From 970dc4d688477f8b3987068ddb8dd9130edaa52a Mon Sep 17 00:00:00 2001 From: tb Date: Tue, 25 Apr 2023 18:48:32 +0000 Subject: [PATCH] Remove SXNET Unused and no authorative information was found online in 2016 --- lib/libcrypto/Makefile | 3 +- lib/libcrypto/Symbols.namespace | 14 - lib/libcrypto/hidden/openssl/x509v3.h | 16 +- lib/libcrypto/man/Makefile | 3 +- lib/libcrypto/man/SXNET_new.3 | 139 ------ lib/libcrypto/man/X509_EXTENSION_set_object.3 | 5 +- lib/libcrypto/stack/safestack.h | 26 +- lib/libcrypto/x509/x509_sxnet.c | 397 ------------------ lib/libcrypto/x509/x509v3.h | 42 +- 9 files changed, 7 insertions(+), 638 deletions(-) delete mode 100644 lib/libcrypto/man/SXNET_new.3 delete mode 100644 lib/libcrypto/x509/x509_sxnet.c diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile index 057eb9cc541..d6175dfd5d4 100644 --- a/lib/libcrypto/Makefile +++ b/lib/libcrypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.112 2023/04/25 17:54:10 tb Exp $ +# $OpenBSD: Makefile,v 1.113 2023/04/25 18:48:32 tb Exp $ LIB= crypto LIBREBUILD=y @@ -704,7 +704,6 @@ SRCS+= x509_r2x.c SRCS+= x509_req.c SRCS+= x509_set.c SRCS+= x509_skey.c -#SRCS+= x509_sxnet.c SRCS+= x509_trs.c SRCS+= x509_txt.c SRCS+= x509_utl.c diff --git a/lib/libcrypto/Symbols.namespace b/lib/libcrypto/Symbols.namespace index 2fc36f3853e..f477c4d6cec 100644 --- a/lib/libcrypto/Symbols.namespace +++ b/lib/libcrypto/Symbols.namespace @@ -657,20 +657,6 @@ _libre_BASIC_CONSTRAINTS_new _libre_BASIC_CONSTRAINTS_free _libre_d2i_BASIC_CONSTRAINTS _libre_i2d_BASIC_CONSTRAINTS -_libre_SXNET_new -_libre_SXNET_free -_libre_d2i_SXNET -_libre_i2d_SXNET -_libre_SXNETID_new -_libre_SXNETID_free -_libre_d2i_SXNETID -_libre_i2d_SXNETID -_libre_SXNET_add_id_asc -_libre_SXNET_add_id_ulong -_libre_SXNET_add_id_INTEGER -_libre_SXNET_get_id_asc -_libre_SXNET_get_id_ulong -_libre_SXNET_get_id_INTEGER _libre_AUTHORITY_KEYID_new _libre_AUTHORITY_KEYID_free _libre_d2i_AUTHORITY_KEYID diff --git a/lib/libcrypto/hidden/openssl/x509v3.h b/lib/libcrypto/hidden/openssl/x509v3.h index eed75e0749b..044b55334d7 100644 --- a/lib/libcrypto/hidden/openssl/x509v3.h +++ b/lib/libcrypto/hidden/openssl/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.1 2022/11/14 17:48:49 beck Exp $ */ +/* $OpenBSD: x509v3.h,v 1.2 2023/04/25 18:48:32 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -33,20 +33,6 @@ LCRYPTO_USED(BASIC_CONSTRAINTS_new); LCRYPTO_USED(BASIC_CONSTRAINTS_free); LCRYPTO_USED(d2i_BASIC_CONSTRAINTS); LCRYPTO_USED(i2d_BASIC_CONSTRAINTS); -LCRYPTO_USED(SXNET_new); -LCRYPTO_USED(SXNET_free); -LCRYPTO_USED(d2i_SXNET); -LCRYPTO_USED(i2d_SXNET); -LCRYPTO_USED(SXNETID_new); -LCRYPTO_USED(SXNETID_free); -LCRYPTO_USED(d2i_SXNETID); -LCRYPTO_USED(i2d_SXNETID); -LCRYPTO_USED(SXNET_add_id_asc); -LCRYPTO_USED(SXNET_add_id_ulong); -LCRYPTO_USED(SXNET_add_id_INTEGER); -LCRYPTO_USED(SXNET_get_id_asc); -LCRYPTO_USED(SXNET_get_id_ulong); -LCRYPTO_USED(SXNET_get_id_INTEGER); LCRYPTO_USED(AUTHORITY_KEYID_new); LCRYPTO_USED(AUTHORITY_KEYID_free); LCRYPTO_USED(d2i_AUTHORITY_KEYID); diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile index b3fa34fe120..029c9473e13 100644 --- a/lib/libcrypto/man/Makefile +++ b/lib/libcrypto/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.244 2023/04/20 16:19:43 tb Exp $ +# $OpenBSD: Makefile,v 1.245 2023/04/25 18:48:32 tb Exp $ .include @@ -304,7 +304,6 @@ MAN= \ SMIME_write_CMS.3 \ SMIME_write_PKCS7.3 \ STACK_OF.3 \ - SXNET_new.3 \ TS_REQ_new.3 \ UI_UTIL_read_pw.3 \ UI_create_method.3 \ diff --git a/lib/libcrypto/man/SXNET_new.3 b/lib/libcrypto/man/SXNET_new.3 deleted file mode 100644 index 9a723be2032..00000000000 --- a/lib/libcrypto/man/SXNET_new.3 +++ /dev/null @@ -1,139 +0,0 @@ -.\" $OpenBSD: SXNET_new.3,v 1.3 2018/03/21 17:57:48 schwarze Exp $ -.\" -.