diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2024-08-22 12:14:34 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2024-08-22 12:14:34 +0000 |
| commit | 909a20909b27d5963effc6bfa39a298d8923ceb3 (patch) | |
| tree | be2028d0d938024ea0dc54f4996a538e5e4384e5 /usr.bin/openssl | |
| parent | b2f5a79c913728d7c06001e6d6681473982939f2 (diff) | |
openssl pkcs12: remove support for LMK and CSP attributes
Documentation on what the Microsoft-specific local machine keyset and the
cryptographic service provider are actually good for is hard to find. For
some reason (perhaps one million and two arguments for PKCS12_create() was
considered two too many) these hang off the EVP_PKEY in the attributes
member, which serves no other purpose.
Every use of EVP_PKEY (of which there are far too many) pays extra memory
taxes for this fringe use case. This complication is not worth it.
ok miod
Diffstat (limited to 'usr.bin/openssl')
| -rw-r--r-- | usr.bin/openssl/pkcs12.c | 26 |
1 files changed, 1 insertions, 25 deletions
diff --git a/usr.bin/openssl/pkcs12.c b/usr.bin/openssl/pkcs12.c index c8706904f1a..69e230eff9e 100644 --- a/usr.bin/openssl/pkcs12.c +++ b/usr.bin/openssl/pkcs12.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs12.c,v 1.27 2024/02/28 17:04:38 tb Exp $ */ +/* $OpenBSD: pkcs12.c,v 1.28 2024/08/22 12:14:33 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -93,14 +93,12 @@ static int alg_print(BIO *x, const X509_ALGOR *alg); static int set_pbe(BIO *err, int *ppbe, const char *str); static struct { - int add_lmk; char *CAfile; STACK_OF(OPENSSL_STRING) *canames; char *CApath; int cert_pbe; char *certfile; int chain; - char *csp_name; const EVP_CIPHER *enc; int export_cert; int key_pbe; @@ -322,13 +320,6 @@ static const struct option pkcs12_options[] = { .value = CLCERTS, }, { - .name = "CSP", - .argname = "name", - .desc = "Microsoft CSP name", - .type = OPTION_ARG, - .opt.arg = &cfg.csp_name, - }, - { .name = "descert", .desc = "Encrypt PKCS#12 certificates with triple DES (default RC2-40)", .type = OPTION_VALUE, @@ -384,12 +375,6 @@ static const struct option pkcs12_options[] = { .value = KEY_SIG, }, { - .name = "LMK", - .desc = "Add local machine keyset attribute to private key", - .type = OPTION_FLAG, - .opt.flag = &cfg.add_lmk, - }, - { .name = "macalg", .argname = "alg", .desc = "Digest algorithm used in MAC (default SHA1)", @@ -719,15 +704,6 @@ pkcs12_main(int argc, char **argv) X509_alias_set1(sk_X509_value(certs, i), catmp, -1); } - if (cfg.csp_name != NULL && key != NULL) - EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, - MBSTRING_ASC, - (unsigned char *) cfg.csp_name, -1); - - if (cfg.add_lmk && key != NULL) - EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, - -1); - if (!cfg.noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) { |