From 6a11654c89cf676e929b6556a64506e345d5d445 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Tue, 25 Apr 2023 16:11:02 +0000
Subject: [PATCH] Remove the nseq command

---
 usr.bin/openssl/Makefile  |   4 +-
 usr.bin/openssl/nseq.c    | 174 --------------------------------------
 usr.bin/openssl/openssl.1 |  35 +-------
 usr.bin/openssl/openssl.c |   3 +-
 4 files changed, 5 insertions(+), 211 deletions(-)
 delete mode 100644 usr.bin/openssl/nseq.c

diff --git a/usr.bin/openssl/Makefile b/usr.bin/openssl/Makefile
index 664a5200037..47199c10e17 100644
--- a/usr.bin/openssl/Makefile
+++ b/usr.bin/openssl/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.11 2019/11/04 15:25:54 jsing Exp $
+#	$OpenBSD: Makefile,v 1.12 2023/04/25 16:11:02 tb Exp $
 
 .include <bsd.own.mk>
 
@@ -22,7 +22,7 @@ CFLAGS+= -DLIBRESSL_INTERNAL
 
 SRCS=	apps.c apps_posix.c asn1pars.c ca.c certhash.c ciphers.c cms.c crl.c \
 	crl2p7.c dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c enc.c \
-	errstr.c gendh.c gendsa.c genpkey.c genrsa.c nseq.c ocsp.c \
+	errstr.c gendh.c gendsa.c genpkey.c genrsa.c ocsp.c \
 	openssl.c passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c pkeyparam.c \
 	pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c s_cb.c s_client.c \
 	s_server.c s_socket.c s_time.c sess_id.c smime.c speed.c spkac.c ts.c \
diff --git a/usr.bin/openssl/nseq.c b/usr.bin/openssl/nseq.c
deleted file mode 100644
index fb0dda5dca8..00000000000
--- a/usr.bin/openssl/nseq.c
+++ /dev/null
@@ -1,174 +0,0 @@
-/* $OpenBSD: nseq.c,v 1.11 2023/03/06 14:32:06 tb Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-
-#include "apps.h"
-
-#include <openssl/err.h>
-#include <openssl/pem.h>
-
-static struct {
-	char *infile;
-	char *outfile;
-	int toseq;
-} cfg;
-
-static const struct option nseq_options[] = {
-	{
-		.name = "in",
-		.argname = "file",
-		.desc = "Input file to read from (default stdin)",
-		.type = OPTION_ARG,
-		.opt.arg = &cfg.infile,
-	},
-	{
-		.name = "out",
-		.argname = "file",
-		.desc = "Output file to write to (default stdout)",
-		.type = OPTION_ARG,
-		.opt.arg = &cfg.outfile,
-	},
-	{
-		.name = "toseq",
-		.desc = "Convert certificates to Netscape certificate sequence",
-		.type = OPTION_FLAG,
-		.opt.flag = &cfg.toseq,
-	},
-	{ NULL },
-};
-
-static void
-nseq_usage()
-{
-	fprintf(stderr, "usage: nseq [-in file] [-out file] [-toseq]\n");
-	options_usage(nseq_options);
-}
-
-int
-nseq_main(int argc, char **argv)
-{
-	BIO *in = NULL, *out = NULL;
-	X509 *x509 = NULL;
-	NETSCAPE_CERT_SEQUENCE *seq = NULL;
-	int i, ret = 1;
-
-	if (pledge("stdio cpath wpath rpath", NULL) == -1) {
-		perror("pledge");
-		exit(1);
-	}
-
-	memset(&cfg, 0, sizeof(cfg));
-
-	if (options_parse(argc, argv, nseq_options, NULL, NULL) != 0) {
-		nseq_usage();
-		return (1);
-	}
-
-	if (cfg.infile) {
-		if (!(in = BIO_new_file(cfg.infile, "r"))) {
-			BIO_printf(bio_err,
-			    "Can't open input file %s\n", cfg.infile);
-			goto end;
-		}
-	} else
-		in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
-	if (cfg.outfile) {
-		if (!(out = BIO_new_file(cfg.outfile, "w"))) {
-			BIO_printf(bio_err,
-			    "Can't open output file %s\n", cfg.outfile);
-			goto end;
-		}
-	} else {
-		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-	}
-	if (cfg.toseq) {
-		seq = NETSCAPE_CERT_SEQUENCE_new();
-		seq->certs = sk_X509_new_null();
-		while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
-			sk_X509_push(seq->certs, x509);
-
-		if (!sk_X509_num(seq->certs)) {
-			BIO_printf(bio_err, "Error reading certs file %s\n", cfg.infile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-		PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
-		ret = 0;
-		goto end;
-	}
-	if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
-		BIO_printf(bio_err, "Error reading sequence file %s\n", cfg.infile);
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-	for (i = 0; i < sk_X509_num(seq->certs); i++) {
-		x509 = sk_X509_value(seq->certs, i);
-		dump_cert_text(out, x509);
-		PEM_write_bio_X509(out, x509);
-	}
-	ret = 0;
- end:
-	BIO_free(in);
-	BIO_free_all(out);
-	NETSCAPE_CERT_SEQUENCE_free(seq);
-
-	return (ret);
-}
diff --git a/usr.bin/openssl/openssl.1 b/usr.bin/openssl/openssl.1
index a7c3bf5ee68..c430e49f0f0 100644
--- a/usr.bin/openssl/openssl.1
+++ b/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.142 2023/04/22 20:51:26 tb Exp $
+.\" $OpenBSD: openssl.1,v 1.143 2023/04/25 16:11:02 tb Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -110,7 +110,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: April 22 2023 $
+.Dd $Mdocdate: April 25 2023 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -2542,37 +2542,6 @@ The size of the private key to generate in bits.
 This must be the last option specified.
 The default is 2048.
 .El
-.Tg nseq
-.Sh NSEQ
-.Nm openssl nseq
-.Op Fl in Ar file
-.Op Fl out Ar file
-.Op Fl toseq
-.Pp
-The
-.Nm nseq
-command takes a file containing a Netscape certificate sequence
-(an alternative to the standard PKCS#7 format)
-and prints out the certificates contained in it,
-or takes a file of certificates
-and converts it into a Netscape certificate sequence.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl toseq
-Normally, a Netscape certificate sequence will be input and the output
-is the certificates contained in it.
-With the
-.Fl toseq
-option the situation is reversed:
-a Netscape certificate sequence is created from a file of certificates.
-.El
 .Tg ocsp
 .Sh OCSP
 .Bl -hang -width "openssl ocsp"
diff --git a/usr.bin/openssl/openssl.c b/usr.bin/openssl/openssl.c
index 1b1cea60982..51940fdf64f 100644
--- a/usr.bin/openssl/openssl.c
+++ b/usr.bin/openssl/openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: openssl.c,v 1.32 2022/11/11 18:24:32 joshua Exp $ */
+/* $OpenBSD: openssl.c,v 1.33 2023/04/25 16:11:02 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -161,7 +161,6 @@ FUNCTION functions[] = {
 	{ FUNC_TYPE_GENERAL, "enc", enc_main },
 	{ FUNC_TYPE_GENERAL, "errstr", errstr_main },
 	{ FUNC_TYPE_GENERAL, "genpkey", genpkey_main },
-	{ FUNC_TYPE_GENERAL, "nseq", nseq_main },
 #ifndef OPENSSL_NO_OCSP
 	{ FUNC_TYPE_GENERAL, "ocsp", ocsp_main },
 #endif
-- 
2.20.1