Disable ENGINE_load_dynamic (dynamic engine support).

We do not build, test or ship any dynamic engines, so we can remove the dynamic engine loader as well. This leaves a stub initialization function in its place. ok beck@, reyk@, miod@
author: bcook <> 2015-06-19 06:05:11 +0000
committer: bcook <> 2015-06-19 06:05:11 +0000
commit: 3293ee7f21e12c11500db87f81e518c9dada1317 (patch)
tree: 538e72acb11427108f44223401736d2fbf8567b3 /src/lib
parent: 1e5789c97a8071094172fd10fb49618ac87026ef (diff)
download: openbsd-3293ee7f21e12c11500db87f81e518c9dada1317.tar.gz
openbsd-3293ee7f21e12c11500db87f81e518c9dada1317.tar.bz2
openbsd-3293ee7f21e12c11500db87f81e518c9dada1317.zip
34 files changed, 22 insertions, 1060 deletions
diff --git a/src/lib/libcrypto/arch/alpha/opensslconf.h b/src/lib/libcrypto/arch/alpha/opensslconf.h
index 6e1e9b6f53..a74c6df644 100644
--- a/src/lib/libcrypto/arch/alpha/opensslconf.h
+++ b/src/lib/libcrypto/arch/alpha/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/arch/amd64/opensslconf.h b/src/lib/libcrypto/arch/amd64/opensslconf.h
index c64d4d336c..cbd5d53ca4 100644
--- a/src/lib/libcrypto/arch/amd64/opensslconf.h
+++ b/src/lib/libcrypto/arch/amd64/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/arch/arm/opensslconf.h b/src/lib/libcrypto/arch/arm/opensslconf.h
index afbd54ed3d..e3795ce73a 100644
--- a/src/lib/libcrypto/arch/arm/opensslconf.h
+++ b/src/lib/libcrypto/arch/arm/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/arch/hppa/opensslconf.h b/src/lib/libcrypto/arch/hppa/opensslconf.h
index afbd54ed3d..e3795ce73a 100644
--- a/src/lib/libcrypto/arch/hppa/opensslconf.h
+++ b/src/lib/libcrypto/arch/hppa/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/arch/hppa64/opensslconf.h b/src/lib/libcrypto/arch/hppa64/opensslconf.h
index 73df98a2b5..54b8f59b76 100644
--- a/src/lib/libcrypto/arch/hppa64/opensslconf.h
+++ b/src/lib/libcrypto/arch/hppa64/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/arch/i386/opensslconf.h b/src/lib/libcrypto/arch/i386/opensslconf.h
index e47000cf63..37137ff102 100644
--- a/src/lib/libcrypto/arch/i386/opensslconf.h
+++ b/src/lib/libcrypto/arch/i386/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/arch/m88k/opensslconf.h b/src/lib/libcrypto/arch/m88k/opensslconf.h
index afbd54ed3d..e3795ce73a 100644
--- a/src/lib/libcrypto/arch/m88k/opensslconf.h
+++ b/src/lib/libcrypto/arch/m88k/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/arch/mips64/opensslconf.h b/src/lib/libcrypto/arch/mips64/opensslconf.h
index 52159f3013..ef7a679d94 100644
--- a/src/lib/libcrypto/arch/mips64/opensslconf.h
+++ b/src/lib/libcrypto/arch/mips64/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/arch/powerpc/opensslconf.h b/src/lib/libcrypto/arch/powerpc/opensslconf.h
index afbd54ed3d..e3795ce73a 100644
--- a/src/lib/libcrypto/arch/powerpc/opensslconf.h
+++ b/src/lib/libcrypto/arch/powerpc/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/arch/sh/opensslconf.h b/src/lib/libcrypto/arch/sh/opensslconf.h
index afbd54ed3d..e3795ce73a 100644
--- a/src/lib/libcrypto/arch/sh/opensslconf.h
+++ b/src/lib/libcrypto/arch/sh/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/arch/sparc/opensslconf.h b/src/lib/libcrypto/arch/sparc/opensslconf.h
index afbd54ed3d..e3795ce73a 100644
--- a/src/lib/libcrypto/arch/sparc/opensslconf.h
+++ b/src/lib/libcrypto/arch/sparc/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/arch/sparc64/opensslconf.h b/src/lib/libcrypto/arch/sparc64/opensslconf.h
index 52159f3013..ef7a679d94 100644
--- a/src/lib/libcrypto/arch/sparc64/opensslconf.h
+++ b/src/lib/libcrypto/arch/sparc64/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/arch/vax/opensslconf.h b/src/lib/libcrypto/arch/vax/opensslconf.h
index afbd54ed3d..e3795ce73a 100644
--- a/src/lib/libcrypto/arch/vax/opensslconf.h
+++ b/src/lib/libcrypto/arch/vax/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/crypto/arch/alpha/opensslconf.h b/src/lib/libcrypto/crypto/arch/alpha/opensslconf.h
index 6e1e9b6f53..a74c6df644 100644
--- a/src/lib/libcrypto/crypto/arch/alpha/opensslconf.h
+++ b/src/lib/libcrypto/crypto/arch/alpha/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/crypto/arch/amd64/opensslconf.h b/src/lib/libcrypto/crypto/arch/amd64/opensslconf.h
index c64d4d336c..cbd5d53ca4 100644
--- a/src/lib/libcrypto/crypto/arch/amd64/opensslconf.h
+++ b/src/lib/libcrypto/crypto/arch/amd64/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/crypto/arch/arm/opensslconf.h b/src/lib/libcrypto/crypto/arch/arm/opensslconf.h
index afbd54ed3d..e3795ce73a 100644
--- a/src/lib/libcrypto/crypto/arch/arm/opensslconf.h
+++ b/src/lib/libcrypto/crypto/arch/arm/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/crypto/arch/hppa/opensslconf.h b/src/lib/libcrypto/crypto/arch/hppa/opensslconf.h
