Mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-01-18 17:11:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

apps/: Remove engines

Browse Source 
Signed-off-by: Norbert Pocs <norbertp@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
This commit is contained in:
Norbert Pocs
2025-08-28 16:11:10 +02:00
committed by Neil Horman
parent 8c7e974bb5
commit 26b1723ed4
50 changed files with 156 additions and 1080 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
apps/ca.c
View File

@@ -145,7 +145,7 @@ static int msie_hack = 0;
typedef enum OPTION_choice {
OPT_COMMON,
OPT_ENGINE, OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SUBJ, OPT_UTF8,
OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SUBJ, OPT_UTF8,
OPT_CREATE_SERIAL, OPT_MULTIVALUE_RDN, OPT_STARTDATE, OPT_ENDDATE,
OPT_DAYS, OPT_MD, OPT_POLICY, OPT_KEYFILE, OPT_KEYFORM, OPT_PASSIN,
OPT_KEY, OPT_CERT, OPT_CERTFORM, OPT_SELFSIGN,
@@ -182,9 +182,6 @@ const OPTIONS ca_options[] = {
{"ss_cert", OPT_SS_CERT, '<', "File contains a self signed cert to sign"},
{"spkac", OPT_SPKAC, '<',
"File contains DN and signed public key and challenge"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_SECTION("Configuration"),
{"config", OPT_CONFIG, 's', "A config file"},
@@ -266,7 +263,6 @@ const OPTIONS ca_options[] = {
int ca_main(int argc, char **argv)
{
CONF *conf = NULL;
ENGINE *e = NULL;
BIGNUM *crlnumber = NULL, *serial = NULL;
EVP_PKEY *pkey = NULL;
BIO *in = NULL, *out = NULL, *Sout = NULL;
@@ -500,9 +496,6 @@ opthelp:
rev_arg = opt_arg();
rev_type = (o - OPT_CRL_REASON) + REV_CRL_REASON;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
}
}
@@ -591,7 +584,7 @@ end_of_options:
goto end;
}
}
pkey = load_key(keyfile, keyformat, 0, passin, e, "CA private key");
pkey = load_key(keyfile, keyformat, 0, passin, "CA private key");
cleanse(passin);
if (pkey == NULL)
/* load_key() has already printed an appropriate message */
@@ -1319,7 +1312,6 @@ end_of_options:
X509_CRL_free(crl);
NCONF_free(conf);
NCONF_free(extfile_conf);
release_engine(e);
return ret;
}

72
apps/cmp.c
View File

@@ -160,7 +160,6 @@ static int opt_crlform = FORMAT_ASN1;
static char *opt_keyform_s = NULL;
static int opt_keyform = FORMAT_UNDEF;
static char *opt_otherpass = NULL;
static char *opt_engine = NULL;
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
/* TLS connection */
@@ -264,9 +263,6 @@ typedef enum OPTION_choice {
OPT_CERTFORM, OPT_CRLFORM, OPT_KEYFORM,
OPT_OTHERPASS,
#ifndef OPENSSL_NO_ENGINE
OPT_ENGINE,
#endif
OPT_PROV_ENUM,
OPT_R_ENUM,
@@ -500,12 +496,6 @@ const OPTIONS cmp_options[] = {
"Format of the key input (ENGINE, other values ignored)"},
{"otherpass", OPT_OTHERPASS, 's',
"Pass phrase source potentially needed for loading certificates of others"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's',
"Use crypto engine with given identifier, possibly a hardware device."},
{OPT_MORE_STR, 0, 0,
"Engines may also be defined in OpenSSL config file engine section."},
#endif
OPT_PROV_OPTIONS,
OPT_R_OPTIONS,
@@ -678,9 +668,6 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */
{&opt_certform_s}, {&opt_crlform_s}, {&opt_keyform_s},
{&opt_otherpass},
#ifndef OPENSSL_NO_ENGINE
{&opt_engine},
#endif
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
{(char **)&opt_tls_used}, {&opt_tls_cert}, {&opt_tls_key},
@@ -768,10 +755,10 @@ static int set_verbosity(int level)
}
static EVP_PKEY *load_key_pwd(const char *uri, int format,
const char *pass, ENGINE *eng, const char *desc)
const char *pass, const char *desc)
{
char *pass_string = get_passwd(pass, desc);
EVP_PKEY *pkey = load_key(uri, format, 0, pass_string, eng, desc);
EVP_PKEY *pkey = load_key(uri, format, 0, pass_string, desc);
clear_free(pass_string);
return pkey;
@@ -1099,11 +1086,7 @@ static int transform_opts(void)
return 0;
}
#ifndef OPENSSL_NO_ENGINE
# define FORMAT_OPTIONS (OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_ENGINE)
#else
# define FORMAT_OPTIONS (OPT_FMT_PEMDER | OPT_FMT_PKCS12)
#endif
#define FORMAT_OPTIONS (OPT_FMT_PEMDER | OPT_FMT_PKCS12)
if (opt_keyform_s != NULL
&& !opt_format(opt_keyform_s, FORMAT_OPTIONS, &opt_keyform)) {
@@ -1127,7 +1110,7 @@ static int transform_opts(void)
return 1;
}
static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
static OSSL_CMP_SRV_CTX *setup_srv_ctx(void)
{
OSSL_CMP_CTX *ctx; /* extra CMP (client) ctx partly used by server */
OSSL_CMP_SRV_CTX *srv_ctx = ossl_cmp_mock_srv_new(app_get0_libctx(),
@@ -1180,7 +1163,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
if (opt_srv_key != NULL) {
EVP_PKEY *pkey = load_key_pwd(opt_srv_key, opt_keyform,
opt_srv_keypass,
engine, "private key for mock server cert");
"private key for mock server cert");
if (pkey == NULL || !OSSL_CMP_CTX_set1_pkey(ctx, pkey)) {
EVP_PKEY_free(pkey);
@@ -1220,7 +1203,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
}
if (opt_rsp_key != NULL) {
EVP_PKEY *pkey = load_key_pwd(opt_rsp_key, opt_keyform,
opt_rsp_keypass, engine,
opt_rsp_keypass,
"private key for enrollment cert");
if (pkey == NULL
@@ -1370,8 +1353,7 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
* set up ssl_ctx for the OSSL_CMP_CTX based on options from config file/CLI.
* Returns pointer on success, NULL on error
*/
static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host,
ENGINE *engine)
static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host)
{
STACK_OF(X509) *untrusted = OSSL_CMP_CTX_get0_untrusted(ctx);
EVP_PKEY *pkey = NULL;
@@ -1477,7 +1459,7 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host,
}
pkey = load_key_pwd(opt_tls_key, opt_keyform, opt_tls_keypass,
engine, "TLS client private key");
"TLS client private key");
cleanse(opt_tls_keypass);
if (pkey == NULL)
goto err;
@@ -1526,7 +1508,7 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host,
* file/CLI while parsing options and checking their consistency.
* Returns 1 on success, 0 on error
*/
static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
static int setup_protection_ctx(OSSL_CMP_CTX *ctx)
{
if (!opt_unprotected_requests && opt_secret == NULL && opt_key == NULL) {
CMP_err("must give -key or -secret unless -unprotected_requests is used");
@@ -1564,7 +1546,7 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
return 0;
if (opt_key != NULL) {
EVP_PKEY *pkey = load_key_pwd(opt_key, opt_keyform, opt_keypass, engine,
EVP_PKEY *pkey = load_key_pwd(opt_key, opt_keyform, opt_keypass,
"private key for CMP client certificate");
if (pkey == NULL || !OSSL_CMP_CTX_set1_pkey(ctx, pkey)) {
@@ -1688,7 +1670,7 @@ static int set_fallback_pubkey(OSSL_CMP_CTX *ctx)
* based on options from CLI and/or config file.
* Returns 1 on success, 0 on error
*/
static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
static int setup_request_ctx(OSSL_CMP_CTX *ctx)
{
X509_REQ *csr = NULL;
X509_EXTENSIONS *exts = NULL;
@@ -1870,14 +1852,14 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
BIO *bio_bak = bio_err;
bio_err = NULL; /* suppress diagnostics on first try loading key */
pkey = load_key_pwd(file, format, pass, engine, desc);
pkey = load_key_pwd(file, format, pass, desc);
bio_err = bio_bak;
if (pkey == NULL) {
ERR_clear_error();
desc = opt_csr == NULL
? "fallback public key for cert to be enrolled"
: "public key for checking cert resulting from p10cr";
pkey = load_pubkey(file, format, 0, pass, engine, desc);
pkey = load_pubkey(file, format, 0, pass, desc);
priv = 0;
}
@@ -2140,7 +2122,7 @@ static int handle_opt_geninfo(OSSL_CMP_CTX *ctx)
* Prints reason for error to bio_err.
* Returns 1 on success, 0 on error
*/
static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
static int setup_client_ctx(OSSL_CMP_CTX *ctx)
{
int ret = 0;
char *host = NULL, *port = NULL, *path = NULL, *used_path = opt_path;
@@ -2299,7 +2281,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
goto err;
APP_HTTP_TLS_INFO_free(OSSL_CMP_CTX_get_http_cb_arg(ctx));
(void)OSSL_CMP_CTX_set_http_cb_arg(ctx, info);
info->ssl_ctx = setup_ssl_ctx(ctx, host, engine);
info->ssl_ctx = setup_ssl_ctx(ctx, host);
info->server = host;
host = NULL; /* prevent deallocation */
if ((info->port = OPENSSL_strdup(server_port)) == NULL)
@@ -2314,10 +2296,10 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
}
#endif
if (!setup_protection_ctx(ctx, engine))
if (!setup_protection_ctx(ctx))
goto err;
if (!setup_request_ctx(ctx, engine))
if (!setup_request_ctx(ctx))
goto err;
if (!set_name(opt_recipient, OSSL_CMP_CTX_set1_recipient, ctx, "recipient")
@@ -3069,11 +3051,6 @@ static int get_opts(int argc, char **argv)
case OPT_OTHERPASS:
opt_otherpass = opt_str();
break;
#ifndef OPENSSL_NO_ENGINE
case OPT_ENGINE:
opt_engine = opt_str();
break;
#endif
case OPT_PROV_CASES:
if (!opt_provider(o))
goto opthelp;
@@ -3606,7 +3583,6 @@ int cmp_main(int argc, char **argv)
char *configfile = NULL;
int i;
X509 *newcert = NULL;
ENGINE *engine = NULL;
int ret = 0; /* default: failure */
if (!handle_opts_upfront(argc, argv))
@@ -3672,15 +3648,6 @@ int cmp_main(int argc, char **argv)
if (opt_batch)
set_base_ui_method(UI_null());
if (opt_engine != NULL) {
engine = setup_engine_methods(opt_engine,
0 /* not: ENGINE_METHOD_ALL */, 0);
if (engine == NULL) {
CMP_err1("cannot load engine %s", opt_engine);
goto err;
}
}
OSSL_CMP_CTX_set_log_verbosity(cmp_ctx, opt_verbosity);
if (!OSSL_CMP_CTX_set_log_cb(cmp_ctx, print_to_bio_out)) {
CMP_err1("cannot set up error reporting and logging for %s", prog);
@@ -3740,7 +3707,7 @@ int cmp_main(int argc, char **argv)
OSSL_CMP_SRV_CTX *srv_ctx;
OSSL_CMP_CTX *srv_cmp_ctx;
if ((srv_ctx = setup_srv_ctx(engine)) == NULL)
if ((srv_ctx = setup_srv_ctx()) == NULL)
goto err;
OSSL_CMP_CTX_set_transfer_cb_arg(cmp_ctx /* of client */, srv_ctx);
@@ -3791,7 +3758,7 @@ int cmp_main(int argc, char **argv)
CMP_warn("-use_mock_srv option is not used if enough filenames given for -rspin");
}
if (!setup_client_ctx(cmp_ctx, engine)) {
if (!setup_client_ctx(cmp_ctx)) {
CMP_err("cannot set up CMP context");
goto err;
}
@@ -3935,7 +3902,6 @@ int cmp_main(int argc, char **argv)
#endif
}
X509_VERIFY_PARAM_free(vpm);
release_engine(engine);
NCONF_free(conf); /* must not do as long as opt_... variables are used */
OSSL_CMP_log_close();

14
apps/cms.c
View File

@@ -89,7 +89,7 @@ typedef enum OPTION_choice {
OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP,
OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM,
OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP,
OPT_3DES_WRAP, OPT_WRAP, OPT_ENGINE,
OPT_3DES_WRAP, OPT_WRAP,
OPT_R_ENUM,
OPT_PROV_ENUM, OPT_CONFIG,
OPT_V_ENUM,
@@ -161,9 +161,6 @@ const OPTIONS cms_options[] = {
{"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
{"keyform", OPT_KEYFORM, 'f',
"Input private key format (ENGINE, other values ignored)"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
#endif
OPT_PROV_OPTIONS,
OPT_R_OPTIONS,
@@ -313,7 +310,6 @@ int cms_main(int argc, char **argv)
BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
CMS_ContentInfo *cms = NULL, *rcms = NULL;
CMS_ReceiptRequest *rr = NULL;
ENGINE *e = NULL;
EVP_PKEY *key = NULL;
EVP_CIPHER *cipher = NULL, *wrap_cipher = NULL, *kekcipher = NULL;
EVP_MD *sign_md = NULL;
@@ -599,9 +595,6 @@ int cms_main(int argc, char **argv)
goto opthelp;
}
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
@@ -962,7 +955,7 @@ int cms_main(int argc, char **argv)
}
if (keyfile != NULL) {
key = load_key(keyfile, keyform, 0, passin, e, "signing key");
key = load_key(keyfile, keyform, 0, passin, "signing key");
if (key == NULL)
goto end;
}
@@ -1220,7 +1213,7 @@ int cms_main(int argc, char **argv)
ret = 2;
goto end;
}
key = load_key(keyfile, keyform, 0, passin, e, "signing key");
key = load_key(keyfile, keyform, 0, passin, "signing key");
if (key == NULL) {
ret = 2;
goto end;
@@ -1439,7 +1432,6 @@ int cms_main(int argc, char **argv)
EVP_MD_free(sign_md);
CMS_ContentInfo_free(cms);
CMS_ContentInfo_free(rcms);
release_engine(e);
BIO_free(rctin);
BIO_free(in);
BIO_free(indata);

