Unifdef OPENSSL_NO_ENGINE in libcrypto

This is mechanical apart from a few manual edits to avoid doubled empty lines. ok jsing
author: tb <> 2023-11-19 15:46:10 +0000
committer: tb <> 2023-11-19 15:46:10 +0000
commit: 9e356d4225ee2dcd3e3eebabf384851ee547ec95 (patch)
tree: 9a8bf5329015d40f6a79820880c1ca7bb820bf58
parent: fea63fbd7eeaebeff6720b8ec754575f90e8eb77 (diff)
download: openbsd-9e356d4225ee2dcd3e3eebabf384851ee547ec95.tar.gz
openbsd-9e356d4225ee2dcd3e3eebabf384851ee547ec95.tar.bz2
openbsd-9e356d4225ee2dcd3e3eebabf384851ee547ec95.zip
21 files changed, 21 insertions, 431 deletions
diff --git a/src/lib/libcrypto/asn1/a_pkey.c b/src/lib/libcrypto/asn1/a_pkey.c
index 6e715d4f9e..1e8ebc913f 100644
--- a/src/lib/libcrypto/asn1/a_pkey.c
+++ b/src/lib/libcrypto/asn1/a_pkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_pkey.c,v 1.6 2023/07/07 19:37:52 beck Exp $ */
+/* $OpenBSD: a_pkey.c,v 1.7 2023/11/19 15:46:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -67,10 +67,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #include "asn1_local.h"
 #include "evp_local.h"
@@ -87,10 +83,6 @@ d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
                }
        } else {
                ret = *a;
-#ifndef OPENSSL_NO_ENGINE
-                ENGINE_finish(ret->engine);
-                ret->engine = NULL;
-#endif
        }
        if (!EVP_PKEY_set_type(ret, type)) {
diff --git a/src/lib/libcrypto/asn1/ameth_lib.c b/src/lib/libcrypto/asn1/ameth_lib.c
index 153ad21a81..42f2f6fd52 100644
--- a/src/lib/libcrypto/asn1/ameth_lib.c
+++ b/src/lib/libcrypto/asn1/ameth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ameth_lib.c,v 1.32 2023/07/07 19:37:52 beck Exp $ */
+/* $OpenBSD: ameth_lib.c,v 1.33 2023/11/19 15:46:09 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -64,10 +64,6 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #include "asn1_local.h"
 #include "evp_local.h"
@@ -170,15 +166,6 @@ EVP_PKEY_asn1_find(ENGINE **pe, int type)
                type = mp->pkey_base_id;
        }
        if (pe) {
-#ifndef OPENSSL_NO_ENGINE
-                ENGINE *e;
-                /* type will contain the final unaliased type */
-                e = ENGINE_get_pkey_asn1_meth_engine(type);
-                if (e) {
-                        *pe = e;
-                        return ENGINE_get_pkey_asn1_meth(e, type);
-                }
-#endif
                *pe = NULL;
        }
        return mp;
@@ -193,20 +180,6 @@ EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len)
        if (len == -1)
                len = strlen(str);
        if (pe) {
-#ifndef OPENSSL_NO_ENGINE
-                ENGINE *e;
-                ameth = ENGINE_pkey_asn1_find_str(&e, str, len);
-                if (ameth) {
-                        /* Convert structural into
-                         * functional reference
-                         */
-                        if (!ENGINE_init(e))
-                                ameth = NULL;
-                        ENGINE_free(e);
-                        *pe = e;
-                        return ameth;
-                }
-#endif
                *pe = NULL;
        }
        for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {
diff --git a/src/lib/libcrypto/conf/conf_mall.c b/src/lib/libcrypto/conf/conf_mall.c
index 18631b3ba8..e2a1d2db07 100644
--- a/src/lib/libcrypto/conf/conf_mall.c
+++ b/src/lib/libcrypto/conf/conf_mall.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_mall.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: conf_mall.c,v 1.10 2023/11/19 15:46:09 tb Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
@@ -65,10 +65,6 @@
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 /* Load all OpenSSL builtin modules */
 void
@@ -76,7 +72,4 @@ OPENSSL_load_builtin_modules(void)
 {
        /* Add builtin modules here */
        ASN1_add_oid_module();
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE_add_conf_module();
-#endif
 }
diff --git a/src/lib/libcrypto/conf/conf_sap.c b/src/lib/libcrypto/conf/conf_sap.c
index 827cf96e74..689b7a325d 100644
--- a/src/lib/libcrypto/conf/conf_sap.c
