Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

1 files changed, 10 insertions, 56 deletions

diff --git a/src/usr.bin/openssl/req.c b/src/usr.bin/openssl/req.c
index 4e1a4757dd..5ed658bfb1 100644
--- a/src/usr.bin/openssl/req.c
+++ b/src/usr.bin/openssl/req.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: req.c,v 1.6 2015/08/22 16:36:05 jsing Exp $ */
+/* $OpenBSD: req.c,v 1.7 2015/09/11 14:30:23 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -140,15 +140,13 @@ static int genpkey_cb(EVP_PKEY_CTX * ctx);
 static int req_check_len(int len, int n_min, int n_max);
 static int check_end(const char *str, const char *end);
 static EVP_PKEY_CTX *set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
-    long *pkeylen, char **palgnam,
-    ENGINE * keygen_engine);
+    long *pkeylen, char **palgnam);
 static CONF *req_conf = NULL;
 static int batch = 0;
 
 int
 req_main(int argc, char **argv)
 {
-        ENGINE *e = NULL, *gen_eng = NULL;
         unsigned long nmflag = 0, reqflag = 0;
         int ex = 1, x509 = 0, days = 30;
         X509 *x509ss = NULL;
@@ -165,9 +163,6 @@ req_main(int argc, char **argv)
         int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0;
         char *infile, *outfile, *prog, *keyfile = NULL, *template = NULL,
         *keyout = NULL;
-#ifndef OPENSSL_NO_ENGINE
-        char *engine = NULL;
-#endif
         char *extensions = NULL;
         char *req_exts = NULL;
         const EVP_CIPHER *cipher = NULL;
@@ -203,21 +198,6 @@ req_main(int argc, char **argv)
                                 goto bad;
                         outformat = str2fmt(*(++argv));
                 }
-#ifndef OPENSSL_NO_ENGINE
-                else if (strcmp(*argv, "-engine") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        engine = *(++argv);
-                } else if (strcmp(*argv, "-keygen_engine") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        gen_eng = ENGINE_by_id(*(++argv));
-                        if (gen_eng == NULL) {
-                                BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv);
-                                goto end;
-                        }
-                }
-#endif
                 else if (strcmp(*argv, "-key") == 0) {
                         if (--argc < 1)
                                 goto bad;
@@ -366,9 +346,6 @@ bad:
                 BIO_printf(bio_err, " -verify        verify signature on REQ\n");
                 BIO_printf(bio_err, " -modulus       RSA modulus\n");
                 BIO_printf(bio_err, " -nodes         don't encrypt the output key\n");
-#ifndef OPENSSL_NO_ENGINE
-                BIO_printf(bio_err, " -engine e      use engine e, possibly a hardware device\n");
-#endif
                 BIO_printf(bio_err, " -subject       output the request's subject\n");
                 BIO_printf(bio_err, " -passin        private key password source\n");
                 BIO_printf(bio_err, " -key file      use the private key contained in file\n");
@@ -520,12 +497,8 @@ bad:
         if ((in == NULL) || (out == NULL))
                 goto end;
 
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
-#endif
-
         if (keyfile != NULL) {
-                pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
+                pkey = load_key(bio_err, keyfile, keyform, 0, passin,
                     "Private Key");
                 if (!pkey) {
                         /*
@@ -541,7 +514,7 @@ bad:
                 }
                 if (keyalg) {
                         genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
-                            &keyalgstr, gen_eng);
+                            &keyalgstr);
                         if (!genctx)
                                 goto end;
                 }
@@ -552,7 +525,7 @@ bad:
                 }
                 if (!genctx) {
                         genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &newkey,
-                            &keyalgstr, gen_eng);
+                            &keyalgstr);
                         if (!genctx)
                                 goto end;
                 }
@@ -893,10 +866,6 @@ end:
                 sk_OPENSSL_STRING_free(pkeyopts);
         if (sigopts)
                 sk_OPENSSL_STRING_free(sigopts);
-#ifndef OPENSSL_NO_ENGINE
-        if (gen_eng)
-                ENGINE_free(gen_eng);
-#endif
         free(keyalgstr);
         X509_REQ_free(req);
         X509_free(x509ss);
@@ -1370,8 +1339,7 @@ check_end(const char *str, const char *end)
 
 static EVP_PKEY_CTX *
 set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
-    long *pkeylen, char **palgnam,
-    ENGINE * keygen_engine)
+    long *pkeylen, char **palgnam)
 {
         EVP_PKEY_CTX *gctx = NULL;
         EVP_PKEY *param = NULL;
@@ -1396,19 +1364,14 @@ set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
         else {
                 const char *p = strchr(gstr, ':');
                 int len;
-                ENGINE *tmpeng;
                 const EVP_PKEY_ASN1_METHOD *ameth;
 
                 if (p)
                         len = p - gstr;
                 else
                         len = strlen(gstr);
-                /*
-                 * The lookup of a the string will cover all engines so keep
-                 * a note of the implementation.
-                 */
 
-                ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len);
+                ameth = EVP_PKEY_asn1_find_str(NULL, gstr, len);
 
                 if (!ameth) {
                         BIO_printf(err, "Unknown algorithm %.*s\n", len, gstr);
@@ -1416,10 +1379,6 @@ set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
                 }
                 EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL,
                     ameth);
-#ifndef OPENSSL_NO_ENGINE
-                if (tmpeng)
-                        ENGINE_finish(tmpeng);
-#endif
                 if (*pkey_type == EVP_PKEY_RSA) {
                         if (p) {
                                 keylen = strtonum(p + 1, 0, LONG_MAX, &errstr);
@@ -1470,26 +1429,21 @@ set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
         }
         if (palgnam) {
                 const EVP_PKEY_ASN1_METHOD *ameth;
-                ENGINE *tmpeng;
                 const char *anam;
-                ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type);
+                ameth = EVP_PKEY_asn1_find(NULL, *pkey_type);
                 if (!ameth) {
                         BIO_puts(err, "Internal error: can't find key algorithm\n");
                         return NULL;
                 }
                 EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth);
                 *palgnam = strdup(anam);
-#ifndef OPENSSL_NO_ENGINE
-                if (tmpeng)
-                        ENGINE_finish(tmpeng);
-#endif
         }
         if (param) {
-                gctx = EVP_PKEY_CTX_new(param, keygen_engine);
+                gctx = EVP_PKEY_CTX_new(param, NULL);
                 *pkeylen = EVP_PKEY_bits(param);
                 EVP_PKEY_free(param);
         } else
-                gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine);
+                gctx = EVP_PKEY_CTX_new_id(*pkey_type, NULL);
 
         if (!gctx) {
                 BIO_puts(err, "Error allocating keygen context\n");