2
apps/crl.c
View File

@@ -265,7 +265,7 @@ int crl_main(int argc, char **argv)
newcrl = load_crl(crldiff, informat, 0, "other CRL");
if (!newcrl)
goto end;
pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");
pkey = load_key(keyfile, keyformat, 0, NULL, "CRL signing key");
if (pkey == NULL) {
X509_CRL_free(newcrl);
goto end;

47
apps/dgst.c
View File

@@ -42,7 +42,7 @@ typedef enum OPTION_choice {
OPT_COMMON,
OPT_LIST,
OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM,
OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
OPT_HMAC, OPT_HMAC_ENV, OPT_HMAC_STDIN, OPT_MAC, OPT_SIGOPT, OPT_MACOPT, OPT_XOFLEN,
OPT_DIGEST,
@@ -55,11 +55,6 @@ const OPTIONS dgst_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
{"list", OPT_LIST, '-', "List digests"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
{"engine_impl", OPT_ENGINE_IMPL, '-',
"Also use engine given by -engine for digest operations"},
#endif
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
OPT_SECTION("Output"),
@@ -99,7 +94,6 @@ const OPTIONS dgst_options[] = {
int dgst_main(int argc, char **argv)
{
BIO *in = NULL, *inp = NULL, *bmd = NULL, *out = NULL;
ENGINE *e = NULL, *impl = NULL;
EVP_PKEY *sigkey = NULL;
STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
char *hmac_key = NULL;
@@ -117,7 +111,6 @@ int dgst_main(int argc, char **argv)
int i, ret = EXIT_FAILURE, out_bin = -1, want_pub = 0, do_verify = 0;
int xoflen = 0;
unsigned char *buf = NULL, *sigbuf = NULL;
int engine_impl = 0;
struct doall_dgst_digests dec;
EVP_MD_CTX *signctx = NULL;
int oneshot_sign = 0;
@@ -183,12 +176,6 @@ int dgst_main(int argc, char **argv)
if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
goto opthelp;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_ENGINE_IMPL:
engine_impl = 1;
break;
case OPT_HEX:
out_bin = 0;
break;
@@ -282,8 +269,6 @@ int dgst_main(int argc, char **argv)
"No signature to verify: use the -signature option\n");
goto end;
}
if (engine_impl)
impl = e;
in = BIO_new(BIO_s_file());
bmd = BIO_new(BIO_f_md());
@@ -319,9 +304,9 @@ int dgst_main(int argc, char **argv)
if (keyfile != NULL) {
if (want_pub)
sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "public key");
sigkey = load_pubkey(keyfile, keyform, 0, NULL, "public key");
else
sigkey = load_key(keyfile, keyform, 0, passin, e, "private key");
sigkey = load_key(keyfile, keyform, 0, passin, "private key");
if (sigkey == NULL) {
/*
* load_[pub]key() has already printed an appropriate message
@@ -344,7 +329,7 @@ int dgst_main(int argc, char **argv)
if (mac_name != NULL) {
EVP_PKEY_CTX *mac_ctx = NULL;
if (!init_gen_str(&mac_ctx, mac_name, impl, 0, NULL, NULL))
if (!init_gen_str(&mac_ctx, mac_name, 0, NULL, NULL))
goto end;
if (macopts != NULL) {
for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
@@ -359,7 +344,6 @@ int dgst_main(int argc, char **argv)
}
sigkey = app_keygen(mac_ctx, mac_name, 0, 0 /* not verbose */);
/* Verbose output would make external-tests gost-engine fail */
EVP_PKEY_CTX_free(mac_ctx);
if (sigkey == NULL)
goto end;
@@ -370,7 +354,7 @@ int dgst_main(int argc, char **argv)
md = (EVP_MD *)EVP_sha256();
digestname = SN_sha256;
}
sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
(unsigned char *)hmac_key,
strlen(hmac_key));
if (sigkey == NULL)
@@ -389,19 +373,13 @@ int dgst_main(int argc, char **argv)
goto end;
}
if (do_verify)
if (impl == NULL)
res = EVP_DigestVerifyInit_ex(mctx, &pctx, digestname,
app_get0_libctx(),
app_get0_propq(), sigkey, NULL);
else
res = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
res = EVP_DigestVerifyInit_ex(mctx, &pctx, digestname,
app_get0_libctx(),
app_get0_propq(), sigkey, NULL);
else
if (impl == NULL)
res = EVP_DigestSignInit_ex(mctx, &pctx, digestname,
app_get0_libctx(),
app_get0_propq(), sigkey, NULL);
else
res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
res = EVP_DigestSignInit_ex(mctx, &pctx, digestname,
app_get0_libctx(),
app_get0_propq(), sigkey, NULL);
if (res == 0) {
BIO_printf(bio_err, "Error setting context\n");
goto end;
@@ -432,7 +410,7 @@ int dgst_main(int argc, char **argv)
}
if (md == NULL)
md = (EVP_MD *)EVP_sha256();
if (!EVP_DigestInit_ex(mctx, md, impl)) {
if (!EVP_DigestInit_ex(mctx, md, NULL)) {
BIO_printf(bio_err, "Error setting digest\n");
goto end;
}
@@ -534,7 +512,6 @@ int dgst_main(int argc, char **argv)
sk_OPENSSL_STRING_pop_free(macopts, clear_free);
OPENSSL_free(sigbuf);
BIO_free(bmd);
release_engine(e);
return ret;
}

10
apps/dhparam.c
View File

@@ -37,7 +37,7 @@ static int verbose = 1;
typedef enum OPTION_choice {
OPT_COMMON,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT,
OPT_CHECK, OPT_TEXT, OPT_NOOUT,
OPT_DSAPARAM, OPT_2, OPT_3, OPT_5, OPT_VERBOSE, OPT_QUIET,
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
@@ -52,9 +52,6 @@ const OPTIONS dhparam_options[] = {
{"dsaparam", OPT_DSAPARAM, '-',
"Read or generate DSA parameters, convert to DH"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
#endif
OPT_SECTION("Input"),
{"in", OPT_IN, '<', "Input file"},
@@ -85,7 +82,6 @@ int dhparam_main(int argc, char **argv)
EVP_PKEY *pkey = NULL, *tmppkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
char *infile = NULL, *outfile = NULL, *prog;
ENGINE *e = NULL;
int dsaparam = 0;
int text = 0, ret = 1, num = 0, g = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, check = 0, noout = 0;
@@ -117,9 +113,6 @@ int dhparam_main(int argc, char **argv)
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_CHECK:
check = 1;
break;
@@ -362,7 +355,6 @@ int dhparam_main(int argc, char **argv)
EVP_PKEY_free(pkey);
EVP_PKEY_free(tmppkey);
EVP_PKEY_CTX_free(ctx);
release_engine(e);
return ret;
}

14
apps/dsa.c
View File

@@ -34,7 +34,7 @@
typedef enum OPTION_choice {
OPT_COMMON,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
/* Do not change the order here; see case statements below */
OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN,
@@ -51,9 +51,6 @@ const OPTIONS dsa_options[] = {
{"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
{"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
#endif
OPT_SECTION("Input"),
{"in", OPT_IN, 's', "Input key"},
@@ -77,7 +74,6 @@ const OPTIONS dsa_options[] = {
int dsa_main(int argc, char **argv)
{
BIO *out = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
EVP_CIPHER *enc = NULL;
char *infile = NULL, *outfile = NULL, *prog;
@@ -120,9 +116,6 @@ int dsa_main(int argc, char **argv)
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
@@ -176,9 +169,9 @@ int dsa_main(int argc, char **argv)
BIO_printf(bio_err, "read DSA key\n");
if (pubin)
pkey = load_pubkey(infile, informat, 1, passin, e, "public key");
pkey = load_pubkey(infile, informat, 1, passin, "public key");
else
pkey = load_key(infile, informat, 1, passin, e, "private key");
pkey = load_key(infile, informat, 1, passin, "private key");
if (pkey == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
@@ -300,7 +293,6 @@ int dsa_main(int argc, char **argv)
BIO_free_all(out);
EVP_PKEY_free(pkey);
EVP_CIPHER_free(enc);
release_engine(e);
OPENSSL_free(passin);
OPENSSL_free(passout);
return ret;

10
apps/dsaparam.c
View File

@@ -27,7 +27,7 @@ static int verbose = 0;
typedef enum OPTION_choice {
OPT_COMMON,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT,
OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_VERBOSE, OPT_QUIET,
OPT_NOOUT, OPT_GENKEY, OPT_VERBOSE, OPT_QUIET,
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
@@ -36,9 +36,6 @@ const OPTIONS dsaparam_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
#endif
OPT_SECTION("Input"),
{"in", OPT_IN, '<', "Input file"},
@@ -64,7 +61,6 @@ const OPTIONS dsaparam_options[] = {
int dsaparam_main(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *out = NULL;
EVP_PKEY *params = NULL, *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
@@ -100,9 +96,6 @@ int dsaparam_main(int argc, char **argv)
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_TEXT:
text = 1;
break;
@@ -253,6 +246,5 @@ int dsaparam_main(int argc, char **argv)
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
EVP_PKEY_free(params);
release_engine(e);
return ret;
}

16
apps/ec.c
View File

@@ -23,7 +23,7 @@
typedef enum OPTION_choice {
OPT_COMMON,
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
OPT_NOOUT, OPT_TEXT, OPT_PARAM_OUT, OPT_PUBIN, OPT_PUBOUT,
OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER,
OPT_NO_PUBLIC, OPT_CHECK, OPT_PROV_ENUM
@@ -32,13 +32,10 @@ typedef enum OPTION_choice {
const OPTIONS ec_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_SECTION("Input"),
{"in", OPT_IN, 's', "Input file"},
{"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)"},
{"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12)"},
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"check", OPT_CHECK, '-', "check key consistency"},
@@ -68,7 +65,6 @@ int ec_main(int argc, char **argv)
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *eckey = NULL;
BIO *out = NULL;
ENGINE *e = NULL;
EVP_CIPHER *enc = NULL;
char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
@@ -128,9 +124,6 @@ int ec_main(int argc, char **argv)
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_CIPHER:
ciphername = opt_unknown();
break;
@@ -171,9 +164,9 @@ int ec_main(int argc, char **argv)
}
if (pubin)
eckey = load_pubkey(infile, informat, 1, passin, e, "public key");
eckey = load_pubkey(infile, informat, 1, passin, "public key");
else
eckey = load_key(infile, informat, 1, passin, e, "private key");
eckey = load_key(infile, informat, 1, passin, "private key");
if (eckey == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
@@ -278,7 +271,6 @@ end:
OSSL_ENCODER_CTX_free(ectx);
OSSL_DECODER_CTX_free(dctx);
EVP_PKEY_CTX_free(pctx);
release_engine(e);
if (passin != NULL)
OPENSSL_clear_free(passin, strlen(passin));
if (passout != NULL)

10
apps/ecparam.c
View File

@@ -25,7 +25,7 @@ typedef enum OPTION_choice {
OPT_COMMON,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT,
OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME,
OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE, OPT_CHECK_NAMED,
OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_CHECK_NAMED,
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
@@ -34,9 +34,6 @@ const OPTIONS ecparam_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"list_curves", OPT_LIST_CURVES, '-',
"Prints a list of all curve 'short names'"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"genkey", OPT_GENKEY, '-', "Generate ec key"},
{"in", OPT_IN, '<', "Input file - default stdin"},
@@ -95,7 +92,6 @@ int ecparam_main(int argc, char **argv)
EVP_PKEY *params_key = NULL, *key = NULL;
OSSL_ENCODER_CTX *ectx_key = NULL, *ectx_params = NULL;
OSSL_DECODER_CTX *dctx_params = NULL;
ENGINE *e = NULL;
BIO *out = NULL;
char *curve_name = NULL;
char *asn1_encoding = NULL;
@@ -175,9 +171,6 @@ int ecparam_main(int argc, char **argv)
if (!opt_provider(o))
goto end;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
}
}
@@ -345,7 +338,6 @@ int ecparam_main(int argc, char **argv)
end:
if (ret != 0)
ERR_print_errors(bio_err);
release_engine(e);
EVP_PKEY_free(params_key);
EVP_PKEY_free(key);
EVP_PKEY_CTX_free(pctx);

