Ignore ENGINE at the API boundary

This removes the remaining ENGINE members from various internal structs and functions. Any ENGINE passed into a public API is now completely ignored functions returning an ENGINE always return NULL. ok jsing
author: tb <> 2023-11-29 21:35:57 +0000
committer: tb <> 2023-11-29 21:35:57 +0000
commit: 69bbc5fea4f411f0c0033ecb0fc5126c895ea82a (patch)
tree: 545e6a340462469cf3c04b8bfe5d2a0f9f885ddb /src/lib/libcrypto/evp
parent: 3ebd44f3473783d77d8842eaeb8e6687da31c0a5 (diff)
download: openbsd-69bbc5fea4f411f0c0033ecb0fc5126c895ea82a.tar.gz
openbsd-69bbc5fea4f411f0c0033ecb0fc5126c895ea82a.tar.bz2
openbsd-69bbc5fea4f411f0c0033ecb0fc5126c895ea82a.zip
7 files changed, 36 insertions, 52 deletions
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index 9a2a304250..ee0c68e707 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: digest.c,v 1.39 2023/11/19 15:46:09 tb Exp $ */
+/* $OpenBSD: digest.c,v 1.40 2023/11/29 21:35:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -271,7 +271,7 @@ EVP_Digest(const void *data, size_t count,
        EVP_MD_CTX_init(&ctx);
        EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT);
-        ret = EVP_DigestInit_ex(&ctx, type, impl) &&
+        ret = EVP_DigestInit_ex(&ctx, type, NULL) &&
            EVP_DigestUpdate(&ctx, data, count) &&
            EVP_DigestFinal_ex(&ctx, md, size);
        EVP_MD_CTX_cleanup(&ctx);
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index 172d8b4019..0867070a76 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_enc.c,v 1.55 2023/11/19 15:46:09 tb Exp $ */
+/* $OpenBSD: evp_enc.c,v 1.56 2023/11/29 21:35:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -93,7 +93,7 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
        if (cipher) {
                /* Ensure a context left lying around from last time is cleared
                 * (the previous check attempted to avoid this if the same
-                 * ENGINE and EVP_CIPHER could be used). */
+                 * EVP_CIPHER could be used). */
                if (ctx->cipher) {
                        unsigned long flags = ctx->flags;
                        EVP_CIPHER_CTX_cleanup(ctx);
@@ -236,7 +236,7 @@ int
 EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
    const unsigned char *key, const unsigned char *iv)
 {
-        return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
+        return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1);
 }
 int
@@ -250,7 +250,7 @@ int
 EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
    const unsigned char *key, const unsigned char *iv)
 {
-        return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
+        return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0);
 }
 int
diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h
index 015fbb50a9..5df1733cbc 100644
--- a/src/lib/libcrypto/evp/evp_local.h
+++ b/src/lib/libcrypto/evp/evp_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_local.h,v 1.5 2023/09/28 11:29:10 tb Exp $ */
+/* $OpenBSD: evp_local.h,v 1.6 2023/11/29 21:35:57 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -97,7 +97,6 @@ struct evp_pkey_st {
        int save_type;
        int references;
        const EVP_PKEY_ASN1_METHOD *ameth;
-        ENGINE *engine;
        union   {
                void *ptr;
 #ifndef OPENSSL_NO_RSA
@@ -140,7 +139,6 @@ struct evp_md_st {
 struct evp_md_ctx_st {
        const EVP_MD *digest;
-        ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */
        unsigned long flags;
        void *md_data;
        /* Public key context for sign/verify */
@@ -169,7 +167,6 @@ struct evp_cipher_st {
 struct evp_cipher_ctx_st {
        const EVP_CIPHER *cipher;
-        ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */
        int encrypt;            /* encrypt or decrypt */
        int buf_len;            /* number we have left */
@@ -205,8 +202,6 @@ struct evp_Encode_Ctx_st {
