From 5fee606442a6738fd06a756d7076be53b7b7734c Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 14 Nov 2004 00:08:36 +0000 Subject: [PATCH] Zap obsolete der_chop script. --- Configure | 1 - apps/Makefile.ssl | 2 +- apps/der_chop.in | 305 ---------------------------------------------- 3 files changed, 1 insertion(+), 307 deletions(-) delete mode 100644 apps/der_chop.in diff --git a/Configure b/Configure index 7e97aa5653..cc91c3dcb8 100755 --- a/Configure +++ b/Configure @@ -1532,7 +1532,6 @@ EOF if $make_targets ne ""; if ( $perl =~ m@^/@) { &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); - &dofile("apps/der_chop",$perl,'^#!/', '#!%s'); &dofile("apps/CA.pl",$perl,'^#!/', '#!%s'); } else { # No path for Perl known ... diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 9f6356c8f1..8144637a58 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -38,7 +38,7 @@ LIBSSL=-L.. -lssl PROGRAM= openssl -SCRIPTS=CA.sh CA.pl der_chop +SCRIPTS=CA.sh CA.pl EXE= $(PROGRAM)$(EXE_EXT) diff --git a/apps/der_chop.in b/apps/der_chop.in deleted file mode 100644 index 9070b032fc..0000000000 --- a/apps/der_chop.in +++ /dev/null @@ -1,305 +0,0 @@ -#!/usr/local/bin/perl -# -# der_chop ... this is one total hack that Eric is really not proud of -# so don't look at it and don't ask for support -# -# The "documentation" for this (i.e. all the comments) are my fault --tjh -# -# This program takes the "raw" output of derparse/asn1parse and -# converts it into tokens and then runs regular expression matches -# to try to figure out what to grab to get the things that are needed -# and it is possible that this will do the wrong thing as it is a *hack* -# -# SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET) -# [I know ... promises promises :-)] -# -# To convert a Netscape Certificate: -# der_chop < ServerCert.der > cert.pem -# To convert a Netscape Key (and encrypt it again to protect it) -# rsa -inform NET -in ServerKey.der -des > key.pem -# -# 23-Apr-96 eay Added the extra ASN.1 string types, I still think this -# is an evil hack. If nothing else the parsing should -# be relative, not absolute. -# 19-Apr-96 tjh hacked (with eay) into 0.5.x format -# -# Tim Hudson -# tjh@cryptsoft.com -# - - -require 'getopts.pl'; - -$debug=0; - -# this was the 0.4.x way of doing things ... -$cmd="derparse"; -$x509_cmd="x509"; -$crl_cmd="crl"; -$rc4_cmd="rc4"; -$md2_cmd="md2"; -$md4_cmd="md4"; -$rsa_cmd="rsa -des -inform der "; - -# this was the 0.5.x way of doing things ... -$cmd="openssl asn1parse"; -$x509_cmd="openssl x509"; -$crl_cmd="openssl crl"; -$rc4_cmd="openssl rc4"; -$md2_cmd="openssl md2"; -$md4_cmd="openssl md4"; -$rsa_cmd="openssl rsa -des -inform der "; - -&Getopts('vd:') || die "usage:$0 [-v] [-d num] file"; -$depth=($opt_d =~ /^\d+$/)?$opt_d:0; - -&init_der(); - -if ($#ARGV != -1) - { - foreach $file (@ARGV) - { - print STDERR "doing $file\n"; - &dofile($file); - } - } -else - { - $file="/tmp/a$$.DER"; - open(OUT,">$file") || die "unable to open $file:$!\n"; - for (;;) - { - $i=sysread(STDIN,$b,1024*10); - last if ($i <= 0); - $i=syswrite(OUT,$b,$i); - } - &dofile($file); - unlink($file); - } - -sub dofile - { - local($file)=@_; - local(@p); - - $b=&load_file($file); - @p=&load_file_parse($file); - - foreach $_ (@p) - { - ($off,$d,$hl,$len)=&parse_line($_); - $d-=$depth; - next if ($d != 0); - next if ($len == 0); - - $o=substr($b,$off,$len+$hl); - ($str,@data)=&der_str($o); - print "$str\n" if ($opt_v); - if ($str =~ /^$crl/) - { - open(OUT,"|$crl_cmd -inform d -hash -issuer") || - die "unable to run $crl_cmd:$!\n"; - print OUT $o; - close(OUT); - } - elsif ($str =~ /^$x509/) - { - open(OUT,"|$x509_cmd -inform d -hash -subject -issuer") - || die "unable to run $x509_cmd:$!\n"; - print OUT $o; - close(OUT); - } - elsif ($str =~ /^$rsa/) - { - ($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/); - next unless ($type eq "rsaEncryption"); - ($off,$d,$hl,$len)=&parse_line($data[5]); - $os=substr($o,$off+$hl,$len); - open(OUT,"|$rsa_cmd") - || die "unable to run $rsa_cmd:$!