From da5b25ce850ff36fb750dc2905aabc6899ca7ffb Mon Sep 17 00:00:00 2001 From: tb Date: Sun, 19 Nov 2023 15:51:49 +0000 Subject: [PATCH] Unifdef OPENSSL_NO_ENGINE in libssl As usual, a few manual fixes to avoid duplicate lines. ok jsing --- lib/libssl/ssl.h | 5 +---- lib/libssl/ssl_ciph.c | 6 +----- lib/libssl/ssl_lib.c | 30 +----------------------------- lib/libssl/ssl_local.h | 8 +------- lib/libssl/ssl_sess.c | 25 +------------------------ 5 files changed, 5 insertions(+), 69 deletions(-) diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index acde94c7493..4ef6f6df7f5 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.230 2022/12/26 07:31:44 jmc Exp $ */ +/* $OpenBSD: ssl.h,v 1.231 2023/11/19 15:51:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -610,9 +610,6 @@ void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); -#ifndef OPENSSL_NO_ENGINE -int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); -#endif void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index b735cd7b30e..38ebea1629f 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.136 2023/07/08 16:40:13 beck Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.137 2023/11/19 15:51:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -145,10 +145,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "ssl_local.h" #define CIPHER_ADD 1 diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 0ac393f73c5..9e65095c6c0 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.314 2023/09/19 01:22:31 tb Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.315 2023/11/19 15:51:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -154,10 +154,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "bytestring.h" #include "dtls_local.h" #include "ssl_local.h" @@ -2164,26 +2160,6 @@ SSL_CTX_new(const SSL_METHOD *meth) ret->tlsext_status_cb = 0; ret->tlsext_status_arg = NULL; -#ifndef OPENSSL_NO_ENGINE - ret->client_cert_engine = NULL; -#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO -#define eng_strx(x) #x -#define eng_str(x) eng_strx(x) - /* Use specific client engine automatically... ignore errors */ - { - ENGINE *eng; - eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); - if (!eng) { - ERR_clear_error(); - ENGINE_load_builtin_engines(); - eng = ENGINE_by_id(eng_str( - OPENSSL_SSL_CLIENT_ENGINE_AUTO)); - } - if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) - ERR_clear_error(); - } -#endif -#endif /* * Default is to connect to non-RI servers. When RI is more widely * deployed might change this. @@ -2241,10 +2217,6 @@ SSL_CTX_free(SSL_CTX *ctx) sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles); #endif -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(ctx->client_cert_engine); -#endif - free(ctx->tlsext_ecpointformatlist); free(ctx->tlsext_supportedgroups); diff --git a/lib/libssl/ssl_local.h b/lib/libssl/ssl_local.h index 9666f3882a6..dd8895f018d 100644 --- a/lib/libssl/ssl_local.h +++ b/lib/libssl/ssl_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_local.h,v 1.7 2023/07/06 07:56:32 beck Exp $ */ +/* $OpenBSD: ssl_local.h,v 1.8 2023/11/19 15:51:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -865,12 +865,6 @@ struct ssl_ctx_st { */ unsigned int max_send_fragment; -#ifndef OPENSSL_NO_ENGINE - /* Engine to pass requests for client certs to - */ - ENGINE *client_cert_engine; -#endif - /* RFC 4507 session ticket keys */ unsigned char tlsext_tick_key_name[16]; unsigned char tlsext_tick_hmac_key[16]; diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index aa6b08eae65..ae7532d1adc 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.122 2023/07/08 16:40:13 beck Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.123 2023/11/19 15:51:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -138,10 +138,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "ssl_local.h" static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); @@ -1320,25 +1316,6 @@ int } LSSL_ALIAS(SSL_CTX_get_client_cert_cb); -#ifndef OPENSSL_NO_ENGINE -int -SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) -{ - if (!ENGINE_init(e)) { - SSLerrorx(ERR_R_ENGINE_LIB); - return 0; - } - if (!ENGINE_get_ssl_client_cert_function(e)) { - SSLerrorx(SSL_R_NO_CLIENT_CERT_METHOD); - ENGINE_finish(e); - return 0; - } - ctx->client_cert_engine = e; - return 1; -} -LSSL_ALIAS(SSL_CTX_set_client_cert_engine); -#endif - void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) -- 2.20.1