providers/: Remove ENGINEs

author Norbert Pocs <norbertp@openssl.org>

Thu, 28 Aug 2025 13:14:31 +0000 (15:14 +0200)

committer Neil Horman <nhorman@openssl.org>

Thu, 4 Dec 2025 12:31:05 +0000 (07:31 -0500)
author Norbert Pocs <norbertp@openssl.org>
Thu, 28 Aug 2025 13:14:31 +0000 (15:14 +0200)
committer Neil Horman <nhorman@openssl.org>
Thu, 4 Dec 2025 12:31:05 +0000 (07:31 -0500)
diff --git a/providers/common/include/prov/provider_util.h b/providers/common/include/prov/provider_util.h

index f04e811ac3b8904592c64f634f1354526bbcbee8..f34e4a1b2cedf961c5d299c3253fed0cb6add71e 100644 (file)
--- a/providers/common/include/prov/provider_util.h
+++ b/providers/common/include/prov/provider_util.h
@@ -39,13 +39,11 @@ typedef struct {
  /* Cipher functions */
  /*
   * Load a cipher from the specified parameters with the specified context.
- * The params "propq", "engine" and "cipher" are used to determine the
- * implementation used.  If a provider cannot be found, it falls back to trying
- * non-provider based implementations.
+ * The params "propq" and "cipher" are used to determine the
+ * implementation used.
   */
  int ossl_prov_cipher_load(PROV_CIPHER *pc, const OSSL_PARAM *cipher,
-                          const OSSL_PARAM *propq, const OSSL_PARAM *engine,
-                          OSSL_LIB_CTX *ctx);
+                          const OSSL_PARAM *propq, OSSL_LIB_CTX *ctx);
  
  /* Reset the PROV_CIPHER fields and free any allocated cipher reference */
  void ossl_prov_cipher_reset(PROV_CIPHER *pc);
@@ -53,9 +51,8 @@ void ossl_prov_cipher_reset(PROV_CIPHER *pc);
  /* Clone a PROV_CIPHER structure into a second */
  int ossl_prov_cipher_copy(PROV_CIPHER *dst, const PROV_CIPHER *src);
  
-/* Query the cipher and associated engine (if any) */
+/* Query the cipher (if any) */
  const EVP_CIPHER *ossl_prov_cipher_cipher(const PROV_CIPHER *pc);
-ENGINE *ossl_prov_cipher_engine(const PROV_CIPHER *pc);
  
  /* Digest functions */
  
@@ -68,13 +65,11 @@ const EVP_MD *ossl_prov_digest_fetch(PROV_DIGEST *pd, OSSL_LIB_CTX *libctx,
  
  /*
   * Load a digest from the specified parameters with the specified context.
- * The params "propq", "engine" and "digest" are used to determine the
- * implementation used.  If a provider cannot be found, it falls back to trying
- * non-provider based implementations.
+ * The params "propq" and "digest" are used to determine the
+ * implementation used.
   */
  int ossl_prov_digest_load(PROV_DIGEST *pd,const OSSL_PARAM *digest,
-                          const OSSL_PARAM *propq, const OSSL_PARAM *engine,
-                          OSSL_LIB_CTX *ctx);
+                          const OSSL_PARAM *propq, OSSL_LIB_CTX *ctx);
  
  /* Reset the PROV_DIGEST fields and free any allocated digest reference */
  void ossl_prov_digest_reset(PROV_DIGEST *pd);
@@ -82,9 +77,8 @@ void ossl_prov_digest_reset(PROV_DIGEST *pd);
  /* Clone a PROV_DIGEST structure into a second */
  int ossl_prov_digest_copy(PROV_DIGEST *dst, const PROV_DIGEST *src);
  
-/* Query the digest and associated engine (if any) */
+/* Query the digest (if any) */
  const EVP_MD *ossl_prov_digest_md(const PROV_DIGEST *pd);
-ENGINE *ossl_prov_digest_engine(const PROV_DIGEST *pd);
  
  /* Set a specific md, resets current digests first */
  void ossl_prov_digest_set_md(PROV_DIGEST *pd, EVP_MD *md);
@@ -97,14 +91,12 @@ void ossl_prov_digest_set_md(PROV_DIGEST *pd, EVP_MD *md);
  int ossl_prov_macctx_load(EVP_MAC_CTX **macctx,
                            const OSSL_PARAM *pmac, const OSSL_PARAM *pcipher,
                            const OSSL_PARAM *pdigest, const OSSL_PARAM *propq,
-                          const OSSL_PARAM *pengine,
                            const char *macname, const char *ciphername,
                            const char *mdname, OSSL_LIB_CTX *libctx);
  
  int ossl_prov_set_macctx(EVP_MAC_CTX *macctx,
                           const char *ciphername,
                           const char *mdname,
-                         const char *engine,
                           const char *properties,
                           const OSSL_PARAM param[]);
  
diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c

index 2f123f5f2b063483cdde6aeda84004a5aa787e09..c7f60f17379a07defe763c9b692dad2bdecbf2bc 100644 (file)
--- a/providers/common/provider_util.c
+++ b/providers/common/provider_util.c
@@ -7,15 +7,11 @@
   * https://www.openssl.org/source/license.html
   */
  
