From: Milan Broz Date: Wed, 3 Sep 2025 09:52:49 +0000 (+0200) Subject: Remove private ENGINE references from local structs. X-Git-Tag: 4.0-PRE-CLANG-FORMAT-WEBKIT~67 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a7a0576e2189198301db8afb47621e6de9a5f036;p=thirdparty%2Fopenssl.git Remove private ENGINE references from local structs. Resolves: https://github.com/openssl/project/issues/1368 Signed-off-by: Milan Broz Reviewed-by: Matt Caswell Reviewed-by: Saša Nedvědický Reviewed-by: Neil Horman Reviewed-by: Dmitry Belyavskiy Reviewed-by: Saša Nedvědický Reviewed-by: Eugene Syromiatnikov Reviewed-by: Norbert Pocs (Merged from https://github.com/openssl/openssl/pull/29305) --- diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c index b15284cfff7..ee7a67b71bd 100644 --- a/crypto/dh/dh_backend.c +++ b/crypto/dh/dh_backend.c @@ -124,7 +124,7 @@ int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM *pubkey, int ossl_dh_is_foreign(const DH *dh) { #ifndef FIPS_MODULE - if (dh->engine != NULL || ossl_dh_get_method(dh) != DH_OpenSSL()) + if (ossl_dh_get_method(dh) != DH_OpenSSL()) return 1; #endif return 0; diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 7bbf9873581..4787f415523 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -296,7 +296,7 @@ void DH_set_flags(DH *dh, int flags) #ifndef FIPS_MODULE ENGINE *DH_get0_engine(DH *dh) { - return dh->engine; + return NULL; } #endif /*FIPS_MODULE */ diff --git a/crypto/dh/dh_local.h b/crypto/dh/dh_local.h index 1ff075e3dc1..e4cba4c3018 100644 --- a/crypto/dh/dh_local.h +++ b/crypto/dh/dh_local.h @@ -30,7 +30,6 @@ struct dh_st { CRYPTO_REF_COUNT references; #ifndef FIPS_MODULE CRYPTO_EX_DATA ex_data; - ENGINE *engine; #endif OSSL_LIB_CTX *libctx; const DH_METHOD *meth; diff --git a/crypto/dsa/dsa_backend.c b/crypto/dsa/dsa_backend.c index 8bd4b8ad7e0..99f417cad74 100644 --- a/crypto/dsa/dsa_backend.c +++ b/crypto/dsa/dsa_backend.c @@ -66,7 +66,7 @@ int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[], int ossl_dsa_is_foreign(const DSA *dsa) { #ifndef FIPS_MODULE - if (dsa->engine != NULL || DSA_get_method((DSA *)dsa) != DSA_OpenSSL()) + if (DSA_get_method((DSA *)dsa) != DSA_OpenSSL()) return 1; #endif return 0; diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 259d5d790c3..18b747e3613 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -100,7 +100,7 @@ void DSA_set_flags(DSA *d, int flags) ENGINE *DSA_get0_engine(DSA *d) { - return d->engine; + return NULL; } int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) diff --git a/crypto/dsa/dsa_local.h b/crypto/dsa/dsa_local.h index 38cb64a8294..341f039e4f3 100644 --- a/crypto/dsa/dsa_local.h +++ b/crypto/dsa/dsa_local.h @@ -29,8 +29,6 @@ struct dsa_st { CRYPTO_EX_DATA ex_data; #endif const DSA_METHOD *meth; - /* functional reference if 'meth' is ENGINE-provided */ - ENGINE *engine; CRYPTO_RWLOCK *lock; OSSL_LIB_CTX *libctx; diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c index f0191a7db3b..1adb5062798 100644 --- a/crypto/ec/ec_backend.c +++ b/crypto/ec/ec_backend.c @@ -587,7 +587,7 @@ int ossl_ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]) int ossl_ec_key_is_foreign(const EC_KEY *ec) { #ifndef FIPS_MODULE - if (ec->engine != NULL || EC_KEY_get_method(ec) != EC_KEY_OpenSSL()) + if (EC_KEY_get_method(ec) != EC_KEY_OpenSSL()) return 1; #endif return 0; @@ -604,7 +604,7 @@ EC_KEY *ossl_ec_key_dup(const EC_KEY *src, int selection) } if ((ret = ossl_ec_key_new_method_int(src->libctx, src->propq, - src->engine)) == NULL) + NULL)) == NULL) return NULL; /* copy the parameters */ diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index c25761c6403..238bce9fbbb 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -190,7 +190,7 @@ int EC_KEY_up_ref(EC_KEY *r) ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey) { - return eckey->engine; + return NULL; } int EC_KEY_generate_key(EC_KEY *eckey) diff --git a/crypto/ec/ec_local.h b/crypto/ec/ec_local.h index 91c3a719029..148bbc72523 100644 --- a/crypto/ec/ec_local.h +++ b/crypto/ec/ec_local.h @@ -289,7 +289,6 @@ struct ec_group_st { struct ec_key_st { const EC_KEY_METHOD *meth; - ENGINE *engine; int version; EC_GROUP *group; EC_POINT *pub_key; diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 17ee28fa32b..a86f116090c 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -440,8 +440,7 @@ static int evp_cipher_init_skey_internal(EVP_CIPHER_CTX *ctx, /* * If