Mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-01-18 17:11:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

providers/: Remove ENGINEs

Browse Source 
Signed-off-by: Norbert Pocs <norbertp@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
This commit is contained in:
Norbert Pocs
2025-08-28 15:14:31 +02:00
committed by Neil Horman
parent 4bd0612a2a
commit 8c7e974bb5
23 changed files with 49 additions and 170 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
providers/common/include/prov/provider_util.h
View File

@@ -39,13 +39,11 @@ typedef struct {
/* Cipher functions */
/*
* Load a cipher from the specified parameters with the specified context.
* The params "propq", "engine" and "cipher" are used to determine the
* implementation used. If a provider cannot be found, it falls back to trying
* non-provider based implementations.
* The params "propq" and "cipher" are used to determine the
* implementation used.
*/
int ossl_prov_cipher_load(PROV_CIPHER *pc, const OSSL_PARAM *cipher,
const OSSL_PARAM *propq, const OSSL_PARAM *engine,
OSSL_LIB_CTX *ctx);
const OSSL_PARAM *propq, OSSL_LIB_CTX *ctx);
/* Reset the PROV_CIPHER fields and free any allocated cipher reference */
void ossl_prov_cipher_reset(PROV_CIPHER *pc);
@@ -53,9 +51,8 @@ void ossl_prov_cipher_reset(PROV_CIPHER *pc);
/* Clone a PROV_CIPHER structure into a second */
int ossl_prov_cipher_copy(PROV_CIPHER *dst, const PROV_CIPHER *src);
/* Query the cipher and associated engine (if any) */
/* Query the cipher (if any) */
const EVP_CIPHER *ossl_prov_cipher_cipher(const PROV_CIPHER *pc);
ENGINE *ossl_prov_cipher_engine(const PROV_CIPHER *pc);
/* Digest functions */
@@ -68,13 +65,11 @@ const EVP_MD *ossl_prov_digest_fetch(PROV_DIGEST *pd, OSSL_LIB_CTX *libctx,
/*
* Load a digest from the specified parameters with the specified context.
* The params "propq", "engine" and "digest" are used to determine the
* implementation used. If a provider cannot be found, it falls back to trying
* non-provider based implementations.
* The params "propq" and "digest" are used to determine the
* implementation used.
*/
int ossl_prov_digest_load(PROV_DIGEST *pd,const OSSL_PARAM *digest,
const OSSL_PARAM *propq, const OSSL_PARAM *engine,
OSSL_LIB_CTX *ctx);
const OSSL_PARAM *propq, OSSL_LIB_CTX *ctx);
/* Reset the PROV_DIGEST fields and free any allocated digest reference */
void ossl_prov_digest_reset(PROV_DIGEST *pd);
@@ -82,9 +77,8 @@ void ossl_prov_digest_reset(PROV_DIGEST *pd);
/* Clone a PROV_DIGEST structure into a second */
int ossl_prov_digest_copy(PROV_DIGEST *dst, const PROV_DIGEST *src);
/* Query the digest and associated engine (if any) */
/* Query the digest (if any) */
const EVP_MD *ossl_prov_digest_md(const PROV_DIGEST *pd);
ENGINE *ossl_prov_digest_engine(const PROV_DIGEST *pd);
/* Set a specific md, resets current digests first */
void ossl_prov_digest_set_md(PROV_DIGEST *pd, EVP_MD *md);
@@ -97,14 +91,12 @@ void ossl_prov_digest_set_md(PROV_DIGEST *pd, EVP_MD *md);
int ossl_prov_macctx_load(EVP_MAC_CTX **macctx,
const OSSL_PARAM *pmac, const OSSL_PARAM *pcipher,
const OSSL_PARAM *pdigest, const OSSL_PARAM *propq,
const OSSL_PARAM *pengine,
const char *macname, const char *ciphername,
const char *mdname, OSSL_LIB_CTX *libctx);
int ossl_prov_set_macctx(EVP_MAC_CTX *macctx,
const char *ciphername,
const char *mdname,
const char *engine,
const char *properties,
const OSSL_PARAM param[]);

