support NO_ENGINE (#4763)

* support OPENSSL_NO_ENGINE

* support some new openssl config args

* sigh

3 files changed, 54 insertions, 10 deletions

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 73491726b..d7bba2248 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -150,14 +150,15 @@ class Backend(object):
             self.openssl_assert(res == 1)
 
     def activate_osrandom_engine(self):
-        # Unregister and free the current engine.
-        self.activate_builtin_random()
-        with self._get_osurandom_engine() as e:
-            # Set the engine as the default RAND provider.
-            res = self._lib.ENGINE_set_default_RAND(e)
-            self.openssl_assert(res == 1)
-        # Reset the RNG to use the new engine.
-        self._lib.RAND_cleanup()
+        if self._lib.Cryptography_HAS_ENGINE:
+            # Unregister and free the current engine.
+            self.activate_builtin_random()
+            with self._get_osurandom_engine() as e:
+                # Set the engine as the default RAND provider.
+                res = self._lib.ENGINE_set_default_RAND(e)
+                self.openssl_assert(res == 1)
+            # Reset the RNG to use the new engine.
+            self._lib.RAND_cleanup()
 
     def osrandom_engine_implementation(self):
         buf = self._ffi.new("char[]", 64)
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
index c0238dcc2..3fecfe59d 100644
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -341,6 +341,47 @@ def cryptography_has_evp_r_memory_limit_exceeded():
     ]
 
 
+def cryptography_has_engine():
+    return [
+        "ENGINE_get_first",
+        "ENGINE_get_last",
+        "ENGINE_add",
+        "ENGINE_remove",
+        "ENGINE_by_id",
+        "ENGINE_init",
+        "ENGINE_finish",
+        "ENGINE_load_builtin_engines",
+        "ENGINE_get_default_RAND",
+        "ENGINE_set_default_RAND",
+        "ENGINE_register_RAND",
+        "ENGINE_unregister_RAND",
+        "ENGINE_register_all_RAND",
+        "ENGINE_ctrl",
+        "ENGINE_ctrl_cmd",
+        "ENGINE_ctrl_cmd_string",
+        "ENGINE_new",
+        "ENGINE_free",
+        "ENGINE_up_ref",
+        "ENGINE_set_id",
+        "ENGINE_set_name",
+        "ENGINE_set_RAND",
+        "ENGINE_set_destroy_function",
+        "ENGINE_set_init_function",
+        "ENGINE_set_finish_function",
+        "ENGINE_set_ctrl_function",
+        "ENGINE_get_id",
+        "ENGINE_get_name",
+        "ENGINE_get_RAND",
+        "ENGINE_add_conf_module",
+        "ENGINE_load_openssl",
+        "ENGINE_load_dynamic",
+        "ENGINE_cleanup",
+        "ENGINE_METHOD_RAND",
+        "ENGINE_R_CONFLICTING_ENGINE_ID",
+        "Cryptography_add_osrandom_engine",
+    ]
+
+
 # This is a mapping of
 # {condition: function-returning-names-dependent-on-that-condition} so we can
 # loop over them and delete unsupported names at runtime. It will be removed
@@ -412,4 +453,5 @@ CONDITIONAL_NAMES = {
     "Cryptography_HAS_EVP_R_MEMORY_LIMIT_EXCEEDED": (
         cryptography_has_evp_r_memory_limit_exceeded
     ),
+    "Cryptography_HAS_ENGINE": cryptography_has_engine,
 }
diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index c937afd43..ca4e33fa5 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -115,8 +115,9 @@ class Binding(object):
         # reliably clear the error queue. Once we clear it here we will
         # error on any subsequent unexpected item in the stack.
         cls.lib.ERR_clear_error()
-        result = cls.lib.Cryptography_add_osrandom_engine()
-        _openssl_assert(cls.lib, result in (1, 2))
+        if cls.lib.Cryptography_HAS_ENGINE:
+            result = cls.lib.Cryptography_add_osrandom_engine()
+            _openssl_assert(cls.lib, result in (1, 2))
 
     @classmethod
     def _ensure_ffi_initialized(cls):