Remove the nCipher CHIL engine. It is not standalone and depends on

external libraries that aren't covered by the same license.

4 files changed, 0 insertions, 26 deletions

diff --git a/src/lib/libcrypto/doc/engine.pod b/src/lib/libcrypto/doc/engine.pod
index 1985924319..4b4d76f3e4 100644
--- a/src/lib/libcrypto/doc/engine.pod
+++ b/src/lib/libcrypto/doc/engine.pod
@@ -24,7 +24,6 @@ engine - ENGINE cryptographic module support
  void ENGINE_load_openssl(void);
  void ENGINE_load_dynamic(void);
  #ifndef OPENSSL_NO_STATIC_ENGINE
- void ENGINE_load_chil(void);
  void ENGINE_load_gmp(void);
  void ENGINE_load_nuron(void);
  #endif
@@ -316,8 +315,6 @@ functions, eg.
 
  /* Make the "dynamic" ENGINE available */
  void ENGINE_load_dynamic(void);
- /* Make support for nCipher's "CHIL" hardware available */
- void ENGINE_load_chil(void);
  ...
  /* Make ALL ENGINE implementations bundled with OpenSSL available */
  void ENGINE_load_builtin_engines(void);
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
index 6402afb6cb..c9210fb514 100644
--- a/src/lib/libcrypto/engine/eng_all.c
+++ b/src/lib/libcrypto/engine/eng_all.c
@@ -82,9 +82,6 @@ void ENGINE_load_builtin_engines(void)
         ENGINE_load_dynamic();
 #ifndef OPENSSL_NO_STATIC_ENGINE
 #ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_NCIPHER
-        ENGINE_load_chil();
-#endif
 #ifndef OPENSSL_NO_HW_NURON
         ENGINE_load_nuron();
 #endif
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
index e9478dd12f..a2b7e83a66 100644
--- a/src/lib/libcrypto/engine/engine.h
+++ b/src/lib/libcrypto/engine/engine.h
@@ -246,22 +246,6 @@ extern "C" {
  * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
 #define ENGINE_CMD_BASE                         200
 
-/* NB: These 2 nCipher "chil" control commands are deprecated, and their
- * functionality is now available through ENGINE-specific control commands
- * (exposed through the above-mentioned 'CMD'-handling). Code using these 2
- * commands should be migrated to the more general command handling before these
- * are removed. */
-
-/* Flags specific to the nCipher "chil" engine */
-#define ENGINE_CTRL_CHIL_SET_FORKCHECK          100
-        /* Depending on the value of the (long)i argument, this sets or
-         * unsets the SimpleForkCheck flag in the CHIL API to enable or
-         * disable checking and workarounds for applications that fork().
-         */
-#define ENGINE_CTRL_CHIL_NO_LOCKING             101
-        /* This prevents the initialisation function from providing mutex
-         * callbacks to the nCipher library. */
-
 /* If an ENGINE supports its own specific control commands and wishes the
  * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
  * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
@@ -332,7 +316,6 @@ ENGINE *ENGINE_by_id(const char *id);
 void ENGINE_load_openssl(void);
 void ENGINE_load_dynamic(void);
 #ifndef OPENSSL_NO_STATIC_ENGINE
-void ENGINE_load_chil(void);
 void ENGINE_load_nuron(void);
 void ENGINE_load_padlock(void);
 void ENGINE_load_capi(void);
diff --git a/src/lib/libcrypto/ts/ts_conf.c b/src/lib/libcrypto/ts/ts_conf.c
index c39be76f28..212f8bf702 100644
--- a/src/lib/libcrypto/ts/ts_conf.c
+++ b/src/lib/libcrypto/ts/ts_conf.c
@@ -217,9 +217,6 @@ int TS_CONF_set_default_engine(const char *name)
         if (strcmp(name, "builtin") == 0) return 1;
 
         if (!(e = ENGINE_by_id(name))) goto err;
-        /* Enable the use of the NCipher HSM for forked children. */
-        if (strcmp(name, "chil") == 0) 
-                ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
         /* All the operations are going to be carried out by the engine. */
         if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) goto err;
         ret = 1;