From: Rich Salz Date: Wed, 11 Nov 2020 23:03:38 +0000 (-0500) Subject: Remove -C from dhparam,dsaparam,ecparam X-Git-Tag: openssl-3.0.0-alpha9~105 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1696b8909bbe1485871ce68ed129bf91af5e17e2;p=thirdparty%2Fopenssl.git Remove -C from dhparam,dsaparam,ecparam Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/13384) --- diff --git a/CHANGES.md b/CHANGES.md index 3f4b9e6a0a..e5d7846cc8 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -27,6 +27,10 @@ OpenSSL 3.0 *Paul Dale* + * The -C option to the dhparam, dsaparam, and ecparam commands were removed. + + *Rich Salz* + * Add support for AES Key Wrap inverse ciphers to the EVP layer. The algorithms are: "AES-128-WRAP-INV", "AES-192-WRAP-INV", "AES-256-WRAP-INV", diff --git a/apps/dhparam.c b/apps/dhparam.c index 84f5f3ed8f..d2a8400e26 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -41,7 +41,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT, - OPT_DSAPARAM, OPT_C, OPT_2, OPT_3, OPT_5, + OPT_DSAPARAM, OPT_2, OPT_3, OPT_5, OPT_R_ENUM, OPT_PROV_ENUM } OPTION_CHOICE; @@ -68,7 +68,6 @@ const OPTIONS dhparam_options[] = { {"outform", OPT_OUTFORM, 'F', "Output format, DER or PEM"}, {"text", OPT_TEXT, '-', "Print a text form of the DH parameters"}, {"noout", OPT_NOOUT, '-', "Don't output any DH parameters"}, - {"C", OPT_C, '-', "Print C code"}, {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"}, {"3", OPT_3, '-', "Generate parameters using 3 as the generator value"}, {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"}, @@ -92,7 +91,7 @@ int dhparam_main(int argc, char **argv) #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) int dsaparam = 0; #endif - int i, text = 0, C = 0, ret = 1, num = 0, g = 0; + int i, text = 0, ret = 1, num = 0, g = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, check = 0, noout = 0; OPTION_CHOICE o; @@ -140,9 +139,6 @@ int dhparam_main(int argc, char **argv) # endif #endif break; - case OPT_C: - C = 1; - break; case OPT_2: g = 2; break; @@ -316,45 +312,6 @@ int dhparam_main(int argc, char **argv) goto end; } } - if (C) { - unsigned char *data; - int len, bits; - const BIGNUM *pbn, *gbn; - - dh = EVP_PKEY_get0_DH(pkey); - len = EVP_PKEY_size(pkey); - bits = EVP_PKEY_size(pkey); - DH_get0_pqg(dh, &pbn, NULL, &gbn); - data = app_malloc(len, "print a BN"); - - BIO_printf(out, "static DH *get_dh%d(void)\n{\n", bits); - print_bignum_var(out, pbn, "dhp", bits, data); - print_bignum_var(out, gbn, "dhg", bits, data); - BIO_printf(out, " DH *dh = DH_new();\n" - " BIGNUM *p, *g;\n" - "\n" - " if (dh == NULL)\n" - " return NULL;\n"); - BIO_printf(out, " p = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n", - bits, bits); - BIO_printf(out, " g = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n", - bits, bits); - BIO_printf(out, " if (p == NULL || g == NULL\n" - " || !DH_set0_pqg(dh, p, NULL, g)) {\n" - " DH_free(dh);\n" - " BN_free(p);\n" - " BN_free(g);\n" - " return NULL;\n" - " }\n"); - if (DH_get_length(dh) > 0) - BIO_printf(out, - " if (!DH_set_length(dh, %ld)) {\n" - " DH_free(dh);\n" - " return NULL;\n" - " }\n", DH_get_length(dh)); - BIO_printf(out, " return dh;\n}\n"); - OPENSSL_free(data); - } if (!noout) { const BIGNUM *q; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 06d1b95902..8bbd65700d 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -28,7 +28,7 @@ static int gendsa_cb(EVP_PKEY_CTX *ctx); typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C, + OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_VERBOSE, OPT_R_ENUM, OPT_PROV_ENUM } OPTION_CHOICE; @@ -50,7 +50,6 @@ const OPTIONS dsaparam_options[] = { {"out", OPT_OUT, '>', "Output file"}, {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, {"text", OPT_TEXT, '-', "Print as text"}, - {"C", OPT_C, '-', "Output C code"}, {"noout", OPT_NOOUT, '-', "No output"}, {"verbose", OPT_VERBOSE, '-', "Verbose output"}, {"genkey", OPT_GENKEY, '-', "Generate a DSA key"}, @@ -70,7 +69,7 @@ int dsaparam_main(int argc, char **argv) EVP_PKEY *params = NULL, *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; int numbits = -1, num = 0, genkey = 0; - int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0; + int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0; int ret = 1, i, text = 0, private = 0; char *infile = NULL, *outfile = NULL, *prog; OPTION_CHOICE o; @@ -107,9 +106,6 @@ int dsaparam_main(int argc, char **argv) case OPT_TEXT: text = 1; break; - case OPT_C: - C = 1; - break; case