p"
-$cmd -in x509-f.n -inform n -outform p >x509-ff.p2 || exit 1
 echo "p -> p"
 $cmd -in x509-f.p -inform p -outform p >x509-ff.p3 || exit 1
 
 cmp x509-fff.p x509-f.p || exit 1
 cmp x509-fff.p x509-ff.p1 || exit 1
-cmp x509-fff.p x509-ff.p2 || exit 1
 cmp x509-fff.p x509-ff.p3 || exit 1
 
-cmp x509-f.n x509-ff.n1 || exit 1
-cmp x509-f.n x509-ff.n2 || exit 1
-cmp x509-f.n x509-ff.n3 || exit 1
 cmp x509-f.p x509-ff.p1 || exit 1
-cmp x509-f.p x509-ff.p2 || exit 1
 cmp x509-f.p x509-ff.p3 || exit 1
 
 /bin/rm -f x509-f.* x509-ff.* x509-fff.*

util/libeay.num

@@ -725,7 +725,7 @@ d2i_DSAPublicKey                        731	EXIST::FUNCTION:DSA
 d2i_DSAparams                           732	EXIST::FUNCTION:DSA
 d2i_NETSCAPE_SPKAC                      733	EXIST::FUNCTION:
 d2i_NETSCAPE_SPKI                       734	EXIST::FUNCTION:
-d2i_Netscape_RSA                        735	EXIST::FUNCTION:RC4,RSA
+d2i_Netscape_RSA                        735	NOEXIST::FUNCTION:
 d2i_PKCS7                               736	EXIST::FUNCTION:
 d2i_PKCS7_DIGEST                        737	EXIST::FUNCTION:
 d2i_PKCS7_ENCRYPT                       738	EXIST::FUNCTION:
@@ -827,7 +827,7 @@ i2d_DSAPublicKey                        834	EXIST::FUNCTION:DSA
 i2d_DSAparams                           835	EXIST::FUNCTION:DSA
 i2d_NETSCAPE_SPKAC                      836	EXIST::FUNCTION:
 i2d_NETSCAPE_SPKI                       837	EXIST::FUNCTION:
-i2d_Netscape_RSA                        838	EXIST::FUNCTION:RC4,RSA
+i2d_Netscape_RSA                        838	NOEXIST::FUNCTION:
 i2d_PKCS7                               839	EXIST::FUNCTION:
 i2d_PKCS7_DIGEST                        840	EXIST::FUNCTION:
 i2d_PKCS7_ENCRYPT                       841	EXIST::FUNCTION:
@@ -1816,9 +1816,9 @@ RAND_egd_bytes                          2402	EXIST::FUNCTION:
 X509_REQ_get1_email                     2403	EXIST::FUNCTION:
 X509_get1_email                         2404	EXIST::FUNCTION:
 X509_email_free                         2405	EXIST::FUNCTION:
-i2d_RSA_NET                             2406	EXIST::FUNCTION:RC4,RSA
+i2d_RSA_NET                             2406	NOEXIST::FUNCTION:
 d2i_RSA_NET_2                           2407	NOEXIST::FUNCTION:
-d2i_RSA_NET                             2408	EXIST::FUNCTION:RC4,RSA
+d2i_RSA_NET                             2408	NOEXIST::FUNCTION:
 DSO_bind_func                           2409	EXIST::FUNCTION:
 CRYPTO_get_new_dynlockid                2410	EXIST::FUNCTION:
 sk_new_null                             2411	EXIST::FUNCTION:
@@ -3796,7 +3796,7 @@ CRYPTO_THREADID_cmp                     4176	EXIST::FUNCTION:
 TS_REQ_ext_free                         4177	EXIST::FUNCTION:
 EVP_PKEY_asn1_set_free                  4178	EXIST::FUNCTION:
 EVP_PKEY_get0_asn1                      4179	EXIST::FUNCTION:
-d2i_NETSCAPE_X509                       4180	EXIST::FUNCTION:
+d2i_NETSCAPE_X509                       4180	NOEXIST::FUNCTION:
 EVP_PKEY_verify_recover_init            4181	EXIST::FUNCTION:
 EVP_PKEY_CTX_set_data                   4182	EXIST::FUNCTION:
 EVP_PKEY_keygen_init                    4183	EXIST::FUNCTION:
@@ -3864,7 +3864,7 @@ ASN1_PCTX_get_nm_flags                  4242	EXIST::FUNCTION:
 EVP_PKEY_meth_set_sign                  4243	EXIST::FUNCTION:
 CRYPTO_THREADID_current                 4244	EXIST::FUNCTION:
 EVP_PKEY_decrypt_init                   4245	EXIST::FUNCTION:
-NETSCAPE_X509_free                      4246	EXIST::FUNCTION:
+NETSCAPE_X509_free                      4246	NOEXIST::FUNCTION:
 i2b_PVK_bio                             4247	EXIST::FUNCTION:RC4
 EVP_PKEY_print_private                  4248	EXIST::FUNCTION:
 GENERAL_NAME_get0_value                 4249	EXIST::FUNCTION:
@@ -3994,8 +3994,8 @@ WHIRLPOOL_Final                         4370	EXIST::FUNCTION:WHIRLPOOL
 X509_CRL_METHOD_new                     4371	EXIST::FUNCTION:
 EVP_DigestSignFinal                     4372	EXIST::FUNCTION:
 TS_RESP_CTX_set_def_policy              4373	EXIST::FUNCTION:
-NETSCAPE_X509_it                        4374	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NETSCAPE_X509_it                        4374	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+NETSCAPE_X509_it                        4374	NOEXIST::FUNCTION:
+NETSCAPE_X509_it                        4374	NOEXIST::FUNCTION:
 TS_RESP_create_response                 4375	EXIST::FUNCTION:
 PKCS7_SIGNER_INFO_get0_algs             4376	EXIST::FUNCTION:
 TS_TST_INFO_get_nonce                   4377	EXIST::FUNCTION:
@@ -4046,7 +4046,7 @@ TS_REQ_get_ext_d2i                      4420	EXIST::FUNCTION:
 GENERAL_NAME_set0_othername             4421	EXIST::FUNCTION:
 TS_TST_INFO_get_ext_count               4422	EXIST::FUNCTION:
 TS_RESP_CTX_get_request                 4423	EXIST::FUNCTION:
-i2d_NETSCAPE_X509                       4424	EXIST::FUNCTION:
+i2d_NETSCAPE_X509                       4424	NOEXIST::FUNCTION:
 ENGINE_get_pkey_meth_engine             4425	EXIST::FUNCTION:ENGINE
 EVP_PKEY_meth_set_signctx               4426	EXIST::FUNCTION:
 EVP_PKEY_asn1_copy                      4427	EXIST::FUNCTION:
@@ -4109,7 +4109,7 @@ PKCS7_stream                            4481	EXIST::FUNCTION:
 TS_RESP_CTX_set_certs                   4482	EXIST::FUNCTION:
 TS_CONF_set_def_policy                  4483	EXIST::FUNCTION:
 ASN1_GENERALIZEDTIME_adj                4484	EXIST::FUNCTION:
-NETSCAPE_X509_new                       4485	EXIST::FUNCTION:
+NETSCAPE_X509_new                       4485	NOEXIST::FUNCTION:
 TS_ACCURACY_free                        4486	EXIST::FUNCTION:
 TS_RESP_get_tst_info                    4487	EXIST::FUNCTION:
 EVP_PKEY_derive_set_peer                4488	EXIST::FUNCTION: