Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

1 files changed, 9 insertions, 27 deletions

diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c
index 8645128e42..254d551aa5 100644
--- a/src/usr.bin/openssl/ca.c
+++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ca.c,v 1.11 2015/09/10 16:01:06 jsing Exp $ */
+/* $OpenBSD: ca.c,v 1.12 2015/09/11 14:30:23 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -135,7 +135,7 @@ static const char *ca_usage[] = {
         " -md arg         - md to use, one of md2, md5, sha or sha1\n",
         " -policy arg     - The CA 'policy' to support\n",
         " -keyfile arg    - private key file\n",
-        " -keyform arg    - private key file format (PEM or ENGINE)\n",
+        " -keyform arg    - private key file format (PEM)\n",
         " -key arg        - key to decode the private key if it is encrypted\n",
         " -cert file      - The CA certificate\n",
         " -selfsign       - sign a certificate with the key associated with it\n",
@@ -156,9 +156,6 @@ static const char *ca_usage[] = {
         " -extensions ..  - Extension section (override value in config file)\n",
         " -extfile file   - Configuration file with X509v3 extentions to add\n",
         " -crlexts ..     - CRL extension section (override value in config file)\n",
-#ifndef OPENSSL_NO_ENGINE
-        " -engine e       - use engine e, possibly a hardware device.\n",
-#endif
         " -status serial  - Shows certificate status given the serial number\n",
         " -updatedb       - Updates db for expired certificates\n",
         NULL
@@ -178,7 +175,7 @@ static int certify_cert(X509 ** xret, char *infile, EVP_PKEY * pkey,
     unsigned long chtype, int multirdn, int email_dn, char *startdate,
     char *enddate, long days, int batch, char *ext_sect, CONF * conf,
     int verbose, unsigned long certopt, unsigned long nameopt, int default_op,
-    int ext_copy, ENGINE * e);
+    int ext_copy);
 static int certify_spkac(X509 ** xret, char *infile, EVP_PKEY * pkey,
     X509 * x509, const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts,
     STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj,
@@ -213,7 +210,6 @@ static int msie_hack = 0;
 int
 ca_main(int argc, char **argv)
 {
-        ENGINE *e = NULL;
         char *key = NULL, *passargin = NULL;
         int create_ser = 0;
         int free_key = 0;
@@ -286,9 +282,6 @@ ca_main(int argc, char **argv)
         STACK_OF(OPENSSL_STRING) * sigopts = NULL;
 #define BUFLEN 256
         char buf[3][BUFLEN];
-#ifndef OPENSSL_NO_ENGINE
-        char *engine = NULL;
-#endif
         char *tofree = NULL;
         const char *errstr = NULL;
         DB_ATTR db_attr;
@@ -478,13 +471,6 @@ ca_main(int argc, char **argv)
                         rev_arg = *(++argv);
                         rev_type = REV_CA_COMPROMISE;
                 }
-#ifndef OPENSSL_NO_ENGINE
-                else if (strcmp(*argv, "-engine") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        engine = *(++argv);
-                }
-#endif
                 else {
 bad:
                         if (errstr)
@@ -536,10 +522,6 @@ bad:
         free(tofree);
         tofree = NULL;
 
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
-#endif
-
         /* Lets get the config section we are using */
         if (section == NULL) {
                 section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_CA);
@@ -639,7 +621,7 @@ bad:
                         goto err;
                 }
         }
-        pkey = load_key(bio_err, keyfile, keyform, 0, key, e, "CA private key");
+        pkey = load_key(bio_err, keyfile, keyform, 0, key, "CA private key");
         if (key)
                 explicit_bzero(key, strlen(key));
         if (pkey == NULL) {
@@ -655,7 +637,7 @@ bad:
                         lookup_fail(section, ENV_CERTIFICATE);
                         goto err;
                 }
-                x509 = load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,
+                x509 = load_cert(bio_err, certfile, FORMAT_PEM, NULL,
                     "CA certificate");
                 if (x509 == NULL)
                         goto err;
@@ -1028,7 +1010,7 @@ bad:
                             sigopts, attribs, db, serial, subj, chtype,
                             multirdn, email_dn, startdate, enddate, days, batch,
                             extensions, conf, verbose, certopt, nameopt,
-                            default_op, ext_copy, e);
+                            default_op, ext_copy);
                         if (j < 0)
                                 goto err;
                         if (j > 0) {
@@ -1314,7 +1296,7 @@ bad:
                 } else {
                         X509 *revcert;
                         revcert = load_cert(bio_err, infile, FORMAT_PEM,
-                            NULL, e, infile);
+                            NULL, infile);
                         if (revcert == NULL)
                                 goto err;
                         j = do_revoke(revcert, db, rev_type, rev_arg);
@@ -1446,14 +1428,14 @@ certify_cert(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509,
     unsigned long chtype, int multirdn, int email_dn, char *startdate,
     char *enddate, long days, int batch, char *ext_sect, CONF * lconf,
     int verbose, unsigned long certopt, unsigned long nameopt, int default_op,
-    int ext_copy, ENGINE * e)
+    int ext_copy)
 {
         X509 *req = NULL;
         X509_REQ *rreq = NULL;
         EVP_PKEY *pktmp = NULL;
         int ok = -1, i;
 
-        if ((req = load_cert(bio_err, infile, FORMAT_PEM, NULL, e,
+        if ((req = load_cert(bio_err, infile, FORMAT_PEM, NULL,
             infile)) == NULL)
                 goto err;
         if (verbose)