[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Richard Levitte
levitte at openssl.org
Thu Oct 20 07:05:14 UTC 2016
The branch OpenSSL_1_0_2-stable has been updated
via 0df1caa77b793d055714f4d78d9aac7a985babb8 (commit)
via aa01b82c69eeb0cfd255174111fc34a7ed5f8429 (commit)
from 10e60f26cef02a6310d20cc2c918184fc9100d14 (commit)
- Log -----------------------------------------------------------------
commit 0df1caa77b793d055714f4d78d9aac7a985babb8
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Oct 19 19:46:38 2016 +0200
apps: make setup_engine() and release_engine() available always
This removes some #ifndef clutter.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1644)
commit aa01b82c69eeb0cfd255174111fc34a7ed5f8429
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Sep 29 00:40:20 2016 +0200
If an engine comes up explicitely, it must also come down explicitely
In apps/apps.c, one can set up an engine with setup_engine().
However, we freed the structural reference immediately, which means
that for engines that don't already have a structural reference
somewhere else (because it has registered at least one cipher or digest
algorithm method, and therefore gets a functional reference through the
ENGINE_set_default() call), we end up returning an invalid reference.
Instead, the function release_engine() is added, and called at the end
of the routines that call setup_engine().
Originally, the ENGINE API wasn't designed for this to happen, an
engine had to register at least one algorithm method, and was
especially expected to register the algorithms corresponding to the
key types that could be stored and hidden in hardware. However, it
turns out that some engines will not register those algorithms with
the ENGINE_set_{algo}, ENGINE_set_cipher or ENGINE_set_digest
functions, as they only want the methods to be used for keys, not as
general crypto accelerator methods. That may cause ENGINE_set_default()
to do nothing, and no functional reference is therefore made, leading
to a premature deallocation of the engine and it thereby becoming
unavailable when trying to fetch a key.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1644)
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 14 +++++++++++---
apps/apps.h | 4 ++--
apps/ca.c | 5 +----
apps/cms.c | 5 +----
apps/dgst.c | 1 +
apps/dh.c | 6 ------
apps/dhparam.c | 8 +++-----
apps/dsa.c | 7 +------
apps/dsaparam.c | 8 +++-----
apps/ec.c | 6 +++---
apps/ecparam.c | 10 +++++-----
apps/enc.c | 8 +++-----
apps/gendh.c | 4 ----
apps/gendsa.c | 8 +++-----
apps/genpkey.c | 2 +-
apps/genrsa.c | 7 +------
apps/pkcs12.c | 5 +----
apps/pkcs7.c | 8 +++-----
apps/pkcs8.c | 5 +----
apps/pkey.c | 5 +----
apps/pkeyparam.c | 8 +++-----
apps/pkeyutl.c | 1 +
apps/rand.c | 8 +++-----
apps/req.c | 5 +----
apps/rsa.c | 5 +----
apps/rsautl.c | 5 +----
apps/s_client.c | 7 ++++---
apps/s_server.c | 7 +------
apps/smime.c | 5 +----
apps/speed.c | 4 +++-
apps/spkac.c | 5 +----
apps/srp.c | 8 +++-----
apps/verify.c | 5 +----
apps/x509.c | 5 +----
34 files changed, 70 insertions(+), 134 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index ff17b35..c487bd9 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1535,11 +1535,13 @@ static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
}
return e;
}
+#endif
ENGINE *setup_engine(BIO *err, const char *engine, int debug)
{
ENGINE *e = NULL;
+#ifndef OPENSSL_NO_ENGINE
if (engine) {
if (strcmp(engine, "auto") == 0) {
BIO_printf(err, "enabling auto ENGINE support\n");
@@ -1564,13 +1566,19 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug)
}
BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e));
-
- /* Free our "structural" reference. */
- ENGINE_free(e);
}
+#endif
return e;
}
+
+void release_engine(ENGINE *e)
+{
+#ifndef OPENSSL_NO_ENGINE
+ if (e != NULL)
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
#endif
+}
int load_config(BIO *err, CONF *cnf)
{
diff --git a/apps/apps.h b/apps/apps.h
