From 11e0b35c95687595ddd6b6af433c71a3d2ae39dd Mon Sep 17 00:00:00 2001 From: tb Date: Sat, 31 Aug 2024 10:16:52 +0000 Subject: [PATCH] Remove X509_REQ_{set,get}_extension_nids() LibreSSL no longer supports non-standard OIDs for use in the extensions attribute of CSRs. The API that enabled that (and nobody used of course) can now go. ok beck jsing --- lib/libcrypto/Symbols.list | 2 -- lib/libcrypto/hidden/openssl/x509.h | 4 +--- lib/libcrypto/x509/x509.h | 4 +--- lib/libcrypto/x509/x509_req.c | 21 +-------------------- 4 files changed, 3 insertions(+), 28 deletions(-) diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list index 6b3a8e12675..801e87e3d7c 100644 --- a/lib/libcrypto/Symbols.list +++ b/lib/libcrypto/Symbols.list @@ -2549,7 +2549,6 @@ X509_REQ_get_attr X509_REQ_get_attr_by_NID X509_REQ_get_attr_by_OBJ X509_REQ_get_attr_count -X509_REQ_get_extension_nids X509_REQ_get_extensions X509_REQ_get_pubkey X509_REQ_get_signature_nid @@ -2560,7 +2559,6 @@ X509_REQ_new X509_REQ_print X509_REQ_print_ex X509_REQ_print_fp -X509_REQ_set_extension_nids X509_REQ_set_pubkey X509_REQ_set_subject_name X509_REQ_set_version diff --git a/lib/libcrypto/hidden/openssl/x509.h b/lib/libcrypto/hidden/openssl/x509.h index 03216ffeb2d..41045af3ba2 100644 --- a/lib/libcrypto/hidden/openssl/x509.h +++ b/lib/libcrypto/hidden/openssl/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.11 2024/08/31 10:12:23 tb Exp $ */ +/* $OpenBSD: x509.h,v 1.12 2024/08/31 10:16:52 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -140,8 +140,6 @@ LCRYPTO_USED(X509_REQ_get_pubkey); LCRYPTO_USED(i2d_re_X509_REQ_tbs); LCRYPTO_USED(X509_REQ_get0_pubkey); LCRYPTO_USED(X509_REQ_extension_nid); -LCRYPTO_USED(X509_REQ_get_extension_nids); -LCRYPTO_USED(X509_REQ_set_extension_nids); LCRYPTO_USED(X509_REQ_get_extensions); LCRYPTO_USED(X509_REQ_add_extensions_nid); LCRYPTO_USED(X509_REQ_add_extensions); diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h index 6fcd59a8521..bcae39aa52e 100644 --- a/lib/libcrypto/x509/x509.h +++ b/lib/libcrypto/x509/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.115 2024/08/31 10:14:17 tb Exp $ */ +/* $OpenBSD: x509.h,v 1.116 2024/08/31 10:16:52 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -721,8 +721,6 @@ EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); EVP_PKEY * X509_REQ_get0_pubkey(X509_REQ *req); int X509_REQ_extension_nid(int nid); -int * X509_REQ_get_extension_nids(void); -void X509_REQ_set_extension_nids(int *nids); STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, int nid); diff --git a/lib/libcrypto/x509/x509_req.c b/lib/libcrypto/x509/x509_req.c index 2565014972e..704acbd8971 100644 --- a/lib/libcrypto/x509/x509_req.c +++ b/lib/libcrypto/x509/x509_req.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_req.c,v 1.42 2024/07/26 13:24:39 tb Exp $ */ +/* $OpenBSD: x509_req.c,v 1.43 2024/08/31 10:16:52 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -318,22 +318,3 @@ i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) return i2d_X509_REQ_INFO(req->req_info, pp); } LCRYPTO_ALIAS(i2d_re_X509_REQ_tbs); - -/* - * XXX - remove the API below in the next major bump - */ - -int * -X509_REQ_get_extension_nids(void) -{ - X509error(ERR_R_DISABLED); - return NULL; -} -LCRYPTO_ALIAS(X509_REQ_get_extension_nids); - -void -X509_REQ_set_extension_nids(int *nids) -{ - X509error(ERR_R_DISABLED); -} -LCRYPTO_ALIAS(X509_REQ_set_extension_nids); -- 2.20.1