87
providers/common/provider_util.c
View File

@@ -7,15 +7,11 @@
* https://www.openssl.org/source/license.html
*/
/* We need to use some engine deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED
#include <openssl/evp.h>
#include <openssl/core_names.h>
#include <openssl/err.h>
#include <openssl/proverr.h>
#ifndef FIPS_MODULE
# include <openssl/engine.h>
# include "crypto/evp.h"
#endif
#include "prov/providercommon.h"
@@ -26,23 +22,12 @@ void ossl_prov_cipher_reset(PROV_CIPHER *pc)
EVP_CIPHER_free(pc->alloc_cipher);
pc->alloc_cipher = NULL;
pc->cipher = NULL;
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
ENGINE_finish(pc->engine);
#endif
pc->engine = NULL;
}
int ossl_prov_cipher_copy(PROV_CIPHER *dst, const PROV_CIPHER *src)
{
if (src->alloc_cipher != NULL && !EVP_CIPHER_up_ref(src->alloc_cipher))
return 0;
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
if (src->engine != NULL && !ENGINE_init(src->engine)) {
EVP_CIPHER_free(src->alloc_cipher);
return 0;
}
#endif
dst->engine = src->engine;
dst->cipher = src->cipher;
dst->alloc_cipher = src->alloc_cipher;
return 1;
@@ -59,41 +44,12 @@ static int set_propq(const OSSL_PARAM *propq, const char **propquery)
return 1;
}
static int set_engine(const OSSL_PARAM *e, ENGINE **engine)
{
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
ENGINE_finish(*engine);
#endif
*engine = NULL;
/* Inside the FIPS module, we don't support legacy ciphers */
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
if (e != NULL) {
if (e->data_type != OSSL_PARAM_UTF8_STRING)
return 0;
/* Get a structural reference */
*engine = ENGINE_by_id(e->data);
if (*engine == NULL)
return 0;
/* Get a functional reference */
if (!ENGINE_init(*engine)) {
ENGINE_free(*engine);
*engine = NULL;
return 0;
}
/* Free the structural reference */
ENGINE_free(*engine);
}
#endif
return 1;
}
int ossl_prov_cipher_load(PROV_CIPHER *pc, const OSSL_PARAM *cipher,
const OSSL_PARAM *propq, const OSSL_PARAM *engine,
OSSL_LIB_CTX *ctx)
const OSSL_PARAM *propq, OSSL_LIB_CTX *ctx)
{
const char *propquery;
if (!set_propq(propq, &propquery) || !set_engine(engine, &pc->engine))
if (!set_propq(propq, &propquery))
return 0;
if (cipher == NULL)
@@ -127,33 +83,17 @@ const EVP_CIPHER *ossl_prov_cipher_cipher(const PROV_CIPHER *pc)
return pc->cipher;
}
ENGINE *ossl_prov_cipher_engine(const PROV_CIPHER *pc)
{
return pc->engine;
}
void ossl_prov_digest_reset(PROV_DIGEST *pd)
{
EVP_MD_free(pd->alloc_md);
pd->alloc_md = NULL;
pd->md = NULL;
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
ENGINE_finish(pd->engine);
#endif
pd->engine = NULL;
}
int ossl_prov_digest_copy(PROV_DIGEST *dst, const PROV_DIGEST *src)
{
if (src->alloc_md != NULL && !EVP_MD_up_ref(src->alloc_md))
return 0;
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
if (src->engine != NULL && !ENGINE_init(src->engine)) {
EVP_MD_free(src->alloc_md);
return 0;
}
#endif
dst->engine = src->engine;
dst->md = src->md;
dst->alloc_md = src->alloc_md;
return 1;
@@ -169,12 +109,11 @@ const EVP_MD *ossl_prov_digest_fetch(PROV_DIGEST *pd, OSSL_LIB_CTX *libctx,
}
int ossl_prov_digest_load(PROV_DIGEST *pd, const OSSL_PARAM *digest,
const OSSL_PARAM *propq, const OSSL_PARAM *engine,
OSSL_LIB_CTX *ctx)
const OSSL_PARAM *propq, OSSL_LIB_CTX *ctx)
{
const char *propquery;
if (!set_propq(propq, &propquery) || !set_engine(engine, &pd->engine))
if (!set_propq(propq, &propquery))
return 0;
if (digest == NULL)
@@ -212,15 +151,9 @@ const EVP_MD *ossl_prov_digest_md(const PROV_DIGEST *pd)
return pd->md;
}
ENGINE *ossl_prov_digest_engine(const PROV_DIGEST *pd)
{
return pd->engine;
}
int ossl_prov_set_macctx(EVP_MAC_CTX *macctx,
const char *ciphername,
const char *mdname,
const char *engine,
const char *properties,
const OSSL_PARAM param[])
{
@@ -238,12 +171,6 @@ int ossl_prov_set_macctx(EVP_MAC_CTX *macctx,
*mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_PROPERTIES,
(char *)properties, 0);
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
if (engine != NULL)
*mp++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_ENGINE,
(char *) engine, 0);
#endif
*mp = OSSL_PARAM_construct_end();
/*
@@ -274,12 +201,10 @@ int ossl_prov_set_macctx(EVP_MAC_CTX *macctx,
int ossl_prov_macctx_load(EVP_MAC_CTX **macctx,
const OSSL_PARAM *pmac, const OSSL_PARAM *pcipher,
const OSSL_PARAM *pdigest, const OSSL_PARAM *propq,
const OSSL_PARAM *pengine,
const char *macname, const char *ciphername,
const char *mdname, OSSL_LIB_CTX *libctx)
{
const char *properties = NULL;
const char *engine = NULL;
if (macname == NULL && pmac != NULL)
if (!OSSL_PARAM_get_utf8_string_ptr(pmac, &macname))
@@ -312,10 +237,8 @@ int ossl_prov_macctx_load(EVP_MAC_CTX **macctx,
if (mdname == NULL && pdigest != NULL)
if (!OSSL_PARAM_get_utf8_string_ptr(pdigest, &mdname))
return 0;
if (pengine != NULL && !OSSL_PARAM_get_utf8_string_ptr(pengine, &engine))
return 0;
if (ossl_prov_set_macctx(*macctx, ciphername, mdname, engine, properties, NULL))
if (ossl_prov_set_macctx(*macctx, ciphername, mdname, properties, NULL))
return 1;
EVP_MAC_CTX_free(*macctx);

