From: Norbert Pocs Date: Thu, 28 Aug 2025 13:14:31 +0000 (+0200) Subject: providers/: Remove ENGINEs X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=07539f9e332b82da75f59f52be321b09d4c6dee8;p=thirdparty%2Fopenssl.git providers/: Remove ENGINEs Signed-off-by: Norbert Pocs Reviewed-by: Matt Caswell Reviewed-by: Saša Nedvědický Reviewed-by: Neil Horman Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/28384) --- diff --git a/providers/common/include/prov/provider_util.h b/providers/common/include/prov/provider_util.h index f04e811ac3b..f34e4a1b2ce 100644 --- a/providers/common/include/prov/provider_util.h +++ b/providers/common/include/prov/provider_util.h @@ -39,13 +39,11 @@ typedef struct { /* Cipher functions */ /* * Load a cipher from the specified parameters with the specified context. - * The params "propq", "engine" and "cipher" are used to determine the - * implementation used. If a provider cannot be found, it falls back to trying - * non-provider based implementations. + * The params "propq" and "cipher" are used to determine the + * implementation used. */ int ossl_prov_cipher_load(PROV_CIPHER *pc, const OSSL_PARAM *cipher, - const OSSL_PARAM *propq, const OSSL_PARAM *engine, - OSSL_LIB_CTX *ctx); + const OSSL_PARAM *propq, OSSL_LIB_CTX *ctx); /* Reset the PROV_CIPHER fields and free any allocated cipher reference */ void ossl_prov_cipher_reset(PROV_CIPHER *pc); @@ -53,9 +51,8 @@ void ossl_prov_cipher_reset(PROV_CIPHER *pc); /* Clone a PROV_CIPHER structure into a second */ int ossl_prov_cipher_copy(PROV_CIPHER *dst, const PROV_CIPHER *src); -/* Query the cipher and associated engine (if any) */ +/* Query the cipher (if any) */ const EVP_CIPHER *ossl_prov_cipher_cipher(const PROV_CIPHER *pc); -ENGINE *ossl_prov_cipher_engine(const PROV_CIPHER *pc); /* Digest functions */ @@ -68,13 +65,11 @@ const EVP_MD *ossl_prov_digest_fetch(PROV_DIGEST *pd, OSSL_LIB_CTX *libctx, /* * Load a digest from the specified parameters with the specified context. - * The params "propq", "engine" and "digest" are used to determine the - * implementation used. If a provider cannot be found, it falls back to trying - * non-provider based implementations. + * The params "propq" and "digest" are used to determine the + * implementation used. */ int ossl_prov_digest_load(PROV_DIGEST *pd,const OSSL_PARAM *digest, - const OSSL_PARAM *propq, const OSSL_PARAM *engine, - OSSL_LIB_CTX *ctx); + const OSSL_PARAM *propq, OSSL_LIB_CTX *ctx); /* Reset the PROV_DIGEST fields and free any allocated digest reference */ void ossl_prov_digest_reset(PROV_DIGEST *pd); @@ -82,9 +77,8 @@ void ossl_prov_digest_reset(PROV_DIGEST *pd); /* Clone a PROV_DIGEST structure into a second */ int ossl_prov_digest_copy(PROV_DIGEST *dst, const PROV_DIGEST *src); -/* Query the digest and associated engine (if any) */ +/* Query the digest (if any) */ const EVP_MD *ossl_prov_digest_md(const PROV_DIGEST *pd); -ENGINE *ossl_prov_digest_engine(const PROV_DIGEST *pd); /* Set a specific md, resets current digests first */ void ossl_prov_digest_set_md(PROV_DIGEST *pd, EVP_MD *md); @@ -97,14 +91,12 @@ void ossl_prov_digest_set_md(PROV_DIGEST *pd, EVP_MD *md); int ossl_prov_macctx_load(EVP_MAC_CTX **macctx, const OSSL_PARAM *pmac, const OSSL_PARAM *pcipher, const OSSL_PARAM *pdigest, const OSSL_PARAM *propq, - const OSSL_PARAM *pengine, const char *macname, const char *ciphername, const char *mdname, OSSL_LIB_CTX *libctx); int ossl_prov_set_macctx(EVP_MAC_CTX *macctx, const char *ciphername, const char *mdname, - const char *engine, const char *properties, const OSSL_PARAM param[]); diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c