From: Norbert Pocs Date: Fri, 29 Aug 2025 12:42:18 +0000 (+0200) Subject: crypto/: Remove OPENSSL_NO_ENGINE guarded code X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=30f21bbb759dfd59a61b6ecdfab4fdef6b950c02;p=thirdparty%2Fopenssl.git crypto/: Remove OPENSSL_NO_ENGINE guarded code Signed-off-by: Norbert Pocs Reviewed-by: Matt Caswell Reviewed-by: Saša Nedvědický Reviewed-by: Neil Horman Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/28384) --- diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c index 67e8a96ba15..6cdeb709200 100644 --- a/crypto/asn1/a_digest.c +++ b/crypto/asn1/a_digest.c @@ -63,16 +63,8 @@ int ossl_asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *md, void *asn, if (i < 0 || str == NULL) return 0; - if (EVP_MD_get0_provider(md) == NULL) { -#if !defined(OPENSSL_NO_ENGINE) - ENGINE *tmpeng = ENGINE_get_digest_engine(EVP_MD_get_type(md)); - - if (tmpeng != NULL) - ENGINE_finish(tmpeng); - else -#endif - fetched_md = EVP_MD_fetch(libctx, EVP_MD_get0_name(md), propq); - } + if (EVP_MD_get0_provider(md) == NULL) + fetched_md = EVP_MD_fetch(libctx, EVP_MD_get0_name(md), propq); if (fetched_md == NULL) goto err; diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 330e7559c82..5f647b5dbfa 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -91,15 +91,6 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type) type = t->pkey_base_id; } if (pe) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e; - /* type will contain the final unaliased type */ - e = ENGINE_get_pkey_asn1_meth_engine(type); - if (e) { - *pe = e; - return ENGINE_get_pkey_asn1_meth(e, type); - } -#endif *pe = NULL; } return t; @@ -114,20 +105,6 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, if (len == -1) len = (int)strlen(str); if (pe) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e; - ameth = ENGINE_pkey_asn1_find_str(&e, str, len); - if (ameth) { - /* - * Convert structural into functional reference - */ - if (!ENGINE_init(e)) - ameth = NULL; - ENGINE_free(e); - *pe = e; - return ameth; - } -#endif *pe = NULL; } for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) { diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index d0c0be517bf..c7dc93ad20b 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -112,10 +112,6 @@ ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, const unsigned char **pp, } } else { ret = *a; -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(ret->engine); - ret->engine = NULL; -#endif } if (!EVP_PKEY_set_type(ret, keytype)) { diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c index bad19c96cca..f868f78a216 100644 --- a/crypto/conf/conf_mall.c +++ b/crypto/conf/conf_mall.c @@ -28,9 +28,6 @@ void OPENSSL_load_builtin_modules(void) /* Add builtin modules here */ ASN1_add_oid_module(); ASN1_add_stable_module(); -#ifndef OPENSSL_NO_ENGINE - ENGINE_add_conf_module(); -#endif EVP_add_alg_module(); ossl_config_add_ssl_module(); ossl_provider_add_conf_module(); diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 631eb3fec00..55a8a7bb436 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -251,10 +251,6 @@ int CONF_modules_load_file(const char *filename, DEFINE_RUN_ONCE_STATIC(do_load_builtin_modules) { OPENSSL_load_builtin_modules(); -#ifndef OPENSSL_NO_ENGINE - /* Need to load ENGINEs */ - ENGINE_load_builtin_engines(); -#endif return 1; } diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 93e08b3f8c7..7bbf9873581 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -39,10 +39,6 @@ int DH_set_method(DH *dh, const DH_METHOD *meth) mtmp = dh->meth; if (mtmp->finish) mtmp->finish(dh); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(dh->engine); - dh->engine = NULL; -#endif dh->meth = meth; if (meth->init) meth->init(dh); @@ -93,25 +89,6 @@ static DH *dh_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) ret->libctx = libctx; ret->meth = DH_get_default_method(); -#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) - ret->flags = ret->meth->flags; /* early default init */ - if (engine) { - if (!ENGINE_init(engine)) { - ERR_raise(ERR_LIB_DH, ERR_R_ENGINE_LIB); - goto err; - } - ret->engine = engine; - } else - ret->engine = ENGINE_get_default_DH(); - if (ret->engine) { - ret->meth = ENGINE_get_DH(ret->engine); - if (ret->meth == NULL) { - ERR_raise(ERR_LIB_DH, ERR_R_ENGINE_LIB); - goto err; - } - } -#endif - ret->flags = ret->meth->flags; #ifndef FIPS_MODULE @@ -149,9 +126,6 @@ void DH_free(DH *r) if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); #if !defined(FIPS_MODULE) -# if !defined(OPENSSL_NO_ENGINE) - ENGINE_finish(r->engine); -# endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); #endif diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index db6e3b059b4..259d5d790c3 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -113,10 +113,6 