providers/: Remove ENGINEs

Signed-off-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28384)

diff --git a/providers/common/include/prov/provider_util.h b/providers/common/include/prov/provider_util.h
index 17f7652cb6c1396983746839704c1ecb33b9693e..077ec294374389550d3bb2ed10d7a7cc050b9271 100644 (file)
--- a/providers/common/include/prov/provider_util.h
+++ b/providers/common/include/prov/provider_util.h
@@ -39,13 +39,11 @@ typedef struct {
 /* Cipher functions */
 /*
  * Load a cipher from the specified parameters with the specified context.
- * The params "propq", "engine" and "cipher" are used to determine the
- * implementation used.  If a provider cannot be found, it falls back to trying
- * non-provider based implementations.
+ * The params "propq" and "cipher" are used to determine the
+ * implementation used.
  */
 int ossl_prov_cipher_load(PROV_CIPHER *pc, const OSSL_PARAM *cipher,
-                          const OSSL_PARAM *propq, const OSSL_PARAM *engine,
-                          OSSL_LIB_CTX *ctx);
+                          const OSSL_PARAM *propq, OSSL_LIB_CTX *ctx);
 
 /* Reset the PROV_CIPHER fields and free any allocated cipher reference */
 void ossl_prov_cipher_reset(PROV_CIPHER *pc);
@@ -53,9 +51,8 @@ void ossl_prov_cipher_reset(PROV_CIPHER *pc);
 /* Clone a PROV_CIPHER structure into a second */
 int ossl_prov_cipher_copy(PROV_CIPHER *dst, const PROV_CIPHER *src);
 
-/* Query the cipher and associated engine (if any) */
+/* Query the cipher (if any) */
 const EVP_CIPHER *ossl_prov_cipher_cipher(const PROV_CIPHER *pc);
-ENGINE *ossl_prov_cipher_engine(const PROV_CIPHER *pc);
 
 /* Digest functions */
 
@@ -68,13 +65,11 @@ const EVP_MD *ossl_prov_digest_fetch(PROV_DIGEST *pd, OSSL_LIB_CTX *libctx,
 
 /*
  * Load a digest from the specified parameters with the specified context.
- * The params "propq", "engine" and "digest" are used to determine the
- * implementation used.  If a provider cannot be found, it falls back to trying
- * non-provider based implementations.
+ * The params "propq" and "digest" are used to determine the
+ * implementation used.
  */
 int ossl_prov_digest_load(PROV_DIGEST *pd,const OSSL_PARAM *digest,
-                          const OSSL_PARAM *propq, const OSSL_PARAM *engine,
-                          OSSL_LIB_CTX *ctx);
+                          const OSSL_PARAM *propq, OSSL_LIB_CTX *ctx);
 
 /* Reset the PROV_DIGEST fields and free any allocated digest reference */
 void ossl_prov_digest_reset(PROV_DIGEST *pd);
@@ -82,9 +77,8 @@ void ossl_prov_digest_reset(PROV_DIGEST *pd);
 /* Clone a PROV_DIGEST structure into a second */
 int ossl_prov_digest_copy(PROV_DIGEST *dst, const PROV_DIGEST *src);
 
-/* Query the digest and associated engine (if any) */
+/* Query the digest (if any) */
 const EVP_MD *ossl_prov_digest_md(const PROV_DIGEST *pd);
-ENGINE *ossl_prov_digest_engine(const PROV_DIGEST *pd);
 
 /* Set a specific md, resets current digests first */
 void ossl_prov_digest_set_md(PROV_DIGEST *pd, EVP_MD *md);
@@ -97,14 +91,12 @@ void ossl_prov_digest_set_md(PROV_DIGEST *pd, EVP_MD *md);
 int ossl_prov_macctx_load(EVP_MAC_CTX **macctx,
                           const OSSL_PARAM *pmac, const OSSL_PARAM *pcipher,
                           const OSSL_PARAM *pdigest, const OSSL_PARAM *propq,
-                          const OSSL_PARAM *pengine,
                           const char *macname, const char *ciphername,
                           const char *mdname, OSSL_LIB_CTX *libctx);
 
 int ossl_prov_set_macctx(EVP_MAC_CTX *macctx,
                          const char *ciphername,
                          const char *mdname,
-                         const char *engine,
                          const char *properties,
                          const OSSL_PARAM param[]);
 

diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c
index 9c1f79ca62dac6a5ca69e2532d911530697ad877..edf06cb860da20c8f518f3ab47c8479b5c8fbe0c 100644 (file)
--- a/providers/common/provider_util.c
+++ b/providers/common/provider_util.c
@@ -7,15 +7,11 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
 #include <openssl/evp.h>
 #include <openssl/core_names.h>
 #include <openssl/err.h>
 #include <openssl/proverr.h>
 #ifndef FIPS_MODULE
-# include <openssl/engine.h>
 # include "crypto/evp.h"
 #endif
 #include "prov/providercommon.h"
@@ -26,23 +22,12 @@ void ossl_prov_cipher_reset(PROV_CIPHER *pc)
     EVP_CIPHER_free(pc->alloc_cipher);
     pc->alloc_cipher = NULL;
     pc->cipher = NULL;
-#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
-    ENGINE_finish(pc->engine);
-#endif
-    pc->engine = NULL;
 }
 
 int ossl_prov_cipher_copy(PROV_CIPHER *dst, const PROV_CIPHER *src)
 {
     if (src->alloc_cipher != NULL && !EVP_CIPHER_up_ref(src->alloc_cipher))
         return 0;
-#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
-    if (src->engine != NULL && !ENGINE_init(src->engine)) {
-        EVP_CIPHER_free(src->alloc_cipher);
-        return 0;
-    }
-#endif
-    dst->engine = src->engine;
     dst->cipher = src->cipher;
     dst->alloc_cipher = src->alloc_cipher;
     return 1;
@@ -59,41 +44,12 @@ static int set_propq(const OSSL_PARAM *propq, const char **propquery)
     return 1;
 }
 
-static int set_engine(const OSSL_PARAM *e, ENGINE **engine)
-{
-#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
-    ENGINE_finish(*engine);
-#endif
-    *engine = NULL;
-    /* Inside the FIPS module, we don't support legacy ciphers */
-#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
-    if (e != NULL) {
-        if (e->data_type != OSSL_PARAM_UTF8_STRING)
-            return 0;
-        /* Get a structural reference */
-        *engine = ENGINE_by_id(e->data);
-        if (*engine == NULL)
-            return 0;
-        /* Get a functional reference */
-        if (!ENGINE_init(*engine)) {
-            ENGINE_free(*engine);
-            *engine = NULL;
-            return 0;
-        }
-        /* Free the structural reference */
-        ENGINE_free(*engine);
-    }
-#endif
-    return 1;
-}
-
 int ossl_prov_cipher_load(PROV_CIPHER *pc, const OSSL_PARAM *cipher,
-                          const OSSL_PARAM *propq, const OSSL_PARAM *engine,
-                          OSSL_LIB_CTX *ctx)
+                          const OSSL_PARAM *propq, OSSL_LIB_CTX *ctx)
 {
     const char *propquery;
 
-   if (!set_propq(propq, &propquery) || !set_engine(engine, &pc->engine))
+    if (!set_propq(propq, &propquery))
         return 0;
 
     if (cipher == NULL)
@@ -127,33 +83,17 @@ const EVP_CIPHER *ossl_prov_cipher_cipher(const PROV_CIPHER *pc)
     return pc->cipher;
 }
 
-ENGINE *ossl_prov_cipher_engine(const PROV_CIPHER *pc)
-{
-    return pc->engine;
-}
-
 void ossl_prov_digest_reset(PROV_DIGEST *pd)
 {
     EVP_MD_free(pd->alloc_md);
     pd->alloc_md = NULL;
     pd->md = NULL;
-#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
-    ENGINE_finish(pd->engine);
-#endif
-    pd->engine = NULL;
 }
 
 int ossl_prov_digest_copy(PROV_DIGEST *dst, const PROV_DIGEST *src)
 {
     if (src->alloc_md != NULL && !EVP_MD_up_ref(src->alloc_md))
         return 0;
-#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
-    if (src->engine != NULL && !ENGINE_init(src->engine)) {
-        EVP_MD_free(src->alloc_md);
-        return 0;
-    }
-#endif
-    dst->engine = src->engine;
     dst->md = src->md;
     dst->alloc_md = src->alloc_md;
     return 1;
@@ -169,12 +109,11 @@ const EVP_MD *ossl_prov_digest_fetch(PROV_DIGEST *pd, OSSL_LIB_CTX *libctx,
 }
 
 int ossl_prov_digest_load(PROV_DIGEST *pd, const OSSL_PARAM *digest,
-                          const OSSL_PARAM *propq, const OSSL_PARAM *engine,
-                          OSSL_LIB_CTX *ctx)
+                          const OSSL_PARAM *propq, OSSL_LIB_CTX *ctx)
 {
     const char *propquery;
 
