replace OPENSSL_NO_ENGINE with dedicated feature support

aws · Nov 8, 2024 · 8410c6d · 8410c6d
1 parent 7f9c395
commit 8410c6d
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 7 deletions.
diff --git a/tests/features/S2N_LIBCRYPTO_SUPPORTS_ENGINE.c b/tests/features/S2N_LIBCRYPTO_SUPPORTS_ENGINE.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+#include <openssl/engine.h>
+
+int main()
+{
+#if OPENSSL_NO_ENGINE
+    engine not supported
+#else
+    /* Init */
+    ENGINE *e = ENGINE_new();
+    ENGINE_set_id(e, "id");
+    ENGINE_set_name(e, "name");
+    ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL);
+    ENGINE_set_init_function(e, NULL);
+    ENGINE_set_RAND(e, NULL);
+    ENGINE_add(e);
+    ENGINE_init(e);
+    ENGINE_set_default(e, ENGINE_METHOD_RAND);
+
+    /* Cleanup */
+    ENGINE_remove(e);
+    ENGINE_finish(e);
+    ENGINE_unregister_RAND(e);
+    ENGINE_free(e);
+    ENGINE_cleanup();
+    RAND_set_rand_engine(NULL);
+    RAND_set_rand_method(NULL);
+
+    return 0;
+#endif
+}
diff --git a/tests/features/S2N_LIBCRYPTO_SUPPORTS_ENGINE.flags b/tests/features/S2N_LIBCRYPTO_SUPPORTS_ENGINE.flags
diff --git a/tests/unit/s2n_override_openssl_random_test.c b/tests/unit/s2n_override_openssl_random_test.c
@@ -14,7 +14,9 @@
  */
 
 #include <openssl/dh.h>
-#include <openssl/engine.h>
+#if S2N_LIBCRYPTO_SUPPORTS_ENGINE
+    #include <openssl/engine.h>
+#endif
 
 #include "api/s2n.h"
 #include "crypto/s2n_dhe.h"
@@ -26,7 +28,7 @@
 #include "utils/s2n_random.h"
 #include "utils/s2n_safety.h"
 
-#if !OPENSSL_NO_ENGINE
+#if S2N_LIBCRYPTO_SUPPORTS_ENGINE
 const char reference_entropy_hex[] = "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
                                      "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
                                      "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
@@ -138,4 +140,13 @@ int main(int argc, char **argv)
     END_TEST();
 }
 
+#else
+
+int main(int argc, char **argv)
+{
+    BEGIN_TEST();
+
+    END_TEST();
+}
+
 #endif
diff --git a/tests/unit/s2n_random_test.c b/tests/unit/s2n_random_test.c
@@ -794,7 +794,7 @@ static int s2n_random_rand_bytes_after_cleanup_cb(struct random_test_case *test_
 
 static int s2n_random_rand_bytes_before_init(struct random_test_case *test_case)
 {
-#if !OPENSSL_NO_ENGINE
+#if S2N_LIBCRYPTO_SUPPORTS_ENGINE
     if (!s2n_libcrypto_is_boringssl() && !s2n_libcrypto_is_libressl() && !s2n_libcrypto_is_awslc() && !s2n_libcrypto_is_fips()) {
         /* Calling RAND_bytes will set a global random method */
         unsigned char rndbytes[16] = { 0 };

diff --git a/utils/s2n_random.c b/utils/s2n_random.c
@@ -47,7 +47,9 @@
 #endif
 #include <errno.h>
 #include <limits.h>
-#include <openssl/engine.h>
+#if S2N_LIBCRYPTO_SUPPORTS_ENGINE
+    #include <openssl/engine.h>
+#endif
 #include <openssl/rand.h>
 #include <pthread.h>
 #include <stdint.h>
@@ -494,7 +496,7 @@ S2N_RESULT s2n_public_random(int64_t bound, uint64_t *output)
     }
 }
 
-#if !OPENSSL_NO_ENGINE
+#if S2N_LIBCRYPTO_SUPPORTS_ENGINE
 
 int s2n_openssl_compat_rand(unsigned char *buf, int num)
 {
@@ -549,7 +551,7 @@ S2N_RESULT s2n_rand_init(void)
     RESULT_GUARD(s2n_ensure_initialized_drbgs());
 
     if (!s2n_libcrypto_is_boringssl() && !s2n_libcrypto_is_libressl() && !s2n_libcrypto_is_awslc() && !s2n_libcrypto_is_fips()) {
-#if !OPENSSL_NO_ENGINE
+#if S2N_LIBCRYPTO_SUPPORTS_ENGINE
         /* Unset any existing random engine */
         RESULT_GUARD_OSSL(RAND_set_rand_engine(NULL), S2N_ERR_OPEN_RANDOM);
 
@@ -593,7 +595,7 @@ S2N_RESULT s2n_rand_cleanup(void)
 {
     RESULT_ENSURE(s2n_rand_cleanup_cb() >= S2N_SUCCESS, S2N_ERR_CANCELLED);
 
-#if !OPENSSL_NO_ENGINE
+#if S2N_LIBCRYPTO_SUPPORTS_ENGINE
     if (!s2n_libcrypto_is_boringssl() && !s2n_libcrypto_is_libressl() && !s2n_libcrypto_is_awslc() && !s2n_libcrypto_is_fips()) {
         /* Cleanup our rand ENGINE in libcrypto */
         ENGINE *rand_engine = ENGINE_by_id(s2n_rand_engine_id);