Closed
Conversation
As we can't do every change in one big PR (and we also don't want), therefore there always will be failing tests until everything is resolved/cleaned up. This way we silence the CI about engine tests and later we can reenable them to see what else needs to be fixed. Resolves: openssl/project#1371 Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#28440)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#28440)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#28440)
This patch removes apps/engine.c and associated man pages. Resolves: openssl/project#1370 Signed-off-by: Milan Broz <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#28481)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Resolves: openssl/project#1354 Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Most of the ifdefs were removed, but we want to rewrite the dasync engine to a provider. Therefore that code was not removed; instead a new temporary macro was added named TODO_REWRITE_ME_DASYNC_PROVIDER. Resolves: openssl/project#1363 Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Resolves: openssl/project#1364 Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Resolves: openssl/project#1352 Resolves: openssl/project#1353 Signed-off-by: Milan Broz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Resolves: openssl/project#1368 Signed-off-by: Milan Broz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#28384)
With ENGINES going away we need to remove these trace catagories Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from openssl#28556)
As the subject indicates, with these trace categories gone, we shouldn't reference them in the docs anymore. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from openssl#28556)
Resolves: openssl/project#1437 Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from openssl#28560)
Resolves: openssl/project#1616 Signed-off-by: Milan Broz <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#28618)
Resolves: openssl/project#1614 Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Neil Horman <[email protected]> (Merged from openssl#28566)
Resolves: openssl/project#1615 Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#28570)
For compatibility reasons, OPENSSL_ENGINES_DIR and OPENSSL_INFO_ENGINES_DIR are still supported but return values like with engines disabled. The OPENSSL_ENGINES environment variable will be removed with engine removal later. Resolves: openssl/project#1425 Signed-off-by: Milan Broz <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> (Merged from openssl#28702)
The evp_extra_test code makes use of the dasync engine to ensure that we can do evp operations (signatures and ciphers) with an engine. The dasync engine is used for this purpose, but it does not exercize any specific pipeline functionality. Given that engines are getting removed, the engine tests here I think can just be removed. Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#28525)
With the impending engine removal, we don't have a need to test engine functionality in these tests anymore, so remove the test cases that make use of the dasync engine here. Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#28525)
It seems like it wasn't ever needed before, so with the removal of engines, just get rid of it. Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#28525)
We have a specific test suite that exercizes the afalg engine, that is becoming useless with engine removal. I had considered that we should perhaps convert this into a provider, but having looked at the engine itself, it only offers implementations for AES-128, AES-192 and AES-256. Given that the default provider offers these algorithms with hardware acceleration via the aesni instruction set (or comparable instructions on non-x86 arches), it seems like the only advantage the afalg engine offers is acceleration of these ciphers on platforms that have off-cpu accelerators and no cpu based acceleration support. given that: a) Most cpus have instruction based acceleration b) We don't test with any platforms that use external accelerators It seems like alot of investment to get no real advantage, so just remove the test, allowing us to delete the engine entirely in another PR. Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#28525)
Engines can be removed safely from static and internal functions clearing out our codebase. Resolves: openssl/project#1625 Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> (Merged from openssl#28629)
t-j-h
previously approved these changes
Dec 3, 2025
jogme
added
approval: done
Closed
vdukhovni
requested changes
Dec 3, 2025
vdukhovni
requested changes
Dec 3, 2025
jogme
force-pushed
the
revert_gost_engine
branch
from
0e724f5 to
b0df85b
Compare
vdukhovni
requested changes
Dec 4, 2025
jogme
force-pushed
the
revert_gost_engine
branch
from
b0df85b to
4deaf73
Compare
GOST provider is in a good shape already, so keep the mentions rewritten to provider instead of the engine. Resolves: openssl/project#1733 Signed-off-by: Norbert Pocs <[email protected]>
jogme
force-pushed
the
revert_gost_engine
branch
from
4deaf73 to
faf5fb0
Compare
t8m
previously approved these changes
Dec 4, 2025
vdukhovni
previously approved these changes
Dec 4, 2025
| and B<gost2012_512:>I<filename> generate GOST R 34.10-2001 and GOST R 34.10-2012 | ||
| keys with a 256 and 512 bit modulus respectively (these require the B<gostprov> | ||
| provider). If just B<gost2001> is specified, a parameter set should be specified | ||
| by B<-pkeyopt> I<paramset:X>. |
There was a problem hiding this comment.
Suggested change
| by B<-pkeyopt> I<paramset:X>. | |
| via B<-pkeyopt> I<paramset:X>. |
Member
There was a problem hiding this comment.
I think by works good enough here. 😁
There was a problem hiding this comment.
I think
byworks good enough here. 😁
I did approve the PR, yes "by" is quite close, though somewhat unnatural. Better would be "via" or "with the use of" or "by using", ... or just leave it slightly stilted. Whatever...
openssl-machine
force-pushed
the
feature/engineremoval
branch
from
c953e3d to
ffcd29d
Compare
openssl-machine
added
approval: ready to merge
Collaborator
|
This pull request is ready to merge |
t8m
dismissed stale reviews from vdukhovni, t-j-h, esyr, and themself
The base branch was changed.
Member
|
Merged to the master branch via cherry-pick. Thank you. |
t8m
added
branch: master
openssl-machine
pushed a commit
that referenced
this pull request
Dec 5, 2025
GOST provider is in a good shape already, so keep the mentions rewritten to provider instead of the engine. Resolves: openssl/project#1733 Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Viktor Dukhovni <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #29286)
cxx194832
pushed a commit
to cxx194832/openssl
that referenced
this pull request
Dec 12, 2025
GOST provider is in a good shape already, so keep the mentions rewritten to provider instead of the engine. Resolves: openssl/project#1733 Signed-off-by: Norbert Pocs <[email protected]> Reviewed-by: Viktor Dukhovni <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#29286)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GOST provider is in a good shape already, so keep the mentions rewritten
to provider instead of the engine.
Resolves: openssl/project#1733
Checklist