Commit c6da7228 authored by Timo Teräs's avatar Timo Teräs

main/openssl: update padlock sha patches

New version of padlock sha patches that do not use the seg.fault handler trick.
It requires application to properly use oneshot mode context flag, or the high
level full operation methods to take use of VIA C7 SHA acceleration. VIA Nano
support is included in this patch and supports the partial transforms, so it
gets accelerated always.

Fixes #215.
parent a1539180
From 8290b2ced17ee3d0e52345180ef4fc6d79bc0751 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Fri, 4 Jun 2010 09:48:39 +0300
Subject: [PATCH 1/3] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it properly
Some engines (namely VIA C7 Padlock) work only if EVP_MD_CTX_FLAG_ONESHOT
is set before final update. This is because some crypto accelerators cannot
perform non-finalizing transform of the digest.
The usage of EVP_MD_CTX_FLAG_ONESHOT is used semantically slightly
differently here. It is set before the final EVP_DigestUpdate call, not
necessarily before EVP_DigestInit call. This will not cause any problems
though.
---
crypto/hmac/hmac.c | 14 +++++++++++---
1 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index cbc1c76..a75a35d 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -68,6 +68,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
{
int i,j,reset=0;
unsigned char pad[HMAC_MAX_MD_CBLOCK];
+ unsigned long flags;
if (md != NULL)
{
@@ -84,6 +85,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
OPENSSL_assert(j <= (int)sizeof(ctx->key));
if (j < len)
{
+ M_EVP_MD_CTX_set_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT);
EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
EVP_DigestUpdate(&ctx->md_ctx,key,len);
EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
@@ -104,13 +106,18 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
{
for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
pad[i]=0x36^ctx->key[i];
+ flags = M_EVP_MD_CTX_test_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT);
+ M_EVP_MD_CTX_clear_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT);
EVP_DigestInit_ex(&ctx->i_ctx,md, impl);
EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md));
+ M_EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
pad[i]=0x5c^ctx->key[i];
+ M_EVP_MD_CTX_clear_flags(&ctx->o_ctx, EVP_MD_CTX_FLAG_ONESHOT);
EVP_DigestInit_ex(&ctx->o_ctx,md, impl);
EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md));
+ M_EVP_MD_CTX_set_flags(&ctx->o_ctx, EVP_MD_CTX_FLAG_ONESHOT);
}
EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);
}
@@ -166,7 +173,8 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
if (md == NULL) md=m;
HMAC_CTX_init(&c);
- HMAC_Init(&c,key,key_len,evp_md);
+ HMAC_CTX_set_flags(&c, EVP_MD_CTX_FLAG_ONESHOT);
+ HMAC_Init_ex(&c,key,key_len,evp_md,NULL);
HMAC_Update(&c,d,n);
HMAC_Final(&c,md,md_len);
HMAC_CTX_cleanup(&c);
@@ -176,8 +184,8 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
{
EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
- EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
- EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
+ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT);
+ EVP_MD_CTX_set_flags(&ctx->md_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT);
}
#endif
--
1.7.0.4
From 711ae63d2c715a34b15262b4dd4a48b09f02a400 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Thu, 3 Jun 2010 09:02:13 +0300
Subject: [PATCH 2/3] apps/speed: fix digest speed measurement and add hmac-sha1 test
Merge the common code of testing digest speed, and make it reuse
existing context. Context creation can be heavy operation, and it's
speed depends on if engine is used or not. As we are measuring the
digest speed, the context creation overhead should not be included
like hmac tests do.
This also adds test for hmac-sha1 speed.
