summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbcook <>2015-09-11 14:30:23 +0000
committerbcook <>2015-09-11 14:30:23 +0000
commite2fad4e6bdd4e404b3f4c186de52078738af2271 (patch)
treecc1109842924cab95a77b6863b32de51b6d4f960
parent7cea1ef22b79637be449efa70b99c6deaf74ef10 (diff)
downloadopenbsd-e2fad4e6bdd4e404b3f4c186de52078738af2271.tar.gz
openbsd-e2fad4e6bdd4e404b3f4c186de52078738af2271.tar.bz2
openbsd-e2fad4e6bdd4e404b3f4c186de52078738af2271.zip
Remove engine command and parameters from openssl(1).
We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all. ok jsing@
Diffstat
-rw-r--r--src/usr.bin/openssl/Makefile4
-rw-r--r--src/usr.bin/openssl/apps.c103
-rw-r--r--src/usr.bin/openssl/apps.h23
-rw-r--r--src/usr.bin/openssl/ca.c36
-rw-r--r--src/usr.bin/openssl/cms.c21
-rw-r--r--src/usr.bin/openssl/dgst.c27
-rw-r--r--src/usr.bin/openssl/dh.c20
-rw-r--r--src/usr.bin/openssl/dhparam.c20
-rw-r--r--src/usr.bin/openssl/dsa.c25
-rw-r--r--src/usr.bin/openssl/dsaparam.c20
-rw-r--r--src/usr.bin/openssl/ec.c20
-rw-r--r--src/usr.bin/openssl/ecparam.c18
-rw-r--r--src/usr.bin/openssl/enc.c20
-rw-r--r--src/usr.bin/openssl/engine.c493
-rw-r--r--src/usr.bin/openssl/gendh.c20
-rw-r--r--src/usr.bin/openssl/gendsa.c19
-rw-r--r--src/usr.bin/openssl/genpkey.c44
-rw-r--r--src/usr.bin/openssl/genrsa.c25
-rw-r--r--src/usr.bin/openssl/ocsp.c23
-rw-r--r--src/usr.bin/openssl/openssl.1368
-rw-r--r--src/usr.bin/openssl/openssl.c18
-rw-r--r--src/usr.bin/openssl/pkcs12.c27
-rw-r--r--src/usr.bin/openssl/pkcs7.c20
-rw-r--r--src/usr.bin/openssl/pkcs8.c23
-rw-r--r--src/usr.bin/openssl/pkey.c24
-rw-r--r--src/usr.bin/openssl/pkeyparam.c20
-rw-r--r--src/usr.bin/openssl/pkeyutl.c30
-rw-r--r--src/usr.bin/openssl/progs.h3
-rw-r--r--src/usr.bin/openssl/rand.c18
-rw-r--r--src/usr.bin/openssl/req.c66
-rw-r--r--src/usr.bin/openssl/rsa.c25
-rw-r--r--src/usr.bin/openssl/rsautl.c28
-rw-r--r--src/usr.bin/openssl/s_client.c49
-rw-r--r--src/usr.bin/openssl/s_server.c40
-rw-r--r--src/usr.bin/openssl/smime.c33
-rw-r--r--src/usr.bin/openssl/speed.c23
-rw-r--r--src/usr.bin/openssl/spkac.c22
-rw-r--r--src/usr.bin/openssl/ts.c26
-rw-r--r--src/usr.bin/openssl/verify.c36
-rw-r--r--src/usr.bin/openssl/x509.c30
40 files changed, 184 insertions, 1726 deletions
diff --git a/src/usr.bin/openssl/Makefile b/src/usr.bin/openssl/Makefile
index 04a24c8c59..db3364b16f 100644
--- a/src/usr.bin/openssl/Makefile
+++ b/src/usr.bin/openssl/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.5 2015/02/10 15:29:34 jsing Exp $ 1# $OpenBSD: Makefile,v 1.6 2015/09/11 14:30:23 bcook Exp $
2 2
3PROG= openssl 3PROG= openssl
4LDADD= -lssl -lcrypto 4LDADD= -lssl -lcrypto
@@ -19,7 +19,7 @@ CFLAGS+= -DLIBRESSL_INTERNAL
19 19
20SRCS= apps.c apps_posix.c asn1pars.c ca.c certhash.c ciphers.c cms.c crl.c \ 20SRCS= apps.c apps_posix.c asn1pars.c ca.c certhash.c ciphers.c cms.c crl.c \
21 crl2p7.c dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c enc.c \ 21 crl2p7.c dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c enc.c \
22 engine.c errstr.c gendh.c gendsa.c genpkey.c genrsa.c nseq.c ocsp.c \ 22 errstr.c gendh.c gendsa.c genpkey.c genrsa.c nseq.c ocsp.c \
23 openssl.c passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c pkeyparam.c \ 23 openssl.c passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c pkeyparam.c \
24 pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c s_cb.c s_client.c \ 24 pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c s_cb.c s_client.c \
25 s_server.c s_socket.c s_time.c sess_id.c smime.c speed.c spkac.c ts.c \ 25 s_server.c s_socket.c s_time.c sess_id.c smime.c speed.c spkac.c ts.c \
diff --git a/src/usr.bin/openssl/apps.c b/src/usr.bin/openssl/apps.c
index acd95abc7f..f8cad1a703 100644
--- a/src/usr.bin/openssl/apps.c
+++ b/src/usr.bin/openssl/apps.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: apps.c,v 1.34 2015/09/10 16:01:06 jsing Exp $ */ 1/* $OpenBSD: apps.c,v 1.35 2015/09/11 14:30:23 bcook Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -146,10 +146,6 @@
146#include <openssl/x509.h> 146#include <openssl/x509.h>
147#include <openssl/x509v3.h> 147#include <openssl/x509v3.h>
148 148
149#ifndef OPENSSL_NO_ENGINE
150#include <openssl/engine.h>
151#endif
152
153#include <openssl/rsa.h> 149#include <openssl/rsa.h>
154 150
155typedef struct { 151typedef struct {
@@ -190,8 +186,6 @@ str2fmt(char *s)
190 (strcmp(s, "PKCS12") == 0) || (strcmp(s, "pkcs12") == 0) || 186 (strcmp(s, "PKCS12") == 0) || (strcmp(s, "pkcs12") == 0) ||
191 (strcmp(s, "P12") == 0) || (strcmp(s, "p12") == 0)) 187 (strcmp(s, "P12") == 0) || (strcmp(s, "p12") == 0))
192 return (FORMAT_PKCS12); 188 return (FORMAT_PKCS12);
193 else if ((*s == 'E') || (*s == 'e'))
194 return (FORMAT_ENGINE);
195 else if ((*s == 'P') || (*s == 'p')) { 189 else if ((*s == 'P') || (*s == 'p')) {
196 if (s[1] == 'V' || s[1] == 'v') 190 if (s[1] == 'V' || s[1] == 'v')
197 return FORMAT_PVK; 191 return FORMAT_PVK;
@@ -626,7 +620,7 @@ die:
626} 620}
627 621
628X509 * 622X509 *
629load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e, 623load_cert(BIO *err, const char *file, int format, const char *pass,
630 const char *cert_descrip) 624 const char *cert_descrip)
631{ 625{
632 X509 *x = NULL; 626 X509 *x = NULL;
@@ -690,7 +684,7 @@ end:
690 684
691EVP_PKEY * 685EVP_PKEY *
692load_key(BIO *err, const char *file, int format, int maybe_stdin, 686load_key(BIO *err, const char *file, int format, int maybe_stdin,
693 const char *pass, ENGINE *e, const char *key_descrip) 687 const char *pass, const char *key_descrip)
694{ 688{
695 BIO *key = NULL; 689 BIO *key = NULL;
696 EVP_PKEY *pkey = NULL; 690 EVP_PKEY *pkey = NULL;
@@ -699,26 +693,10 @@ load_key(BIO *err, const char *file, int format, int maybe_stdin,
699 cb_data.password = pass; 693 cb_data.password = pass;
700 cb_data.prompt_info = file; 694 cb_data.prompt_info = file;
701 695
702 if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) { 696 if (file == NULL && (!maybe_stdin)) {
703 BIO_printf(err, "no keyfile specified\n"); 697 BIO_printf(err, "no keyfile specified\n");
704 goto end; 698 goto end;
705 } 699 }
706#ifndef OPENSSL_NO_ENGINE
707 if (format == FORMAT_ENGINE) {
708 if (!e)
709 BIO_printf(err, "no engine specified\n");
710 else {
711 pkey = ENGINE_load_private_key(e, file,
712 ui_method, &cb_data);
713 if (!pkey) {
714 BIO_printf(err, "cannot load %s from engine\n",
715 key_descrip);
716 ERR_print_errors(err);
717 }
718 }
719 goto end;
720 }
721#endif
722 key = BIO_new(BIO_s_file()); 700 key = BIO_new(BIO_s_file());
723 if (key == NULL) { 701 if (key == NULL) {
724 ERR_print_errors(err); 702 ERR_print_errors(err);
@@ -769,7 +747,7 @@ end:
769 747
770EVP_PKEY * 748EVP_PKEY *
771load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, 749load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
772 const char *pass, ENGINE *e, const char *key_descrip) 750 const char *pass, const char *key_descrip)
773{ 751{
774 BIO *key = NULL; 752 BIO *key = NULL;
775 EVP_PKEY *pkey = NULL; 753 EVP_PKEY *pkey = NULL;
@@ -778,20 +756,10 @@ load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
778 cb_data.password = pass; 756 cb_data.password = pass;
779 cb_data.prompt_info = file; 757 cb_data.prompt_info = file;
780 758
781 if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) { 759 if (file == NULL && !maybe_stdin) {
782 BIO_printf(err, "no keyfile specified\n"); 760 BIO_printf(err, "no keyfile specified\n");
783 goto end; 761 goto end;
784 } 762 }
785#ifndef OPENSSL_NO_ENGINE
786 if (format == FORMAT_ENGINE) {
787 if (!e)
788 BIO_printf(bio_err, "no engine specified\n");
789 else
790 pkey = ENGINE_load_public_key(e, file,
791 ui_method, &cb_data);
792 goto end;
793 }
794#endif
795 key = BIO_new(BIO_s_file()); 763 key = BIO_new(BIO_s_file());
796 if (key == NULL) { 764 if (key == NULL) {
797 ERR_print_errors(err); 765 ERR_print_errors(err);
@@ -899,7 +867,7 @@ error:
899 867
900static int 868static int
901load_certs_crls(BIO *err, const char *file, int format, const char *pass, 869load_certs_crls(BIO *err, const char *file, int format, const char *pass,
902 ENGINE *e, const char *desc, STACK_OF(X509) **pcerts, 870 const char *desc, STACK_OF(X509) **pcerts,
903 STACK_OF(X509_CRL) **pcrls) 871 STACK_OF(X509_CRL) **pcrls)
904{ 872{
905 int i; 873 int i;
@@ -983,22 +951,22 @@ end:
983 951
984STACK_OF(X509) * 952STACK_OF(X509) *
985load_certs(BIO *err, const char *file, int format, const char *pass, 953load_certs(BIO *err, const char *file, int format, const char *pass,
986 ENGINE *e, const char *desc) 954 const char *desc)
987{ 955{
988 STACK_OF(X509) *certs; 956 STACK_OF(X509) *certs;
989 957
990 if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL)) 958 if (!load_certs_crls(err, file, format, pass, desc, &certs, NULL))
991 return NULL; 959 return NULL;
992 return certs; 960 return certs;
993} 961}
994 962
995STACK_OF(X509_CRL) * 963STACK_OF(X509_CRL) *
996load_crls(BIO *err, const char *file, int format, const char *pass, ENGINE *e, 964load_crls(BIO *err, const char *file, int format, const char *pass,
997 const char *desc) 965 const char *desc)
998{ 966{
999 STACK_OF(X509_CRL) *crls; 967 STACK_OF(X509_CRL) *crls;
1000 968
1001 if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls)) 969 if (!load_certs_crls(err, file, format, pass, desc, NULL, &crls))
1002 return NULL; 970 return NULL;
1003 return crls; 971 return crls;
1004} 972}
@@ -1248,55 +1216,6 @@ end:
1248 return NULL; 1216 return NULL;
1249} 1217}
1250 1218
1251#ifndef OPENSSL_NO_ENGINE
1252
1253ENGINE *
1254setup_engine(BIO *err, const char *engine, int debug)
1255{
1256 ENGINE *e = NULL;
1257
1258 if (engine) {
1259 if (strcmp(engine, "auto") == 0) {
1260 BIO_printf(err, "enabling auto ENGINE support\n");
1261 ENGINE_register_all_complete();
1262 return NULL;
1263 }
1264 if ((e = ENGINE_by_id(engine)) == NULL) {
1265 BIO_printf(err, "invalid engine \"%s\"\n", engine);
1266 ERR_print_errors(err);
1267 return NULL;
1268 }
1269 if (debug) {
1270 if (ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
1271 0, err, 0) <= 0) {
1272 BIO_printf(err, "Cannot set logstream for "
1273 "engine \"%s\"\n", engine);
1274 ERR_print_errors(err);
1275 ENGINE_free(e);
1276 return NULL;
1277 }
1278 }
1279 if (!ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1)) {
1280 BIO_printf(err, "can't set user interface\n");
1281 ERR_print_errors(err);
1282 ENGINE_free(e);
1283 return NULL;
1284 }
1285 if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
1286 BIO_printf(err, "can't use that engine\n");
1287 ERR_print_errors(err);
1288 ENGINE_free(e);
1289 return NULL;
1290 }
1291 BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e));
1292
1293 /* Free our "structural" reference. */
1294 ENGINE_free(e);
1295 }
1296 return e;
1297}
1298#endif
1299
1300int 1219int
1301load_config(BIO *err, CONF *cnf) 1220load_config(BIO *err, CONF *cnf)
1302{ 1221{
diff --git a/src/usr.bin/openssl/apps.h b/src/usr.bin/openssl/apps.h
index f6e0a8ce19..f63079179d 100644
--- a/src/usr.bin/openssl/apps.h
+++ b/src/usr.bin/openssl/apps.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: apps.h,v 1.14 2015/07/15 13:54:34 jsing Exp $ */ 1/* $OpenBSD: apps.h,v 1.15 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -121,10 +121,6 @@
121#include <openssl/txt_db.h> 121#include <openssl/txt_db.h>
122#include <openssl/x509.h> 122#include <openssl/x509.h>
123 123
124#ifndef OPENSSL_NO_ENGINE
125#include <openssl/engine.h>
126#endif
127
128#ifndef OPENSSL_NO_OCSP 124#ifndef OPENSSL_NO_OCSP
129#include <openssl/ocsp.h> 125#include <openssl/ocsp.h>
130#endif 126#endif
@@ -166,19 +162,16 @@ int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
166int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2); 162int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
167int add_oid_section(BIO *err, CONF *conf); 163int add_oid_section(BIO *err, CONF *conf);
168X509 *load_cert(BIO *err, const char *file, int format, 164X509 *load_cert(BIO *err, const char *file, int format,
169 const char *pass, ENGINE *e, const char *cert_descrip); 165 const char *pass, const char *cert_descrip);
170EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, 166EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
171 const char *pass, ENGINE *e, const char *key_descrip); 167 const char *pass, const char *key_descrip);
172EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, 168EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
173 const char *pass, ENGINE *e, const char *key_descrip); 169 const char *pass, const char *key_descrip);
174STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, 170STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
175 const char *pass, ENGINE *e, const char *cert_descrip); 171 const char *pass, const char *cert_descrip);
176STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format, 172STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
177 const char *pass, ENGINE *e, const char *cert_descrip); 173 const char *pass, const char *cert_descrip);
178X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); 174X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
179#ifndef OPENSSL_NO_ENGINE
180ENGINE *setup_engine(BIO *err, const char *engine, int debug);
181#endif
182 175
183#ifndef OPENSSL_NO_OCSP 176#ifndef OPENSSL_NO_OCSP
184OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, 177OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
@@ -236,7 +229,7 @@ int args_verify(char ***pargs, int *pargc, int *badarg, BIO *err,
236void policies_print(BIO *out, X509_STORE_CTX *ctx); 229void policies_print(BIO *out, X509_STORE_CTX *ctx);
237int bio_to_mem(unsigned char **out, int maxlen, BIO *in); 230int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
238int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value); 231int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
239int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx, const char *algname, ENGINE *e, 232int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx, const char *algname,
240 int do_param); 233 int do_param);
241int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md, 234int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
242 STACK_OF(OPENSSL_STRING) *sigopts); 235 STACK_OF(OPENSSL_STRING) *sigopts);
@@ -254,7 +247,7 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
254#define FORMAT_NETSCAPE 4 247#define FORMAT_NETSCAPE 4
255#define FORMAT_PKCS12 5 248#define FORMAT_PKCS12 5
256#define FORMAT_SMIME 6 249#define FORMAT_SMIME 6
257#define FORMAT_ENGINE 7 250
258#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid 251#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
259 * adding yet another param to load_*key() */ 252 * adding yet another param to load_*key() */
260#define FORMAT_PEMRSA 9 /* PEM RSAPubicKey format */ 253#define FORMAT_PEMRSA 9 /* PEM RSAPubicKey format */
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c
index 8645128e42..254d551aa5 100644
--- a/src/usr.bin/openssl/ca.c
+++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ca.c,v 1.11 2015/09/10 16:01:06 jsing Exp $ */ 1/* $OpenBSD: ca.c,v 1.12 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -135,7 +135,7 @@ static const char *ca_usage[] = {
135 " -md arg - md to use, one of md2, md5, sha or sha1\n", 135 " -md arg - md to use, one of md2, md5, sha or sha1\n",
136 " -policy arg - The CA 'policy' to support\n", 136 " -policy arg - The CA 'policy' to support\n",
137 " -keyfile arg - private key file\n", 137 " -keyfile arg - private key file\n",
138 " -keyform arg - private key file format (PEM or ENGINE)\n", 138 " -keyform arg - private key file format (PEM)\n",
139 " -key arg - key to decode the private key if it is encrypted\n", 139 " -key arg - key to decode the private key if it is encrypted\n",
140 " -cert file - The CA certificate\n", 140 " -cert file - The CA certificate\n",
141 " -selfsign - sign a certificate with the key associated with it\n", 141 " -selfsign - sign a certificate with the key associated with it\n",
@@ -156,9 +156,6 @@ static const char *ca_usage[] = {
156 " -extensions .. - Extension section (override value in config file)\n", 156 " -extensions .. - Extension section (override value in config file)\n",
157 " -extfile file - Configuration file with X509v3 extentions to add\n", 157 " -extfile file - Configuration file with X509v3 extentions to add\n",
158 " -crlexts .. - CRL extension section (override value in config file)\n", 158 " -crlexts .. - CRL extension section (override value in config file)\n",
159#ifndef OPENSSL_NO_ENGINE
160 " -engine e - use engine e, possibly a hardware device.\n",
161#endif
162 " -status serial - Shows certificate status given the serial number\n", 159 " -status serial - Shows certificate status given the serial number\n",
163 " -updatedb - Updates db for expired certificates\n", 160 " -updatedb - Updates db for expired certificates\n",
164 NULL 161 NULL
@@ -178,7 +175,7 @@ static int certify_cert(X509 ** xret, char *infile, EVP_PKEY * pkey,
178 unsigned long chtype, int multirdn, int email_dn, char *startdate, 175 unsigned long chtype, int multirdn, int email_dn, char *startdate,
179 char *enddate, long days, int batch, char *ext_sect, CONF * conf, 176 char *enddate, long days, int batch, char *ext_sect, CONF * conf,
180 int verbose, unsigned long certopt, unsigned long nameopt, int default_op, 177 int verbose, unsigned long certopt, unsigned long nameopt, int default_op,
181 int ext_copy, ENGINE * e); 178 int ext_copy);
182static int certify_spkac(X509 ** xret, char *infile, EVP_PKEY * pkey, 179static int certify_spkac(X509 ** xret, char *infile, EVP_PKEY * pkey,
183 X509 * x509, const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, 180 X509 * x509, const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts,
184 STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, 181 STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj,
@@ -213,7 +210,6 @@ static int msie_hack = 0;
213int 210int
214ca_main(int argc, char **argv) 211ca_main(int argc, char **argv)
215{ 212{
216 ENGINE *e = NULL;
217 char *key = NULL, *passargin = NULL; 213 char *key = NULL, *passargin = NULL;
218 int create_ser = 0; 214 int create_ser = 0;
219 int free_key = 0; 215 int free_key = 0;
@@ -286,9 +282,6 @@ ca_main(int argc, char **argv)
286 STACK_OF(OPENSSL_STRING) * sigopts = NULL; 282 STACK_OF(OPENSSL_STRING) * sigopts = NULL;
287#define BUFLEN 256 283#define BUFLEN 256
288 char buf[3][BUFLEN]; 284 char buf[3][BUFLEN];
289#ifndef OPENSSL_NO_ENGINE
290 char *engine = NULL;
291#endif
292 char *tofree = NULL; 285 char *tofree = NULL;
293 const char *errstr = NULL; 286 const char *errstr = NULL;
294 DB_ATTR db_attr; 287 DB_ATTR db_attr;
@@ -478,13 +471,6 @@ ca_main(int argc, char **argv)
478 rev_arg = *(++argv); 471 rev_arg = *(++argv);
479 rev_type = REV_CA_COMPROMISE; 472 rev_type = REV_CA_COMPROMISE;
480 } 473 }
481#ifndef OPENSSL_NO_ENGINE
482 else if (strcmp(*argv, "-engine") == 0) {
483 if (--argc < 1)
484 goto bad;
485 engine = *(++argv);
486 }
487#endif
488 else { 474 else {
489bad: 475bad:
490 if (errstr) 476 if (errstr)
@@ -536,10 +522,6 @@ bad:
536 free(tofree); 522 free(tofree);
537 tofree = NULL; 523 tofree = NULL;
538 524
539#ifndef OPENSSL_NO_ENGINE
540 e = setup_engine(bio_err, engine, 0);
541#endif
542
543 /* Lets get the config section we are using */ 525 /* Lets get the config section we are using */
544 if (section == NULL) { 526 if (section == NULL) {
545 section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_CA); 527 section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_CA);
@@ -639,7 +621,7 @@ bad:
639 goto err; 621 goto err;
640 } 622 }
641 } 623 }
642 pkey = load_key(bio_err, keyfile, keyform, 0, key, e, "CA private key"); 624 pkey = load_key(bio_err, keyfile, keyform, 0, key, "CA private key");
643 if (key) 625 if (key)
644 explicit_bzero(key, strlen(key)); 626 explicit_bzero(key, strlen(key));
645 if (pkey == NULL) { 627 if (pkey == NULL) {
@@ -655,7 +637,7 @@ bad:
655 lookup_fail(section, ENV_CERTIFICATE); 637 lookup_fail(section, ENV_CERTIFICATE);
656 goto err; 638 goto err;
657 } 639 }
658 x509 = load_cert(bio_err, certfile, FORMAT_PEM, NULL, e, 640 x509 = load_cert(bio_err, certfile, FORMAT_PEM, NULL,
659 "CA certificate"); 641 "CA certificate");
660 if (x509 == NULL) 642 if (x509 == NULL)
661 goto err; 643 goto err;
@@ -1028,7 +1010,7 @@ bad:
1028 sigopts, attribs, db, serial, subj, chtype, 1010 sigopts, attribs, db, serial, subj, chtype,
1029 multirdn, email_dn, startdate, enddate, days, batch, 1011 multirdn, email_dn, startdate, enddate, days, batch,
1030 extensions, conf, verbose, certopt, nameopt, 1012 extensions, conf, verbose, certopt, nameopt,
1031 default_op, ext_copy, e); 1013 default_op, ext_copy);
1032 if (j < 0) 1014 if (j < 0)
1033 goto err; 1015 goto err;
1034 if (j > 0) { 1016 if (j > 0) {
@@ -1314,7 +1296,7 @@ bad:
1314 } else { 1296 } else {
1315 X509 *revcert; 1297 X509 *revcert;
1316 revcert = load_cert(bio_err, infile, FORMAT_PEM, 1298 revcert = load_cert(bio_err, infile, FORMAT_PEM,
1317 NULL, e, infile); 1299 NULL, infile);
1318 if (revcert == NULL) 1300 if (revcert == NULL)
1319 goto err; 1301 goto err;
1320 j = do_revoke(revcert, db, rev_type, rev_arg); 1302 j = do_revoke(revcert, db, rev_type, rev_arg);
@@ -1446,14 +1428,14 @@ certify_cert(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509,
1446 unsigned long chtype, int multirdn, int email_dn, char *startdate, 1428 unsigned long chtype, int multirdn, int email_dn, char *startdate,
1447 char *enddate, long days, int batch, char *ext_sect, CONF * lconf, 1429 char *enddate, long days, int batch, char *ext_sect, CONF * lconf,
1448 int verbose, unsigned long certopt, unsigned long nameopt, int default_op, 1430 int verbose, unsigned long certopt, unsigned long nameopt, int default_op,
1449 int ext_copy, ENGINE * e) 1431 int ext_copy)
1450{ 1432{
1451 X509 *req = NULL; 1433 X509 *req = NULL;
1452 X509_REQ *rreq = NULL; 1434 X509_REQ *rreq = NULL;
1453 EVP_PKEY *pktmp = NULL; 1435 EVP_PKEY *pktmp = NULL;
1454 int ok = -1, i; 1436 int ok = -1, i;
1455 1437
1456 if ((req = load_cert(bio_err, infile, FORMAT_PEM, NULL, e, 1438 if ((req = load_cert(bio_err, infile, FORMAT_PEM, NULL,
1457 infile)) == NULL) 1439 infile)) == NULL)
1458 goto err; 1440 goto err;
1459 if (verbose) 1441 if (verbose)
diff --git a/src/usr.bin/openssl/cms.c b/src/usr.bin/openssl/cms.c
index c6e662ab33..fccac23db7 100644
--- a/src/usr.bin/openssl/cms.c
+++ b/src/usr.bin/openssl/cms.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms.c,v 1.2 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: cms.c,v 1.3 2015/09/11 14:30:23 bcook Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -99,7 +99,6 @@ int verify_err = 0;
99int 99int
100cms_main(int argc, char **argv) 100cms_main(int argc, char **argv)
101{ 101{
102 ENGINE *e = NULL;
103 int operation = 0; 102 int operation = 0;
104 int ret = 0; 103 int ret = 0;
105 char **args; 104 char **args;
@@ -128,9 +127,6 @@ cms_main(int argc, char **argv)
128 const EVP_MD *sign_md = NULL; 127 const EVP_MD *sign_md = NULL;
129 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; 128 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
130 int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; 129 int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
131#ifndef OPENSSL_NO_ENGINE
132 char *engine = NULL;
133#endif
134 unsigned char *secret_key = NULL, *secret_keyid = NULL; 130 unsigned char *secret_key = NULL, *secret_keyid = NULL;
135 unsigned char *pwri_pass = NULL, *pwri_tmp = NULL; 131 unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
136 size_t secret_keylen = 0, secret_keyidlen = 0; 132 size_t secret_keylen = 0, secret_keyidlen = 0;
@@ -310,13 +306,6 @@ cms_main(int argc, char **argv)
310 goto argerr; 306 goto argerr;
311 } 307 }
312 } 308 }
313#ifndef OPENSSL_NO_ENGINE
314 else if (!strcmp(*args, "-engine")) {
315 if (!args[1])
316 goto argerr;
317 engine = *++args;
318 }
319#endif
320 else if (!strcmp(*args, "-passin")) { 309 else if (!strcmp(*args, "-passin")) {
321 if (!args[1]) 310 if (!args[1])
322 goto argerr; 311 goto argerr;
@@ -526,7 +515,7 @@ argerr:
526 BIO_printf(bio_err, "-in file input file\n"); 515 BIO_printf(bio_err, "-in file input file\n");
527 BIO_printf(bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); 516 BIO_printf(bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
528 BIO_printf(bio_err, "-inkey file input private key (if not signer or recipient)\n"); 517 BIO_printf(bio_err, "-inkey file input private key (if not signer or recipient)\n");
529 BIO_printf(bio_err, "-keyform arg input private key format (PEM or ENGINE)\n"); 518 BIO_printf(bio_err, "-keyform arg input private key format (PEM)\n");