+++ b/src/lib/libcrypto/conf/conf_sap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_sap.c,v 1.14 2018/03/19 03:56:08 beck Exp $ */
+/* $OpenBSD: conf_sap.c,v 1.15 2023/11/19 15:46:09 tb Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
@@ -67,10 +67,6 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 /* This is the automatic configuration loader: it is called automatically by
 * OpenSSL when any of a number of standard initialisation functions are called,
 * unless this is overridden by calling OPENSSL_no_config()
@@ -84,10 +80,6 @@ static void
 OPENSSL_config_internal(void)
 {
        OPENSSL_load_builtin_modules();
-#ifndef OPENSSL_NO_ENGINE
-        /* Need to load ENGINEs */
-        ENGINE_load_builtin_engines();
-#endif
        /* Add others here? */
        ERR_clear_error();
diff --git a/src/lib/libcrypto/crypto_init.c b/src/lib/libcrypto/crypto_init.c
index a2c1c786c3..2b39d2604b 100644
--- a/src/lib/libcrypto/crypto_init.c
+++ b/src/lib/libcrypto/crypto_init.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: crypto_init.c,v 1.11 2023/07/08 08:28:23 beck Exp $ */
+/*      $OpenBSD: crypto_init.c,v 1.12 2023/11/19 15:46:09 tb Exp $ */
 /*
 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 *
@@ -22,9 +22,6 @@
 #include <openssl/asn1.h>
 #include <openssl/conf.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
@@ -84,9 +81,6 @@ OPENSSL_cleanup(void)
        ERR_free_strings();
        CRYPTO_cleanup_all_ex_data();
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE_cleanup();
-#endif
        EVP_cleanup();
        ASN1_STRING_TABLE_cleanup();
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c
index 8d63787689..90ce7625c6 100644
--- a/src/lib/libcrypto/dh/dh_lib.c
+++ b/src/lib/libcrypto/dh/dh_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_lib.c,v 1.41 2023/08/13 12:09:14 tb Exp $ */
+/* $OpenBSD: dh_lib.c,v 1.42 2023/11/19 15:46:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -65,10 +65,6 @@
 #include <openssl/dh.h>
 #include <openssl/err.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #include "dh_local.h"
 static const DH_METHOD *default_DH_method = NULL;
@@ -101,10 +97,6 @@ DH_set_method(DH *dh, const DH_METHOD *meth)
        mtmp = dh->meth;
        if (mtmp->finish)
                mtmp->finish(dh);
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE_finish(dh->engine);
-        dh->engine = NULL;
-#endif
        dh->meth = meth;
        if (meth->init)
                meth->init(dh);
@@ -133,24 +125,6 @@ DH_new_method(ENGINE *engine)
        dh->flags = dh->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
        dh->references = 1;
-#ifndef OPENSSL_NO_ENGINE
-        if (engine != NULL) {
-                if (!ENGINE_init(engine)) {
-                        DHerror(ERR_R_ENGINE_LIB);
-                        goto err;
-                }
-                dh->engine = engine;
-        } else
-                dh->engine = ENGINE_get_default_DH();
-        if (dh->engine != NULL) {
-                if ((dh->meth = ENGINE_get_DH(dh->engine)) == NULL) {
-                        DHerror(ERR_R_ENGINE_LIB);
-                        goto err;
-                }
-                dh->flags = dh->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
-        }
-#endif
        if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, dh, &dh->ex_data))
                goto err;
        if (dh->meth->init != NULL && !dh->meth->init(dh))
@@ -178,9 +152,6 @@ DH_free(DH *r)
        if (r->meth != NULL && r->meth->finish != NULL)
                r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE_finish(r->engine);
-#endif
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index a9d2179aeb..5c01c20255 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_lib.c,v 1.44 2023/08/12 06:14:36 tb Exp $ */
+/* $OpenBSD: dsa_lib.c,v 1.45 2023/11/19 15:46:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -70,9 +70,6 @@
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #include "dh_local.h"
 #include "dsa_local.h"
@@ -113,10 +110,6 @@ DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
        mtmp = dsa->meth;
        if (mtmp->finish)
                mtmp->finish(dsa);
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE_finish(dsa->engine);
-        dsa->engine = NULL;
-#endif
        dsa->meth = meth;
        if (meth->init)
                meth->init(dsa);
@@ -138,24 +131,6 @@ DSA_new_method(ENGINE *engine)
        dsa->flags = dsa->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
        dsa->references = 1;
-#ifndef OPENSSL_NO_ENGINE
-        if (engine) {
-                if (!ENGINE_init(engine)) {
-                        DSAerror(ERR_R_ENGINE_LIB);
-                        goto err;
-                }
-                dsa->engine = engine;
-        } else
-                dsa->engine = ENGINE_get_default_DSA();
-        if (dsa->engine != NULL) {
-                if ((dsa->meth = ENGINE_get_DSA(dsa->engine)) == NULL) {
-                        DSAerror(ERR_R_ENGINE_LIB);
-                        goto err;
-                }
-                dsa->flags = dsa->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
-        }
-#endif
        if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, dsa, &dsa->ex_data))
                goto err;
        if (dsa->meth->init != NULL && !dsa->meth->init(dsa))
@@ -184,9 +159,6 @@ DSA_free(DSA *r)
        if (r->meth != NULL && r->meth->finish != NULL)
                r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE_finish(r->engine);
-#endif
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c
index d9ddd5d797..2716db6dd0 100644
--- a/src/lib/libcrypto/ec/ec_key.c
+++ b/src/lib/libcrypto/ec/ec_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_key.c,v 1.37 2023/08/03 18:53:56 tb Exp $ */
+/* $OpenBSD: ec_key.c,v 1.38 2023/11/19 15:46:09 tb Exp $ */
 /*
 * Written by Nils Larsch for the OpenSSL project.
 */
@@ -65,9 +65,6 @@
 #include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #include <openssl/err.h>
 #include "bn_local.h"
@@ -115,9 +112,6 @@ EC_KEY_free(EC_KEY *r)
        if (r->meth != NULL && r->meth->finish != NULL)
                r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE_finish(r->engine);
-#endif
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data);
        EC_GROUP_free(r->group);
@@ -138,11 +132,6 @@ EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
        if (src->meth != dest->meth) {
                if (dest->meth != NULL && dest->meth->finish != NULL)
                        dest->meth->finish(dest);
-#ifndef OPENSSL_NO_ENGINE
-                if (ENGINE_finish(dest->engine) == 0)
-                        return 0;
-                dest->engine = NULL;
-#endif
        }
        /* copy the parameters */
        if (src->group) {
@@ -186,11 +175,6 @@ EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
                return NULL;
        if (src->meth != dest->meth) {
-#ifndef OPENSSL_NO_ENGINE
-                if (src->engine != NULL && ENGINE_init(src->engine) == 0)
-                        return 0;
-                dest->engine = src->engine;
-#endif
                dest->meth = src->meth;
        }
diff --git a/src/lib/libcrypto/ec/ec_kmeth.c b/src/lib/libcrypto/ec/ec_kmeth.c
index 38aca0028e..856afc89dc 100644
--- a/src/lib/libcrypto/ec/ec_kmeth.c
+++ b/src/lib/libcrypto/ec/ec_kmeth.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ec_kmeth.c,v 1.12 2023/07/28 09:28:37 tb Exp $        */
+/*      $OpenBSD: ec_kmeth.c,v 1.13 2023/11/19 15:46:09 tb Exp $        */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
@@ -53,9 +53,6 @@
 */
 #include <openssl/ec.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #include <openssl/err.h>
 #include "bn_local.h"
@@ -126,11 +123,6 @@ EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth)
        if (finish != NULL)
                finish(key);
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE_finish(key->engine);
-        key->engine = NULL;
-#endif
        key->meth = meth;
        if (meth->init != NULL)
                return meth->init(key);
@@ -148,23 +140,6 @@ EC_KEY_new_method(ENGINE *engine)
                return NULL;
        }
        ret->meth = EC_KEY_get_default_method();
-#ifndef OPENSSL_NO_ENGINE