---
apps/speed.c | 232 ++++++++++++++++++++++------------------------------------
1 files changed, 87 insertions(+), 145 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
index 393a7ba..6e375c6 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -285,7 +285,7 @@ static void print_result(int alg,int run_no,int count,double time_used);
static int do_multi(int multi);
#endif
-#define ALGOR_NUM 28
+#define ALGOR_NUM 29
#define SIZE_NUM 5
#define RSA_NUM 4
#define DSA_NUM 3
@@ -300,9 +300,11 @@ static const char *names[ALGOR_NUM]={
"aes-128 cbc","aes-192 cbc","aes-256 cbc",
"camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
"evp","sha256","sha512",
- "aes-128 ige","aes-192 ige","aes-256 ige"};
+ "aes-128 ige","aes-192 ige","aes-256 ige", "hmac(sha1)" };
static double results[ALGOR_NUM][SIZE_NUM];
static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
+static unsigned char *buf=NULL,*buf2=NULL;
+static long c[ALGOR_NUM][SIZE_NUM];
#ifndef OPENSSL_NO_RSA
static double rsa_results[RSA_NUM][2];
#endif
@@ -478,6 +480,66 @@ static double Time_F(int s)
}
#endif /* if defined(OPENSSL_SYS_NETWARE) */
+#ifndef SIGALRM
+#define COND(d) (count < (d))
+#else
+#define COND(c) (run)
+#endif /* SIGALRM */
+
+static void Test_Digest(int digest, const EVP_MD *type)
+{
+ unsigned char md[EVP_MAX_MD_SIZE];
+ int j, count;
+ double d=0.0;
+ EVP_MD_CTX ctx;
+
+ EVP_MD_CTX_init(&ctx);
+ EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
+
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[digest],c[digest][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[digest][j]); count++)
+ {
+ EVP_DigestInit_ex(&ctx, type, NULL);
+ EVP_DigestUpdate(&ctx, buf, (unsigned long)lengths[j]);
+ EVP_DigestFinal_ex(&ctx, md, NULL);
+ }
+ d=Time_F(STOP);
+ print_result(digest,j,count,d);
+ }
+
+ EVP_MD_CTX_cleanup(&ctx);
+}
+
+static void Test_HMAC(int digest, const EVP_MD *type)
+{
+ unsigned char md[EVP_MAX_MD_SIZE];
+ HMAC_CTX hctx;
+ int j, count;
+ double d=0.0;
+
+ HMAC_CTX_init(&hctx);
+ HMAC_CTX_set_flags(&hctx, EVP_MD_CTX_FLAG_ONESHOT);
+ HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
+ 16,type, NULL);
+
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[digest],c[digest][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[digest][j]); count++)
+ {
+ HMAC_Init_ex(&hctx,NULL,0,NULL,NULL);
+ HMAC_Update(&hctx,buf,lengths[j]);
+ HMAC_Final(&hctx,md,NULL);
+ }
+ d=Time_F(STOP);
+ print_result(digest,j,count,d);
+ }
+ HMAC_CTX_cleanup(&hctx);
+}
#ifndef OPENSSL_NO_ECDH
static const int KDF1_SHA1_len = 20;
@@ -503,7 +565,6 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
- unsigned char *buf=NULL,*buf2=NULL;
int mret=1;
long count=0,save_count=0;
int i,j,k;
@@ -514,31 +575,6 @@ int MAIN(int argc, char **argv)
unsigned rsa_num;
#endif
unsigned char md[EVP_MAX_MD_SIZE];
-#ifndef OPENSSL_NO_MD2
- unsigned char md2[MD2_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_MDC2
- unsigned char mdc2[MDC2_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_MD4
- unsigned char md4[MD4_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_MD5
- unsigned char md5[MD5_DIGEST_LENGTH];
- unsigned char hmac[MD5_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_SHA
- unsigned char sha[SHA_DIGEST_LENGTH];
-#ifndef OPENSSL_NO_SHA256
- unsigned char sha256[SHA256_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_SHA512
- unsigned char sha512[SHA512_DIGEST_LENGTH];
-#endif
-#endif
-#ifndef OPENSSL_NO_RIPEMD
- unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
-#endif
#ifndef OPENSSL_NO_RC4
RC4_KEY rc4_ks;
#endif
@@ -635,8 +671,8 @@ int MAIN(int argc, char **argv)
#define D_IGE_128_AES 25
#define D_IGE_192_AES 26
#define D_IGE_256_AES 27
+#define D_HMAC_SHA1 28
double d=0.0;
- long c[ALGOR_NUM][SIZE_NUM];
#define R_DSA_512 0
#define R_DSA_1024 1
#define R_DSA_2048 2
@@ -945,6 +981,8 @@ int MAIN(int argc, char **argv)
doit[D_SHA256]=1,
doit[D_SHA512]=1;
else
+ if (strcmp(*argv,"hmac-sha1") == 0) doit[D_HMAC_SHA1]=1;
+ else
#ifndef OPENSSL_NO_SHA256
if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1;
else
@@ -1158,6 +1196,9 @@ int MAIN(int argc, char **argv)
#endif
#ifndef OPENSSL_NO_SHA1
BIO_printf(bio_err,"sha1 ");
+#ifndef OPENSSL_NO_HMAC
+ BIO_printf(bio_err,"hmac-sha1 ");
+#endif
#endif
#ifndef OPENSSL_NO_SHA256
BIO_printf(bio_err,"sha256 ");
@@ -1420,6 +1461,7 @@ int MAIN(int argc, char **argv)
c[D_IGE_128_AES][0]=count;
c[D_IGE_192_AES][0]=count;
c[D_IGE_256_AES][0]=count;
+ c[D_HMAC_SHA1][0]=count;
for (i=1; i<SIZE_NUM; i++)
{
@@ -1432,6 +1474,7 @@ int MAIN(int argc, char **argv)
c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i];
c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i];
c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i];
+ c[D_HMAC_SHA1][i]=c[D_HMAC_SHA1][0]*4*lengths[0]/lengths[i];
}
for (i=1; i<SIZE_NUM; i++)
{
@@ -1606,160 +1649,59 @@ int MAIN(int argc, char **argv)
}
#endif
-#define COND(d) (count < (d))
-#define COUNT(d) (d)