530 BIO_printf(bio_err, "-out file output file\n"); 519 BIO_printf(bio_err, "-out file output file\n");
531 BIO_printf(bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); 520 BIO_printf(bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
532 BIO_printf(bio_err, "-content file supply or override content for detached signature\n"); 521 BIO_printf(bio_err, "-content file supply or override content for detached signature\n");
@@ -538,16 +527,10 @@ argerr:
538 BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); 527 BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
539 BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); 528 BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
540 BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); 529 BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
541#ifndef OPENSSL_NO_ENGINE
542 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
543#endif
544 BIO_printf(bio_err, "-passin arg input file pass phrase source\n"); 530 BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
545 BIO_printf(bio_err, "cert.pem recipient certificate(s) for encryption\n"); 531 BIO_printf(bio_err, "cert.pem recipient certificate(s) for encryption\n");
546 goto end; 532 goto end;
547 } 533 }
548#ifndef OPENSSL_NO_ENGINE
549 e = setup_engine(bio_err, engine, 0);
550#endif
551 534
552 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 535 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
553 BIO_printf(bio_err, "Error getting password\n"); 536 BIO_printf(bio_err, "Error getting password\n");
diff --git a/src/usr.bin/openssl/dgst.c b/src/usr.bin/openssl/dgst.c
index d442bba266..94d98ac6a4 100644
--- a/src/usr.bin/openssl/dgst.c
+++ b/src/usr.bin/openssl/dgst.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dgst.c,v 1.5 2015/09/10 16:01:06 jsing Exp $ */ 1/* $OpenBSD: dgst.c,v 1.6 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -101,7 +101,6 @@ list_md_fn(const EVP_MD * m, const char *from, const char *to, void *arg)
101int 101int
102dgst_main(int argc, char **argv) 102dgst_main(int argc, char **argv)
103{ 103{
104 ENGINE *e = NULL;
105 unsigned char *buf = NULL; 104 unsigned char *buf = NULL;
106 int i, err = 1; 105 int i, err = 1;
107 const EVP_MD *md = NULL, *m; 106 const EVP_MD *md = NULL, *m;
@@ -120,9 +119,6 @@ dgst_main(int argc, char **argv)
120 unsigned char *sigbuf = NULL; 119 unsigned char *sigbuf = NULL;
121 int siglen = 0; 120 int siglen = 0;
122 char *passargin = NULL, *passin = NULL; 121 char *passargin = NULL, *passin = NULL;
123#ifndef OPENSSL_NO_ENGINE
124 char *engine = NULL;
125#endif
126 char *hmac_key = NULL; 122 char *hmac_key = NULL;
127 char *mac_name = NULL; 123 char *mac_name = NULL;
128 STACK_OF(OPENSSL_STRING) * sigopts = NULL, *macopts = NULL; 124 STACK_OF(OPENSSL_STRING) * sigopts = NULL, *macopts = NULL;
@@ -178,14 +174,6 @@ dgst_main(int argc, char **argv)
178 break; 174 break;
179 keyform = str2fmt(*(++argv)); 175 keyform = str2fmt(*(++argv));
180 } 176 }
181#ifndef OPENSSL_NO_ENGINE
182 else if (strcmp(*argv, "-engine") == 0) {
183 if (--argc < 1)
184 break;
185 engine = *(++argv);
186 e = setup_engine(bio_err, engine, 0);
187 }
188#endif
189 else if (strcmp(*argv, "-hex") == 0) 177 else if (strcmp(*argv, "-hex") == 0)
190 out_bin = 0; 178 out_bin = 0;
191 else if (strcmp(*argv, "-binary") == 0) 179 else if (strcmp(*argv, "-binary") == 0)
@@ -238,16 +226,13 @@ dgst_main(int argc, char **argv)
238 BIO_printf(bio_err, "-sign file sign digest using private key in file\n"); 226 BIO_printf(bio_err, "-sign file sign digest using private key in file\n");
239 BIO_printf(bio_err, "-verify file verify a signature using public key in file\n"); 227 BIO_printf(bio_err, "-verify file verify a signature using public key in file\n");
240 BIO_printf(bio_err, "-prverify file verify a signature using private key in file\n"); 228 BIO_printf(bio_err, "-prverify file verify a signature using private key in file\n");
241 BIO_printf(bio_err, "-keyform arg key file format (PEM or ENGINE)\n"); 229 BIO_printf(bio_err, "-keyform arg key file format (PEM)\n");
242 BIO_printf(bio_err, "-out filename output to filename rather than stdout\n"); 230 BIO_printf(bio_err, "-out filename output to filename rather than stdout\n");
243 BIO_printf(bio_err, "-signature file signature to verify\n"); 231 BIO_printf(bio_err, "-signature file signature to verify\n");
244 BIO_printf(bio_err, "-sigopt nm:v signature parameter\n"); 232 BIO_printf(bio_err, "-sigopt nm:v signature parameter\n");
245 BIO_printf(bio_err, "-hmac key create hashed MAC with key\n"); 233 BIO_printf(bio_err, "-hmac key create hashed MAC with key\n");
246 BIO_printf(bio_err, "-mac algorithm create MAC (not neccessarily HMAC)\n"); 234 BIO_printf(bio_err, "-mac algorithm create MAC (not neccessarily HMAC)\n");
247 BIO_printf(bio_err, "-macopt nm:v MAC algorithm parameters or key\n"); 235 BIO_printf(bio_err, "-macopt nm:v MAC algorithm parameters or key\n");
248#ifndef OPENSSL_NO_ENGINE
249 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
250#endif
251 236
252 EVP_MD_do_all_sorted(list_md_fn, bio_err); 237 EVP_MD_do_all_sorted(list_md_fn, bio_err);
253 goto end; 238 goto end;
@@ -298,10 +283,10 @@ dgst_main(int argc, char **argv)
298 if (keyfile) { 283 if (keyfile) {
299 if (want_pub) 284 if (want_pub)
300 sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, 285 sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
301 e, "key file"); 286 "key file");
302 else 287 else
303 sigkey = load_key(bio_err, keyfile, keyform, 0, passin, 288 sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
304 e, "key file"); 289 "key file");
305 if (!sigkey) { 290 if (!sigkey) {
306 /* 291 /*
307 * load_[pub]key() has already printed an appropriate 292 * load_[pub]key() has already printed an appropriate
@@ -313,7 +298,7 @@ dgst_main(int argc, char **argv)
313 if (mac_name) { 298 if (mac_name) {
314 EVP_PKEY_CTX *mac_ctx = NULL; 299 EVP_PKEY_CTX *mac_ctx = NULL;
315 int r = 0; 300 int r = 0;
316 if (!init_gen_str(bio_err, &mac_ctx, mac_name, e, 0)) 301 if (!init_gen_str(bio_err, &mac_ctx, mac_name, 0))
317 goto mac_end; 302 goto mac_end;
318 if (macopts) { 303 if (macopts) {
319 char *macopt; 304 char *macopt;
@@ -341,7 +326,7 @@ mac_end:
341 goto end; 326 goto end;
342 } 327 }
343 if (hmac_key) { 328 if (hmac_key) {
344 sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e, 329 sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
345 (unsigned char *) hmac_key, -1); 330 (unsigned char *) hmac_key, -1);
346 if (!sigkey) 331 if (!sigkey)
347 goto end; 332 goto end;
diff --git a/src/usr.bin/openssl/dh.c b/src/usr.bin/openssl/dh.c
index ed86428258..f4112e87c2 100644
--- a/src/usr.bin/openssl/dh.c
+++ b/src/usr.bin/openssl/dh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh.c,v 1.5 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: dh.c,v 1.6 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -77,9 +77,6 @@
77static struct { 77static struct {
78 int C; 78 int C;
79 int check; 79 int check;
80#ifndef OPENSSL_NO_ENGINE
81 char *engine;
82#endif
83 char *infile; 80 char *infile;
84 int informat; 81 int informat;
85 int noout; 82 int noout;
@@ -101,15 +98,6 @@ static struct option dh_options[] = {
101 .type = OPTION_FLAG, 98 .type = OPTION_FLAG,
102 .opt.flag = &dh_config.check, 99 .opt.flag = &dh_config.check,
103 }, 100 },
104#ifndef OPENSSL_NO_ENGINE
105 {
106 .name = "engine",
107 .argname = "id",
108 .desc = "Use the engine specified by the given identifier",
109 .type = OPTION_ARG,
110 .opt.arg = &dh_config.engine,
111 },
112#endif
113 { 101 {
114 .name = "in", 102 .name = "in",
115 .argname = "file", 103 .argname = "file",
@@ -157,7 +145,7 @@ static void
157dh_usage(void) 145dh_usage(void)
158{ 146{
159 fprintf(stderr, 147 fprintf(stderr,
160 "usage: dh [-C] [-check] [-engine id] [-in file] [-inform format]\n" 148 "usage: dh [-C] [-check] [-in file] [-inform format]\n"
161 " [-noout] [-out file] [-outform format] [-text]\n\n"); 149 " [-noout] [-out file] [-outform format] [-text]\n\n");
162 options_usage(dh_options); 150 options_usage(dh_options);
163} 151}
@@ -180,10 +168,6 @@ dh_main(int argc, char **argv)
180 goto end; 168 goto end;
181 } 169 }
182 170
183#ifndef OPENSSL_NO_ENGINE
184 setup_engine(bio_err, dh_config.engine, 0);
185#endif
186
187 in = BIO_new(BIO_s_file()); 171 in = BIO_new(BIO_s_file());
188 out = BIO_new(BIO_s_file()); 172 out = BIO_new(BIO_s_file());
189 if (in == NULL || out == NULL) { 173 if (in == NULL || out == NULL) {
diff --git a/src/usr.bin/openssl/dhparam.c b/src/usr.bin/openssl/dhparam.c
index 5757b906b1..158a07a572 100644
--- a/src/usr.bin/openssl/dhparam.c
+++ b/src/usr.bin/openssl/dhparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dhparam.c,v 1.5 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: dhparam.c,v 1.6 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -135,9 +135,6 @@ struct {
135 int C; 135 int C;
136 int check; 136 int check;
137 int dsaparam; 137 int dsaparam;
138#ifndef OPENSSL_NO_ENGINE
139 char *engine;
140#endif
141 int g; 138 int g;
142 char *infile; 139 char *infile;
143 int informat; 140 int informat;
@@ -181,15 +178,6 @@ struct option dhparam_options[] = {
181 .type = OPTION_FLAG, 178 .type = OPTION_FLAG,
182 .opt.flag = &dhparam_config.dsaparam, 179 .opt.flag = &dhparam_config.dsaparam,
183 }, 180 },
184#ifndef OPENSSL_NO_ENGINE
185 {
186 .name = "engine",
187 .argname = "id",
188 .desc = "Use the engine specified by the given identifier",
189 .type = OPTION_ARG,
190 .opt.arg = &dhparam_config.engine,
191 },
192#endif
193 { 181 {
194 .name = "in", 182 .name = "in",
195 .argname = "file", 183 .argname = "file",
@@ -237,7 +225,7 @@ static void
237dhparam_usage() 225dhparam_usage()
238{ 226{
239 fprintf(stderr, 227 fprintf(stderr,
240 "usage: dhparam [-2 | -5] [-C] [-check] [-dsaparam] [-engine id]\n" 228 "usage: dhparam [-2 | -5] [-C] [-check] [-dsaparam]\n"
241 " [-in file] [-inform DER | PEM] [-noout] [-out file]\n" 229 " [-in file] [-inform DER | PEM] [-noout] [-out file]\n"
242 " [-outform DER | PEM] [-text] [numbits]\n\n"); 230 " [-outform DER | PEM] [-text] [numbits]\n\n");
243 options_usage(dhparam_options); 231 options_usage(dhparam_options);
@@ -273,10 +261,6 @@ dhparam_main(int argc, char **argv)
273 } 261 }
274 } 262 }
275 263
276#ifndef OPENSSL_NO_ENGINE
277 setup_engine(bio_err, dhparam_config.engine, 0);
278#endif
279
280 if (dhparam_config.g && !num) 264 if (dhparam_config.g && !num)
281 num = DEFBITS; 265 num = DEFBITS;
282 266
diff --git a/src/usr.bin/openssl/dsa.c b/src/usr.bin/openssl/dsa.c
index 2b6bff29f3..813e163662 100644
--- a/src/usr.bin/openssl/dsa.c
+++ b/src/usr.bin/openssl/dsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa.c,v 1.4 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: dsa.c,v 1.5 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -76,9 +76,6 @@
76 76
77static struct { 77static struct {
78 const EVP_CIPHER *enc; 78 const EVP_CIPHER *enc;
79#ifndef OPENSSL_NO_ENGINE
80 char *engine;
81#endif
82 char *infile; 79 char *infile;
83 int informat; 80 int informat;
84 int modulus; 81 int modulus;
@@ -110,15 +107,6 @@ dsa_opt_enc(int argc, char **argv, int *argsused)
110} 107}
111 108
112static struct option dsa_options[] = { 109static struct option dsa_options[] = {
113#ifndef OPENSSL_NO_ENGINE
114 {
115 .name = "engine",
116 .argname = "id",
117 .desc = "Use the engine specified by the given identifier",
118 .type = OPTION_ARG,
119 .opt.arg = &dsa_config.engine,
120 },
121#endif
122 { 110 {
123 .name = "in", 111 .name = "in",
124 .argname = "file", 112 .argname = "file",
@@ -231,7 +219,7 @@ static void
231dsa_usage(void) 219dsa_usage(void)
232{ 220{
233 fprintf(stderr, 221 fprintf(stderr,
234 "usage: dsa [-engine id] [-in file] [-inform format] [-noout]\n" 222 "usage: dsa [-in file] [-inform format] [-noout]\n"
235 " [-out file] [-outform format] [-passin src] [-passout src]\n" 223 " [-out file] [-outform format] [-passin src] [-passout src]\n"
236 " [-pubin] [-pubout] [-pvk-none | -pvk-strong | -pvk-weak]\n" 224 " [-pubin] [-pubout] [-pvk-none | -pvk-strong | -pvk-weak]\n"
237 " [-text] [-ciphername]\n\n"); 225 " [-text] [-ciphername]\n\n");
@@ -246,7 +234,6 @@ dsa_usage(void)
246int 234int
247dsa_main(int argc, char **argv) 235dsa_main(int argc, char **argv)
248{ 236{
249 ENGINE *e = NULL;
250 int ret = 1; 237 int ret = 1;
251 DSA *dsa = NULL; 238 DSA *dsa = NULL;
252 int i; 239 int i;
@@ -264,10 +251,6 @@ dsa_main(int argc, char **argv)
264 goto end; 251 goto end;
265 } 252 }
266 253
267#ifndef OPENSSL_NO_ENGINE
268 e = setup_engine(bio_err, dsa_config.engine, 0);
269#endif
270
271 if (!app_passwd(bio_err, dsa_config.passargin, dsa_config.passargout, 254 if (!app_passwd(bio_err, dsa_config.passargin, dsa_config.passargout,
272 &passin, &passout)) { 255 &passin, &passout)) {
273 BIO_printf(bio_err, "Error getting passwords\n"); 256 BIO_printf(bio_err, "Error getting passwords\n");
@@ -296,10 +279,10 @@ dsa_main(int argc, char **argv)
296 279
297 if (dsa_config.pubin) 280 if (dsa_config.pubin)
298 pkey = load_pubkey(bio_err, dsa_config.infile, 281 pkey = load_pubkey(bio_err, dsa_config.infile,
299 dsa_config.informat, 1, passin, e, "Public Key"); 282 dsa_config.informat, 1, passin, "Public Key");
300 else 283 else
301 pkey = load_key(bio_err, dsa_config.infile, 284 pkey = load_key(bio_err, dsa_config.infile,
302 dsa_config.informat, 1, passin, e, "Private Key"); 285 dsa_config.informat, 1, passin, "Private Key");
303 286
304 if (pkey) { 287 if (pkey) {
305 dsa = EVP_PKEY_get1_DSA(pkey); 288 dsa = EVP_PKEY_get1_DSA(pkey);
diff --git a/src/usr.bin/openssl/dsaparam.c b/src/usr.bin/openssl/dsaparam.c
index 66cacbb3a9..0cdd5c1d51 100644
--- a/src/usr.bin/openssl/dsaparam.c
+++ b/src/usr.bin/openssl/dsaparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsaparam.c,v 1.4 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: dsaparam.c,v 1.5 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -81,9 +81,6 @@
81 81
82static struct { 82static struct {
83 int C; 83 int C;
84#ifndef OPENSSL_NO_ENGINE
85 char *engine;
86#endif
87 int genkey; 84 int genkey;
88 char *infile; 85 char *infile;
89 int informat; 86 int informat;
@@ -100,15 +97,6 @@ static struct option dsaparam_options[] = {
100 .type = OPTION_FLAG, 97 .type = OPTION_FLAG,
101 .opt.flag = &dsaparam_config.C, 98 .opt.flag = &dsaparam_config.C,
102 }, 99 },
103#ifndef OPENSSL_NO_ENGINE
104 {
105 .name = "engine",
106 .argname = "id",
107 .desc = "Use the engine specified by the given identifier",
108 .type = OPTION_ARG,
109 .opt.arg = &dsaparam_config.engine,
110 },
111#endif
112 { 100 {
113 .name = "genkey", 101 .name = "genkey",
114 .desc = "Generate a DSA key", 102 .desc = "Generate a DSA key",
@@ -162,7 +150,7 @@ static void
162dsaparam_usage(void) 150dsaparam_usage(void)
163{ 151{
164 fprintf(stderr, 152 fprintf(stderr,
165 "usage: dsaparam [-C] [-engine id] [-genkey] [-in file]\n" 153 "usage: dsaparam [-C] [-genkey] [-in file]\n"
166 " [-inform format] [-noout] [-out file] [-outform format]\n" 154 " [-inform format] [-noout] [-out file] [-outform format]\n"
167 " [-text] [numbits]\n\n"); 155 " [-text] [numbits]\n\n");
168 options_usage(dsaparam_options); 156 options_usage(dsaparam_options);
@@ -222,10 +210,6 @@ dsaparam_main(int argc, char **argv)
222 } 210 }
223 } 211 }
224 212
225#ifndef OPENSSL_NO_ENGINE
226 setup_engine(bio_err, dsaparam_config.engine, 0);
227#endif
228
229 if (numbits > 0) { 213 if (numbits > 0) {
230 BN_GENCB cb; 214 BN_GENCB cb;
231 BN_GENCB_set(&cb, dsa_cb, bio_err); 215 BN_GENCB_set(&cb, dsa_cb, bio_err);
diff --git a/src/usr.bin/openssl/ec.c b/src/usr.bin/openssl/ec.c
index b593e2b4a1..d5fe68f0d8 100644
--- a/src/usr.bin/openssl/ec.c
+++ b/src/usr.bin/openssl/ec.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec.c,v 1.4 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: ec.c,v 1.5 2015/09/11 14:30:23 bcook Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -75,9 +75,6 @@
75static struct { 75static struct {
76 int asn1_flag; 76 int asn1_flag;
77 const EVP_CIPHER *enc; 77 const EVP_CIPHER *enc;
78#ifndef OPENSSL_NO_ENGINE
79 char *engine;
80#endif
81 point_conversion_form_t form; 78 point_conversion_form_t form;
82 char *infile; 79 char *infile;
83 int informat; 80 int informat;
@@ -153,15 +150,6 @@ static struct option ec_options[] = {
153 .type = OPTION_ARG_FUNC, 150 .type = OPTION_ARG_FUNC,
154 .opt.argfunc = ec_opt_form, 151 .opt.argfunc = ec_opt_form,
155 }, 152 },
156#ifndef OPENSSL_NO_ENGINE
157 {
158 .name = "engine",
159 .argname = "id",
160 .desc = "Use the engine specified by the given identifier",
161 .type = OPTION_ARG,
162 .opt.arg = &ec_config.engine,
163 },
164#endif
165 { 153 {
166 .name = "in", 154 .name = "in",
167 .argname = "file", 155 .argname = "file",
@@ -266,7 +254,7 @@ static void
266ec_usage(void) 254ec_usage(void)
267{ 255{
268 fprintf(stderr, 256 fprintf(stderr,
269 "usage: ec [-conv_form form] [-engine id] [-in file]\n" 257 "usage: ec [-conv_form form] [-in file]\n"
270 " [-inform format] [-noout] [-out file] [-outform format]\n" 258 " [-inform format] [-noout] [-out file] [-outform format]\n"
271 " [-param_enc type] [-param_out] [-passin file]\n" 259 " [-param_enc type] [-param_out] [-passin file]\n"
272 " [-passout file] [-pubin] [-pubout] [-text] [-ciphername]\n\n"); 260 " [-passout file] [-pubin] [-pubout] [-text] [-ciphername]\n\n");
@@ -301,10 +289,6 @@ ec_main(int argc, char **argv)
301 goto end; 289 goto end;
302 } 290 }
303 291
304#ifndef OPENSSL_NO_ENGINE
305 setup_engine(bio_err, ec_config.engine, 0);
306#endif
307
308 if (!app_passwd(bio_err, ec_config.passargin, ec_config.passargout, 292 if (!app_passwd(bio_err, ec_config.passargin, ec_config.passargout,
309 &passin, &passout)) { 293 &passin, &passout)) {
310 BIO_printf(bio_err, "Error getting passwords\n"); 294 BIO_printf(bio_err, "Error getting passwords\n");
diff --git a/src/usr.bin/openssl/ecparam.c b/src/usr.bin/openssl/ecparam.c
index b0b46a145d..6adac863d5 100644
--- a/src/usr.bin/openssl/ecparam.c
+++ b/src/usr.bin/openssl/ecparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecparam.c,v 1.12 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: ecparam.c,v 1.13 2015/09/11 14:30:23 bcook Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -95,7 +95,6 @@ static struct {
95 int asn1_flag; 95 int asn1_flag;
96 int check; 96 int check;
97 char *curve_name; 97 char *curve_name;
98 char *engine;
99 point_conversion_form_t form; 98 point_conversion_form_t form;
100 int genkey; 99 int genkey;
101 char *infile; 100 char *infile;
@@ -161,15 +160,6 @@ struct option ecparam_options[] = {
161 .type = OPTION_ARG_FUNC, 160 .type = OPTION_ARG_FUNC,
162 .opt.argfunc = ecparam_opt_form, 161 .opt.argfunc = ecparam_opt_form,
163 }, 162 },
164#ifndef OPENSSL_NO_ENGINE
165 {
166 .name = "engine",
167 .argname = "id",
168 .desc = "Use the engine specified by the given identifier",
169 .type = OPTION_ARG,
170 .opt.arg = &ecparam_config.engine,
171 },
172#endif
173 { 163 {
174 .name = "genkey", 164 .name = "genkey",
175 .desc = "Generate an EC private key using the specified " 165 .desc = "Generate an EC private key using the specified "
@@ -252,7 +242,7 @@ static void
252ecparam_usage(void) 242ecparam_usage(void)
253{ 243{
254 fprintf(stderr, "usage: ecparam [-C] [-check] [-conv_form arg] " 244 fprintf(stderr, "usage: ecparam [-C] [-check] [-conv_form arg] "
255 "[-engine id] [-genkey]\n" 245 " [-genkey]\n"
256 " [-in file] [-inform DER | PEM] [-list_curves] [-name arg]\n" 246 " [-in file] [-inform DER | PEM] [-list_curves] [-name arg]\n"
257 " [-no_seed] [-noout] [-out file] [-outform DER | PEM]\n" 247 " [-no_seed] [-noout] [-out file] [-outform DER | PEM]\n"
258 " [-param_enc arg] [-text]\n\n"); 248 " [-param_enc arg] [-text]\n\n");
@@ -303,10 +293,6 @@ ecparam_main(int argc, char **argv)
303 } 293 }
304 } 294 }
305 295
306#ifndef OPENSSL_NO_ENGINE
307 setup_engine(bio_err, ecparam_config.engine, 0);
308#endif
309
310 if (ecparam_config.list_curves) { 296 if (ecparam_config.list_curves) {
311 EC_builtin_curve *curves = NULL; 297 EC_builtin_curve *curves = NULL;
312 size_t crv_len = 0; 298 size_t crv_len = 0;
diff --git a/src/usr.bin/openssl/enc.c b/src/usr.bin/openssl/enc.c
index 3ba774053d..6eb804fd49 100644
--- a/src/usr.bin/openssl/enc.c
+++ b/src/usr.bin/openssl/enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: enc.c,v 1.6 2015/09/10 16:01:06 jsing Exp $ */ 1/* $OpenBSD: enc.c,v 1.7 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -85,9 +85,6 @@ static struct {
85 int do_zlib; 85 int do_zlib;
86#endif 86#endif
87 int enc; 87 int enc;
88#ifndef OPENSSL_NO_ENGINE
89 char *engine;
90#endif
91 char *hiv; 88 char *hiv;
92 char *hkey; 89 char *hkey;
93 char *hsalt; 90 char *hsalt;
@@ -171,15 +168,6 @@ static struct option enc_options[] = {
171 .opt.value = &enc_config.enc, 168 .opt.value = &enc_config.enc,
172 .value = 1, 169 .value = 1,
173 }, 170 },
174#ifndef OPENSSL_NO_ENGINE
175 {
176 .name = "engine",
177 .argname = "id",
178 .desc = "Use the engine specified by the given identifier",
179 .type = OPTION_ARG,
180 .opt.arg = &enc_config.engine,
181 },
182#endif
183 { 171 {
184 .name = "in", 172 .name = "in",
185 .argname = "file", 173 .argname = "file",
@@ -317,7 +305,7 @@ enc_usage(void)
317{ 305{
318 fprintf(stderr, "usage: enc -ciphername [-AadePp] [-base64] " 306 fprintf(stderr, "usage: enc -ciphername [-AadePp] [-base64] "
319 "[-bufsize number] [-debug]\n" 307 "[-bufsize number] [-debug]\n"
320 " [-engine id] [-in file] [-iv IV] [-K key] [-k password]\n" 308 " [-in file] [-iv IV] [-K key] [-k password]\n"
321 " [-kfile file] [-md digest] [-none] [-nopad] [-nosalt]\n" 309 " [-kfile file] [-md digest] [-none] [-nopad] [-nosalt]\n"
322 " [-out file] [-pass arg] [-S salt] [-salt]\n\n"); 310 " [-out file] [-pass arg] [-S salt] [-salt]\n\n");
323 options_usage(enc_options); 311 options_usage(enc_options);
@@ -413,10 +401,6 @@ enc_main(int argc, char **argv)
413 enc_config.keystr = buf; 401 enc_config.keystr = buf;
414 } 402 }
415 403
416#ifndef OPENSSL_NO_ENGINE
417 setup_engine(bio_err, enc_config.engine, 0);
418#endif
419
420 if (enc_config.md != NULL && 404 if (enc_config.md != NULL &&
421 (dgst = EVP_get_digestbyname(enc_config.md)) == NULL) { 405 (dgst = EVP_get_digestbyname(enc_config.md)) == NULL) {
422 BIO_printf(bio_err, 406 BIO_printf(bio_err,
diff --git a/src/usr.bin/openssl/engine.c b/src/usr.bin/openssl/engine.c
deleted file mode 100644
index 0dc3043887..0000000000
--- a/src/usr.bin/openssl/engine.c
+++ /dev/null
@@ -1,493 +0,0 @@
1/* $OpenBSD: engine.c,v 1.5 2015/08/22 16:36:05 jsing Exp $ */
2/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include "apps.h"
64
65#ifndef OPENSSL_NO_ENGINE
66#include <openssl/engine.h>
67#include <openssl/err.h>
68#include <openssl/ssl.h>
69
70static const char *engine_usage[] = {
71 "usage: engine opts [engine ...]\n",
72 " -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
73 " -vv will additionally display each command's description\n",
74 " -vvv will also add the input flags for each command\n",
75 " -vvvv will also show internal input flags\n",
76 " -c - for each engine, also list the capabilities\n",
77 " -t[t] - for each engine, check that they are really available\n",
78 " -tt will display error trace for unavailable engines\n",
79 " -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n",
80 " to load it (if -t is used)\n",
81 " -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
82 " (only used if -t is also provided)\n",
83 " NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
84 " line, or all supported ENGINEs if none are specified.\n",
85 " Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
86 " argument \"/lib/libdriver.so\".\n",
87 NULL
88};
89
90static void
91identity(char *ptr)
92{
93 return;
94}
95
96static int
97append_buf(char **buf, const char *s, int *size, int step)
98{
99 if (*buf == NULL) {
100 *size = step;
101 *buf = malloc(*size);
102 if (*buf == NULL)
103 return 0;
104 **buf = '\0';
105 }
106
107 if (strlen(*buf) + strlen(s) >= (unsigned int) *size) {
108 *size += step;
109 *buf = realloc(*buf, *size);
110 }
111 if (*buf == NULL)
112 return 0;
113
114 if (**buf != '\0')
115 strlcat(*buf, ", ", *size);
116 strlcat(*buf, s, *size);
117
118 return 1;
119}
120
121static int
122util_flags(BIO * bio_out, unsigned int flags, const char *indent)
123{
124 int started = 0, err = 0;
125 /* Indent before displaying input flags */
126 BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
127 if (flags == 0) {
128 BIO_printf(bio_out, "<no flags>\n");
129 return 1;
130 }
131 /*
132 * If the object is internal, mark it in a way that shows instead of
133 * having it part of all the other flags, even if it really is.
