Commit graph

451 commits

Author SHA1 Message Date
Matt Caswell
627537ddf3 Fix AFALG kernel and headers mismatch problem
During Configure we attempt to check the kernel version of this platform
to see whether we can compile the AFALG engine. If the kernel version
looks recent enough then we enable AFALG. However when we compile
e_afalg.c we check the version of the linux headers. If there is a
mismatch between the linux headers and the currently running kernel then
we don't compile the AFLAG engine and continue. This was causing a link
error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-14 10:09:31 +01:00
Matt Caswell
5158c763f5 Remove OPENSSL_NO_AES guards
no-aes is no longer a Configure option and therefore the OPENSSL_NO_AES
guards can be removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 21:25:24 +01:00
Richard Levitte
7e74eaa661 Rename internal symbol to follow internal naming pattern
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-13 15:23:47 +02:00
Matt Caswell
b3599dbb6a Rename int_*() functions to *_int()
There is a preference for suffixes to indicate that a function is internal
rather than prefixes. Note: the suffix is only required to disambiguate
internal functions and public symbols with the same name (but different
case)

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:59:03 +01:00
Matt Caswell
342c21cd8b Rename lots of *_intern or *_internal function to int_*
There was a lot of naming inconsistency, so we try and standardise on
one form.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:34 +01:00
Richard Levitte
e9c2b10014 Fix forgotten adaptation to opaque RSA and RSA_METHOD
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-07 02:17:35 +02:00
Richard Levitte
b72c912137 Make the RSA_METHOD structure opaque
Move rsa_meth_st away from public headers.
Add RSA_METHOD creator/destructor functions.
Add RSA_METHOD accessor/writer functions.
Adapt all other source to use the creator, destructor, accessors and writers.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-06 16:19:20 +02:00
Richard Levitte
6c13488c4e Make sure the rand_byte buffer in padlock engine is cleansed.
Submitted by Michael McConville <mmcco@mykolab.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-04 17:01:37 +02:00
Matt Caswell
aa05e7caea Rename get/set_app_data to get0/set0_app_data
Also fixed a style issue

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-03 00:23:56 +01:00
Matt Caswell
a517f7fcdc Various DSA opacity fixups
Numerous fixups based on feedback of the DSA opacity changes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-03 00:23:56 +01:00
Matt Caswell
6e9fa57c6d Make DSA_METHOD opaque
Move the dsa_method structure out of the public header file, and provide
getter and setter functions for creating and modifying custom DSA_METHODs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-03 00:23:56 +01:00
Rich Salz
921de151d2 Move dso.h to internal
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-23 09:12:11 -04:00
Richard Levitte
007c80eae4 Remove the remainder of util/mk1mf.pl and companion scripts
This removes all scripts that deal with MINFO as well, since that's
only used by mk1mf.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-21 11:02:00 +01:00
Matt Caswell
6bf73e53b7 Fix no-deprecated
The no-deprecated build was failing because afalg was relying on a
transitive include that does not exist in a no-deprecated build.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-18 17:07:11 +00:00
Matt Caswell
a57bfe43e3 Resolved unresolved symbols with no-hw
Compiling on Windows with no-hw was resulting in unresolved symbols
in the padlock engine.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-18 12:09:27 +00:00
Andy Polyakov
d43a8fdcd4 engines/Makefile.in: some [older] shell complain about 'for i ;',
but not if there is reference to empty variable.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 13:50:43 +01:00
Richard Levitte
f425f9dcff Add $(LIB_CFLAGS) for any build.info generator that uses $(CFLAGS)
The reason to do so is that some of the generators detect PIC flags
like -fPIC and -KPIC, and those are normally delivered in LD_CFLAGS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-13 00:02:55 +01:00
Matt Caswell
256ed966d3 Fix a memory leak in the afalg engine
The AFALG engine created a global EVP_CIPHER instance but was not freeing
it up when the engine was destroyed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-10 15:17:20 +00:00
Richard Levitte
9ee3a5bb24 Don't add engines if configured "no-engine"
Similarly, don't add e_capi if configured "no-capieng"

Also, indent a little deeper, for clarity.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 12:51:07 +01:00
Richard Levitte
707059a9ad Don't add afalg engine if configured "no-engine"
Also, indent a little deeper, for clarity.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 12:51:07 +01:00
Richard Levitte
5b14d5b5a0 Make sure the effect of "pic" / "no-pic" is used with assembler compilations
Before the 'Introduce the "pic" / "no-pic" config option' commit, the
shared_cflag value for the chosen config would be part of the make
variable CFLAG, which got replicated into CFLAGS and ASFLAGS.