2
providers/implementations/asymciphers/sm2_enc.c
View File

@@ -189,7 +189,7 @@ static int sm2_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM params[])
if (psm2ctx == NULL || !sm2_set_ctx_params_decoder(params, &p))
return 0;
if (!ossl_prov_digest_load(&psm2ctx->md, p.digest, p.propq, p.engine,
if (!ossl_prov_digest_load(&psm2ctx->md, p.digest, p.propq,
psm2ctx->libctx))
return 0;

5
providers/implementations/kdfs/hkdf.c
View File

@@ -294,8 +294,7 @@ static int hkdf_common_set_ctx_params
if (p->digest != NULL) {
const EVP_MD *md = NULL;
if (!ossl_prov_digest_load(&ctx->digest, p->digest,
p->propq, p->engine, libctx))
if (!ossl_prov_digest_load(&ctx->digest, p->digest, p->propq, libctx))
return 0;
md = ossl_prov_digest_md(&ctx->digest);
@@ -488,7 +487,7 @@ static void *kdf_hkdf_fixed_digest_new(void *provctx, const char *digest)
param = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST,
(char *)digest, 0);
if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, NULL, libctx)) {
if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, libctx)) {
kdf_hkdf_free(ctx);
return NULL;
}

5
providers/implementations/kdfs/hmacdrbg_kdf.c
View File

@@ -210,8 +210,7 @@ static int hmac_drbg_kdf_set_ctx_params(void *vctx,
}
if (p.digest != NULL) {
if (!ossl_prov_digest_load(&drbg->digest, p.digest,
p.propq, p.engine, libctx))
if (!ossl_prov_digest_load(&drbg->digest, p.digest, p.propq, libctx))
return 0;
/* Confirm digest is allowed. Allow all digests that are not XOF */
@@ -227,7 +226,7 @@ static int hmac_drbg_kdf_set_ctx_params(void *vctx,
drbg->blocklen = (size_t)md_size;
}
if (!ossl_prov_macctx_load(&drbg->ctx, NULL, NULL, p.digest, p.propq,
p.engine, "HMAC", NULL, NULL, libctx))
"HMAC", NULL, NULL, libctx))
return 0;
}
return 1;

3
providers/implementations/kdfs/kbkdf.c
View File

@@ -383,8 +383,7 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
return 0;
if (!ossl_prov_macctx_load(&ctx->ctx_init, p.mac, p.cipher,
p.digest, p.propq, p.engine,
NULL, NULL, NULL, libctx))
p.digest, p.propq, NULL, NULL, NULL, libctx))
return 0;
if (ctx->ctx_init != NULL) {

