The reason to do so is that some of the generators detect PIC flags
like -fPIC and -KPIC, and those are normally delivered in LD_CFLAGS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The AFALG engine created a global EVP_CIPHER instance but was not freeing
it up when the engine was destroyed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Before the 'Introduce the "pic" / "no-pic" config option' commit, the
shared_cflag value for the chosen config would be part of the make
variable CFLAG, which got replicated into CFLAGS and ASFLAGS.
Since said commit, the shared_cflag value has become a make variable
of its own, SHARED_CFLAG (which is left empty in a "no-pic" build).
However, ASFLAGS was forgotten. That's what's corrected with this
change.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Move the chil engine to use the new thread API. As I don't have access to
the hardware I can't test this :-(. I think its ok...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Move out most of the boiler plate code that is common between aes128-cbc
and aes128-cbc-hmac-sha1 into helper functions to improve code reuse.
Reviewed-by: Tim Hudson <tjh@openssl.org>
The _hidden_* variables were being created on-the-fly. It is better to
create them once up front during bind to avoid any potential race
conditions.
Reviewed-by: Tim Hudson <tjh@openssl.org>
We had the function EVP_CIPHER_CTX_cipher_data which is newly added for
1.1.0. As we now also need an EVP_CIPHER_CTX_set_cipher_data it makes
more sense for the former to be called EVP_CIPHER_CTX_get_cipher_data.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Implement aes128-cbc as a pipeline capable cipher in the dasync engine.
As dasync is just a dummy engine, it actually just performs the parallel
encrypts/decrypts in serial.
Reviewed-by: Tim Hudson <tjh@openssl.org>
This gets rid of the BEGINRAW..ENDRAW sections in engines/build.info.
This also moves the assembler generating perl scripts to take the
output file name as last command line argument, where necessary.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The af_alg engine and associated test were creating warnings when compiled
with clang. This fixes it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
1. Cleaned up eventfd handling
2. Reworked socket setup code to allow other algorithms to be added in
future
3. Fixed compile errors for static build
4. Added error to error stack in all cases of ALG_PERR/ALG_ERR
5. Called afalg_aes_128_cbc() from bind() to avoid race conditions
6. Used MAX_INFLIGHT define in io_getevents system call
7. Coding style fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Implementation experience has shown that the original plan for async wait
fds was too simplistic. Originally the async logic created a pipe internally
and user/engine code could then get access to it via API calls. It is more
flexible if the engine is able to create its own fd and provide it to the
async code.
Another issue is that there can be a lot of churn in the fd value within
the context of (say) a single SSL connection leading to continually adding
and removing fds from (say) epoll. It is better if we can provide some
stability of the fd value across a whole SSL connection. This is
problematic because an engine has no concept of an SSL connection.
This commit refactors things to introduce an ASYNC_WAIT_CTX which acts as a
proxy for an SSL connection down at the engine layer.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Until now, the engines in engines/ were only built as dynamicaly
loadable ones if shared libraries were built.
We not dissociate the two and can build dynamicaly loadable engines
even if we only build static libcrypto and libssl. This is controlled
with the option (enable|disable|no)-static-engine, defaulting to
no-static-engine.
Note that the engines in crypto/engine/ (dynamic and cryptodev) will
always be built into libcrypto.
Reviewed-by: Rich Salz <rsalz@openssl.org>
This takes us away from the idea that we know exactly how our static
libraries are going to get used. Instead, we make them available to
build shareable things with, be it other shared libraries or DSOs.
On the other hand, we also have greater control of when the shared
library cflags. They will never be used with object files meant got
binaries, such as apps/openssl or test/test*.
With unified, we take this a bit further and prepare for having to
deal with extra cflags specifically to be used with DSOs (dynamic
engines), libraries and binaries (applications).
Reviewed-by: Rich Salz <rsalz@openssl.org>
The engine DSOs were named as if they were shared libraries, and could
end up having all sorts of fancy names:
Cygwin: cygFOO.dll
Mingw: FOOeay32.dll
Unix: libFOO.so / libFOO.sl / libFOO.dylib / ...