Since said commit, the shared_cflag value has become a make variable
of its own, SHARED_CFLAG (which is left empty in a "no-pic" build).

However, ASFLAGS was forgotten.  That's what's corrected with this
change.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 12:33:23 +01:00
Richard Levitte
71a07ca7bf Convert the dynlocks in e_chil to the new Thread API locks
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 11:04:36 +01:00
Matt Caswell
af48aa7197 Remove another lock from e_chil
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 11:04:27 +01:00
Matt Caswell
0231a02963 Move chil engine to the new thread api
Move the chil engine to use the new thread API. As I don't have access to
the hardware I can't test this :-(. I think its ok...

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 11:04:14 +01:00
Alessandro Ghedini
2f78195677 Use correct function ID in error path
This fixes "make update".

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 01:20:53 +00:00
Richard Levitte
a8a355402c Adapt e_capi to the DSA_SIG_get0() API
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 23:24:03 +01:00
Richard Levitte
6a6462f0f1 Fix engine/asm/e_padlock-x86.pl for newer semantics
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-08 11:13:02 +01:00
Matt Caswell
e38c2e8535 Refactor dasync cipher implementations to improve code reuse
Move out most of the boiler plate code that is common between aes128-cbc
and aes128-cbc-hmac-sha1 into helper functions to improve code reuse.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:42:09 +00:00
Matt Caswell
11780ac3e2 Move the _hidden_* static variables in dasync to be constructed in bind
The _hidden_* variables were being created on-the-fly. It is better to
create them once up front during bind to avoid any potential race
conditions.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:42:09 +00:00
Matt Caswell
44ab2dfdf9 Rename EVP_CIPHER_CTX_cipher_data to EVP_CIPHER_CTX_get_cipher_data
We had the function EVP_CIPHER_CTX_cipher_data which is newly added for
1.1.0. As we now also need an EVP_CIPHER_CTX_set_cipher_data it makes
more sense for the former to be called EVP_CIPHER_CTX_get_cipher_data.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:42:09 +00:00
Matt Caswell
2f2c9caa72 Add dummy pipeline support for aes128_cbc_hmac_sha1
Add dummy pipline support to dasync for the aes128_cbc_hmac_sha1 cipher.
This is treated as an AEAD cipher.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:39:27 +00:00
Matt Caswell
98ee75439d Update the dasync engine to add a pipeline cipher
Implement aes128-cbc as a pipeline capable cipher in the dasync engine.
As dasync is just a dummy engine, it actually just performs the parallel
encrypts/decrypts in serial.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:26:04 +00:00
Richard Levitte
c6912adf0c Fix the build tree include directory for afalg engine
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 19:06:24 +01:00
Richard Levitte
d62d17b9c0 Unified - adapt the generation of padlock assembler to use GENERATE
This gets rid of the BEGINRAW..ENDRAW sections in engines/build.info.

This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 18:28:25 +01:00
Alessandro Ghedini
b8972edad6 GH804: Fix unused-result warnings in dasync
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 12:21:07 -05:00
Matt Caswell
a193388811 Fix some clang warnings
The af_alg engine and associated test were creating warnings when compiled
with clang. This fixes it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 13:36:17 +00:00
clucey
d245844010 Adding afalg test
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 13:36:17 +00:00
Matt Caswell
8da00a38cd Misc afalg build fixes
Misc afalg build fixes as suggested by Richard Levitte for the latest
Configure changes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 13:36:17 +00:00
clucey
6cba4a6661 Rework based on feedback:
1. Cleaned up eventfd handling
2. Reworked socket setup code to allow other algorithms to be added in
   future
3. Fixed compile errors for static build
4. Added error to error stack in all cases of ALG_PERR/ALG_ERR
5. Called afalg_aes_128_cbc() from bind() to avoid race conditions
6. Used MAX_INFLIGHT define in io_getevents system call
7. Coding style fixes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 13:36:17 +00:00
clucey
7f458a48ff ALG: Add AFALG engine
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 13:36:17 +00:00
Viktor Szakats
8448b69df2 GH758: e_dasync_err.h: honor no-filenames option
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-29 17:10:45 -05:00
Matt Caswell
ff75a25749 Refactor the async wait fd logic
Implementation experience has shown that the original plan for async wait
fds was too simplistic. Originally the async logic created a pipe internally
and user/engine code could then get access to it via API calls. It is more
flexible if the engine is able to create its own fd and provide it to the
async code.