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
  #include <openssl/evp.h>
  #include <openssl/core_names.h>
  #include <openssl/err.h>
  #include <openssl/proverr.h>
  #ifndef FIPS_MODULE
-# include <openssl/engine.h>
  # include "crypto/evp.h"
  #endif
  #include "prov/providercommon.h"
@@ -26,23 +22,12 @@ void ossl_prov_cipher_reset(PROV_CIPHER *pc)
      EVP_CIPHER_free(pc->alloc_cipher);
      pc->alloc_cipher = NULL;
      pc->cipher = NULL;
-#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
-    ENGINE_finish(pc->engine);
-#endif
-    pc->engine = NULL;
  }
  
  int ossl_prov_cipher_copy(PROV_CIPHER *dst, const PROV_CIPHER *src)
  {
      if (src->alloc_cipher != NULL && !EVP_CIPHER_up_ref(src->alloc_cipher))
          return 0;
-#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
-    if (src->engine != NULL && !ENGINE_init(src->engine)) {
-        EVP_CIPHER_free(src->alloc_cipher);
-        return 0;
-    }
-#endif
-    dst->engine = src->engine;
      dst->cipher = src->cipher;
      dst->alloc_cipher = src->alloc_cipher;
      return 1;
@@ -59,41 +44,12 @@ static int set_propq(const OSSL_PARAM *propq, const char **propquery)
      return 1;
  }
  
-static int set_engine(const OSSL_PARAM *e, ENGINE **engine)
-{
-#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
-    ENGINE_finish(*engine);
-#endif
-    *engine = NULL;
-    /* Inside the FIPS module, we don't support legacy ciphers */
-#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
-    if (e != NULL) {
-        if (e->data_type != OSSL_PARAM_UTF8_STRING)
-            return 0;
-        /* Get a structural reference */
-        *engine = ENGINE_by_id(e->data);
-        if (*engine == NULL)
-            return 0;
-        /* Get a functional reference */
-        if (!ENGINE_init(*engine)) {
-            ENGINE_free(*engine);
-            *engine = NULL;
-            return 0;
-        }
-        /* Free the structural reference */
-        ENGINE_free(*engine);
-    }
-#endif
-    return 1;
-}
-
  int ossl_prov_cipher_load(PROV_CIPHER *pc, const OSSL_PARAM *cipher,
-                          const OSSL_PARAM *propq, const OSSL_PARAM *engine,
-                          OSSL_LIB_CTX *ctx)
+                          const OSSL_PARAM *propq, OSSL_LIB_CTX *ctx)
  {
      const char *propquery;
  
-   if (!set_propq(propq, &propquery) || !set_engine(engine, &pc->engine))
+    if (!set_propq(propq, &propquery))
          return 0;
  
      if (cipher == NULL)
@@ -127,33 +83,17 @@ const EVP_CIPHER *ossl_prov_cipher_cipher(const PROV_CIPHER *pc)
      return pc->cipher;
  }
  
-ENGINE *ossl_prov_cipher_engine(const PROV_CIPHER *pc)
-{
-    return pc->engine;
-}
-
  void ossl_prov_digest_reset(PROV_DIGEST *pd)
  {
      EVP_MD_free(pd->alloc_md);
      pd->alloc_md = NULL;
      pd->md = NULL;
-#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
-    ENGINE_finish(pd->engine);
-#endif
-    pd->engine = NULL;
  }
  
  int ossl_prov_digest_copy(PROV_DIGEST *dst, const PROV_DIGEST *src)
  {
      if (src->alloc_md != NULL && !EVP_MD_up_ref(src->alloc_md))
          return 0;
-#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
-    if (src->engine != NULL && !ENGINE_init(src->engine)) {
-        EVP_MD_free(src->alloc_md);
-        return 0;
-    }
-#endif
-    dst->engine = src->engine;
      dst->md = src->md;
      dst->alloc_md = src->alloc_md;
      return 1;
@@ -169,12 +109,11 @@ const EVP_MD *ossl_prov_digest_fetch(PROV_DIGEST *pd, OSSL_LIB_CTX *libctx,
  }
  
  int ossl_prov_digest_load(PROV_DIGEST *pd, const OSSL_PARAM *digest,
-                          const OSSL_PARAM *propq, const OSSL_PARAM *engine,
-                          OSSL_LIB_CTX *ctx)
+                          const OSSL_PARAM *propq, OSSL_LIB_CTX *ctx)
  {
      const char *propquery;
  