-    if (!set_propq(propq, &propquery) || !set_engine(engine, &pd->engine))
+    if (!set_propq(propq, &propquery))
         return 0;
 
     if (digest == NULL)
@@ -212,15 +151,9 @@ const EVP_MD *ossl_prov_digest_md(const PROV_DIGEST *pd)
     return pd->md;
 }
 
-ENGINE *ossl_prov_digest_engine(const PROV_DIGEST *pd)
-{
-    return pd->engine;
-}
-
 int ossl_prov_set_macctx(EVP_MAC_CTX *macctx,
                          const char *ciphername,
                          const char *mdname,
-                         const char *engine,
                          const char *properties,
                          const OSSL_PARAM param[])
 {
@@ -238,12 +171,6 @@ int ossl_prov_set_macctx(EVP_MAC_CTX *macctx,
         *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_PROPERTIES,
                                                  (char *)properties, 0);
 
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
-    if (engine != NULL)
-        *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_ENGINE,
-                                                 (char *) engine, 0);
-#endif
-
     *mp = OSSL_PARAM_construct_end();
 
     /*
@@ -274,12 +201,10 @@ int ossl_prov_set_macctx(EVP_MAC_CTX *macctx,
 int ossl_prov_macctx_load(EVP_MAC_CTX **macctx,
                           const OSSL_PARAM *pmac, const OSSL_PARAM *pcipher,
                           const OSSL_PARAM *pdigest, const OSSL_PARAM *propq,
-                          const OSSL_PARAM *pengine,
                           const char *macname, const char *ciphername,
                           const char *mdname, OSSL_LIB_CTX *libctx)
 {
     const char *properties = NULL;
-    const char *engine = NULL;
 
     if (macname == NULL && pmac != NULL)
         if (!OSSL_PARAM_get_utf8_string_ptr(pmac, &macname))
@@ -312,10 +237,8 @@ int ossl_prov_macctx_load(EVP_MAC_CTX **macctx,
     if (mdname == NULL && pdigest != NULL)
         if (!OSSL_PARAM_get_utf8_string_ptr(pdigest, &mdname))
             return 0;
-    if (pengine != NULL && !OSSL_PARAM_get_utf8_string_ptr(pengine, &engine))
-        return 0;
 
-    if (ossl_prov_set_macctx(*macctx, ciphername, mdname, engine, properties, NULL))
+    if (ossl_prov_set_macctx(*macctx, ciphername, mdname, properties, NULL))
         return 1;
 
     EVP_MAC_CTX_free(*macctx);
@@ -335,7 +258,6 @@ int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx,
              OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_CIPHER),
              OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_DIGEST),
              OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_PROPERTIES),
-             OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_ENGINE),
              macname, ciphername, mdname, libctx);
 }
 

diff --git a/providers/implementations/asymciphers/sm2_enc.c.in b/providers/implementations/asymciphers/sm2_enc.c.in
index a8271a834193a2923c3772b00e68718c318bf16b..63de56e8b3b8a060874517f5aa9d8d54d916ea39 100644 (file)
--- a/providers/implementations/asymciphers/sm2_enc.c.in
+++ b/providers/implementations/asymciphers/sm2_enc.c.in
@@ -201,7 +201,7 @@ static int sm2_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM params[])
     if (psm2ctx == NULL || !sm2_set_ctx_params_decoder(params, &p))
         return 0;
 
-    if (!ossl_prov_digest_load(&psm2ctx->md, p.digest, p.propq, p.engine,
+    if (!ossl_prov_digest_load(&psm2ctx->md, p.digest, p.propq,
                                psm2ctx->libctx))
         return 0;
 

diff --git a/providers/implementations/kdfs/hkdf.c.in b/providers/implementations/kdfs/hkdf.c.in
index 5f118bb9cafd715fd747c1f10a8cb14804f43147..980ff07b6151d856d8c059779bb9adfcbcc62a0b 100644 (file)
--- a/providers/implementations/kdfs/hkdf.c.in
+++ b/providers/implementations/kdfs/hkdf.c.in
@@ -291,8 +291,7 @@ static int hkdf_common_set_ctx_params
     if (p->digest != NULL) {
         const EVP_MD *md = NULL;
 
-        if (!ossl_prov_digest_load(&ctx->digest, p->digest,
-                                   p->propq, p->engine, libctx))
+        if (!ossl_prov_digest_load(&ctx->digest, p->digest, p->propq, libctx))
             return 0;
 
         md = ossl_prov_digest_md(&ctx->digest);
@@ -509,7 +508,7 @@ static void *kdf_hkdf_fixed_digest_new(void *provctx, const char *digest)
 
     param = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST,
                                              (char *)digest, 0);
-    if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, NULL, libctx)) {
+    if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, libctx)) {
         kdf_hkdf_free(ctx);
         return NULL;
     }

diff --git a/providers/implementations/kdfs/hmacdrbg_kdf.c.in b/providers/implementations/kdfs/hmacdrbg_kdf.c.in
index 64fd2b4f2c71020d16e43c05130d3d58f6115881..009249cbfb9051dcddfd08319c43c9b3ccd347b3 100644 (file)
--- a/providers/implementations/kdfs/hmacdrbg_kdf.c.in
+++ b/providers/implementations/kdfs/hmacdrbg_kdf.c.in
@@ -225,8 +225,7 @@ static int hmac_drbg_kdf_set_ctx_params(void *vctx,
     }
 
     if (p.digest != NULL) {
-        if (!ossl_prov_digest_load(&drbg->digest, p.digest,
-                                   p.propq, p.engine, libctx))
+        if (!ossl_prov_digest_load(&drbg->digest, p.digest, p.propq, libctx))
             return 0;
 
         /* Confirm digest is allowed. Allow all digests that are not XOF */
@@ -242,7 +241,7 @@ static int hmac_drbg_kdf_set_ctx_params(void *vctx,
             drbg->blocklen = (size_t)md_size;
         }
         if (!ossl_prov_macctx_load(&drbg->ctx, NULL, NULL, p.digest, p.propq,
-                                   p.engine, "HMAC", NULL, NULL, libctx))
+                                   "HMAC", NULL, NULL, libctx))
             return 0;
     }
     return 1;

diff --git a/providers/implementations/kdfs/kbkdf.c.in b/providers/implementations/kdfs/kbkdf.c.in
index 8131e8a56aa7acd80c6beb7fee77908cae368593..1e174bb1967532f305648d0904a7f2d5a479ea7a 100644 (file)
--- a/providers/implementations/kdfs/kbkdf.c.in
+++ b/providers/implementations/kdfs/kbkdf.c.in
@@ -401,8 +401,7 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
         return 0;
 
     if (!ossl_prov_macctx_load(&ctx->ctx_init, p.mac, p.cipher,
-                               p.digest, p.propq, p.engine,
-                               NULL, NULL, NULL, libctx))
+                               p.digest, p.propq, NULL, NULL, NULL, libctx))
         return 0;
 
     if (ctx->ctx_init != NULL) {

diff --git a/providers/implementations/kdfs/krb5kdf.c.in b/providers/implementations/kdfs/krb5kdf.c.in
index 029c668fbf332408db65e6492ea70d5f69e1c0c4..3158226acd46fd797ec51b59ff4e2dab26f0a7fe 100644 (file)
--- a/providers/implementations/kdfs/krb5kdf.c.in
+++ b/providers/implementations/kdfs/krb5kdf.c.in
@@ -130,7 +130,7 @@ static int krb5kdf_derive(void *vctx, unsigned char *key, size_t keylen,
 {
     KRB5KDF_CTX *ctx = (KRB5KDF_CTX *)vctx;
     const EVP_CIPHER *cipher;
-    ENGINE *engine;
+    ENGINE *engine = NULL;
 
     if (!ossl_prov_is_running() || !krb5kdf_set_ctx_params(ctx, params))
         return 0;
@@ -148,7 +148,7 @@ static int krb5kdf_derive(void *vctx, unsigned char *key, size_t keylen,
         ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONSTANT);
         return 0;
     }
-    engine = ossl_prov_cipher_engine(&ctx->cipher);
+
     return KRB5KDF(cipher, engine, ctx->key, ctx->key_len,
                    ctx->constant, ctx->constant_len,
                    key, keylen);
@@ -173,7 +173,7 @@ static int krb5kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 
     provctx = PROV_LIBCTX_OF(ctx->provctx);
 
-    if (!ossl_prov_cipher_load(&ctx->cipher, p.cipher, p.propq, p.engine, provctx))
+    if (!ossl_prov_cipher_load(&ctx->cipher, p.cipher, p.propq, provctx))
         return 0;
 
     if (p.key != NULL && !krb5kdf_set_membuf(&ctx->key, &ctx->key_len, p.key))

diff --git a/providers/implementations/kdfs/pbkdf1.c.in b/providers/implementations/kdfs/pbkdf1.c.in
index 3441d33cb47d02029af7960d20dd5df7aa77aa6c..5eddb9830d839134ae4a1b0926de93a40671f69d 100644 (file)
--- a/providers/implementations/kdfs/pbkdf1.c.in
+++ b/providers/implementations/kdfs/pbkdf1.c.in
@@ -247,8 +247,7 @@ static int kdf_pbkdf1_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 
     libctx = PROV_LIBCTX_OF(ctx->provctx);
 