6
providers/implementations/kdfs/krb5kdf.c
View File

@@ -128,7 +128,7 @@ static int krb5kdf_derive(void *vctx, unsigned char *key, size_t keylen,
{
KRB5KDF_CTX *ctx = (KRB5KDF_CTX *)vctx;
const EVP_CIPHER *cipher;
ENGINE *engine;
ENGINE *engine = NULL;
if (!ossl_prov_is_running() || !krb5kdf_set_ctx_params(ctx, params))
return 0;
@@ -146,7 +146,7 @@ static int krb5kdf_derive(void *vctx, unsigned char *key, size_t keylen,
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONSTANT);
return 0;
}
engine = ossl_prov_cipher_engine(&ctx->cipher);
return KRB5KDF(cipher, engine, ctx->key, ctx->key_len,
ctx->constant, ctx->constant_len,
key, keylen);
@@ -163,7 +163,7 @@ static int krb5kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
provctx = PROV_LIBCTX_OF(ctx->provctx);
if (!ossl_prov_cipher_load(&ctx->cipher, p.cipher, p.propq, p.engine, provctx))
if (!ossl_prov_cipher_load(&ctx->cipher, p.cipher, p.propq, provctx))
return 0;
if (p.key != NULL && !krb5kdf_set_membuf(&ctx->key, &ctx->key_len, p.key))

3
providers/implementations/kdfs/pbkdf1.c
View File

@@ -236,8 +236,7 @@ static int kdf_pbkdf1_set_ctx_params(void *vctx, const OSSL_PARAM params[])
libctx = PROV_LIBCTX_OF(ctx->provctx);
if (!ossl_prov_digest_load(&ctx->digest, p.digest,
p.propq, p.engine, libctx))
if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, libctx))
return 0;
if (p.pw != NULL && !kdf_pbkdf1_set_membuf(&ctx->pass, &ctx->pass_len, p.pw))

5
providers/implementations/kdfs/pbkdf2.c
View File

@@ -178,7 +178,7 @@ static void kdf_pbkdf2_init(KDF_PBKDF2 *ctx)
param = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
SN_sha1, 0);
if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, NULL, provctx))
if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, provctx))
/* This is an error, but there is no way to indicate such directly */
ossl_prov_digest_reset(&ctx->digest);
ctx->iter = PKCS5_DEFAULT_ITER;
@@ -327,8 +327,7 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
provctx = PROV_LIBCTX_OF(ctx->provctx);
if (p.digest != NULL) {
if (!ossl_prov_digest_load(&ctx->digest, p.digest,
p.propq, p.engine, provctx))
if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx))
return 0;
md = ossl_prov_digest_md(&ctx->digest);
if (EVP_MD_xof(md)) {

3
providers/implementations/kdfs/pkcs12kdf.c
View File

@@ -252,8 +252,7 @@ static int kdf_pkcs12_set_ctx_params(void *vctx, const OSSL_PARAM params[])
provctx = PROV_LIBCTX_OF(ctx->provctx);
if (!ossl_prov_digest_load(&ctx->digest, p.digest,
p.propq, p.engine, provctx))
if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx))
return 0;
if (p.pw != NULL && !pkcs12kdf_set_membuf(&ctx->pass, &ctx->pass_len, p.pw))

5
providers/implementations/kdfs/pvkkdf.c
View File

@@ -111,7 +111,7 @@ static void kdf_pvk_init(KDF_PVK *ctx)
param = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
SN_sha1, 0);
if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, NULL, provctx))
if (!ossl_prov_digest_load(&ctx->digest, &param, NULL, provctx))
/* This is an error, but there is no way to indicate such directly */
ossl_prov_digest_reset(&ctx->digest);
}
@@ -190,8 +190,7 @@ static int kdf_pvk_set_ctx_params(void *vctx, const OSSL_PARAM params[])
provctx = PROV_LIBCTX_OF(ctx->provctx);
if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, p.engine,
provctx))
if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx))
return 0;
if (p.pass != NULL && !pvk_set_membuf(&ctx->pass, &ctx->pass_len, p.pass))

3
providers/implementations/kdfs/sshkdf.c
View File

@@ -226,8 +226,7 @@ static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
if (p.digest != NULL) {
const EVP_MD *md = NULL;
if (!ossl_prov_digest_load(&ctx->digest, p.digest,
p.propq, p.engine, provctx))
if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx))
return 0;
md = ossl_prov_digest_md(&ctx->digest);