-    if (!set_propq(propq, &propquery) || !set_engine(engine, &pd->engine))
+    if (!set_propq(propq, &propquery))
          return 0;
  
      if (digest == NULL)
@@ -212,15 +151,9 @@ const EVP_MD *ossl_prov_digest_md(const PROV_DIGEST *pd)
      return pd->md;
  }
  
-ENGINE *ossl_prov_digest_engine(const PROV_DIGEST *pd)
-{
-    return pd->engine;
-}
-
  int ossl_prov_set_macctx(EVP_MAC_CTX *macctx,
                           const char *ciphername,
                           const char *mdname,
-                         const char *engine,
                           const char *properties,
                           const OSSL_PARAM param[])
  {
@@ -238,12 +171,6 @@ int ossl_prov_set_macctx(EVP_MAC_CTX *macctx,
          *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_PROPERTIES,
                                                   (char *)properties, 0);
  
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
-    if (engine != NULL)
-        *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_ENGINE,
-                                                 (char *) engine, 0);
-#endif
-
      *mp = OSSL_PARAM_construct_end();
  
      /*
@@ -274,12 +201,10 @@ int ossl_prov_set_macctx(EVP_MAC_CTX *macctx,
  int ossl_prov_macctx_load(EVP_MAC_CTX **macctx,
                            const OSSL_PARAM *pmac, const OSSL_PARAM *pcipher,
                            const OSSL_PARAM *pdigest, const OSSL_PARAM *propq,
-                          const OSSL_PARAM *pengine,
                            const char *macname, const char *ciphername,
                            const char *mdname, OSSL_LIB_CTX *libctx)
  {
      const char *properties = NULL;
-    const char *engine = NULL;
  
      if (macname == NULL && pmac != NULL)
          if (!OSSL_PARAM_get_utf8_string_ptr(pmac, &macname))
@@ -312,10 +237,8 @@ int ossl_prov_macctx_load(EVP_MAC_CTX **macctx,
      if (mdname == NULL && pdigest != NULL)
          if (!OSSL_PARAM_get_utf8_string_ptr(pdigest, &mdname))
              return 0;
-    if (pengine != NULL && !OSSL_PARAM_get_utf8_string_ptr(pengine, &engine))
-        return 0;
  
-    if (ossl_prov_set_macctx(*macctx, ciphername, mdname, engine, properties, NULL))
+    if (ossl_prov_set_macctx(*macctx, ciphername, mdname, properties, NULL))
          return 1;
  
      EVP_MAC_CTX_free(*macctx);
diff --git a/providers/implementations/asymciphers/sm2_enc.c b/providers/implementations/asymciphers/sm2_enc.c

index b8d991c1c3c3f18e8d3a5aac594aeed961e2a30c..43ecd435199c08651c024efb66ae65ae0b6fcc16 100644 (file)
--- a/providers/implementations/asymciphers/sm2_enc.c
+++ b/providers/implementations/asymciphers/sm2_enc.c
@@ -189,7 +189,7 @@ static int sm2_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM params[])
      if (psm2ctx == NULL || !sm2_set_ctx_params_decoder(params, &p))
          return 0;
  
-    if (!ossl_prov_digest_load(&psm2ctx->md, p.digest, p.propq, p.engine,
+    if (!ossl_prov_digest_load(&psm2ctx->md, p.digest, p.propq,
                                 psm2ctx->libctx))
          return 0;
  
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c

index b4c84a007a2ba53db589c98664a28a551628ff8e..3fe2c3ece80b84bfded2f325d2fdd4e4ce3d2b06 100644 (file)
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -294,8 +294,7 @@ static int hkdf_common_set_ctx_params
      if (p->digest != NULL) {
          const EVP_MD *md = NULL;
  
-        if (!ossl_prov_digest_load(&ctx->digest, p->digest,
-                                   p->propq, p->engine, libctx))
+        if (!ossl_prov_digest_load(&ctx->digest, p->digest, p->propq, libctx))
              return 0;
  
          md = ossl_prov_digest_md(&ctx->digest);
@@ -488,7 +487,7 @@ static void *kdf_hkdf_fixed_digest_new(void *provctx, const char *digest)
  
      param = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST,
                                               (char *)digest, 0);
-    if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, NULL, libctx)) {
+    if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, libctx)) {
          kdf_hkdf_free(ctx);
          return NULL;
      }
diff --git a/providers/implementations/kdfs/hmacdrbg_kdf.c b/providers/implementations/kdfs/hmacdrbg_kdf.c