-    if (!ossl_prov_digest_load(&ctx->digest, p.digest,
-                               p.propq, p.engine, libctx))
+    if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, libctx))
         return 0;
 
     if (p.pw != NULL && !kdf_pbkdf1_set_membuf(&ctx->pass, &ctx->pass_len, p.pw))

diff --git a/providers/implementations/kdfs/pbkdf2.c.in b/providers/implementations/kdfs/pbkdf2.c.in
index ea62550279136802dc68a83444dac314befa1bd8..aa1115a8665aed7a392c11df6801d4b2ec5367ad 100644 (file)
--- a/providers/implementations/kdfs/pbkdf2.c.in
+++ b/providers/implementations/kdfs/pbkdf2.c.in
@@ -156,7 +156,7 @@ static void kdf_pbkdf2_init(KDF_PBKDF2 *ctx)
 
     param = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
                                              SN_sha1, 0);
-    if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, NULL, provctx))
+    if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, provctx))
         /* This is an error, but there is no way to indicate such directly */
         ossl_prov_digest_reset(&ctx->digest);
     ctx->iter = PKCS5_DEFAULT_ITER;
@@ -307,8 +307,7 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     provctx = PROV_LIBCTX_OF(ctx->provctx);
 
     if (p.digest != NULL) {
-        if (!ossl_prov_digest_load(&ctx->digest, p.digest,
-                                   p.propq, p.engine, provctx))
+        if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx))
             return 0;
         md = ossl_prov_digest_md(&ctx->digest);
         if (EVP_MD_xof(md)) {

diff --git a/providers/implementations/kdfs/pkcs12kdf.c.in b/providers/implementations/kdfs/pkcs12kdf.c.in
index 1495bcd2a6be9690029c09495d04a63f7ad87601..c92c79c040f7d39836bf73ae99704609206b2aef 100644 (file)
--- a/providers/implementations/kdfs/pkcs12kdf.c.in
+++ b/providers/implementations/kdfs/pkcs12kdf.c.in
@@ -264,8 +264,7 @@ static int kdf_pkcs12_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 
     provctx = PROV_LIBCTX_OF(ctx->provctx);
 
-    if (!ossl_prov_digest_load(&ctx->digest, p.digest,
-                               p.propq, p.engine, provctx))
+    if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx))
         return 0;
 
     if (p.pw != NULL && !pkcs12kdf_set_membuf(&ctx->pass, &ctx->pass_len, p.pw))

diff --git a/providers/implementations/kdfs/pvkkdf.c.in b/providers/implementations/kdfs/pvkkdf.c.in
index 59a67f0e137cdeaf32ea9161969a43c6e8f10258..b300348a32b924e228c19dfe551e85b7d0205549 100644 (file)
--- a/providers/implementations/kdfs/pvkkdf.c.in
+++ b/providers/implementations/kdfs/pvkkdf.c.in
@@ -113,7 +113,7 @@ static void kdf_pvk_init(KDF_PVK *ctx)
 
     param = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
                                              SN_sha1, 0);
-    if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, NULL, provctx))
+    if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, provctx))
         /* This is an error, but there is no way to indicate such directly */
         ossl_prov_digest_reset(&ctx->digest);
 }
@@ -200,8 +200,7 @@ static int kdf_pvk_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 
     provctx = PROV_LIBCTX_OF(ctx->provctx);
 
-    if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, p.engine,
-                               provctx))
+    if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx))
         return 0;
 
     if (p.pass != NULL && !pvk_set_membuf(&ctx->pass, &ctx->pass_len, p.pass))

diff --git a/providers/implementations/kdfs/sshkdf.c.in b/providers/implementations/kdfs/sshkdf.c.in
index 8ef5b688eb887a308d4012da779f639a44189657..bfaa3e3c6d72bb7b6eda52eae956eaf805508410 100644 (file)
--- a/providers/implementations/kdfs/sshkdf.c.in
+++ b/providers/implementations/kdfs/sshkdf.c.in
@@ -240,8 +240,7 @@ static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     if (p.digest != NULL) {
         const EVP_MD *md = NULL;
 