there are engines involved then we throw an error */ - if (ctx->engine != NULL - || (cipher != NULL && cipher->origin == EVP_ORIG_METH) + if ((cipher != NULL && cipher->origin == EVP_ORIG_METH) || (cipher == NULL && ctx->cipher != NULL && ctx->cipher->origin == EVP_ORIG_METH)) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index 677711ebea0..9da138ede9e 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -16,8 +16,6 @@ struct evp_md_ctx_st { const EVP_MD *reqdigest; /* The original requested digest */ const EVP_MD *digest; - ENGINE *engine; /* functional reference if 'digest' is - * ENGINE-provided */ unsigned long flags; void *md_data; /* Public key context for sign/verify */ @@ -35,8 +33,6 @@ struct evp_md_ctx_st { struct evp_cipher_ctx_st { const EVP_CIPHER *cipher; - ENGINE *engine; /* functional reference if 'cipher' is - * ENGINE-provided */ int encrypt; /* encrypt or decrypt */ int buf_len; /* number we have left */ unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 7980f220cd8..715fe062bf5 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1574,7 +1574,6 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, } else { pkey->type = EVP_PKEY_KEYMGMT; } - pkey->engine = e; #endif } return 1; diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index fc84067af1b..4eef8dfd659 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -292,7 +292,6 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, ret->keytype = keytype; ret->keymgmt = keymgmt; ret->legacy_keytype = id; - ret->engine = e; ret->pmeth = pmeth; ret->operation = EVP_PKEY_OP_UNDEFINED; diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index d6864dc237c..04c4ccdf1b2 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -455,7 +455,7 @@ int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params, int ossl_rsa_is_foreign(const RSA *rsa) { #ifndef FIPS_MODULE - if (rsa->engine != NULL || RSA_get_method(rsa) != RSA_PKCS1_OpenSSL()) + if (RSA_get_method(rsa) != RSA_PKCS1_OpenSSL()) return 1; #endif return 0; diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index a517dcdca23..f1e68114fdf 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -710,7 +710,7 @@ int RSA_get_version(RSA *r) #ifndef FIPS_MODULE ENGINE *RSA_get0_engine(const RSA *r) { - return r->engine; + return NULL; } int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2) diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index 8ab2bef3fb6..d438283d9ee 100644 --- a/crypto/rsa/rsa_local.h +++ b/crypto/rsa/rsa_local.h @@ -57,8 +57,6 @@ struct rsa_st { OSSL_LIB_CTX *libctx; int32_t version; const RSA_METHOD *meth; - /* functional reference if 'meth' is ENGINE-provided */ - ENGINE *engine; BIGNUM *n; BIGNUM *e; BIGNUM *d; diff --git a/crypto/store/store_local.h b/crypto/store/store_local.h index 6ad79180a09..8c3ca54ebef 100644 --- a/crypto/store/store_local.h +++ b/crypto/store/store_local.h @@ -83,7 +83,6 @@ struct ossl_store_loader_st { #ifndef OPENSSL_NO_DEPRECATED_3_0 /* Legacy stuff */ const char *scheme; - ENGINE *engine; OSSL_STORE_open_fn open; OSSL_STORE_attach_fn attach; OSSL_STORE_ctrl_fn ctrl; diff --git a/crypto/store/store_register.c b/crypto/store/store_register.c index 6f73e197200..2368021e248 100644 --- a/crypto/store/store_register.c +++ b/crypto/store/store_register.c @@ -46,14 +46,13 @@ OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme) if ((res = OPENSSL_zalloc(sizeof(*res))) == NULL) return NULL; - res->engine = e; res->scheme = scheme; return res; } const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader) { - return loader->engine; + return NULL; } const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader) diff --git a/include/crypto/evp.h b/include/crypto/evp.h index ed867f77fbc..6c729a3dca4 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -121,8 +121,6 @@ struct evp_pkey_ctx_st { int legacy_keytype; /* Method associated with this operation */ const EVP_PKEY_METHOD *pmeth; - /* Engine that implements this method or NULL if builtin */ - ENGINE *engine; /* Key: may be NULL */ EVP_PKEY *pkey; /* Peer key for key agreement, may be NULL */ @@ -678,8 +676,6 @@ struct evp_pkey_st { * a pointer to a low level key and possibly a pointer to an engine. */ const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *engine; - ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */ /* Union to store the reference to an origin legacy key */ union legacy_pkey_st pkey;