summaryrefslogtreecommitdiffstats
path: root/engines
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2019-03-01 13:18:11 +0100
committerRichard Levitte <levitte@openssl.org>2019-03-05 08:46:51 +0100
commit469ce8ff48ef06b2e508d0c06a42ec86379b0032 (patch)
treeac10082555d063cfaaf2ac5f6c3abde8c7fe635a /engines
parentopenssl_strerror_r: Fix handling of GNU strerror_r (diff)
downloadopenssl-469ce8ff48ef06b2e508d0c06a42ec86379b0032.tar.xz
openssl-469ce8ff48ef06b2e508d0c06a42ec86379b0032.zip
Deprecate the "hw" configuration options, make "padlockeng" disablable
The "hw" and "hw-.*" style options are historical artifacts, sprung from the time when ENGINE was first designed, with hardware crypto accelerators and HSMs in mind. Today, these options have largely lost their value, replaced by options such as "no-{foo}eng" and "no-engine". This completes the transition by making "hw" and "hw-.*" deprecated, but automatically translated into more modern variants of the same. In the process, we get rid of the last regular expression in Configure's @disablables, a feature that was ill supported anyway. Also, padlock now gets treated just as every other engine. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8380)
Diffstat (limited to 'engines')
-rw-r--r--engines/build.info30
-rw-r--r--engines/e_padlock.c103
2 files changed, 66 insertions, 67 deletions
diff --git a/engines/build.info b/engines/build.info
index cf00a978cd..e5001c452c 100644
--- a/engines/build.info
+++ b/engines/build.info
@@ -1,9 +1,10 @@
IF[{- !$disabled{"engine"} -}]
-
IF[{- $disabled{"dynamic-engine"} -}]
LIBS=../libcrypto
- SOURCE[../libcrypto]=\
- e_padlock.c {- $target{padlock_asm_src} -}
+ IF[{- !$disabled{padlockeng} -}]
+ SOURCE[../libcrypto]=\
+ e_padlock.c {- $target{padlock_asm_src} -}
+ ENDIF
IF[{- !$disabled{capieng} -}]
SOURCE[../libcrypto]=e_capi.c
ENDIF
@@ -14,13 +15,18 @@ IF[{- !$disabled{"engine"} -}]
SOURCE[../libcrypto]=e_devcrypto.c
ENDIF
ELSE
- MODULES{engine}=padlock
- SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -}
- DEPEND[padlock]=../libcrypto
- INCLUDE[padlock]=../include
- IF[{- defined $target{shared_defflag} -}]
- SHARED_SOURCE[padlock]=padlock.ld
- GENERATE[padlock.ld]=../util/engines.num
+ IF[{- !$disabled{padlockeng} -}]
+ MODULES{engine}=padlock
+ SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -}
+ DEPEND[padlock]=../libcrypto
+ INCLUDE[padlock]=../include
+ GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl \
+ $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+ GENERATE[e_padlock-x86_64.s]=asm/e_padlock-x86_64.pl $(PERLASM_SCHEME)
+ IF[{- defined $target{shared_defflag} -}]
+ SHARED_SOURCE[padlock]=padlock.ld
+ GENERATE[padlock.ld]=../util/engines.num
+ ENDIF
ENDIF
IF[{- !$disabled{capieng} -}]
MODULES{engine}=capi
@@ -69,8 +75,4 @@ IF[{- !$disabled{"engine"} -}]
GENERATE[ossltest.ld]=../util/engines.num
ENDIF
ENDIF
-
- GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl \
- $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
- GENERATE[e_padlock-x86_64.s]=asm/e_padlock-x86_64.pl $(PERLASM_SCHEME)
ENDIF
diff --git a/engines/e_padlock.c b/engines/e_padlock.c
index 10b5a05ce8..78e9c79521 100644
--- a/engines/e_padlock.c
+++ b/engines/e_padlock.c
@@ -19,40 +19,39 @@
#include <openssl/err.h>
#include <openssl/modes.h>
-#ifndef OPENSSL_NO_HW
-# ifndef OPENSSL_NO_HW_PADLOCK
+#ifndef OPENSSL_NO_PADLOCKENG
/*
* VIA PadLock AES is available *ONLY* on some x86 CPUs. Not only that it
* doesn't exist elsewhere, but it even can't be compiled on other platforms!
*/
-# undef COMPILE_HW_PADLOCK
-# if defined(PADLOCK_ASM)
-# define COMPILE_HW_PADLOCK
-# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+# undef COMPILE_PADLOCKENG
+# if defined(PADLOCK_ASM)
+# define COMPILE_PADLOCKENG
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
static ENGINE *ENGINE_padlock(void);
-# endif
# endif
+# endif
-# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
void engine_load_padlock_int(void);
void engine_load_padlock_int(void)
{
/* On non-x86 CPUs it just returns. */
-# ifdef COMPILE_HW_PADLOCK
+# ifdef COMPILE_PADLOCKENG
ENGINE *toadd = ENGINE_padlock();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
-# endif
+# endif
}
-# endif
+# endif
-# ifdef COMPILE_HW_PADLOCK
+# ifdef COMPILE_PADLOCKENG
/* Function for ENGINE detection and control */
static int padlock_available(void);
@@ -106,7 +105,7 @@ static int padlock_bind_helper(ENGINE *e)
return 1;
}
-# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
/* Constructor */
static ENGINE *ENGINE_padlock(void)
{
@@ -123,7 +122,7 @@ static ENGINE *ENGINE_padlock(void)
return eng;
}
-# endif
+# endif
/* Check availability of the engine */
static int padlock_init(ENGINE *e)
@@ -135,7 +134,7 @@ static int padlock_init(ENGINE *e)
* This stuff is needed if this ENGINE is being compiled into a
* self-contained shared-library.