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) mtmp = dsa->meth; if (mtmp->finish) mtmp->finish(dsa); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(dsa->engine); - dsa->engine = NULL; -#endif dsa->meth = meth; if (meth->init) meth->init(dsa); @@ -152,24 +148,6 @@ static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) ret->libctx = libctx; ret->meth = DSA_get_default_method(); -#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) - ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */ - if (engine) { - if (!ENGINE_init(engine)) { - ERR_raise(ERR_LIB_DSA, ERR_R_ENGINE_LIB); - goto err; - } - ret->engine = engine; - } else - ret->engine = ENGINE_get_default_DSA(); - if (ret->engine) { - ret->meth = ENGINE_get_DSA(ret->engine); - if (ret->meth == NULL) { - ERR_raise(ERR_LIB_DSA, ERR_R_ENGINE_LIB); - goto err; - } - } -#endif ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; @@ -225,9 +203,6 @@ void DSA_free(DSA *r) if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); -#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) - ENGINE_finish(r->engine); -#endif #ifndef FIPS_MODULE CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 8adc6e89961..c25761c6403 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -84,10 +84,6 @@ void EC_KEY_free(EC_KEY *r) if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - ENGINE_finish(r->engine); -#endif - if (r->group && r->group->meth->keyfinish) r->group->meth->keyfinish(r); @@ -114,11 +110,6 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) dest->meth->finish(dest); if (dest->group && dest->group->meth->keyfinish) dest->group->meth->keyfinish(dest); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - if (ENGINE_finish(dest->engine) == 0) - return 0; - dest->engine = NULL; -#endif } dest->libctx = src->libctx; /* copy the parameters */ @@ -169,11 +160,6 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) #endif if (src->meth != dest->meth) { -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - if (src->engine != NULL && ENGINE_init(src->engine) == 0) - return NULL; - dest->engine = src->engine; -#endif dest->meth = src->meth; } diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index 5c9ef4807d9..3093feb44a6 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -67,11 +67,6 @@ int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth) if (finish != NULL) finish(key); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - ENGINE_finish(key->engine); - key->engine = NULL; -#endif - key->meth = meth; if (meth->init != NULL) return meth->init(key); @@ -99,24 +94,6 @@ EC_KEY *ossl_ec_key_new_method_int(OSSL_LIB_CTX *libctx, const char *propq, } ret->meth = EC_KEY_get_default_method(); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - if (engine != NULL) { - if (!ENGINE_init(engine)) { - ERR_raise(ERR_LIB_EC, ERR_R_ENGINE_LIB); - goto err; - } - ret->engine = engine; - } else - ret->engine = ENGINE_get_default_EC(); - if (ret->engine != NULL) { - ret->meth = ENGINE_get_EC(ret->engine); - if (ret->meth == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_ENGINE_LIB); - goto err; - } - } -#endif - ret->version = 1; ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 680917da576..e1e04cb146c 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -60,11 +60,6 @@ void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_fetched) if (force) ctx->digest = NULL; -#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) - ENGINE_finish(ctx->engine); - ctx->engine = NULL; -#endif - /* Non legacy code, this has to be later than the ctx->digest cleaning */ if (!keep_fetched) { EVP_MD_free(ctx->fetched_digest); @@ -155,12 +150,8 @@ int evp_md_ctx_free_algctx(EVP_MD_CTX *ctx) } static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type, - const OSSL_PARAM params[], ENGINE *impl) + const OSSL_PARAM params[]) { -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - ENGINE *tmpimpl = NULL; -#endif - #if !defined(FIPS_MODULE) if (ctx->pctx != NULL && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) @@ -172,9 +163,9 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type, * operation. So in that case we redirect to EVP_DigestSignInit() */ if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX) - return EVP_DigestSignInit(ctx, NULL, type, impl, NULL); + return EVP_DigestSignInit(ctx, NULL, type, NULL, NULL); if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX) - return EVP_DigestVerifyInit(ctx, NULL, type, impl, NULL); + return EVP_DigestVerifyInit(ctx, NULL, type, NULL, NULL); ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); return 0; } @@ -193,43 +184,11 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type, type = ctx->digest; } - /* Code below to be removed when legacy support is dropped. */ -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - /* - * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so - * this context may already have an ENGINE! Try to avoid releasing the - * previous handle, re-querying for an ENGINE, and having a - * reinitialisation, when it may all be unnecessary. - */ - if (ossl_unlikely(ctx->engine != NULL) - && ctx->digest != NULL - && type->type == ctx->digest->type) - goto skip_to_init; - /* - * Ensure an ENGINE left lying around from last time is cleared (the - * previous check attempted to avoid this if the same ENGINE and - * EVP_MD could be used). - */ - ENGINE_finish(ctx->engine); - ctx->engine = NULL; - - if (impl == NULL) - tmpimpl = ENGINE_get_digest_engine(type->type); -#endif - - /* - * If there are engines involved or EVP_MD_CTX_FLAG_NO_INIT is set then we + * If there is EVP_MD_CTX_FLAG_NO_INIT set then we * should use legacy handling for now. */ - if (impl != NULL -#if !defined(OPENSSL_NO_ENGINE) - || ctx->engine != NULL -# if !defined(FIPS_MODULE) - || tmpimpl != NULL -# endif -#endif - || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0 + if ((ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0 || (type != NULL && type->origin == EVP_ORIG_METH) || (type == NULL && ctx->digest != NULL && ctx->digest->origin == EVP_ORIG_METH)) { @@ -304,37 +263,6 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type, /* Code below to be removed when legacy support is dropped. */ legacy: -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - if (type) { - if (impl != NULL) { - if (!ENGINE_init(impl)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - } else { - /* Ask if an ENGINE is reserved for this job */ - impl = tmpimpl; - } - if (impl != NULL) { - /* There's an ENGINE for this job ... (apparently) */ - const EVP_MD *d = ENGINE_get_digest(impl, type->type); - - if (d == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - ENGINE_finish(impl); - return 0; - } - /* We'll use the ENGINE's private digest definition */ - type = d; - /* - * Store the ENGINE functional reference so we know 'type' came - * from an ENGINE and we need to release it when done. - */ - ctx->engine = impl; - } else - ctx->engine = NULL; - } -#endif if (ctx->digest != type) { cleanup_old_md_data(ctx, 1); @@ -346,9 +274,6 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type, return 0; } } -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - skip_to_init: -#endif #ifndef FIPS_MODULE if (ctx->pctx != NULL && (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) @@ -368,18 +293,20 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type, int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type, const OSSL_PARAM params[]) { - return evp_md_init_internal(ctx, type, params, NULL); + return evp_md_init_internal(ctx, type, params); } int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) { EVP_MD_CTX_reset(ctx); - return evp_md_init_internal(ctx, type, NULL, NULL); + return evp_md_init_internal(ctx, type, NULL); } int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { - return evp_md_init_internal(ctx, type, NULL, impl); + /* make the compiler happy */ + (void)impl; + return evp_md_init_internal(ctx, type, NULL); } int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) @@ -668,13 +595,6 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) /* Code below to be removed when legacy support is dropped. */ legacy: -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - /* Make sure it's safe to copy a digest context using an ENGINE */ - if (in->engine && !ENGINE_init(in->engine)) { - ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB); - return 0; - } -#endif if (out->digest == in->digest) { tmp_buf = out->md_data; diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index bcc507edfdc..17ee28fa32b 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -61,9 +61,6 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) OPENSSL_cleanse(ctx->cipher_data, ctx->cipher->ctx_size); } OPENSSL_free(ctx->cipher_data); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - ENGINE_finish(ctx->engine); -#endif memset(ctx, 0, sizeof(*ctx)); ctx->iv_len = -1; return 1; @@ -91,15 +88,12 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, + const unsigned char *key, const unsigned char *iv, int enc, uint8_t is_pipeline, const OSSL_PARAM params[]) { int n; -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - ENGINE *tmpimpl = NULL; -#endif /* * enc == 1 means we are encrypting. @@ -123,32 +117,10 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, if (is_pipeline) goto nonlegacy; -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - /* - * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so - * this context may already have an ENGINE! Try to avoid releasing the - * previous handle, re-querying for an ENGINE, and having a - * reinitialisation, when it may all be unnecessary. - */ - if (ctx->engine && ctx->cipher - && (cipher == NULL || cipher->nid == ctx->cipher->nid)) - goto skip_to_init; - - if (cipher != NULL && impl == NULL) { - /* Ask if an ENGINE is reserved for this job */ - tmpimpl = ENGINE_get_cipher_engine(cipher->nid); - } -#endif - /* * If there are engines involved then we should use legacy handling for now. */ - if (ctx->engine != NULL -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - || tmpimpl != NULL -#endif - || impl != NULL - || (cipher != NULL && cipher->origin == EVP_ORIG_METH) + if ((cipher != NULL && cipher->origin == EVP_ORIG_METH) || (cipher == NULL && ctx->cipher != NULL && ctx->cipher->origin == EVP_ORIG_METH)) { if (ctx->cipher == ctx->fetched_cipher) @@ -349,39 +321,6 @@ nonlegacy: ctx->encrypt = enc; ctx->flags = flags; } -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - if (impl != NULL) { - if (!ENGINE_init(impl)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - } else { - impl = tmpimpl; - } - if (impl != NULL) { - /* There's an ENGINE for this job ... (apparently) */ - const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid); - - if (c == NULL) { - /* - * One positive side-effect of US's export control history, - * is that we should at least be able to avoid using US - * misspellings of "initialisation"? - */ - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - /* We'll use the ENGINE's private cipher definition */ - cipher = c; - /* - * Store the ENGINE functional reference so we know 'cipher' came - * from an ENGINE and we need to release it when done. - */ - ctx->engine = impl; - } else { - ctx->engine = NULL; - } -#endif ctx->cipher = cipher; if (ctx->cipher->ctx_size) { @@ -404,9 +343,6 @@ nonlegacy: } } } -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - skip_to_init: -#endif if (ctx->cipher == NULL) return 0; @@ -635,7 +571,7 @@ int EVP_CipherInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int enc, const OSSL_PARAM params[]) { - return evp_cipher_init_internal(ctx, cipher, NULL, key, iv, enc, 0, params); + return evp_cipher_init_internal(ctx, cipher, key, iv, enc, 0, params); } int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, @@ -643,14 +579,16 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, { if (cipher != NULL) EVP_CIPHER_CTX_reset(ctx); - return evp_cipher_init_internal(ctx, cipher, NULL, key, iv, enc, 0, NULL); + return evp_cipher_init_internal(ctx, cipher, key, iv, enc, 0, NULL); } int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc) { - return evp_cipher_init_internal(ctx, cipher, impl, key, iv, enc, 0, NULL); + /* to make the compilers happy */ + (void)impl; + return evp_cipher_init_internal(ctx, cipher, key, iv, enc, 0, NULL); } int EVP_CipherPipelineEncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, @@ -665,7 +603,7 @@ int EVP_CipherPipelineEncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ctx->numpipes = numpipes; - if (!evp_cipher_init_internal(ctx, cipher, NULL, NULL, NULL, 1, 1, + if (!evp_cipher_init_internal(ctx, cipher, NULL, NULL, 1, 1, NULL)) return 0; @@ -695,7 +633,7 @@ int EVP_CipherPipelineDecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ctx->numpipes = numpipes; - if (!evp_cipher_init_internal(ctx, cipher, NULL, NULL, NULL, 0, 1, + if (!evp_cipher_init_internal(ctx, cipher, NULL, NULL, 0, 1, NULL)) return 0; @@ -1811,14 +1749,6 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) /* Code below to be removed when legacy support is dropped. */ legacy: -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - /* Make sure it's safe to copy a cipher context using an ENGINE */ - if (in->engine && !ENGINE_init(in->engine)) { - ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB); - return 0; - } -#endif - EVP_CIPHER_CTX_reset(out); memcpy(out, in, sizeof(*out)); diff --git a/crypto/evp/evp_pkey_type.c b/crypto/evp/evp_pkey_type.c index 15f1863a059..192069dee43 100644 --- a/crypto/evp/evp_pkey_type.c +++ b/crypto/evp/evp_pkey_type.c @@ -72,9 +72,6 @@ int EVP_PKEY_type(int type) ret = ameth->pkey_id; else ret = NID_undef; -# ifndef OPENSSL_NO_ENGINE - ENGINE_finish(e); -# endif return ret; #else size_t i; diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index f292dcadd97..7980f220cd8 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -419,68 +419,42 @@ static EVP_PKEY *new_raw_key_int(OSSL_LIB_CTX *libctx, const char *strtype, const char *propq, int nidtype, - ENGINE *e, const unsigned char *key, size_t len, int key_is_priv) { EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; - const EVP_PKEY_ASN1_METHOD *ameth = NULL; int result = 0; -# ifndef OPENSSL_NO_ENGINE - /* Check if there is an Engine for this type */ - if (e == NULL) { - ENGINE *tmpe = NULL; - - if (strtype != NULL) - ameth = EVP_PKEY_asn1_find_str(&tmpe, strtype, -1); - else if (nidtype != EVP_PKEY_NONE) - ameth = EVP_PKEY_asn1_find(&tmpe, nidtype); - - /* If