This may be confusing, since they look like libraries one should link
with at link time, when they're just DSOs.
It's therefore time to rename them, and do it consistently on all
platforms:
Cygwin & Mingw: FOO.dll
Unix: FOO.{so,sl,dylib,...}
Interestingly enough, the MSVC and VMS builds always did it this way.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Originally, the Makefile.shared targets described what they used as
input for a shared object, be it a shared library or a DSO. It turned
out, however, that the link_o targets were used exclusively for
engines and the link_a targets were for libcrypto and libssl.
This rename fest turns and indication on the kind of input the targets
get to the intention with using them.
Reviewed-by: Andy Polyakov <appro@openssl.org>
All those flags existed because we had all the dependencies versioned
in the repository, and wanted to have it be consistent, no matter what
the local configuration was. Now that the dependencies are gone from
the versioned Makefile.ins, it makes much more sense to use the exact
same flags as when compiling the object files.
Reviewed-by: Rich Salz <rsalz@openssl.org>
It seems that on some platforms, the perlasm scripts call the C
compiler for certain checks. These scripts need the environment
variable CC to have the C compiler command.
Reviewed-by: Rich Salz <rsalz@openssl.org>
INSTALL_PREFIX is a confusing name, as there's also --prefix.
Instead, tag along with the rest of the open source world and adopt
the Makefile variable DESTDIR to designate the desired staging
directory.
The Configure option --install_prefix is removed, the only way to
designate a staging directory is with the Makefile variable (this is
also implemented for VMS' descrip.mms et al).
Reviewed-by: Rich Salz <rsalz@openssl.org>
Some keys are attached to the full RSA CSP which doesn't support SHA2
algorithms: uses the AES CSP if present.
Reviewed-by: Tim Hudson <tjh@openssl.org>
The old building scripts get removed, they are hopelessly gone in bit
rot by now.
Also remove the old symbol hacks. They were needed needed to shorten
some names to 31 characters, and to resolve other symbol clashes.
Because we now compile with /NAMES=(AS_IS,SHORTENED), this is no
longer required.
Reviewed-by: Rich Salz <rsalz@openssl.org>
In build.info files, make the include directory in the build directory
absolute, or Configure will think it should be added to the source
directory top. Configure will turn it into a relative path if
possible.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Some time ago, we had a ex_libs configuration setting that could be
divided into lflags and ex_libs. These got divided in two settings,
lflags and ex_libs, and the former was interpreted to be general
linking flags.
Unfortunately, that conclusion wasn't entirely accurate. Most of
those linking were meant to end up in a very precise position on the
linking command line, just before the spec of libraries the linking
depends on.
Back to the drawing board, we're diving things further, now having
lflags, which are linking flags that aren't depending on command line
position, plib_lflags, which are linking flags that should show up just
before the spec of libraries to depend on, and finally ex_libs, which
is the spec of extra libraries to depend on.
Also, documentation is changed in Configurations/README. This was
previously forgotten.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Now that we have the foundation for the "unified" build scheme in
place, we add build.info files. They have been generated from the
Makefiles in the same directories. Things that are platform specific
will appear in later commits.
Reviewed-by: Andy Polyakov <appro@openssl.org>
The lflags configuration had a weird syntax with a % as separator. If
it was present, whatever came before ended up as PEX_LIBS in Makefile
(usually, this is LDFLAGS), while whatever came after ended up as
EX_LIBS.
This change splits that item into lflags and ex_libs, making their use
more explicit.
Also, PEX_LIBS in all the Makefiles are renamed to LDFLAGS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1 && m@/\* .*\.[ch] \*/@;
close ARGV if eof; # Close file to reset $.
And then some hand-editing of other files.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
engines_obj changed name to padlock_obj in Configure. We need to do
the corresponding ENGINES_ASM_OBJ -> PADLOCK_ASM_OBJ in appropriate
Makefile.ins.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The GOST engine is now out of date and is removed by this commit. An up
to date GOST engine is now being maintained in an external repository.
See:
https://wiki.openssl.org/index.php/Binaries
Reviewed-by: Richard Levitte <levitte@openssl.org>