Remove Engines #1318
Description
@nhorman prepared these notes as a starting point
-
Remove uses of OPENSSL_NO_ENGINE
This is a define that, when asserted, tells the build that we are not including support for engines. The first step should be to just delete any code which exists within code gated by these defines. It's a large task, but iit sn't complicated. -
Remove code that makes use of the ENGINE type
ENGINE is the data structure that defines an engine, and is always defined (with or without the use of the above OPENSSL_NO_ENGINE macro. This is done because several public and private apis use it as a parameter. These api calls are broken out as follows:
a) private functions - these can be updated at will to just remove the use of the parameter
b) public deprecated APIs
c) public non-deprecated APIs
(a) is easy, we can just update those functions to remove the use of the type along with any code that references it
(c) is not super hard, we just update the public functions and announce that the ABI for those functions are changing in 4.0
(b) requires some thought, because these API's are marked as deprecated, there is an implicit expectation that they don't change anymore. Our options here are to either (1) keep the engine type in the parameter and document that it is no longer used. or (2) remove the deprecated APIs entirely. (2) is the more complete solution, but is a much larger undertaking.
The good news here is that while step 2 is a huge effort in and of itself, it can be further broken down into subtasks, each task addressing a different API (the EVP_PKEY API, the EC API, etc.), so we can get several people working on it in parallel.
-
Reconcile tests that test engine functionality. We have several tests that either exclusively test engine functionality (which can just be removed), and some that optionally test engine functionality if it exists. Each of those tests needs to be separately addressed, either by deleting the test or adjusting it so it only addresses non-engine functionality. This can also be broken into subtasks.
-
Docs reconciliation. The documents for the engine api need to be removed entirely. For APIs which change due to work done in (2), the docs need to be updated to either note that the ENGINE parameter is no longer used or that it no longer exists. This task can be broken down along the same boundaries that we break down (2) - i.e. the person that handles the EC api for step 2 should also handle the docs for the EC api here.
-
Removal of the config options to enable engine support. This should be pretty straightforward; remove the engine options from the configure script.
-
Removal of the engine code itself. The build.info files should no longer build the engine code, and the engines directory and associated code should be removed entirely.
Additional notes regarding the completion of this PR:
While we are removing engine functionality, we must take care not to remove any public APIS that affect users ability to build openssl. There are many public functions that contain and ENGINE type as a parameter. Rather than eliminate those parameters or remove the vestigial functions entirely, we must maintain their API and ABI status within the body of work of this EPIC. The implication here is that for the below functions, we need to maintain an ENGINE type (though it may just be an alias to void), so that the API and ABI are preserved. The parameter however may/will be ignored internally to the functions implementation
One exception to that guidance however, is the ENGINE api itself (ENGINE_init, ENGINE_cleanup, etc). These functions may or may not be removed within the scope of this epic. That determination is being made by the corporation and foundation currently, and this epic will be updated once consensus is reached on the topic.
OSSL_DEPRECATEDIN_1_1_0 void ENGINE_setup_bsd_cryptodev
OSSL_DEPRECATEDIN_3_0 const char *ENGINE_get_id
OSSL_DEPRECATEDIN_3_0 const char *ENGINE_get_name
OSSL_DEPRECATEDIN_3_0 const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
OSSL_DEPRECATEDIN_3_0 ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
OSSL_DEPRECATEDIN_3_0 ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
OSSL_DEPRECATEDIN_3_0 ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
OSSL_DEPRECATEDIN_3_0 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
OSSL_DEPRECATEDIN_3_0 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
OSSL_DEPRECATEDIN_3_0 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
OSSL_DEPRECATEDIN_3_0 ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
OSSL_DEPRECATEDIN_3_0 ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
OSSL_DEPRECATEDIN_3_0 ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e);
OSSL_DEPRECATEDIN_3_0 ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
OSSL_DEPRECATEDIN_3_0 ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
OSSL_DEPRECATEDIN_3_0 int ENGINE_add
OSSL_DEPRECATEDIN_3_0 int ENGINE_cmd_is_executable
OSSL_DEPRECATEDIN_3_0 int ENGINE_ctrl
OSSL_DEPRECATEDIN_3_0 int ENGINE_ctrl_cmd
OSSL_DEPRECATEDIN_3_0 int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
OSSL_DEPRECATEDIN_3_0 int ENGINE_finish
OSSL_DEPRECATEDIN_3_0 int ENGINE_free
OSSL_DEPRECATEDIN_3_0 int ENGINE_get_flags
OSSL_DEPRECATEDIN_3_0 int ENGINE_init
OSSL_DEPRECATEDIN_3_0 int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, STACK_OF(X509_NAME) *ca_dn,
OSSL_DEPRECATEDIN_3_0 int ENGINE_register_all_complete
OSSL_DEPRECATEDIN_3_0 int ENGINE_register_ciphers
OSSL_DEPRECATEDIN_3_0 int ENGINE_register_complete
OSSL_DEPRECATEDIN_3_0 int ENGINE_register_DH
OSSL_DEPRECATEDIN_3_0 int ENGINE_register_digests
OSSL_DEPRECATEDIN_3_0 int ENGINE_register_DSA
OSSL_DEPRECATEDIN_3_0 int ENGINE_register_EC
OSSL_DEPRECATEDIN_3_0 int ENGINE_register_pkey_asn1_meths
OSSL_DEPRECATEDIN_3_0 int ENGINE_register_pkey_meths
OSSL_DEPRECATEDIN_3_0 int ENGINE_register_RAND
OSSL_DEPRECATEDIN_3_0 int ENGINE_register_RSA
OSSL_DEPRECATEDIN_3_0 int ENGINE_remove
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_cmd_defns
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_ciphers
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_DH
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_digests
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_DSA
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_EC
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_pkey_asn1_meths
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_pkey_meths
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_RAND
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_RSA
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default_string
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_destroy_function(ENGINE *e,ENGINE_GEN_INT_FUNC_PTR destroy_f);
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_DH
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_DSA
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_EC
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_ex_data
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_flags
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_id
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_name
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f);
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_RAND
OSSL_DEPRECATEDIN_3_0 int ENGINE_set_RSA
OSSL_DEPRECATEDIN_3_0 int ENGINE_up_ref
OSSL_DEPRECATEDIN_3_0 void ENGINE_add_conf_module
OSSL_DEPRECATEDIN_3_0 void ENGINE_load_builtin_engines
OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_ciphers
OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_DH
OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_digests
OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_DSA
OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_EC
OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_pkey_asn1_meths
OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_pkey_meths
OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_RAND
OSSL_DEPRECATEDIN_3_0 void ENGINE_register_all_RSA
OSSL_DEPRECATEDIN_3_0 void ENGINE_set_table_flags
OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_ciphers
OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_DH
OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_digests
OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_DSA
OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_EC
OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_pkey_asn1_meths
OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_pkey_meths
OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_RAND
OSSL_DEPRECATEDIN_3_0 void ENGINE_unregister_RSA