openvpn: remove OpenSSL engine support #4896

2026-03-13 08:09:42 +00:00 · 2021-04-06 10:02:52 +02:00 · 2021-04-06 10:02:52 +02:00 · d3063a2017
commit d3063a2017
parent 90a4199e28
5 changed files with 6 additions and 119 deletions
--- a/src/etc/inc/plugins.inc.d/openvpn.inc
+++ b/src/etc/inc/plugins.inc.d/openvpn.inc
@ -297,56 +297,6 @@ function openvpn_get_digestlist()
    return $digests;
 }

-function openvpn_get_engines()
-{
-    $openssl_engines = array('none' => 'No Hardware Crypto Acceleration');
-    exec('/usr/local/bin/openssl engine -t -c 2> /dev/null', $openssl_engine_output);
-
-    if (!count($openssl_engine_output)) {
-        /* LibreSSL doesn't offer anything of value */
-        return $openssl_engines;
-    }
-
-    $openssl_engine_output = implode("\n", $openssl_engine_output);
-    $openssl_engine_output = preg_replace("/\\n\\s+/", "|", $openssl_engine_output);
-    $openssl_engine_output = explode("\n", $openssl_engine_output);
-
-    foreach ($openssl_engine_output as $oeo) {
-        $keep = true;
-        $details = explode("|", $oeo);
-        $engine = array_shift($details);
-        $linematch = array();
-        preg_match("/\((.*)\)\s(.*)/", $engine, $linematch);
-        foreach ($details as $dt) {
-            if (strpos($dt, "unavailable") !== false) {
-                $keep = false;
-            }
-            if (strpos($dt, "available") !== false) {
-                continue;
-            }
-            if (strpos($dt, "[") !== false) {
-                $ciphers = trim($dt, "[]");
-            }
-        }
-        if (!empty($ciphers)) {
-            $ciphers = " - " . $ciphers;
-        }
-        if (strlen($ciphers) > 60) {
-            $ciphers = substr($ciphers, 0, 60) . " ... ";
-        }
-        if ($keep) {
-            $openssl_engines[$linematch[1]] = $linematch[2] . $ciphers;
-        }
-    }
-    return $openssl_engines;
-}
-
-function openvpn_validate_engine($engine)
-{
-    $engines = openvpn_get_engines();
-    return array_key_exists($engine, $engines);
-}
-
 function openvpn_validate_port($value, $name)
 {
    $value = trim($value);
@ -602,10 +552,6 @@ function openvpn_reconfigure($mode, $settings, $device_only = false)
        $conf .= "multihome\n";
    }

-    if (openvpn_validate_engine($settings['engine']) && ($settings['engine'] != "none")) {
-        $conf .= "engine {$settings['engine']}\n";
-    }
-
    // server specific settings
    if ($mode == 'server') {
        list($ip, $cidr) = explode('/', $settings['tunnel_network']);
--- a/src/etc/inc/plugins.inc.d/openvpn/wizard.inc
+++ b/src/etc/inc/plugins.inc.d/openvpn/wizard.inc
@ -414,14 +414,6 @@ function step10_stepbeforeformdisplay()
                $opt['value'] = $name;
                $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
            }
-        } elseif ($field['name'] == "engine") {
-            $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
-            foreach (openvpn_get_engines() as $name => $desc) {
-                $opt = array();
-                $opt['name'] = $desc;
-                $opt['value'] = $name;
-                $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'][] = $opt;
-            }
        } elseif ($field['name'] == "nbttype") {
            $pkg['step'][$stepid]['fields']['field'][$idx]['options']['option'] = array();
            foreach ($netbios_nodetypes as $type => $name) {
@ -755,7 +747,6 @@ function step12_submitphpaction()
    }
    $server['crypto'] = $pconfig['step10']['crypto'];
    $server['digest'] = $pconfig['step10']['digest'];
-    $server['engine'] = $pconfig['step10']['engine'];

    if (isset($pconfig['step11']['ovpnrule'])) {
        $rule = array();
--- a/src/wizard/openvpn.xml
+++ b/src/wizard/openvpn.xml
@ -695,19 +695,6 @@
                <value>SHA1</value>
                <description>The method used to authenticate traffic between endpoints. This setting must match on the client and server side, but is otherwise set however you like.</description>
            </field>
-            <field>
-                <name>engine</name>
-                <type>select</type>
-                <displayname>Hardware Crypto</displayname>
-                <bindstofield>wizardtemp->step10->engine</bindstofield>
-                <options>
-                    <option>
-                        <name>dummy</name>
-                        <value>dummy</value>
-                    </option>
-                </options>
-                <description>The hardware cryptographic accelerator to use for this VPN connection, if any.</description>
-            </field>
            <field>
                <type>listtopic</type>
                <name>Tunnel Settings</name>
--- a/src/www/vpn_openvpn_client.php
+++ b/src/www/vpn_openvpn_client.php
@ -61,7 +61,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        $copy_fields = "auth_user,auth_pass,disable,mode,protocol,interface
            ,local_port,server_addr,server_port,resolve_retry,remote_random,reneg-sec
            ,proxy_addr,proxy_port,proxy_user,proxy_passwd,proxy_authtype,description
-            ,custom_options,ns_cert_type,dev_mode,caref,certref,crypto,digest,engine
+            ,custom_options,ns_cert_type,dev_mode,caref,certref,crypto,digest
            ,tunnel_network,tunnel_networkv6,remote_network,remote_networkv6,use_shaper
            ,compression,passtos,no_tun_ipv6,route_no_pull,route_no_exec,verbosity_level";

