Set OPENSSL_NO_ENGINE, remove engine code

ENGINE was special. It's horrible code even by the low standards of this library. Some ports may now try to use the stubs which will fail, but the fallout from this should be minimal. Of course there are various language bindings that expose the ENGINE API. OpenSSL 3 disabling ENGINE by default will likely help fixing this at some point. ok jsing
author: tb <> 2023-07-28 09:53:55 +0000
committer: tb <> 2023-07-28 09:53:55 +0000
commit: b5382a6334a2ec0fe73ab6c49ebefb47af93329c (patch)
tree: 307457e0cf8fc786fb4c80edc29a92d5677d406e /src/lib/libcrypto/engine/eng_cnf.c
parent: f94d1800c2bcef623d825d9ec18437897e187e0e (diff)
download: openbsd-b5382a6334a2ec0fe73ab6c49ebefb47af93329c.tar.gz
openbsd-b5382a6334a2ec0fe73ab6c49ebefb47af93329c.tar.bz2
openbsd-b5382a6334a2ec0fe73ab6c49ebefb47af93329c.zip
1 files changed, 0 insertions, 252 deletions
diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c
deleted file mode 100644
index 24358af8cd..0000000000
--- a/src/lib/libcrypto/engine/eng_cnf.c
+++ /dev/null
@@ -1,252 +0,0 @@
-/* $OpenBSD: eng_cnf.c,v 1.15 2018/04/14 07:18:37 tb Exp $ */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <string.h>
-#include <openssl/err.h>
-#include "eng_int.h"
-#include <openssl/conf.h>
-/* #define ENGINE_CONF_DEBUG */
-/* ENGINE config module */
-static char *
-skip_dot(char *name)
-{
-        char *p;
-        p = strchr(name, '.');
-        if (p)
-                return p + 1;
-        return name;
-}
-static STACK_OF(ENGINE) *initialized_engines = NULL;
-static int
-int_engine_init(ENGINE *e)
-{
-        if (!ENGINE_init(e))
-                return 0;
-        if (!initialized_engines)
-                initialized_engines = sk_ENGINE_new_null();
-        if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) {
-                ENGINE_finish(e);
-                return 0;
-        }
-        return 1;
-}
-static int
-int_engine_configure(char *name, char *value, const CONF *cnf)
-{
-        int i;
-        int ret = 0;
-        long do_init = -1;
-        STACK_OF(CONF_VALUE) *ecmds;
-        CONF_VALUE *ecmd = NULL;
-        char *ctrlname, *ctrlvalue;
-        ENGINE *e = NULL;
-        int soft = 0;
-        name = skip_dot(name);
-#ifdef ENGINE_CONF_DEBUG
-        fprintf(stderr, "Configuring engine %s\n", name);
-#endif
-        /* Value is a section containing ENGINE commands */
-        ecmds = NCONF_get_section(cnf, value);
-        if (!ecmds) {
-                ENGINEerror(ENGINE_R_ENGINE_SECTION_ERROR);
-                return 0;
-        }
-        for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
-                ecmd = sk_CONF_VALUE_value(ecmds, i);
-                ctrlname = skip_dot(ecmd->name);
-                ctrlvalue = ecmd->value;
-#ifdef ENGINE_CONF_DEBUG
-                fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n",
-                    ctrlname, ctrlvalue);
-#endif
-                /* First handle some special pseudo ctrls */
-                /* Override engine name to use */
-                if (!strcmp(ctrlname, "engine_id"))
-                        name = ctrlvalue;
-                else if (!strcmp(ctrlname, "soft_load"))
-                        soft = 1;
-                /* Load a dynamic ENGINE */
-                else if (!strcmp(ctrlname, "dynamic_path")) {
-                        e = ENGINE_by_id("dynamic");
-                        if (!e)
-                                goto err;
-                        if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
-                                goto err;
-                        if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
-                                goto err;
-                        if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
-                                goto err;
-                }
-                /* ... add other pseudos here ... */
-                else {
-                        /* At this point we need an ENGINE structural reference
-                         * if we don't already have one.
