X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=engines%2Fe_padlock.c;h=77cebe3de6f8d94848770f916de808d62f6caab4;hp=e5eecee55430bae77e5bea2917fa81ecda093c77;hb=7218ae513408a58e8f8f20ed49dc45505e00a5b2;hpb=39e8d0ce73fb4cd760fbc02b82081a52263c8781

diff --git a/engines/e_padlock.c b/engines/e_padlock.c
index e5eecee554..77cebe3de6 100644
--- a/engines/e_padlock.c
+++ b/engines/e_padlock.c
@@ -1,65 +1,10 @@
-/*-
- * Support for VIA PadLock Advanced Cryptography Engine (ACE)
- * Written by Michal Ludvig <michal@logix.cz>
- *            http://www.logix.cz/michal
- *
- * Big thanks to Andy Polyakov for a help with optimization,
- * assembler fixes, port to MS Windows and a lot of other
- * valuable work on this engine!
- */
-
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
@@ -67,12 +12,9 @@
 
 #include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
-#include <openssl/dso.h>
 #include <openssl/engine.h>
 #include <openssl/evp.h>
-#ifndef OPENSSL_NO_AES
-# include <openssl/aes.h>
-#endif
+#include <openssl/aes.h>
 #include <openssl/rand.h>
 #include <openssl/err.h>
 #include <openssl/modes.h>
@@ -102,8 +44,7 @@
 #  if !defined(I386_ONLY) && !defined(OPENSSL_NO_ASM)
 #   if    defined(__i386__) || defined(__i386) ||    \
         defined(__x86_64__) || defined(__x86_64) || \
-        defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
-        defined(__INTEL__)
+        defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)
 #    define COMPILE_HW_PADLOCK
 #    ifdef OPENSSL_NO_DYNAMIC_ENGINE
 static ENGINE *ENGINE_padlock(void);
@@ -112,8 +53,8 @@ static ENGINE *ENGINE_padlock(void);
 #  endif
 
 #  ifdef OPENSSL_NO_DYNAMIC_ENGINE
-
-void ENGINE_load_padlock(void)
+void engine_load_padlock_int(void);
+void engine_load_padlock_int(void)
 {
 /* On non-x86 CPUs it just returns. */
 #   ifdef COMPILE_HW_PADLOCK
@@ -138,10 +79,8 @@ static int padlock_init(ENGINE *e);
 static RAND_METHOD padlock_rand;
 
 /* Cipher Stuff */
-#   ifndef OPENSSL_NO_AES
 static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
                            const int **nids, int nid);
-#   endif
 
 /* Engine names */
 static const char *padlock_id = "padlock";
@@ -175,9 +114,7 @@ static int padlock_bind_helper(ENGINE *e)
     if (!ENGINE_set_id(e, padlock_id) ||
         !ENGINE_set_name(e, padlock_name) ||
         !ENGINE_set_init_function(e, padlock_init) ||
-#   ifndef OPENSSL_NO_AES
         (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) ||
-#   endif
         (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) {
         return 0;
     }
@@ -230,15 +167,15 @@ static int padlock_bind_fn(ENGINE *e, const char *id)
 }
 
 IMPLEMENT_DYNAMIC_CHECK_FN()
-    IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn)
+IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn)
 #   endif                       /* DYNAMIC_ENGINE */
 /* ===== Here comes the "real" engine ===== */
-#   ifndef OPENSSL_NO_AES
+
 /* Some AES-related constants */
-#    define AES_BLOCK_SIZE          16
-#    define AES_KEY_SIZE_128        16
-#    define AES_KEY_SIZE_192        24
-#    define AES_KEY_SIZE_256        32
+#   define AES_BLOCK_SIZE          16
+#   define AES_KEY_SIZE_128        16
+#   define AES_KEY_SIZE_192        24
+#   define AES_KEY_SIZE_256        32
     /*
      * Here we store the status information relevant to the current context.
      */
@@ -264,7 +201,6 @@ struct padlock_cipher_data {
     } cword;                    /* Control word */
     AES_KEY ks;                 /* Encryption key */
 };
-#   endif
 
 /* Interface to assembler module */
 unsigned int padlock_capability();
@@ -304,31 +240,30 @@ static int padlock_available(void)
 }
 
 /* ===== AES encryption/decryption ===== */
-#   ifndef OPENSSL_NO_AES
 
-#    if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
-#     define NID_aes_128_cfb NID_aes_128_cfb128
-#    endif
+#   if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
+#    define NID_aes_128_cfb NID_aes_128_cfb128
+#   endif
 
-#    if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
-#     define NID_aes_128_ofb NID_aes_128_ofb128
-#    endif
+#   if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
+#    define NID_aes_128_ofb NID_aes_128_ofb128
+#   endif
 