index afbd54ed3d..e3795ce73a 100644
--- a/src/lib/libcrypto/crypto/arch/hppa/opensslconf.h
+++ b/src/lib/libcrypto/crypto/arch/hppa/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/crypto/arch/hppa64/opensslconf.h b/src/lib/libcrypto/crypto/arch/hppa64/opensslconf.h
index 73df98a2b5..54b8f59b76 100644
--- a/src/lib/libcrypto/crypto/arch/hppa64/opensslconf.h
+++ b/src/lib/libcrypto/crypto/arch/hppa64/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/crypto/arch/i386/opensslconf.h b/src/lib/libcrypto/crypto/arch/i386/opensslconf.h
index e47000cf63..37137ff102 100644
--- a/src/lib/libcrypto/crypto/arch/i386/opensslconf.h
+++ b/src/lib/libcrypto/crypto/arch/i386/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/crypto/arch/m88k/opensslconf.h b/src/lib/libcrypto/crypto/arch/m88k/opensslconf.h
index afbd54ed3d..e3795ce73a 100644
--- a/src/lib/libcrypto/crypto/arch/m88k/opensslconf.h
+++ b/src/lib/libcrypto/crypto/arch/m88k/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/crypto/arch/mips64/opensslconf.h b/src/lib/libcrypto/crypto/arch/mips64/opensslconf.h
index 52159f3013..ef7a679d94 100644
--- a/src/lib/libcrypto/crypto/arch/mips64/opensslconf.h
+++ b/src/lib/libcrypto/crypto/arch/mips64/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/crypto/arch/powerpc/opensslconf.h b/src/lib/libcrypto/crypto/arch/powerpc/opensslconf.h
index afbd54ed3d..e3795ce73a 100644
--- a/src/lib/libcrypto/crypto/arch/powerpc/opensslconf.h
+++ b/src/lib/libcrypto/crypto/arch/powerpc/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/crypto/arch/sh/opensslconf.h b/src/lib/libcrypto/crypto/arch/sh/opensslconf.h
index afbd54ed3d..e3795ce73a 100644
--- a/src/lib/libcrypto/crypto/arch/sh/opensslconf.h
+++ b/src/lib/libcrypto/crypto/arch/sh/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/crypto/arch/sparc/opensslconf.h b/src/lib/libcrypto/crypto/arch/sparc/opensslconf.h
index afbd54ed3d..e3795ce73a 100644
--- a/src/lib/libcrypto/crypto/arch/sparc/opensslconf.h
+++ b/src/lib/libcrypto/crypto/arch/sparc/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/crypto/arch/sparc64/opensslconf.h b/src/lib/libcrypto/crypto/arch/sparc64/opensslconf.h
index 52159f3013..ef7a679d94 100644
--- a/src/lib/libcrypto/crypto/arch/sparc64/opensslconf.h
+++ b/src/lib/libcrypto/crypto/arch/sparc64/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/crypto/arch/vax/opensslconf.h b/src/lib/libcrypto/crypto/arch/vax/opensslconf.h
index afbd54ed3d..e3795ce73a 100644
--- a/src/lib/libcrypto/crypto/arch/vax/opensslconf.h
+++ b/src/lib/libcrypto/crypto/arch/vax/opensslconf.h
@@ -5,7 +5,6 @@
 #undef I386_ONLY
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/lib/engines"
 #define OPENSSLDIR "/etc/ssl"
 #endif
diff --git a/src/lib/libcrypto/doc/engine.pod b/src/lib/libcrypto/doc/engine.pod
index 4a6ee59138..578a702371 100644
--- a/src/lib/libcrypto/doc/engine.pod
+++ b/src/lib/libcrypto/doc/engine.pod
@@ -309,11 +309,11 @@ consideration is whether any/all available ENGINE implementations should be
 made visible to OpenSSL - this is controlled by calling the various "load"
 functions, eg.
- /* Make the "dynamic" ENGINE available */
- void ENGINE_load_dynamic(void);
- ...
 /* Make ALL ENGINE implementations bundled with OpenSSL available */
- void ENGINE_load_builtin_engines(void);
+ ENGINE_load_builtin_engines();
+Note that ENGINE_load_dynamic(void) is a placeholder and does not enable
+dynamic engine loading support.
 Having called any of these functions, ENGINE objects would have been
 dynamically allocated and populated with these implementations and linked
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
index 014bcb132e..b428300e76 100644
--- a/src/lib/libcrypto/engine/eng_all.c
+++ b/src/lib/libcrypto/engine/eng_all.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_all.c,v 1.27 2015/02/07 13:19:15 doug Exp $ */
+/* $OpenBSD: eng_all.c,v 1.28 2015/06/19 06:05:11 bcook Exp $ */
 /* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
 * project 2000.
 */
@@ -70,7 +70,6 @@ ENGINE_load_builtin_engines(void)
 #ifndef OPENSSL_NO_RSAX
        ENGINE_load_rsax();
 #endif
-        ENGINE_load_dynamic();
 #ifndef OPENSSL_NO_STATIC_ENGINE
 #ifndef OPENSSL_NO_HW
 #ifndef OPENSSL_NO_HW_PADLOCK
diff --git a/src/lib/libcrypto/engine/eng_dyn.c b/src/lib/libcrypto/engine/eng_dyn.c
index c78d9f6856..400ce72681 100644
--- a/src/lib/libcrypto/engine/eng_dyn.c
+++ b/src/lib/libcrypto/engine/eng_dyn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_dyn.c,v 1.13 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: eng_dyn.c,v 1.14 2015/06/19 06:05:11 bcook Exp $ */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2001.