-                         */
-                        if (!e) {
-                                e = ENGINE_by_id(name);
-                                if (!e && soft) {
-                                        ERR_clear_error();
-                                        return 1;
-                                }
-                                if (!e)
-                                        goto err;
-                        }
-                        /* Allow "EMPTY" to mean no value: this allows a valid
-                         * "value" to be passed to ctrls of type NO_INPUT
-                         */
-                        if (!strcmp(ctrlvalue, "EMPTY"))
-                                ctrlvalue = NULL;
-                        if (!strcmp(ctrlname, "init")) {
-                                if (!NCONF_get_number_e(cnf, value, "init",
-                                    &do_init))
-                                        goto err;
-                                if (do_init == 1) {
-                                        if (!int_engine_init(e))
-                                                goto err;
-                                } else if (do_init != 0) {
-                                        ENGINEerror(ENGINE_R_INVALID_INIT_VALUE);
-                                        goto err;
-                                }
-                        }
-                        else if (!strcmp(ctrlname, "default_algorithms")) {
-                                if (!ENGINE_set_default_string(e, ctrlvalue))
-                                        goto err;
-                        } else if (!ENGINE_ctrl_cmd_string(e,
-                                ctrlname, ctrlvalue, 0))
-                                goto err;
-                }
-        }
-        if (e && (do_init == -1) && !int_engine_init(e)) {
-                ecmd = NULL;
-                goto err;
-        }
-        ret = 1;
-err:
-        if (ret != 1) {
-                ENGINEerror(ENGINE_R_ENGINE_CONFIGURATION_ERROR);
-                if (ecmd)
-                        ERR_asprintf_error_data(
-                            "section=%s, name=%s, value=%s",
-                            ecmd->section, ecmd->name, ecmd->value);
-        }
-        ENGINE_free(e);
-        return ret;
-}
-static int
-int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
-{
-        STACK_OF(CONF_VALUE) *elist;
-        CONF_VALUE *cval;
-        int i;
-#ifdef ENGINE_CONF_DEBUG
-        fprintf(stderr, "Called engine module: name %s, value %s\n",
-            CONF_imodule_get_name(md), CONF_imodule_get_value(md));
-#endif
-        /* Value is a section containing ENGINEs to configure */
-        elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
-        if (!elist) {
-                ENGINEerror(ENGINE_R_ENGINES_SECTION_ERROR);
-                return 0;
-        }
-        for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
-                cval = sk_CONF_VALUE_value(elist, i);
-                if (!int_engine_configure(cval->name, cval->value, cnf))
-                        return 0;
-        }
-        return 1;
-}
-static void
-int_engine_module_finish(CONF_IMODULE *md)
-{
-        ENGINE *e;
-        while ((e = sk_ENGINE_pop(initialized_engines)))
-                ENGINE_finish(e);
-        sk_ENGINE_free(initialized_engines);
-        initialized_engines = NULL;
-}
-void
-ENGINE_add_conf_module(void)
-{
-        CONF_module_add("engines", int_engine_module_init,
-            int_engine_module_finish);
-}
author	tb <>	2023-07-28 09:53:55 +0000
committer	tb <>	2023-07-28 09:53:55 +0000
commit	b5382a6334a2ec0fe73ab6c49ebefb47af93329c (patch)
tree	307457e0cf8fc786fb4c80edc29a92d5677d406e /src/lib/libcrypto/engine/eng_cnf.c
parent	f94d1800c2bcef623d825d9ec18437897e187e0e (diff)
download	openbsd-b5382a6334a2ec0fe73ab6c49ebefb47af93329c.tar.gz openbsd-b5382a6334a2ec0fe73ab6c49ebefb47af93329c.tar.bz2 openbsd-b5382a6334a2ec0fe73ab6c49ebefb47af93329c.zip

diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c deleted file mode 100644 index 24358af8cd..0000000000 --- a/src/lib/libcrypto/engine/eng_cnf.c +++ /dev/null
@@ -1,252 +0,0 @@
1	/* $OpenBSD: eng_cnf.c,v 1.15 2018/04/14 07:18:37 tb Exp $ */
2	/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
3	* project 2001.
