diff options
| author | bcook <> | 2015-09-11 14:30:23 +0000 |
|---|---|---|
| committer | bcook <> | 2015-09-11 14:30:23 +0000 |
| commit | e2fad4e6bdd4e404b3f4c186de52078738af2271 (patch) | |
| tree | cc1109842924cab95a77b6863b32de51b6d4f960 /src/usr.bin/openssl/genpkey.c | |
| parent | 7cea1ef22b79637be449efa70b99c6deaf74ef10 (diff) | |
| download | openbsd-e2fad4e6bdd4e404b3f4c186de52078738af2271.tar.gz openbsd-e2fad4e6bdd4e404b3f4c186de52078738af2271.tar.bz2 openbsd-e2fad4e6bdd4e404b3f4c186de52078738af2271.zip | |
Remove engine command and parameters from openssl(1).
We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.
ok jsing@
Diffstat (limited to '')
| -rw-r--r-- | src/usr.bin/openssl/genpkey.c | 44 |
1 files changed, 9 insertions, 35 deletions
diff --git a/src/usr.bin/openssl/genpkey.c b/src/usr.bin/openssl/genpkey.c index 1ebc4e7d3c..d76e2febd8 100644 --- a/src/usr.bin/openssl/genpkey.c +++ b/src/usr.bin/openssl/genpkey.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: genpkey.c,v 1.4 2015/08/22 16:36:05 jsing Exp $ */ | 1 | /* $OpenBSD: genpkey.c,v 1.5 2015/09/11 14:30:23 bcook Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006 | 3 | * project 2006 |
| 4 | */ | 4 | */ |
| @@ -65,19 +65,13 @@ | |||
| 65 | #include <openssl/evp.h> | 65 | #include <openssl/evp.h> |
| 66 | #include <openssl/pem.h> | 66 | #include <openssl/pem.h> |
| 67 | 67 | ||
| 68 | #ifndef OPENSSL_NO_ENGINE | ||
| 69 | #include <openssl/engine.h> | ||
| 70 | #endif | ||
| 71 | |||
| 72 | static int | 68 | static int |
| 73 | init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx, const char *file, | 69 | init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx, const char *file); |
| 74 | ENGINE * e); | ||
| 75 | static int genpkey_cb(EVP_PKEY_CTX * ctx); | 70 | static int genpkey_cb(EVP_PKEY_CTX * ctx); |
| 76 | 71 | ||
| 77 | int | 72 | int |
| 78 | genpkey_main(int argc, char **argv) | 73 | genpkey_main(int argc, char **argv) |
| 79 | { | 74 | { |
| 80 | ENGINE *e = NULL; | ||
| 81 | char **args, *outfile = NULL; | 75 | char **args, *outfile = NULL; |
| 82 | char *passarg = NULL; | 76 | char *passarg = NULL; |
| 83 | BIO *in = NULL, *out = NULL; | 77 | BIO *in = NULL, *out = NULL; |
| @@ -107,20 +101,13 @@ genpkey_main(int argc, char **argv) | |||
| 107 | goto bad; | 101 | goto bad; |
| 108 | passarg = *(++args); | 102 | passarg = *(++args); |
| 109 | } | 103 | } |
| 110 | #ifndef OPENSSL_NO_ENGINE | ||
| 111 | else if (strcmp(*args, "-engine") == 0) { | ||
| 112 | if (!args[1]) | ||
| 113 | goto bad; | ||
| 114 | e = setup_engine(bio_err, *(++args), 0); | ||
| 115 | } | ||
| 116 | #endif | ||
| 117 | else if (!strcmp(*args, "-paramfile")) { | 104 | else if (!strcmp(*args, "-paramfile")) { |
| 118 | if (!args[1]) | 105 | if (!args[1]) |
| 119 | goto bad; | 106 | goto bad; |
| 120 | args++; | 107 | args++; |
| 121 | if (do_param == 1) | 108 | if (do_param == 1) |
| 122 | goto bad; | 109 | goto bad; |
| 123 | if (!init_keygen_file(bio_err, &ctx, *args, e)) | 110 | if (!init_keygen_file(bio_err, &ctx, *args)) |
| 124 | goto end; | 111 | goto end; |
| 125 | } else if (!strcmp(*args, "-out")) { | 112 | } else if (!strcmp(*args, "-out")) { |
| 126 | if (args[1]) { | 113 | if (args[1]) { |
| @@ -131,7 +118,7 @@ genpkey_main(int argc, char **argv) | |||
| 131 | } else if (strcmp(*args, "-algorithm") == 0) { | 118 | } else if (strcmp(*args, "-algorithm") == 0) { |
| 132 | if (!args[1]) | 119 | if (!args[1]) |
| 133 | goto bad; | 120 | goto bad; |
| 134 | if (!init_gen_str(bio_err, &ctx, *(++args), e, do_param)) | 121 | if (!init_gen_str(bio_err, &ctx, *(++args), do_param)) |
| 135 | goto end; | 122 | goto end; |
| 136 | } else if (strcmp(*args, "-pkeyopt") == 0) { | 123 | } else if (strcmp(*args, "-pkeyopt") == 0) { |
| 137 | if (!args[1]) | 124 | if (!args[1]) |
| @@ -174,9 +161,6 @@ bad: | |||
