-/* $OpenBSD: apps.c,v 1.60 2021/03/31 17:13:54 tb Exp $ */
+/* $OpenBSD: apps.c,v 1.61 2021/11/26 16:23:27 tb Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
static int set_multi_opts(unsigned long *flags, const char *arg,
const NAME_EX_TBL *in_tbl);
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-/* Looks like this stuff is worth moving into separate function */
-static EVP_PKEY *load_netscape_key(BIO *err, BIO *key, const char *file,
- const char *key_descrip, int format);
-#endif
-
int
str2fmt(char *s)
{
return (FORMAT_ASN1);
else if ((*s == 'T') || (*s == 't'))
return (FORMAT_TEXT);
- else if ((*s == 'N') || (*s == 'n'))
- return (FORMAT_NETSCAPE);
else if ((*s == 'S') || (*s == 's'))
return (FORMAT_SMIME);
else if ((*s == 'M') || (*s == 'm'))
if (format == FORMAT_ASN1)
x = d2i_X509_bio(cert, NULL);
- else if (format == FORMAT_NETSCAPE) {
- NETSCAPE_X509 *nx;
- nx = ASN1_item_d2i_bio(&NETSCAPE_X509_it,
- cert, NULL);
- if (nx == NULL)
- goto end;
-
- if ((strncmp(NETSCAPE_CERT_HDR, (char *) nx->header->data,
- nx->header->length) != 0)) {
- NETSCAPE_X509_free(nx);
- BIO_printf(err,
- "Error reading header on certificate\n");
- goto end;
- }
- x = nx->cert;
- nx->cert = NULL;
- NETSCAPE_X509_free(nx);
- } else if (format == FORMAT_PEM)
+ else if (format == FORMAT_PEM)
x = PEM_read_bio_X509_AUX(cert, NULL, password_callback, NULL);
else if (format == FORMAT_PKCS12) {
if (!load_pkcs12(err, cert, cert_descrip, NULL, NULL,
} else if (format == FORMAT_PEM) {
pkey = PEM_read_bio_PrivateKey(key, NULL, password_callback, &cb_data);
}
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
- else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
- pkey = load_netscape_key(err, key, file, key_descrip, format);
-#endif
else if (format == FORMAT_PKCS12) {
if (!load_pkcs12(err, key, key_descrip, password_callback, &cb_data,
&pkey, NULL, NULL))
else if (format == FORMAT_PEM) {
pkey = PEM_read_bio_PUBKEY(key, NULL, password_callback, &cb_data);
}
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
- else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
- pkey = load_netscape_key(err, key, file, key_descrip, format);
-#endif
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
else if (format == FORMAT_MSBLOB)
pkey = b2i_PublicKey_bio(key);
return (pkey);
}
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-static EVP_PKEY *
-load_netscape_key(BIO *err, BIO *key, const char *file,
- const char *key_descrip, int format)
-{
- EVP_PKEY *pkey;
- BUF_MEM *buf;
- RSA *rsa;
- const unsigned char *p;
- int size, i;
-
- buf = BUF_MEM_new();
- pkey = EVP_PKEY_new();
- size = 0;
- if (buf == NULL || pkey == NULL)
- goto error;
- for (;;) {
- if (!BUF_MEM_grow_clean(buf, size + 1024 * 10))
- goto error;
- i = BIO_read(key, &(buf->data[size]), 1024 * 10);
- size += i;
- if (i == 0)
- break;
- if (i < 0) {
- BIO_printf(err, "Error reading %s %s",
- key_descrip, file);
- goto error;
- }
- }
- p = (unsigned char *) buf->data;
- rsa = d2i_RSA_NET(NULL, &p, (long) size, NULL,
- (format == FORMAT_IISSGC ? 1 : 0));
- if (rsa == NULL)
- goto error;
- BUF_MEM_free(buf);
- EVP_PKEY_set1_RSA(pkey, rsa);
- return pkey;
-
- error:
- BUF_MEM_free(buf);
- EVP_PKEY_free(pkey);
- return NULL;
-}
-#endif /* ndef OPENSSL_NO_RC4 */
-
static int
load_certs_crls(BIO *err, const char *file, int format, const char *pass,
const char *desc, STACK_OF(X509) **pcerts,
-/* $OpenBSD: apps.h,v 1.29 2021/11/20 15:55:00 tb Exp $ */
+/* $OpenBSD: apps.h,v 1.30 2021/11/26 16:23:27 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
#define FORMAT_ASN1 1
#define FORMAT_TEXT 2
#define FORMAT_PEM 3
-#define FORMAT_NETSCAPE 4
+
#define FORMAT_PKCS12 5
#define FORMAT_SMIME 6
-#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
- * adding yet another param to load_*key() */
#define FORMAT_PEMRSA 9 /* PEM RSAPublicKey format */
#define FORMAT_ASN1RSA 10 /* DER RSAPublicKey format */
#define FORMAT_MSBLOB 11 /* MS Key blob format */
#define EXT_COPY_ADD 1
#define EXT_COPY_ALL 2
-#define NETSCAPE_CERT_HDR "certificate"
-
#define APP_PASS_LEN 1024
#define SERIAL_RAND_BITS 64
-.\" $OpenBSD: openssl.1,v 1.133 2021/10/23 11:36:44 tb Exp $
+.\" $OpenBSD: openssl.1,v 1.134 2021/11/26 16:23:27 tb Exp $
.\" ====================================================================
.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
.\"
.\" copied and put under another distribution licence
.\" [including the GNU Public Licence.]