4	*/
5	/* ====================================================================
6	* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	#include <string.h>
60
61	#include <openssl/err.h>
62
63	#include "eng_int.h"
64	#include <openssl/conf.h>
65
66	/* #define ENGINE_CONF_DEBUG */
67
68	/* ENGINE config module */
69
70	static char *
71	skip_dot(char *name)
72	{
73	char *p;
74
75	p = strchr(name, '.');
76	if (p)
77	return p + 1;
78	return name;
79	}
80
81	static STACK_OF(ENGINE) *initialized_engines = NULL;
82
83	static int
84	int_engine_init(ENGINE *e)
85	{
86	if (!ENGINE_init(e))
87	return 0;
88	if (!initialized_engines)
89	initialized_engines = sk_ENGINE_new_null();
90	if (!initialized_engines \|\| !sk_ENGINE_push(initialized_engines, e)) {
91	ENGINE_finish(e);
92	return 0;
93	}
94	return 1;
95	}
96
97
98	static int
99	int_engine_configure(char name, char value, const CONF *cnf)
100	{
101	int i;
102	int ret = 0;
103	long do_init = -1;
104	STACK_OF(CONF_VALUE) *ecmds;
105	CONF_VALUE *ecmd = NULL;
106	char ctrlname, ctrlvalue;
107	ENGINE *e = NULL;
108	int soft = 0;
109
110	name = skip_dot(name);
111	#ifdef ENGINE_CONF_DEBUG
112	fprintf(stderr, "Configuring engine %s\n", name);
113	#endif
114	/* Value is a section containing ENGINE commands */
115	ecmds = NCONF_get_section(cnf, value);
116
117	if (!ecmds) {
118	ENGINEerror(ENGINE_R_ENGINE_SECTION_ERROR);
119	return 0;
120	}
121
122	for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
123	ecmd = sk_CONF_VALUE_value(ecmds, i);
124	ctrlname = skip_dot(ecmd->name);
125	ctrlvalue = ecmd->value;
126	#ifdef ENGINE_CONF_DEBUG
127	fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n",
128	ctrlname, ctrlvalue);
129	#endif
130
131	/* First handle some special pseudo ctrls */
132
133	/* Override engine name to use */
134	if (!strcmp(ctrlname, "engine_id"))
135	name = ctrlvalue;
136	else if (!strcmp(ctrlname, "soft_load"))
137	soft = 1;
138	/* Load a dynamic ENGINE */
139	else if (!strcmp(ctrlname, "dynamic_path")) {
140	e = ENGINE_by_id("dynamic");
141	if (!e)
142	goto err;
143	if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
144	goto err;
145	if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
146	goto err;
147	if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
148	goto err;
149	}
150	/* ... add other pseudos here ... */
151	else {
152	/* At this point we need an ENGINE structural reference
153	* if we don't already have one.
154	*/
155	if (!e) {
156	e = ENGINE_by_id(name);
157	if (!e && soft) {
158	ERR_clear_error();
159	return 1;
160	}
161	if (!e)
162	goto err;
163	}
164	/* Allow "EMPTY" to mean no value: this allows a valid
165	* "value" to be passed to ctrls of type NO_INPUT
166	*/
167	if (!strcmp(ctrlvalue, "EMPTY"))
168	ctrlvalue = NULL;
169	if (!strcmp(ctrlname, "init")) {
170	if (!NCONF_get_number_e(cnf, value, "init",
171	&do_init))
172	goto err;
173	if (do_init == 1) {
174	if (!int_engine_init(e))
175	goto err;
176	} else if (do_init != 0) {
177	ENGINEerror(ENGINE_R_INVALID_INIT_VALUE);
178	goto err;
179	}
180	}
181	else if (!strcmp(ctrlname, "default_algorithms")) {
182	if (!ENGINE_set_default_string(e, ctrlvalue))
183	goto err;
184	} else if (!ENGINE_ctrl_cmd_string(e,
185	ctrlname, ctrlvalue, 0))
186	goto err;
187	}
188	}
189	if (e && (do_init == -1) && !int_engine_init(e)) {
190	ecmd = NULL;
191	goto err;
192	}
193	ret = 1;
194
195	err:
196	if (ret != 1) {
197	ENGINEerror(ENGINE_R_ENGINE_CONFIGURATION_ERROR);
198	if (ecmd)
199	ERR_asprintf_error_data(
200	"section=%s, name=%s, value=%s",
201	ecmd->section, ecmd->name, ecmd->value);
202	}
203	ENGINE_free(e);
204	return ret;
205	}
206
207
208	static int
209	int_engine_module_init(CONF_IMODULE md, const CONF cnf)
210	{
211	STACK_OF(CONF_VALUE) *elist;
212	CONF_VALUE *cval;
213	int i;
214
215	#ifdef ENGINE_CONF_DEBUG
216	fprintf(stderr, "Called engine module: name %s, value %s\n",
217	CONF_imodule_get_name(md), CONF_imodule_get_value(md));
218	#endif
219	/* Value is a section containing ENGINEs to configure */
220	elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
221
222	if (!elist) {
223	ENGINEerror(ENGINE_R_ENGINES_SECTION_ERROR);
224	return 0;
225	}
226
227	for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
228	cval = sk_CONF_VALUE_value(elist, i);
229	if (!int_engine_configure(cval->name, cval->value, cnf))
230	return 0;
231	}
232
233	return 1;
234	}
235
236	static void
237	int_engine_module_finish(CONF_IMODULE *md)
238	{
239	ENGINE *e;
240
241	while ((e = sk_ENGINE_pop(initialized_engines)))
242	ENGINE_finish(e);
243	sk_ENGINE_free(initialized_engines);
244	initialized_engines = NULL;
245	}
246
247	void
248	ENGINE_add_conf_module(void)
249	{
250	CONF_module_add("engines", int_engine_module_init,
251	int_engine_module_finish);
252	}