-        if (engine != NULL) {
-                if (!ENGINE_init(engine)) {
-                        ECerror(ERR_R_ENGINE_LIB);
-                        goto err;
-                }
-                ret->engine = engine;
-        } else
-                ret->engine = ENGINE_get_default_EC();
-        if (ret->engine) {
-                ret->meth = ENGINE_get_EC(ret->engine);
-                if (ret->meth == NULL) {
-                        ECerror(ERR_R_ENGINE_LIB);
-                        goto err;
-                }
-        }
-#endif
        ret->version = 1;
        ret->flags = 0;
        ret->group = NULL;
diff --git a/src/lib/libcrypto/engine/engine_stubs.c b/src/lib/libcrypto/engine/engine_stubs.c
index 3621da80ef..b2bd8f007a 100644
--- a/src/lib/libcrypto/engine/engine_stubs.c
+++ b/src/lib/libcrypto/engine/engine_stubs.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: engine_stubs.c,v 1.1 2023/07/21 09:04:23 tb Exp $ */
+/*      $OpenBSD: engine_stubs.c,v 1.2 2023/11/19 15:46:09 tb Exp $ */
 /*
 * Written by Theo Buehler. Public domain.
@@ -6,8 +6,6 @@
 #include <openssl/engine.h>
-#ifdef OPENSSL_NO_ENGINE
 void
 ENGINE_load_builtin_engines(void)
 {
@@ -121,5 +119,3 @@ ENGINE_load_public_key(ENGINE *engine, const char *key_id,
 {
        return NULL;
 }
-#endif
diff --git a/src/lib/libcrypto/err/err_all.c b/src/lib/libcrypto/err/err_all.c
index 2c8a273f17..4829e46a1a 100644
--- a/src/lib/libcrypto/err/err_all.c
+++ b/src/lib/libcrypto/err/err_all.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: err_all.c,v 1.32 2023/07/28 09:46:36 tb Exp $ */
+/* $OpenBSD: err_all.c,v 1.33 2023/11/19 15:46:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -91,9 +91,6 @@
 #ifndef OPENSSL_NO_EC
 #include <openssl/ec.h>
 #endif
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
@@ -130,9 +127,6 @@ ERR_load_crypto_strings_internal(void)
 #ifndef OPENSSL_NO_EC
        ERR_load_EC_strings();
 #endif
-#ifndef OPENSSL_NO_ENGINE
-        ERR_load_ENGINE_strings();
-#endif
        ERR_load_EVP_strings();
 #ifndef OPENSSL_NO_GOST
        ERR_load_GOST_strings();
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index ca3fb219cd..9a2a304250 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: digest.c,v 1.38 2023/07/07 19:37:53 beck Exp $ */
+/* $OpenBSD: digest.c,v 1.39 2023/11/19 15:46:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -118,10 +118,6 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #include "evp_local.h"
 int
@@ -136,49 +132,6 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 {
        EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
-#ifndef OPENSSL_NO_ENGINE
-        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
-         * so this context may already have an ENGINE! Try to avoid releasing
-         * the previous handle, re-querying for an ENGINE, and having a
-         * reinitialisation, when it may all be unnecessary. */
-        if (ctx->engine && ctx->digest && (!type ||
-            (type && (type->type == ctx->digest->type))))
-                goto skip_to_init;
-        if (type) {
-                /* Ensure an ENGINE left lying around from last time is cleared
-                 * (the previous check attempted to avoid this if the same
-                 * ENGINE and EVP_MD could be used). */
-                ENGINE_finish(ctx->engine);
-                if (impl != NULL) {
-                        if (!ENGINE_init(impl)) {
-                                EVPerror(EVP_R_INITIALIZATION_ERROR);
-                                return 0;
-                        }
-                } else
-                        /* Ask if an ENGINE is reserved for this job */
-                        impl = ENGINE_get_digest_engine(type->type);
-                if (impl != NULL) {
-                        /* There's an ENGINE for this job ... (apparently) */
-                        const EVP_MD *d = ENGINE_get_digest(impl, type->type);
-                        if (d == NULL) {
-                                /* Same comment from evp_enc.c */
-                                EVPerror(EVP_R_INITIALIZATION_ERROR);