-        if (!ossl_prov_digest_load(&ctx->digest, p.digest,
-                                   p.propq, p.engine, provctx))
+        if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx))
             return 0;
 
         md = ossl_prov_digest_md(&ctx->digest);

diff --git a/providers/implementations/kdfs/sskdf.c.in b/providers/implementations/kdfs/sskdf.c.in
index 3b3cada8d34aaa98b6bff37ae36d1aea7179ff4c..ccca13852560ce430659404fcd0a67ccc4b9b01d 100644 (file)
--- a/providers/implementations/kdfs/sskdf.c.in
+++ b/providers/implementations/kdfs/sskdf.c.in
@@ -563,7 +563,7 @@ static int sskdf_common_set_ctx_params
     int r;
 
     if (!ossl_prov_macctx_load(&ctx->macctx,
-                               p->mac, NULL, p->digest, p->propq, p->engine,
+                               p->mac, NULL, p->digest, p->propq,
                                NULL, NULL, NULL, libctx))
         return 0;
     if (ctx->macctx != NULL) {
@@ -576,8 +576,7 @@ static int sskdf_common_set_ctx_params
     }
 
     if (p->digest != NULL) {
-        if (!ossl_prov_digest_load(&ctx->digest, p->digest,
-                                   p->propq, p->engine, libctx))
+        if (!ossl_prov_digest_load(&ctx->digest, p->digest, p->propq, libctx))
             return 0;
 
         md = ossl_prov_digest_md(&ctx->digest);

diff --git a/providers/implementations/kdfs/tls1_prf.c.in b/providers/implementations/kdfs/tls1_prf.c.in
index 8dc4e44cd69f85fc8bd6b1dffbbc6463fe05a953..d4e5598d45a5ced479295e7cb13789b8dab8f836 100644 (file)
--- a/providers/implementations/kdfs/tls1_prf.c.in
+++ b/providers/implementations/kdfs/tls1_prf.c.in
@@ -325,25 +325,25 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 
         if (OPENSSL_strcasecmp(dgst, OSSL_DIGEST_NAME_MD5_SHA1) == 0) {
             if (!ossl_prov_macctx_load(&ctx->P_hash, NULL, NULL, NULL,
-                                       p.propq, p.engine,
+                                       p.propq,
                                        OSSL_MAC_NAME_HMAC, NULL,
                                        OSSL_DIGEST_NAME_MD5, libctx))
                 return 0;
             if (!ossl_prov_macctx_load(&ctx->P_sha1, NULL, NULL, NULL,
-                                       p.propq, p.engine,
+                                       p.propq,
                                        OSSL_MAC_NAME_HMAC, NULL,
                                        OSSL_DIGEST_NAME_SHA1, libctx))
                 return 0;
         } else {
             EVP_MAC_CTX_free(ctx->P_sha1);
             if (!ossl_prov_macctx_load(&ctx->P_hash, NULL, NULL, p.digest,
-                                       p.propq, p.engine,
+                                       p.propq,
                                        OSSL_MAC_NAME_HMAC, NULL, NULL, libctx))
                 return 0;
         }
 
         memset(&digest, 0, sizeof(digest));
-        if (!ossl_prov_digest_load(&digest, p.digest, p.propq, p.engine, libctx))
+        if (!ossl_prov_digest_load(&digest, p.digest, p.propq, libctx))
             return 0;
 
         md = ossl_prov_digest_md(&digest);

diff --git a/providers/implementations/kdfs/x942kdf.c.in b/providers/implementations/kdfs/x942kdf.c.in
index 5b4dd0860995199d1895851478ac55f19bf747e5..ce3e12812e417635a29470712a9ae0aac9fe4158 100644 (file)
--- a/providers/implementations/kdfs/x942kdf.c.in
+++ b/providers/implementations/kdfs/x942kdf.c.in
@@ -564,8 +564,7 @@ static int x942kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
         return 0;
 
     if (p.digest != NULL) {
-        if (!ossl_prov_digest_load(&ctx->digest, p.digest,
-                                   p.propq, p.engine, provctx))
+        if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx))
             return 0;
         md = ossl_prov_digest_md(&ctx->digest);
         if (EVP_MD_xof(md)) {

diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c.in b/providers/implementations/keymgmt/mac_legacy_kmgmt.c.in
index 2eefe6bc9a3a18998e345355392f02cdf68b0324..d5b3b4b16b472b53d350436c6290046fd8581068 100644 (file)
--- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c.in
+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c.in
@@ -221,7 +221,7 @@ static int mac_key_fromdata(MAC_KEY *key, const struct mac_common_params_st *p)
     }
 
     if (key->cmac && !ossl_prov_cipher_load(&key->cipher, p->cipher, p->propq,
-                                            p->engine, key->libctx)) {
+                                            key->libctx)) {
         ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
         return 0;
     }
@@ -310,14 +310,6 @@ static int key_to_params(MAC_KEY *key, OSSL_PARAM_BLD *tmpl,
                                              EVP_CIPHER_get0_name(key->cipher.cipher)))
         return 0;
 
