Remove deprecation warning suppression from genpkey

genpkey was supressing deprecation warnings in order to support ENGINE
functionality. We move all of that into a separate file so that we don't
need to suppress the warnings anymore.

Fixes #13118

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13454)

diff --git a/apps/genpkey.c b/apps/genpkey.c
index 1682c661c63fef7a41486ea1496493503a7a9912..d6ab0e6b17de58ccde8ec98d9314241ae8a45451 100644 (file)
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -7,9 +7,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
 #include <stdio.h>
 #include <string.h>
 #include "apps.h"
@@ -17,9 +14,6 @@
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
 
 static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
                             OSSL_LIB_CTX *libctx, const char *propq);
@@ -290,8 +284,6 @@ int init_gen_str(EVP_PKEY_CTX **pctx,
                  OSSL_LIB_CTX *libctx, const char *propq)
 {
     EVP_PKEY_CTX *ctx = NULL;
-    const EVP_PKEY_ASN1_METHOD *ameth;
-    ENGINE *tmpeng = NULL;
     int pkey_id;
 
     if (*pctx) {
@@ -299,29 +291,13 @@ int init_gen_str(EVP_PKEY_CTX **pctx,
         return 0;
     }
 
-    if (libctx == NULL || e != NULL) {
-        ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
-
-#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-        if (ameth == NULL && e != NULL)
-            ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
-#endif
-        if (ameth == NULL) {
-            BIO_printf(bio_err, "Algorithm %s not found\n", algname);
-            return 0;
-        }
-        ERR_clear_error();
-
-        EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-        ENGINE_finish(tmpeng);
-#endif
+    pkey_id = get_legacy_pkey_id(libctx, algname, e);
+    if (pkey_id != NID_undef)
         ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
-    } else {
+    else
         ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, propq);
-    }
 
-    if (!ctx)
+    if (ctx == NULL)
         goto err;
     if (do_param) {
         if (EVP_PKEY_paramgen_init(ctx) <= 0)

diff --git a/apps/include/apps.h b/apps/include/apps.h
index b149a837f3dd018d1f3e765d476b6cdf7b9e3bce..0848a2e03ea973c78a73ec899e7259a1d6438886 100644 (file)
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -160,6 +160,8 @@ EVP_PKEY *load_engine_private_key(ENGINE *e, const char *keyid,
 EVP_PKEY *load_engine_public_key(ENGINE *e, const char *keyid,
                                  const char *pass, const char *desc);
 
+int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e);
+
 # ifndef OPENSSL_NO_OCSP
 OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
                                  const char *host, const char *path,

diff --git a/apps/lib/engine.c b/apps/lib/engine.c
index f47c94fbce0c6eb9f2e95f05fb9a72def80128a0..4d9adc28188557fec1a702729f159f6673cd688a 100644 (file)
--- a/apps/lib/engine.c
+++ b/apps/lib/engine.c
@@ -17,6 +17,7 @@
 #include <string.h> /* strcmp */
 
 #include <openssl/types.h> /* Ensure we have the ENGINE type, regardless */
+#include <openssl/err.h>
 #ifndef OPENSSL_NO_ENGINE
 # include <openssl/engine.h>
 #endif
@@ -145,3 +146,31 @@ EVP_PKEY *load_engine_public_key(ENGINE *e, const char *keyid,
     return rv;
 }
 
+int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e)
+{
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *tmpeng = NULL;
+    int pkey_id = NID_undef;
+
+    ERR_set_mark();
+    ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
+
+#if !defined(OPENSSL_NO_ENGINE)
+    ENGINE_finish(tmpeng);
+
+    if (ameth == NULL && e != NULL)
+        ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
+    else
+#endif
+    /* We're only interested if it comes from an ENGINE */
+    if (tmpeng == NULL)
+        ameth = NULL;
+
+    ERR_pop_to_mark();
+    if (ameth == NULL)
+        return NID_undef;
+
+    EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
+
+    return pkey_id;
+}