OPT_GENKEY: genkey = 1; break; @@ -190,47 +186,6 @@ int dsaparam_main(int argc, char **argv) EVP_PKEY_print_params(out, params, 0, NULL); } - if (C) { - BIGNUM *p = NULL, *q = NULL, *g = NULL; - unsigned char *data; - int len, bits_p; - - EVP_PKEY_get_bn_param(params, "p", &p); - EVP_PKEY_get_bn_param(params, "q", &q); - EVP_PKEY_get_bn_param(params, "g", &g); - len = BN_num_bytes(p); - bits_p = BN_num_bits(p); - - data = app_malloc(len + 20, "BN space"); - - BIO_printf(bio_out, "static DSA *get_dsa%d(void)\n{\n", bits_p); - print_bignum_var(bio_out, p, "dsap", bits_p, data); - print_bignum_var(bio_out, q, "dsaq", bits_p, data); - print_bignum_var(bio_out, g, "dsag", bits_p, data); - BN_free(p); - BN_free(q); - BN_free(g); - BIO_printf(bio_out, " DSA *dsa = DSA_new();\n" - " BIGNUM *p, *q, *g;\n" - "\n"); - BIO_printf(bio_out, " if (dsa == NULL)\n" - " return NULL;\n"); - BIO_printf(bio_out, " if (!DSA_set0_pqg(dsa, p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL),\n", - bits_p, bits_p); - BIO_printf(bio_out, " q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL),\n", - bits_p, bits_p); - BIO_printf(bio_out, " g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL))) {\n", - bits_p, bits_p); - BIO_printf(bio_out, " DSA_free(dsa);\n" - " BN_free(p);\n" - " BN_free(q);\n" - " BN_free(g);\n" - " return NULL;\n" - " }\n" - " return dsa;\n}\n"); - OPENSSL_free(data); - } - if (outformat == FORMAT_ASN1 && genkey) noout = 1; diff --git a/apps/ecparam.c b/apps/ecparam.c index 4abb0517d9..b51a61adc0 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -25,7 +25,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C, + OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME, OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE, OPT_CHECK_NAMED, OPT_R_ENUM, OPT_PROV_ENUM @@ -48,7 +48,6 @@ const OPTIONS ecparam_options[] = { OPT_SECTION("Output"), {"text", OPT_TEXT, '-', "Print the ec parameters in text form"}, - {"C", OPT_C, '-', "Print a 'C' function creating the parameters"}, {"noout", OPT_NOOUT, '-', "Do not print the ec parameter"}, {"param_enc", OPT_PARAM_ENC, 's', "Specifies the way the ec parameters are encoded"}, @@ -94,7 +93,7 @@ int ecparam_main(int argc, char **argv) unsigned char *buffer = NULL; OPTION_CHOICE o; int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_asn1_flag = 0; - int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0; + int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0; int ret = 1, private = 0; int list_curves = 0, no_seed = 0, check = 0, new_form = 0; int text = 0, i, genkey = 0, check_named = 0; @@ -128,9 +127,6 @@ int ecparam_main(int argc, char **argv) case OPT_TEXT: text = 1; break; - case OPT_C: - C = 1; - break; case OPT_CHECK: check = 1; break; @@ -301,112 +297,6 @@ int ecparam_main(int argc, char **argv) } - if (C) { - size_t buf_len = 0, tmp_len = 0; - const EC_POINT *point; - int is_prime, len = 0; - - if ((ec_p = BN_new()) == NULL - || (ec_a = BN_new()) == NULL - || (ec_b = BN_new()) == NULL - || (ec_gen = BN_new()) == NULL - || (ec_order = BN_new()) == NULL - || (ec_cofactor = BN_new()) == NULL) { - perror("Can't allocate BN"); - goto end; - } - - is_prime = (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field); - if (!is_prime) { - BIO_printf(bio_err, "Can only handle X9.62 prime fields\n"); - goto end; - } - - if (!EC_GROUP_get_curve(group, ec_p, ec_a, ec_b, NULL)) - goto end; - - if ((point = EC_GROUP_get0_generator(group)) == NULL) - goto end; - if (!EC_POINT_point2bn(group, point, - EC_GROUP_get_point_conversion_form(group), - ec_gen, NULL)) - goto end; - if (!EC_GROUP_get_order(group, ec_order, NULL)) - goto end; - if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL)) - goto end; - - if (!ec_p || !ec_a || !ec_b || !ec_gen || !ec_order || !ec_cofactor) - goto end; - - len = BN_num_bits(ec_order); - - if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len) - buf_len = tmp_len; - if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len) - buf_len = tmp_len; - if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len) - buf_len = tmp_len; - if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len) - buf_len = tmp_len; - if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len) - buf_len = tmp_len; - if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len) - buf_len = tmp_len; - - buffer = app_malloc(buf_len, "BN