From: Norbert Pocs Date: Wed, 3 Sep 2025 11:05:35 +0000 (+0200) Subject: apps/: Remove "-keyform engine" X-Git-Tag: 4.0-PRE-CLANG-FORMAT-WEBKIT~78 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9425238145aa620b22050021a7e66affdef12fb9;p=thirdparty%2Fopenssl.git apps/: Remove "-keyform engine" Resolves: https://github.com/openssl/project/issues/1354 Signed-off-by: Norbert Pocs Reviewed-by: Matt Caswell Reviewed-by: Saša Nedvědický Reviewed-by: Neil Horman Reviewed-by: Dmitry Belyavskiy Reviewed-by: Saša Nedvědický Reviewed-by: Eugene Syromiatnikov (Merged from https://github.com/openssl/openssl/pull/29305) --- diff --git a/apps/ca.c b/apps/ca.c index d224ccaffa3..850cbc6bb69 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -215,8 +215,7 @@ const OPTIONS ca_options[] = { OPT_SECTION("Signing"), {"md", OPT_MD, 's', "Digest to use, such as sha256"}, {"keyfile", OPT_KEYFILE, 's', "The CA private key"}, - {"keyform", OPT_KEYFORM, 'f', - "Private key file format (ENGINE, other values ignored)"}, + {"keyform", OPT_KEYFORM, 'f', "Private key file format (DER/PEM)"}, {"passin", OPT_PASSIN, 's', "Key and cert input file pass phrase source"}, {"key", OPT_KEY, 's', "Key to decrypt the private key or cert files if encrypted. Better use -passin"}, diff --git a/apps/cmp.c b/apps/cmp.c index 9e539262712..dc69a64ab75 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -492,8 +492,7 @@ const OPTIONS cmp_options[] = { "Format (PEM or DER) to use when saving a certificate to a file. Default PEM"}, {"crlform", OPT_CRLFORM, 's', "Format (PEM or DER) to use when saving a CRL to a file. Default DER"}, - {"keyform", OPT_KEYFORM, 's', - "Format of the key input (ENGINE, other values ignored)"}, + {"keyform", OPT_KEYFORM, 's', "Format of the key input (DER/PEM/P12)"}, {"otherpass", OPT_OTHERPASS, 's', "Pass phrase source potentially needed for loading certificates of others"}, OPT_PROV_OPTIONS, diff --git a/apps/cms.c b/apps/cms.c index 00349f0db10..144f956943f 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -159,8 +159,7 @@ const OPTIONS cms_options[] = { "Input private key (if not signer or recipient)"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"}, - {"keyform", OPT_KEYFORM, 'f', - "Input private key format (ENGINE, other values ignored)"}, + {"keyform", OPT_KEYFORM, 'f', "Input private key format (DER/PEM)"}, OPT_PROV_OPTIONS, OPT_R_OPTIONS, diff --git a/apps/dgst.c b/apps/dgst.c index 782ff6f8161..31a9c2cf7f9 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -61,7 +61,7 @@ const OPTIONS dgst_options[] = { {"c", OPT_C, '-', "Print the digest with separating colons"}, {"r", OPT_R, '-', "Print the digest in coreutils format"}, {"out", OPT_OUT, '>', "Output to filename rather than stdout"}, - {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"}, + {"keyform", OPT_KEYFORM, 'f', "Key file format (DER/PEM)"}, {"hex", OPT_HEX, '-', "Print as hex dump"}, {"binary", OPT_BINARY, '-', "Print in binary form"}, {"xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms. To obtain the maximum security strength set this to 32 (or greater) for SHAKE128, and 64 (or greater) for SHAKE256"}, diff --git a/apps/include/fmt.h b/apps/include/fmt.h index 98dfed7dc0a..17b891cfa2f 100644 --- a/apps/include/fmt.h +++ b/apps/include/fmt.h @@ -32,7 +32,6 @@ # define FORMAT_PEM (5 | B_FORMAT_TEXT) # define FORMAT_PKCS12 6 # define FORMAT_SMIME (7 | B_FORMAT_TEXT) -# define FORMAT_ENGINE 8 /* Not really a file format */ # define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPublicKey format */ # define FORMAT_ASN1RSA 10 /* DER RSAPublicKey format */ # define FORMAT_MSBLOB 11 /* MS Key blob format */ diff --git a/apps/include/opt.h