Skip to content

Remove engine.num and make helper functions for engine loading stubs.#29215

Closed
mbroz wants to merge 1 commit intoopenssl:feature/engineremovalfrom
mbroz:remove-engine-num
Closed

Remove engine.num and make helper functions for engine loading stubs.#29215
mbroz wants to merge 1 commit intoopenssl:feature/engineremovalfrom
mbroz:remove-engine-num

Conversation

@mbroz
Copy link
Member

@mbroz mbroz commented Nov 25, 2025

Removes no longer used util/engines.num and modifies macros to abort engine load (as engines are no longer supported).

Fixes openssl/project#1420

  • documentation is added or updated
  • tests are added or updated

@mbroz mbroz linked an issue Nov 25, 2025 that may be closed by this pull request
@mbroz mbroz requested review from Sashan, esyr, jogme and t8m November 25, 2025 14:43
@github-actions github-actions bot added the severity: fips change The pull request changes FIPS provider sources label Nov 25, 2025
Copy link
Member

@esyr esyr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this commit is a preparatory for removing dynamic engine loading support altogether, it's fine, otherwise, I don't see the point of leaving those macros and typedefs, even as stubs, as it's clearly only for usage within an engine.

@esyr esyr added branch: feature The issue or PR is relevant only to one of the feature branches. approval: review pending This pull request needs review by a committer labels Nov 25, 2025
@jogme
Copy link
Contributor

jogme commented Nov 25, 2025

If this commit is a preparatory for removing dynamic engine loading support altogether, it's fine, otherwise, I don't see the point of leaving those macros and typedefs, even as stubs, as it's clearly only for usage within an engine.

Then I'm for removing them altogether

@mbroz mbroz force-pushed the remove-engine-num branch from 6c35f1e to 01c8a3f Compare November 25, 2025 16:47
@mbroz
Copy link
Member Author

mbroz commented Nov 25, 2025

If this commit is a preparatory for removing dynamic engine loading support altogether, it's fine, otherwise, I don't see the point of leaving those macros and typedefs, even as stubs, as it's clearly only for usage within an engine.

Yes, but the idea is that engine is often part of a project, and failure in build means failure in build for the whole project. This will allow compile "broken" engine that will not work, but allows compilation to finish.

@esyr
Copy link
Member

esyr commented Nov 25, 2025

Yes, but the idea is that engine is often part of a project, and failure in build means failure in build for the whole project. This will allow compile "broken" engine that will not work, but allows compilation to finish.

Okay, seems reasonable.

Copy link
Contributor

@Sashan Sashan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just let me know if you don't like my suggestions and I'll immediately approve those changes. what I'm suggesting are just random thoughts which can land in different PR.

thanks.

int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
OPENSSL_EXPORT \
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) \
{ \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a thought. would it make sense to add a ossl_assert(1) here so it aborts when in debug mode?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All this is available only when OPENSSL_ENGINE_STUBS is defined, otherwise it should fail in compilation. I think assert will not help much here. The compiled engine code would be completely unusable with this header anyway.

# include <openssl/opensslconf.h>

/*
* There is no OPENSSL_NO_NO_ENGINE, Engines are permanently disabled
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this comment needs better wording. I would go for something like:

/*
 * Engine support is gone. Definitions here are provided for the source code
 * compatibility only. They are meant to keep compilation working for legzcy
 * projects which, for whatever reason, can not remove/disable old legacy code.
 *
 * We deliberately keep OPENSSL_NO_ENGINE macro around as it is supplied
 * when build is configured with `no-egine` option. OpenSSL 4.0 keeps `no-engine`
 * option around.
 *
 * Note we have to use compile-time message to warn only if API is really used.
 * To avoid complicated macros we kind-of abuse existing OSSL_DEPRACATED macros.
 */

But perhaps this suggestion should be moved to separate PR. What I really want to get rid off is this:

 There is no OPENSSL_NO_NO_ENGINE, Engines are permanently disabled

this is not helpful at all.

thanks.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But it should make @bob-beck keep smiling ;-)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OpenSSL 4.0 keeps no-engine option around.

No, this does not work this way, I remove this option is other PR. It keeps only defines in configure.h, but you cannot use no-engine in config. I am not sure we decided how to do that (only discussed that #define).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Sashan as I do not touch this part here, isn't better if I create a new tak to "redefine stub use documentation in header" and move this to there? It also needs to fine-tune approach to Configure options (see #29219 where I change no-engine option).
IOW approve this, and discuss wording above later.

Copy link
Contributor

@Sashan Sashan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree the changes here are good enough to go in. thanks.

@Sashan Sashan added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Nov 26, 2025
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Nov 27, 2025
@openssl-machine
Copy link
Collaborator

This pull request is ready to merge

@t8m t8m added triaged: feature The issue/pr requests/adds a feature triaged: refactor The issue/pr requests/implements refactoring tests: exempted The PR is exempt from requirements for testing labels Nov 28, 2025
@t8m
Copy link
Member

t8m commented Nov 28, 2025

Merged to the feature branch. Thank you.

openssl-machine pushed a commit that referenced this pull request Nov 28, 2025
Fixes openssl/project#1420

Signed-off-by: Milan Broz <[email protected]>

Reviewed-by: Eugene Syromiatnikov <[email protected]>
Reviewed-by: Saša Nedvědický <[email protected]>
(Merged from #29215)
@t8m t8m closed this Nov 28, 2025
Sashan pushed a commit to jogme/openssl that referenced this pull request Nov 30, 2025
Fixes openssl/project#1420

Signed-off-by: Milan Broz <[email protected]>

Reviewed-by: Eugene Syromiatnikov <[email protected]>
Reviewed-by: Saša Nedvědický <[email protected]>
(Merged from openssl#29215)
mbroz added a commit to mbroz/openssl that referenced this pull request Dec 1, 2025
Fixes openssl/project#1420

Signed-off-by: Milan Broz <[email protected]>

Reviewed-by: Eugene Syromiatnikov <[email protected]>
Reviewed-by: Saša Nedvědický <[email protected]>
(Merged from openssl#29215)
nhorman pushed a commit to nhorman/openssl that referenced this pull request Dec 1, 2025
Fixes openssl/project#1420

Signed-off-by: Milan Broz <[email protected]>

Reviewed-by: Eugene Syromiatnikov <[email protected]>
Reviewed-by: Saša Nedvědický <[email protected]>
(Merged from openssl#29215)
nhorman pushed a commit to nhorman/openssl that referenced this pull request Dec 1, 2025
Fixes openssl/project#1420

Signed-off-by: Milan Broz <[email protected]>

Reviewed-by: Eugene Syromiatnikov <[email protected]>
Reviewed-by: Saša Nedvědický <[email protected]>
(Merged from openssl#29215)
mbroz added a commit to mbroz/openssl that referenced this pull request Dec 4, 2025
Fixes openssl/project#1420

Signed-off-by: Milan Broz <[email protected]>

Reviewed-by: Eugene Syromiatnikov <[email protected]>
Reviewed-by: Saša Nedvědický <[email protected]>
(Merged from openssl#29215)
nhorman pushed a commit to nhorman/openssl that referenced this pull request Dec 4, 2025
Fixes openssl/project#1420

Signed-off-by: Milan Broz <[email protected]>

Reviewed-by: Eugene Syromiatnikov <[email protected]>
Reviewed-by: Saša Nedvědický <[email protected]>
(Merged from openssl#29215)
mbroz added a commit to mbroz/openssl that referenced this pull request Dec 4, 2025
Fixes openssl/project#1420

Signed-off-by: Milan Broz <[email protected]>

Reviewed-by: Eugene Syromiatnikov <[email protected]>
Reviewed-by: Saša Nedvědický <[email protected]>
(Merged from openssl#29215)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approval: ready to merge The 24 hour grace period has passed, ready to merge branch: feature The issue or PR is relevant only to one of the feature branches. severity: fips change The pull request changes FIPS provider sources tests: exempted The PR is exempt from requirements for testing triaged: feature The issue/pr requests/adds a feature triaged: refactor The issue/pr requests/implements refactoring

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Remove ENGINE tag from util/*.num

6 participants