\" Copyright (c) 2016 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: March 21 2018 $ -.Dt SXNET_NEW 3 -.Os -.Sh NAME -.Nm SXNET_new , -.Nm SXNET_free , -.Nm SXNETID_new , -.Nm SXNETID_free , -.Nm d2i_SXNET , -.Nm i2d_SXNET , -.Nm d2i_SXNETID , -.Nm i2d_SXNETID -.Nd Thawte strong extranet X.509 extension -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft SXNET * -.Fn SXNET_new void -.Ft void -.Fn SXNET_free "SXNET *sxnet" -.Ft SXNETID * -.Fn SXNETID_new void -.Ft void -.Fn SXNETID_free "SXNETID *sxnetid" -.Ft SXNET * -.Fo d2i_SXNET -.Fa "SXNET **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_SXNET -.Fa "SXNET *val_in" -.Fa "unsigned char **der_out" -.Fc -.Ft SXNETID * -.Fo d2i_SXNETID -.Fa "SXNETID **val_out" -.Fa "const unsigned char **der_in" -.Fa "long length" -.Fc -.Ft int -.Fo i2d_SXNETID -.Fa "SXNETID *val_in" -.Fa "unsigned char **der_out" -.Fc -.Sh DESCRIPTION -.Fn SXNET_new -allocates and initializes an empty -.Vt SXNET -object representing a non-standard proprietary Thawte strong extranet -X.509 extension. -.Fn SXNET_free -frees -.Fa sxnet . -.Pp -.Fn SXNETID_new -allocates and initializes an empty -.Vt SXNETID -object. -It is used inside -.Vt SXNET . -.Fn SXNETID_free -frees -.Fa sxnetid . -.Pp -The remaining functions decode and encode these objects -using DER format. -For details about the semantics, examples, caveats, and bugs, see -.Xr ASN1_item_d2i 3 . -.Sh RETURN VALUES -.Fn SXNET_new -and -.Fn d2i_SXNET -return an -.Vt SXNET -object or -.Dv NULL -if an error occurs. -.Pp -.Fn SXNETID_new -and -.Fn d2i_SXNETID -return an -.Vt SXNETID -object or -.Dv NULL -if an error occurs. -.Pp -.Fn i2d_SXNET -and -.Fn i2d_SXNETID -return the number of bytes successfully encoded or a negative value -if an error occurs. -.Sh SEE ALSO -.Xr X509_EXTENSION_new 3 , -.Xr X509_new 3 -.Rs -.%A M. Shuttleworth -.%R The Strong Extranet: real-world personal certification -.%Q Thawte Consulting -.%C South Africa -.%D 1998 -.Re -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.3 -and have been available since -.Ox 2.6 . -.Sh BUGS -This manual page does not explain what the extension actually does -because no authoritative information was found online so far. -.Pp -The only hint was found in an ancient white paper "Securing IBM -Applications with Public Key Infrastructure" on the IBM website, -dated June 13, 2001: "Thawte also has a technology called Strong -Extranet that allows institutions to encode customer information -in the extensions to their customer's certificates. -Because multiple institutions can add information, the user needs -only one certificate, making renewal and revocation simpler, although -the issue of modifying an extension to an existing certificate is -not addressed." -.Pp -It is unclear whether that explanation is accurate, but in any case, -it is not very specific. diff --git a/lib/libcrypto/man/X509_EXTENSION_set_object.3 b/lib/libcrypto/man/X509_EXTENSION_set_object.3 index 6a5b4e09a91..3ade50e4d66 100644 --- a/lib/libcrypto/man/X509_EXTENSION_set_object.3 +++ b/lib/libcrypto/man/X509_EXTENSION_set_object.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.15 2021/10/29 10:22:00 schwarze Exp $ +.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.16 2023/04/25 18:48:32 tb Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: October 29 2021 $ +.Dd $Mdocdate: April 25 2023 $ .Dt X509_EXTENSION_SET_OBJECT 3 .Os .Sh NAME @@ -292,7 +292,6 @@ pointer. .Xr PKEY_USAGE_PERIOD_new 3 , .Xr POLICYINFO_new 3 , .Xr PROXY_POLICY_new 3 , -.Xr SXNET_new 3 , .Xr TS_REQ_new 3 , .Xr X509_check_ca 3 , .Xr X509_check_host 3 , diff --git a/lib/libcrypto/stack/safestack.h b/lib/libcrypto/stack/safestack.h index b577f2f60fa..0df128a7bd7 100644 --- a/lib/libcrypto/stack/safestack.h +++ b/lib/libcrypto/stack/safestack.h @@ -1,4 +1,4 @@ -/* $OpenBSD: safestack.h,v 1.24 