Stop handling broken PKCS#8 formats in openssl(1).

ok jsing
author: tb <> 2018-08-24 20:09:56 +0000
committer: tb <> 2018-08-24 20:09:56 +0000
commit: 7933a0871b35f614a35f0194835c1415d26609d0 (patch)
tree: 4cd224709219e2a0059f15e4e8e8b5b467ccc986 /src/usr.bin
parent: 41189be79309f39d1bf45f50b75751b6ac97529c (diff)
download: openbsd-7933a0871b35f614a35f0194835c1415d26609d0.tar.gz
openbsd-7933a0871b35f614a35f0194835c1415d26609d0.tar.bz2
openbsd-7933a0871b35f614a35f0194835c1415d26609d0.zip
1 files changed, 2 insertions, 52 deletions
diff --git a/src/usr.bin/openssl/pkcs8.c b/src/usr.bin/openssl/pkcs8.c
index a0dac88772..0327898903 100644
--- a/src/usr.bin/openssl/pkcs8.c
+++ b/src/usr.bin/openssl/pkcs8.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs8.c,v 1.11 2018/02/07 05:47:55 jsing Exp $ */
+/* $OpenBSD: pkcs8.c,v 1.12 2018/08/24 20:09:56 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999-2004.
 */
@@ -75,7 +75,6 @@ static struct {
        int nocrypt;
        char *outfile;
        int outformat;
-        int p8_broken;
        char *passargin;
        char *passargout;
        int pbe_nid;
@@ -106,13 +105,6 @@ pkcs8_opt_v2(char *arg)
 static struct option pkcs8_options[] = {
        {
-                .name = "embed",
-                .desc = "Generate DSA keys in a broken format",
-                .type = OPTION_VALUE,
-                .value = PKCS8_EMBEDDED_PARAM,
-                .opt.value = &pkcs8_config.p8_broken,
-        },
-        {
                .name = "in",
                .argname = "file",
                .desc = "Input file (default stdin)",
@@ -140,20 +132,6 @@ static struct option pkcs8_options[] = {
                .opt.value = &pkcs8_config.iter,
        },
        {
-                .name = "nooct",
-                .desc = "Generate RSA keys in a broken format (no octet)",
-                .type = OPTION_VALUE,
-                .value = PKCS8_NO_OCTET,
-                .opt.value = &pkcs8_config.p8_broken,
-        },
-        {
-                .name = "nsdb",
-                .desc = "Generate DSA keys in the broken Netscape DB format",
-                .type = OPTION_VALUE,
-                .value = PKCS8_NS_DB,
-                .opt.value = &pkcs8_config.p8_broken,
-        },
-        {
                .name = "out",
                .argname = "file",
                .desc = "Output file (default stdout)",
@@ -238,7 +216,6 @@ pkcs8_main(int argc, char **argv)
        pkcs8_config.iter = PKCS12_DEFAULT_ITER;
        pkcs8_config.informat = FORMAT_PEM;
        pkcs8_config.outformat = FORMAT_PEM;
-        pkcs8_config.p8_broken = PKCS8_OK;
        pkcs8_config.pbe_nid = -1;
        if (options_parse(argc, argv, pkcs8_options, NULL, NULL) != 0) {
@@ -278,8 +255,7 @@ pkcs8_main(int argc, char **argv)
                    pkcs8_config.informat, 1, passin, "key");
                if (!pkey)
                        goto end;
-                if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey,
+                if (!(p8inf = EVP_PKEY2PKCS8(pkey))) {
-                    pkcs8_config.p8_broken))) {
                        BIO_printf(bio_err, "Error converting key\n");
                        ERR_print_errors(bio_err);
                        goto end;
@@ -369,32 +345,6 @@ pkcs8_main(int argc, char **argv)
                ERR_print_errors(bio_err);
                goto end;
        }
-        if (p8inf->broken) {
-                BIO_printf(bio_err, "Warning: broken key encoding: ");
-                switch (p8inf->broken) {
-                case PKCS8_NO_OCTET:
-                        BIO_printf(bio_err, "No Octet String in PrivateKey\n");
-                        break;
-                case PKCS8_EMBEDDED_PARAM:
-                        BIO_printf(bio_err,
-                            "DSA parameters included in PrivateKey\n");
-                        break;
-                case PKCS8_NS_DB:
-                        BIO_printf(bio_err,
-                            "DSA public key include in PrivateKey\n");
-                        break;
-                case PKCS8_NEG_PRIVKEY:
-                        BIO_printf(bio_err, "DSA private key value is negative\n");
-                        break;
-                default:
-                        BIO_printf(bio_err, "Unknown broken type\n");
-                        break;
-                }
-        }
        if (pkcs8_config.outformat == FORMAT_PEM)
                PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL,
                    passout);
author	tb <>	2018-08-24 20:09:56 +0000
committer	tb <>	2018-08-24 20:09:56 +0000
commit	7933a0871b35f614a35f0194835c1415d26609d0 (patch)
tree	4cd224709219e2a0059f15e4e8e8b5b467ccc986 /src/usr.bin
parent	41189be79309f39d1bf45f50b75751b6ac97529c (diff)
download	openbsd-7933a0871b35f614a35f0194835c1415d26609d0.tar.gz openbsd-7933a0871b35f614a35f0194835c1415d26609d0.tar.bz2 openbsd-7933a0871b35f614a35f0194835c1415d26609d0.zip

diff --git a/src/usr.bin/openssl/pkcs8.c b/src/usr.bin/openssl/pkcs8.c index a0dac88772..0327898903 100644 --- a/src/usr.bin/openssl/pkcs8.c +++ b/src/usr.bin/openssl/pkcs8.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pkcs8.c,v 1.11 2018/02/07 05:47:55 jsing Exp $ */	1	/* $OpenBSD: pkcs8.c,v 1.12 2018/08/24 20:09:56 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999-2004.	3	* project 1999-2004.
4	*/	4	*/
@@ -75,7 +75,6 @@ static struct {
75	int nocrypt;	75	int nocrypt;
76	char *outfile;	76	char *outfile;
77	int outformat;	77	int outformat;
78	int p8_broken;
79	char *passargin;	78	char *passargin;
80	char *passargout;	79	char *passargout;
81	int pbe_nid;	80	int pbe_nid;
@@ -106,13 +105,6 @@ pkcs8_opt_v2(char *arg)
106		105
107	static struct option pkcs8_options[] = {	106	static struct option pkcs8_options[] = {
108	{	107	{
109	.name = "embed",
110	.desc = "Generate DSA keys in a broken format",
111	.type = OPTION_VALUE,
112	.value = PKCS8_EMBEDDED_PARAM,
113	.opt.value = &pkcs8_config.p8_broken,
114	},
115	{
116	.name = "in",	108	.name = "in",
117	.argname = "file",	109	.argname = "file",
118	.desc = "Input file (default stdin)",	110	.desc = "Input file (default stdin)",
@@ -140,20 +132,6 @@ static struct option pkcs8_options[] = {
140	.opt.value = &pkcs8_config.iter,	132	.opt.value = &pkcs8_config.iter,
141	},	133	},
142	{	134	{
143	.name = "nooct",
144	.desc = "Generate RSA keys in a broken format (no octet)",
145	.type = OPTION_VALUE,
146	.value = PKCS8_NO_OCTET,
147	.opt.value = &pkcs8_config.p8_broken,
148	},
149	{
150	.name = "nsdb",
151	.desc = "Generate DSA keys in the broken Netscape DB format",
152	.type = OPTION_VALUE,
153	.value = PKCS8_NS_DB,
154	.opt.value = &pkcs8_config.p8_broken,
155	},
156	{
157	.name = "out",	135	.name = "out",
158	.argname = "file",	136	.argname = "file",
159	.desc = "Output file (default stdout)",	137	.desc = "Output file (default stdout)",
@@ -238,7 +216,6 @@ pkcs8_main(int argc, char **argv)
238	pkcs8_config.iter = PKCS12_DEFAULT_ITER;	216	pkcs8_config.iter = PKCS12_DEFAULT_ITER;
239	pkcs8_config.informat = FORMAT_PEM;	217	pkcs8_config.informat = FORMAT_PEM;
240	pkcs8_config.outformat = FORMAT_PEM;	218	pkcs8_config.outformat = FORMAT_PEM;
241	pkcs8_config.p8_broken = PKCS8_OK;
242	pkcs8_config.pbe_nid = -1;	219	pkcs8_config.pbe_nid = -1;
243		220
244	if (options_parse(argc, argv, pkcs8_options, NULL, NULL) != 0) {	221	if (options_parse(argc, argv, pkcs8_options, NULL, NULL) != 0) {
@@ -278,8 +255,7 @@ pkcs8_main(int argc, char **argv)
278	pkcs8_config.informat, 1, passin, "key");	255	pkcs8_config.informat, 1, passin, "key");
279	if (!pkey)	256	if (!pkey)
280	goto end;	257	goto end;
281	if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey,	258	if (!(p8inf = EVP_PKEY2PKCS8(pkey))) {
282	pkcs8_config.p8_broken))) {
283	BIO_printf(bio_err, "Error converting key\n");	259	BIO_printf(bio_err, "Error converting key\n");
284	ERR_print_errors(bio_err);	260	ERR_print_errors(bio_err);
285	goto end;	261	goto end;
@@ -369,32 +345,6 @@ pkcs8_main(int argc, char **argv)
369	ERR_print_errors(bio_err);	345	ERR_print_errors(bio_err);
370	goto end;	346	goto end;
371	}	347	}
372	if (p8inf->broken) {
373	BIO_printf(bio_err, "Warning: broken key encoding: ");
374	switch (p8inf->broken) {
375	case PKCS8_NO_OCTET:
376	BIO_printf(bio_err, "No Octet String in PrivateKey\n");
377	break;
378
379	case PKCS8_EMBEDDED_PARAM:
380	BIO_printf(bio_err,
381	"DSA parameters included in PrivateKey\n");
382	break;
383
384	case PKCS8_NS_DB:
385	BIO_printf(bio_err,
386	"DSA public key include in PrivateKey\n");
387	break;
388
389	case PKCS8_NEG_PRIVKEY:
390	BIO_printf(bio_err, "DSA private key value is negative\n");
391	break;
392
393	default:
394	BIO_printf(bio_err, "Unknown broken type\n");
395	break;
396	}
397	}
398	if (pkcs8_config.outformat == FORMAT_PEM)	348	if (pkcs8_config.outformat == FORMAT_PEM)
399	PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL,	349	PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL,
400	passout);	350	passout);