 */
@@ -56,492 +56,9 @@
 *
 */
-#include <string.h>
+#include <openssl/engine.h>
-#include <openssl/err.h>
-#include "eng_int.h"
-#include <openssl/dso.h>
-/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader
- * should implement the hook-up functions with the following prototypes. */
-/* Our ENGINE handlers */
-static int dynamic_init(ENGINE *e);
-static int dynamic_finish(ENGINE *e);
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-/* Predeclare our context type */
-typedef struct st_dynamic_data_ctx dynamic_data_ctx;
-/* The implementation for the important control command */
-static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
-#define DYNAMIC_CMD_SO_PATH             ENGINE_CMD_BASE
-#define DYNAMIC_CMD_NO_VCHECK           (ENGINE_CMD_BASE + 1)
-#define DYNAMIC_CMD_ID                  (ENGINE_CMD_BASE + 2)
-#define DYNAMIC_CMD_LIST_ADD            (ENGINE_CMD_BASE + 3)
-#define DYNAMIC_CMD_DIR_LOAD            (ENGINE_CMD_BASE + 4)
-#define DYNAMIC_CMD_DIR_ADD             (ENGINE_CMD_BASE + 5)
-#define DYNAMIC_CMD_LOAD                (ENGINE_CMD_BASE + 6)
-/* The constants used when creating the ENGINE */
-static const char *engine_dynamic_id = "dynamic";
-static const char *engine_dynamic_name = "Dynamic engine loading support";
-static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
-        {
-                DYNAMIC_CMD_SO_PATH,
-                "SO_PATH",
-                "Specifies the path to the new ENGINE shared library",
-                ENGINE_CMD_FLAG_STRING},
-        {
-                DYNAMIC_CMD_NO_VCHECK,
-                "NO_VCHECK",
-                "Specifies to continue even if version checking fails (boolean)",
-                ENGINE_CMD_FLAG_NUMERIC},
-        {
-                DYNAMIC_CMD_ID,
-                "ID",
-                "Specifies an ENGINE id name for loading",
-                ENGINE_CMD_FLAG_STRING},
-        {
-                DYNAMIC_CMD_LIST_ADD,
-                "LIST_ADD",
-                "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
-                ENGINE_CMD_FLAG_NUMERIC},
-        {
-                DYNAMIC_CMD_DIR_LOAD,
-                "DIR_LOAD",
-                "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
-                ENGINE_CMD_FLAG_NUMERIC},
-        {
-                DYNAMIC_CMD_DIR_ADD,
-                "DIR_ADD",
-                "Adds a directory from which ENGINEs can be loaded",
-                ENGINE_CMD_FLAG_STRING},
-        {
-                DYNAMIC_CMD_LOAD,
-                "LOAD",
-                "Load up the ENGINE specified by other settings",
-                ENGINE_CMD_FLAG_NO_INPUT},
-        {0, NULL, NULL, 0}
-};
-/* Loading code stores state inside the ENGINE structure via the "ex_data"
- * element. We load all our state into a single structure and use that as a
- * single context in the "ex_data" stack. */
-struct st_dynamic_data_ctx {
-        /* The DSO object we load that supplies the ENGINE code */
-        DSO *dynamic_dso;
-        /* The function pointer to the version checking shared library function */
-        dynamic_v_check_fn v_check;
-        /* The function pointer to the engine-binding shared library function */
-        dynamic_bind_engine bind_engine;
-        /* The default name/path for loading the shared library */
-        const char *DYNAMIC_LIBNAME;
-        /* Whether to continue loading on a version check failure */
-        int no_vcheck;
-        /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
-        const char *engine_id;
-        /* If non-zero, a successfully loaded ENGINE should be added to the internal
-         * ENGINE list. If 2, the add must succeed or the entire load should fail. */
-        int list_add_value;
-        /* The symbol name for the version checking function */
-        const char *DYNAMIC_F1;
-        /* The symbol name for the "initialise ENGINE structure" function */
-        const char *DYNAMIC_F2;
-        /* Whether to never use 'dirs', use 'dirs' as a fallback, or only use
-         * 'dirs' for loading. Default is to use 'dirs' as a fallback. */
-        int dir_load;
-        /* A stack of directories from which ENGINEs could be loaded */
-        STACK_OF(OPENSSL_STRING) *dirs;
-};
-/* This is the "ex_data" index we obtain and reserve for use with our context
- * structure. */
-static int dynamic_ex_data_idx = -1;
-static void
-int_free_str(char *s)
-{
-        free(s);
-}
-/* Because our ex_data element may or may not get allocated depending on whether
- * a "first-use" occurs before the ENGINE is freed, we have a memory leak
- * problem to solve. We can't declare a "new" handler for the ex_data as we
- * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this
- * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free"
- * handler and that will get called if an ENGINE is being destroyed and there
- * was an ex_data element corresponding to our context type. */
-static void
-dynamic_data_ctx_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-    int idx, long argl, void *argp)
-{
-        if (ptr) {
-                dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
-                if (ctx->dynamic_dso)
-                        DSO_free(ctx->dynamic_dso);
-                free((void *)ctx->DYNAMIC_LIBNAME);
-                free((void *)ctx->engine_id);
-                if (ctx->dirs)
-                        sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str);
-                free(ctx);
-        }
-}
-/* Construct the per-ENGINE context. We create it blindly and then use a lock to
- * check for a race - if so, all but one of the threads "racing" will have
- * wasted their time. The alternative involves creating everything inside the
- * lock which is far worse. */
-static int
-dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
-{
-        dynamic_data_ctx *c;
-        c = malloc(sizeof(dynamic_data_ctx));
-        if (!c) {
-                ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        memset(c, 0, sizeof(dynamic_data_ctx));
-        c->dynamic_dso = NULL;
-        c->v_check = NULL;
-        c->bind_engine = NULL;
-        c->DYNAMIC_LIBNAME = NULL;
-        c->no_vcheck = 0;
-        c->engine_id = NULL;
-        c->list_add_value = 0;
-        c->DYNAMIC_F1 = "v_check";
-        c->DYNAMIC_F2 = "bind_engine";
-        c->dir_load = 1;
-        c->dirs = sk_OPENSSL_STRING_new_null();
-        if (!c->dirs) {
-                ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
-                free(c);
-                return 0;
-        }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
-            dynamic_ex_data_idx)) == NULL) {
-                /* Good, we're the first */
-                ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
-                *ctx = c;
-                c = NULL;
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        /* If we lost the race to set the context, c is non-NULL and *ctx is the
-         * context of the thread that won. */
-        free(c);
-        return 1;
-}
-/* This function retrieves the context structure from an ENGINE's "ex_data", or
- * if it doesn't exist yet, sets it up. */
-static dynamic_data_ctx *
-dynamic_get_data_ctx(ENGINE *e)
-{
-        dynamic_data_ctx *ctx;
-        if (dynamic_ex_data_idx < 0) {
-                /* Create and register the ENGINE ex_data, and associate our
-                 * "free" function with it to ensure any allocated contexts get
-                 * freed when an ENGINE goes underground. */
-                int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
-                    dynamic_data_ctx_free_func);
-                if (new_idx == -1) {
-                        ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,
-                            ENGINE_R_NO_INDEX);
-                        return NULL;
-                }
-                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-                /* Avoid a race by checking again inside this lock */
-                if (dynamic_ex_data_idx < 0) {
-                        /* Good, someone didn't beat us to it */
-                        dynamic_ex_data_idx = new_idx;
-                        new_idx = -1;
-                }
-                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-                /* In theory we could "give back" the index here if
-                 * (new_idx>-1), but it's not possible and wouldn't gain us much
-                 * if it were. */
-        }
-        ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
-        /* Check if the context needs to be created */
-        if ((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
-                /* "set_data" will set errors if necessary */
-                return NULL;
-        return ctx;
-}
-static ENGINE *
-engine_dynamic(void)
-{
-        ENGINE *ret = ENGINE_new();
-        if (!ret)
-                return NULL;
-        if (!ENGINE_set_id(ret, engine_dynamic_id) ||
-            !ENGINE_set_name(ret, engine_dynamic_name) ||
-            !ENGINE_set_init_function(ret, dynamic_init) ||
-            !ENGINE_set_finish_function(ret, dynamic_finish) ||
-            !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
-            !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
-            !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) {
-                ENGINE_free(ret);
-                return NULL;
-        }
-        return ret;
-}
 void
 ENGINE_load_dynamic(void)
 {
-        ENGINE *toadd = engine_dynamic();
-        if (!toadd)
-                return;
-        ENGINE_add(toadd);
-        /* If the "add" worked, it gets a structural reference. So either way,
-         * we release our just-created reference. */
-        ENGINE_free(toadd);
-        /* If the "add" didn't work, it was probably a conflict because it was
-         * already added (eg. someone calling ENGINE_load_blah then calling
-         * ENGINE_load_builtin_engines() perhaps). */
-        ERR_clear_error();
-}
-static int
-dynamic_init(ENGINE *e)
-{
-        /* We always return failure - the "dyanamic" engine itself can't be used
-         * for anything. */
-        return 0;
-}
-static int
-dynamic_finish(ENGINE *e)
-{
-        /* This should never be called on account of "dynamic_init" always
-         * failing. */
-        return 0;
-}
-static int
-dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-{
-        dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
-        int initialised;
-        if (!ctx) {
-                ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_NOT_LOADED);
-                return 0;
-        }
-        initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
-        /* All our control commands require the ENGINE to be uninitialised */
-        if (initialised) {
-                ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_ALREADY_LOADED);
-                return 0;
-        }
-        switch (cmd) {
-        case DYNAMIC_CMD_SO_PATH:
-                /* a NULL 'p' or a string of zero-length is the same thing */
-                if (p && (strlen((const char *)p) < 1))
-                        p = NULL;
-                free((void *)ctx->DYNAMIC_LIBNAME);
-                if (p)
-                        ctx->DYNAMIC_LIBNAME = strdup(p);
-                else
-                        ctx->DYNAMIC_LIBNAME = NULL;
-                return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
-        case DYNAMIC_CMD_NO_VCHECK:
-                ctx->no_vcheck = ((i == 0) ? 0 : 1);
-                return 1;
-        case DYNAMIC_CMD_ID:
-                /* a NULL 'p' or a string of zero-length is the same thing */
-                if (p && (strlen((const char *)p) < 1))
-                        p = NULL;
-                free((void *)ctx->engine_id);
-                if (p)
-                        ctx->engine_id = strdup(p);
-                else
-                        ctx->engine_id = NULL;
-                return (ctx->engine_id ? 1 : 0);
-        case DYNAMIC_CMD_LIST_ADD:
-                if ((i < 0) || (i > 2)) {
-                        ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-                            ENGINE_R_INVALID_ARGUMENT);
-                        return 0;
-                }
-                ctx->list_add_value = (int)i;
-                return 1;
-        case DYNAMIC_CMD_LOAD:
-                return dynamic_load(e, ctx);
-        case DYNAMIC_CMD_DIR_LOAD:
-                if ((i < 0) || (i > 2)) {
-                        ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-                            ENGINE_R_INVALID_ARGUMENT);
-                        return 0;
-                }
-                ctx->dir_load = (int)i;
-                return 1;
-        case DYNAMIC_CMD_DIR_ADD:
-                /* a NULL 'p' or a string of zero-length is the same thing */
-                if (!p || (strlen((const char *)p) < 1)) {
-                        ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-                            ENGINE_R_INVALID_ARGUMENT);
-                        return 0;
-                }
-                {
-                        char *tmp_str = strdup(p);
-                        if (!tmp_str) {
-                                ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-                                    ERR_R_MALLOC_FAILURE);
-                                return 0;
-                        }
-                        sk_OPENSSL_STRING_insert(ctx->dirs, tmp_str, -1);
-                }
-                return 1;
-        default:
-                break;
-        }
-        ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-        return 0;
-}
-static int
-int_load(dynamic_data_ctx *ctx)
-{
-        int num, loop;
-        /* Unless told not to, try a direct load */
-        if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
-            ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL)
-                return 1;
-        /* If we're not allowed to use 'dirs' or we have none, fail */
-        if (!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1)
-                return 0;
-        for (loop = 0; loop < num; loop++) {
-                const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop);
-                char *merge = DSO_merge(ctx->dynamic_dso,
-                    ctx->DYNAMIC_LIBNAME, s);
-                if (!merge)
-                        return 0;
-                if (DSO_load(ctx->dynamic_dso, merge, NULL, 0)) {
-                        /* Found what we're looking for */
-                        free(merge);
-                        return 1;
-                }
-                free(merge);
-        }
-        return 0;
-}
-static int
-dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
-{
-        ENGINE cpy;
-        dynamic_fns fns;
-        if (!ctx->dynamic_dso)
-                ctx->dynamic_dso = DSO_new();
-        if (!ctx->DYNAMIC_LIBNAME) {
-                if (!ctx->engine_id)
-                        return 0;
-                ctx->DYNAMIC_LIBNAME = DSO_convert_filename(ctx->dynamic_dso,
-                    ctx->engine_id);
-        }
-        if (!int_load(ctx)) {
-                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-                    ENGINE_R_DSO_NOT_FOUND);
-                DSO_free(ctx->dynamic_dso);
-                ctx->dynamic_dso = NULL;
-                return 0;
-        }
-        /* We have to find a bind function otherwise it'll always end badly */
-        if (!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func(
-            ctx->dynamic_dso, ctx->DYNAMIC_F2))) {
-                ctx->bind_engine = NULL;
-                DSO_free(ctx->dynamic_dso);
-                ctx->dynamic_dso = NULL;
-                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-                    ENGINE_R_DSO_FAILURE);
-                return 0;
-        }
-        /* Do we perform version checking? */
-        if (!ctx->no_vcheck) {
-                unsigned long vcheck_res = 0;
-                /* Now we try to find a version checking function and decide how
-                 * to cope with failure if/when it fails. */
-                ctx->v_check = (dynamic_v_check_fn)DSO_bind_func(
-                    ctx->dynamic_dso, ctx->DYNAMIC_F1);
-                if (ctx->v_check)
-                        vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
-                /* We fail if the version checker veto'd the load *or* if it is
-                 * deferring to us (by returning its version) and we think it is
-                 * too old. */
-                if (vcheck_res < OSSL_DYNAMIC_OLDEST) {
-                        /* Fail */
-                        ctx->bind_engine = NULL;
-                        ctx->v_check = NULL;
-                        DSO_free(ctx->dynamic_dso);
-                        ctx->dynamic_dso = NULL;
-                        ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-                            ENGINE_R_VERSION_INCOMPATIBILITY);
-                        return 0;
-                }
-        }
-        /* First binary copy the ENGINE structure so that we can roll back if
-         * the hand-over fails */
-        memcpy(&cpy, e, sizeof(ENGINE));
-        /* Provide the ERR, "ex_data", memory, and locking callbacks so the
-         * loaded library uses our state rather than its own. FIXME: As noted in
-         * engine.h, much of this would be simplified if each area of code
-         * provided its own "summary" structure of all related callbacks. It
-         * would also increase opaqueness. */
-        fns.static_state = ENGINE_get_static_state();
-        fns.err_fns = ERR_get_implementation();
-        fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
-        CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
-            &fns.mem_fns.realloc_cb,
-            &fns.mem_fns.free_cb);
-        fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
-        fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();
-        fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
-        fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
-        fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
-        /* Now that we've loaded the dynamic engine, make sure no "dynamic"
-         * ENGINE elements will show through. */
-        engine_set_all_null(e);
-        /* Try to bind the ENGINE onto our own ENGINE structure */
-        if (!ctx->bind_engine(e, ctx->engine_id, &fns)) {
-                ctx->bind_engine = NULL;
-                ctx->v_check = NULL;
-                DSO_free(ctx->dynamic_dso);
-                ctx->dynamic_dso = NULL;
-                ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_INIT_FAILED);
-                /* Copy the original ENGINE structure back */
-                memcpy(e, &cpy, sizeof(ENGINE));
-                return 0;
-        }
-        /* Do we try to add this ENGINE to the internal list too? */
-        if (ctx->list_add_value > 0) {
-                if (!ENGINE_add(e)) {
-                        /* Do we tolerate this or fail? */
-                        if (ctx->list_add_value > 1) {
-                                /* Fail - NB: By this time, it's too late to
-                                 * rollback, and trying to do so allows the
-                                 * bind_engine() code to have created leaks. We
-                                 * just have to fail where we are, after the
-                                 * ENGINE has changed. */
-                                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-                                    ENGINE_R_CONFLICTING_ENGINE_ID);
-                                return 0;
-                        }
-                        /* Tolerate */
-                        ERR_clear_error();
-                }
-        }
-        return 1;
 }
diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
index 939cc82b17..7f3cb35515 100644
--- a/src/lib/libcrypto/engine/eng_list.c
+++ b/src/lib/libcrypto/engine/eng_list.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_list.c,v 1.18 2015/04/11 16:03:21 deraadt Exp $ */
+/* $OpenBSD: eng_list.c,v 1.19 2015/06/19 06:05:11 bcook Exp $ */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
@@ -351,7 +351,6 @@ ENGINE *
 ENGINE_by_id(const char *id)
 {
        ENGINE *iterator;
-        char *load_dir = NULL;
        if (id == NULL) {
                ENGINEerr(ENGINE_F_ENGINE_BY_ID,
@@ -381,30 +380,9 @@ ENGINE_by_id(const char *id)
        }
        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        /* EEK! Experimental code starts */
+        if (iterator == NULL)
-        if (iterator)
+                ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
-                return iterator;
+        return iterator;
-        /* Prevent infinite recusrion if we're looking for the dynamic engine. */
-        if (strcmp(id, "dynamic")) {
-                load_dir = ENGINESDIR;
-                iterator = ENGINE_by_id("dynamic");
-                if (!iterator ||
-                    !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
-                    !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
-                    !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", load_dir, 0) ||
-                    !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
-                    !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
-                        goto notfound;
-                return iterator;
-        }
-notfound:
-        ENGINE_free(iterator);
-        ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
-        ERR_asprintf_error_data("id=%s", id);
-        return NULL;
-        /* EEK! Experimental code ends */
 }
 int
diff --git a/src/lib/libssl/src/crypto/engine/eng_all.c b/src/lib/libssl/src/crypto/engine/eng_all.c
index 014bcb132e..b428300e76 100644
--- a/src/lib/libssl/src/crypto/engine/eng_all.c
+++ b/src/lib/libssl/src/crypto/engine/eng_all.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_all.c,v 1.27 2015/02/07 13:19:15 doug Exp $ */
+/* $OpenBSD: eng_all.c,v 1.28 2015/06/19 06:05:11 bcook Exp $ */
 /* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
 * project 2000.
 */
@@ -70,7 +70,6 @@ ENGINE_load_builtin_engines(void)
 #ifndef OPENSSL_NO_RSAX
        ENGINE_load_rsax();
 #endif
-        ENGINE_load_dynamic();
 #ifndef OPENSSL_NO_STATIC_ENGINE
 #ifndef OPENSSL_NO_HW
 #ifndef OPENSSL_NO_HW_PADLOCK
diff --git a/src/lib/libssl/src/crypto/engine/eng_dyn.c b/src/lib/libssl/src/crypto/engine/eng_dyn.c
index c78d9f6856..400ce72681 100644
--- a/src/lib/libssl/src/crypto/engine/eng_dyn.c
+++ b/src/lib/libssl/src/crypto/engine/eng_dyn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_dyn.c,v 1.13 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: eng_dyn.c,v 1.14 2015/06/19 06:05:11 bcook Exp $ */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2001.
