Commit Graph

51 Commits

Author SHA1 Message Date
Matt Caswell
da1c088f59 Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
2023-09-07 09:59:15 +01:00
Bernd Edlinger
849ed515c7 Fix the padlock engine
... after it was broken for almost 5 years,
since the first 1.1.1 release.
Note: The last working version was 1.1.0l release.

Fixes #20073

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20146)
2023-05-05 17:12:18 +01:00
Matt Caswell
38fc02a708 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15801)
2021-06-17 13:24:59 +01:00
Pauli
6c1d17c802 fix coverity 1485660 improper use of negative value
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15635)
2021-06-08 19:32:17 +10:00
Tomas Mraz
ed576acdf5 Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-06-01 12:40:00 +02:00
Matt Caswell
b9b2135d22 Don't clear the whole error stack when loading engines
Loading the various built-in engines was unconditionally clearing the
whole error stack. During config file processing processing a .include
directive which fails results in errors being added to the stack - but
we carry on anyway. These errors were then later being removed by the
engine loading code, meaning that problems with the .include directive
never get shown.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13311)
2020-11-06 10:34:48 +00:00
Pauli
cf8e8cba93 deprecate engines
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12226)
2020-07-16 09:12:27 +02:00
Matt Caswell
33388b44b6 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
2020-04-23 13:55:52 +01:00
Matt Caswell
c72fa2554f Deprecate the low level AES functions
Use of the low level AES functions has been informally discouraged for a
long time. We now formally deprecate them.

Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10580)
2020-01-06 15:09:57 +00:00
Richard Levitte
469ce8ff48 Deprecate the "hw" configuration options, make "padlockeng" disablable
The "hw" and "hw-.*" style options are historical artifacts, sprung
from the time when ENGINE was first designed, with hardware crypto
accelerators and HSMs in mind.

Today, these options have largely lost their value, replaced by
options such as "no-{foo}eng" and "no-engine".

This completes the transition by making "hw" and "hw-.*" deprecated,
but automatically translated into more modern variants of the same.

In the process, we get rid of the last regular expression in
Configure's @disablables, a feature that was ill supported anyway.
Also, padlock now gets treated just as every other engine.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8380)
2019-03-05 08:46:51 +01:00
Richard Levitte
149c12d5e4 Make the padlock engine build correctly
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8220)
2019-02-27 11:32:14 +01:00
Richard Levitte
ab3fa1c0ad Following the license change, modify the boilerplates in engines/
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7832)
2018-12-06 15:36:54 +01:00
Richard Levitte
3a63dbef15 Switch to MAJOR.MINOR.PATCH versioning and version 3.0.0-dev
We're strictly use version numbers of the form MAJOR.MINOR.PATCH.
Letter releases are things of days past.

The most central change is that we now express the version number with
three macros, one for each part of the version number:

    OPENSSL_VERSION_MAJOR
    OPENSSL_VERSION_MINOR
    OPENSSL_VERSION_PATCH

We also provide two additional macros to express pre-release and build
metadata information (also specified in semantic versioning):

    OPENSSL_VERSION_PRE_RELEASE
    OPENSSL_VERSION_BUILD_METADATA

To get the library's idea of all those values, we introduce the
following functions:

    unsigned int OPENSSL_version_major(void);
    unsigned int OPENSSL_version_minor(void);
    unsigned int OPENSSL_version_patch(void);
    const char *OPENSSL_version_pre_release(void);
    const char *OPENSSL_version_build_metadata(void);

Additionally, for shared library versioning (which is out of scope in
semantic versioning, but that we still need):

    OPENSSL_SHLIB_VERSION

We also provide a macro that contains the release date.  This is not
part of the version number, but is extra information that we want to
be able to display:

    OPENSSL_RELEASE_DATE

Finally, also provide the following convenience functions:

    const char *OPENSSL_version_text(void);
    const char *OPENSSL_version_text_full(void);

The following macros and functions are deprecated, and while currently
existing for backward compatibility, they are expected to disappear:

    OPENSSL_VERSION_NUMBER
    OPENSSL_VERSION_TEXT
    OPENSSL_VERSION
    OpenSSL_version_num()
    OpenSSL_version()

Also, this function is introduced to replace OpenSSL_version() for all
indexes except for OPENSSL_VERSION:

    OPENSSL_info()

For configuration, the option 'newversion-only' is added to disable all
the macros and functions that are mentioned as deprecated above.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:47 +01:00
Matt Caswell
1212818eb0 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7176)
2018-09-11 13:45:17 +01:00
Nicola Tuveri
3f5abab941 enable-ec_nistp_64_gcc_128: Fix function prototype warning [-Wstrict-prototypes]
Fix prototype warnings triggered by -Wstrict-prototypes when configuring
with `enable-ec_nistp_64_gcc_128`

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6556)
2018-06-22 08:08:01 +02:00
Richard Levitte
7b176a549e Only build the body of e_padlock when there are lower level routines
engines/e_padlock.c assumes that for all x86 and x86_64 platforms, the
lower level routines will be present.  However, that's not always
true, for example for solaris-x86-cc, and that leads to build errors.

