openssl pkcs12: remove support for LMK and CSP attributes

Documentation on what the Microsoft-specific local machine keyset and the cryptographic service provider are actually good for is hard to find. For some reason (perhaps one million and two arguments for PKCS12_create() was considered two too many) these hang off the EVP_PKEY in the attributes member, which serves no other purpose. Every use of EVP_PKEY (of which there are far too many) pays extra memory taxes for this fringe use case. This complication is not worth it. ok miod
author: tb <> 2024-08-22 12:14:33 +0000
committer: tb <> 2024-08-22 12:14:33 +0000
commit: ebf266e10e4810d93b1809cc215996a75011f796 (patch)
tree: a2f91b43293a99c3440fa5b480a903d3520ec656 /src
parent: 0b09bf41cdc876ef77eb505c8342fb28aafa8cab (diff)
download: openbsd-ebf266e10e4810d93b1809cc215996a75011f796.tar.gz
openbsd-ebf266e10e4810d93b1809cc215996a75011f796.tar.bz2
openbsd-ebf266e10e4810d93b1809cc215996a75011f796.zip
1 files changed, 1 insertions, 25 deletions
diff --git a/src/usr.bin/openssl/pkcs12.c b/src/usr.bin/openssl/pkcs12.c
index c8706904f1..69e230eff9 100644
--- a/src/usr.bin/openssl/pkcs12.c
+++ b/src/usr.bin/openssl/pkcs12.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs12.c,v 1.27 2024/02/28 17:04:38 tb Exp $ */
+/* $OpenBSD: pkcs12.c,v 1.28 2024/08/22 12:14:33 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -93,14 +93,12 @@ static int alg_print(BIO *x, const X509_ALGOR *alg);
 static int set_pbe(BIO *err, int *ppbe, const char *str);
 static struct {
-        int add_lmk;
        char *CAfile;
        STACK_OF(OPENSSL_STRING) *canames;
        char *CApath;
        int cert_pbe;
        char *certfile;
        int chain;
-        char *csp_name;
        const EVP_CIPHER *enc;
        int export_cert;
        int key_pbe;
@@ -322,13 +320,6 @@ static const struct option pkcs12_options[] = {
                .value = CLCERTS,
        },
        {
-                .name = "CSP",
-                .argname = "name",
-                .desc = "Microsoft CSP name",
-                .type = OPTION_ARG,
-                .opt.arg = &cfg.csp_name,
-        },
-        {
                .name = "descert",
                .desc = "Encrypt PKCS#12 certificates with triple DES (default RC2-40)",
                .type = OPTION_VALUE,
@@ -384,12 +375,6 @@ static const struct option pkcs12_options[] = {
                .value = KEY_SIG,
        },
        {
-                .name = "LMK",
-                .desc = "Add local machine keyset attribute to private key",
-                .type = OPTION_FLAG,
-                .opt.flag = &cfg.add_lmk,
-        },
-        {
                .name = "macalg",
                .argname = "alg",
                .desc = "Digest algorithm used in MAC (default SHA1)",
@@ -719,15 +704,6 @@ pkcs12_main(int argc, char **argv)
                        X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
                }
-                if (cfg.csp_name != NULL && key != NULL)
-                        EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
-                            MBSTRING_ASC,
-                            (unsigned char *) cfg.csp_name, -1);
-                if (cfg.add_lmk && key != NULL)
-                        EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL,
-                            -1);
                if (!cfg.noprompt &&
                    EVP_read_pw_string(pass, sizeof pass,
                    "Enter Export Password:", 1)) {
author	tb <>	2024-08-22 12:14:33 +0000
committer	tb <>	2024-08-22 12:14:33 +0000
commit	ebf266e10e4810d93b1809cc215996a75011f796 (patch)
tree	a2f91b43293a99c3440fa5b480a903d3520ec656 /src
parent	0b09bf41cdc876ef77eb505c8342fb28aafa8cab (diff)
download	openbsd-ebf266e10e4810d93b1809cc215996a75011f796.tar.gz openbsd-ebf266e10e4810d93b1809cc215996a75011f796.tar.bz2 openbsd-ebf266e10e4810d93b1809cc215996a75011f796.zip