pyca · alex · Feb 25, 2019 · Feb 25, 2019
diff --git a/src/_cffi_src/openssl/engine.py b/src/_cffi_src/openssl/engine.py
@@ -10,130 +10,52 @@
 
 TYPES = """
 typedef ... ENGINE;
-typedef struct {
-    int (*bytes)(unsigned char *, int);
-    int (*pseudorand)(unsigned char *, int);
-    int (*status)();
-    ...;
-} RAND_METHOD;
-typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
-typedef ... *ENGINE_CTRL_FUNC_PTR;
-typedef ... *ENGINE_LOAD_KEY_PTR;
-typedef ... *ENGINE_CIPHERS_PTR;
-typedef ... *ENGINE_DIGESTS_PTR;
-typedef ... ENGINE_CMD_DEFN;
-typedef ... UI_METHOD;
-
-static const unsigned int ENGINE_METHOD_RAND;
 
 static const int ENGINE_R_CONFLICTING_ENGINE_ID;
 static const long Cryptography_HAS_ENGINE;
 """
 
 FUNCTIONS = """
-ENGINE *ENGINE_get_first(void);
-ENGINE *ENGINE_get_last(void);
 int ENGINE_add(ENGINE *);
-int ENGINE_remove(ENGINE *);
 ENGINE *ENGINE_by_id(const char *);
 int ENGINE_init(ENGINE *);
 int ENGINE_finish(ENGINE *);
-void ENGINE_load_builtin_engines(void);
 ENGINE *ENGINE_get_default_RAND(void);
 int ENGINE_set_default_RAND(ENGINE *);
-int ENGINE_register_RAND(ENGINE *);
 void ENGINE_unregister_RAND(ENGINE *);
-void ENGINE_register_all_RAND(void);
-int ENGINE_ctrl(ENGINE *, int, long, void *, void (*)(void));
 int ENGINE_ctrl_cmd(ENGINE *, const char *, long, void *, void (*)(void), int);
-int ENGINE_ctrl_cmd_string(ENGINE *, const char *, const char *, int);
-
-ENGINE *ENGINE_new(void);
 int ENGINE_free(ENGINE *);
-int ENGINE_up_ref(ENGINE *);
-int ENGINE_set_id(ENGINE *, const char *);
-int ENGINE_set_name(ENGINE *, const char *);
-int ENGINE_set_RAND(ENGINE *, const RAND_METHOD *);
-int ENGINE_set_destroy_function(ENGINE *, ENGINE_GEN_INT_FUNC_PTR);
-int ENGINE_set_init_function(ENGINE *, ENGINE_GEN_INT_FUNC_PTR);
-int ENGINE_set_finish_function(ENGINE *, ENGINE_GEN_INT_FUNC_PTR);
-int ENGINE_set_ctrl_function(ENGINE *, ENGINE_CTRL_FUNC_PTR);
-const char *ENGINE_get_id(const ENGINE *);
 const char *ENGINE_get_name(const ENGINE *);
-const RAND_METHOD *ENGINE_get_RAND(const ENGINE *);
 
-void ENGINE_add_conf_module(void);
 /* these became macros in 1.1.0 */
-void ENGINE_load_openssl(void);
 void ENGINE_load_dynamic(void);
-void ENGINE_cleanup(void);
 """
 
 CUSTOMIZATIONS = """
 #ifdef OPENSSL_NO_ENGINE
 static const long Cryptography_HAS_ENGINE = 0;
-typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
-typedef void *ENGINE_CTRL_FUNC_PTR;
-typedef void *ENGINE_LOAD_KEY_PTR;
-typedef void *ENGINE_CIPHERS_PTR;
-typedef void *ENGINE_DIGESTS_PTR;
-typedef struct ENGINE_CMD_DEFN_st {
-    unsigned int cmd_num;
-    const char *cmd_name;
-    const char *cmd_desc;
-    unsigned int cmd_flags;
-} ENGINE_CMD_DEFN;
-
-/* This section is so osrandom_engine.c can successfully compile even
-   when engine support is disabled */
-#define ENGINE_CMD_BASE 0
-#define ENGINE_CMD_FLAG_NO_INPUT 0
-#define ENGINE_F_ENGINE_CTRL 0
-#define ENGINE_R_INVALID_ARGUMENT 0
-#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 0
-int (*ENGINE_set_cmd_defns)(ENGINE *, const ENGINE_CMD_DEFN *) = NULL;
 