134 */
135 if (flags & ENGINE_CMD_FLAG_INTERNAL) {
136 BIO_printf(bio_out, "[Internal] ");
137 }
138 if (flags & ENGINE_CMD_FLAG_NUMERIC) {
139 BIO_printf(bio_out, "NUMERIC");
140 started = 1;
141 }
142 /*
143 * Now we check that no combinations of the mutually exclusive
144 * NUMERIC, STRING, and NO_INPUT flags have been used. Future flags
145 * that can be OR'd together with these would need to added after
146 * these to preserve the testing logic.
147 */
148 if (flags & ENGINE_CMD_FLAG_STRING) {
149 if (started) {
150 BIO_printf(bio_out, "|");
151 err = 1;
152 }
153 BIO_printf(bio_out, "STRING");
154 started = 1;
155 }
156 if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
157 if (started) {
158 BIO_printf(bio_out, "|");
159 err = 1;
160 }
161 BIO_printf(bio_out, "NO_INPUT");
162 started = 1;
163 }
164 /* Check for unknown flags */
165 flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
166 ~ENGINE_CMD_FLAG_STRING &
167 ~ENGINE_CMD_FLAG_NO_INPUT &
168 ~ENGINE_CMD_FLAG_INTERNAL;
169 if (flags) {
170 if (started)
171 BIO_printf(bio_out, "|");
172 BIO_printf(bio_out, "<0x%04X>", flags);
173 }
174 if (err)
175 BIO_printf(bio_out, " <illegal flags!>");
176 BIO_printf(bio_out, "\n");
177 return 1;
178}
179
180static int
181util_verbose(ENGINE * e, int verbose, BIO * bio_out, const char *indent)
182{
183 static const int line_wrap = 78;
184 int num;
185 int ret = 0;
186 char *name = NULL;
187 char *desc = NULL;
188 int flags;
189 int xpos = 0;
190 STACK_OF(OPENSSL_STRING) * cmds = NULL;
191 if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
192 ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
193 0, NULL, NULL)) <= 0)) {
194 return 1;
195 }
196 cmds = sk_OPENSSL_STRING_new_null();
197
198 if (!cmds)
199 goto err;
200 do {
201 int len;
202 /* Get the command input flags */
203 if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
204 NULL, NULL)) < 0)
205 goto err;
206 if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
207 /* Get the command name */
208 if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
209 NULL, NULL)) <= 0)
210 goto err;
211 if ((name = malloc(len + 1)) == NULL)
212 goto err;
213 if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
214 NULL) <= 0)
215 goto err;
216 /* Get the command description */
217 if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
218 NULL, NULL)) < 0)
219 goto err;
220 if (len > 0) {
221 if ((desc = malloc(len + 1)) == NULL)
222 goto err;
223 if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
224 NULL) <= 0)
225 goto err;
226 }
227 /* Now decide on the output */
228 if (xpos == 0)
229 /* Do an indent */
230 xpos = BIO_puts(bio_out, indent);
231 else
232 /* Otherwise prepend a ", " */
233 xpos += BIO_printf(bio_out, ", ");
234 if (verbose == 1) {
235 /* We're just listing names, comma-delimited */
236 if ((xpos > (int) strlen(indent)) &&
237 (xpos + (int) strlen(name) > line_wrap)) {
238 BIO_printf(bio_out, "\n");
239 xpos = BIO_puts(bio_out, indent);
240 }
241 xpos += BIO_printf(bio_out, "%s", name);
242 } else {
243 /* We're listing names plus descriptions */
244 BIO_printf(bio_out, "%s: %s\n", name,
245 (desc == NULL) ? "<no description>" : desc);
246 /* ... and sometimes input flags */
247 if ((verbose >= 3) && !util_flags(bio_out, flags,
248 indent))
249 goto err;
250 xpos = 0;
251 }
252 }
253 free(name);
254 name = NULL;
255 free(desc);
256 desc = NULL;
257
258 /* Move to the next command */
259 num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
260 num, NULL, NULL);
261 } while (num > 0);
262 if (xpos > 0)
263 BIO_printf(bio_out, "\n");
264 ret = 1;
265err:
266 if (cmds)
267 sk_OPENSSL_STRING_pop_free(cmds, identity);
268 free(name);
269 free(desc);
270 return ret;
271}
272
273static void
274util_do_cmds(ENGINE * e, STACK_OF(OPENSSL_STRING) * cmds,
275 BIO * bio_out, const char *indent)
276{
277 int loop, res, num = sk_OPENSSL_STRING_num(cmds);
278
279 if (num < 0) {
280 BIO_printf(bio_out, "[Error]: internal stack error\n");
281 return;
282 }
283 for (loop = 0; loop < num; loop++) {
284 char buf[256];
285 const char *cmd, *arg;
286 cmd = sk_OPENSSL_STRING_value(cmds, loop);
287 res = 1; /* assume success */
288 /* Check if this command has no ":arg" */
289 if ((arg = strstr(cmd, ":")) == NULL) {
290 if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
291 res = 0;
292 } else {
293 if ((int) (arg - cmd) > 254) {
294 BIO_printf(bio_out, "[Error]: command name too long\n");
295 return;
296 }
297 memcpy(buf, cmd, (int) (arg - cmd));
298 buf[arg - cmd] = '\0';
299 arg++; /* Move past the ":" */
300 /* Call the command with the argument */
301 if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
302 res = 0;
303 }
304 if (res)
305 BIO_printf(bio_out, "[Success]: %s\n", cmd);
306 else {
307 BIO_printf(bio_out, "[Failure]: %s\n", cmd);
308 ERR_print_errors(bio_out);
309 }
310 }
311}
312
313int
314engine_main(int argc, char **argv)
315{
316 int ret = 1, i;
317 const char **pp;
318 int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
319 ENGINE *e;
320 STACK_OF(OPENSSL_STRING) * engines = sk_OPENSSL_STRING_new_null();
321 STACK_OF(OPENSSL_STRING) * pre_cmds = sk_OPENSSL_STRING_new_null();
322 STACK_OF(OPENSSL_STRING) * post_cmds = sk_OPENSSL_STRING_new_null();
323 int badops = 1;
324 BIO *bio_out = NULL;
325 const char *indent = " ";
326
327 bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
328
329 argc--;
330 argv++;
331 while (argc >= 1) {
332 if (strncmp(*argv, "-v", 2) == 0) {
333 if (strspn(*argv + 1, "v") < strlen(*argv + 1))
334 goto skip_arg_loop;
335 if ((verbose = strlen(*argv + 1)) > 4)
336 goto skip_arg_loop;
337 } else if (strcmp(*argv, "-c") == 0)
338 list_cap = 1;
339 else if (strncmp(*argv, "-t", 2) == 0) {
340 test_avail = 1;
341 if (strspn(*argv + 1, "t") < strlen(*argv + 1))
342 goto skip_arg_loop;
343 if ((test_avail_noise = strlen(*argv + 1) - 1) > 1)
344 goto skip_arg_loop;
345 } else if (strcmp(*argv, "-pre") == 0) {
346 argc--;
347 argv++;
348 if (argc == 0)
349 goto skip_arg_loop;
350 sk_OPENSSL_STRING_push(pre_cmds, *argv);
351 } else if (strcmp(*argv, "-post") == 0) {
352 argc--;
353 argv++;
354 if (argc == 0)
355 goto skip_arg_loop;
356 sk_OPENSSL_STRING_push(post_cmds, *argv);
357 } else if ((strncmp(*argv, "-h", 2) == 0) ||
358 (strcmp(*argv, "-?") == 0))
359 goto skip_arg_loop;
360 else
361 sk_OPENSSL_STRING_push(engines, *argv);
362 argc--;
363 argv++;
364 }
365 /* Looks like everything went OK */
366 badops = 0;
367skip_arg_loop:
368
369 if (badops) {
370 for (pp = engine_usage; (*pp != NULL); pp++)
371 BIO_printf(bio_err, "%s", *pp);
372 goto end;
373 }
374 if (sk_OPENSSL_STRING_num(engines) == 0) {
375 for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
376 sk_OPENSSL_STRING_push(engines, (char *) ENGINE_get_id(e));
377 }
378 }
379 for (i = 0; i < sk_OPENSSL_STRING_num(engines); i++) {
380 const char *id = sk_OPENSSL_STRING_value(engines, i);
381 if ((e = ENGINE_by_id(id)) != NULL) {
382 const char *name = ENGINE_get_name(e);
383 /* Do "id" first, then "name". Easier to auto-parse. */
384 BIO_printf(bio_out, "(%s) %s\n", id, name);
385 util_do_cmds(e, pre_cmds, bio_out, indent);
386 if (strcmp(ENGINE_get_id(e), id) != 0) {
387 BIO_printf(bio_out, "Loaded: (%s) %s\n",
388 ENGINE_get_id(e), ENGINE_get_name(e));
389 }
390 if (list_cap) {
391 int cap_size = 256;
392 char *cap_buf = NULL;
393 int k, n;
394 const int *nids;
395 ENGINE_CIPHERS_PTR fn_c;
396 ENGINE_DIGESTS_PTR fn_d;
397 ENGINE_PKEY_METHS_PTR fn_pk;
398
399 if (ENGINE_get_RSA(e) != NULL
400 && !append_buf(&cap_buf, "RSA",
401 &cap_size, 256))
402 goto end;
403 if (ENGINE_get_DSA(e) != NULL
404 && !append_buf(&cap_buf, "DSA",
405 &cap_size, 256))
406 goto end;
407 if (ENGINE_get_DH(e) != NULL
408 && !append_buf(&cap_buf, "DH",
409 &cap_size, 256))
410 goto end;
411 if (ENGINE_get_RAND(e) != NULL
412 && !append_buf(&cap_buf, "RAND",
413 &cap_size, 256))
414 goto end;
415
416 fn_c = ENGINE_get_ciphers(e);
417 if (!fn_c)
418 goto skip_ciphers;
419 n = fn_c(e, NULL, &nids, 0);
420 for (k = 0; k < n; ++k)
421 if (!append_buf(&cap_buf,
422 OBJ_nid2sn(nids[k]),
423 &cap_size, 256))
424 goto end;
425
426 skip_ciphers:
427 fn_d = ENGINE_get_digests(e);
428 if (!fn_d)
429 goto skip_digests;
430 n = fn_d(e, NULL, &nids, 0);
431 for (k = 0; k < n; ++k)
432 if (!append_buf(&cap_buf,
433 OBJ_nid2sn(nids[k]),
434 &cap_size, 256))
435 goto end;
436
437 skip_digests:
438 fn_pk = ENGINE_get_pkey_meths(e);
439 if (!fn_pk)
440 goto skip_pmeths;
441 n = fn_pk(e, NULL, &nids, 0);
442 for (k = 0; k < n; ++k)
443 if (!append_buf(&cap_buf,
444 OBJ_nid2sn(nids[k]),
445 &cap_size, 256))
446 goto end;
447 skip_pmeths:
448 if (cap_buf && (*cap_buf != '\0'))
449 BIO_printf(bio_out, " [%s]\n", cap_buf);
450
451 free(cap_buf);
452 }
453 if (test_avail) {
454 BIO_printf(bio_out, "%s", indent);
455 if (ENGINE_init(e)) {
456 BIO_printf(bio_out, "[ available ]\n");
457 util_do_cmds(e, post_cmds, bio_out, indent);
458 /*
459 * XXX hell lacks a place for people who write functions with
460 * XXX unusable return semantics.
461 */
462 if (ENGINE_finish(e) != 0 ||
463 ERR_GET_REASON(ERR_peek_last_error()) ==
464 ENGINE_R_FINISH_FAILED)
465 e = NULL;
466 } else {
467 BIO_printf(bio_out, "[ unavailable ]\n");
468 if (test_avail_noise)
469 ERR_print_errors_fp(stdout);
470 ERR_clear_error();
471 }
472 }
473 if ((verbose > 0) && e != NULL &&
474 !util_verbose(e, verbose, bio_out, indent))
475 goto end;
476 ENGINE_free(e);
477 } else
478 ERR_print_errors(bio_err);
479 }
480
481 ret = 0;
482end:
483
484 ERR_print_errors(bio_err);
485 sk_OPENSSL_STRING_pop_free(engines, identity);
486 sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
487 sk_OPENSSL_STRING_pop_free(post_cmds, identity);
488 if (bio_out != NULL)
489 BIO_free_all(bio_out);
490
491 return (ret);
492}
493#endif
diff --git a/src/usr.bin/openssl/gendh.c b/src/usr.bin/openssl/gendh.c
index 38186f0307..208906e24c 100644
--- a/src/usr.bin/openssl/gendh.c
+++ b/src/usr.bin/openssl/gendh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gendh.c,v 1.4 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: gendh.c,v 1.5 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -87,9 +87,6 @@
87static int dh_cb(int p, int n, BN_GENCB * cb); 87static int dh_cb(int p, int n, BN_GENCB * cb);
88 88
89static struct { 89static struct {
90#ifndef OPENSSL_NO_ENGINE
91 char *engine;
92#endif
93 int g; 90 int g;
94 char *outfile; 91 char *outfile;
95} gendh_config; 92} gendh_config;
@@ -110,15 +107,6 @@ static struct option gendh_options[] = {
110 .value = 5, 107 .value = 5,
111 .opt.value = &gendh_config.g, 108 .opt.value = &gendh_config.g,
112 }, 109 },
113#ifndef OPENSSL_NO_ENGINE
114 {
115 .name = "engine",
116 .argname = "id",
117 .desc = "Use the engine specified by the given identifier",
118 .type = OPTION_ARG,
119 .opt.arg = &gendh_config.engine,
120 },
121#endif
122 { 110 {
123 .name = "out", 111 .name = "out",
124 .argname = "file", 112 .argname = "file",
@@ -133,7 +121,7 @@ static void
133gendh_usage(void) 121gendh_usage(void)
134{ 122{
135 fprintf(stderr, 123 fprintf(stderr,
136 "usage: gendh [-2 | -5] [-engine id] [-out file] [numbits]\n\n"); 124 "usage: gendh [-2 | -5] [-out file] [numbits]\n\n");
137 options_usage(gendh_options); 125 options_usage(gendh_options);
138} 126}
139 127
@@ -166,10 +154,6 @@ gendh_main(int argc, char **argv)
166 } 154 }
167 } 155 }
168 156
169#ifndef OPENSSL_NO_ENGINE
170 setup_engine(bio_err, gendh_config.engine, 0);
171#endif
172
173 out = BIO_new(BIO_s_file()); 157 out = BIO_new(BIO_s_file());
174 if (out == NULL) { 158 if (out == NULL) {
175 ERR_print_errors(bio_err); 159 ERR_print_errors(bio_err);
diff --git a/src/usr.bin/openssl/gendsa.c b/src/usr.bin/openssl/gendsa.c
index 4fbd0dce31..ee2d6ba1b6 100644
--- a/src/usr.bin/openssl/gendsa.c
+++ b/src/usr.bin/openssl/gendsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gendsa.c,v 1.3 2015/09/10 02:17:17 lteo Exp $ */ 1/* $OpenBSD: gendsa.c,v 1.4 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -84,9 +84,6 @@ gendsa_main(int argc, char **argv)
84 char *passargout = NULL, *passout = NULL; 84 char *passargout = NULL, *passout = NULL;
85 BIO *out = NULL, *in = NULL; 85 BIO *out = NULL, *in = NULL;
86 const EVP_CIPHER *enc = NULL; 86 const EVP_CIPHER *enc = NULL;
87#ifndef OPENSSL_NO_ENGINE
88 char *engine = NULL;
89#endif
90 87
91 argv++; 88 argv++;
92 argc--; 89 argc--;
@@ -102,13 +99,6 @@ gendsa_main(int argc, char **argv)
102 goto bad; 99 goto bad;
103 passargout = *(++argv); 100 passargout = *(++argv);
104 } 101 }
105#ifndef OPENSSL_NO_ENGINE
106 else if (strcmp(*argv, "-engine") == 0) {
107 if (--argc < 1)
108 goto bad;
109 engine = *(++argv);
110 }
111#endif
112 else if (strcmp(*argv, "-") == 0) 102 else if (strcmp(*argv, "-") == 0)
113 goto bad; 103 goto bad;
114#ifndef OPENSSL_NO_DES 104#ifndef OPENSSL_NO_DES
@@ -164,17 +154,10 @@ bad:
164 BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n"); 154 BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
165 BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n"); 155 BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n");
166#endif 156#endif
167#ifndef OPENSSL_NO_ENGINE
168 BIO_printf(bio_err, " -engine e - use engine e, possibly a hardware device.\n");
169#endif
170 BIO_printf(bio_err, " dsaparam-file\n"); 157 BIO_printf(bio_err, " dsaparam-file\n");
171 BIO_printf(bio_err, " - a DSA parameter file as generated by the dsaparam command\n"); 158 BIO_printf(bio_err, " - a DSA parameter file as generated by the dsaparam command\n");
172 goto end; 159 goto end;
173 } 160 }
174#ifndef OPENSSL_NO_ENGINE
175 setup_engine(bio_err, engine, 0);
176#endif
177
178 if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { 161 if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
179 BIO_printf(bio_err, "Error getting password\n"); 162 BIO_printf(bio_err, "Error getting password\n");
180 goto end; 163 goto end;
diff --git a/src/usr.bin/openssl/genpkey.c b/src/usr.bin/openssl/genpkey.c
index 1ebc4e7d3c..d76e2febd8 100644
--- a/src/usr.bin/openssl/genpkey.c
+++ b/src/usr.bin/openssl/genpkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: genpkey.c,v 1.4 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: genpkey.c,v 1.5 2015/09/11 14:30:23 bcook Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006 3 * project 2006
4 */ 4 */
@@ -65,19 +65,13 @@
65#include <openssl/evp.h> 65#include <openssl/evp.h>
66#include <openssl/pem.h> 66#include <openssl/pem.h>
67 67
68#ifndef OPENSSL_NO_ENGINE
69#include <openssl/engine.h>
70#endif
71
72static int 68static int
73init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx, const char *file, 69init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx, const char *file);
74 ENGINE * e);
75static int genpkey_cb(EVP_PKEY_CTX * ctx); 70static int genpkey_cb(EVP_PKEY_CTX * ctx);
76 71
77int 72int
78genpkey_main(int argc, char **argv) 73genpkey_main(int argc, char **argv)
79{ 74{
80 ENGINE *e = NULL;
81 char **args, *outfile = NULL; 75 char **args, *outfile = NULL;
82 char *passarg = NULL; 76 char *passarg = NULL;
83 BIO *in = NULL, *out = NULL; 77 BIO *in = NULL, *out = NULL;
@@ -107,20 +101,13 @@ genpkey_main(int argc, char **argv)
107 goto bad; 101 goto bad;
108 passarg = *(++args); 102 passarg = *(++args);
109 } 103 }
110#ifndef OPENSSL_NO_ENGINE
111 else if (strcmp(*args, "-engine") == 0) {
112 if (!args[1])
113 goto bad;
114 e = setup_engine(bio_err, *(++args), 0);
115 }
116#endif
117 else if (!strcmp(*args, "-paramfile")) { 104 else if (!strcmp(*args, "-paramfile")) {
118 if (!args[1]) 105 if (!args[1])
119 goto bad; 106 goto bad;
120 args++; 107 args++;
121 if (do_param == 1) 108 if (do_param == 1)
122 goto bad; 109 goto bad;
123 if (!init_keygen_file(bio_err, &ctx, *args, e)) 110 if (!init_keygen_file(bio_err, &ctx, *args))
124 goto end; 111 goto end;
125 } else if (!strcmp(*args, "-out")) { 112 } else if (!strcmp(*args, "-out")) {
126 if (args[1]) { 113 if (args[1]) {
@@ -131,7 +118,7 @@ genpkey_main(int argc, char **argv)
131 } else if (strcmp(*args, "-algorithm") == 0) { 118 } else if (strcmp(*args, "-algorithm") == 0) {
132 if (!args[1]) 119 if (!args[1])
133 goto bad; 120 goto bad;
134 if (!init_gen_str(bio_err, &ctx, *(++args), e, do_param)) 121 if (!init_gen_str(bio_err, &ctx, *(++args), do_param))
135 goto end; 122 goto end;
136 } else if (strcmp(*args, "-pkeyopt") == 0) { 123 } else if (strcmp(*args, "-pkeyopt") == 0) {
137 if (!args[1]) 124 if (!args[1])
@@ -174,9 +161,6 @@ bad:
174 BIO_printf(bio_err, "-outform X output format (DER or PEM)\n"); 161 BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
175 BIO_printf(bio_err, "-pass arg output file pass phrase source\n"); 162 BIO_printf(bio_err, "-pass arg output file pass phrase source\n");
176 BIO_printf(bio_err, "-<cipher> use cipher <cipher> to encrypt the key\n"); 163 BIO_printf(bio_err, "-<cipher> use cipher <cipher> to encrypt the key\n");
177#ifndef OPENSSL_NO_ENGINE
178 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
179#endif
180 BIO_printf(bio_err, "-paramfile file parameters file\n"); 164 BIO_printf(bio_err, "-paramfile file parameters file\n");
181 BIO_printf(bio_err, "-algorithm alg the public key algorithm\n"); 165 BIO_printf(bio_err, "-algorithm alg the public key algorithm\n");
182 BIO_printf(bio_err, "-pkeyopt opt:value set the public key algorithm option <opt>\n" 166 BIO_printf(bio_err, "-pkeyopt opt:value set the public key algorithm option <opt>\n"
@@ -261,7 +245,7 @@ end:
261 245
262static int 246static int
263init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx, 247init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx,
264 const char *file, ENGINE * e) 248 const char *file)
265{ 249{
266 BIO *pbio; 250 BIO *pbio;
267 EVP_PKEY *pkey = NULL; 251 EVP_PKEY *pkey = NULL;
@@ -282,7 +266,7 @@ init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx,
282 BIO_printf(bio_err, "Error reading parameter file %s\n", file); 266 BIO_printf(bio_err, "Error reading parameter file %s\n", file);
283 return 0; 267 return 0;
284 } 268 }
285 ctx = EVP_PKEY_CTX_new(pkey, e); 269 ctx = EVP_PKEY_CTX_new(pkey, NULL);
286 if (!ctx) 270 if (!ctx)
287 goto err; 271 goto err;
288 if (EVP_PKEY_keygen_init(ctx) <= 0) 272 if (EVP_PKEY_keygen_init(ctx) <= 0)
@@ -304,23 +288,17 @@ err:
304 288
305int 289int
306init_gen_str(BIO * err, EVP_PKEY_CTX ** pctx, 290init_gen_str(BIO * err, EVP_PKEY_CTX ** pctx,
307 const char *algname, ENGINE * e, int do_param) 291 const char *algname, int do_param)
308{ 292{
309 EVP_PKEY_CTX *ctx = NULL; 293 EVP_PKEY_CTX *ctx = NULL;
310 const EVP_PKEY_ASN1_METHOD *ameth; 294 const EVP_PKEY_ASN1_METHOD *ameth;
311 ENGINE *tmpeng = NULL;
312 int pkey_id; 295 int pkey_id;
313 296
314 if (*pctx) { 297 if (*pctx) {
315 BIO_puts(err, "Algorithm already set!\n"); 298 BIO_puts(err, "Algorithm already set!\n");
316 return 0; 299 return 0;
317 } 300 }
318 ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1); 301 ameth = EVP_PKEY_asn1_find_str(NULL, algname, -1);
319
320#ifndef OPENSSL_NO_ENGINE
321 if (!ameth && e)
322 ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
323#endif
324 302
325 if (!ameth) { 303 if (!ameth) {
326 BIO_printf(bio_err, "Algorithm %s not found\n", algname); 304 BIO_printf(bio_err, "Algorithm %s not found\n", algname);
@@ -329,11 +307,7 @@ init_gen_str(BIO * err, EVP_PKEY_CTX ** pctx,
329 ERR_clear_error(); 307 ERR_clear_error();
330 308
331 EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); 309 EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
332#ifndef OPENSSL_NO_ENGINE 310 ctx = EVP_PKEY_CTX_new_id(pkey_id, NULL);
333 if (tmpeng)
334 ENGINE_finish(tmpeng);
335#endif
336 ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
337 311
338 if (!ctx) 312 if (!ctx)
339 goto err; 313 goto err;
diff --git a/src/usr.bin/openssl/genrsa.c b/src/usr.bin/openssl/genrsa.c
index 99f2bf3641..9f78f0d65d 100644
--- a/src/usr.bin/openssl/genrsa.c
+++ b/src/usr.bin/openssl/genrsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: genrsa.c,v 1.4 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: genrsa.c,v 1.5 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -89,9 +89,6 @@ int
89genrsa_main(int argc, char **argv) 89genrsa_main(int argc, char **argv)
90{ 90{
91 BN_GENCB cb; 91 BN_GENCB cb;
92#ifndef OPENSSL_NO_ENGINE
93 ENGINE *e = NULL;
94#endif
95 int ret = 1; 92 int ret = 1;
96 int i, num = DEFBITS; 93 int i, num = DEFBITS;
97 long l; 94 long l;
@@ -99,9 +96,6 @@ genrsa_main(int argc, char **argv)
99 unsigned long f4 = RSA_F4; 96 unsigned long f4 = RSA_F4;
100 char *outfile = NULL; 97 char *outfile = NULL;
101 char *passargout = NULL, *passout = NULL; 98 char *passargout = NULL, *passout = NULL;
102#ifndef OPENSSL_NO_ENGINE
103 char *engine = NULL;
104#endif
105 BIO *out = NULL; 99 BIO *out = NULL;
106 BIGNUM *bn = BN_new(); 100 BIGNUM *bn = BN_new();
107 RSA *rsa = NULL; 101 RSA *rsa = NULL;
@@ -128,13 +122,6 @@ genrsa_main(int argc, char **argv)
128 f4 = 3; 122 f4 = 3;
129 else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0) 123 else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0)
130 f4 = RSA_F4; 124 f4 = RSA_F4;
131#ifndef OPENSSL_NO_ENGINE
132 else if (strcmp(*argv, "-engine") == 0) {
133 if (--argc < 1)
134 goto bad;
135 engine = *(++argv);
136 }
137#endif
138#ifndef OPENSSL_NO_DES 125#ifndef OPENSSL_NO_DES
139 else if (strcmp(*argv, "-des") == 0) 126 else if (strcmp(*argv, "-des") == 0)
140 enc = EVP_des_cbc(); 127 enc = EVP_des_cbc();
@@ -190,9 +177,6 @@ bad:
190 BIO_printf(bio_err, " -passout arg output file pass phrase source\n"); 177 BIO_printf(bio_err, " -passout arg output file pass phrase source\n");
191 BIO_printf(bio_err, " -f4 use F4 (0x10001) for the E value\n"); 178 BIO_printf(bio_err, " -f4 use F4 (0x10001) for the E value\n");
192 BIO_printf(bio_err, " -3 use 3 for the E value\n"); 179 BIO_printf(bio_err, " -3 use 3 for the E value\n");
193#ifndef OPENSSL_NO_ENGINE
194 BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n");
195#endif
196 goto err; 180 goto err;
197 } 181 }
198 182
@@ -200,9 +184,6 @@ bad:
200 BIO_printf(bio_err, "Error getting password\n"); 184 BIO_printf(bio_err, "Error getting password\n");
201 goto err; 185 goto err;
202 } 186 }
203#ifndef OPENSSL_NO_ENGINE
204 e = setup_engine(bio_err, engine, 0);
205#endif
206 187
207 if (outfile == NULL) { 188 if (outfile == NULL) {
208 BIO_set_fp(out, stdout, BIO_NOCLOSE); 189 BIO_set_fp(out, stdout, BIO_NOCLOSE);
@@ -215,11 +196,7 @@ bad:
215 196
216 BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n", 197 BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
217 num); 198 num);
218#ifdef OPENSSL_NO_ENGINE
219 rsa = RSA_new(); 199 rsa = RSA_new();
220#else
221 rsa = RSA_new_method(e);
222#endif
223 if (!rsa) 200 if (!rsa)
224 goto err; 201 goto err;
225 202
diff --git a/src/usr.bin/openssl/ocsp.c b/src/usr.bin/openssl/ocsp.c
index ab5a755713..39000328b6 100644
--- a/src/usr.bin/openssl/ocsp.c
+++ b/src/usr.bin/openssl/ocsp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ocsp.c,v 1.3 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: ocsp.c,v 1.4 2015/09/11 14:30:23 bcook Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -105,7 +105,6 @@ static OCSP_RESPONSE *query_responder(BIO * err, BIO * cbio, char *path,
105int 105int
106ocsp_main(int argc, char **argv) 106ocsp_main(int argc, char **argv)
107{ 107{
108 ENGINE *e = NULL;
109 char **args; 108 char **args;
110 char *host = NULL, *port = NULL, *path = "/"; 109 char *host = NULL, *port = NULL, *path = "/";
111 char *reqin = NULL, *respin = NULL; 110 char *reqin = NULL, *respin = NULL;
@@ -335,7 +334,7 @@ ocsp_main(int argc, char **argv)
335 args++; 334 args++;
336 X509_free(issuer); 335 X509_free(issuer);
337 issuer = load_cert(bio_err, *args, FORMAT_PEM, 336 issuer = load_cert(bio_err, *args, FORMAT_PEM,
338 NULL, e, "issuer certificate"); 337 NULL, "issuer certificate");
339 if (!issuer) 338 if (!issuer)
340 goto end; 339 goto end;
341 } else 340 } else
@@ -345,7 +344,7 @@ ocsp_main(int argc, char **argv)
345 args++; 344 args++;
346 X509_free(cert); 345 X509_free(cert);
347 cert = load_cert(bio_err, *args, FORMAT_PEM, 346 cert = load_cert(bio_err, *args, FORMAT_PEM,
348 NULL, e, "certificate"); 347 NULL, "certificate");
349 if (!cert) 348 if (!cert)
350 goto end; 349 goto end;
351 if (!cert_id_md) 350 if (!cert_id_md)
@@ -531,20 +530,20 @@ ocsp_main(int argc, char **argv)
531 if (!rkeyfile) 530 if (!rkeyfile)
532 rkeyfile = rsignfile; 531 rkeyfile = rsignfile;
533 rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM, 532 rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,
534 NULL, e, "responder certificate"); 533 NULL, "responder certificate");
535 if (!rsigner) { 534 if (!rsigner) {
536 BIO_printf(bio_err, "Error loading responder certificate\n"); 535 BIO_printf(bio_err, "Error loading responder certificate\n");
537 goto end; 536 goto end;
538 } 537 }
539 rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM, 538 rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,
540 NULL, e, "CA certificate"); 539 NULL, "CA certificate");
541 if (rcertfile) { 540 if (rcertfile) {
542 rother = load_certs(bio_err, rcertfile, FORMAT_PEM, 541 rother = load_certs(bio_err, rcertfile, FORMAT_PEM,
543 NULL, e, "responder other certificates"); 542 NULL, "responder other certificates");
544 if (!rother) 543 if (!rother)
545 goto end; 544 goto end;
546 } 545 }
547 rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL, 546 rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL,
548 "responder private key"); 547 "responder private key");
549 if (!rkey) 548 if (!rkey)
550 goto end; 549 goto end;
@@ -574,18 +573,18 @@ redo_accept:
574 if (!keyfile) 573 if (!keyfile)
575 keyfile = signfile; 574 keyfile = signfile;
576 signer = load_cert(bio_err, signfile, FORMAT_PEM, 575 signer = load_cert(bio_err, signfile, FORMAT_PEM,
577 NULL, e, "signer certificate"); 576 NULL, "signer certificate");
578 if (!signer) { 577 if (!signer) {
579 BIO_printf(bio_err, "Error loading signer certificate\n"); 578 BIO_printf(bio_err, "Error loading signer certificate\n");
580 goto end; 579 goto end;
581 } 580 }
582 if (sign_certfile) { 581 if (sign_certfile) {
583 sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM, 582 sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM,
584 NULL, e, "signer certificates"); 583 NULL, "signer certificates");
585 if (!sign_other) 584 if (!sign_other)
586 goto end; 585 goto end;
587 } 586 }
588 key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL, 587 key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL,
589 "signer private key"); 588 "signer private key");
590 if (!key) 589 if (!key)
591 goto end; 590 goto end;
@@ -690,7 +689,7 @@ done_resp:
690 goto end; 689 goto end;
691 if (verify_certfile) { 690 if (verify_certfile) {
692 verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM, 691 verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
693 NULL, e, "validator certificate"); 692 NULL, "validator certificate");
694 if (!verify_other) 693 if (!verify_other)
695 goto end; 694 goto end;
696 } 695 }
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index 89b1979e2e..7e4937207d 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: openssl.1,v 1.21 2015/09/11 06:43:05 jmc Exp $ 1.\" $OpenBSD: openssl.1,v 1.22 2015/09/11 14:30:23 bcook Exp $
2.\" ==================================================================== 2.\" ====================================================================
3.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 3.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4.\" 4.\"
@@ -284,8 +284,6 @@ Elliptic curve (EC) key processing.
