From 646e9a2ff357c2d5ef38314b399014ad7522b2ae Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 29 Aug 2024 17:01:02 +0000 Subject: [PATCH] Remove check and pubcheck from openssl pkey and pkeyparam The underlying API will be removed, so these commands have to go. ok beck --- usr.bin/openssl/apps.c | 30 +----------------------------- usr.bin/openssl/apps.h | 5 +---- usr.bin/openssl/pkey.c | 28 +++------------------------- usr.bin/openssl/pkeyparam.c | 17 ++--------------- 4 files changed, 7 insertions(+), 73 deletions(-) diff --git a/usr.bin/openssl/apps.c b/usr.bin/openssl/apps.c index f58aa5365f2..a04190910de 100644 --- a/usr.bin/openssl/apps.c +++ b/usr.bin/openssl/apps.c @@ -1,4 +1,4 @@ -/* $OpenBSD: apps.c,v 1.68 2024/08/18 20:24:11 tb Exp $ */ +/* $OpenBSD: apps.c,v 1.69 2024/08/29 17:01:02 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -2156,31 +2156,3 @@ show_cipher(const OBJ_NAME *name, void *arg) fprintf(stderr, " -%-24s%s", name->name, (++*n % 3 != 0 ? "" : "\n")); } - -int -pkey_check(BIO *out, EVP_PKEY *pkey, int (check_fn)(EVP_PKEY_CTX *), - const char *desc) -{ - EVP_PKEY_CTX *ctx; - - if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) { - ERR_print_errors(bio_err); - return 0; - } - - if (check_fn(ctx) == 1) { - BIO_printf(out, "%s valid\n", desc); - } else { - unsigned long err; - - BIO_printf(out, "%s invalid\n", desc); - - while ((err = ERR_get_error()) != 0) - BIO_printf(out, "Detailed error: %s\n", - ERR_reason_error_string(err)); - } - - EVP_PKEY_CTX_free(ctx); - - return 1; -} diff --git a/usr.bin/openssl/apps.h b/usr.bin/openssl/apps.h index 7a59b737e19..a30706e3648 100644 --- a/usr.bin/openssl/apps.h +++ b/usr.bin/openssl/apps.h @@ -1,4 +1,4 @@ -/* $OpenBSD: apps.h,v 1.37 2024/05/21 05:00:48 jsg Exp $ */ +/* $OpenBSD: apps.h,v 1.38 2024/08/29 17:01:02 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -315,7 +315,4 @@ int options_parse(int argc, char **argv, const struct option *opts, char **unnamed, int *argsused); void show_cipher(const OBJ_NAME *name, void *arg); - -int pkey_check(BIO *out, EVP_PKEY *pkey, int (check_fn)(EVP_PKEY_CTX *), - const char *desc); #endif diff --git a/usr.bin/openssl/pkey.c b/usr.bin/openssl/pkey.c index 47fa2dd3622..d3c9f27d259 100644 --- a/usr.bin/openssl/pkey.c +++ b/usr.bin/openssl/pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkey.c,v 1.20 2023/07/23 11:39:29 tb Exp $ */ +/* $OpenBSD: pkey.c,v 1.21 2024/08/29 17:01:02 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006 */ @@ -66,7 +66,6 @@ #include static struct { - int check; const EVP_CIPHER *cipher; char *infile; int informat; @@ -75,7 +74,6 @@ static struct { int outformat; char *passargin; char *passargout; - int pubcheck; int pubin; int pubout; int pubtext; @@ -100,12 +98,6 @@ pkey_opt_cipher(int argc, char **argv, int *argsused) } static const struct option pkey_options[] = { - { - .name = "check", - .desc = "Check validity of key", - .type = OPTION_FLAG, - .opt.flag = &cfg.check, - }, { .name = "in", .argname = "file", @@ -154,12 +146,6 @@ static const struct option pkey_options[] = { .type = OPTION_ARG, .opt.arg = &cfg.passargout, }, - { - .name = "pubcheck", - .desc = "Check validity of public key", - .type = OPTION_FLAG, - .opt.flag = &cfg.pubcheck, - }, { .name = "pubin", .desc = "Expect a public key (default private key)", @@ -200,9 +186,9 @@ pkey_usage(void) int n = 0; fprintf(stderr, - "usage: pkey [-check] [-ciphername] [-in file] [-inform fmt] " + "usage: pkey [-ciphername] [-in file] [-inform fmt] " "[-noout] [-out file]\n" - " [-outform fmt] [-passin src] [-passout src] [-pubcheck] " + " [-outform fmt] [-passin src] [-passout src] " "[-pubin] [-pubout]\n" " [-text] [-text_pub]\n\n"); options_usage(pkey_options); @@ -264,14 +250,6 @@ pkey_main(int argc, char **argv) if (!pkey) goto end; - if (cfg.check) { - if (!pkey_check(out, pkey, EVP_PKEY_check, "Key pair")) - goto end; - } else if (cfg.pubcheck) { - if (!pkey_check(out, pkey, EVP_PKEY_public_check, "Public key")) - goto end; - } - if (!cfg.noout) { if (cfg.outformat == FORMAT_PEM) { if (cfg.pubout) diff --git a/usr.bin/openssl/pkeyparam.c b/usr.bin/openssl/pkeyparam.c index 543715e521d..ce0206a700d 100644 --- a/usr.bin/openssl/pkeyparam.c +++ b/usr.bin/openssl/pkeyparam.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkeyparam.c,v 1.18 2023/07/23 11:39:29 tb Exp $ */ +/* $OpenBSD: pkeyparam.c,v 1.19 2024/08/29 17:01:02 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006 */ @@ -66,7 +66,6 @@ #include static struct { - int check; char *infile; int noout; char *outfile; @@ -74,12 +73,6 @@ static struct { } cfg; static const struct option pkeyparam_options[] = { - { - .name = "check", - .desc = "Check validity of key parameters", - .type = OPTION_FLAG, - .opt.flag = &cfg.check, - }, { .name = "in", .argname = "file", @@ -113,8 +106,7 @@ static void pkeyparam_usage(void) { fprintf(stderr, - "usage: pkeyparam [-check] [-in file] [-noout] [-out file] " - "[-text]\n"); + "usage: pkeyparam [-in file] [-noout] [-out file] [-text]\n"); options_usage(pkeyparam_options); } @@ -163,11 +155,6 @@ pkeyparam_main(int argc, char **argv) goto end; } - if (cfg.check) { - if (!pkey_check(out, pkey, EVP_PKEY_param_check, "Parameters")) - goto end; - } - if (!cfg.noout) PEM_write_bio_Parameters(out, pkey); -- 2.20.1