From cb0df0717cbdfcb0540758a641ae25d6fbd8422e Mon Sep 17 00:00:00 2001 From: tb Date: Sat, 2 Mar 2024 10:40:05 +0000 Subject: [PATCH] Remove unused parts of the purpose API Most of this is the ability to add custom purposes. Also the astounding X509_STORE_CTX_purpose_inherit(). The names are used by PHP, and M2Crypto exposes X509_check_purpose(), so these remain public. Some weird, most likely invalid, uses also remain in rust-openssl. ok jsing --- lib/libcrypto/Symbols.list | 6 ----- lib/libcrypto/Symbols.namespace | 6 ----- lib/libcrypto/hidden/openssl/x509_vfy.h | 3 +-- lib/libcrypto/hidden/openssl/x509v3.h | 7 +----- lib/libcrypto/x509/x509_local.h | 7 +++++- lib/libcrypto/x509/x509_purp.c | 32 +------------------------ lib/libcrypto/x509/x509_vfy.c | 11 +-------- lib/libcrypto/x509/x509_vfy.h | 4 +--- lib/libcrypto/x509/x509v3.h | 11 ++------- 9 files changed, 13 insertions(+), 74 deletions(-) diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list index 48af5219afc..01b8cae19a2 100644 --- a/lib/libcrypto/Symbols.list +++ b/lib/libcrypto/Symbols.list @@ -2693,17 +2693,12 @@ X509_PUBKEY_it X509_PUBKEY_new X509_PUBKEY_set X509_PUBKEY_set0_param -X509_PURPOSE_add -X509_PURPOSE_cleanup X509_PURPOSE_get0 X509_PURPOSE_get0_name X509_PURPOSE_get0_sname -X509_PURPOSE_get_by_id X509_PURPOSE_get_by_sname X509_PURPOSE_get_count X509_PURPOSE_get_id -X509_PURPOSE_get_trust -X509_PURPOSE_set X509_REQ_INFO_free X509_REQ_INFO_it X509_REQ_INFO_new @@ -2796,7 +2791,6 @@ X509_STORE_CTX_get_verify X509_STORE_CTX_get_verify_cb X509_STORE_CTX_init X509_STORE_CTX_new -X509_STORE_CTX_purpose_inherit X509_STORE_CTX_set0_crls X509_STORE_CTX_set0_param X509_STORE_CTX_set0_trusted_stack diff --git a/lib/libcrypto/Symbols.namespace b/lib/libcrypto/Symbols.namespace index 4a88b264875..261d03ffb25 100644 --- a/lib/libcrypto/Symbols.namespace +++ b/lib/libcrypto/Symbols.namespace @@ -557,7 +557,6 @@ _libre_X509_STORE_CTX_set_chain _libre_X509_STORE_CTX_set0_crls _libre_X509_STORE_CTX_set_purpose _libre_X509_STORE_CTX_set_trust -_libre_X509_STORE_CTX_purpose_inherit _libre_X509_STORE_CTX_set_flags _libre_X509_STORE_CTX_set_time _libre_X509_STORE_CTX_set0_verified_chain @@ -772,18 +771,13 @@ _libre_X509V3_extensions_print _libre_X509_check_ca _libre_X509_check_purpose _libre_X509_supported_extension -_libre_X509_PURPOSE_set _libre_X509_check_issued _libre_X509_check_akid _libre_X509_PURPOSE_get_count _libre_X509_PURPOSE_get0 _libre_X509_PURPOSE_get_by_sname -_libre_X509_PURPOSE_get_by_id -_libre_X509_PURPOSE_add _libre_X509_PURPOSE_get0_name _libre_X509_PURPOSE_get0_sname -_libre_X509_PURPOSE_get_trust -_libre_X509_PURPOSE_cleanup _libre_X509_PURPOSE_get_id _libre_X509_get_extension_flags _libre_X509_get_key_usage diff --git a/lib/libcrypto/hidden/openssl/x509_vfy.h b/lib/libcrypto/hidden/openssl/x509_vfy.h index 3502492133e..88d8b143df0 100644 --- a/lib/libcrypto/hidden/openssl/x509_vfy.h +++ b/lib/libcrypto/hidden/openssl/x509_vfy.