index c6c3881..268863c 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -259,9 +259,9 @@ STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
const char *pass, ENGINE *e,
const char *cert_descrip);
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
-# ifndef OPENSSL_NO_ENGINE
+
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
-# endif
+void release_engine(ENGINE *e);
# ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
diff --git a/apps/ca.c b/apps/ca.c
index a0ec583..20c4ebb 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -319,9 +319,7 @@ int MAIN(int argc, char **argv)
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
char *randfile = NULL;
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
char *tofree = NULL;
DB_ATTR db_attr;
@@ -595,9 +593,7 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, conf))
goto err;
-#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-#endif
/* Lets get the config section we are using */
if (section == NULL) {
@@ -1485,6 +1481,7 @@ int MAIN(int argc, char **argv)
X509_CRL_free(crl);
NCONF_free(conf);
NCONF_free(extconf);
+ release_engine(e);
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);
diff --git a/apps/cms.c b/apps/cms.c
index 6047937..f9a63bc 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -143,9 +143,7 @@ int MAIN(int argc, char **argv)
const EVP_MD *sign_md = NULL;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
-# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-# endif
unsigned char *secret_key = NULL, *secret_keyid = NULL;
unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
size_t secret_keylen = 0, secret_keyidlen = 0;
@@ -665,9 +663,7 @@ int MAIN(int argc, char **argv)
"cert.pem recipient certificate(s) for encryption\n");
goto end;
}
-# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-# endif
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
@@ -1170,6 +1166,7 @@ int MAIN(int argc, char **argv)
EVP_PKEY_free(key);
CMS_ContentInfo_free(cms);
CMS_ContentInfo_free(rcms);
+ release_engine(e);
BIO_free(rctin);
BIO_free(in);
BIO_free(indata);
diff --git a/apps/dgst.c b/apps/dgst.c
index 26afcd7..bc2601e 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -537,6 +537,7 @@ int MAIN(int argc, char **argv)
OPENSSL_free(sigbuf);
if (bmd != NULL)
BIO_free(bmd);
+ release_engine(e);
apps_shutdown();
OPENSSL_EXIT(err);
}
diff --git a/apps/dh.c b/apps/dh.c
index 48fecc9..bb13fef 100644
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -94,9 +94,7 @@ int MAIN(int argc, char **argv)
BIO *in = NULL, *out = NULL;
int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
char *infile, *outfile, *prog;
-# ifndef OPENSSL_NO_ENGINE
char *engine;
-# endif
apps_startup();
@@ -107,9 +105,7 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL))
goto end;
-# ifndef OPENSSL_NO_ENGINE
engine = NULL;
-# endif
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
@@ -183,9 +179,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
-# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
-# endif
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 57199a8..1210adb 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -159,9 +159,8 @@ int MAIN(int argc, char **argv)
int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
char *infile, *outfile, *prog;
char *inrand = NULL;
-# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-# endif
+ ENGINE *e = NULL;
int num = 0, g = 0;
apps_startup();
@@ -270,9 +269,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
-# ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-# endif
+ e = setup_engine(bio_err, engine, 0);
if (g && !num)
num = DEFBITS;
@@ -512,6 +509,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (dh != NULL)
DH_free(dh);
+ release_engine(e);
apps_shutdown();
OPENSSL_EXIT(ret);
}
diff --git a/apps/dsa.c b/apps/dsa.c
index dedf8e1..4ed21d8 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -106,9 +106,7 @@ int MAIN(int argc, char **argv)