 struct evp_pkey_ctx_st {
        /* Method associated with this operation */
        const EVP_PKEY_METHOD *pmeth;
-        /* Engine that implements this method or NULL if builtin */
-        ENGINE *engine;
        /* Key: may be NULL */
        EVP_PKEY *pkey;
        /* Peer key for key agreement, may be NULL */
diff --git a/src/lib/libcrypto/evp/m_sigver.c b/src/lib/libcrypto/evp/m_sigver.c
index 47c01f784a..3ce7f7e2a6 100644
--- a/src/lib/libcrypto/evp/m_sigver.c
+++ b/src/lib/libcrypto/evp/m_sigver.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: m_sigver.c,v 1.13 2023/07/07 19:37:53 beck Exp $ */
+/* $OpenBSD: m_sigver.c,v 1.14 2023/11/29 21:35:57 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -74,10 +74,10 @@ update_oneshot_only(EVP_MD_CTX *ctx, const void *data, size_t datalen)
 static int
 do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
-    ENGINE *e, EVP_PKEY *pkey, int ver)
+    EVP_PKEY *pkey, int ver)
 {
        if (ctx->pctx == NULL)
-                ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
+                ctx->pctx = EVP_PKEY_CTX_new(pkey, NULL);
        if (ctx->pctx == NULL)
                return 0;
@@ -122,7 +122,7 @@ do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
                *pctx = ctx->pctx;
        if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
                return 1;
-        if (!EVP_DigestInit_ex(ctx, type, e))
+        if (!EVP_DigestInit_ex(ctx, type, NULL))
                return 0;
        return 1;
 }
@@ -131,14 +131,14 @@ int
 EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
    ENGINE *e, EVP_PKEY *pkey)
 {
-        return do_sigver_init(ctx, pctx, type, e, pkey, 0);
+        return do_sigver_init(ctx, pctx, type, pkey, 0);
 }
 int
 EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
    ENGINE *e, EVP_PKEY *pkey)
 {
-        return do_sigver_init(ctx, pctx, type, e, pkey, 1);
+        return do_sigver_init(ctx, pctx, type, pkey, 1);
 }
 int
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index eaeb456cbb..4591c05234 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_lib.c,v 1.38 2023/11/19 15:46:10 tb Exp $ */
+/* $OpenBSD: p_lib.c,v 1.39 2023/11/29 21:35:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -206,7 +206,6 @@ EVP_PKEY_new(void)
        ret->save_type = EVP_PKEY_NONE;
        ret->references = 1;
        ret->ameth = NULL;
-        ret->engine = NULL;
        ret->pkey.ptr = NULL;
        ret->attributes = NULL;
        ret->save_parameters = 1;
@@ -220,18 +219,14 @@ EVP_PKEY_up_ref(EVP_PKEY *pkey)
        return ((refs > 1) ? 1 : 0);
 }
-/* Setup a public key ASN1 method and ENGINE from a NID or a string.
+/* Setup a public key ASN1 method from a NID or a string.
 * If pkey is NULL just return 1 or 0 if the algorithm exists.
 */
 static int
-pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len)
+pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
 {
        const EVP_PKEY_ASN1_METHOD *ameth;
-        ENGINE **eptr = NULL;
-        if (e == NULL)
-                eptr = &e;
        if (pkey) {
                if (pkey->pkey.ptr)
@@ -242,17 +237,16 @@ pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len)
                if ((type == pkey->save_type) && pkey->ameth)
                        return 1;
        }
-        if (str)
+        if (str != NULL)
-                ameth = EVP_PKEY_asn1_find_str(eptr, str, len);
+                ameth = EVP_PKEY_asn1_find_str(NULL, str, len);
        else
-                ameth = EVP_PKEY_asn1_find(eptr, type);
+                ameth = EVP_PKEY_asn1_find(NULL, type);
        if (!ameth) {
                EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
                return 0;
        }
        if (pkey) {
                pkey->ameth = ameth;
-                pkey->engine = e;
                pkey->type = pkey->ameth->pkey_id;
                pkey->save_type = type;