 */
@@ -56,492 +56,9 @@
 *
 */
-#include <string.h>
+#include <openssl/engine.h>
-#include <openssl/err.h>
-#include "eng_int.h"
-#include <openssl/dso.h>
-/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader
- * should implement the hook-up functions with the following prototypes. */
-/* Our ENGINE handlers */
-static int dynamic_init(ENGINE *e);
-static int dynamic_finish(ENGINE *e);
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-/* Predeclare our context type */
-typedef struct st_dynamic_data_ctx dynamic_data_ctx;
-/* The implementation for the important control command */
-static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
-#define DYNAMIC_CMD_SO_PATH             ENGINE_CMD_BASE
-#define DYNAMIC_CMD_NO_VCHECK           (ENGINE_CMD_BASE + 1)
-#define DYNAMIC_CMD_ID                  (ENGINE_CMD_BASE + 2)
-#define DYNAMIC_CMD_LIST_ADD            (ENGINE_CMD_BASE + 3)
-#define DYNAMIC_CMD_DIR_LOAD            (ENGINE_CMD_BASE + 4)
-#define DYNAMIC_CMD_DIR_ADD             (ENGINE_CMD_BASE + 5)
-#define DYNAMIC_CMD_LOAD                (ENGINE_CMD_BASE + 6)
-/* The constants used when creating the ENGINE */
-static const char *engine_dynamic_id = "dynamic";
-static const char *engine_dynamic_name = "Dynamic engine loading support";
-static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
-        {
-                DYNAMIC_CMD_SO_PATH,
-                "SO_PATH",
-                "Specifies the path to the new ENGINE shared library",
-                ENGINE_CMD_FLAG_STRING},
-        {
-                DYNAMIC_CMD_NO_VCHECK,
-                "NO_VCHECK",
-                "Specifies to continue even if version checking fails (boolean)",
-                ENGINE_CMD_FLAG_NUMERIC},
-        {
-                DYNAMIC_CMD_ID,
-                "ID",
-                "Specifies an ENGINE id name for loading",
-                ENGINE_CMD_FLAG_STRING},
-        {
-                DYNAMIC_CMD_LIST_ADD,
-                "LIST_ADD",
-                "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
-                ENGINE_CMD_FLAG_NUMERIC},
-        {
-                DYNAMIC_CMD_DIR_LOAD,
-                "DIR_LOAD",
-                "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
-                ENGINE_CMD_FLAG_NUMERIC},
-        {
-                DYNAMIC_CMD_DIR_ADD,
-                "DIR_ADD",
-                "Adds a directory from which ENGINEs can be loaded",
-                ENGINE_CMD_FLAG_STRING},
-        {
-                DYNAMIC_CMD_LOAD,
-                "LOAD",
-                "Load up the ENGINE specified by other settings",
-                ENGINE_CMD_FLAG_NO_INPUT},
-        {0, NULL, NULL, 0}
-};
-/* Loading code stores state inside the ENGINE structure via the "ex_data"
- * element. We load all our state into a single structure and use that as a
- * single context in the "ex_data" stack. */
-struct st_dynamic_data_ctx {
-        /* The DSO object we load that supplies the ENGINE code */
-        DSO *dynamic_dso;
-        /* The function pointer to the version checking shared library function */
-        dynamic_v_check_fn v_check;
-        /* The function pointer to the engine-binding shared library function */
-        dynamic_bind_engine bind_engine;
-        /* The default name/path for loading the shared library */
-        const char *DYNAMIC_LIBNAME;
-        /* Whether to continue loading on a version check failure */
-        int no_vcheck;
-        /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
-        const char *engine_id;
-        /* If non-zero, a successfully loaded ENGINE should be added to the internal
-         * ENGINE list. If 2, the add must succeed or the entire load should fail. */
-        int list_add_value;
-        /* The symbol name for the version checking function */
-        const char *DYNAMIC_F1;
-        /* The symbol name for the "initialise ENGINE structure" function */
-        const char *DYNAMIC_F2;
-        /* Whether to never use 'dirs', use 'dirs' as a fallback, or only use
-         * 'dirs' for loading. Default is to use 'dirs' as a fallback. */
-        int dir_load;
-        /* A stack of directories from which ENGINEs could be loaded */
-        STACK_OF(OPENSSL_STRING) *dirs;
-};
-/* This is the "ex_data" index we obtain and reserve for use with our context
- * structure. */
-static int dynamic_ex_data_idx = -1;
-static void
-int_free_str(char *s)
-{
-        free(s);
-}
-/* Because our ex_data element may or may not get allocated depending on whether
- * a "first-use" occurs before the ENGINE is freed, we have a memory leak
- * problem to solve. We can't declare a "new" handler for the ex_data as we
- * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this
- * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free"
- * handler and that will get called if an ENGINE is being destroyed and there
- * was an ex_data element corresponding to our context type. */
-static void
-dynamic_data_ctx_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-    int idx, long argl, void *argp)
-{
-        if (ptr) {
-                dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
-                if (ctx->dynamic_dso)
-                        DSO_free(ctx->dynamic_dso);
-                free((void *)ctx->DYNAMIC_LIBNAME);
-                free((void *)ctx->engine_id);
-                if (ctx->dirs)
-                        sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str);
-                free(ctx);
-        }
-}
-/* Construct the per-ENGINE context. We create it blindly and then use a lock to
- * check for a race - if so, all but one of the threads "racing" will have
- * wasted their time. The alternative involves creating everything inside the
- * lock which is far worse. */
-static int
-dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
-{
-        dynamic_data_ctx *c;
-        c = malloc(sizeof(dynamic_data_ctx));
-        if (!c) {
-                ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        memset(c, 0, sizeof(dynamic_data_ctx));
-        c->dynamic_dso = NULL;
-        c->v_check = NULL;
-        c->bind_engine = NULL;
-        c->DYNAMIC_LIBNAME = NULL;
-        c->no_vcheck = 0;
-        c->engine_id = NULL;
-        c->list_add_value = 0;
-        c->DYNAMIC_F1 = "v_check";
-        c->DYNAMIC_F2 = "bind_engine";
-        c->dir_load = 1;
-        c->dirs = sk_OPENSSL_STRING_new_null();
-        if (!c->dirs) {
-                ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
-                free(c);
-                return 0;
-        }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
-            dynamic_ex_data_idx)) == NULL) {
-                /* Good, we're the first */
-                ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
-                *ctx = c;
-                c = NULL;
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        /* If we lost the race to set the context, c is non-NULL and *ctx is the
-         * context of the thread that won. */
-        free(c);
-        return 1;
-}
-/* This function retrieves the context structure from an ENGINE's "ex_data", or
- * if it doesn't exist yet, sets it up. */
-static dynamic_data_ctx *
-dynamic_get_data_ctx(ENGINE *e)
-{
-        dynamic_data_ctx *ctx;
-        if (dynamic_ex_data_idx < 0) {
-                /* Create and register the ENGINE ex_data, and associate our
-                 * "free" function with it to ensure any allocated contexts get
-                 * freed when an ENGINE goes underground. */
-                int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
-                    dynamic_data_ctx_free_func);
-                if (new_idx == -1) {
-                        ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,
