From: Norbert Pocs Date: Tue, 2 Sep 2025 07:19:30 +0000 (+0200) Subject: Remove OPENSSL_NO_DYNAMIC_ENGINE X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a7a6ac06811632cca2f794a8a6d7eb93d8bcd7c;p=thirdparty%2Fopenssl.git Remove OPENSSL_NO_DYNAMIC_ENGINE Most of the ifdefs were removed, but we want to rewrite the dasync engine to a provider. Therefore that code was not removed; instead a new temporary macro was added named TODO_REWRITE_ME_DASYNC_PROVIDER. Resolves: https://github.com/openssl/project/issues/1363 Signed-off-by: Norbert Pocs Reviewed-by: Matt Caswell Reviewed-by: Saša Nedvědický Reviewed-by: Neil Horman Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/28384) --- diff --git a/Configure b/Configure index 806da2e0ff7..321b5039382 100755 --- a/Configure +++ b/Configure @@ -104,7 +104,7 @@ EOF # [don't] allow default thread pool functionality # [no-]shared [don't] try to create shared libraries when supported. # [no-]pic [don't] try to build position independent code when supported. -# If disabled, it also disables shared and dynamic-engine. +# If disabled, it also disables shared. # no-asm do not use assembler # no-egd do not compile support for the entropy-gathering daemon APIs # [no-]zlib [don't] compile support for zlib compression. @@ -473,7 +473,6 @@ my @disablables = ( "dsa", "dso", "dtls", - "dynamic-engine", "ec", "ec2m", "ec_nistp_64_gcc_128", @@ -679,17 +678,10 @@ my @disable_cascades = ( "crypto-mdebug" => [ "crypto-mdebug-backtrace", "allocfail-tests" ], - "module" => [ "dynamic-engine", "fips" ], - - # Without shared libraries, dynamic engines aren't possible. - # This is due to them having to link with libcrypto and register features - # using the ENGINE functionality, and since that relies on global tables, - # those *have* to be exactly the same as the ones accessed from the app, - # which cannot be guaranteed if shared libraries aren't present. - # (note that even with shared libraries, both the app and dynamic engines - # must be linked with the same library) - "shared" => [ "dynamic-engine", "uplink" ], - "dso" => [ "dynamic-engine", "module" ], + "module" => [ "fips" ], + + "shared" => [ "uplink" ], + "dso" => [ "module" ], # Other modules don't necessarily have to link with libcrypto, so shared # libraries do not have to be a condition to produce those. @@ -697,8 +689,7 @@ my @disable_cascades = ( # or modules. "pic" => [ "shared", "module" ], - "engine" => [ "dynamic-engine", grep(/eng$/, @disablables) ], - "dynamic-engine" => [ "loadereng" ], + "engine" => [ grep(/eng$/, @disablables) ], "hw" => [ "padlockeng" ], # no-autoalginit is only useful when building non-shared @@ -938,10 +929,6 @@ while (@argvcopy) { delete $disabled{"dynamic-engine"}; } - elsif ($1 eq "dynamic-engine") - { - $disabled{"dynamic-engine"} = "option"; - } elsif (exists $deprecated_disablables{$1}) { $deprecated_options{$_} = 1; @@ -967,10 +954,6 @@ while (@argvcopy) { $disabled{"dynamic-engine"} = "option"; } - elsif ($1 eq "dynamic-engine") - { - delete $disabled{"dynamic-engine"}; - } elsif ($1 eq "zlib-dynamic") { delete $disabled{"zlib"}; @@ -1654,16 +1637,10 @@ my $no_shared_warn=0; if (($target{shared_target} // '') eq "") { $no_shared_warn = 1 - if (!$disabled{shared} || !$disabled{"dynamic-engine"}); + if (!$disabled{shared}); disable('no-shared-target', 'pic'); } -if ($disabled{"dynamic-engine"}) { - $config{dynamic_engines} = 0; -} else { - $config{dynamic_engines} = 1; -} - unless ($disabled{asan} || defined $detected_sanitizers{asan}) { push @{$config{cflags}}, "-fsanitize=address"; } @@ -1968,7 +1945,7 @@ foreach my $what (sort keys %disabled) { $config{options} .