ENGINE *setup_engine_methods(const char *id, unsigned int methods, int debug);
# define setup_engine(e, debug) setup_engine_methods(e, (unsigned int)-1, debug)
void release_engine(ENGINE *e);
+int init_engine(ENGINE *e);
+int finish_engine(ENGINE *e);
+EVP_PKEY *load_engine_private_key(ENGINE *e, const char *keyid,
+ const char *pass, const char *desc);
+EVP_PKEY *load_engine_public_key(ENGINE *e, const char *keyid,
+ const char *pass, const char *desc);
# ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
* https://www.openssl.org/source/license.html
*/
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
/*
* On VMS, you need to define this to get the declaration of fileno(). The
#include <openssl/pkcs12.h>
#include <openssl/ui.h>
#include <openssl/safestack.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
if (e == NULL) {
BIO_printf(bio_err, "No engine specified for loading %s\n", desc);
} else {
-#ifndef OPENSSL_NO_ENGINE
- PW_CB_DATA cb_data;
-
- cb_data.password = pass;
- cb_data.prompt_info = uri;
- if (ENGINE_init(e)) {
- pkey = ENGINE_load_private_key(e, uri,
- (UI_METHOD *)get_ui_method(),
- &cb_data);
- ENGINE_finish(e);
- }
+ pkey = load_engine_private_key(e, uri, pass, desc);
if (pkey == NULL) {
BIO_printf(bio_err, "Cannot load %s from engine\n", desc);
ERR_print_errors(bio_err);
}
-#else
- BIO_printf(bio_err, "Engines not supported for loading %s\n", desc);
-#endif
}
} else {
(void)load_key_certs_crls(uri, may_stdin, pass, desc,
if (e == NULL) {
BIO_printf(bio_err, "No engine specified for loading %s\n", desc);
} else {
-#ifndef OPENSSL_NO_ENGINE
- PW_CB_DATA cb_data;
-
- cb_data.password = pass;
- cb_data.prompt_info = uri;
- pkey = ENGINE_load_public_key(e, uri, (UI_METHOD *)get_ui_method(),
- &cb_data);
+ pkey = load_engine_public_key(e, uri, pass, desc);
if (pkey == NULL) {
BIO_printf(bio_err, "Cannot load %s from engine\n", desc);
ERR_print_errors(bio_err);
}
-#else
- BIO_printf(bio_err, "Engines not supported for loading %s\n", desc);
-#endif
}
} else {
(void)load_key_certs_crls(uri, maybe_stdin, pass, desc,
return NULL;
}
-#ifndef OPENSSL_NO_ENGINE
-/* Try to load an engine in a shareable library */
-static ENGINE *try_load_engine(const char *engine)
-{
- ENGINE *e = ENGINE_by_id("dynamic");
- if (e) {
- if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
- || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
- ENGINE_free(e);
- e = NULL;
- }
- }
- return e;
-}
-#endif
-
-ENGINE *setup_engine_methods(const char *id, unsigned int methods, int debug)
-{
- ENGINE *e = NULL;
-
-#ifndef OPENSSL_NO_ENGINE
- if (id != NULL) {
- if (strcmp(id, "auto") == 0) {
- BIO_printf(bio_err, "Enabling auto ENGINE support\n");
- ENGINE_register_all_complete();
- return NULL;
- }
- if ((e = ENGINE_by_id(id)) == NULL
- && (e = try_load_engine(id)) == NULL) {
- BIO_printf(bio_err, "Invalid engine \"%s\"\n", id);
- ERR_print_errors(bio_err);
- return NULL;
- }
- if (debug)
- (void)ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0);
- if (!ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0,
- (void *)get_ui_method(), 0, 1)
- || !ENGINE_set_default(e, methods)) {
- BIO_printf(bio_err, "Cannot use engine \"%s\"\n", ENGINE_get_id(e));
- ERR_print_errors(bio_err);
- ENGINE_free(e);
- return NULL;
- }
-
- BIO_printf(bio_err, "Engine \"%s\" set.\n", ENGINE_get_id(e));
- }
-#endif
- return e;
-}
-
-void release_engine(ENGINE *e)
-{
-#ifndef OPENSSL_NO_ENGINE
- /* Free our "structural" reference. */
- ENGINE_free(e);
-#endif
-}
-
static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
{
const char *n;
# Source for libapps
$LIBAPPSSRC=apps.c apps_ui.c opt.c fmt.c s_cb.c s_socket.c app_rand.c \
- columns.c app_params.c names.c app_provider.c app_x509.c http_server.c
+ columns.c app_params.c names.c app_provider.c app_x509.c http_server.c \
+ engine.c
IF[{- !$disabled{apps} -}]
LIBS{noinst}=../libapps.a
--- /dev/null
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Here is a set of wrappers for the ENGINE API, which are no-ops when the
+ * ENGINE API is disabled / removed.
+ * We need to suppress deprecation warnings to make this work.