b/apps/include/opt.h index bca6072dd5a..2c4681b2b96 100644 --- a/apps/include/opt.h +++ b/apps/include/opt.h @@ -343,7 +343,6 @@ typedef struct options_st { * 'f' any format [OPT_FMT_ANY] * 'F' der/pem format [OPT_FMT_PEMDER] * 'A' any ASN1, der/pem/b64 format [OPT_FMT_ASN1] - * 'E' der/pem/engine format [OPT_FMT_PDE] * 'c' pem/der/smime format [OPT_FMT_PDS] * * The 'l', 'n' and 'u' value types include the values zero, @@ -372,7 +371,6 @@ typedef struct string_int_pair_st { # define OPT_FMT_B64 (1L << 3) # define OPT_FMT_PKCS12 (1L << 4) # define OPT_FMT_SMIME (1L << 5) -# define OPT_FMT_ENGINE (1L << 6) # define OPT_FMT_MSBLOB (1L << 7) # define OPT_FMT_NSS (1L << 8) # define OPT_FMT_TEXT (1L << 9) @@ -381,12 +379,11 @@ typedef struct string_int_pair_st { # define OPT_FMT_PEMDER (OPT_FMT_PEM | OPT_FMT_DER) # define OPT_FMT_ASN1 (OPT_FMT_PEM | OPT_FMT_DER | OPT_FMT_B64) -# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE) # define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME) # define OPT_FMT_ANY (OPT_FMT_PEM | OPT_FMT_DER | OPT_FMT_B64 | \ - OPT_FMT_PKCS12 | OPT_FMT_SMIME | \ - OPT_FMT_MSBLOB | OPT_FMT_NSS | \ - OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) + OPT_FMT_PKCS12 | OPT_FMT_SMIME | \ + OPT_FMT_MSBLOB | OPT_FMT_NSS | \ + OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) /* Divide options into sections when displaying usage */ #define OPT_SECTION(sec) { OPT_SECTION_STR, 1, '-', sec " options:\n" } diff --git a/apps/lib/opt.c b/apps/lib/opt.c index 422a78975ed..2d25d563e60 100644 --- a/apps/lib/opt.c +++ b/apps/lib/opt.c @@ -192,7 +192,7 @@ char *opt_init(int ac, char **av, const OPTIONS *o) OPENSSL_assert(o->retval == OPT_DUP || o->retval > OPT_PARAM); switch (i) { case 0: case '-': case '.': - case '/': case '<': case '>': case 'E': case 'F': + case '/': case '<': case '>': case 'F': case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's': case 'u': case 'c': case ':': case 'N': case 'A': break; @@ -230,7 +230,6 @@ static OPT_PAIR formats[] = { {"b64", OPT_FMT_B64}, {"pkcs12", OPT_FMT_PKCS12}, {"smime", OPT_FMT_SMIME}, - {"engine", OPT_FMT_ENGINE}, {"msblob", OPT_FMT_MSBLOB}, {"nss", OPT_FMT_NSS}, {"text", OPT_FMT_TEXT}, @@ -309,12 +308,6 @@ int opt_format(const char *s, unsigned long flags, int *result) return opt_format_error(s, flags); *result = FORMAT_MSBLOB; break; - case 'E': - case 'e': - if ((flags & OPT_FMT_ENGINE) == 0) - return opt_format_error(s, flags); - *result = FORMAT_ENGINE; - break; case 'H': case 'h': if ((flags & OPT_FMT_HTTP) == 0) @@ -368,8 +361,6 @@ static const char *format2str(int format) return "SMIME"; case FORMAT_MSBLOB: return "MSBLOB"; - case FORMAT_ENGINE: - return "ENGINE"; case FORMAT_HTTP: return "HTTP"; case FORMAT_PKCS12: @@ -990,14 +981,12 @@ int opt_next(void) return -1; break; case 'c': - case 'E': case 'F': case 'f': case 'A': case 'a': if (opt_format(arg, o->valtype == 'c' ? OPT_FMT_PDS : - o->valtype == 'E' ? OPT_FMT_PDE : o->valtype == 'F' ? OPT_FMT_PEMDER : o->valtype == 'A' ? OPT_FMT_ASN1 : OPT_FMT_ANY, &ival)) @@ -1114,8 +1103,6 @@ static const char *valtype2param(const OPTIONS *o) return "long"; case 'u': return "ulong"; - case 'E': - return "PEM|DER|ENGINE"; case 'F': return "PEM|DER"; case 'f': diff --git a/apps/pkey.c b/apps/pkey.c index 58a59c4600a..b9dcc2f0f69 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -36,8 +36,7 @@ const OPTIONS pkey_options[] = { OPT_SECTION("Input"), {"in", OPT_IN, 's', "Input key"}, - {"inform", OPT_INFORM, 'f', - "Key input format (ENGINE, other values ignored)"}, + {"inform", OPT_INFORM, 'f', "Key input format (DER/PEM)"}, {"passin", OPT_PASSIN, 's', "Key input pass phrase