284EC parameter manipulation and generation. 284EC parameter manipulation and generation.
285.It Cm enc 285.It Cm enc
286Encoding with ciphers. 286Encoding with ciphers.
287.It Cm engine
288Engine (loadable module) information and manipulation.
289.It Cm errstr 287.It Cm errstr
290Error number to error string conversion. 288Error number to error string conversion.
291.It Cm gendh 289.It Cm gendh
@@ -703,7 +701,6 @@ The output of some ASN.1 types is not well handled
703.Op Fl crlhours Ar hours 701.Op Fl crlhours Ar hours
704.Op Fl days Ar arg 702.Op Fl days Ar arg
705.Op Fl enddate Ar date 703.Op Fl enddate Ar date
706.Op Fl engine Ar id
707.Op Fl extensions Ar section 704.Op Fl extensions Ar section
708.Op Fl extfile Ar section 705.Op Fl extfile Ar section
709.Op Fl gencrl 706.Op Fl gencrl
@@ -711,7 +708,7 @@ The output of some ASN.1 types is not well handled
711.Op Fl infiles 708.Op Fl infiles
712.Op Fl key Ar keyfile 709.Op Fl key Ar keyfile
713.Op Fl keyfile Ar arg 710.Op Fl keyfile Ar arg
714.Op Fl keyform Ar ENGINE | PEM 711.Op Fl keyform Ar PEM
715.Op Fl md Ar arg 712.Op Fl md Ar arg
716.Op Fl msie_hack 713.Op Fl msie_hack
717.Op Fl name Ar section 714.Op Fl name Ar section
@@ -757,14 +754,6 @@ The number of days to certify the certificate for.
757This allows the expiry date to be explicitly set. 754This allows the expiry date to be explicitly set.
758The format of the date is YYMMDDHHMMSSZ 755The format of the date is YYMMDDHHMMSSZ
759.Pq the same as an ASN1 UTCTime structure . 756.Pq the same as an ASN1 UTCTime structure .
760.It Fl engine Ar id
761Specifying an engine (by its unique
762.Ar id
763string) will cause
764.Nm ca
765to attempt to obtain a functional reference to the specified engine,
766thus initialising it if needed.
767The engine will then be set as the default for all available algorithms.
768.It Fl extensions Ar section 757.It Fl extensions Ar section
769The section of the configuration file containing certificate extensions 758The section of the configuration file containing certificate extensions
770to be added when a certificate is issued (defaults to 759to be added when a certificate is issued (defaults to
@@ -800,7 +789,7 @@ with the
800utility) this option should be used with caution. 789utility) this option should be used with caution.
801.It Fl keyfile Ar file 790.It Fl keyfile Ar file
802The private key to sign requests with. 791The private key to sign requests with.
803.It Fl keyform Ar ENGINE | PEM 792.It Fl keyform Ar PEM
804Private key file format. 793Private key file format.
805.It Fl md Ar alg 794.It Fl md Ar alg
806The message digest to use. 795The message digest to use.
@@ -1811,10 +1800,9 @@ install user certificates and CAs in MSIE using the Xenroll control.
1811.Oc 1800.Oc
1812.Op Fl binary 1801.Op Fl binary
1813.Op Fl cd 1802.Op Fl cd
1814.Op Fl engine Ar id
1815.Op Fl hex 1803.Op Fl hex
1816.Op Fl hmac Ar key 1804.Op Fl hmac Ar key
1817.Op Fl keyform Ar ENGINE | PEM 1805.Op Fl keyform Ar PEM
1818.Op Fl mac Ar algorithm 1806.Op Fl mac Ar algorithm
1819.Op Fl macopt Ar nm : Ns Ar v 1807.Op Fl macopt Ar nm : Ns Ar v
1820.Op Fl out Ar file 1808.Op Fl out Ar file
@@ -1853,16 +1841,6 @@ Print out the digest in two-digit groups separated by colons; only relevant if
1853format output is used. 1841format output is used.
1854.It Fl d 1842.It Fl d
1855Print out BIO debugging information. 1843Print out BIO debugging information.
1856.It Fl engine Ar id
1857Specifying an engine (by its unique
1858.Ar id
1859string) will cause
1860.Nm dgst
1861to attempt to obtain a functional reference to the specified engine,
1862thus initialising it if needed.
1863The engine will then be set as the default for all available algorithms.
1864This engine is not used as a source for digest algorithms
1865unless it is also specified in the configuration file.
1866.It Fl hex 1844.It Fl hex
1867Digest is to be output as a hex dump. 1845Digest is to be output as a hex dump.
1868This is the default case for a 1846This is the default case for a
@@ -1871,7 +1849,7 @@ digest as opposed to a digital signature.
1871.It Fl hmac Ar key 1849.It Fl hmac Ar key
1872Create a hashed MAC using 1850Create a hashed MAC using
1873.Ar key . 1851.Ar key .
1874.It Fl keyform Ar ENGINE | PEM 1852.It Fl keyform Ar PEM
1875Specifies the key format to sign the digest with. 1853Specifies the key format to sign the digest with.
1876.It Fl mac Ar algorithm 1854.It Fl mac Ar algorithm
1877Create a keyed Message Authentication Code (MAC). 1855Create a keyed Message Authentication Code (MAC).
@@ -1963,7 +1941,6 @@ below.
1963.Op Fl C 1941.Op Fl C
1964.Op Fl check 1942.Op Fl check
1965.Op Fl dsaparam 1943.Op Fl dsaparam
1966.Op Fl engine Ar id
1967.Op Fl in Ar file 1944.Op Fl in Ar file
1968.Op Fl inform Ar DER | PEM 1945.Op Fl inform Ar DER | PEM
1969.Op Fl noout 1946.Op Fl noout
@@ -2008,14 +1985,6 @@ which makes DH key exchange more efficient.
2008Beware that with such DSA-style DH parameters, 1985Beware that with such DSA-style DH parameters,
2009a fresh DH key should be created for each use to 1986a fresh DH key should be created for each use to
2010avoid small-subgroup attacks that may be possible otherwise. 1987avoid small-subgroup attacks that may be possible otherwise.
2011.It Fl engine Ar id
2012Specifying an engine (by its unique
2013.Ar id
2014string) will cause
2015.Nm dhparam
2016to attempt to obtain a functional reference to the specified engine,
2017thus initialising it if needed.
2018The engine will then be set as the default for all available algorithms.
2019.It Fl in Ar file 1988.It Fl in Ar file
2020This specifies the input 1989This specifies the input
2021.Ar file 1990.Ar file
@@ -2109,7 +2078,6 @@ option was added in
2109.Fl aes128 | aes192 | aes256 | 2078.Fl aes128 | aes192 | aes256 |
2110.Fl des | des3 2079.Fl des | des3
2111.Oc 2080.Oc
2112.Op Fl engine Ar id
2113.Op Fl in Ar file 2081.Op Fl in Ar file
2114.Op Fl inform Ar DER | PEM 2082.Op Fl inform Ar DER | PEM
2115.Op Fl modulus 2083.Op Fl modulus
@@ -2154,14 +2122,6 @@ remove the pass phrase from a key,
2154or by setting the encryption options it can be use to add or change 2122or by setting the encryption options it can be use to add or change
2155the pass phrase. 2123the pass phrase.
2156These options can only be used with PEM format output files. 2124These options can only be used with PEM format output files.
2157.It Fl engine Ar id
2158Specifying an engine (by its unique
2159.Ar id
2160string) will cause
2161.Nm dsa
2162to attempt to obtain a functional reference to the specified engine,
2163thus initialising it if needed.
2164The engine will then be set as the default for all available algorithms.
2165.It Fl in Ar file 2125.It Fl in Ar file
2166This specifies the input 2126This specifies the input
2167.Ar file 2127.Ar file
@@ -2267,7 +2227,6 @@ To just output the public part of a private key:
2267.Nm "openssl dsaparam" 2227.Nm "openssl dsaparam"
2268.Bk -words 2228.Bk -words
2269.Op Fl C 2229.Op Fl C
2270.Op Fl engine Ar id
2271.Op Fl genkey 2230.Op Fl genkey
2272.Op Fl in Ar file 2231.Op Fl in Ar file
2273.Op Fl inform Ar DER | PEM 2232.Op Fl inform Ar DER | PEM
@@ -2290,14 +2249,6 @@ This option converts the parameters into C code.
2290The parameters can then be loaded by calling the 2249The parameters can then be loaded by calling the
2291.Cm get_dsa Ns Ar XXX Ns Li () 2250.Cm get_dsa Ns Ar XXX Ns Li ()
2292function. 2251function.
2293.It Fl engine Ar id
2294Specifying an engine (by its unique
2295.Ar id
2296string) will cause
2297.Nm dsaparam
2298to attempt to obtain a functional reference to the specified engine,
2299thus initialising it if needed.
2300The engine will then be set as the default for all available algorithms.
2301.It Fl genkey 2252.It Fl genkey
2302This option will generate a DSA either using the specified or generated 2253This option will generate a DSA either using the specified or generated
2303parameters. 2254parameters.
@@ -2362,7 +2313,6 @@ DSA parameters is often used to generate several distinct keys.
2362.Op Fl conv_form Ar arg 2313.Op Fl conv_form Ar arg
2363.Op Fl des 2314.Op Fl des
2364.Op Fl des3 2315.Op Fl des3
2365.Op Fl engine Ar id
2366.Op Fl in Ar file 2316.Op Fl in Ar file
2367.Op Fl inform Ar DER | PEM 2317.Op Fl inform Ar DER | PEM
2368.Op Fl noout 2318.Op Fl noout
@@ -2428,14 +2378,6 @@ encryption option can be used to remove the pass phrase from a key,
2428or by setting the encryption options 2378or by setting the encryption options
2429it can be use to add or change the pass phrase. 2379it can be use to add or change the pass phrase.
2430These options can only be used with PEM format output files. 2380These options can only be used with PEM format output files.
2431.It Fl engine Ar id
2432Specifying an engine (by its unique
2433.Ar id
2434string) will cause
2435.Nm ec
2436to attempt to obtain a functional reference to the specified engine,
2437thus initialising it if needed.
2438The engine will then be set as the default for all available algorithms.
2439.It Fl in Ar file 2381.It Fl in Ar file
2440This specifies the input filename to read a key from, 2382This specifies the input filename to read a key from,
2441or standard input if this option is not specified. 2383or standard input if this option is not specified.
@@ -2567,7 +2509,6 @@ command was first introduced in
2567.Op Fl C 2509.Op Fl C
2568.Op Fl check 2510.Op Fl check
2569.Op Fl conv_form Ar arg 2511.Op Fl conv_form Ar arg
2570.Op Fl engine Ar id
2571.Op Fl genkey 2512.Op Fl genkey
2572.Op Fl in Ar file 2513.Op Fl in Ar file
2573.Op Fl inform Ar DER | PEM 2514.Op Fl inform Ar DER | PEM
@@ -2611,14 +2552,6 @@ option is disabled by default for binary curves
2611and can be enabled by defining the preprocessor macro 2552and can be enabled by defining the preprocessor macro
2612.Ar OPENSSL_EC_BIN_PT_COMP 2553.Ar OPENSSL_EC_BIN_PT_COMP
2613at compile time. 2554at compile time.
2614.It Fl engine Ar id
2615Specifying an engine (by its unique
2616.Ar id
2617string) will cause
2618.Nm ecparam
2619to attempt to obtain a functional reference to the specified engine,
2620thus initialising it if needed.
2621The engine will then be set as the default for all available algorithms.
2622.It Fl genkey 2555.It Fl genkey
2623Generate an EC private key using the specified parameters. 2556Generate an EC private key using the specified parameters.
2624.It Fl in Ar file 2557.It Fl in Ar file
@@ -2736,7 +2669,6 @@ command was first introduced in
2736.Op Fl base64 2669.Op Fl base64
2737.Op Fl bufsize Ar number 2670.Op Fl bufsize Ar number
2738.Op Fl debug 2671.Op Fl debug
2739.Op Fl engine Ar id
2740.Op Fl in Ar file 2672.Op Fl in Ar file
2741.Op Fl iv Ar IV 2673.Op Fl iv Ar IV
2742.Op Fl K Ar key 2674.Op Fl K Ar key
@@ -2779,14 +2711,6 @@ Decrypt the input data.
2779Debug the BIOs used for I/O. 2711Debug the BIOs used for I/O.
2780.It Fl e 2712.It Fl e
2781Encrypt the input data: this is the default. 2713Encrypt the input data: this is the default.
2782.It Fl engine Ar id
2783Specifying an engine (by its unique
2784.Ar id
2785string) will cause
2786.Nm enc
2787to attempt to obtain a functional reference to the specified engine,
2788thus initialising it if needed.
2789The engine will then be set as the default for all available algorithms.
2790.It Fl in Ar file 2714.It Fl in Ar file
2791The input 2715The input
2792.Ar file ; 2716.Ar file ;
@@ -2918,25 +2842,6 @@ The program can be called either as
2918.Nm openssl ciphername 2842.Nm openssl ciphername
2919or 2843or
2920.Nm openssl enc -ciphername . 2844.Nm openssl enc -ciphername .
2921But the first form doesn't work with engine-provided ciphers,
2922because this form is processed before the
2923configuration file is read and any engines loaded.
2924.Pp
2925Engines which provide entirely new encryption algorithms
2926should be configured in the configuration file.
2927Engines, specified on the command line using the
2928.Fl engine
2929option,
2930can only be used for hardware-assisted implementations of ciphers,
2931supported by
2932.Nm OpenSSL
2933core, or by other engines specified in the configuration file.
2934.Pp
2935When
2936.Nm enc
2937lists supported ciphers,
2938ciphers provided by engines specified in the configuration files
2939are listed too.
2940.Pp 2845.Pp
2941A password will be prompted for to derive the 2846A password will be prompted for to derive the
2942.Ar key 2847.Ar key
@@ -3077,56 +2982,6 @@ program only supports a fixed number of algorithms with certain parameters.
3077Therefore it is not possible to use RC2 with a 76-bit key 2982Therefore it is not possible to use RC2 with a 76-bit key
3078or RC4 with an 84-bit key with this program. 2983or RC4 with an 84-bit key with this program.
3079.\" 2984.\"
3080.\" ENGINE
3081.\"
3082.Sh ENGINE
3083.Nm openssl engine
3084.Op Fl ctv
3085.Op Fl post Ar cmd
3086.Op Fl pre Ar cmd
3087.Op Ar engine ...
3088.Pp
3089The
3090.Nm engine
3091command provides loadable module information and manipulation
3092of various engines.
3093Any options are applied to all engines supplied on the command line,
3094or all supported engines if none are specified.
3095.Pp
3096The options are as follows:
3097.Bl -tag -width Ds
3098.It Fl c
3099For each engine, also list the capabilities.
3100.It Fl post Ar cmd
3101Run command
3102.Ar cmd
3103against the engine after loading it
3104(only used if
3105.Fl t
3106is also provided).
3107.It Fl pre Ar cmd
3108Run command
3109.Ar cmd
3110against the engine before any attempts
3111to load it
3112(only used if
3113.Fl t
3114is also provided).
3115.It Fl t
3116For each engine, check that they are really available.
3117.Fl tt
3118will display an error trace for unavailable engines.
3119.It Fl v
3120Verbose mode.
3121For each engine, list its 'control commands'.
3122.Fl vv
3123will additionally display each command's description.
3124.Fl vvv
3125will also add the input flags for each command.
3126.Fl vvvv
3127will also show internal input flags.
3128.El
3129.\"
3130.\" ERRSTR 2985.\" ERRSTR
3131.\" 2986.\"
3132.Sh ERRSTR 2987.Sh ERRSTR
@@ -3192,7 +3047,6 @@ above.
3192.Fl aes128 | aes192 | aes256 | 3047.Fl aes128 | aes192 | aes256 |
3193.Fl des | des3 3048.Fl des | des3
3194.Oc 3049.Oc
3195.Op Fl engine Ar id
3196.Op Fl out Ar file 3050.Op Fl out Ar file
3197.Op Ar paramfile 3051.Op Ar paramfile
3198.Ek 3052.Ek
@@ -3215,14 +3069,6 @@ These options encrypt the private key with the AES, DES,
3215or the triple DES ciphers, respectively, before outputting it. 3069or the triple DES ciphers, respectively, before outputting it.
3216A pass phrase is prompted for. 3070A pass phrase is prompted for.
3217If none of these options are specified, no encryption is used. 3071If none of these options are specified, no encryption is used.
3218.It Fl engine Ar id
3219Specifying an engine (by its unique
3220.Ar id
3221string) will cause
3222.Nm gendsa
3223to attempt to obtain a functional reference to the specified engine,
3224thus initialising it if needed.
3225The engine will then be set as the default for all available algorithms.
3226.It Fl out Ar file 3072.It Fl out Ar file
3227The output 3073The output
3228.Ar file . 3074.Ar file .
@@ -3246,7 +3092,6 @@ much quicker than RSA key generation, for example.
3246.Bk -words 3092.Bk -words
3247.Op Fl algorithm Ar alg 3093.Op Fl algorithm Ar alg
3248.Op Ar cipher 3094.Op Ar cipher
3249.Op Fl engine Ar id
3250.Op Fl genparam 3095.Op Fl genparam
3251.Op Fl out Ar file 3096.Op Fl out Ar file
3252.Op Fl outform Ar DER | PEM 3097.Op Fl outform Ar DER | PEM
@@ -3262,8 +3107,7 @@ The
3262command generates private keys. 3107command generates private keys.
3263The use of this 3108The use of this
3264program is encouraged over the algorithm specific utilities 3109program is encouraged over the algorithm specific utilities
3265because additional algorithm options 3110because additional algorithm options can be used.
3266and engine-provided algorithms can be used.
3267.Pp 3111.Pp
3268The options are as follows: 3112The options are as follows:
3269.Bl -tag -width Ds 3113.Bl -tag -width Ds
@@ -3284,14 +3128,6 @@ Any algorithm name accepted by
3284.Fn EVP_get_cipherbyname 3128.Fn EVP_get_cipherbyname
3285is acceptable, such as 3129is acceptable, such as
3286.Cm des3 . 3130.Cm des3 .
3287.It Fl engine Ar id
3288Specifying an engine (by its unique
3289.Ar id
3290string) will cause
3291.Nm genpkey
3292to attempt to obtain a functional reference to the specified engine,
3293thus initialising it if needed.
3294The engine will then be set as the default for all available algorithms.
3295.It Fl genparam 3131.It Fl genparam
3296Generate a set of parameters instead of a private key. 3132Generate a set of parameters instead of a private key.
3297If used this option must precede any 3133If used this option must precede any
@@ -3422,7 +3258,6 @@ $ openssl genpkey -paramfile dhp.pem -out dhkey.pem
3422.Fl aes128 | aes192 | aes256 | 3258.Fl aes128 | aes192 | aes256 |
3423.Fl des | des3 3259.Fl des | des3
3424.Oc 3260.Oc
3425.Op Fl engine Ar id
3426.Op Fl out Ar file 3261.Op Fl out Ar file
3427.Op Fl passout Ar arg 3262.Op Fl passout Ar arg
3428.Op Ar numbits 3263.Op Ar numbits
@@ -3449,14 +3284,6 @@ If encryption is used, a pass phrase is prompted for,
3449if it is not supplied via the 3284if it is not supplied via the
3450.Fl passout 3285.Fl passout
3451option. 3286option.
3452.It Fl engine Ar id
3453Specifying an engine (by its unique
3454.Ar id
3455string) will cause
3456.Nm genrsa
3457to attempt to obtain a functional reference to the specified engine,
3458thus initialising it if needed.
3459The engine will then be set as the default for all available algorithms.
3460.It Fl out Ar file 3287.It Fl out Ar file
3461The output 3288The output
3462.Ar file . 3289.Ar file .
@@ -4129,7 +3956,6 @@ prints
4129.nr nS 1 3956.nr nS 1
4130.Nm "openssl pkcs7" 3957.Nm "openssl pkcs7"
4131.Bk -words 3958.Bk -words
4132.Op Fl engine Ar id
4133.Op Fl in Ar file 3959.Op Fl in Ar file
4134.Op Fl inform Ar DER | PEM 3960.Op Fl inform Ar DER | PEM
4135.Op Fl noout 3961.Op Fl noout
@@ -4146,14 +3972,6 @@ command processes PKCS#7 files in DER or PEM format.
4146.Pp 3972.Pp
4147The options are as follows: 3973The options are as follows:
4148.Bl -tag -width Ds 3974.Bl -tag -width Ds
4149.It Fl engine Ar id
4150Specifying an engine (by its unique
4151.Ar id
4152string) will cause
4153.Nm pkcs7
4154to attempt to obtain a functional reference to the specified engine,
4155thus initialising it if needed.
4156The engine will then be set as the default for all available algorithms.
4157.It Fl in Ar file 3975.It Fl in Ar file
4158This specifies the input 3976This specifies the input
4159.Ar file 3977.Ar file
@@ -4218,7 +4036,6 @@ They cannot currently parse, for example, the new CMS as described in RFC 2630.
4218.Nm "openssl pkcs8" 4036.Nm "openssl pkcs8"
4219.Bk -words 4037.Bk -words
4220.Op Fl embed 4038.Op Fl embed
4221.Op Fl engine Ar id
4222.Op Fl in Ar file 4039.Op Fl in Ar file
4223.Op Fl inform Ar DER | PEM 4040.Op Fl inform Ar DER | PEM
4224.Op Fl nocrypt 4041.Op Fl nocrypt
@@ -4254,14 +4071,6 @@ In this form the OCTET STRING contains an ASN1 SEQUENCE consisting of
4254two structures: 4071two structures:
4255a SEQUENCE containing the parameters and an ASN1 INTEGER containing 4072a SEQUENCE containing the parameters and an ASN1 INTEGER containing
4256the private key. 4073the private key.
4257.It Fl engine Ar id
4258Specifying an engine (by its unique
4259.Ar id
4260string) will cause
4261.Nm pkcs8
4262to attempt to obtain a functional reference to the specified engine,
4263thus initialising it if needed.
4264The engine will then be set as the default for all available algorithms.
4265.It Fl in Ar file 4074.It Fl in Ar file
4266This specifies the input 4075This specifies the input
4267.Ar file 4076.Ar file
@@ -4484,7 +4293,6 @@ compatibility, several of the utilities use the old format at present.
4484.Op Fl clcerts 4293.Op Fl clcerts
4485.Op Fl CSP Ar name 4294.Op Fl CSP Ar name
4486.Op Fl descert 4295.Op Fl descert
4487.Op Fl engine Ar id
4488.Op Fl export 4296.Op Fl export
4489.Op Fl in Ar file 4297.Op Fl in Ar file
4490.Op Fl info 4298.Op Fl info
@@ -4631,14 +4439,6 @@ file unreadable by some
4631software. 4439software.
4632By default, the private key is encrypted using triple DES and the 4440By default, the private key is encrypted using triple DES and the
4633certificate using 40-bit RC2. 4441certificate using 40-bit RC2.
4634.It Fl engine Ar id
4635Specifying an engine (by its unique
4636.Ar id
4637string) will cause
4638.Nm pkcs12
4639to attempt to obtain a functional reference to the specified engine,
4640thus initialising it if needed.
4641The engine will then be set as the default for all available algorithms.
4642.It Fl export 4442.It Fl export
4643This option specifies that a PKCS#12 file will be created rather than 4443This option specifies that a PKCS#12 file will be created rather than
4644parsed. 4444parsed.
@@ -4844,7 +4644,6 @@ $ openssl -in keycerts.pem -export -name "My PKCS#12 file" \e
4844.Nm "openssl pkey" 4644.Nm "openssl pkey"
4845.Bk -words 4645.Bk -words
4846.Op Ar cipher 4646.Op Ar cipher
4847.Op Fl engine Ar id
4848.Op Fl in Ar file 4647.Op Fl in Ar file
4849.Op Fl inform Ar DER | PEM 4648.Op Fl inform Ar DER | PEM
4850.Op Fl noout 4649.Op Fl noout
@@ -4873,14 +4672,6 @@ Any algorithm name accepted by
4873.Fn EVP_get_cipherbyname 4672.Fn EVP_get_cipherbyname
4874is acceptable, such as 4673is acceptable, such as
4875.Cm des3 . 4674.Cm des3 .
4876.It Fl engine Ar id
4877Specifying an engine (by its unique
4878.Ar id
4879string) will cause
4880.Nm pkey
4881to attempt to obtain a functional reference to the specified engine,
4882thus initialising it if needed.
