From d633ad37e4876f97e4448b46c1fc2696b487a574 Mon Sep 17 00:00:00 2001 From: tb Date: Sat, 2 Mar 2024 10:35:32 +0000 Subject: [PATCH] Remove X509V3_EXT extensibility API You used to be able to define your own X.509 extension handlers. Great. Even greater: the verifier would ignore any custom extensions. So this was only ever useful for serialization and deserialization. In other words, almost entirely pointless. The API was also unused except for a hack in kore-acme, which was fixed recently. ok jsing --- lib/libcrypto/Symbols.list | 4 --- lib/libcrypto/Symbols.namespace | 4 --- lib/libcrypto/hidden/openssl/x509v3.h | 6 +---- lib/libcrypto/x509/x509_lib.c | 36 +-------------------------- lib/libcrypto/x509/x509v3.h | 6 +---- 5 files changed, 3 insertions(+), 53 deletions(-) diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list index f27d1fbffd9..48af5219afc 100644 --- a/lib/libcrypto/Symbols.list +++ b/lib/libcrypto/Symbols.list @@ -2493,13 +2493,9 @@ X509V3_EXT_CRL_add_conf X509V3_EXT_CRL_add_nconf X509V3_EXT_REQ_add_conf X509V3_EXT_REQ_add_nconf -X509V3_EXT_add -X509V3_EXT_add_alias X509V3_EXT_add_conf -X509V3_EXT_add_list X509V3_EXT_add_nconf X509V3_EXT_add_nconf_sk -X509V3_EXT_cleanup X509V3_EXT_conf X509V3_EXT_conf_nid X509V3_EXT_d2i diff --git a/lib/libcrypto/Symbols.namespace b/lib/libcrypto/Symbols.namespace index 6aa4468fae1..4a88b264875 100644 --- a/lib/libcrypto/Symbols.namespace +++ b/lib/libcrypto/Symbols.namespace @@ -755,10 +755,6 @@ _libre_i2s_ASN1_INTEGER _libre_s2i_ASN1_INTEGER _libre_i2s_ASN1_ENUMERATED _libre_i2s_ASN1_ENUMERATED_TABLE -_libre_X509V3_EXT_add -_libre_X509V3_EXT_add_list -_libre_X509V3_EXT_add_alias -_libre_X509V3_EXT_cleanup _libre_X509V3_EXT_get _libre_X509V3_EXT_get_nid _libre_X509V3_add_standard_extensions diff --git a/lib/libcrypto/hidden/openssl/x509v3.h b/lib/libcrypto/hidden/openssl/x509v3.h index a85c5c26aa2..67f6a85bc49 100644 --- a/lib/libcrypto/hidden/openssl/x509v3.h +++ b/lib/libcrypto/hidden/openssl/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.5 2023/07/05 21:14:54 bcook Exp $ */ +/* $OpenBSD: x509v3.h,v 1.6 2024/03/02 10:35:32 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -160,10 +160,6 @@ LCRYPTO_USED(i2s_ASN1_INTEGER); LCRYPTO_USED(s2i_ASN1_INTEGER); LCRYPTO_USED(i2s_ASN1_ENUMERATED); LCRYPTO_USED(i2s_ASN1_ENUMERATED_TABLE); -LCRYPTO_USED(X509V3_EXT_add); -LCRYPTO_USED(X509V3_EXT_add_list); -LCRYPTO_USED(X509V3_EXT_add_alias); -LCRYPTO_USED(X509V3_EXT_cleanup); LCRYPTO_USED(X509V3_EXT_get); LCRYPTO_USED(X509V3_EXT_get_nid); LCRYPTO_USED(X509V3_add_standard_extensions); diff --git a/lib/libcrypto/x509/x509_lib.c b/lib/libcrypto/x509/x509_lib.c index 5ddfc376190..c5151d407ef 100644 --- a/lib/libcrypto/x509/x509_lib.c +++ b/lib/libcrypto/x509/x509_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_lib.c,v 1.16 2024/01/25 15:09:22 tb Exp $ */ +/* $OpenBSD: x509_lib.c,v 1.17 2024/03/02 10:35:32 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -333,37 +333,3 @@ err: return 0; } LCRYPTO_ALIAS(X509V3_add1_i2d); - -/* - * XXX - remove all the functions below in the next major bump. - */ - -int -X509V3_EXT_add(X509V3_EXT_METHOD *ext) -{ - X509V3error(ERR_R_DISABLED); - return 0; -} -LCRYPTO_ALIAS(X509V3_EXT_add); - -int -X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) -{ - X509V3error(ERR_R_DISABLED); - return 0; -} -LCRYPTO_ALIAS(X509V3_EXT_add_list); - -int -X509V3_EXT_add_alias(int nid_to, int nid_from) -{ - X509V3error(ERR_R_DISABLED); - return 0; -} -LCRYPTO_ALIAS(X509V3_EXT_add_alias); - -void -X509V3_EXT_cleanup(void) -{ -} -LCRYPTO_ALIAS(X509V3_EXT_cleanup); diff --git a/lib/libcrypto/x509/x509v3.h b/lib/libcrypto/x509/x509v3.h index f867cc38c38..676fd62c278 100644 --- a/lib/libcrypto/x509/x509v3.h +++ b/lib/libcrypto/x509/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.25 2023/06/25 18:15:21 tb Exp $ */ +/* $OpenBSD: x509v3.h,v 1.26 2024/03/02 10:35:32 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -692,10 +692,6 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); -int X509V3_EXT_add(X509V3_EXT_METHOD *ext); -int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); -int X509V3_EXT_add_alias(int nid_to, int nid_from); -void X509V3_EXT_cleanup(void); const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); -- 2.20.1