source"}, {"pubin", OPT_PUBIN, '-', "Read only public components from key input"}, diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 7a5f9987bc7..2e77f2b29db 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -83,11 +83,11 @@ const OPTIONS pkeyutl_options[] = { {"pubin", OPT_PUBIN, '-', "Input key is a public key"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"}, - {"peerform", OPT_PEERFORM, 'E', "Peer key format (DER/PEM/P12)"}, + {"peerform", OPT_PEERFORM, 'f', "Peer key format (DER/PEM/P12)"}, {"certin", OPT_CERTIN, '-', "Input is a cert with a public key"}, {"rev", OPT_REV, '-', "Reverse the order of the input buffer"}, {"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"}, - {"keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)"}, + {"keyform", OPT_KEYFORM, 'f', "Private key format (DER/PEM)"}, OPT_SECTION("Output"), {"out", OPT_OUT, '>', "Output file - default stdout"}, diff --git a/apps/req.c b/apps/req.c index 2842dff993b..79afbaf621b 100644 --- a/apps/req.c +++ b/apps/req.c @@ -141,7 +141,7 @@ const OPTIONS req_options[] = { OPT_SECTION("Keys and Signing"), {"key", OPT_KEY, 's', "Key for signing, and to include unless -in given"}, - {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"}, + {"keyform", OPT_KEYFORM, 'f', "Key file format (DER/PEM)"}, {"pubkey", OPT_PUBKEY, '-', "Output public key"}, {"keyout", OPT_KEYOUT, '>', "File to write private key to"}, {"passin", OPT_PASSIN, 's', "Private key and certificate password source"}, diff --git a/apps/rsautl.c b/apps/rsautl.c index ae0e30a4d93..1639ecc2245 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -45,7 +45,7 @@ const OPTIONS rsautl_options[] = { OPT_SECTION("Input"), {"in", OPT_IN, '<', "Input file"}, {"inkey", OPT_INKEY, 's', "Input key, by default an RSA private key"}, - {"keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)"}, + {"keyform", OPT_KEYFORM, 'f', "Private key format (DER/PEM)"}, {"pubin", OPT_PUBIN, '-', "Input key is an RSA public pkey"}, {"certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key"}, {"rev", OPT_REV, '-', "Reverse the order of the input buffer"}, diff --git a/apps/s_client.c b/apps/s_client.c index 80da100655c..44d84216739 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -572,7 +572,7 @@ const OPTIONS s_client_options[] = { "Client certificate chain file (in PEM format)"}, {"build_chain", OPT_BUILD_CHAIN, '-', "Build client certificate chain"}, {"key", OPT_KEY, 's', "Private key file to use; default: -cert file"}, - {"keyform", OPT_KEYFORM, 'E', "Key format (ENGINE, other values ignored)"}, + {"keyform", OPT_KEYFORM, 'f', "Key format (DER/PEM)"}, {"pass", OPT_PASS, 's', "Private key and cert file pass phrase source"}, {"verify", OPT_VERIFY, 'p', "Turn on peer certificate verification"}, {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"}, diff --git a/apps/s_server.c b/apps/s_server.c index a50740c6182..12c5451ea5a 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1032,7 +1032,7 @@ const OPTIONS s_server_options[] = { "Private key file to use; default is -cert file or else" TEST_CERT}, {"key2", OPT_KEY2, '<', "-Private Key file to use for servername if not in -cert2"}, - {"keyform", OPT_KEYFORM, 'f', "Key format (ENGINE, other values ignored)"}, + {"keyform", OPT_KEYFORM, 'f', "Key format (DER/PEM)"}, {"pass", OPT_PASS, 's', "Private key and cert file pass phrase source"}, {"dcert", OPT_DCERT, '<', "Second server certificate file to use (usually for DSA)"}, @@ -1042,8 +1042,7 @@ const OPTIONS s_server_options[] = { "second server certificate chain file in PEM format"}, {"dkey", OPT_DKEY, '<', "Second private key file to use (usually for DSA)"}, - {"dkeyform", OPT_DKEYFORM, 