index 2f123f5f2b0..c7f60f17379 100644 --- a/providers/common/provider_util.c +++ b/providers/common/provider_util.c @@ -7,15 +7,11 @@ * https://www.openssl.org/source/license.html */ -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - #include #include #include #include #ifndef FIPS_MODULE -# include # include "crypto/evp.h" #endif #include "prov/providercommon.h" @@ -26,23 +22,12 @@ void ossl_prov_cipher_reset(PROV_CIPHER *pc) EVP_CIPHER_free(pc->alloc_cipher); pc->alloc_cipher = NULL; pc->cipher = NULL; -#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) - ENGINE_finish(pc->engine); -#endif - pc->engine = NULL; } int ossl_prov_cipher_copy(PROV_CIPHER *dst, const PROV_CIPHER *src) { if (src->alloc_cipher != NULL && !EVP_CIPHER_up_ref(src->alloc_cipher)) return 0; -#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) - if (src->engine != NULL && !ENGINE_init(src->engine)) { - EVP_CIPHER_free(src->alloc_cipher); - return 0; - } -#endif - dst->engine = src->engine; dst->cipher = src->cipher; dst->alloc_cipher = src->alloc_cipher; return 1; @@ -59,41 +44,12 @@ static int set_propq(const OSSL_PARAM *propq, const char **propquery) return 1; } -static int set_engine(const OSSL_PARAM *e, ENGINE **engine) -{ -#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) - ENGINE_finish(*engine); -#endif - *engine = NULL; - /* Inside the FIPS module, we don't support legacy ciphers */ -#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) - if (e != NULL) { - if (e->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - /* Get a structural reference */ - *engine = ENGINE_by_id(e->data); - if (*engine == NULL) - return 0; - /* Get a functional reference */ - if (!ENGINE_init(*engine)) { - ENGINE_free(*engine); - *engine = NULL; - return 0; - } - /* Free the structural reference */ - ENGINE_free(*engine); - } -#endif - return 1; -} - int ossl_prov_cipher_load(PROV_CIPHER *pc, const OSSL_PARAM *cipher, - const OSSL_PARAM *propq, const OSSL_PARAM *engine, - OSSL_LIB_CTX *ctx) + const OSSL_PARAM *propq, OSSL_LIB_CTX *ctx) { const char *propquery; - if (!set_propq(propq, &propquery) || !set_engine(engine, &pc->engine)) + if (!set_propq(propq, &propquery)) return 0; if (cipher == NULL) @@ -127,33 +83,17 @@ const EVP_CIPHER *ossl_prov_cipher_cipher(const PROV_CIPHER *pc) return pc->cipher; } -ENGINE *ossl_prov_cipher_engine(const PROV_CIPHER *pc) -{ - return pc->engine; -} - void ossl_prov_digest_reset(PROV_DIGEST *pd) { EVP_MD_free(pd->alloc_md); pd->alloc_md = NULL; pd->md = NULL; -#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) - ENGINE_finish(pd->engine); -#endif - pd->engine = NULL; } int ossl_prov_digest_copy(PROV_DIGEST *dst, const PROV_DIGEST *src) { if (src->alloc_md != NULL && !EVP_MD_up_ref(src->alloc_md)) return 0; -#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) - if (src->engine != NULL && !ENGINE_init(src->engine)) { - EVP_MD_free(src->alloc_md); - return 0; - } -#endif - dst->engine = src->engine; dst->md = src->md; dst->alloc_md = src->alloc_md; return 1; @@ -169,12 +109,11 @@ const EVP_MD *ossl_prov_digest_fetch(PROV_DIGEST *pd, OSSL_LIB_CTX *libctx, } int ossl_prov_digest_load(PROV_DIGEST *pd, const OSSL_PARAM *digest, - const OSSL_PARAM *propq, const OSSL_PARAM *engine, - OSSL_LIB_CTX *ctx) + const OSSL_PARAM *propq, OSSL_LIB_CTX *ctx) { const char *propquery; - if (!set_propq(propq, &propquery) || !set_engine(engine, &pd->engine)) + if (!set_propq(propq, &propquery)) return 0; if (digest == NULL) @@ -212,15 +151,9 @@ const EVP_MD *ossl_prov_digest_md(const PROV_DIGEST *pd) return pd->md; } -ENGINE *ossl_prov_digest_engine(const