-                                ENGINE_finish(impl);
-                                return 0;
-                        }
-                        /* We'll use the ENGINE's private digest definition */
-                        type = d;
-                        /* Store the ENGINE functional reference so we know
-                         * 'type' came from an ENGINE and we need to release
-                         * it when done. */
-                        ctx->engine = impl;
-                } else
-                        ctx->engine = NULL;
-        } else if (!ctx->digest) {
-                EVPerror(EVP_R_NO_DIGEST_SET);
-                return 0;
-        }
-#endif
        if (ctx->digest != type) {
                if (ctx->digest && ctx->digest->ctx_size && ctx->md_data &&
                    !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
@@ -197,9 +150,6 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
                        }
                }
        }
-#ifndef OPENSSL_NO_ENGINE
-skip_to_init:
-#endif
        if (ctx->pctx) {
                int r;
                r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
@@ -266,13 +216,6 @@ EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
                EVPerror(EVP_R_INPUT_NOT_INITIALIZED);
                return 0;
        }
-#ifndef OPENSSL_NO_ENGINE
-        /* Make sure it's safe to copy a digest context using an ENGINE */
-        if (in->engine && !ENGINE_init(in->engine)) {
-                EVPerror(ERR_R_ENGINE_LIB);
-                return 0;
-        }
-#endif
        if (out->digest == in->digest) {
                tmp_buf = out->md_data;
@@ -397,9 +340,6 @@ EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
         */
        if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
                EVP_PKEY_CTX_free(ctx->pctx);
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE_finish(ctx->engine);
-#endif
        memset(ctx, 0, sizeof(*ctx));
        return 1;
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index eb279b2378..172d8b4019 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_enc.c,v 1.54 2023/11/18 09:37:15 tb Exp $ */
+/* $OpenBSD: evp_enc.c,v 1.55 2023/11/19 15:46:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -68,10 +68,6 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #include "evp_local.h"
 int
@@ -94,15 +90,6 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
                        enc = 1;
                ctx->encrypt = enc;
        }
-#ifndef OPENSSL_NO_ENGINE
-        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
-         * so this context may already have an ENGINE! Try to avoid releasing
-         * the previous handle, re-querying for an ENGINE, and having a
-         * reinitialisation, when it may all be unnecessary. */
-        if (ctx->engine && ctx->cipher &&
-            (!cipher || (cipher && (cipher->nid == ctx->cipher->nid))))
-                goto skip_to_init;
-#endif
        if (cipher) {
                /* Ensure a context left lying around from last time is cleared
                 * (the previous check attempted to avoid this if the same
@@ -114,32 +101,6 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
                        ctx->encrypt = enc;
                        ctx->flags = flags;
                }
-#ifndef OPENSSL_NO_ENGINE
-                if (impl) {
-                        if (!ENGINE_init(impl)) {
-                                EVPerror(EVP_R_INITIALIZATION_ERROR);
-                                return 0;
-                        }
-                } else
-                        /* Ask if an ENGINE is reserved for this job */
-                        impl = ENGINE_get_cipher_engine(cipher->nid);
-                if (impl) {
-                        /* There's an ENGINE for this job ... (apparently) */
-                        const EVP_CIPHER *c =
-                            ENGINE_get_cipher(impl, cipher->nid);
-                        if (!c) {
-                                EVPerror(EVP_R_INITIALIZATION_ERROR);
-                                return 0;
-                        }