2023/04/24 22:30:17 tb Exp $ */ +/* $OpenBSD: safestack.h,v 1.25 2023/04/25 18:48:32 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -1479,30 +1479,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) #define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) #define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) -#if !defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL) -#define sk_SXNETID_new(cmp) SKM_sk_new(SXNETID, (cmp)) -#define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) -#define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) -#define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st)) -#define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i)) -#define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val)) -#define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st)) -#define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) -#define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) -#define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) -#define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val)) -#define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) -#define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) -#define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) -#define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp)) -#define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st) -#define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func)) -#define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st)) -#define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) -#define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) -#define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st)) -#endif - #define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp)) #define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) #define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st)) diff --git a/lib/libcrypto/x509/x509_sxnet.c b/lib/libcrypto/x509/x509_sxnet.c deleted file mode 100644 index 77c792d2270..00000000000 --- a/lib/libcrypto/x509/x509_sxnet.c +++ /dev/null @@ -1,397 +0,0 @@ -/* $OpenBSD: x509_sxnet.c,v 1.3 2023/02/16 08:38:17 tb Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -#include -#include -#include -#include -#include - -/* Support for Thawte strong extranet extension */ - -#define SXNET_TEST - -static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, - int indent); -#ifdef SXNET_TEST -static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); -#endif - -const X509V3_EXT_METHOD v3_sxnet = { - .ext_nid = NID_sxnet, - .ext_flags = X509V3_EXT_MULTILINE, - .it = &SXNET_it, - .ext_new = NULL, - .ext_free = NULL, - .d2i = NULL, - .i2d = NULL, - .i2s = NULL, - .s2i = NULL, - .i2v = NULL, -#ifdef SXNET_TEST - .v2i = (X509V3_EXT_V2I)sxnet_v2i, -#else - .v2i = NULL, -#endif - .i2r = (X509V3_EXT_I2R)sxnet_i2r, - .r2i = NULL, - .usr_data = NULL, -}; - -static const ASN1_TEMPLATE SXNETID_seq_tt[] = { - { - .flags = 0, - .tag = 0, - .offset = offsetof(SXNETID, zone), - .field_name = "zone", - .item = &ASN1_INTEGER_it, - }, - { - .flags = 0, - .tag = 0, - .offset = offsetof(SXNETID, user), - .field_name = "user", - .item = &ASN1_OCTET_STRING_it, - }, -}; - -const ASN1_ITEM SXNETID_it = { - .itype = ASN1_ITYPE_SEQUENCE, - .utype = V_ASN1_SEQUENCE, - .templates = SXNETID_seq_tt, - .tcount = sizeof(SXNETID_seq_tt) / sizeof(ASN1_TEMPLATE), - .funcs = NULL, - .size = sizeof(SXNETID), - .sname = "SXNETID", -}; - - -SXNETID * -d2i_SXNETID(SXNETID **a, const unsigned char **in, long len) -{ - return (SXNETID *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &SXNETID_it); -} -LCRYPTO_ALIAS(d2i_SXNETID); - -int -i2d_SXNETID(SXNETID *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &SXNETID_it); -} -LCRYPTO_ALIAS(i2d_SXNETID); - -SXNETID * -SXNETID_new(void) -{ - return (SXNETID *)ASN1_item_new(&SXNETID_it); -} -LCRYPTO_ALIAS(SXNETID_new); - -void -SXNETID_free(SXNETID *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &SXNETID_it); -} -LCRYPTO_ALIAS(SXNETID_free); - -static const ASN1_TEMPLATE SXNET_seq_tt[] = { - { - .flags = 0, - .tag = 0, - .offset = offsetof(SXNET, version), - .field_name = "version", - .item = &ASN1_INTEGER_it, - }, - { - .flags = ASN1_TFLG_SEQUENCE_OF, - .tag = 0, - .offset = offsetof(SXNET, ids), - .field_name = "ids", - .item = &SXNETID_it, - }, -}; - -const ASN1_ITEM SXNET_it = { - .itype = ASN1_ITYPE_SEQUENCE, - .utype = V_ASN1_SEQUENCE, - .templates = SXNET_seq_tt, - .tcount = sizeof(SXNET_seq_tt) / sizeof(ASN1_TEMPLATE), - .funcs = NULL, - .size = sizeof(SXNET), - .sname = "SXNET", -}; - - -SXNET * -d2i_SXNET(SXNET **a, const unsigned char **in, long len) -{ - return (SXNET *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &SXNET_it); -} -LCRYPTO_ALIAS(d2i_SXNET); - -int -i2d_SXNET(SXNET *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &SXNET_it); -} -LCRYPTO_ALIAS(i2d_SXNET); - -SXNET * -SXNET_new(void) -{ - return (SXNET *)ASN1_item_new(&SXNET_it); -} -LCRYPTO_ALIAS(SXNET_new); - -void -SXNET_free(SXNET *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &SXNET_it); -} -LCRYPTO_ALIAS(SXNET_free); - -static int -sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent) -{ - long v; - char *tmp; - SXNETID *id; - int i; - - v = ASN1_INTEGER_get(sx->version); - BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); - for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { - id = sk_SXNETID_value(sx->ids, i); - tmp = i2s_ASN1_INTEGER(NULL, id->zone); - BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); - free(tmp); - ASN1_STRING_print(out, id->user); - } - return 1; -} - -#ifdef SXNET_TEST - -/* NBB: this is used for testing only. It should *not* be used for anything - * else because it will just take static IDs from the configuration file and - * they should really be separate values for each user. - */ - -static SXNET * -sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) -{ - CONF_VALUE *cnf; - SXNET *sx = NULL; - int i; - - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - cnf = sk_CONF_VALUE_value(nval, i); - if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) - return NULL; - } - return sx; -} - -#endif - -/* Strong Extranet utility functions */ - -/* Add an id given the zone as an ASCII number */ - -int -SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen) -{ - ASN1_INTEGER *izone = NULL; - - if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { - X509V3error(X509V3_R_ERROR_CONVERTING_ZONE); - return 0; - } - return SXNET_add_id_INTEGER(psx, izone, user, userlen); -} -LCRYPTO_ALIAS(SXNET_add_id_asc); - -/* Add an id given the zone as an unsigned long */ - -int -SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, - int userlen) -{ - ASN1_INTEGER *izone = NULL; - - if (!(izone = ASN1_INTEGER_new()) || - !ASN1_INTEGER_set(izone, lzone)) { - X509V3error(ERR_R_MALLOC_FAILURE); - ASN1_INTEGER_free(izone); - return 0; - } - return SXNET_add_id_INTEGER(psx, izone, user, userlen); -} -LCRYPTO_ALIAS(SXNET_add_id_ulong); - -/* Add an id given the zone as an ASN1_INTEGER. - * Note this version uses the passed integer and doesn't make a copy so don't - * free it up afterwards. - */ - -int -SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, - int userlen) -{ - SXNET *sx = NULL; - SXNETID *id = NULL; - - if (!psx || !zone || !user) { - X509V3error(X509V3_R_INVALID_NULL_ARGUMENT); - return 0; - } - if (userlen == -1) - userlen = strlen(user); - if (userlen > 64) { - X509V3error(X509V3_R_USER_TOO_LONG); - return 0; - } - if (!*psx) { - if (!