Remove deprecation warning suppression from genpkey

genpkey was supressing deprecation warnings in order to support ENGINE functionality. We move all of that into a separate file so that we don't need to suppress the warnings anymore. Fixes #13118 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13454)
2025-03-31 20:10:45 +08:00 · 2020-11-02 11:04:06 +00:00 · 2020-11-02 11:04:06 +00:00 · 0f386f2eb0
commit 0f386f2eb0
parent 931d5b4b27
3 changed files with 35 additions and 28 deletions
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@ -7,9 +7,6 @@
 * https://www.openssl.org/source/license.html
 */

-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
 #include <stdio.h>
 #include <string.h>
 #include "apps.h"
@ -17,9 +14,6 @@
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif

 static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
                            OSSL_LIB_CTX *libctx, const char *propq);
@ -290,8 +284,6 @@ int init_gen_str(EVP_PKEY_CTX **pctx,
                 OSSL_LIB_CTX *libctx, const char *propq)
 {
    EVP_PKEY_CTX *ctx = NULL;
-    const EVP_PKEY_ASN1_METHOD *ameth;
-    ENGINE *tmpeng = NULL;
    int pkey_id;

    if (*pctx) {
@ -299,29 +291,13 @@ int init_gen_str(EVP_PKEY_CTX **pctx,
        return 0;
    }

-    if (libctx == NULL || e != NULL) {
-        ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
-
-#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-        if (ameth == NULL && e != NULL)
-            ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
-#endif
-        if (ameth == NULL) {
-            BIO_printf(bio_err, "Algorithm %s not found\n", algname);
-            return 0;
-        }
-        ERR_clear_error();
-
-        EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-        ENGINE_finish(tmpeng);
-#endif
+    pkey_id = get_legacy_pkey_id(libctx, algname, e);
+    if (pkey_id != NID_undef)
        ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
-    } else {
+    else
        ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, propq);
-    }

-    if (!ctx)
+    if (ctx == NULL)
        goto err;
    if (do_param) {
        if (EVP_PKEY_paramgen_init(ctx) <= 0)
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@ -160,6 +160,8 @@ EVP_PKEY *load_engine_private_key(ENGINE *e, const char *keyid,
 EVP_PKEY *load_engine_public_key(ENGINE *e, const char *keyid,
                                 const char *pass, const char *desc);

+int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e);
+
 # ifndef OPENSSL_NO_OCSP
 OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
                                 const char *host, const char *path,
--- a/apps/lib/engine.c
+++ b/apps/lib/engine.c
@ -17,6 +17,7 @@
 #include <string.h> /* strcmp */

 #include <openssl/types.h> /* Ensure we have the ENGINE type, regardless */
+#include <openssl/err.h>
 #ifndef OPENSSL_NO_ENGINE
 # include <openssl/engine.h>
 #endif
@ -145,3 +146,31 @@ EVP_PKEY *load_engine_public_key(ENGINE *e, const char *keyid,
    return rv;
 }

+int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e)
+{
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *tmpeng = NULL;
+    int pkey_id = NID_undef;
+
+    ERR_set_mark();
+    ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
+
+#if !defined(OPENSSL_NO_ENGINE)
+    ENGINE_finish(tmpeng);
+
+    if (ameth == NULL && e != NULL)
+        ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
+    else
+#endif
+    /* We're only interested if it comes from an ENGINE */
+    if (tmpeng == NULL)
+        ameth = NULL;
+
+    ERR_pop_to_mark();
+    if (ameth == NULL)
+        return NID_undef;
+
+    EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
+
+    return pkey_id;
+}