sync with OpenBSD -current

distrib/sets/lists/base/mi

@@ -6506,7 +6506,10 @@
 ./usr/share/zoneinfo/W-SU
 ./usr/share/zoneinfo/WET
 ./usr/share/zoneinfo/Zulu
+./usr/share/zoneinfo/leap-seconds.list
+./usr/share/zoneinfo/leapseconds
 ./usr/share/zoneinfo/posixrules
+./usr/share/zoneinfo/tzdata.zi
 ./usr/share/zoneinfo/zone.tab
 ./usr/share/zoneinfo/zone1970.tab
 ./var

distrib/sets/lists/comp/mi

@@ -1893,17 +1893,7 @@
 ./usr/share/man/man3/EC_KEY_new.3
 ./usr/share/man/man3/EC_POINT_add.3
 ./usr/share/man/man3/EC_POINT_new.3
-./usr/share/man/man3/ENGINE_add.3
-./usr/share/man/man3/ENGINE_ctrl.3
-./usr/share/man/man3/ENGINE_get_default_RSA.3
-./usr/share/man/man3/ENGINE_init.3
 ./usr/share/man/man3/ENGINE_new.3
-./usr/share/man/man3/ENGINE_register_RSA.3
-./usr/share/man/man3/ENGINE_register_all_RSA.3
-./usr/share/man/man3/ENGINE_set_RSA.3
-./usr/share/man/man3/ENGINE_set_default.3
-./usr/share/man/man3/ENGINE_set_flags.3
-./usr/share/man/man3/ENGINE_unregister_RSA.3
 ./usr/share/man/man3/ERR.3
 ./usr/share/man/man3/ERR_GET_LIB.3
 ./usr/share/man/man3/ERR_asprintf_error_data.3

etc/root/dot.login

@@ -1,15 +1,11 @@
-# $OpenBSD: dot.login,v 1.14 2009/12/20 15:35:35 deraadt Exp $
+# $OpenBSD: dot.login,v 1.15 2023/11/16 16:03:51 millert Exp $
 #
 # csh login file
 
 if ( -x /usr/bin/tset ) then
 	set noglob histchars=""
 	onintr finish
-	if ( $?XTERM_VERSION ) then
 	eval `tset -IsQ '-munknown:?vt220' $TERM`
-	else
-		eval `tset -sQ '-munknown:?vt220' $TERM`
-	endif
 	finish:
 	unset noglob histchars
 	onintr

etc/root/dot.profile

@@ -1,4 +1,4 @@
-# $OpenBSD: dot.profile,v 1.9 2010/12/13 12:54:31 millert Exp $
+# $OpenBSD: dot.profile,v 1.10 2023/11/16 16:03:51 millert Exp $
 #
 # sh/ksh initialization
 
@@ -11,11 +11,7 @@ umask 022
 case "$-" in
 *i*)    # interactive shell
 	if [ -x /usr/bin/tset ]; then
-		if [ X"$XTERM_VERSION" = X"" ]; then
-			eval `/usr/bin/tset -sQ '-munknown:?vt220' $TERM`
-		else
 		eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM`
 	fi
-	fi
 	;;
 esac

etc/skel/dot.login

@@ -1,13 +1,9 @@
-# $OpenBSD: dot.login,v 1.6 2015/12/15 16:37:58 deraadt Exp $
+# $OpenBSD: dot.login,v 1.7 2023/11/16 16:05:13 millert Exp $
 #
 # csh login file
 
 if ( ! $?TERMCAP ) then
-	if ( $?XTERM_VERSION ) then
 	tset -IQ '-munknown:?vt220' $TERM
-	else
-		tset -Q '-munknown:?vt220' $TERM
-	endif
 endif
 
 stty	newcrt crterase

etc/skel/dot.version

@@ -1 +1 @@
-# SecBSD 1.4-3174c54: Tue Nov 14 10 00:45:01 UTC 2023 (Mictlantecuhtli)
+# SecBSD 1.4-731e06f: Mon Nov 20 02:17:28 UTC 2023 (Mictlantecuhtli)

gnu/llvm/clang/include/clang/Basic/DiagnosticSemaKinds.td

@@ -8113,7 +8113,7 @@ def err_typecheck_convert_pointer_int : Error<
   "; remove &}3">;
 def ext_typecheck_convert_pointer_int : ExtWarn<
   err_typecheck_convert_pointer_int.Summary>,
-  InGroup<IntConversion>, DefaultError;
+  InGroup<IntConversion>;
 def err_typecheck_convert_int_pointer : Error<
   "incompatible integer to pointer conversion "
   "%select{%diff{assigning to $ from $|assigning to different types}0,1"
@@ -8133,7 +8133,7 @@ def err_typecheck_convert_int_pointer : Error<
   "; remove &}3">;
 def ext_typecheck_convert_int_pointer : ExtWarn<
   err_typecheck_convert_int_pointer.Summary>,
-  InGroup<IntConversion>, DefaultError;
+  InGroup<IntConversion>;
 def ext_typecheck_convert_pointer_void_func : Extension<
   "%select{%diff{assigning to $ from $|assigning to different types}0,1"
   "|%diff{passing $ to parameter of type $|"

gnu/llvm/llvm/lib/Target/ARM/ARMISelLowering.cpp

@@ -21198,6 +21198,8 @@ bool ARMTargetLowering::shouldInsertFencesForAtomic(
 }
 
 bool ARMTargetLowering::useLoadStackGuardNode() const {
+  if (Subtarget->getTargetTriple().isOSOpenBSD())
+    return false;
   // ROPI/RWPI are not supported currently.
   return !Subtarget->isROPI() && !Subtarget->isRWPI();
 }

gnu/llvm/llvm/lib/Target/PowerPC/PPCISelDAGToDAG.cpp

@@ -5293,7 +5293,8 @@ void PPCDAGToDAGISel::Select(SDNode *N) {
     // generate secure plt code for TLS symbols.
     getGlobalBaseReg();
   } break;
-  case PPCISD::CALL: {
+  case PPCISD::CALL:
+  case PPCISD::CALL_RM: {
     if (PPCLowering->getPointerTy(CurDAG->getDataLayout()) != MVT::i32 ||
         !TM.isPositionIndependent() || !Subtarget->isSecurePlt() ||
         !Subtarget->isTargetELF())

gnu/usr.bin/clang/Makefile.inc

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.27 2023/11/11 18:35:35 robert Exp $
+# $OpenBSD: Makefile.inc,v 1.28 2023/11/17 15:46:58 visa Exp $
 
 CLANG_SRCS?=	${.CURDIR}/../../../llvm/clang
 LLDB_SRCS?=	${.CURDIR}/../../../llvm/lldb
@@ -41,6 +41,7 @@ CXXFLAGS+=	-mno-retpoline
 # Omit frame pointer to improve performance.
 .if ${MACHINE_ARCH} == "mips64" || ${MACHINE_ARCH} == "mips64el"
 CXXFLAGS+=	-fomit-frame-pointer
+CXXFLAGS+=	-mxgot
 .endif
 
 CPPFLAGS+=	-D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS \

gnu/usr.bin/clang/include/llvm/AMDGPU/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.4 2021/12/17 14:55:44 patrick Exp $
+# $OpenBSD: Makefile,v 1.5 2023/11/16 15:05:44 robert Exp $
 
 .include <bsd.own.mk>
 
@@ -33,6 +33,10 @@ HDRS+=	R600GenAsmWriter.inc \
 
 HDRS+=	InstCombineTables.inc
 
+.if ${MACHINE_CPU} == "i386"
+.NOTPARALLEL: ${HDRS}
+.endif
+
 all: ${HDRS}
 
 install:

gnu/usr.bin/clang/libLLVMRISCVCodeGen/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.3 2023/11/11 18:35:37 robert Exp $
+# $OpenBSD: Makefile,v 1.4 2023/11/14 16:42:14 jca Exp $
 
 LIB=	LLVMRISCVCodeGen
 NOPROFILE=
@@ -37,3 +37,4 @@ SRCS+=	RISCVAsmPrinter.cpp \
 	RISCVTargetTransformInfo.cpp
 
 .PATH:	${.CURDIR}/../../../llvm/llvm/lib/Target/RISCV
+.PATH:	${.CURDIR}/../../../llvm/llvm/lib/Target/RISCV/GISel

lib/csu/aarch64/md_init.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.11 2023/03/31 18:46:24 kettenis Exp $ */
+/* $OpenBSD: md_init.h,v 1.12 2023/11/18 16:26:16 deraadt Exp $ */
 
 /*-
  * Copyright (c) 2001 Ross Harvey
@@ -112,10 +112,6 @@
 	"					\n" \
 	"	b	___start		\n" \
 	"					\n" \
-	"_dl_exit:				\n" \
+	"_csu_abort:				\n" \
-	"	mov	x8, #" STR(SYS_exit) "	\n" \
-	"	svc	#0			\n" \
-	"	dsb	nsh			\n" \
-	"	isb				\n" \
 	"	udf	#0			\n" \
 	".previous");

lib/csu/alpha/md_init.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.12 2020/10/15 16:30:23 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.13 2023/11/18 16:26:16 deraadt Exp $ */
 /*-
  * Copyright (c) 2001 Ross Harvey
  * All rights reserved.
@@ -95,11 +95,9 @@
 	"	mov	$9, $16			\n" \
 	"	mov	0, $17			\n" \
 	"	jsr	$26, ___start		\n" \
-	".globl _dl_exit			\n" \
+	".globl _csu_abort			\n" \
-	".type _dl_exit@function		\n" \
+	".type _csu_abort@function		\n" \
-	"_dl_exit:				\n" \
+	"_csu_abort:				\n" \
-	"	lda	$0, " STR(SYS_exit) "	\n" \
-	"	callsys				\n" \
 	"	halt				")
 
 #define	MD_START_ARGS		char **sp, void (*cleanup)(void)

lib/csu/amd64/md_init.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.10 2023/04/25 04:10:21 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.11 2023/11/18 16:26:16 deraadt Exp $ */
 
 /*-
  * Copyright (c) 2001 Ross Harvey
@@ -107,12 +107,10 @@
 	"	addq	$8,%rsp				\n" \
 	"	jmp	___start			\n" \
 	"						\n" \
-	"	.global	_dl_exit			\n" \
+	"	.global	_csu_abort			\n" \
-	"	.type	_dl_exit,@function		\n" \
+	"	.type	_csu_abort,@function		\n" \
 	"	.align	8				\n" \
-	"_dl_exit:					\n" \
+	"_csu_abort:					\n" \
 	"	endbr64					\n" \
-	"	movl	$ " STR(SYS_exit) ", %eax	\n" \
-	"	syscall					\n" \
 	"	int3					\n" \
 	"	.previous")

lib/csu/arm/md_init.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.17 2020/10/19 17:57:40 naddy Exp $ */
+/* $OpenBSD: md_init.h,v 1.18 2023/11/18 16:26:16 deraadt Exp $ */
 
 /*-
  * Copyright (c) 2001 Ross Harvey
@@ -154,10 +154,6 @@
 	".L__DYNAMIC:				\n" \
 	"	.long	_DYNAMIC(GOTOFF)	\n" \
 	"					\n" \
-	"_dl_exit:				\n" \
+	"_csu_abort:				\n" \
-	"	mov	r12, #" STR(SYS_exit) " \n" \
-	"	swi	#0			\n" \
-	"	dsb	nsh			\n" \
-	"	isb				\n" \
 	"	udf	#0			\n" \
 	".previous");

lib/csu/boot.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: boot.h,v 1.34 2022/10/21 18:14:09 deraadt Exp $ */
+/*	$OpenBSD: boot.h,v 1.35 2023/11/18 16:26:15 deraadt Exp $ */
 
 /*
  * Copyright (c) 1998 Per Fogelstrom, Opsycon AB
@@ -40,7 +40,7 @@
 #include <machine/reloc.h>
 
 __dead
-void _dl_exit(int);
+void _csu_abort(void);
 
 #include "archdep.h"
 

lib/csu/hppa/boot_md.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: boot_md.h,v 1.4 2022/10/27 19:40:21 deraadt Exp $ */
+/*	$OpenBSD: boot_md.h,v 1.5 2023/11/18 16:26:16 deraadt Exp $ */
 
 /*
  * Copyright (c) 1998 Per Fogelstrom, Opsycon AB
@@ -40,7 +40,7 @@
 #include <machine/reloc.h>
 
 __dead
-void _dl_exit(int);
+void _csu_abort(void);
 
 #include "archdep.h"
 

lib/csu/hppa/md_init.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.15 2020/10/15 16:30:23 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.16 2023/11/18 16:26:16 deraadt Exp $ */
 
 /*
  * Copyright (c) 2003 Dale Rahn. All rights reserved.
@@ -137,17 +137,13 @@
 	"	copy	%dp, %r19				\n" \
 	"	.exit						\n" \
 	"	.procend					\n" \
-	"	.export _dl_exit, entry				\n" \
+	"	.export _csu_abort, entry			\n" \
-	"	.type	_dl_exit,@function			\n" \
+	"	.type	_csu_abort,@function			\n" \
-	"	.label _dl_exit					\n" \
+	"	.label _csu_abort				\n" \
 	"	.proc						\n" \
 	"	.callinfo frame=0, calls			\n" \
 	"	.entry						\n" \
-	"_dl_exit:						\n" \
+	"_csu_abort:						\n" \
-	"	stw	%rp, -24(%sp)				\n" \
-	"	ldil	L%0xc0000000, %r1			\n" \
-	"	ble	4(%sr7, %r1)				\n" \
-	"	ldi	" STR(SYS_exit) ", %t1			\n" \
 	"	break 0,0					\n" \
 	"	.exit						\n" \
 	"	.procend")

lib/csu/i386/md_init.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.12 2023/04/25 04:06:06 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.13 2023/11/18 16:26:16 deraadt Exp $ */
 
 /*-
  * Copyright (c) 2001 Ross Harvey
@@ -114,10 +114,8 @@
 	"	call	___start	# ___start(argc,argv,envp,0) \n" \
 	"					\n" \
 	"	.align	4			\n" \
-	"	.globl	_dl_exit		\n" \
+	"	.globl	_csu_abort		\n" \
-	"	.type	_dl_exit,@function	\n" \
+	"	.type	_csu_abort,@function	\n" \
-	"_dl_exit:				\n" \
+	"_csu_abort:				\n" \
-	"	mov	$" STR(SYS_exit) ", %eax\n" \
-	"	int	$0x80			\n" \
 	"	int3				\n" \
 	"	.previous")

lib/csu/m88k/md_init.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: md_init.h,v 1.9 2020/10/15 16:30:23 deraadt Exp $	*/
+/*	$OpenBSD: md_init.h,v 1.10 2023/11/18 16:26:16 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2012 Miodrag Vallat.
@@ -99,9 +99,6 @@
 	"	 addu	%r4, %r4, 4			\n" \
 	"	 /* envp = argv + argc + 1 */		\n" \
 	\
-	"_dl_exit:					\n" \
+	"_csu_abort:					\n" \
-	"	or	%r13, %r0, " STR(SYS_exit) "	\n" \
-	"	tb0	0, %r0, 450			\n" \
-	"	or	%r0, %r0, %r0			\n" \
 	"	tb0	0, %r0, 130 /* breakpoint */	\n" \
 	"	.previous");

lib/csu/mips64/boot_md.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: boot_md.h,v 1.3 2022/10/27 19:40:23 deraadt Exp $ */
+/*	$OpenBSD: boot_md.h,v 1.5 2023/11/18 18:02:47 deraadt Exp $ */
 
 /*
  * Copyright (c) 1998 Per Fogelstrom, Opsycon AB
@@ -40,7 +40,7 @@
 #include <machine/reloc.h>
 
 __dead
-void _dl_exit(int);
+void _csu_abort(void);
 
 #include "archdep.h"
 

lib/csu/mips64/md_init.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.20 2020/10/20 15:26:59 visa Exp $ */
+/* $OpenBSD: md_init.h,v 1.22 2023/11/19 00:46:54 deraadt Exp $ */
 
 /*-
  * Copyright (c) 2001 Ross Harvey
@@ -140,14 +140,12 @@
 	"	dla	$t9, ___start		\n" \
 	"	jr	$t9			\n" \
 	"	.end	__start			\n" \
-	"	.globl	_dl_exit		\n" \
+	"	.globl	_csu_abort		\n" \
-	"	.ent	_dl_exit		\n" \
+	"	.ent	_csu_abort		\n" \
-	"	.type	_dl_exit, @function	\n" \
+	"	.type	_csu_abort, @function	\n" \
-	"_dl_exit:				\n" \
+	"_csu_abort:				\n" \
-	"	li	$v0, " STR(SYS_exit) "	\n" \
-	"	syscall				\n" \
 	"	teq	$zero, $zero, 0x52	\n" \
-	"	.end	_dl_exit		\n" \
+	"	.end	_csu_abort		\n" \
 	"	.previous")
 
 struct kframe {

lib/csu/powerpc/md_init.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.11 2020/10/15 16:30:23 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.12 2023/11/18 16:26:16 deraadt Exp $ */
 
 /*-
  * Copyright (c) 2001 Ross Harvey
@@ -119,10 +119,8 @@ __asm(									\
 "									\n" \
 "	.text								\n" \
 "	.align 2							\n" \
-"	.globl	_dl_exit						\n" \
+"	.globl	_csu_abort						\n" \
-"	.type	_dl_exit, @function					\n" \
+"	.type	_csu_abort, @function					\n" \
-"_dl_exit:								\n" \
+"_csu_abort:								\n" \
-"	li	%r0, " STR(SYS_exit) "					\n" \
-"	sc								\n" \
 "	.long 0 # illegal						\n" \
 )

lib/csu/powerpc64/md_init.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.4 2020/10/15 16:30:23 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.5 2023/11/18 16:26:16 deraadt Exp $ */
 
 /*
  * Copyright (c) 2020 Dale Rahn <drahn@openbsd.org>
@@ -111,10 +111,8 @@ __asm(									\
 "	li %r6, 0							\n" \
 "	bl ___start							\n" \
 "									\n" \
-"	.globl	_dl_exit						\n" \
+"	.globl	_csu_abort						\n" \
-"	.type	_dl_exit, @function					\n" \
+"	.type	_csu_abort, @function					\n" \
-"_dl_exit:								\n" \
+"_csu_abort:								\n" \
-"	li	%r0, " STR(SYS_exit) "					\n" \
-"	sc								\n" \
 "	.long 0 # illegal						\n" \
 )

lib/csu/riscv64/md_init.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.3 2021/07/22 18:16:13 kettenis Exp $ */
+/* $OpenBSD: md_init.h,v 1.4 2023/11/18 16:26:16 deraadt Exp $ */
 /*
  * Copyright (c) 2020 Dale Rahn <drahn@openbsd.org>
  *
@@ -107,8 +107,6 @@
 	"	j	___start					\n" \
 	"	.size	_start, .-_start				\n" \
 	"	.size	__start, .-__start				\n" \
-	"_dl_exit:							\n" \
+	"_csu_abort:							\n" \
-	"	li	t0, " STR(SYS_exit) "				\n" \
-	"	ecall							\n" \
 	"	unimp							\n" \
 	".previous");

lib/csu/sh/md_init.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: md_init.h,v 1.10 2020/10/15 16:30:23 deraadt Exp $	*/
+/*	$OpenBSD: md_init.h,v 1.11 2023/11/18 16:26:16 deraadt Exp $	*/
 /*	$NetBSD: dot_init.h,v 1.3 2005/12/24 22:02:10 perry Exp $	*/
 
 /*-
@@ -131,10 +131,8 @@ __asm(".section " #section "\n"		\
 	"	.long	_DYNAMIC - .L_offbase				\n" \
 									\
 	"	.align	2						\n" \
-	"	.globl	_dl_exit					\n" \
+	"	.globl	_csu_abort					\n" \
-	"	.type	_dl_exit,@function				\n" \
+	"	.type	_csu_abort,@function				\n" \
-	"_dl_exit:							\n" \
+	"_csu_abort:							\n" \
-	"	mov	#" STR(SYS_exit) ", r0				\n" \
-	"	.word	0xc380	/* trapa #0x80 */			\n" \
 	"	sleep	/* illegal */					\n" \
 	".previous")

lib/csu/sparc64/md_init.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.9 2020/10/15 16:30:23 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.10 2023/11/18 16:26:16 deraadt Exp $ */
 
 /*-
  * Copyright (c) 2001 Ross Harvey
@@ -100,10 +100,8 @@
 	"	ba,pt	%icc, ___start		\n" \
 	"	 clr	%o1			\n" \
 	"					\n" \
-	"	.global	_dl_exit		\n" \
+	"	.global	_csu_abort		\n" \
-	"_dl_exit:				\n" \
+	"_csu_abort:				\n" \
-	"	mov	" STR(SYS_exit) ", %g1	\n" \
-	"	t	0			\n" \
 	"	unimp				\n" \
 	"	.previous")
 

lib/libcrypto/asn1/a_pkey.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_pkey.c,v 1.6 2023/07/07 19:37:52 beck Exp $ */
+/* $OpenBSD: a_pkey.c,v 1.7 2023/11/19 15:46:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -67,10 +67,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
 #include "asn1_local.h"
 #include "evp_local.h"
 
@@ -87,10 +83,6 @@ d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
 		}
 	} else {
 		ret = *a;
-#ifndef OPENSSL_NO_ENGINE
-		ENGINE_finish(ret->engine);
-		ret->engine = NULL;
-#endif
 	}
 
 	if (!EVP_PKEY_set_type(ret, type)) {

lib/libcrypto/asn1/ameth_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ameth_lib.c,v 1.32 2023/07/07 19:37:52 beck Exp $ */
+/* $OpenBSD: ameth_lib.c,v 1.33 2023/11/19 15:46:09 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -64,10 +64,6 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
 #include "asn1_local.h"
 #include "evp_local.h"
 
@@ -170,15 +166,6 @@ EVP_PKEY_asn1_find(ENGINE **pe, int type)
 		type = mp->pkey_base_id;
 	}
 	if (pe) {
-#ifndef OPENSSL_NO_ENGINE
-		ENGINE *e;
-		/* type will contain the final unaliased type */
-		e = ENGINE_get_pkey_asn1_meth_engine(type);
-		if (e) {
-			*pe = e;
-			return ENGINE_get_pkey_asn1_meth(e, type);
-		}
-#endif
 		*pe = NULL;
 	}
 	return mp;
@@ -193,20 +180,6 @@ EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len)
 	if (len == -1)
 		len = strlen(str);
 	if (pe) {
-#ifndef OPENSSL_NO_ENGINE
-		ENGINE *e;
-		ameth = ENGINE_pkey_asn1_find_str(&e, str, len);
-		if (ameth) {
-			/* Convert structural into
-			 * functional reference
-			 */
-			if (!ENGINE_init(e))
-				ameth = NULL;
-			ENGINE_free(e);
-			*pe = e;
-			return ameth;
-		}
-#endif
 		*pe = NULL;
 	}
 	for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {

lib/libcrypto/conf/conf_mall.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_mall.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: conf_mall.c,v 1.10 2023/11/19 15:46:09 tb Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -65,10 +65,6 @@
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
 /* Load all OpenSSL builtin modules */
 
 void
@@ -76,7 +72,4 @@ OPENSSL_load_builtin_modules(void)
 {
 	/* Add builtin modules here */
 	ASN1_add_oid_module();
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_add_conf_module();
-#endif
 }

lib/libcrypto/conf/conf_sap.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_sap.c,v 1.14 2018/03/19 03:56:08 beck Exp $ */
+/* $OpenBSD: conf_sap.c,v 1.15 2023/11/19 15:46:09 tb Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -67,10 +67,6 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
 /* This is the automatic configuration loader: it is called automatically by
  * OpenSSL when any of a number of standard initialisation functions are called,
  * unless this is overridden by calling OPENSSL_no_config()
@@ -84,10 +80,6 @@ static void
 OPENSSL_config_internal(void)
 {
 	OPENSSL_load_builtin_modules();
-#ifndef OPENSSL_NO_ENGINE
-	/* Need to load ENGINEs */
-	ENGINE_load_builtin_engines();
-#endif
 	/* Add others here? */
 
 	ERR_clear_error();

lib/libcrypto/crypto_init.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto_init.c,v 1.11 2023/07/08 08:28:23 beck Exp $ */
+/*	$OpenBSD: crypto_init.c,v 1.12 2023/11/19 15:46:09 tb Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  *
@@ -22,9 +22,6 @@
 
 #include <openssl/asn1.h>
 #include <openssl/conf.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
@@ -84,9 +81,6 @@ OPENSSL_cleanup(void)
 	ERR_free_strings();
 
 	CRYPTO_cleanup_all_ex_data();
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_cleanup();
-#endif
 	EVP_cleanup();
 
 	ASN1_STRING_TABLE_cleanup();

lib/libcrypto/dh/dh_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_lib.c,v 1.41 2023/08/13 12:09:14 tb Exp $ */
+/* $OpenBSD: dh_lib.c,v 1.42 2023/11/19 15:46:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -65,10 +65,6 @@
 #include <openssl/dh.h>
 #include <openssl/err.h>
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
 #include "dh_local.h"
 
 static const DH_METHOD *default_DH_method = NULL;
@@ -101,10 +97,6 @@ DH_set_method(DH *dh, const DH_METHOD *meth)
 	mtmp = dh->meth;
 	if (mtmp->finish)
 		mtmp->finish(dh);
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_finish(dh->engine);
-	dh->engine = NULL;
-#endif
 	dh->meth = meth;
 	if (meth->init)
 		meth->init(dh);
@@ -133,24 +125,6 @@ DH_new_method(ENGINE *engine)
 	dh->flags = dh->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
 	dh->references = 1;
 
-#ifndef OPENSSL_NO_ENGINE
-	if (engine != NULL) {
-		if (!ENGINE_init(engine)) {
-			DHerror(ERR_R_ENGINE_LIB);
-			goto err;
-		}
-		dh->engine = engine;
-	} else
-		dh->engine = ENGINE_get_default_DH();
-	if (dh->engine != NULL) {
-		if ((dh->meth = ENGINE_get_DH(dh->engine)) == NULL) {
-			DHerror(ERR_R_ENGINE_LIB);
-			goto err;
-		}
-		dh->flags = dh->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
-	}
-#endif
-
 	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, dh, &dh->ex_data))
 		goto err;
 	if (dh->meth->init != NULL && !dh->meth->init(dh))
@@ -178,9 +152,6 @@ DH_free(DH *r)
 
 	if (r->meth != NULL && r->meth->finish != NULL)
 		r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_finish(r->engine);
-#endif
 