The better solution is to have configure detect if the lower level
padlock routines are being built, and define the macro PADLOCK_ASM if
they are, and use that macro in our C code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1510)
2016-11-15 15:14:15 +01:00
Rich Salz
440e5d805f Copyright consolidation 02/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:20:27 -04:00
Andy Polyakov
b1a07c3854 Remove obsolete defined(__INTEL__) condition.
This macro was defined by no-longer-supported __MWERKS__ compiler.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-02 12:35:01 +02:00
Matt Caswell
5158c763f5 Remove OPENSSL_NO_AES guards
no-aes is no longer a Configure option and therefore the OPENSSL_NO_AES
guards can be removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 21:25:24 +01:00
Matt Caswell
b3599dbb6a Rename int_*() functions to *_int()
There is a preference for suffixes to indicate that a function is internal
rather than prefixes. Note: the suffix is only required to disambiguate
internal functions and public symbols with the same name (but different
case)

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:59:03 +01:00
Matt Caswell
342c21cd8b Rename lots of *_intern or *_internal function to int_*
There was a lot of naming inconsistency, so we try and standardise on
one form.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:34 +01:00
Richard Levitte
6c13488c4e Make sure the rand_byte buffer in padlock engine is cleansed.
Submitted by Michael McConville <mmcco@mykolab.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-04 17:01:37 +02:00
Rich Salz
921de151d2 Move dso.h to internal
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-23 09:12:11 -04:00
Matt Caswell
a57bfe43e3 Resolved unresolved symbols with no-hw
Compiling on Windows with no-hw was resulting in unresolved symbols
in the padlock engine.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-18 12:09:27 +00:00
Matt Caswell
44ab2dfdf9 Rename EVP_CIPHER_CTX_cipher_data to EVP_CIPHER_CTX_get_cipher_data
We had the function EVP_CIPHER_CTX_cipher_data which is newly added for
1.1.0. As we now also need an EVP_CIPHER_CTX_set_cipher_data it makes
more sense for the former to be called EVP_CIPHER_CTX_get_cipher_data.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:42:09 +00:00
Matt Caswell
7b9f8f7f03 Auto init/deinit libcrypto
This builds on the previous commit to auto initialise/deinitialise
libcrypto.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Richard Levitte
39e8d0ce73 Adapt all engines that need it to opaque EVP_CIPHER
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
936166aff2 Adapt cipher implementations to opaque EVP_CIPHER_CTX
Note: there's a larger number of implementations in crypto/evp/ that
aren't affected because they include evp_locl.h.  They will be handled
in a separate commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Matt Caswell
55646005a9 Continue malloc standardisation in engines
Continuing from previous work standardise use of malloc in the engine code.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-11-09 22:48:41 +00:00
Rich Salz
16f8d4ebf0 memset, memcpy, sizeof consistency fixes
Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr)
for memset and memcpy.  Remove needless casts for those functions.
For memset, replace alternative forms of zero with 0.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-05 22:18:59 -04:00
Rich Salz
6f91b017bb Live code cleanup: remove #if 1 stuff
For code bracketed by "#if 1" then remove the alternate
"#else .. #endif" lines.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-06 10:54:20 -05:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Tim Hudson
1d97c84351 mark all block comments that need format preserving so that
indent will not alter them when reformatting comments

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-30 22:10:26 +00:00
Justin Blanchard
f756fb430e RT1815: More const'ness improvements
Add a dozen more const declarations where appropriate.
These are from Justin; while adding his patch, I noticed
ASN1_BIT_STRING_check could be fixed, too.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-18 11:49:16 -04:00
Andy Polyakov
dce7f142a6 Configure: reimplement commit#21695. 2011-11-15 12:32:18 +00:00
Ben Laurie
ae55176091 Fix some warnings caused by __owur. Temporarily (I hope) remove the more
aspirational __owur annotations.
2011-11-14 00:36:10 +00:00
Andy Polyakov
50452b2e60 e_padlock: add CTR mode. 2011-10-05 17:03:44 +00:00
Andy Polyakov
ed28aef8b4 Padlock engine: make it independent of inline assembler. 2011-09-06 20:45:36 +00:00
Andy Polyakov
87f6b97e89 e_padlock.c: fix typo. 2011-05-25 10:02:20 +00:00
Andy Polyakov
67d8487bb8 e_padlock.c: last x86_64 commit didn't work with some optimizers. 2011-05-24 17:18:19 +00:00
Andy Polyakov
b50842036f e_padlock.c: make it compile on MacOS X. 2011-05-18 16:21:54 +00:00
Dr. Stephen Henson
eb164d0b12 stop warnings about no previous prototype when compiling shared engines 2011-01-30 01:30:48 +00:00
Andy Polyakov
3dccfc1e68 e_padlock.c: fix typo (missing #endif) and switch to __builtin_alloca
(with introduction of 64-bit support alloca must be  declared and there
is no standard way of doing that, switching to __bultin_alloca is
considered appropriate because code explicitly targets gcc anyway).
2009-05-12 20:19:09 +00:00
Richard Levitte
e6b0c0007f Make sure the padlock code compiles correctly even on hardware that
doesn't have padlocks.
2009-05-06 13:55:40 +00:00
Andy Polyakov
127186bf57 e_padlock: add support for x86_64 gcc. 2009-04-26 18:14:58 +00:00
Dr. Stephen Henson
dd9557a8ba Revert another size_t change. 2008-11-12 18:47:24 +00:00
Dr. Stephen Henson
70d71f6185 Fix warnings: printf format mismatches on 64 bit platforms.
Change assert to OPENSSL_assert().
Fix e_padlock prototype.
2008-11-02 15:41:30 +00:00
Dr. Stephen Henson
eef0c1f34c Netware support.
Submitted by: Guenter Knauf <eflash@gmx.net>
2008-01-03 22:43:04 +00:00
Dr. Stephen Henson
097f9d8c52 Avoid warning. 2007-11-20 17:52:02 +00:00
Andy Polyakov
61775daf00 Padlock engine fails to compile with -O0 -fPIC. 2007-05-20 07:13:45 +00:00