-                            ENGINE_R_NO_INDEX);
-                        return NULL;
-                }
-                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-                /* Avoid a race by checking again inside this lock */
-                if (dynamic_ex_data_idx < 0) {
-                        /* Good, someone didn't beat us to it */
-                        dynamic_ex_data_idx = new_idx;
-                        new_idx = -1;
-                }
-                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-                /* In theory we could "give back" the index here if
-                 * (new_idx>-1), but it's not possible and wouldn't gain us much
-                 * if it were. */
-        }
-        ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
-        /* Check if the context needs to be created */
-        if ((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
-                /* "set_data" will set errors if necessary */
-                return NULL;
-        return ctx;
-}
-static ENGINE *
-engine_dynamic(void)
-{
-        ENGINE *ret = ENGINE_new();
-        if (!ret)
-                return NULL;
-        if (!ENGINE_set_id(ret, engine_dynamic_id) ||
-            !ENGINE_set_name(ret, engine_dynamic_name) ||
-            !ENGINE_set_init_function(ret, dynamic_init) ||
-            !ENGINE_set_finish_function(ret, dynamic_finish) ||
-            !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
-            !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
-            !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) {
-                ENGINE_free(ret);
-                return NULL;
-        }
-        return ret;
-}
 void
 ENGINE_load_dynamic(void)
 {
-        ENGINE *toadd = engine_dynamic();
-        if (!toadd)
-                return;
-        ENGINE_add(toadd);
-        /* If the "add" worked, it gets a structural reference. So either way,
-         * we release our just-created reference. */
-        ENGINE_free(toadd);
-        /* If the "add" didn't work, it was probably a conflict because it was
-         * already added (eg. someone calling ENGINE_load_blah then calling
-         * ENGINE_load_builtin_engines() perhaps). */
-        ERR_clear_error();
-}
-static int
-dynamic_init(ENGINE *e)
-{
-        /* We always return failure - the "dyanamic" engine itself can't be used
-         * for anything. */
-        return 0;
-}
-static int
-dynamic_finish(ENGINE *e)
-{
-        /* This should never be called on account of "dynamic_init" always
-         * failing. */
-        return 0;
-}
-static int
-dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-{
-        dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
-        int initialised;
-        if (!ctx) {
-                ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_NOT_LOADED);
-                return 0;
-        }
-        initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
-        /* All our control commands require the ENGINE to be uninitialised */
-        if (initialised) {
-                ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_ALREADY_LOADED);
-                return 0;
-        }
-        switch (cmd) {
-        case DYNAMIC_CMD_SO_PATH:
-                /* a NULL 'p' or a string of zero-length is the same thing */
-                if (p && (strlen((const char *)p) < 1))
-                        p = NULL;
-                free((void *)ctx->DYNAMIC_LIBNAME);
-                if (p)
-                        ctx->DYNAMIC_LIBNAME = strdup(p);
-                else
-                        ctx->DYNAMIC_LIBNAME = NULL;
-                return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
-        case DYNAMIC_CMD_NO_VCHECK:
-                ctx->no_vcheck = ((i == 0) ? 0 : 1);
-                return 1;
-        case DYNAMIC_CMD_ID:
-                /* a NULL 'p' or a string of zero-length is the same thing */
-                if (p && (strlen((const char *)p) < 1))
-                        p = NULL;
-                free((void *)ctx->engine_id);
-                if (p)
-                        ctx->engine_id = strdup(p);
-                else
-                        ctx->engine_id = NULL;
-                return (ctx->engine_id ? 1 : 0);
-        case DYNAMIC_CMD_LIST_ADD:
-                if ((i < 0) || (i > 2)) {
-                        ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-                            ENGINE_R_INVALID_ARGUMENT);
-                        return 0;
-                }
-                ctx->list_add_value = (int)i;
-                return 1;
-        case DYNAMIC_CMD_LOAD:
-                return dynamic_load(e, ctx);
-        case DYNAMIC_CMD_DIR_LOAD:
-                if ((i < 0) || (i > 2)) {
-                        ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-                            ENGINE_R_INVALID_ARGUMENT);
-                        return 0;
-                }
-                ctx->dir_load = (int)i;
-                return 1;
-        case DYNAMIC_CMD_DIR_ADD:
-                /* a NULL 'p' or a string of zero-length is the same thing */
-                if (!p || (strlen((const char *)p) < 1)) {
-                        ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-                            ENGINE_R_INVALID_ARGUMENT);
-                        return 0;
-                }
-                {
-                        char *tmp_str = strdup(p);
-                        if (!tmp_str) {
-                                ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-                                    ERR_R_MALLOC_FAILURE);
-                                return 0;
-                        }
-                        sk_OPENSSL_STRING_insert(ctx->dirs, tmp_str, -1);
-                }
-                return 1;
-        default:
-                break;
-        }
-        ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-        return 0;
-}
-static int
-int_load(dynamic_data_ctx *ctx)
-{
-        int num, loop;
-        /* Unless told not to, try a direct load */
-        if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
-            ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL)
-                return 1;
-        /* If we're not allowed to use 'dirs' or we have none, fail */
-        if (!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1)
-                return 0;
-        for (loop = 0; loop < num; loop++) {
-                const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop);
-                char *merge = DSO_merge(ctx->dynamic_dso,
-                    ctx->DYNAMIC_LIBNAME, s);
-                if (!merge)
-                        return 0;
-                if (DSO_load(ctx->dynamic_dso, merge, NULL, 0)) {
-                        /* Found what we're looking for */
-                        free(merge);
-                        return 1;
-                }
-                free(merge);
-        }
-        return 0;
-}
-static int
-dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
-{
-        ENGINE cpy;
-        dynamic_fns fns;
-        if (!ctx->dynamic_dso)
-                ctx->dynamic_dso = DSO_new();
-        if (!ctx->DYNAMIC_LIBNAME) {
-                if (!ctx->engine_id)
-                        return 0;
-                ctx->DYNAMIC_LIBNAME = DSO_convert_filename(ctx->dynamic_dso,
-                    ctx->engine_id);
-        }
-        if (!int_load(ctx)) {
-                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-                    ENGINE_R_DSO_NOT_FOUND);
-                DSO_free(ctx->dynamic_dso);
-                ctx->dynamic_dso = NULL;
-                return 0;
-        }