index 2d2805b53ddb432262d9431d03f4d34d72a31109..a36d92cd22037ab688fd7363b4e1ae8a22f3959a 100644 (file)
--- a/providers/implementations/kdfs/hmacdrbg_kdf.c
+++ b/providers/implementations/kdfs/hmacdrbg_kdf.c
@@ -210,8 +210,7 @@ static int hmac_drbg_kdf_set_ctx_params(void *vctx,
      }
  
      if (p.digest != NULL) {
-        if (!ossl_prov_digest_load(&drbg->digest, p.digest,
-                                   p.propq, p.engine, libctx))
+        if (!ossl_prov_digest_load(&drbg->digest, p.digest, p.propq, libctx))
              return 0;
  
          /* Confirm digest is allowed. Allow all digests that are not XOF */
@@ -227,7 +226,7 @@ static int hmac_drbg_kdf_set_ctx_params(void *vctx,
              drbg->blocklen = (size_t)md_size;
          }
          if (!ossl_prov_macctx_load(&drbg->ctx, NULL, NULL, p.digest, p.propq,
-                                   p.engine, "HMAC", NULL, NULL, libctx))
+                                   "HMAC", NULL, NULL, libctx))
              return 0;
      }
      return 1;
diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c

index d8fa4d818655853241f2cf2e2431f8bb4271b39c..2f273f8db951840de040550661005753e3dfdd47 100644 (file)
--- a/providers/implementations/kdfs/kbkdf.c
+++ b/providers/implementations/kdfs/kbkdf.c
@@ -383,8 +383,7 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
          return 0;
  
      if (!ossl_prov_macctx_load(&ctx->ctx_init, p.mac, p.cipher,
-                               p.digest, p.propq, p.engine,
-                               NULL, NULL, NULL, libctx))
+                               p.digest, p.propq, NULL, NULL, NULL, libctx))
          return 0;
  
      if (ctx->ctx_init != NULL) {
diff --git a/providers/implementations/kdfs/krb5kdf.c b/providers/implementations/kdfs/krb5kdf.c

index 03e8fc62c7b24bac10ec3b452f2687c065264be9..3ee0f3c3c9f4e4e22002fdd967dc9d67c8a0731a 100644 (file)
--- a/providers/implementations/kdfs/krb5kdf.c
+++ b/providers/implementations/kdfs/krb5kdf.c
@@ -128,7 +128,7 @@ static int krb5kdf_derive(void *vctx, unsigned char *key, size_t keylen,
  {
      KRB5KDF_CTX *ctx = (KRB5KDF_CTX *)vctx;
      const EVP_CIPHER *cipher;
-    ENGINE *engine;
+    ENGINE *engine = NULL;
  
      if (!ossl_prov_is_running() || !krb5kdf_set_ctx_params(ctx, params))
          return 0;
@@ -146,7 +146,7 @@ static int krb5kdf_derive(void *vctx, unsigned char *key, size_t keylen,
          ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONSTANT);
          return 0;
      }
-    engine = ossl_prov_cipher_engine(&ctx->cipher);
+
      return KRB5KDF(cipher, engine, ctx->key, ctx->key_len,
                     ctx->constant, ctx->constant_len,
                     key, keylen);
@@ -163,7 +163,7 @@ static int krb5kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
  
      provctx = PROV_LIBCTX_OF(ctx->provctx);
  
-    if (!ossl_prov_cipher_load(&ctx->cipher, p.cipher, p.propq, p.engine, provctx))
+    if (!ossl_prov_cipher_load(&ctx->cipher, p.cipher, p.propq, provctx))
          return 0;
  
      if (p.key != NULL && !krb5kdf_set_membuf(&ctx->key, &ctx->key_len, p.key))
diff --git a/providers/implementations/kdfs/pbkdf1.c b/providers/implementations/kdfs/pbkdf1.c

index 6830c5cdf9fbd137705a71c4b27b44361019e049..2f37f7a95fca906da023cf5782ad6c3e138f40b4 100644 (file)
--- a/providers/implementations/kdfs/pbkdf1.c
+++ b/providers/implementations/kdfs/pbkdf1.c
@@ -236,8 +236,7 @@ static int kdf_pbkdf1_set_ctx_params(void *vctx, const OSSL_PARAM params[])
  
      libctx = PROV_LIBCTX_OF(ctx->provctx);
  