@@ -263,7 +257,7 @@ pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len)
 int
 EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
 {
-        return pkey_set_type(pkey, NULL, type, NULL, -1);
+        return pkey_set_type(pkey, type, NULL, -1);
 }
 EVP_PKEY *
@@ -275,7 +269,7 @@ EVP_PKEY_new_raw_private_key(int type, ENGINE *engine,
        if ((ret = EVP_PKEY_new()) == NULL)
                goto err;
-        if (!pkey_set_type(ret, engine, type, NULL, -1))
+        if (!pkey_set_type(ret, type, NULL, -1))
                goto err;
        if (ret->ameth->set_priv_key == NULL) {
@@ -304,7 +298,7 @@ EVP_PKEY_new_raw_public_key(int type, ENGINE *engine,
        if ((ret = EVP_PKEY_new()) == NULL)
                goto err;
-        if (!pkey_set_type(ret, engine, type, NULL, -1))
+        if (!pkey_set_type(ret, type, NULL, -1))
                goto err;
        if (ret->ameth->set_pub_key == NULL) {
@@ -368,10 +362,10 @@ EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len,
        if ((cmctx = CMAC_CTX_new()) == NULL)
                goto err;
-        if (!pkey_set_type(ret, e, EVP_PKEY_CMAC, NULL, -1))
+        if (!pkey_set_type(ret, EVP_PKEY_CMAC, NULL, -1))
                goto err;
-        if (!CMAC_Init(cmctx, priv, len, cipher, e)) {
+        if (!CMAC_Init(cmctx, priv, len, cipher, NULL)) {
                EVPerror(EVP_R_KEY_SETUP_FAILED);
                goto err;
        }
@@ -389,7 +383,7 @@ EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len,
 int
 EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
 {
-        return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len);
+        return pkey_set_type(pkey, EVP_PKEY_NONE, str, len);
 }
 int
@@ -563,15 +557,12 @@ EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
 int
 EVP_PKEY_type(int type)
 {
-        int ret;
        const EVP_PKEY_ASN1_METHOD *ameth;
-        ENGINE *e;
-        ameth = EVP_PKEY_asn1_find(&e, type);
+        if ((ameth = EVP_PKEY_asn1_find(NULL, type)) != NULL)
-        if (ameth)
+                return ameth->pkey_id;
-                ret = ameth->pkey_id;
-        else
+        return NID_undef;
-                ret = NID_undef;
-        return ret;
 }
 int
diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c
index b4c0395d97..c91076b8db 100644
--- a/src/lib/libcrypto/evp/pmeth_gn.c
+++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_gn.c,v 1.13 2023/07/07 19:37:54 beck Exp $ */
+/* $OpenBSD: pmeth_gn.c,v 1.14 2023/11/29 21:35:57 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -208,7 +208,7 @@ EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, int keylen)
        EVP_PKEY_CTX *mac_ctx = NULL;
        EVP_PKEY *mac_key = NULL;
-        mac_ctx = EVP_PKEY_CTX_new_id(type, e);
+        mac_ctx = EVP_PKEY_CTX_new_id(type, NULL);
        if (!mac_ctx)
                return NULL;
        if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c
index 7ebf273415..cf27862488 100644
--- a/src/lib/libcrypto/evp/pmeth_lib.c
+++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_lib.c,v 1.34 2023/11/19 15:43:52 tb Exp $ */
+/* $OpenBSD: pmeth_lib.c,v 1.35 2023/11/29 21:35:57 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -147,7 +147,7 @@ EVP_PKEY_meth_find(int type)
 }
 static EVP_PKEY_CTX *
-evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *engine, int id)
+evp_pkey_ctx_new(EVP_PKEY *pkey, int id)
 {
        EVP_PKEY_CTX *pkey_ctx = NULL;
        const EVP_PKEY_METHOD *pmeth;
@@ -167,8 +167,6 @@ evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *engine, int id)
                EVPerror(ERR_R_MALLOC_FAILURE);
                goto err;
        }
-        pkey_ctx->engine = engine;
-        engine = NULL;
        pkey_ctx->pmeth = pmeth;
        pkey_ctx->operation = EVP_PKEY_OP_UNDEFINED;
        if ((pkey_ctx->pkey = pkey) != NULL)
@@ -234,13 +232,13 @@ EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)
 EVP_PKEY_CTX *
 EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *engine)
 {
-        return evp_pkey_ctx_new(pkey, engine, -1);
+        return evp_pkey_ctx_new(pkey, -1);
 }
 EVP_PKEY_CTX *
 EVP_PKEY_CTX_new_id(int id, ENGINE *engine)
 {
-        return evp_pkey_ctx_new(NULL, engine, id);
+        return evp_pkey_ctx_new(NULL, id);
 }
 EVP_PKEY_CTX *
author	tb <>	2023-11-29 21:35:57 +0000
committer	tb <>	2023-11-29 21:35:57 +0000
commit	69bbc5fea4f411f0c0033ecb0fc5126c895ea82a (patch)
tree	545e6a340462469cf3c04b8bfe5d2a0f9f885ddb /src/lib/libcrypto/evp
parent	3ebd44f3473783d77d8842eaeb8e6687da31c0a5 (diff)
download	openbsd-69bbc5fea4f411f0c0033ecb0fc5126c895ea82a.tar.gz openbsd-69bbc5fea4f411f0c0033ecb0fc5126c895ea82a.tar.bz2 openbsd-69bbc5fea4f411f0c0033ecb0fc5126c895ea82a.zip

diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c index 9a2a304250..ee0c68e707 100644 --- a/src/lib/libcrypto/evp/digest.c +++ b/src/lib/libcrypto/evp/digest.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: digest.c,v 1.39 2023/11/19 15:46:09 tb Exp $ */	1	/* $OpenBSD: digest.c,v 1.40 2023/11/29 21:35:57 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -271,7 +271,7 @@ EVP_Digest(const void *data, size_t count,
271		271
272	EVP_MD_CTX_init(&ctx);	272	EVP_MD_CTX_init(&ctx);
273	EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT);	273	EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT);
274	ret = EVP_DigestInit_ex(&ctx, type, impl) &&	274	ret = EVP_DigestInit_ex(&ctx, type, NULL) &&
275	EVP_DigestUpdate(&ctx, data, count) &&	275	EVP_DigestUpdate(&ctx, data, count) &&
276	EVP_DigestFinal_ex(&ctx, md, size);	276	EVP_DigestFinal_ex(&ctx, md, size);
277	EVP_MD_CTX_cleanup(&ctx);	277	EVP_MD_CTX_cleanup(&ctx);


diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index 172d8b4019..0867070a76 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_enc.c,v 1.55 2023/11/19 15:46:09 tb Exp $ */	1	/* $OpenBSD: evp_enc.c,v 1.56 2023/11/29 21:35:57 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -93,7 +93,7 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *impl,
93	if (cipher) {	93	if (cipher) {
94	/* Ensure a context left lying around from last time is cleared	94	/* Ensure a context left lying around from last time is cleared
95	* (the previous check attempted to avoid this if the same	95	* (the previous check attempted to avoid this if the same
96	* ENGINE and EVP_CIPHER could be used). */	96	* EVP_CIPHER could be used). */
97	if (ctx->cipher) {	97	if (ctx->cipher) {
98	unsigned long flags = ctx->flags;	98	unsigned long flags = ctx->flags;
99	EVP_CIPHER_CTX_cleanup(ctx);	99	EVP_CIPHER_CTX_cleanup(ctx);
@@ -236,7 +236,7 @@ int
236	EVP_EncryptInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *impl,	236	EVP_EncryptInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *impl,
237	const unsigned char key, const unsigned char iv)	237	const unsigned char key, const unsigned char iv)
238	{	238	{
239	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);	239	return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1);
240	}	240	}
241		241
242	int	242	int
@@ -250,7 +250,7 @@ int
250	EVP_DecryptInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *impl,	250	EVP_DecryptInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *impl,
251	const unsigned char key, const unsigned char iv)	251	const unsigned char key, const unsigned char iv)
252	{	252	{
253	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);	253	return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0);
254	}	254	}
255		255
256	int	256	int


diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h index 015fbb50a9..5df1733cbc 100644 --- a/src/lib/libcrypto/evp/evp_local.h +++ b/src/lib/libcrypto/evp/evp_local.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_local.h,v 1.5 2023/09/28 11:29:10 tb Exp $ */	1	/* $OpenBSD: evp_local.h,v 1.6 2023/11/29 21:35:57 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2000.	3	* project 2000.