-                        /* We'll use the ENGINE's private cipher definition */
-                        cipher = c;
-                        /* Store the ENGINE functional reference so we know
-                         * 'cipher' came from an ENGINE and we need to release
-                         * it when done. */
-                        ctx->engine = impl;
-                } else
-                        ctx->engine = NULL;
-#endif
                ctx->cipher = cipher;
                if (ctx->cipher->ctx_size) {
@@ -163,9 +124,6 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
                EVPerror(EVP_R_NO_CIPHER_SET);
                return 0;
        }
-#ifndef OPENSSL_NO_ENGINE
-skip_to_init:
-#endif
        /* we assume block size is a power of 2 in *cryptUpdate */
        if (ctx->cipher->block_size != 1 &&
            ctx->cipher->block_size != 8 &&
@@ -614,10 +572,6 @@ EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
        /* XXX - store size of cipher_data so we can always freezero(). */
        free(c->cipher_data);
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE_finish(c->engine);
-#endif
        explicit_bzero(c, sizeof(EVP_CIPHER_CTX));
        return 1;
@@ -688,13 +642,6 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
                EVPerror(EVP_R_INPUT_NOT_INITIALIZED);
                return 0;
        }
-#ifndef OPENSSL_NO_ENGINE
-        /* Make sure it's safe to copy a cipher context using an ENGINE */
-        if (in->engine && !ENGINE_init(in->engine)) {
-                EVPerror(ERR_R_ENGINE_LIB);
-                return 0;
-        }
-#endif
        EVP_CIPHER_CTX_cleanup(out);
        memcpy(out, in, sizeof *out);
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index 23ec8e6031..eaeb456cbb 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_lib.c,v 1.37 2023/09/10 17:32:17 tb Exp $ */
+/* $OpenBSD: p_lib.c,v 1.38 2023/11/19 15:46:10 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -77,10 +77,6 @@
 #include <openssl/rsa.h>
 #endif
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #include "asn1_local.h"
 #include "evp_local.h"
@@ -245,19 +241,11 @@ pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len)
                 */
                if ((type == pkey->save_type) && pkey->ameth)
                        return 1;
-#ifndef OPENSSL_NO_ENGINE
-                ENGINE_finish(pkey->engine);
-                pkey->engine = NULL;
-#endif
        }
        if (str)
                ameth = EVP_PKEY_asn1_find_str(eptr, str, len);
        else
                ameth = EVP_PKEY_asn1_find(eptr, type);
-#ifndef OPENSSL_NO_ENGINE
-        if (pkey == NULL && eptr != NULL)
-                ENGINE_finish(e);
-#endif
        if (!ameth) {
                EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
                return 0;
@@ -583,9 +571,6 @@ EVP_PKEY_type(int type)
                ret = ameth->pkey_id;
        else
                ret = NID_undef;
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE_finish(e);
-#endif
        return ret;
 }
@@ -626,10 +611,6 @@ EVP_PKEY_free_it(EVP_PKEY *x)
                x->ameth->pkey_free(x);
                x->pkey.ptr = NULL;
        }
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE_finish(x->engine);
-        x->engine = NULL;
-#endif
 }
 static int
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index 3f23a0131b..db0e75518b 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_lib.c,v 1.53 2023/07/07 13:40:44 beck Exp $ */
+/* $OpenBSD: pem_lib.c,v 1.54 2023/11/19 15:46:10 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -74,9 +74,6 @@
 #ifndef OPENSSL_NO_DES
 #include <openssl/des.h>
 #endif
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #include "asn1_local.h"
 #include "evp_local.h"
@@ -231,9 +228,6 @@ check_pem(const char *nm, const char *name)
                                        r = 1;
                                else
                                        r = 0;
-#ifndef OPENSSL_NO_ENGINE
-                                ENGINE_finish(e);
-#endif
                                return r;
                        }
                }
diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c
index 2961952139..d7001c83cc 100644
--- a/src/lib/libcrypto/pem/pem_pkey.c
+++ b/src/lib/libcrypto/pem/pem_pkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_pkey.c,v 1.27 2023/07/07 13:40:44 beck Exp $ */
+/* $OpenBSD: pem_pkey.c,v 1.28 2023/11/19 15:46:10 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -69,10 +69,6 @@
 #include <openssl/pkcs12.h>
 #include <openssl/x509.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #include "asn1_local.h"
 #include "evp_local.h"
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
index a0e9b47969..d66d71579c 100644
--- a/src/lib/libcrypto/rand/rand.h
+++ b/src/lib/libcrypto/rand/rand.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: rand.h,v 1.23 2022/07/12 14:42:50 kn Exp $ */
+/* $OpenBSD: rand.h,v 1.24 2023/11/19 15:46:10 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -83,9 +83,6 @@ struct rand_meth_st {
 int RAND_set_rand_method(const RAND_METHOD *meth);
 const RAND_METHOD *RAND_get_rand_method(void);
-#ifndef OPENSSL_NO_ENGINE
-int RAND_set_rand_engine(ENGINE *engine);
-#endif
 RAND_METHOD *RAND_SSLeay(void);
 #ifndef LIBRESSL_INTERNAL
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index 5c5df98c98..b9ef0deebe 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rand_lib.c,v 1.22 2023/07/07 19:37:54 beck Exp $ */
+/* $OpenBSD: rand_lib.c,v 1.23 2023/11/19 15:46:10 tb Exp $ */
 /*
 * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 *
@@ -45,15 +45,6 @@ RAND_SSLeay(void)
 }
 LCRYPTO_ALIAS(RAND_SSLeay);
-#ifndef OPENSSL_NO_ENGINE
-int
-RAND_set_rand_engine(ENGINE *engine)
-{
-        return 1;
-}
-LCRYPTO_ALIAS(RAND_set_rand_engine);
-#endif
 void
 RAND_cleanup(void)
 {
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index fbd2c2274c..b379cddc07 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_lib.c,v 1.48 2023/07/28 10:05:16 tb Exp $ */
+/* $OpenBSD: rsa_lib.c,v 1.49 2023/11/19 15:46:10 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -71,10 +71,6 @@
 #include "evp_local.h"
 #include "rsa_local.h"
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 static const RSA_METHOD *default_RSA_meth = NULL;
 RSA *
@@ -122,10 +118,6 @@ RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
        mtmp = rsa->meth;
        if (mtmp->finish)
                mtmp->finish(rsa);
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE_finish(rsa->engine);
-        rsa->engine = NULL;
-#endif
        rsa->meth = meth;
        if (meth->init)
                meth->init(rsa);
@@ -145,25 +137,6 @@ RSA_new_method(ENGINE *engine)
        ret->meth = RSA_get_default_method();
-#ifndef OPENSSL_NO_ENGINE
-        if (engine != NULL) {
-                if (!ENGINE_init(engine)) {
-                        RSAerror(ERR_R_ENGINE_LIB);
-                        goto err;
-                }
-                ret->engine = engine;
-        } else {
-                ret->engine = ENGINE_get_default_RSA();
-        }
-        if (ret->engine != NULL) {
-                if ((ret->meth = ENGINE_get_RSA(ret->engine)) == NULL) {
-                        RSAerror(ERR_R_ENGINE_LIB);
-                        goto err;
-                }
-        }
-#endif
        ret->references = 1;
        ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
@@ -178,9 +151,6 @@ RSA_new_method(ENGINE *engine)
        return ret;
 err:
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE_finish(ret->engine);
-#endif
        free(ret);
        return NULL;
@@ -201,9 +171,6 @@ RSA_free(RSA *r)
        if (r->meth->finish)
                r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE_finish(r->engine);
-#endif
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
diff --git a/src/lib/libcrypto/ts/ts.h b/src/lib/libcrypto/ts/ts.h
index 0d5de6223c..5215fc0583 100644
--- a/src/lib/libcrypto/ts/ts.h
+++ b/src/lib/libcrypto/ts/ts.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts.h,v 1.22 2023/07/28 09:53:55 tb Exp $ */
+/* $OpenBSD: ts.h,v 1.23 2023/11/19 15:46:10 tb Exp $ */
 /* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
 * project 2002, 2003, 2004.
