From 8e223a04ee8f4d7802dc13c5046bff7f1f84d039 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 24 Aug 2018 20:09:56 +0000 Subject: [PATCH] Stop handling broken PKCS#8 formats in openssl(1). ok jsing --- usr.bin/openssl/pkcs8.c | 54 ++--------------------------------------- 1 file changed, 2 insertions(+), 52 deletions(-) diff --git a/usr.bin/openssl/pkcs8.c b/usr.bin/openssl/pkcs8.c index a0dac887729..03278989034 100644 --- a/usr.bin/openssl/pkcs8.c +++ b/usr.bin/openssl/pkcs8.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs8.c,v 1.11 2018/02/07 05:47:55 jsing Exp $ */ +/* $OpenBSD: pkcs8.c,v 1.12 2018/08/24 20:09:56 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999-2004. */ @@ -75,7 +75,6 @@ static struct { int nocrypt; char *outfile; int outformat; - int p8_broken; char *passargin; char *passargout; int pbe_nid; @@ -105,13 +104,6 @@ pkcs8_opt_v2(char *arg) } static struct option pkcs8_options[] = { - { - .name = "embed", - .desc = "Generate DSA keys in a broken format", - .type = OPTION_VALUE, - .value = PKCS8_EMBEDDED_PARAM, - .opt.value = &pkcs8_config.p8_broken, - }, { .name = "in", .argname = "file", @@ -139,20 +131,6 @@ static struct option pkcs8_options[] = { .value = 1, .opt.value = &pkcs8_config.iter, }, - { - .name = "nooct", - .desc = "Generate RSA keys in a broken format (no octet)", - .type = OPTION_VALUE, - .value = PKCS8_NO_OCTET, - .opt.value = &pkcs8_config.p8_broken, - }, - { - .name = "nsdb", - .desc = "Generate DSA keys in the broken Netscape DB format", - .type = OPTION_VALUE, - .value = PKCS8_NS_DB, - .opt.value = &pkcs8_config.p8_broken, - }, { .name = "out", .argname = "file", @@ -238,7 +216,6 @@ pkcs8_main(int argc, char **argv) pkcs8_config.iter = PKCS12_DEFAULT_ITER; pkcs8_config.informat = FORMAT_PEM; pkcs8_config.outformat = FORMAT_PEM; - pkcs8_config.p8_broken = PKCS8_OK; pkcs8_config.pbe_nid = -1; if (options_parse(argc, argv, pkcs8_options, NULL, NULL) != 0) { @@ -278,8 +255,7 @@ pkcs8_main(int argc, char **argv) pkcs8_config.informat, 1, passin, "key"); if (!pkey) goto end; - if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, - pkcs8_config.p8_broken))) { + if (!(p8inf = EVP_PKEY2PKCS8(pkey))) { BIO_printf(bio_err, "Error converting key\n"); ERR_print_errors(bio_err); goto end; @@ -369,32 +345,6 @@ pkcs8_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (p8inf->broken) { - BIO_printf(bio_err, "Warning: broken key encoding: "); - switch (p8inf->broken) { - case PKCS8_NO_OCTET: - BIO_printf(bio_err, "No Octet String in PrivateKey\n"); - break; - - case PKCS8_EMBEDDED_PARAM: - BIO_printf(bio_err, - "DSA parameters included in PrivateKey\n"); - break; - - case PKCS8_NS_DB: - BIO_printf(bio_err, - "DSA public key include in PrivateKey\n"); - break; - - case PKCS8_NEG_PRIVKEY: - BIO_printf(bio_err, "DSA private key value is negative\n"); - break; - - default: - BIO_printf(bio_err, "Unknown broken type\n"); - break; - } - } if (pkcs8_config.outformat == FORMAT_PEM) PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout); -- 2.20.1