buffer"); - - BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n{\n", len); - print_bignum_var(out, ec_p, "ec_p", len, buffer); - print_bignum_var(out, ec_a, "ec_a", len, buffer); - print_bignum_var(out, ec_b, "ec_b", len, buffer); - print_bignum_var(out, ec_gen, "ec_gen", len, buffer); - print_bignum_var(out, ec_order, "ec_order", len, buffer); - print_bignum_var(out, ec_cofactor, "ec_cofactor", len, buffer); - BIO_printf(out, " int ok = 0;\n" - " EC_GROUP *group = NULL;\n" - " EC_POINT *point = NULL;\n" - " BIGNUM *tmp_1 = NULL;\n" - " BIGNUM *tmp_2 = NULL;\n" - " BIGNUM *tmp_3 = NULL;\n" - "\n"); - - BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_p_%d, sizeof(ec_p_%d), NULL)) == NULL)\n" - " goto err;\n", len, len); - BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_a_%d, sizeof(ec_a_%d), NULL)) == NULL)\n" - " goto err;\n", len, len); - BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_b_%d, sizeof(ec_b_%d), NULL)) == NULL)\n" - " goto err;\n", len, len); - BIO_printf(out, " if ((group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)\n" - " goto err;\n" - "\n"); - BIO_printf(out, " /* build generator */\n"); - BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_gen_%d, sizeof(ec_gen_%d), tmp_1)) == NULL)\n" - " goto err;\n", len, len); - BIO_printf(out, " point = EC_POINT_bn2point(group, tmp_1, NULL, NULL);\n"); - BIO_printf(out, " if (point == NULL)\n" - " goto err;\n"); - BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_order_%d, sizeof(ec_order_%d), tmp_2)) == NULL)\n" - " goto err;\n", len, len); - BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_cofactor_%d, sizeof(ec_cofactor_%d), tmp_3)) == NULL)\n" - " goto err;\n", len, len); - BIO_printf(out, " if (!EC_GROUP_set_generator(group, point, tmp_2, tmp_3))\n" - " goto err;\n" - "ok = 1;" - "\n"); - BIO_printf(out, "err:\n" - " BN_free(tmp_1);\n" - " BN_free(tmp_2);\n" - " BN_free(tmp_3);\n" - " EC_POINT_free(point);\n" - " if (!ok) {\n" - " EC_GROUP_free(group);\n" - " return NULL;\n" - " }\n" - " return (group);\n" - "}\n"); - } - if (outformat == FORMAT_ASN1 && genkey) noout = 1; diff --git a/doc/man1/openssl-dhparam.pod.in b/doc/man1/openssl-dhparam.pod.in index c1590faaf1..98d0a00c6b 100644 --- a/doc/man1/openssl-dhparam.pod.in +++ b/doc/man1/openssl-dhparam.pod.in @@ -17,7 +17,6 @@ B [B<-check>] [B<-noout>] [B<-text>] -[B<-C>] [B<-2>] [B<-3>] [B<-5>] @@ -99,11 +98,6 @@ This option inhibits the output of the encoded version of the parameters. This option prints out the DH parameters in human readable form. -=item B<-C> - -This option converts the parameters into C code. The parameters can then -be loaded by calling the get_dhNNNN() function. - {- $OpenSSL::safe::opt_engine_item -} {- $OpenSSL::safe::opt_r_item -} @@ -136,6 +130,8 @@ L The B<-dsaparam> and B<-engine> options were deprecated in OpenSSL 3.0. +The B<-C> option was removed in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-dsaparam.pod.in b/doc/man1/openssl-dsaparam.pod.in index 9dd8162174..42aea39a06 100644 --- a/doc/man1/openssl-dsaparam.pod.in +++ b/doc/man1/openssl-dsaparam.pod.in @@ -15,7 +15,6 @@ B [B<-out> I] [B<-noout>] [B<-text>] -[B<-C>] [B<-genkey>] [B<-verbose>] {- $OpenSSL::safe::opt_r_synopsis -} @@ -65,11 +64,6 @@ This option inhibits the output of the encoded version of the parameters. This option prints out the DSA parameters in human readable form. -=item B<-C> - -This option converts the parameters into C code. The parameters can then -be loaded by calling the get_dsaXXX() function. - =item B<-genkey> This option will generate a DSA either using the specified or generated @@ -107,6 +101,8 @@ L The B<-engine> option was deprecated in OpenSSL 3.0. +The B<-C> option was removed in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-ecparam.pod.in b/doc/man1/openssl-ecparam.pod.in index 24c6b03dfd..a77ddd0128 100644 --- a/doc/man1/openssl-ecparam.pod.in +++ b/doc/man1/openssl-ecparam.pod.in @@ -15,7 +15,6 @@ B [B<-out> I] [B<-noout>] [B<-text>] -[B<-C>] [B<-check>] [B<-check_named>] [B<-name> I] @@ -70,11 +69,6 @@ This option inhibits the output of the encoded version of the parameters. This option prints out the EC parameters in human readable form. -=item B<-C> - -This option converts the EC parameters into C code. The parameters can then -be loaded by calling the get_ec_group_XXX() function. - =item B<-check> Validate the elliptic curve parameters. @@ -171,6 +165,8 @@ L The B<-engine> option was deprecated in OpenSSL 3.0. +The B<-C> option was removed in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved.