From: Milan Broz <gmazyland@gmail.com>
Date: Tue, 25 Nov 2025 16:45:53 +0000 (+0100)
Subject: Make no-engine config permanently set.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d8999834c891432ab6d4109d9d86bffd6a6613e3;p=thirdparty%2Fopenssl.git

Make no-engine config permanently set.

It enables configuration defines:
OPENSSL_NO_DYNAMIC_ENGINE
OPENSSL_NO_STATIC_ENGINE
OPENSSL_NO_ENGINE

Fixes openssl/project#1711

Signed-off-by: Milan Broz <gmazyland@gmail.com>

Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
---

diff --git a/Configure b/Configure
index 901f20be7b5..a73f464fd74 100755
--- a/Configure
+++ b/Configure
@@ -469,7 +469,6 @@ my @disablables = (
     "ecdsa",
     "ecx",
     "egd",
-    "engine",
     "err",
     "external-tests",
     "filenames",
@@ -602,6 +601,7 @@ our %disabled = ( # "what"         => "comment"
                   "hqinterop"           => "default",
                   "ec_nistp_64_gcc_128" => "default",
                   "egd"                 => "default",
+                  "engine"              => "default",
                   "external-tests"      => "default",
                   "fuzz-afl"            => "default",
                   "fuzz-libfuzzer"      => "default",
@@ -635,7 +635,7 @@ my @disable_cascades = (
                              "blake2", "bf", "camellia", "cast", "chacha",
                              "cmac", "cms", "cmp", "comp", "ct",
                              "des", "dgram", "dh", "dsa",
-                             "ec", "engine",
+                             "ec",
                              "filenames",
                              "idea", "ktls", "lms",
                              "md4", "ml-dsa", "ml-kem", "multiblock",
@@ -682,7 +682,7 @@ my @disable_cascades = (
     # or modules.
     "pic"               => [ "shared", "module" ],
 
-    "engine"            => [ grep(/eng$/, @disablables) ],
+    "engine"            => [ "static-engine", "dynamic-engine" ],
 
     # no-autoalginit is only useful when building non-shared
     "autoalginit"       => [ "shared", "apps", "fips" ],
@@ -709,7 +709,7 @@ my @disable_cascades = (
 
     "blake2"            => [ "argon2" ],
 
-    "deprecated-3.0"    => [ "engine", "srp" ],
+    "deprecated-3.0"    => [ "srp" ],
 
     "http"              => [ "ocsp" ]
     );
diff --git a/INSTALL.md b/INSTALL.md
index 364d153215b..414c08d3662 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -761,12 +761,6 @@ Don't build and install documentation, i.e. manual pages in various forms.
 
 Don't build support for loading Dynamic Shared Objects (DSO)
 
-### no-dynamic-engine
-
-Don't build the dynamically loaded engines.
-
-This only has an effect in a shared build.
-
 ### no-ec
 
 Don't build support for Elliptic Curves.
@@ -798,10 +792,6 @@ This option is only supported on platforms:
 
 Build support for gathering entropy from the Entropy Gathering Daemon (EGD).
 
-### no-engine
-
-Don't build support for loading engines.
-
 ### no-err
 
 Don't compile in any error strings.
@@ -903,9 +893,7 @@ support.  ML-KEM is based on CRYSTALS-KYBER. See [FIPS 203].
 
 ### no-module
 
-Don't build any dynamically loadable engines.
-
-This also implies `no-dynamic-engine`.
+Don't build any dynamically loadable modules.
 
 ### no-multiblock
 
@@ -1027,12 +1015,6 @@ This removes the `-trace` option from `s_client` and `s_server`, and omits the
 
 Disabling `ssl-trace` may provide a small reduction in libssl binary size.
 
-### no-static-engine
-
-Don't build the statically linked engines.
-
-This only has an impact when not built "shared".
-
 ### no-stdio
 
 Don't use anything from the C header file `stdio.h` that makes use of the `FILE`
@@ -1521,7 +1503,6 @@ its default):
                    to build your own programs that use libcrypto
                    or libssl.
     lib            Contains the OpenSSL library files.
-    lib/engines    Contains the OpenSSL dynamically loadable engines.
 
     share/man/man1 Contains the OpenSSL command line man-pages.
     share/man/man3 Contains the OpenSSL library calls man-pages.
@@ -1547,8 +1528,6 @@ its default):
                    to build your own programs that use libcrypto
                    or libssl.
     [.LIB.'arch']  Contains the OpenSSL library files.
-    [.ENGINES'sover''pz'.'arch']
-                   Contains the OpenSSL dynamically loadable engines.
     [.SYS$STARTUP] Contains startup, login and shutdown scripts.
                    These define appropriate logical names and
                    command symbols.
@@ -1569,7 +1548,7 @@ for you convenience:
 
 The installation directory should be appropriately protected to ensure
 unprivileged users cannot make changes to OpenSSL binaries or files, or
-install engines.  If you already have a pre-installed version of OpenSSL as
+install providers.  If you already have a pre-installed version of OpenSSL as
 part of your Operating System it is recommended that you do not overwrite
 the system version and instead install to somewhere else.