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.h,v 1.7 2024/02/23 10:39:07 tb Exp $ */ +/* $OpenBSD: x509_vfy.h,v 1.8 2024/03/02 10:40:05 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -109,7 +109,6 @@ LCRYPTO_USED(X509_STORE_CTX_set_chain); LCRYPTO_USED(X509_STORE_CTX_set0_crls); LCRYPTO_USED(X509_STORE_CTX_set_purpose); LCRYPTO_USED(X509_STORE_CTX_set_trust); -LCRYPTO_USED(X509_STORE_CTX_purpose_inherit); LCRYPTO_USED(X509_STORE_CTX_set_flags); LCRYPTO_USED(X509_STORE_CTX_set_time); LCRYPTO_USED(X509_STORE_CTX_set0_verified_chain); diff --git a/lib/libcrypto/hidden/openssl/x509v3.h b/lib/libcrypto/hidden/openssl/x509v3.h index 67f6a85bc49..a833ec9f4e2 100644 --- a/lib/libcrypto/hidden/openssl/x509v3.h +++ b/lib/libcrypto/hidden/openssl/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.6 2024/03/02 10:35:32 tb Exp $ */ +/* $OpenBSD: x509v3.h,v 1.7 2024/03/02 10:40:05 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -177,18 +177,13 @@ LCRYPTO_USED(X509V3_extensions_print); LCRYPTO_USED(X509_check_ca); LCRYPTO_USED(X509_check_purpose); LCRYPTO_USED(X509_supported_extension); -LCRYPTO_USED(X509_PURPOSE_set); LCRYPTO_USED(X509_check_issued); LCRYPTO_USED(X509_check_akid); LCRYPTO_USED(X509_PURPOSE_get_count); LCRYPTO_USED(X509_PURPOSE_get0); LCRYPTO_USED(X509_PURPOSE_get_by_sname); -LCRYPTO_USED(X509_PURPOSE_get_by_id); -LCRYPTO_USED(X509_PURPOSE_add); LCRYPTO_USED(X509_PURPOSE_get0_name); LCRYPTO_USED(X509_PURPOSE_get0_sname); -LCRYPTO_USED(X509_PURPOSE_get_trust); -LCRYPTO_USED(X509_PURPOSE_cleanup); LCRYPTO_USED(X509_PURPOSE_get_id); LCRYPTO_USED(X509_get_extension_flags); LCRYPTO_USED(X509_get_key_usage); diff --git a/lib/libcrypto/x509/x509_local.h b/lib/libcrypto/x509/x509_local.h index 4ac99da2bd5..342aa226fb4 100644 --- a/lib/libcrypto/x509/x509_local.h +++ b/lib/libcrypto/x509/x509_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_local.h,v 1.20 2024/03/02 10:20:27 tb Exp $ */ +/* $OpenBSD: x509_local.h,v 1.21 2024/03/02 10:40:05 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2013. */ @@ -59,6 +59,8 @@ #ifndef HEADER_X509_LOCAL_H #define HEADER_X509_LOCAL_H +#include + __BEGIN_HIDDEN_DECLS #define TS_HASH_EVP EVP_sha1() @@ -402,6 +404,9 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, const unsigned char *salt, X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid, int keylen); +int X509_PURPOSE_get_by_id(int id); +int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); + __END_HIDDEN_DECLS #endif /* !HEADER_X509_LOCAL_H */ diff --git a/lib/libcrypto/x509/x509_purp.c b/lib/libcrypto/x509/x509_purp.c index 1735e70caea..9d4ec3220ce 100644 --- a/lib/libcrypto/x509/x509_purp.c +++ b/lib/libcrypto/x509/x509_purp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_purp.c,v 1.36 2024/02/28 16:26:08 tb Exp $ */ +/* $OpenBSD: x509_purp.c,v 1.37 2024/03/02 10:40:05 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -187,18 +187,6 @@ X509_check_purpose(X509 *x, int id, int ca) } LCRYPTO_ALIAS(X509_check_purpose); -int -X509_PURPOSE_set(int *p, int purpose) -{ - if (X509_PURPOSE_get_by_id(purpose) == -1) { - X509V3error(X509V3_R_INVALID_PURPOSE); - return 0; - } - *p = purpose; - return 1; -} -LCRYPTO_ALIAS(X509_PURPOSE_set); - int X509_PURPOSE_get_count(void) { @@ -243,23 +231,6 @@ X509_PURPOSE_get_by_id(int purpose) return purpose - X509_PURPOSE_MIN; } -LCRYPTO_ALIAS(X509_PURPOSE_get_by_id); - -int -X509_PURPOSE_add(int id, int trust, int flags, - int (*ck)(const X509_PURPOSE *, const X509 *, int), const char *name, - const char *sname, void *arg) -{ - X509error(ERR_R_DISABLED); - return 