PROV_DIGEST *pd) -{ - return pd->engine; -} - int ossl_prov_set_macctx(EVP_MAC_CTX *macctx, const char *ciphername, const char *mdname, - const char *engine, const char *properties, const OSSL_PARAM param[]) { @@ -238,12 +171,6 @@ int ossl_prov_set_macctx(EVP_MAC_CTX *macctx, *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_PROPERTIES, (char *)properties, 0); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - if (engine != NULL) - *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_ENGINE, - (char *) engine, 0); -#endif - *mp = OSSL_PARAM_construct_end(); /* @@ -274,12 +201,10 @@ int ossl_prov_set_macctx(EVP_MAC_CTX *macctx, int ossl_prov_macctx_load(EVP_MAC_CTX **macctx, const OSSL_PARAM *pmac, const OSSL_PARAM *pcipher, const OSSL_PARAM *pdigest, const OSSL_PARAM *propq, - const OSSL_PARAM *pengine, const char *macname, const char *ciphername, const char *mdname, OSSL_LIB_CTX *libctx) { const char *properties = NULL; - const char *engine = NULL; if (macname == NULL && pmac != NULL) if (!OSSL_PARAM_get_utf8_string_ptr(pmac, &macname)) @@ -312,10 +237,8 @@ int ossl_prov_macctx_load(EVP_MAC_CTX **macctx, if (mdname == NULL && pdigest != NULL) if (!OSSL_PARAM_get_utf8_string_ptr(pdigest, &mdname)) return 0; - if (pengine != NULL && !OSSL_PARAM_get_utf8_string_ptr(pengine, &engine)) - return 0; - if (ossl_prov_set_macctx(*macctx, ciphername, mdname, engine, properties, NULL)) + if (ossl_prov_set_macctx(*macctx, ciphername, mdname, properties, NULL)) return 1; EVP_MAC_CTX_free(*macctx); diff --git a/providers/implementations/asymciphers/sm2_enc.c b/providers/implementations/asymciphers/sm2_enc.c index b8d991c1c3c..43ecd435199 100644 --- a/providers/implementations/asymciphers/sm2_enc.c +++ b/providers/implementations/asymciphers/sm2_enc.c @@ -189,7 +189,7 @@ static int sm2_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM params[]) if (psm2ctx == NULL || !sm2_set_ctx_params_decoder(params, &p)) return 0; - if (!ossl_prov_digest_load(&psm2ctx->md, p.digest, p.propq, p.engine, + if (!ossl_prov_digest_load(&psm2ctx->md, p.digest, p.propq, psm2ctx->libctx)) return 0; diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c index b4c84a007a2..3fe2c3ece80 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c @@ -294,8 +294,7 @@ static int hkdf_common_set_ctx_params if (p->digest != NULL) { const EVP_MD *md = NULL; - if (!ossl_prov_digest_load(&ctx->digest, p->digest, - p->propq, p->engine, libctx)) + if (!ossl_prov_digest_load(&ctx->digest, p->digest, p->propq, libctx)) return 0; md = ossl_prov_digest_md(&ctx->digest); @@ -488,7 +487,7 @@ static void *kdf_hkdf_fixed_digest_new(void *provctx, const char *digest) param = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST, (char *)digest, 0); - if (!ossl_prov_digest_load(&ctx->digest, ¶m, NULL, NULL, libctx)) { + if (!ossl_prov_digest_load(&ctx->digest, ¶m, NULL, libctx)) { kdf_hkdf_free(ctx); return NULL; } diff --git a/providers/implementations/kdfs/hmacdrbg_kdf.c b/providers/implementations/kdfs/hmacdrbg_kdf.c index 2d2805b53dd..a36d92cd220 100644 --- a/providers/implementations/kdfs/hmacdrbg_kdf.c +++ b/providers/implementations/kdfs/hmacdrbg_kdf.c @@ -210,8 +210,7 @@ static int hmac_drbg_kdf_set_ctx_params(void *vctx, } if (p.digest != NULL) { - if (!ossl_prov_digest_load(&drbg->digest, p.digest, - p.propq, p.engine, libctx)) + if (!ossl_prov_digest_load(&drbg->digest, p.digest, p.propq, libctx)) return 0; /* Confirm digest is allowed. Allow all digests that are not XOF */ @@ -227,7 +226,7 @@ static int hmac_drbg_kdf_set_ctx_params(void *vctx, drbg->blocklen = (size_t)md_size; } if (!ossl_prov_macctx_load(&drbg->ctx, NULL, NULL, p.digest, p.propq, - p.engine, "HMAC", NULL, NULL, libctx)) + "HMAC", NULL, NULL, libctx)) return 0; } return 1; diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c index d8fa4d81865..2f273f8db95 100644 --- a/providers/implementations/kdfs/kbkdf.c +++ b/providers/implementations/kdfs/kbkdf.c @@ -383,8 +383,7 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) return 0; if (!ossl_prov_macctx_load(&ctx->ctx_init, p.mac, p.cipher, - p.digest, p.propq, p.engine, - NULL, NULL, NULL, libctx)) + p.digest, p.propq, NULL, NULL, NULL, libctx)) return 0; if (ctx->ctx_init != NULL) { diff --git a/providers/implementations/kdfs/krb5kdf.c b/providers/implementations/kdfs/krb5kdf.c index 03e8fc62c7b..3ee0f3c3c9f 100644 --- a/providers/implementations/kdfs/krb5kdf.c +++ b/providers/implementations/kdfs/krb5kdf.c @@ -128,7 +128,7 @@ static int krb5kdf_derive(void *vctx, unsigned char *key, size_t keylen, { KRB5KDF_CTX *ctx = (KRB5KDF_CTX *)vctx; const EVP_CIPHER *cipher; - ENGINE *engine; + ENGINE *engine = NULL; if (!ossl_prov_is_running() || !krb5kdf_set_ctx_params(ctx, params)) return 0; @@ -146,7 +146,7 @@ static int krb5kdf_derive(void *vctx, unsigned char *key, size_t keylen, ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONSTANT); return 0; } - engine = ossl_prov_cipher_engine(&ctx->cipher); + return KRB5KDF(cipher, engine, ctx->key, ctx->key_len, ctx->constant, ctx->constant_len, key, keylen); @@ -163,7 +163,7 @@ static int krb5kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) provctx = PROV_LIBCTX_OF(ctx->provctx); - if (!ossl_prov_cipher_load(&ctx->cipher, p.cipher, p.propq, p.engine, provctx)) + if (!ossl_prov_cipher_load(&ctx->cipher, p.cipher, p.propq, provctx)) return 0; if (p.key != NULL && !krb5kdf_set_membuf(&ctx->key, &ctx->key_len, p.key)) diff --git a/providers/implementations/kdfs/pbkdf1.c b/providers/implementations/kdfs/pbkdf1.c index 6830c5cdf9f..2f37f7a95fc 100644 --- a/providers/implementations/kdfs/pbkdf1.c +++ b/providers/implementations/kdfs/pbkdf1.c @@ -236,8 +236,7 @@ static int kdf_pbkdf1_set_ctx_params(void *vctx, const OSSL_PARAM params[]) libctx = PROV_LIBCTX_OF(ctx->provctx); - if (!ossl_prov_digest_load(&ctx->digest, p.digest, - p.propq, p.engine, libctx)) + if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, libctx)) return 0; if (p.pw != NULL && !kdf_pbkdf1_set_membuf(&ctx->pass, &ctx->pass_len, p.pw)) diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c index 182525552de..ca46995dcd6 100644 --- a/providers/implementations/kdfs/pbkdf2.c +++ b/providers/implementations/kdfs/pbkdf2.c @@ -178,7 +178,7 @@ static void kdf_pbkdf2_init(KDF_PBKDF2 *ctx) param = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, SN_sha1, 0); - if (!ossl_prov_digest_load(&ctx->digest, ¶m, NULL, NULL, provctx)) + if (!ossl_prov_digest_load(&ctx->digest, ¶m, NULL, provctx)) /* This is an error, but there is no way to indicate such directly */ ossl_prov_digest_reset(&ctx->digest); ctx->iter = PKCS5_DEFAULT_ITER; @@ -327,8 +327,7 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[]) provctx = PROV_LIBCTX_OF(ctx->provctx); if (p.digest != NULL) { - if (!ossl_prov_digest_load(&ctx->digest, p.digest, - p.propq, p.engine, provctx)) + if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx)) return 0; md = ossl_prov_digest_md(&ctx->digest); if (EVP_MD_xof(md)) { diff --git a/providers/implementations/kdfs/pkcs12kdf.c b/providers/implementations/kdfs/pkcs12kdf.c index cc07139ec44..98942fb0bb1 100644 --- a/providers/implementations/kdfs/pkcs12kdf.c +++ b/providers/implementations/kdfs/pkcs12kdf.c @@ -252,8 +252,7 @@ static int kdf_pkcs12_set_ctx_params(void *vctx, const OSSL_PARAM params[]) provctx = PROV_LIBCTX_OF(ctx->provctx); - if (!ossl_prov_digest_load(&ctx->digest, p.digest, - p.propq, p.engine, provctx)) + if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx)) return 0; if (p.pw != NULL && !pkcs12kdf_set_membuf(&ctx->pass, &ctx->pass_len, p.pw)) diff --git a/providers/implementations/kdfs/pvkkdf.c b/providers/implementations/kdfs/pvkkdf.c index 40afdcc127b..9558e333349 100644 --- a/providers/implementations/kdfs/pvkkdf.c +++ b/providers/implementations/kdfs/pvkkdf.c @@ -111,7 +111,7 @@ static void kdf_pvk_init(KDF_PVK *ctx) param = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, SN_sha1, 0); - if (!ossl_prov_digest_load(&ctx->digest, ¶m, NULL, NULL, provctx)) + if (!ossl_prov_digest_load(&ctx->digest, ¶m, NULL, provctx)) /* This is an error, but there is no way to indicate such directly */ ossl_prov_digest_reset(&ctx->digest); } @@ -190,8 +190,7 @@ static int kdf_pvk_set_ctx_params(void *vctx, const OSSL_PARAM params[]) provctx = PROV_LIBCTX_OF(ctx->provctx); - if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, p.engine, - provctx)) + if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx)) return 0; if (p.pass != NULL && !pvk_set_membuf(&ctx->pass, &ctx->pass_len, p.pass)) diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c index 4d584374474..81ca574ccb3 100644 --- a/providers/implementations/kdfs/sshkdf.c +++ b/providers/implementations/kdfs/sshkdf.c @@ -226,8 +226,7 @@ static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) if (p.digest != NULL) { const EVP_MD *md = NULL; - if (!ossl_prov_digest_load(&ctx->digest, p.digest, - p.propq, p.engine, provctx)) + if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx)) return 0; md = ossl_prov_digest_md(&ctx->digest); diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c index 2fac552d8da..04018c48905 100644 --- a/providers/implementations/kdfs/sskdf.c +++ b/providers/implementations/kdfs/sskdf.c @@ -565,7 +565,7 @@ static int sskdf_common_set_ctx_params int r; if (!ossl_prov_macctx_load(&ctx->macctx, - p->mac, NULL, p->digest, p->propq, p->engine, + p->mac, NULL, p->digest, p->propq, NULL, NULL, NULL, libctx)) return 0; if (ctx->macctx != NULL) { @@ -578,8 +578,7 @@ static int sskdf_common_set_ctx_params } if (p->digest != NULL) { - if (!ossl_prov_digest_load(&ctx->digest, p->digest, - p->propq, p->engine, libctx)) + if (!ossl_prov_digest_load(&ctx->digest, p->digest, p->propq, libctx)) return 0; md = ossl_prov_digest_md(&ctx->digest); diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c index f65c9eb71d8..04908cacea2 100644 --- a/providers/implementations/kdfs/tls1_prf.c +++ b/providers/implementations/kdfs/tls1_prf.c @@ -313,25 +313,25 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) if (OPENSSL_strcasecmp(dgst, OSSL_DIGEST_NAME_MD5_SHA1) == 0) { if (!ossl_prov_macctx_load(&ctx->P_hash, NULL, NULL, NULL, - p.propq, p.engine, + p.propq, OSSL_MAC_NAME_HMAC, NULL, OSSL_DIGEST_NAME_MD5, libctx)) return 0; if (!ossl_prov_macctx_load(&ctx->P_sha1, NULL, NULL, NULL, - p.propq, p.engine, + p.propq, OSSL_MAC_NAME_HMAC, NULL, OSSL_DIGEST_NAME_SHA1, libctx)) return 0; } else { EVP_MAC_CTX_free(ctx->P_sha1); if (!ossl_prov_macctx_load(&ctx->P_hash, NULL, NULL, p.digest, - p.propq, p.engine, + p.propq, OSSL_MAC_NAME_HMAC, NULL, NULL, libctx)) return 0; } memset(&digest, 0, sizeof(digest)); - if (!ossl_prov_digest_load(&digest, p.digest, p.propq, p.engine, libctx)) + if (!ossl_prov_digest_load(&digest, p.digest, p.propq, libctx)) return 0; md = ossl_prov_digest_md(&digest); diff --git