4883The engine will then be set as the default for all available algorithms.
4884.It Fl in Ar file 4675.It Fl in Ar file
4885This specifies the input filename to read a key from, 4676This specifies the input filename to read a key from,
4886or standard input if this option is not specified. 4677or standard input if this option is not specified.
@@ -4966,7 +4757,6 @@ $ openssl pkey -in key.pem -pubout -out pubkey.pem
4966.\" 4757.\"
4967.Sh PKEYPARAM 4758.Sh PKEYPARAM
4968.Cm openssl pkeyparam 4759.Cm openssl pkeyparam
4969.Op Fl engine Ar id
4970.Op Fl in Ar file 4760.Op Fl in Ar file
4971.Op Fl noout 4761.Op Fl noout
4972.Op Fl out Ar file 4762.Op Fl out Ar file
@@ -4979,14 +4769,6 @@ They can be converted between various forms and their components printed out.
4979.Pp 4769.Pp
4980The options are as follows: 4770The options are as follows:
4981.Bl -tag -width Ds 4771.Bl -tag -width Ds
4982.It Fl engine Ar id
4983Specifying an engine (by its unique
4984.Ar id
4985string) will cause
4986.Nm pkeyparam
4987to attempt to obtain a functional reference to the specified engine,
4988thus initialising it if needed.
4989The engine will then be set as the default for all available algorithms.
4990.It Fl in Ar file 4772.It Fl in Ar file
4991This specifies the input filename to read parameters from, 4773This specifies the input filename to read parameters from,
4992or standard input if this option is not specified. 4774or standard input if this option is not specified.
@@ -5022,14 +4804,13 @@ because the key type is determined by the PEM headers.
5022.Op Fl decrypt 4804.Op Fl decrypt
5023.Op Fl derive 4805.Op Fl derive
5024.Op Fl encrypt 4806.Op Fl encrypt
5025.Op Fl engine Ar id
5026.Op Fl hexdump 4807.Op Fl hexdump
5027.Op Fl in Ar file 4808.Op Fl in Ar file
5028.Op Fl inkey Ar file 4809.Op Fl inkey Ar file
5029.Op Fl keyform Ar DER | ENGINE | PEM 4810.Op Fl keyform Ar DER | PEM
5030.Op Fl out Ar file 4811.Op Fl out Ar file
5031.Op Fl passin Ar arg 4812.Op Fl passin Ar arg
5032.Op Fl peerform Ar DER | ENGINE | PEM 4813.Op Fl peerform Ar DER | PEM
5033.Op Fl peerkey Ar file 4814.Op Fl peerkey Ar file
5034.Op Fl pkeyopt Ar opt : Ns Ar value 4815.Op Fl pkeyopt Ar opt : Ns Ar value
5035.Op Fl pubin 4816.Op Fl pubin
@@ -5061,14 +4842,6 @@ Decrypt the input data using a private key.
5061Derive a shared secret using the peer key. 4842Derive a shared secret using the peer key.
5062.It Fl encrypt 4843.It Fl encrypt
5063Encrypt the input data using a public key. 4844Encrypt the input data using a public key.
5064.It Fl engine Ar id
5065Specifying an engine (by its unique
5066.Ar id
5067string) will cause
5068.Nm pkeyutl
5069to attempt to obtain a functional reference to the specified engine,
5070thus initialising it if needed.
5071The engine will then be set as the default for all available algorithms.
5072.It Fl hexdump 4845.It Fl hexdump
5073Hex dump the output data. 4846Hex dump the output data.
5074.It Fl in Ar file 4847.It Fl in Ar file
@@ -5077,8 +4850,8 @@ or standard input if this option is not specified.
5077.It Fl inkey Ar file 4850.It Fl inkey Ar file
5078The input key file. 4851The input key file.
5079By default it should be a private key. 4852By default it should be a private key.
5080.It Fl keyform Ar DER | ENGINE | PEM 4853.It Fl keyform Ar DER | PEM
5081The key format DER, ENGINE, or PEM. 4854The key format DER or PEM.
5082.It Fl out Ar file 4855.It Fl out Ar file
5083Specify the output filename to write to, 4856Specify the output filename to write to,
5084or standard output by default. 4857or standard output by default.
@@ -5089,8 +4862,8 @@ For more information about the format of
5089see the 4862see the
5090.Sx PASS PHRASE ARGUMENTS 4863.Sx PASS PHRASE ARGUMENTS
5091section above. 4864section above.
5092.It Fl peerform Ar DER | ENGINE | PEM 4865.It Fl peerform Ar DER | PEM
5093The peer key format DER, ENGINE, or PEM. 4866The peer key format DER or PEM.
5094.It Fl peerkey Ar file 4867.It Fl peerkey Ar file
5095The peer key file, used by key derivation (agreement) operations. 4868The peer key file, used by key derivation (agreement) operations.
5096.It Fl pkeyopt Ar opt : Ns Ar value 4869.It Fl pkeyopt Ar opt : Ns Ar value
@@ -5271,7 +5044,6 @@ is prime.
5271.nr nS 1 5044.nr nS 1
5272.Nm "openssl rand" 5045.Nm "openssl rand"
5273.Op Fl base64 5046.Op Fl base64
5274.Op Fl engine Ar id
5275.Op Fl hex 5047.Op Fl hex
5276.Op Fl out Ar file 5048.Op Fl out Ar file
5277.Ar num 5049.Ar num
@@ -5289,14 +5061,6 @@ The options are as follows:
5289Perform 5061Perform
5290.Em base64 5062.Em base64
5291encoding on the output. 5063encoding on the output.
5292.It Fl engine Ar id
5293Specifying an engine (by its unique
5294.Ar id
5295string) will cause
5296.Nm rand
5297to attempt to obtain a functional reference to the specified engine,
5298thus initialising it if needed.
5299The engine will then be set as the default for all available algorithms.
5300.It Fl hex 5064.It Fl hex
5301Specify hexadecimal output. 5065Specify hexadecimal output.
5302.It Fl out Ar file 5066.It Fl out Ar file
@@ -5315,7 +5079,6 @@ instead of standard output.
5315.Op Fl batch 5079.Op Fl batch
5316.Op Fl config Ar file 5080.Op Fl config Ar file
5317.Op Fl days Ar n 5081.Op Fl days Ar n
5318.Op Fl engine Ar id
5319.Op Fl extensions Ar section 5082.Op Fl extensions Ar section
5320.Op Fl in Ar file 5083.Op Fl in Ar file
5321.Op Fl inform Ar DER | PEM 5084.Op Fl inform Ar DER | PEM
@@ -5392,14 +5155,6 @@ When the
5392option is being used, this specifies the number of 5155option is being used, this specifies the number of
5393days to certify the certificate for. 5156days to certify the certificate for.
5394The default is 30 days. 5157The default is 30 days.
5395.It Fl engine Ar id
5396Specifying an engine (by its unique
5397.Ar id
5398string) will cause
5399.Nm req
5400to attempt to obtain a functional reference to the specified engine,
5401thus initialising it if needed.
5402The engine will then be set as the default for all available algorithms.
5403.It Fl extensions Ar section , Fl reqexts Ar section 5158.It Fl extensions Ar section , Fl reqexts Ar section
5404These options specify alternative sections to include certificate 5159These options specify alternative sections to include certificate
5405extensions (if the 5160extensions (if the
@@ -6067,7 +5822,6 @@ should be input by the user.
6067.Fl des | des3 5822.Fl des | des3
6068.Oc 5823.Oc
6069.Op Fl check 5824.Op Fl check
6070.Op Fl engine Ar id
6071.Op Fl in Ar file 5825.Op Fl in Ar file
6072.Op Fl inform Ar DER | NET | PEM 5826.Op Fl inform Ar DER | NET | PEM
6073.Op Fl modulus 5827.Op Fl modulus
@@ -6114,14 +5868,6 @@ it can be used to add or change the pass phrase.
6114These options can only be used with PEM format output files. 5868These options can only be used with PEM format output files.
6115.It Fl check 5869.It Fl check
6116This option checks the consistency of an RSA private key. 5870This option checks the consistency of an RSA private key.
6117.It Fl engine Ar id
6118Specifying an engine (by its unique
6119.Ar id
6120string) will cause
6121.Nm rsa
6122to attempt to obtain a functional reference to the specified engine,
6123thus initialising it if needed.
6124The engine will then be set as the default for all available algorithms.
6125.It Fl in Ar file 5871.It Fl in Ar file
6126This specifies the input 5872This specifies the input
6127.Ar file 5873.Ar file
@@ -6264,7 +6010,6 @@ without having to manually edit them.
6264.Op Fl certin 6010.Op Fl certin
6265.Op Fl decrypt 6011.Op Fl decrypt
6266.Op Fl encrypt 6012.Op Fl encrypt
6267.Op Fl engine Ar id
6268.Op Fl hexdump 6013.Op Fl hexdump
6269.Op Fl in Ar file 6014.Op Fl in Ar file
6270.Op Fl inkey Ar file 6015.Op Fl inkey Ar file
@@ -6294,14 +6039,6 @@ The input is a certificate containing an RSA public key.
6294Decrypt the input data using an RSA private key. 6039Decrypt the input data using an RSA private key.
6295.It Fl encrypt 6040.It Fl encrypt
6296Encrypt the input data using an RSA public key. 6041Encrypt the input data using an RSA public key.
6297.It Fl engine Ar id
6298Specifying an engine (by its unique
6299.Ar id
6300string) will cause
6301.Nm rsautl
6302to attempt to obtain a functional reference to the specified engine,
6303thus initialising it if needed.
6304The engine will then be set as the default for all available algorithms.
6305.It Fl hexdump 6042.It Fl hexdump
6306Hex dump the output data. 6043Hex dump the output data.
6307.It Fl in Ar file 6044.It Fl in Ar file
@@ -6458,7 +6195,6 @@ which it can be seen agrees with the recovered value above.
6458.Op Fl crl_check_all 6195.Op Fl crl_check_all
6459.Op Fl crlf 6196.Op Fl crlf
6460.Op Fl debug 6197.Op Fl debug
6461.Op Fl engine Ar id
6462.Op Fl extended_crl 6198.Op Fl extended_crl
6463.Op Fl ign_eof 6199.Op Fl ign_eof
6464.Op Fl ignore_critical 6200.Op Fl ignore_critical
@@ -6570,14 +6306,6 @@ This option translates a line feed from the terminal into CR+LF as required
6570by some servers. 6306by some servers.
6571.It Fl debug 6307.It Fl debug
6572Print extensive debugging information including a hex dump of all traffic. 6308Print extensive debugging information including a hex dump of all traffic.
6573.It Fl engine Ar id
6574Specifying an engine (by its unique
6575.Ar id
6576string) will cause
6577.Nm s_client
6578to attempt to obtain a functional reference to the specified engine,
6579thus initialising it if needed.
6580The engine will then be set as the default for all available algorithms.
6581.It Fl ign_eof 6309.It Fl ign_eof
6582Inhibit shutting down the connection when end of file is reached in the 6310Inhibit shutting down the connection when end of file is reached in the
6583input. 6311input.
@@ -6782,7 +6510,6 @@ We should really report information whenever a session is renegotiated.
6782.Op Fl debug 6510.Op Fl debug
6783.Op Fl dhparam Ar file 6511.Op Fl dhparam Ar file
6784.Op Fl dkey Ar file 6512.Op Fl dkey Ar file
6785.Op Fl engine Ar id
6786.Op Fl hack 6513.Op Fl hack
6787.Op Fl HTTP 6514.Op Fl HTTP
6788.Op Fl id_prefix Ar arg 6515.Op Fl id_prefix Ar arg
@@ -6897,14 +6624,6 @@ load the parameters from the server certificate file.
6897If this fails, a static set of parameters hard coded into the 6624If this fails, a static set of parameters hard coded into the
6898.Nm s_server 6625.Nm s_server
6899program will be used. 6626program will be used.
6900.It Fl engine Ar id
6901Specifying an engine (by its unique
6902.Ar id
6903string) will cause
6904.Nm s_server
6905to attempt to obtain a functional reference to the specified engine,
6906thus initialising it if needed.
6907The engine will then be set as the default for all available algorithms.
6908.It Fl hack 6627.It Fl hack
6909This option enables a further workaround for some early Netscape 6628This option enables a further workaround for some early Netscape
6910SSL code 6629SSL code
@@ -7386,7 +7105,6 @@ The cipher and start time should be printed out in human readable form.
7386.Op Fl crl_check_all 7105.Op Fl crl_check_all
7387.Op Fl decrypt 7106.Op Fl decrypt
7388.Op Fl encrypt 7107.Op Fl encrypt
7389.Op Fl engine Ar id
7390.Op Fl extended_crl 7108.Op Fl extended_crl
7391.Op Fl from Ar addr 7109.Op Fl from Ar addr
7392.Op Fl ignore_critical 7110.Op Fl ignore_critical
@@ -7395,7 +7113,7 @@ The cipher and start time should be printed out in human readable form.
7395.Op Fl inform Ar DER | PEM | SMIME 7113.Op Fl inform Ar DER | PEM | SMIME
7396.Op Fl inkey Ar file 7114.Op Fl inkey Ar file
7397.Op Fl issuer_checks 7115.Op Fl issuer_checks
7398.Op Fl keyform Ar ENGINE | PEM 7116.Op Fl keyform Ar PEM
7399.Op Fl md Ar digest 7117.Op Fl md Ar digest
7400.Op Fl noattr 7118.Op Fl noattr
7401.Op Fl nocerts 7119.Op Fl nocerts
@@ -7542,14 +7260,6 @@ This option will override any content if the input format is
7542and it uses the multipart/signed 7260and it uses the multipart/signed
7543.Em MIME 7261.Em MIME
7544content type. 7262content type.
7545.It Fl engine Ar id
7546Specifying an engine (by its unique
7547.Ar id
7548string) will cause
7549.Nm smime
7550to attempt to obtain a functional reference to the specified engine,
7551thus initialising it if needed.
7552The engine will then be set as the default for all available algorithms.
7553.It Xo 7263.It Xo
7554.Fl from Ar addr , 7264.Fl from Ar addr ,
7555.Fl subject Ar s , 7265.Fl subject Ar s ,
@@ -7605,7 +7315,7 @@ or
7605file. 7315file.
7606When signing, 7316When signing,
7607this option can be used multiple times to specify successive keys. 7317this option can be used multiple times to specify successive keys.
7608.It Fl keyform Ar ENGINE | PEM 7318.It Fl keyform Ar PEM
7609Input private key format. 7319Input private key format.
7610.It Fl md Ar digest 7320.It Fl md Ar digest
7611The digest algorithm to use when signing or resigning. 7321The digest algorithm to use when signing or resigning.
@@ -7968,7 +7678,6 @@ command were first added in
7968.Op Cm sha1 7678.Op Cm sha1
7969.Op Fl decrypt 7679.Op Fl decrypt
7970.Op Fl elapsed 7680.Op Fl elapsed
7971.Op Fl engine Ar id
7972.Op Fl evp Ar e 7681.Op Fl evp Ar e
7973.Op Fl mr 7682.Op Fl mr
7974.Op Fl multi Ar number 7683.Op Fl multi Ar number
@@ -7986,14 +7695,6 @@ tests those algorithms, otherwise all of the above are tested.
7986.It Fl decrypt 7695.It Fl decrypt
7987Time decryption instead of encryption 7696Time decryption instead of encryption
7988.Pq only EVP . 7697.Pq only EVP .
7989.It Fl engine Ar id
7990Specifying an engine (by its unique
7991.Ar id
7992string) will cause
7993.Nm speed
7994to attempt to obtain a functional reference to the specified engine,
7995thus initialising it if needed.
7996The engine will then be set as the default for all available algorithms.
7997.It Fl elapsed 7698.It Fl elapsed
7998Measure time in real time instead of CPU user time. 7699Measure time in real time instead of CPU user time.
7999.It Fl evp Ar e 7700.It Fl evp Ar e
@@ -8033,7 +7734,6 @@ benchmarks in parallel.
8033.Fl reply 7734.Fl reply
8034.Op Fl chain Ar certs_file.pem 7735.Op Fl chain Ar certs_file.pem
8035.Op Fl config Ar configfile 7736.Op Fl config Ar configfile
8036.Op Fl engine Ar id
8037.Op Fl in Ar response.tsr 7737.Op Fl in Ar response.tsr
8038.Op Fl inkey Ar private.pem 7738.Op Fl inkey Ar private.pem
8039.Op Fl out Ar response.tsr 7739.Op Fl out Ar response.tsr
@@ -8194,14 +7894,6 @@ environment variable.
8194See 7894See
8195.Sx TS CONFIGURATION FILE OPTIONS 7895.Sx TS CONFIGURATION FILE OPTIONS
8196for configurable variables. 7896for configurable variables.
8197.It Fl engine Ar id
8198Specifying an engine (by its unique
8199.Ar id
8200string) will cause
8201.Nm ts
8202to attempt to obtain a functional reference to the specified engine,
8203thus initialising it if needed.
8204The engine will then be set as the default for all available algorithms.
8205.It Fl in Ar response.tsr 7897.It Fl in Ar response.tsr
8206Specifies a previously created time stamp response or time stamp token, if 7898Specifies a previously created time stamp response or time stamp token, if
8207.Fl token_in 7899.Fl token_in
@@ -8379,11 +8071,6 @@ This number is incremented by 1 for each response.
8379If the file does not exist at the time of response 8071If the file does not exist at the time of response
8380generation a new file is created with serial number 1. 8072generation a new file is created with serial number 1.
8381This parameter is mandatory. 8073This parameter is mandatory.
8382.It Cm crypto_device
8383Specifies the
8384.Nm OpenSSL
8385engine that will be set as the default for
8386all available algorithms.
8387.It Cm signer_cert 8074.It Cm signer_cert
8388TSA signing certificate, in PEM format. 8075TSA signing certificate, in PEM format.
8389The same as the 8076The same as the
@@ -8611,7 +8298,6 @@ OpenTSA project
8611.Nm "openssl spkac" 8298.Nm "openssl spkac"
8612.Bk -words 8299.Bk -words
8613.Op Fl challenge Ar string 8300.Op Fl challenge Ar string
8614.Op Fl engine Ar id
8615.Op Fl in Ar file 8301.Op Fl in Ar file
8616.Op Fl key Ar keyfile 8302.Op Fl key Ar keyfile
8617.Op Fl noout 8303.Op Fl noout
@@ -8636,14 +8322,6 @@ The options are as follows:
8636.Bl -tag -width Ds 8322.Bl -tag -width Ds
8637.It Fl challenge Ar string 8323.It Fl challenge Ar string
8638Specifies the challenge string if an SPKAC is being created. 8324Specifies the challenge string if an SPKAC is being created.
8639.It Fl engine Ar id
8640Specifying an engine (by its unique
8641.Ar id
8642string) will cause
8643.Nm spkac
8644to attempt to obtain a functional reference to the specified engine,
8645thus initialising it if needed.
8646The engine will then be set as the default for all available algorithms.
8647.It Fl in Ar file 8325.It Fl in Ar file
8648This specifies the input 8326This specifies the input
8649.Ar file 8327.Ar file
@@ -8743,7 +8421,6 @@ to be used in a
8743.Op Fl check_ss_sig 8421.Op Fl check_ss_sig
8744.Op Fl crl_check 8422.Op Fl crl_check
8745.Op Fl crl_check_all 8423.Op Fl crl_check_all
8746.Op Fl engine Ar id
8747.Op Fl explicit_policy 8424.Op Fl explicit_policy
8748.Op Fl extended_crl 8425.Op Fl extended_crl
8749.Op Fl help 8426.Op Fl help
@@ -8800,14 +8477,6 @@ If a valid CRL cannot be found an error occurs.
8800.It Fl crl_check_all 8477.It Fl crl_check_all
8801Checks the validity of all certificates in the chain by attempting 8478Checks the validity of all certificates in the chain by attempting
8802to look up valid CRLs. 8479to look up valid CRLs.
8803.It Fl engine Ar id
8804Specifying an engine (by its unique
8805.Ar id
8806string) will cause
8807.Nm verify
8808to attempt to obtain a functional reference to the specified engine,
8809thus initialising it if needed.
8810The engine will then be set as the default for all available algorithms.
8811.It Fl explicit_policy 8480.It Fl explicit_policy
8812Set policy variable require-explicit-policy (see RFC 3280 et al). 8481Set policy variable require-explicit-policy (see RFC 3280 et al).
8813.It Fl extended_crl 8482.It Fl extended_crl
@@ -9181,7 +8850,6 @@ option was added in
9181.Op Fl days Ar arg 8850.Op Fl days Ar arg
9182.Op Fl email 8851.Op Fl email
9183.Op Fl enddate 8852.Op Fl enddate
9184.Op Fl engine Ar id
9185.Op Fl extensions Ar section 8853.Op Fl extensions Ar section
9186.Op Fl extfile Ar file 8854.Op Fl extfile Ar file
9187.Op Fl fingerprint 8855.Op Fl fingerprint
@@ -9230,14 +8898,6 @@ Since there are a large number of options, they are split up into
9230various sections. 8898various sections.
9231.Sh X509 INPUT, OUTPUT, AND GENERAL PURPOSE OPTIONS 8899.Sh X509 INPUT, OUTPUT, AND GENERAL PURPOSE OPTIONS
9232.Bl -tag -width "XXXX" 8900.Bl -tag -width "XXXX"
9233.It Fl engine Ar id
9234Specifying an engine (by its unique
9235.Ar id
9236string) will cause
9237.Nm x509
9238to attempt to obtain a functional reference to the specified engine,
9239thus initialising it if needed.
9240The engine will then be set as the default for all available algorithms.
9241.It Fl in Ar file 8901.It Fl in Ar file
9242This specifies the input 8902This specifies the input
9243.Ar file 8903.Ar file
diff --git a/src/usr.bin/openssl/openssl.c b/src/usr.bin/openssl/openssl.c
index 97321f0cac..c85a807d29 100644
--- a/src/usr.bin/openssl/openssl.c
+++ b/src/usr.bin/openssl/openssl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: openssl.c,v 1.6 2015/09/10 16:43:06 jsing Exp $ */ 1/* $OpenBSD: openssl.c,v 1.7 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -126,10 +126,6 @@
126#include <openssl/ssl.h> 126#include <openssl/ssl.h>
127#include <openssl/x509.h> 127#include <openssl/x509.h>
128 128
129#ifndef OPENSSL_NO_ENGINE
130#include <openssl/engine.h>
131#endif
132
133#include "progs.h" 129#include "progs.h"
134#include "s_apps.h" 130#include "s_apps.h"
135 131
@@ -162,9 +158,6 @@ FUNCTION functions[] = {
162 { FUNC_TYPE_GENERAL, "crl", crl_main }, 158 { FUNC_TYPE_GENERAL, "crl", crl_main },
163 { FUNC_TYPE_GENERAL, "dgst", dgst_main }, 159 { FUNC_TYPE_GENERAL, "dgst", dgst_main },
164 { FUNC_TYPE_GENERAL, "enc", enc_main }, 160 { FUNC_TYPE_GENERAL, "enc", enc_main },
165#ifndef OPENSSL_NO_ENGINE
166 { FUNC_TYPE_GENERAL, "engine", engine_main },
167#endif
168 { FUNC_TYPE_GENERAL, "errstr", errstr_main }, 161 { FUNC_TYPE_GENERAL, "errstr", errstr_main },
169 { FUNC_TYPE_GENERAL, "genpkey", genpkey_main }, 162 { FUNC_TYPE_GENERAL, "genpkey", genpkey_main },
170 { FUNC_TYPE_GENERAL, "nseq", nseq_main }, 163 { FUNC_TYPE_GENERAL, "nseq", nseq_main },
@@ -419,10 +412,6 @@ openssl_startup(void)
419 SSL_library_init(); 412 SSL_library_init();
420 SSL_load_error_strings(); 413 SSL_load_error_strings();
421 414
422#ifndef OPENSSL_NO_ENGINE
423 ENGINE_load_builtin_engines();
424#endif
425
426 setup_ui_method(); 415 setup_ui_method();
427} 416}
428 417
@@ -433,11 +422,6 @@ openssl_shutdown(void)
433 destroy_ui_method(); 422 destroy_ui_method();
434 OBJ_cleanup(); 423 OBJ_cleanup();
435 EVP_cleanup(); 424 EVP_cleanup();
436
437#ifndef OPENSSL_NO_ENGINE
438 ENGINE_cleanup();
439#endif
440
441 CRYPTO_cleanup_all_ex_data(); 425 CRYPTO_cleanup_all_ex_data();
442 ERR_remove_thread_state(NULL); 426 ERR_remove_thread_state(NULL);
443 ERR_free_strings(); 427 ERR_free_strings();
diff --git a/src/usr.bin/openssl/pkcs12.c b/src/usr.bin/openssl/pkcs12.c
index 901ddc05f3..eaa7bcceac 100644
--- a/src/usr.bin/openssl/pkcs12.c
+++ b/src/usr.bin/openssl/pkcs12.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs12.c,v 1.3 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: pkcs12.c,v 1.4 2015/09/11 14:30:23 bcook Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -95,7 +95,6 @@ static int set_pbe(BIO * err, int *ppbe, const char *str);
95int 95int
96pkcs12_main(int argc, char **argv) 96pkcs12_main(int argc, char **argv)
97{ 97{
98 ENGINE *e = NULL;
99 char *infile = NULL, *outfile = NULL, *keyname = NULL; 98 char *infile = NULL, *outfile = NULL, *keyname = NULL;
100 char *certfile = NULL; 99 char *certfile = NULL;
101 BIO *in = NULL, *out = NULL; 100 BIO *in = NULL, *out = NULL;
@@ -124,9 +123,6 @@ pkcs12_main(int argc, char **argv)
124 char *passin = NULL, *passout = NULL; 123 char *passin = NULL, *passout = NULL;
125 char *macalg = NULL; 124 char *macalg = NULL;
126 char *CApath = NULL, *CAfile = NULL; 125 char *CApath = NULL, *CAfile = NULL;
127#ifndef OPENSSL_NO_ENGINE
128 char *engine = NULL;
129#endif
130 126
131 cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; 127 cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
132 128
@@ -285,14 +281,6 @@ pkcs12_main(int argc, char **argv)
285 CAfile = *args; 281 CAfile = *args;
286 } else 282 } else
287 badarg = 1; 283 badarg = 1;
288#ifndef OPENSSL_NO_ENGINE
289 } else if (!strcmp(*args, "-engine")) {
290 if (args[1]) {
291 args++;
292 engine = *args;
293 } else
294 badarg = 1;
295#endif
296 } else 284 } else
297 badarg = 1; 285 badarg = 1;
298 286
@@ -349,16 +337,10 @@ pkcs12_main(int argc, char **argv)
349 BIO_printf(bio_err, "-password p set import/export password source\n"); 337 BIO_printf(bio_err, "-password p set import/export password source\n");
350 BIO_printf(bio_err, "-passin p input file pass phrase source\n"); 338 BIO_printf(bio_err, "-passin p input file pass phrase source\n");
351 BIO_printf(bio_err, "-passout p output file pass phrase source\n"); 339 BIO_printf(bio_err, "-passout p output file pass phrase source\n");
352#ifndef OPENSSL_NO_ENGINE
353 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
354#endif
355 BIO_printf(bio_err, "-CSP name Microsoft CSP name\n"); 340 BIO_printf(bio_err, "-CSP name Microsoft CSP name\n");
356 BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n"); 341 BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n");
357 goto end; 342 goto end;
358 } 343 }
359#ifndef OPENSSL_NO_ENGINE
360 e = setup_engine(bio_err, engine, 0);
361#endif
362 344
363 if (passarg) { 345 if (passarg) {
364 if (export_cert) 346 if (export_cert)
@@ -428,14 +410,14 @@ pkcs12_main(int argc, char **argv)
428 410
429 if (!(options & NOKEYS)) { 411 if (!(options & NOKEYS)) {
430 key = load_key(bio_err, keyname ? keyname : infile, 412 key = load_key(bio_err, keyname ? keyname : infile,
431 FORMAT_PEM, 1, passin, e, "private key"); 413 FORMAT_PEM, 1, passin, "private key");
432 if (!key) 414 if (!key)
433 goto export_end; 415 goto export_end;
434 } 416 }
435 417
436 /* Load in all certs in input file */ 418 /* Load in all certs in input file */
437 if (!(options & NOCERTS)) { 419 if (!(options & NOCERTS)) {
438 certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e, 420 certs = load_certs(bio_err, infile, FORMAT_PEM, NULL,
439 "certificates"); 421 "certificates");
440 if (!certs) 422 if (!certs)
441 goto export_end; 423 goto export_end;
@@ -465,8 +447,7 @@ pkcs12_main(int argc, char **argv)
465 if (certfile) { 447 if (certfile) {
466 STACK_OF(X509) * morecerts = NULL; 448 STACK_OF(X509) * morecerts = NULL;
467 if (!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM, 449 if (!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
468 NULL, e, 450 NULL, "certificates from certfile")))
469 "certificates from certfile")))
470 goto export_end; 451 goto export_end;
471 while (sk_X509_num(morecerts) > 0) 452 while (sk_X509_num(morecerts) > 0)
472 sk_X509_push(certs, sk_X509_shift(morecerts)); 453 sk_X509_push(certs, sk_X509_shift(morecerts));
diff --git a/src/usr.bin/openssl/pkcs7.c b/src/usr.bin/openssl/pkcs7.c
index 3180f357f1..717928d27b 100644
--- a/src/usr.bin/openssl/pkcs7.c
+++ b/src/usr.bin/openssl/pkcs7.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs7.c,v 1.5 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: pkcs7.c,v 1.6 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -71,9 +71,6 @@
71#include <openssl/x509.h> 71#include <openssl/x509.h>
72 72
73static struct { 73static struct {
74#ifndef OPENSSL_NO_ENGINE
75 char *engine;
76#endif
77 char *infile; 74 char *infile;
78 int informat; 75 int informat;
79 int noout; 76 int noout;
@@ -85,15 +82,6 @@ static struct {
85} pkcs7_config; 82} pkcs7_config;
86 83
87static struct option pkcs7_options[] = { 84static struct option pkcs7_options[] = {
88#ifndef OPENSSL_NO_ENGINE
89 {
90 .name = "engine",
91 .argname = "id",
92 .desc = "Use the engine specified by the given identifier",
93 .type = OPTION_ARG,
94 .opt.arg = &pkcs7_config.engine,
95 },
96#endif
97 { 85 {
98 .name = "in", 86 .name = "in",
99 .argname = "file", 87 .argname = "file",
@@ -152,7 +140,7 @@ static struct option pkcs7_options[] = {
152static void 140static void
153pkcs7_usage() 141pkcs7_usage()
154{ 142{
155 fprintf(stderr, "usage: pkcs7 [-engine id] [-in file] " 143 fprintf(stderr, "usage: pkcs7 [-in file] "
156 "[-inform DER | PEM] [-noout]\n" 144 "[-inform DER | PEM] [-noout]\n"
157 " [-out file] [-outform DER | PEM] [-print_certs] [-text]\n\n"); 145 " [-out file] [-outform DER | PEM] [-print_certs] [-text]\n\n");
158 options_usage(pkcs7_options); 146 options_usage(pkcs7_options);
@@ -176,10 +164,6 @@ pkcs7_main(int argc, char **argv)
176 goto end; 164 goto end;
177 } 165 }
178 166
179#ifndef OPENSSL_NO_ENGINE
180 setup_engine(bio_err, pkcs7_config.engine, 0);
181#endif
182
183 in = BIO_new(BIO_s_file()); 167 in = BIO_new(BIO_s_file());
184 out = BIO_new(BIO_s_file()); 168 out = BIO_new(BIO_s_file());
185 if ((in == NULL) || (out == NULL)) { 169 if ((in == NULL) || (out == NULL)) {
diff --git a/src/usr.bin/openssl/pkcs8.c b/src/usr.bin/openssl/pkcs8.c
index 7e590aa41d..b3ccd1966e 100644
--- a/src/usr.bin/openssl/pkcs8.c
+++ b/src/usr.bin/openssl/pkcs8.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs8.c,v 1.5 2015/08/19 18:25:31 deraadt Exp $ */ 1/* $OpenBSD: pkcs8.c,v 1.6 2015/09/11 14:30:23 bcook Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999-2004. 3 * project 1999-2004.