-    if (!ossl_prov_digest_load(&ctx->digest, p.digest,
-                               p.propq, p.engine, libctx))
+    if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, libctx))
          return 0;
  
      if (p.pw != NULL && !kdf_pbkdf1_set_membuf(&ctx->pass, &ctx->pass_len, p.pw))
diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c

index 182525552deafc1bc8bf540f1ba5a62781813ace..ca46995dcd699be555aa1998ed288e816296b1eb 100644 (file)
--- a/providers/implementations/kdfs/pbkdf2.c
+++ b/providers/implementations/kdfs/pbkdf2.c
@@ -178,7 +178,7 @@ static void kdf_pbkdf2_init(KDF_PBKDF2 *ctx)
  
      param = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
                                               SN_sha1, 0);
-    if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, NULL, provctx))
+    if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, provctx))
          /* This is an error, but there is no way to indicate such directly */
          ossl_prov_digest_reset(&ctx->digest);
      ctx->iter = PKCS5_DEFAULT_ITER;
@@ -327,8 +327,7 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
      provctx = PROV_LIBCTX_OF(ctx->provctx);
  
      if (p.digest != NULL) {
-        if (!ossl_prov_digest_load(&ctx->digest, p.digest,
-                                   p.propq, p.engine, provctx))
+        if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx))
              return 0;
          md = ossl_prov_digest_md(&ctx->digest);
          if (EVP_MD_xof(md)) {
diff --git a/providers/implementations/kdfs/pkcs12kdf.c b/providers/implementations/kdfs/pkcs12kdf.c

index cc07139ec448993286b0af8a38e459342d146c3b..98942fb0bb146be7d0a274185511dd87465facc8 100644 (file)
--- a/providers/implementations/kdfs/pkcs12kdf.c
+++ b/providers/implementations/kdfs/pkcs12kdf.c
@@ -252,8 +252,7 @@ static int kdf_pkcs12_set_ctx_params(void *vctx, const OSSL_PARAM params[])
  
      provctx = PROV_LIBCTX_OF(ctx->provctx);
  
-    if (!ossl_prov_digest_load(&ctx->digest, p.digest,
-                               p.propq, p.engine, provctx))
+    if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx))
          return 0;
  
      if (p.pw != NULL && !pkcs12kdf_set_membuf(&ctx->pass, &ctx->pass_len, p.pw))
diff --git a/providers/implementations/kdfs/pvkkdf.c b/providers/implementations/kdfs/pvkkdf.c

index 40afdcc127bad9b00bcaee9052c72db91c641108..9558e3333497af77b15925fc8867e1ae53c3828d 100644 (file)
--- a/providers/implementations/kdfs/pvkkdf.c
+++ b/providers/implementations/kdfs/pvkkdf.c
@@ -111,7 +111,7 @@ static void kdf_pvk_init(KDF_PVK *ctx)
  
      param = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
                                               SN_sha1, 0);
-    if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, NULL, provctx))
+    if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, provctx))
          /* This is an error, but there is no way to indicate such directly */
          ossl_prov_digest_reset(&ctx->digest);
  }
@@ -190,8 +190,7 @@ static int kdf_pvk_set_ctx_params(void *vctx, const OSSL_PARAM params[])
  
      provctx = PROV_LIBCTX_OF(ctx->provctx);
  
-    if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, p.engine,
-                               provctx))
+    if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx))
          return 0;
  
      if (p.pass != NULL && !pvk_set_membuf(&ctx->pass, &ctx->pass_len, p.pass))
diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c

index 4d584374474aa955865a0821d37d8b3d741ebf5c..81ca574ccb303fbd95cfb8437871dfc68633b054 100644 (file)
--- a/providers/implementations/kdfs/sshkdf.c
+++ b/providers/implementations/kdfs/sshkdf.c
@@ -226,8 +226,7 @@ static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
      if (p.digest != NULL) {
          const EVP_MD *md = NULL;
  
-        if (!ossl_prov_digest_load(&ctx->digest, p.digest,
-                                   p.propq, p.engine, provctx))
+        if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx))
              return 0;
  
          md = ossl_prov_digest_md(&ctx->digest);
diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c

index 2fac552d8da9f2d0652c967a2c8511c4cbd5f31d..04018c48905084e46a903e00c35c2cf76e9bf2fe 100644 (file)
--- a/providers/implementations/kdfs/sskdf.c
+++ b/providers/implementations/kdfs/sskdf.c
@@ -565,7 +565,7 @@ static int sskdf_common_set_ctx_params
      int r;
  
      if (!ossl_prov_macctx_load(&ctx->macctx,
-                               p->mac, NULL, p->digest, p->propq, p->engine,
+                               p->mac, NULL, p->digest, p->propq,
                                 NULL, NULL, NULL, libctx))
          return 0;
      if (ctx->macctx != NULL) {
@@ -578,8 +578,7 @@ static int sskdf_common_set_ctx_params
      }
  