4	*/	4	*/
@@ -97,7 +97,6 @@ struct evp_pkey_st {
97	int save_type;	97	int save_type;
98	int references;	98	int references;
99	const EVP_PKEY_ASN1_METHOD *ameth;	99	const EVP_PKEY_ASN1_METHOD *ameth;
100	ENGINE *engine;
101	union {	100	union {
102	void *ptr;	101	void *ptr;
103	#ifndef OPENSSL_NO_RSA	102	#ifndef OPENSSL_NO_RSA
@@ -140,7 +139,6 @@ struct evp_md_st {
140		139
141	struct evp_md_ctx_st {	140	struct evp_md_ctx_st {
142	const EVP_MD *digest;	141	const EVP_MD *digest;
143	ENGINE engine; / functional reference if 'digest' is ENGINE-provided */
144	unsigned long flags;	142	unsigned long flags;
145	void *md_data;	143	void *md_data;
146	/* Public key context for sign/verify */	144	/* Public key context for sign/verify */
@@ -169,7 +167,6 @@ struct evp_cipher_st {
169		167
170	struct evp_cipher_ctx_st {	168	struct evp_cipher_ctx_st {
171	const EVP_CIPHER *cipher;	169	const EVP_CIPHER *cipher;
172	ENGINE engine; / functional reference if 'cipher' is ENGINE-provided */
173	int encrypt; /* encrypt or decrypt */	170	int encrypt; /* encrypt or decrypt */
174	int buf_len; /* number we have left */	171	int buf_len; /* number we have left */
175		172
@@ -205,8 +202,6 @@ struct evp_Encode_Ctx_st {
205	struct evp_pkey_ctx_st {	202	struct evp_pkey_ctx_st {
206	/* Method associated with this operation */	203	/* Method associated with this operation */
207	const EVP_PKEY_METHOD *pmeth;	204	const EVP_PKEY_METHOD *pmeth;
208	/* Engine that implements this method or NULL if builtin */
209	ENGINE *engine;
210	/* Key: may be NULL */	205	/* Key: may be NULL */
211	EVP_PKEY *pkey;	206	EVP_PKEY *pkey;
212	/* Peer key for key agreement, may be NULL */	207	/* Peer key for key agreement, may be NULL */


diff --git a/src/lib/libcrypto/evp/m_sigver.c b/src/lib/libcrypto/evp/m_sigver.c index 47c01f784a..3ce7f7e2a6 100644 --- a/src/lib/libcrypto/evp/m_sigver.c +++ b/src/lib/libcrypto/evp/m_sigver.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: m_sigver.c,v 1.13 2023/07/07 19:37:53 beck Exp $ */	1	/* $OpenBSD: m_sigver.c,v 1.14 2023/11/29 21:35:57 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -74,10 +74,10 @@ update_oneshot_only(EVP_MD_CTX ctx, const void data, size_t datalen)
74		74
75	static int	75	static int
76	do_sigver_init(EVP_MD_CTX ctx, EVP_PKEY_CTX pctx, const EVP_MD type,	76	do_sigver_init(EVP_MD_CTX ctx, EVP_PKEY_CTX pctx, const EVP_MD type,
77	ENGINE e, EVP_PKEY pkey, int ver)	77	EVP_PKEY *pkey, int ver)
78	{	78	{
79	if (ctx->pctx == NULL)	79	if (ctx->pctx == NULL)
80	ctx->pctx = EVP_PKEY_CTX_new(pkey, e);	80	ctx->pctx = EVP_PKEY_CTX_new(pkey, NULL);
81	if (ctx->pctx == NULL)	81	if (ctx->pctx == NULL)
82	return 0;	82	return 0;
83		83
@@ -122,7 +122,7 @@ do_sigver_init(EVP_MD_CTX ctx, EVP_PKEY_CTX pctx, const EVP_MD type,
122	*pctx = ctx->pctx;	122	*pctx = ctx->pctx;
123	if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)	123	if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
124	return 1;	124	return 1;
125	if (!EVP_DigestInit_ex(ctx, type, e))	125	if (!EVP_DigestInit_ex(ctx, type, NULL))
126	return 0;	126	return 0;
127	return 1;	127	return 1;
128	}	128	}
@@ -131,14 +131,14 @@ int
131	EVP_DigestSignInit(EVP_MD_CTX ctx, EVP_PKEY_CTX pctx, const EVP_MD type,	131	EVP_DigestSignInit(EVP_MD_CTX ctx, EVP_PKEY_CTX pctx, const EVP_MD type,
132	ENGINE e, EVP_PKEY pkey)	132	ENGINE e, EVP_PKEY pkey)
133	{	133	{
134	return do_sigver_init(ctx, pctx, type, e, pkey, 0);	134	return do_sigver_init(ctx, pctx, type, pkey, 0);
135	}	135	}
136		136
137	int	137	int
138	EVP_DigestVerifyInit(EVP_MD_CTX ctx, EVP_PKEY_CTX pctx, const EVP_MD type,	138	EVP_DigestVerifyInit(EVP_MD_CTX ctx, EVP_PKEY_CTX pctx, const EVP_MD type,
139	ENGINE e, EVP_PKEY pkey)	139	ENGINE e, EVP_PKEY pkey)
140	{	140	{
141	return do_sigver_init(ctx, pctx, type, e, pkey, 1);	141	return do_sigver_init(ctx, pctx, type, pkey, 1);
142	}	142	}
143		143
144	int	144	int


diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c index eaeb456cbb..4591c05234 100644 --- a/src/lib/libcrypto/evp/p_lib.c +++ b/src/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: p_lib.c,v 1.38 2023/11/19 15:46:10 tb Exp $ */	1	/* $OpenBSD: p_lib.c,v 1.39 2023/11/29 21:35:57 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -206,7 +206,6 @@ EVP_PKEY_new(void)
206	ret->save_type = EVP_PKEY_NONE;	206	ret->save_type = EVP_PKEY_NONE;
207	ret->references = 1;	207	ret->references = 1;
208	ret->ameth = NULL;	208	ret->ameth = NULL;
209	ret->engine = NULL;
210	ret->pkey.ptr = NULL;	209	ret->pkey.ptr = NULL;
211	ret->attributes = NULL;	210	ret->attributes = NULL;
212	ret->save_parameters = 1;	211	ret->save_parameters = 1;
@@ -220,18 +219,14 @@ EVP_PKEY_up_ref(EVP_PKEY *pkey)
220	return ((refs > 1) ? 1 : 0);	219	return ((refs > 1) ? 1 : 0);
221	}	220	}
222		221
223	/* Setup a public key ASN1 method and ENGINE from a NID or a string.	222	/* Setup a public key ASN1 method from a NID or a string.
224	* If pkey is NULL just return 1 or 0 if the algorithm exists.	223	* If pkey is NULL just return 1 or 0 if the algorithm exists.
225	*/	224	*/
226		225
227	static int	226	static int
228	pkey_set_type(EVP_PKEY pkey, ENGINE e, int type, const char *str, int len)	227	pkey_set_type(EVP_PKEY pkey, int type, const char str, int len)
229	{	228	{
230	const EVP_PKEY_ASN1_METHOD *ameth;	229	const EVP_PKEY_ASN1_METHOD *ameth;
231	ENGINE **eptr = NULL;
232
233	if (e == NULL)
234	eptr = &e;
235		230
236	if (pkey) {	231	if (pkey) {
237	if (pkey->pkey.ptr)	232	if (pkey->pkey.ptr)
@@ -242,17 +237,16 @@ pkey_set_type(EVP_PKEY pkey, ENGINE e, int type, const char *str, int len)
242	if ((type == pkey->save_type) && pkey->ameth)	237	if ((type == pkey->save_type) && pkey->ameth)
243	return 1;	238	return 1;
244	}	239	}
245	if (str)	240	if (str != NULL)
246	ameth = EVP_PKEY_asn1_find_str(eptr, str, len);	241	ameth = EVP_PKEY_asn1_find_str(NULL, str, len);
247	else	242	else
