Deprecate the "hw" configuration options, make "padlockeng" disablable (469ce8ff) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Configure

+17 −4

Original line number	Original line	Diff line number	Diff line
	@@ -374,7 +374,6 @@ my @disablables = (
	"fuzz-afl",		"fuzz-afl",
	"gost",		"gost",
	"heartbeats",		"heartbeats",
	"hw(-.+)?",
	"idea",		"idea",
	"makedepend",		"makedepend",
	"md2",		"md2",
	@@ -386,6 +385,7 @@ my @disablables = (
	"pinshared",		"pinshared",
	"ocb",		"ocb",
	"ocsp",		"ocsp",
			"padlockeng",
	"pic",		"pic",
	"poly1305",		"poly1305",
	"posix-io",		"posix-io",
	@@ -434,6 +434,8 @@ foreach my $proto ((@tls, @dtls))
	my %deprecated_disablables = (		my %deprecated_disablables = (
	"ssl2" => undef,		"ssl2" => undef,
	"buf-freelists" => undef,		"buf-freelists" => undef,
			"hw" => "hw", # causes cascade, but no macro
			"hw-padlock" => "padlockeng",
	"ripemd" => "rmd160",		"ripemd" => "rmd160",
	"ui" => "ui-console",		"ui" => "ui-console",
	);		);
	@@ -495,7 +497,9 @@ my @disable_cascades = (
	# Without position independent code, there can be no shared libraries or DSOs		# Without position independent code, there can be no shared libraries or DSOs
	"pic" => [ "shared" ],		"pic" => [ "shared" ],
	"shared" => [ "dynamic-engine" ],		"shared" => [ "dynamic-engine" ],
	"engine" => [ "afalgeng", "devcryptoeng" ],
			"engine" => [ grep /eng$/, @disablables ],
			"hw" => [ "padlockeng" ],

	# no-autoalginit is only useful when building non-shared		# no-autoalginit is only useful when building non-shared
	"autoalginit" => [ "shared", "apps" ],		"autoalginit" => [ "shared", "apps" ],
	@@ -674,8 +678,9 @@ while (@argvcopy)
	if (/^(no\|disable\|enable)-(.+)$/)		if (/^(no\|disable\|enable)-(.+)$/)
	{		{
	my $word = $2;		my $word = $2;
	if (!exists $deprecated_disablables{$word}		if ($word !~ m\|hw(?:-.+)\| # special treatment for hw regexp opt
	&& !grep { $word =~ /^${_}$/ } @disablables)		&& !exists $deprecated_disablables{$word}
			&& !grep { $word eq $_ } @disablables)
	{		{
	$unsupported_options{$_} = 1;		$unsupported_options{$_} = 1;
	next;		next;
	@@ -729,6 +734,10 @@ while (@argvcopy)
	$disabled{$deprecated_disablables{$1}} = "option";		$disabled{$deprecated_disablables{$1}} = "option";
	}		}
	}		}
			elsif ($1 =~ m\|hw(?:-.+)\|) # deprecate hw options in regexp form
			{
			$deprecated_options{$_} = 1;
			}
	else		else
	{		{
	$disabled{$1} = "option";		$disabled{$1} = "option";
	@@ -1193,6 +1202,10 @@ $config{build_file} = env('BUILDFILE') \|\| $target{build_file} \|\| "Makefile";
	my %skipdir = ();		my %skipdir = ();
	my %disabled_info = (); # For configdata.pm		my %disabled_info = (); # For configdata.pm
	foreach my $what (sort keys %disabled) {		foreach my $what (sort keys %disabled) {
			# There are deprecated disablables that translate to themselves.
			# They cause disabling cascades, but should otherwise not regiter.
			next if $deprecated_disablables{$what};

	$config{options} .= " no-$what";		$config{options} .= " no-$what";

	if (!grep { $what eq $_ } ( 'dso', 'threads', 'shared', 'pic',		if (!grep { $what eq $_ } ( 'dso', 'threads', 'shared', 'pic',

INSTALL

+5 −3

Original line number	Original line	Diff line number	Diff line
	@@ -396,9 +396,6 @@
	available if the GOST algorithms are also available through		available if the GOST algorithms are also available through
	loading an externally supplied engine.		loading an externally supplied engine.

	no-hw-padlock
	Don't build the padlock engine.

	no-makedepend		no-makedepend
	Don't generate dependencies.		Don't generate dependencies.

	@@ -413,6 +410,11 @@
	no-ocsp		no-ocsp
	Don't build support for OCSP.		Don't build support for OCSP.

			no-padlockeng
			no-hw-padlock
			Don't build the padlock engine.
			('no-hw-padlock' is deprecated and should not be used)

	no-pic		no-pic
	Don't build with support for Position Independent Code.		Don't build with support for Position Independent Code.

crypto/init.c

+2 −2

Original line number	Original line	Diff line number	Diff line
	@@ -389,7 +389,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
	return 1;		return 1;
	}		}
	# endif		# endif
	# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)		# if !defined(OPENSSL_NO_PADLOCKENG)
	static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;		static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
	DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)		DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
	{		{
	@@ -761,7 +761,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
	&& !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))		&& !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
	return 0;		return 0;
	# endif		# endif
	# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)		# if !defined(OPENSSL_NO_PADLOCKENG)
	if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)		if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
	&& !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))		&& !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
	return 0;		return 0;

engines/build.info

+16 −14

Original line number	Original line	Diff line number	Diff line
	IF[{- !$disabled{"engine"} -}]		IF[{- !$disabled{"engine"} -}]

