a912dbe98b
Engine interface were deprecated in OpenSSL and therefore removed from normal compilation. But it is possible to compile on OpenSSL with compat define. That disables deprecation warnings and use functions same as for OpenSSL 1.1. That is required to keep working engine pkcs11 support. Otherwise loading keys via ENGINE_load_private_key would always fail. Resolves: rhbz:#2122010
49 lines
1.3 KiB
Diff
49 lines
1.3 KiB
Diff
From 87a2eac7a8264a0e8d64a8db85d44ec22454e256 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
|
Date: Wed, 7 Sep 2022 13:46:31 +0200
|
|
Subject: [PATCH 1/3] Add ENGINE_init and ENGINE_finish calls
|
|
|
|
According to manual page of ENGINE_init, it should be called explicitly
|
|
before any key operations happens. Make it active whole lifetime.
|
|
---
|
|
lib/dns/openssl_link.c | 9 ++++++++-
|
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
|
|
index 333f34cb37..a3f63885fa 100644
|
|
--- a/lib/dns/openssl_link.c
|
|
+++ b/lib/dns/openssl_link.c
|
|
@@ -85,14 +85,20 @@ dst__openssl_init(const char *engine) {
|
|
result = DST_R_NOENGINE;
|
|
goto cleanup_rm;
|
|
}
|
|
+ if (!ENGINE_init(e)) {
|
|
+ result = DST_R_NOENGINE;
|
|
+ goto cleanup_rm;
|
|
+ }
|
|
/* This will init the engine. */
|
|
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
|
|
result = DST_R_NOENGINE;
|
|
- goto cleanup_rm;
|
|
+ goto cleanup_init;
|
|
}
|
|
}
|
|
|
|
return (ISC_R_SUCCESS);
|
|
+cleanup_init:
|
|
+ ENGINE_finish(e);
|
|
cleanup_rm:
|
|
if (e != NULL) {
|
|
ENGINE_free(e);
|
|
@@ -108,6 +114,7 @@ void
|
|
dst__openssl_destroy(void) {
|
|
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
|
|
if (e != NULL) {
|
|
+ ENGINE_finish(e);
|
|
ENGINE_free(e);
|
|
}
|
|
e = NULL;
|
|
--
|
|
2.37.2
|
|
|