-        /* We have to find a bind function otherwise it'll always end badly */
-        if (!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func(
-            ctx->dynamic_dso, ctx->DYNAMIC_F2))) {
-                ctx->bind_engine = NULL;
-                DSO_free(ctx->dynamic_dso);
-                ctx->dynamic_dso = NULL;
-                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-                    ENGINE_R_DSO_FAILURE);
-                return 0;
-        }
-        /* Do we perform version checking? */
-        if (!ctx->no_vcheck) {
-                unsigned long vcheck_res = 0;
-                /* Now we try to find a version checking function and decide how
-                 * to cope with failure if/when it fails. */
-                ctx->v_check = (dynamic_v_check_fn)DSO_bind_func(
-                    ctx->dynamic_dso, ctx->DYNAMIC_F1);
-                if (ctx->v_check)
-                        vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
-                /* We fail if the version checker veto'd the load *or* if it is
-                 * deferring to us (by returning its version) and we think it is
-                 * too old. */
-                if (vcheck_res < OSSL_DYNAMIC_OLDEST) {
-                        /* Fail */
-                        ctx->bind_engine = NULL;
-                        ctx->v_check = NULL;
-                        DSO_free(ctx->dynamic_dso);
-                        ctx->dynamic_dso = NULL;
-                        ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-                            ENGINE_R_VERSION_INCOMPATIBILITY);
-                        return 0;
-                }
-        }
-        /* First binary copy the ENGINE structure so that we can roll back if
-         * the hand-over fails */
-        memcpy(&cpy, e, sizeof(ENGINE));
-        /* Provide the ERR, "ex_data", memory, and locking callbacks so the
-         * loaded library uses our state rather than its own. FIXME: As noted in
-         * engine.h, much of this would be simplified if each area of code
-         * provided its own "summary" structure of all related callbacks. It
-         * would also increase opaqueness. */
-        fns.static_state = ENGINE_get_static_state();
-        fns.err_fns = ERR_get_implementation();
-        fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
-        CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
-            &fns.mem_fns.realloc_cb,
-            &fns.mem_fns.free_cb);
-        fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
-        fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();
-        fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
-        fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
-        fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
-        /* Now that we've loaded the dynamic engine, make sure no "dynamic"
-         * ENGINE elements will show through. */
-        engine_set_all_null(e);
-        /* Try to bind the ENGINE onto our own ENGINE structure */
-        if (!ctx->bind_engine(e, ctx->engine_id, &fns)) {
-                ctx->bind_engine = NULL;
-                ctx->v_check = NULL;
-                DSO_free(ctx->dynamic_dso);
-                ctx->dynamic_dso = NULL;
-                ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_INIT_FAILED);
-                /* Copy the original ENGINE structure back */
-                memcpy(e, &cpy, sizeof(ENGINE));
-                return 0;
-        }
-        /* Do we try to add this ENGINE to the internal list too? */
-        if (ctx->list_add_value > 0) {
-                if (!ENGINE_add(e)) {
-                        /* Do we tolerate this or fail? */
-                        if (ctx->list_add_value > 1) {
-                                /* Fail - NB: By this time, it's too late to
-                                 * rollback, and trying to do so allows the
-                                 * bind_engine() code to have created leaks. We
-                                 * just have to fail where we are, after the
-                                 * ENGINE has changed. */
-                                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-                                    ENGINE_R_CONFLICTING_ENGINE_ID);
-                                return 0;
-                        }
-                        /* Tolerate */
-                        ERR_clear_error();
-                }
-        }
-        return 1;
 }
diff --git a/src/lib/libssl/src/crypto/engine/eng_list.c b/src/lib/libssl/src/crypto/engine/eng_list.c
index 939cc82b17..7f3cb35515 100644
--- a/src/lib/libssl/src/crypto/engine/eng_list.c
+++ b/src/lib/libssl/src/crypto/engine/eng_list.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_list.c,v 1.18 2015/04/11 16:03:21 deraadt Exp $ */
+/* $OpenBSD: eng_list.c,v 1.19 2015/06/19 06:05:11 bcook Exp $ */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
@@ -351,7 +351,6 @@ ENGINE *
 ENGINE_by_id(const char *id)
 {
        ENGINE *iterator;
-        char *load_dir = NULL;
        if (id == NULL) {
                ENGINEerr(ENGINE_F_ENGINE_BY_ID,
@@ -381,30 +380,9 @@ ENGINE_by_id(const char *id)
        }
        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        /* EEK! Experimental code starts */
+        if (iterator == NULL)
-        if (iterator)
+                ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
-                return iterator;
+        return iterator;
-        /* Prevent infinite recusrion if we're looking for the dynamic engine. */
-        if (strcmp(id, "dynamic")) {
-                load_dir = ENGINESDIR;
-                iterator = ENGINE_by_id("dynamic");
-                if (!iterator ||
-                    !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
-                    !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
-                    !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", load_dir, 0) ||
-                    !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
-                    !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
-                        goto notfound;
-                return iterator;
-        }
-notfound:
-        ENGINE_free(iterator);
-        ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
-        ERR_asprintf_error_data("id=%s", id);
-        return NULL;
-        /* EEK! Experimental code ends */
 }
 int
diff --git a/src/lib/libssl/src/doc/crypto/engine.pod b/src/lib/libssl/src/doc/crypto/engine.pod
index 4a6ee59138..578a702371 100644
--- a/src/lib/libssl/src/doc/crypto/engine.pod
+++ b/src/lib/libssl/src/doc/crypto/engine.pod
@@ -309,11 +309,11 @@ consideration is whether any/all available ENGINE implementations should be
 made visible to OpenSSL - this is controlled by calling the various "load"
 functions, eg.
- /* Make the "dynamic" ENGINE available */
- void ENGINE_load_dynamic(void);
- ...
 /* Make ALL ENGINE implementations bundled with OpenSSL available */
- void ENGINE_load_builtin_engines(void);
+ ENGINE_load_builtin_engines();
+Note that ENGINE_load_dynamic(void) is a placeholder and does not enable
+dynamic engine loading support.
 Having called any of these functions, ENGINE objects would have been
 dynamically allocated and populated with these implementations and linked
author	bcook <>	2015-06-19 06:05:11 +0000
committer	bcook <>	2015-06-19 06:05:11 +0000
commit	3293ee7f21e12c11500db87f81e518c9dada1317 (patch)
tree	538e72acb11427108f44223401736d2fbf8567b3 /src/lib
parent	1e5789c97a8071094172fd10fb49618ac87026ef (diff)
download	openbsd-3293ee7f21e12c11500db87f81e518c9dada1317.tar.gz openbsd-3293ee7f21e12c11500db87f81e518c9dada1317.tar.bz2 openbsd-3293ee7f21e12c11500db87f81e518c9dada1317.zip