-static const unsigned int ENGINE_METHOD_RAND = 0;
 static const int ENGINE_R_CONFLICTING_ENGINE_ID = 0;
 
-ENGINE *(*ENGINE_get_first)(void) = NULL;
-ENGINE *(*ENGINE_get_last)(void) = NULL;
 int (*ENGINE_add)(ENGINE *) = NULL;
-int (*ENGINE_remove)(ENGINE *) = NULL;
 ENGINE *(*ENGINE_by_id)(const char *) = NULL;
 int (*ENGINE_init)(ENGINE *) = NULL;
 int (*ENGINE_finish)(ENGINE *) = NULL;
-void (*ENGINE_load_builtin_engines)(void) = NULL;
 ENGINE *(*ENGINE_get_default_RAND)(void) = NULL;
 int (*ENGINE_set_default_RAND)(ENGINE *) = NULL;
-int (*ENGINE_register_RAND)(ENGINE *) = NULL;
 void (*ENGINE_unregister_RAND)(ENGINE *) = NULL;
-void (*ENGINE_register_all_RAND)(void) = NULL;
 int (*ENGINE_ctrl)(ENGINE *, int, long, void *, void (*)(void)) = NULL;
 int (*ENGINE_ctrl_cmd)(ENGINE *, const char *, long, void *,
                        void (*)(void), int) = NULL;
 int (*ENGINE_ctrl_cmd_string)(ENGINE *, const char *, const char *,
                               int) = NULL;
 
-ENGINE *(*ENGINE_new)(void) = NULL;
 int (*ENGINE_free)(ENGINE *) = NULL;
-int (*ENGINE_up_ref)(ENGINE *) = NULL;
-int (*ENGINE_set_id)(ENGINE *, const char *) = NULL;
-int (*ENGINE_set_name)(ENGINE *, const char *) = NULL;
-int (*ENGINE_set_RAND)(ENGINE *, const RAND_METHOD *) = NULL;
-int (*ENGINE_set_destroy_function)(ENGINE *, ENGINE_GEN_INT_FUNC_PTR) = NULL;
-int (*ENGINE_set_init_function)(ENGINE *, ENGINE_GEN_INT_FUNC_PTR) = NULL;
-int (*ENGINE_set_finish_function)(ENGINE *, ENGINE_GEN_INT_FUNC_PTR) = NULL;
-int (*ENGINE_set_ctrl_function)(ENGINE *, ENGINE_CTRL_FUNC_PTR) = NULL;
 const char *(*ENGINE_get_id)(const ENGINE *) = NULL;
 const char *(*ENGINE_get_name)(const ENGINE *) = NULL;
-const RAND_METHOD *(*ENGINE_get_RAND)(const ENGINE *) = NULL;
 
-void (*ENGINE_add_conf_module)(void) = NULL;
 /* these became macros in 1.1.0 */
-void (*ENGINE_load_openssl)(void) = NULL;
 void (*ENGINE_load_dynamic)(void) = NULL;
-void (*ENGINE_cleanup)(void) = NULL;
 #else
 static const long Cryptography_HAS_ENGINE = 1;
 #endif

diff --git a/src/_cffi_src/openssl/src/osrandom_engine.c b/src/_cffi_src/openssl/src/osrandom_engine.c
@@ -17,6 +17,8 @@
 #include <poll.h>
 #endif
 
+#ifndef OPENSSL_NO_ENGINE
+/* OpenSSL has ENGINE support so build the engine. */
 static const char *Cryptography_osrandom_engine_id = "osrandom";
 
 /****************************************************************************
@@ -638,3 +640,16 @@ int Cryptography_add_osrandom_engine(void) {
 