+ */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
+#include <openssl/types.h> /* Ensure we have the ENGINE type, regardless */
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include "apps.h"
+
+#ifndef OPENSSL_NO_ENGINE
+/* Try to load an engine in a shareable library */
+static ENGINE *try_load_engine(const char *engine)
+{
+ ENGINE *e = NULL;
+
+ if ((e = ENGINE_by_id("dynamic")) != NULL) {
+ if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
+ || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
+ ENGINE_free(e);
+ e = NULL;
+ }
+ }
+ return e;
+}
+#endif
+
+ENGINE *setup_engine_methods(const char *id, unsigned int methods, int debug)
+{
+ ENGINE *e = NULL;
+
+#ifndef OPENSSL_NO_ENGINE
+ if (id != NULL) {
+ if (strcmp(id, "auto") == 0) {
+ BIO_printf(bio_err, "Enabling auto ENGINE support\n");
+ ENGINE_register_all_complete();
+ return NULL;
+ }
+ if ((e = ENGINE_by_id(id)) == NULL
+ && (e = try_load_engine(id)) == NULL) {
+ BIO_printf(bio_err, "Invalid engine \"%s\"\n", id);
+ ERR_print_errors(bio_err);
+ return NULL;
+ }
+ if (debug)
+ (void)ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0);
+ if (!ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0,
+ (void *)get_ui_method(), 0, 1)
+ || !ENGINE_set_default(e, methods)) {
+ BIO_printf(bio_err, "Cannot use engine \"%s\"\n", ENGINE_get_id(e));
+ ERR_print_errors(bio_err);
+ ENGINE_free(e);
+ return NULL;
+ }
+
+ BIO_printf(bio_err, "Engine \"%s\" set.\n", ENGINE_get_id(e));
+ }
+#endif
+ return e;
+}
+
+void release_engine(ENGINE *e)
+{
+#ifndef OPENSSL_NO_ENGINE
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+#endif
+}
+
+int init_engine(ENGINE *e)
+{
+ int rv = 1;
+
+#ifndef OPENSSL_NO_ENGINE
+ rv = ENGINE_init(e);
+#endif
+ return rv;
+}
+
+int finish_engine(ENGINE *e)
+{
+ int rv = 1;
+
+#ifndef OPENSSL_NO_ENGINE
+ rv = ENGINE_finish(e);
+#endif
+ return rv;
+}
+
+EVP_PKEY *load_engine_private_key(ENGINE *e, const char *keyid,
+ const char *pass, const char *desc)
+{
+ EVP_PKEY *rv = NULL;
+
+#ifndef OPENSSL_NO_ENGINE
+ if (init_engine(e)) {
+ PW_CB_DATA cb_data;
+
+ cb_data.password = pass;
+ cb_data.prompt_info = keyid;
+
+ rv = ENGINE_load_private_key(e, keyid,
+ (UI_METHOD *)get_ui_method(), &cb_data);
+ finish_engine(e);
+ }
+#else
+ BIO_printf(bio_err, "Engines not supported for loading %s\n", desc);
+#endif
+ return rv;
+}
+
+EVP_PKEY *load_engine_public_key(ENGINE *e, const char *keyid,
+ const char *pass, const char *desc)
+{
+ EVP_PKEY *rv = NULL;
+
+#ifndef OPENSSL_NO_ENGINE
+ if (init_engine(e)) {
+ PW_CB_DATA cb_data;
+
+ cb_data.password = pass;
+ cb_data.prompt_info = keyid;
+
+ rv = ENGINE_load_public_key(e, keyid,
+ (UI_METHOD *)get_ui_method(), &cb_data);
+ finish_engine(e);
+ }
+#else
+ BIO_printf(bio_err, "Engines not supported for loading %s\n", desc);
+#endif
+ return rv;
+}
+
* https://www.openssl.org/source/license.html
*/
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
break;
case OPT_KEYGEN_ENGINE:
#ifndef OPENSSL_NO_ENGINE
- gen_eng = ENGINE_by_id(opt_arg());
+ gen_eng = setup_engine(opt_arg(), 0);
if (gen_eng == NULL) {
BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv);
goto opthelp;
lh_OPENSSL_STRING_doall(addexts, exts_cleanup);
lh_OPENSSL_STRING_free(addexts);
#ifndef OPENSSL_NO_ENGINE
- ENGINE_free(gen_eng);
+ release_engine(gen_eng);
#endif
OPENSSL_free(keyalgstr);
X509_REQ_free(req);
EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL, ameth);
#ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(tmpeng);
+ finish_engine(tmpeng);
#endif
if (*pkey_type == EVP_PKEY_RSA) {
if (p != NULL) {
EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth);
*palgnam = OPENSSL_strdup(anam);
#ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(tmpeng);
+ finish_engine(tmpeng);
#endif
}
* https://www.openssl.org/source/license.html
*/
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
#include "e_os.h"
#include <ctype.h>
#include <stdio.h>
break;
case OPT_SSL_CLIENT_ENGINE:
#ifndef OPENSSL_NO_ENGINE
- ssl_client_engine = ENGINE_by_id(opt_arg());
+ ssl_client_engine = setup_engine(opt_arg(), 0);
if (ssl_client_engine == NULL) {
BIO_printf(bio_err, "Error getting client auth engine\n");
goto opthelp;
if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) {
BIO_puts(bio_err, "Error setting client auth engine\n");
ERR_print_errors(bio_err);
- ENGINE_free(ssl_client_engine);
+ release_engine(ssl_client_engine);
goto end;
}
- ENGINE_free(ssl_client_engine);
+ release_engine(ssl_client_engine);
}
#endif