.\"
-.Dd $Mdocdate: October 23 2021 $
+.Dd $Mdocdate: November 26 2021 $
.Dt OPENSSL 1
.Os
.Sh NAME
.Op Fl pvk-none | pvk-strong | pvk-weak
.Op Fl RSAPublicKey_in
.Op Fl RSAPublicKey_out
-.Op Fl sgckey
.Op Fl text
.Ek
.El
except
.Cm RSAPublicKey
format is used instead.
-.It Fl sgckey
-Use the modified NET algorithm used with some versions of Microsoft IIS
-and SGC keys.
.It Fl text
Print the public/private key components in plain text.
.El
-/* $OpenBSD: rsa.c,v 1.14 2019/07/14 03:30:46 guenther Exp $ */
+/* $OpenBSD: rsa.c,v 1.15 2021/11/26 16:23:27 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int pubin;
int pubout;
int pvk_encr;
- int sgckey;
int text;
} rsa_config;
.value = 2,
.opt.value = &rsa_config.pubout,
},
- {
- .name = "sgckey",
- .desc = "Use modified NET algorithm for IIS and SGC keys",
- .type = OPTION_FLAG,
- .opt.flag = &rsa_config.sgckey,
- },
{
.name = "text",
.desc = "Print in plain text in addition to encoded",
"[-inform fmt]\n"
" [-modulus] [-noout] [-out file] [-outform fmt] "
"[-passin src]\n"
- " [-passout src] [-pubin] [-pubout] [-sgckey] [-text]\n\n");
+ " [-passout src] [-pubin] [-pubout] [-text]\n\n");
options_usage(rsa_options);
fprintf(stderr, "\n");
tmpformat = FORMAT_PEMRSA;
else if (rsa_config.informat == FORMAT_ASN1)
tmpformat = FORMAT_ASN1RSA;
- } else if (rsa_config.informat == FORMAT_NETSCAPE &&
- rsa_config.sgckey)
- tmpformat = FORMAT_IISSGC;
- else
+ } else
tmpformat = rsa_config.informat;
pkey = load_pubkey(bio_err, rsa_config.infile,
tmpformat, 1, passin, "Public Key");
} else
pkey = load_key(bio_err, rsa_config.infile,
- (rsa_config.informat == FORMAT_NETSCAPE &&
- rsa_config.sgckey ? FORMAT_IISSGC :
- rsa_config.informat), 1, passin, "Private Key");
+ rsa_config.informat, 1, passin, "Private Key");
if (pkey != NULL)
rsa = EVP_PKEY_get1_RSA(pkey);
i = i2d_RSA_PUBKEY_bio(out, rsa);
} else
i = i2d_RSAPrivateKey_bio(out, rsa);
- }
-#ifndef OPENSSL_NO_RC4
- else if (rsa_config.outformat == FORMAT_NETSCAPE) {
- unsigned char *p, *pp;
- int size;
-
- i = 1;
- size = i2d_RSA_NET(rsa, NULL, NULL, rsa_config.sgckey);
- if ((p = malloc(size)) == NULL) {
- BIO_printf(bio_err, "Memory allocation failure\n");
- goto end;
- }
- pp = p;
- i2d_RSA_NET(rsa, &p, NULL, rsa_config.sgckey);
- BIO_write(out, (char *) pp, size);
- free(pp);
- }
-#endif
- else if (rsa_config.outformat == FORMAT_PEM) {
+ } else if (rsa_config.outformat == FORMAT_PEM) {
if (rsa_config.pubout || rsa_config.pubin) {
if (rsa_config.pubout == 2)
i = PEM_write_bio_RSAPublicKey(out, rsa);
-/* $OpenBSD: x509.c,v 1.25 2021/10/23 15:44:39 tb Exp $ */
+/* $OpenBSD: x509.c,v 1.26 2021/11/26 16:23:27 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
i = PEM_write_bio_X509_AUX(out, x);
else
i = PEM_write_bio_X509(out, x);
- } else if (x509_config.outformat == FORMAT_NETSCAPE) {
- NETSCAPE_X509 nx;
- ASN1_OCTET_STRING hdr;
-
- hdr.data = (unsigned char *) NETSCAPE_CERT_HDR;
- hdr.length = strlen(NETSCAPE_CERT_HDR);
- nx.header = &hdr;
- nx.cert = x;
-
- i = ASN1_item_i2d_bio(&NETSCAPE_X509_it, out, &nx);
} else {
BIO_printf(bio_err,
"bad output format specified for outfile\n");
projects / openbsd / commitdiff