| 174 | BIO_printf(bio_err, "-outform X output format (DER or PEM)\n"); | 161 | BIO_printf(bio_err, "-outform X output format (DER or PEM)\n"); |
| 175 | BIO_printf(bio_err, "-pass arg output file pass phrase source\n"); | 162 | BIO_printf(bio_err, "-pass arg output file pass phrase source\n"); |
| 176 | BIO_printf(bio_err, "-<cipher> use cipher <cipher> to encrypt the key\n"); | 163 | BIO_printf(bio_err, "-<cipher> use cipher <cipher> to encrypt the key\n"); |
| 177 | #ifndef OPENSSL_NO_ENGINE | ||
| 178 | BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); | ||
| 179 | #endif | ||
| 180 | BIO_printf(bio_err, "-paramfile file parameters file\n"); | 164 | BIO_printf(bio_err, "-paramfile file parameters file\n"); |
| 181 | BIO_printf(bio_err, "-algorithm alg the public key algorithm\n"); | 165 | BIO_printf(bio_err, "-algorithm alg the public key algorithm\n"); |
| 182 | BIO_printf(bio_err, "-pkeyopt opt:value set the public key algorithm option <opt>\n" | 166 | BIO_printf(bio_err, "-pkeyopt opt:value set the public key algorithm option <opt>\n" |
| @@ -261,7 +245,7 @@ end: | |||
| 261 | 245 | ||
| 262 | static int | 246 | static int |
| 263 | init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx, | 247 | init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx, |
| 264 | const char *file, ENGINE * e) | 248 | const char *file) |
| 265 | { | 249 | { |
| 266 | BIO *pbio; | 250 | BIO *pbio; |
| 267 | EVP_PKEY *pkey = NULL; | 251 | EVP_PKEY *pkey = NULL; |
| @@ -282,7 +266,7 @@ init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx, | |||
| 282 | BIO_printf(bio_err, "Error reading parameter file %s\n", file); | 266 | BIO_printf(bio_err, "Error reading parameter file %s\n", file); |
| 283 | return 0; | 267 | return 0; |
| 284 | } | 268 | } |
| 285 | ctx = EVP_PKEY_CTX_new(pkey, e); | 269 | ctx = EVP_PKEY_CTX_new(pkey, NULL); |
| 286 | if (!ctx) | 270 | if (!ctx) |
| 287 | goto err; | 271 | goto err; |
| 288 | if (EVP_PKEY_keygen_init(ctx) <= 0) | 272 | if (EVP_PKEY_keygen_init(ctx) <= 0) |
| @@ -304,23 +288,17 @@ err: | |||
| 304 | 288 | ||
| 305 | int | 289 | int |
| 306 | init_gen_str(BIO * err, EVP_PKEY_CTX ** pctx, | 290 | init_gen_str(BIO * err, EVP_PKEY_CTX ** pctx, |
| 307 | const char *algname, ENGINE * e, int do_param) | 291 | const char *algname, int do_param) |
| 308 | { | 292 | { |
| 309 | EVP_PKEY_CTX *ctx = NULL; | 293 | EVP_PKEY_CTX *ctx = NULL; |
| 310 | const EVP_PKEY_ASN1_METHOD *ameth; | 294 | const EVP_PKEY_ASN1_METHOD *ameth; |
| 311 | ENGINE *tmpeng = NULL; | ||
| 312 | int pkey_id; | 295 | int pkey_id; |
| 313 | 296 | ||
| 314 | if (*pctx) { | 297 | if (*pctx) { |
| 315 | BIO_puts(err, "Algorithm already set!\n"); | 298 | BIO_puts(err, "Algorithm already set!\n"); |
| 316 | return 0; | 299 | return 0; |
| 317 | } | 300 | } |
| 318 | ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1); | 301 | ameth = EVP_PKEY_asn1_find_str(NULL, algname, -1); |
| 319 | |||
| 320 | #ifndef OPENSSL_NO_ENGINE | ||
| 321 | if (!ameth && e) | ||
| 322 | ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1); | ||
| 323 | #endif | ||
| 324 | 302 | ||
| 325 | if (!ameth) { | 303 | if (!ameth) { |
| 326 | BIO_printf(bio_err, "Algorithm %s not found\n", algname); | 304 | BIO_printf(bio_err, "Algorithm %s not found\n", algname); |
| @@ -329,11 +307,7 @@ init_gen_str(BIO * err, EVP_PKEY_CTX ** pctx, | |||
| 329 | ERR_clear_error(); | 307 | ERR_clear_error(); |
| 330 | 308 | ||
| 331 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); | 309 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); |
| 332 | #ifndef OPENSSL_NO_ENGINE | 310 | ctx = EVP_PKEY_CTX_new_id(pkey_id, NULL); |
| 333 | if (tmpeng) | ||
| 334 | ENGINE_finish(tmpeng); | ||
| 335 | #endif | ||
| 336 | ctx = EVP_PKEY_CTX_new_id(pkey_id, e); | ||
| 337 | 311 | ||
| 338 | if (!ctx) | 312 | if (!ctx) |
| 339 | goto err; | 313 | goto err; |