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
-    if (key->cipher.engine != NULL
-        && !ossl_param_build_set_utf8_string(tmpl, p->engine,
-                                             OSSL_PKEY_PARAM_ENGINE,
-                                             ENGINE_get_id(key->cipher.engine)))
-        return 0;
-#endif
-
     return 1;
 }
 
@@ -520,7 +512,7 @@ static int cmac_gen_set_params(void *genctx, const OSSL_PARAM params[])
         return 0;
 
     if (!ossl_prov_cipher_load(&gctx->cipher, p.cipher, p.propq,
-                               p.engine, gctx->libctx)) {
+                               gctx->libctx)) {
         ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
         return 0;
     }

diff --git a/providers/implementations/macs/cmac_prov.c.in b/providers/implementations/macs/cmac_prov.c.in
index 0d3b3d5d6dd40e725cc02e26081ad6e59e2adf6d..9169569b26ebc433ecdfd293ef4f0f05f7f56512 100644 (file)
--- a/providers/implementations/macs/cmac_prov.c.in
+++ b/providers/implementations/macs/cmac_prov.c.in
@@ -166,7 +166,7 @@ static int cmac_setkey(struct cmac_data_st *macctx,
 #endif
     rv = ossl_cmac_init(macctx->ctx, key, keylen,
                         ossl_prov_cipher_cipher(&macctx->cipher),
-                        ossl_prov_cipher_engine(&macctx->cipher), p);
+                        NULL, p);
     ossl_prov_cipher_reset(&macctx->cipher);
     return rv;
 }
@@ -267,8 +267,7 @@ static int cmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
         return 0;
 
     if (p.cipher != NULL) {
-        if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq,
-                                   p.engine, ctx))
+        if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq, ctx))
             return 0;
 
         if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher))

diff --git a/providers/implementations/macs/gmac_prov.c.in b/providers/implementations/macs/gmac_prov.c.in
index 0b60ac773922b31b344f971f2669dd483cd4260d..f036fcdea7a1086b335e93a42169efcc941bdbe1 100644 (file)
--- a/providers/implementations/macs/gmac_prov.c.in
+++ b/providers/implementations/macs/gmac_prov.c.in
@@ -224,8 +224,7 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
     provctx = PROV_LIBCTX_OF(macctx->provctx);
 
     if (p.cipher != NULL) {
-        if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq,
-                                   p.engine, provctx))
+        if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq, provctx))
             return 0;
         if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher))
             != EVP_CIPH_GCM_MODE) {
@@ -233,8 +232,7 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
             return 0;
         }
         if (!EVP_EncryptInit_ex(ctx, ossl_prov_cipher_cipher(&macctx->cipher),
-                                ossl_prov_cipher_engine(&macctx->cipher), NULL,
-                                NULL))
+                                NULL, NULL, NULL))
             return 0;
     }
 

diff --git a/providers/implementations/macs/hmac_prov.c.in b/providers/implementations/macs/hmac_prov.c.in
index e6ca3484038cde8bf83ff8d597386f518b406177..f86d6e9374ba2813935ec253a83c39060be3e32a 100644 (file)
--- a/providers/implementations/macs/hmac_prov.c.in
+++ b/providers/implementations/macs/hmac_prov.c.in
@@ -195,8 +195,7 @@ static int hmac_setkey(struct hmac_data_st *macctx,
     digest = ossl_prov_digest_md(&macctx->digest);
     /* HMAC_Init_ex doesn't tolerate all zero params, so we must be careful */
     if (key != NULL || (macctx->tls_data_size == 0 && digest != NULL))
-        return HMAC_Init_ex(macctx->ctx, key, (int)keylen, digest,
-                            ossl_prov_digest_engine(&macctx->digest));
+        return HMAC_Init_ex(macctx->ctx, key, (int)keylen, digest, NULL);
     return 1;
 }
 
@@ -343,8 +342,7 @@ static int hmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
         return 0;
 
     if (p.digest != NULL
-            && !ossl_prov_digest_load(&macctx->digest, p.digest, p.propq,
-                                      p.engine, ctx))
+            && !ossl_prov_digest_load(&macctx->digest, p.digest, p.propq, ctx))
         return 0;
 
