From: Norbert Pocs Date: Mon, 22 Sep 2025 07:10:19 +0000 (+0200) Subject: crypto: Remove internal ENGINE usage from the subdir X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7f52f97f6fa9e196bd8033ac45dd56ee71e59ebb;p=thirdparty%2Fopenssl.git crypto: Remove internal ENGINE usage from the subdir Engines can be removed safely from static and internal functions clearing out our codebase. Resolves: https://github.com/openssl/project/issues/1625 Signed-off-by: Norbert Pocs Reviewed-by: Tomas Mraz Reviewed-by: Eugene Syromiatnikov Reviewed-by: Saša Nedvědický Reviewed-by: Saša Nedvědický Reviewed-by: Neil Horman Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/29305) --- diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index f97b6f96179..f56d05e1aeb 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -74,11 +74,10 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type) } /* - * Find an implementation of an ASN1 algorithm. If 'pe' is not NULL also - * search through engines and set *pe to a functional reference to the engine - * implementing 'type' or NULL if no engine implements it. + * Return ASN1 method for desired `type`, returns NULL if no method is found for + * `type`. If pe is not NULL, the function will set *pe to NULL to indicate no + * engine is used. */ - const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type) { const EVP_PKEY_ASN1_METHOD *t; diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index 75c342a4a33..ad357c8b8c8 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -20,6 +20,7 @@ #include #include #include "crypto/cmac.h" +#include "internal/common.h" #define LOCAL_BUF_SIZE 2048 struct CMAC_CTX_st { @@ -109,14 +110,13 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) } int ossl_cmac_init(CMAC_CTX *ctx, const void *key, size_t keylen, - const EVP_CIPHER *cipher, ENGINE *impl, - const OSSL_PARAM param[]) + const EVP_CIPHER *cipher, const OSSL_PARAM param[]) { static const unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH] = { 0 }; int block_len; /* All zeros means restart */ - if (!key && !cipher && !impl && keylen == 0) { + if (key == NULL && cipher == NULL && keylen == 0) { /* Not initialised */ if (ctx->nlast_block == -1) return 0; @@ -133,13 +133,8 @@ int ossl_cmac_init(CMAC_CTX *ctx, const void *key, size_t keylen, if (cipher != NULL) { /* Ensure we can't use this ctx until we also have a key */ ctx->nlast_block = -1; - if (impl != NULL) { - if (!EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) - return 0; - } else { - if (!EVP_EncryptInit_ex2(ctx->cctx, cipher, NULL, NULL, param)) - return 0; - } + if (!EVP_EncryptInit_ex2(ctx->cctx, cipher, NULL, NULL, param)) + return 0; } /* Non-NULL key means initialisation complete */ if (key != NULL) { @@ -174,7 +169,9 @@ int ossl_cmac_init(CMAC_CTX *ctx, const void *key, size_t keylen, int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, const EVP_CIPHER *cipher, ENGINE *impl) { - return ossl_cmac_init(ctx, key, keylen, cipher, impl, NULL); + if (!ossl_assert(impl == NULL)) + return 0; + return ossl_cmac_init(ctx, key, keylen, cipher, NULL); } int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index ed06d3dd4ba..6c714e41f24 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -19,11 +19,12 @@ #include #include "internal/cryptlib.h" #include "internal/refcount.h" +#include "internal/common.h" #include "crypto/evp.h" #include "crypto/dh.h" #include "dh_local.h" -static DH *dh_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx); +static DH *dh_new_intern(OSSL_LIB_CTX *libctx); #ifndef FIPS_MODULE int DH_set_method(DH *dh, const DH_METHOD *meth) @@ -49,22 +50,24 @@ const DH_METHOD *ossl_dh_get_method(const DH *dh) # ifndef OPENSSL_NO_DEPRECATED_3_0 DH *DH_new(void) { - return dh_new_intern(NULL, NULL); + return dh_new_intern(NULL); } # endif DH *DH_new_method(ENGINE *engine) { - return dh_new_intern(engine, NULL); + if (!ossl_assert(engine == NULL)) + return NULL; + return dh_new_intern(NULL); } #endif /* !FIPS_MODULE */ DH *ossl_dh_new_ex(OSSL_LIB_CTX *libctx) { - return dh_new_intern(NULL, libctx); + return dh_new_intern(libctx); } -static DH *dh_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) +static DH *dh_new_intern(OSSL_LIB_CTX *libctx) { DH *ret = OPENSSL_zalloc(sizeof(*ret)); diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 6c09ebede7b..53097e73063 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -16,6 +16,7 @@ #include #include "internal/cryptlib.h" #include "internal/refcount.h" +#include "internal/common.h" #include "crypto/dsa.h" #include "crypto/dh.h" /* required by DSA_dup_DH() */ #include "dsa_local.h" @@ -163,9 +164,9 @@ static DSA *dsa_new_intern(OSSL_LIB_CTX *libctx) return NULL; } -DSA *DSA_new_method(ossl_unused ENGINE *engine) +DSA *DSA_new_method(ENGINE *engine) { - if (engine != NULL) + if (!ossl_assert(engine == NULL)) return NULL; return dsa_new_intern(NULL); } diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 8086f101cd9..99623acc1f6 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -17,6 +17,7 @@ #include "internal/nelem.h" #include "internal/provider.h" #include "internal/core.h" +#include "internal/common.h" #include "crypto/evp.h" #include "evp_local.h" @@ -298,8 +299,8 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { - /* make the compiler happy */ - (void)impl; + if (!ossl_assert(impl == NULL)) + return 0; return evp_md_init_internal(ctx, type, NULL); } @@ -641,13 +642,17 @@ int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) { - EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + EVP_MD_CTX *ctx; int ret; + if (!ossl_assert(impl == NULL)) + return 0; + + ctx = EVP_MD_CTX_new(); if (ctx == NULL) return 0; EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT); - ret = EVP_DigestInit_ex(ctx, type, impl) + ret = EVP_DigestInit_ex(ctx, type, NULL) && EVP_DigestUpdate(ctx, data, count) && EVP_DigestFinal_ex(ctx, md, size); EVP_MD_CTX_free(ctx); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 31ea539050b..92bf546327a 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -18,6 +18,7 @@ #include "internal/cryptlib.h" #include "internal/provider.h" #include "internal/core.h" +#include "internal/common.h" #include "internal/safe_math.h" #include "crypto/evp.h" #include "evp_local.h" @@ -579,8 +580,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc) { - /* to make the compilers happy */ - (void)impl; + if (!ossl_assert(impl == NULL)) + return 0; return evp_cipher_init_internal(ctx, cipher, key, iv, enc, 0, NULL); } @@ -747,7 +748,9 @@ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv) { - return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); + if (!ossl_assert(impl == NULL)) + return 0; + return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1); } int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, @@ -767,7 +770,9 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv) { - return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); + if (!ossl_assert(impl == NULL)) + return 0; + return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0); } int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, diff --git a/crypto/evp/evp_pkey_type.c b/crypto/evp/evp_pkey_type.c index 793a56f33ee..70ca5aee775 100644 --- a/crypto/evp/evp_pkey_type.c +++ b/crypto/evp/evp_pkey_type.c @@ -64,9 +64,8 @@ int EVP_PKEY_type(int type) #ifndef OPENSSL_NO_DEPRECATED_3_6 int ret; const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *e; - ameth = EVP_PKEY_asn1_find(&e, type); + ameth = EVP_PKEY_asn1_find(NULL, type); if (ameth) ret = ameth->pkey_id; else diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 740b9d7387c..d15bece28b3 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -14,6 +14,7 @@ #include "crypto/evp.h" #include "internal/provider.h" #include "internal/numbers.h" /* includes SIZE_MAX */ +#include "internal/common.h" #include "evp_local.h" static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) @@ -37,7 +38,7 @@ static const char *canon_mdname(const char *mdname) static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, const char *mdname, OSSL_LIB_CTX *libctx, const char *props, - ENGINE *e, EVP_PKEY *pkey, int ver, + EVP_PKEY *pkey, int ver, const OSSL_PARAM params[]) { EVP_PKEY_CTX *locpctx = NULL; @@ -55,10 +56,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, if (ctx->pctx == NULL) { reinit = 0; - if (e == NULL) - ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); - else - ctx->pctx = EVP_PKEY_CTX_new(pkey, e); + ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); } if (ctx->pctx == NULL) return 0; @@ -351,7 +349,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, *pctx = ctx->pctx; if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) return 1; - if (!EVP_DigestInit_ex(ctx, type, e)) + if (!EVP_DigestInit_ex(ctx, type, NULL)) return 0; /* * This indicates the current algorithm requires @@ -375,14 +373,16 @@ int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const char *props, EVP_PKEY *pkey, const OSSL_PARAM params[]) { - return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 0, + return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, pkey, 0, params); } int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { - return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 0, + if (!ossl_assert(e == NULL)) + return 0; + return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, pkey, 0, NULL); } @@ -391,14 +391,16 @@ int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const char *props, EVP_PKEY *pkey, const OSSL_PARAM params[]) { - return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 1, + return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, pkey, 1, params); } int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { - return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1, + if (!ossl_assert(e == NULL)) + return 0; + return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, pkey, 1, NULL); } diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 5ae44e35f70..c76e6c5ac37 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -45,6 +45,7 @@ # include "crypto/x509.h" #endif #include "internal/provider.h" +#include "internal/common.h" #include "evp_local.h" static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, @@ -514,8 +515,8 @@ EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, const unsigned char *priv, size_t len) { - /* make the compiler happy */ - (void)e; + if (!ossl_assert(e == NULL)) + return NULL; return new_raw_key_int(NULL, NULL, NULL, type, priv, len, 1); } @@ -531,8 +532,8 @@ EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, const unsigned char *pub, size_t len) { - /* make the compiler happy */ - (void)e; + if (!ossl_assert(e == NULL)) + return NULL; return new_raw_key_int(NULL, NULL, NULL, type, pub, len, 0); } @@ -684,6 +685,8 @@ static EVP_PKEY *new_cmac_key_int(const unsigned char *priv, size_t len, EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len, const EVP_CIPHER *cipher) { + if (!ossl_assert(e == NULL)) + return NULL; return new_cmac_key_int(priv, len, NULL, cipher, NULL, NULL); } @@ -1702,10 +1705,9 @@ err: void evp_pkey_free_legacy(EVP_PKEY *x) { const EVP_PKEY_ASN1_METHOD *ameth = x->ameth; - ENGINE *tmpe = NULL; if (ameth == NULL && x->legacy_cache_pkey.ptr != NULL) - ameth = EVP_PKEY_asn1_find(&tmpe, x->type); + ameth = EVP_PKEY_asn1_find(NULL, x->type); if (ameth != NULL) { if (x->legacy_cache_pkey.ptr != NULL) { diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 682980273a8..f71447f060b 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -13,6 +13,7 @@ #include #include "internal/cryptlib.h" #include "internal/core.h" +#include "internal/common.h" #include #include #include "crypto/bn.h" @@ -318,7 +319,10 @@ EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, { EVP_PKEY_CTX *mac_ctx = NULL; EVP_PKEY *mac_key = NULL; - mac_ctx = EVP_PKEY_CTX_new_id(type, e); + + if (!ossl_assert(e == NULL)) + return NULL; + mac_ctx = EVP_PKEY_CTX_new_id(type, NULL); if (!mac_ctx) return NULL; if (EVP_PKEY_keygen_init(mac_ctx) <= 0) diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index fe0bb142fd6..06f52ea4634 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -30,6 +30,7 @@ #include "internal/ffc.h" #include "internal/numbers.h" #include "internal/provider.h" +#include "internal/common.h" #include "evp_local.h" #ifndef FIPS_MODULE @@ -152,8 +153,7 @@ int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx) return EVP_PKEY_STATE_LEGACY; } -static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, - EVP_PKEY *pkey, ENGINE *e, +static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, EVP_PKEY *pkey, const char *keytype, const char *propquery, int id) @@ -182,29 +182,16 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, } } /* If no ID was found here, we can only resort to find a keymgmt */ - if (id == -1) { -#ifndef FIPS_MODULE - /* Using engine with a key without id will not work */ - if (e != NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_ALGORITHM); - return NULL; - } -#endif + if (id == -1) goto common; - } #ifndef FIPS_MODULE /* * Here, we extract what information we can for the purpose of * supporting usage with implementations from providers, to make * for a smooth transition from legacy stuff to provider based stuff. - * - * If an engine is given, this is entirely legacy, and we should not - * pretend anything else, so we clear the name. */ - if (e != NULL) - keytype = NULL; - if (e == NULL && (pkey == NULL || pkey->foreign == 0)) + if (pkey == NULL || pkey->foreign == 0) keytype = OBJ_nid2sn(id); if (pkey != NULL && pkey->foreign) @@ -216,10 +203,10 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, #endif /* FIPS_MODULE */ common: /* - * If there's no engine and no app supplied pmeth and there's a name, we try + * If there's no app supplied pmeth and there's a name, we try * fetching a provider implementation. */ - if (e == NULL && app_pmeth == NULL && keytype != NULL) { + if (app_pmeth == NULL && keytype != NULL) { /* * If |pkey| is given and is provided, we take a reference to its * keymgmt. Otherwise, we fetch one for the keytype we got. This @@ -316,13 +303,13 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX *libctx, const char *name, const char *propquery) { - return int_ctx_new(libctx, NULL, NULL, name, propquery, -1); + return int_ctx_new(libctx, NULL, name, propquery, -1); } EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX *libctx, EVP_PKEY *pkey, const char *propquery) { - return int_ctx_new(libctx, pkey, NULL, NULL, propquery, -1); + return int_ctx_new(libctx, pkey, NULL, propquery, -1); } void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx) @@ -409,12 +396,16 @@ void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth) EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e) { - return int_ctx_new(NULL, pkey, e, NULL, NULL, -1); + if (!ossl_assert(e == NULL)) + return NULL; + return int_ctx_new(NULL, pkey, NULL, NULL, -1); } EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e) { - return int_ctx_new(NULL, NULL, e, NULL, NULL, id); + if (!ossl_assert(e == NULL)) + return NULL; + return int_ctx_new(NULL, NULL, NULL, NULL, id); } EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 19fc7d3b4f6..005ccb7727d 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -35,6 +35,9 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, if (md != NULL && md != ctx->md && (key == NULL || len < 0)) return 0; + if (impl != NULL) + return 0; + if (md != NULL) ctx->md = md; else if (ctx->md != NULL) @@ -50,7 +53,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, return 0; #ifdef OPENSSL_HMAC_S390X - rv = s390x_HMAC_init(ctx, key, len, impl); + rv = s390x_HMAC_init(ctx, key, len); if (rv >= 1) return rv; #endif @@ -64,7 +67,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, if (j < 0) return 0; if (j < len) { - if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl) + if (!EVP_DigestInit_ex(ctx->md_ctx, md, NULL) || !EVP_DigestUpdate(ctx->md_ctx, key, len) || !EVP_DigestFinal_ex(ctx->md_ctx, keytmp, &keytmp_length)) @@ -81,14 +84,14 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) pad[i] = 0x36 ^ keytmp[i]; - if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl) + if (!EVP_DigestInit_ex(ctx->i_ctx, md, NULL) || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_get_block_size(md))) goto err; for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) pad[i] = 0x5c ^ keytmp[i]; - if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl) + if (!EVP_DigestInit_ex(ctx->o_ctx, md, NULL) || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_get_block_size(md))) goto err; diff --git a/crypto/hmac/hmac_local.h b/crypto/hmac/hmac_local.h index 1b871e73205..0b5c6146eb9 100644 --- a/crypto/hmac/hmac_local.h +++ b/crypto/hmac/hmac_local.h @@ -56,7 +56,7 @@ struct hmac_ctx_st { # ifdef OPENSSL_HMAC_S390X # define HMAC_S390X_BUF_NUM_BLOCKS 64 -int s390x_HMAC_init(HMAC_CTX *ctx, const void *key, int key_len, ENGINE *impl); +int