a/providers/implementations/kdfs/x942kdf.c b/providers/implementations/kdfs/x942kdf.c index 09ed47cedd7..f22e1124f2c 100644 --- a/providers/implementations/kdfs/x942kdf.c +++ b/providers/implementations/kdfs/x942kdf.c @@ -545,8 +545,7 @@ static int x942kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) return 0; if (p.digest != NULL) { - if (!ossl_prov_digest_load(&ctx->digest, p.digest, - p.propq, p.engine, provctx)) + if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx)) return 0; md = ossl_prov_digest_md(&ctx->digest); if (EVP_MD_xof(md)) { diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c index 4b3b4e8c9c8..21b450f04be 100644 --- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c +++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c @@ -228,7 +228,7 @@ static int mac_key_fromdata(MAC_KEY *key, const struct mac_common_params_st *p) } if (key->cmac && !ossl_prov_cipher_load(&key->cipher, p->cipher, p->propq, - p->engine, key->libctx)) { + key->libctx)) { ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } @@ -301,14 +301,6 @@ static int key_to_params(MAC_KEY *key, OSSL_PARAM_BLD *tmpl, EVP_CIPHER_get0_name(key->cipher.cipher))) return 0; -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - if (key->cipher.engine != NULL - && !ossl_param_build_set_utf8_string(tmpl, p->engine, - OSSL_PKEY_PARAM_ENGINE, - ENGINE_get_id(key->cipher.engine))) - return 0; -#endif - return 1; } @@ -475,7 +467,7 @@ static int cmac_gen_set_params(void *genctx, const OSSL_PARAM params[]) return 0; if (!ossl_prov_cipher_load(&gctx->cipher, p.cipher, p.propq, - p.engine, gctx->libctx)) { + gctx->libctx)) { ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c index 90b81acc046..75e1c9ab3cb 100644 --- a/providers/implementations/macs/cmac_prov.c +++ b/providers/implementations/macs/cmac_prov.c @@ -164,7 +164,7 @@ static int cmac_setkey(struct cmac_data_st *macctx, #endif rv = ossl_cmac_init(macctx->ctx, key, keylen, ossl_prov_cipher_cipher(&macctx->cipher), - ossl_prov_cipher_engine(&macctx->cipher), p); + NULL, p); ossl_prov_cipher_reset(&macctx->cipher); return rv; } @@ -251,8 +251,7 @@ static int cmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) return 0; if (p.cipher != NULL) { - if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq, - p.engine, ctx)) + if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq, ctx)) return 0; if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher)) diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c index 2c58922a90d..d7903af8e4e 100644 --- a/providers/implementations/macs/gmac_prov.c +++ b/providers/implementations/macs/gmac_prov.c @@ -210,8 +210,7 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) provctx = PROV_LIBCTX_OF(macctx->provctx); if (p.cipher != NULL) { - if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq, - p.engine, provctx)) + if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq, provctx)) return 0; if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher)) != EVP_CIPH_GCM_MODE) { @@ -219,8 +218,7 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) return 0; } if (!EVP_EncryptInit_ex(ctx, ossl_prov_cipher_cipher(&macctx->cipher), - ossl_prov_cipher_engine(&macctx->cipher), NULL, - NULL)) + NULL, NULL, NULL)) return 0; } diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c index ff934128c11..2275fdfa770 100644 --- a/providers/implementations/macs/hmac_prov.c +++ b/providers/implementations/macs/hmac_prov.c @@ -193,8 +193,7 @@ static int hmac_setkey(struct hmac_data_st *macctx, digest = ossl_prov_digest_md(&macctx->digest); /* HMAC_Init_ex doesn't tolerate all zero params, so we