int informat, outformat, text = 0, noout = 0;
int pubin = 0, pubout = 0;
char *infile, *outfile, *prog;
-# ifndef OPENSSL_NO_ENGINE
char *engine;
-# endif
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus = 0;
@@ -124,9 +122,7 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL))
goto end;
-# ifndef OPENSSL_NO_ENGINE
engine = NULL;
-# endif
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
@@ -239,9 +235,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
-# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-# endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
@@ -358,6 +352,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (dsa != NULL)
DSA_free(dsa);
+ release_engine(e);
if (passin)
OPENSSL_free(passin);
if (passout)
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 824a595..f2cf553 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -121,9 +121,8 @@ int MAIN(int argc, char **argv)
char *infile, *outfile, *prog, *inrand = NULL;
int numbits = -1, num, genkey = 0;
int need_rand = 0;
-# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-# endif
+ ENGINE *e = NULL;
# ifdef GENCB_TEST
int timebomb = 0;
# endif
@@ -263,9 +262,7 @@ int MAIN(int argc, char **argv)
}
}
-# ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-# endif
+ e = setup_engine(bio_err, engine, 0);
if (need_rand) {
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
@@ -433,6 +430,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (dsa != NULL)
DSA_free(dsa);
+ release_engine(e);
apps_shutdown();
OPENSSL_EXIT(ret);
}
diff --git a/apps/ec.c b/apps/ec.c
index b04dada..d2263c8 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -95,6 +95,7 @@ int MAIN(int argc, char **argv)
int informat, outformat, text = 0, noout = 0;
int pubin = 0, pubout = 0, param_out = 0;
char *infile, *outfile, *prog, *engine;
+ ENGINE *e = NULL;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
@@ -235,9 +236,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
-# ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-# endif
+ e = setup_engine(bio_err, engine, 0);
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
@@ -349,6 +348,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (eckey)
EC_KEY_free(eckey);
+ release_engine(e);
if (passin)
OPENSSL_free(passin);
if (passout)
diff --git a/apps/ecparam.c b/apps/ecparam.c
index 71b67f4..a9bf489 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -131,6 +131,7 @@ int MAIN(int argc, char **argv)
BIO *in = NULL, *out = NULL;
int informat, outformat, noout = 0, C = 0, ret = 1;
char *engine = NULL;
+ ENGINE *e = NULL;
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
*ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
@@ -311,9 +312,7 @@ int MAIN(int argc, char **argv)
}
}
-# ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-# endif
+ e = setup_engine(bio_err, engine, 0);
if (list_curves) {
EC_builtin_curve *curves = NULL;
@@ -620,12 +619,13 @@ int MAIN(int argc, char **argv)
BN_free(ec_cofactor);
if (buffer)
OPENSSL_free(buffer);
+ if (group != NULL)
+ EC_GROUP_free(group);
+ release_engine(e);
if (in != NULL)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
- if (group != NULL)
- EC_GROUP_free(group);
apps_shutdown();
OPENSSL_EXIT(ret);
}
diff --git a/apps/enc.c b/apps/enc.c
index 8e2ef27..8c8f1ef 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -126,9 +126,8 @@ int MAIN(int argc, char **argv)
NULL, *wbio = NULL;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE + 1];
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
+ ENGINE *e = NULL;
const EVP_MD *dgst = NULL;
int non_fips_allow = 0;
@@ -322,9 +321,7 @@ int MAIN(int argc, char **argv)
argv++;
}
-#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-#endif
+ e = setup_engine(bio_err, engine, 0);
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
BIO_printf(bio_err,
@@ -674,6 +671,7 @@ int MAIN(int argc, char **argv)
if (bzl != NULL)
BIO_free(bzl);
#endif
+ release_engine(e);
