use pkcs11 provider for OPENSSL MAJOR >= 3

f-trivino · abbra · commit bdd1cd7b632d · 2024-11-29T15:37:20.000+02:00
diff --git a/cmake/modules/tests/test_openssl_gost.c b/cmake/modules/tests/test_openssl_gost.c
@@ -1,3 +1,4 @@
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #include <openssl/crypto.h>
 #include <openssl/opensslv.h>
@@ -39,3 +40,4 @@ int main()
 
         return 0;
 }
+#endif
diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp b/src/lib/crypto/OSSLCryptoFactory.cpp
@@ -141,6 +141,11 @@ OSSLCryptoFactory::OSSLCryptoFactory()
 	// Initialise OpenSSL
 	OpenSSL_add_all_algorithms();
 
+	// Initialise the one-and-only RNG
+	rng = new OSSLRNG();
+
+#ifndef OPENSSL_NO_ENGINE
+
 #if !( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) )
 	// Make sure RDRAND is loaded first
 	ENGINE_load_rdrand();
@@ -221,13 +226,13 @@ OSSLCryptoFactory::OSSLCryptoFactory()
 	eg = NULL;
 	return;
 #endif
+#endif // OPENSSL_NO_ENGINE
 }
 
 // Destructor
 OSSLCryptoFactory::~OSSLCryptoFactory()
 {
 	bool ossl_shutdown = false;
-
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	// OpenSSL 1.1.0+ will register an atexit() handler to run
 	// OPENSSL_cleanup(). If that has already happened we must
@@ -243,6 +248,7 @@ OSSLCryptoFactory::~OSSLCryptoFactory()
 #endif
 	if (!ossl_shutdown)
 	{
+#ifndef OPENSSL_NO_ENGINE
 #ifdef WITH_GOST
 		// Finish the GOST engine
 		if (eg != NULL)
@@ -257,7 +263,7 @@ OSSLCryptoFactory::~OSSLCryptoFactory()
 		ENGINE_finish(rdrand_engine);
 		ENGINE_free(rdrand_engine);
 		rdrand_engine = NULL;
-
+#endif //OPENSSL_NO_ENGINE
 		// Recycle locks
 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 		if (setLockingCallback)
diff --git a/src/lib/crypto/OSSLCryptoFactory.h b/src/lib/crypto/OSSLCryptoFactory.h
@@ -42,7 +42,16 @@
 #include "RNG.h"
 #include <memory>
 #include <openssl/conf.h>
-#include <openssl/engine.h>
+#if OPENSSL_VERSION_MAJOR >= 3
+# define USE_PKCS11_PROVIDER
+# include <openssl/provider.h>
+# include <openssl/store.h>
+#else
+# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+#  define USE_PKCS11_ENGINE
+#  include <openssl/engine.h>
+# endif
+#endif
 
 class OSSLCryptoFactory : public CryptoFactory
 {

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+#ifndef OPENSSL_NO_ENGINE`
`1`	`2`	`#include <openssl/engine.h>`
`2`	`3`	`#include <openssl/crypto.h>`
`3`	`4`	`#include <openssl/opensslv.h>`
`@@ -39,3 +40,4 @@ int main()`
`39`	`40`
`40`	`41`	`return 0;`
`41`	`42`	`}`
	`43`	`+#endif`