support NO_ENGINE (#4763)

* support OPENSSL_NO_ENGINE

* support some new openssl config args

* sigh

5 files changed, 122 insertions, 11 deletions

diff --git a/src/_cffi_src/openssl/engine.py b/src/_cffi_src/openssl/engine.py
index c255bbbc..8996f0c8 100644
--- a/src/_cffi_src/openssl/engine.py
+++ b/src/_cffi_src/openssl/engine.py
@@ -27,6 +27,7 @@ typedef ... UI_METHOD;
 static const unsigned int ENGINE_METHOD_RAND;
 
 static const int ENGINE_R_CONFLICTING_ENGINE_ID;
+static const long Cryptography_HAS_ENGINE;
 """
 
 FUNCTIONS = """
@@ -69,4 +70,71 @@ void ENGINE_cleanup(void);
 """
 
 CUSTOMIZATIONS = """
+#ifdef OPENSSL_NO_ENGINE
+static const long Cryptography_HAS_ENGINE = 0;
+typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
+typedef void *ENGINE_CTRL_FUNC_PTR;
+typedef void *ENGINE_LOAD_KEY_PTR;
+typedef void *ENGINE_CIPHERS_PTR;
+typedef void *ENGINE_DIGESTS_PTR;
+typedef struct ENGINE_CMD_DEFN_st {
+    unsigned int cmd_num;
+    const char *cmd_name;
+    const char *cmd_desc;
+    unsigned int cmd_flags;
+} ENGINE_CMD_DEFN;
+
+/* This section is so osrandom_engine.c can successfully compile even
+   when engine support is disabled */
+#define ENGINE_CMD_BASE 0
+#define ENGINE_CMD_FLAG_NO_INPUT 0
+#define ENGINE_F_ENGINE_CTRL 0
+#define ENGINE_R_INVALID_ARGUMENT 0
+#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 0
+int (*ENGINE_set_cmd_defns)(ENGINE *, const ENGINE_CMD_DEFN *) = NULL;
+
+static const unsigned int ENGINE_METHOD_RAND = 0;
+static const int ENGINE_R_CONFLICTING_ENGINE_ID = 0;
+
+ENGINE *(*ENGINE_get_first)(void) = NULL;
+ENGINE *(*ENGINE_get_last)(void) = NULL;
+int (*ENGINE_add)(ENGINE *) = NULL;
+int (*ENGINE_remove)(ENGINE *) = NULL;
+ENGINE *(*ENGINE_by_id)(const char *) = NULL;
+int (*ENGINE_init)(ENGINE *) = NULL;
+int (*ENGINE_finish)(ENGINE *) = NULL;
+void (*ENGINE_load_builtin_engines)(void) = NULL;
+ENGINE *(*ENGINE_get_default_RAND)(void) = NULL;
+int (*ENGINE_set_default_RAND)(ENGINE *) = NULL;
+int (*ENGINE_register_RAND)(ENGINE *) = NULL;
+void (*ENGINE_unregister_RAND)(ENGINE *) = NULL;
+void (*ENGINE_register_all_RAND)(void) = NULL;
+int (*ENGINE_ctrl)(ENGINE *, int, long, void *, void (*)(void)) = NULL;
+int (*ENGINE_ctrl_cmd)(ENGINE *, const char *, long, void *,
+                       void (*)(void), int) = NULL;
+int (*ENGINE_ctrl_cmd_string)(ENGINE *, const char *, const char *,
+                              int) = NULL;
+
+ENGINE *(*ENGINE_new)(void) = NULL;
+int (*ENGINE_free)(ENGINE *) = NULL;
+int (*ENGINE_up_ref)(ENGINE *) = NULL;
+int (*ENGINE_set_id)(ENGINE *, const char *) = NULL;
+int (*ENGINE_set_name)(ENGINE *, const char *) = NULL;
+int (*ENGINE_set_RAND)(ENGINE *, const RAND_METHOD *) = NULL;
+int (*ENGINE_set_destroy_function)(ENGINE *, ENGINE_GEN_INT_FUNC_PTR) = NULL;
+int (*ENGINE_set_init_function)(ENGINE *, ENGINE_GEN_INT_FUNC_PTR) = NULL;
+int (*ENGINE_set_finish_function)(ENGINE *, ENGINE_GEN_INT_FUNC_PTR) = NULL;
+int (*ENGINE_set_ctrl_function)(ENGINE *, ENGINE_CTRL_FUNC_PTR) = NULL;
+const char *(*ENGINE_get_id)(const ENGINE *) = NULL;
+const char *(*ENGINE_get_name)(const ENGINE *) = NULL;
+const RAND_METHOD *(*ENGINE_get_RAND)(const ENGINE *) = NULL;
+
+void (*ENGINE_add_conf_module)(void) = NULL;
+/* these became macros in 1.1.0 */
+void (*ENGINE_load_openssl)(void) = NULL;
+void (*ENGINE_load_dynamic)(void) = NULL;
+void (*ENGINE_cleanup)(void) = NULL;
+#else
+static const long Cryptography_HAS_ENGINE = 1;
+#endif
 """
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
index 2218095c..92fd1e3e 100644
--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
@@ -334,7 +334,6 @@ int SSL_SESSION_print(BIO *, const SSL_SESSION *);
 const COMP_METHOD *SSL_get_current_compression(SSL *);
 const COMP_METHOD *SSL_get_current_expansion(SSL *);
 const char *SSL_COMP_get_name(const COMP_METHOD *);
-int SSL_CTX_set_client_cert_engine(SSL_CTX *, ENGINE *);
 