if (pass)
OPENSSL_free(pass);
apps_shutdown();
diff --git a/apps/gendh.c b/apps/gendh.c
index fef6f1b..59484c2 100644
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -96,9 +96,7 @@ int MAIN(int argc, char **argv)
int g = 2;
char *outfile = NULL;
char *inrand = NULL;
-# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-# endif
BIO *out = NULL;
apps_startup();
@@ -162,9 +160,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, " the random number generator\n");
goto end;
}
-# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
-# endif
out = BIO_new(BIO_s_file());
if (out == NULL) {
diff --git a/apps/gendsa.c b/apps/gendsa.c
index fd1360a..31510e6 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -85,9 +85,8 @@ int MAIN(int argc, char **argv)
char *passargout = NULL, *passout = NULL;
BIO *out = NULL, *in = NULL;
const EVP_CIPHER *enc = NULL;
-# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-# endif
+ ENGINE *e = NULL;
apps_startup();
@@ -206,9 +205,7 @@ int MAIN(int argc, char **argv)
" - a DSA parameter file as generated by the dsaparam command\n");
goto end;
}
-# ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-# endif
+ e = setup_engine(bio_err, engine, 0);
if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
@@ -273,6 +270,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (dsa != NULL)
DSA_free(dsa);
+ release_engine(e);
if (passout)
OPENSSL_free(passout);
apps_shutdown();
diff --git a/apps/genpkey.c b/apps/genpkey.c
index fef21dc..39dcef9 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -275,9 +275,9 @@ int MAIN(int argc, char **argv)
if (out)
BIO_free_all(out);
BIO_free(in);
+ release_engine(e);
if (pass)
OPENSSL_free(pass);
-
return ret;
}
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 91e6550..51dcfca 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -91,9 +91,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
BN_GENCB cb;
-# ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
-# endif
int ret = 1;
int i, num = DEFBITS;
long l;
@@ -101,9 +99,7 @@ int MAIN(int argc, char **argv)
unsigned long f4 = RSA_F4;
char *outfile = NULL;
char *passargout = NULL, *passout = NULL;
-# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-# endif
char *inrand = NULL;
BIO *out = NULL;
BIGNUM *bn = BN_new();
@@ -240,9 +236,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "Error getting password\n");
goto err;
}
-# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-# endif
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
@@ -314,6 +308,7 @@ int MAIN(int argc, char **argv)
RSA_free(rsa);
if (out)
BIO_free_all(out);
+ release_engine(e);
if (passout)
OPENSSL_free(passout);
if (ret != 0)
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 4e7de43..d0bd97a 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -129,9 +129,7 @@ int MAIN(int argc, char **argv)
char *inrand = NULL;
char *macalg = NULL;
char *CApath = NULL, *CAfile = NULL;
-# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-# endif
apps_startup();
@@ -406,9 +404,7 @@ int MAIN(int argc, char **argv)
"-LMK Add local machine keyset attribute to private key\n");
goto end;
}
-# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-# endif
if (passarg) {
if (export_cert)
@@ -756,6 +752,7 @@ int MAIN(int argc, char **argv)
# ifdef CRYPTO_MDEBUG
CRYPTO_remove_all_info();
# endif
+ release_engine(e);
BIO_free(in);
BIO_free_all(out);
if (canames)
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index b677633..c5d51d2 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -90,9 +90,8 @@ int MAIN(int argc, char **argv)
char *infile, *outfile, *prog;
int print_certs = 0, text = 0, noout = 0, p7_print = 0;
int ret = 1;
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
+ ENGINE *e = NULL;
apps_startup();
@@ -175,9 +174,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
-#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-#endif
+ e = setup_engine(bio_err, engine, 0);