      if (p->digest != NULL) {
-        if (!ossl_prov_digest_load(&ctx->digest, p->digest,
-                                   p->propq, p->engine, libctx))
+        if (!ossl_prov_digest_load(&ctx->digest, p->digest, p->propq, libctx))
              return 0;
  
          md = ossl_prov_digest_md(&ctx->digest);
diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c

index f65c9eb71d8291083ed801aa1798af3ea756279b..04908cacea212c5e226dd508607f1ceb24ab967d 100644 (file)
--- a/providers/implementations/kdfs/tls1_prf.c
+++ b/providers/implementations/kdfs/tls1_prf.c
@@ -313,25 +313,25 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
  
          if (OPENSSL_strcasecmp(dgst, OSSL_DIGEST_NAME_MD5_SHA1) == 0) {
              if (!ossl_prov_macctx_load(&ctx->P_hash, NULL, NULL, NULL,
-                                       p.propq, p.engine,
+                                       p.propq,
                                         OSSL_MAC_NAME_HMAC, NULL,
                                         OSSL_DIGEST_NAME_MD5, libctx))
                  return 0;
              if (!ossl_prov_macctx_load(&ctx->P_sha1, NULL, NULL, NULL,
-                                       p.propq, p.engine,
+                                       p.propq,
                                         OSSL_MAC_NAME_HMAC, NULL,
                                         OSSL_DIGEST_NAME_SHA1, libctx))
                  return 0;
          } else {
              EVP_MAC_CTX_free(ctx->P_sha1);
              if (!ossl_prov_macctx_load(&ctx->P_hash, NULL, NULL, p.digest,
-                                       p.propq, p.engine,
+                                       p.propq,
                                         OSSL_MAC_NAME_HMAC, NULL, NULL, libctx))
                  return 0;
          }
  
          memset(&digest, 0, sizeof(digest));
-        if (!ossl_prov_digest_load(&digest, p.digest, p.propq, p.engine, libctx))
+        if (!ossl_prov_digest_load(&digest, p.digest, p.propq, libctx))
              return 0;
  
          md = ossl_prov_digest_md(&digest);
diff --git a/providers/implementations/kdfs/x942kdf.c b/providers/implementations/kdfs/x942kdf.c

index 09ed47cedd76fd20257746bcab7136165f6df541..f22e1124f2c6f86debe7b00c1f7b1dc8135d2522 100644 (file)
--- a/providers/implementations/kdfs/x942kdf.c
+++ b/providers/implementations/kdfs/x942kdf.c
@@ -545,8 +545,7 @@ static int x942kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
          return 0;
  
      if (p.digest != NULL) {
-        if (!ossl_prov_digest_load(&ctx->digest, p.digest,
-                                   p.propq, p.engine, provctx))
+        if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx))
              return 0;
          md = ossl_prov_digest_md(&ctx->digest);
          if (EVP_MD_xof(md)) {
diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c

index 4b3b4e8c9c87e69f13a5aeb9f5ea5b9d02b12038..21b450f04bed192589c0ee021b35bb105143abbf 100644 (file)
--- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c
+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -228,7 +228,7 @@ static int mac_key_fromdata(MAC_KEY *key, const struct mac_common_params_st *p)
      }
  
      if (key->cmac && !ossl_prov_cipher_load(&key->cipher, p->cipher, p->propq,
-                                            p->engine, key->libctx)) {
+                                            key->libctx)) {
          ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
          return 0;
      }
@@ -301,14 +301,6 @@ static int key_to_params(MAC_KEY *key, OSSL_PARAM_BLD *tmpl,
                                               EVP_CIPHER_get0_name(key->cipher.cipher)))
          return 0;
  
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
-    if (key->cipher.engine != NULL
-        && !ossl_param_build_set_utf8_string(tmpl, p->engine,
-                                             OSSL_PKEY_PARAM_ENGINE,
-                                             ENGINE_get_id(key->cipher.engine)))
-        return 0;
-#endif
-
      return 1;
  }
  
@@ -475,7 +467,7 @@ static int cmac_gen_set_params(void *genctx, const OSSL_PARAM params[])
          return 0;
  
      if (!ossl_prov_cipher_load(&gctx->cipher, p.cipher, p.propq,
-                               p.engine, gctx->libctx)) {
+                               gctx->libctx)) {
          ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
          return 0;
      }
diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c

index 90b81acc046bc567ee2841e65db98f5f7e2db632..75e1c9ab3cbe2756eee48f8f0e0b4977c5bcf4a6 100644 (file)
--- a/providers/implementations/macs/cmac_prov.c
+++ b/providers/implementations/macs/cmac_prov.c
@@ -164,7 +164,7 @@ static int cmac_setkey(struct cmac_data_st *macctx,
  #endif
      rv = ossl_cmac_init(macctx->ctx, key, keylen,
                          ossl_prov_cipher_cipher(&macctx->cipher),
-                        ossl_prov_cipher_engine(&macctx->cipher), p);
+                        NULL, p);
      ossl_prov_cipher_reset(&macctx->cipher);
      return rv;
  }
@@ -251,8 +251,7 @@ static int cmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
          return 0;
  