12
apps/enc.c
View File

@@ -45,7 +45,7 @@ struct doall_enc_ciphers {
typedef enum OPTION_choice {
OPT_COMMON,
OPT_LIST,
OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V,
OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_D, OPT_P, OPT_V,
OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
OPT_UPPER_S, OPT_IV, OPT_MD, OPT_ITER, OPT_PBKDF2, OPT_CIPHER,
@@ -64,9 +64,6 @@ const OPTIONS enc_options[] = {
{"d", OPT_D, '-', "Decrypt"},
{"p", OPT_P, '-', "Print the iv/key"},
{"P", OPT_UPPER_P, '-', "Print the iv/key and exit"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_SECTION("Input"),
{"in", OPT_IN, '<', "Input file"},
@@ -119,7 +116,6 @@ int enc_main(int argc, char **argv)
{
static char buf[128];
static const char magic[] = "Salted__";
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
NULL, *wbio = NULL;
EVP_CIPHER_CTX *ctx = NULL;
@@ -211,9 +207,6 @@ int enc_main(int argc, char **argv)
case OPT_PASS:
passarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_D:
enc = 0;
break;
@@ -667,7 +660,7 @@ int enc_main(int argc, char **argv)
EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
if (rawkey_set) {
if (!EVP_CipherInit_ex(ctx, cipher, e, key,
if (!EVP_CipherInit_ex(ctx, cipher, NULL, key,
(hiv == NULL && wrap == 1 ? NULL : iv), enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_get0_name(cipher));
@@ -792,7 +785,6 @@ int enc_main(int argc, char **argv)
#endif
BIO_free(bbrot);
BIO_free(bzstd);
release_engine(e);
OPENSSL_free(pass);
return ret;
}

10
apps/gendsa.c
View File

@@ -24,7 +24,7 @@
typedef enum OPTION_choice {
OPT_COMMON,
OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER, OPT_VERBOSE, OPT_QUIET,
OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_VERBOSE, OPT_QUIET,
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
@@ -33,9 +33,6 @@ const OPTIONS gendsa_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_SECTION("Output"),
{"out", OPT_OUT, '>', "Output the key to the specified file"},
@@ -53,7 +50,6 @@ const OPTIONS gendsa_options[] = {
int gendsa_main(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *out = NULL, *in = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
@@ -82,9 +78,6 @@ int gendsa_main(int argc, char **argv)
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
@@ -166,7 +159,6 @@ int gendsa_main(int argc, char **argv)
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx);
EVP_CIPHER_free(enc);
release_engine(e);
OPENSSL_free(passout);
return ret;
}

36
apps/genpkey.c
View File

@@ -17,11 +17,11 @@
static int verbose = 0;
static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file,
OSSL_LIB_CTX *libctx, const char *propq);
typedef enum OPTION_choice {
OPT_COMMON,
OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER,
OPT_VERBOSE, OPT_QUIET, OPT_CONFIG, OPT_OUTPUBKEY,
OPT_PROV_ENUM, OPT_R_ENUM
@@ -30,9 +30,6 @@ typedef enum OPTION_choice {
const OPTIONS genpkey_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"paramfile", OPT_PARAMFILE, '<', "Parameters file"},
{"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"},
{"verbose", OPT_VERBOSE, '-', "Output status while generating keys"},
@@ -107,7 +104,6 @@ int genpkey_main(int argc, char **argv)
{
CONF *conf = NULL;
BIO *mem_out = NULL, *mem_outpubkey = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
char *outfile = NULL, *passarg = NULL, *pass = NULL, *prog, *p;
@@ -150,9 +146,6 @@ int genpkey_main(int argc, char **argv)
case OPT_PASS:
passarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PARAMFILE:
if (do_param == 1)
goto opthelp;
@@ -205,11 +198,11 @@ int genpkey_main(int argc, char **argv)
/* Fetch cipher, etc. */
if (paramfile != NULL) {
if (!init_keygen_file(&ctx, paramfile, e, libctx, app_get0_propq()))
if (!init_keygen_file(&ctx, paramfile, libctx, app_get0_propq()))
goto end;
}
if (algname != NULL) {
if (!init_gen_str(&ctx, algname, e, do_param, libctx, app_get0_propq()))
if (!init_gen_str(&ctx, algname, do_param, libctx, app_get0_propq()))
goto end;
}
if (ctx == NULL)
@@ -317,13 +310,12 @@ int genpkey_main(int argc, char **argv)
EVP_CIPHER_free(cipher);
BIO_free_all(mem_out);
BIO_free_all(mem_outpubkey);
release_engine(e);
OPENSSL_free(pass);
NCONF_free(conf);
return ret;
}
static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file,
OSSL_LIB_CTX *libctx, const char *propq)
{
BIO *pbio;
@@ -348,10 +340,7 @@ static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
return 0;
}
if (e != NULL)
ctx = EVP_PKEY_CTX_new(pkey, e);
else
ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
if (ctx == NULL)
goto err;
if (EVP_PKEY_keygen_init(ctx) <= 0)
@@ -370,26 +359,17 @@ static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
}
int init_gen_str(EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param,
const char *algname, int do_param,
OSSL_LIB_CTX *libctx, const char *propq)
{
EVP_PKEY_CTX *ctx = NULL;
#ifndef OPENSSL_NO_DEPRECATED_3_6
int pkey_id;
#endif
if (*pctx) {
BIO_puts(bio_err, "Algorithm already set!\n");
return 0;
}
#ifndef OPENSSL_NO_DEPRECATED_3_6
pkey_id = get_legacy_pkey_id(libctx, algname, e);
if (pkey_id != NID_undef)
ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
else
#endif
ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, propq);
ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, propq);
if (ctx == NULL)
goto err;

12
apps/genrsa.c
View File

@@ -34,7 +34,7 @@ typedef enum OPTION_choice {
#ifndef OPENSSL_NO_DEPRECATED_3_0
OPT_3,
#endif
OPT_F4, OPT_ENGINE,
OPT_F4,
OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES, OPT_VERBOSE, OPT_QUIET,
OPT_R_ENUM, OPT_PROV_ENUM, OPT_TRADITIONAL
} OPTION_CHOICE;
@@ -44,9 +44,6 @@ const OPTIONS genrsa_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_SECTION("Input"),
#ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -76,7 +73,6 @@ const OPTIONS genrsa_options[] = {
int genrsa_main(int argc, char **argv)
{
BN_GENCB *cb = BN_GENCB_new();
ENGINE *eng = NULL;
BIGNUM *bn = BN_new();
BIO *out = NULL;
EVP_PKEY *pkey = NULL;
@@ -116,9 +112,6 @@ opthelp:
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
eng = setup_engine(opt_arg(), 0);
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
@@ -179,7 +172,7 @@ opthelp:
if (out == NULL)
goto end;
if (!init_gen_str(&ctx, "RSA", eng, 0, app_get0_libctx(),
if (!init_gen_str(&ctx, "RSA", 0, app_get0_libctx(),
app_get0_propq()))
goto end;
@@ -242,7 +235,6 @@ opthelp:
EVP_PKEY_free(pkey);
EVP_CIPHER_free(enc);
BIO_free_all(out);
release_engine(eng);
OPENSSL_free(passout);
if (ret != 0)
ERR_print_errors(bio_err);

16
apps/include/apps.h
View File

@@ -35,7 +35,6 @@
# include "opt.h"
# include "fmt.h"
# include "platform.h"
# include "engine_loader.h"
# include "app_libctx.h"
/*
@@ -129,10 +128,10 @@ X509_CRL *load_crl(const char *uri, int format, int maybe_stdin,
void cleanse(char *str);
void clear_free(char *str);
EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *desc);
const char *pass, const char *desc);
/* first try reading public key, on failure resort to loading private key */
EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *desc);
const char *pass, const char *desc);
EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin,
const char *keytype, const char *desc);
EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin,
@@ -178,18 +177,9 @@ __owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
# endif
ENGINE *setup_engine_methods(const char *id, unsigned int methods, int debug);
# define setup_engine(e, debug) setup_engine_methods(e, (unsigned int)-1, debug)
void release_engine(ENGINE *e);
int init_engine(ENGINE *e);
int finish_engine(ENGINE *e);
char *make_engine_uri(ENGINE *e, const char *key_id, const char *desc);
# ifndef OPENSSL_NO_DEPRECATED_3_6
int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e);
# endif
const EVP_MD *get_digest_from_engine(const char *name);
const EVP_CIPHER *get_cipher_from_engine(const char *name);
# ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, const char *host,
@@ -281,7 +271,7 @@ int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
int x509_ctrl_string(X509 *x, const char *value);
int x509_req_ctrl_string(X509_REQ *x, const char *value);
int init_gen_str(EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param,
const char *algname, int do_param,
OSSL_LIB_CTX *libctx, const char *propq);
int cert_matches_key(const X509 *cert, const EVP_PKEY *pkey);
int do_X509_sign(X509 *x, int force_v1, EVP_PKEY *pkey, const char *md,

21
apps/include/engine_loader.h
View File

@@ -1,21 +0,0 @@
/*
* Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_ENGINE_LOADER_H
# define HEADER_ENGINE_LOADER_H
# include <openssl/store.h>
/* this is a private URI scheme */
# define ENGINE_SCHEME "org.openssl.engine"
# define ENGINE_SCHEME_COLON ENGINE_SCHEME ":"
int setup_engine_loader(void);
void destroy_engine_loader(void);
#endif

9
apps/include/opt.h
View File

@@ -383,11 +383,10 @@ typedef struct string_int_pair_st {
# define OPT_FMT_ASN1 (OPT_FMT_PEM | OPT_FMT_DER | OPT_FMT_B64)
# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)
# define OPT_FMT_ANY ( \
OPT_FMT_PEM | OPT_FMT_DER | OPT_FMT_B64 | \
OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \
OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
# define OPT_FMT_ANY (OPT_FMT_PEM | OPT_FMT_DER | OPT_FMT_B64 | \
OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
OPT_FMT_MSBLOB | OPT_FMT_NSS | \
OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
/* Divide options into sections when displaying usage */
#define OPT_SECTION(sec) { OPT_SECTION_STR, 1, '-', sec " options:\n" }

7
apps/info.c
View File

@@ -13,7 +13,7 @@
typedef enum OPTION_choice {
OPT_COMMON,
OPT_CONFIGDIR, OPT_ENGINESDIR, OPT_MODULESDIR, OPT_DSOEXT, OPT_DIRNAMESEP,
OPT_CONFIGDIR, OPT_MODULESDIR, OPT_DSOEXT, OPT_DIRNAMESEP,
OPT_LISTSEP, OPT_SEEDS, OPT_CPUSETTINGS, OPT_WINDOWSCONTEXT
} OPTION_CHOICE;
@@ -24,7 +24,6 @@ const OPTIONS info_options[] = {
OPT_SECTION("Output"),
{"configdir", OPT_CONFIGDIR, '-', "Default configuration file directory"},
{"enginesdir", OPT_ENGINESDIR, '-', "Default engine module directory"},
{"modulesdir", OPT_MODULESDIR, '-',
"Default module directory (other than engine modules)"},
{"dsoext", OPT_DSOEXT, '-', "Configured extension for modules"},
@@ -58,10 +57,6 @@ opthelp:
type = OPENSSL_INFO_CONFIG_DIR;
dirty++;
break;
case OPT_ENGINESDIR:
type = OPENSSL_INFO_ENGINES_DIR;
dirty++;
break;
case OPT_MODULESDIR:
type = OPENSSL_INFO_MODULES_DIR;
dirty++;

18
apps/lib/apps.c
View File

@@ -15,12 +15,6 @@
# define _POSIX_C_SOURCE 2
#endif
#ifndef OPENSSL_NO_ENGINE
/* We need to use some deprecated APIs */
# define OPENSSL_SUPPRESS_DEPRECATED
# include <openssl/engine.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -558,41 +552,33 @@ void clear_free(char *str)
}
EVP_PKEY *load_key(const char *uri, int format, int may_stdin,
const char *pass, ENGINE *e, const char *desc)
const char *pass, const char *desc)
{
EVP_PKEY *pkey = NULL;
char *allocated_uri = NULL;
if (desc == NULL)
desc = "private key";
if (format == FORMAT_ENGINE)
uri = allocated_uri = make_engine_uri(e, uri, desc);
(void)load_key_certs_crls(uri, format, may_stdin, pass, desc, 0,
&pkey, NULL, NULL, NULL, NULL, NULL, NULL);
OPENSSL_free(allocated_uri);
return pkey;
}
/* first try reading public key, on failure resort to loading private key */
EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *desc)
const char *pass, const char *desc)
{
EVP_PKEY *pkey = NULL;
char *allocated_uri = NULL;
if (desc == NULL)
desc = "public key";
if (format == FORMAT_ENGINE)
uri = allocated_uri = make_engine_uri(e, uri, desc);
(void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc, 1,
NULL, &pkey, NULL, NULL, NULL, NULL, NULL);
if (pkey == NULL)
(void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc, 0,
&pkey, NULL, NULL, NULL, NULL, NULL, NULL);
OPENSSL_free(allocated_uri);
return pkey;
}

2
apps/lib/build.info
View File

@@ -10,7 +10,7 @@ ENDIF
# Source for libapps
$LIBAPPSSRC=apps.c apps_ui.c log.c opt.c fmt.c s_cb.c s_socket.c app_rand.c \
columns.c app_params.c names.c app_provider.c app_x509.c http_server.c \
engine.c engine_loader.c app_libctx.c apps_opt_printf.c
app_libctx.c apps_opt_printf.c
IF[{- !$disabled{apps} -}]
LIBS{noinst}=../libapps.a