     if (p.key != NULL) {

diff --git a/providers/implementations/macs/kmac_prov.c.in b/providers/implementations/macs/kmac_prov.c.in
index 630851cc8e19242dd7388e386d6ce0c3e61c7afe..0c6e7692565110d8fe2f3c40cf580f519e8e438c 100644 (file)
--- a/providers/implementations/macs/kmac_prov.c.in
+++ b/providers/implementations/macs/kmac_prov.c.in
@@ -207,7 +207,7 @@ static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params)
         return 0;
     if (!kmac_new_decoder(params, &p))
         goto err;
-    if (!ossl_prov_digest_load(&kctx->digest, p.digest, p.propq, p.engine,
+    if (!ossl_prov_digest_load(&kctx->digest, p.digest, p.propq,
                                PROV_LIBCTX_OF(provctx)))
         goto err;
 

diff --git a/providers/implementations/rands/drbg_hash.c.in b/providers/implementations/rands/drbg_hash.c.in
index cf518007216a688e55e170a95ba1d845fa36fc7c..dc178d0310f75b9bcfed0c28c814767efff07470 100644 (file)
--- a/providers/implementations/rands/drbg_hash.c.in
+++ b/providers/implementations/rands/drbg_hash.c.in
@@ -590,8 +590,7 @@ static int drbg_hash_set_ctx_params_locked
     if (!drbg_fetch_digest_from_prov(p, libctx, &prov_md)) {
         (void)ERR_pop_to_mark();
         /* fall back to full implementation search */
-        if (!ossl_prov_digest_load(&hash->digest, p->digest, p->propq,
-                                   p->engine, libctx))
+        if (!ossl_prov_digest_load(&hash->digest, p->digest, p->propq, libctx))
             return 0;
     } else {
         (void)ERR_clear_last_mark();

diff --git a/providers/implementations/rands/drbg_hmac.c.in b/providers/implementations/rands/drbg_hmac.c.in
index a0ab3995593445f33b385fddef36b8687d71289a..f13b307f85ed2f0a095da7370d54f8c94bee5c61 100644 (file)
--- a/providers/implementations/rands/drbg_hmac.c.in
+++ b/providers/implementations/rands/drbg_hmac.c.in
@@ -511,13 +511,11 @@ static int drbg_hmac_set_ctx_params_locked
     if (!drbg_fetch_algs_from_prov(p, libctx, &hmac->ctx, &prov_md)) {
         (void)ERR_pop_to_mark();
         /* fall back to full implementation search */
-        if (!ossl_prov_digest_load(&hmac->digest, p->digest, p->propq,
-                                   p->engine, libctx))
+        if (!ossl_prov_digest_load(&hmac->digest, p->digest, p->propq, libctx))
             return 0;
 
         if (!ossl_prov_macctx_load(&hmac->ctx, p->mac, NULL, p->digest,
-                                   p->propq, p->engine,
-                                   NULL, NULL, NULL, libctx))
+                                   p->propq, NULL, NULL, NULL, libctx))
             return 0;
     } else {
         (void)ERR_clear_last_mark();

diff --git a/providers/implementations/signature/mac_legacy_sig.c b/providers/implementations/signature/mac_legacy_sig.c
index a5661eaa0b55ad6d1145a1f817d2c5c9d4a172d2..d1861acc046159d15b612a216570095e38006023 100644 (file)
--- a/providers/implementations/signature/mac_legacy_sig.c
+++ b/providers/implementations/signature/mac_legacy_sig.c
@@ -7,9 +7,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* We need to use some engine deprecated APIs */
-#define OPENSSL_SUPPRESS_DEPRECATED
-
 #include <openssl/crypto.h>
 #include <openssl/evp.h>
 #include <openssl/core_dispatch.h>
@@ -17,9 +14,6 @@
 #include <openssl/params.h>
 #include <openssl/err.h>
 #include <openssl/proverr.h>
-#ifndef FIPS_MODULE
-# include <openssl/engine.h>
-#endif
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
 #include "prov/macsignature.h"
@@ -97,7 +91,7 @@ static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey,
                                 const OSSL_PARAM params[])
 {
     PROV_MAC_CTX *pmacctx = (PROV_MAC_CTX *)vpmacctx;
-    const char *ciphername = NULL, *engine = NULL;
+    const char *ciphername = NULL;
 
     if (!ossl_prov_is_running()
         || pmacctx == NULL)
@@ -117,15 +111,10 @@ static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey,
 
     if (pmacctx->key->cipher.cipher != NULL)
         ciphername = (char *)EVP_CIPHER_get0_name(pmacctx->key->cipher.cipher);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
-    if (pmacctx->key->cipher.engine != NULL)
-        engine = (char *)ENGINE_get_id(pmacctx->key->cipher.engine);
-#endif
 
     if (!ossl_prov_set_macctx(pmacctx->macctx,
                               (char *)ciphername,
                               (char *)mdname,
-                              (char *)engine,
                               pmacctx->key->properties, params))
         return 0;