'f', - "Second key file format (ENGINE, other values ignored)"}, + {"dkeyform", OPT_DKEYFORM, 'f', "Second key file format (DER/PEM)"}, {"dpass", OPT_DPASS, 's', "Second private key and cert file pass phrase source"}, {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"}, diff --git a/apps/smime.c b/apps/smime.c index c87189e3817..6e0aa92c170 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -60,7 +60,7 @@ const OPTIONS smime_options[] = { "Output format SMIME (default), PEM or DER"}, {"inkey", OPT_INKEY, 's', "Input private key (if not signer or recipient)"}, - {"keyform", OPT_KEYFORM, 'f', "Input private key format (ENGINE, other values ignored)"}, + {"keyform", OPT_KEYFORM, 'f', "Input private key format (DER/PEM)"}, {"stream", OPT_STREAM, '-', "Enable CMS streaming" }, {"indef", OPT_INDEF, '-', "Same as -stream" }, {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"}, diff --git a/apps/spkac.c b/apps/spkac.c index 73b126ffbb6..3634fb21b7f 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -37,7 +37,7 @@ const OPTIONS spkac_options[] = { OPT_SECTION("Input"), {"in", OPT_IN, '<', "Input file"}, {"key", OPT_KEY, '<', "Create SPKAC using private key"}, - {"keyform", OPT_KEYFORM, 'f', "Private key file format (ENGINE, other values ignored)"}, + {"keyform", OPT_KEYFORM, 'f', "Private key file format (DER/PEM)"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"challenge", OPT_CHALLENGE, 's', "Challenge string"}, {"spkac", OPT_SPKAC, 's', "Alternative SPKAC name"}, diff --git a/apps/x509.c b/apps/x509.c index caa74267804..ac8a72dce28 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -78,8 +78,7 @@ const OPTIONS x509_options[] = { "Key for signing, and to include unless using -force_pubkey"}, {"signkey", OPT_SIGNKEY, 's', "Same as -key"}, - {"keyform", OPT_KEYFORM, 'E', - "Key input format (ENGINE, other values ignored)"}, + {"keyform", OPT_KEYFORM, 'f', "Key input format (DER/PEM)"}, {"out", OPT_OUT, '>', "Output file - default stdout"}, {"outform", OPT_OUTFORM, 'f', "Output format (DER or PEM) - default PEM"}, @@ -165,8 +164,7 @@ const OPTIONS x509_options[] = { "Use the given CA certificate, conflicts with -key"}, {"CAform", OPT_CAFORM, 'F', "CA cert format (PEM/DER/P12); has no effect"}, {"CAkey", OPT_CAKEY, 's', "The corresponding CA key; default is -CA arg"}, - {"CAkeyform", OPT_CAKEYFORM, 'E', - "CA key format (ENGINE, other values ignored)"}, + {"CAkeyform", OPT_CAKEYFORM, 'f', "CA key format (DER/PEM)"}, {"CAserial", OPT_CASERIAL, 's', "File that keeps track of CA-generated serial number"}, {"CAcreateserial", OPT_CACREATESERIAL, '-', diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 943f4a1f705..d4c7a3bb3f4 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -99,7 +99,7 @@ Credentials format options: [B<-certform> I] [B<-crlform> I] -[B<-keyform> I] +[B<-keyform> I] [B<-otherpass> I] {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -} @@ -927,7 +927,7 @@ Default value is DER. DER format is preferred because it enables more efficient storage of large CRLs. -=item B<-keyform> I +=item B<-keyform> I The format of the key input; unspecified by default. See L for details. @@ -947,20 +947,6 @@ L. {- $OpenSSL::safe::opt_engine_item -} -{- output_off() if $disabled{"deprecated-3.0"}; "" -} -As an alternative to using this combination: - - -engine {engineid} -key {keyid} -keyform ENGINE - -... it's also possible to just give the key ID in URI form to B<-key>, -like this: - - -key org.openssl.engine:{engineid}:{keyid} - -This applies to all options specifying keys: B<-key>, B<-newkey>, and -B<-tls_key>. -{- output_on() if $disabled{"deprecated-3.0"}; "" -} - =back =head2 Provider options