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
@@ -303,6 +300,7 @@ int MAIN(int argc, char **argv)
end:
if (p7 != NULL)
PKCS7_free(p7);
+ release_engine(e);
if (in != NULL)
BIO_free(in);
if (out != NULL)
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index 5099e18..71e3168 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -87,9 +87,7 @@ int MAIN(int argc, char **argv)
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
int badarg = 0;
int ret = 1;
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -223,9 +221,7 @@ int MAIN(int argc, char **argv)
#endif
goto end;
}
-#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-#endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
@@ -391,6 +387,7 @@ int MAIN(int argc, char **argv)
X509_SIG_free(p8);
PKCS8_PRIV_KEY_INFO_free(p8inf);
EVP_PKEY_free(pkey);
+ release_engine(e);
BIO_free_all(out);
BIO_free(in);
if (passin)
diff --git a/apps/pkey.c b/apps/pkey.c
index e848049..63d878a 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -79,9 +79,7 @@ int MAIN(int argc, char **argv)
EVP_PKEY *pkey = NULL;
char *passin = NULL, *passout = NULL;
int badarg = 0;
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
int ret = 1;
if (bio_err == NULL)
@@ -178,9 +176,7 @@ int MAIN(int argc, char **argv)
#endif
return 1;
}
-#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-#endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
@@ -240,6 +236,7 @@ int MAIN(int argc, char **argv)
end:
EVP_PKEY_free(pkey);
+ release_engine(e);
BIO_free_all(out);
BIO_free(in);
if (passin)
diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c
index a148a66..1437f03 100644
--- a/apps/pkeyparam.c
+++ b/apps/pkeyparam.c
@@ -74,9 +74,8 @@ int MAIN(int argc, char **argv)
int text = 0, noout = 0;
EVP_PKEY *pkey = NULL;
int badarg = 0;
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
+ ENGINE *e = NULL;
int ret = 1;
if (bio_err == NULL)
@@ -134,9 +133,7 @@ int MAIN(int argc, char **argv)
#endif
return 1;
}
-#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-#endif
+ e = setup_engine(bio_err, engine, 0);
if (infile) {
if (!(in = BIO_new_file(infile, "r"))) {
@@ -178,6 +175,7 @@ int MAIN(int argc, char **argv)
end:
EVP_PKEY_free(pkey);
+ release_engine(e);
BIO_free_all(out);
BIO_free(in);
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index e47206c..7c62d1c 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -357,6 +357,7 @@ int MAIN(int argc, char **argv)
end:
if (ctx)
EVP_PKEY_CTX_free(ctx);
+ release_engine(e);
BIO_free(in);
BIO_free_all(out);
if (buf_in != NULL)
diff --git a/apps/rand.c b/apps/rand.c
index e159da3..96dcb72 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -86,9 +86,8 @@ int MAIN(int argc, char **argv)
int hex = 0;
BIO *out = NULL;
int num = -1;
-#ifndef OPENSSL_NO_ENGINE
+ ENGINE *e = NULL;
char *engine = NULL;
-#endif
apps_startup();
@@ -162,9 +161,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "-hex - hex encode output\n");
goto err;
}
-#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-#endif
+ e = setup_engine(bio_err, engine, 0);
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
@@ -222,6 +219,7 @@ int MAIN(int argc, char **argv)
err:
ERR_print_errors(bio_err);
+ release_engine(e);
if (out)
BIO_free_all(out);
apps_shutdown();
diff --git a/apps/req.c b/apps/req.c
index d1411c9..cdea1f6 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -179,9 +179,7 @@ int MAIN(int argc, char **argv)
int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0;
char *infile, *outfile, *prog, *keyfile = NULL, *template =
NULL, *keyout = NULL;
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
char *extensions = NULL;
char *req_exts = NULL;
const EVP_CIPHER *cipher = NULL;
@@ -595,9 +593,7 @@ int MAIN(int argc, char **argv)
if ((in == NULL) || (out == NULL))
goto end;
-#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-#endif
if (keyfile != NULL) {
pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
