Provide a bunch of always failing ENGINE API

This commit adds a few symbols under OPENSSL_NO_ENGINE. They will be used
after the main ENGINE code is disabled in the next bump.

The ecosystem is mostly prepared for dealing with a libcrypto compiled
with OPENSSL_NO_ENGINE. There are a few stragglers like M2Crypto, dovecot
and the latest apr-util release (fixed in their development branch).

To avoid intrusive patching in these ports, we need to keep a bunch of
ENGINE symbols around despite adding OPENSSL_NO_ENGINE. This of course
meant patching some other ports, but that was way easier.

ok jsing

diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile
index 8ec9b1b..b9cb2ed 100644 (file)
--- a/lib/libcrypto/Makefile
+++ b/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.138 2023/07/20 16:36:06 tb Exp $
+# $OpenBSD: Makefile,v 1.139 2023/07/21 09:04:23 tb Exp $
 
 LIB=   crypto
 LIBREBUILD=y
@@ -362,6 +362,7 @@ SRCS+= ecs_lib.c
 SRCS+= ecdsa.c
 
 # engine/
+SRCS+= engine_stubs.c
 SRCS+= eng_all.c
 SRCS+= eng_cnf.c
 SRCS+= eng_ctrl.c

diff --git a/lib/libcrypto/engine/engine.h b/lib/libcrypto/engine/engine.h
index 0c620ba..156c2f8 100644 (file)
--- a/lib/libcrypto/engine/engine.h
+++ b/lib/libcrypto/engine/engine.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: engine.h,v 1.38 2023/04/18 09:10:44 tb Exp $ */
+/* $OpenBSD: engine.h,v 1.39 2023/07/21 09:04:23 tb Exp $ */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
  * project 2000.
  */
@@ -66,10 +66,6 @@
 
 #include <openssl/opensslconf.h>
 
-#ifdef OPENSSL_NO_ENGINE
-#error ENGINE is disabled.
-#endif
-
 #include <openssl/bn.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
@@ -246,6 +242,43 @@ extern "C" {
  * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
 #define ENGINE_CMD_BASE                                200
 
+/*
+ * Prototypes for the stub functions in engine_stubs.c. They are provided to
+ * build M2Crypto, Dovecot, apr-utils without patching. All the other garbage
+ * can hopefully go away soon.
+ */
+#ifdef OPENSSL_NO_ENGINE
+void ENGINE_load_builtin_engines(void);
+void ENGINE_load_dynamic(void);
+void ENGINE_load_openssl(void);
+int ENGINE_register_all_complete(void);
+
+void ENGINE_cleanup(void);
+ENGINE *ENGINE_new(void);
+
+int ENGINE_free(ENGINE *engine);
+int ENGINE_init(ENGINE *engine);
+int ENGINE_finish(ENGINE *engine);
+
+ENGINE *ENGINE_by_id(const char *id);
+const char *ENGINE_get_id(const ENGINE *engine);
+const char *ENGINE_get_name(const ENGINE *engine);
+
+int ENGINE_set_default(ENGINE *engine, unsigned int flags);
+
+ENGINE *ENGINE_get_default_RSA(void);
+int ENGINE_set_default_RSA(ENGINE *engine);
+
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p,
+    void (*f)(void), int cmd_optional);
+int ENGINE_ctrl_cmd_string(ENGINE *engine, const char *cmd, const char *arg,
+    int cmd_optional);
+
+EVP_PKEY *ENGINE_load_private_key(ENGINE *engine, const char *key_id,
+    UI_METHOD *ui_method, void *callback_data);
+EVP_PKEY *ENGINE_load_public_key(ENGINE *engine, const char *key_id,
+    UI_METHOD *ui_method, void *callback_data);
+#else
 /* If an ENGINE supports its own specific control commands and wishes the
  * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
  * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
@@ -714,6 +747,7 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
                                        void *ENGINE_get_static_state(void);
 
 void ERR_load_ENGINE_strings(void);
+#endif
 
 /* Error codes for the ENGINE functions. */
 

diff --git a/lib/libcrypto/engine/engine_stubs.c b/lib/libcrypto/engine/engine_stubs.c
new file mode 100644 (file)
index 0000000..3621da8
--- /dev/null
+++ b/lib/libcrypto/engine/engine_stubs.c
@@ -0,0 +1,125 @@
+/*     $OpenBSD: engine_stubs.c,v 1.1 2023/07/21 09:04:23 tb Exp $ */
+
+/*
+ * Written by Theo Buehler. Public domain.
+ */
+
+#include <openssl/engine.h>
+
+#ifdef OPENSSL_NO_ENGINE
+
+void
+ENGINE_load_builtin_engines(void)
+{
+}
+
+void
+ENGINE_load_dynamic(void)
+{
+}
+
+void
+ENGINE_load_openssl(void)
+{
+}
+
+int
+ENGINE_register_all_complete(void)
+{
+       return 0;
+}
+
+void
+ENGINE_cleanup(void)
+{
+}
+
+ENGINE *
+ENGINE_new(void)
+{
+       return NULL;
+}
+
+int
+ENGINE_free(ENGINE *engine)
+{
+       return 0;
+}
+
+int
+ENGINE_init(ENGINE *engine)
+{
+       return 0;
+}
+
+int
+ENGINE_finish(ENGINE *engine)
+{
+       return 0;
+}
+
+ENGINE *
+ENGINE_by_id(const char *id)
+{
+       return NULL;
+}
+
+const char *
+ENGINE_get_id(const ENGINE *engine)
+{
+       return "";
+}
+
+const char *
+ENGINE_get_name(const ENGINE *engine)
+{
+       return "";
+}
+
+int
+ENGINE_set_default(ENGINE *engine, unsigned int flags)
+{
+       return 0;
+}
+
+ENGINE *
+ENGINE_get_default_RSA(void)
+{
+       return NULL;
+}
+
+int
+ENGINE_set_default_RSA(ENGINE *engine)
+{
+       return 0;
+}
+
+int
+ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p,
+    void (*f)(void), int cmd_optional)
+{
+       return 0;
+}
+
+int
+ENGINE_ctrl_cmd_string(ENGINE *engine, const char *cmd, const char *arg,
+    int cmd_optional)
+{
+       return 0;
+}
+
+EVP_PKEY *
+ENGINE_load_private_key(ENGINE *engine, const char *key_id,
+    UI_METHOD *ui_method, void *callback_data)
+{
+       return NULL;
+}
+
+EVP_PKEY *
+ENGINE_load_public_key(ENGINE *engine, const char *key_id,
+    UI_METHOD *ui_method, void *callback_data)
+{
+       return NULL;
+}
+
+#endif