\n"; - print OUT $os; - close(OUT); - } - elsif ($str =~ /^0G-1D-1G/) - { - ($off,$d,$hl,$len)=&parse_line($data[1]); - $os=substr($o,$off+$hl,$len); - print STDERR "<$os>\n" if $opt_v; - &do_certificate($o,@data) - if (($os eq "certificate") && - ($str =! /^0G-1D-1G-2G-3F-3E-2D/)); - &do_private_key($o,@data) - if (($os eq "private-key") && - ($str =! /^0G-1D-1G-2G-3F-3E-2D/)); - } - } - } - -sub der_str - { - local($str)=@_; - local(*OUT,*IN,@a,$t,$d,$ret); - local($file)="/tmp/b$$.DER"; - local(@ret); - - open(OUT,">$file"); - print OUT $str; - close(OUT); - open(IN,"$cmd -inform 'd' -in $file |") || - die "unable to run $cmd:$!\n"; - $ret=""; - while () - { - chop; - push(@ret,$_); - - print STDERR "$_\n" if ($debug); - - @a=split(/\s*:\s*/); - ($d)=($a[1] =~ /d=\s*(\d+)/); - $a[2] =~ s/\s+$//; - $t=$DER_s2i{$a[2]}; - $ret.="$d$t-"; - } - close(IN); - unlink($file); - chop $ret; - $ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g; - $ret =~ s/(-3G-4B-4L)+/-RCERT/g; - return($ret,@ret); - } - -sub init_der - { - $crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C"; - $x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C"; - $rsa= "0G-1B-1G-2F-2E-1D"; - - %DER_i2s=( - # SSLeay 0.4.x has this list - "A","EOC", - "B","INTEGER", - "C","BIT STRING", - "D","OCTET STRING", - "E","NULL", - "F","OBJECT", - "G","SEQUENCE", - "H","SET", - "I","PRINTABLESTRING", - "J","T61STRING", - "K","IA5STRING", - "L","UTCTIME", - "M","NUMERICSTRING", - "N","VIDEOTEXSTRING", - "O","GENERALIZEDTIME", - "P","GRAPHICSTRING", - "Q","ISO64STRING", - "R","GENERALSTRING", - "S","UNIVERSALSTRING", - - # SSLeay 0.5.x changed some things ... and I'm - # leaving in the old stuff but adding in these - # to handle the new as well --tjh - # - Well I've just taken them out and added the extra new - # ones :-) - eay - ); - - foreach (keys %DER_i2s) - { $DER_s2i{$DER_i2s{$_}}=$_; } - } - -sub parse_line - { - local($_)=@_; - - return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/); - } - -# 0:d=0 hl=4 l=377 cons: univ: SEQUENCE -# 4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING -# 17:d=1 hl=4 l=360 cons: univ: SEQUENCE -# 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE -# 23:d=3 hl=2 l= 8 prim: univ: OBJECT_IDENTIFIER :rc4 -# 33:d=3 hl=2 l= 0 prim: univ: NULL -# 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING -sub do_private_key - { - local($data,@struct)=@_; - local($file)="/tmp/b$$.DER"; - local($off,$d,$hl,$len,$_,$b,@p,$s); - - ($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/); - if ($type eq "rc4") - { - ($off,$d,$hl,$len)=&parse_line($struct[6]); - open(OUT,"|$rc4_cmd >$file") || - die "unable to run $rc4_cmd:$!\n"; - print OUT substr($data,$off+$hl,$len); - close(OUT); - - $b=&load_file($file); - unlink($file); - - ($s,@p)=&der_str($b); - die "unknown rsa key type\n$s\n" - if ($s ne '0G-1B-1G-2F-2E-1D'); - local($off,$d,$hl,$len)=&parse_line($p[5]); - $b=substr($b,$off+$hl,$len); - ($s,@p)=&der_str($b); - open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n"; - print OUT $b; - close(OUT); - } - else - { - print "'$type' is unknown\n"; - exit(1); - } - } - -sub do_certificate - { - local($data,@struct)=@_; - local($file)="/tmp/b$$.DER"; - local($off,$d,$hl,$len,$_,$b,@p,$s); - - ($off,$d,$hl,$len)=&parse_line($struct[2]); - $b=substr($data,$off,$len+$hl); - - open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n"; - print OUT $b; - close(OUT); - } - -sub load_file - { - local($file)=@_; - local(*IN,$r,$b,$i); - - $r=""; - open(IN,"<$file") || die "unable to open $file:$!\n"; - for (;;) - { - $i=sysread(IN,$b,10240); - last if ($i <= 0); - $r.=$b; - } - close(IN); - return($r); - } - -sub load_file_parse - { - local($file)=@_; - local(*IN,$r,@ret,$_,$i,$n,$b); - - open(IN,"$cmd -inform d -in $file|") - || die "unable to run der_parse\n"; - while () - { - chop; - push(@ret,$_); - } - return($r,@ret); - } - -- 2.25.1