Rich Salz removed netscape support from OpenSSL in 2015 (commit 0bc2f365).
This is the openssl(1) part of that removal. SGC was removed a bit
earlier as part of 7e1b7485. The removal of the API in libcrypto will be
part of the bump (only devel/kf5/kdelibs4support uses it thanks to a
LIBRESSL_VERSION_NUMBER code path which I will neuter).
Index: apps.c
===================================================================
RCS file: /cvs/src/usr.bin/openssl/apps.c,v
retrieving revision 1.60
diff -u -p -r1.60 apps.c
--- apps.c 31 Mar 2021 17:13:54 -0000 1.60
+++ apps.c 25 Nov 2021 20:24:36 -0000
@@ -160,12 +160,6 @@ static int set_table_opts(unsigned long
static int set_multi_opts(unsigned long *flags, const char *arg,
const NAME_EX_TBL *in_tbl);
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-/* Looks like this stuff is worth moving into separate function */
-static EVP_PKEY *load_netscape_key(BIO *err, BIO *key, const char *file,
- const char *key_descrip, int format);
-#endif
-
int
str2fmt(char *s)
{
@@ -175,8 +169,6 @@ str2fmt(char *s)
return (FORMAT_ASN1);
else if ((*s == 'T') || (*s == 't'))
return (FORMAT_TEXT);
- else if ((*s == 'N') || (*s == 'n'))
- return (FORMAT_NETSCAPE);
else if ((*s == 'S') || (*s == 's'))
return (FORMAT_SMIME);
else if ((*s == 'M') || (*s == 'm'))
@@ -612,24 +604,7 @@ load_cert(BIO *err, const char *file, in
if (format == FORMAT_ASN1)
x = d2i_X509_bio(cert, NULL);
- else if (format == FORMAT_NETSCAPE) {
- NETSCAPE_X509 *nx;
- nx = ASN1_item_d2i_bio(&NETSCAPE_X509_it,
- cert, NULL);
- if (nx == NULL)
- goto end;
-
- if ((strncmp(NETSCAPE_CERT_HDR, (char *) nx->header->data,
- nx->header->length) != 0)) {
- NETSCAPE_X509_free(nx);
- BIO_printf(err,
- "Error reading header on certificate\n");
- goto end;
- }
- x = nx->cert;
- nx->cert = NULL;
- NETSCAPE_X509_free(nx);
- } else if (format == FORMAT_PEM)
+ else if (format == FORMAT_PEM)
x = PEM_read_bio_X509_AUX(cert, NULL, password_callback, NULL);
else if (format == FORMAT_PKCS12) {
if (!load_pkcs12(err, cert, cert_descrip, NULL, NULL,
@@ -684,10 +659,6 @@ load_key(BIO *err, const char *file, int
} else if (format == FORMAT_PEM) {
pkey = PEM_read_bio_PrivateKey(key, NULL, password_callback,
&cb_data);
}
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
- else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
- pkey = load_netscape_key(err, key, file, key_descrip, format);
-#endif
else if (format == FORMAT_PKCS12) {
if (!load_pkcs12(err, key, key_descrip, password_callback,
&cb_data,
&pkey, NULL, NULL))
@@ -768,10 +739,6 @@ load_pubkey(BIO *err, const char *file,
else if (format == FORMAT_PEM) {
pkey = PEM_read_bio_PUBKEY(key, NULL, password_callback,
&cb_data);
}
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
- else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
- pkey = load_netscape_key(err, key, file, key_descrip, format);
-#endif
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
else if (format == FORMAT_MSBLOB)
pkey = b2i_PublicKey_bio(key);
@@ -787,51 +754,6 @@ load_pubkey(BIO *err, const char *file,
BIO_printf(err, "unable to load %s\n", key_descrip);
return (pkey);
}
-
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-static EVP_PKEY *
-load_netscape_key(BIO *err, BIO *key, const char *file,
- const char *key_descrip, int format)
-{
- EVP_PKEY *pkey;
- BUF_MEM *buf;
- RSA *rsa;
- const unsigned char *p;
- int size, i;
-
- buf = BUF_MEM_new();
- pkey = EVP_PKEY_new();
- size = 0;
- if (buf == NULL || pkey == NULL)
- goto error;
- for (;;) {
- if (!BUF_MEM_grow_clean(buf, size + 1024 * 10))
- goto error;
- i = BIO_read(key, &(buf->data[size]), 1024 * 10);
- size += i;
- if (i == 0)
- break;
- if (i < 0) {
- BIO_printf(err, "Error reading %s %s",
- key_descrip, file);
- goto error;
- }
- }
- p = (unsigned char *) buf->data;
- rsa = d2i_RSA_NET(NULL, &p, (long) size, NULL,
- (format == FORMAT_IISSGC ? 1 : 0));
- if (rsa == NULL)
- goto error;
- BUF_MEM_free(buf);
- EVP_PKEY_set1_RSA(pkey, rsa);
- return pkey;
-
- error:
- BUF_MEM_free(buf);
- EVP_PKEY_free(pkey);
- return NULL;
-}
-#endif /* ndef OPENSSL_NO_RC4 */
static int
load_certs_crls(BIO *err, const char *file, int format, const char *pass,
Index: apps.h
===================================================================
RCS file: /cvs/src/usr.bin/openssl/apps.h,v
retrieving revision 1.29
diff -u -p -r1.29 apps.h
--- apps.h 20 Nov 2021 15:55:00 -0000 1.29
+++ apps.h 25 Nov 2021 20:24:36 -0000
@@ -255,12 +255,10 @@ unsigned char *next_protos_parse(unsigne
#define FORMAT_ASN1 1
#define FORMAT_TEXT 2
#define FORMAT_PEM 3
-#define FORMAT_NETSCAPE 4
+
#define FORMAT_PKCS12 5
#define FORMAT_SMIME 6
-#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
- * adding yet another param to load_*key() */
#define FORMAT_PEMRSA 9 /* PEM RSAPublicKey format */
#define FORMAT_ASN1RSA 10 /* DER RSAPublicKey format */
#define FORMAT_MSBLOB 11 /* MS Key blob format */
@@ -269,8 +267,6 @@ unsigned char *next_protos_parse(unsigne
#define EXT_COPY_NONE 0
#define EXT_COPY_ADD 1
#define EXT_COPY_ALL 2
-
-#define NETSCAPE_CERT_HDR "certificate"
#define APP_PASS_LEN 1024
Index: openssl.1
===================================================================
RCS file: /cvs/src/usr.bin/openssl/openssl.1,v
retrieving revision 1.133
diff -u -p -r1.133 openssl.1
--- openssl.1 23 Oct 2021 11:36:44 -0000 1.133
+++ openssl.1 25 Nov 2021 20:24:36 -0000
@@ -4105,7 +4105,6 @@ Any additional fields will be treated as
.Op Fl pvk-none | pvk-strong | pvk-weak
.Op Fl RSAPublicKey_in
.Op Fl RSAPublicKey_out
-.Op Fl sgckey
.Op Fl text
.Ek
.El
@@ -4177,9 +4176,6 @@ and
except
.Cm RSAPublicKey
format is used instead.
-.It Fl sgckey
-Use the modified NET algorithm used with some versions of Microsoft IIS
-and SGC keys.
.It Fl text
Print the public/private key components in plain text.