195
apps/lib/engine.c
View File

@@ -1,195 +0,0 @@
/*
* Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* Here is a set of wrappers for the ENGINE API, which are no-ops when the
* ENGINE API is disabled / removed.
* We need to suppress deprecation warnings to make this work.
*/
#define OPENSSL_SUPPRESS_DEPRECATED
#include <string.h> /* strcmp */
#include <openssl/types.h> /* Ensure we have the ENGINE type, regardless */
#include <openssl/err.h>
#ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
#endif
#include "apps.h"
#ifndef OPENSSL_NO_ENGINE
/* Try to load an engine in a shareable library */
static ENGINE *try_load_engine(const char *engine)
{
ENGINE *e = NULL;
if ((e = ENGINE_by_id("dynamic")) != NULL) {
if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
|| !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
ENGINE_free(e);
e = NULL;
}
}
return e;
}
#endif
ENGINE *setup_engine_methods(const char *id, unsigned int methods, int debug)
{
ENGINE *e = NULL;
#ifndef OPENSSL_NO_ENGINE
if (id != NULL) {
if (strcmp(id, "auto") == 0) {
BIO_printf(bio_err, "Enabling auto ENGINE support\n");
ENGINE_register_all_complete();
return NULL;
}
if ((e = ENGINE_by_id(id)) == NULL
&& (e = try_load_engine(id)) == NULL) {
BIO_printf(bio_err, "Invalid engine \"%s\"\n", id);
ERR_print_errors(bio_err);
return NULL;
}
if (debug)
(void)ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0);
if (!ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0,
(void *)get_ui_method(), 0, 1)
|| !ENGINE_set_default(e, methods)) {
BIO_printf(bio_err, "Cannot use engine \"%s\"\n", ENGINE_get_id(e));
ERR_print_errors(bio_err);
ENGINE_free(e);
return NULL;
}
BIO_printf(bio_err, "Engine \"%s\" set.\n", ENGINE_get_id(e));
}
#endif
return e;
}
void release_engine(ENGINE *e)
{
#ifndef OPENSSL_NO_ENGINE
/* Free our "structural" reference. */
ENGINE_free(e);
#endif
}
int init_engine(ENGINE *e)
{
int rv = 1;
#ifndef OPENSSL_NO_ENGINE
rv = ENGINE_init(e);
#endif
return rv;
}
int finish_engine(ENGINE *e)
{
int rv = 1;
#ifndef OPENSSL_NO_ENGINE
rv = ENGINE_finish(e);
#endif
return rv;
}
char *make_engine_uri(ENGINE *e, const char *key_id, const char *desc)
{
char *new_uri = NULL;
#ifndef OPENSSL_NO_ENGINE
if (e == NULL) {
BIO_printf(bio_err, "No engine specified for loading %s\n", desc);
} else if (key_id == NULL) {
BIO_printf(bio_err, "No engine key id specified for loading %s\n", desc);
} else {
const char *engineid = ENGINE_get_id(e);
size_t uri_sz =
sizeof(ENGINE_SCHEME_COLON) - 1
+ strlen(engineid)
+ 1 /* : */
+ strlen(key_id)
+ 1 /* \0 */
;
new_uri = OPENSSL_malloc(uri_sz);
if (new_uri != NULL) {
OPENSSL_strlcpy(new_uri, ENGINE_SCHEME_COLON, uri_sz);
OPENSSL_strlcat(new_uri, engineid, uri_sz);
OPENSSL_strlcat(new_uri, ":", uri_sz);
OPENSSL_strlcat(new_uri, key_id, uri_sz);
}
}
#else
BIO_printf(bio_err, "Engines not supported for loading %s\n", desc);
#endif
return new_uri;
}
#ifndef OPENSSL_NO_DEPRECATED_3_6
int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e)
{
const EVP_PKEY_ASN1_METHOD *ameth;
ENGINE *tmpeng = NULL;
int pkey_id = NID_undef;
ERR_set_mark();
ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
#if !defined(OPENSSL_NO_ENGINE)
ENGINE_finish(tmpeng);
if (ameth == NULL && e != NULL)
ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
else
#endif
/* We're only interested if it comes from an ENGINE */
if (tmpeng == NULL)
ameth = NULL;
ERR_pop_to_mark();
if (ameth == NULL)
return NID_undef;
EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
return pkey_id;
}
#endif
const EVP_MD *get_digest_from_engine(const char *name)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *eng;
eng = ENGINE_get_digest_engine(OBJ_sn2nid(name));
if (eng != NULL) {
ENGINE_finish(eng);
return EVP_get_digestbyname(name);
}
#endif
return NULL;
}
const EVP_CIPHER *get_cipher_from_engine(const char *name)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *eng;
eng = ENGINE_get_cipher_engine(OBJ_sn2nid(name));
if (eng != NULL) {
ENGINE_finish(eng);
return EVP_get_cipherbyname(name);
}
#endif
return NULL;
}

202
apps/lib/engine_loader.c
View File

@@ -1,202 +0,0 @@
/*
* Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* Here is an STORE loader for ENGINE backed keys. It relies on deprecated
* functions, and therefore need to have deprecation warnings suppressed.
* This file is not compiled at all in a '--api=3 no-deprecated' configuration.
*/
#define OPENSSL_SUPPRESS_DEPRECATED
#include "internal/e_os.h"
#include "apps.h"
#ifndef OPENSSL_NO_ENGINE
# include <stdarg.h>
# include <string.h>
# include <openssl/engine.h>
# include <openssl/store.h>
/*
* Support for legacy private engine keys via the 'org.openssl.engine:' scheme
*
* org.openssl.engine:{engineid}:{keyid}
*
* Note: we ONLY support ENGINE_load_private_key() and ENGINE_load_public_key()
* Note 2: This scheme has a precedent in code in PKIX-SSH. for exactly
* this sort of purpose.
*/
/* Local definition of OSSL_STORE_LOADER_CTX */
struct ossl_store_loader_ctx_st {
ENGINE *e; /* Structural reference */
char *keyid;
int expected;
int loaded; /* 0 = key not loaded yet, 1 = key loaded */
};
static OSSL_STORE_LOADER_CTX *OSSL_STORE_LOADER_CTX_new(ENGINE *e, char *keyid)
{
OSSL_STORE_LOADER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx != NULL) {
ctx->e = e;
ctx->keyid = keyid;
}
return ctx;
}
static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx)
{
if (ctx != NULL) {
ENGINE_free(ctx->e);
OPENSSL_free(ctx->keyid);
OPENSSL_free(ctx);
}
}
static OSSL_STORE_LOADER_CTX *engine_open(const OSSL_STORE_LOADER *loader,
const char *uri,
const UI_METHOD *ui_method,
void *ui_data)
{
const char *p = uri, *q;
ENGINE *e = NULL;
char *keyid = NULL;
OSSL_STORE_LOADER_CTX *ctx = NULL;
if (!CHECK_AND_SKIP_CASE_PREFIX(p, ENGINE_SCHEME_COLON))
return NULL;
/* Look for engine ID */
q = strchr(p, ':');
if (q != NULL /* There is both an engine ID and a key ID */
&& p[0] != ':' /* The engine ID is at least one character */
&& q[1] != '\0') { /* The key ID is at least one character */
char engineid[256];
size_t engineid_l = q - p;
strncpy(engineid, p, engineid_l);
engineid[engineid_l] = '\0';
e = ENGINE_by_id(engineid);
keyid = OPENSSL_strdup(q + 1);
}
if (e != NULL && keyid != NULL)
ctx = OSSL_STORE_LOADER_CTX_new(e, keyid);
if (ctx == NULL) {
OPENSSL_free(keyid);
ENGINE_free(e);
}
return ctx;
}
static int engine_expect(OSSL_STORE_LOADER_CTX *ctx, int expected)
{
if (expected == 0
|| expected == OSSL_STORE_INFO_PUBKEY
|| expected == OSSL_STORE_INFO_PKEY) {
ctx->expected = expected;
return 1;
}
return 0;
}
static OSSL_STORE_INFO *engine_load(OSSL_STORE_LOADER_CTX *ctx,
const UI_METHOD *ui_method, void *ui_data)
{
EVP_PKEY *pkey = NULL, *pubkey = NULL;
OSSL_STORE_INFO *info = NULL;
if (ctx->loaded == 0) {
if (ENGINE_init(ctx->e)) {
if (ctx->expected == 0
|| ctx->expected == OSSL_STORE_INFO_PKEY)
pkey =
ENGINE_load_private_key(ctx->e, ctx->keyid,
(UI_METHOD *)ui_method, ui_data);
if ((pkey == NULL && ctx->expected == 0)
|| ctx->expected == OSSL_STORE_INFO_PUBKEY)
pubkey =
ENGINE_load_public_key(ctx->e, ctx->keyid,
(UI_METHOD *)ui_method, ui_data);
ENGINE_finish(ctx->e);
}
}
ctx->loaded = 1;
if (pubkey != NULL)
info = OSSL_STORE_INFO_new_PUBKEY(pubkey);
else if (pkey != NULL)
info = OSSL_STORE_INFO_new_PKEY(pkey);
if (info == NULL) {
EVP_PKEY_free(pkey);
EVP_PKEY_free(pubkey);
}
return info;
}
static int engine_eof(OSSL_STORE_LOADER_CTX *ctx)
{
return ctx->loaded != 0;
}
static int engine_error(OSSL_STORE_LOADER_CTX *ctx)
{
return 0;
}
static int engine_close(OSSL_STORE_LOADER_CTX *ctx)
{
OSSL_STORE_LOADER_CTX_free(ctx);
return 1;
}
int setup_engine_loader(void)
{
OSSL_STORE_LOADER *loader = NULL;
if ((loader = OSSL_STORE_LOADER_new(NULL, ENGINE_SCHEME)) == NULL
|| !OSSL_STORE_LOADER_set_open(loader, engine_open)
|| !OSSL_STORE_LOADER_set_expect(loader, engine_expect)
|| !OSSL_STORE_LOADER_set_load(loader, engine_load)
|| !OSSL_STORE_LOADER_set_eof(loader, engine_eof)
|| !OSSL_STORE_LOADER_set_error(loader, engine_error)
|| !OSSL_STORE_LOADER_set_close(loader, engine_close)
|| !OSSL_STORE_register_loader(loader)) {
OSSL_STORE_LOADER_free(loader);
loader = NULL;
}
return loader != NULL;
}
void destroy_engine_loader(void)
{
OSSL_STORE_LOADER *loader = OSSL_STORE_unregister_loader(ENGINE_SCHEME);
OSSL_STORE_LOADER_free(loader);
}
#else /* !OPENSSL_NO_ENGINE */
int setup_engine_loader(void)
{
return 0;
}
void destroy_engine_loader(void)
{
}
#endif

4
apps/lib/s_cb.c
View File

@@ -1126,10 +1126,10 @@ int load_excert(SSL_EXCERT **pexc)
return 0;
if (exc->keyfile != NULL) {
exc->key = load_key(exc->keyfile, exc->keyform,
0, NULL, NULL, "server key");
0, NULL, "server key");
} else {
exc->key = load_key(exc->certfile, exc->certform,
0, NULL, NULL, "server key");
0, NULL, "server key");
}
if (exc->key == NULL)
return 0;

44
apps/list.c
View File

@@ -1181,7 +1181,7 @@ static int is_md_available(const char *name)
return 1;
}
return propq != NULL || get_digest_from_engine(name) == NULL ? 0 : 1;
return 0;
}
static int is_cipher_available(const char *name)
@@ -1198,7 +1198,7 @@ static int is_cipher_available(const char *name)
return 1;
}
return propq != NULL || get_cipher_from_engine(name) == NULL ? 0 : 1;
return 0;
}
static void list_type(FUNC_TYPE ft, int one)
@@ -1443,24 +1443,6 @@ static void list_provider_info(void)
sk_OSSL_PROVIDER_free(providers);
}
#ifndef OPENSSL_NO_DEPRECATED_3_0
static void list_engines(void)
{
# ifndef OPENSSL_NO_ENGINE
ENGINE *e;
BIO_puts(bio_out, "Engines:\n");
e = ENGINE_get_first();
while (e) {
BIO_printf(bio_out, "%s\n", ENGINE_get_id(e));
e = ENGINE_get_next(e);
}
# else
BIO_puts(bio_out, "Engine support is disabled.\n");
# endif
}
#endif
static void list_disabled(void)
{
BIO_puts(bio_out, "Disabled algorithms:\n");
@@ -1521,9 +1503,6 @@ static void list_disabled(void)
#ifdef OPENSSL_NO_EC2M
BIO_puts(bio_out, "EC2M\n");
#endif
#if defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
BIO_puts(bio_out, "ENGINE\n");
#endif
#ifdef OPENSSL_NO_GOST
BIO_puts(bio_out, "GOST\n");
#endif
@@ -1639,9 +1618,6 @@ typedef enum HELPLIST_CHOICE {
# if !defined(OPENSSL_NO_TLS1_3)
OPT_TLS1_3,
# endif
#endif
#ifndef OPENSSL_NO_DEPRECATED_3_0
OPT_ENGINES,
#endif
OPT_PROV_ENUM
} HELPLIST_CHOICE;
@@ -1714,10 +1690,6 @@ const OPTIONS list_options[] = {
#endif
{"providers", OPT_PROVIDER_INFO, '-',
"List of provider information"},
#ifndef OPENSSL_NO_DEPRECATED_3_0
{"engines", OPT_ENGINES, '-',
"List of loaded engines"},
#endif
{"disabled", OPT_DISABLED, '-', "List of disabled features"},
{"options", OPT_OPTIONS, 's',
"List options for specified command"},
@@ -1767,9 +1739,6 @@ int list_main(int argc, char **argv)
unsigned int pk_method:1;
unsigned int store_loaders:1;
unsigned int provider_info:1;
#ifndef OPENSSL_NO_DEPRECATED_3_0
unsigned int engines:1;
#endif
unsigned int disabled:1;
unsigned int objects:1;
unsigned int options:1;
@@ -1879,11 +1848,6 @@ opthelp:
case OPT_PROVIDER_INFO:
todo.provider_info = 1;
break;
#ifndef OPENSSL_NO_DEPRECATED_3_0
case OPT_ENGINES:
todo.engines = 1;
break;
#endif
case OPT_DISABLED:
todo.disabled = 1;
break;
@@ -1997,10 +1961,6 @@ opthelp:
MAYBE_ADD_NL(list_store_loaders());
if (todo.provider_info)
MAYBE_ADD_NL(list_provider_info());
#ifndef OPENSSL_NO_DEPRECATED_3_0
if (todo.engines)
MAYBE_ADD_NL(list_engines());
#endif
if (todo.disabled)
MAYBE_ADD_NL(list_disabled());
if (todo.objects)

