[openssl] master update

Matt Caswell matt at openssl.org
Wed Nov 25 16:59:28 UTC 2020 

The branch master has been updated
       via  0f386f2eb036d3efc61427b0f83cf5db654d0d49 (commit)
      from  931d5b4b27fcc907e3ff4d4328c59a5f285a44fb (commit)


- Log -----------------------------------------------------------------
commit 0f386f2eb036d3efc61427b0f83cf5db654d0d49
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Nov 2 11:04:06 2020 +0000

    Remove deprecation warning suppression from genpkey
    
    genpkey was supressing deprecation warnings in order to support ENGINE
    functionality. We move all of that into a separate file so that we don't
    need to suppress the warnings anymore.
    
    Fixes #13118
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13454)

-----------------------------------------------------------------------

Summary of changes:
 apps/genpkey.c      | 32 ++++----------------------------
 apps/include/apps.h |  2 ++
 apps/lib/engine.c   | 29 +++++++++++++++++++++++++++++
 3 files changed, 35 insertions(+), 28 deletions(-)

diff --git a/apps/genpkey.c b/apps/genpkey.c
index 1682c661c6..d6ab0e6b17 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -7,9 +7,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
 #include <stdio.h>
 #include <string.h>
 #include "apps.h"
@@ -17,9 +14,6 @@
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
 
 static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
                             OSSL_LIB_CTX *libctx, const char *propq);
@@ -290,8 +284,6 @@ int init_gen_str(EVP_PKEY_CTX **pctx,
                  OSSL_LIB_CTX *libctx, const char *propq)
 {
     EVP_PKEY_CTX *ctx = NULL;
-    const EVP_PKEY_ASN1_METHOD *ameth;
-    ENGINE *tmpeng = NULL;
     int pkey_id;
 
     if (*pctx) {
@@ -299,29 +291,13 @@ int init_gen_str(EVP_PKEY_CTX **pctx,
         return 0;
     }
 
-    if (libctx == NULL || e != NULL) {
-        ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
-
-#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-        if (ameth == NULL && e != NULL)
-            ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
-#endif
-        if (ameth == NULL) {
-            BIO_printf(bio_err, "Algorithm %s not found\n", algname);
-            return 0;
-        }
-        ERR_clear_error();
-
-        EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-        ENGINE_finish(tmpeng);
-#endif
+    pkey_id = get_legacy_pkey_id(libctx, algname, e);
+    if (pkey_id != NID_undef)
         ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
-    } else {
+    else
         ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, propq);
-    }
 
-    if (!ctx)
+    if (ctx == NULL)
         goto err;
     if (do_param) {
         if (EVP_PKEY_paramgen_init(ctx) <= 0)
diff --git a/apps/include/apps.h b/apps/include/apps.h
index b149a837f3..0848a2e03e 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -160,6 +160,8 @@ EVP_PKEY *load_engine_private_key(ENGINE *e, const char *keyid,
 EVP_PKEY *load_engine_public_key(ENGINE *e, const char *keyid,
                                  const char *pass, const char *desc);
 
+int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e);
+
 # ifndef OPENSSL_NO_OCSP
 OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
                                  const char *host, const char *path,
diff --git a/apps/lib/engine.c b/apps/lib/engine.c
index f47c94fbce..4d9adc2818 100644
--- a/apps/lib/engine.c
+++ b/apps/lib/engine.c
@@ -17,6 +17,7 @@
 #include <string.h> /* strcmp */
 
 #include <openssl/types.h> /* Ensure we have the ENGINE type, regardless */
+#include <openssl/err.h>
 #ifndef OPENSSL_NO_ENGINE
 # include <openssl/engine.h>
 #endif
@@ -145,3 +146,31 @@ EVP_PKEY *load_engine_public_key(ENGINE *e, const char *keyid,
     return rv;
 }
 
+int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e)
+{
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *tmpeng = NULL;
+    int pkey_id = NID_undef;
+
+    ERR_set_mark();
+    ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
+
+#if !defined(OPENSSL_NO_ENGINE)
+    ENGINE_finish(tmpeng);
+
+    if (ameth == NULL && e != NULL)
+        ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
+    else
+#endif
+    /* We're only interested if it comes from an ENGINE */
+    if (tmpeng == NULL)
+        ameth = NULL;
+
+    ERR_pop_to_mark();
+    if (ameth == NULL)
+        return NID_undef;
+
+    EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
+
+    return pkey_id;
+}

More information about the openssl-commits mailing list