Guard against OpenSSL ENGINEs in httpapi_curl

2023-05-11 14:31:28 -07:00 · 2023-05-11 14:31:28 -07:00 · c502ae2394
--- a/adapters/httpapi_curl.c
+++ b/adapters/httpapi_curl.c
@ -47,8 +47,10 @@ typedef struct HTTP_HANDLE_DATA_TAG
    const char* certificates; /*a list of CA certificates*/
 #if USE_OPENSSL
    OPTION_OPENSSL_KEY_TYPE x509privatekeytype;
+#ifndef OPENSSL_NO_ENGINE
    char* engineId;
    ENGINE* engine;
+#endif // OPENSSL_NO_ENGINE
 #elif USE_MBEDTLS
    mbedtls_x509_crt cert;
    mbedtls_pk_context key;
@ -220,6 +222,7 @@ void HTTPAPI_CloseConnection(HTTP_HANDLE handle)
        free(httpHandleData->hostURL);
        curl_easy_cleanup(httpHandleData->curl);
 #ifdef USE_OPENSSL
+#ifndef OPENSSL_NO_ENGINE
        if (httpHandleData->engine != NULL)
        {
            ENGINE_free(httpHandleData->engine);
@ -231,6 +234,7 @@ void HTTPAPI_CloseConnection(HTTP_HANDLE handle)
            free(httpHandleData->engineId);
            httpHandleData->engineId = NULL;
        }
+#endif // OPENSSL_NO_ENGINE
 #elif USE_MBEDTLS
        mbedtls_x509_crt_free(&httpHandleData->cert);
        mbedtls_pk_free(&httpHandleData->key);
@ -315,6 +319,7 @@ static CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr)
        HTTP_HANDLE_DATA *httpHandleData = (HTTP_HANDLE_DATA *)userptr;
 #ifdef USE_OPENSSL
        /*trying to set the x509 per device certificate*/
+#ifndef OPENSSL_NO_ENGINE
        if (httpHandleData->x509privatekeytype == KEY_TYPE_ENGINE) {
            ENGINE_load_builtin_engines();
            httpHandleData->engine = ENGINE_by_id(httpHandleData->engineId);
@ -324,14 +329,18 @@ static CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr)
            LogError("unable to load engine by ID: %s", httpHandleData->engineId);
            result = CURLE_SSL_CERTPROBLEM;
        }
-        else if (
+        else
+#endif // OPENSSL_NO_ENGINE
+        if (
            (httpHandleData->x509certificate != NULL) && (httpHandleData->x509privatekey != NULL) &&
            (x509_openssl_add_credentials(ssl_ctx, httpHandleData->x509certificate, httpHandleData->x509privatekey, httpHandleData->x509privatekeytype, httpHandleData->engine) != 0)
           )
        {
            LogError("unable to x509_openssl_add_credentials");
            result = CURLE_SSL_CERTPROBLEM;
+#ifndef OPENSSL_NO_ENGINE
            ENGINE_free(httpHandleData->engine);
+#endif // OPENSSL_NO_ENGINE
        }
        /*trying to set CA certificates*/
        else if (
@ -341,7 +350,9 @@ static CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr)
        {
            LogError("failure in x509_openssl_add_certificates");
            result = CURLE_SSL_CERTPROBLEM;
+#ifndef OPENSSL_NO_ENGINE
            ENGINE_free(httpHandleData->engine);
+#endif // OPENSSL_NO_ENGINE
        }
 #elif USE_WOLFSSL
        if (