start writing migration guide for 4.0#28740
Open
nhorman wants to merge 35 commits intoopenssl:feature/engineremovalfrom
Open
start writing migration guide for 4.0#28740nhorman wants to merge 35 commits intoopenssl:feature/engineremovalfrom
nhorman wants to merge 35 commits intoopenssl:feature/engineremovalfrom
Conversation
nhorman
added
approval: review pending
As we can't do every change in one big PR (and we also don't want), therefore there always will be failing tests until everything is resolved/cleaned up. This way we silence the CI about engine tests and later we can reenable them to see what else needs to be fixed. Resolves: openssl/project#1371 Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#28440)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#28440)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#28440)
This patch removes apps/engine.c and associated man pages. Resolves: openssl/project#1370 Signed-off-by: Milan Broz <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#28481)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Resolves: openssl/project#1354 Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Most of the ifdefs were removed, but we want to rewrite the dasync engine to a provider. Therefore that code was not removed; instead a new temporary macro was added named TODO_REWRITE_ME_DASYNC_PROVIDER. Resolves: openssl/project#1363 Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Resolves: openssl/project#1364 Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Resolves: openssl/project#1352 Resolves: openssl/project#1353 Signed-off-by: Milan Broz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Resolves: openssl/project#1368 Signed-off-by: Milan Broz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
With ENGINES going away we need to remove these trace catagories Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from openssl#28556)
As the subject indicates, with these trace categories gone, we shouldn't reference them in the docs anymore. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from openssl#28556)
Resolves: openssl/project#1437 Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from openssl#28560)
Resolves: openssl/project#1616 Signed-off-by: Milan Broz <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#28618)
Resolves: openssl/project#1614 Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Neil Horman <[email protected]> (Merged from openssl#28566)
Resolves: openssl/project#1615 Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#28570)
For compatibility reasons, OPENSSL_ENGINES_DIR and OPENSSL_INFO_ENGINES_DIR are still supported but return values like with engines disabled. The OPENSSL_ENGINES environment variable will be removed with engine removal later. Resolves: openssl/project#1425 Signed-off-by: Milan Broz <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> (Merged from openssl#28702)
The evp_extra_test code makes use of the dasync engine to ensure that we can do evp operations (signatures and ciphers) with an engine. The dasync engine is used for this purpose, but it does not exercize any specific pipeline functionality. Given that engines are getting removed, the engine tests here I think can just be removed. Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#28525)
With the impending engine removal, we don't have a need to test engine functionality in these tests anymore, so remove the test cases that make use of the dasync engine here. Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#28525)
It seems like it wasn't ever needed before, so with the removal of engines, just get rid of it. Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#28525)
We have a specific test suite that exercizes the afalg engine, that is becoming useless with engine removal. I had considered that we should perhaps convert this into a provider, but having looked at the engine itself, it only offers implementations for AES-128, AES-192 and AES-256. Given that the default provider offers these algorithms with hardware acceleration via the aesni instruction set (or comparable instructions on non-x86 arches), it seems like the only advantage the afalg engine offers is acceleration of these ciphers on platforms that have off-cpu accelerators and no cpu based acceleration support. given that: a) Most cpus have instruction based acceleration b) We don't test with any platforms that use external accelerators It seems like alot of investment to get no real advantage, so just remove the test, allowing us to delete the engine entirely in another PR. Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#28525)
With engine removal, we expect that init flag to disappear, so stop using it here. Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#28525)
We're removing the engine, so we don't need to test this anymore. NOTE: This also removes the engine skip check from the test, and this breaks testing until such time as PR openssl#28461 is merged (which replaces the remaining engine test with a provider). Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#28525)
Spotted by @andrewkdinh, some extra notes about/useages of engines that are now vestigial. Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#28525)
openssl-machine
force-pushed
the
feature/engineremoval
branch
from
8132702 to
f70450f
Compare
Specifically start writing up the section on ENGINE removal
Collaborator
|
This PR is in a state where it requires action by @openssl/committers but the last update was 30 days ago |
openssl-machine
force-pushed
the
feature/engineremoval
branch
from
b1efec7 to
90e2bc1
Compare
Collaborator
|
This PR is in a state where it requires action by @openssl/committers but the last update was 61 days ago |
openssl-machine
force-pushed
the
feature/engineremoval
branch
from
c953e3d to
ffcd29d
Compare
Collaborator
|
This PR is in a state where it requires action by @openssl/committers but the last update was 92 days ago |
Collaborator
|
This PR is in a state where it requires action by @openssl/committers but the last update was 123 days ago |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Specifically start writing up the section on ENGINE removal
Checklist