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
 

lib/libcrypto/dsa/dsa_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_lib.c,v 1.44 2023/08/12 06:14:36 tb Exp $ */
+/* $OpenBSD: dsa_lib.c,v 1.45 2023/11/19 15:46:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -70,9 +70,6 @@
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 
 #include "dh_local.h"
 #include "dsa_local.h"
@@ -113,10 +110,6 @@ DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
 	mtmp = dsa->meth;
 	if (mtmp->finish)
 		mtmp->finish(dsa);
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_finish(dsa->engine);
-	dsa->engine = NULL;
-#endif
 	dsa->meth = meth;
 	if (meth->init)
 		meth->init(dsa);
@@ -138,24 +131,6 @@ DSA_new_method(ENGINE *engine)
 	dsa->flags = dsa->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
 	dsa->references = 1;
 
-#ifndef OPENSSL_NO_ENGINE
-	if (engine) {
-		if (!ENGINE_init(engine)) {
-			DSAerror(ERR_R_ENGINE_LIB);
-			goto err;
-		}
-		dsa->engine = engine;
-	} else
-		dsa->engine = ENGINE_get_default_DSA();
-	if (dsa->engine != NULL) {
-		if ((dsa->meth = ENGINE_get_DSA(dsa->engine)) == NULL) {
-			DSAerror(ERR_R_ENGINE_LIB);
-			goto err;
-		}
-		dsa->flags = dsa->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
-	}
-#endif
-
 	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, dsa, &dsa->ex_data))
 		goto err;
 	if (dsa->meth->init != NULL && !dsa->meth->init(dsa))
@@ -184,9 +159,6 @@ DSA_free(DSA *r)
 
 	if (r->meth != NULL && r->meth->finish != NULL)
 		r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_finish(r->engine);
-#endif
 
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
 

lib/libcrypto/ec/ec_key.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_key.c,v 1.37 2023/08/03 18:53:56 tb Exp $ */
+/* $OpenBSD: ec_key.c,v 1.38 2023/11/19 15:46:09 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -65,9 +65,6 @@
 
 #include <openssl/opensslconf.h>
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #include <openssl/err.h>
 
 #include "bn_local.h"
@@ -115,9 +112,6 @@ EC_KEY_free(EC_KEY *r)
 	if (r->meth != NULL && r->meth->finish != NULL)
 		r->meth->finish(r);
 
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_finish(r->engine);
-#endif
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data);
 
 	EC_GROUP_free(r->group);
@@ -138,11 +132,6 @@ EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
 	if (src->meth != dest->meth) {
 		if (dest->meth != NULL && dest->meth->finish != NULL)
 			dest->meth->finish(dest);
-#ifndef OPENSSL_NO_ENGINE
-		if (ENGINE_finish(dest->engine) == 0)
-			return 0;
-		dest->engine = NULL;
-#endif
 	}
 	/* copy the parameters */
 	if (src->group) {
@@ -186,11 +175,6 @@ EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
 		return NULL;
 
 	if (src->meth != dest->meth) {
-#ifndef OPENSSL_NO_ENGINE
-		if (src->engine != NULL && ENGINE_init(src->engine) == 0)
-			return 0;
-		dest->engine = src->engine;
-#endif
 		dest->meth = src->meth;
 	}
 

lib/libcrypto/ec/ec_kmeth.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ec_kmeth.c,v 1.12 2023/07/28 09:28:37 tb Exp $	*/
+/*	$OpenBSD: ec_kmeth.c,v 1.13 2023/11/19 15:46:09 tb Exp $	*/
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -53,9 +53,6 @@
  */
 
 #include <openssl/ec.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #include <openssl/err.h>
 
 #include "bn_local.h"
@@ -126,11 +123,6 @@ EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth)
 	if (finish != NULL)
 		finish(key);
 
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_finish(key->engine);
-	key->engine = NULL;
-#endif
-
 	key->meth = meth;
 	if (meth->init != NULL)
 		return meth->init(key);
@@ -148,23 +140,6 @@ EC_KEY_new_method(ENGINE *engine)
 		return NULL;
 	}
 	ret->meth = EC_KEY_get_default_method();
-#ifndef OPENSSL_NO_ENGINE
-	if (engine != NULL) {
-		if (!ENGINE_init(engine)) {
-			ECerror(ERR_R_ENGINE_LIB);
-			goto err;
-		}
-		ret->engine = engine;
-	} else
-		ret->engine = ENGINE_get_default_EC();
-	if (ret->engine) {
-		ret->meth = ENGINE_get_EC(ret->engine);
-		if (ret->meth == NULL) {
-			ECerror(ERR_R_ENGINE_LIB);
-			goto err;
-		}
-	}
-#endif
 	ret->version = 1;
 	ret->flags = 0;
 	ret->group = NULL;

lib/libcrypto/engine/engine.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: engine.h,v 1.42 2023/08/04 05:44:51 tb Exp $ */
+/* $OpenBSD: engine.h,v 1.43 2023/11/19 15:41:46 tb Exp $ */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
  * project 2000.
  */
@@ -89,8 +89,6 @@
 extern "C" {
 #endif
 
-/* These flags are used to control combinations of algorithm (methods)
- * by bitwise "OR"ing. */
 #define ENGINE_METHOD_RSA		(unsigned int)0x0001
 #define ENGINE_METHOD_DSA		(unsigned int)0x0002
 #define ENGINE_METHOD_DH		(unsigned int)0x0004
@@ -101,145 +99,43 @@ extern "C" {
 #define ENGINE_METHOD_PKEY_METHS	(unsigned int)0x0200
 #define ENGINE_METHOD_PKEY_ASN1_METHS	(unsigned int)0x0400
 #define ENGINE_METHOD_EC		(unsigned int)0x0800
-/* Obvious all-or-nothing cases. */
 #define ENGINE_METHOD_ALL		(unsigned int)0xFFFF
 #define ENGINE_METHOD_NONE		(unsigned int)0x0000
 
-/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
- * internally to control registration of ENGINE implementations, and can be set
- * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
- * initialise registered ENGINEs if they are not already initialised. */
 #define ENGINE_TABLE_FLAG_NOINIT	(unsigned int)0x0001
 
-/* ENGINE flags that can be set by ENGINE_set_flags(). */
-/* #define ENGINE_FLAGS_MALLOCED	0x0001 */ /* Not used */
-
-/* This flag is for ENGINEs that wish to handle the various 'CMD'-related
- * control commands on their own. Without this flag, ENGINE_ctrl() handles these
- * control commands on behalf of the ENGINE using their "cmd_defns" data. */
 #define ENGINE_FLAGS_MANUAL_CMD_CTRL	(int)0x0002
-
-/* This flag is for ENGINEs who return new duplicate structures when found via
- * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()
- * commands are called in sequence as part of some stateful process like
- * key-generation setup and execution), it can set this flag - then each attempt
- * to obtain the ENGINE will result in it being copied into a new structure.
- * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments
- * the existing ENGINE's structural reference count. */
 #define ENGINE_FLAGS_BY_ID_COPY		(int)0x0004
-
-/* This flag if for an ENGINE that does not want its methods registered as
- * part of ENGINE_register_all_complete() for example if the methods are
- * not usable as default methods.
- */
-
 #define ENGINE_FLAGS_NO_REGISTER_ALL	(int)0x0008
-
-/* ENGINEs can support their own command types, and these flags are used in
- * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
- * command expects. Currently only numeric and string input is supported. If a
- * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,
- * then it is regarded as an "internal" control command - and not for use in
- * config setting situations. As such, they're not available to the
- * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to
- * this list of 'command types' should be reflected carefully in
- * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */
-
-/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
 #define ENGINE_CMD_FLAG_NUMERIC		(unsigned int)0x0001
-/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to
- * ENGINE_ctrl) */
 #define ENGINE_CMD_FLAG_STRING		(unsigned int)0x0002
-/* Indicates that the control command takes *no* input. Ie. the control command
- * is unparameterised. */
 #define ENGINE_CMD_FLAG_NO_INPUT	(unsigned int)0x0004
-/* Indicates that the control command is internal. This control command won't
- * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
- * function. */
 #define ENGINE_CMD_FLAG_INTERNAL	(unsigned int)0x0008
 
-/* NB: These 3 control commands are deprecated and should not be used. ENGINEs
- * relying on these commands should compile conditional support for
- * compatibility (eg. if these symbols are defined) but should also migrate the
- * same functionality to their own ENGINE-specific control functions that can be
- * "discovered" by calling applications. The fact these control commands
- * wouldn't be "executable" (ie. usable by text-based config) doesn't change the
- * fact that application code can find and use them without requiring per-ENGINE
- * hacking. */
-
-/* These flags are used to tell the ctrl function what should be done.
- * All command numbers are shared between all engines, even if some don't
- * make sense to some engines.  In such a case, they do nothing but return
- * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
 #define ENGINE_CTRL_SET_LOGSTREAM		1
 #define ENGINE_CTRL_SET_PASSWORD_CALLBACK	2
-#define ENGINE_CTRL_HUP				3 /* Close and reinitialise any
+#define ENGINE_CTRL_HUP				3
-						     handles/connections etc. */
+#define ENGINE_CTRL_SET_USER_INTERFACE		4
-#define ENGINE_CTRL_SET_USER_INTERFACE          4 /* Alternative to callback */
+#define ENGINE_CTRL_SET_CALLBACK_DATA		5
-#define ENGINE_CTRL_SET_CALLBACK_DATA           5 /* User-specific data, used
+#define ENGINE_CTRL_LOAD_CONFIGURATION		6
-						     when calling the password
+#define ENGINE_CTRL_LOAD_SECTION		7
-						     callback and the user
-						     interface */
-#define ENGINE_CTRL_LOAD_CONFIGURATION		6 /* Load a configuration, given
-						     a string that represents a
-						     file name or so */
-#define ENGINE_CTRL_LOAD_SECTION		7 /* Load data from a given
-						     section in the already loaded
-						     configuration */
 
-/* These control commands allow an application to deal with an arbitrary engine
- * in a dynamic way. Warn: Negative return values indicate errors FOR THESE
- * COMMANDS because zero is used to indicate 'end-of-list'. Other commands,
- * including ENGINE-specific command types, return zero for an error.
- *
- * An ENGINE can choose to implement these ctrl functions, and can internally
- * manage things however it chooses - it does so by setting the
- * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the
- * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns
- * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()
- * handler need only implement its own commands - the above "meta" commands will
- * be taken care of. */
-
-/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then
- * all the remaining control commands will return failure, so it is worth
- * checking this first if the caller is trying to "discover" the engine's
- * capabilities and doesn't want errors generated unnecessarily. */
 #define ENGINE_CTRL_HAS_CTRL_FUNCTION		10
-/* Returns a positive command number for the first command supported by the
- * engine. Returns zero if no ctrl commands are supported. */
 #define ENGINE_CTRL_GET_FIRST_CMD_TYPE		11
-/* The 'long' argument specifies a command implemented by the engine, and the
- * return value is the next command supported, or zero if there are no more. */
 #define ENGINE_CTRL_GET_NEXT_CMD_TYPE		12
-/* The 'void*' argument is a command name (cast from 'const char *'), and the
- * return value is the command that corresponds to it. */
 #define ENGINE_CTRL_GET_CMD_FROM_NAME		13
-/* The next two allow a command to be converted into its corresponding string
- * form. In each case, the 'long' argument supplies the command. In the NAME_LEN
- * case, the return value is the length of the command name (not counting a
- * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer
- * large enough, and it will be populated with the name of the command (WITH a
- * trailing EOL). */
 #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD	14
 #define ENGINE_CTRL_GET_NAME_FROM_CMD		15
-/* The next two are similar but give a "short description" of a command. */
 #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD	16
 #define ENGINE_CTRL_GET_DESC_FROM_CMD		17
-/* With this command, the return value is the OR'd combination of
- * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
- * engine-specific ctrl command expects. */
 #define ENGINE_CTRL_GET_CMD_FLAGS		18
 
-/* ENGINE implementations should start the numbering of their own control
- * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
 #define ENGINE_CMD_BASE				200
 
 /*
  * Prototypes for the stub functions in engine_stubs.c. They are provided to
- * build M2Crypto, Dovecot, apr-utils without patching. All the other garbage
+ * build M2Crypto, Dovecot, apr-utils without patching.
- * can hopefully go away soon.
  */
-#ifdef OPENSSL_NO_ENGINE
 void ENGINE_load_builtin_engines(void);
 void ENGINE_load_dynamic(void);
 void ENGINE_load_openssl(void);
@@ -261,7 +157,7 @@ int ENGINE_set_default(ENGINE *engine, unsigned int flags);
 ENGINE *ENGINE_get_default_RSA(void);
 int ENGINE_set_default_RSA(ENGINE *engine);
 
-int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p,
+int ENGINE_ctrl_cmd(ENGINE *engine, const char *cmd_name, long i, void *p,
     void (*f)(void), int cmd_optional);
 int ENGINE_ctrl_cmd_string(ENGINE *engine, const char *cmd, const char *arg,
     int cmd_optional);
@@ -270,460 +166,6 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *engine, const char *key_id,
     UI_METHOD *ui_method, void *callback_data);
 EVP_PKEY *ENGINE_load_public_key(ENGINE *engine, const char *key_id,
     UI_METHOD *ui_method, void *callback_data);
-#else
-/* If an ENGINE supports its own specific control commands and wishes the
- * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
- * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
- * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that
- * supports the stated commands (ie. the "cmd_num" entries as described by the
- * array). NB: The array must be ordered in increasing order of cmd_num.
- * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set
- * to zero and/or cmd_name set to NULL. */
-typedef struct ENGINE_CMD_DEFN_st {
-	unsigned int cmd_num; /* The command number */
-	const char *cmd_name; /* The command name itself */
-	const char *cmd_desc; /* A short description of the command */
-	unsigned int cmd_flags; /* The input the command expects */
-} ENGINE_CMD_DEFN;
-
-/* Generic function pointer */
-typedef int (*ENGINE_GEN_FUNC_PTR)(void);
-/* Generic function pointer taking no arguments */
-typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
-/* Specific control function pointer */
-typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *,
-    void (*f)(void));
-/* Generic load_key function pointer */
-typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
-    UI_METHOD *ui_method, void *callback_data);
-typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
-    STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
-    STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
-
-/* These callback types are for an ENGINE's handler for cipher and digest logic.
- * These handlers have these prototypes;
- *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
- *   int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
- * Looking at how to implement these handlers in the case of cipher support, if
- * the framework wants the EVP_CIPHER for 'nid', it will call;
- *   foo(e, &p_evp_cipher, NULL, nid);    (return zero for failure)
- * If the framework wants a list of supported 'nid's, it will call;
- *   foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
- */
-/* Returns to a pointer to the array of supported cipher 'nid's. If the second
- * parameter is non-NULL it is set to the size of the returned array. */
-typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **,
-    const int **, int);
-typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
-typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **,
-    const int **, int);
-typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **,
-    const int **, int);
-
-/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
- * structures where the pointers have a "structural reference". This means that
- * their reference is to allowed access to the structure but it does not imply
- * that the structure is functional. To simply increment or decrement the
- * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not
- * required when iterating using ENGINE_get_next as it will automatically
- * decrement the structural reference count of the "current" ENGINE and
- * increment the structural reference count of the ENGINE it returns (unless it
- * is NULL). */
-
-/* Get the first/last "ENGINE" type available. */
-ENGINE *ENGINE_get_first(void);
-ENGINE *ENGINE_get_last(void);
-/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
-ENGINE *ENGINE_get_next(ENGINE *e);
-ENGINE *ENGINE_get_prev(ENGINE *e);
-/* Add another "ENGINE" type into the array. */
-int ENGINE_add(ENGINE *e);
-/* Remove an existing "ENGINE" type from the array. */
-int ENGINE_remove(ENGINE *e);
-/* Retrieve an engine from the list by its unique "id" value. */
-ENGINE *ENGINE_by_id(const char *id);
-/* Add all the built-in engines. */
-void ENGINE_load_openssl(void);
-void ENGINE_load_dynamic(void);
-#ifndef OPENSSL_NO_STATIC_ENGINE
-void ENGINE_load_padlock(void);
-#endif
-void ENGINE_load_builtin_engines(void);
-
-/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
- * "registry" handling. */
-unsigned int ENGINE_get_table_flags(void);
-void ENGINE_set_table_flags(unsigned int flags);
-
-/* Manage registration of ENGINEs per "table". For each type, there are 3
- * functions;
- *   ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
- *   ENGINE_unregister_***(e) - unregister the implementation from 'e'
- *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
- * Cleanup is automatically registered from each table when required, so
- * ENGINE_cleanup() will reverse any "register" operations. */
-
-int ENGINE_register_RSA(ENGINE *e);
-void ENGINE_unregister_RSA(ENGINE *e);
-void ENGINE_register_all_RSA(void);
-
-int ENGINE_register_DSA(ENGINE *e);
-void ENGINE_unregister_DSA(ENGINE *e);
-void ENGINE_register_all_DSA(void);
-
-int ENGINE_register_EC(ENGINE *e);
-void ENGINE_unregister_EC(ENGINE *e);
-void ENGINE_register_all_EC(void);
-
-int ENGINE_register_DH(ENGINE *e);
-void ENGINE_unregister_DH(ENGINE *e);
-void ENGINE_register_all_DH(void);
-
-int ENGINE_register_RAND(ENGINE *e);
-void ENGINE_unregister_RAND(ENGINE *e);
-void ENGINE_register_all_RAND(void);
-
-int ENGINE_register_STORE(ENGINE *e);
-void ENGINE_unregister_STORE(ENGINE *e);
-void ENGINE_register_all_STORE(void);
-
-int ENGINE_register_ciphers(ENGINE *e);
-void ENGINE_unregister_ciphers(ENGINE *e);
-void ENGINE_register_all_ciphers(void);
-
-int ENGINE_register_digests(ENGINE *e);
-void ENGINE_unregister_digests(ENGINE *e);
-void ENGINE_register_all_digests(void);
-
-int ENGINE_register_pkey_meths(ENGINE *e);
-void ENGINE_unregister_pkey_meths(ENGINE *e);
-void ENGINE_register_all_pkey_meths(void);
-
-int ENGINE_register_pkey_asn1_meths(ENGINE *e);
-void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
-void ENGINE_register_all_pkey_asn1_meths(void);
-
-/* These functions register all support from the above categories. Note, use of
- * these functions can result in static linkage of code your application may not
- * need. If you only need a subset of functionality, consider using more
- * selective initialisation. */
-int ENGINE_register_complete(ENGINE *e);
-int ENGINE_register_all_complete(void);
-
-/* Send parametrised control commands to the engine. The possibilities to send
- * down an integer, a pointer to data or a function pointer are provided. Any of
- * the parameters may or may not be NULL, depending on the command number. In
- * actuality, this function only requires a structural (rather than functional)
- * reference to an engine, but many control commands may require the engine be
- * functional. The caller should be aware of trying commands that require an
- * operational ENGINE, and only use functional references in such situations. */
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-
-/* This function tests if an ENGINE-specific command is usable as a "setting".
- * Eg. in an application's config file that gets processed through
- * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
- * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */
-int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
-
-/* This function works like ENGINE_ctrl() with the exception of taking a
- * command name instead of a command number, and can handle optional commands.
- * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to
- * use the cmd_name and cmd_optional. */
-int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
-    long i, void *p, void (*f)(void), int cmd_optional);
-
-/* This function passes a command-name and argument to an ENGINE. The cmd_name
- * is converted to a command number and the control command is called using
- * 'arg' as an argument (unless the ENGINE doesn't support such a command, in
- * which case no control command is called). The command is checked for input
- * flags, and if necessary the argument will be converted to a numeric value. If
- * cmd_optional is non-zero, then if the ENGINE doesn't support the given
- * cmd_name the return value will be success anyway. This function is intended
- * for applications to use so that users (or config files) can supply
- * engine-specific config data to the ENGINE at run-time to control behaviour of
- * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()
- * functions that return data, deal with binary data, or that are otherwise
- * supposed to be used directly through ENGINE_ctrl() in application code. Any
- * "return" data from an ENGINE_ctrl() operation in this function will be lost -
- * the return value is interpreted as failure if the return value is zero,
- * success otherwise, and this function returns a boolean value as a result. In
- * other words, vendors of 'ENGINE'-enabled devices should write ENGINE
- * implementations with parameterisations that work in this scheme, so that
- * compliant ENGINE-based applications can work consistently with the same
- * configuration for the same ENGINE-enabled devices, across applications. */
-int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
-    int cmd_optional);
-
-/* These functions are useful for manufacturing new ENGINE structures. They
- * don't address reference counting at all - one uses them to populate an ENGINE
- * structure with personalised implementations of things prior to using it
- * directly or adding it to the builtin ENGINE list in OpenSSL. These are also
- * here so that the ENGINE structure doesn't have to be exposed and break binary
- * compatibility! */
-ENGINE *ENGINE_new(void);
-int ENGINE_free(ENGINE *e);
-int ENGINE_up_ref(ENGINE *e);
-int ENGINE_set_id(ENGINE *e, const char *id);
-int ENGINE_set_name(ENGINE *e, const char *name);
-int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
-int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
-int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ec_meth);
-int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
-int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
-int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth);
-int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
-int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
-int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
-int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
-int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
-int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
-    ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
-int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
-int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
-int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
-int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f);
-int ENGINE_set_flags(ENGINE *e, int flags);
-int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
-/* These functions allow control over any per-structure ENGINE data. */
-int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
-void *ENGINE_get_ex_data(const ENGINE *e, int idx);
-
-/* This function cleans up anything that needs it. Eg. the ENGINE_add() function
- * automatically ensures the list cleanup function is registered to be called
- * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure
- * ENGINE_cleanup() will clean up after them. */
-void ENGINE_cleanup(void);
-
-/* These return values from within the ENGINE structure. These can be useful
- * with functional references as well as structural references - it depends
- * which you obtained. Using the result for functional purposes if you only
- * obtained a structural reference may be problematic! */
-const char *ENGINE_get_id(const ENGINE *e);
-const char *ENGINE_get_name(const ENGINE *e);
-const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
-const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
-const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e);
-const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
-const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
-const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e);
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
-ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
-ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
-ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
-ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
-ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
-ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e);
-const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
-const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
-const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid);
-const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid);
-const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
-    const char *str, int len);
-const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
-    const char *str, int len);
-const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
-int ENGINE_get_flags(const ENGINE *e);
-
-/* FUNCTIONAL functions. These functions deal with ENGINE structures
- * that have (or will) be initialised for use. Broadly speaking, the
- * structural functions are useful for iterating the list of available
- * engine types, creating new engine types, and other "list" operations.
- * These functions actually deal with ENGINEs that are to be used. As
- * such these functions can fail (if applicable) when particular
- * engines are unavailable - eg. if a hardware accelerator is not
- * attached or not functioning correctly. Each ENGINE has 2 reference
- * counts; structural and functional. Every time a functional reference
- * is obtained or released, a corresponding structural reference is
- * automatically obtained or released too. */
-
-/* Initialise a engine type for use (or up its reference count if it's
- * already in use). This will fail if the engine is not currently
- * operational and cannot initialise. */
-int ENGINE_init(ENGINE *e);
-/* Free a functional reference to a engine type. This does not require
- * a corresponding call to ENGINE_free as it also releases a structural
- * reference. */
-int ENGINE_finish(ENGINE *e);
-
-/* The following functions handle keys that are stored in some secondary
- * location, handled by the engine.  The storage may be on a card or
- * whatever. */
-EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
-    UI_METHOD *ui_method, void *callback_data);
-EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
-    UI_METHOD *ui_method, void *callback_data);
-int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
-    STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
-    STACK_OF(X509) **pother,
-    UI_METHOD *ui_method, void *callback_data);
-
-/* This returns a pointer for the current ENGINE structure that
- * is (by default) performing any RSA operations. The value returned
- * is an incremented reference, so it should be free'd (ENGINE_finish)
- * before it is discarded. */
-ENGINE *ENGINE_get_default_RSA(void);
-/* Same for the other "methods" */
-ENGINE *ENGINE_get_default_DSA(void);
-ENGINE *ENGINE_get_default_EC(void);
-ENGINE *ENGINE_get_default_DH(void);
-ENGINE *ENGINE_get_default_RAND(void);
-/* These functions can be used to get a functional reference to perform
- * ciphering or digesting corresponding to "nid". */
-ENGINE *ENGINE_get_cipher_engine(int nid);
-ENGINE *ENGINE_get_digest_engine(int nid);
-ENGINE *ENGINE_get_pkey_meth_engine(int nid);
-ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
-
-/* This sets a new default ENGINE structure for performing RSA
- * operations. If the result is non-zero (success) then the ENGINE
- * structure will have had its reference count up'd so the caller
- * should still free their own reference 'e'. */
-int ENGINE_set_default_RSA(ENGINE *e);
-int ENGINE_set_default_string(ENGINE *e, const char *def_list);
-/* Same for the other "methods" */
-int ENGINE_set_default_DSA(ENGINE *e);
-int ENGINE_set_default_EC(ENGINE *e);
-int ENGINE_set_default_DH(ENGINE *e);
-int ENGINE_set_default_RAND(ENGINE *e);
-int ENGINE_set_default_ciphers(ENGINE *e);
-int ENGINE_set_default_digests(ENGINE *e);
-int ENGINE_set_default_pkey_meths(ENGINE *e);
-int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
-
-/* The combination "set" - the flags are bitwise "OR"d from the
- * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
- * function, this function can result in unnecessary static linkage. If your
- * application requires only specific functionality, consider using more
- * selective functions. */
-int ENGINE_set_default(ENGINE *e, unsigned int flags);
-
-void ENGINE_add_conf_module(void);
-
-/* Deprecated functions ... */
-/* int ENGINE_clear_defaults(void); */
-
-/**************************/
-/* DYNAMIC ENGINE SUPPORT */
-/**************************/
-
-/* Binary/behaviour compatibility levels */
-#define OSSL_DYNAMIC_VERSION		(unsigned long)0x00020000
-/* Binary versions older than this are too old for us (whether we're a loader or
- * a loadee) */
-#define OSSL_DYNAMIC_OLDEST		(unsigned long)0x00020000
-
-/* When compiling an ENGINE entirely as an external shared library, loadable by
- * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
- * type provides the calling application's (or library's) error functionality
- * and memory management function pointers to the loaded library. These should
- * be used/set in the loaded library code so that the loading application's
- * 'state' will be used/changed in all operations. The 'static_state' pointer
- * allows the loaded library to know if it shares the same static data as the
- * calling application (or library), and thus whether these callbacks need to be
- * set or not. */
-typedef void *(*dyn_MEM_malloc_cb)(size_t);
-typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);
-typedef void (*dyn_MEM_free_cb)(void *);
-typedef struct st_dynamic_MEM_fns {
-	dyn_MEM_malloc_cb			malloc_cb;
-	dyn_MEM_realloc_cb			realloc_cb;
-	dyn_MEM_free_cb				free_cb;
-} dynamic_MEM_fns;
-/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use
- * these types so we (and any other dependent code) can simplify a bit?? */
-typedef void (*dyn_lock_locking_cb)(int, int, const char *, int);
-typedef int (*dyn_lock_add_lock_cb)(int*, int, int, const char *, int);
-typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(
-    const char *, int);
-typedef void (*dyn_dynlock_lock_cb)(int, struct CRYPTO_dynlock_value *,
-    const char *, int);
-typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *,
-    const char *, int);
-typedef struct st_dynamic_LOCK_fns {
-	dyn_lock_locking_cb			lock_locking_cb;
-	dyn_lock_add_lock_cb			lock_add_lock_cb;
-	dyn_dynlock_create_cb			dynlock_create_cb;
-	dyn_dynlock_lock_cb			dynlock_lock_cb;
-	dyn_dynlock_destroy_cb			dynlock_destroy_cb;
-} dynamic_LOCK_fns;
-/* The top-level structure */
-typedef struct st_dynamic_fns {
-	void 					*static_state;
-	const ERR_FNS				*err_fns;
-	const CRYPTO_EX_DATA_IMPL		*ex_data_fns;
-	dynamic_MEM_fns				mem_fns;
-	dynamic_LOCK_fns			lock_fns;
-} dynamic_fns;
-
-/* The version checking function should be of this prototype. NB: The
- * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.
- * If this function returns zero, it indicates a (potential) version
- * incompatibility and the loaded library doesn't believe it can proceed.
- * Otherwise, the returned value is the (latest) version supported by the
- * loading library. The loader may still decide that the loaded code's version
- * is unsatisfactory and could veto the load. The function is expected to
- * be implemented with the symbol name "v_check", and a default implementation
- * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
-typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
-#define IMPLEMENT_DYNAMIC_CHECK_FN() \
-	extern unsigned long v_check(unsigned long v); \
-	extern unsigned long v_check(unsigned long v) { \
-		if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
-		return 0; }
-
-/* This function is passed the ENGINE structure to initialise with its own
- * function and command settings. It should not adjust the structural or
- * functional reference counts. If this function returns zero, (a) the load will
- * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the
- * structure, and (c) the shared library will be unloaded. So implementations
- * should do their own internal cleanup in failure circumstances otherwise they
- * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that
- * the loader is looking for. If this is NULL, the shared library can choose to
- * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared
- * library must initialise only an ENGINE matching the passed 'id'. The function
- * is expected to be implemented with the symbol name "bind_engine". A standard
- * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where
- * the parameter 'fn' is a callback function that populates the ENGINE structure
- * and returns an int value (zero for failure). 'fn' should have prototype;
- *    [static] int fn(ENGINE *e, const char *id); */
-typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
-    const dynamic_fns *fns);
-#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
-	extern \
-	int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
-	extern \
-	int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
-		if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
-		if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
-			fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
-			return 0; \
-		if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
-			return 0; \
-		if(!ERR_set_implementation(fns->err_fns)) return 0; \
-	skip_cbs: \
-		if(!fn(e,id)) return 0; \
-		return 1; }
-
-/* If the loading application (or library) and the loaded ENGINE library share
- * the same static data (eg. they're both dynamically linked to the same
- * libcrypto.so) we need a way to avoid trying to set system callbacks - this
- * would fail, and for the same reason that it's unnecessary to try. If the
- * loaded ENGINE has (or gets from through the loader) its own copy of the
- * libcrypto static data, we will need to set the callbacks. The easiest way to
- * detect this is to have a function that returns a pointer to some static data
- * and let the loading application and loaded ENGINE compare their respective
- * values. */
-					void *ENGINE_get_static_state(void);
-
-void ERR_load_ENGINE_strings(void);
-#endif
 