4
apps/ocsp.c
View File

@@ -598,7 +598,7 @@ int ocsp_main(int argc, char **argv)
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
rkey = load_key(rkeyfile, FORMAT_UNDEF, 0, passin, NULL,
rkey = load_key(rkeyfile, FORMAT_UNDEF, 0, passin,
"responder private key");
if (rkey == NULL)
goto end;
@@ -694,7 +694,7 @@ redo_accept:
"signer certificates"))
goto end;
}
key = load_key(keyfile, FORMAT_UNDEF, 0, NULL, NULL,
key = load_key(keyfile, FORMAT_UNDEF, 0, NULL,
"signer private key");
if (key == NULL)
goto end;

1
apps/openssl-vms.cnf
View File

@@ -311,7 +311,6 @@ default_tsa = tsa_config1 # the default TSA section
# These are used by the TSA reply generation only.
dir = sys\$disk:[.demoCA # TSA root directory
serial = $dir]tsaserial. # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional)
certs = $dir.cacert.pem] # Certificate chain to include in reply

8
apps/openssl.c
View File

@@ -20,9 +20,6 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
#endif
#include <openssl/err.h>
/* Needed to get the other O_xxx flags. */
#ifdef OPENSSL_SYS_VMS
@@ -65,12 +62,10 @@ static int apps_startup(void)
#endif
/* Set non-default library initialisation settings */
if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN
| OPENSSL_INIT_LOAD_CONFIG, NULL))
if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL))
return 0;
(void)setup_ui_method();
(void)setup_engine_loader();
/*
* NOTE: This is an undocumented feature required for testing only.
@@ -92,7 +87,6 @@ static void apps_shutdown(void)
{
app_providers_cleanup();
OSSL_LIB_CTX_free(app_get0_libctx());
destroy_engine_loader();
destroy_ui_method();
}

1
apps/openssl.cnf
View File

@@ -311,7 +311,6 @@ default_tsa = tsa_config1 # the default TSA section
# These are used by the TSA reply generation only.
dir = ./demoCA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional)
certs = $dir/cacert.pem # Certificate chain to include in reply

12
apps/pkcs12.c
View File

@@ -69,7 +69,7 @@ typedef enum OPTION_choice {
OPT_INKEY, OPT_CERTFILE, OPT_UNTRUSTED, OPT_PASSCERTS,
OPT_NAME, OPT_CSP, OPT_CANAME,
OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
OPT_CAFILE, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_ENGINE,
OPT_CAFILE, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE,
OPT_R_ENUM, OPT_PROV_ENUM, OPT_JDKTRUST, OPT_PBMAC1_PBKDF2, OPT_PBMAC1_PBKDF2_MD,
#ifndef OPENSSL_NO_DES
OPT_LEGACY_ALG
@@ -96,9 +96,6 @@ const OPTIONS pkcs12_options[] = {
"Use legacy encryption: 3DES_CBC for keys, RC2_CBC for certs"
# endif
},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_PROV_OPTIONS,
OPT_R_OPTIONS,
@@ -183,7 +180,6 @@ int pkcs12_main(int argc, char **argv)
char *cpass = NULL, *mpass = NULL, *badpass = NULL;
const char *CApath = NULL, *CAfile = NULL, *CAstore = NULL, *prog;
int noCApath = 0, noCAfile = 0, noCAstore = 0;
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
PKCS12 *p12 = NULL;
STACK_OF(OPENSSL_STRING) *canames = NULL;
@@ -364,9 +360,6 @@ int pkcs12_main(int argc, char **argv)
case OPT_NOCAFILE:
noCAfile = 1;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
#ifndef OPENSSL_NO_DES
case OPT_LEGACY_ALG:
use_legacy = 1;
@@ -557,7 +550,7 @@ int pkcs12_main(int argc, char **argv)
if (!(options & NOKEYS)) {
key = load_key(keyname ? keyname : infile,
FORMAT_PEM, 1, passin, e,
FORMAT_PEM, 1, passin,
keyname ?
"private key from -inkey file" :
"private key from -in file");
@@ -904,7 +897,6 @@ int pkcs12_main(int argc, char **argv)
ret = 0;
end:
PKCS12_free(p12);
release_engine(e);
BIO_free(in);
BIO_free_all(out);
sk_OPENSSL_STRING_free(canames);

10
apps/pkcs7.c
View File

@@ -24,15 +24,12 @@ typedef enum OPTION_choice {
OPT_COMMON,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT,
OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_QUIET,
OPT_ENGINE, OPT_PROV_ENUM
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS pkcs7_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_SECTION("Input"),
{"in", OPT_IN, '<', "Input file"},
@@ -55,7 +52,6 @@ const OPTIONS pkcs7_options[] = {
int pkcs7_main(int argc, char **argv)
{
ENGINE *e = NULL;
PKCS7 *p7 = NULL, *p7i;
BIO *in = NULL, *out = NULL;
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
@@ -105,9 +101,6 @@ int pkcs7_main(int argc, char **argv)
case OPT_QUIET:
quiet = 1;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
@@ -217,7 +210,6 @@ int pkcs7_main(int argc, char **argv)
ret = 0;
end:
PKCS7_free(p7);
release_engine(e);
BIO_free(in);
BIO_free_all(out);
return ret;

12
apps/pkcs8.c
View File

@@ -22,7 +22,7 @@
typedef enum OPTION_choice {
OPT_COMMON,
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT,
#ifndef OPENSSL_NO_SCRYPT
OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P,
@@ -36,9 +36,6 @@ typedef enum OPTION_choice {
const OPTIONS pkcs8_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"},
{"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"},
{"v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0"},
@@ -75,7 +72,6 @@ const OPTIONS pkcs8_options[] = {
int pkcs8_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
PKCS8_PRIV_KEY_INFO *p8inf = NULL;
X509_SIG *p8 = NULL;
@@ -171,9 +167,6 @@ int pkcs8_main(int argc, char **argv)
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
#ifndef OPENSSL_NO_SCRYPT
case OPT_SCRYPT:
scrypt_N = 16384;
@@ -229,7 +222,7 @@ int pkcs8_main(int argc, char **argv)
goto end;
if (topk8) {
pkey = load_key(infile, informat, 1, passin, e, "key");
pkey = load_key(infile, informat, 1, passin, "key");
if (pkey == NULL)
goto end;
if ((p8inf = EVP_PKEY2PKCS8(pkey)) == NULL) {
@@ -382,7 +375,6 @@ int pkcs8_main(int argc, char **argv)
PKCS8_PRIV_KEY_INFO_free(p8inf);
EVP_PKEY_free(pkey);
EVP_CIPHER_free(cipher);
release_engine(e);
BIO_free_all(out);
BIO_free(in);
OPENSSL_free(passin);

16
apps/pkey.c
View File

@@ -19,7 +19,7 @@
typedef enum OPTION_choice {
OPT_COMMON,
OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE,
OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT,
OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB,
OPT_TEXT, OPT_NOOUT, OPT_CIPHER, OPT_TRADITIONAL, OPT_CHECK, OPT_PUB_CHECK,
OPT_EC_PARAM_ENC, OPT_EC_CONV_FORM,
@@ -29,9 +29,6 @@ typedef enum OPTION_choice {
const OPTIONS pkey_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_PROV_OPTIONS,
{"check", OPT_CHECK, '-', "Check key consistency"},
@@ -68,7 +65,6 @@ const OPTIONS pkey_options[] = {
int pkey_main(int argc, char **argv)
{
BIO *out = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
EVP_CIPHER *cipher = NULL;
@@ -110,9 +106,6 @@ int pkey_main(int argc, char **argv)
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_IN:
infile = opt_arg();
break;
@@ -209,9 +202,9 @@ int pkey_main(int argc, char **argv)
}
if (pubin)
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
pkey = load_pubkey(infile, informat, 1, passin, "Public Key");
else
pkey = load_key(infile, informat, 1, passin, e, "key");
pkey = load_key(infile, informat, 1, passin, "key");
if (pkey == NULL)
goto end;
@@ -242,7 +235,7 @@ int pkey_main(int argc, char **argv)
if (check || pub_check) {
int r;
ctx = EVP_PKEY_CTX_new(pkey, e);
ctx = EVP_PKEY_CTX_new(pkey, NULL);
if (ctx == NULL) {
ERR_print_errors(bio_err);
goto end;
@@ -327,7 +320,6 @@ int pkey_main(int argc, char **argv)
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
EVP_CIPHER_free(cipher);
release_engine(e);
BIO_free_all(out);
OPENSSL_free(passin);
OPENSSL_free(passout);

17
apps/pkeyparam.c
View File

@@ -19,16 +19,13 @@
typedef enum OPTION_choice {
OPT_COMMON,
OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT,
OPT_ENGINE, OPT_CHECK,
OPT_CHECK,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS pkeyparam_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"check", OPT_CHECK, '-', "Check key param consistency"},
OPT_SECTION("Input"),
@@ -45,7 +42,6 @@ const OPTIONS pkeyparam_options[] = {
int pkeyparam_main(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
@@ -71,9 +67,6 @@ int pkeyparam_main(int argc, char **argv)
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_TEXT:
text = 1;
break;
@@ -109,11 +102,8 @@ int pkeyparam_main(int argc, char **argv)
goto end;
if (check) {
if (e == NULL)
ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), pkey,
app_get0_propq());
else
ctx = EVP_PKEY_CTX_new(pkey, e);
ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), pkey,
app_get0_propq());
if (ctx == NULL) {
ERR_print_errors(bio_err);
goto end;
@@ -145,7 +135,6 @@ int pkeyparam_main(int argc, char **argv)
end:
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
release_engine(e);
BIO_free_all(out);
BIO_free(in);