(sx = SXNET_new())) - goto err; - if (!ASN1_INTEGER_set(sx->version, 0)) - goto err; - *psx = sx; - } else - sx = *psx; - if (SXNET_get_id_INTEGER(sx, zone)) { - X509V3error(X509V3_R_DUPLICATE_ZONE_ID); - return 0; - } - - if (!(id = SXNETID_new())) - goto err; - if (userlen == -1) - userlen = strlen(user); - - if (!ASN1_STRING_set(id->user, user, userlen)) - goto err; - if (!sk_SXNETID_push(sx->ids, id)) - goto err; - id->zone = zone; - return 1; - -err: - X509V3error(ERR_R_MALLOC_FAILURE); - SXNETID_free(id); - SXNET_free(sx); - *psx = NULL; - return 0; -} -LCRYPTO_ALIAS(SXNET_add_id_INTEGER); - -ASN1_OCTET_STRING * -SXNET_get_id_asc(SXNET *sx, const char *zone) -{ - ASN1_INTEGER *izone = NULL; - ASN1_OCTET_STRING *oct; - - if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { - X509V3error(X509V3_R_ERROR_CONVERTING_ZONE); - return NULL; - } - oct = SXNET_get_id_INTEGER(sx, izone); - ASN1_INTEGER_free(izone); - return oct; -} -LCRYPTO_ALIAS(SXNET_get_id_asc); - -ASN1_OCTET_STRING * -SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) -{ - ASN1_INTEGER *izone = NULL; - ASN1_OCTET_STRING *oct; - - if (!(izone = ASN1_INTEGER_new()) || - !ASN1_INTEGER_set(izone, lzone)) { - X509V3error(ERR_R_MALLOC_FAILURE); - ASN1_INTEGER_free(izone); - return NULL; - } - oct = SXNET_get_id_INTEGER(sx, izone); - ASN1_INTEGER_free(izone); - return oct; -} -LCRYPTO_ALIAS(SXNET_get_id_ulong); - -ASN1_OCTET_STRING * -SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) -{ - SXNETID *id; - int i; - - for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { - id = sk_SXNETID_value(sx->ids, i); - if (!ASN1_INTEGER_cmp(id->zone, zone)) - return id->user; - } - return NULL; -} -LCRYPTO_ALIAS(SXNET_get_id_INTEGER); diff --git a/lib/libcrypto/x509/x509v3.h b/lib/libcrypto/x509/x509v3.h index 8738b302cb6..d7a0ef0165a 100644 --- a/lib/libcrypto/x509/x509v3.h +++ b/lib/libcrypto/x509/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.22 2023/04/25 18:28:05 tb Exp $ */ +/* $OpenBSD: x509v3.h,v 1.23 2023/04/25 18:48:32 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -262,22 +262,6 @@ struct AUTHORITY_KEYID_st { ASN1_INTEGER *serial; }; -/* Strong extranet structures */ - -#if !defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL) -typedef struct SXNET_ID_st { - ASN1_INTEGER *zone; - ASN1_OCTET_STRING *user; -} SXNETID; - -DECLARE_STACK_OF(SXNETID) - -typedef struct SXNET_st { - ASN1_INTEGER *version; - STACK_OF(SXNETID) *ids; -} SXNET; -#endif - typedef struct NOTICEREF_st { ASN1_STRING *organization; STACK_OF(ASN1_INTEGER) *noticenos; @@ -517,30 +501,6 @@ BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, const unsigned c int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **out); extern const ASN1_ITEM BASIC_CONSTRAINTS_it; -#if !defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL) -SXNET *SXNET_new(void); -void SXNET_free(SXNET *a); -SXNET *d2i_SXNET(SXNET **a, const unsigned char **in, long len); -int i2d_SXNET(SXNET *a, unsigned char **out); -extern const ASN1_ITEM SXNET_it; -SXNETID *SXNETID_new(void); -void SXNETID_free(SXNETID *a); -SXNETID *d2i_SXNETID(SXNETID **a, const unsigned char **in, long len); -int i2d_SXNETID(SXNETID *a, unsigned char **out); -extern const ASN1_ITEM SXNETID_it; - -int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, - int userlen); -int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, - int userlen); -int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user, - int userlen); - -ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone); -ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); -ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); -#endif - AUTHORITY_KEYID *AUTHORITY_KEYID_new(void); void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a); AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, const unsigned char **in, long len); -- 2.20.1