4 */ 4 */
@@ -69,9 +69,6 @@
69 69
70static struct { 70static struct {
71 const EVP_CIPHER *cipher; 71 const EVP_CIPHER *cipher;
72#ifndef OPENSSL_NO_ENGINE
73 char *engine;
74#endif
75 char *infile; 72 char *infile;
76 int informat; 73 int informat;
77 int iter; 74 int iter;
@@ -115,15 +112,6 @@ static struct option pkcs8_options[] = {
115 .value = PKCS8_EMBEDDED_PARAM, 112 .value = PKCS8_EMBEDDED_PARAM,
116 .opt.value = &pkcs8_config.p8_broken, 113 .opt.value = &pkcs8_config.p8_broken,
117 }, 114 },
118#ifndef OPENSSL_NO_ENGINE
119 {
120 .name = "engine",
121 .argname = "id",
122 .desc = "Use the engine specified by the given identifier",
123 .type = OPTION_ARG,
124 .opt.arg = &pkcs8_config.engine,
125 },
126#endif
127 { 115 {
128 .name = "in", 116 .name = "in",
129 .argname = "file", 117 .argname = "file",
@@ -220,7 +208,7 @@ static struct option pkcs8_options[] = {
220static void 208static void
221pkcs8_usage() 209pkcs8_usage()
222{ 210{
223 fprintf(stderr, "usage: pkcs8 [-embed] [-engine id] [-in file] " 211 fprintf(stderr, "usage: pkcs8 [-embed] [-in file] "
224 "[-inform fmt] [-nocrypt]\n" 212 "[-inform fmt] [-nocrypt]\n"
225 " [-noiter] [-nooct] [-nsdb] [-out file] [-outform fmt] " 213 " [-noiter] [-nooct] [-nsdb] [-out file] [-outform fmt] "
226 "[-passin src]\n" 214 "[-passin src]\n"
@@ -231,7 +219,6 @@ pkcs8_usage()
231int 219int
232pkcs8_main(int argc, char **argv) 220pkcs8_main(int argc, char **argv)
233{ 221{
234 ENGINE *e = NULL;
235 BIO *in = NULL, *out = NULL; 222 BIO *in = NULL, *out = NULL;
236 X509_SIG *p8 = NULL; 223 X509_SIG *p8 = NULL;
237 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 224 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
@@ -252,10 +239,6 @@ pkcs8_main(int argc, char **argv)
252 return (1); 239 return (1);
253 } 240 }
254 241
255#ifndef OPENSSL_NO_ENGINE
256 e = setup_engine(bio_err, pkcs8_config.engine, 0);
257#endif
258
259 if (!app_passwd(bio_err, pkcs8_config.passargin, 242 if (!app_passwd(bio_err, pkcs8_config.passargin,
260 pkcs8_config.passargout, &passin, &passout)) { 243 pkcs8_config.passargout, &passin, &passout)) {
261 BIO_printf(bio_err, "Error getting passwords\n"); 244 BIO_printf(bio_err, "Error getting passwords\n");
@@ -285,7 +268,7 @@ pkcs8_main(int argc, char **argv)
285 } 268 }
286 if (pkcs8_config.topk8) { 269 if (pkcs8_config.topk8) {
287 pkey = load_key(bio_err, pkcs8_config.infile, 270 pkey = load_key(bio_err, pkcs8_config.infile,
288 pkcs8_config.informat, 1, passin, e, "key"); 271 pkcs8_config.informat, 1, passin, "key");
289 if (!pkey) 272 if (!pkey)
290 goto end; 273 goto end;
291 if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, 274 if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey,
diff --git a/src/usr.bin/openssl/pkey.c b/src/usr.bin/openssl/pkey.c
index be6bffa001..72c03181f6 100644
--- a/src/usr.bin/openssl/pkey.c
+++ b/src/usr.bin/openssl/pkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkey.c,v 1.4 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: pkey.c,v 1.5 2015/09/11 14:30:23 bcook Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006 3 * project 2006
4 */ 4 */
@@ -68,7 +68,6 @@
68int 68int
69pkey_main(int argc, char **argv) 69pkey_main(int argc, char **argv)
70{ 70{
71 ENGINE *e = NULL;
72 char **args, *infile = NULL, *outfile = NULL; 71 char **args, *infile = NULL, *outfile = NULL;
73 char *passargin = NULL, *passargout = NULL; 72 char *passargin = NULL, *passargout = NULL;
74 BIO *in = NULL, *out = NULL; 73 BIO *in = NULL, *out = NULL;
@@ -78,9 +77,6 @@ pkey_main(int argc, char **argv)
78 EVP_PKEY *pkey = NULL; 77 EVP_PKEY *pkey = NULL;
79 char *passin = NULL, *passout = NULL; 78 char *passin = NULL, *passout = NULL;
80 int badarg = 0; 79 int badarg = 0;
81#ifndef OPENSSL_NO_ENGINE
82 char *engine = NULL;
83#endif
84 int ret = 1; 80 int ret = 1;
85 81
86 informat = FORMAT_PEM; 82 informat = FORMAT_PEM;
@@ -109,13 +105,6 @@ pkey_main(int argc, char **argv)
109 goto bad; 105 goto bad;
110 passargout = *(++args); 106 passargout = *(++args);
111 } 107 }
112#ifndef OPENSSL_NO_ENGINE
113 else if (strcmp(*args, "-engine") == 0) {
114 if (!args[1])
115 goto bad;
116 engine = *(++args);
117 }
118#endif
119 else if (!strcmp(*args, "-in")) { 108 else if (!strcmp(*args, "-in")) {
120 if (args[1]) { 109 if (args[1]) {
121 args++; 110 args++;
@@ -162,14 +151,8 @@ bad:
162 BIO_printf(bio_err, "-outform X output format (DER or PEM)\n"); 151 BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
163 BIO_printf(bio_err, "-out file output file\n"); 152 BIO_printf(bio_err, "-out file output file\n");
164 BIO_printf(bio_err, "-passout arg output file pass phrase source\n"); 153 BIO_printf(bio_err, "-passout arg output file pass phrase source\n");
165#ifndef OPENSSL_NO_ENGINE
166 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
167#endif
168 return 1; 154 return 1;
169 } 155 }
170#ifndef OPENSSL_NO_ENGINE
171 e = setup_engine(bio_err, engine, 0);
172#endif
173 156
174 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { 157 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
175 BIO_printf(bio_err, "Error getting passwords\n"); 158 BIO_printf(bio_err, "Error getting passwords\n");
@@ -187,10 +170,9 @@ bad:
187 170
188 if (pubin) 171 if (pubin)
189 pkey = load_pubkey(bio_err, infile, informat, 1, 172 pkey = load_pubkey(bio_err, infile, informat, 1,
190 passin, e, "Public Key"); 173 passin, "Public Key");
191 else 174 else
192 pkey = load_key(bio_err, infile, informat, 1, 175 pkey = load_key(bio_err, infile, informat, 1, passin, "key");
193 passin, e, "key");
194 if (!pkey) 176 if (!pkey)
195 goto end; 177 goto end;
196 178
diff --git a/src/usr.bin/openssl/pkeyparam.c b/src/usr.bin/openssl/pkeyparam.c
index e5152dfbf9..8f4d3a53f4 100644
--- a/src/usr.bin/openssl/pkeyparam.c
+++ b/src/usr.bin/openssl/pkeyparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkeyparam.c,v 1.6 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: pkeyparam.c,v 1.7 2015/09/11 14:30:23 bcook Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006 3 * project 2006
4 */ 4 */
@@ -66,9 +66,6 @@
66#include <openssl/pem.h> 66#include <openssl/pem.h>
67 67
68struct { 68struct {
69#ifndef OPENSSL_NO_ENGINE
70 char *engine;
71#endif
72 char *infile; 69 char *infile;
73 int noout; 70 int noout;
74 char *outfile; 71 char *outfile;
@@ -76,15 +73,6 @@ struct {
76} pkeyparam_config; 73} pkeyparam_config;
77 74
78struct option pkeyparam_options[] = { 75struct option pkeyparam_options[] = {
79#ifndef OPENSSL_NO_ENGINE
80 {
81 .name = "engine",
82 .argname = "id",
83 .desc = "Use the engine specified by the given identifier",
84 .type = OPTION_ARG,
85 .opt.arg = &pkeyparam_config.engine,
86 },
87#endif
88 { 76 {
89 .name = "in", 77 .name = "in",
90 .argname = "file", 78 .argname = "file",
@@ -118,7 +106,7 @@ static void
118pkeyparam_usage() 106pkeyparam_usage()
119{ 107{
120 fprintf(stderr, 108 fprintf(stderr,
121 "usage: pkeyparam [-engine id] [-in file] [-noout] [-out file] " 109 "usage: pkeyparam [-in file] [-noout] [-out file] "
122 "[-text]\n"); 110 "[-text]\n");
123 options_usage(pkeyparam_options); 111 options_usage(pkeyparam_options);
124} 112}
@@ -137,10 +125,6 @@ pkeyparam_main(int argc, char **argv)
137 return (1); 125 return (1);
138 } 126 }
139 127
140#ifndef OPENSSL_NO_ENGINE
141 setup_engine(bio_err, pkeyparam_config.engine, 0);
142#endif
143
144 if (pkeyparam_config.infile) { 128 if (pkeyparam_config.infile) {
145 if (!(in = BIO_new_file(pkeyparam_config.infile, "r"))) { 129 if (!(in = BIO_new_file(pkeyparam_config.infile, "r"))) {
146 BIO_printf(bio_err, "Can't open input file %s\n", 130 BIO_printf(bio_err, "Can't open input file %s\n",
diff --git a/src/usr.bin/openssl/pkeyutl.c b/src/usr.bin/openssl/pkeyutl.c
index 0529b97798..2caa61e282 100644
--- a/src/usr.bin/openssl/pkeyutl.c
+++ b/src/usr.bin/openssl/pkeyutl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkeyutl.c,v 1.6 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: pkeyutl.c,v 1.7 2015/09/11 14:30:23 bcook Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -72,7 +72,7 @@ static void usage(void);
72 72
73static EVP_PKEY_CTX *init_ctx(int *pkeysize, 73static EVP_PKEY_CTX *init_ctx(int *pkeysize,
74 char *keyfile, int keyform, int key_type, 74 char *keyfile, int keyform, int key_type,
75 char *passargin, int pkey_op, ENGINE * e); 75 char *passargin, int pkey_op);
76 76
77static int setup_peer(BIO * err, EVP_PKEY_CTX * ctx, int peerform, 77static int setup_peer(BIO * err, EVP_PKEY_CTX * ctx, int peerform,
78 const char *file); 78 const char *file);
@@ -86,7 +86,6 @@ pkeyutl_main(int argc, char **argv)
86{ 86{
87 BIO *in = NULL, *out = NULL; 87 BIO *in = NULL, *out = NULL;
88 char *infile = NULL, *outfile = NULL, *sigfile = NULL; 88 char *infile = NULL, *outfile = NULL, *sigfile = NULL;
89 ENGINE *e = NULL;
90 int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY; 89 int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
91 int keyform = FORMAT_PEM, peerform = FORMAT_PEM; 90 int keyform = FORMAT_PEM, peerform = FORMAT_PEM;
92 char badarg = 0, rev = 0; 91 char badarg = 0, rev = 0;
@@ -126,7 +125,7 @@ pkeyutl_main(int argc, char **argv)
126 else { 125 else {
127 ctx = init_ctx(&keysize, 126 ctx = init_ctx(&keysize,
128 *(++argv), keyform, key_type, 127 *(++argv), keyform, key_type,
129 passargin, pkey_op, e); 128 passargin, pkey_op);
130 if (!ctx) { 129 if (!ctx) {
131 BIO_puts(bio_err, 130 BIO_puts(bio_err,
132 "Error initializing context\n"); 131 "Error initializing context\n");
@@ -155,14 +154,6 @@ pkeyutl_main(int argc, char **argv)
155 else 154 else
156 keyform = str2fmt(*(++argv)); 155 keyform = str2fmt(*(++argv));
157 } 156 }
158#ifndef OPENSSL_NO_ENGINE
159 else if (!strcmp(*argv, "-engine")) {
160 if (--argc < 1)
161 badarg = 1;
162 else
163 e = setup_engine(bio_err, *(++argv), 0);
164 }
165#endif
166 else if (!strcmp(*argv, "-pubin")) 157 else if (!strcmp(*argv, "-pubin"))
167 key_type = KEY_PUBKEY; 158 key_type = KEY_PUBKEY;
168 else if (!strcmp(*argv, "-certin")) 159 else if (!strcmp(*argv, "-certin"))
@@ -342,9 +333,6 @@ usage()
342 BIO_printf(bio_err, "-decrypt decrypt with private key\n"); 333 BIO_printf(bio_err, "-decrypt decrypt with private key\n");
343 BIO_printf(bio_err, "-derive derive shared secret\n"); 334 BIO_printf(bio_err, "-derive derive shared secret\n");
344 BIO_printf(bio_err, "-hexdump hex dump output\n"); 335 BIO_printf(bio_err, "-hexdump hex dump output\n");
345#ifndef OPENSSL_NO_ENGINE
346 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
347#endif
348 BIO_printf(bio_err, "-passin arg pass phrase source\n"); 336 BIO_printf(bio_err, "-passin arg pass phrase source\n");
349 337
350} 338}
@@ -352,7 +340,7 @@ usage()
352static EVP_PKEY_CTX * 340static EVP_PKEY_CTX *
353init_ctx(int *pkeysize, 341init_ctx(int *pkeysize,
354 char *keyfile, int keyform, int key_type, 342 char *keyfile, int keyform, int key_type,
355 char *passargin, int pkey_op, ENGINE * e) 343 char *passargin, int pkey_op)
356{ 344{
357 EVP_PKEY *pkey = NULL; 345 EVP_PKEY *pkey = NULL;
358 EVP_PKEY_CTX *ctx = NULL; 346 EVP_PKEY_CTX *ctx = NULL;
@@ -372,17 +360,17 @@ init_ctx(int *pkeysize,
372 switch (key_type) { 360 switch (key_type) {
373 case KEY_PRIVKEY: 361 case KEY_PRIVKEY:
374 pkey = load_key(bio_err, keyfile, keyform, 0, 362 pkey = load_key(bio_err, keyfile, keyform, 0,
375 passin, e, "Private Key"); 363 passin, "Private Key");
376 break; 364 break;
377 365
378 case KEY_PUBKEY: 366 case KEY_PUBKEY:
379 pkey = load_pubkey(bio_err, keyfile, keyform, 0, 367 pkey = load_pubkey(bio_err, keyfile, keyform, 0,
380 NULL, e, "Public Key"); 368 NULL, "Public Key");
381 break; 369 break;
382 370
383 case KEY_CERT: 371 case KEY_CERT:
384 x = load_cert(bio_err, keyfile, keyform, 372 x = load_cert(bio_err, keyfile, keyform,
385 NULL, e, "Certificate"); 373 NULL, "Certificate");
386 if (x) { 374 if (x) {
387 pkey = X509_get_pubkey(x); 375 pkey = X509_get_pubkey(x);
388 X509_free(x); 376 X509_free(x);
@@ -396,7 +384,7 @@ init_ctx(int *pkeysize,
396 if (!pkey) 384 if (!pkey)
397 goto end; 385 goto end;
398 386
399 ctx = EVP_PKEY_CTX_new(pkey, e); 387 ctx = EVP_PKEY_CTX_new(pkey, NULL);
400 388
401 EVP_PKEY_free(pkey); 389 EVP_PKEY_free(pkey);
402 390
@@ -452,7 +440,7 @@ setup_peer(BIO * err, EVP_PKEY_CTX * ctx, int peerform,
452 BIO_puts(err, "-peerkey command before -inkey\n"); 440 BIO_puts(err, "-peerkey command before -inkey\n");
453 return 0; 441 return 0;
454 } 442 }
455 peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key"); 443 peer = load_pubkey(bio_err, file, peerform, 0, NULL, "Peer Key");
456 444
457 if (!peer) { 445 if (!peer) {
458 BIO_printf(bio_err, "Error reading peer key %s\n", file); 446 BIO_printf(bio_err, "Error reading peer key %s\n", file);
diff --git a/src/usr.bin/openssl/progs.h b/src/usr.bin/openssl/progs.h
index c1b0c62752..a771b2c7de 100644
--- a/src/usr.bin/openssl/progs.h
+++ b/src/usr.bin/openssl/progs.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: progs.h,v 1.6 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: progs.h,v 1.7 2015/09/11 14:30:23 bcook Exp $ */
2/* Public domain */ 2/* Public domain */
3 3
4int asn1parse_main(int argc, char **argv); 4int asn1parse_main(int argc, char **argv);
@@ -16,7 +16,6 @@ int dsaparam_main(int argc, char **argv);
16int ec_main(int argc, char **argv); 16int ec_main(int argc, char **argv);
17int ecparam_main(int argc, char **argv); 17int ecparam_main(int argc, char **argv);
18int enc_main(int argc, char **argv); 18int enc_main(int argc, char **argv);
19int engine_main(int argc, char **argv);
20int errstr_main(int argc, char **argv); 19int errstr_main(int argc, char **argv);
21int gendh_main(int argc, char **argv); 20int gendh_main(int argc, char **argv);
22int gendsa_main(int argc, char **argv); 21int gendsa_main(int argc, char **argv);
diff --git a/src/usr.bin/openssl/rand.c b/src/usr.bin/openssl/rand.c
index b021b4ec7c..b0df4eb1b5 100644
--- a/src/usr.bin/openssl/rand.c
+++ b/src/usr.bin/openssl/rand.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rand.c,v 1.7 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: rand.c,v 1.8 2015/09/11 14:30:23 bcook Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -64,7 +64,6 @@
64 64
65struct { 65struct {
66 int base64; 66 int base64;
67 char *engine;
68 int hex; 67 int hex;
69 char *outfile; 68 char *outfile;
70} rand_config; 69} rand_config;
@@ -76,15 +75,6 @@ struct option rand_options[] = {
76 .type = OPTION_FLAG, 75 .type = OPTION_FLAG,
77 .opt.flag = &rand_config.base64, 76 .opt.flag = &rand_config.base64,
78 }, 77 },
79#ifndef OPENSSL_NO_ENGINE
80 {
81 .name = "engine",
82 .argname = "id",
83 .desc = "Use the engine specified by the given identifier",
84 .type = OPTION_ARG,
85 .opt.arg = &rand_config.engine,
86 },
87#endif
88 { 78 {
89 .name = "hex", 79 .name = "hex",
90 .desc = "Hexadecimal output", 80 .desc = "Hexadecimal output",
@@ -105,7 +95,7 @@ static void
105rand_usage() 95rand_usage()
106{ 96{
107 fprintf(stderr, 97 fprintf(stderr,
108 "usage: rand [-base64 | -hex] [-engine id] [-out file] num\n"); 98 "usage: rand [-base64 | -hex] [-out file] num\n");
109 options_usage(rand_options); 99 options_usage(rand_options);
110} 100}
111 101
@@ -141,10 +131,6 @@ rand_main(int argc, char **argv)
141 goto err; 131 goto err;
142 } 132 }
143 133
144#ifndef OPENSSL_NO_ENGINE
145 setup_engine(bio_err, rand_config.engine, 0);
146#endif
147
148 out = BIO_new(BIO_s_file()); 134 out = BIO_new(BIO_s_file());
149 if (out == NULL) 135 if (out == NULL)
150 goto err; 136 goto err;
diff --git a/src/usr.bin/openssl/req.c b/src/usr.bin/openssl/req.c
index 4e1a4757dd..5ed658bfb1 100644
--- a/src/usr.bin/openssl/req.c
+++ b/src/usr.bin/openssl/req.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: req.c,v 1.6 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: req.c,v 1.7 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -140,15 +140,13 @@ static int genpkey_cb(EVP_PKEY_CTX * ctx);
140static int req_check_len(int len, int n_min, int n_max); 140static int req_check_len(int len, int n_min, int n_max);
141static int check_end(const char *str, const char *end); 141static int check_end(const char *str, const char *end);
142static EVP_PKEY_CTX *set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type, 142static EVP_PKEY_CTX *set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
143 long *pkeylen, char **palgnam, 143 long *pkeylen, char **palgnam);
144 ENGINE * keygen_engine);
145static CONF *req_conf = NULL; 144static CONF *req_conf = NULL;
146static int batch = 0; 145static int batch = 0;
147 146
148int 147int
149req_main(int argc, char **argv) 148req_main(int argc, char **argv)
150{ 149{
151 ENGINE *e = NULL, *gen_eng = NULL;
152 unsigned long nmflag = 0, reqflag = 0; 150 unsigned long nmflag = 0, reqflag = 0;
153 int ex = 1, x509 = 0, days = 30; 151 int ex = 1, x509 = 0, days = 30;
154 X509 *x509ss = NULL; 152 X509 *x509ss = NULL;
@@ -165,9 +163,6 @@ req_main(int argc, char **argv)
165 int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0; 163 int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0;
166 char *infile, *outfile, *prog, *keyfile = NULL, *template = NULL, 164 char *infile, *outfile, *prog, *keyfile = NULL, *template = NULL,
167 *keyout = NULL; 165 *keyout = NULL;
168#ifndef OPENSSL_NO_ENGINE
169 char *engine = NULL;
170#endif
171 char *extensions = NULL; 166 char *extensions = NULL;
172 char *req_exts = NULL; 167 char *req_exts = NULL;
173 const EVP_CIPHER *cipher = NULL; 168 const EVP_CIPHER *cipher = NULL;
@@ -203,21 +198,6 @@ req_main(int argc, char **argv)
203 goto bad; 198 goto bad;
204 outformat = str2fmt(*(++argv)); 199 outformat = str2fmt(*(++argv));
205 } 200 }
206#ifndef OPENSSL_NO_ENGINE
207 else if (strcmp(*argv, "-engine") == 0) {
208 if (--argc < 1)
209 goto bad;
210 engine = *(++argv);
211 } else if (strcmp(*argv, "-keygen_engine") == 0) {
212 if (--argc < 1)
213 goto bad;
214 gen_eng = ENGINE_by_id(*(++argv));
215 if (gen_eng == NULL) {
216 BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv);
217 goto end;
218 }
219 }
220#endif
221 else if (strcmp(*argv, "-key") == 0) { 201 else if (strcmp(*argv, "-key") == 0) {
222 if (--argc < 1) 202 if (--argc < 1)
223 goto bad; 203 goto bad;
@@ -366,9 +346,6 @@ bad:
366 BIO_printf(bio_err, " -verify verify signature on REQ\n"); 346 BIO_printf(bio_err, " -verify verify signature on REQ\n");
367 BIO_printf(bio_err, " -modulus RSA modulus\n"); 347 BIO_printf(bio_err, " -modulus RSA modulus\n");
368 BIO_printf(bio_err, " -nodes don't encrypt the output key\n"); 348 BIO_printf(bio_err, " -nodes don't encrypt the output key\n");
369#ifndef OPENSSL_NO_ENGINE
370 BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device\n");
371#endif
372 BIO_printf(bio_err, " -subject output the request's subject\n"); 349 BIO_printf(bio_err, " -subject output the request's subject\n");
373 BIO_printf(bio_err, " -passin private key password source\n"); 350 BIO_printf(bio_err, " -passin private key password source\n");
374 BIO_printf(bio_err, " -key file use the private key contained in file\n"); 351 BIO_printf(bio_err, " -key file use the private key contained in file\n");
@@ -520,12 +497,8 @@ bad:
520 if ((in == NULL) || (out == NULL)) 497 if ((in == NULL) || (out == NULL))
521 goto end; 498 goto end;
522 499
523#ifndef OPENSSL_NO_ENGINE
524 e = setup_engine(bio_err, engine, 0);
525#endif
526
527 if (keyfile != NULL) { 500 if (keyfile != NULL) {
528 pkey = load_key(bio_err, keyfile, keyform, 0, passin, e, 501 pkey = load_key(bio_err, keyfile, keyform, 0, passin,
529 "Private Key"); 502 "Private Key");
530 if (!pkey) { 503 if (!pkey) {
531 /* 504 /*
@@ -541,7 +514,7 @@ bad:
541 } 514 }
542 if (keyalg) { 515 if (keyalg) {
543 genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey, 516 genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
544 &keyalgstr, gen_eng); 517 &keyalgstr);
545 if (!genctx) 518 if (!genctx)
546 goto end; 519 goto end;
547 } 520 }
@@ -552,7 +525,7 @@ bad:
552 } 525 }
553 if (!genctx) { 526 if (!genctx) {
554 genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &newkey, 527 genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &newkey,
555 &keyalgstr, gen_eng); 528 &keyalgstr);
556 if (!genctx) 529 if (!genctx)
557 goto end; 530 goto end;
558 } 531 }
@@ -893,10 +866,6 @@ end:
893 sk_OPENSSL_STRING_free(pkeyopts); 866 sk_OPENSSL_STRING_free(pkeyopts);
894 if (sigopts) 867 if (sigopts)
895 sk_OPENSSL_STRING_free(sigopts); 868 sk_OPENSSL_STRING_free(sigopts);
896#ifndef OPENSSL_NO_ENGINE
897 if (gen_eng)
898 ENGINE_free(gen_eng);
899#endif
900 free(keyalgstr); 869 free(keyalgstr);
901 X509_REQ_free(req); 870 X509_REQ_free(req);
902 X509_free(x509ss); 871 X509_free(x509ss);
@@ -1370,8 +1339,7 @@ check_end(const char *str, const char *end)
1370 1339
1371static EVP_PKEY_CTX * 1340static EVP_PKEY_CTX *
1372set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type, 1341set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
1373 long *pkeylen, char **palgnam, 1342 long *pkeylen, char **palgnam)
1374 ENGINE * keygen_engine)
1375{ 1343{
1376 EVP_PKEY_CTX *gctx = NULL; 1344 EVP_PKEY_CTX *gctx = NULL;
1377 EVP_PKEY *param = NULL; 1345 EVP_PKEY *param = NULL;
@@ -1396,19 +1364,14 @@ set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
1396 else { 1364 else {
1397 const char *p = strchr(gstr, ':'); 1365 const char *p = strchr(gstr, ':');
1398 int len; 1366 int len;
1399 ENGINE *tmpeng;
1400 const EVP_PKEY_ASN1_METHOD *ameth; 1367 const EVP_PKEY_ASN1_METHOD *ameth;
1401 1368
1402 if (p) 1369 if (p)
1403 len = p - gstr; 1370 len = p - gstr;
1404 else 1371 else
1405 len = strlen(gstr); 1372 len = strlen(gstr);
1406 /*
1407 * The lookup of a the string will cover all engines so keep
1408 * a note of the implementation.