@@ -1040,6 +1036,7 @@ int MAIN(int argc, char **argv)
X509_REQ_free(req);
X509_free(x509ss);
ASN1_INTEGER_free(serial);
+ release_engine(e);
if (passargin && passin)
OPENSSL_free(passin);
if (passargout && passout)
diff --git a/apps/rsa.c b/apps/rsa.c
index e13c14f..ad3af39 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -111,9 +111,7 @@ int MAIN(int argc, char **argv)
char *infile, *outfile, *prog;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
-# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-# endif
int modulus = 0;
int pvk_encr = 2;
@@ -254,9 +252,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
-# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-# endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
@@ -419,6 +415,7 @@ int MAIN(int argc, char **argv)
} else
ret = 0;
end:
+ release_engine(e);
if (out != NULL)
BIO_free_all(out);
if (rsa != NULL)
diff --git a/apps/rsautl.c b/apps/rsautl.c
index 5b6f849..87d1806 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -88,9 +88,7 @@ int MAIN(int argc, char **argv)
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL;
-# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-# endif
char *keyfile = NULL;
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
int keyform = FORMAT_PEM;
@@ -195,9 +193,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;
}
-# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-# endif
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
@@ -327,6 +323,7 @@ int MAIN(int argc, char **argv)
BIO_write(out, rsa_out, rsa_outlen);
end:
RSA_free(rsa);
+ release_engine(e);
BIO_free(in);
BIO_free_all(out);
if (rsa_in)
diff --git a/apps/s_client.c b/apps/s_client.c
index 41a326f..3cabfb5 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -694,12 +694,12 @@ int MAIN(int argc, char **argv)
char *inrand = NULL;
int mbuf_len = 0;
struct timeval timeout, *timeoutp;
-#ifndef OPENSSL_NO_ENGINE
char *engine_id = NULL;
+ ENGINE *e = NULL;
+#ifndef OPENSSL_NO_ENGINE
char *ssl_client_engine_id = NULL;
ENGINE *ssl_client_engine = NULL;
#endif
- ENGINE *e = NULL;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
struct timeval tv;
# if defined(OPENSSL_SYS_BEOS_R5)
@@ -1186,8 +1186,8 @@ int MAIN(int argc, char **argv)
next_proto.data = NULL;
#endif
-#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1);
+#ifndef OPENSSL_NO_ENGINE
if (ssl_client_engine_id) {
ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
if (!ssl_client_engine) {
@@ -2123,6 +2123,7 @@ int MAIN(int argc, char **argv)
OPENSSL_cleanse(mbuf, BUFSIZZ);
OPENSSL_free(mbuf);
}
+ release_engine(e);
if (bio_c_out != NULL) {
BIO_free(bio_c_out);
bio_c_out = NULL;
diff --git a/apps/s_server.c b/apps/s_server.c
index 857a70e..b561cf3 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -328,9 +328,7 @@ static char *keymatexportlabel = NULL;
static int keymatexportlen = 20;
static int hack = 0;
-#ifndef OPENSSL_NO_ENGINE
static char *engine_id = NULL;
-#endif
static const char *session_id_prefix = NULL;
static int enable_timeouts = 0;
@@ -484,9 +482,7 @@ static void s_server_init(void)
s_quiet = 0;
s_brief = 0;
hack = 0;
-# ifndef OPENSSL_NO_ENGINE
engine_id = NULL;
-# endif
}
#endif
@@ -1603,9 +1599,7 @@ int MAIN(int argc, char *argv[])
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
-#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1);
-#endif
if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) {
BIO_printf(bio_err, "Error getting password\n");
@@ -2129,6 +2123,7 @@ int MAIN(int argc, char *argv[])
if (jpake_secret && psk_key)
OPENSSL_free(psk_key);
#endif
+ release_engine(e);
if (bio_s_out != NULL) {
BIO_free(bio_s_out);
bio_s_out = NULL;
diff --git a/apps/smime.c b/apps/smime.c
index 6044ccf..1758330 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -114,9 +114,7 @@ int MAIN(int argc, char **argv)
const EVP_MD *sign_md = NULL;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
int keyform = FORMAT_PEM;