 /* Error codes for the ENGINE functions. */
 

lib/libcrypto/engine/engine_stubs.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: engine_stubs.c,v 1.1 2023/07/21 09:04:23 tb Exp $ */
+/*	$OpenBSD: engine_stubs.c,v 1.3 2023/11/19 15:47:40 tb Exp $ */
 
 /*
  * Written by Theo Buehler. Public domain.
@@ -6,8 +6,6 @@
 
 #include <openssl/engine.h>
 
-#ifdef OPENSSL_NO_ENGINE
-
 void
 ENGINE_load_builtin_engines(void)
 {
@@ -95,7 +93,7 @@ ENGINE_set_default_RSA(ENGINE *engine)
 }
 
 int
-ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p,
+ENGINE_ctrl_cmd(ENGINE *engine, const char *cmd_name, long i, void *p,
     void (*f)(void), int cmd_optional)
 {
 	return 0;
@@ -121,5 +119,3 @@ ENGINE_load_public_key(ENGINE *engine, const char *key_id,
 {
 	return NULL;
 }
-
-#endif

lib/libcrypto/err/err_all.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: err_all.c,v 1.32 2023/07/28 09:46:36 tb Exp $ */
+/* $OpenBSD: err_all.c,v 1.33 2023/11/19 15:46:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -91,9 +91,6 @@
 #ifndef OPENSSL_NO_EC
 #include <openssl/ec.h>
 #endif
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
@@ -129,9 +126,6 @@ ERR_load_crypto_strings_internal(void)
 #endif
 #ifndef OPENSSL_NO_EC
 	ERR_load_EC_strings();
-#endif
-#ifndef OPENSSL_NO_ENGINE
-	ERR_load_ENGINE_strings();
 #endif
 	ERR_load_EVP_strings();
 #ifndef OPENSSL_NO_GOST

lib/libcrypto/evp/digest.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: digest.c,v 1.38 2023/07/07 19:37:53 beck Exp $ */
+/* $OpenBSD: digest.c,v 1.39 2023/11/19 15:46:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -118,10 +118,6 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
 #include "evp_local.h"
 
 int
@@ -136,49 +132,6 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 {
 	EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
 
-#ifndef OPENSSL_NO_ENGINE
-	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
-	 * so this context may already have an ENGINE! Try to avoid releasing
-	 * the previous handle, re-querying for an ENGINE, and having a
-	 * reinitialisation, when it may all be unnecessary. */
-	if (ctx->engine && ctx->digest && (!type ||
-	    (type && (type->type == ctx->digest->type))))
-		goto skip_to_init;
-	if (type) {
-		/* Ensure an ENGINE left lying around from last time is cleared
-		 * (the previous check attempted to avoid this if the same
-		 * ENGINE and EVP_MD could be used). */
-		ENGINE_finish(ctx->engine);
-		if (impl != NULL) {
-			if (!ENGINE_init(impl)) {
-				EVPerror(EVP_R_INITIALIZATION_ERROR);
-				return 0;
-			}
-		} else
-			/* Ask if an ENGINE is reserved for this job */
-			impl = ENGINE_get_digest_engine(type->type);
-		if (impl != NULL) {
-			/* There's an ENGINE for this job ... (apparently) */
-			const EVP_MD *d = ENGINE_get_digest(impl, type->type);
-			if (d == NULL) {
-				/* Same comment from evp_enc.c */
-				EVPerror(EVP_R_INITIALIZATION_ERROR);
-				ENGINE_finish(impl);
-				return 0;
-			}
-			/* We'll use the ENGINE's private digest definition */
-			type = d;
-			/* Store the ENGINE functional reference so we know
-			 * 'type' came from an ENGINE and we need to release
-			 * it when done. */
-			ctx->engine = impl;
-		} else
-			ctx->engine = NULL;
-	} else if (!ctx->digest) {
-		EVPerror(EVP_R_NO_DIGEST_SET);
-		return 0;
-	}
-#endif
 	if (ctx->digest != type) {
 		if (ctx->digest && ctx->digest->ctx_size && ctx->md_data &&
 		    !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
@@ -197,9 +150,6 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 			}
 		}
 	}
-#ifndef OPENSSL_NO_ENGINE
-skip_to_init:
-#endif
 	if (ctx->pctx) {
 		int r;
 		r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
@@ -266,13 +216,6 @@ EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
 		EVPerror(EVP_R_INPUT_NOT_INITIALIZED);
 		return 0;
 	}
-#ifndef OPENSSL_NO_ENGINE
-	/* Make sure it's safe to copy a digest context using an ENGINE */
-	if (in->engine && !ENGINE_init(in->engine)) {
-		EVPerror(ERR_R_ENGINE_LIB);
-		return 0;
-	}
-#endif
 
 	if (out->digest == in->digest) {
 		tmp_buf = out->md_data;
@@ -397,9 +340,6 @@ EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 	 */
 	if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
 		EVP_PKEY_CTX_free(ctx->pctx);
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_finish(ctx->engine);
-#endif
 	memset(ctx, 0, sizeof(*ctx));
 
 	return 1;

lib/libcrypto/evp/e_aes.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.54 2023/09/28 11:29:10 tb Exp $ */
+/* $OpenBSD: e_aes.c,v 1.55 2023/11/18 09:37:15 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -2460,7 +2460,11 @@ aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	}
 
 	if (iv != NULL) {
-		memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+		int iv_len = EVP_CIPHER_CTX_iv_length(ctx);
+
+		if (iv_len < 0 || iv_len > sizeof(ctx->iv))
+			return 0;
+		memcpy(ctx->iv, iv, iv_len);
 		wctx->iv = ctx->iv;
 	}
 

lib/libcrypto/evp/e_rc2.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: e_rc2.c,v 1.22 2023/07/07 19:37:53 beck Exp $ */
+/* $OpenBSD: e_rc2.c,v 1.24 2023/11/18 10:46:58 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -338,17 +338,17 @@ rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 	long num = 0;
 	int i = 0;
 	int key_bits;
-	unsigned int l;
+	int l;
 	unsigned char iv[EVP_MAX_IV_LENGTH];
 
 	if (type != NULL) {
 		l = EVP_CIPHER_CTX_iv_length(c);
-		if (l > sizeof(iv)) {
+		if (l < 0 || l > sizeof(iv)) {
 			EVPerror(EVP_R_IV_TOO_LARGE);
 			return -1;
 		}
 		i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
-		if (i != (int)l)
+		if (i != l)
 			return (-1);
 		key_bits = rc2_magic_to_meth((int)num);
 		if (!key_bits)
@@ -373,6 +373,8 @@ rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 	if (type != NULL) {
 		num = rc2_meth_to_magic(c);
 		j = EVP_CIPHER_CTX_iv_length(c);
+		if (j < 0 || j > sizeof(c->oiv))
+			return 0;
 		i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j);
 	}
 	return (i);
@@ -381,9 +383,15 @@ rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 static int
 rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 {
+	int iv_len;
+
 	switch (type) {
 	case EVP_CTRL_INIT:
-		data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
+		data(c)->key_bits = 0;
+		/* XXX - upper bound? */
+		if ((iv_len = EVP_CIPHER_CTX_key_length(c)) < 0)
+			return -1;
+		data(c)->key_bits = iv_len * 8;
 		return 1;
 
 	case EVP_CTRL_GET_RC2_KEY_BITS:

lib/libcrypto/evp/evp_enc.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_enc.c,v 1.53 2023/09/10 16:53:56 tb Exp $ */
+/* $OpenBSD: evp_enc.c,v 1.55 2023/11/19 15:46:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -68,10 +68,6 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
 #include "evp_local.h"
 
 int
@@ -94,15 +90,6 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
 			enc = 1;
 		ctx->encrypt = enc;
 	}
-#ifndef OPENSSL_NO_ENGINE
-	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
-	 * so this context may already have an ENGINE! Try to avoid releasing
-	 * the previous handle, re-querying for an ENGINE, and having a
-	 * reinitialisation, when it may all be unnecessary. */
-	if (ctx->engine && ctx->cipher &&
-	    (!cipher || (cipher && (cipher->nid == ctx->cipher->nid))))
-		goto skip_to_init;
-#endif
 	if (cipher) {
 		/* Ensure a context left lying around from last time is cleared
 		 * (the previous check attempted to avoid this if the same
@@ -114,32 +101,6 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
 			ctx->encrypt = enc;
 			ctx->flags = flags;
 		}
-#ifndef OPENSSL_NO_ENGINE
-		if (impl) {
-			if (!ENGINE_init(impl)) {
-				EVPerror(EVP_R_INITIALIZATION_ERROR);
-				return 0;
-			}
-		} else
-			/* Ask if an ENGINE is reserved for this job */
-			impl = ENGINE_get_cipher_engine(cipher->nid);
-		if (impl) {
-			/* There's an ENGINE for this job ... (apparently) */
-			const EVP_CIPHER *c =
-			    ENGINE_get_cipher(impl, cipher->nid);
-			if (!c) {
-				EVPerror(EVP_R_INITIALIZATION_ERROR);
-				return 0;
-			}
-			/* We'll use the ENGINE's private cipher definition */
-			cipher = c;
-			/* Store the ENGINE functional reference so we know
-			 * 'cipher' came from an ENGINE and we need to release
-			 * it when done. */
-			ctx->engine = impl;
-		} else
-			ctx->engine = NULL;
-#endif
 
 		ctx->cipher = cipher;
 		if (ctx->cipher->ctx_size) {
@@ -163,9 +124,6 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
 		EVPerror(EVP_R_NO_CIPHER_SET);
 		return 0;
 	}
-#ifndef OPENSSL_NO_ENGINE
-skip_to_init:
-#endif
 	/* we assume block size is a power of 2 in *cryptUpdate */
 	if (ctx->cipher->block_size != 1 &&
 	    ctx->cipher->block_size != 8 &&
@@ -181,6 +139,8 @@ skip_to_init:
 	}
 
 	if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
+		int iv_len;
+
 		switch (EVP_CIPHER_CTX_mode(ctx)) {
 
 		case EVP_CIPH_STREAM_CIPHER:
@@ -194,25 +154,26 @@ skip_to_init:
 			/* fall-through */
 
 		case EVP_CIPH_CBC_MODE:
-
+			iv_len = EVP_CIPHER_CTX_iv_length(ctx);
-			if ((size_t)EVP_CIPHER_CTX_iv_length(ctx) >
+			if (iv_len < 0 || iv_len > sizeof(ctx->oiv)) {
-			    sizeof(ctx->iv)) {
 				EVPerror(EVP_R_IV_TOO_LARGE);
 				return 0;
 			}
-			if (iv)
+			if (iv != NULL)
-				memcpy(ctx->oiv, iv,
+				memcpy(ctx->oiv, iv, iv_len);
-				    EVP_CIPHER_CTX_iv_length(ctx));
+			memcpy(ctx->iv, ctx->oiv, iv_len);
-			memcpy(ctx->iv, ctx->oiv,
-			    EVP_CIPHER_CTX_iv_length(ctx));
 			break;
 
 		case EVP_CIPH_CTR_MODE:
 			ctx->num = 0;
+			iv_len = EVP_CIPHER_CTX_iv_length(ctx);
+			if (iv_len < 0 || iv_len > sizeof(ctx->iv)) {
+				EVPerror(EVP_R_IV_TOO_LARGE);
+				return 0;
+			}
 			/* Don't reuse IV for CTR mode */
-			if (iv)
+			if (iv != NULL)
-				memcpy(ctx->iv, iv,
+				memcpy(ctx->iv, iv, iv_len);
-				    EVP_CIPHER_CTX_iv_length(ctx));
 			break;
 
 		default:
@@ -611,10 +572,6 @@ EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
 	/* XXX - store size of cipher_data so we can always freezero(). */
 	free(c->cipher_data);
 
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_finish(c->engine);
-#endif
-
 	explicit_bzero(c, sizeof(EVP_CIPHER_CTX));
 
 	return 1;
@@ -685,13 +642,6 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
 		EVPerror(EVP_R_INPUT_NOT_INITIALIZED);
 		return 0;
 	}
-#ifndef OPENSSL_NO_ENGINE
-	/* Make sure it's safe to copy a cipher context using an ENGINE */
-	if (in->engine && !ENGINE_init(in->engine)) {
-		EVPerror(ERR_R_ENGINE_LIB);
-		return 0;
-	}
-#endif
 
 	EVP_CIPHER_CTX_cleanup(out);
 	memcpy(out, in, sizeof *out);

lib/libcrypto/evp/evp_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_lib.c,v 1.28 2023/09/28 11:29:10 tb Exp $ */
+/* $OpenBSD: evp_lib.c,v 1.29 2023/11/18 09:37:15 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -98,16 +98,16 @@ int
 EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 {
 	int i = 0;
-	unsigned int l;
+	int l;
 
 	if (type != NULL) {
 		l = EVP_CIPHER_CTX_iv_length(c);
-		if (l > sizeof(c->iv)) {
+		if (l < 0 || l > sizeof(c->iv)) {
 			EVPerror(EVP_R_IV_TOO_LARGE);
 			return 0;
 		}
 		i = ASN1_TYPE_get_octetstring(type, c->oiv, l);
-		if (i != (int)l)
+		if (i != l)
 			return (-1);
 		else if (i > 0)
 			memcpy(c->iv, c->oiv, l);
@@ -119,11 +119,11 @@ int
 EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 {
 	int i = 0;
-	unsigned int j;
+	int j;
 
 	if (type != NULL) {
 		j = EVP_CIPHER_CTX_iv_length(c);
-		if (j > sizeof(c->iv)) {
+		if (j < 0 || j > sizeof(c->iv)) {
 			EVPerror(EVP_R_IV_TOO_LARGE);
 			return 0;
 		}

lib/libcrypto/evp/p_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p_lib.c,v 1.37 2023/09/10 17:32:17 tb Exp $ */
+/* $OpenBSD: p_lib.c,v 1.38 2023/11/19 15:46:10 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -77,10 +77,6 @@
 #include <openssl/rsa.h>
 #endif
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
 #include "asn1_local.h"
 #include "evp_local.h"
 
@@ -245,19 +241,11 @@ pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len)
 		 */
 		if ((type == pkey->save_type) && pkey->ameth)
 			return 1;
-#ifndef OPENSSL_NO_ENGINE
-		ENGINE_finish(pkey->engine);
-		pkey->engine = NULL;
-#endif
 	}
 	if (str)
 		ameth = EVP_PKEY_asn1_find_str(eptr, str, len);
 	else
 		ameth = EVP_PKEY_asn1_find(eptr, type);
-#ifndef OPENSSL_NO_ENGINE
-	if (pkey == NULL && eptr != NULL)
-		ENGINE_finish(e);
-#endif
 	if (!ameth) {
 		EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
 		return 0;
@@ -583,9 +571,6 @@ EVP_PKEY_type(int type)
 		ret = ameth->pkey_id;
 	else
 		ret = NID_undef;
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_finish(e);
-#endif
 	return ret;
 }
 
@@ -626,10 +611,6 @@ EVP_PKEY_free_it(EVP_PKEY *x)
 		x->ameth->pkey_free(x);
 		x->pkey.ptr = NULL;
 	}
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_finish(x->engine);
-	x->engine = NULL;
-#endif
 }
 
 static int

lib/libcrypto/evp/p_seal.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p_seal.c,v 1.16 2023/07/07 19:37:54 beck Exp $ */
+/* $OpenBSD: p_seal.c,v 1.17 2023/11/18 09:37:15 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -74,7 +74,7 @@ EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
     int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
 {
 	unsigned char key[EVP_MAX_KEY_LENGTH];
-	int i;
+	int i, iv_len;
 
 	if (type) {
 		EVP_CIPHER_CTX_init(ctx);
@@ -85,8 +85,11 @@ EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
 		return 1;
 	if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
 		return 0;
-	if (EVP_CIPHER_CTX_iv_length(ctx))
+	/* XXX - upper bound? */
-		arc4random_buf(iv, EVP_CIPHER_CTX_iv_length(ctx));
+	if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0)
+		return 0;
+	if (iv_len > 0)
+		arc4random_buf(iv, iv_len);
 
 	if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
 		return 0;

lib/libcrypto/evp/pmeth_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_lib.c,v 1.33 2023/07/07 19:37:54 beck Exp $ */
+/* $OpenBSD: pmeth_lib.c,v 1.34 2023/11/19 15:43:52 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -68,10 +68,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509v3.h>
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
 #include "asn1_local.h"
 #include "evp_local.h"
 
@@ -161,26 +157,8 @@ evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *engine, int id)
 			return NULL;
 		id = pkey->ameth->pkey_id;
 	}
-#ifndef OPENSSL_NO_ENGINE
-	if (pkey != NULL && pkey->engine != NULL)
-		engine = pkey->engine;
-	/* Try to find an ENGINE which implements this method. */
-	if (engine != NULL) {
-		if (!ENGINE_init(engine)) {
-			EVPerror(ERR_R_ENGINE_LIB);
-			return NULL;
-		}
-	} else
-		engine = ENGINE_get_pkey_meth_engine(id);
 
-	/* Look up method handler in ENGINE or use internal tables. */
+	if ((pmeth = EVP_PKEY_meth_find(id)) == NULL) {
-	if (engine != NULL)
-		pmeth = ENGINE_get_pkey_meth(engine, id);
-	else
-#endif
-		pmeth = EVP_PKEY_meth_find(id);
-
-	if (pmeth == NULL) {
 		EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
 		goto err;
 	}
@@ -205,9 +183,6 @@ evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *engine, int id)
 
  err:
 	EVP_PKEY_CTX_free(pkey_ctx);
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_finish(engine);
-#endif
 
 	return NULL;
 }
@@ -275,22 +250,12 @@ EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
 
 	if (pctx->pmeth == NULL || pctx->pmeth->copy == NULL)
 		goto err;
-#ifndef OPENSSL_NO_ENGINE
-	/* Make sure it's safe to copy a pkey context using an ENGINE */
-	if (pctx->engine != NULL && !ENGINE_init(pctx->engine)) {
-		EVPerror(ERR_R_ENGINE_LIB);
-		goto err;
-	}
-#endif
 	if ((rctx = calloc(1, sizeof(*rctx))) == NULL) {
 		EVPerror(ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
 
 	rctx->pmeth = pctx->pmeth;
-#ifndef OPENSSL_NO_ENGINE
-	rctx->engine = pctx->engine;
-#endif
 
 	if ((rctx->pkey = pctx->pkey) != NULL)
 		EVP_PKEY_up_ref(rctx->pkey);
@@ -333,9 +298,6 @@ EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
 		ctx->pmeth->cleanup(ctx);
 	EVP_PKEY_free(ctx->pkey);
 	EVP_PKEY_free(ctx->peerkey);
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_finish(ctx->engine);
-#endif
 	free(ctx);
 }
 

lib/libcrypto/man/ASN1_TIME_set.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: ASN1_TIME_set.3,v 1.20 2023/11/13 12:46:07 beck Exp $
+.\" $OpenBSD: ASN1_TIME_set.3,v 1.21 2023/11/16 14:20:49 tb Exp $
 .\" full merge up to: OpenSSL 3d0f1cb9 Jul 11 03:01:24 2017 +0800
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 13 2023 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt ASN1_TIME_SET 3
 .Os
 .Sh NAME
@@ -94,9 +94,9 @@
 .Nm ASN1_TIME_cmp_time_t ,
 .Nm ASN1_UTCTIME_cmp_time_t ,
 .Nm ASN1_TIME_compare ,
-.Nm ASN1_TIME_to_generalizedtime
+.Nm ASN1_TIME_to_generalizedtime ,
 .Nm OPENSSL_gmtime ,
-.Nm OPENSSL_timegm,
+.Nm OPENSSL_timegm
 .Nd ASN.1 Time functions
 .Sh SYNOPSIS
 .In openssl/asn1.h
@@ -516,6 +516,19 @@ and
 functions act only on that specific time format, while the
 .Vt ASN1_TIME
 functions operate on either format.
+.Pp
+.Fn OPENSSL_gmtime
+converts a time_t value in
+.Fa time
+to a struct tm in
+.Fa out_tm
+and also returns the struct passed in on success.
+.Pp
+.Fn OPENSSL_timegm
+converts a time structure in UTC time in
+.Fa tm
+to a time_t value in
+.Fa out_time .
 .Sh RETURN VALUES
 .Fn ASN1_TIME_set ,
 .Fn ASN1_UTCTIME_set ,
@@ -576,21 +589,11 @@ is later than
 or \-2 on error.
 .Pp
 .Fn OPENSSL_timegm
-converts a time structure in UTC time in
-.Fa tm
-to a time_t value in
-.Fa out_time
-.Fn OPENSSL_timegm
 returns 1 for success or 0 for failure.
 It can fail if the time is not representable in a time_t,
 or falls outside the range allowed in RFC 5280 times.
 .Pp
 .Fn OPENSSL_gmtime
-converts a time_t value in
-.Fa time
-to a struct tm in
-.Fa out_tm
-.Fn OPENSSL_gmtime
 returns
 .Fa out_tm
 on success or NULL for failure.