	IF[{- $disabled{"dynamic-engine"} -}]		IF[{- $disabled{"dynamic-engine"} -}]
	LIBS=../libcrypto		LIBS=../libcrypto
			IF[{- !$disabled{padlockeng} -}]
	SOURCE[../libcrypto]=\		SOURCE[../libcrypto]=\
	e_padlock.c {- $target{padlock_asm_src} -}		e_padlock.c {- $target{padlock_asm_src} -}
			ENDIF
	IF[{- !$disabled{capieng} -}]		IF[{- !$disabled{capieng} -}]
	SOURCE[../libcrypto]=e_capi.c		SOURCE[../libcrypto]=e_capi.c
	ENDIF		ENDIF
	@@ -14,14 +15,19 @@ IF[{- !$disabled{"engine"} -}]
	SOURCE[../libcrypto]=e_devcrypto.c		SOURCE[../libcrypto]=e_devcrypto.c
	ENDIF		ENDIF
	ELSE		ELSE
			IF[{- !$disabled{padlockeng} -}]
	MODULES{engine}=padlock		MODULES{engine}=padlock
	SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -}		SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -}
	DEPEND[padlock]=../libcrypto		DEPEND[padlock]=../libcrypto
	INCLUDE[padlock]=../include		INCLUDE[padlock]=../include
			GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl \
			$(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
			GENERATE[e_padlock-x86_64.s]=asm/e_padlock-x86_64.pl $(PERLASM_SCHEME)
	IF[{- defined $target{shared_defflag} -}]		IF[{- defined $target{shared_defflag} -}]
	SHARED_SOURCE[padlock]=padlock.ld		SHARED_SOURCE[padlock]=padlock.ld
	GENERATE[padlock.ld]=../util/engines.num		GENERATE[padlock.ld]=../util/engines.num
	ENDIF		ENDIF
			ENDIF
	IF[{- !$disabled{capieng} -}]		IF[{- !$disabled{capieng} -}]
	MODULES{engine}=capi		MODULES{engine}=capi
	SOURCE[capi]=e_capi.c		SOURCE[capi]=e_capi.c
	@@ -69,8 +75,4 @@ IF[{- !$disabled{"engine"} -}]
	GENERATE[ossltest.ld]=../util/engines.num		GENERATE[ossltest.ld]=../util/engines.num
	ENDIF		ENDIF
	ENDIF		ENDIF

	GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl \
	$(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
	GENERATE[e_padlock-x86_64.s]=asm/e_padlock-x86_64.pl $(PERLASM_SCHEME)
	ENDIF		ENDIF

engines/e_padlock.c

+50 −53

Original line number	Original line	Diff line number	Diff line
	@@ -19,17 +19,16 @@
	#include <openssl/err.h>		#include <openssl/err.h>
	#include <openssl/modes.h>		#include <openssl/modes.h>

	#ifndef OPENSSL_NO_HW		#ifndef OPENSSL_NO_PADLOCKENG
	# ifndef OPENSSL_NO_HW_PADLOCK

	/*		/*
	* VIA PadLock AES is available ONLY on some x86 CPUs. Not only that it		* VIA PadLock AES is available ONLY on some x86 CPUs. Not only that it
	* doesn't exist elsewhere, but it even can't be compiled on other platforms!		* doesn't exist elsewhere, but it even can't be compiled on other platforms!
	*/		*/

	# undef COMPILE_HW_PADLOCK		# undef COMPILE_PADLOCKENG
	# if defined(PADLOCK_ASM)		# if defined(PADLOCK_ASM)
	# define COMPILE_HW_PADLOCK		# define COMPILE_PADLOCKENG
	# ifdef OPENSSL_NO_DYNAMIC_ENGINE		# ifdef OPENSSL_NO_DYNAMIC_ENGINE
	static ENGINE *ENGINE_padlock(void);		static ENGINE *ENGINE_padlock(void);
	# endif		# endif
	@@ -40,7 +39,7 @@ void engine_load_padlock_int(void);
	void engine_load_padlock_int(void)		void engine_load_padlock_int(void)
	{		{
	/* On non-x86 CPUs it just returns. */		/* On non-x86 CPUs it just returns. */
	# ifdef COMPILE_HW_PADLOCK		# ifdef COMPILE_PADLOCKENG
	ENGINE *toadd = ENGINE_padlock();		ENGINE *toadd = ENGINE_padlock();
	if (!toadd)		if (!toadd)
	return;		return;
	@@ -52,7 +51,7 @@ void engine_load_padlock_int(void)

	# endif		# endif

	# ifdef COMPILE_HW_PADLOCK		# ifdef COMPILE_PADLOCKENG

	/* Function for ENGINE detection and control */		/* Function for ENGINE detection and control */
	static int padlock_available(void);		static int padlock_available(void);
	@@ -714,12 +713,10 @@ static RAND_METHOD padlock_rand = {
	padlock_rand_status, /* rand status */		padlock_rand_status, /* rand status */
	};		};

	# endif /* COMPILE_HW_PADLOCK */		# endif /* COMPILE_PADLOCKENG */
	# endif /* !OPENSSL_NO_HW_PADLOCK */		#endif /* !OPENSSL_NO_PADLOCKENG */
	#endif /* !OPENSSL_NO_HW */

	#if defined(OPENSSL_NO_HW) \|\| defined(OPENSSL_NO_HW_PADLOCK) \		#if defined(OPENSSL_NO_PADLOCKENG) \|\| !defined(COMPILE_PADLOCKENG)
	\|\| !defined(COMPILE_HW_PADLOCK)
	# ifndef OPENSSL_NO_DYNAMIC_ENGINE		# ifndef OPENSSL_NO_DYNAMIC_ENGINE
	OPENSSL_EXPORT		OPENSSL_EXPORT
	int bind_engine(ENGINE e, const char id, const dynamic_fns *fns);		int bind_engine(ENGINE e, const char id, const dynamic_fns *fns);