diff options
| -rw-r--r-- | apps/apps.h | 4 | ||||
| -rw-r--r-- | apps/ca.c | 17 | ||||
| -rw-r--r-- | apps/cms.c | 7 | ||||
| -rw-r--r-- | apps/dgst.c | 18 | ||||
| -rw-r--r-- | apps/dhparam.c | 9 | ||||
| -rw-r--r-- | apps/dsa.c | 11 | ||||
| -rw-r--r-- | apps/dsaparam.c | 9 | ||||
| -rw-r--r-- | apps/ec.c | 11 | ||||
| -rw-r--r-- | apps/ecparam.c | 8 | ||||
| -rw-r--r-- | apps/enc.c | 8 | ||||
| -rw-r--r-- | apps/gendsa.c | 8 | ||||
| -rw-r--r-- | apps/genpkey.c | 2 | ||||
| -rw-r--r-- | apps/genrsa.c | 14 | ||||
| -rw-r--r-- | apps/pkcs12.c | 8 | ||||
| -rw-r--r-- | apps/pkcs7.c | 8 | ||||
| -rw-r--r-- | apps/pkcs8.c | 14 | ||||
| -rw-r--r-- | apps/pkey.c | 8 | ||||
| -rw-r--r-- | apps/pkeyparam.c | 8 | ||||
| -rw-r--r-- | apps/pkeyutl.c | 2 | ||||
| -rw-r--r-- | apps/rand.c | 8 | ||||
| -rw-r--r-- | apps/req.c | 15 | ||||
| -rw-r--r-- | apps/rsa.c | 8 | ||||
| -rw-r--r-- | apps/rsautl.c | 8 | ||||
| -rw-r--r-- | apps/s_client.c | 27 | ||||
| -rw-r--r-- | apps/s_server.c | 6 | ||||
| -rw-r--r-- | apps/smime.c | 10 | ||||
| -rw-r--r-- | apps/speed.c | 4 | ||||
| -rw-r--r-- | apps/spkac.c | 9 | ||||
| -rw-r--r-- | apps/srp.c | 7 | ||||
| -rw-r--r-- | apps/verify.c | 7 | ||||
| -rw-r--r-- | apps/x509.c | 23 |
31 files changed, 88 insertions, 218 deletions
diff --git a/apps/apps.h b/apps/apps.h index ad17b1a821..5d1b98f837 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -431,7 +431,9 @@ STACK_OF(X509_CRL) *load_crls(const char *file, int format, X509_STORE *setup_verify(char *CAfile, char *CApath); int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); -# ifndef OPENSSL_NO_ENGINE +# ifdef OPENSSL_NO_ENGINE +# define setup_engine(engine, debug) NULL +# else ENGINE *setup_engine(const char *engine, int debug); # endif # ifndef OPENSSL_NO_OCSP @@ -292,17 +292,15 @@ int ca_main(int argc, char **argv) X509_CRL *crl = NULL; const EVP_MD *dgst = NULL; char *configfile = NULL, *md = NULL, *policy = NULL, *keyfile = NULL; - char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL, *enddate = - NULL; + char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL; char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL; char *extensions = NULL, *extfile = NULL, *key = NULL, *passinarg = NULL; char *outdir = NULL, *outfile = NULL, *rev_arg = NULL, *ser_status = NULL; - char *serialfile = NULL, *startdate = NULL, *subj = NULL, *tmp_email_dn = - NULL; - char *prog; - char *const *pp; - char *dbfile = NULL, *engine = NULL, *f, *randfile = NULL, *tofree = NULL; + char *serialfile = NULL, *startdate = NULL, *subj = NULL; + char *prog, *enddate = NULL, *tmp_email_dn = NULL; + char *dbfile = NULL, *f, *randfile = NULL, *tofree = NULL; char buf[3][BSIZE]; + char *const *pp; const char *p; int create_ser = 0, free_key = 0, total = 0, total_done = 0; int batch = 0, default_op = 1, doupdatedb = 0, ext_copy = EXT_COPY_NONE; @@ -488,7 +486,7 @@ opthelp: rev_type = REV_CA_COMPROMISE; break; case OPT_ENGINE: - engine = opt_arg(); + e = setup_engine(opt_arg(), 0); break; } } @@ -542,9 +540,6 @@ end_of_options: OPENSSL_free(tofree); tofree = NULL; } -#ifndef OPENSSL_NO_ENGINE - e = setup_engine(engine, 0); -#endif /* Lets get the config section we are using */ if (section == NULL) { diff --git a/apps/cms.c b/apps/cms.c index 397071ca7f..e3e8656eb1 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -241,7 +241,7 @@ int cms_main(int argc, char **argv) X509_STORE *store = NULL; X509_VERIFY_PARAM *vpm = NULL; char *certfile = NULL, *keyfile = NULL, *contfile = NULL; - char *CAfile = NULL, *CApath = NULL, *certsoutfile = NULL, *engine = NULL; + char *CAfile = NULL, *CApath = NULL, *certsoutfile = NULL; char *infile = NULL, *outfile = NULL, *rctfile = NULL, *inrand = NULL; char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile = NULL; @@ -475,7 +475,7 @@ int cms_main(int argc, char **argv) need_rand = 1; break; case OPT_ENGINE: - engine = opt_arg(); + e = setup_engine(opt_arg(), 0); break; case OPT_PASSIN: passinarg = opt_arg(); @@ -668,9 +668,6 @@ int cms_main(int argc, char **argv) } else if (!operation) goto opthelp; -# ifndef OPENSSL_NO_ENGINE - e = setup_engine(engine, 0); -# endif if (!app_passwd(passinarg, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); diff --git a/apps/dgst.c b/apps/dgst.c index 21b8c7fc66..adfa2a63ba 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -101,10 +101,6 @@ OPTIONS dgst_options[] = { "Verify a signature using private key in file"}, {"signature", OPT_SIGNATURE, '<', "File with signature to verify"}, {"keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -#endif - {"engine_impl", OPT_ENGINE_IMPL, '-'}, {"hex", OPT_HEX, '-', "Print as hex dump"}, {"binary", OPT_BINARY, '-', "Print in binary form"}, {"d", OPT_DEBUG, '-', "Print debug info"}, @@ -115,6 +111,10 @@ OPTIONS dgst_options[] = { {"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"}, {"sigop", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, {"macop", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"}, +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, + {"engine_impl", OPT_ENGINE_IMPL, '-'}, +#endif {"", OPT_DIGEST, '-', "Any supported digest"}, {NULL} }; @@ -136,10 +136,7 @@ int dgst_main(int argc, char **argv) int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0, non_fips_allow = 0; unsigned char *buf = NULL, *sigbuf = NULL; -#ifndef OPENSSL_NO_ENGINE - char *engine = NULL; int engine_impl = 0; -#endif prog = opt_progname(argv[0]); if ((buf = (unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) { @@ -193,15 +190,12 @@ int dgst_main(int argc, char **argv) if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform)) goto opthelp; break; -#ifndef OPENSSL_NO_ENGINE case OPT_ENGINE: - engine = opt_arg(); - e = setup_engine(engine, 0); + e = setup_engine(opt_arg(), 0); break; case OPT_ENGINE_IMPL: engine_impl = 1; break; -#endif case OPT_HEX: out_bin = 0; break; @@ -250,10 +244,8 @@ int dgst_main(int argc, char **argv) "No signature to verify: use the -signature option\n"); goto end; } -#ifndef OPENSSL_NO_ENGINE if (engine_impl) impl = e; -#endif in = BIO_new(BIO_s_file()); bmd = BIO_new(BIO_f_md()); diff --git a/apps/dhparam.c b/apps/dhparam.c index e842ca5f20..6e51c0b82e 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -167,8 +167,7 @@ int dhparam_main(int argc, char **argv) { BIO *in = NULL, *out = NULL; DH *dh = NULL; - char *engine = NULL, *infile = NULL, *outfile = NULL, *prog, *inrand = - NULL; + char *infile = NULL, *outfile = NULL, *prog, *inrand = NULL; int dsaparam = 0, i, text = 0, C = 0, ret = 1, num = 0, g = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, check = 0, noout = 0; OPTION_CHOICE o; @@ -200,7 +199,7 @@ int dhparam_main(int argc, char **argv) outfile = opt_arg(); break; case OPT_ENGINE: - engine = opt_arg(); + (void)setup_engine(opt_arg(), 0); break; case OPT_CHECK: check = 1; @@ -234,10 +233,6 @@ int dhparam_main(int argc, char **argv) if (argv[0] && (!opt_int(argv[0], &num) || num <= 0)) goto end; -# ifndef OPENSSL_NO_ENGINE - setup_engine(engine, 0); -# endif - if (g && !num) num = DEFBITS; diff --git a/apps/dsa.c b/apps/dsa.c index 9d7c97f609..c23ed5dac8 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -107,9 +107,8 @@ int dsa_main(int argc, char **argv) DSA *dsa = NULL; ENGINE *e = NULL; const EVP_CIPHER *enc = NULL; - char *engine = NULL, *infile = NULL, *outfile = NULL, *prog; - char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = - NULL; + char *infile = NULL, *outfile = NULL, *prog; + char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL; OPTION_CHOICE o; int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0; int i, modulus = 0, pubin = 0, pubout = 0, pvk_encr = 2, ret = 1; @@ -149,7 +148,7 @@ int dsa_main(int argc, char **argv) outfile = opt_arg(); break; case OPT_ENGINE: - engine = opt_arg(); + e = setup_engine(opt_arg(), 0); break; case OPT_PASSIN: passinarg = opt_arg(); @@ -192,10 +191,6 @@ int dsa_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); -# ifndef OPENSSL_NO_ENGINE - e = setup_engine(engine, 0); -# endif - if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index b314409762..f7365b92d0 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -124,8 +124,7 @@ int dsaparam_main(int argc, char **argv) # ifdef GENCB_TEST int timebomb = 0; # endif - char *infile = NULL, *outfile = NULL, *prog, *inrand = NULL, *engine = - NULL; + char *infile = NULL, *outfile = NULL, *prog, *inrand = NULL; OPTION_CHOICE o; prog = opt_init(argc, argv, dsaparam_options); @@ -155,7 +154,7 @@ int dsaparam_main(int argc, char **argv) outfile = opt_arg(); break; case OPT_ENGINE: - engine = opt_arg(); + (void)setup_engine(opt_arg(), 0); break; case OPT_TIMEBOMB: # ifdef GENCB_TEST @@ -201,10 +200,6 @@ int dsaparam_main(int argc, char **argv) if (out == NULL) goto end; -# ifndef OPENSSL_NO_ENGINE - setup_engine(engine, 0); -# endif - if (need_rand) { app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) @@ -116,9 +116,8 @@ int ec_main(int argc, char **argv) const EC_GROUP *group; const EVP_CIPHER *enc = NULL; point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; - char *infile = NULL, *outfile = NULL, *prog, *engine = NULL; - char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = - NULL; + char *infile = NULL, *outfile = NULL, *prog; + char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL; OPTION_CHOICE o; int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_form = 0, new_asn1_flag = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0; @@ -172,7 +171,7 @@ int ec_main(int argc, char **argv) passoutarg = opt_arg(); break; case OPT_ENGINE: - engine = opt_arg(); + (void)setup_engine(opt_arg(), 0); break; case OPT_CIPHER: if (!opt_cipher(opt_unknown(), &enc)) @@ -194,10 +193,6 @@ int ec_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); -# ifndef OPENSSL_NO_ENGINE - setup_engine(engine, 0); -# endif - if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; diff --git a/apps/ecparam.c b/apps/ecparam.c index 167ef39f6d..049fc78092 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -138,7 +138,7 @@ int ecparam_main(int argc, char **argv) EC_GROUP *group = NULL; point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; char *curve_name = NULL, *inrand = NULL; - char *engine = NULL, *infile = NULL, *outfile = NULL, *prog; + char *infile = NULL, *outfile = NULL, *prog; unsigned char *buffer = NULL; OPTION_CHOICE o; int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_asn1_flag = 0; @@ -213,7 +213,7 @@ int ecparam_main(int argc, char **argv) need_rand = 1; break; case OPT_ENGINE: - engine = opt_arg(); + (void)setup_engine(opt_arg(), 0); break; } } @@ -227,10 +227,6 @@ int ecparam_main(int argc, char **argv) if (out == NULL) goto end; -# ifndef OPENSSL_NO_ENGINE - setup_engine(engine, 0); -# endif - if (list_curves) { EC_builtin_curve *curves = NULL; size_t crv_len = 0; diff --git a/apps/enc.c b/apps/enc.c index 06b056b45d..61a64d4469 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -132,7 +132,7 @@ int enc_main(int argc, char **argv) EVP_CIPHER_CTX *ctx = NULL; const EVP_CIPHER *cipher = NULL, *c; const EVP_MD *dgst = NULL; - char *engine = NULL, *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p; + char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p; char *infile = NULL, *outfile = NULL, *prog; char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL; char mbuf[sizeof magic - 1]; @@ -193,7 +193,7 @@ int enc_main(int argc, char **argv) passarg = opt_arg(); break; case OPT_ENGINE: - engine = opt_arg(); + (void)setup_engine(opt_arg(), 0); break; case OPT_D: enc = 0; @@ -294,10 +294,6 @@ int enc_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); -#ifndef OPENSSL_NO_ENGINE - setup_engine(engine, 0); -#endif - if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog); goto end; diff --git a/apps/gendsa.c b/apps/gendsa.c index 1eaaa45504..21988a0652 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -96,7 +96,7 @@ int gendsa_main(int argc, char **argv) BIO *out = NULL, *in = NULL; DSA *dsa = NULL; const EVP_CIPHER *enc = NULL; - char *engine = NULL, *inrand = NULL, *dsaparams = NULL; + char *inrand = NULL, *dsaparams = NULL; char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog; OPTION_CHOICE o; int ret = 1; @@ -120,7 +120,7 @@ int gendsa_main(int argc, char **argv) passoutarg = opt_arg(); break; case OPT_ENGINE: - engine = opt_arg(); + (void)setup_engine(opt_arg(), 0); break; case OPT_RAND: inrand = opt_arg(); @@ -138,10 +138,6 @@ int gendsa_main(int argc, char **argv) goto opthelp; dsaparams = *argv; -# ifndef OPENSSL_NO_ENGINE - setup_engine(engine, 0); -# endif - if (!app_passwd(NULL, passoutarg, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); goto end; diff --git a/apps/genpkey.c b/apps/genpkey.c index 5130b40a82..ae68e7a442 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -128,11 +128,9 @@ int genpkey_main(int argc, char **argv) case OPT_PASS: passarg = opt_arg(); break; -#ifndef OPENSSL_NO_ENGINE case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; -#endif case OPT_PARAMFILE: if (do_param == 1) goto opthelp; diff --git a/apps/genrsa.c b/apps/genrsa.c index b7275aef7a..7d0466aaf9 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -110,8 +110,7 @@ int genrsa_main(int argc, char **argv) int ret = 1, non_fips_allow = 0, num = DEFBITS; unsigned long f4 = RSA_F4; char *outfile = NULL, *passoutarg = NULL, *passout = NULL; - char *engine = NULL, *inrand = NULL, *prog; - char *hexe, *dece; + char *inrand = NULL, *prog, *hexe, *dece; OPTION_CHOICE o; if (!bn || !cb) @@ -142,7 +141,7 @@ int genrsa_main(int argc, char **argv) case OPT_OUT: outfile = opt_arg(); case OPT_ENGINE: - engine = opt_arg(); + e = setup_engine(opt_arg(), 0); break; case OPT_RAND: inrand = opt_arg(); @@ -166,9 +165,6 @@ int genrsa_main(int argc, char **argv) BIO_printf(bio_err, "Error getting password\n"); goto end; } -# ifndef OPENSSL_NO_ENGINE - e = setup_engine(engine, 0); -# endif out = bio_open_default(outfile, "w"); if (out == NULL) @@ -185,11 +181,7 @@ int genrsa_main(int argc, char **argv) BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n", num); -# ifdef OPENSSL_NO_ENGINE - rsa = RSA_new(); -# else - rsa = RSA_new_method(e); -# endif + rsa = e ? RSA_new_method(e) : RSA_new(); if (!rsa) goto end; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index a031c1ba25..5cdd71b6c0 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -173,7 +173,7 @@ int pkcs12_main(int argc, char **argv) char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL; char *passin = NULL, *passout = NULL, *inrand = NULL, *macalg = NULL; char *cpass = NULL, *mpass = NULL, *CApath = NULL, *CAfile = NULL; - char *engine = NULL, *prog; + char *prog; ENGINE *e = NULL; BIO *in = NULL, *out = NULL; PKCS12 *p12 = NULL; @@ -308,17 +308,13 @@ int pkcs12_main(int argc, char **argv) CAfile = opt_arg(); break; case OPT_ENGINE: - engine = opt_arg(); + e = setup_engine(opt_arg(), 0); break; } } argc = opt_num_rest(); argv = opt_rest(); -# ifndef OPENSSL_NO_ENGINE - e = setup_engine(engine, 0); -# endif - if (passarg) { if (export_cert) passoutarg = passarg; diff --git a/apps/pkcs7.c b/apps/pkcs7.c index ca052730ea..7c62a8658e 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -143,7 +143,7 @@ int pkcs7_main(int argc, char **argv) PKCS7 *p7 = NULL; BIO *in = NULL, *out = NULL; int informat = FORMAT_PEM, outformat = FORMAT_PEM; - char *engine = NULL, *infile = NULL, *outfile = NULL, *prog; + char *infile = NULL, *outfile = NULL, *prog; int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1; OPTION_CHOICE o; @@ -186,17 +186,13 @@ int pkcs7_main(int argc, char **argv) print_certs = 1; break; case OPT_ENGINE: - engine = opt_arg(); + (void)setup_engine(opt_arg(), 0); break; } } argc = opt_num_rest(); argv = opt_rest(); -#ifndef OPENSSL_NO_ENGINE - setup_engine(engine, 0); -#endif - in = bio_open_default(infile, RB(informat)); if (in == NULL) goto end; diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 7b361cfec6..105c1cb61c 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -104,14 +104,12 @@ int pkcs8_main(int argc, char **argv) PKCS8_PRIV_KEY_INFO *p8inf = NULL; X509_SIG *p8 = NULL; const EVP_CIPHER *cipher = NULL; - char *engine = NULL, *infile = NULL, *outfile = NULL; + char *infile = NULL, *outfile = NULL; char *passinarg = NULL, *passoutarg = NULL, *prog; char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; OPTION_CHOICE o; - int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER, p8_broken = - PKCS8_OK; - int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = - -1; + int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER, p8_broken = PKCS8_OK; + int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1; prog = opt_init(argc, argv, pkcs8_options); while ((o = opt_next()) != OPT_EOF) { @@ -188,17 +186,13 @@ int pkcs8_main(int argc, char **argv) passoutarg = opt_arg(); break; case OPT_ENGINE: - engine = opt_arg(); + e = setup_engine(opt_arg(), 0); break; } } argc = opt_num_rest(); argv = opt_rest(); -#ifndef OPENSSL_NO_ENGINE - e = setup_engine(engine, 0); -#endif - if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; diff --git a/apps/pkey.c b/apps/pkey.c index 3597be0ee6..716d6d01e8 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -97,7 +97,7 @@ int pkey_main(int argc, char **argv) EVP_PKEY *pkey = NULL; const EVP_CIPHER *cipher = NULL; char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL; - char *passinarg = NULL, *passoutarg = NULL, *prog, *engine = NULL; + char *passinarg = NULL, *passoutarg = NULL, *prog; OPTION_CHOICE o; int informat = FORMAT_PEM, outformat = FORMAT_PEM; int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0, ret = 1; @@ -129,7 +129,7 @@ int pkey_main(int argc, char **argv) passoutarg = opt_arg(); break; case OPT_ENGINE: - engine = opt_arg(); + e = setup_engine(opt_arg(), 0); break; case OPT_IN: infile = opt_arg(); @@ -160,10 +160,6 @@ int pkey_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); -#ifndef OPENSSL_NO_ENGINE - e = setup_engine(engine, 0); -#endif - if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c index 5a5caf56bd..fbd19a78cd 100644 --- a/apps/pkeyparam.c +++ b/apps/pkeyparam.c @@ -85,7 +85,7 @@ int pkeyparam_main(int argc, char **argv) EVP_PKEY *pkey = NULL; int text = 0, noout = 0, ret = 1; OPTION_CHOICE o; - char *infile = NULL, *outfile = NULL, *prog, *engine = NULL; + char *infile = NULL, *outfile = NULL, *prog; prog = opt_init(argc, argv, pkeyparam_options); while ((o = opt_next()) != OPT_EOF) { @@ -105,7 +105,7 @@ int pkeyparam_main(int argc, char **argv) outfile = opt_arg(); break; case OPT_ENGINE: - engine = opt_arg(); + (void)setup_engine(opt_arg(), 0); break; case OPT_TEXT: text = 1; @@ -118,10 +118,6 @@ int pkeyparam_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); -#ifndef OPENSSL_NO_ENGINE - setup_engine(engine, 0); -#endif - in = bio_open_default(infile, "r"); if (in == NULL) goto end; diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 942ba05ded..da7dc2e4cd 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -174,11 +174,9 @@ int pkeyutl_main(int argc, char **argv) if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyform)) goto opthelp; break; -#ifndef OPENSSL_NO_ENGINE case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; -#endif case OPT_PUBIN: key_type = KEY_PUBKEY; break; diff --git a/apps/rand.c b/apps/rand.c index 9a73935acc..498e7dae70 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -85,7 +85,7 @@ OPTIONS rand_options[] = { int rand_main(int argc, char **argv) { BIO *out = NULL; - char *engine = NULL, *inrand = NULL, *outfile = NULL, *prog; + char *inrand = NULL, *outfile = NULL, *prog; OPTION_CHOICE o; int base64 = 0, hex = 0, i, num = -1, r, ret = 1; @@ -105,7 +105,7 @@ int rand_main(int argc, char **argv) outfile = opt_arg(); break; case OPT_ENGINE: - engine = opt_arg(); + (void)setup_engine(opt_arg(), 0); break; case OPT_RAND: inrand = opt_arg(); @@ -126,10 +126,6 @@ int rand_main(int argc, char **argv) if (sscanf(argv[0], "%d", &num) != 1 || num < 0) goto opthelp; -#ifndef OPENSSL_NO_ENGINE - setup_engine(engine, 0); -#endif - app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) BIO_printf(bio_err, "%ld semi-random bytes loaded\n", diff --git a/apps/req.c b/apps/req.c index 1237c33ec1..0502a64abf 100644 --- a/apps/req.c +++ b/apps/req.c @@ -136,7 +136,6 @@ OPTIONS req_options[] = { {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, {"in", OPT_IN, '<', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, - {"keygen_engine", OPT_KEYGEN_ENGINE, 's'}, {"key", OPT_KEY, '<', "Use the private key contained in file"}, {"keyform", OPT_KEYFORM, 'F', "Key file format"}, {"pubkey", OPT_PUBKEY, '-', "Output public key"}, @@ -179,6 +178,7 @@ OPTIONS req_options[] = { "Request extension section (override value in config file)"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + {"keygen_engine", OPT_KEYGEN_ENGINE, 's'}, #endif {"", OPT_MD, '-', "Any supported digest"}, {NULL} @@ -196,7 +196,7 @@ int req_main(int argc, char **argv) X509_REQ *req = NULL; const EVP_CIPHER *cipher = NULL; const EVP_MD *md_alg = NULL, *digest = NULL; - char *engine = NULL, *extensions = NULL, *infile = NULL; + char *extensions = NULL, *infile = NULL; char *outfile = NULL, *keyfile = NULL, *inrand = NULL; char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL, *req_exts = NULL, *subj = NULL; @@ -235,18 +235,18 @@ int req_main(int argc, char **argv) if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat)) goto opthelp; break; -#ifndef OPENSSL_NO_ENGINE case OPT_ENGINE: - engine = optarg; + (void)setup_engine(opt_arg(), 0); break; case OPT_KEYGEN_ENGINE: +#ifndef OPENSSL_NO_ENGINE gen_eng = ENGINE_by_id(opt_arg()); if (gen_eng == NULL) { BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv); - goto end; + goto opthelp; } - break; #endif + break; case OPT_KEY: keyfile = opt_arg(); break; @@ -498,9 +498,6 @@ int req_main(int argc, char **argv) goto end; } } -#ifndef OPENSSL_NO_ENGINE - e = setup_engine(engine, 0); -#endif if (keyfile != NULL) { pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key"); diff --git a/apps/rsa.c b/apps/rsa.c index 7f7069c899..07cc5fb5dc 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -158,7 +158,7 @@ int rsa_main(int argc, char **argv) BIO *out = NULL; RSA *rsa = NULL; const EVP_CIPHER *enc = NULL; - char *engine = NULL, *infile = NULL, *outfile = NULL, *prog; + char *infile = NULL, *outfile = NULL, *prog; char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL; int i; int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0; @@ -203,7 +203,7 @@ int rsa_main(int argc, char **argv) passoutarg = opt_arg(); break; case OPT_ENGINE: - engine = opt_arg(); + e = setup_engine(opt_arg(), 0); break; case OPT_PUBIN: pubin = 1; @@ -249,10 +249,6 @@ int rsa_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); -# ifndef OPENSSL_NO_ENGINE - e = setup_engine(engine, 0); -# endif - if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; diff --git a/apps/rsautl.c b/apps/rsautl.c index 04667469f6..67cb76e8ce 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -116,7 +116,7 @@ int rsautl_main(int argc, char **argv) EVP_PKEY *pkey = NULL; RSA *rsa = NULL; X509 *x; - char *engine = NULL, *infile = NULL, *outfile = NULL, *keyfile = NULL; + char *infile = NULL, *outfile = NULL, *keyfile = NULL; char *passinarg = NULL, *passin = NULL, *prog; char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING; @@ -147,7 +147,7 @@ int rsautl_main(int argc, char **argv) outfile = opt_arg(); break; case OPT_ENGINE: - engine = opt_arg(); + e = setup_engine(opt_arg(), 0); break; case OPT_ASN1PARSE: asn1parse = 1; @@ -208,9 +208,7 @@ int rsautl_main(int argc, char **argv) BIO_printf(bio_err, "A private key is needed for this operation\n"); goto end; } -# ifndef OPENSSL_NO_ENGINE - e = setup_engine(engine, 0); -# endif + if (!app_passwd(passinarg, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; diff --git a/apps/s_client.c b/apps/s_client.c index 900efe7c86..0d030056fc 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -591,7 +591,6 @@ OPTIONS s_client_options[] = { {"verify_quiet", OPT_VERIFY_QUIET, '-'}, {"brief", OPT_BRIEF, '-'}, {"prexit", OPT_PREXIT, '-'}, - {"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's'}, {"trace", OPT_TRACE, '-'}, {"security_debug", OPT_SECURITY_DEBUG, '-'}, {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'}, @@ -603,6 +602,7 @@ OPTIONS s_client_options[] = { {"verifyCAfile", OPT_VERIFYCAFILE, '<'}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, + {"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's'}, #endif OPT_S_OPTIONS, OPT_V_OPTIONS, @@ -649,7 +649,6 @@ int s_client_main(int argc, char **argv) NULL; char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL; char *sess_in = NULL, *sess_out = NULL, *crl_file = NULL, *p; - char *engine_id = NULL, *ssl_client_engine_id = NULL; char *jpake_secret = NULL; const char *unix_path = NULL; struct sockaddr peer; @@ -674,8 +673,8 @@ int s_client_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_ENGINE