From: Norbert Pocs <norbertp@openssl.org>
Date: Thu, 20 Nov 2025 15:13:29 +0000 (+0100)
Subject: Clear providers dir from engines
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=380c9544edd0961d13d663f2f091b5cbd9d20012;p=thirdparty%2Fopenssl.git

Clear providers dir from engines

Signed-off-by: Norbert Pocs <norbertp@openssl.org>

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
---

diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index bb286d128f9..00575a3be11 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -543,8 +543,6 @@ bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9  include/openss
 7aa8c5bee779af59d4733f6a50f7f6be39f1eb43409e5b3357440f9a7d0ca115  include/openssl/ecerr.h
 61c76ee3f12ed0e42503a56421ca00f1cb9a0f4caa5f9c4421c374bcd45917d7  include/openssl/encoder.h
 69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc  include/openssl/encodererr.h
-e09078b3c2966e0f2fe18fb1370800942fb0e6e5c49cc02e6cdcce6a677faef0  include/openssl/engine.h
-fb510978001ebea15eee4c4c6cbeebb126a66e11117e6f6d9b9fb4be5057b92c  include/openssl/engineerr.h
 aa02455482d744418123266f581b9b4310ba678c7d28c10fffc5eec74ce3c8ef  include/openssl/err.h.in
 1b69b729f14255bb17c917b95692e1b1b8b2004b4d177754bc8a4e576a615e26  include/openssl/evp.h
 b2a8058dd51abe6c1ac4a0f32175f550a308efd31607a9cf1620aa032b1f7e55  include/openssl/evperr.h
diff --git a/providers/fips.module.sources b/providers/fips.module.sources
index 333af461e5a..799073c2c63 100644
--- a/providers/fips.module.sources
+++ b/providers/fips.module.sources
@@ -543,8 +543,6 @@ include/openssl/ec.h
 include/openssl/ecerr.h
 include/openssl/encoder.h
 include/openssl/encodererr.h
-include/openssl/engine.h
-include/openssl/engineerr.h
 include/openssl/err.h.in
 include/openssl/evp.h
 include/openssl/evperr.h
diff --git a/providers/implementations/kdfs/krb5kdf.c b/providers/implementations/kdfs/krb5kdf.c
index 3ee0f3c3c9f..a340943edf2 100644
--- a/providers/implementations/kdfs/krb5kdf.c
+++ b/providers/implementations/kdfs/krb5kdf.c
@@ -44,7 +44,7 @@ static OSSL_FUNC_kdf_set_ctx_params_fn krb5kdf_set_ctx_params;
 static OSSL_FUNC_kdf_gettable_ctx_params_fn krb5kdf_gettable_ctx_params;
 static OSSL_FUNC_kdf_get_ctx_params_fn krb5kdf_get_ctx_params;
 
-static int KRB5KDF(const EVP_CIPHER *cipher, ENGINE *engine,
+static int KRB5KDF(const EVP_CIPHER *cipher,
                    const unsigned char *key, size_t key_len,
                    const unsigned char *constant, size_t constant_len,
                    unsigned char *okey, size_t okey_len);
@@ -128,7 +128,6 @@ static int krb5kdf_derive(void *vctx, unsigned char *key, size_t keylen,
 {
     KRB5KDF_CTX *ctx = (KRB5KDF_CTX *)vctx;
     const EVP_CIPHER *cipher;
-    ENGINE *engine = NULL;
 
     if (!ossl_prov_is_running() || !krb5kdf_set_ctx_params(ctx, params))
         return 0;
@@ -147,7 +146,7 @@ static int krb5kdf_derive(void *vctx, unsigned char *key, size_t keylen,
         return 0;
     }
 
-    return KRB5KDF(cipher, engine, ctx->key, ctx->key_len,
+    return KRB5KDF(cipher, ctx->key, ctx->key_len,
                    ctx->constant, ctx->constant_len,
                    key, keylen);
 }
@@ -339,13 +338,12 @@ static void n_fold(unsigned char *block, unsigned int blocksize,
     }
 }
 
-static int cipher_init(EVP_CIPHER_CTX *ctx,
-                       const EVP_CIPHER *cipher, ENGINE *engine,
+static int cipher_init(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                        const unsigned char *key, size_t key_len)
 {
     int klen, ret;
 
-    ret = EVP_EncryptInit_ex(ctx, cipher, engine, NULL, NULL);
+    ret = EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL);
     if (!ret)
         goto out;
     /* set the key len for the odd variable key len cipher */
@@ -371,7 +369,7 @@ out:
     return ret;
 }
 
-static int KRB5KDF(const EVP_CIPHER *cipher, ENGINE *engine,
+static int KRB5KDF(const EVP_CIPHER *cipher,
                    const unsigned char *key, size_t key_len,
                    const unsigned char *constant, size_t constant_len,
                    unsigned char *okey, size_t okey_len)
@@ -407,7 +405,7 @@ static int KRB5KDF(const EVP_CIPHER *cipher, ENGINE *engine,
     if (ctx == NULL)
         return 0;
 
-    ret = cipher_init(ctx, cipher, engine, key, key_len);
+    ret = cipher_init(ctx, cipher, key, key_len);
     if (!ret)
         goto out;
 
@@ -457,7 +455,7 @@ static int KRB5KDF(const EVP_CIPHER *cipher, ENGINE *engine,
             ret = EVP_CIPHER_CTX_reset(ctx);
             if (!ret)
                 goto out;
-            ret = cipher_init(ctx, cipher, engine, key, key_len);
+            ret = cipher_init(ctx, cipher, key, key_len);
             if (!ret)
                 goto out;
 
diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
index f4deb9edbec..b7cc62c16ef 100644
--- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c
+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -7,9 +7,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
 #include <string.h>
 #include <openssl/core_dispatch.h>
 #include <openssl/core_names.h>
@@ -18,9 +15,6 @@
 #include <openssl/evp.h>
 #include <openssl/proverr.h>
 #include <openssl/param_build.h>
-#ifndef FIPS_MODULE
-# include <openssl/engine.h>
-#endif
 #include "internal/param_build_set.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"