From c21eea145d12f7ab9b0fa83debe4931b485d1279 Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 20 Dec 2025 07:02:37 +0000 Subject: openssl: Remove -{,un}compress from cms "app" We haven't supported compiling against zlib in a very long time. These are the only two calls to CMS_{,un}compress(3) in the ecosystem. I am going to remove these two API stubs in the next major bump. ok jsing kenjiro --- src/usr.bin/openssl/cms.c | 35 +++++++---------------------------- src/usr.bin/openssl/openssl.1 | 15 +++------------ 2 files changed, 10 insertions(+), 40 deletions(-) (limited to 'src') diff --git a/src/usr.bin/openssl/cms.c b/src/usr.bin/openssl/cms.c index 880ab1449b..7430f4c935 100644 --- a/src/usr.bin/openssl/cms.c +++ b/src/usr.bin/openssl/cms.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms.c,v 1.39 2025/11/27 08:27:31 tb Exp $ */ +/* $OpenBSD: cms.c,v 1.40 2025/12/20 07:02:37 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -89,12 +89,10 @@ static int cms_set_pkey_param(EVP_PKEY_CTX *pctx, #define SMIME_DATA_CREATE (8 | SMIME_OP) #define SMIME_DIGEST_VERIFY (9 | SMIME_IP) #define SMIME_DIGEST_CREATE (10 | SMIME_OP) -#define SMIME_UNCOMPRESS (11 | SMIME_IP) -#define SMIME_COMPRESS (12 | SMIME_OP) -#define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP) -#define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP) -#define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP) -#define SMIME_VERIFY_RECEIPT (16 | SMIME_IP) +#define SMIME_ENCRYPTED_DECRYPT (11 | SMIME_IP) +#define SMIME_ENCRYPTED_ENCRYPT (12 | SMIME_OP) +#define SMIME_SIGN_RECEIPT (13 | SMIME_IP | SMIME_OP) +#define SMIME_VERIFY_RECEIPT (14 | SMIME_IP) int verify_err = 0; @@ -601,13 +599,6 @@ static const struct option cms_options[] = { .opt.value = &cfg.operation, .value = SMIME_CMSOUT, }, - { - .name = "compress", - .desc = "Create CMS CompressedData type", - .type = OPTION_VALUE, - .opt.value = &cfg.operation, - .value = SMIME_COMPRESS, - }, { .name = "content", .argname = "file", @@ -997,13 +988,6 @@ static const struct option cms_options[] = { .type = OPTION_ARG, .opt.arg = &cfg.to, }, - { - .name = "uncompress", - .desc = "Uncompress CMS CompressedData type", - .type = OPTION_VALUE, - .opt.value = &cfg.operation, - .value = SMIME_UNCOMPRESS, - }, { .name = "verify", .desc = "Verify signed message", @@ -1138,7 +1122,7 @@ cms_usage(void) " -camellia192 | -camellia256 | -des | -des3 |\n" " -rc2-40 | -rc2-64 | -rc2-128] [-CAfile file]\n" " [-CApath directory] [-CRLfile file] [-binary]\n" - " [-certfile file] [-certsout file] [-cmsout] [-compress]\n" + " [-certfile file] [-certsout file] [-cmsout]\n" " [-content file] [-crlfeol] [-data_create] [-data_out]\n" " [-debug_decrypt] [-decrypt] [-digest_create] [-digest_verify]\n" " [-econtent_type type] [-encrypt] [-EncryptedData_decrypt]\n" @@ -1156,7 +1140,7 @@ cms_usage(void) " [-receipt_request_to addr] [-recip file] [-resign]\n" " [-secretkey key] [-secretkeyid id] [-sign] [-sign_receipt]\n" " [-signer file] [-stream | -indef | -noindef] [-subject s]\n" - " [-text] [-to addr] [-uncompress] [-verify]\n" + " [-text] [-to addr] [-verify]\n" " [-verify_receipt file] [-verify_retcode] [cert.pem ...]\n\n"); options_usage(cms_options); @@ -1482,8 +1466,6 @@ cms_main(int argc, char **argv) } else if (cfg.operation == SMIME_DIGEST_CREATE) { cms = CMS_digest_create(in, cfg.sign_md, cfg.flags); - } else if (cfg.operation == SMIME_COMPRESS) { - cms = CMS_compress(in, -1, cfg.flags); } else if (cfg.operation == SMIME_ENCRYPT) { int i; cfg.flags |= CMS_PARTIAL; @@ -1691,9 +1673,6 @@ cms_main(int argc, char **argv) } else if (cfg.operation == SMIME_DATAOUT) { if (!CMS_data(cms, out, cfg.flags)) goto end; - } else if (cfg.operation == SMIME_UNCOMPRESS) { - if (!CMS_uncompress(cms, indata, out, cfg.flags)) - goto end; } else if (cfg.operation == SMIME_DIGEST_VERIFY) { if (CMS_digest_verify(cms, indata, out, cfg.flags) > 0) BIO_printf(bio_err, "Verification successful\n"); diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index 40defdc38b..f3e0be15ed 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.1,v 1.167 2025/06/07 08:29:20 tb Exp $ +.\" $OpenBSD: openssl.1,v 1.168 2025/12/20 07:02:37 tb Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" @@ -110,7 +110,7 @@ .\" copied and put under another distribution licence .\" [including the GNU Public Licence.] .\" -.Dd $Mdocdate: June 7 2025 $ +.Dd $Mdocdate: December 20 2025 $ .Dt OPENSSL 1 .Os .Sh NAME @@ -931,7 +931,6 @@ but without cipher suite codes. .Op Fl certfile Ar file .Op Fl certsout Ar file .Op Fl cmsout -.Op Fl compress .Op Fl content Ar file .Op Fl crlfeol .Op Fl data_create @@ -985,7 +984,6 @@ but without cipher suite codes. .Op Fl subject Ar s .Op Fl text .Op Fl to Ar addr -.Op Fl uncompress .Op Fl verify .Op Fl verify_receipt Ar file .Op Fl verify_retcode @@ -996,8 +994,7 @@ but without cipher suite codes. The .Nm cms command handles S/MIME v3.1 mail. -It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME -messages. +It can encrypt, decrypt, sign and verify S/MIME messages. .Pp The MIME message must be sent without any blank lines between the headers and the output. @@ -1053,12 +1050,6 @@ Output a content from the input CMS Data type. Create a CMS DigestedData type. .It Fl digest_verify Verify a CMS DigestedData type and output the content. -.It Fl compress -Create a CMS CompressedData type. -Must be compiled with zlib support for this option to work. -.It Fl uncompress -Uncompress a CMS CompressedData type and output the content. -Must be compiled with zlib support for this option to work. .It Fl EncryptedData_encrypt Encrypt a content using supplied symmetric key and algorithm using a CMS EncryptedData type. -- cgit v1.2.3-55-g6feb