lib/libcrypto/man/BIO_ctrl.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: BIO_ctrl.3,v 1.24 2023/07/26 20:01:04 tb Exp $
+.\" $OpenBSD: BIO_ctrl.3,v 1.25 2023/11/16 20:19:23 schwarze Exp $
 .\" full merge up to: OpenSSL 24a535eaf Tue Sep 22 13:14:20 2020 +0100
 .\" selective merge up to: OpenSSL 0c5bc96f Tue Mar 15 13:57:22 2022 +0000
 .\"
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 26 2023 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt BIO_CTRL 3
 .Os
 .Sh NAME
@@ -307,11 +307,6 @@ and
 return a
 .Vt size_t
 type and are functions.
-.Fn BIO_pending
-and
-.Fn BIO_wpending
-are macros which call
-.Fn BIO_ctrl .
 .Pp
 .Fn BIO_set_info_callback
 installs the function pointer

lib/libcrypto/man/BIO_get_data.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: BIO_get_data.3,v 1.7 2022/12/19 14:40:14 schwarze Exp $
+.\" $OpenBSD: BIO_get_data.3,v 1.8 2023/11/16 20:27:43 schwarze Exp $
 .\" full merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 19 2022 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt BIO_GET_DATA 3
 .Os
 .Sh NAME
@@ -204,7 +204,7 @@ Application programs usually call macros like those documented in
 rather than calling
 .Fn BIO_test_flags
 directly.
-Flag bits correspond to accessor functions as follows:
+Flag bits correspond to accessor macros as follows:
 .Pp
 .Bl -tag -width BIO_FLAGS_SHOULD_RETRY -compact
 .It Dv BIO_FLAGS_READ
@@ -319,6 +319,15 @@ object, call
 and
 .Xr BIO_get_close 3
 instead.
+.Pp
+.Fn BIO_get_flags ,
+.Fn BIO_set_retry_read ,
+.Fn BIO_set_retry_write ,
+.Fn BIO_set_retry_special ,
+.Fn BIO_clear_retry_flags ,
+and
+.Fn BIO_get_retry_flags
+are implemented as macros.
 .Sh RETURN VALUES
 .Fn BIO_get_data
 returns a pointer to the implementation specific custom data associated

lib/libcrypto/man/BIO_get_ex_new_index.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: BIO_get_ex_new_index.3,v 1.14 2023/07/21 04:39:49 tb Exp $
+.\" $OpenBSD: BIO_get_ex_new_index.3,v 1.17 2023/11/19 10:26:36 tb Exp $
 .\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
 .\"
 .\" This file was written by Rich Salz <rsalz@akamai.com>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 21 2023 $
+.Dd $Mdocdate: November 19 2023 $
 .Dt BIO_GET_EX_NEW_INDEX 3
 .Os
 .Sh NAME
@@ -57,9 +57,6 @@
 .Nm BIO_get_ex_data ,
 .Nm BIO_set_app_data ,
 .Nm BIO_get_app_data ,
-.Nm ENGINE_get_ex_new_index ,
-.Nm ENGINE_set_ex_data ,
-.Nm ENGINE_get_ex_data ,
 .Nm UI_get_ex_new_index ,
 .Nm UI_set_ex_data ,
 .Nm UI_get_ex_data ,
@@ -72,7 +69,6 @@
 .Nd application-specific data
 .Sh SYNOPSIS
 .In openssl/bio.h
-.In openssl/engine.h
 .In openssl/ui.h
 .In openssl/x509.h
 .In openssl/ec.h
@@ -126,21 +122,21 @@ with the correct index value.
 .Fn TYPE_set_ex_data
 is a function that calls
 .Xr CRYPTO_set_ex_data 3
-with an offset into the opaque exdata part of the
+with an offset into the opaque ex_data part of the
 .Vt TYPE
 object.
 .Pp
 .Fn TYPE_get_ex_data
 is a function that calls
 .Xr CRYPTO_get_ex_data 3
-with an offset into the opaque exdata part of the
+with an offset into the opaque ex_data part of the
 .Vt TYPE
 object.
 .Pp
 .Fn TYPE_set_app_data
 and
 .Fn TYPE_get_app_data
-are deprecated wrappers that call
+are deprecated wrapper macros that call
 .Fn TYPE_set_ex_data
 and
 .Fn TYPE_get_ex_data
@@ -187,9 +183,6 @@ and
 first appeared in OpenSSL 0.9.5 and have been available since
 .Ox 2.7 .
 .Pp
-.Fn ENGINE_get_ex_new_index ,
-.Fn ENGINE_set_ex_data ,
-.Fn ENGINE_get_ex_data ,
 .Fn UI_get_ex_new_index ,
 .Fn UI_set_ex_data ,
 and

lib/libcrypto/man/BIO_s_fd.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: BIO_s_fd.3,v 1.12 2023/04/29 12:04:54 schwarze Exp $
+.\" $OpenBSD: BIO_s_fd.3,v 1.13 2023/11/16 20:19:23 schwarze Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 29 2023 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt BIO_S_FD 3
 .Os
 .Sh NAME
@@ -147,7 +147,6 @@ to
 .Fa fd
 and the close flag to
 .Fa close_flag .
-It is currently implemented as a macro.
 .Pp
 .Fn BIO_get_fd
 places the file descriptor in
@@ -155,7 +154,6 @@ places the file descriptor in
 if it is not
 .Dv NULL
 and also returns the file descriptor.
-It is currently implemented as a macro.
 .Pp
 .Fn BIO_new_fd
 returns a file descriptor BIO using

lib/libcrypto/man/BIO_s_file.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: BIO_s_file.3,v 1.16 2023/05/01 07:04:38 jsg Exp $
+.\" $OpenBSD: BIO_s_file.3,v 1.17 2023/11/16 20:19:23 schwarze Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\" selective merge up to: OpenSSL 1212818e Sep 11 13:22:14 2018 +0100
 .\"
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 1 2023 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt BIO_S_FILE 3
 .Os
 .Sh NAME
@@ -196,14 +196,12 @@ sets the file pointer of a file BIO to
 .Fa flags
 has the same meaning as in
 .Fn BIO_new_fp .
-.Fn BIO_set_fp
-is a macro.
 .Pp
 .Fn BIO_get_fp
-retrieves the file pointer of a file BIO, it is a macro.
+retrieves the file pointer of a file BIO.
 .Pp
 .Xr BIO_seek 3
-is a macro that sets the position pointer to
+sets the position pointer to
 .Fa offset
 bytes from the start of file.
 .Pp

lib/libcrypto/man/BIO_s_mem.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: BIO_s_mem.3,v 1.18 2023/04/29 12:04:54 schwarze Exp $
+.\" $OpenBSD: BIO_s_mem.3,v 1.19 2023/11/16 20:19:23 schwarze Exp $
 .\" full merge up to: OpenSSL 8711efb4 Mon Apr 20 11:33:12 2009 +0000
 .\" selective merge up to: OpenSSL 36359cec Mar 7 14:37:23 2018 +0100
 .\"
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 29 2023 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt BIO_S_MEM 3
 .Os
 .Sh NAME
@@ -158,7 +158,6 @@ sets
 .Pf * Fa pp
 to a pointer to the start of the memory BIO's data
 and returns the total amount of data available.
-It is implemented as a macro.
 .Pp
 .Fn BIO_set_mem_buf
 sets the internal BUF_MEM structure to
@@ -171,15 +170,12 @@ should be either
 .Dv BIO_CLOSE
 or
 .Dv BIO_NOCLOSE .
-.Fn BIO_set_mem_buf
-is a macro.
 .Pp
 .Fn BIO_get_mem_ptr
 places the underlying
 .Vt BUF_MEM
 structure in
 .Pf * Fa pp .
-It is a macro.
 .Pp
 .Fn BIO_new_mem_buf
 creates a memory BIO using

lib/libcrypto/man/CONF_modules_load_file.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: CONF_modules_load_file.3,v 1.11 2023/07/21 10:46:54 tb Exp $
+.\" $OpenBSD: CONF_modules_load_file.3,v 1.14 2023/11/19 20:58:07 tb Exp $
 .\" full merge up to: e9b77246 Jan 20 19:58:49 2017 +0100
 .\" selective merge up to: d090fc00 Feb 26 13:11:10 2019 +0800
 .\"
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 21 2023 $
+.Dd $Mdocdate: November 19 2023 $
 .Dt CONF_MODULES_LOAD_FILE 3
 .Os
 .Sh NAME
@@ -222,7 +222,6 @@ Load custom configuration file and section instead of the standard one,
 only print warnings on error, missing configuration file ignored:
 .Bd -literal
 OPENSSL_no_config();
-ENGINE_load_builtin_engines();
 OPENSSL_load_builtin_modules();
 if (CONF_modules_load_file("/something/app.cnf", "myapp",
     CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
@@ -234,12 +233,10 @@ if (CONF_modules_load_file("/something/app.cnf", "myapp",
 In the previous example, the call to
 .Xr OPENSSL_no_config 3
 is required first to suppress automatic loading
-of the standard configuration file, and the calls to
+of the standard configuration file, and the call to
-.Xr ENGINE_load_builtin_engines 3
-and
 .Xr OPENSSL_load_builtin_modules 3
-are needed so that the configuration of builtin modules and engines
+is needed so that the configuration of builtin modules
-is also loaded in addition to the configuration of
+is loaded in addition to the configuration of
 .Qq myapp .
 .Pp
 Load and parse configuration file manually, custom error handling:
@@ -270,7 +267,6 @@ if (fp == NULL) {
 .Ed
 .Sh SEE ALSO
 .Xr CONF_modules_free 3 ,
-.Xr ENGINE_load_builtin_engines 3 ,
 .Xr ERR 3 ,
 .Xr OPENSSL_config 3 ,
 .Xr OPENSSL_load_builtin_modules 3

lib/libcrypto/man/DES_set_key.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: DES_set_key.3,v 1.15 2022/03/31 17:27:16 naddy Exp $
+.\" $OpenBSD: DES_set_key.3,v 1.16 2023/11/16 20:27:43 schwarze Exp $
 .\" full merge up to:
 .\" OpenSSL man3/DES_random_key 521738e9 Oct 5 14:58:30 2018 -0400
 .\"
@@ -115,7 +115,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: March 31 2022 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt DES_SET_KEY 3
 .Os
 .Sh NAME
@@ -599,10 +599,11 @@ then update ivec and num.
 num contains "how far" we are though ivec.
 If this does not make much sense, read more about CFB mode of DES.
 .Pp
+The
 .Fn DES_ede3_cfb64_encrypt
-and
+function and the
 .Fn DES_ede2_cfb64_encrypt
-is the same as
+macro are the same as
 .Fn DES_cfb64_encrypt
 except that Triple-DES is used.
 .Pp
@@ -625,10 +626,11 @@ is the same as
 .Fn DES_cfb64_encrypt
 using Output Feed Back mode.
 .Pp
+The
 .Fn DES_ede3_ofb64_encrypt
-and
+function and the
 .Fn DES_ede2_ofb64_encrypt
-is the same as
+macro are the same as
 .Fn DES_ofb64_encrypt ,
 using Triple-DES.
 .Pp

lib/libcrypto/man/DH_set_method.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: DH_set_method.3,v 1.8 2022/01/15 23:38:50 jsg Exp $
+.\"	$OpenBSD: DH_set_method.3,v 1.9 2023/11/19 10:34:26 tb Exp $
 .\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 15 2022 $
+.Dd $Mdocdate: November 19 2023 $
 .Dt DH_SET_METHOD 3
 .Os
 .Sh NAME
@@ -98,16 +98,9 @@ selects
 as the default method for all
 .Vt DH
 structures created later.
-If any
-.Vt ENGINE
-was registered with
-.Xr ENGINE_register_DH 3
-that can be successfully initialized, it overrides the default.
 .Pp
 .Fn DH_get_default_method
-returns a pointer to the current default method,
+returns a pointer to the current default method.
-even if it is actually overridden by an
-.Vt ENGINE .
 .Pp
 .Fn DH_set_method
 selects
@@ -118,17 +111,12 @@ This replaces the
 .Vt DH_METHOD
 used by the
 .Fa dh
-key and if the previous method was supplied by an
+key.
-.Vt ENGINE ,
-.Xr ENGINE_finish 3
-is called on it.
 It is possible to have
 .Vt DH
 keys that only work with certain
 .Vt DH_METHOD
-implementations (e.g. from an
+implementations,
-.Vt ENGINE
-module that supports embedded hardware-protected keys),
 and in such cases attempting to change the
 .Vt DH_METHOD
 for the key can have unexpected results.
@@ -136,17 +124,10 @@ for the key can have unexpected results.
 .Fn DH_new_method
 allocates and initializes a
 .Vt DH
-structure so that
+structure.
+The
 .Fa engine
-is used for the DH operations.
+argument is ignored and
-If
-.Fa engine
-is
-.Dv NULL ,
-.Xr ENGINE_get_default_DH 3
-is used.
-If that returns
-.Dv NULL ,
 the default method controlled by
 .Fn DH_set_default_method
 is used.
@@ -202,10 +183,7 @@ and sets an error code that can be obtained by
 if the allocation fails.
 Otherwise it returns a pointer to the newly allocated structure.
 .Sh SEE ALSO
-.Xr DH_new 3 ,
+.Xr DH_new 3
-.Xr ENGINE_get_default_DH 3 ,
-.Xr ENGINE_register_DH 3 ,
-.Xr ENGINE_set_default_DH 3
 .Sh HISTORY
 .Fn DH_set_default_method ,
 .Fn DH_get_default_method ,

lib/libcrypto/man/DSA_set_method.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: DSA_set_method.3,v 1.10 2022/01/15 23:38:50 jsg Exp $
+.\"	$OpenBSD: DSA_set_method.3,v 1.11 2023/11/19 10:34:26 tb Exp $
 .\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 15 2022 $
+.Dd $Mdocdate: November 19 2023 $
 .Dt DSA_SET_METHOD 3
 .Os
 .Sh NAME
@@ -93,16 +93,9 @@ selects
 as the default method for all
 .Vt DSA
 structures created later.
-If any
-.Vt ENGINE
-was registered with
-.Xr ENGINE_register_DSA 3
-that can be successfully initialized, it overrides the default.
 .Pp
 .Fn DSA_get_default_method
-returns a pointer to the current default method,
+returns a pointer to the current default method.
-even if it is actually overridden by an
-.Vt ENGINE .
 .Pp
 .Fn DSA_set_method
 selects
@@ -111,15 +104,10 @@ to perform all operations using the key
 .Fa dsa .
 This replaces the
 .Vt DSA_METHOD
-used by the DSA key and if the previous method was supplied by an
+used by the DSA key.
-.Vt ENGINE ,
-.Xr ENGINE_finish 3
-is called on it.
 It is possible to have DSA keys that only work with certain
 .Vt DSA_METHOD
-implementations (e.g. from an
+implementations,
-.Vt ENGINE
-module that supports embedded hardware-protected keys),
 and in such cases attempting to change the
 .Vt DSA_METHOD
 for the key can have unexpected results.
@@ -127,17 +115,10 @@ for the key can have unexpected results.
 .Fn DSA_new_method
 allocates and initializes a
 .Vt DSA
-structure so that
+structure.
+The
 .Fa engine
-is used for the DSA operations.
+argument is ignored and
-If
-.Fa engine
-is
-.Dv NULL ,
-.Xr ENGINE_get_default_DSA 3
-is used.
-If that returns
-.Dv NULL ,
 the default method controlled by
 .Fn DSA_set_default_method
 is used.
@@ -206,10 +187,7 @@ if the allocation fails.
 Otherwise it returns a pointer to the newly allocated structure.
 .Sh SEE ALSO
 .Xr DSA_meth_new 3 ,
-.Xr DSA_new 3 ,
+.Xr DSA_new 3
-.Xr ENGINE_get_default_DSA 3 ,
-.Xr ENGINE_register_DSA 3 ,
-.Xr ENGINE_set_default_DSA 3
 .Sh HISTORY
 .Fn DSA_set_default_method ,
 .Fn DSA_get_default_method ,

lib/libcrypto/man/ENGINE_add.3

@@ -1,243 +0,0 @@
-.\" $OpenBSD: ENGINE_add.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $
-.\" content checked up to: OpenSSL 1f13ad31 Dec 25 17:50:39 2017 +0800
-.\"
-.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: April 18 2018 $
-.Dt ENGINE_ADD 3
-.Os
-.Sh NAME
-.Nm ENGINE_add ,
-.Nm ENGINE_set_id ,
-.Nm ENGINE_get_id ,
-.Nm ENGINE_set_name ,
-.Nm ENGINE_get_name ,
-.Nm ENGINE_remove ,
-.Nm ENGINE_cleanup ,
-.Nm ENGINE_get_first ,
-.Nm ENGINE_get_last ,
-.Nm ENGINE_get_next ,
-.Nm ENGINE_get_prev ,
-.Nm ENGINE_by_id
-.Nd maintain a global list of ENGINE objects
-.Sh SYNOPSIS
-.In openssl/engine.h
-.Ft int
-.Fo ENGINE_add
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_id
-.Fa "ENGINE *e"
-.Fa "const char *id"
-.Fc
-.Ft const char *
-.Fo ENGINE_get_id
-.Fa "const ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_name
-.Fa "ENGINE *e"
-.Fa "const char *name"
-.Fc
-.Ft const char *
-.Fo ENGINE_get_name
-.Fa "const ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_remove
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fn ENGINE_cleanup void
-.Ft ENGINE *
-.Fn ENGINE_get_first void
-.Ft ENGINE *
-.Fn ENGINE_get_last void
-.Ft ENGINE *
-.Fo ENGINE_get_next
-.Fa "ENGINE *e"
-.Fc
-.Ft ENGINE *
-.Fo ENGINE_get_prev
-.Fa "ENGINE *e"
-.Fc
-.Ft ENGINE *
-.Fo ENGINE_by_id
-.Fa "const char *id"
-.Fc
-.Sh DESCRIPTION
-The crypto library maintains a global list of
-.Vt ENGINE
-objects.
-.Pp
-.Fn ENGINE_add
-appends
-.Fa e
-to the end of the list
-and increments its structural reference count by 1.
-A unique identifier and a name of
-.Fa e
-have to be set with
-.Fn ENGINE_set_id
-and
-.Fn ENGINE_set_name
-before calling this function.
-.Fn ENGINE_add
-fails if the list already contains an
-.Vt ENGINE
-with the same identifier.
-.Pp
-.Fn ENGINE_remove
-removes
-.Fa e
-from the list.
-If successful, it calls
-.Xr ENGINE_free 3
-on
-.Fa e .
-.Pp
-.Fn ENGINE_cleanup
-calls
-.Xr ENGINE_finish 3
-on all
-.Vt ENGINE
-objects that were selected as default engines, for example using the
-functions documented in the
-.Xr ENGINE_set_default 3
-and
-.Xr ENGINE_get_default_RSA 3
-manual pages, and it calls
-.Fn ENGINE_remove
-on all
-.Vt ENGINE
-objects that were added to the global list with
-.Fn ENGINE_add .
-Calling this function is required at the end of each program using
-.Fn ENGINE_add ,
-even if no engines are explicitly registered or used.
-.Pp
-.Fn ENGINE_get_first
-and
-.Fn ENGINE_get_last
-provide access to the first and last
-.Vt ENGINE
-object on the list, respectively.
-Unless the list is empty, they increment the structural reference
-count of the retrieved object by 1.
-.Pp
-.Fn ENGINE_get_next
-and
-.Fn ENGINE_get_prev
-support iteration of the list.
-They always call
-.Xr ENGINE_free 3
-on
-.Fa e .
-Unless the end of the list is reached, they increment the structural
-reference count of the retrieved object by 1.
-.Pp
-.Fn ENGINE_by_id
-searches the list for an
-.Vt ENGINE
-object with a matching
-.Fa id .
-If found, it increments the structural reference count of the
-retrieved object by 1.
-If
-.Dv ENGINE_FLAGS_BY_ID_COPY
-was set on
-.Fa e
-with
-.Xr ENGINE_set_flags 3 ,
-it returns a shallow copy of the object rather than incrementing
-the reference count and returning a pointer to the original.
-.Sh RETURN VALUES
-.Fn ENGINE_add ,
-.Fn ENGINE_set_id ,
-.Fn ENGINE_set_name ,
-and
-.Fn ENGINE_remove
-return 1 on success or 0 on error.
-.Fn ENGINE_set_id
-and
-.Fn ENGINE_set_name
-can only fail if the supplied
-.Fa id
-or
-.Fa name
-is
-.Dv NULL .
-.Pp
-.Fn ENGINE_get_id
-and
-.Fn ENGINE_get_name
-return a pointer to an internal string
-representing the identifier and the name of
-.Fa e ,
-respectively.
-.Pp
-.Fn ENGINE_get_first
-and
-.Fn ENGINE_get_last
-return an
-.Vt ENGINE
-object or
-.Dv NULL
-if the list is empty.
-.Pp
-.Fn ENGINE_get_next
-and
-.Fn ENGINE_get_prev
-return an
-.Vt ENGINE
-object or
-.Dv NULL
-when the end of the list is reached.
-.Pp
-.Fn ENGINE_by_id
-returns an
-.Vt ENGINE
-object or
-.Dv NULL
-if no matching object is found.
-.Sh SEE ALSO
-.Xr ENGINE_get_default_RSA 3 ,
-.Xr ENGINE_init 3 ,
-.Xr ENGINE_new 3 ,
-.Xr ENGINE_register_all_RSA 3 ,
-.Xr ENGINE_register_RSA 3 ,
-.Xr ENGINE_set_default 3 ,
-.Xr ENGINE_set_flags 3 ,
-.Xr ENGINE_unregister_RSA 3
-.Sh HISTORY
-.Fn ENGINE_add ,
-.Fn ENGINE_set_id ,
-.Fn ENGINE_get_id ,
-.Fn ENGINE_set_name ,
-.Fn ENGINE_get_name ,
-.Fn ENGINE_remove ,
-.Fn ENGINE_get_first ,
-.Fn ENGINE_get_last ,
-.Fn ENGINE_get_next ,
-.Fn ENGINE_get_prev ,
-and
-.Fn ENGINE_by_id
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 2.9 .
-.Pp
-.Fn ENGINE_cleanup
-first appeared in OpenSSL 0.9.7 and has been available since
-.Ox 3.2 .

