PSARC 2008/037 new EKU support for pktool and kmfcfg

6648052 pktool(1) could allow certificate signing and verification
6652751 kmf_get_kmf_error_str() doesn't know about KMF_ERR_ATTR_NOT_FOUND
6654080 kmf_verify_data() should use algorithm from the cert if KMF_ALGORITHM_INDEX_ATTR is missing
6654205 kmf_find_prikey_by_cert() should be public
6654910 kmf_validate_cert() won't get over non-existent x509v3 extensions in TA
6660235 Command summary on pktool help should be localizable.
6660622 KMF needs API to determine format of raw data

2 files changed, 2 insertions, 54 deletions

diff --git a/usr/src/lib/libkmf/plugins/kmf_openssl/common/mapfile-vers b/usr/src/lib/libkmf/plugins/kmf_openssl/common/mapfile-vers
index 08ad0b561f..ce6d8d9aa2 100644
--- a/usr/src/lib/libkmf/plugins/kmf_openssl/common/mapfile-vers
+++ b/usr/src/lib/libkmf/plugins/kmf_openssl/common/mapfile-vers
@@ -18,7 +18,7 @@
 #
 # CDDL HEADER END
 #
-# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # ident	"%Z%%M%	%I%	%E% SMI"
@@ -48,7 +48,6 @@ SUNWprivate_1.1 {
 	OpenSSL_GetSymKeyValue;
 	OpenSSL_ImportCRL;
 	OpenSSL_IsCRLFile;
-	OpenSSL_IsCertFile;
 	OpenSSL_ListCRL;
 	OpenSSL_SignData;
 	OpenSSL_StoreCert;
diff --git a/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c b/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c
index 78f9af1665..fb5af181d1 100644
--- a/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c
+++ b/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 /*
@@ -4716,57 +4716,6 @@ out:
 	return (ret);
 }
 
-/*
- * Check a file to see if it is a certficate file with PEM or DER format.
- * If success, return its format in the pformat argument.
- */
-KMF_RETURN
-OpenSSL_IsCertFile(KMF_HANDLE_T handle, char *filename,
-	KMF_ENCODE_FORMAT *pformat)
-{
-	KMF_RETURN	ret = KMF_OK;
-	KMF_HANDLE	*kmfh = (KMF_HANDLE *)handle;
-	BIO		*bio = NULL;
-	X509		*xcert = NULL;
-
-	if (filename == NULL) {
-		return (KMF_ERR_BAD_PARAMETER);
-	}
-
-	ret = kmf_get_file_format(filename, pformat);
-	if (ret != KMF_OK)
-		return (ret);
-
-	bio = BIO_new_file(filename, "rb");
-	if (bio == NULL)	{
-		SET_ERROR(kmfh, ERR_get_error());
-		ret = KMF_ERR_OPEN_FILE;
-		goto out;
-	}
-
-	if ((*pformat) == KMF_FORMAT_PEM) {
-		if ((xcert = PEM_read_bio_X509(bio, NULL,
-		    NULL, NULL)) == NULL) {
-			ret = KMF_ERR_BAD_CERTFILE;
-		}
-	} else if ((*pformat) == KMF_FORMAT_ASN1) {
-		if ((xcert = d2i_X509_bio(bio, NULL)) == NULL) {
-			ret = KMF_ERR_BAD_CERTFILE;
-		}
-	} else {
-		ret = KMF_ERR_BAD_CERTFILE;
-	}
-
-out:
-	if (bio != NULL)
-		(void) BIO_free(bio);
-
-	if (xcert != NULL)
-		X509_free(xcert);
-
-	return (ret);
-}
-
 KMF_RETURN
 OpenSSL_GetSymKeyValue(KMF_HANDLE_T handle, KMF_KEY_HANDLE *symkey,
     KMF_RAW_SYM_KEY *rkey)