248	ameth = EVP_PKEY_asn1_find(eptr, type);	243	ameth = EVP_PKEY_asn1_find(NULL, type);
249	if (!ameth) {	244	if (!ameth) {
250	EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);	245	EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
251	return 0;	246	return 0;
252	}	247	}
253	if (pkey) {	248	if (pkey) {
254	pkey->ameth = ameth;	249	pkey->ameth = ameth;
255	pkey->engine = e;
256		250
257	pkey->type = pkey->ameth->pkey_id;	251	pkey->type = pkey->ameth->pkey_id;
258	pkey->save_type = type;	252	pkey->save_type = type;
@@ -263,7 +257,7 @@ pkey_set_type(EVP_PKEY pkey, ENGINE e, int type, const char *str, int len)
263	int	257	int
264	EVP_PKEY_set_type(EVP_PKEY *pkey, int type)	258	EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
265	{	259	{
266	return pkey_set_type(pkey, NULL, type, NULL, -1);	260	return pkey_set_type(pkey, type, NULL, -1);
267	}	261	}
268		262
269	EVP_PKEY *	263	EVP_PKEY *
@@ -275,7 +269,7 @@ EVP_PKEY_new_raw_private_key(int type, ENGINE *engine,
275	if ((ret = EVP_PKEY_new()) == NULL)	269	if ((ret = EVP_PKEY_new()) == NULL)
276	goto err;	270	goto err;
277		271
278	if (!pkey_set_type(ret, engine, type, NULL, -1))	272	if (!pkey_set_type(ret, type, NULL, -1))
279	goto err;	273	goto err;
280		274
281	if (ret->ameth->set_priv_key == NULL) {	275	if (ret->ameth->set_priv_key == NULL) {
@@ -304,7 +298,7 @@ EVP_PKEY_new_raw_public_key(int type, ENGINE *engine,
304	if ((ret = EVP_PKEY_new()) == NULL)	298	if ((ret = EVP_PKEY_new()) == NULL)
305	goto err;	299	goto err;
306		300
307	if (!pkey_set_type(ret, engine, type, NULL, -1))	301	if (!pkey_set_type(ret, type, NULL, -1))
308	goto err;	302	goto err;
309		303
310	if (ret->ameth->set_pub_key == NULL) {	304	if (ret->ameth->set_pub_key == NULL) {
@@ -368,10 +362,10 @@ EVP_PKEY_new_CMAC_key(ENGINE e, const unsigned char priv, size_t len,
368	if ((cmctx = CMAC_CTX_new()) == NULL)	362	if ((cmctx = CMAC_CTX_new()) == NULL)
369	goto err;	363	goto err;
370		364
371	if (!pkey_set_type(ret, e, EVP_PKEY_CMAC, NULL, -1))	365	if (!pkey_set_type(ret, EVP_PKEY_CMAC, NULL, -1))
372	goto err;	366	goto err;
373		367
374	if (!CMAC_Init(cmctx, priv, len, cipher, e)) {	368	if (!CMAC_Init(cmctx, priv, len, cipher, NULL)) {
375	EVPerror(EVP_R_KEY_SETUP_FAILED);	369	EVPerror(EVP_R_KEY_SETUP_FAILED);
376	goto err;	370	goto err;
377	}	371	}
@@ -389,7 +383,7 @@ EVP_PKEY_new_CMAC_key(ENGINE e, const unsigned char priv, size_t len,
389	int	383	int
390	EVP_PKEY_set_type_str(EVP_PKEY pkey, const char str, int len)	384	EVP_PKEY_set_type_str(EVP_PKEY pkey, const char str, int len)
391	{	385	{
392	return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len);	386	return pkey_set_type(pkey, EVP_PKEY_NONE, str, len);
393	}	387	}
394		388
395	int	389	int
@@ -563,15 +557,12 @@ EVP_PKEY_set1_DH(EVP_PKEY pkey, DH key)
563	int	557	int
564	EVP_PKEY_type(int type)	558	EVP_PKEY_type(int type)
565	{	559	{
566	int ret;
567	const EVP_PKEY_ASN1_METHOD *ameth;	560	const EVP_PKEY_ASN1_METHOD *ameth;