lib/libcrypto/man/ENGINE_ctrl.3

@@ -1,470 +0,0 @@
-.\" $OpenBSD: ENGINE_ctrl.3,v 1.5 2022/01/15 23:38:50 jsg Exp $
-.\" content checked up to:
-.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
-.\"
-.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: January 15 2022 $
-.Dt ENGINE_CTRL 3
-.Os
-.Sh NAME
-.Nm ENGINE_ctrl ,
-.Nm ENGINE_cmd_is_executable ,
-.Nm ENGINE_ctrl_cmd ,
-.Nm ENGINE_ctrl_cmd_string ,
-.Nm ENGINE_set_ctrl_function ,
-.Nm ENGINE_get_ctrl_function ,
-.Nm ENGINE_set_cmd_defns ,
-.Nm ENGINE_get_cmd_defns
-.Nd control commands for ENGINE objects
-.Sh SYNOPSIS
-.In openssl/engine.h
-.Ft int
-.Fo ENGINE_ctrl
-.Fa "ENGINE *e"
-.Fa "int cmd"
-.Fa "long i"
-.Fa "void *p"
-.Fa "void (*f)(void)"
-.Fc
-.Ft int
-.Fo ENGINE_cmd_is_executable
-.Fa "ENGINE *e"
-.Fa "int cmd"
-.Fc
-.Ft int
-.Fo ENGINE_ctrl_cmd
-.Fa "ENGINE *e"
-.Fa "const char *cmd_name"
-.Fa "long i"
-.Fa "void *p"
-.Fa "void (*f)(void)"
-.Fa "int cmd_optional"
-.Fc
-.Ft int
-.Fo ENGINE_ctrl_cmd_string
-.Fa "ENGINE *e"
-.Fa "const char *cmd_name"
-.Fa "const char *arg"
-.Fa "int cmd_optional"
-.Fc
-.Ft typedef int
-.Fo (*ENGINE_CTRL_FUNC_PTR)
-.Fa "ENGINE *e"
-.Fa "int cmd"
-.Fa "long i"
-.Fa "void *p"
-.Fa "void (*f)(void)"
-.Fc
-.Ft int
-.Fo ENGINE_set_ctrl_function
-.Fa "ENGINE *e"
-.Fa "ENGINE_CTRL_FUNC_PTR ctrl_f"
-.Fc
-.Ft ENGINE_CTRL_FUNC_PTR
-.Fo ENGINE_get_ctrl_function
-.Fa "const ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_cmd_defns
-.Fa "ENGINE *e"
-.Fa "const ENGINE_CMD_DEFN *defns"
-.Fc
-.Ft const ENGINE_CMD_DEFN *
-.Fo ENGINE_get_cmd_defns
-.Fa "const ENGINE *e"
-.Fc
-.Sh DESCRIPTION
-.Fn ENGINE_ctrl
-calls the built-in or user-defined
-.Fa cmd
-for the engine
-.Fa e ,
-passing the arguments
-.Fa i
-and
-.Fa p .
-.Pp
-User-defined commands can be used before
-.Xr ENGINE_init 3
-to provide data required for initialization
-or at any time to modify the behaviour of an engine.
-.Pp
-Most built-in commands operate on user-defined commands installed with
-.Fn ENGINE_set_cmd_defns ,
-either using the
-.Fa p
-argument to indicate the user-defined command with the command name
-.Fa cmd_name
-or using the
-.Fa i
-argument to indicate the user-defined command with the command number
-.Fa cmd_num .
-The
-.Fa cmd
-arguments to call the built-in commands are as follows:
-.Bl -tag -width Ds
-.It Dv ENGINE_CTRL_GET_CMD_FLAGS
-Return the
-.Fa cmd_flags
-of the user-defined command with the number
-.Fa i ,
-or a number less than or equal to 0 if an error occurs or
-the command number does not exist.
-A return value of 0 indicates failure if
-.Fa e
-is
-.Dv NULL
-or has a reference count of 0, or success if
-.Fa e
-is valid.
-.It Dv ENGINE_CTRL_GET_CMD_FROM_NAME
-Return the positive command number
-of the user-defined command with the name
-.Fa p ,
-or a number less than or equal to 0 if an error occurs or no
-matching name is found.
-.It Dv ENGINE_CTRL_GET_DESC_FROM_CMD
-Copy the description of the user-defined command with the number
-.Fa i
-into the buffer
-.Fa p
-and NUL-terminate it.
-It is the responsibility of the caller to make sure that the buffer
-.Fa p
-is large enough, either by calling
-.Dv ENGINE_CTRL_GET_DESC_LEN_FROM_CMD
-first or using knowledge about the array passed to
-.Fn ENGINE_set_cmd_defns .
-The return value is the number of bytes written
-.Em including
-the terminating NUL byte, or a number less than or equal to 0
-if an error occurs.
-.It Dv ENGINE_CTRL_GET_DESC_LEN_FROM_CMD
-Return the length in bytes
-.Em excluding
-the terminating NUL byte
-of the description of the user-defined command with the number
-.Fa i ,
-or a number less than or equal to 0 if an error occurs.
-A return value of 0 indicates failure if
-.Fa e
-is
-.Dv NULL
-or has a reference count of 0, or success if
-.Fa e
-is valid.
-.It Dv ENGINE_CTRL_GET_FIRST_CMD_TYPE
-Return the positive command number
-of the first user-defined command installed with
-.Fn ENGINE_set_cmd_defns
-or a number less than or equal to 0 if an error occurs or no
-user-defined command has been installed.
-.It Dv ENGINE_CTRL_GET_NAME_FROM_CMD
-Copy the name of the user-defined command with the number
-.Fa i
-into the buffer
-.Fa p
-and NUL-terminate it.
-It is the responsibility of the caller to make sure that the buffer
-.Fa p
-is large enough, either by calling
-.Dv ENGINE_CTRL_GET_NAME_LEN_FROM_CMD
-first or using knowledge about the array passed to
-.Fn ENGINE_set_cmd_defns .
-The return value is the number of bytes written
-.Em including
-the terminating NUL byte, or a number less than or equal to 0
-if an error occurs.
-.It Dv ENGINE_CTRL_GET_NAME_LEN_FROM_CMD
-Return the length in bytes
-.Em excluding
-the terminating NULL byte
-of the name of the user-defined command with the number
-.Fa i ,
-or a number less than or equal to 0 if an error occurs.
-A return value of 0 indicates failure if
-.Fa e
-is
-.Dv NULL
-or has a reference count of 0, or success if
-.Fa e
-is valid.
-.It Dv ENGINE_CTRL_GET_NEXT_CMD_TYPE
-Return the positive command number of the next user-defined command
-after the user-defined command with the number
-.Fa i ,
-or a number less than or equal to 0 if an error occurs or if
-.Fa i
-is the last user-defined command.
-Together with
-.Dv ENGINE_CTRL_GET_FIRST_CMD_TYPE ,
-this can be used to iterate the user-defined commands installed with
-.Fn ENGINE_set_cmd_defns .
-.It Dv ENGINE_CTRL_HAS_CTRL_FUNCTION
-Return 1 if
-.Fa e
-has its own
-.Fa ctrl_f
-installed with
-.Fn ENGINE_set_ctrl_function
-or 0 otherwise.
-.El
-.Pp
-.Fn ENGINE_ctrl_cmd
-translates the
-.Fa cmd_name
-of a user-defined command to a
-.Fa cmd
-number and calls
-.Fn ENGINE_ctrl
-on it.
-If
-.Fa cmd_optional
-is non-zero, lack of a
-.Fa ctrl_f
-in
-.Fa e
-and translation failure with
-.Dv ENGINE_CTRL_GET_CMD_FROM_NAME
-are considered success, and the command has no effect.
-Otherwise, these problems cause
-.Fn ENGINE_ctrl_cmd
-to fail.
-.Pp
-Neither
-.Fn ENGINE_ctrl
-nor
-.Fn ENGINE_ctrl_cmd
-ever call the
-.Fa f
-callback, but merely pass it on as an argument to the engine-specific
-.Fa ctrl_f
-control function.
-It is up to
-.Fa ctrl_f
-how to use it, or alternatively to ignore it as well.
-.Pp
-.Fn ENGINE_ctrl_cmd_string
-translates the
-.Fa cmd_name
-of a user-defined command to a
-.Fa cmd
-number.
-If that command has the
-.Dv ENGINE_CMD_FLAG_NO_INPUT
-flag set,
-.Fa arg
-must be
-.Dv NULL
-and
-.Fn ENGINE_ctrl
-is called with
-.Fa i
-set to 0 and
-.Fa p
-set to
-.Dv NULL .
-Otherwise,
-.Fa arg
-must not be
-.Dv NULL .
-If the command accepts string input,
-.Fa i
-is set to 0 and
-.Fa arg
-is passed as the
-.Fa p
-argument to
-.Fn ENGINE_ctrl .
-Otherwise,
-.Fa arg
-is converted with
-.Xr strtol 3
-and passed as the
-.Fa i
-argument to
-.Fn ENGINE_ctrl ,
-setting
-.Fa p
-to
-.Dv NULL .
-.Pp
-.Fn ENGINE_set_ctrl_function
-installs
-.Fa ctrl_f
-as the engine-specific control function for
-.Fa e .
-Future calls to
-.Fn ENGINE_ctrl
-will call that function, passing on their arguments unchanged, if the
-.Fa cmd
-is not built-in to the library or if the
-.Dv ENGINE_FLAGS_MANUAL_CMD_CTRL
-flag is set in
-.Fa e .
-Let the
-.Fa ctrl_f
-return positive values on success or negative values on failure.
-Avoid return values of 0 because they cause dangerous ambiguity.
-In particular,
-.Fn ENGINE_ctrl_cmd
-and
-.Fn ENGINE_ctrl_cmd_string
-cannot be used with user-defined commands
-that may return 0 on success.
-.Pp
-.Fn ENGINE_set_cmd_defns
-install an array of command definitions in
-.Fa e .
-.Pp
-The structure
-.Vt ENGINE_CMD_DEFN
-has the following fields:
-.Bl -tag -width Ds
-.It Fa "unsigned int cmd_num"
-A positive, unique, monotonically increasing command number.
-Avoid using numbers below
-.Dv ENGINE_CMD_BASE .
-.It Fa "const char *cmd_name"
-The unique name of the command.
-.It Fa "const char *cmd_desc"
-A short description of the command.
-.It Fa "unsigned int cmd_flags"
-The bitwise OR of zero or more of the following flags:
-.Bl -tag -width Ds
-.It Dv ENGINE_CMD_FLAG_NUMERIC
-The command uses
-.Fa i .
-.It Dv ENGINE_CMD_FLAG_STRING
-The command uses
-.Fa p .
-.It Dv ENGINE_CMD_FLAG_NO_INPUT
-The command neither uses
-.Fa i
-nor
-.Fa p .
-.It Dv ENGINE_CMD_FLAG_INTERNAL
-This flag has no effect and is only provided for compatibility.
-.El
-.El
-.Pp
-The last element of
-.Fa defns
-does not specify a command, but must have a
-.Fa cmd_num
-of 0 and a
-.Fa cmd_name
-of
-.Dv NULL
-to indicate the end of the array.
-.Sh RETURN VALUES
-For
-.Fn ENGINE_ctrl ,
-positive return values indicate success and negative return values
-indicate failure.
-The meaning of a zero return value depends on the particular
-.Fa cmd
-and may indicate both success and failure, which is pathetic.
-.Pp
-Regardless of the
-.Fa cmd ,
-.Fn ENGINE_ctrl
-returns 0 if
-.Fa e
-is
-.Dv NULL
-or has a reference count of 0.
-This is quite unfortunate for commands like
-.Dv ENGINE_CTRL_GET_CMD_FLAGS
-where 0 may indicate success, so make sure
-.Fa e
-is valid before issuing a control command.
-.Pp
-For built-in commands except
-.Dv ENGINE_CTRL_HAS_CTRL_FUNCTION ,
-.Fn ENGINE_ctrl
-returns \-1 if
-.Dv ENGINE_FLAGS_MANUAL_CMD_CTRL
-is set but no
-.Fa ctrl_f
-has been installed with
-.Fn ENGINE_set_ctrl_function .
-.Pp
-For commands that are not built in,
-.Fn ENGINE_ctrl
-returns 0 if no
-.Fa ctrl_f
-has been installed with
-.Fn ENGINE_set_ctrl_function .
-.Pp
-.Fn ENGINE_cmd_is_executable
-returns 1 if the user-defined
-.Fa cmd
-is executable and has at least one of the flags
-.Dv ENGINE_CMD_FLAG_NUMERIC ,
-.Dv ENGINE_CMD_FLAG_STRING ,
-and
-.Dv ENGINE_CMD_FLAG_NO_INPUT
-set, or 0 otherwise.
-.Pp
-.Fn ENGINE_ctrl_cmd
-and
-.Fn ENGINE_ctrl_cmd_string
-return 1 on success or 0 on error.
-.Pp
-.Fn ENGINE_set_ctrl_function
-and
-.Fn ENGINE_set_cmd_defns
-always return 1.
-.Pp
-.Fn ENGINE_get_ctrl_function
-returns a pointer to the function
-.Fa ctrl_f
-installed with
-.Fn ENGINE_set_ctrl_function ,
-or
-.Dv NULL
-if none has been installed.
-.Pp
-.Fn ENGINE_get_cmd_defns
-returns the array of command definitions installed in
-.Fa e
-or
-.Dv NULL
-if none is installed.
-.Sh SEE ALSO
-.Xr ENGINE_add 3 ,
-.Xr ENGINE_init 3 ,
-.Xr ENGINE_new 3 ,
-.Xr ENGINE_register_RSA 3 ,
-.Xr ENGINE_set_flags 3 ,
-.Xr ENGINE_set_RSA 3
-.Sh HISTORY
-.Fn ENGINE_ctrl ,
-.Fn ENGINE_set_ctrl_function ,
-and
-.Fn ENGINE_get_ctrl_function
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 2.9 .
-.Pp
-.Fn ENGINE_cmd_is_executable ,
-.Fn ENGINE_ctrl_cmd ,
-.Fn ENGINE_ctrl_cmd_string ,
-.Fn ENGINE_set_cmd_defns ,
-and
-.Fn ENGINE_get_cmd_defns
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 3.2 .

lib/libcrypto/man/ENGINE_get_default_RSA.3

@@ -1,151 +0,0 @@
-.\" $OpenBSD: ENGINE_get_default_RSA.3,v 1.4 2023/07/21 04:35:36 tb Exp $
-.\" content checked up to:
-.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
-.\"
-.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: July 21 2023 $
-.Dt ENGINE_GET_DEFAULT_RSA 3
-.Os
-.Sh NAME
-.Nm ENGINE_get_default_RSA ,
-.Nm ENGINE_get_default_DSA ,
-.Nm ENGINE_get_default_EC ,
-.Nm ENGINE_get_default_DH ,
-.Nm ENGINE_get_default_RAND ,
-.Nm ENGINE_get_cipher_engine ,
-.Nm ENGINE_get_digest_engine ,
-.Nm ENGINE_set_table_flags ,
-.Nm ENGINE_get_table_flags
-.Nd retrieve the default ENGINE for an algorithm
-.Sh SYNOPSIS
-.In openssl/engine.h
-.Ft ENGINE *
-.Fn ENGINE_get_default_RSA void
-.Ft ENGINE *
-.Fn ENGINE_get_default_DSA void
-.Ft ENGINE *
-.Fn ENGINE_get_default_EC void
-.Ft ENGINE *
-.Fn ENGINE_get_default_DH void
-.Ft ENGINE *
-.Fn ENGINE_get_default_RAND void
-.Ft ENGINE *
-.Fo ENGINE_get_cipher_engine
-.Fa "int nid"
-.Fc
-.Ft ENGINE *
-.Fo ENGINE_get_digest_engine
-.Fa "int nid"
-.Fc
-.Ft void
-.Fo ENGINE_set_table_flags
-.Fa "unsigned int flags"
-.Fc
-.Ft unsigned int
-.Fn ENGINE_get_table_flags void
-.Sh DESCRIPTION
-These functions retrieve the current default
-.Vt ENGINE
-implementing the respective algorithm.
-.Pp
-If a default engine was previously selected,
-.Xr ENGINE_init 3
-is called on it again and it is used.
-Otherwise, these functions inspect the engines registered
-with the functions documented in
-.Xr ENGINE_register_RSA 3
-in the order of the table for the respective algorithm.
-If an inspected engine is already successfully initialized,
-.Xr ENGINE_init 3
-is called on it again and it is used as the new default.
-Otherwise, unless the global flag
-.Dv ENGINE_TABLE_FLAG_NOINIT
-is set,
-.Xr ENGINE_init 3
-is tried on it.
-If it succeeds, that engine is used as the new default.
-If it fails or if
-.Dv ENGINE_TABLE_FLAG_NOINIT
-is set, inspection continues with the next engine.
-.Pp
-The global flag can be set by calling
-.Fn ENGINE_set_table_flags
-with an argument of
-.Dv ENGINE_TABLE_FLAG_NOINIT
-or cleared by calling it with an argument of 0.
-By default, the flag is not set.
-.Pp
-While all the other functions operate on exactly one algorithm,
-.Fn ENGINE_get_cipher_engine
-and
-.Fn ENGINE_get_digest_engine
-are special in so far as they can handle multiple algorithms,
-identified by the given
-.Fa nid .
-The default engine is remembered separately for each algorithm.
-.Pp
-Application programs rarely need to call these functions because
-they are called automatically when needed, in particular from
-.Xr RSA_new 3 ,
-.Xr DSA_new 3 ,
-.Xr EC_KEY_new 3 ,
-.Xr DH_new 3 ,
-.Xr EVP_CipherInit_ex 3 ,
-and
-.Xr EVP_DigestInit_ex 3 .
-.Sh RETURN VALUES
-These functions return a functional reference to an
-.Vt ENGINE
-object or
-.Dv NULL
-on failure, in particular when no engine implementing the algorithm
-is available, when
-.Xr ENGINE_init 3
-fails for all implementations,
-or when insufficient memory is available.
-Even when these functions fail, the application may still be able
-to use the algorithm in question because the built-in implementation
-is used in that case, if one is available.
-.Pp
-.Fn ENGINE_get_table_flags
-returns
-.Dv ENGINE_TABLE_FLAG_NOINIT
-if the global flag is set or 0 otherwise.
-.Sh SEE ALSO
-.Xr ENGINE_init 3 ,
-.Xr ENGINE_new 3 ,
-.Xr ENGINE_register_RSA 3 ,
-.Xr ENGINE_set_default 3
-.Sh HISTORY
-.Fn ENGINE_get_default_RSA ,
-.Fn ENGINE_get_default_DSA ,
-.Fn ENGINE_get_default_DH ,
-and
-.Fn ENGINE_get_default_RAND
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 2.9 .
-.Pp
-.Fn ENGINE_get_cipher_engine ,
-.Fn ENGINE_get_digest_engine ,
-.Fn ENGINE_set_table_flags ,
-and
-.Fn ENGINE_get_table_flags
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 3.2 .
-.Pp
-.Fn ENGINE_get_default_EC
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 6.5 .

lib/libcrypto/man/ENGINE_init.3

@@ -1,134 +0,0 @@
-.\" $OpenBSD: ENGINE_init.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $
-.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: April 18 2018 $
-.Dt ENGINE_INIT 3
-.Os
-.Sh NAME
-.Nm ENGINE_init ,
-.Nm ENGINE_finish ,
-.Nm ENGINE_set_init_function ,
-.Nm ENGINE_set_finish_function ,
-.Nm ENGINE_get_init_function ,
-.Nm ENGINE_get_finish_function
-.Nd initialize ENGINE objects
-.Sh SYNOPSIS
-.In openssl/engine.h
-.Ft int
-.Fo ENGINE_init
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_finish
-.Fa "ENGINE *e"
-.Fc
-.Ft typedef int
-.Fo (*ENGINE_GEN_INT_FUNC_PTR)
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_init_function
-.Fa "ENGINE *e"
-.Fa "ENGINE_GEN_INT_FUNC_PTR init_f"
-.Fc
-.Ft int
-.Fo ENGINE_set_finish_function
-.Fa "ENGINE *e"
-.Fa "ENGINE_GEN_INT_FUNC_PTR finish_f"
-.Fc
-.Ft ENGINE_GEN_INT_FUNC_PTR
-.Fo ENGINE_get_init_function
-.Fa "const ENGINE *e"
-.Fc
-.Ft ENGINE_GEN_INT_FUNC_PTR
-.Fo ENGINE_get_finish_function
-.Fa "const ENGINE *e"
-.Fc
-.Sh DESCRIPTION
-.Fn ENGINE_init
-initializes
-.Fa e
-by calling the
-.Fa init_f
-previously installed with
-.Fn ENGINE_set_init_function ,
-if any.
-In case of success, it also increments both the structural
-and the functional reference count by 1.
-If no
-.Fa init_f
-was installed,
-.Fn ENGINE_init
-always succeeds.
-Calling
-.Fn ENGINE_init
-again after it already succeeded always succeeds, but has no effect
-except that it increments both the structural and the functional
-reference count by 1.
-.Pp
-.Fn ENGINE_finish
-decrements the functional reference count by 1.
-When it reaches 0, it calls the
-.Fa finish_f
-previously installed with
-.Fn ENGINE_set_finish_function ,
-if any.
-If no
-.Fa finish_f
-was installed,
-.Fn ENGINE_finish
-always succeeds.
-Unless
-.Fa finish_f
-fails,
-.Fn ENGINE_finish
-also calls
-.Xr ENGINE_free 3 .
-.Pp
-.Fn ENGINE_init
-is internally called by the functions documented in the
-.Xr ENGINE_get_default_RSA 3
-manual page.
-.Sh RETURN VALUES
-.Fn ENGINE_init
-and
-.Fn ENGINE_finish
-return 1 on success or 0 on error.
-.Pp
-.Fn ENGINE_set_init_function
-and
-.Fn ENGINE_set_finish_function
-always return 1.
-.Pp
-.Fn ENGINE_get_init_function
-and
-.Fn ENGINE_get_finish_function
-return a function pointer to the respective callback, or
-.Dv NULL
-if none is installed.
-.Sh SEE ALSO
-.Xr ENGINE_add 3 ,
-.Xr ENGINE_ctrl 3 ,
-.Xr ENGINE_get_default_RSA 3 ,
-.Xr ENGINE_new 3 ,
-.Xr ENGINE_register_RSA 3 ,
-.Xr ENGINE_set_default 3 ,
-.Xr ENGINE_set_flags 3 ,
-.Xr ENGINE_set_RSA 3 ,
-.Xr ENGINE_unregister_RSA 3
-.Sh HISTORY
-These functions first appeared in OpenSSL 0.9.7
-and have been available since
-.Ox 2.9 .

lib/libcrypto/man/ENGINE_new.3

@@ -1,7 +1,6 @@
-.\" $OpenBSD: ENGINE_new.3,v 1.5 2021/03/12 05:18:00 jsg Exp $
+.\" $OpenBSD: ENGINE_new.3,v 1.10 2023/11/19 21:13:47 tb Exp $
-.\" content checked up to:
-.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
 .\"
+.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
 .\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -16,175 +15,160 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: March 12 2021 $
+.Dd $Mdocdate: November 19 2023 $
 .Dt ENGINE_NEW 3
 .Os
 .Sh NAME
 .Nm ENGINE_new ,
-.Nm ENGINE_up_ref ,
 .Nm ENGINE_free ,
-.Nm ENGINE_set_destroy_function ,
+.Nm ENGINE_init ,
-.Nm ENGINE_get_destroy_function
+.Nm ENGINE_finish ,
-.Nd create and destroy ENGINE objects
+.Nm ENGINE_ctrl_cmd ,
+.Nm ENGINE_ctrl_cmd_string ,
+.Nm ENGINE_by_id ,
+.Nm ENGINE_get_id ,
+.Nm ENGINE_get_name ,
+.Nm ENGINE_set_default ,
+.Nm ENGINE_get_default_RSA ,
+.Nm ENGINE_set_default_RSA ,
+.Nm ENGINE_load_private_key ,
+.Nm ENGINE_load_public_key ,
+.Nm ENGINE_load_builtin_engines ,
+.Nm ENGINE_load_dynamic ,
+.Nm ENGINE_load_openssl ,
+.Nm ENGINE_register_all_complete ,
+.Nm ENGINE_cleanup
+.Nd ENGINE stub functions
 .Sh SYNOPSIS
 .In openssl/engine.h
 .Ft ENGINE *
 .Fn ENGINE_new void
 .Ft int
-.Fo ENGINE_up_ref
-.Fa "ENGINE *e"
-.Fc
-.Ft int
 .Fo ENGINE_free
-.Fa "ENGINE *e"
+.Fa "ENGINE *engine"
-.Fc
-.Ft typedef int
-.Fo (*ENGINE_GEN_INT_FUNC_PTR)
-.Fa "ENGINE *e"
 .Fc
 .Ft int
-.Fo ENGINE_set_destroy_function
+.Fn ENGINE_init "ENGINE *engine"
-.Fa "ENGINE *e"
+.Ft int
-.Fa "ENGINE_GEN_INT_FUNC_PTR destroy_f"
+.Fn ENGINE_finish "ENGINE *engine"
+.Ft int
+.Fo ENGINE_ctrl_cmd
+.Fa "ENGINE *engine"
+.Fa "const char *cmd_name"
+.Fa "long i"
+.Fa "void *p"
+.Fa "void (*f)(void)"
+.Fa "int cmd_optional"
 .Fc
-.Ft ENGINE_GEN_INT_FUNC_PTR
+.Ft int
-.Fo ENGINE_get_destroy_function
+.Fo ENGINE_ctrl_cmd_string
-.Fa "const ENGINE *e"
+.Fa "ENGINE *engine"
+.Fa "const char *cmd_name"
+.Fa "const char *arg"
+.Fa "int cmd_optional"
 .Fc
+.Ft ENGINE *
+.Fn ENGINE_by_id "const char *id"
+.Ft const char *
+.Fn ENGINE_get_id "const ENGINE *engine"
+.Ft const char *
+.Fn ENGINE_get_name "const ENGINE *engine"
+.Ft int
+.Fn ENGINE_set_default "ENGINE *engine" "unsigned int flags"
+.Ft ENGINE *
+.Fn ENGINE_get_default_RSA "ENGINE *engine"
+.Ft int
+.Fn ENGINE_set_default_RSA "ENGINE *engine"
+.Ft EVP_PKEY *
+.Fo ENGINE_load_private_key
+.Fa "ENGINE *engine"
+.Fa "const char *key_id"
+.Fa "UI_METHOD *ui_method"
+.Fa "void *callback_data"
+.Fc
+.Ft EVP_PKEY *
+.Fo ENGINE_load_public_key
+.Fa "ENGINE *engine"
+.Fa "const char *key_id"
+.Fa "UI_METHOD *ui_method"
+.Fa "void *callback_data"
+.Fc
+.Ft void
+.Fn ENGINE_load_builtin_engines "void"
+.Ft void
+.Fn ENGINE_load_dynamic "void"
+.Ft void
+.Fn ENGINE_load_openssl "void"
+.Ft int
+.Fn ENGINE_register_all_complete "void"
+.Ft void
+.Fn ENGINE_cleanup "void"
 .Sh DESCRIPTION
 .Vt ENGINE
-objects can be used to provide alternative implementations of
+objects used to provide alternative implementations of
-cryptographic algorithms, to support additional algorithms, to
+cryptographic algorithms, for example using specialized hardware.
-support cryptographic hardware, and to switch among alternative
+LibreSSL no longer supports this feature.
-implementations of algorithms at run time.
-LibreSSL generally avoids engines and prefers providing
-cryptographic functionality in the crypto library itself.
 .Pp
-.Fn ENGINE_new
+All functions in this manual ignore all their arguments and
-allocates and initializes an empty
+do nothing except return failure if possible.
+They are provided only to avoid patching software that expects
 .Vt ENGINE
-object and sets its structural reference count to 1
+support to be available.
-and its functional reference count to 0.
-For more information about the functional reference count, see the
-.Xr ENGINE_init 3
-manual page.
-.Pp
-Many functions increment the structural reference count by 1
-when successful.
-Some of them, including
-.Xr ENGINE_get_first 3 ,
-.Xr ENGINE_get_last 3 ,
-.Xr ENGINE_get_next 3 ,
-.Xr ENGINE_get_prev 3 ,
-and
-.Xr ENGINE_by_id 3 ,
-do so because they return a structural reference to the user.
-Other functions, including
-.Xr ENGINE_add 3 ,
-.Xr ENGINE_init 3 ,
-.Xr ENGINE_get_cipher_engine 3 ,
-.Xr ENGINE_get_digest_engine 3 ,
-and the
-.Xr ENGINE_get_default_RSA 3
-and
-.Xr ENGINE_set_default 3
-families of functions
-do so when they store a structural reference internally.
-.Pp
-.Fn ENGINE_up_ref
-explicitly increment the structural reference count by 1.
-.Pp
-.Fn ENGINE_free
-decrements the structural reference count by 1,
-and if it reaches 0, the optional
-.Fa destroy_f
-previously installed with
-.Fn ENGINE_set_destroy_function
-is called, if one is installed, and both the memory used internally by
-.Fa e
-and
-.Fa e
-itself are freed.
-If
-.Fa e
-is a
-.Dv NULL
-pointer, no action occurs.
-.Pp
-Many functions internally call the equivalent of
-.Fn ENGINE_free .
-Some of them, including
-.Xr ENGINE_get_next 3
-and
-.Xr ENGINE_get_prev 3 ,
-thus invalidate the structural reference passed in by the user.
-Other functions, including
-.Xr ENGINE_finish 3 ,
-.Xr ENGINE_remove 3 ,
-and the
-.Xr ENGINE_set_default 3
-family of functions
-do so when an internally stored structural reference is no longer needed.
-.Pp
-.Fn ENGINE_set_destroy_function
-installs a callback function that will be called by
-.Fn ENGINE_free ,
-but only when
-.Fa e
-actually gets destroyed,
-not when only its reference count gets decremented.
-The value returned from the
-.Fa destroy_f
-will be ignored.
 .Sh RETURN VALUES
-.Fn ENGINE_new
+.Fn ENGINE_new ,
-returns a structural reference to the new
+.Fn ENGINE_by_id ,
-.Vt ENGINE
+.Fn ENGINE_get_default_RSA ,
-object or
+.Fn ENGINE_load_private_key ,
-.Dv NULL
-if an error occurs.
-.Pp
-.Fn ENGINE_up_ref
-returns 0 if
-.Fa e
-is
-.Dv NULL
-and 1 otherwise.
-.Pp
-.Fn ENGINE_free
 and
-.Fn ENGINE_set_destroy_function
+.Fn ENGINE_load_public_key
-always return 1.
+always return
+.Dv NULL .
 .Pp
-.Fn ENGINE_get_destroy_function
+.Fn ENGINE_free ,
-returns a function pointer to the callback, or
+.Fn ENGINE_init ,
-.Dv NULL
+.Fn ENGINE_finish ,
-if none is installed.
+.Fn ENGINE_ctrl_cmd ,
+.Fn ENGINE_ctrl_cmd_string ,
+.Fn ENGINE_set_default ,
+.Fn ENGINE_set_default_RSA ,
+and
+.Fn ENGINE_register_all_complete
+always return 0.
+.Pp
+.Fn ENGINE_get_id
+and
+.Fn ENGINE_get_name
+always return the constant empty string.
 .Sh SEE ALSO
-.Xr crypto 3 ,
+.Xr crypto 3
-.Xr ENGINE_add 3 ,
-.Xr ENGINE_ctrl 3 ,
-.Xr ENGINE_get_default_RSA 3 ,
-.Xr ENGINE_init 3 ,
-.Xr ENGINE_register_all_RSA 3 ,
-.Xr ENGINE_register_RSA 3 ,
-.Xr ENGINE_set_default 3 ,
-.Xr ENGINE_set_flags 3 ,
-.Xr ENGINE_set_RSA 3 ,
-.Xr ENGINE_unregister_RSA 3
 .Sh HISTORY
-.Fn ENGINE_new
+.Fn ENGINE_new ,
+.Fn ENGINE_free ,
+.Fn ENGINE_init ,
+.Fn ENGINE_finish ,
+.Fn ENGINE_by_id ,
+.Fn ENGINE_get_id ,
+.Fn ENGINE_get_name ,
+.Fn ENGINE_set_default ,
+.Fn ENGINE_get_default_RSA ,
+.Fn ENGINE_set_default_RSA ,
+.Fn ENGINE_load_private_key ,
 and
-.Fn ENGINE_free
+.Fn ENGINE_load_public_key
-first appeared in OpenSSL 0.9.7 and have been available since
+first appeared in OpenSSL 0.9.7
+and have been available since
 .Ox 2.9 .
 .Pp
-.Fn ENGINE_set_destroy_function
+.Fn ENGINE_ctrl_cmd ,
+.Fn ENGINE_ctrl_cmd_string ,
+.Fn ENGINE_load_builtin_engines ,
+.Fn ENGINE_load_openssl ,
+.Fn ENGINE_register_all_complete ,
 and
-.Fn ENGINE_get_destroy_function
+.Fn ENGINE_cleanup
-first appeared in OpenSSL 0.9.7 and have been available since
+first appeared in OpenSSL 0.9.7
-.Ox 3.2 .
+and have been available since
-.Pp
-.Fn ENGINE_up_ref
-first appeared in OpenSSL 0.9.7 and has been available since
 .Ox 3.4 .
+.Pp
+All these functions were turned into stubs in
+.Ox 7.4 .

