* Search for public key algorithm with given name and return its pkey_id if
* it is available. Otherwise return 0
*/
-# ifdef OPENSSL_NO_ENGINE
-
static int get_optional_pkey_id(const char *pkey_name)
{
const EVP_PKEY_ASN1_METHOD *ameth;
return 0;
}
-# else
-
-static int get_optional_pkey_id(const char *pkey_name)
-{
- const EVP_PKEY_ASN1_METHOD *ameth;
- ENGINE *tmpeng = NULL;
- int pkey_id = 0;
- ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1);
- if (ameth) {
- if (EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
- ameth) <= 0)
- pkey_id = 0;
- }
- tls_engine_finish(tmpeng);
- return pkey_id;
-}
-# endif
#else
static int get_optional_pkey_id(const char *pkey_name)
{
#include <openssl/rand.h>
#include <openssl/ocsp.h>
#include <openssl/dh.h>
-#include <openssl/engine.h>
#include <openssl/async.h>
#include <openssl/ct.h>
#include <openssl/trace.h>
goto err;
}
#endif
-#ifndef OPENSSL_NO_ENGINE
-# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
-# define eng_strx(x) #x
-# define eng_str(x) eng_strx(x)
- /* Use specific client engine automatically... ignore errors */
- {
- ENGINE *eng;
- eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
- if (!eng) {
- ERR_clear_error();
- ENGINE_load_builtin_engines();
- eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
- }
- if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
- ERR_clear_error();
- }
-# endif
-#endif
#ifndef OPENSSL_NO_COMP_ALG
/*
#ifndef OPENSSL_NO_SRP
ssl_ctx_srp_ctx_free_intern(a);
#endif
-#ifndef OPENSSL_NO_ENGINE
- tls_engine_finish(a->client_cert_engine);
-#endif
OPENSSL_free(a->ext.ecpointformats);
OPENSSL_free(a->ext.supportedgroups);
{
const EVP_CIPHER *ciph;
- ciph = tls_get_cipher_from_engine(nid);
- if (ciph != NULL)
- return ciph;
-
- /*
- * If there is no engine cipher then we do an explicit fetch. This may fail
- * and that could be ok
- */
ERR_set_mark();
ciph = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(nid), properties);
if (ciph != NULL) {
{
const EVP_MD *md;
- md = tls_get_digest_from_engine(nid);
- if (md != NULL)
- return md;
-
- /* Otherwise we do an explicit fetch */
ERR_set_mark();
md = EVP_MD_fetch(libctx, OBJ_nid2sn(nid), properties);
ERR_pop_to_mark();
/* The default read buffer length to use (0 means not set) */
size_t default_read_buf_len;
-# ifndef OPENSSL_NO_ENGINE
- /*
- * Engine to pass requests for client certs to
- */
- ENGINE *client_cert_engine;
-# endif
-
/* ClientHello callback. Mostly for extensions, but not entirely. */
SSL_client_hello_cb_fn client_hello_cb;
void *client_hello_cb_arg;
int ssl_evp_md_up_ref(const EVP_MD *md);
void ssl_evp_md_free(const EVP_MD *md);
-void tls_engine_finish(ENGINE *e);
-const EVP_CIPHER *tls_get_cipher_from_engine(int nid);
-const EVP_MD *tls_get_digest_from_engine(int nid);
-int tls_engine_load_ssl_client_cert(SSL_CONNECTION *s, X509 **px509,
- EVP_PKEY **ppkey);
int ssl_hmac_old_new(SSL_HMAC *ret);
void ssl_hmac_old_free(SSL_HMAC *ctx);
int ssl_hmac_old_init(SSL_HMAC *ctx, void *key, size_t len, char *md);
#include <openssl/dh.h>
#include <openssl/rsa.h>
#include <openssl/bn.h>
-#include <openssl/engine.h>
#include <openssl/trace.h>
#include <openssl/core_names.h>
#include <openssl/param_build.h>
goto err;
};
- /* Reuse EVP_PKEY_CTRL_SET_IV, make choice in engine code */
+ /* Reuse EVP_PKEY_CTRL_SET_IV */
if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG);
int i = 0;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
-#ifndef OPENSSL_NO_ENGINE
- if (sctx->client_cert_engine) {
- i = tls_engine_load_ssl_client_cert(s, px509, ppkey);
- if (i != 0)
- return i;
- }
-#endif
if (sctx->client_cert_cb)
i = sctx->client_cert_cb(SSL_CONNECTION_GET_USER_SSL(s), px509, ppkey);
return i;
* https://www.openssl.org/source/license.html
*/
-/* We need to use some engine and HMAC deprecated APIs */
+/* We need to use some HMAC deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED
-#include <openssl/engine.h>
#include "ssl_local.h"
#include "internal/ssl_unwrap.h"
-/*
- * Engine APIs are only used to support applications that still use ENGINEs.
- * Once ENGINE is removed completely, all of this code can also be removed.
- */
-
-#ifndef OPENSSL_NO_ENGINE
-void tls_engine_finish(ENGINE *e)
-{
- ENGINE_finish(e);
-}
-#endif
-
-const EVP_CIPHER *tls_get_cipher_from_engine(int nid)
-{
- const EVP_CIPHER *ret = NULL;
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *eng;
-
- /*
- * If there is an Engine available for this cipher we use the "implicit"
- * form to ensure we use that engine later.
- */
- eng = ENGINE_get_cipher_engine(nid);
- if (eng != NULL) {
- ret = ENGINE_get_cipher(eng, nid);
- ENGINE_finish(eng);
- }
-#endif
- return ret;
-}
-
-const EVP_MD *tls_get_digest_from_engine(int nid)
-{
- const EVP_MD *ret = NULL;
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *eng;
-
- /*
- * If there is an Engine available for this digest we use the "implicit"
- * form to ensure we use that engine later.
- */
- eng = ENGINE_get_digest_engine(nid);
- if (eng != NULL) {
- ret = ENGINE_get_digest(eng, nid);
- ENGINE_finish(eng);
- }
-#endif
- return ret;
-}
-
-#ifndef OPENSSL_NO_ENGINE
-int tls_engine_load_ssl_client_cert(SSL_CONNECTION *s, X509 **px509,
- EVP_PKEY **ppkey)
-{
- SSL *ssl = SSL_CONNECTION_GET_SSL(s);
-
- return ENGINE_load_ssl_client_cert(SSL_CONNECTION_GET_CTX(s)->client_cert_engine,
- ssl,
- SSL_get_client_CA_list(ssl),
- px509, ppkey, NULL, NULL, NULL);
-}
-#endif
-
-#ifndef OPENSSL_NO_ENGINE
-int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
-{
- if (!ENGINE_init(e)) {
- ERR_raise(ERR_LIB_SSL, ERR_R_ENGINE_LIB);
- return 0;
- }
- if (!ENGINE_get_ssl_client_cert_function(e)) {
- ERR_raise(ERR_LIB_SSL, SSL_R_NO_CLIENT_CERT_METHOD);
- ENGINE_finish(e);
- return 0;
- }
- ctx->client_cert_engine = e;
- return 1;
-}
-#endif
-
/*
* The HMAC APIs below are only used to support the deprecated public API
* macro SSL_CTX_set_tlsext_ticket_key_cb(). The application supplied callback
projects / thirdparty / openssl.git / commitdiff