      if (p.cipher != NULL) {
-        if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq,
-                                   p.engine, ctx))
+        if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq, ctx))
              return 0;
  
          if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher))
diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c

index 2c58922a90d8a89b4a2218d71dfff1c44d602998..d7903af8e4e377008bf3d7881a383f14828a3e0b 100644 (file)
--- a/providers/implementations/macs/gmac_prov.c
+++ b/providers/implementations/macs/gmac_prov.c
@@ -210,8 +210,7 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
      provctx = PROV_LIBCTX_OF(macctx->provctx);
  
      if (p.cipher != NULL) {
-        if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq,
-                                   p.engine, provctx))
+        if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq, provctx))
              return 0;
          if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher))
              != EVP_CIPH_GCM_MODE) {
@@ -219,8 +218,7 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
              return 0;
          }
          if (!EVP_EncryptInit_ex(ctx, ossl_prov_cipher_cipher(&macctx->cipher),
-                                ossl_prov_cipher_engine(&macctx->cipher), NULL,
-                                NULL))
+                                NULL, NULL, NULL))
              return 0;
      }
  
diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c

index ff934128c11fbc43181e263cd5c5421d15957a8c..2275fdfa7706f8310e26f950f10cb6966750e65d 100644 (file)
--- a/providers/implementations/macs/hmac_prov.c
+++ b/providers/implementations/macs/hmac_prov.c
@@ -193,8 +193,7 @@ static int hmac_setkey(struct hmac_data_st *macctx,
      digest = ossl_prov_digest_md(&macctx->digest);
      /* HMAC_Init_ex doesn't tolerate all zero params, so we must be careful */
      if (key != NULL || (macctx->tls_data_size == 0 && digest != NULL))
-        return HMAC_Init_ex(macctx->ctx, key, (int)keylen, digest,
-                            ossl_prov_digest_engine(&macctx->digest));
+        return HMAC_Init_ex(macctx->ctx, key, (int)keylen, digest, NULL);
      return 1;
  }
  
@@ -326,8 +325,7 @@ static int hmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
          return 0;
  
      if (p.digest != NULL
-            && !ossl_prov_digest_load(&macctx->digest, p.digest, p.propq,
-                                      p.engine, ctx))
+            && !ossl_prov_digest_load(&macctx->digest, p.digest, p.propq, ctx))
          return 0;
  
      if (p.key != NULL) {
diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c

index dc8addc39c2dcde982106fba04d6af5d4876e818..5beea468cba42ab078884679c5be10c099941b90 100644 (file)
--- a/providers/implementations/macs/kmac_prov.c
+++ b/providers/implementations/macs/kmac_prov.c
@@ -199,7 +199,7 @@ static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params)
          return 0;
      if (!kmac_new_decoder(params, &p))
          goto err;
-    if (!ossl_prov_digest_load(&kctx->digest, p.digest, p.propq, p.engine,
+    if (!ossl_prov_digest_load(&kctx->digest, p.digest, p.propq,
                                 PROV_LIBCTX_OF(provctx)))
          goto err;
  
diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c

index 28a7bb8afab10a5794f148ab655ad6e0671c948d..e682443005ae6695391d1ee829d0953ef96c0001 100644 (file)
--- a/providers/implementations/rands/drbg_hash.c
+++ b/providers/implementations/rands/drbg_hash.c
@@ -570,8 +570,7 @@ static int drbg_hash_set_ctx_params_locked
      if (!drbg_fetch_digest_from_prov(p, libctx, &prov_md)) {
          (void)ERR_pop_to_mark();
          /* fall back to full implementation search */
-        if (!ossl_prov_digest_load(&hash->digest, p->digest, p->propq,
-                                   p->engine, libctx))
+        if (!ossl_prov_digest_load(&hash->digest, p->digest, p->propq, libctx))
              return 0;
      } else {
          (void)ERR_clear_last_mark();
diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c

index adf1d24e58221972012f24806d5dc4ec6d295ed1..51f1ca26cd699e61f57afaa41902f6682d4cd101 100644 (file)
--- a/providers/implementations/rands/drbg_hmac.c
+++ b/providers/implementations/rands/drbg_hmac.c
@@ -464,12 +464,11 @@ static int drbg_hmac_set_ctx_params_locked
          if (p->digest != NULL) {
              /* fall back to full implementation search */
              if (!ossl_prov_digest_load(&hmac->digest, p->digest, p->propq,
-                                       p->engine, libctx))
+                                       libctx))
                  return 0;
  