Another issue is that there can be a lot of churn in the fd value within
the context of (say) a single SSL connection leading to continually adding
and removing fds from (say) epoll. It is better if we can provide some
stability of the fd value across a whole SSL connection. This is
problematic because an engine has no concept of an SSL connection.

This commit refactors things to introduce an ASYNC_WAIT_CTX which acts as a
proxy for an SSL connection down at the engine layer.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-29 12:58:44 +00:00
Richard Levitte
0421c00e56 Add forgotten change of check of disabled-dynamic-engine
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-29 10:20:41 +01:00
Matt Caswell
766579ec89 Remove Ubsec engine
The ubsec engine is now considered obsolete and therefore has been
removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-26 23:34:25 +00:00
Richard Levitte
343ec2b083 Build dynamic engines even if configured "no-shared"
Until now, the engines in engines/ were only built as dynamicaly
loadable ones if shared libraries were built.

We not dissociate the two and can build dynamicaly loadable engines
even if we only build static libcrypto and libssl.  This is controlled
with the option (enable|disable|no)-static-engine, defaulting to
no-static-engine.

Note that the engines in crypto/engine/ (dynamic and cryptodev) will
always be built into libcrypto.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-20 16:51:31 +01:00
Richard Levitte
45502bfe19 Always build library object files with shared library cflags
This takes us away from the idea that we know exactly how our static
libraries are going to get used.  Instead, we make them available to
build shareable things with, be it other shared libraries or DSOs.

On the other hand, we also have greater control of when the shared
library cflags.  They will never be used with object files meant got
binaries, such as apps/openssl or test/test*.

With unified, we take this a bit further and prepare for having to
deal with extra cflags specifically to be used with DSOs (dynamic
engines), libraries and binaries (applications).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-20 16:51:31 +01:00
Richard Levitte
9ee0ed3de6 Big rename fest of engine DSO names, from libFOO.so to FOO.so
The engine DSOs were named as if they were shared libraries, and could
end up having all sorts of fancy names:

  Cygwin: cygFOO.dll
  Mingw:  FOOeay32.dll
  Unix:   libFOO.so / libFOO.sl / libFOO.dylib / ...

This may be confusing, since they look like libraries one should link
with at link time, when they're just DSOs.

It's therefore time to rename them, and do it consistently on all
platforms:

  Cygwin & Mingw: FOO.dll
  Unix:           FOO.{so,sl,dylib,...}

Interestingly enough, the MSVC and VMS builds always did it this way.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-19 11:52:15 +01:00
Richard Levitte
e048fd5171 Big rename fest in makefile.shared: link_a / link_o -> link_shlib / link_dso
Originally, the Makefile.shared targets described what they used as
input for a shared object, be it a shared library or a DSO.  It turned
out, however, that the link_o targets were used exclusively for
engines and the link_a targets were for libcrypto and libssl.

This rename fest turns and indication on the kind of input the targets
get to the intention with using them.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-19 11:51:23 +01:00
Richard Levitte
ce192ebed0 Remove all special make depend flags, as well as OPENSSL_DOING_MAKEDEPEND
All those flags existed because we had all the dependencies versioned
in the repository, and wanted to have it be consistent, no matter what
the local configuration was.  Now that the dependencies are gone from
the versioned Makefile.ins, it makes much more sense to use the exact
same flags as when compiling the object files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 23:43:09 +01:00
David Woodhouse
3ba84717a0 Finish 02f7114a7f
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-17 17:04:47 -05:00