src - OpenBSD base system

diff options


context:
space:
mode:

author	Theo Buehler <tb@cvs.openbsd.org>	2024-03-02 10:35:33 +0000
committer	Theo Buehler <tb@cvs.openbsd.org>	2024-03-02 10:35:33 +0000
commit	2c4b747f1f6ce9270960f37d9d15d396891bbc06 (patch)
tree	b38a92f800118e9fc1ea0fe66c50f163ab1ac33a /lib/libcrypto
parent	47e4728265eb421f358a2ae755f537f33d44fe21 (diff)

Remove X509V3_EXT extensibility API

You used to be able to define your own X.509 extension handlers. Great. Even greater: the verifier would ignore any custom extensions. So this was only ever useful for serialization and deserialization. In other words, almost entirely pointless. The API was also unused except for a hack in kore-acme, which was fixed recently. ok jsing

Diffstat (limited to 'lib/libcrypto')

-rw-r--r--

lib/libcrypto/Symbols.list

-rw-r--r--

lib/libcrypto/Symbols.namespace

-rw-r--r--

lib/libcrypto/hidden/openssl/x509v3.h

-rw-r--r--

lib/libcrypto/x509/x509_lib.c

-rw-r--r--

lib/libcrypto/x509/x509v3.h

5 files changed, 3 insertions, 53 deletions

diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list
index f27d1fbffd9..48af5219afc 100644
--- a/lib/libcrypto/Symbols.list
+++ b/lib/libcrypto/Symbols.list

@@ -2493,13 +2493,9 @@ X509V3_EXT_CRL_add_conf

X509V3_EXT_CRL_add_nconf

X509V3_EXT_REQ_add_conf

X509V3_EXT_REQ_add_nconf

-X509V3_EXT_add

-X509V3_EXT_add_alias

X509V3_EXT_add_conf

-X509V3_EXT_add_list

X509V3_EXT_add_nconf

X509V3_EXT_add_nconf_sk

-X509V3_EXT_cleanup

X509V3_EXT_conf

X509V3_EXT_conf_nid

X509V3_EXT_d2i

diff --git a/lib/libcrypto/Symbols.namespace b/lib/libcrypto/Symbols.namespace
index 6aa4468fae1..4a88b264875 100644
--- a/lib/libcrypto/Symbols.namespace
+++ b/lib/libcrypto/Symbols.namespace

@@ -755,10 +755,6 @@ _libre_i2s_ASN1_INTEGER

_libre_s2i_ASN1_INTEGER

_libre_i2s_ASN1_ENUMERATED

_libre_i2s_ASN1_ENUMERATED_TABLE

-_libre_X509V3_EXT_add

-_libre_X509V3_EXT_add_list

-_libre_X509V3_EXT_add_alias

-_libre_X509V3_EXT_cleanup

_libre_X509V3_EXT_get

_libre_X509V3_EXT_get_nid

_libre_X509V3_add_standard_extensions

diff --git a/lib/libcrypto/hidden/openssl/x509v3.h b/lib/libcrypto/hidden/openssl/x509v3.h
index a85c5c26aa2..67f6a85bc49 100644
--- a/lib/libcrypto/hidden/openssl/x509v3.h
+++ b/lib/libcrypto/hidden/openssl/x509v3.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: x509v3.h,v 1.5 2023/07/05 21:14:54 bcook Exp $ */

+/* $OpenBSD: x509v3.h,v 1.6 2024/03/02 10:35:32 tb Exp $ */

@@ -160,10 +160,6 @@ LCRYPTO_USED(i2s_ASN1_INTEGER);

LCRYPTO_USED(s2i_ASN1_INTEGER);

LCRYPTO_USED(i2s_ASN1_ENUMERATED);

LCRYPTO_USED(i2s_ASN1_ENUMERATED_TABLE);

-LCRYPTO_USED(X509V3_EXT_add);

-LCRYPTO_USED(X509V3_EXT_add_list);

-LCRYPTO_USED(X509V3_EXT_add_alias);

-LCRYPTO_USED(X509V3_EXT_cleanup);

LCRYPTO_USED(X509V3_EXT_get);

LCRYPTO_USED(X509V3_EXT_get_nid);

LCRYPTO_USED(X509V3_add_standard_extensions);

diff --git a/lib/libcrypto/x509/x509_lib.c b/lib/libcrypto/x509/x509_lib.c
index 5ddfc376190..c5151d407ef 100644
--- a/lib/libcrypto/x509/x509_lib.c
+++ b/lib/libcrypto/x509/x509_lib.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: x509_lib.c,v 1.16 2024/01/25 15:09:22 tb Exp $ */

+/* $OpenBSD: x509_lib.c,v 1.17 2024/03/02 10:35:32 tb Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -333,37 +333,3 @@ err:

return 0;

}

LCRYPTO_ALIAS(X509V3_add1_i2d);

-/*

- * XXX - remove all the functions below in the next major bump.

- */

-int

-X509V3_EXT_add(X509V3_EXT_METHOD *ext)

- X509V3error(ERR_R_DISABLED);

- return 0;

-LCRYPTO_ALIAS(X509V3_EXT_add);

-int

-X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)

- X509V3error(ERR_R_DISABLED);

- return 0;

-LCRYPTO_ALIAS(X509V3_EXT_add_list);

-int

-X509V3_EXT_add_alias(int nid_to, int nid_from)

- X509V3error(ERR_R_DISABLED);

- return 0;

-LCRYPTO_ALIAS(X509V3_EXT_add_alias);

-void

-X509V3_EXT_cleanup(void)

-LCRYPTO_ALIAS(X509V3_EXT_cleanup);

diff --git a/lib/libcrypto/x509/x509v3.h b/lib/libcrypto/x509/x509v3.h
index f867cc38c38..676fd62c278 100644
--- a/lib/libcrypto/x509/x509v3.h
+++ b/lib/libcrypto/x509/x509v3.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: x509v3.h,v 1.25 2023/06/25 18:15:21 tb Exp $ */

+/* $OpenBSD: x509v3.h,v 1.26 2024/03/02 10:35:32 tb Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -692,10 +692,6 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value);

char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint);

char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,

const ASN1_ENUMERATED *aint);

-int X509V3_EXT_add(X509V3_EXT_METHOD *ext);

-int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);

-int X509V3_EXT_add_alias(int nid_to, int nid_from);

-void X509V3_EXT_cleanup(void);

const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);

const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);