ENGINE *ssl_client_engine = NULL; - ENGINE *e = NULL; #endif + ENGINE *e = NULL; #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; #endif @@ -829,10 +828,17 @@ int s_client_main(int argc, char **argv) #endif break; case OPT_ENGINE: - engine_id = opt_arg(); + e = setup_engine(opt_arg(), 1); break; case OPT_SSL_CLIENT_ENGINE: - ssl_client_engine_id = opt_arg(); +#ifndef OPENSSL_NO_ENGINE + ssl_client_engine = ENGINE_by_id(opt_arg()); + if (ssl_client_engine == NULL) { + BIO_printf(bio_err, "Error getting client auth engine\n"); + goto opthelp; + } + break; +#endif break; case OPT_RAND: inrand = opt_arg(); @@ -1075,17 +1081,6 @@ int s_client_main(int argc, char **argv) next_proto.data = NULL; #endif -#ifndef OPENSSL_NO_ENGINE - e = setup_engine(engine_id, 1); - if (ssl_client_engine_id) { - ssl_client_engine = ENGINE_by_id(ssl_client_engine_id); - if (ssl_client_engine == NULL) { - BIO_printf(bio_err, "Error getting client auth engine\n"); - goto end; - } - } -#endif - if (!app_passwd(passarg, NULL, &pass, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; diff --git a/apps/s_server.c b/apps/s_server.c index 8199b888f8..3644381ece 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1378,7 +1378,7 @@ int s_server_main(int argc, char *argv[]) session_id_prefix = opt_arg(); break; case OPT_ENGINE: - engine_id = opt_arg(); + e = setup_engine(opt_arg(), 1); break; case OPT_RAND: inrand = opt_arg(); @@ -1449,10 +1449,6 @@ int s_server_main(int argc, char *argv[]) } #endif -#ifndef OPENSSL_NO_ENGINE - e = setup_engine(engine_id, 1); -#endif - if (!app_passwd(passarg, dpassarg, &pass, &dpass)) { BIO_printf(bio_err, "Error getting password\n"); goto end; diff --git a/apps/smime.c b/apps/smime.c index 532446f49f..0c683f5b3c 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -164,7 +164,7 @@ int smime_main(int argc, char **argv) X509_VERIFY_PARAM *vpm = NULL; const EVP_CIPHER *cipher = NULL; const EVP_MD *sign_md = NULL; - char *CAfile = NULL, *CApath = NULL, *inrand = NULL, *engine = NULL; + char *CAfile = NULL, *CApath = NULL, *inrand = NULL; char *certfile = NULL, *keyfile = NULL, *contfile = NULL, *prog; char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile = NULL; @@ -177,9 +177,7 @@ int smime_main(int argc, char **argv) int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform = FORMAT_PEM; int vpmtouched = 0, rv = 0; -#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; -#endif if ((vpm = X509_VERIFY_PARAM_new()) == NULL) return 1; @@ -276,7 +274,7 @@ int smime_main(int argc, char **argv) need_rand = 1; break; case OPT_ENGINE: - engine = opt_arg(); + e = setup_engine(opt_arg(), 0); break; case OPT_PASSIN: passinarg = opt_arg(); @@ -408,10 +406,6 @@ int smime_main(int argc, char **argv) } else if (!operation) goto opthelp; -#ifndef OPENSSL_NO_ENGINE - e = setup_engine(engine, 0); -#endif - if (!app_passwd(passinarg, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; diff --git a/apps/speed.c b/apps/speed.c index 1a01d333b7..57587053cc 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -835,11 +835,9 @@ int speed_main(int argc, char **argv) case OPT_DECRYPT: decrypt = 1; break; -#ifndef OPENSSL_NO_ENGINE case OPT_ENGINE: - setup_engine(opt_arg(), 0); + (void)setup_engine(opt_arg(), 0); break; -#endif #ifndef NO_FORK case OPT_MULTI: multi = atoi(opt_arg()); diff --git a/apps/spkac.c b/apps/spkac.c index ee2e5969f0..7ceff9feca 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -100,7 +100,7 @@ int spkac_main(int argc, char **argv) ENGINE *e = NULL; EVP_PKEY *pkey = NULL; NETSCAPE_SPKI *spki = NULL; - char *challenge = NULL, *keyfile = NULL, *engine = NULL; + char *challenge = NULL, *keyfile = NULL; char *infile = NULL, *outfile = NULL, *passinarg = NULL, *passin = NULL; char *spkstr = NULL, *prog; const char *spkac = "SPKAC", *spksect = "default"; @@ -149,9 +149,8 @@ int spkac_main(int argc, char **argv) spksect = opt_arg(); break; case OPT_ENGINE: - engine = opt_arg(); + e = setup_engine(opt_arg(), 0); break; - } } argc = opt_num_rest(); @@ -161,9 +160,6 @@ int spkac_main(int argc, char **argv) BIO_printf(bio_err, "Error getting password\n"); goto end; } -#ifndef OPENSSL_NO_ENGINE - e = setup_engine(engine, 0); -#endif if (keyfile) { pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL, @@ -194,7 +190,6 @@ int spkac_main(int argc, char **argv) conf = NCONF_new(NULL); i = NCONF_load_bio(conf, in, NULL); - if (!i) { BIO_printf(bio_err, "Error parsing config file\n"); ERR_print_errors(bio_err); diff --git a/apps/srp.c b/apps/srp.c index bacd670185..0585952440 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -272,7 +272,7 @@ int srp_main(int argc, char **argv) int mode = OPT_ERR; char *user = NULL, *passinarg = NULL, *passoutarg = NULL; char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL; - char *randfile = NULL, *engine = NULL, *tofree = NULL, *section = NULL; + char *randfile = NULL, *tofree = NULL, *section = NULL; char **gNrow = NULL, *configfile = NULL, *dbfile = NULL, **pp, *prog; long errorline = -1; OPTION_CHOICE o; @@ -332,7 +332,7 @@ int srp_main(int argc, char **argv) passoutarg = opt_arg(); break; case OPT_ENGINE: - engine = opt_arg(); + (void)setup_engine(opt_arg(), 0); break; } } @@ -359,9 +359,6 @@ int srp_main(int argc, char **argv) "-passin, -passout arguments only valid with one user.\n"); goto opthelp; } -# ifndef OPENSSL_NO_ENGINE - setup_engine(engine, 0); -# endif if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/apps/verify.c b/apps/verify.c index 61e85ce87e..35085e7356 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -105,7 +105,7 @@ int verify_main(int argc, char **argv) STACK_OF(X509_CRL) *crls = NULL; X509_STORE *store = NULL; X509_VERIFY_PARAM *vpm = NULL; - char *prog, *CApath = NULL, *CAfile = NULL, *engine = NULL; + char *prog, *CApath = NULL, *CAfile = NULL; char *untfile = NULL, *trustfile = NULL, *crlfile = NULL; int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1; OPTION_CHOICE o; @@ -167,7 +167,7 @@ int verify_main(int argc, char **argv) show_chain = 1; break; case OPT_ENGINE: - engine = opt_arg(); + e = setup_engine(opt_arg(), 0); break; case OPT_VERBOSE: v_verbose = 1; @@ -177,9 +177,6 @@ int verify_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); -#ifndef OPENSSL_NO_ENGINE - e = setup_engine(engine, 0); -#endif if (!(store = setup_verify(CAfile, CApath))) goto end; X509_STORE_set_verify_cb(store, cb); diff --git a/apps/x509.c b/apps/x509.c index 903e6b94b9..e1cc3cde1f 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -220,25 +220,20 @@ int x509_main(int argc, char **argv) char *checkhost = NULL, *checkemail = NULL, *checkip = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passinarg = NULL; char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL; - char buf[256]; - char *engine = NULL, *prog; - int C = 0, x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0, pprint = - 0; - int CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM; - int fingerprint = 0, reqfile = 0, need_rand = 0, checkend = - 0, checkoffset = 0; + char buf[256], *prog; + int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0, pprint = 0; + int C = 0, CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM; + int fingerprint = 0, reqfile = 0, need_rand = 0, checkend = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM; int next_serial = 0, subject_hash = 0, issuer_hash = 0, ocspid = 0; int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0, email = 0; int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0; int ret = 1, i, num = 0, badsig = 0, clrext = 0, nocert = 0; - int text = 0, serial = 0, subject = 0, issuer = 0, startdate = - 0, enddate = 0; + int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0; + int checkoffset = 0, enddate = 0; unsigned long nmflag = 0, certflag = 0; OPTION_CHOICE o; -#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; -#endif #ifndef OPENSSL_NO_MD5 int subject_hash_old = 0, issuer_hash_old = 0; #endif @@ -374,7 +369,7 @@ int x509_main(int argc, char **argv) goto opthelp; break; case OPT_ENGINE: - engine = opt_arg(); + e = setup_engine(opt_arg(), 0); break; case OPT_C: C = ++num; @@ -498,10 +493,6 @@ int x509_main(int argc, char **argv) if (out == NULL) goto end; -#ifndef OPENSSL_NO_ENGINE - e = setup_engine(engine, 0); -#endif - if (need_rand) app_RAND_load_file(NULL, 0); |