Merge pull request ceph#62474 from tchaikov/openssl-engine

common: disable OpenSSL engine support if it is disabled

Reviewed-by: Adam Emerson <[email protected]>
Reviewed-by: Casey Bodley <[email protected]>

Author: tchaikov

cmake/modules/CephChecks.cmake

@@ -55,6 +55,11 @@ if(LINUX)
   CHECK_INCLUDE_FILES("sched.h" HAVE_SCHED)
 endif()
 CHECK_INCLUDE_FILES("valgrind/helgrind.h" HAVE_VALGRIND_HELGRIND_H)
+CHECK_INCLUDE_FILES("openssl/engine.h" HAVE_OPENSSL_ENGINE_H)
+option(WITH_OPENSSL_ENGINE "Build with OpenSSL Engine Support")
+if(WITH_OPENSSL_ENGINE AND NOT HAVE_OPENSSL_ENGINE)
+  message(FATAL_ERROR "Can't find openssl/engine.h")
+endif()
 
 include(CheckTypeSize)
 set(CMAKE_EXTRA_INCLUDE_FILES "linux/types.h" "netinet/in.h")

src/common/openssl_opts_handler.cc

@@ -16,7 +16,9 @@
 
 #include <openssl/bio.h>
 #include <openssl/conf.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
 #include <mutex>
 #include <vector>
 #include <algorithm>
@@ -40,6 +42,9 @@ static ostream &_prefix(std::ostream *_dout)
 {
   return *_dout << "OpenSSLOptsHandler: ";
 }
+
+#ifndef OPENSSL_NO_ENGINE
+
 // -----------------------------------------------------------------------------
 
 string construct_engine_conf(const string &opts)
@@ -128,15 +133,20 @@ void load_module(const string &engine_conf)
     log_error("failed to load modules from CONF:\n" + get_openssl_error());
   }
 }
+#endif // !OPENSSL_NO_ENGINE
 
 void init_engine()
 {
   string opts = g_ceph_context->_conf->openssl_engine_opts;
   if (opts.empty()) {
     return;
   }
+#ifdef OPENSSL_NO_ENGINE
+  derr << "OpenSSL is compiled with no engine, but openssl_engine_opts is set" << dendl;
+#else
   string engine_conf = construct_engine_conf(opts);
   load_module(engine_conf);
+#endif
 }
 
 void ceph::crypto::init_openssl_engine_once()