              if (!ossl_prov_macctx_load(&hmac->ctx, NULL, NULL, p->digest,
-                                       p->propq, p->engine,
-                                       "HMAC", NULL, NULL, libctx))
+                                       p->propq, "HMAC", NULL, NULL, libctx))
                  return 0;
          }
      } else {
diff --git a/providers/implementations/signature/mac_legacy_sig.c b/providers/implementations/signature/mac_legacy_sig.c

index a5661eaa0b55ad6d1145a1f817d2c5c9d4a172d2..d1861acc046159d15b612a216570095e38006023 100644 (file)
--- a/providers/implementations/signature/mac_legacy_sig.c
+++ b/providers/implementations/signature/mac_legacy_sig.c
@@ -7,9 +7,6 @@
   * https://www.openssl.org/source/license.html
   */
  
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
  #include <openssl/crypto.h>
  #include <openssl/evp.h>
  #include <openssl/core_dispatch.h>
@@ -17,9 +14,6 @@
  #include <openssl/params.h>
  #include <openssl/err.h>
  #include <openssl/proverr.h>
-#ifndef FIPS_MODULE
-# include <openssl/engine.h>
-#endif
  #include "prov/implementations.h"
  #include "prov/provider_ctx.h"
  #include "prov/macsignature.h"
@@ -97,7 +91,7 @@ static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey,
                                  const OSSL_PARAM params[])
  {
      PROV_MAC_CTX *pmacctx = (PROV_MAC_CTX *)vpmacctx;
-    const char *ciphername = NULL, *engine = NULL;
+    const char *ciphername = NULL;
  
      if (!ossl_prov_is_running()
          || pmacctx == NULL)
@@ -117,15 +111,10 @@ static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey,
  
      if (pmacctx->key->cipher.cipher != NULL)
          ciphername = (char *)EVP_CIPHER_get0_name(pmacctx->key->cipher.cipher);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
-    if (pmacctx->key->cipher.engine != NULL)
-        engine = (char *)ENGINE_get_id(pmacctx->key->cipher.engine);
-#endif
  
      if (!ossl_prov_set_macctx(pmacctx->macctx,
                                (char *)ciphername,
                                (char *)mdname,
-                              (char *)engine,
                                pmacctx->key->properties, params))
          return 0;
author	Norbert Pocs <norbertp@openssl.org>
	Thu, 28 Aug 2025 13:14:31 +0000 (15:14 +0200)
committer	Neil Horman <nhorman@openssl.org>
	Thu, 4 Dec 2025 12:31:05 +0000 (07:31 -0500)
providers/common/include/prov/provider_util.h		patch \| blob \| blame \| history
providers/common/provider_util.c		patch \| blob \| blame \| history
providers/implementations/asymciphers/sm2_enc.c		patch \| blob \| blame \| history
providers/implementations/kdfs/hkdf.c		patch \| blob \| blame \| history
providers/implementations/kdfs/hmacdrbg_kdf.c		patch \| blob \| blame \| history
providers/implementations/kdfs/kbkdf.c		patch \| blob \| blame \| history
providers/implementations/kdfs/krb5kdf.c		patch \| blob \| blame \| history
providers/implementations/kdfs/pbkdf1.c		patch \| blob \| blame \| history
providers/implementations/kdfs/pbkdf2.c		patch \| blob \| blame \| history
providers/implementations/kdfs/pkcs12kdf.c		patch \| blob \| blame \| history
providers/implementations/kdfs/pvkkdf.c		patch \| blob \| blame \| history
providers/implementations/kdfs/sshkdf.c		patch \| blob \| blame \| history
providers/implementations/kdfs/sskdf.c		patch \| blob \| blame \| history
providers/implementations/kdfs/tls1_prf.c		patch \| blob \| blame \| history
providers/implementations/kdfs/x942kdf.c		patch \| blob \| blame \| history
providers/implementations/keymgmt/mac_legacy_kmgmt.c		patch \| blob \| blame \| history
providers/implementations/macs/cmac_prov.c		patch \| blob \| blame \| history
providers/implementations/macs/gmac_prov.c		patch \| blob \| blame \| history
providers/implementations/macs/hmac_prov.c		patch \| blob \| blame \| history
providers/implementations/macs/kmac_prov.c		patch \| blob \| blame \| history
providers/implementations/rands/drbg_hash.c		patch \| blob \| blame \| history
providers/implementations/rands/drbg_hmac.c		patch \| blob \| blame \| history
providers/implementations/signature/mac_legacy_sig.c		patch \| blob \| blame \| history