65
apps/pkeyutl.c
View File

@@ -22,16 +22,14 @@
static EVP_PKEY *get_pkey(const char *kdfalg,
const char *keyfile, int keyform, int key_type,
char *passinarg, int pkey_op, ENGINE *e);
char *passinarg, int pkey_op);
static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
int pkey_op, ENGINE *e,
const int engine_impl, int rawin,
int pkey_op, int rawin,
EVP_PKEY *pkey /* ownership is passed to ctx */,
EVP_MD_CTX *mctx, const char *digestname,
const char *kemop, OSSL_LIB_CTX *libctx, const char *propq);
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
ENGINE *e);
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file);
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
unsigned char *out, size_t *poutlen,
@@ -56,7 +54,7 @@ static int only_nomd(EVP_PKEY *pkey)
typedef enum OPTION_choice {
OPT_COMMON,
OPT_ENGINE, OPT_ENGINE_IMPL, OPT_IN, OPT_OUT,
OPT_IN, OPT_OUT,
OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN,
OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
@@ -70,11 +68,6 @@ typedef enum OPTION_choice {
const OPTIONS pkeyutl_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
{"engine_impl", OPT_ENGINE_IMPL, '-',
"Also use engine given by -engine for crypto operations"},
#endif
{"sign", OPT_SIGN, '-', "Sign input data with private key"},
{"verify", OPT_VERIFY, '-', "Verify with public key"},
{"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"},
@@ -90,7 +83,7 @@ const OPTIONS pkeyutl_options[] = {
{"pubin", OPT_PUBIN, '-', "Input key is a public key"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"},
{"peerform", OPT_PEERFORM, 'E', "Peer key format (DER/PEM/P12/ENGINE)"},
{"peerform", OPT_PEERFORM, 'E', "Peer key format (DER/PEM/P12)"},
{"certin", OPT_CERTIN, '-', "Input is a cert with a public key"},
{"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
{"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},
@@ -126,7 +119,6 @@ int pkeyutl_main(int argc, char **argv)
{
CONF *conf = NULL;
BIO *in = NULL, *out = NULL, *secout = NULL;
ENGINE *e = NULL;
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *pkey = NULL;
char *infile = NULL, *outfile = NULL, *secoutfile = NULL, *sigfile = NULL, *passinarg = NULL;
@@ -136,7 +128,6 @@ int pkeyutl_main(int argc, char **argv)
int buf_inlen = 0, siglen = -1;
int keyform = FORMAT_UNDEF, peerform = FORMAT_UNDEF;
int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
int engine_impl = 0;
int ret = 1, rv = -1;
size_t buf_outlen = 0, secretlen = 0;
const char *inkey = NULL;
@@ -175,9 +166,6 @@ int pkeyutl_main(int argc, char **argv)
case OPT_SIGFILE:
sigfile = opt_arg();
break;
case OPT_ENGINE_IMPL:
engine_impl = 1;
break;
case OPT_INKEY:
inkey = opt_arg();
break;
@@ -208,9 +196,6 @@ int pkeyutl_main(int argc, char **argv)
if (!opt_provider(o))
goto end;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PUBIN:
key_type = KEY_PUBKEY;
break;
@@ -317,7 +302,7 @@ int pkeyutl_main(int argc, char **argv)
goto opthelp;
}
pkey = get_pkey(kdfalg, inkey, keyform, key_type, passinarg, pkey_op, e);
pkey = get_pkey(kdfalg, inkey, keyform, key_type, passinarg, pkey_op);
if (key_type != KEY_NONE && pkey == NULL) {
BIO_printf(bio_err, "%s: Error loading key\n", prog);
goto end;
@@ -357,13 +342,13 @@ int pkeyutl_main(int argc, char **argv)
goto end;
}
}
ctx = init_ctx(kdfalg, &keysize, pkey_op, e, engine_impl, rawin, pkey,
ctx = init_ctx(kdfalg, &keysize, pkey_op, rawin, pkey,
mctx, digestname, kemop, libctx, app_get0_propq());
if (ctx == NULL) {
BIO_printf(bio_err, "%s: Error initializing context\n", prog);
goto end;
}
if (peerkey != NULL && !setup_peer(ctx, peerform, peerkey, e)) {
if (peerkey != NULL && !setup_peer(ctx, peerform, peerkey)) {
BIO_printf(bio_err, "%s: Error setting up peer key\n", prog);
goto end;
}
@@ -601,7 +586,6 @@ int pkeyutl_main(int argc, char **argv)
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
EVP_MD_free(md);
release_engine(e);
BIO_free(in);
BIO_free_all(out);
BIO_free_all(secout);
@@ -617,7 +601,7 @@ int pkeyutl_main(int argc, char **argv)
static EVP_PKEY *get_pkey(const char *kdfalg,
const char *keyfile, int keyform, int key_type,
char *passinarg, int pkey_op, ENGINE *e)
char *passinarg, int pkey_op)
{
EVP_PKEY *pkey = NULL;
char *passin = NULL;
@@ -635,11 +619,11 @@ static EVP_PKEY *get_pkey(const char *kdfalg,
}
switch (key_type) {
case KEY_PRIVKEY:
pkey = load_key(keyfile, keyform, 0, passin, e, "private key");
pkey = load_key(keyfile, keyform, 0, passin, "private key");
break;
case KEY_PUBKEY:
pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "public key");
pkey = load_pubkey(keyfile, keyform, 0, NULL, "public key");
break;
case KEY_CERT:
@@ -659,21 +643,14 @@ static EVP_PKEY *get_pkey(const char *kdfalg,
}
static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
int pkey_op, ENGINE *e,
const int engine_impl, int rawin,
int pkey_op, int rawin,
EVP_PKEY *pkey /* ownership is passed to ctx */,
EVP_MD_CTX *mctx, const char *digestname,
const char *kemop, OSSL_LIB_CTX *libctx, const char *propq)
{
EVP_PKEY_CTX *ctx = NULL;
ENGINE *impl = NULL;
int rv = -1;
#ifndef OPENSSL_NO_ENGINE
if (engine_impl)
impl = e;
#endif
if (kdfalg != NULL) {
int kdfnid = OBJ_sn2nid(kdfalg);
@@ -685,19 +662,13 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
return NULL;
}
}
if (impl != NULL)
ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
else
ctx = EVP_PKEY_CTX_new_from_name(libctx, kdfalg, propq);
ctx = EVP_PKEY_CTX_new_from_name(libctx, kdfalg, propq);
} else {
if (pkey == NULL)
return NULL;
*pkeysize = EVP_PKEY_get_size(pkey);
if (impl != NULL)
ctx = EVP_PKEY_CTX_new(pkey, impl);
else
ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
}
if (ctx == NULL)
@@ -766,17 +737,13 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
return ctx;
}
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
ENGINE *e)
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file)
{
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
EVP_PKEY *peer = NULL;
ENGINE *engine = NULL;
int ret = 1;
if (peerform == FORMAT_ENGINE)
engine = e;
peer = load_pubkey(file, peerform, 0, NULL, engine, "peer key");
peer = load_pubkey(file, peerform, 0, NULL, "peer key");
if (peer == NULL) {
BIO_printf(bio_err, "Error reading peer key %s\n", file);
return 0;

10
apps/rand.c
View File

@@ -20,7 +20,7 @@
typedef enum OPTION_choice {
OPT_COMMON,
OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX,
OPT_OUT, OPT_BASE64, OPT_HEX,
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
@@ -29,9 +29,6 @@ const OPTIONS rand_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_SECTION("Output"),
{"out", OPT_OUT, '>', "Output file"},
@@ -48,7 +45,6 @@ const OPTIONS rand_options[] = {
int rand_main(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *out = NULL;
char *outfile = NULL, *prog;
OPTION_CHOICE o;
@@ -73,9 +69,6 @@ int rand_main(int argc, char **argv)
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
@@ -223,7 +216,6 @@ int rand_main(int argc, char **argv)
if (ret != 0)
ERR_print_errors(bio_err);
OPENSSL_free(buf);
release_engine(e);
BIO_free_all(out);
return ret;
}

59
apps/req.c
View File

@@ -71,8 +71,7 @@ static int check_end(const char *str, const char *end);
static int join(char buf[], size_t buf_size, const char *name,
const char *tail, const char *desc);
static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
char **pkeytype, long *pkeylen,
ENGINE *keygen_engine);
char **pkeytype, long *pkeylen);
static const char *section = "req";
static CONF *req_conf = NULL;
@@ -82,7 +81,7 @@ static int batch = 0;
typedef enum OPTION_choice {
OPT_COMMON,
OPT_CIPHER,
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_KEYGEN_ENGINE, OPT_KEY,
OPT_INFORM, OPT_OUTFORM, OPT_KEY,
OPT_PUBKEY, OPT_NEW, OPT_CONFIG, OPT_KEYFORM, OPT_IN, OPT_OUT,
OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_NEWKEY,
OPT_PKEYOPT, OPT_SIGOPT, OPT_VFYOPT, OPT_BATCH, OPT_NEWHDR, OPT_MODULUS,
@@ -100,11 +99,6 @@ const OPTIONS req_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
{"cipher", OPT_CIPHER, 's', "Specify the cipher for private key encryption"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
{"keygen_engine", OPT_KEYGEN_ENGINE, 's',
"Specify engine to be used for key generation operations"},
#endif
{"in", OPT_IN, '<', "X.509 request input file (default stdin)"},
{"inform", OPT_INFORM, 'F',
"CSR input format to use (PEM or DER; by default try PEM first)"},
@@ -245,7 +239,6 @@ int req_main(int argc, char **argv)
{
ASN1_INTEGER *serial = NULL;
BIO *out = NULL;
ENGINE *e = NULL, *gen_eng = NULL;
EVP_PKEY *pkey = NULL, *CAkey = NULL;
EVP_PKEY_CTX *genctx = NULL;
STACK_OF(OPENSSL_STRING) *pkeyopts = NULL, *sigopts = NULL, *vfyopts = NULL;
@@ -298,18 +291,6 @@ int req_main(int argc, char **argv)
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_KEYGEN_ENGINE:
#ifndef OPENSSL_NO_ENGINE
gen_eng = setup_engine(opt_arg(), 0);
if (gen_eng == NULL) {
BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv);
goto opthelp;
}
#endif
break;
case OPT_KEY:
keyfile = opt_arg();
break;
@@ -624,7 +605,7 @@ int req_main(int argc, char **argv)
}
if (keyfile != NULL) {
pkey = load_key(keyfile, keyform, 0, passin, e, "private key");
pkey = load_key(keyfile, keyform, 0, passin, "private key");
if (pkey == NULL)
goto end;
app_RAND_load_conf(req_conf, section);
@@ -640,7 +621,7 @@ int req_main(int argc, char **argv)
if (!app_conf_try_number(req_conf, section, BITS, &newkey_len))
newkey_len = DEFAULT_KEY_LENGTH;
genctx = set_keygen_ctx(keyalg, &keyalgstr, &newkey_len, gen_eng);
genctx = set_keygen_ctx(keyalg, &keyalgstr, &newkey_len);
if (genctx == NULL)
goto end;
@@ -762,7 +743,7 @@ int req_main(int argc, char **argv)
"Warning: Ignoring -CAkey option since no -CA option is given\n");
} else {
if ((CAkey = load_key(CAkeyfile, FORMAT_UNDEF,
0, passin, e,
0, passin,
CAkeyfile != CAfile
? "issuer private key from -CAkey arg"
: "issuer private key from -CA arg")) == NULL)
@@ -1056,9 +1037,6 @@ int req_main(int argc, char **argv)
sk_OPENSSL_STRING_free(vfyopts);
lh_OPENSSL_STRING_doall(addexts, exts_cleanup);
lh_OPENSSL_STRING_free(addexts);
#ifndef OPENSSL_NO_ENGINE
release_engine(gen_eng);
#endif
OPENSSL_free(keyalgstr);
X509_REQ_free(req);
X509_NAME_free(fsubj);
@@ -1066,7 +1044,6 @@ int req_main(int argc, char **argv)
X509_free(CAcert);
EVP_PKEY_free(CAkey);
ASN1_INTEGER_free(serial);
release_engine(e);
if (passin != nofree_passin)
OPENSSL_free(passin);
if (passout != nofree_passout)
@@ -1484,8 +1461,7 @@ static int join(char buf[], size_t buf_size, const char *name,
}
static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
char **pkeytype, long *pkeylen,
ENGINE *keygen_engine)
char **pkeytype, long *pkeylen)
{
EVP_PKEY_CTX *gctx = NULL;
EVP_PKEY *param = NULL;
@@ -1601,28 +1577,13 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
return NULL;
}
if (keygen_engine != NULL)
gctx = EVP_PKEY_CTX_new(param, keygen_engine);
else
gctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
param, app_get0_propq());
gctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
param, app_get0_propq());
*pkeylen = EVP_PKEY_get_bits(param);
EVP_PKEY_free(param);
} else {
#ifndef OPENSSL_NO_DEPRECATED_3_6
if (keygen_engine != NULL) {
int pkey_id = get_legacy_pkey_id(app_get0_libctx(), *pkeytype,
keygen_engine);
if (pkey_id != NID_undef)
gctx = EVP_PKEY_CTX_new_id(pkey_id, keygen_engine);
} else {
#endif
gctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(),
*pkeytype, app_get0_propq());
#ifndef OPENSSL_NO_DEPRECATED_3_6
}
#endif
gctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(),
*pkeytype, app_get0_propq());
}
if (gctx == NULL) {

16
apps/rsa.c
View File

@@ -41,7 +41,7 @@
typedef enum OPTION_choice {
OPT_COMMON,
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
OPT_PUBIN, OPT_PUBOUT, OPT_PASSOUT, OPT_PASSIN,
OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT,
/* Do not change the order here; see case statements below */
@@ -55,13 +55,10 @@ const OPTIONS rsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"check", OPT_CHECK, '-', "Verify key consistency"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_SECTION("Input"),
{"in", OPT_IN, 's', "Input file"},
{"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)"},
{"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12)"},
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
{"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
@@ -121,7 +118,6 @@ static int try_legacy_encoding(EVP_PKEY *pkey, int outformat, int pubout,
int rsa_main(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *out = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx;
@@ -172,9 +168,6 @@ int rsa_main(int argc, char **argv)
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PUBIN:
pubin = 1;
break;
@@ -246,9 +239,9 @@ int rsa_main(int argc, char **argv)
tmpformat = informat;
}
pkey = load_pubkey(infile, tmpformat, 1, passin, e, "public key");
pkey = load_pubkey(infile, tmpformat, 1, passin, "public key");
} else {
pkey = load_key(infile, informat, 1, passin, e, "private key");
pkey = load_key(infile, informat, 1, passin, "private key");
}
if (pkey == NULL) {
@@ -403,7 +396,6 @@ int rsa_main(int argc, char **argv)
ret = 0;
end:
OSSL_ENCODER_CTX_free(ectx);
release_engine(e);
BIO_free_all(out);
EVP_PKEY_free(pkey);
EVP_CIPHER_free(enc);

14
apps/rsautl.c
View File

@@ -27,7 +27,7 @@
typedef enum OPTION_choice {
OPT_COMMON,
OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP,
OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP,
OPT_RSA_RAW, OPT_OAEP, OPT_PKCS, OPT_X931,
OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM,
@@ -41,9 +41,6 @@ const OPTIONS rsautl_options[] = {
{"verify", OPT_VERIFY, '-', "Verify with public key"},
{"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"},
{"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_SECTION("Input"),
{"in", OPT_IN, '<', "Input file"},
@@ -72,7 +69,6 @@ const OPTIONS rsautl_options[] = {
int rsautl_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
X509 *x;
@@ -107,9 +103,6 @@ int rsautl_main(int argc, char **argv)
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_ASN1PARSE:
asn1parse = 1;
break;
@@ -187,11 +180,11 @@ int rsautl_main(int argc, char **argv)
switch (key_type) {
case KEY_PRIVKEY:
pkey = load_key(keyfile, keyformat, 0, passin, e, "private key");
pkey = load_key(keyfile, keyformat, 0, passin, "private key");
break;
case KEY_PUBKEY:
pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "public key");
pkey = load_pubkey(keyfile, keyformat, 0, NULL, "public key");
break;
case KEY_CERT:
@@ -282,7 +275,6 @@ int rsautl_main(int argc, char **argv)
end:
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
release_engine(e);
BIO_free(in);
BIO_free_all(out);
OPENSSL_free(rsa_in);

39
apps/s_client.c
View File

@@ -483,12 +483,11 @@ typedef enum OPTION_choice {
OPT_CERT, OPT_CRL, OPT_CRL_DOWNLOAD, OPT_SESS_OUT, OPT_SESS_IN,
OPT_CERTFORM, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET,
OPT_BRIEF, OPT_PREXIT, OPT_NO_INTERACTIVE, OPT_CRLF, OPT_QUIET, OPT_NBIO,
OPT_SSL_CLIENT_ENGINE, OPT_IGN_EOF, OPT_NO_IGN_EOF,
OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_WDEBUG,
OPT_IGN_EOF, OPT_NO_IGN_EOF, OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_WDEBUG,
# ifndef OPENSSL_NO_OCSP
OPT_STATUS, OPT_STATUS_OCSP_CHECK_LEAF, OPT_STATUS_OCSP_CHECK_ALL,
# endif
OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG,
OPT_MSG, OPT_MSGFILE, OPT_TRACE, OPT_SECURITY_DEBUG,
OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE,
OPT_PSK_IDENTITY, OPT_PSK, OPT_PSK_SESS,
#ifndef OPENSSL_NO_SRP
@@ -530,11 +529,6 @@ const OPTIONS s_client_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
{"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's',
"Specify engine to be used for client certificate operations"},
#endif
{"ssl_config", OPT_SSL_CONFIG, 's', "Use specified section for SSL_CTX configuration"},
#ifndef OPENSSL_NO_CT
{"ct", OPT_CT, '-', "Request and parse SCTs (also enables OCSP stapling)"},
@@ -913,10 +907,6 @@ int s_client_main(int argc, char **argv)
int enable_timeouts = 0;
long socket_mtu = 0;
#endif
#ifndef OPENSSL_NO_ENGINE
ENGINE *ssl_client_engine = NULL;
#endif
ENGINE *e = NULL;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
struct timeval tv;
#endif
@@ -1175,18 +1165,6 @@ int s_client_main(int argc, char **argv)
case OPT_ADV:
cmdmode = USER_DATA_MODE_ADVANCED;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 1);
break;
case OPT_SSL_CLIENT_ENGINE:
#ifndef OPENSSL_NO_ENGINE
ssl_client_engine = setup_engine(opt_arg(), 0);
if (ssl_client_engine == NULL) {
BIO_printf(bio_err, "Error getting client auth engine\n");
goto opthelp;
}
#endif
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
@@ -1771,7 +1749,7 @@ int s_client_main(int argc, char **argv)
key_file = cert_file;
if (key_file != NULL) {
key = load_key(key_file, key_format, 0, pass, e,
key = load_key(key_file, key_format, 0, pass,
"client certificate private key");
if (key == NULL)
goto end;
@@ -1929,16 +1907,6 @@ int s_client_main(int argc, char **argv)
}
SSL_CTX_set0_CA_list(ctx, nm);
}
#ifndef OPENSSL_NO_ENGINE
if (ssl_client_engine) {
if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) {
BIO_puts(bio_err, "Error setting client auth engine\n");
release_engine(ssl_client_engine);
goto end;
}
release_engine(ssl_client_engine);
}
#endif
#ifndef OPENSSL_NO_PSK
if (psk_key != NULL) {
@@ -3344,7 +3312,6 @@ int s_client_main(int argc, char **argv)
OPENSSL_clear_free(sbuf, BUFSIZZ);
OPENSSL_clear_free(mbuf, BUFSIZZ);
clear_free(proxypass);
release_engine(e);
BIO_free(bio_c_out);
bio_c_out = NULL;
BIO_free(bio_c_msg);

17
apps/s_server.c
View File

@@ -939,7 +939,6 @@ static int not_resumable_sess_cb(SSL *s, int is_forward_secure)
typedef enum OPTION_choice {
OPT_COMMON,
OPT_ENGINE,
OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT,
OPT_VERIFY, OPT_NAMEOPT, OPT_UPPER_V_VERIFY, OPT_CONTEXT, OPT_CERT, OPT_CRL,
OPT_CRL_DOWNLOAD, OPT_SERVERINFO, OPT_CERTFORM, OPT_KEY, OPT_KEYFORM,
@@ -987,9 +986,6 @@ const OPTIONS s_server_options[] = {
#ifndef OPENSSL_NO_SSL_TRACE
{"trace", OPT_TRACE, '-', "trace protocol messages"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_SECTION("Network"),
{"port", OPT_PORT, 'p',
@@ -1242,7 +1238,6 @@ const OPTIONS s_server_options[] = {
int s_server_main(int argc, char *argv[])
{
ENGINE *engine = NULL;
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
SSL_CONF_CTX *cctx = NULL;
const SSL_METHOD *meth = TLS_server_method();
@@ -1832,11 +1827,6 @@ int s_server_main(int argc, char *argv[])
case OPT_ID_PREFIX:
session_id_prefix = opt_arg();
break;
case OPT_ENGINE:
#ifndef OPENSSL_NO_ENGINE
engine = setup_engine(opt_arg(), s_debug);
#endif
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
@@ -2048,7 +2038,7 @@ int s_server_main(int argc, char *argv[])
goto end;
if (nocert == 0) {
s_key = load_key(s_key_file, s_key_format, 0, pass, engine,
s_key = load_key(s_key_file, s_key_format, 0, pass,
"server certificate private key");
if (s_key == NULL)
goto end;
@@ -2065,7 +2055,7 @@ int s_server_main(int argc, char *argv[])
}
if (tlsextcbp.servername != NULL) {
s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine,
s_key2 = load_key(s_key_file2, s_key_format, 0, pass,
"second server certificate private key");
if (s_key2 == NULL)
goto end;
@@ -2111,7 +2101,7 @@ int s_server_main(int argc, char *argv[])
s_dkey_file = s_dcert_file;
s_dkey = load_key(s_dkey_file, s_dkey_format,
0, dpass, engine, "second certificate private key");
0, dpass, "second certificate private key");
if (s_dkey == NULL)
goto end;
@@ -2612,7 +2602,6 @@ int s_server_main(int argc, char *argv[])
ssl_excert_free(exc);
sk_OPENSSL_STRING_free(ssl_args);
SSL_CONF_CTX_free(cctx);
release_engine(engine);
BIO_free(bio_s_out);
bio_s_out = NULL;
BIO_free(bio_s_msg);

14
apps/smime.c
View File

@@ -38,7 +38,7 @@ typedef enum OPTION_choice {
OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN,
OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP,
OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF,
OPT_CRLFEOL, OPT_ENGINE, OPT_PASSIN,
OPT_CRLFEOL, OPT_PASSIN,
OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,
OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,
OPT_CAPATH, OPT_CASTORE, OPT_NOCAFILE, OPT_NOCAPATH, OPT_NOCASTORE,
@@ -61,9 +61,6 @@ const OPTIONS smime_options[] = {
{"inkey", OPT_INKEY, 's',
"Input private key (if not signer or recipient)"},
{"keyform", OPT_KEYFORM, 'f', "Input private key format (ENGINE, other values ignored)"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"stream", OPT_STREAM, '-', "Enable CMS streaming" },
{"indef", OPT_INDEF, '-', "Same as -stream" },
{"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
@@ -182,7 +179,6 @@ int smime_main(int argc, char **argv)
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
FORMAT_UNDEF;
int vpmtouched = 0, rv = 0;
ENGINE *e = NULL;
const char *mime_eol = "\n";
OSSL_LIB_CTX *libctx = app_get0_libctx();
@@ -294,9 +290,6 @@ int smime_main(int argc, char **argv)
if (conf == NULL)
goto end;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
@@ -520,7 +513,7 @@ int smime_main(int argc, char **argv)
}
if (keyfile != NULL) {
key = load_key(keyfile, keyform, 0, passin, e, "signing key");
key = load_key(keyfile, keyform, 0, passin, "signing key");
if (key == NULL)
goto end;
}
@@ -612,7 +605,7 @@ int smime_main(int argc, char **argv)
signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate");
if (signer == NULL)
goto end;
key = load_key(keyfile, keyform, 0, passin, e, "signing key");
key = load_key(keyfile, keyform, 0, passin, "signing key");
if (key == NULL)
goto end;
@@ -701,7 +694,6 @@ int smime_main(int argc, char **argv)
EVP_MD_free(sign_md);
EVP_CIPHER_free(cipher);
PKCS7_free(p7);
release_engine(e);
BIO_free(in);
BIO_free(indata);
BIO_free_all(out);

21
apps/speed.c
View File

@@ -233,7 +233,7 @@ static int opt_found(const char *name, unsigned int *result,
typedef enum OPTION_choice {
OPT_COMMON,
OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_MULTI,
OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, OPT_PROV_ENUM,
OPT_CONFIG, OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD, OPT_CMAC,
OPT_MLOCK, OPT_TESTMODE, OPT_KEM, OPT_SIG
@@ -257,9 +257,6 @@ const OPTIONS speed_options[] = {
#ifndef OPENSSL_NO_ASYNC
{"async_jobs", OPT_ASYNCJOBS, 'p',
"Enable async mode and start specified number of jobs"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"},
{"mlock", OPT_MLOCK, '-', "Lock memory for better result determinism"},
@@ -1879,10 +1876,8 @@ static int get_max(const uint8_t doit[], size_t algs_len) {
int speed_main(int argc, char **argv)
{
CONF *conf = NULL;
ENGINE *e = NULL;
loopargs_t *loopargs = NULL;
const char *prog;
const char *engine_id = NULL;
EVP_CIPHER *evp_cipher = NULL;
EVP_MAC *mac = NULL;
double d = 0.0;
@@ -2096,14 +2091,6 @@ int speed_main(int argc, char **argv)
case OPT_DECRYPT:
decrypt = 1;
break;
case OPT_ENGINE:
/*
* In a forked execution, an engine might need to be
* initialised by each child process, not by the parent.
* So store the name here and run setup_engine() later on.
*/
engine_id = opt_arg();
break;
case OPT_MULTI:
#ifndef NO_FORK
multi = opt_int_arg();
@@ -2554,9 +2541,6 @@ int speed_main(int argc, char **argv)
memset(loopargs[i].buf2_malloc, 0, buflen);
}
/* Initialize the engine after the fork */
e = setup_engine(engine_id, 0);
/* No parameters; turn on everything. */
if (argc == 0 && !doit[D_EVP] && !doit[D_HMAC]
&& !doit[D_EVP_CMAC] && !do_kems && !do_sigs) {
@@ -3231,7 +3215,7 @@ int speed_main(int argc, char **argv)
bn = BN_new();
st = bn != NULL
&& BN_set_word(bn, RSA_F4)
&& init_gen_str(&genctx, "RSA", NULL, 0, NULL, NULL)
&& init_gen_str(&genctx, "RSA", 0, NULL, NULL)
&& EVP_PKEY_CTX_set_rsa_keygen_bits(genctx, rsa_keys[testnum].bits) > 0
&& EVP_PKEY_CTX_set1_rsa_keygen_pubexp(genctx, bn) > 0
&& EVP_PKEY_CTX_set_rsa_keygen_primes(genctx, primes) > 0
@@ -4784,7 +4768,6 @@ int speed_main(int argc, char **argv)
ASYNC_cleanup_thread();
}
OPENSSL_free(loopargs);
release_engine(e);
EVP_CIPHER_free(evp_cipher);
EVP_MAC_free(mac);
NCONF_free(conf);

12
apps/spkac.c
View File

@@ -23,7 +23,7 @@
typedef enum OPTION_choice {
OPT_COMMON,
OPT_NOOUT, OPT_PUBKEY, OPT_VERIFY, OPT_IN, OPT_OUT,
OPT_ENGINE, OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC,
OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC,
OPT_SPKSECT, OPT_KEYFORM, OPT_DIGEST,
OPT_PROV_ENUM
} OPTION_CHOICE;
@@ -33,9 +33,6 @@ const OPTIONS spkac_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"spksect", OPT_SPKSECT, 's',
"Specify the name of an SPKAC-dedicated section of configuration"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_SECTION("Input"),
{"in", OPT_IN, '<', "Input file"},
@@ -60,7 +57,6 @@ int spkac_main(int argc, char **argv)
{
BIO *out = NULL;
CONF *conf = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
NETSCAPE_SPKI *spki = NULL;
char *challenge = NULL, *keyfile = NULL;
@@ -122,9 +118,6 @@ int spkac_main(int argc, char **argv)
case OPT_DIGEST:
digest = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
@@ -146,7 +139,7 @@ int spkac_main(int argc, char **argv)
goto end;
pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL,
keyformat, 1, passin, e, "private key");
keyformat, 1, passin, "private key");
if (pkey == NULL)
goto end;
spki = NETSCAPE_SPKI_new();
@@ -227,7 +220,6 @@ int spkac_main(int argc, char **argv)
NETSCAPE_SPKI_free(spki);
BIO_free_all(out);
EVP_PKEY_free(pkey);
release_engine(e);
OPENSSL_free(passin);
return ret;
}

10
apps/srp.c
View File

@@ -193,7 +193,7 @@ typedef enum OPTION_choice {
OPT_COMMON,
OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SRPVFILE, OPT_ADD,
OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO,
OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, OPT_R_ENUM, OPT_PROV_ENUM
OPT_PASSIN, OPT_PASSOUT, OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS srp_options[] = {
@@ -204,9 +204,6 @@ const OPTIONS srp_options[] = {
{"verbose", OPT_VERBOSE, '-', "Talk a lot while doing things"},
{"config", OPT_CONFIG, '<', "A config file"},
{"name", OPT_NAME, 's', "The particular srp definition to use"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_SECTION("Action"),
{"add", OPT_ADD, '-', "Add a user and SRP verifier"},
@@ -231,7 +228,6 @@ const OPTIONS srp_options[] = {
int srp_main(int argc, char **argv)
{
ENGINE *e = NULL;
CA_DB *db = NULL;
CONF *conf = NULL;
int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i;
@@ -291,9 +287,6 @@ int srp_main(int argc, char **argv)
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
@@ -626,6 +619,5 @@ int srp_main(int argc, char **argv)
ERR_print_errors(bio_err);
NCONF_free(conf);
free_index(db);
release_engine(e);
return ret;
}