= " no-$what"; if (!grep { $what eq $_ } ( 'buildtest-c++', 'fips', 'threads', 'shared', - 'module', 'pic', 'dynamic-engine', 'makedepend', + 'module', 'pic', 'makedepend', 'sse2', 'legacy' )) { (my $WHAT = uc $what) =~ s|-|_|g; my $skipdir = $what; @@ -1986,9 +1963,7 @@ foreach my $what (sort keys %disabled) { } } -if ($disabled{"dynamic-engine"}) { - push @{$config{openssl_feature_defines}}, "OPENSSL_NO_DYNAMIC_ENGINE"; -} else { +if (!$disabled{"dynamic-engine"}) { push @{$config{openssl_feature_defines}}, "OPENSSL_NO_STATIC_ENGINE"; } @@ -2393,14 +2368,6 @@ if ($builder eq "unified") { ); die "runaway IF?" if (@skip); - if (grep { defined $attributes{modules}->{$_}->{engine} } keys %attributes - and !$config{dynamic_engines}) { - die <<"EOF" -ENGINES can only be used if configured with 'dynamic-engine'. -This is usually a fault in a build.info file. -EOF - } - { my %infos = ( programs => [ @programs ], libraries => [ @libraries ], @@ -3067,9 +3034,9 @@ EOF print <<"EOF" if ($no_shared_warn); -The options 'shared', 'pic' and 'dynamic-engine' aren't supported on this +The options 'shared' and 'pic' aren't supported on this platform, so we will pretend you gave the option 'no-pic', which also disables -'shared' and 'dynamic-engine'. If you know how to implement shared libraries +'shared'. If you know how to implement shared libraries or position independent code, please let us know (but please first make sure you have tried with a current version of OpenSSL). EOF diff --git a/engines/e_afalg.c b/engines/e_afalg.c index 83c5c8f0940..f10e79669ce 100644 --- a/engines/e_afalg.c +++ b/engines/e_afalg.c @@ -68,9 +68,7 @@ void engine_load_afalg_int(void) # define ALG_OP_TYPE unsigned int # define ALG_OP_LEN (sizeof(ALG_OP_TYPE)) -# ifdef OPENSSL_NO_DYNAMIC_ENGINE void engine_load_afalg_int(void); -# endif /* Local Linkage Functions */ static int afalg_init_aio(afalg_aio *aio); @@ -826,26 +824,6 @@ static int bind_afalg(ENGINE *e) return 1; } -# ifndef OPENSSL_NO_DYNAMIC_ENGINE -static int bind_helper(ENGINE *e, const char *id) -{ - if (id && (strcmp(id, engine_afalg_id) != 0)) - return 0; - - if (!afalg_chk_platform()) - return 0; - - if (!bind_afalg(e)) { - afalg_destroy(e); - return 0; - } - return 1; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) -# endif - static int afalg_chk_platform(void) { int ret; @@ -890,7 +868,6 @@ static int afalg_chk_platform(void) return 1; } -# ifdef OPENSSL_NO_DYNAMIC_ENGINE static ENGINE *engine_afalg(void) { ENGINE *ret = ENGINE_new(); @@ -927,7 +904,6 @@ void engine_load_afalg_int(void) */ ERR_pop_to_mark(); } -# endif static int afalg_init(ENGINE *e) { diff --git a/engines/e_capi.c b/engines/e_capi.c index 5d5546b98fc..05a267bfe57 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -572,19 +572,6 @@ static int bind_capi(ENGINE *e) return 0; } -# ifndef OPENSSL_NO_DYNAMIC_ENGINE -static int bind_helper(ENGINE *e, const char *id) -{ - if (id && (strcmp(id, engine_capi_id) != 0)) - return 0; - if (!bind_capi(e)) - return 0; - return 1; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) -# else static ENGINE *engine_capi(void) { ENGINE *ret = ENGINE_new(); @@ -617,7 +604,6 @@ void engine_load_capi_int(void) */ ERR_pop_to_mark(); } -# endif static int lend_tobn(BIGNUM *bn, unsigned char *bin, int binlen) { @@ -1917,20 +1903,8 @@ static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs) #else /* !__COMPILE_CAPIENG */ # include -# ifndef OPENSSL_NO_DYNAMIC_ENGINE -OPENSSL_EXPORT - int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); -OPENSSL_EXPORT - int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) -{ - return 0; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() -# else void engine_load_capi_int(void); void engine_load_capi_int(void) { } -# endif #endif diff --git a/engines/e_dasync.c b/engines/e_dasync.c index 47eca87a6b1..300d061e4e2 100644 --- a/engines/e_dasync.c +++ b/engines/e_dasync.c @@ -365,20 +365,6 @@ static void destroy_pkey(void) dasync_rsa = NULL; } -# ifndef OPENSSL_NO_DYNAMIC_ENGINE -static int bind_helper(ENGINE *e, const char *id) -{ - if (id && (strcmp(id, engine_dasync_id) != 0)) - return 0; - if (!bind_dasync(e)) - return 0; - return 1; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) -# endif - static ENGINE *engine_dasync(void) { ENGINE *ret = ENGINE_new(); diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c index 1e1d9d12b83..5b333fe4eee 100644 --- a/engines/e_devcrypto.c +++ b/engines/e_devcrypto.c @@ -80,9 +80,7 @@ struct driver_info_st { char *driver_name; }; -#ifdef OPENSSL_NO_DYNAMIC_ENGINE void engine_load_devcrypto_int(void); -#endif static int clean_devcrypto_session(session_op_t *sess) { if (ioctl(cfd, CIOCFSESSION, &sess->ses) < 0) { @@ -1329,7 +1327,6 @@ static int bind_devcrypto(ENGINE *e) { ); } -#ifdef OPENSSL_NO_DYNAMIC_ENGINE /* * In case this engine is built into libcrypto, then it doesn't offer any * ability to be dynamically loadable. @@ -1362,22 +1359,3 @@ void engine_load_devcrypto_int(void) */ ERR_pop_to_mark(); } - -#else - -static int bind_helper(ENGINE *e, const char *id) -{ - if ((id && (strcmp(id, engine_devcrypto_id) != 0)) - || !open_devcrypto()) - return 0; - if (!bind_devcrypto(e)) { - close_devcrypto(); - return 0; - } - return 1; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) - -#endif diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c index dd5bef57dc1..56c79ef2e6d 100644 --- a/engines/e_ossltest.c +++ b/engines/e_ossltest.c @@ -433,20 +433,6 @@ static int bind_ossltest(ENGINE *e) return 1; } -#ifndef OPENSSL_NO_DYNAMIC_ENGINE -static int bind_helper(ENGINE *e, const char *id) -{ - if (id && (strcmp(id, engine_ossltest_id) != 0)) - return 0; - if (!bind_ossltest(e)) - return 0; - return 1; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) -#endif - static ENGINE *engine_ossltest(void) { ENGINE *ret = ENGINE_new(); diff --git a/engines/e_padlock.c b/engines/e_padlock.c index bdad24b5b2f..7430eeaae2e 100644 --- a/engines/e_padlock.c +++ b/engines/e_padlock.c @@ -35,12 +35,9 @@ # undef COMPILE_PADLOCKENG # if defined(PADLOCK_ASM) # define COMPILE_PADLOCKENG -# ifdef OPENSSL_NO_DYNAMIC_ENGINE static ENGINE *ENGINE_padlock(void); -# endif # endif -# ifdef OPENSSL_NO_DYNAMIC_ENGINE void engine_load_padlock_int(void); void engine_load_padlock_int(void) { @@ -65,8 +62,6 @@ void engine_load_padlock_int(void) # endif } -# endif - # ifdef COMPILE_PADLOCKENG /* Function for ENGINE detection and control */ @@ -121,7 +116,6 @@ static int padlock_bind_helper(ENGINE *e) return 1; } -# ifdef OPENSSL_NO_DYNAMIC_ENGINE /* Constructor */ static ENGINE *ENGINE_padlock(void) { @@ -138,7 +132,6 @@ static ENGINE *ENGINE_padlock(void) return eng; } -# endif /* Check availability of the engine */ static int padlock_init(ENGINE *e) @@ -165,23 +158,6 @@ static int padlock_aes_set_decrypt_key(const unsigned char *userKey, * This stuff is needed if this ENGINE is being compiled into a * self-contained shared-library. */ -# ifndef OPENSSL_NO_DYNAMIC_ENGINE -static int padlock_bind_fn(ENGINE *e, const char *id) -{ - if (id && (strcmp(id, padlock_id) != 0)) { - return 0; - } - - if (!padlock_bind_helper(e)) { - return 0; - } - - return 1; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn) -# endif /* !OPENSSL_NO_DYNAMIC_ENGINE */ /* ===== Here comes the "real" engine ===== */ /* Some AES-related constants */ @@ -749,17 +725,3 @@ static RAND_METHOD padlock_rand = { # endif /* COMPILE_PADLOCKENG */ #endif /* !OPENSSL_NO_PADLOCKENG */ - -#if defined(OPENSSL_NO_PADLOCKENG) || !defined(COMPILE_PADLOCKENG) -# ifndef OPENSSL_NO_DYNAMIC_ENGINE -OPENSSL_EXPORT - int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); -OPENSSL_EXPORT - int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) -{ - return 0; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() -# endif -#endif diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 581eb401899..4ba778f8594 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -6063,7 +6063,7 @@ static int test_custom_ciph_meth(void) return testresult; } -# ifndef OPENSSL_NO_DYNAMIC_ENGINE +# ifdef TODO_REWRITE_ME_DASYNC_PROVIDER /* Test we can create a signature keys with an associated ENGINE */ static int test_signatures_with_engine(int tst) { @@ -6207,7 +6207,7 @@ static int test_cipher_with_engine(void) return testresult; } -# endif /* OPENSSL_NO_DYNAMIC_ENGINE */ +# endif /* TODO_REWRITE_ME_DASYNC_PROVIDER */ #endif /* OPENSSL_NO_DEPRECATED_3_0 */ #ifndef OPENSSL_NO_ECX @@ -7039,7 +7039,7 @@ int setup_tests(void) ADD_TEST(test_custom_md_meth); ADD_TEST(test_custom_ciph_meth); -# ifndef OPENSSL_NO_DYNAMIC_ENGINE +# ifdef TODO_REWRITE_ME_DASYNC_PROVIDER /* Tests only support the default libctx */ if (testctx == NULL) { # ifndef OPENSSL_NO_EC diff --git a/test/helpers/ssltestlib.c b/test/helpers/ssltestlib.c index c5120c2dafc..caf119c9b72 100644 --- a/test/helpers/ssltestlib.c +++ b/test/helpers/ssltestlib.c @@ -1529,7 +1529,7 @@ int ssl_ctx_add_large_cert_chain(OSSL_LIB_CTX *libctx, SSL_CTX *sctx, ENGINE *load_dasync(void) { -#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) +#if !defined(OPENSSL_NO_TLS1_2) && defined(TODO_REWRITE_ME_DASYNC_PROVIDER) ENGINE *e; if (!TEST_ptr(e = ENGINE_by_id("dasync"))) diff --git a/test/sslapitest.c b/test/sslapitest.c index 370b9b8a373..22932cf05e7 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -11898,7 +11898,7 @@ end: } #endif /* OSSL_NO_USABLE_TLS1_3 */ -#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) +#if !defined(OPENSSL_NO_TLS1_2) && defined(TODO_REWRITE_ME_DASYNC_PROVIDER) /* * Test TLSv1.2 with a pipeline capable cipher. TLSv1.3 and DTLS do not * support this yet. The only pipeline capable cipher that we have is in the @@ -12095,7 +12095,7 @@ end: OPENSSL_free(msg); return testresult; } -#endif /* !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) */ +#endif /* !defined(OPENSSL_NO_TLS1_2) && defined(TODO_REWRITE_ME_DASYNC_PROVIDER) */ static int check_version_string(SSL *s, int version) { @@ -14191,7 +14191,7 @@ int setup_tests(void) #if !defined(OPENSSL_NO_TLS1_2) && !defined(OSSL_NO_USABLE_TLS1_3) ADD_ALL_TESTS(test_serverinfo_custom, 4); #endif -#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) +#if !defined(OPENSSL_NO_TLS1_2) && defined(TODO_REWRITE_ME_DASYNC_PROVIDER) ADD_ALL_TESTS(test_pipelining, 7); #endif ADD_ALL_TESTS(test_version, 6); diff --git a/test/sslbuffertest.c b/test/sslbuffertest.c index 1ec179b59c5..3b48dc92b1b 100644 --- a/test/sslbuffertest.c +++ b/test/sslbuffertest.c @@ -339,7 +339,7 @@ static int test_free_buffers(int test) end: SSL_free(clientssl); SSL_free(serverssl); -#ifndef OPENSSL_NO_DYNAMIC_ENGINE +#ifdef TODO_REWRITE_ME_DASYNC_PROVIDER if (e != NULL) { ENGINE_unregister_ciphers(e); ENGINE_finish(e); @@ -372,7 +372,7 @@ int setup_tests(void) } ADD_ALL_TESTS(test_func, 9); -#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) +#if !defined(OPENSSL_NO_TLS1_2) && defined(TODO_REWRITE_ME_DASYNC_PROVIDER) ADD_ALL_TESTS(test_free_buffers, 8); #else ADD_ALL_TESTS(test_free_buffers, 4);