lib/libcrypto/man/ENGINE_register_RSA.3

@@ -1,142 +0,0 @@
-.\" $OpenBSD: ENGINE_register_RSA.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $
-.\" content checked up to:
-.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
-.\"
-.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: April 18 2018 $
-.Dt ENGINE_REGISTER_RSA 3
-.Os
-.Sh NAME
-.Nm ENGINE_register_RSA ,
-.Nm ENGINE_register_DSA ,
-.Nm ENGINE_register_ECDH ,
-.Nm ENGINE_register_ECDSA ,
-.Nm ENGINE_register_DH ,
-.Nm ENGINE_register_RAND ,
-.Nm ENGINE_register_STORE ,
-.Nm ENGINE_register_ciphers ,
-.Nm ENGINE_register_digests ,
-.Nm ENGINE_register_complete
-.Nd register an ENGINE as implementing an algorithm
-.Sh SYNOPSIS
-.In openssl/engine.h
-.Ft int
-.Fo ENGINE_register_RSA
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_register_DSA
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_register_ECDH
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_register_ECDSA
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_register_DH
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_register_RAND
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_register_STORE
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_register_ciphers
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_register_digests
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_register_complete
-.Fa "ENGINE *e"
-.Fc
-.Sh DESCRIPTION
-In addition to the global table described in
-.Xr ENGINE_add 3 ,
-the crypto library maintains several tables containing references to
-.Vt ENGINE
-objects implementing one specific cryptographic algorithm.
-.Pp
-The functions listed in the present manual page append
-.Fa e
-to the end of the table for the respective algorithm.
-.Pp
-If
-.Fa e
-does not contain a method for the requested algorithm,
-these functions succeed without having any effect.
-.Pp
-If
-.Fa e
-is already registered for the given algorithm,
-they move it to the end of the respective table.
-.Pp
-.Fn ENGINE_register_ciphers
-and
-.Fn ENGINE_register_digests
-are special in so far as an engine may implement
-more than one cipher or more than one digest.
-In that case,
-.Fa e
-is registered for all the ciphers or digests it implements.
-.Pp
-.Fn ENGINE_register_complete
-registers
-.Fa e
-for all algorithms it implements by calling all the other functions.
-.Sh RETURN VALUES
-These functions return 1 on success or 0 on error.
-They only fail if insufficient memory is available.
-.Sh SEE ALSO
-.Xr ENGINE_add 3 ,
-.Xr ENGINE_get_default_RSA 3 ,
-.Xr ENGINE_init 3 ,
-.Xr ENGINE_new 3 ,
-.Xr ENGINE_register_all_RSA 3 ,
-.Xr ENGINE_set_default 3 ,
-.Xr ENGINE_set_RSA 3 ,
-.Xr ENGINE_unregister_RSA 3
-.Sh HISTORY
-.Fn ENGINE_register_RSA ,
-.Fn ENGINE_register_DSA ,
-.Fn ENGINE_register_DH ,
-.Fn ENGINE_register_RAND ,
-.Fn ENGINE_register_ciphers ,
-.Fn ENGINE_register_digests ,
-and
-.Fn ENGINE_register_complete
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 3.2 .
-.Pp
-.Fn ENGINE_register_ECDH ,
-.Fn ENGINE_register_ECDSA ,
-and
-.Fn ENGINE_register_STORE
-first appeared in OpenSSL 0.9.8 and have been available since
-.Ox 4.5 .
-.Sh BUGS
-.Fn ENGINE_register_complete
-ignores all errors, even memory allocation failure, and always returns 1.

lib/libcrypto/man/ENGINE_register_all_RSA.3

@@ -1,123 +0,0 @@
-.\" $OpenBSD: ENGINE_register_all_RSA.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $
-.\" content checked up to:
-.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
-.\"
-.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: April 18 2018 $
-.Dt ENGINE_REGISTER_ALL_RSA 3
-.Os
-.Sh NAME
-.Nm ENGINE_register_all_RSA ,
-.Nm ENGINE_register_all_DSA ,
-.Nm ENGINE_register_all_ECDH ,
-.Nm ENGINE_register_all_ECDSA ,
-.Nm ENGINE_register_all_DH ,
-.Nm ENGINE_register_all_RAND ,
-.Nm ENGINE_register_all_STORE ,
-.Nm ENGINE_register_all_ciphers ,
-.Nm ENGINE_register_all_digests ,
-.Nm ENGINE_register_all_complete ,
-.Nm ENGINE_load_builtin_engines ,
-.Nm ENGINE_load_dynamic
-.Nd register all engines as implementing an algorithm
-.Sh SYNOPSIS
-.In openssl/engine.h
-.Ft void
-.Fn ENGINE_register_all_RSA void
-.Ft void
-.Fn ENGINE_register_all_DSA void
-.Ft void
-.Fn ENGINE_register_all_ECDH void
-.Ft void
-.Fn ENGINE_register_all_ECDSA void
-.Ft void
-.Fn ENGINE_register_all_DH void
-.Ft void
-.Fn ENGINE_register_all_RAND void
-.Ft void
-.Fn ENGINE_register_all_STORE void
-.Ft void
-.Fn ENGINE_register_all_ciphers void
-.Ft void
-.Fn ENGINE_register_all_digests void
-.Ft int
-.Fn ENGINE_register_all_complete void
-.Ft void
-.Fn ENGINE_load_builtin_engines void
-.Ft void
-.Fn ENGINE_load_dynamic void
-.Sh DESCRIPTION
-These functions loop over all the
-.Vt ENGINE
-objects contained in the global table described in the
-.Xr ENGINE_add 3
-manual page.
-They register each object for the respective algorithm
-by calling the corresponding function described in
-.Xr ENGINE_register_RSA 3 .
-.Pp
-.Fn ENGINE_register_all_complete
-calls
-.Fn ENGINE_register_complete
-in this way, except that it skips those
-.Vt ENGINE
-objects that have the
-.Dv ENGINE_FLAGS_NO_REGISTER_ALL
-flag set with
-.Xr ENGINE_set_flags 3 .
-.Pp
-.Fn ENGINE_load_builtin_engines
-calls
-.Xr OPENSSL_init_crypto 3
-with no options, loads any built-in engines
-that are enabled by default, and calls
-.Fn ENGINE_register_all_complete .
-Currently, LibreSSL does not provide any engines.
-.Sy GOST
-and
-.Sy aesni
-support is provided by the crypto library itself
-and does not require any engines, not even built-in ones.
-.Pp
-.Fn ENGINE_load_dynamic
-has no effect and is only provided for compatibility.
-.Sh SEE ALSO
-.Xr ENGINE_add 3 ,
-.Xr ENGINE_new 3 ,
-.Xr ENGINE_register_RSA 3 ,
-.Xr ENGINE_set_flags 3 ,
-.Xr OPENSSL_config 3 ,
-.Xr OPENSSL_init_crypto 3
-.Sh HISTORY
-.Fn ENGINE_register_all_RSA ,
-.Fn ENGINE_register_all_DSA ,
-.Fn ENGINE_register_all_DH ,
-.Fn ENGINE_register_all_RAND ,
-.Fn ENGINE_register_all_ciphers ,
-.Fn ENGINE_register_all_digests ,
-.Fn ENGINE_register_all_complete ,
-.Fn ENGINE_load_builtin_engines ,
-and
-.Fn ENGINE_load_dynamic
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 3.2 .
-.Pp
-.Fn ENGINE_register_all_ECDH ,
-.Fn ENGINE_register_all_ECDSA ,
-and
-.Fn ENGINE_register_all_STORE
-first appeared in OpenSSL 0.9.8 and have been available since
-.Ox 4.5 .

lib/libcrypto/man/ENGINE_set_RSA.3

@@ -1,317 +0,0 @@
-.\" $OpenBSD: ENGINE_set_RSA.3,v 1.7 2023/07/21 04:29:27 tb Exp $
-.\" content checked up to:
-.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
-.\"
-.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: July 21 2023 $
-.Dt ENGINE_SET_RSA 3
-.Os
-.Sh NAME
-.Nm ENGINE_set_RSA ,
-.Nm ENGINE_get_RSA ,
-.Nm ENGINE_set_DSA ,
-.Nm ENGINE_get_DSA ,
-.Nm ENGINE_set_EC ,
-.Nm ENGINE_get_EC ,
-.Nm ENGINE_set_DH ,
-.Nm ENGINE_get_DH ,
-.Nm ENGINE_set_RAND ,
-.Nm ENGINE_get_RAND ,
-.Nm ENGINE_set_STORE ,
-.Nm ENGINE_get_STORE ,
-.Nm ENGINE_set_ciphers ,
-.Nm ENGINE_get_ciphers ,
-.Nm ENGINE_get_cipher ,
-.Nm ENGINE_set_digests ,
-.Nm ENGINE_get_digests ,
-.Nm ENGINE_get_digest
-.Nd install and retrieve function tables of crypto engines
-.Sh SYNOPSIS
-.In openssl/engine.h
-.Ft int
-.Fo ENGINE_set_RSA
-.Fa "ENGINE *e"
-.Fa "const RSA_METHOD *rsa_meth"
-.Fc
-.Ft const RSA_METHOD *
-.Fo ENGINE_get_RSA
-.Fa "const ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_DSA
-.Fa "ENGINE *e"
-.Fa "const DSA_METHOD *dsa_meth"
-.Fc
-.Ft const DSA_METHOD *
-.Fo ENGINE_get_DSA
-.Fa "const ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_EC
-.Fa "ENGINE *e"
-.Fa "const EC_KEY_METHOD *ec_meth"
-.Fc
-.Ft const EC_KEY_METHOD *
-.Fo ENGINE_get_EC
-.Fa "const ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_DH
-.Fa "ENGINE *e"
-.Fa "const DH_METHOD *dh_meth"
-.Fc
-.Ft const DH_METHOD *
-.Fo ENGINE_get_DH
-.Fa "const ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_RAND
-.Fa "ENGINE *e"
-.Fa "const RAND_METHOD *rand_meth"
-.Fc
-.Ft const RAND_METHOD *
-.Fo ENGINE_get_RAND
-.Fa "const ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_STORE
-.Fa "ENGINE *e"
-.Fa "const STORE_METHOD *rand_meth"
-.Fc
-.Ft const STORE_METHOD *
-.Fo ENGINE_get_STORE
-.Fa "const ENGINE *e"
-.Fc
-.Ft typedef int
-.Fo (*ENGINE_CIPHERS_PTR)
-.Fa "ENGINE *e"
-.Fa "const EVP_CIPHER **impl"
-.Fa "const int **nids"
-.Fa "int nid"
-.Fc
-.Ft int
-.Fo ENGINE_set_ciphers
-.Fa "ENGINE *e"
-.Fa "ENGINE_CIPHERS_PTR f"
-.Fc
-.Ft ENGINE_CIPHERS_PTR
-.Fo ENGINE_get_ciphers
-.Fa "const ENGINE *e"
-.Fc
-.Ft const EVP_CIPHER *
-.Fo ENGINE_get_cipher
-.Fa "ENGINE *e"
-.Fa "int nid"
-.Fc
-.Ft typedef int
-.Fo (*ENGINE_DIGESTS_PTR)
-.Fa "ENGINE *e"
-.Fa "const EVP_MD **impl"
-.Fa "const int **nids"
-.Fa "int nid"
-.Fc
-.Ft int
-.Fo ENGINE_set_digests
-.Fa "ENGINE *e"
-.Fa "ENGINE_DIGESTS_PTR f"
-.Fc
-.Ft ENGINE_DIGESTS_PTR
-.Fo ENGINE_get_digests
-.Fa "const ENGINE *e"
-.Fc
-.Ft const EVP_MD *
-.Fo ENGINE_get_digest
-.Fa "ENGINE *e"
-.Fa "int nid"
-.Fc
-.Sh DESCRIPTION
-The
-.Fn ENGINE_set_*
-functions install a table of function pointers
-implementing the respective algorithm in
-.Fa e .
-Partial information about the various method objects is available from
-.Xr RSA_meth_new 3 ,
-.Xr RSA_get_default_method 3 ,
-.Xr DSA_meth_new 3 ,
-.Xr DSA_get_default_method 3 ,
-.Xr EC_KEY_get_default_method 3 ,
-.Xr DH_get_default_method 3 ,
-.Xr RAND_get_rand_method 3 ,
-.Xr EVP_get_cipherbynid 3 ,
-and
-.Xr EVP_get_digestbynid 3 .
-.Vt STORE_METHOD
-is an incomplete type, and the pointers to it are not used for anything.
-For complete descriptions of these types,
-refer to the respective header files.
-.Pp
-The functions described in the
-.Xr ENGINE_register_RSA 3
-and
-.Xr ENGINE_set_default 3
-manual pages only have an effect after function pointers
-were installed using the functions described here.
-.Pp
-.Fn ENGINE_set_ciphers
-and
-.Fn ENGINE_set_digests
-are special in so far as the
-.Vt ENGINE
-structure does not provide fields to store function pointers
-implementing ciphers or digests.
-Instead, these two functions only install a callback to
-retrieve implementations.
-Where the pointers to the implementations are stored internally,
-how they get initialized, and how the
-.Vt ENGINE_CIPHERS_PTR
-and
-.Vt ENGINE_DIGESTS_PTR
-callbacks retrieve them
-is up to the implementation of each individual engine.
-.Pp
-If the
-.Vt ENGINE_CIPHERS_PTR
-and
-.Vt ENGINE_DIGESTS_PTR
-callbacks are called with a non-zero
-.Fa nid ,
-they retrieve the implementation of that cipher or digest,
-respectively.
-In this case, a
-.Dv NULL
-pointer can be passed as the
-.Fa nids
-argument.
-.Fn ENGINE_get_cipher
-and
-.Fn ENGINE_get_digest
-call the callbacks installed in
-.Fa e
-in this way.
-.Pp
-If 0 is passed as the
-.Fa nid
-argument, an internal pointer
-to the array of implementations available in
-.Fa e
-is returned in
-.Pf * Fa impl ,
-and an internal pointer
-to the array of corresponding identifiers in
-.Pf * Fa nids .
-The return value of the callback indicates
-the number of implementations returned.
-.Pp
-The
-.Fn ENGINE_get_*
-functions retrieve the previously installed function tables.
-They are used when constructing basic cryptographic objects
-as shown in the following table:
-.Bl -column "ENGINE_get_digestMM"
-.It Accessor: Ta Called by:
-.It Fn ENGINE_get_RSA Ta Xr RSA_new_method 3 , Xr RSA_new 3
-.It Fn ENGINE_get_DSA Ta Xr DSA_new_method 3 , Xr DSA_new 3
-.It Fn ENGINE_get_EC Ta Xr EC_KEY_new_method 3 , Xr EC_KEY_new 3 ,
-.Xr EC_KEY_new_by_curve_name 3
-.It Fn ENGINE_get_DH Ta Xr DH_new_method 3 , Xr DH_new 3
-.It Fn ENGINE_get_RAND Ta unused
-.It Fn ENGINE_get_STORE Ta unused
-.It Fn ENGINE_get_cipher Ta Xr EVP_CipherInit_ex 3
-.It Fn ENGINE_get_digest Ta Xr EVP_DigestInit_ex 3
-.El
-.Sh RETURN VALUES
-The
-.Fn ENGINE_set_*
-functions return 1 on success or 0 on error.
-Currently, they cannot fail.
-.Pp
-The
-.Fn ENGINE_get_*
-functions return a method object for the respective algorithm, or
-.Dv NULL
-if none is installed.
-.Pp
-.Fn ENGINE_get_ciphers
-and
-.Fn ENGINE_get_digests
-return a function pointer to the respective callback, or
-.Dv NULL
-if none is installed.
-.Pp
-.Fn ENGINE_get_cipher
-returns an
-.Vt EVP_CIPHER
-object implementing the cipher
-.Fa nid
-or
-.Dv NULL
-if
-.Fa e
-does not implement that cipher.
-.Pp
-.Fn ENGINE_get_digest
-returns an
-.Vt EVP_MD
-object implementing the digest
-.Fa nid
-or
-.Dv NULL
-if
-.Fa e
-does not implement that digest.
-.Sh SEE ALSO
-.Xr DSA_new 3 ,
-.Xr ENGINE_ctrl 3 ,
-.Xr ENGINE_new 3 ,
-.Xr ENGINE_register_RSA 3 ,
-.Xr ENGINE_set_default 3 ,
-.Xr ENGINE_set_flags 3 ,
-.Xr EVP_DigestInit 3 ,
-.Xr EVP_EncryptInit 3 ,
-.Xr RSA_new 3
-.Sh HISTORY
-.Fn ENGINE_set_RSA ,
-.Fn ENGINE_get_RSA ,
-.Fn ENGINE_set_DSA ,
-.Fn ENGINE_get_DSA ,
-.Fn ENGINE_set_DH ,
-.Fn ENGINE_get_DH ,
-.Fn ENGINE_set_RAND ,
-.Fn ENGINE_get_RAND ,
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 2.9 .
-.Pp
-.Fn ENGINE_set_ciphers ,
-.Fn ENGINE_get_ciphers ,
-.Fn ENGINE_get_cipher ,
-.Fn ENGINE_set_digests ,
-.Fn ENGINE_get_digests ,
-and
-.Fn ENGINE_get_digest
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 3.2 .
-.Pp
-.Fn ENGINE_set_STORE
-and
-.Fn ENGINE_get_STORE
-first appeared in OpenSSL 0.9.8 and have been available since
-.Ox 4.5 .
-.Fn ENGINE_set_EC
-and
-.Fn ENGINE_get_EC
-first appeared in OpenSSL 1.1.0 and have been available since
-.Ox 6.5 .

lib/libcrypto/man/ENGINE_set_default.3

@@ -1,186 +0,0 @@
-.\" $OpenBSD: ENGINE_set_default.3,v 1.4 2019/06/03 14:43:15 schwarze Exp $
-.\" content checked up to:
-.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
-.\"
-.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: June 3 2019 $
-.Dt ENGINE 3
-.Os
-.Sh NAME
-.Nm ENGINE_set_default ,
-.Nm ENGINE_set_default_string ,
-.Nm ENGINE_set_default_RSA ,
-.Nm ENGINE_set_default_DSA ,
-.Nm ENGINE_set_default_ECDH ,
-.Nm ENGINE_set_default_ECDSA ,
-.Nm ENGINE_set_default_DH ,
-.Nm ENGINE_set_default_RAND ,
-.Nm ENGINE_set_default_ciphers ,
-.Nm ENGINE_set_default_digests
-.Nd register an ENGINE as the default for an algorithm
-.Sh SYNOPSIS
-.In openssl/engine.h
-.Ft int
-.Fo ENGINE_set_default_RSA
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_default_DSA
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_default_ECDH
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_default_ECDSA
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_default_DH
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_default_RAND
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_default_ciphers
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_default_digests
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_default
-.Fa "ENGINE *e"
-.Fa "unsigned int flags"
-.Fc
-.Ft int
-.Fo ENGINE_set_default_string
-.Fa "ENGINE *e"
-.Fa "const char *list"
-.Fc
-.Sh DESCRIPTION
-These functions register
-.Fa e
-as implementing the respective algorithm
-like the functions described in the
-.Xr ENGINE_register_RSA 3
-manual page do it.
-In addition, they call
-.Xr ENGINE_init 3
-on
-.Fa e
-and select
-.Fa e
-as the default implementation of the respective algorithm to be
-returned by the functions described in
-.Xr ENGINE_get_default_RSA 3
-in the future.
-If another engine was previously selected
-as the default implementation of the respective algorithm,
-.Xr ENGINE_finish 3
-is called on that previous engine.
-.Pp
-If
-.Fa e
-implements more than one cipher or digest,
-.Fn ENGINE_set_default_ciphers
-and
-.Fn ENGINE_set_default_digests
-register and select it for all these ciphers and digests, respectively.
-.Pp
-.Fn ENGINE_set_default
-registers
-.Fa e
-as the default implementation of all algorithms specified by the
-.Fa flags
-by calling the appropriate ones among the other functions.
-Algorithms can be selected by combining any number of the
-following constants with bitwise OR:
-.Dv ENGINE_METHOD_ALL ,
-.Dv ENGINE_METHOD_RSA ,
-.Dv ENGINE_METHOD_DSA ,
-.Dv ENGINE_METHOD_ECDH ,
-.Dv ENGINE_METHOD_ECDSA ,
-.Dv ENGINE_METHOD_DH ,
-.Dv ENGINE_METHOD_RAND ,
-.Dv ENGINE_METHOD_CIPHERS ,
-.Dv ENGINE_METHOD_DIGESTS ,
-.Dv ENGINE_METHOD_PKEY_METHS ,
-and
-.Dv ENGINE_METHOD_PKEY_ASN1_METHS .
-.Pp
-.Fn ENGINE_set_default_string
-is similar except that it selects the algorithms according to the string
-.Fa def_list ,
-which contains an arbitrary number of comma-separated keywords from
-the following list: ALL, RSA, DSA, ECDH, ECDSA, DH, RAND, CIPHERS,
-DIGESTS, PKEY_CRYPTO, PKEY_ASN1, and PKEY.
-PKEY_CRYPTO corresponds to
-.Dv ENGINE_METHOD_PKEY_METHS ,
-PKEY_ASN1 to
-.Dv ENGINE_METHOD_PKEY_ASN1_METHS ,
-and PKEY selects both.
-.Sh RETURN VALUES
-These functions return 1 on success or 0 on error.
-They fail if
-.Xr ENGINE_init 3
-fails or if insufficient memory is available.
-.Sh SEE ALSO
-.Xr ENGINE_get_default_RSA 3 ,
-.Xr ENGINE_init 3 ,
-.Xr ENGINE_new 3 ,
-.Xr ENGINE_register_RSA 3 ,
-.Xr ENGINE_set_RSA 3 ,
-.Xr ENGINE_unregister_RSA 3
-.Sh HISTORY
-.Fn ENGINE_set_default ,
-.Fn ENGINE_set_default_RSA ,
-.Fn ENGINE_set_default_DSA ,
-.Fn ENGINE_set_default_DH ,
-and
-.Fn ENGINE_set_default_RAND
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 2.9 .
-.Pp
-.Fn ENGINE_set_default_string ,
-.Fn ENGINE_set_default_ciphers ,
-and
-.Fn ENGINE_set_default_digests
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 3.2 .
-.Pp
-.Fn ENGINE_set_default_ECDH
-and
-.Fn ENGINE_set_default_ECDSA
-first appeared in OpenSSL 0.9.8 and have been available since
-.Ox 4.5 .
-.Sh CAVEATS
-Failure of
-.Xr ENGINE_finish 3
-is ignored.
-.Sh BUGS
-Even when
-.Fn ENGINE_set_default
-or
-.Fn ENGINE_set_default_string
-fail, they typically still register
-.Fa e
-for some algorithms, but usually not for all it could be registered
-for by calling the individual functions.

lib/libcrypto/man/ENGINE_set_flags.3

@@ -1,92 +0,0 @@
-.\" $OpenBSD: ENGINE_set_flags.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $
-.\" content checked up to:
-.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
-.\"
-.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: April 18 2018 $
-.Dt ENGINE_SET_FLAGS 3
-.Os
-.Sh NAME
-.Nm ENGINE_set_flags ,
-.Nm ENGINE_get_flags
-.Nd modify the behaviour of an ENGINE object
-.Sh SYNOPSIS
-.In openssl/engine.h
-.Ft int
-.Fo ENGINE_set_flags
-.Fa "ENGINE *e"
-.Fa "int flags"
-.Fc
-.Ft int
-.Fo ENGINE_get_flags
-.Fa "const ENGINE *e"
-.Fc
-.Sh DESCRIPTION
-.Fn ENGINE_set_flags
-sets the flags attribute of
-.Fa e
-to the new
-.Fa flags .
-The previous state of the flags attribute is overwritten.
-Flags that were previously set are cleared
-unless they are also present in the new
-.Fa flags .
-.Pp
-The
-.Fa flags
-argument can be the bitwise OR of zero or more
-of the following constants:
-.Bl -tag -width Ds
-.It Dv ENGINE_FLAGS_BY_ID_COPY
-.Xr ENGINE_by_id 3
-returns a shallow copy of the
-.Vt ENGINE
-object it found rather than incrementing the reference count
-and returning a pointer to the original.
-.It Dv ENGINE_FLAGS_MANUAL_CMD_CTRL
-.Xr ENGINE_ctrl 3
-lets the function installed with
-.Xr ENGINE_set_ctrl_function 3
-handle all commands except
-.Dv ENGINE_CTRL_HAS_CTRL_FUNCTION ,
-even the builtin commands.
-.It Dv ENGINE_FLAGS_NO_REGISTER_ALL
-.Xr ENGINE_register_all_complete 3
-skips
-.Fa e .
-.El
-.Sh RETURN VALUES
-.Fn ENGINE_set_flags
-always returns 1.
-.Pp
-.Fn ENGINE_get_flags
-returns the
-.Fa flags
-attribute of
-.Fa e .
-.Sh SEE ALSO
-.Xr ENGINE_by_id 3 ,
-.Xr ENGINE_ctrl 3 ,
-.Xr ENGINE_init 3 ,
-.Xr ENGINE_new 3 ,
-.Xr ENGINE_register_all_complete 3 ,
-.Xr ENGINE_set_RSA 3
-.Sh HISTORY
-.Fn ENGINE_set_flags
-and
-.Fn ENGINE_get_flags
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 3.2 .

