Clear ssl dir from engines

Signed-off-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)

diff --git a/ssl/record/methods/ssl3_cbc.c b/ssl/record/methods/ssl3_cbc.c
index a8282989ed39e60e02b433ae359c540c64371061..1e42a9cb538ac4d105e88a55e6e6c5a002f43ace 100644 (file)
--- a/ssl/record/methods/ssl3_cbc.c
+++ b/ssl/record/methods/ssl3_cbc.c
@@ -456,7 +456,7 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
     if (md_ctx == NULL)
         goto err;
 
-    if (EVP_DigestInit_ex(md_ctx, md, NULL /* engine */) <= 0)
+    if (EVP_DigestInit_ex(md_ctx, md, NULL) <= 0)
         goto err;
     if (is_sslv3) {
         /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */

diff --git a/ssl/record/methods/ssl3_meth.c b/ssl/record/methods/ssl3_meth.c
index 6b5a1bed23ebe6a6792672f1fd8035a867fb4dcc..092085df637f5992b91402d179e0906719875be3 100644 (file)
--- a/ssl/record/methods/ssl3_meth.c
+++ b/ssl/record/methods/ssl3_meth.c
@@ -64,10 +64,6 @@ static int ssl3_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
         return OSSL_RECORD_RETURN_FATAL;
     }
 
-    /*
-     * The cipher we actually ended up using in the EVP_CIPHER_CTX may be
-     * different to that in ciph if we have an ENGINE in use
-     */
     if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(ciph_ctx)) != NULL
             && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md)) {
         /* ERR_raise already called */

diff --git a/ssl/record/methods/tls1_meth.c b/ssl/record/methods/tls1_meth.c
index 19295f6e587d1be0c2d5bbcb6eadb6ae1665a85b..114a2e1eb6b285645812a3d5ee370f1693e8aa27 100644 (file)
--- a/ssl/record/methods/tls1_meth.c
+++ b/ssl/record/methods/tls1_meth.c
@@ -130,10 +130,6 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
         return OSSL_RECORD_RETURN_FATAL;
     }
 
-    /*
-     * The cipher we actually ended up using in the EVP_CIPHER_CTX may be
-     * different to that in ciph if we have an ENGINE in use
-     */
     if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(ciph_ctx)) != NULL
             && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md)) {
         /* ERR_raise already called */

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index cd0d0e071bcff735911e15bdf4d4b746eebbbcd9..6b02c79ab95289ef4a4c827e0899b23085bfa7be 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -18,7 +18,6 @@
 #include <ctype.h>
 #include <openssl/objects.h>
 #include <openssl/comp.h>
-#include <openssl/engine.h>
 #include <openssl/crypto.h>
 #include <openssl/conf.h>
 #include <openssl/trace.h>
@@ -125,11 +124,6 @@ static int ssl_cipher_info_find(const ssl_cipher_table *table,
 #define ssl_cipher_info_lookup(table, x) \
     ssl_cipher_info_find(table, OSSL_NELEM(table), x)
 
-/*
- * PKEY_TYPE for GOST89MAC is known in advance, but, because implementation
- * is engine-provided, we'll fill it only if corresponding EVP_PKEY_METHOD is
- * found
- */
 static const int default_mac_pkey_id[SSL_MD_NUM_IDX] = {
     /* MD5, SHA, GOST94, MAC89 */
     EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
@@ -442,9 +436,8 @@ int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc,
     } else {
         if (i == SSL_ENC_NULL_IDX) {
             /*
-             * We assume we don't care about this coming from an ENGINE so
-             * just do a normal EVP_CIPHER_fetch instead of
-             * ssl_evp_cipher_fetch()
+             * This does not need any special handling. Use EVP_CIPHER_fetch()
+             * directly.
              */
             *enc = EVP_CIPHER_fetch(ctx->libctx, "NULL", ctx->propq);
             if (*enc == NULL)

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index c3aa35009d82e631b17cf7efdbfa507c3570b7e8..c726e3418cfc1f857e4ed1f222f3de2f872ff843 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -14,7 +14,6 @@
 #endif
 #include <stdio.h>
 #include <openssl/rand.h>
-#include <openssl/engine.h>
 #include "internal/refcount.h"
 #include "internal/cryptlib.h"
 #include "internal/ssl_unwrap.h"

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 8658e78bba2520dde4833adda91c64dd3aab73a8..c7baa896f178b7bccc9297c6d0e689aa1d715470 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3513,7 +3513,6 @@ static int tls_process_cke_gost18(SSL_CONNECTION *s, PACKET *pkt)
         goto err;
     }
 
-    /* Reuse EVP_PKEY_CTRL_SET_IV, make choice in engine code depending on size */
     if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_DECRYPT,
                           EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG);