From fbf601c438eb8af359345af55320cf47e4920cf5 Mon Sep 17 00:00:00 2001 From: tb Date: Sun, 9 Apr 2023 18:33:26 +0000 Subject: [PATCH] Remove X9.31 support from openssl(1) The X9.31 standard has long been retired and deprecated and libcrypto will drop support for it soon. This prepares userland. ok jsing --- usr.bin/openssl/openssl.1 | 14 +++++--------- usr.bin/openssl/rsautl.c | 11 ++--------- 2 files changed, 7 insertions(+), 18 deletions(-) diff --git a/usr.bin/openssl/openssl.1 b/usr.bin/openssl/openssl.1 index b28fc0900d6..224f9c8c82a 100644 --- a/usr.bin/openssl/openssl.1 +++ b/usr.bin/openssl/openssl.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.1,v 1.140 2022/12/22 19:53:23 kn Exp $ +.\" $OpenBSD: openssl.1,v 1.141 2023/04/09 18:33:26 tb Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" @@ -110,7 +110,7 @@ .\" copied and put under another distribution licence .\" [including the GNU Public Licence.] .\" -.Dd $Mdocdate: December 22 2022 $ +.Dd $Mdocdate: April 9 2023 $ .Dt OPENSSL 1 .Os .Sh NAME @@ -3536,8 +3536,6 @@ for PKCS#1 padding; for no padding; .Cm oaep for OAEP mode; -.Cm x931 -for X9.31 mode; and .Cm pss for PSS. @@ -3548,8 +3546,6 @@ If a digest is set then a DigestInfo structure is used and its length must correspond to the digest type. For oeap mode only encryption and decryption is supported. -For x931 if the digest type is set it is used to format the block data; -otherwise the first byte is used to specify the X9.31 digest ID. Sign, verify, and verifyrecover can be performed in this mode. For pss mode only sign and verify are supported and the digest type must be specified. @@ -4213,7 +4209,7 @@ Print the public/private key components in plain text. .Op Fl in Ar file .Op Fl inkey Ar file .Op Fl keyform Cm der | pem -.Op Fl oaep | pkcs | raw | x931 +.Op Fl oaep | pkcs | raw .Op Fl out Ar file .Op Fl passin Ar arg .Op Fl pubin @@ -4251,9 +4247,9 @@ The input key file; by default an RSA private key. The private key format. The default is .Cm pem . -.It Fl oaep | pkcs | raw | x931 +.It Fl oaep | pkcs | raw The padding to use: -PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31, +PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, respectively. For signatures, only .Fl pkcs diff --git a/usr.bin/openssl/rsautl.c b/usr.bin/openssl/rsautl.c index 9327223123e..4f674b0efed 100644 --- a/usr.bin/openssl/rsautl.c +++ b/usr.bin/openssl/rsautl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsautl.c,v 1.21 2023/03/06 14:32:06 tb Exp $ */ +/* $OpenBSD: rsautl.c,v 1.22 2023/04/09 18:33:26 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -206,13 +206,6 @@ static const struct option rsautl_options[] = { .value = RSA_VERIFY, .opt.value = &cfg.rsa_mode, }, - { - .name = "x931", - .desc = "Use ANSI X9.31 padding", - .type = OPTION_VALUE, - .value = RSA_X931_PADDING, - .opt.value = &cfg.pad, - }, {NULL}, }; @@ -224,7 +217,7 @@ rsautl_usage() "usage: rsautl [-asn1parse] [-certin] [-decrypt] [-encrypt] " "[-hexdump]\n" " [-in file] [-inkey file] [-keyform der | pem]\n" - " [-oaep | -pkcs | -raw | -x931] [-out file] [-passin arg]\n" + " [-oaep | -pkcs | -raw] [-out file] [-passin arg]\n" " [-pubin] [-rev] [-sign] [-verify]\n\n"); options_usage(rsautl_options); -- 2.20.1