-#    if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
-#     define NID_aes_192_cfb NID_aes_192_cfb128
-#    endif
+#   if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
+#    define NID_aes_192_cfb NID_aes_192_cfb128
+#   endif
 
-#    if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
-#     define NID_aes_192_ofb NID_aes_192_ofb128
-#    endif
+#   if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
+#    define NID_aes_192_ofb NID_aes_192_ofb128
+#   endif
 
-#    if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
-#     define NID_aes_256_cfb NID_aes_256_cfb128
-#    endif
+#   if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
+#    define NID_aes_256_cfb NID_aes_256_cfb128
+#   endif
 
-#    if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
-#     define NID_aes_256_ofb NID_aes_256_ofb128
-#    endif
+#   if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
+#    define NID_aes_256_ofb NID_aes_256_ofb128
+#   endif
 
 /* List of supported ciphers. */
 static const int padlock_cipher_nids[] = {
@@ -358,10 +293,10 @@ static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) /
 static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                                 const unsigned char *iv, int enc);
 
-#    define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) +         \
+#   define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) +         \
         ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F )      )
-#    define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
-        NEAREST_ALIGNED(EVP_CIPHER_CTX_cipher_data(ctx)))
+#   define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
+        NEAREST_ALIGNED(EVP_CIPHER_CTX_get_cipher_data(ctx)))
 
 static int
 padlock_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
@@ -535,17 +470,17 @@ padlock_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
     return 1;
 }
 
-#    define EVP_CIPHER_block_size_ECB       AES_BLOCK_SIZE
-#    define EVP_CIPHER_block_size_CBC       AES_BLOCK_SIZE
-#    define EVP_CIPHER_block_size_OFB       1
-#    define EVP_CIPHER_block_size_CFB       1
-#    define EVP_CIPHER_block_size_CTR       1
+#   define EVP_CIPHER_block_size_ECB       AES_BLOCK_SIZE
+#   define EVP_CIPHER_block_size_CBC       AES_BLOCK_SIZE
+#   define EVP_CIPHER_block_size_OFB       1
+#   define EVP_CIPHER_block_size_CFB       1
+#   define EVP_CIPHER_block_size_CTR       1
 
 /*
  * Declaring so many ciphers by hand would be a pain. Instead introduce a bit
  * of preprocessor magic :-)
  */
-#    define DECLARE_AES_EVP(ksize,lmode,umode)      \
+#   define DECLARE_AES_EVP(ksize,lmode,umode)      \
 static EVP_CIPHER *_hidden_aes_##ksize##_##lmode = NULL; \
 static const EVP_CIPHER *padlock_aes_##ksize##_##lmode(void) \
 {                                                                       \
@@ -708,12 +643,12 @@ padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
             AES_set_decrypt_key(key, key_len, &cdata->ks);
         else
             AES_set_encrypt_key(key, key_len, &cdata->ks);
-#    ifndef AES_ASM
+#   ifndef AES_ASM
         /*
          * OpenSSL C functions use byte-swapped extended key.
          */
         padlock_key_bswap(&cdata->ks);
-#    endif
+#   endif
         cdata->cword.b.keygen = 1;
         break;
 
@@ -732,8 +667,6 @@ padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     return 1;
 }
 
-#   endif                       /* OPENSSL_NO_AES */
-
 /* ===== Random Number Generator ===== */
 /*
  * This code is not engaged. The reason is that it does not comply
@@ -777,7 +710,7 @@ static int padlock_rand_bytes(unsigned char *output, int count)
         *output++ = (unsigned char)buf;
         count--;
     }
-    *(volatile unsigned int *)&buf = 0;
+    OPENSSL_cleanse(&buf, sizeof(buf));
 
     return 1;
 }
@@ -798,8 +731,13 @@ static RAND_METHOD padlock_rand = {
     padlock_rand_status,        /* rand status */
 };
 
-#  else                         /* !COMPILE_HW_PADLOCK */
-#   ifndef OPENSSL_NO_DYNAMIC_ENGINE
+#  endif                        /* COMPILE_HW_PADLOCK */
+# endif                         /* !OPENSSL_NO_HW_PADLOCK */
+#endif                          /* !OPENSSL_NO_HW */
+
+#if defined(OPENSSL_NO_HW) || defined(OPENSSL_NO_HW_PADLOCK) \
+        || !defined(COMPILE_HW_PADLOCK)
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
 OPENSSL_EXPORT
     int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
 OPENSSL_EXPORT
@@ -809,7 +747,5 @@ OPENSSL_EXPORT
 }
 
 IMPLEMENT_DYNAMIC_CHECK_FN()
-#   endif
-#  endif                        /* COMPILE_HW_PADLOCK */
-# endif                         /* !OPENSSL_NO_HW_PADLOCK */
-#endif                          /* !OPENSSL_NO_HW */
+# endif
+#endif