10
apps/storeutl.c
View File

@@ -25,7 +25,7 @@ static BIO *out = NULL;
typedef enum OPTION_choice {
OPT_COMMON,
OPT_ENGINE, OPT_OUT, OPT_PASSIN,
OPT_OUT, OPT_PASSIN,
OPT_NOOUT, OPT_TEXT, OPT_RECURSIVE,
OPT_SEARCHFOR_CERTS, OPT_SEARCHFOR_KEYS, OPT_SEARCHFOR_CRLS,
OPT_CRITERION_SUBJECT, OPT_CRITERION_ISSUER, OPT_CRITERION_SERIAL,
@@ -39,9 +39,6 @@ const OPTIONS storeutl_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
{"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_SECTION("Search"),
{"certs", OPT_SEARCHFOR_CERTS, '-', "Search for certificates only"},
@@ -73,7 +70,6 @@ int storeutl_main(int argc, char *argv[])
{
int ret = 1, noout = 0, text = 0, recursive = 0;
char *outfile = NULL, *passin = NULL, *passinarg = NULL;
ENGINE *e = NULL;
OPTION_CHOICE o;
char *prog;
PW_CB_DATA pw_cb_data;
@@ -243,9 +239,6 @@ int storeutl_main(int argc, char *argv[])
goto end;
}
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_MD:
digestname = opt_unknown();
break;
@@ -324,7 +317,6 @@ int storeutl_main(int argc, char *argv[])
OSSL_STORE_SEARCH_free(search);
BIO_free_all(out);
OPENSSL_free(passin);
release_engine(e);
return ret;
}

30
apps/ts.c
View File

@@ -46,13 +46,13 @@ static int create_digest(BIO *input, const char *digest,
static ASN1_INTEGER *create_nonce(int bits);
/* Reply related functions. */
static int reply_command(CONF *conf, const char *section, const char *engine,
static int reply_command(CONF *conf, const char *section,
const char *queryfile, const char *passin, const char *inkey,
const EVP_MD *md, const char *signer, const char *chain,
const char *policy, const char *in, int token_in,
const char *out, int token_out, int text);
static TS_RESP *read_PKCS7(BIO *in_bio);
static TS_RESP *create_response(CONF *conf, const char *section, const char *engine,
static TS_RESP *create_response(CONF *conf, const char *section,
const char *queryfile, const char *passin,
const char *inkey, const EVP_MD *md, const char *signer,
const char *chain, const char *policy);
@@ -78,7 +78,7 @@ static int verify_cb(int ok, X509_STORE_CTX *ctx);
typedef enum OPTION_choice {
OPT_COMMON,
OPT_ENGINE, OPT_CONFIG, OPT_SECTION, OPT_QUERY, OPT_DATA,
OPT_CONFIG, OPT_SECTION, OPT_QUERY, OPT_DATA,
OPT_DIGEST, OPT_TSPOLICY, OPT_NO_NONCE, OPT_CERT,
OPT_IN, OPT_TOKEN_IN, OPT_OUT, OPT_TOKEN_OUT, OPT_TEXT,
OPT_REPLY, OPT_QUERYFILE, OPT_PASSIN, OPT_INKEY, OPT_SIGNER,
@@ -91,9 +91,6 @@ const OPTIONS ts_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"config", OPT_CONFIG, '<', "Configuration file"},
{"section", OPT_SECTION, 's', "Section to use within config file"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"inkey", OPT_INKEY, 's', "File with private key for reply"},
{"signer", OPT_SIGNER, 's', "Signer certificate file"},
{"chain", OPT_CHAIN, '<', "File with signer CA chain"},
@@ -143,11 +140,7 @@ static char* opt_helplist[] = {
" [-signer tsa_cert.pem] [-inkey private_key.pem]",
" [-chain certs_file.pem] [-tspolicy oid]",
" [-in file] [-token_in] [-out file] [-token_out]",
#ifndef OPENSSL_NO_ENGINE
" [-text] [-engine id]",
#else
" [-text]",
#endif
"",
" openssl ts -verify -CApath dir -CAfile root-cert.pem -CAstore uri",
" -untrusted extra-certs.pem [-data file] [-digest hexstring]",
@@ -160,7 +153,7 @@ int ts_main(int argc, char **argv)
CONF *conf = NULL;
const char *CAfile = NULL, *prog;
char *untrusted = NULL;
const char *configfile = default_config_file, *engine = NULL;
const char *configfile = default_config_file;
const char *section = NULL, *digestname = NULL;
char **helpp;
char *password = NULL;
@@ -276,9 +269,6 @@ int ts_main(int argc, char **argv)
case OPT_UNTRUSTED:
untrusted = opt_arg();
break;
case OPT_ENGINE:
engine = opt_arg();
break;
case OPT_MD:
digestname = opt_unknown();
break;
@@ -331,7 +321,7 @@ int ts_main(int argc, char **argv)
if ((conf == NULL) || (token_in != 0))
goto opthelp;
}
ret = !reply_command(conf, section, engine, queryfile,
ret = !reply_command(conf, section, queryfile,
password, inkey, md, signer, chain, policy,
in, token_in, out, token_out, text);
@@ -587,7 +577,7 @@ static ASN1_INTEGER *create_nonce(int bits)
* Reply-related method definitions.
*/
static int reply_command(CONF *conf, const char *section, const char *engine,
static int reply_command(CONF *conf, const char *section,
const char *queryfile, const char *passin, const char *inkey,
const EVP_MD *md, const char *signer, const char *chain,
const char *policy, const char *in, int token_in,
@@ -610,7 +600,7 @@ static int reply_command(CONF *conf, const char *section, const char *engine,
response = d2i_TS_RESP_bio(in_bio, NULL);
}
} else {
response = create_response(conf, section, engine, queryfile,
response = create_response(conf, section, queryfile,
passin, inkey, md, signer, chain, policy);
if (response != NULL)
BIO_printf(bio_err, "Response has been generated.\n");
@@ -695,7 +685,7 @@ static TS_RESP *read_PKCS7(BIO *in_bio)
return resp;
}
static TS_RESP *create_response(CONF *conf, const char *section, const char *engine,
static TS_RESP *create_response(CONF *conf, const char *section,
const char *queryfile, const char *passin,
const char *inkey, const EVP_MD *md, const char *signer,
const char *chain, const char *policy)
@@ -713,10 +703,6 @@ static TS_RESP *create_response(CONF *conf, const char *section, const char *eng
goto end;
if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx))
goto end;
#ifndef OPENSSL_NO_ENGINE
if (!TS_CONF_set_crypto_device(conf, section, engine))
goto end;
#endif
if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx))
goto end;
if (!TS_CONF_set_certs(conf, section, chain, resp_ctx))

13
apps/verify.c
View File

@@ -27,7 +27,7 @@ static int v_verbose = 0, vflags = 0;
typedef enum OPTION_choice {
OPT_COMMON,
OPT_ENGINE, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE,
OPT_CAPATH, OPT_CAFILE, OPT_CASTORE,
OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE,
OPT_UNTRUSTED, OPT_TRUSTED, OPT_CRLFILE, OPT_CRL_DOWNLOAD, OPT_SHOW_CHAIN,
OPT_V_ENUM, OPT_NAMEOPT, OPT_VFYOPT,
@@ -40,9 +40,6 @@ const OPTIONS verify_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"verbose", OPT_VERBOSE, '-',
"Print extra information about the operations being performed."},
{"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"},
@@ -78,7 +75,6 @@ const OPTIONS verify_options[] = {
int verify_main(int argc, char **argv)
{
ENGINE *e = NULL;
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
STACK_OF(X509_CRL) *crls = NULL;
STACK_OF(OPENSSL_STRING) *vfyopts = NULL;
@@ -165,12 +161,6 @@ int verify_main(int argc, char **argv)
case OPT_CRL_DOWNLOAD:
crl_download = 1;
break;
case OPT_ENGINE:
if ((e = setup_engine(opt_arg(), 0)) == NULL) {
/* Failure message already displayed */
goto end;
}
break;
case OPT_SHOW_CHAIN:
show_chain = 1;
break;
@@ -238,7 +228,6 @@ int verify_main(int argc, char **argv)
OSSL_STACK_OF_X509_free(trusted);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
sk_OPENSSL_STRING_free(vfyopts);
release_engine(e);
return (ret < 0 ? 2 : ret);
}

12
apps/version.c
View File

@@ -18,7 +18,7 @@
typedef enum OPTION_choice {
OPT_COMMON,
OPT_B, OPT_D, OPT_E, OPT_M, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R, OPT_C
OPT_B, OPT_D, OPT_M, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R, OPT_C
#if defined(_WIN32)
,OPT_W
#endif
@@ -32,7 +32,6 @@ const OPTIONS version_options[] = {
{"a", OPT_A, '-', "Show all data"},
{"b", OPT_B, '-', "Show build date"},
{"d", OPT_D, '-', "Show configuration directory"},
{"e", OPT_E, '-', "Show engines directory"},
{"m", OPT_M, '-', "Show modules directory"},
{"f", OPT_F, '-', "Show compiler flags used"},
{"o", OPT_O, '-', "Show some internal datatype options"},
@@ -50,7 +49,7 @@ int version_main(int argc, char **argv)
{
int ret = 1, dirty = 0, seed = 0;
int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
int engdir = 0, moddir = 0, cpuinfo = 0;
int moddir = 0, cpuinfo = 0;
#if defined(_WIN32)
int windows = 0;
#endif
@@ -75,9 +74,6 @@ opthelp:
case OPT_D:
dirty = dir = 1;
break;
case OPT_E:
dirty = engdir = 1;
break;
case OPT_M:
dirty = moddir = 1;
break;
@@ -106,7 +102,7 @@ opthelp:
#endif
case OPT_A:
seed = options = cflags = version = date = platform
= dir = engdir = moddir = cpuinfo
= dir = moddir = cpuinfo
= 1;
break;
}
@@ -135,8 +131,6 @@ opthelp:
printf("%s\n", OpenSSL_version(OPENSSL_CFLAGS));
if (dir)
printf("%s\n", OpenSSL_version(OPENSSL_DIR));
if (engdir)
printf("%s\n", OpenSSL_version(OPENSSL_ENGINES_DIR));
if (moddir)
printf("%s\n", OpenSSL_version(OPENSSL_MODULES_DIR));
if (seed) {

16
apps/x509.c
View File

@@ -53,7 +53,7 @@ typedef enum OPTION_choice {
OPT_CHECKEMAIL, OPT_CHECKIP, OPT_NOOUT, OPT_TRUSTOUT, OPT_CLRTRUST,
OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID,
OPT_SUBJECT_HASH_OLD, OPT_ISSUER_HASH_OLD, OPT_COPY_EXTENSIONS,
OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT, OPT_PRESERVE_DATES,
OPT_BADSIG, OPT_MD, OPT_NOCERT, OPT_PRESERVE_DATES,
OPT_NOT_BEFORE, OPT_NOT_AFTER,
OPT_R_ENUM, OPT_PROV_ENUM, OPT_EXT
} OPTION_CHOICE;
@@ -183,9 +183,6 @@ const OPTIONS x509_options[] = {
"Reject certificate for a given purpose"},
OPT_R_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_PROV_OPTIONS,
{NULL}
};
@@ -303,7 +300,6 @@ int x509_main(int argc, char **argv)
unsigned long certflag = 0;
int preserve_dates = 0;
OPTION_CHOICE o;
ENGINE *e = NULL;
#ifndef OPENSSL_NO_MD5
int subject_hash_old = 0, issuer_hash_old = 0;
#endif
@@ -483,9 +479,6 @@ int x509_main(int argc, char **argv)
if (!set_nameopt(opt_arg()))
goto opthelp;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_EMAIL:
email = ++num;
break;
@@ -663,12 +656,12 @@ int x509_main(int argc, char **argv)
goto err;
}
if (privkeyfile != NULL) {
privkey = load_key(privkeyfile, keyformat, 0, passin, e, "private key");
privkey = load_key(privkeyfile, keyformat, 0, passin, "private key");
if (privkey == NULL)
goto err;
}
if (pubkeyfile != NULL) {
if ((pubkey = load_pubkey(pubkeyfile, keyformat, 0, NULL, e,
if ((pubkey = load_pubkey(pubkeyfile, keyformat, 0, NULL,
"explicitly set public key")) == NULL)
goto err;
}
@@ -956,7 +949,7 @@ int x509_main(int argc, char **argv)
noout = 1;
} else if (CAfile != NULL) {
if ((CAkey = load_key(CAkeyfile, CAkeyformat,
0, passin, e, "CA private key")) == NULL)
0, passin, "CA private key")) == NULL)
goto err;
if (!X509_check_private_key(xca, CAkey)) {
BIO_printf(bio_err,
@@ -1172,7 +1165,6 @@ int x509_main(int argc, char **argv)
ASN1_INTEGER_free(sno);
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
release_engine(e);
clear_free(passin);
return ret;
}

2
test/build.info
View File

@@ -822,7 +822,7 @@ IF[{- !$disabled{tests} -}]
DEPEND[cmp_client_test]=../libcrypto.a libtestutil.a
SOURCE[ca_internals_test]=ca_internals_test.c ../apps/ca.c ../apps/lib/apps.c \
../apps/lib/app_rand.c ../apps/lib/engine.c ../apps/lib/app_provider.c \
../apps/lib/app_rand.c ../apps/lib/app_provider.c \
../apps/lib/app_libctx.c ../apps/lib/fmt.c ../apps/lib/apps_ui.c \
../apps/lib/app_x509.c ../crypto/asn1/a_time.c ../crypto/ctype.c
INCLUDE[ca_internals_test]=.. ../include ../apps/include