568	ENGINE *e;	561
569	ameth = EVP_PKEY_asn1_find(&e, type);	562	if ((ameth = EVP_PKEY_asn1_find(NULL, type)) != NULL)
570	if (ameth)	563	return ameth->pkey_id;
571	ret = ameth->pkey_id;	564
572	else	565	return NID_undef;
573	ret = NID_undef;
574	return ret;
575	}	566	}
576		567
577	int	568	int


diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c index b4c0395d97..c91076b8db 100644 --- a/src/lib/libcrypto/evp/pmeth_gn.c +++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pmeth_gn.c,v 1.13 2023/07/07 19:37:54 beck Exp $ */	1	/* $OpenBSD: pmeth_gn.c,v 1.14 2023/11/29 21:35:57 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -208,7 +208,7 @@ EVP_PKEY_new_mac_key(int type, ENGINE e, const unsigned char key, int keylen)
208	EVP_PKEY_CTX *mac_ctx = NULL;	208	EVP_PKEY_CTX *mac_ctx = NULL;
209	EVP_PKEY *mac_key = NULL;	209	EVP_PKEY *mac_key = NULL;
210		210
211	mac_ctx = EVP_PKEY_CTX_new_id(type, e);	211	mac_ctx = EVP_PKEY_CTX_new_id(type, NULL);
212	if (!mac_ctx)	212	if (!mac_ctx)
213	return NULL;	213	return NULL;
214	if (EVP_PKEY_keygen_init(mac_ctx) <= 0)	214	if (EVP_PKEY_keygen_init(mac_ctx) <= 0)


diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c index 7ebf273415..cf27862488 100644 --- a/src/lib/libcrypto/evp/pmeth_lib.c +++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pmeth_lib.c,v 1.34 2023/11/19 15:43:52 tb Exp $ */	1	/* $OpenBSD: pmeth_lib.c,v 1.35 2023/11/29 21:35:57 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -147,7 +147,7 @@ EVP_PKEY_meth_find(int type)
147	}	147	}
148		148
149	static EVP_PKEY_CTX *	149	static EVP_PKEY_CTX *
150	evp_pkey_ctx_new(EVP_PKEY pkey, ENGINE engine, int id)	150	evp_pkey_ctx_new(EVP_PKEY *pkey, int id)
151	{	151	{
152	EVP_PKEY_CTX *pkey_ctx = NULL;	152	EVP_PKEY_CTX *pkey_ctx = NULL;
153	const EVP_PKEY_METHOD *pmeth;	153	const EVP_PKEY_METHOD *pmeth;
@@ -167,8 +167,6 @@ evp_pkey_ctx_new(EVP_PKEY pkey, ENGINE engine, int id)
167	EVPerror(ERR_R_MALLOC_FAILURE);	167	EVPerror(ERR_R_MALLOC_FAILURE);
168	goto err;	168	goto err;
169	}	169	}
170	pkey_ctx->engine = engine;
171	engine = NULL;
172	pkey_ctx->pmeth = pmeth;	170	pkey_ctx->pmeth = pmeth;
173	pkey_ctx->operation = EVP_PKEY_OP_UNDEFINED;	171	pkey_ctx->operation = EVP_PKEY_OP_UNDEFINED;
174	if ((pkey_ctx->pkey = pkey) != NULL)	172	if ((pkey_ctx->pkey = pkey) != NULL)
@@ -234,13 +232,13 @@ EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)
234	EVP_PKEY_CTX *	232	EVP_PKEY_CTX *
235	EVP_PKEY_CTX_new(EVP_PKEY pkey, ENGINE engine)	233	EVP_PKEY_CTX_new(EVP_PKEY pkey, ENGINE engine)
236	{	234	{
237	return evp_pkey_ctx_new(pkey, engine, -1);	235	return evp_pkey_ctx_new(pkey, -1);
238	}	236	}
239		237
240	EVP_PKEY_CTX *	238	EVP_PKEY_CTX *
241	EVP_PKEY_CTX_new_id(int id, ENGINE *engine)	239	EVP_PKEY_CTX_new_id(int id, ENGINE *engine)
242	{	240	{
243	return evp_pkey_ctx_new(NULL, engine, id);	241	return evp_pkey_ctx_new(NULL, id);
244	}	242	}
245		243
246	EVP_PKEY_CTX *	244	EVP_PKEY_CTX *