0; -} -LCRYPTO_ALIAS(X509_PURPOSE_add); - -void -X509_PURPOSE_cleanup(void) -{ -} -LCRYPTO_ALIAS(X509_PURPOSE_cleanup); int X509_PURPOSE_get_id(const X509_PURPOSE *xp) @@ -287,7 +258,6 @@ X509_PURPOSE_get_trust(const X509_PURPOSE *xp) { return xp->trust; } -LCRYPTO_ALIAS(X509_PURPOSE_get_trust); /* * List of NIDs of extensions supported by the verifier. If an extension diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c index 499db355789..53996586391 100644 --- a/lib/libcrypto/x509/x509_vfy.c +++ b/lib/libcrypto/x509/x509_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.141 2024/02/28 12:21:16 tb Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.142 2024/03/02 10:40:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2171,15 +2171,6 @@ LCRYPTO_ALIAS(X509_STORE_CTX_set0_crls); * purpose and trust settings which the application can set: if they * aren't set then we use the default of SSL client/server. */ -int -X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, - int purpose, int trust) -{ - X509error(ERR_R_DISABLED); - return 0; -} -LCRYPTO_ALIAS(X509_STORE_CTX_purpose_inherit); - int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose_id) { diff --git a/lib/libcrypto/x509/x509_vfy.h b/lib/libcrypto/x509/x509_vfy.h index d7657a51f03..914a83bb00b 100644 --- a/lib/libcrypto/x509/x509_vfy.h +++ b/lib/libcrypto/x509/x509_vfy.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.h,v 1.65 2024/02/23 10:39:07 tb Exp $ */ +/* $OpenBSD: x509_vfy.h,v 1.66 2024/03/02 10:40:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -404,8 +404,6 @@ void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk); void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk); int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); -int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, - int purpose, int trust); void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t); diff --git a/lib/libcrypto/x509/x509v3.h b/lib/libcrypto/x509/x509v3.h index 676fd62c278..118a449e822 100644 --- a/lib/libcrypto/x509/x509v3.h +++ b/lib/libcrypto/x509/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.26 2024/03/02 10:35:32 tb Exp $ */ +/* $OpenBSD: x509v3.h,v 1.27 2024/03/02 10:40:05 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -719,20 +719,13 @@ int X509V3_extensions_print(BIO *out, const char *title, int X509_check_ca(X509 *x); int X509_check_purpose(X509 *x, int id, int ca); int X509_supported_extension(X509_EXTENSION *ex); -int X509_PURPOSE_set(int *p, int purpose); int X509_check_issued(X509 *issuer, X509 *subject); int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); int X509_PURPOSE_get_count(void); -X509_PURPOSE * X509_PURPOSE_get0(int idx); +X509_PURPOSE *X509_PURPOSE_get0(int idx); int X509_PURPOSE_get_by_sname(const char *sname); -int X509_PURPOSE_get_by_id(int id); -int X509_PURPOSE_add(int id, int trust, int flags, - int (*ck)(const X509_PURPOSE *, const X509 *, int), - const char *name, const char *sname, void *arg); char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); -int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); -void X509_PURPOSE_cleanup(void); int X509_PURPOSE_get_id(const X509_PURPOSE *); uint32_t X509_get_extension_flags(X509 *x); uint32_t X509_get_key_usage(X509 *x); -- 2.20.1