5
providers/implementations/kdfs/sskdf.c
View File

@@ -565,7 +565,7 @@ static int sskdf_common_set_ctx_params
int r;
if (!ossl_prov_macctx_load(&ctx->macctx,
p->mac, NULL, p->digest, p->propq, p->engine,
p->mac, NULL, p->digest, p->propq,
NULL, NULL, NULL, libctx))
return 0;
if (ctx->macctx != NULL) {
@@ -578,8 +578,7 @@ static int sskdf_common_set_ctx_params
}
if (p->digest != NULL) {
if (!ossl_prov_digest_load(&ctx->digest, p->digest,
p->propq, p->engine, libctx))
if (!ossl_prov_digest_load(&ctx->digest, p->digest, p->propq, libctx))
return 0;
md = ossl_prov_digest_md(&ctx->digest);

8
providers/implementations/kdfs/tls1_prf.c
View File

@@ -313,25 +313,25 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
if (OPENSSL_strcasecmp(dgst, OSSL_DIGEST_NAME_MD5_SHA1) == 0) {
if (!ossl_prov_macctx_load(&ctx->P_hash, NULL, NULL, NULL,
p.propq, p.engine,
p.propq,
OSSL_MAC_NAME_HMAC, NULL,
OSSL_DIGEST_NAME_MD5, libctx))
return 0;
if (!ossl_prov_macctx_load(&ctx->P_sha1, NULL, NULL, NULL,
p.propq, p.engine,
p.propq,
OSSL_MAC_NAME_HMAC, NULL,
OSSL_DIGEST_NAME_SHA1, libctx))
return 0;
} else {
EVP_MAC_CTX_free(ctx->P_sha1);
if (!ossl_prov_macctx_load(&ctx->P_hash, NULL, NULL, p.digest,
p.propq, p.engine,
p.propq,
OSSL_MAC_NAME_HMAC, NULL, NULL, libctx))
return 0;
}
memset(&digest, 0, sizeof(digest));
if (!ossl_prov_digest_load(&digest, p.digest, p.propq, p.engine, libctx))
if (!ossl_prov_digest_load(&digest, p.digest, p.propq, libctx))
return 0;
md = ossl_prov_digest_md(&digest);

3
providers/implementations/kdfs/x942kdf.c
View File

@@ -545,8 +545,7 @@ static int x942kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
return 0;
if (p.digest != NULL) {
if (!ossl_prov_digest_load(&ctx->digest, p.digest,
p.propq, p.engine, provctx))
if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, provctx))
return 0;
md = ossl_prov_digest_md(&ctx->digest);
if (EVP_MD_xof(md)) {

12
providers/implementations/keymgmt/mac_legacy_kmgmt.c
View File

@@ -228,7 +228,7 @@ static int mac_key_fromdata(MAC_KEY *key, const struct mac_common_params_st *p)
}
if (key->cmac && !ossl_prov_cipher_load(&key->cipher, p->cipher, p->propq,
p->engine, key->libctx)) {
key->libctx)) {
ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
return 0;
}
@@ -301,14 +301,6 @@ static int key_to_params(MAC_KEY *key, OSSL_PARAM_BLD *tmpl,
EVP_CIPHER_get0_name(key->cipher.cipher)))
return 0;
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
if (key->cipher.engine != NULL
&& !ossl_param_build_set_utf8_string(tmpl, p->engine,
OSSL_PKEY_PARAM_ENGINE,
ENGINE_get_id(key->cipher.engine)))
return 0;
#endif
return 1;
}
@@ -475,7 +467,7 @@ static int cmac_gen_set_params(void *genctx, const OSSL_PARAM params[])
return 0;
if (!ossl_prov_cipher_load(&gctx->cipher, p.cipher, p.propq,
p.engine, gctx->libctx)) {
gctx->libctx)) {
ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
return 0;
}

5
providers/implementations/macs/cmac_prov.c
View File

@@ -164,7 +164,7 @@ static int cmac_setkey(struct cmac_data_st *macctx,
#endif
rv = ossl_cmac_init(macctx->ctx, key, keylen,
ossl_prov_cipher_cipher(&macctx->cipher),
ossl_prov_cipher_engine(&macctx->cipher), p);
NULL, p);
ossl_prov_cipher_reset(&macctx->cipher);
return rv;
}
@@ -251,8 +251,7 @@ static int cmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
return 0;
if (p.cipher != NULL) {
if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq,
p.engine, ctx))
if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq, ctx))
return 0;
if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher))

