Remove X9.31 support from openssl(1)

The X9.31 standard has long been retired and deprecated and libcrypto will
drop support for it soon. This prepares userland.

ok jsing

2 files changed, 7 insertions, 18 deletions

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index b28fc0900d..224f9c8c82 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.140 2022/12/22 19:53:23 kn Exp $
+.\" $OpenBSD: openssl.1,v 1.141 2023/04/09 18:33:26 tb Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -110,7 +110,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: December 22 2022 $
+.Dd $Mdocdate: April 9 2023 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -3536,8 +3536,6 @@ for PKCS#1 padding;
 for no padding;
 .Cm oaep
 for OAEP mode;
-.Cm x931
-for X9.31 mode;
 and
 .Cm pss
 for PSS.
@@ -3548,8 +3546,6 @@ If a digest is set then a DigestInfo
 structure is used and its length
 must correspond to the digest type.
 For oeap mode only encryption and decryption is supported.
-For x931 if the digest type is set it is used to format the block data;
-otherwise the first byte is used to specify the X9.31 digest ID.
 Sign, verify, and verifyrecover can be performed in this mode.
 For pss mode only sign and verify are supported and the digest type must be
 specified.
@@ -4213,7 +4209,7 @@ Print the public/private key components in plain text.
 .Op Fl in Ar file
 .Op Fl inkey Ar file
 .Op Fl keyform Cm der | pem
-.Op Fl oaep | pkcs | raw | x931
+.Op Fl oaep | pkcs | raw
 .Op Fl out Ar file
 .Op Fl passin Ar arg
 .Op Fl pubin
@@ -4251,9 +4247,9 @@ The input key file; by default an RSA private key.
 The private key format.
 The default is
 .Cm pem .
-.It Fl oaep | pkcs | raw | x931
+.It Fl oaep | pkcs | raw
 The padding to use:
-PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31,
+PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding,
 respectively.
 For signatures, only
 .Fl pkcs
diff --git a/src/usr.bin/openssl/rsautl.c b/src/usr.bin/openssl/rsautl.c
index 9327223123..4f674b0efe 100644
--- a/src/usr.bin/openssl/rsautl.c
+++ b/src/usr.bin/openssl/rsautl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsautl.c,v 1.21 2023/03/06 14:32:06 tb Exp $ */
+/* $OpenBSD: rsautl.c,v 1.22 2023/04/09 18:33:26 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -206,13 +206,6 @@ static const struct option rsautl_options[] = {
                 .value = RSA_VERIFY,
                 .opt.value = &cfg.rsa_mode,
         },
-        {
-                .name = "x931",
-                .desc = "Use ANSI X9.31 padding",
-                .type = OPTION_VALUE,
-                .value = RSA_X931_PADDING,
-                .opt.value = &cfg.pad,
-        },
 
         {NULL},
 };
@@ -224,7 +217,7 @@ rsautl_usage()
             "usage: rsautl [-asn1parse] [-certin] [-decrypt] [-encrypt] "
             "[-hexdump]\n"
             "    [-in file] [-inkey file] [-keyform der | pem]\n"
-            "    [-oaep | -pkcs | -raw | -x931] [-out file] [-passin arg]\n"
+            "    [-oaep | -pkcs | -raw] [-out file] [-passin arg]\n"
             "    [-pubin] [-rev] [-sign] [-verify]\n\n");
 
         options_usage(rsautl_options);