s390x_HMAC_init(HMAC_CTX *ctx, const void *key, int key_len); int s390x_HMAC_update(HMAC_CTX *ctx, const unsigned char *data, size_t len); int s390x_HMAC_final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); int s390x_HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); diff --git a/crypto/hmac/hmac_s390x.c b/crypto/hmac/hmac_s390x.c index edd1b5258a4..35a50fb15ca 100644 --- a/crypto/hmac/hmac_s390x.c +++ b/crypto/hmac/hmac_s390x.c @@ -67,7 +67,7 @@ static void s390x_call_kmac(HMAC_CTX *ctx, const unsigned char *in, size_t len) ctx->plat.s390x.ikp = 1; } -int s390x_HMAC_init(HMAC_CTX *ctx, const void *key, int key_len, ENGINE *impl) +int s390x_HMAC_init(HMAC_CTX *ctx, const void *key, int key_len) { unsigned char *key_param; unsigned int key_param_len; @@ -137,7 +137,7 @@ int s390x_HMAC_init(HMAC_CTX *ctx, const void *key, int key_len, ENGINE *impl) return 0; if (key_len > ctx->plat.s390x.blk_size) { - if (!EVP_DigestInit_ex(ctx->md_ctx, ctx->md, impl) + if (!EVP_DigestInit_ex(ctx->md_ctx, ctx->md, NULL) || !EVP_DigestUpdate(ctx->md_ctx, key, key_len) || !EVP_DigestFinal_ex(ctx->md_ctx, key_param, &key_param_len)) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 282522a0864..b2c1ad50f02 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -157,8 +157,7 @@ static int check_pem(const char *nm, const char *name) const EVP_PKEY_ASN1_METHOD *ameth; slen = ossl_pem_check_suffix(nm, "PARAMETERS"); if (slen > 0) { - ENGINE *e; - ameth = EVP_PKEY_asn1_find_str(&e, nm, slen); + ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); if (ameth) { int r; if (ameth->param_decode) diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index f43efc57523..000d32d9083 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -23,6 +23,7 @@ #include "rand_local.h" #include "crypto/context.h" #include "internal/provider.h" +#include "internal/common.h" #ifndef OPENSSL_DEFAULT_SEED_SRC # define OPENSSL_DEFAULT_SEED_SRC SEED-SRC @@ -222,8 +223,10 @@ int RAND_poll(void) # ifndef OPENSSL_NO_DEPRECATED_3_0 static int rand_set_rand_method_internal(const RAND_METHOD *meth, - ossl_unused ENGINE *e) + ENGINE *e) { + if (!ossl_assert(e == NULL)) + return 0; if (!RUN_ONCE(&rand_init, do_rand_init)) return 0; diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index b226d42b3ef..2484b1ca717 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -19,6 +19,7 @@ #include #include "internal/cryptlib.h" #include "internal/refcount.h" +#include "internal/common.h" #include "crypto/bn.h" #include "crypto/evp.h" #include "crypto/rsa.h" @@ -26,12 +27,12 @@ #include "crypto/security_bits.h" #include "rsa_local.h" -static RSA *rsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx); +static RSA *rsa_new_intern(OSSL_LIB_CTX *libctx); #ifndef FIPS_MODULE RSA *RSA_new(void) { - return rsa_new_intern(NULL, NULL); + return rsa_new_intern(NULL); } const RSA_METHOD *RSA_get_method(const RSA *rsa) @@ -57,16 +58,18 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) RSA *RSA_new_method(ENGINE *engine) { - return rsa_new_intern(engine, NULL); + if (!ossl_assert(engine == NULL)) + return NULL; + return rsa_new_intern(NULL); } #endif RSA *ossl_rsa_new_with_ctx(OSSL_LIB_CTX *libctx) { - return rsa_new_intern(NULL, libctx); + return rsa_new_intern(libctx); } -static RSA *rsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) +static RSA *rsa_new_intern(OSSL_LIB_CTX *libctx) { RSA *ret = OPENSSL_zalloc(sizeof(*ret)); diff --git a/crypto/store/store_register.c b/crypto/store/store_register.c index 9f468f4aa11..a72dc20b4c8 100644 --- a/crypto/store/store_register.c +++ b/crypto/store/store_register.c @@ -13,6 +13,7 @@ #include #include +#include "internal/common.h" #include "store_local.h" static CRYPTO_RWLOCK *registry_lock; @@ -32,6 +33,8 @@ OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme) { OSSL_STORE_LOADER *res = NULL; + if (!ossl_assert(e == NULL)) + return NULL; /* * We usually don't check NULL arguments. For loaders, though, the * scheme is crucial and must never be NULL, or the user will get diff --git a/include/crypto/cmac.h b/include/crypto/cmac.h index df55b68f8bc..6ae2916a408 100644 --- a/include/crypto/cmac.h +++ b/include/crypto/cmac.h @@ -16,7 +16,6 @@ # include int ossl_cmac_init(CMAC_CTX *ctx, const void *key, size_t