.El
Index: rsa.c
===================================================================
RCS file: /cvs/src/usr.bin/openssl/rsa.c,v
retrieving revision 1.14
diff -u -p -r1.14 rsa.c
--- rsa.c 14 Jul 2019 03:30:46 -0000 1.14
+++ rsa.c 25 Nov 2021 20:24:36 -0000
@@ -88,7 +88,6 @@ static struct {
int pubin;
int pubout;
int pvk_encr;
- int sgckey;
int text;
} rsa_config;
@@ -215,12 +214,6 @@ static const struct option rsa_options[]
.opt.value = &rsa_config.pubout,
},
{
- .name = "sgckey",
- .desc = "Use modified NET algorithm for IIS and SGC keys",
- .type = OPTION_FLAG,
- .opt.flag = &rsa_config.sgckey,
- },
- {
.name = "text",
.desc = "Print in plain text in addition to encoded",
.type = OPTION_FLAG,
@@ -244,7 +237,7 @@ rsa_usage()
"[-inform fmt]\n"
" [-modulus] [-noout] [-out file] [-outform fmt] "
"[-passin src]\n"
- " [-passout src] [-pubin] [-pubout] [-sgckey] [-text]\n\n");
+ " [-passout src] [-pubin] [-pubout] [-text]\n\n");
options_usage(rsa_options);
fprintf(stderr, "\n");
@@ -300,19 +293,14 @@ rsa_main(int argc, char **argv)
tmpformat = FORMAT_PEMRSA;
else if (rsa_config.informat == FORMAT_ASN1)
tmpformat = FORMAT_ASN1RSA;
- } else if (rsa_config.informat == FORMAT_NETSCAPE &&
- rsa_config.sgckey)
- tmpformat = FORMAT_IISSGC;
- else
+ } else
tmpformat = rsa_config.informat;
pkey = load_pubkey(bio_err, rsa_config.infile,
tmpformat, 1, passin, "Public Key");
} else
pkey = load_key(bio_err, rsa_config.infile,
- (rsa_config.informat == FORMAT_NETSCAPE &&
- rsa_config.sgckey ? FORMAT_IISSGC :
- rsa_config.informat), 1, passin, "Private Key");
+ rsa_config.informat, 1, passin, "Private Key");
if (pkey != NULL)
rsa = EVP_PKEY_get1_RSA(pkey);
@@ -380,25 +368,7 @@ rsa_main(int argc, char **argv)
i = i2d_RSA_PUBKEY_bio(out, rsa);
} else
i = i2d_RSAPrivateKey_bio(out, rsa);
- }
-#ifndef OPENSSL_NO_RC4
- else if (rsa_config.outformat == FORMAT_NETSCAPE) {
- unsigned char *p, *pp;
- int size;
-
- i = 1;
- size = i2d_RSA_NET(rsa, NULL, NULL, rsa_config.sgckey);
- if ((p = malloc(size)) == NULL) {
- BIO_printf(bio_err, "Memory allocation failure\n");
- goto end;
- }
- pp = p;
- i2d_RSA_NET(rsa, &p, NULL, rsa_config.sgckey);
- BIO_write(out, (char *) pp, size);
- free(pp);
- }
-#endif
- else if (rsa_config.outformat == FORMAT_PEM) {
+ } else if (rsa_config.outformat == FORMAT_PEM) {
if (rsa_config.pubout || rsa_config.pubin) {
if (rsa_config.pubout == 2)
i = PEM_write_bio_RSAPublicKey(out, rsa);
Index: x509.c
===================================================================
RCS file: /cvs/src/usr.bin/openssl/x509.c,v
retrieving revision 1.25
diff -u -p -r1.25 x509.c
--- x509.c 23 Oct 2021 15:44:39 -0000 1.25
+++ x509.c 25 Nov 2021 20:24:36 -0000
@@ -1298,16 +1298,6 @@ x509_main(int argc, char **argv)
i = PEM_write_bio_X509_AUX(out, x);
else
i = PEM_write_bio_X509(out, x);
- } else if (x509_config.outformat == FORMAT_NETSCAPE) {
- NETSCAPE_X509 nx;
- ASN1_OCTET_STRING hdr;
-
- hdr.data = (unsigned char *) NETSCAPE_CERT_HDR;
- hdr.length = strlen(NETSCAPE_CERT_HDR);
- nx.header = &hdr;
- nx.cert = x;
-
- i = ASN1_item_i2d_bio(&NETSCAPE_X509_it, out, &nx);
} else {
BIO_printf(bio_err,
"bad output format specified for outfile\n");
