ENGINE_register_all_complete() will register all implementations of all

algorithms present in all loaded ENGINEs. The result is that if any of
those ENGINEs successfully initialises, and the ENGINE_TABLE_FLAG_NOINIT
flag isn't set, then they will always be used (and cached as defaults) in
preference to software implementations. Ie. accidental auto-detection of
acceleration hardware :-)

This change stops all implementations being automatically registered in
"openssl" sub-commands, so that the "setup_engine()" handler in apps.c
controls which ENGINEs are registered for use. A special case has been
added that will revert to this "auto-detect" logic, ie. if the "-engine"
switch is used as;
   -engine auto

diff --git a/apps/apps.c b/apps/apps.c
index 2c2974224fc920c2d49eeef95bcf64177e6d1db8..1089c8b8a3d6ab7bcbf0dca2032400cdd0f82b95 100644 (file)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1150,6 +1150,12 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug)
 
         if (engine)
                 {
 
         if (engine)
                 {

+               if(strcmp(engine, "auto") == 0)
+                       {
+                       BIO_printf(err,"enabling auto ENGINE support\n");
+                       ENGINE_register_all_complete();
+                       return NULL;
+                       }

                if((e = ENGINE_by_id(engine)) == NULL)
                        {
                        BIO_printf(err,"invalid engine \"%s\"\n", engine);
                if((e = ENGINE_by_id(engine)) == NULL)
                        {
                        BIO_printf(err,"invalid engine \"%s\"\n", engine);

diff --git a/apps/apps.h b/apps/apps.h
index 810710909c35cbeece48c5f366abc4aad1fdec9e..57ca7659ae1861ebccaac2595c84fe83cf47a735 100644 (file)
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -127,20 +127,18 @@ extern BIO *bio_err;
 #      define apps_startup() \
                do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
                ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
 #      define apps_startup() \
                do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
                ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \

-               ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); \
-               setup_ui_method(); } while(0)
+               ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)

 #    else
 #      define apps_startup() \
                do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
                ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
 #    else
 #      define apps_startup() \
                do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
                ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \

-               ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); \
-               setup_ui_method(); } while(0)
+               ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)

 #    endif
 #  else
 #    define apps_startup() \
                do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
                ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
 #    endif
 #  else
 #    define apps_startup() \
                do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
                ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \

-               ENGINE_register_all_complete(); setup_ui_method(); } while(0)
+               setup_ui_method(); } while(0)

 #  endif
 #  define apps_shutdown() \
                do { destroy_ui_method(); EVP_cleanup(); \
 #  endif
 #  define apps_shutdown() \
                do { destroy_ui_method(); EVP_cleanup(); \