Remove engine.num and make helper functions for engine loading stubs. by mbroz · Pull Request #29215 · openssl/openssl

mbroz · 2025-11-25T14:42:07Z

Removes no longer used util/engines.num and modifies macros to abort engine load (as engines are no longer supported).

documentation is added or updated
tests are added or updated

esyr

If this commit is a preparatory for removing dynamic engine loading support altogether, it's fine, otherwise, I don't see the point of leaving those macros and typedefs, even as stubs, as it's clearly only for usage within an engine.

include/openssl/engine.h

jogme · 2025-11-25T16:25:53Z

If this commit is a preparatory for removing dynamic engine loading support altogether, it's fine, otherwise, I don't see the point of leaving those macros and typedefs, even as stubs, as it's clearly only for usage within an engine.

Then I'm for removing them altogether

Fixes openssl/project#1420 Signed-off-by: Milan Broz <[email protected]>

mbroz · 2025-11-25T16:48:26Z

If this commit is a preparatory for removing dynamic engine loading support altogether, it's fine, otherwise, I don't see the point of leaving those macros and typedefs, even as stubs, as it's clearly only for usage within an engine.

Yes, but the idea is that engine is often part of a project, and failure in build means failure in build for the whole project. This will allow compile "broken" engine that will not work, but allows compilation to finish.

esyr · 2025-11-25T17:11:26Z

Yes, but the idea is that engine is often part of a project, and failure in build means failure in build for the whole project. This will allow compile "broken" engine that will not work, but allows compilation to finish.

Okay, seems reasonable.

Sashan

Just let me know if you don't like my suggestions and I'll immediately approve those changes. what I'm suggesting are just random thoughts which can land in different PR.

thanks.

Sashan · 2025-11-26T10:49:56Z

include/openssl/engine.h

+    int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
+    OPENSSL_EXPORT \
+    int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) \
+    { \


just a thought. would it make sense to add a ossl_assert(1) here so it aborts when in debug mode?

All this is available only when OPENSSL_ENGINE_STUBS is defined, otherwise it should fail in compilation. I think assert will not help much here. The compiled engine code would be completely unusable with this header anyway.

Sashan · 2025-11-26T11:02:17Z

include/openssl/engine.h

 # include <openssl/opensslconf.h>

 /*
 * There is no OPENSSL_NO_NO_ENGINE, Engines are permanently disabled


I think this comment needs better wording. I would go for something like:

/* * Engine support is gone. Definitions here are provided for the source code * compatibility only. They are meant to keep compilation working for legzcy * projects which, for whatever reason, can not remove/disable old legacy code. * * We deliberately keep OPENSSL_NO_ENGINE macro around as it is supplied * when build is configured with `no-egine` option. OpenSSL 4.0 keeps `no-engine` * option around. * * Note we have to use compile-time message to warn only if API is really used. * To avoid complicated macros we kind-of abuse existing OSSL_DEPRACATED macros. */

But perhaps this suggestion should be moved to separate PR. What I really want to get rid off is this:

There is no OPENSSL_NO_NO_ENGINE, Engines are permanently disabled

this is not helpful at all.

thanks.

But it should make @bob-beck keep smiling ;-)

OpenSSL 4.0 keeps no-engine option around.

No, this does not work this way, I remove this option is other PR. It keeps only defines in configure.h, but you cannot use no-engine in config. I am not sure we decided how to do that (only discussed that #define).

@Sashan as I do not touch this part here, isn't better if I create a new tak to "redefine stub use documentation in header" and move this to there? It also needs to fine-tune approach to Configure options (see #29219 where I change no-engine option).
IOW approve this, and discuss wording above later.

Sashan

I agree the changes here are good enough to go in. thanks.

openssl-machine · 2025-11-27T15:00:58Z

This pull request is ready to merge

t8m · 2025-11-28T16:39:15Z

Merged to the feature branch. Thank you.

Fixes openssl/project#1420 Signed-off-by: Milan Broz <[email protected]> Reviewed-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> (Merged from #29215)

Fixes openssl/project#1420 Signed-off-by: Milan Broz <[email protected]> Reviewed-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> (Merged from openssl#29215)

mbroz linked an issue Nov 25, 2025 that may be closed by this pull request

Remove ENGINE tag from util/*.num openssl/project#1420

Closed

mbroz requested review from Sashan, esyr, jogme and t8m November 25, 2025 14:43

github-actions bot added the severity: fips change The pull request changes FIPS provider sources label Nov 25, 2025

esyr approved these changes Nov 25, 2025

View reviewed changes

include/openssl/engine.h Outdated Show resolved Hide resolved

include/openssl/engine.h Outdated Show resolved Hide resolved

esyr added branch: feature The issue or PR is relevant only to one of the feature branches. approval: review pending This pull request needs review by a committer labels Nov 25, 2025

Remove engine.num and make helper functions for engine loading stubs.

01c8a3f

Fixes openssl/project#1420 Signed-off-by: Milan Broz <[email protected]>

mbroz force-pushed the remove-engine-num branch from 6c35f1e to 01c8a3f Compare November 25, 2025 16:47

Sashan requested changes Nov 26, 2025

View reviewed changes

Sashan approved these changes Nov 26, 2025

View reviewed changes

Sashan added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Nov 26, 2025

mbroz mentioned this pull request Nov 26, 2025

Revise doc text in engine.h openssl/project#1735

Closed

openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Nov 27, 2025

t8m added triaged: feature The issue/pr requests/adds a feature triaged: refactor The issue/pr requests/implements refactoring tests: exempted The PR is exempt from requirements for testing labels Nov 28, 2025

t8m closed this Nov 28, 2025

mbroz mentioned this pull request Dec 2, 2025

Use better description of macros purpose in engine.h #29287

Closed

Uh oh!

Conversation

mbroz commented Nov 25, 2025

Uh oh!

esyr left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

jogme commented Nov 25, 2025

Uh oh!

mbroz commented Nov 25, 2025

Uh oh!

esyr commented Nov 25, 2025

Uh oh!

Sashan left a comment

Choose a reason for hiding this comment

Uh oh!

Sashan Nov 26, 2025

Choose a reason for hiding this comment

Uh oh!

mbroz Nov 26, 2025

Choose a reason for hiding this comment

Uh oh!

Sashan Nov 26, 2025

Choose a reason for hiding this comment

Uh oh!

mbroz Nov 26, 2025

Choose a reason for hiding this comment

Uh oh!

mbroz Nov 26, 2025

Choose a reason for hiding this comment

Uh oh!

mbroz Nov 26, 2025

Choose a reason for hiding this comment

Uh oh!

Sashan left a comment

Choose a reason for hiding this comment

Uh oh!

openssl-machine commented Nov 27, 2025

Uh oh!

t8m commented Nov 28, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants