diff options
author | tb <> | 2023-04-09 18:33:26 +0000 |
---|---|---|
committer | tb <> | 2023-04-09 18:33:26 +0000 |
commit | 99f4bd17e99b886eacbdf9496c9fd993845bd447 (patch) | |
tree | 0ccec4cc8c0ce6c1edf05bfe5ece5fc1c25504c7 /src/usr.bin/openssl | |
parent | 3f534e9f9450f122637aed8d48c9f569cdcbdd94 (diff) | |
download | openbsd-99f4bd17e99b886eacbdf9496c9fd993845bd447.tar.gz openbsd-99f4bd17e99b886eacbdf9496c9fd993845bd447.tar.bz2 openbsd-99f4bd17e99b886eacbdf9496c9fd993845bd447.zip |
Remove X9.31 support from openssl(1)
The X9.31 standard has long been retired and deprecated and libcrypto will
drop support for it soon. This prepares userland.
ok jsing
Diffstat (limited to 'src/usr.bin/openssl')
-rw-r--r-- | src/usr.bin/openssl/openssl.1 | 14 | ||||
-rw-r--r-- | src/usr.bin/openssl/rsautl.c | 11 |
2 files changed, 7 insertions, 18 deletions
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index b28fc0900d..224f9c8c82 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: openssl.1,v 1.140 2022/12/22 19:53:23 kn Exp $ | 1 | .\" $OpenBSD: openssl.1,v 1.141 2023/04/09 18:33:26 tb Exp $ |
2 | .\" ==================================================================== | 2 | .\" ==================================================================== |
3 | .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 3 | .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -110,7 +110,7 @@ | |||
110 | .\" copied and put under another distribution licence | 110 | .\" copied and put under another distribution licence |
111 | .\" [including the GNU Public Licence.] | 111 | .\" [including the GNU Public Licence.] |
112 | .\" | 112 | .\" |
113 | .Dd $Mdocdate: December 22 2022 $ | 113 | .Dd $Mdocdate: April 9 2023 $ |
114 | .Dt OPENSSL 1 | 114 | .Dt OPENSSL 1 |
115 | .Os | 115 | .Os |
116 | .Sh NAME | 116 | .Sh NAME |
@@ -3536,8 +3536,6 @@ for PKCS#1 padding; | |||
3536 | for no padding; | 3536 | for no padding; |
3537 | .Cm oaep | 3537 | .Cm oaep |
3538 | for OAEP mode; | 3538 | for OAEP mode; |
3539 | .Cm x931 | ||
3540 | for X9.31 mode; | ||
3541 | and | 3539 | and |
3542 | .Cm pss | 3540 | .Cm pss |
3543 | for PSS. | 3541 | for PSS. |
@@ -3548,8 +3546,6 @@ If a digest is set then a DigestInfo | |||
3548 | structure is used and its length | 3546 | structure is used and its length |
3549 | must correspond to the digest type. | 3547 | must correspond to the digest type. |
3550 | For oeap mode only encryption and decryption is supported. | 3548 | For oeap mode only encryption and decryption is supported. |
3551 | For x931 if the digest type is set it is used to format the block data; | ||
3552 | otherwise the first byte is used to specify the X9.31 digest ID. | ||
3553 | Sign, verify, and verifyrecover can be performed in this mode. | 3549 | Sign, verify, and verifyrecover can be performed in this mode. |
3554 | For pss mode only sign and verify are supported and the digest type must be | 3550 | For pss mode only sign and verify are supported and the digest type must be |
3555 | specified. | 3551 | specified. |
@@ -4213,7 +4209,7 @@ Print the public/private key components in plain text. | |||
4213 | .Op Fl in Ar file | 4209 | .Op Fl in Ar file |
4214 | .Op Fl inkey Ar file | 4210 | .Op Fl inkey Ar file |
4215 | .Op Fl keyform Cm der | pem | 4211 | .Op Fl keyform Cm der | pem |
4216 | .Op Fl oaep | pkcs | raw | x931 | 4212 | .Op Fl oaep | pkcs | raw |
4217 | .Op Fl out Ar file | 4213 | .Op Fl out Ar file |
4218 | .Op Fl passin Ar arg | 4214 | .Op Fl passin Ar arg |
4219 | .Op Fl pubin | 4215 | .Op Fl pubin |
@@ -4251,9 +4247,9 @@ The input key file; by default an RSA private key. | |||
4251 | The private key format. | 4247 | The private key format. |
4252 | The default is | 4248 | The default is |
4253 | .Cm pem . | 4249 | .Cm pem . |
4254 | .It Fl oaep | pkcs | raw | x931 | 4250 | .It Fl oaep | pkcs | raw |
4255 | The padding to use: | 4251 | The padding to use: |
4256 | PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31, | 4252 | PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, |
4257 | respectively. | 4253 | respectively. |
4258 | For signatures, only | 4254 | For signatures, only |
4259 | .Fl pkcs | 4255 | .Fl pkcs |
diff --git a/src/usr.bin/openssl/rsautl.c b/src/usr.bin/openssl/rsautl.c index 9327223123..4f674b0efe 100644 --- a/src/usr.bin/openssl/rsautl.c +++ b/src/usr.bin/openssl/rsautl.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: rsautl.c,v 1.21 2023/03/06 14:32:06 tb Exp $ */ | 1 | /* $OpenBSD: rsautl.c,v 1.22 2023/04/09 18:33:26 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 2000. | 3 | * project 2000. |
4 | */ | 4 | */ |
@@ -206,13 +206,6 @@ static const struct option rsautl_options[] = { | |||
206 | .value = RSA_VERIFY, | 206 | .value = RSA_VERIFY, |
207 | .opt.value = &cfg.rsa_mode, | 207 | .opt.value = &cfg.rsa_mode, |
208 | }, | 208 | }, |
209 | { | ||
210 | .name = "x931", | ||
211 | .desc = "Use ANSI X9.31 padding", | ||
212 | .type = OPTION_VALUE, | ||
213 | .value = RSA_X931_PADDING, | ||
214 | .opt.value = &cfg.pad, | ||
215 | }, | ||
216 | 209 | ||
217 | {NULL}, | 210 | {NULL}, |
218 | }; | 211 | }; |
@@ -224,7 +217,7 @@ rsautl_usage() | |||
224 | "usage: rsautl [-asn1parse] [-certin] [-decrypt] [-encrypt] " | 217 | "usage: rsautl [-asn1parse] [-certin] [-decrypt] [-encrypt] " |
225 | "[-hexdump]\n" | 218 | "[-hexdump]\n" |
226 | " [-in file] [-inkey file] [-keyform der | pem]\n" | 219 | " [-in file] [-inkey file] [-keyform der | pem]\n" |
227 | " [-oaep | -pkcs | -raw | -x931] [-out file] [-passin arg]\n" | 220 | " [-oaep | -pkcs | -raw] [-out file] [-passin arg]\n" |
228 | " [-pubin] [-rev] [-sign] [-verify]\n\n"); | 221 | " [-pubin] [-rev] [-sign] [-verify]\n\n"); |
229 | 222 | ||
230 | options_usage(rsautl_options); | 223 | options_usage(rsautl_options); |