must be careful */ if (key != NULL || (macctx->tls_data_size == 0 && digest != NULL)) - return HMAC_Init_ex(macctx->ctx, key, (int)keylen, digest, - ossl_prov_digest_engine(&macctx->digest)); + return HMAC_Init_ex(macctx->ctx, key, (int)keylen, digest, NULL); return 1; } @@ -326,8 +325,7 @@ static int hmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) return 0; if (p.digest != NULL - && !ossl_prov_digest_load(&macctx->digest, p.digest, p.propq, - p.engine, ctx)) + && !ossl_prov_digest_load(&macctx->digest, p.digest, p.propq, ctx)) return 0; if (p.key != NULL) { diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c index dc8addc39c2..5beea468cba 100644 --- a/providers/implementations/macs/kmac_prov.c +++ b/providers/implementations/macs/kmac_prov.c @@ -199,7 +199,7 @@ static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params) return 0; if (!kmac_new_decoder(params, &p)) goto err; - if (!ossl_prov_digest_load(&kctx->digest, p.digest, p.propq, p.engine, + if (!ossl_prov_digest_load(&kctx->digest, p.digest, p.propq, PROV_LIBCTX_OF(provctx))) goto err; diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c index 28a7bb8afab..e682443005a 100644 --- a/providers/implementations/rands/drbg_hash.c +++ b/providers/implementations/rands/drbg_hash.c @@ -570,8 +570,7 @@ static int drbg_hash_set_ctx_params_locked if (!drbg_fetch_digest_from_prov(p, libctx, &prov_md)) { (void)ERR_pop_to_mark(); /* fall back to full implementation search */ - if (!ossl_prov_digest_load(&hash->digest, p->digest, p->propq, - p->engine, libctx)) + if (!ossl_prov_digest_load(&hash->digest, p->digest, p->propq, libctx)) return 0; } else { (void)ERR_clear_last_mark(); diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c index adf1d24e582..51f1ca26cd6 100644 --- a/providers/implementations/rands/drbg_hmac.c +++ b/providers/implementations/rands/drbg_hmac.c @@ -464,12 +464,11 @@ static int drbg_hmac_set_ctx_params_locked if (p->digest != NULL) { /* fall back to full implementation search */ if (!ossl_prov_digest_load(&hmac->digest, p->digest, p->propq, - p->engine, libctx)) + libctx)) return 0; if (!ossl_prov_macctx_load(&hmac->ctx, NULL, NULL, p->digest, - p->propq, p->engine, - "HMAC", NULL, NULL, libctx)) + p->propq, "HMAC", NULL, NULL, libctx)) return 0; } } else { diff --git a/providers/implementations/signature/mac_legacy_sig.c b/providers/implementations/signature/mac_legacy_sig.c index a5661eaa0b5..d1861acc046 100644 --- a/providers/implementations/signature/mac_legacy_sig.c +++ b/providers/implementations/signature/mac_legacy_sig.c @@ -7,9 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - #include #include #include @@ -17,9 +14,6 @@ #include #include #include -#ifndef FIPS_MODULE -# include -#endif #include "prov/implementations.h" #include "prov/provider_ctx.h" #include "prov/macsignature.h" @@ -97,7 +91,7 @@ static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey, const OSSL_PARAM params[]) { PROV_MAC_CTX *pmacctx = (PROV_MAC_CTX *)vpmacctx; - const char *ciphername = NULL, *engine = NULL; + const char *ciphername = NULL; if (!ossl_prov_is_running() || pmacctx == NULL) @@ -117,15 +111,10 @@ static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey, if (pmacctx->key->cipher.cipher != NULL) ciphername = (char *)EVP_CIPHER_get0_name(pmacctx->key->cipher.cipher); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - if (pmacctx->key->cipher.engine != NULL) - engine = (char *)ENGINE_get_id(pmacctx->key->cipher.engine); -#endif if (!ossl_prov_set_macctx(pmacctx->macctx, (char *)ciphername, (char *)mdname, - (char *)engine, pmacctx->key->properties, params)) return 0;