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
X509_VERIFY_PARAM *vpm = NULL;
@@ -461,9 +459,7 @@ int MAIN(int argc, char **argv)
"cert.pem recipient certificate(s) for encryption\n");
goto end;
}
-#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-#endif
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
@@ -736,6 +732,7 @@ int MAIN(int argc, char **argv)
X509_free(signer);
EVP_PKEY_free(key);
PKCS7_free(p7);
+ release_engine(e);
BIO_free(in);
BIO_free(indata);
BIO_free_all(out);
diff --git a/apps/speed.c b/apps/speed.c
index b862868..f16b3c9 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -372,6 +372,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
unsigned char *buf = NULL, *buf2 = NULL;
int mret = 1;
long count = 0, save_count = 0;
@@ -749,7 +750,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "no engine given\n");
goto end;
}
- setup_engine(bio_err, *argv, 0);
+ e = setup_engine(bio_err, *argv, 0);
/*
* j will be increased again further down. We just don't want
* speed to confuse an engine with an algorithm, especially when
@@ -2526,6 +2527,7 @@ int MAIN(int argc, char **argv)
}
# endif
+ release_engine(e);
apps_shutdown();
OPENSSL_EXIT(mret);
}
diff --git a/apps/spkac.c b/apps/spkac.c
index 8b06ec4..7f5333f 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -94,9 +94,7 @@ int MAIN(int argc, char **argv)
CONF *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
apps_startup();
@@ -185,9 +183,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
-#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-#endif
if (keyfile) {
pkey = load_key(bio_err,
@@ -305,6 +301,7 @@ int MAIN(int argc, char **argv)
BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(pkey);
+ release_engine(e);
if (passin)
OPENSSL_free(passin);
apps_shutdown();
diff --git a/apps/srp.c b/apps/srp.c
index c75052f..37341a5 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -293,9 +293,8 @@ int MAIN(int argc, char **argv)
int i;
long errorline = -1;
char *randfile = NULL;
-# ifndef OPENSSL_NO_ENGINE
+ ENGINE *e = NULL;
char *engine = NULL;
-# endif
char *tofree = NULL;
DB_ATTR db_attr;
@@ -411,9 +410,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
-# ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-# endif
+ e = setup_engine(bio_err, engine, 0);
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
@@ -760,6 +757,7 @@ int MAIN(int argc, char **argv)
if (db)
free_index(db);
+ release_engine(e);
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);
diff --git a/apps/verify.c b/apps/verify.c
index b5ae6b3..c4bd197 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -89,9 +89,7 @@ int MAIN(int argc, char **argv)
X509_LOOKUP *lookup = NULL;
X509_VERIFY_PARAM *vpm = NULL;
int crl_download = 0;
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
cert_ctx = X509_STORE_new();
if (cert_ctx == NULL)
@@ -160,9 +158,7 @@ int MAIN(int argc, char **argv)
break;
}
-#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-#endif
if (vpm)
X509_STORE_set1_param(cert_ctx, vpm);
@@ -255,6 +251,7 @@ int MAIN(int argc, char **argv)
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
+ release_engine(e);
apps_shutdown();
OPENSSL_EXIT(ret < 0 ? 2 : ret);
}
diff --git a/apps/x509.c b/apps/x509.c
index 17cb62d..ad9fc98 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -218,9 +218,7 @@ int MAIN(int argc, char **argv)
char *checkhost = NULL;
char *checkemail = NULL;
char *checkip = NULL;
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
reqfile = 0;
@@ -501,9 +499,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "%s", *pp);
goto end;
}
-#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-#endif
if (need_rand)
app_RAND_load_file(NULL, bio_err, 0);
@@ -1040,6 +1036,7 @@ int MAIN(int argc, char **argv)
ASN1_INTEGER_free(sno);
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+ release_engine(e);
if (passin)
OPENSSL_free(passin);
apps_shutdown();
More information about the openssl-commits
mailing list