Unifdef OPENSSL_NO_ENGINE in libssl

As usual, a few manual fixes to avoid duplicate lines.

ok jsing

5 files changed, 5 insertions, 69 deletions

diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index acde94c7493..4ef6f6df7f5 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.230 2022/12/26 07:31:44 jmc Exp $ */
+/* $OpenBSD: ssl.h,v 1.231 2023/11/19 15:51:49 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -610,9 +610,6 @@ void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
     int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509,
     EVP_PKEY **pkey);
-#ifndef OPENSSL_NO_ENGINE
-int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
-#endif
 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
     int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
     unsigned int *cookie_len));
diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c
index b735cd7b30e..38ebea1629f 100644
--- a/lib/libssl/ssl_ciph.c
+++ b/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.136 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.137 2023/11/19 15:51:49 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -145,10 +145,6 @@
 #include <openssl/objects.h>
 #include <openssl/opensslconf.h>
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
 #include "ssl_local.h"
 
 #define CIPHER_ADD	1
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 0ac393f73c5..9e65095c6c0 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.314 2023/09/19 01:22:31 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.315 2023/11/19 15:51:49 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -154,10 +154,6 @@
 #include <openssl/opensslconf.h>
 #include <openssl/x509v3.h>
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
 #include "bytestring.h"
 #include "dtls_local.h"
 #include "ssl_local.h"
@@ -2164,26 +2160,6 @@ SSL_CTX_new(const SSL_METHOD *meth)
 	ret->tlsext_status_cb = 0;
 	ret->tlsext_status_arg = NULL;
 
-#ifndef OPENSSL_NO_ENGINE
-	ret->client_cert_engine = NULL;
-#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
-#define eng_strx(x)	#x
-#define eng_str(x)	eng_strx(x)
-	/* Use specific client engine automatically... ignore errors */
-	{
-		ENGINE *eng;
-		eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
-		if (!eng) {
-			ERR_clear_error();
-			ENGINE_load_builtin_engines();
-			eng = ENGINE_by_id(eng_str(
-			    OPENSSL_SSL_CLIENT_ENGINE_AUTO));
-		}
-		if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
-			ERR_clear_error();
-	}
-#endif
-#endif
 	/*
 	 * Default is to connect to non-RI servers. When RI is more widely
 	 * deployed might change this.
@@ -2241,10 +2217,6 @@ SSL_CTX_free(SSL_CTX *ctx)
 		sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles);
 #endif
 
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_finish(ctx->client_cert_engine);
-#endif
-
 	free(ctx->tlsext_ecpointformatlist);
 	free(ctx->tlsext_supportedgroups);
 
diff --git a/lib/libssl/ssl_local.h b/lib/libssl/ssl_local.h
index 9666f3882a6..dd8895f018d 100644
--- a/lib/libssl/ssl_local.h
+++ b/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.7 2023/07/06 07:56:32 beck Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.8 2023/11/19 15:51:49 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -865,12 +865,6 @@ struct ssl_ctx_st {
 	 */
 	unsigned int max_send_fragment;
 
-#ifndef OPENSSL_NO_ENGINE
-	/* Engine to pass requests for client certs to
-	 */
-	ENGINE *client_cert_engine;
-#endif
-
 	/* RFC 4507 session ticket keys */
 	unsigned char tlsext_tick_key_name[16];
 	unsigned char tlsext_tick_hmac_key[16];
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index aa6b08eae65..ae7532d1adc 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.122 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.123 2023/11/19 15:51:49 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -138,10 +138,6 @@
 #include <openssl/lhash.h>
 #include <openssl/opensslconf.h>
 
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
 #include "ssl_local.h"
 
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
@@ -1320,25 +1316,6 @@ int
 }
 LSSL_ALIAS(SSL_CTX_get_client_cert_cb);
 
-#ifndef OPENSSL_NO_ENGINE
-int
-SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
-{
-	if (!ENGINE_init(e)) {
-		SSLerrorx(ERR_R_ENGINE_LIB);
-		return 0;
-	}
-	if (!ENGINE_get_ssl_client_cert_function(e)) {
-		SSLerrorx(SSL_R_NO_CLIENT_CERT_METHOD);
-		ENGINE_finish(e);
-		return 0;
-	}
-	ctx->client_cert_engine = e;
-	return 1;
-}
-LSSL_ALIAS(SSL_CTX_set_client_cert_engine);
-#endif
-
 void
 SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
     int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))