lib/libcrypto/man/ENGINE_unregister_RSA.3

@@ -1,119 +0,0 @@
-.\" $OpenBSD: ENGINE_unregister_RSA.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $
-.\" content checked up to:
-.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
-.\"
-.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: April 18 2018 $
-.Dt ENGINE_UNREGISTER_RSA 3
-.Os
-.Sh NAME
-.Nm ENGINE_unregister_RSA ,
-.Nm ENGINE_unregister_DSA ,
-.Nm ENGINE_unregister_ECDH ,
-.Nm ENGINE_unregister_ECDSA ,
-.Nm ENGINE_unregister_DH ,
-.Nm ENGINE_unregister_RAND ,
-.Nm ENGINE_unregister_STORE ,
-.Nm ENGINE_unregister_ciphers ,
-.Nm ENGINE_unregister_digests
-.Nd revoke the registration of an ENGINE object
-.Sh SYNOPSIS
-.In openssl/engine.h
-.Ft void
-.Fo ENGINE_unregister_RSA
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fo ENGINE_unregister_DSA
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fo ENGINE_unregister_ECDH
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fo ENGINE_unregister_ECDSA
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fo ENGINE_unregister_DH
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fo ENGINE_unregister_RAND
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fo ENGINE_unregister_STORE
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fo ENGINE_unregister_ciphers
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fo ENGINE_unregister_digests
-.Fa "ENGINE *e"
-.Fc
-.Sh DESCRIPTION
-These functions remove
-.Fa e
-from the list of
-.Vt ENGINE
-objects that were previously registered for the respective algorithm
-with the functions described in
-.Xr ENGINE_register_RSA 3 .
-.Pp
-If
-.Fa e
-is currently used as the default engine for the algorithm
-as described in the
-.Fn ENGINE_set_default 3
-and
-.Fn ENGINE_get_default_RSA 3
-manual pages,
-.Xr ENGINE_finish 3
-is also called.
-.Pp
-.Fn ENGINE_unregister_ciphers
-and
-.Fn ENGINE_unregister_digests
-unregister
-.Fa e
-for all ciphers or digests, respectively.
-.Sh SEE ALSO
-.Xr ENGINE_cleanup 3 ,
-.Xr ENGINE_finish 3 ,
-.Xr ENGINE_new 3 ,
-.Xr ENGINE_register_RSA 3 ,
-.Xr ENGINE_set_default 3
-.Sh HISTORY
-.Fn ENGINE_unregister_RSA ,
-.Fn ENGINE_unregister_DSA ,
-.Fn ENGINE_unregister_DH ,
-.Fn ENGINE_unregister_RAND ,
-.Fn ENGINE_unregister_ciphers ,
-and
-.Fn ENGINE_unregister_digests
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 3.2 .
-.Pp
-.Fn ENGINE_unregister_ECDH ,
-.Fn ENGINE_unregister_ECDSA ,
-and
-.Fn ENGINE_unregister_STORE
-first appeared in OpenSSL 0.9.8 and have been available since
-.Ox 4.5 .

lib/libcrypto/man/EVP_OpenInit.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: EVP_OpenInit.3,v 1.8 2019/06/07 20:46:25 schwarze Exp $
+.\"	$OpenBSD: EVP_OpenInit.3,v 1.9 2023/11/16 20:27:43 schwarze Exp $
 .\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 7 2019 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt EVP_OPENINIT 3
 .Os
 .Sh NAME
@@ -131,6 +131,9 @@ parameter is a variable length cipher then the key length will be set to
 the value of the recovered key length.
 If the cipher is a fixed length cipher then the recovered key length
 must match the fixed cipher length.
+.Pp
+.Fn EVP_OpenUpdate
+is implemented as a macro.
 .Sh RETURN VALUES
 .Fn EVP_OpenInit
 returns 0 on error or a non-zero integer (actually the recovered secret

lib/libcrypto/man/EVP_PKEY_encrypt.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: EVP_PKEY_encrypt.3,v 1.8 2023/05/14 09:29:37 tb Exp $
+.\"	$OpenBSD: EVP_PKEY_encrypt.3,v 1.9 2023/11/19 10:09:27 tb Exp $
 .\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 14 2023 $
+.Dd $Mdocdate: November 19 2023 $
 .Dt EVP_PKEY_ENCRYPT 3
 .Os
 .Sh NAME
@@ -138,17 +138,15 @@ to start with the default OpenSSL RSA implementation:
 .Bd -literal -offset indent
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
-#include <openssl/engine.h>
 
 EVP_PKEY_CTX *ctx;
-ENGINE *eng;
 unsigned char *out, *in;
 size_t outlen, inlen;
 EVP_PKEY *key;
-/* NB: assumes eng, key in, inlen are already set up
+/* NB: assumes that key, in, inlen are already set up
  * and that key is an RSA public key
  */
-ctx = EVP_PKEY_CTX_new(key, eng);
+ctx = EVP_PKEY_CTX_new(key, NULL);
 if (!ctx)
 	/* Error occurred */
 if (EVP_PKEY_encrypt_init(ctx) <= 0)

lib/libcrypto/man/EVP_SealInit.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: EVP_SealInit.3,v 1.8 2019/06/07 20:46:25 schwarze Exp $
+.\"	$OpenBSD: EVP_SealInit.3,v 1.9 2023/11/16 20:27:43 schwarze Exp $
 .\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 7 2019 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt EVP_SEALINIT 3
 .Os
 .Sh NAME
@@ -162,6 +162,9 @@ set to 0 and (after setting any cipher parameters) it should be called
 again with
 .Fa type
 set to NULL.
+.Pp
+.Fn EVP_SealUpdate
+is implemented as a macro.
 .Sh RETURN VALUES
 .Fn EVP_SealInit
 returns 0 on error or

lib/libcrypto/man/EVP_SignInit.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_SignInit.3,v 1.16 2022/07/13 19:10:40 schwarze Exp $
+.\" $OpenBSD: EVP_SignInit.3,v 1.17 2023/11/16 20:27:43 schwarze Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 13 2022 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt EVP_SIGNINIT 3
 .Os
 .Sh NAME
@@ -157,6 +157,12 @@ Since only a copy of the digest context is ever finalized, the context
 must be cleaned up after use by calling
 .Xr EVP_MD_CTX_free 3
 or a memory leak will occur.
+.Pp
+.Fn EVP_SignInit_ex ,
+.Fn EVP_SignUpdate ,
+and
+.Fn EVP_SignInit
+are implemented as macros.
 .Sh RETURN VALUES
 .Fn EVP_SignInit_ex ,
 .Fn EVP_SignUpdate ,

lib/libcrypto/man/EVP_VerifyInit.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_VerifyInit.3,v 1.10 2019/06/10 14:58:48 schwarze Exp $
+.\" $OpenBSD: EVP_VerifyInit.3,v 1.11 2023/11/16 20:27:43 schwarze Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 10 2019 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt EVP_VERIFYINIT 3
 .Os
 .Sh NAME
@@ -147,6 +147,12 @@ Since only a copy of the digest context is ever finalized, the context
 must be cleaned up after use by calling
 .Xr EVP_MD_CTX_free 3 ,
 or a memory leak will occur.
+.Pp
+.Fn EVP_VerifyInit_ex ,
+.Fn EVP_VerifyUpdate ,
+and
+.Fn EVP_VerifyInit
+are implemented as macros.
 .Sh RETURN VALUES
 .Fn EVP_VerifyInit_ex
 and

lib/libcrypto/man/EVP_aes_128_cbc.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_aes_128_cbc.3,v 1.4 2020/06/24 18:15:00 jmc Exp $
+.\" $OpenBSD: EVP_aes_128_cbc.3,v 1.5 2023/11/16 20:27:43 schwarze Exp $
 .\" selective merge up to: OpenSSL 7c6d372a Nov 20 13:20:01 2018 +0000
 .\"
 .\" This file was written by Ronald Tse <ronald.tse@ribose.com>
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 24 2020 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt EVP_AES_128_CBC 3
 .Os
 .Sh NAME
@@ -205,7 +205,8 @@ are aliases for
 .Fn EVP_aes_128_cfb128 ,
 .Fn EVP_aes_192_cfb128 ,
 and
-.Fn EVP_aes_256_cfb128 .
+.Fn EVP_aes_256_cfb128 ,
+implemented as macros.
 .Pp
 .Fn EVP_aes_128_cbc_hmac_sha1
 and

lib/libcrypto/man/EVP_sm4_cbc.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_sm4_cbc.3,v 1.1 2019/03/18 05:56:24 schwarze Exp $
+.\" $OpenBSD: EVP_sm4_cbc.3,v 1.2 2023/11/16 20:27:43 schwarze Exp $
 .\" full merge up to: OpenSSL 87103969 Oct 1 14:11:57 2018 -0700
 .\"
 .\" Copyright (c) 2017 Ribose Inc
@@ -18,7 +18,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: March 18 2019 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt EVP_SM4_CBC 3
 .Os
 .Sh NAME
@@ -53,7 +53,8 @@ bits.
 .Pp
 .Fn EVP_sm4_cfb
 is an alias for
-.Fn EVP_sm4_cfb128 .
+.Fn EVP_sm4_cfb128 ,
+implemented as a macro.
 .Pp
 With an argument of
 .Qq sm4

lib/libcrypto/man/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.276 2023/09/29 08:57:49 tb Exp $
+# $OpenBSD: Makefile,v 1.277 2023/11/19 10:36:14 tb Exp $
 
 .include <bsd.own.mk>
 
@@ -140,17 +140,7 @@ MAN=	\
 	EC_KEY_new.3 \
 	EC_POINT_add.3 \
 	EC_POINT_new.3 \
-	ENGINE_add.3 \
-	ENGINE_ctrl.3 \
-	ENGINE_get_default_RSA.3 \
-	ENGINE_init.3 \
 	ENGINE_new.3 \
-	ENGINE_register_RSA.3 \
-	ENGINE_register_all_RSA.3 \
-	ENGINE_set_RSA.3 \
-	ENGINE_set_default.3 \
-	ENGINE_set_flags.3 \
-	ENGINE_unregister_RSA.3 \
 	ERR.3 \
 	ERR_GET_LIB.3 \
 	ERR_asprintf_error_data.3 \

lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: OPENSSL_VERSION_NUMBER.3,v 1.12 2019/06/06 01:06:58 schwarze Exp $
+.\" $OpenBSD: OPENSSL_VERSION_NUMBER.3,v 1.13 2023/11/16 20:17:04 schwarze Exp $
 .\" full merge up to: OpenSSL 1f13ad31 Dec 25 17:50:39 2017 +0800
 .\"
 .\" This file is a derived work.
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt OPENSSL_VERSION_NUMBER 3
 .Os
 .Sh NAME
@@ -217,7 +217,7 @@ is an alias for
 and
 .Fn SSLeay
 for
-.Dv OpenSSL_version_num .
+.Fn OpenSSL_version_num .
 The legacy function
 .Fn SSLeay_version
 is similar to

lib/libcrypto/man/OPENSSL_config.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: OPENSSL_config.3,v 1.15 2019/06/14 13:41:31 schwarze Exp $
+.\" $OpenBSD: OPENSSL_config.3,v 1.16 2023/11/19 21:01:27 tb Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 14 2019 $
+.Dd $Mdocdate: November 19 2023 $
 .Dt OPENSSL_CONFIG 3
 .Os
 .Sh NAME
@@ -117,10 +117,9 @@ To use a non-standard configuration file, refer to
 Internally,
 .Fn OPENSSL_config
 calls
-.Xr OPENSSL_init_crypto 3 ,
+.Xr OPENSSL_init_crypto 3
-.Xr OPENSSL_load_builtin_modules 3 ,
 and
-.Xr ENGINE_load_builtin_engines 3 .
+.Xr OPENSSL_load_builtin_modules 3 .
 .Pp
 If an application is compiled with the preprocessor symbol
 .Dv OPENSSL_LOAD_CONF

lib/libcrypto/man/OPENSSL_load_builtin_modules.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: OPENSSL_load_builtin_modules.3,v 1.6 2019/06/14 13:41:31 schwarze Exp $
+.\"	$OpenBSD: OPENSSL_load_builtin_modules.3,v 1.7 2023/11/19 20:59:00 tb Exp $
 .\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,13 +48,12 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 14 2019 $
+.Dd $Mdocdate: November 19 2023 $
 .Dt OPENSSL_LOAD_BUILTIN_MODULES 3
 .Os
 .Sh NAME
 .Nm OPENSSL_load_builtin_modules ,
 .Nm ASN1_add_oid_module ,
-.Nm ENGINE_add_conf_module
 .Nd add standard configuration modules
 .Sh SYNOPSIS
 .In openssl/conf.h
@@ -62,8 +61,6 @@
 .Fn OPENSSL_load_builtin_modules void
 .Ft void
 .Fn ASN1_add_oid_module void
-.Ft void
-.Fn ENGINE_add_conf_module void
 .Sh DESCRIPTION
 The function
 .Fn OPENSSL_load_builtin_modules
@@ -74,9 +71,6 @@ They can then be used by the OpenSSL configuration code.
 .Fn ASN1_add_oid_module
 adds just the ASN.1 OBJECT module.
 .Pp
-.Fn ENGINE_add_conf_module
-adds just the ENGINE configuration module.
-.Pp
 If the simple configuration function
 .Xr OPENSSL_config 3
 is called then

lib/libcrypto/man/OPENSSL_malloc.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: OPENSSL_malloc.3,v 1.10 2022/11/06 18:31:15 tb Exp $
+.\"	$OpenBSD: OPENSSL_malloc.3,v 1.11 2023/11/16 20:27:43 schwarze Exp $
 .\"
 .\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: November 6 2022 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt OPENSSL_MALLOC 3
 .Os
 .Sh NAME
@@ -83,6 +83,10 @@ standard
 and
 .Xr strdup 3
 functions.
+.Pp
+The four
+.Fn OPENSSL_*
+functions are implemented as macros.
 .Sh RETURN VALUES
 These functions return the same type and value as the corresponding
 standard functions.

lib/libcrypto/man/OpenSSL_add_all_algorithms.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.14 2023/09/10 14:39:58 schwarze Exp $
+.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.15 2023/11/16 20:27:43 schwarze Exp $
 .\" full merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 10 2023 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt OPENSSL_ADD_ALL_ALGORITHMS 3
 .Os
 .Sh NAME
@@ -117,6 +117,11 @@ including any that are unrelated to the EVP library.
 .Fn SSLeay_add_all_algorithms
 is a deprecated alias for
 .Fn OpenSSL_add_all_algorithms .
+.Pp
+.Fn OpenSSL_add_all_algorithms
+and
+.Fn SSLeay_add_all_algorithms
+are implemented as macros.
 .Sh SEE ALSO
 .Xr evp 3 ,
 .Xr EVP_add_cipher 3 ,

lib/libcrypto/man/RSA_check_key.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: RSA_check_key.3,v 1.9 2023/05/01 07:28:11 tb Exp $
+.\"	$OpenBSD: RSA_check_key.3,v 1.10 2023/11/19 21:06:15 tb Exp $
 .\"	OpenSSL 6859cf74 Sep 25 13:33:28 2002 +0000
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org> and
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 1 2023 $
+.Dd $Mdocdate: November 19 2023 $
 .Dt RSA_CHECK_KEY 3
 .Os
 .Sh NAME
@@ -92,27 +92,6 @@ key structure must contain all the private key data too.
 Therefore, it cannot be used with any arbitrary
 .Vt RSA
 key object, even if it is otherwise fit for regular RSA operation.
-.Pp
-Unlike most other RSA functions, this function does
-.Sy not
-work transparently with any underlying
-.Vt ENGINE
-implementation because it uses the key data in the
-.Vt RSA
-structure directly.
-An
-.Vt ENGINE
-implementation can override the way key data is stored and handled,
-and can even provide support for HSM keys - in which case the
-.Vt RSA
-structure may contain
-.Sy no
-key data at all!
-If the
-.Vt ENGINE
-in question is only being used for acceleration or analysis purposes,
-then in all likelihood the RSA key data is complete and untouched,
-but this can't be assumed in the general case.
 .Sh RETURN VALUES
 .Fn RSA_check_key
 returns 1 if

lib/libcrypto/man/RSA_get_ex_new_index.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: RSA_get_ex_new_index.3,v 1.12 2023/09/18 14:49:43 schwarze Exp $
+.\" $OpenBSD: RSA_get_ex_new_index.3,v 1.13 2023/11/19 21:08:04 tb Exp $
 .\"
 .\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 18 2023 $
+.Dd $Mdocdate: November 19 2023 $
 .Dt RSA_GET_EX_NEW_INDEX 3
 .Os
 .Sh NAME
@@ -47,7 +47,7 @@
 The following parent objects can have application specific data called
 .Dq ex_data
 attached to them:
-.Vt BIO , DH , DSA , EC_KEY , ENGINE , RSA ,
+.Vt BIO , DH , DSA , EC_KEY , RSA ,
 .Vt SSL , SSL_CTX , SSL_SESSION , UI , X509 , X509_STORE ,
 and
 .Vt X509_STORE_CTX .

lib/libcrypto/man/RSA_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: RSA_new.3,v 1.17 2022/07/13 21:51:35 schwarze Exp $
+.\" $OpenBSD: RSA_new.3,v 1.18 2023/11/19 21:03:22 tb Exp $
 .\" full merge up to:
 .\" OpenSSL doc/man3/RSA_new.pod e9b77246 Jan 20 19:58:49 2017 +0100
 .\" OpenSSL doc/crypto/rsa.pod 35d2e327 Jun 3 16:19:49 2016 -0400 (final)
@@ -67,7 +67,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 13 2022 $
+.Dd $Mdocdate: November 19 2023 $
 .Dt RSA_NEW 3
 .Os
 .Sh NAME
@@ -128,12 +128,8 @@ decrements the reference count by 1.
 If it reaches 0, it calls the optional
 .Fa finish
 function set up with
-.Xr RSA_meth_set_finish 3 ,
+.Xr RSA_meth_set_finish 3
-calls
+and frees the
-.Xr ENGINE_finish 3
-if
-.Fa rsa
-uses an engine, and frees the
 .Vt RSA
 structure and its components.
 The key is erased before the memory is returned to the system.
@@ -185,12 +181,8 @@ values are available.
 .Pp
 Note that RSA keys may use non-standard
 .Vt RSA_METHOD
-implementations, either directly or by the use of
+implementations.
-.Vt ENGINE
+In some cases, these
-modules.
-In some cases (e.g. an
-.Vt ENGINE
-providing support for hardware-embedded keys), these
 .Vt BIGNUM
 values will not be used by the implementation or may be used for
 alternative data storage.

lib/libcrypto/man/RSA_set_method.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: RSA_set_method.3,v 1.17 2023/05/14 09:33:19 tb Exp $
+.\"	$OpenBSD: RSA_set_method.3,v 1.18 2023/11/19 10:34:26 tb Exp $
 .\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 14 2023 $
+.Dd $Mdocdate: November 19 2023 $
 .Dt RSA_SET_METHOD 3
 .Os
 .Sh NAME
@@ -105,16 +105,9 @@ selects
 as the default method for all
 .Vt RSA
 structures created later.
-If any
-.Vt ENGINE
-was registered with
-.Xr ENGINE_register_RSA 3
-that can be successfully initialized, it overrides the default.
 .Pp
 .Fn RSA_get_default_method
-returns a pointer to the current default method,
+returns a pointer to the current default method.
-even if it is actually overridden by an
-.Vt ENGINE .
 .Pp
 .Fn RSA_set_method
 selects
@@ -127,10 +120,7 @@ used by the RSA key, calling the
 .Fa finish
 function set up with
 .Xr RSA_meth_set_finish 3
-if any, and if the previous method was supplied by an
+if any.
-.Vt ENGINE ,
-.Xr ENGINE_finish 3
-is called on it.
 If
 .Fa meth
 contains an
@@ -142,9 +132,7 @@ that function is called just before returning from
 .Pp
 It is possible to have RSA keys that only work with certain
 .Vt RSA_METHOD
-implementations (e.g. from an
+implementations,
-.Vt ENGINE
-module that supports embedded hardware-protected keys),
 and in such cases attempting to change the
 .Vt RSA_METHOD
 for the key can have unexpected results.
@@ -154,12 +142,6 @@ returns a pointer to the
 .Vt RSA_METHOD
 being used by
 .Fa rsa .
-This method may or may not be supplied by an
-.Vt ENGINE
-implementation but if it is, the return value can only be guaranteed
-to be valid as long as the RSA key itself is valid and does not
-have its implementation changed by
-.Fn RSA_set_method .
 .Pp
 The misleadingly named function
 .Fn RSA_flags
@@ -178,17 +160,10 @@ section for more details.
 .Fn RSA_new_method
 allocates and initializes an
 .Vt RSA
-structure so that
+structure.
+The
 .Fa engine
-is used for the RSA operations.
+argument is ignored and
-If
-.Fa engine
-is
-.Dv NULL ,
-.Xr ENGINE_get_default_RSA 3
-is used.
-If that returns
-.Dv NULL ,
 the default method controlled by
 .Fn RSA_set_default_method
 is used.
@@ -224,9 +199,6 @@ and sets an error code that can be obtained by
 if the allocation fails.
 Otherwise it returns a pointer to the newly allocated structure.
 .Sh SEE ALSO
-.Xr ENGINE_get_default_RSA 3 ,
-.Xr ENGINE_register_RSA 3 ,
-.Xr ENGINE_set_default_RSA 3 ,
 .Xr RSA_meth_new 3 ,
 .Xr RSA_new 3
 .Sh HISTORY

lib/libcrypto/man/X509_STORE_get_by_subject.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.4 2023/08/10 14:15:16 schwarze Exp $
+.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.5 2023/11/16 20:27:43 schwarze Exp $
 .\"
 .\" Copyright (c) 2021, 2023 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: August 10 2023 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt X509_STORE_GET_BY_SUBJECT 3
 .Os
 .Sh NAME
@@ -160,7 +160,7 @@ encourage checking of validity times, CAs with a valid time are
 preferred, but if no matching CA has a valid time, one with an
 invalid time is accepted anyway.
 .Pp
-The following are deprecated aliases:
+The following are deprecated aliases implemented as macros:
 .Bl -column X509_STORE_get_by_subject F X509_STORE_CTX_get_by_subject
 .It Fn X509_STORE_get_by_subject Ta for Ta Fn X509_STORE_CTX_get_by_subject
 .It Fn X509_STORE_get1_certs     Ta for Ta Fn X509_STORE_CTX_get1_certs

lib/libcrypto/man/X509_STORE_set1_param.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_STORE_set1_param.3,v 1.19 2021/10/18 18:20:39 schwarze Exp $
+.\" $OpenBSD: X509_STORE_set1_param.3,v 1.20 2023/11/16 20:27:43 schwarze Exp $
 .\" content checked up to:
 .\" OpenSSL man3/X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000
 .\" OpenSSL man3/X509_STORE_get0_param e90fc053 Jul 15 09:39:45 2017 -0400
@@ -17,7 +17,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: October 18 2021 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt X509_STORE_SET1_PARAM 3
 .Os
 .Sh NAME
@@ -145,6 +145,8 @@ Their usage is identical to that of
 .Xr RSA_set_ex_data 3 ,
 and
 .Xr RSA_get_ex_data 3 .
+.Fn X509_STORE_get_ex_new_index
+is implemented as a macro.
 .Sh RETURN VALUES
 .Fn X509_STORE_set1_param ,
 .Fn X509_STORE_set_purpose ,