1409 */
1410 1373
1411 ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len); 1374 ameth = EVP_PKEY_asn1_find_str(NULL, gstr, len);
1412 1375
1413 if (!ameth) { 1376 if (!ameth) {
1414 BIO_printf(err, "Unknown algorithm %.*s\n", len, gstr); 1377 BIO_printf(err, "Unknown algorithm %.*s\n", len, gstr);
@@ -1416,10 +1379,6 @@ set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
1416 } 1379 }
1417 EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL, 1380 EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL,
1418 ameth); 1381 ameth);
1419#ifndef OPENSSL_NO_ENGINE
1420 if (tmpeng)
1421 ENGINE_finish(tmpeng);
1422#endif
1423 if (*pkey_type == EVP_PKEY_RSA) { 1382 if (*pkey_type == EVP_PKEY_RSA) {
1424 if (p) { 1383 if (p) {
1425 keylen = strtonum(p + 1, 0, LONG_MAX, &errstr); 1384 keylen = strtonum(p + 1, 0, LONG_MAX, &errstr);
@@ -1470,26 +1429,21 @@ set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
1470 } 1429 }
1471 if (palgnam) { 1430 if (palgnam) {
1472 const EVP_PKEY_ASN1_METHOD *ameth; 1431 const EVP_PKEY_ASN1_METHOD *ameth;
1473 ENGINE *tmpeng;
1474 const char *anam; 1432 const char *anam;
1475 ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type); 1433 ameth = EVP_PKEY_asn1_find(NULL, *pkey_type);
1476 if (!ameth) { 1434 if (!ameth) {
1477 BIO_puts(err, "Internal error: can't find key algorithm\n"); 1435 BIO_puts(err, "Internal error: can't find key algorithm\n");
1478 return NULL; 1436 return NULL;
1479 } 1437 }
1480 EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth); 1438 EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth);
1481 *palgnam = strdup(anam); 1439 *palgnam = strdup(anam);
1482#ifndef OPENSSL_NO_ENGINE
1483 if (tmpeng)
1484 ENGINE_finish(tmpeng);
1485#endif
1486 } 1440 }
1487 if (param) { 1441 if (param) {
1488 gctx = EVP_PKEY_CTX_new(param, keygen_engine); 1442 gctx = EVP_PKEY_CTX_new(param, NULL);
1489 *pkeylen = EVP_PKEY_bits(param); 1443 *pkeylen = EVP_PKEY_bits(param);
1490 EVP_PKEY_free(param); 1444 EVP_PKEY_free(param);
1491 } else 1445 } else
1492 gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine); 1446 gctx = EVP_PKEY_CTX_new_id(*pkey_type, NULL);
1493 1447
1494 if (!gctx) { 1448 if (!gctx) {
1495 BIO_puts(err, "Error allocating keygen context\n"); 1449 BIO_puts(err, "Error allocating keygen context\n");
diff --git a/src/usr.bin/openssl/rsa.c b/src/usr.bin/openssl/rsa.c
index 55b6f7399f..708332a8d1 100644
--- a/src/usr.bin/openssl/rsa.c
+++ b/src/usr.bin/openssl/rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa.c,v 1.4 2015/08/19 18:25:31 deraadt Exp $ */ 1/* $OpenBSD: rsa.c,v 1.5 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -77,9 +77,6 @@
77static struct { 77static struct {
78 int check; 78 int check;
79 const EVP_CIPHER *enc; 79 const EVP_CIPHER *enc;
80#ifndef OPENSSL_NO_ENGINE
81 char *engine;
82#endif
83 char *infile; 80 char *infile;
84 int informat; 81 int informat;
85 int modulus; 82 int modulus;
@@ -119,15 +116,6 @@ static struct option rsa_options[] = {
119 .type = OPTION_FLAG, 116 .type = OPTION_FLAG,
120 .opt.flag = &rsa_config.check, 117 .opt.flag = &rsa_config.check,
121 }, 118 },
122#ifndef OPENSSL_NO_ENGINE
123 {
124 .name = "engine",
125 .argname = "id",
126 .desc = "Use the engine specified by the given identifier",
127 .type = OPTION_ARG,
128 .opt.arg = &rsa_config.engine,
129 },
130#endif
131 { 119 {
132 .name = "in", 120 .name = "in",
133 .argname = "file", 121 .argname = "file",
@@ -258,7 +246,7 @@ static void
258rsa_usage() 246rsa_usage()
259{ 247{
260 fprintf(stderr, 248 fprintf(stderr,
261 "usage: rsa [-ciphername] [-check] [-engine id] [-in file] " 249 "usage: rsa [-ciphername] [-check] [-in file] "
262 "[-inform fmt]\n" 250 "[-inform fmt]\n"
263 " [-modulus] [-noout] [-out file] [-outform fmt] " 251 " [-modulus] [-noout] [-out file] [-outform fmt] "
264 "[-passin src]\n" 252 "[-passin src]\n"
@@ -274,7 +262,6 @@ rsa_usage()
274int 262int
275rsa_main(int argc, char **argv) 263rsa_main(int argc, char **argv)
276{ 264{
277 ENGINE *e = NULL;
278 int ret = 1; 265 int ret = 1;
279 RSA *rsa = NULL; 266 RSA *rsa = NULL;
280 int i; 267 int i;
@@ -291,10 +278,6 @@ rsa_main(int argc, char **argv)
291 goto end; 278 goto end;
292 } 279 }
293 280
294#ifndef OPENSSL_NO_ENGINE
295 e = setup_engine(bio_err, rsa_config.engine, 0);
296#endif
297
298 if (!app_passwd(bio_err, rsa_config.passargin, rsa_config.passargout, 281 if (!app_passwd(bio_err, rsa_config.passargin, rsa_config.passargout,
299 &passin, &passout)) { 282 &passin, &passout)) {
300 BIO_printf(bio_err, "Error getting passwords\n"); 283 BIO_printf(bio_err, "Error getting passwords\n");
@@ -323,12 +306,12 @@ rsa_main(int argc, char **argv)
323 tmpformat = rsa_config.informat; 306 tmpformat = rsa_config.informat;
324 307
325 pkey = load_pubkey(bio_err, rsa_config.infile, 308 pkey = load_pubkey(bio_err, rsa_config.infile,
326 tmpformat, 1, passin, e, "Public Key"); 309 tmpformat, 1, passin, "Public Key");
327 } else 310 } else
328 pkey = load_key(bio_err, rsa_config.infile, 311 pkey = load_key(bio_err, rsa_config.infile,
329 (rsa_config.informat == FORMAT_NETSCAPE && 312 (rsa_config.informat == FORMAT_NETSCAPE &&
330 rsa_config.sgckey ? FORMAT_IISSGC : 313 rsa_config.sgckey ? FORMAT_IISSGC :
331 rsa_config.informat), 1, passin, e, "Private Key"); 314 rsa_config.informat), 1, passin, "Private Key");
332 315
333 if (pkey != NULL) 316 if (pkey != NULL)
334 rsa = EVP_PKEY_get1_RSA(pkey); 317 rsa = EVP_PKEY_get1_RSA(pkey);
diff --git a/src/usr.bin/openssl/rsautl.c b/src/usr.bin/openssl/rsautl.c
index 5f395e2245..2e9793297b 100644
--- a/src/usr.bin/openssl/rsautl.c
+++ b/src/usr.bin/openssl/rsautl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsautl.c,v 1.6 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: rsautl.c,v 1.7 2015/09/11 14:30:23 bcook Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -81,12 +81,8 @@ static void usage(void);
81int 81int
82rsautl_main(int argc, char **argv) 82rsautl_main(int argc, char **argv)
83{ 83{
84 ENGINE *e = NULL;
85 BIO *in = NULL, *out = NULL; 84 BIO *in = NULL, *out = NULL;
86 char *infile = NULL, *outfile = NULL; 85 char *infile = NULL, *outfile = NULL;
87#ifndef OPENSSL_NO_ENGINE
88 char *engine = NULL;
89#endif
90 char *keyfile = NULL; 86 char *keyfile = NULL;
91 char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; 87 char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
92 int keyform = FORMAT_PEM; 88 int keyform = FORMAT_PEM;
@@ -133,13 +129,6 @@ rsautl_main(int argc, char **argv)
133 badarg = 1; 129 badarg = 1;
134 else 130 else
135 keyform = str2fmt(*(++argv)); 131 keyform = str2fmt(*(++argv));
136#ifndef OPENSSL_NO_ENGINE
137 } else if (!strcmp(*argv, "-engine")) {
138 if (--argc < 1)
139 badarg = 1;
140 else
141 engine = *(++argv);
142#endif
143 } else if (!strcmp(*argv, "-pubin")) { 132 } else if (!strcmp(*argv, "-pubin")) {
144 key_type = KEY_PUBKEY; 133 key_type = KEY_PUBKEY;
145 } else if (!strcmp(*argv, "-certin")) { 134 } else if (!strcmp(*argv, "-certin")) {
@@ -184,9 +173,6 @@ rsautl_main(int argc, char **argv)
184 BIO_printf(bio_err, "A private key is needed for this operation\n"); 173 BIO_printf(bio_err, "A private key is needed for this operation\n");
185 goto end; 174 goto end;
186 } 175 }
187#ifndef OPENSSL_NO_ENGINE
188 e = setup_engine(bio_err, engine, 0);
189#endif
190 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 176 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
191 BIO_printf(bio_err, "Error getting password\n"); 177 BIO_printf(bio_err, "Error getting password\n");
192 goto end; 178 goto end;
@@ -195,17 +181,17 @@ rsautl_main(int argc, char **argv)
195 switch (key_type) { 181 switch (key_type) {
196 case KEY_PRIVKEY: 182 case KEY_PRIVKEY:
197 pkey = load_key(bio_err, keyfile, keyform, 0, 183 pkey = load_key(bio_err, keyfile, keyform, 0,
198 passin, e, "Private Key"); 184 passin, "Private Key");
199 break; 185 break;
200 186
201 case KEY_PUBKEY: 187 case KEY_PUBKEY:
202 pkey = load_pubkey(bio_err, keyfile, keyform, 0, 188 pkey = load_pubkey(bio_err, keyfile, keyform, 0,
203 NULL, e, "Public Key"); 189 NULL, "Public Key");
204 break; 190 break;
205 191
206 case KEY_CERT: 192 case KEY_CERT:
207 x = load_cert(bio_err, keyfile, keyform, 193 x = load_cert(bio_err, keyfile, keyform,
208 NULL, e, "Certificate"); 194 NULL, "Certificate");
209 if (x) { 195 if (x) {
210 pkey = X509_get_pubkey(x); 196 pkey = X509_get_pubkey(x);
211 X509_free(x); 197 X509_free(x);
@@ -336,10 +322,4 @@ usage()
336 BIO_printf(bio_err, "-encrypt encrypt with public key\n"); 322 BIO_printf(bio_err, "-encrypt encrypt with public key\n");
337 BIO_printf(bio_err, "-decrypt decrypt with private key\n"); 323 BIO_printf(bio_err, "-decrypt decrypt with private key\n");
338 BIO_printf(bio_err, "-hexdump hex dump output\n"); 324 BIO_printf(bio_err, "-hexdump hex dump output\n");
339#ifndef OPENSSL_NO_ENGINE
340 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
341 BIO_printf(bio_err, "-passin arg pass phrase source\n");
342#endif
343
344} 325}
345
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index f118672abb..aca9bbfc9e 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_client.c,v 1.18 2015/09/10 16:01:06 jsing Exp $ */ 1/* $OpenBSD: s_client.c,v 1.19 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -238,9 +238,6 @@ sc_usage(void)
238 BIO_printf(bio_err, " only \"smtp\", \"lmtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); 238 BIO_printf(bio_err, " only \"smtp\", \"lmtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
239 BIO_printf(bio_err, " are supported.\n"); 239 BIO_printf(bio_err, " are supported.\n");
240 BIO_printf(bio_err, " -xmpphost host - connect to this virtual host on the xmpp server\n"); 240 BIO_printf(bio_err, " -xmpphost host - connect to this virtual host on the xmpp server\n");
241#ifndef OPENSSL_NO_ENGINE
242 BIO_printf(bio_err, " -engine id - Initialise and use the specified engine\n");
243#endif
244 BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n"); 241 BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n");
245 BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n"); 242 BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n");
246 BIO_printf(bio_err, " -servername host - Set TLS extension servername in ClientHello\n"); 243 BIO_printf(bio_err, " -servername host - Set TLS extension servername in ClientHello\n");
@@ -356,12 +353,6 @@ s_client_main(int argc, char **argv)
356 int mbuf_len = 0; 353 int mbuf_len = 0;
357 struct timeval timeout; 354 struct timeval timeout;
358 const char *errstr = NULL; 355 const char *errstr = NULL;
359#ifndef OPENSSL_NO_ENGINE
360 char *engine_id = NULL;
361 char *ssl_client_engine_id = NULL;
362 ENGINE *ssl_client_engine = NULL;
363#endif
364 ENGINE *e = NULL;
365 char *servername = NULL; 356 char *servername = NULL;
366 tlsextctx tlsextcbp = 357 tlsextctx tlsextcbp =
367 {NULL, 0}; 358 {NULL, 0};
@@ -578,17 +569,6 @@ s_client_main(int argc, char **argv)
578 else 569 else
579 goto bad; 570 goto bad;
580 } 571 }
581#ifndef OPENSSL_NO_ENGINE
582 else if (strcmp(*argv, "-engine") == 0) {
583 if (--argc < 1)
584 goto bad;
585 engine_id = *(++argv);
586 } else if (strcmp(*argv, "-ssl_client_engine") == 0) {
587 if (--argc < 1)
588 goto bad;
589 ssl_client_engine_id = *(++argv);
590 }
591#endif
592 else if (strcmp(*argv, "-4") == 0) { 572 else if (strcmp(*argv, "-4") == 0) {
593 af = AF_INET; 573 af = AF_INET;
594 } else if (strcmp(*argv, "-6") == 0) { 574 } else if (strcmp(*argv, "-6") == 0) {
@@ -654,17 +634,6 @@ bad:
654 } else 634 } else
655 next_proto.data = NULL; 635 next_proto.data = NULL;
656 636
657#ifndef OPENSSL_NO_ENGINE
658 e = setup_engine(bio_err, engine_id, 1);
659 if (ssl_client_engine_id) {
660 ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
661 if (!ssl_client_engine) {
662 BIO_printf(bio_err,
663 "Error getting client auth engine\n");
664 goto end;
665 }
666 }
667#endif
668 if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { 637 if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
669 BIO_printf(bio_err, "Error getting password\n"); 638 BIO_printf(bio_err, "Error getting password\n");
670 goto end; 639 goto end;
@@ -675,7 +644,7 @@ bad:
675 644
676 if (key_file) { 645 if (key_file) {
677 646
678 key = load_key(bio_err, key_file, key_format, 0, pass, e, 647 key = load_key(bio_err, key_file, key_format, 0, pass,
679 "client certificate private key file"); 648 "client certificate private key file");
680 if (!key) { 649 if (!key) {
681 ERR_print_errors(bio_err); 650 ERR_print_errors(bio_err);
@@ -684,7 +653,7 @@ bad:
684 } 653 }
685 if (cert_file) { 654 if (cert_file) {
686 cert = load_cert(bio_err, cert_file, cert_format, 655 cert = load_cert(bio_err, cert_file, cert_format,
687 NULL, e, "client certificate file"); 656 NULL, "client certificate file");
688 657
689 if (!cert) { 658 if (!cert) {
690 ERR_print_errors(bio_err); 659 ERR_print_errors(bio_err);
@@ -708,18 +677,6 @@ bad:
708 if (vpm) 677 if (vpm)
709 SSL_CTX_set1_param(ctx, vpm); 678 SSL_CTX_set1_param(ctx, vpm);
710 679
711#ifndef OPENSSL_NO_ENGINE
712 if (ssl_client_engine) {
713 if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) {
714 BIO_puts(bio_err, "Error setting client auth engine\n");
715 ERR_print_errors(bio_err);
716 ENGINE_free(ssl_client_engine);
717 goto end;
718 }
719 ENGINE_free(ssl_client_engine);
720 }
721#endif
722
723#ifndef OPENSSL_NO_SRTP 680#ifndef OPENSSL_NO_SRTP
724 if (srtp_profiles != NULL) 681 if (srtp_profiles != NULL)
725 SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); 682 SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index 0272abe43b..5989e0db90 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_server.c,v 1.16 2015/09/10 16:01:06 jsing Exp $ */ 1/* $OpenBSD: s_server.c,v 1.17 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -226,9 +226,6 @@ static int s_quiet = 0;
226static char *keymatexportlabel = NULL; 226static char *keymatexportlabel = NULL;
227static int keymatexportlen = 20; 227static int keymatexportlen = 20;
228 228
229#ifndef OPENSSL_NO_ENGINE
230static char *engine_id = NULL;
231#endif
232static const char *session_id_prefix = NULL; 229static const char *session_id_prefix = NULL;
233 230
234static int enable_timeouts = 0; 231static int enable_timeouts = 0;
@@ -262,9 +259,6 @@ s_server_init(void)
262 s_debug = 0; 259 s_debug = 0;
263 s_msg = 0; 260 s_msg = 0;
264 s_quiet = 0; 261 s_quiet = 0;
265#ifndef OPENSSL_NO_ENGINE
266 engine_id = NULL;
267#endif
268} 262}
269 263
270static void 264static void
@@ -286,12 +280,12 @@ sv_usage(void)
286 BIO_printf(bio_err, " -certform arg - certificate format (PEM or DER) PEM default\n"); 280 BIO_printf(bio_err, " -certform arg - certificate format (PEM or DER) PEM default\n");
287 BIO_printf(bio_err, " -key arg - Private Key file to use, in cert file if\n"); 281 BIO_printf(bio_err, " -key arg - Private Key file to use, in cert file if\n");
288 BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT); 282 BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT);
289 BIO_printf(bio_err, " -keyform arg - key format (PEM, DER or ENGINE) PEM default\n"); 283 BIO_printf(bio_err, " -keyform arg - key format (PEM or DER) PEM default\n");
290 BIO_printf(bio_err, " -pass arg - private key file pass phrase source\n"); 284 BIO_printf(bio_err, " -pass arg - private key file pass phrase source\n");
291 BIO_printf(bio_err, " -dcert arg - second certificate file to use (usually for DSA)\n"); 285 BIO_printf(bio_err, " -dcert arg - second certificate file to use (usually for DSA)\n");
292 BIO_printf(bio_err, " -dcertform x - second certificate format (PEM or DER) PEM default\n"); 286 BIO_printf(bio_err, " -dcertform x - second certificate format (PEM or DER) PEM default\n");
293 BIO_printf(bio_err, " -dkey arg - second private key file to use (usually for DSA)\n"); 287 BIO_printf(bio_err, " -dkey arg - second private key file to use (usually for DSA)\n");
294 BIO_printf(bio_err, " -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n"); 288 BIO_printf(bio_err, " -dkeyform arg - second key format (PEM or DER) PEM default\n");
295 BIO_printf(bio_err, " -dpass arg - second private key file pass phrase source\n"); 289 BIO_printf(bio_err, " -dpass arg - second private key file pass phrase source\n");
296 BIO_printf(bio_err, " -dhparam arg - DH parameter file to use, in cert file if not specified\n"); 290 BIO_printf(bio_err, " -dhparam arg - DH parameter file to use, in cert file if not specified\n");
297 BIO_printf(bio_err, " or a default set of parameters is used\n"); 291 BIO_printf(bio_err, " or a default set of parameters is used\n");
@@ -331,9 +325,6 @@ sv_usage(void)
331 BIO_printf(bio_err, " -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); 325 BIO_printf(bio_err, " -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
332 BIO_printf(bio_err, " -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); 326 BIO_printf(bio_err, " -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
333 BIO_printf(bio_err, " with the assumption it contains a complete HTTP response.\n"); 327 BIO_printf(bio_err, " with the assumption it contains a complete HTTP response.\n");
334#ifndef OPENSSL_NO_ENGINE
335 BIO_printf(bio_err, " -engine id - Initialise and use the specified engine\n");
336#endif
337 BIO_printf(bio_err, " -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); 328 BIO_printf(bio_err, " -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
338 BIO_printf(bio_err, " -servername host - servername for HostName TLS extension\n"); 329 BIO_printf(bio_err, " -servername host - servername for HostName TLS extension\n");
339 BIO_printf(bio_err, " -servername_fatal - on mismatch send fatal alert (default warning alert)\n"); 330 BIO_printf(bio_err, " -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
@@ -598,7 +589,6 @@ s_server_main(int argc, char *argv[])
598 int state = 0; 589 int state = 0;
599 const SSL_METHOD *meth = NULL; 590 const SSL_METHOD *meth = NULL;
600 int socket_type = SOCK_STREAM; 591 int socket_type = SOCK_STREAM;
601 ENGINE *e = NULL;
602 int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; 592 int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
603 char *passarg = NULL, *pass = NULL; 593 char *passarg = NULL, *pass = NULL;
604 char *dpassarg = NULL, *dpass = NULL; 594 char *dpassarg = NULL, *dpass = NULL;
@@ -832,13 +822,6 @@ s_server_main(int argc, char *argv[])
832 goto bad; 822 goto bad;
833 session_id_prefix = *(++argv); 823 session_id_prefix = *(++argv);
834 } 824 }
835#ifndef OPENSSL_NO_ENGINE
836 else if (strcmp(*argv, "-engine") == 0) {
837 if (--argc < 1)
838 goto bad;
839 engine_id = *(++argv);
840 }
841#endif
842 else if (strcmp(*argv, "-servername") == 0) { 825 else if (strcmp(*argv, "-servername") == 0) {
843 if (--argc < 1) 826 if (--argc < 1)
844 goto bad; 827 goto bad;
@@ -899,10 +882,6 @@ bad:
899 goto end; 882 goto end;
900 } 883 }
901 884
902#ifndef OPENSSL_NO_ENGINE
903 e = setup_engine(bio_err, engine_id, 1);
904#endif
905
906 if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) { 885 if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) {
907 BIO_printf(bio_err, "Error getting password\n"); 886 BIO_printf(bio_err, "Error getting password\n");
908 goto end; 887 goto end;
@@ -913,28 +892,28 @@ bad:
913 s_key_file2 = s_cert_file2; 892 s_key_file2 = s_cert_file2;
914 893
915 if (nocert == 0) { 894 if (nocert == 0) {
916 s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e, 895 s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass,
917 "server certificate private key file"); 896 "server certificate private key file");
918 if (!s_key) { 897 if (!s_key) {
919 ERR_print_errors(bio_err); 898 ERR_print_errors(bio_err);
920 goto end; 899 goto end;
921 } 900 }
922 s_cert = load_cert(bio_err, s_cert_file, s_cert_format, 901 s_cert = load_cert(bio_err, s_cert_file, s_cert_format,
923 NULL, e, "server certificate file"); 902 NULL, "server certificate file");
924 903
925 if (!s_cert) { 904 if (!s_cert) {
926 ERR_print_errors(bio_err); 905 ERR_print_errors(bio_err);
927 goto end; 906 goto end;
928 } 907 }
929 if (tlsextcbp.servername) { 908 if (tlsextcbp.servername) {
930 s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e, 909 s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass,
931 "second server certificate private key file"); 910 "second server certificate private key file");
932 if (!s_key2) { 911 if (!s_key2) {
933 ERR_print_errors(bio_err); 912 ERR_print_errors(bio_err);
934 goto end; 913 goto end;
935 } 914 }
936 s_cert2 = load_cert(bio_err, s_cert_file2, s_cert_format, 915 s_cert2 = load_cert(bio_err, s_cert_file2, s_cert_format,
937 NULL, e, "second server certificate file"); 916 NULL, "second server certificate file");
938 917
939 if (!s_cert2) { 918 if (!s_cert2) {
940 ERR_print_errors(bio_err); 919 ERR_print_errors(bio_err);
@@ -966,14 +945,13 @@ bad:
966 s_dkey_file = s_dcert_file; 945 s_dkey_file = s_dcert_file;
967 946
968 s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format, 947 s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
969 0, dpass, e, 948 0, dpass, "second certificate private key file");
970 "second certificate private key file");
971 if (!s_dkey) { 949 if (!s_dkey) {
972 ERR_print_errors(bio_err); 950 ERR_print_errors(bio_err);
973 goto end; 951 goto end;
974 } 952 }
975 s_dcert = load_cert(bio_err, s_dcert_file, s_dcert_format, 953 s_dcert = load_cert(bio_err, s_dcert_file, s_dcert_format,
976 NULL, e, "second server certificate file"); 954 NULL, "second server certificate file");
977 955
978 if (!s_dcert) { 956 if (!s_dcert) {
979 ERR_print_errors(bio_err); 957 ERR_print_errors(bio_err);
diff --git a/src/usr.bin/openssl/smime.c b/src/usr.bin/openssl/smime.c
index e1c54bf225..d981335179 100644
--- a/src/usr.bin/openssl/smime.c
+++ b/src/usr.bin/openssl/smime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: smime.c,v 1.3 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: smime.c,v 1.4 2015/09/11 14:30:23 bcook Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -85,7 +85,6 @@ static int smime_cb(int ok, X509_STORE_CTX * ctx);
85int 85int
86smime_main(int argc, char **argv) 86smime_main(int argc, char **argv)
87{ 87{
88 ENGINE *e = NULL;
89 int operation = 0; 88 int operation = 0;
90 int ret = 0; 89 int ret = 0;
91 char **args; 90 char **args;
@@ -110,9 +109,6 @@ smime_main(int argc, char **argv)
110 const EVP_MD *sign_md = NULL; 109 const EVP_MD *sign_md = NULL;
111 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; 110 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
112 int keyform = FORMAT_PEM; 111 int keyform = FORMAT_PEM;
113#ifndef OPENSSL_NO_ENGINE
114 char *engine = NULL;
115#endif
116 112
117 X509_VERIFY_PARAM *vpm = NULL; 113 X509_VERIFY_PARAM *vpm = NULL;
118 114
@@ -192,13 +188,6 @@ smime_main(int argc, char **argv)
192 flags |= PKCS7_NOOLDMIMETYPE; 188 flags |= PKCS7_NOOLDMIMETYPE;
193 else if (!strcmp(*args, "-crlfeol")) 189 else if (!strcmp(*args, "-crlfeol"))
194 flags |= PKCS7_CRLFEOL; 190 flags |= PKCS7_CRLFEOL;
195#ifndef OPENSSL_NO_ENGINE
196 else if (!strcmp(*args, "-engine")) {
197 if (!args[1])
198 goto argerr;
199 engine = *++args;
200 }
201#endif
202 else if (!strcmp(*args, "-passin")) { 191 else if (!strcmp(*args, "-passin")) {
203 if (!args[1]) 192 if (!args[1])
204 goto argerr; 193 goto argerr;
@@ -384,7 +373,7 @@ argerr:
384 BIO_printf(bio_err, "-in file input file\n"); 373 BIO_printf(bio_err, "-in file input file\n");
385 BIO_printf(bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); 374 BIO_printf(bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
386 BIO_printf(bio_err, "-inkey file input private key (if not signer or recipient)\n"); 375 BIO_printf(bio_err, "-inkey file input private key (if not signer or recipient)\n");
387 BIO_printf(bio_err, "-keyform arg input private key format (PEM or ENGINE)\n"); 376 BIO_printf(bio_err, "-keyform arg input private key format (PEM)\n");
388 BIO_printf(bio_err, "-out file output file\n"); 377 BIO_printf(bio_err, "-out file output file\n");
389 BIO_printf(bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); 378 BIO_printf(bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
390 BIO_printf(bio_err, "-content file supply or override content for detached signature\n"); 379 BIO_printf(bio_err, "-content file supply or override content for detached signature\n");
@@ -396,16 +385,10 @@ argerr:
396 BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); 385 BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
397 BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); 386 BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
398 BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); 387 BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
399#ifndef OPENSSL_NO_ENGINE
400 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
401#endif
402 BIO_printf(bio_err, "-passin arg input file pass phrase source\n"); 388 BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
403 BIO_printf(bio_err, "cert.pem recipient certificate(s) for encryption\n"); 389 BIO_printf(bio_err, "cert.pem recipient certificate(s) for encryption\n");
404 goto end; 390 goto end;
405 } 391 }
406#ifndef OPENSSL_NO_ENGINE
407 e = setup_engine(bio_err, engine, 0);
408#endif
409 392
410 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 393 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
411 BIO_printf(bio_err, "Error getting password\n"); 394 BIO_printf(bio_err, "Error getting password\n");
@@ -444,7 +427,7 @@ argerr:
444 encerts = sk_X509_new_null(); 427 encerts = sk_X509_new_null();
445 while (*args) { 428 while (*args) {
446 if (!(cert = load_cert(bio_err, *args, FORMAT_PEM, 429 if (!(cert = load_cert(bio_err, *args, FORMAT_PEM,
447 NULL, e, "recipient certificate file"))) { 430 NULL, "recipient certificate file"))) {
448 goto end; 431 goto end;
449 } 432 }
450 sk_X509_push(encerts, cert); 433 sk_X509_push(encerts, cert);
@@ -454,14 +437,14 @@ argerr:
454 } 437 }
455 if (certfile) { 438 if (certfile) {
456 if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL, 439 if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL,
457 e, "certificate file"))) { 440 "certificate file"))) {
458 ERR_print_errors(bio_err); 441 ERR_print_errors(bio_err);
459 goto end; 442 goto end;
460 } 443 }
461 } 444 }
462 if (recipfile && (operation == SMIME_DECRYPT)) { 445 if (recipfile && (operation == SMIME_DECRYPT)) {
463 if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL, 446 if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL,
464 e, "recipient certificate file"))) { 447 "recipient certificate file"))) {
465 ERR_print_errors(bio_err); 448 ERR_print_errors(bio_err);
466 goto end; 449 goto end;
467 } 450 }
@@ -476,7 +459,7 @@ argerr:
476 keyfile = NULL; 459 keyfile = NULL;
477 460
478 if (keyfile) { 461 if (keyfile) {
479 key = load_key(bio_err, keyfile, keyform, 0, passin, e, 462 key = load_key(bio_err, keyfile, keyform, 0, passin,
480 "signing key file"); 463 "signing key file");
481 if (!key) 464 if (!key)
482 goto end; 465 goto end;
@@ -559,10 +542,10 @@ argerr:
559 signerfile = sk_OPENSSL_STRING_value(sksigners, i); 542 signerfile = sk_OPENSSL_STRING_value(sksigners, i);
560 keyfile = sk_OPENSSL_STRING_value(skkeys, i); 543 keyfile = sk_OPENSSL_STRING_value(skkeys, i);
561 signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, 544 signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
562 e, "signer certificate"); 545 "signer certificate");
563 if (!signer) 546 if (!signer)
564 goto end; 547 goto end;
565 key = load_key(bio_err, keyfile, keyform, 0, passin, e, 548 key = load_key(bio_err, keyfile, keyform, 0, passin,
566 "signing key file"); 549 "signing key file");
567 if (!key) 550 if (!key)
568 goto end; 551 goto end;
diff --git a/src/usr.bin/openssl/speed.c b/src/usr.bin/openssl/speed.c
index 935d9556e7..2c3dd8d6c6 100644
--- a/src/usr.bin/openssl/speed.c
+++ b/src/usr.bin/openssl/speed.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: speed.c,v 1.10 2015/09/11 09:38:30 deraadt Exp $ */ 1/* $OpenBSD: speed.c,v 1.11 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -538,24 +538,6 @@ speed_main(int argc, char **argv)
538 j--; /* Otherwise, -elapsed gets confused with an 538 j--; /* Otherwise, -elapsed gets confused with an
539 * algorithm. */ 539 * algorithm. */
540 } 540 }
541#ifndef OPENSSL_NO_ENGINE
542 else if ((argc > 0) && (strcmp(*argv, "-engine") == 0)) {
543 argc--;
544 argv++;
545 if (argc == 0) {
546 BIO_printf(bio_err, "no engine given\n");
547 goto end;
548 }
549 setup_engine(bio_err, *argv, 0);
550 /*
551 * j will be increased again further down. We just
552 * don't want speed to confuse an engine with an
553 * algorithm, especially when none is given (which
554 * means all of them should be run)
555 */
556 j--;
557 }
558#endif
559 else if ((argc > 0) && (strcmp(*argv, "-multi") == 0)) { 541 else if ((argc > 0) && (strcmp(*argv, "-multi") == 0)) {
560 argc--; 542 argc--;
561 argv++; 543 argv++;
@@ -933,9 +915,6 @@ speed_main(int argc, char **argv)
933 BIO_printf(bio_err, "\n"); 915 BIO_printf(bio_err, "\n");
934 BIO_printf(bio_err, "Available options:\n"); 916 BIO_printf(bio_err, "Available options:\n");
935 BIO_printf(bio_err, "-elapsed measure time in real time instead of CPU user time.\n"); 917 BIO_printf(bio_err, "-elapsed measure time in real time instead of CPU user time.\n");
936#ifndef OPENSSL_NO_ENGINE
937 BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
938#endif
939 BIO_printf(bio_err, "-evp e use EVP e.\n"); 918 BIO_printf(bio_err, "-evp e use EVP e.\n");
940 BIO_printf(bio_err, "-decrypt time decryption instead of encryption (only EVP).\n"); 919 BIO_printf(bio_err, "-decrypt time decryption instead of encryption (only EVP).\n");
941 BIO_printf(bio_err, "-mr produce machine readable output.\n"); 920 BIO_printf(bio_err, "-mr produce machine readable output.\n");
diff --git a/src/usr.bin/openssl/spkac.c b/src/usr.bin/openssl/spkac.c
index b5ce764eae..b635b5e3b2 100644
--- a/src/usr.bin/openssl/spkac.c
+++ b/src/usr.bin/openssl/spkac.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: spkac.c,v 1.4 2015/08/19 18:25:31 deraadt Exp $ */ 1/* $OpenBSD: spkac.c,v 1.5 2015/09/11 14:30:23 bcook Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. Based on an original idea by Massimiliano Pala 3 * project 1999. Based on an original idea by Massimiliano Pala
4 * (madwolf@openca.org). 4 * (madwolf@openca.org).
@@ -75,9 +75,6 @@
75 75
76static struct { 76static struct {
77 char *challenge; 77 char *challenge;
78#ifndef OPENSSL_NO_ENGINE
79 char *engine;
80#endif
81 char *infile; 78 char *infile;
82 char *keyfile; 79 char *keyfile;
83 int noout; 80 int noout;
@@ -97,15 +94,6 @@ static struct option spkac_options[] = {
97 .type = OPTION_ARG, 94 .type = OPTION_ARG,
98 .opt.arg = &spkac_config.challenge, 95 .opt.arg = &spkac_config.challenge,
99 }, 96 },
100#ifndef OPENSSL_NO_ENGINE
101 {
102 .name = "engine",
103 .argname = "id",
104 .desc = "Use the engine specified by the given identifier",
105 .type = OPTION_ARG,
106 .opt.arg = &spkac_config.engine,
107 },
108#endif
109 { 97 {
110 .name = "in", 98 .name = "in",
111 .argname = "file", 99 .argname = "file",
@@ -174,7 +162,7 @@ static void
174spkac_usage(void) 162spkac_usage(void)
175{ 163{
176 fprintf(stderr, 164 fprintf(stderr,
177 "usage: spkac [-challenge string] [-engine id] [-in file] " 165 "usage: spkac [-challenge string] [-in file] "
178 "[-key file] [-noout]\n" 166 "[-key file] [-noout]\n"
179 " [-out file] [-passin src] [-pubkey] [-spkac name] " 167 " [-out file] [-passin src] [-pubkey] [-spkac name] "
180 "[-spksect section]\n" 168 "[-spksect section]\n"
@@ -185,7 +173,6 @@ spkac_usage(void)
185int 173int
186spkac_main(int argc, char **argv) 174spkac_main(int argc, char **argv)
187{ 175{
188 ENGINE *e = NULL;
189 int i, ret = 1; 176 int i, ret = 1;
190 BIO *in = NULL, *out = NULL; 177 BIO *in = NULL, *out = NULL;
191 char *passin = NULL; 178 char *passin = NULL;
@@ -207,14 +194,11 @@ spkac_main(int argc, char **argv)
207 BIO_printf(bio_err, "Error getting password\n"); 194 BIO_printf(bio_err, "Error getting password\n");
208 goto end; 195 goto end;
209 } 196 }
210#ifndef OPENSSL_NO_ENGINE
211 e = setup_engine(bio_err, spkac_config.engine, 0);
212#endif
213 197
214 if (spkac_config.keyfile) { 198 if (spkac_config.keyfile) {
215 pkey = load_key(bio_err, 199 pkey = load_key(bio_err,
216 strcmp(spkac_config.keyfile, "-") ? spkac_config.keyfile 200 strcmp(spkac_config.keyfile, "-") ? spkac_config.keyfile
217 : NULL, FORMAT_PEM, 1, passin, e, "private key"); 201 : NULL, FORMAT_PEM, 1, passin, "private key");
218 if (!pkey) { 202 if (!pkey) {
219 goto end; 203 goto end;
220 } 204 }
diff --git a/src/usr.bin/openssl/ts.c b/src/usr.bin/openssl/ts.c
index ae7dfff615..e958d0aaff 100644
--- a/src/usr.bin/openssl/ts.c
+++ b/src/usr.bin/openssl/ts.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ts.c,v 1.5 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: ts.c,v 1.6 2015/09/11 14:30:23 bcook Exp $ */
2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL 2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3 * project 2002. 3 * project 2002.
4 */ 4 */
@@ -92,13 +92,13 @@ static int create_digest(BIO * input, char *digest,
92static ASN1_INTEGER *create_nonce(int bits); 92static ASN1_INTEGER *create_nonce(int bits);
93 93
94/* Reply related functions. */ 94/* Reply related functions. */
95static int reply_command(CONF * conf, char *section, char *engine, 95static int reply_command(CONF * conf, char *section,
96 char *queryfile, char *passin, char *inkey, 96 char *queryfile, char *passin, char *inkey,
97 char *signer, char *chain, const char *policy, 97 char *signer, char *chain, const char *policy,
98 char *in, int token_in, char *out, int token_out, 98 char *in, int token_in, char *out, int token_out,
99 int text); 99 int text);
100static TS_RESP *read_PKCS7(BIO * in_bio); 100static TS_RESP *read_PKCS7(BIO * in_bio);
101static TS_RESP *create_response(CONF * conf, const char *section, char *engine, 101static TS_RESP *create_response(CONF * conf, const char *section,
102 char *queryfile, char *passin, char *inkey, 102 char *queryfile, char *passin, char *inkey,
103 char *signer, char *chain, const char *policy); 103 char *signer, char *chain, const char *policy);
104static ASN1_INTEGER *serial_cb(TS_RESP_CTX * ctx, void *data); 104static ASN1_INTEGER *serial_cb(TS_RESP_CTX * ctx, void *data);
@@ -144,7 +144,6 @@ ts_main(int argc, char **argv)
144 char *ca_path = NULL; 144 char *ca_path = NULL;
145 char *ca_file = NULL; 145 char *ca_file = NULL;
146 char *untrusted = NULL; 146 char *untrusted = NULL;
147 char *engine = NULL;
148 /* Input is ContentInfo instead of TimeStampResp. */ 147 /* Input is ContentInfo instead of TimeStampResp. */
149 int token_in = 0; 148 int token_in = 0;
150 /* Output is ContentInfo instead of TimeStampResp. */ 149 /* Output is ContentInfo instead of TimeStampResp. */
@@ -233,10 +232,6 @@ ts_main(int argc, char **argv)
233 if (argc-- < 1) 232 if (argc-- < 1)
234 goto usage; 233 goto usage;
235 untrusted = *++argv; 234 untrusted = *++argv;
236 } else if (strcmp(*argv, "-engine") == 0) {
237 if (argc-- < 1)
238 goto usage;
239 engine = *++argv;
240 } else if ((md = EVP_get_digestbyname(*argv + 1)) != NULL) { 235 } else if ((md = EVP_get_digestbyname(*argv + 1)) != NULL) {
241 /* empty. */ 236 /* empty. */
242 } else 237 } else
@@ -282,7 +277,7 @@ ts_main(int argc, char **argv)
282 goto usage; 277 goto usage;
283 } 278 }
284 279
285 ret = !reply_command(conf, section, engine, queryfile, 280 ret = !reply_command(conf, section, queryfile,
286 password, inkey, signer, chain, policy, 281 password, inkey, signer, chain, policy,
287 in, token_in, out, token_out, text); 282 in, token_in, out, token_out, text);
288 break; 283 break;
@@ -312,7 +307,7 @@ usage:
312 "[-signer tsa_cert.pem] [-inkey private_key.pem] " 307 "[-signer tsa_cert.pem] [-inkey private_key.pem] "
313 "[-chain certs_file.pem] [-policy object_id] " 308 "[-chain certs_file.pem] [-policy object_id] "
314 "[-in response.tsr] [-token_in] " 309 "[-in response.tsr] [-token_in] "
315 "[-out response.tsr] [-token_out] [-text] [-engine id]\n"); 310 "[-out response.tsr] [-token_out] [-text]\n");
316 BIO_printf(bio_err, "or\n" 311 BIO_printf(bio_err, "or\n"
317 "ts -verify [-data file_to_hash] [-digest digest_bytes] " 312 "ts -verify [-data file_to_hash] [-digest digest_bytes] "
318 "[-queryfile request.tsq] " 313 "[-queryfile request.tsq] "
@@ -615,7 +610,7 @@ err:
615 */ 610 */
616 611
617static int 612static int
618reply_command(CONF * conf, char *section, char *engine, char *queryfile, 613reply_command(CONF * conf, char *section, char *queryfile,
619 char *passin, char *inkey, char *signer, char *chain, const char *policy, 614 char *passin, char *inkey, char *signer, char *chain, const char *policy,
620 char *in, int token_in, char *out, int token_out, int text) 615 char *in, int token_in, char *out, int token_out, int text)
621{ 616{
@@ -642,7 +637,7 @@ reply_command(CONF * conf, char *section, char *engine, char *queryfile,
642 response = d2i_TS_RESP_bio(in_bio, NULL); 637 response = d2i_TS_RESP_bio(in_bio, NULL);
643 } 638 }
644 } else { 639 } else {
645 response = create_response(conf, section, engine, queryfile, 640 response = create_response(conf, section, queryfile,
646 passin, inkey, signer, chain, 641 passin, inkey, signer, chain,
647 policy); 642 policy);
648 if (response) 643 if (response)
@@ -740,7 +735,7 @@ end:
740} 735}
741 736
742static TS_RESP * 737static TS_RESP *
743create_response(CONF * conf, const char *section, char *engine, 738create_response(CONF * conf, const char *section,
744 char *queryfile, char *passin, char *inkey, 739 char *queryfile, char *passin, char *inkey,
745 char *signer, char *chain, const char *policy) 740 char *signer, char *chain, const char *policy)
746{ 741{
@@ -763,11 +758,6 @@ create_response(CONF * conf, const char *section, char *engine,
763 /* Setting serial number provider callback. */ 758 /* Setting serial number provider callback. */
764 if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx)) 759 if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx))
765 goto end; 760 goto end;
766#ifndef OPENSSL_NO_ENGINE
767 /* Setting default OpenSSL engine. */
768 if (!TS_CONF_set_crypto_device(conf, section, engine))
769 goto end;
770#endif
771 761
772 /* Setting TSA signer certificate. */ 762 /* Setting TSA signer certificate. */
773 if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx)) 763 if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx))
diff --git a/src/usr.bin/openssl/verify.c b/src/usr.bin/openssl/verify.c
index ec27275d79..62ca63f01b 100644
--- a/src/usr.bin/openssl/verify.c
+++ b/src/usr.bin/openssl/verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: verify.c,v 1.3 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: verify.c,v 1.4 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -70,13 +70,12 @@
70 70
71static int cb(int ok, X509_STORE_CTX * ctx); 71static int cb(int ok, X509_STORE_CTX * ctx);
72static int check(X509_STORE * ctx, char *file, STACK_OF(X509) * uchain, 72static int check(X509_STORE * ctx, char *file, STACK_OF(X509) * uchain,
73 STACK_OF(X509) * tchain, STACK_OF(X509_CRL) * crls, ENGINE * e); 73 STACK_OF(X509) * tchain, STACK_OF(X509_CRL) * crls);
74static int v_verbose = 0, vflags = 0; 74static int v_verbose = 0, vflags = 0;
75 75
76int 76int
77verify_main(int argc, char **argv) 77verify_main(int argc, char **argv)
78{ 78{
79 ENGINE *e = NULL;
80 int i, ret = 1, badarg = 0; 79 int i, ret = 1, badarg = 0;
81 char *CApath = NULL, *CAfile = NULL; 80 char *CApath = NULL, *CAfile = NULL;
82 char *untfile = NULL, *trustfile = NULL, *crlfile = NULL; 81 char *untfile = NULL, *trustfile = NULL, *crlfile = NULL;
@@ -85,9 +84,6 @@ verify_main(int argc, char **argv)
85 X509_STORE *cert_ctx = NULL; 84 X509_STORE *cert_ctx = NULL;
86 X509_LOOKUP *lookup = NULL; 85 X509_LOOKUP *lookup = NULL;
87 X509_VERIFY_PARAM *vpm = NULL; 86 X509_VERIFY_PARAM *vpm = NULL;
88#ifndef OPENSSL_NO_ENGINE
89 char *engine = NULL;
90#endif
91 87
92 cert_ctx = X509_STORE_new(); 88 cert_ctx = X509_STORE_new();
93 if (cert_ctx == NULL) 89 if (cert_ctx == NULL)
@@ -124,13 +120,6 @@ verify_main(int argc, char **argv)
124 goto end; 120 goto end;
125 crlfile = *(++argv); 121 crlfile = *(++argv);
126 } 122 }
127#ifndef OPENSSL_NO_ENGINE
128 else if (strcmp(*argv, "-engine") == 0) {
129 if (--argc < 1)
130 goto end;
131 engine = *(++argv);
132 }
133#endif
134 else if (strcmp(*argv, "-help") == 0) 123 else if (strcmp(*argv, "-help") == 0)
135 goto end; 124 goto end;
136 else if (strcmp(*argv, "-verbose") == 0) 125 else if (strcmp(*argv, "-verbose") == 0)
@@ -145,10 +134,6 @@ verify_main(int argc, char **argv)
145 break; 134 break;
146 } 135 }
147 136
148#ifndef OPENSSL_NO_ENGINE
149 e = setup_engine(bio_err, engine, 0);
150#endif
151
152 if (vpm) 137 if (vpm)
153 X509_STORE_set1_param(cert_ctx, vpm); 138 X509_STORE_set1_param(cert_ctx, vpm);
154 139
@@ -182,30 +167,30 @@ verify_main(int argc, char **argv)
182 167
183 if (untfile) { 168 if (untfile) {
184 untrusted = load_certs(bio_err, untfile, FORMAT_PEM, 169 untrusted = load_certs(bio_err, untfile, FORMAT_PEM,
185 NULL, e, "untrusted certificates"); 170 NULL, "untrusted certificates");
186 if (!untrusted) 171 if (!untrusted)
187 goto end; 172 goto end;
188 } 173 }
189 if (trustfile) { 174 if (trustfile) {
190 trusted = load_certs(bio_err, trustfile, FORMAT_PEM, 175 trusted = load_certs(bio_err, trustfile, FORMAT_PEM,
191 NULL, e, "trusted certificates"); 176 NULL, "trusted certificates");
192 if (!trusted) 177 if (!trusted)
193 goto end; 178 goto end;
194 } 179 }
195 if (crlfile) { 180 if (crlfile) {
196 crls = load_crls(bio_err, crlfile, FORMAT_PEM, 181 crls = load_crls(bio_err, crlfile, FORMAT_PEM,
197 NULL, e, "other CRLs"); 182 NULL, "other CRLs");
198 if (!crls) 183 if (!crls)
199 goto end; 184 goto end;
200 } 185 }
201 ret = 0; 186 ret = 0;
202 if (argc < 1) { 187 if (argc < 1) {
203 if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e)) 188 if (1 != check(cert_ctx, NULL, untrusted, trusted, crls))
204 ret = -1; 189 ret = -1;
205 } else { 190 } else {
206 for (i = 0; i < argc; i++) 191 for (i = 0; i < argc; i++)
207 if (1 != check(cert_ctx, argv[i], untrusted, trusted, 192 if (1 != check(cert_ctx, argv[i], untrusted, trusted,
208 crls, e)) 193 crls))
209 ret = -1; 194 ret = -1;
210 } 195 }
211 196
@@ -213,9 +198,6 @@ end:
213 if (ret == 1) { 198 if (ret == 1) {
214 BIO_printf(bio_err, "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); 199 BIO_printf(bio_err, "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
215 BIO_printf(bio_err, " [-attime timestamp]"); 200 BIO_printf(bio_err, " [-attime timestamp]");
216#ifndef OPENSSL_NO_ENGINE
217 BIO_printf(bio_err, " [-engine e]");
218#endif
219 BIO_printf(bio_err, " cert1 cert2 ...\n"); 201 BIO_printf(bio_err, " cert1 cert2 ...\n");
220 202
221 BIO_printf(bio_err, "recognized usages:\n"); 203 BIO_printf(bio_err, "recognized usages:\n");
@@ -240,13 +222,13 @@ end:
240 222
241static int 223static int
242check(X509_STORE * ctx, char *file, STACK_OF(X509) * uchain, 224check(X509_STORE * ctx, char *file, STACK_OF(X509) * uchain,
243 STACK_OF(X509) * tchain, STACK_OF(X509_CRL) * crls, ENGINE * e) 225 STACK_OF(X509) * tchain, STACK_OF(X509_CRL) * crls)
244{ 226{
245 X509 *x = NULL; 227 X509 *x = NULL;
246 int i = 0, ret = 0; 228 int i = 0, ret = 0;
247 X509_STORE_CTX *csc; 229 X509_STORE_CTX *csc;
248 230
249 x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file"); 231 x = load_cert(bio_err, file, FORMAT_PEM, NULL, "certificate file");
250 if (x == NULL) 232 if (x == NULL)
251 goto end; 233 goto end;
252 fprintf(stdout, "%s: ", (file == NULL) ? "stdin" : file); 234 fprintf(stdout, "%s: ", (file == NULL) ? "stdin" : file);
diff --git a/src/usr.bin/openssl/x509.c b/src/usr.bin/openssl/x509.c
index 0e5594372b..a8812f7e74 100644
--- a/src/usr.bin/openssl/x509.c
+++ b/src/usr.bin/openssl/x509.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509.c,v 1.5 2015/08/22 16:36:05 jsing Exp $ */ 1/* $OpenBSD: x509.c,v 1.6 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -140,9 +140,6 @@ static const char *x509_usage[] = {
140 " -extensions - section from config file with X509V3 extensions to add\n", 140 " -extensions - section from config file with X509V3 extensions to add\n",
141 " -clrext - delete extensions before signing and input certificate\n", 141 " -clrext - delete extensions before signing and input certificate\n",
142 " -nameopt arg - various certificate name options\n", 142 " -nameopt arg - various certificate name options\n",
143#ifndef OPENSSL_NO_ENGINE
144 " -engine e - use engine e, possibly a hardware device.\n",
145#endif
146 " -certopt arg - various certificate text options\n", 143 " -certopt arg - various certificate text options\n",
147 NULL 144 NULL
148}; 145};
@@ -160,7 +157,6 @@ static int reqfile = 0;
160int 157int
161x509_main(int argc, char **argv) 158x509_main(int argc, char **argv)
162{ 159{
163 ENGINE *e = NULL;
164 int ret = 1; 160 int ret = 1;
165 X509_REQ *req = NULL; 161 X509_REQ *req = NULL;
166 X509 *x = NULL, *xca = NULL; 162 X509 *x = NULL, *xca = NULL;
@@ -200,9 +196,6 @@ x509_main(int argc, char **argv)
200 char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; 196 char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
201 int checkend = 0, checkoffset = 0; 197 int checkend = 0, checkoffset = 0;
202 unsigned long nmflag = 0, certflag = 0; 198 unsigned long nmflag = 0, certflag = 0;
203#ifndef OPENSSL_NO_ENGINE
204 char *engine = NULL;
205#endif
206 const char *errstr = NULL; 199 const char *errstr = NULL;
207 200
208 reqfile = 0; 201 reqfile = 0;
@@ -345,13 +338,6 @@ x509_main(int argc, char **argv)
345 if (!set_name_ex(&nmflag, *(++argv))) 338 if (!set_name_ex(&nmflag, *(++argv)))
346 goto bad; 339 goto bad;
347 } 340 }
348#ifndef OPENSSL_NO_ENGINE
349 else if (strcmp(*argv, "-engine") == 0) {
350 if (--argc < 1)
351 goto bad;
352 engine = *(++argv);
353 }
354#endif
355 else if (strcmp(*argv, "-C") == 0) 341 else if (strcmp(*argv, "-C") == 0)
356 C = ++num; 342 C = ++num;
357 else if (strcmp(*argv, "-email") == 0) 343 else if (strcmp(*argv, "-email") == 0)
@@ -441,9 +427,6 @@ bad:
441 BIO_printf(bio_err, "%s", *pp); 427 BIO_printf(bio_err, "%s", *pp);
442 goto end; 428 goto end;
443 } 429 }
444#ifndef OPENSSL_NO_ENGINE
445 e = setup_engine(bio_err, engine, 0);
446#endif
447 430
448 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 431 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
449 BIO_printf(bio_err, "Error getting password\n"); 432 BIO_printf(bio_err, "Error getting password\n");
@@ -575,12 +558,12 @@ bad:
575 X509_set_pubkey(x, pkey); 558 X509_set_pubkey(x, pkey);
576 EVP_PKEY_free(pkey); 559 EVP_PKEY_free(pkey);
577 } else 560 } else
578 x = load_cert(bio_err, infile, informat, NULL, e, "Certificate"); 561 x = load_cert(bio_err, infile, informat, NULL, "Certificate");
579 562
580 if (x == NULL) 563 if (x == NULL)
581 goto end; 564 goto end;
582 if (CA_flag) { 565 if (CA_flag) {
583 xca = load_cert(bio_err, CAfile, CAformat, NULL, e, "CA Certificate"); 566 xca = load_cert(bio_err, CAfile, CAformat, NULL, "CA Certificate");
584 if (xca == NULL) 567 if (xca == NULL)
585 goto end; 568 goto end;
586 } 569 }
@@ -813,7 +796,7 @@ bad:
813 if (Upkey == NULL) { 796 if (Upkey == NULL) {
814 Upkey = load_key(bio_err, 797 Upkey = load_key(bio_err,
815 keyfile, keyformat, 0, 798 keyfile, keyformat, 0,
816 passin, e, "Private key"); 799 passin, "Private key");
817 if (Upkey == NULL) 800 if (Upkey == NULL)
818 goto end; 801 goto end;
819 } 802 }
@@ -825,8 +808,7 @@ bad:
825 if (CAkeyfile != NULL) { 808 if (CAkeyfile != NULL) {
826 CApkey = load_key(bio_err, 809 CApkey = load_key(bio_err,
827 CAkeyfile, CAkeyformat, 810 CAkeyfile, CAkeyformat,
828 0, passin, e, 811 0, passin, "CA Private Key");
829 "CA Private Key");
830 if (CApkey == NULL) 812 if (CApkey == NULL)
831 goto end; 813 goto end;
832 } 814 }
@@ -845,7 +827,7 @@ bad:
845 } else { 827 } else {
846 pk = load_key(bio_err, 828 pk = load_key(bio_err,
847 keyfile, keyformat, 0, 829 keyfile, keyformat, 0,
848 passin, e, "request key"); 830 passin, "request key");
849 if (pk == NULL) 831 if (pk == NULL)
850 goto end; 832 goto end;
851 } 833 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 05:36:03 +0000