 unsigned long SSL_set_mode(SSL *, unsigned long);
 unsigned long SSL_get_mode(SSL *);
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 73491726..d7bba224 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -150,14 +150,15 @@ class Backend(object):
             self.openssl_assert(res == 1)
 
     def activate_osrandom_engine(self):
-        # Unregister and free the current engine.
-        self.activate_builtin_random()
-        with self._get_osurandom_engine() as e:
-            # Set the engine as the default RAND provider.
-            res = self._lib.ENGINE_set_default_RAND(e)
-            self.openssl_assert(res == 1)
-        # Reset the RNG to use the new engine.
-        self._lib.RAND_cleanup()
+        if self._lib.Cryptography_HAS_ENGINE:
+            # Unregister and free the current engine.
+            self.activate_builtin_random()
+            with self._get_osurandom_engine() as e:
+                # Set the engine as the default RAND provider.
+                res = self._lib.ENGINE_set_default_RAND(e)
+                self.openssl_assert(res == 1)
+            # Reset the RNG to use the new engine.
+            self._lib.RAND_cleanup()
 
     def osrandom_engine_implementation(self):
         buf = self._ffi.new("char[]", 64)
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
index c0238dcc..3fecfe59 100644
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -341,6 +341,47 @@ def cryptography_has_evp_r_memory_limit_exceeded():
     ]
 
 
+def cryptography_has_engine():
+    return [
+        "ENGINE_get_first",
+        "ENGINE_get_last",
+        "ENGINE_add",
+        "ENGINE_remove",
+        "ENGINE_by_id",
+        "ENGINE_init",
+        "ENGINE_finish",
+        "ENGINE_load_builtin_engines",
+        "ENGINE_get_default_RAND",
+        "ENGINE_set_default_RAND",
+        "ENGINE_register_RAND",
+        "ENGINE_unregister_RAND",
+        "ENGINE_register_all_RAND",
+        "ENGINE_ctrl",
+        "ENGINE_ctrl_cmd",
+        "ENGINE_ctrl_cmd_string",
+        "ENGINE_new",
+        "ENGINE_free",
+        "ENGINE_up_ref",
+        "ENGINE_set_id",
+        "ENGINE_set_name",
+        "ENGINE_set_RAND",
+        "ENGINE_set_destroy_function",
+        "ENGINE_set_init_function",
+        "ENGINE_set_finish_function",
+        "ENGINE_set_ctrl_function",
+        "ENGINE_get_id",
+        "ENGINE_get_name",
+        "ENGINE_get_RAND",
+        "ENGINE_add_conf_module",
+        "ENGINE_load_openssl",
+        "ENGINE_load_dynamic",
+        "ENGINE_cleanup",
+        "ENGINE_METHOD_RAND",
+        "ENGINE_R_CONFLICTING_ENGINE_ID",
+        "Cryptography_add_osrandom_engine",
+    ]
+
+
 # This is a mapping of
 # {condition: function-returning-names-dependent-on-that-condition} so we can
 # loop over them and delete unsupported names at runtime. It will be removed
@@ -412,4 +453,5 @@ CONDITIONAL_NAMES = {
     "Cryptography_HAS_EVP_R_MEMORY_LIMIT_EXCEEDED": (
         cryptography_has_evp_r_memory_limit_exceeded
     ),
+    "Cryptography_HAS_ENGINE": cryptography_has_engine,
 }
diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index c937afd4..ca4e33fa 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -115,8 +115,9 @@ class Binding(object):
         # reliably clear the error queue. Once we clear it here we will
         # error on any subsequent unexpected item in the stack.
         cls.lib.ERR_clear_error()
-        result = cls.lib.Cryptography_add_osrandom_engine()
-        _openssl_assert(cls.lib, result in (1, 2))
+        if cls.lib.Cryptography_HAS_ENGINE:
+            result = cls.lib.Cryptography_add_osrandom_engine()
+            _openssl_assert(cls.lib, result in (1, 2))
 
     @classmethod
     def _ensure_ffi_initialized(cls):