     return 1;
 }
+
+#else
+/* If OpenSSL has no ENGINE support then we don't want
+ * to compile the osrandom engine, but we do need some
+ * placeholders */
+static const char *Cryptography_osrandom_engine_id = "no-engine-support";
+static const char *Cryptography_osrandom_engine_name = "osrandom_engine disabled due to no engine support";
+
+int Cryptography_add_osrandom_engine(void) {
+    return 0;
+}
+
+#endif
diff --git a/src/_cffi_src/openssl/src/osrandom_engine.h b/src/_cffi_src/openssl/src/osrandom_engine.h
@@ -1,3 +1,5 @@
+#ifndef OPENSSL_NO_ENGINE
+/* OpenSSL has ENGINE support so include all of this. */
 #ifdef _WIN32
   #include <Wincrypt.h>
 #else
@@ -97,3 +99,4 @@ static void ERR_Cryptography_OSRandom_error(int function, int reason,
 #define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_UNEXPECTED 402
 #define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_FAILED 403
 #define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_NOT_INIT 404
+#endif
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -119,15 +119,16 @@ def openssl_assert(self, ok):
         return binding._openssl_assert(self._lib, ok)
 
     def activate_builtin_random(self):
-        # Obtain a new structural reference.
-        e = self._lib.ENGINE_get_default_RAND()
-        if e != self._ffi.NULL:
-            self._lib.ENGINE_unregister_RAND(e)
-            # Reset the RNG to use the new engine.
-            self._lib.RAND_cleanup()
-            # decrement the structural reference from get_default_RAND
-            res = self._lib.ENGINE_finish(e)
-            self.openssl_assert(res == 1)
+        if self._lib.Cryptography_HAS_ENGINE:
+            # Obtain a new structural reference.
+            e = self._lib.ENGINE_get_default_RAND()
+            if e != self._ffi.NULL:
+                self._lib.ENGINE_unregister_RAND(e)
+                # Reset the RNG to use the new engine.
+                self._lib.RAND_cleanup()
+                # decrement the structural reference from get_default_RAND
+                res = self._lib.ENGINE_finish(e)
+                self.openssl_assert(res == 1)
 
     @contextlib.contextmanager
     def _get_osurandom_engine(self):

diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -343,40 +343,17 @@ def cryptography_has_evp_r_memory_limit_exceeded():
 
 def cryptography_has_engine():
     return [
-        "ENGINE_get_first",
-        "ENGINE_get_last",
         "ENGINE_add",
-        "ENGINE_remove",
         "ENGINE_by_id",
         "ENGINE_init",
         "ENGINE_finish",
-        "ENGINE_load_builtin_engines",
         "ENGINE_get_default_RAND",
         "ENGINE_set_default_RAND",
-        "ENGINE_register_RAND",
         "ENGINE_unregister_RAND",
-        "ENGINE_register_all_RAND",
-        "ENGINE_ctrl",
         "ENGINE_ctrl_cmd",
-        "ENGINE_ctrl_cmd_string",
-        "ENGINE_new",
         "ENGINE_free",
-        "ENGINE_up_ref",
-        "ENGINE_set_id",
-        "ENGINE_set_name",
-        "ENGINE_set_RAND",
-        "ENGINE_set_destroy_function",
-        "ENGINE_set_init_function",
-        "ENGINE_set_finish_function",
-        "ENGINE_set_ctrl_function",
-        "ENGINE_get_id",
         "ENGINE_get_name",
-        "ENGINE_get_RAND",
-        "ENGINE_add_conf_module",
-        "ENGINE_load_openssl",
         "ENGINE_load_dynamic",
-        "ENGINE_cleanup",
-        "ENGINE_METHOD_RAND",
         "ENGINE_R_CONFLICTING_ENGINE_ID",
         "Cryptography_add_osrandom_engine",
     ]

diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
@@ -297,6 +297,25 @@ def test_activate_osrandom_already_default(self):
         assert res == 1
 
 
+@pytest.mark.skipif(
+    backend._lib.Cryptography_HAS_ENGINE == 1,
+    reason="Requires OpenSSL without ENGINE support")
+class TestOpenSSLNoEngine(object):
+    def test_no_engine_support(self):
+        assert backend._ffi.string(
+            backend._lib.Cryptography_osrandom_engine_id
+        ) == b"no-engine-support"
+        assert backend._ffi.string(
+            backend._lib.Cryptography_osrandom_engine_name
+        ) == b"osrandom_engine disabled due to no engine support"
+
+    def test_activate_builtin_random_does_nothing(self):
+        backend.activate_builtin_random()
+
+    def test_activate_osrandom_does_nothing(self):
+        backend.activate_osrandom_engine()
+
+
 class TestOpenSSLRSA(object):
     def test_generate_rsa_parameters_supported(self):
         assert backend.generate_rsa_parameters_supported(1, 1024) is False