keylen, - const EVP_CIPHER *cipher, ENGINE *impl, - const OSSL_PARAM param[]); + const EVP_CIPHER *cipher, const OSSL_PARAM param[]); #endif /* OSSL_CRYPTO_CMAC_H */ diff --git a/include/openssl/cmac.h b/include/openssl/cmac.h index f50861836f4..029ea141e78 100644 --- a/include/openssl/cmac.h +++ b/include/openssl/cmac.h @@ -36,7 +36,8 @@ OSSL_DEPRECATEDIN_3_0 EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx); OSSL_DEPRECATEDIN_3_0 int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in); OSSL_DEPRECATEDIN_3_0 int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, - const EVP_CIPHER *cipher, ENGINE *impl); + const EVP_CIPHER *cipher, + ENGINE *impl /* must be NULL */); OSSL_DEPRECATEDIN_3_0 int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen); OSSL_DEPRECATEDIN_3_0 int CMAC_Final(CMAC_CTX *ctx, diff --git a/include/openssl/dh.h b/include/openssl/dh.h index c33c3e22ce8..d1bf57576ab 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -205,7 +205,7 @@ OSSL_DEPRECATEDIN_3_0 const DH_METHOD *DH_OpenSSL(void); OSSL_DEPRECATEDIN_3_0 void DH_set_default_method(const DH_METHOD *meth); OSSL_DEPRECATEDIN_3_0 const DH_METHOD *DH_get_default_method(void); OSSL_DEPRECATEDIN_3_0 int DH_set_method(DH *dh, const DH_METHOD *meth); -OSSL_DEPRECATEDIN_3_0 DH *DH_new_method(ENGINE *engine); +OSSL_DEPRECATEDIN_3_0 DH *DH_new_method(ENGINE *engine /* must be NULL */); OSSL_DEPRECATEDIN_3_0 DH *DH_new(void); OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh); diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index fb86526b0ae..c62ee987409 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -128,7 +128,7 @@ OSSL_DEPRECATEDIN_3_0 int DSA_set_method(DSA *dsa, const DSA_METHOD *); OSSL_DEPRECATEDIN_3_0 const DSA_METHOD *DSA_get_method(DSA *d); OSSL_DEPRECATEDIN_3_0 DSA *DSA_new(void); -OSSL_DEPRECATEDIN_3_0 DSA *DSA_new_method(ENGINE *engine); +OSSL_DEPRECATEDIN_3_0 DSA *DSA_new_method(ENGINE *engine /* must be NULL */); OSSL_DEPRECATEDIN_3_0 void DSA_free(DSA *r); /* "up" the DSA object's reference count */ OSSL_DEPRECATEDIN_3_0 int DSA_up_ref(DSA *r); diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 9c7d9785c2a..370e0fef257 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -745,7 +745,7 @@ int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); __owur int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type, const OSSL_PARAM params[]); __owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, - ENGINE *impl); + ENGINE *impl /* must be NULL */); __owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); __owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, @@ -790,9 +790,10 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv); __owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, - const unsigned char *iv); + const EVP_CIPHER *cipher, + ENGINE *impl /* must be NULL */, + const unsigned char *key, + const unsigned char *iv); __owur int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, @@ -807,9 +808,10 @@ __owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv); __owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, - const unsigned char *iv); + const EVP_CIPHER *cipher, + ENGINE *impl /* must be NULL */, + const unsigned char *key, + const unsigned char *iv); __owur int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, @@ -825,9 +827,10 @@ __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int enc); __owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, - const unsigned char *iv, int enc); + const EVP_CIPHER *cipher, + ENGINE *impl /* must be NULL */, + const unsigned char *key, + const unsigned char *iv, int enc); __owur int EVP_CipherInit_SKEY(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, EVP_SKEY *skey, const unsigned char *iv, size_t iv_len, int enc, const OSSL_PARAM params[]); @@ -883,8 +886,9 @@ __owur int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const char *props, EVP_PKEY *pkey, const OSSL_PARAM params[]); __owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, - EVP_PKEY *pkey); + const EVP_MD *type, + ENGINE *e /* must be NULL */, + EVP_PKEY *pkey); __owur int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize); __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen); @@ -894,7 +898,8 @@ __owur int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const char *props, EVP_PKEY *pkey, const OSSL_PARAM params[]); __owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, + const EVP_MD *type, + ENGINE *e /* must be NULL */, EVP_PKEY *pkey); int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize); __owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, @@ -1886,8 +1891,8 @@ int EVP_SKEYMGMT_names_do_all(const EVP_SKEYMGMT *keymgmt, const OSSL_PARAM *EVP_SKEYMGMT_get0_gen_settable_params(const EVP_SKEYMGMT *skeymgmt); const OSSL_PARAM *EVP_SKEYMGMT_get0_imp_settable_params(const EVP_SKEYMGMT *skeymgmt); -EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); -EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e /* must be NULL */); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e /* must be NULL */); EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX *libctx, const char *name, const char *propquery); @@ -1921,19 +1926,19 @@ int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); -EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e /* must be NULL */, const unsigned char *key, int keylen); EVP_PKEY *EVP_PKEY_new_raw_private_key_ex(OSSL_LIB_CTX *libctx, const char *keytype, const char *propq, const unsigned char *priv, size_t len); -EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, +EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e /* must be NULL */, const unsigned char *priv, size_t len); EVP_PKEY *EVP_PKEY_new_raw_public_key_ex(OSSL_LIB_CTX *libctx, const char *keytype, const char *propq, const unsigned char *pub, size_t len); -EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, +EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e /* must be NULL */, const unsigned char *pub, size_t len); int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, @@ -1943,7 +1948,8 @@ int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, # ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 -EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, +EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e /* must be NULL */, + const unsigned char *priv, size_t len, const EVP_CIPHER *cipher); # endif diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h index f9e1bff3f74..b6dc1c28647 100644 --- a/include/openssl/hmac.h +++ b/include/openssl/hmac.h @@ -41,7 +41,8 @@ OSSL_DEPRECATEDIN_1_1_0 __owur int HMAC_Init(HMAC_CTX *ctx, # endif # ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md, ENGINE *impl); + const EVP_MD *md, + ENGINE *impl /* must be NULL */); OSSL_DEPRECATEDIN_3_0 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); OSSL_DEPRECATEDIN_3_0 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index cddabf63d25..5240049203e 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -210,7 +210,7 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); # ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void); -OSSL_DEPRECATEDIN_3_0 RSA *RSA_new_method(ENGINE *engine); +OSSL_DEPRECATEDIN_3_0 RSA *RSA_new_method(ENGINE *engine /* must be NULL */); OSSL_DEPRECATEDIN_3_0 int RSA_bits(const RSA *rsa); OSSL_DEPRECATEDIN_3_0 int RSA_size(const RSA *rsa); OSSL_DEPRECATEDIN_3_0 int RSA_security_bits(const RSA *rsa); diff --git a/include/openssl/store.h b/include/openssl/store.h index 70ae55de602..46907dcc7d3 100644 --- a/include/openssl/store.h +++ b/include/openssl/store.h @@ -319,7 +319,8 @@ typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); # endif # ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 -OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); +OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e /* must be NULL */, + const char *scheme); OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, OSSL_STORE_open_fn open_function); diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c index 75e1c9ab3cb..89f0c3d65ba 100644 --- a/providers/implementations/macs/cmac_prov.c +++ b/providers/implementations/macs/cmac_prov.c @@ -163,8 +163,7 @@ static int cmac_setkey(struct cmac_data_st *macctx, p = prms; #endif rv = ossl_cmac_init(macctx->ctx, key, keylen, - ossl_prov_cipher_cipher(&macctx->cipher), - NULL, p); + ossl_prov_cipher_cipher(&macctx->cipher), p); ossl_prov_cipher_reset(&macctx->cipher); return rv; }