tmpe is NULL then no engine is claiming to support this type */ - if (tmpe == NULL) - ameth = NULL; + ctx = EVP_PKEY_CTX_new_from_name(libctx, + strtype != NULL ? strtype + : OBJ_nid2sn(nidtype), + propq); + if (ctx == NULL) + goto err; + /* May fail if no provider available */ + ERR_set_mark(); + if (EVP_PKEY_fromdata_init(ctx) == 1) { + OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - ENGINE_finish(tmpe); - } -# endif + ERR_clear_last_mark(); + params[0] = OSSL_PARAM_construct_octet_string( + key_is_priv ? OSSL_PKEY_PARAM_PRIV_KEY + : OSSL_PKEY_PARAM_PUB_KEY, + (void *)key, len); - if (e == NULL && ameth == NULL) { - /* - * No engine is claiming to support this type, so lets see if we have - * a provider. - */ - ctx = EVP_PKEY_CTX_new_from_name(libctx, - strtype != NULL ? strtype - : OBJ_nid2sn(nidtype), - propq); - if (ctx == NULL) + if (EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) != 1) { + ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED); goto err; - /* May fail if no provider available */ - ERR_set_mark(); - if (EVP_PKEY_fromdata_init(ctx) == 1) { - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - ERR_clear_last_mark(); - params[0] = OSSL_PARAM_construct_octet_string( - key_is_priv ? OSSL_PKEY_PARAM_PRIV_KEY - : OSSL_PKEY_PARAM_PUB_KEY, - (void *)key, len); - - if (EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) != 1) { - ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED); - goto err; - } + } - EVP_PKEY_CTX_free(ctx); + EVP_PKEY_CTX_free(ctx); - return pkey; - } - ERR_pop_to_mark(); - /* else not supported so fallback to legacy */ + return pkey; } + ERR_pop_to_mark(); + /* else not supported so fallback to legacy */ /* Legacy code path */ @@ -490,7 +464,7 @@ static EVP_PKEY *new_raw_key_int(OSSL_LIB_CTX *libctx, goto err; } - if (!pkey_set_type(pkey, e, nidtype, strtype, -1, NULL)) { + if (!pkey_set_type(pkey, NULL, nidtype, strtype, -1, NULL)) { /* ERR_raise(ERR_LIB_EVP, ...) already called */ goto err; } @@ -535,7 +509,7 @@ EVP_PKEY *EVP_PKEY_new_raw_private_key_ex(OSSL_LIB_CTX *libctx, const char *propq, const unsigned char *priv, size_t len) { - return new_raw_key_int(libctx, keytype, propq, EVP_PKEY_NONE, NULL, priv, + return new_raw_key_int(libctx, keytype, propq, EVP_PKEY_NONE, priv, len, 1); } @@ -543,14 +517,16 @@ EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, const unsigned char *priv, size_t len) { - return new_raw_key_int(NULL, NULL, NULL, type, e, priv, len, 1); + /* make the compiler happy */ + (void)e; + return new_raw_key_int(NULL, NULL, NULL, type, priv, len, 1); } EVP_PKEY *EVP_PKEY_new_raw_public_key_ex(OSSL_LIB_CTX *libctx, const char *keytype, const char *propq, const unsigned char *pub, size_t len) { - return new_raw_key_int(libctx, keytype, propq, EVP_PKEY_NONE, NULL, pub, + return new_raw_key_int(libctx, keytype, propq, EVP_PKEY_NONE, pub, len, 0); } @@ -558,7 +534,9 @@ EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, const unsigned char *pub, size_t len) { - return new_raw_key_int(NULL, NULL, NULL, type, e, pub, len, 0); + /* make the compiler happy */ + (void)e; + return new_raw_key_int(NULL, NULL, NULL, type, pub, len, 0); } struct raw_key_details_st { @@ -658,12 +636,9 @@ static EVP_PKEY *new_cmac_key_int(const unsigned char *priv, size_t len, const char *cipher_name, const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx, - const char *propq, ENGINE *e) + const char *propq) { # ifndef OPENSSL_NO_CMAC -# ifndef OPENSSL_NO_ENGINE - const char *engine_id = e != NULL ? ENGINE_get_id(e) : NULL; -# endif OSSL_PARAM params[5], *p = params; EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx; @@ -692,11 +667,6 @@ static EVP_PKEY *new_cmac_key_int(const unsigned char *priv, size_t len, if (propq != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_PROPERTIES, (char *)propq, 0); -# ifndef OPENSSL_NO_ENGINE - if (engine_id != NULL) - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_ENGINE, - (char *)engine_id, 0); -# endif *p = OSSL_PARAM_construct_end(); if (EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) { @@ -717,7 +687,7 @@ static EVP_PKEY *new_cmac_key_int(const unsigned char *priv, size_t len, EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len, const EVP_CIPHER *cipher) { - return new_cmac_key_int(priv, len, NULL, cipher, NULL, NULL, e); + return new_cmac_key_int(priv, len, NULL, cipher, NULL, NULL); } int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) @@ -730,31 +700,6 @@ int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len, NULL); } -# ifndef OPENSSL_NO_ENGINE -int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e) -{ - if (e != NULL) { - if (!ENGINE_init(e)) { - ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB); - return 0; - } - if (ENGINE_get_pkey_meth(e, pkey->type) == NULL) { - ENGINE_finish(e); - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_ALGORITHM); - return 0; - } - } - ENGINE_finish(pkey->pmeth_engine); - pkey->pmeth_engine = e; - return 1; -} - -ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey) -{ - return pkey->engine; -} -# endif - # ifndef OPENSSL_NO_DEPRECATED_3_0 static void detect_foreign_key(EVP_PKEY *pkey) { @@ -1536,6 +1481,7 @@ EVP_PKEY *EVP_PKEY_new(void) * If pkey is NULL just return 1 or 0 if the key management method exists. */ +/* TODO - remove engine parameter */ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len, EVP_KEYMGMT *keymgmt) { @@ -1572,13 +1518,6 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, && type == pkey->save_type && pkey->ameth != NULL) return 1; -# ifndef OPENSSL_NO_ENGINE - /* If we have ENGINEs release them */ - ENGINE_finish(pkey->engine); - pkey->engine = NULL; - ENGINE_finish(pkey->pmeth_engine); - pkey->pmeth_engine = NULL; -# endif #endif } #ifndef FIPS_MODULE @@ -1586,10 +1525,6 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, ameth = EVP_PKEY_asn1_find_str(eptr, str, len); else if (type != EVP_PKEY_NONE) ameth = EVP_PKEY_asn1_find(eptr, type); -# ifndef OPENSSL_NO_ENGINE - if (pkey == NULL && eptr != NULL) - ENGINE_finish(e); -# endif #endif @@ -1639,12 +1574,6 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, } else { pkey->type = EVP_PKEY_KEYMGMT; } -# ifndef OPENSSL_NO_ENGINE - if (eptr == NULL && e != NULL && !ENGINE_init(e)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } -# endif pkey->engine = e; #endif } @@ -1803,13 +1732,6 @@ void evp_pkey_free_legacy(EVP_PKEY *x) ameth->pkey_free(x); x->pkey.ptr = NULL; } -# ifndef OPENSSL_NO_ENGINE - ENGINE_finish(tmpe); - ENGINE_finish(x->engine); - x->engine = NULL; - ENGINE_finish(x->pmeth_engine); - x->pmeth_engine = NULL; -# endif } #endif /* FIPS_MODULE */ diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 059469f0b0f..fc84067af1b 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -210,27 +210,6 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, if (e == NULL && (pkey == NULL || pkey->foreign == 0)) keytype = OBJ_nid2sn(id); -# ifndef OPENSSL_NO_ENGINE - if (e == NULL && pkey != NULL) - e = pkey->pmeth_engine != NULL ? pkey->pmeth_engine : pkey->engine; - /* Try to find an ENGINE which implements this method */ - if (e != NULL) { - if (!ENGINE_init(e)) { - ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB); - return NULL; - } - } else { - e = ENGINE_get_pkey_meth_engine(id); - } - - /* - * If an ENGINE handled this method look it up. Otherwise use internal - * tables. - */ - if (e != NULL) - pmeth = ENGINE_get_pkey_meth(e, id); - else -# endif /* OPENSSL_NO_ENGINE */ if (pkey != NULL && pkey->foreign) pmeth = EVP_PKEY_meth_find(id); else @@ -297,11 +276,6 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, ret = OPENSSL_zalloc(sizeof(*ret)); } -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - if ((ret == NULL || pmeth == NULL) && e != NULL) - ENGINE_finish(e); -#endif - if (ret == NULL) { EVP_KEYMGMT_free(keymgmt); return NULL; @@ -404,9 +378,6 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) OPENSSL_free(ctx->propquery); EVP_PKEY_free(ctx->pkey); EVP_PKEY_free(ctx->peerkey); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - ENGINE_finish(ctx->engine); -#endif BN_free(ctx->rsa_pubexp); OPENSSL_free(ctx); } @@ -454,13 +425,6 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) { EVP_PKEY_CTX *rctx; -# ifndef OPENSSL_NO_ENGINE - /* Make sure it's safe to copy a pkey context using an ENGINE */ - if (pctx->engine && !ENGINE_init(pctx->engine)) { - ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB); - return 0; - } -# endif rctx = OPENSSL_zalloc(sizeof(*rctx)); if (rctx == NULL) return NULL; @@ -576,9 +540,6 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) } rctx->pmeth = pctx->pmeth; -# ifndef OPENSSL_NO_ENGINE - rctx->engine = pctx->engine; -# endif if (pctx->peerkey != NULL && !EVP_PKEY_up_ref(pctx->peerkey)) goto err; diff --git a/crypto/hmac/hmac_s390x.c b/crypto/hmac/hmac_s390x.c index 702cb9d3153..edd1b5258a4 100644 --- a/crypto/hmac/hmac_s390x.c +++ b/crypto/hmac/hmac_s390x.c @@ -15,9 +15,6 @@ #include "openssl/obj_mac.h" #include "openssl/evp.h" #include "openssl/err.h" -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) -# include -#endif #ifdef OPENSSL_HMAC_S390X @@ -70,31 +67,6 @@ static void s390x_call_kmac(HMAC_CTX *ctx, const unsigned char *in, size_t len) ctx->plat.s390x.ikp = 1; } -static int s390x_check_engine_used(const EVP_MD *md, ENGINE *impl) -{ -# if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - const EVP_MD *d; - - if (impl != NULL) { - if (!ENGINE_init(impl)) - return 0; - } else { - impl = ENGINE_get_digest_engine(EVP_MD_get_type(md)); - } - - if (impl == NULL) - return 0; - - d = ENGINE_get_digest(impl, EVP_MD_get_type(md)); - ENGINE_finish(impl); - - if (d != NULL) - return 1; -# endif - - return 0; -} - int s390x_HMAC_init(HMAC_CTX *ctx, const void *key, int key_len, ENGINE *impl) { unsigned char *key_param; @@ -104,11 +76,6 @@ int s390x_HMAC_init(HMAC_CTX *ctx, const void *key, int key_len, ENGINE *impl) if (ctx->plat.s390x.fc == 0) return -1; /* Not supported by kmac instruction */ - if (s390x_check_engine_used(ctx->md, impl)) { - ctx->plat.s390x.fc = 0; - return -1; /* An engine handles the digest, disable acceleration */ - } - ctx->plat.s390x.blk_size = EVP_MD_get_block_size(ctx->md); if (ctx->plat.s390x.blk_size < 0) return 0; diff --git a/crypto/init.c b/crypto/init.c index e2fe479db5f..05101b4db3e 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -310,70 +310,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_async) return 1; } -#ifndef OPENSSL_NO_ENGINE -static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl) -{ - OSSL_TRACE(INIT, "engine_load_openssl_int()\n"); - engine_load_openssl_int(); - return 1; -} -# ifndef OPENSSL_NO_RDRAND -static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand) -{ - OSSL_TRACE(INIT, "engine_load_rdrand_int()\n"); - engine_load_rdrand_int(); - return 1; -} -# endif -static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic) -{ - OSSL_TRACE(INIT, "engine_load_dynamic_int()\n"); - engine_load_dynamic_int(); - return 1; -} -# ifndef OPENSSL_NO_STATIC_ENGINE -# ifndef OPENSSL_NO_DEVCRYPTOENG -static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto) -{ - OSSL_TRACE(INIT, "engine_load_devcrypto_int()\n"); - engine_load_devcrypto_int(); - return 1; -} -# endif -# if !defined(OPENSSL_NO_PADLOCKENG) -static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock) -{ - OSSL_TRACE(INIT, "engine_load_padlock_int()\n"); - engine_load_padlock_int(); - return 1; -} -# endif -# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) -static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi) -{ - OSSL_TRACE(INIT, "engine_load_capi_int()\n"); - engine_load_capi_int(); - return 1; -} -# endif -# if !defined(OPENSSL_NO_AFALGENG) -static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg) -{ - OSSL_TRACE(INIT, "engine_load_afalg_int()\n"); - engine_load_afalg_int(); - return 1; -} -# endif -# endif -#endif - void OPENSSL_cleanup(void) { OPENSSL_INIT_STOP *currhandler, *lasthandler; @@ -450,11 +386,6 @@ void OPENSSL_cleanup(void) OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_config_modules_free()\n"); ossl_config_modules_free(); -#ifndef OPENSSL_NO_ENGINE - OSSL_TRACE(INIT, "OPENSSL_cleanup: engine_cleanup_int()\n"); - engine_cleanup_int(); -#endif - #ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_store_cleanup_int()\n"); ossl_store_cleanup_int(); @@ -651,47 +582,6 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) && !RUN_ONCE(&async, ossl_init_async)) return 0; -#ifndef OPENSSL_NO_ENGINE - if ((opts & OPENSSL_INIT_ENGINE_OPENSSL) - && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl)) - return 0; -# ifndef OPENSSL_NO_RDRAND - if ((opts & OPENSSL_INIT_ENGINE_RDRAND) - && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand)) - return 0; -# endif - if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC) - && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic)) - return 0; -# ifndef OPENSSL_NO_STATIC_ENGINE -# ifndef OPENSSL_NO_DEVCRYPTOENG - if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV) - && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto)) - return 0; -# endif -# if !defined(OPENSSL_NO_PADLOCKENG) - if ((opts & OPENSSL_INIT_ENGINE_PADLOCK) - && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock)) - return 0; -# endif -# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) - if ((opts & OPENSSL_INIT_ENGINE_CAPI) - && !RUN_ONCE(&engine_capi, ossl_init_engine_capi)) - return 0; -# endif -# if !defined(OPENSSL_NO_AFALGENG) - if ((opts & OPENSSL_INIT_ENGINE_AFALG) - && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg)) - return 0; -# endif -# endif - if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN - | OPENSSL_INIT_ENGINE_OPENSSL - | OPENSSL_INIT_ENGINE_AFALG)) { - ENGINE_register_all_complete(); - } -#endif - if (!CRYPTO_atomic_or(&optsdone, opts, &tmp, optsdone_lock)) return 0; diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 04e92ec9561..86ec911320c 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -166,9 +166,6 @@ static int check_pem(const char *nm, const char *name) r = 1; else r = 0; -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(e); -#endif return r; } } diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index c0f5c9effd1..993ea286332 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -112,11 +112,6 @@ static int set_random_provider_name(RAND_GLOBAL *dgbl, const char *name) return dgbl->random_provider_name != NULL; } -# ifndef OPENSSL_NO_ENGINE -/* non-NULL if default_RAND_meth is ENGINE-provided */ -static ENGINE *funct_ref; -static CRYPTO_RWLOCK *rand_engine_lock; -# endif /* !OPENSSL_NO_ENGINE */ # ifndef OPENSSL_NO_DEPRECATED_3_0 static CRYPTO_RWLOCK *rand_meth_lock; static const RAND_METHOD *default_RAND_meth; @@ -127,12 +122,6 @@ static int rand_inited = 0; DEFINE_RUN_ONCE_STATIC(do_rand_init) { -# ifndef OPENSSL_NO_ENGINE - rand_engine_lock = CRYPTO_THREAD_lock_new(); - if (rand_engine_lock == NULL) - return 0; -# endif /* !OPENSSL_NO_ENGINE */ - # ifndef OPENSSL_NO_DEPRECATED_3_0 rand_meth_lock = CRYPTO_THREAD_lock_new(); if (rand_meth_lock == NULL) @@ -150,10 +139,6 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init) CRYPTO_THREAD_lock_free(rand_meth_lock); rand_meth_lock = NULL; # endif /* !OPENSSL_NO_DEPRECATED_3_0 */ -# ifndef OPENSSL_NO_ENGINE - CRYPTO_THREAD_lock_free(rand_engine_lock); - rand_engine_lock = NULL; -# endif /* !OPENSSL_NO_ENGINE */ return 0; } @@ -170,10 +155,6 @@ void ossl_rand_cleanup_int(void) RAND_set_rand_method(NULL); # endif /* !OPENSSL_NO_DEPRECATED_3_0 */ ossl_rand_pool_cleanup(); -# ifndef OPENSSL_NO_ENGINE - CRYPTO_THREAD_lock_free(rand_engine_lock); - rand_engine_lock = NULL; -# endif /* !OPENSSL_NO_ENGINE */ # ifndef OPENSSL_NO_DEPRECATED_3_0 CRYPTO_THREAD_lock_free(rand_meth_lock); rand_meth_lock = NULL; @@ -249,10 +230,6 @@ static int rand_set_rand_method_internal(const RAND_METHOD *meth, if (!CRYPTO_THREAD_write_lock(rand_meth_lock)) return 0; -# ifndef OPENSSL_NO_ENGINE - ENGINE_finish(funct_ref); - funct_ref = e; -# endif default_RAND_meth = meth; CRYPTO_THREAD_unlock(rand_meth_lock); return 1; @@ -282,56 +259,12 @@ const RAND_METHOD *RAND_get_rand_method(void) if (!CRYPTO_THREAD_write_lock(rand_meth_lock)) return NULL; - if (default_RAND_meth == NULL) { -# ifndef OPENSSL_NO_ENGINE - ENGINE *e; - - /* If we have an engine that can do RAND, use it. */ - if ((e = ENGINE_get_default_RAND()) != NULL - && (tmp_meth = ENGINE_get_RAND(e)) != NULL) { - funct_ref = e; - default_RAND_meth = tmp_meth; - } else { - ENGINE_finish(e); - default_RAND_meth = &ossl_rand_meth; - } -# else + if (default_RAND_meth == NULL) default_RAND_meth = &ossl_rand_meth; -# endif - } tmp_meth = default_RAND_meth; CRYPTO_THREAD_unlock(rand_meth_lock); return tmp_meth; } - -# if !defined(OPENSSL_NO_ENGINE) -int RAND_set_rand_engine(ENGINE *engine) -{ - const RAND_METHOD *tmp_meth = NULL; - - if (!RUN_ONCE(&rand_init, do_rand_init)) - return 0; - - if (engine != NULL) { - if (!ENGINE_init(engine)) - return 0; - tmp_meth = ENGINE_get_RAND(engine); - if (tmp_meth == NULL) { - ENGINE_finish(engine); - return 0; - } - } - if (!CRYPTO_THREAD_write_lock(rand_engine_lock)) { - ENGINE_finish(engine); - return 0; - } - - /* This function releases any prior ENGINE so call it first */ - rand_set_rand_method_internal(tmp_meth, engine); - CRYPTO_THREAD_unlock(rand_engine_lock); - return 1; -} -# endif # endif /* OPENSSL_NO_DEPRECATED_3_0 */ void RAND_seed(const void *buf, int num) diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 3d12f5affa7..a517dcdca23 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -52,10 +52,6 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) mtmp = rsa->meth; if (mtmp->finish) mtmp->finish(rsa); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(rsa->engine); - rsa->engine = NULL; -#endif rsa->meth = meth; if (meth->init) meth->init(rsa); @@ -99,26 +95,6 @@ static RSA *rsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) ret->libctx = libctx; ret->meth = RSA_get_default_method(); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; - if (engine) { - if (!ENGINE_init(engine)) { - ERR_raise(ERR_LIB_RSA, ERR_R_ENGINE_LIB); - goto err; - } - ret->engine = engine; - } else { - ret->engine = ENGINE_get_default_RSA(); - } - if (ret->engine) { - ret->meth = ENGINE_get_RSA(ret->engine); - if (ret->meth == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_ENGINE_LIB); - goto err; - } - } -#endif - ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; #ifndef FIPS_MODULE if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { @@ -153,9 +129,6 @@ void RSA_free(RSA *r) if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - ENGINE_finish(r->engine); -#endif #ifndef FIPS_MODULE CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 334d245842a..119925567ad 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -407,18 +407,8 @@ static int x509_pubkey_decode(EVP_PKEY **ppkey, const X509_PUBKEY *key) int nid; nid = OBJ_obj2nid(key->algor->algorithm); - if (!key->flag_force_legacy) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; - - e = ENGINE_get_pkey_meth_engine(nid); - if (e == NULL) - return 0; - ENGINE_finish(e); -#else + if (!key->flag_force_legacy) return 0; -#endif - } pkey = EVP_PKEY_new(); if (pkey == NULL) {