6
providers/implementations/macs/gmac_prov.c
View File

@@ -210,8 +210,7 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
provctx = PROV_LIBCTX_OF(macctx->provctx);
if (p.cipher != NULL) {
if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq,
p.engine, provctx))
if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq, provctx))
return 0;
if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher))
!= EVP_CIPH_GCM_MODE) {
@@ -219,8 +218,7 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
return 0;
}
if (!EVP_EncryptInit_ex(ctx, ossl_prov_cipher_cipher(&macctx->cipher),
ossl_prov_cipher_engine(&macctx->cipher), NULL,
NULL))
NULL, NULL, NULL))
return 0;
}

6
providers/implementations/macs/hmac_prov.c
View File

@@ -193,8 +193,7 @@ static int hmac_setkey(struct hmac_data_st *macctx,
digest = ossl_prov_digest_md(&macctx->digest);
/* HMAC_Init_ex doesn't tolerate all zero params, so we must be careful */
if (key != NULL || (macctx->tls_data_size == 0 && digest != NULL))
return HMAC_Init_ex(macctx->ctx, key, (int)keylen, digest,
ossl_prov_digest_engine(&macctx->digest));
return HMAC_Init_ex(macctx->ctx, key, (int)keylen, digest, NULL);
return 1;
}
@@ -326,8 +325,7 @@ static int hmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
return 0;
if (p.digest != NULL
&& !ossl_prov_digest_load(&macctx->digest, p.digest, p.propq,
p.engine, ctx))
&& !ossl_prov_digest_load(&macctx->digest, p.digest, p.propq, ctx))
return 0;
if (p.key != NULL) {

2
providers/implementations/macs/kmac_prov.c
View File

@@ -199,7 +199,7 @@ static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params)
return 0;
if (!kmac_new_decoder(params, &p))
goto err;
if (!ossl_prov_digest_load(&kctx->digest, p.digest, p.propq, p.engine,
if (!ossl_prov_digest_load(&kctx->digest, p.digest, p.propq,
PROV_LIBCTX_OF(provctx)))
goto err;

3
providers/implementations/rands/drbg_hash.c
View File

@@ -570,8 +570,7 @@ static int drbg_hash_set_ctx_params_locked
if (!drbg_fetch_digest_from_prov(p, libctx, &prov_md)) {
(void)ERR_pop_to_mark();
/* fall back to full implementation search */
if (!ossl_prov_digest_load(&hash->digest, p->digest, p->propq,
p->engine, libctx))
if (!ossl_prov_digest_load(&hash->digest, p->digest, p->propq, libctx))
return 0;
} else {
(void)ERR_clear_last_mark();

5
providers/implementations/rands/drbg_hmac.c
View File

@@ -464,12 +464,11 @@ static int drbg_hmac_set_ctx_params_locked
if (p->digest != NULL) {
/* fall back to full implementation search */
if (!ossl_prov_digest_load(&hmac->digest, p->digest, p->propq,
p->engine, libctx))
libctx))
return 0;
if (!ossl_prov_macctx_load(&hmac->ctx, NULL, NULL, p->digest,
p->propq, p->engine,
"HMAC", NULL, NULL, libctx))
p->propq, "HMAC", NULL, NULL, libctx))
return 0;
}
} else {

13
providers/implementations/signature/mac_legacy_sig.c
View File

@@ -7,9 +7,6 @@
* https://www.openssl.org/source/license.html
*/
/* We need to use some engine deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/core_dispatch.h>
@@ -17,9 +14,6 @@
#include <openssl/params.h>
#include <openssl/err.h>
#include <openssl/proverr.h>
#ifndef FIPS_MODULE
# include <openssl/engine.h>
#endif
#include "prov/implementations.h"
#include "prov/provider_ctx.h"
#include "prov/macsignature.h"
@@ -97,7 +91,7 @@ static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey,
const OSSL_PARAM params[])
{
PROV_MAC_CTX *pmacctx = (PROV_MAC_CTX *)vpmacctx;
const char *ciphername = NULL, *engine = NULL;
const char *ciphername = NULL;
if (!ossl_prov_is_running()
|| pmacctx == NULL)
@@ -117,15 +111,10 @@ static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey,
if (pmacctx->key->cipher.cipher != NULL)
ciphername = (char *)EVP_CIPHER_get0_name(pmacctx->key->cipher.cipher);
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
if (pmacctx->key->cipher.engine != NULL)
engine = (char *)ENGINE_get_id(pmacctx->key->cipher.engine);
#endif
if (!ossl_prov_set_macctx(pmacctx->macctx,
(char *)ciphername,
(char *)mdname,
(char *)engine,
pmacctx->key->properties, params))
return 0;