 */
@@ -542,11 +542,6 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
 int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
    TS_RESP_CTX *ctx);
-#ifndef OPENSSL_NO_ENGINE
-int TS_CONF_set_crypto_device(CONF *conf, const char *section,
-    const char *device);
-int TS_CONF_set_default_engine(const char *name);
-#endif
 int TS_CONF_set_signer_cert(CONF *conf, const char *section,
    const char *cert, TS_RESP_CTX *ctx);
 int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
diff --git a/src/lib/libcrypto/ts/ts_conf.c b/src/lib/libcrypto/ts/ts_conf.c
index 103d430272..5d27a8bbc3 100644
--- a/src/lib/libcrypto/ts/ts_conf.c
+++ b/src/lib/libcrypto/ts/ts_conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_conf.c,v 1.12 2023/07/07 07:25:21 beck Exp $ */
+/* $OpenBSD: ts_conf.c,v 1.13 2023/11/19 15:46:10 tb Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
@@ -65,10 +65,6 @@
 #include <openssl/pem.h>
 #include <openssl/ts.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 /* Macro definitions for the configuration file. */
 #define BASE_SECTION                    "tsa"
@@ -211,56 +207,6 @@ err:
 }
 LCRYPTO_ALIAS(TS_CONF_set_serial);
-#ifndef OPENSSL_NO_ENGINE
-int
-TS_CONF_set_crypto_device(CONF *conf, const char *section, const char *device)
-{
-        int ret = 0;
-        if (!device)
-                device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE);
-        if (device && !TS_CONF_set_default_engine(device)) {
-                TS_CONF_invalid(section, ENV_CRYPTO_DEVICE);
-                goto err;
-        }
-        ret = 1;
-err:
-        return ret;
-}
-LCRYPTO_ALIAS(TS_CONF_set_crypto_device);
-int
-TS_CONF_set_default_engine(const char *name)
-{
-        ENGINE *e = NULL;
-        int ret = 0;
-        /* Leave the default if builtin specified. */
-        if (strcmp(name, "builtin") == 0)
-                return 1;
-        if (!(e = ENGINE_by_id(name)))
-                goto err;
-        /* All the operations are going to be carried out by the engine. */
-        if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-                goto err;
-        ret = 1;
-err:
-        if (!ret) {
-                TSerror(TS_R_COULD_NOT_SET_ENGINE);
-                ERR_asprintf_error_data("engine:%s", name);
-        }
-        ENGINE_free(e);
-        return ret;
-}
-LCRYPTO_ALIAS(TS_CONF_set_default_engine);
-#endif
 int
 TS_CONF_set_signer_cert(CONF *conf, const char *section, const char *cert,
    TS_RESP_CTX *ctx)
author	tb <>	2023-11-19 15:46:10 +0000
committer	tb <>	2023-11-19 15:46:10 +0000
commit	9e356d4225ee2dcd3e3eebabf384851ee547ec95 (patch)
tree	9a8bf5329015d40f6a79820880c1ca7bb820bf58
parent	fea63fbd7eeaebeff6720b8ec754575f90e8eb77 (diff)
download	openbsd-9e356d4225ee2dcd3e3eebabf384851ee547ec95.tar.gz openbsd-9e356d4225ee2dcd3e3eebabf384851ee547ec95.tar.bz2 openbsd-9e356d4225ee2dcd3e3eebabf384851ee547ec95.zip