lib/libcrypto/man/bn_dump.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: bn_dump.3,v 1.8 2023/01/20 12:16:46 jsing Exp $
+.\" $OpenBSD: bn_dump.3,v 1.9 2023/11/16 18:10:19 schwarze Exp $
 .\" full merge up to:
 .\" OpenSSL crypto/bn/README.pod aebb9aac Jul 19 09:27:53 2016 -0400
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 20 2023 $
+.Dd $Mdocdate: November 16 2023 $
 .Dt BN_DUMP 3
 .Os
 .Sh NAME
@@ -64,28 +64,12 @@
 .Nm bn_mul_comba8 ,
 .Nm bn_sqr_comba4 ,
 .Nm bn_sqr_comba8 ,
-.Nm bn_cmp_words ,
 .Nm bn_mul_normal ,
-.Nm bn_mul_recursive ,
-.Nm bn_mul_part_recursive ,
-.Nm bn_sqr_normal ,
-.Nm bn_sqr_recursive ,
 .Nm bn_expand ,
-.Nm bn_wexpand ,
+.Nm bn_wexpand
-.Nm bn_expand2 ,
-.Nm bn_fix_top ,
-.Nm bn_check_top ,
-.Nm bn_print ,
-.Nm bn_dump ,
-.Nm bn_set_max ,
-.Nm bn_set_high ,
-.Nm bn_set_low ,
-.Nm mul ,
-.Nm mul_add ,
-.Nm sqr
 .Nd BIGNUM library internal functions
 .Sh SYNOPSIS
-.In openssl/bn.h
+.Fd #include "bn_local.h"
 .Ft BN_ULONG
 .Fo bn_mul_words
 .Fa "BN_ULONG *rp"
@@ -148,12 +132,6 @@
 .Fa "BN_ULONG *r"
 .Fa "BN_ULONG *a"
 .Fc
-.Ft int
-.Fo bn_cmp_words
-.Fa "BN_ULONG *a"
-.Fa "BN_ULONG *b"
-.Fa "int n"
-.Fc
 .Ft void
 .Fo bn_mul_normal
 .Fa "BN_ULONG *r"
@@ -162,60 +140,6 @@
 .Fa "BN_ULONG *b"
 .Fa "int nb"
 .Fc
-.Ft void
-.Fo bn_mul_recursive
-.Fa "BN_ULONG *r"
-.Fa "BN_ULONG *a"
-.Fa "BN_ULONG *b"
-.Fa "int n2"
-.Fa "int dna"
-.Fa "int dnb"
-.Fa "BN_ULONG *tmp"
-.Fc
-.Ft void
-.Fo bn_mul_part_recursive
-.Fa "BN_ULONG *r"
-.Fa "BN_ULONG *a"
-.Fa "BN_ULONG *b"
-.Fa "int n"
-.Fa "int tna"
-.Fa "int tnb"
-.Fa "BN_ULONG *tmp"
-.Fc
-.Ft void
-.Fo bn_sqr_normal
-.Fa "BN_ULONG *r"
-.Fa "BN_ULONG *a"
-.Fa "int n"
-.Fa "BN_ULONG *tmp"
-.Fc
-.Ft void
-.Fo bn_sqr_recursive
-.Fa "BN_ULONG *r"
-.Fa "BN_ULONG *a"
-.Fa "int n2"
-.Fa "BN_ULONG *tmp"
-.Fc
-.Ft void
-.Fo mul
-.Fa "BN_ULONG r"
-.Fa "BN_ULONG a"
-.Fa "BN_ULONG w"
-.Fa "BN_ULONG c"
-.Fc
-.Ft void
-.Fo mul_add
-.Fa "BN_ULONG r"
-.Fa "BN_ULONG a"
-.Fa "BN_ULONG w"
-.Fa "BN_ULONG c"
-.Fc
-.Ft void
-.Fo sqr
-.Fa "BN_ULONG r0"
-.Fa "BN_ULONG r1"
-.Fa "BN_ULONG a"
-.Fc
 .Ft BIGNUM *
 .Fo bn_expand
 .Fa "BIGNUM *a"
@@ -226,46 +150,8 @@
 .Fa "BIGNUM *a"
 .Fa "int n"
 .Fc
-.Ft BIGNUM *
-.Fo bn_expand2
-.Fa "BIGNUM *a"
-.Fa "int n"
-.Fc
-.Ft void
-.Fo bn_fix_top
-.Fa "BIGNUM *a"
-.Fc
-.Ft void
-.Fo bn_check_top
-.Fa "BIGNUM *a"
-.Fc
-.Ft void
-.Fo bn_print
-.Fa "BIGNUM *a"
-.Fc
-.Ft void
-.Fo bn_dump
-.Fa "BN_ULONG *d"
-.Fa "int n"
-.Fc
-.Ft void
-.Fo bn_set_max
-.Fa "BIGNUM *a"
-.Fc
-.Ft void
-.Fo bn_set_high
-.Fa "BIGNUM *r"
-.Fa "BIGNUM *a"
-.Fa "int n"
-.Fc
-.Ft void
-.Fo bn_set_low
-.Fa "BIGNUM *r"
-.Fa "BIGNUM *a"
-.Fa "int n"
-.Fc
 .Sh DESCRIPTION
-This page documents the internal functions used by the OpenSSL
+This page documents some internal functions used by the
 .Vt BIGNUM
 implementation.
 They are described here to facilitate debugging and extending the
@@ -327,16 +213,12 @@ is a bit field of flags which are defined in
 .In openssl/bn.h .
 The flags begin with
 .Dv BN_FLG_ .
-The macros
+The functions
-.Fn BN_set_flags b n
+.Xr BN_set_flags 3
 and
-.Fn BN_get_flags b n
+.Xr BN_get_flags 3
-exist to enable or fetch flag(s)
+enable or inspect
-.Fa n
+.Fa flags .
-from a
-.Vt BIGNUM
-structure
-.Fa b .
 .Pp
 Various routines in this library require the use of temporary
 .Vt BIGNUM
@@ -488,18 +370,6 @@ and the 16 word array
 .Pp
 The following functions are implemented in C:
 .Pp
-.Fn bn_cmp_words a b n
-operates on the
-.Fa n
-word arrays
-.Fa a
-and
-.Fa b .
-It returns 1, 0 and -1 if
-.Fa a
-is greater than, equal and less than
-.Fa b .
-.Pp
 .Fn bn_mul_normal r a na b nb
 operates on the
 .Fa na
@@ -518,103 +388,15 @@ It computes
 and places the result in
 .Fa r .
 .Pp
-.Fn bn_mul_recursive r a b n2 dna dnb t
-operates on the word arrays
-.Fa a
-and
-.Fa b
-of length
-.Fa n2 Ns + Ns Fa dna
-and
-.Fa n2 Ns + Ns Fa dnb
-.Pf ( Fa dna
-and
-.Fa dnb
-are currently allowed to be 0 or negative) and the
-.Pf 2* Fa n2
-word arrays
-.Fa r
-and
-.Sy t .
-.Fa n2
-must be a power of 2.
-It computes
-.Fa a Ns * Ns Fa b
-and places the result in
-.Fa r .
-.Pp
-.Fn bn_mul_part_recursive r a b n tna tnb tmp
-operates on the word arrays
-.Fa a
-and
-.Fa b
-of length
-.Fa n Ns + Ns Fa tna
-and
-.Fa n Ns + Ns Fa tnb
-and the
-.Pf 4* Fa n
-word arrays
-.Fa r
-and
-.Fa tmp .
-.Pp
 .Xr BN_mul 3
 calls
-.Fn bn_mul_normal ,
+.Fn bn_mul_comba4
-or an optimized implementation if the factors have the same size:
+if both factors are 4 words long,
 .Fn bn_mul_comba8
-is used if they are 8 words long,
+if both factors are 8 words long,
-.Fn bn_mul_recursive
+or
-if they are larger than
+.Fn bn_mul_normal
-.Dv BN_MULL_SIZE_NORMAL
+otherwise.
-and the size is an exact multiple of the word size, and
-.Fn bn_mul_part_recursive
-for others that are larger than
-.Dv BN_MULL_SIZE_NORMAL .
-.Pp
-.Fn bn_sqr_normal r a n tmp
-operates on the
-.Fa n
-word array
-.Fa a
-and the
-.Pf 2* Fa n
-word arrays
-.Fa tmp
-and
-.Fa r .
-.Pp
-The implementations use the following macros which, depending on the
-architecture, may use
-.Vt long long
-C operations or inline assembler.
-They are defined in
-.Pa bn_lcl.h .
-.Pp
-.Fn mul r a w c
-computes
-.Fa w Ns * Ns Fa a Ns + Ns Fa c
-and places the low word of the result in
-.Fa r
-and the high word in
-.Fa c .
-.Pp
-.Fn mul_add r a w c
-computes
-.Fa w Ns * Ns Fa a Ns + Ns Fa r Ns + Ns Fa c
-and places the low word of the result in
-.Fa r
-and the high word in
-.Fa c .
-.Pp
-.Fn sqr r0 r1 a
-computes
-.Fa a Ns * Ns Fa a
-and places the low word of the result in
-.Fa r0
-and the high word in
-.Fa r1 .
 .Ss Size changes
 .Fn bn_expand
 ensures that
@@ -628,71 +410,6 @@ ensures that
 has enough space for an
 .Fa n
 word number.
-If the number has to be expanded, both macros call
+They return 0 on error or 1 otherwise.
-.Fn bn_expand2 ,
-which allocates a new
-.Fa d
-array and copies the data.
-They return
-.Dv NULL
-on error,
-.Fa b
-otherwise.
-.Pp
-The
-.Fn bn_fix_top
-macro reduces
-.Fa a Ns -> Ns Fa top
-to point to the most significant non-zero word plus one when
-.Fa a
-has shrunk.
-.Ss Debugging
-.Fn bn_check_top
-verifies that
-.Ql ((a)-\(ratop \(ra= 0 && (a)-\(ratop \(la= (a)-\(radmax) .
-A violation will cause the program to abort.
-.Pp
-.Fn bn_print
-prints
-.Fa a
-to
-.Dv stderr .
-.Fn bn_dump
-prints
-.Fa n
-words at
-.Fa d
-(in reverse order, i.e.\&
-most significant word first) to
-.Dv stderr .
-.Pp
-.Fn bn_set_max
-makes
-.Fa a
-a static number with a
-.Fa dmax
-of its current size.
-This is used by
-.Fn bn_set_low
-and
-.Fn bn_set_high
-to make
-.Fa r
-a read-only
-.Vt BIGNUM
-that contains the
-.Fa n
-low or high words of
-.Fa a .
-.Pp
-If
-.Dv BN_DEBUG
-is not defined,
-.Fn bn_check_top ,
-.Fn bn_print ,
-.Fn bn_dump
-and
-.Fn bn_set_max
-are defined as empty macros.
 .Sh SEE ALSO
 .Xr BN_new 3

lib/libcrypto/man/evp.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: evp.3,v 1.24 2023/09/09 14:39:09 schwarze Exp $
+.\" $OpenBSD: evp.3,v 1.25 2023/11/19 10:25:28 tb Exp $
 .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>,
@@ -51,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 9 2023 $
+.Dd $Mdocdate: November 19 2023 $
 .Dt EVP 3
 .Os
 .Sh NAME
@@ -156,30 +156,6 @@ example, PBKDF2 from PCKS#5).
 The
 .Xr EVP_EncodeInit 3
 family of functions provides base64 encoding and decoding.
-.Pp
-All the symmetric algorithms (ciphers), digests and asymmetric
-algorithms (public key algorithms) can be replaced by
-.Vt ENGINE
-modules providing alternative implementations; see
-.Xr ENGINE_register_RSA 3
-and the related manual pages for more information.
-If
-.Vt ENGINE
-implementations of ciphers or digests are registered as defaults,
-then the various EVP functions will automatically use those
-implementations in preference to built in software implementations.
-.Pp
-Although low-level algorithm specific functions exist for many
-algorithms, their use is discouraged.
-They cannot be used with an
-.Vt ENGINE ,
-and
-.Vt ENGINE
-versions of new algorithms cannot be accessed using the low-level
-functions.
-Using them also makes code harder to adapt to new algorithms, some
-options are not cleanly supported at the low level, and some
-operations are more efficient using the high-level interfaces.
 .Sh SEE ALSO
 .Xr ASN1_item_digest 3 ,
 .Xr ASN1_item_sign 3 ,
@@ -191,8 +167,6 @@ operations are more efficient using the high-level interfaces.
 .Xr crypto 3 ,
 .Xr d2i_PKCS8PrivateKey_bio 3 ,
 .Xr d2i_PrivateKey 3 ,
-.Xr ENGINE_get_cipher 3 ,
-.Xr ENGINE_register_RSA 3 ,
 .Xr EVP_add_cipher 3 ,
 .Xr EVP_AEAD_CTX_init 3 ,
 .Xr EVP_aes_128_cbc 3 ,

lib/libcrypto/man/openssl.cnf.5

@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.cnf.5,v 1.9 2023/10/21 14:05:49 tb Exp $
+.\" $OpenBSD: openssl.cnf.5,v 1.10 2023/11/19 10:23:53 tb Exp $
 .\" full merge up to: OpenSSL man5/config b53338cb Feb 28 12:30:28 2017 +0100
 .\" selective merge up to: OpenSSL a8c5ed81 Jul 18 13:57:25 2017 -0400
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 21 2023 $
+.Dd $Mdocdate: November 19 2023 $
 .Dt OPENSSL.CNF 5
 .Os
 .Sh NAME
@@ -192,13 +192,9 @@ openssl_conf = openssl_init
 
 [openssl_init]
 oid_section = new_oids
-engines = engine_section
 
 [new_oids]
 \&... new oids here ...
-
-[engine_section]
-\&... engine stuff here ...
 .Ed
 .Pp
 The features of each configuration module are described below.
@@ -228,106 +224,6 @@ comma and the numerical OID form.
 For example:
 .Pp
 .Dl shortName = some object long name, 1.2.3.4
-.Ss Engine Configuration Module
-This ENGINE configuration module has the name
-.Ic engines .
-The value of this variable points to a section containing further ENGINE
-configuration information.
-.Pp
-The section pointed to by
-.Ic engines
-is a table of engine names (though see
-.Ic engine_id
-below) and further sections containing configuration information
-specific to each ENGINE.
-.Pp
-Each ENGINE specific section is used to set default algorithms, load
-dynamic ENGINEs, perform initialization and send ctrls.
-The actual operation performed depends on the command
-name which is the name of the name value pair.
-The currently supported commands are listed below.
-.Pp
-For example:
-.Bd -literal -offset indent
-[engine_section]
-# Configure ENGINE named "foo"
-foo = foo_section
-# Configure ENGINE named "bar"
-bar = bar_section
-
-[foo_section]
-\&... foo ENGINE specific commands ...
-
-[bar_section]
-\&... "bar" ENGINE specific commands ...
-.Ed
-.Pp
-The command
-.Ic engine_id
-is used to give the ENGINE name.
-If used, this command must be first.
-For example:
-.Bd -literal -offset indent
-[engine_section]
-# This would normally handle an ENGINE named "foo"
-foo = foo_section
-
-[foo_section]
-# Override default name and use "myfoo" instead.
-engine_id = myfoo
-.Ed
-.Pp
-The command
-.Ic dynamic_path
-loads and adds an ENGINE from the given path.
-It is equivalent to sending the ctrls
-.Sy SO_PATH
-with the path argument followed by
-.Sy LIST_ADD
-with value 2 and
-.Sy LOAD
-to the dynamic ENGINE.
-If this is not the required behaviour then alternative ctrls can be sent
-directly to the dynamic ENGINE using ctrl commands.
-.Pp
-The command
-.Ic init
-determines whether to initialize the ENGINE.
-If the value is 0, the ENGINE will not be initialized.
-If it is 1, an attempt is made to initialized the ENGINE immediately.
-If the
-.Ic init
-command is not present, then an attempt will be made to initialize
-the ENGINE after all commands in its section have been processed.
-.Pp
-The command
-.Ic default_algorithms
-sets the default algorithms an ENGINE will supply using the functions
-.Xr ENGINE_set_default_string 3 .
-.Pp
-If the name matches none of the above command names, it is assumed
-to be a ctrl command which is sent to the ENGINE.
-The value of the command is the argument to the ctrl command.
-If the value is the string
-.Cm EMPTY ,
-then no value is sent to the command.
-.Pp
-For example:
-.Bd -literal -offset indent
-[engine_section]
-# Configure ENGINE named "foo"
-foo = foo_section
-
-[foo_section]
-# Load engine from DSO
-dynamic_path = /some/path/fooengine.so
-# A foo specific ctrl.
-some_ctrl = some_value
-# Another ctrl that doesn't take a value.
-other_ctrl = EMPTY
-# Supply all default algorithms
-default_algorithms = ALL
-.Ed
 .Sh FILES
 .Bl -tag -width /etc/ssl/openssl.cnf -compact
 .It Pa /etc/ssl/openssl.cnf

lib/libcrypto/pem/pem_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_lib.c,v 1.53 2023/07/07 13:40:44 beck Exp $ */
+/* $OpenBSD: pem_lib.c,v 1.54 2023/11/19 15:46:10 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -74,9 +74,6 @@
 #ifndef OPENSSL_NO_DES
 #include <openssl/des.h>
 #endif
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 
 #include "asn1_local.h"
 #include "evp_local.h"
@@ -231,9 +228,6 @@ check_pem(const char *nm, const char *name)
 					r = 1;
 				else
 					r = 0;
-#ifndef OPENSSL_NO_ENGINE
-				ENGINE_finish(e);
-#endif
 				return r;
 			}
 		}

lib/libcrypto/pem/pem_pkey.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_pkey.c,v 1.27 2023/07/07 13:40:44 beck Exp $ */
+/* $OpenBSD: pem_pkey.c,v 1.28 2023/11/19 15:46:10 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -69,10 +69,6 @@
 #include <openssl/pkcs12.h>
 #include <openssl/x509.h>
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
 #include "asn1_local.h"
 #include "evp_local.h"
 

lib/libcrypto/pkcs7/pk7_doit.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_doit.c,v 1.52 2023/03/09 18:20:10 tb Exp $ */
+/* $OpenBSD: pk7_doit.c,v 1.54 2023/11/15 00:55:43 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -68,10 +68,6 @@
 #include "evp_local.h"
 #include "x509_local.h"
 
-static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
-    void *value);
-static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
-
 static int
 PKCS7_type_is_other(PKCS7* p7)
 {
@@ -407,7 +403,7 @@ err:
 			BIO_free_all(btmp);
 		out = NULL;
 	}
-	return (out);
+	return out;
 }
 LCRYPTO_ALIAS(PKCS7_dataInit);
 
@@ -636,7 +632,7 @@ err:
 			BIO_free_all(etmp);
 		out = NULL;
 	}
-	return (out);
+	return out;
 }
 LCRYPTO_ALIAS(PKCS7_dataDecode);
 
@@ -865,7 +861,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 	ret = 1;
 err:
 	EVP_MD_CTX_cleanup(&ctx_tmp);
-	return (ret);
+	return ret;
 }
 LCRYPTO_ALIAS(PKCS7_dataFinal);
 
@@ -1093,7 +1089,7 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
 		ret = 1;
 err:
 	EVP_MD_CTX_cleanup(&mdc_tmp);
-	return (ret);
+	return ret;
 }
 LCRYPTO_ALIAS(PKCS7_signatureVerify);
 
@@ -1114,26 +1110,12 @@ PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
 		return NULL;
 	ri = sk_PKCS7_RECIP_INFO_value(rsk, 0);
 	if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
-		return (NULL);
+		return NULL;
 	ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
-	return (ri->issuer_and_serial);
+	return ri->issuer_and_serial;
 }
 LCRYPTO_ALIAS(PKCS7_get_issuer_and_serial);
 
-ASN1_TYPE *
-PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
-{
-	return (get_attribute(si->auth_attr, nid));
-}
-LCRYPTO_ALIAS(PKCS7_get_signed_attribute);
-
-ASN1_TYPE *
-PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
-{
-	return (get_attribute(si->unauth_attr, nid));
-}
-LCRYPTO_ALIAS(PKCS7_get_attribute);
-
 static ASN1_TYPE *
 get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
 {
@@ -1143,15 +1125,29 @@ get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
 
 	o = OBJ_nid2obj(nid);
 	if (!o || !sk)
-		return (NULL);
+		return NULL;
 	for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
 		xa = sk_X509_ATTRIBUTE_value(sk, i);
 		if (OBJ_cmp(xa->object, o) == 0)
-			return (sk_ASN1_TYPE_value(xa->set, 0));
+			return sk_ASN1_TYPE_value(xa->set, 0);
 	}
-	return (NULL);
+	return NULL;
 }
 
+ASN1_TYPE *
+PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
+{
+	return get_attribute(si->auth_attr, nid);
+}
+LCRYPTO_ALIAS(PKCS7_get_signed_attribute);
+
+ASN1_TYPE *
+PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
+{
+	return get_attribute(si->unauth_attr, nid);
+}
+LCRYPTO_ALIAS(PKCS7_get_attribute);
+
 ASN1_OCTET_STRING *
 PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
 {
@@ -1181,9 +1177,9 @@ PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
 		if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i,
 		    X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i))))
 		    == NULL)
-			return (0);
+			return 0;
 	}
-	return (1);
+	return 1;
 }
 LCRYPTO_ALIAS(PKCS7_set_signed_attributes);
 
@@ -1202,27 +1198,12 @@ PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
 		if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i,
 		    X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i))))
 		    == NULL)
-			return (0);
+			return 0;
 	}
-	return (1);
+	return 1;
 }
 LCRYPTO_ALIAS(PKCS7_set_attributes);
 
-int
-PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-    void *value)
-{
-	return (add_attribute(&(p7si->auth_attr), nid, atrtype, value));
-}
-LCRYPTO_ALIAS(PKCS7_add_signed_attribute);
-
-int
-PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value)
-{
-	return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value));
-}
-LCRYPTO_ALIAS(PKCS7_add_attribute);
-
 static int
 add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value)
 {
@@ -1260,5 +1241,20 @@ new_attrib:
 		goto new_attrib;
 	}
 end:
-	return (1);
+	return 1;
 }
+
+int
+PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+    void *value)
+{
+	return add_attribute(&(p7si->auth_attr), nid, atrtype, value);
+}
+LCRYPTO_ALIAS(PKCS7_add_signed_attribute);
+
+int
+PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value)
+{
+	return add_attribute(&(p7si->unauth_attr), nid, atrtype, value);
+}
+LCRYPTO_ALIAS(PKCS7_add_attribute);

lib/libcrypto/rand/rand.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: rand.h,v 1.23 2022/07/12 14:42:50 kn Exp $ */
+/* $OpenBSD: rand.h,v 1.24 2023/11/19 15:46:10 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -83,9 +83,6 @@ struct rand_meth_st {
 
 int RAND_set_rand_method(const RAND_METHOD *meth);
 const RAND_METHOD *RAND_get_rand_method(void);
-#ifndef OPENSSL_NO_ENGINE
-int RAND_set_rand_engine(ENGINE *engine);
-#endif
 RAND_METHOD *RAND_SSLeay(void);
 
 #ifndef LIBRESSL_INTERNAL

lib/libcrypto/rand/rand_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: rand_lib.c,v 1.22 2023/07/07 19:37:54 beck Exp $ */
+/* $OpenBSD: rand_lib.c,v 1.23 2023/11/19 15:46:10 tb Exp $ */
 /*
  * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
  *
@@ -45,15 +45,6 @@ RAND_SSLeay(void)
 }
 LCRYPTO_ALIAS(RAND_SSLeay);
 
-#ifndef OPENSSL_NO_ENGINE
-int
-RAND_set_rand_engine(ENGINE *engine)
-{
-	return 1;
-}
-LCRYPTO_ALIAS(RAND_set_rand_engine);
-#endif
-
 void
 RAND_cleanup(void)
 {

lib/libcrypto/rsa/rsa_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_lib.c,v 1.48 2023/07/28 10:05:16 tb Exp $ */
+/* $OpenBSD: rsa_lib.c,v 1.49 2023/11/19 15:46:10 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -71,10 +71,6 @@
 #include "evp_local.h"
 #include "rsa_local.h"
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
 static const RSA_METHOD *default_RSA_meth = NULL;
 
 RSA *
@@ -122,10 +118,6 @@ RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
 	mtmp = rsa->meth;
 	if (mtmp->finish)
 		mtmp->finish(rsa);
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_finish(rsa->engine);
-	rsa->engine = NULL;
-#endif
 	rsa->meth = meth;
 	if (meth->init)
 		meth->init(rsa);
@@ -145,25 +137,6 @@ RSA_new_method(ENGINE *engine)
 
 	ret->meth = RSA_get_default_method();
 
-#ifndef OPENSSL_NO_ENGINE
-	if (engine != NULL) {
-		if (!ENGINE_init(engine)) {
-			RSAerror(ERR_R_ENGINE_LIB);
-			goto err;
-		}
-		ret->engine = engine;
-	} else {
-		ret->engine = ENGINE_get_default_RSA();
-	}
-
-	if (ret->engine != NULL) {
-		if ((ret->meth = ENGINE_get_RSA(ret->engine)) == NULL) {
-			RSAerror(ERR_R_ENGINE_LIB);
-			goto err;
-		}
-	}
-#endif
-
 	ret->references = 1;
 	ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
 
@@ -178,9 +151,6 @@ RSA_new_method(ENGINE *engine)
 	return ret;
 
  err:
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_finish(ret->engine);
-#endif
 	free(ret);
 
 	return NULL;
@@ -201,9 +171,6 @@ RSA_free(RSA *r)
 
 	if (r->meth->finish)
 		r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_finish(r->engine);
-#endif
 
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
 

lib/libcrypto/ts/ts.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: ts.h,v 1.22 2023/07/28 09:53:55 tb Exp $ */
+/* $OpenBSD: ts.h,v 1.23 2023/11/19 15:46:10 tb Exp $ */
 /* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
  * project 2002, 2003, 2004.
  */
@@ -542,11 +542,6 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
 int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
     TS_RESP_CTX *ctx);
-#ifndef OPENSSL_NO_ENGINE
-int TS_CONF_set_crypto_device(CONF *conf, const char *section,
-    const char *device);
-int TS_CONF_set_default_engine(const char *name);
-#endif
 int TS_CONF_set_signer_cert(CONF *conf, const char *section,
     const char *cert, TS_RESP_CTX *ctx);
 int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,

lib/libcrypto/ts/ts_conf.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_conf.c,v 1.12 2023/07/07 07:25:21 beck Exp $ */
+/* $OpenBSD: ts_conf.c,v 1.13 2023/11/19 15:46:10 tb Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -65,10 +65,6 @@
 #include <openssl/pem.h>
 #include <openssl/ts.h>
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
 /* Macro definitions for the configuration file. */
 
 #define	BASE_SECTION			"tsa"
@@ -211,56 +207,6 @@ err:
 }
 LCRYPTO_ALIAS(TS_CONF_set_serial);
 
-#ifndef OPENSSL_NO_ENGINE
-
-int
-TS_CONF_set_crypto_device(CONF *conf, const char *section, const char *device)
-{
-	int ret = 0;
-
-	if (!device)
-		device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE);
-
-	if (device && !TS_CONF_set_default_engine(device)) {
-		TS_CONF_invalid(section, ENV_CRYPTO_DEVICE);
-		goto err;
-	}
-	ret = 1;
-
-err:
-	return ret;
-}
-LCRYPTO_ALIAS(TS_CONF_set_crypto_device);
-
-int
-TS_CONF_set_default_engine(const char *name)
-{
-	ENGINE *e = NULL;
-	int ret = 0;
-
-	/* Leave the default if builtin specified. */
-	if (strcmp(name, "builtin") == 0)
-		return 1;
-
-	if (!(e = ENGINE_by_id(name)))
-		goto err;
-	/* All the operations are going to be carried out by the engine. */
-	if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-		goto err;
-	ret = 1;
-
-err:
-	if (!ret) {
-		TSerror(TS_R_COULD_NOT_SET_ENGINE);
-		ERR_asprintf_error_data("engine:%s", name);
-	}
-	ENGINE_free(e);
-	return ret;
-}
-LCRYPTO_ALIAS(TS_CONF_set_default_engine);
-
-#endif
-
 int
 TS_CONF_set_signer_cert(CONF *conf, const char *section, const char *cert,
     TS_RESP_CTX *ctx)