*/
-# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int padlock_bind_fn(ENGINE *e, const char *id)
{
if (id && (strcmp(id, padlock_id) != 0)) {
@@ -151,14 +150,14 @@ static int padlock_bind_fn(ENGINE *e, const char *id)
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn)
-# endif /* !OPENSSL_NO_DYNAMIC_ENGINE */
+# endif /* !OPENSSL_NO_DYNAMIC_ENGINE */
/* ===== Here comes the "real" engine ===== */
/* Some AES-related constants */
-# define AES_BLOCK_SIZE 16
-# define AES_KEY_SIZE_128 16
-# define AES_KEY_SIZE_192 24
-# define AES_KEY_SIZE_256 32
+# define AES_BLOCK_SIZE 16
+# define AES_KEY_SIZE_128 16
+# define AES_KEY_SIZE_192 24
+# define AES_KEY_SIZE_256 32
/*
* Here we store the status information relevant to the current context.
*/
@@ -224,29 +223,29 @@ static int padlock_available(void)
/* ===== AES encryption/decryption ===== */
-# if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
-# define NID_aes_128_cfb NID_aes_128_cfb128
-# endif
+# if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
+# define NID_aes_128_cfb NID_aes_128_cfb128
+# endif
-# if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
-# define NID_aes_128_ofb NID_aes_128_ofb128
-# endif
+# if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
+# define NID_aes_128_ofb NID_aes_128_ofb128
+# endif
-# if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
-# define NID_aes_192_cfb NID_aes_192_cfb128
-# endif
+# if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
+# define NID_aes_192_cfb NID_aes_192_cfb128
+# endif
-# if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
-# define NID_aes_192_ofb NID_aes_192_ofb128
-# endif
+# if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
+# define NID_aes_192_ofb NID_aes_192_ofb128
+# endif
-# if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
-# define NID_aes_256_cfb NID_aes_256_cfb128
-# endif
+# if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
+# define NID_aes_256_cfb NID_aes_256_cfb128
+# endif
-# if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
-# define NID_aes_256_ofb NID_aes_256_ofb128
-# endif
+# if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
+# define NID_aes_256_ofb NID_aes_256_ofb128
+# endif
/* List of supported ciphers. */
static const int padlock_cipher_nids[] = {
@@ -276,9 +275,9 @@ static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) /
static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
-# define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \
+# define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \
( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) )
-# define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
+# define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
NEAREST_ALIGNED(EVP_CIPHER_CTX_get_cipher_data(ctx)))
static int
@@ -453,17 +452,17 @@ padlock_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
return 1;
}
-# define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
-# define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
-# define EVP_CIPHER_block_size_OFB 1
-# define EVP_CIPHER_block_size_CFB 1
-# define EVP_CIPHER_block_size_CTR 1
+# define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
+# define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
+# define EVP_CIPHER_block_size_OFB 1
+# define EVP_CIPHER_block_size_CFB 1
+# define EVP_CIPHER_block_size_CTR 1
/*
* Declaring so many ciphers by hand would be a pain. Instead introduce a bit
* of preprocessor magic :-)
*/
-# define DECLARE_AES_EVP(ksize,lmode,umode) \
+# define DECLARE_AES_EVP(ksize,lmode,umode) \
static EVP_CIPHER *_hidden_aes_##ksize##_##lmode = NULL; \
static const EVP_CIPHER *padlock_aes_##ksize##_##lmode(void) \
{ \
@@ -626,12 +625,12 @@ padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
AES_set_decrypt_key(key, key_len, &cdata->ks);
else
AES_set_encrypt_key(key, key_len, &cdata->ks);
-# ifndef AES_ASM
+# ifndef AES_ASM
/*
* OpenSSL C functions use byte-swapped extended key.
*/
padlock_key_bswap(&cdata->ks);
-# endif
+# endif
cdata->cword.b.keygen = 1;
break;
@@ -714,12 +713,10 @@ static RAND_METHOD padlock_rand = {
padlock_rand_status, /* rand status */
};
-# endif /* COMPILE_HW_PADLOCK */
-# endif /* !OPENSSL_NO_HW_PADLOCK */
-#endif /* !OPENSSL_NO_HW */
+# endif /* COMPILE_PADLOCKENG */
+#endif /* !OPENSSL_NO_PADLOCKENG */
-#if defined(OPENSSL_NO_HW) || defined(OPENSSL_NO_HW_PADLOCK) \
- || !defined(COMPILE_HW_PADLOCK)
+#if defined(OPENSSL_NO_PADLOCKENG) || !defined(COMPILE_PADLOCKENG)
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
OPENSSL_EXPORT
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);