@ -102,7 +102,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        $init_fields = "auth_user,auth_pass,disable,mode,protocol,interface
            ,local_port,server_addr,server_port,resolve_retry,remote_random,reneg-sec
            ,proxy_addr,proxy_port,proxy_user,proxy_passwd,proxy_authtype,description
-            ,custom_options,ns_cert_type,dev_mode,caref,certref,crypto,digest,engine
+            ,custom_options,ns_cert_type,dev_mode,caref,certref,crypto,digest
            ,tunnel_network,tunnel_networkv6,remote_network,remote_networkv6,use_shaper
            ,compression,passtos,no_tun_ipv6,route_no_pull,route_no_exec,verbosity_level";

@ -305,7 +305,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
            $copy_fields = "auth_user,auth_pass,protocol,dev_mode,local_port,reneg-sec
                ,server_addr,server_port,resolve_retry,proxy_addr,proxy_port,remote_random
                ,proxy_authtype,proxy_user,proxy_passwd,description,mode,crypto,digest
-                ,engine,tunnel_network,tunnel_networkv6,remote_network,remote_networkv6
+                ,tunnel_network,tunnel_networkv6,remote_network,remote_networkv6
                ,use_shaper,compression,passtos,no_tun_ipv6,route_no_pull,route_no_exec
                ,verbosity_level,interface";

@ -933,23 +933,6 @@ $( document ).ready(function() {
              </div>
            </td>
          </tr>
-          <tr id="engine">
-            <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Hardware Crypto"); ?></td>
-            <td>
-              <select name="engine" class="form-control">
-<?php
-              $engines = openvpn_get_engines();
-              foreach ($engines as $name => $desc) :
-                  $selected = "";
-                  if ($name == $pconfig['engine']) {
-                      $selected = " selected=\"selected\"";
-                  }?>
-                <option value="<?=$name;?>"<?=$selected?>><?=htmlspecialchars($desc);?></option>
-<?php
-              endforeach; ?>
-              </select>
-            </td>
-          </tr>
         </table>
        </div>
       </div>
--- a/src/www/vpn_openvpn_server.php
+++ b/src/www/vpn_openvpn_server.php
@ -59,7 +59,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {

        // 1 on 1 copy of config attributes
        $copy_fields = "mode,protocol,authmode,dev_mode,interface,local_port
-            ,description,custom_options,crypto,engine,tunnel_network
+            ,description,custom_options,crypto,tunnel_network
            ,tunnel_networkv6,remote_network,remote_networkv6,gwredir,local_network
            ,local_networkv6,maxclients,compression,passtos,client2client
            ,dynamic_ip,pool_enable,topology_subnet,serverbridge_dhcp
@ -107,7 +107,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        $pconfig['cert_depth'] = 1;
        // init all fields used in the form
        $init_fields = "mode,protocol,authmode,dev_mode,interface,local_port
-            ,description,custom_options,crypto,engine,tunnel_network
+            ,description,custom_options,crypto,tunnel_network
            ,tunnel_networkv6,remote_network,remote_networkv6,gwredir,local_network
            ,local_networkv6,maxclients,compression,passtos,client2client
            ,dynamic_ip,pool_enable,topology_subnet,serverbridge_dhcp
@ -350,7 +350,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                openvpn_delete('server', $a_server[$id]);
            }
            // 1 on 1 copy of config attributes
-            $copy_fields = "mode,protocol,dev_mode,local_port,description,crypto,digest,engine
+            $copy_fields = "mode,protocol,dev_mode,local_port,description,crypto,digest
                ,tunnel_network,tunnel_networkv6,remote_network,remote_networkv6
                ,gwredir,local_network,local_networkv6,maxclients,compression
                ,passtos,client2client,dynamic_ip,pool_enable,topology_subnet,local_group
@ -997,26 +997,6 @@ endif; ?>
                        </div>
                      </td>
                    </tr>
-                    <tr id="engine">
-                      <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Hardware Crypto"); ?></td>
-                      <td>
-                        <select name="engine" class="selectpicker" data-size="5" data-live-search="true">
-<?php
-                        $engines = openvpn_get_engines();
-                        foreach ($engines as $name => $desc) :
-                            $selected = "";
-                            if ($name == $pconfig['engine']) {
-                                $selected = " selected=\"selected\"";
-                            }
-                        ?>
-                          <option value="<?=$name;?>"<?=$selected?>>
-                            <?=htmlspecialchars($desc);?>
-                          </option>
-<?php
-                        endforeach; ?>
-                        </select>
-                      </td>
-                    </tr>
                    <tr class="opt_mode opt_mode_p2p_tls opt_mode_server_tls opt_mode_server_user opt_mode_server_tls_user">
                      <td style="width:22%"><a id="help_for_cert_depth" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Certificate Depth"); ?></td>
                      <td>