#else
/* not worth fixing */
# error "You cannot disable DES on systems without SIGALRM."
#endif /* OPENSSL_NO_DES */
-#else
-#define COND(c) (run)
-#define COUNT(d) (count)
+#else /* SIGALRM */
signal(SIGALRM,sig_done);
-#endif /* SIGALRM */
+#endif
#ifndef OPENSSL_NO_MD2
if (doit[D_MD2])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_MD2][j]); count++)
- EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(),NULL);
- d=Time_F(STOP);
- print_result(D_MD2,j,count,d);
- }
- }
+ Test_Digest(D_MD2, EVP_md2());
#endif
#ifndef OPENSSL_NO_MDC2
if (doit[D_MDC2])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_MDC2][j]); count++)
- EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(),NULL);
- d=Time_F(STOP);
- print_result(D_MDC2,j,count,d);
- }
- }
+ Test_Digest(D_MDC2, EVP_mdc2());
#endif
#ifndef OPENSSL_NO_MD4
if (doit[D_MD4])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_MD4][j]); count++)
- EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(),NULL);
- d=Time_F(STOP);
- print_result(D_MD4,j,count,d);
- }
- }
+ Test_Digest(D_MD4, EVP_md4());
#endif
#ifndef OPENSSL_NO_MD5
if (doit[D_MD5])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_MD5][j]); count++)
- EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"),NULL);
- d=Time_F(STOP);
- print_result(D_MD5,j,count,d);
- }
- }
+ Test_Digest(D_MD5, EVP_md5());
#endif
#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
if (doit[D_HMAC])
- {
- HMAC_CTX hctx;
-
- HMAC_CTX_init(&hctx);
- HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
- 16,EVP_md5(), NULL);
-
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_HMAC][j]); count++)
- {
- HMAC_Init_ex(&hctx,NULL,0,NULL,NULL);
- HMAC_Update(&hctx,buf,lengths[j]);
- HMAC_Final(&hctx,&(hmac[0]),NULL);
- }
- d=Time_F(STOP);
- print_result(D_HMAC,j,count,d);
- }
- HMAC_CTX_cleanup(&hctx);
- }
+ Test_HMAC(D_HMAC, EVP_md5());
+#endif
+#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_HMAC)
+ if (doit[D_HMAC_SHA1])
+ Test_HMAC(D_HMAC_SHA1, EVP_sha1());
#endif
#ifndef OPENSSL_NO_SHA
if (doit[D_SHA1])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_SHA1][j]); count++)
- EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL);
- d=Time_F(STOP);
- print_result(D_SHA1,j,count,d);
- }
- }
+ Test_Digest(D_SHA1, EVP_sha1());
#ifndef OPENSSL_NO_SHA256
if (doit[D_SHA256])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_SHA256],c[D_SHA256][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_SHA256][j]); count++)
- SHA256(buf,lengths[j],sha256);
- d=Time_F(STOP);
- print_result(D_SHA256,j,count,d);
- }
- }
+ Test_Digest(D_SHA256, EVP_sha256());
#endif
#ifndef OPENSSL_NO_SHA512
if (doit[D_SHA512])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_SHA512],c[D_SHA512][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_SHA512][j]); count++)
- SHA512(buf,lengths[j],sha512);
- d=Time_F(STOP);
- print_result(D_SHA512,j,count,d);
- }
- }
+ Test_Digest(D_SHA512, EVP_sha512());
#endif
#endif
#ifndef OPENSSL_NO_RIPEMD
if (doit[D_RMD160])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_RMD160][j]); count++)
- EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(),NULL);
- d=Time_F(STOP);
- print_result(D_RMD160,j,count,d);
- }
- }
+ Test_Digest(D_RMD160, EVP_ripemd160());
#endif
#ifndef OPENSSL_NO_RC4
if (doit[D_RC4])
--
1.7.0.4
From 9fe6001d9b7a35a12a6a282677c79fd56eeaf99c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Fri, 4 Jun 2010 10:00:15 +0300
Subject: [PATCH 3/3] engine/padlock: implement sha1/sha224/sha256 acceleration
Limited support for VIA C7 that works only when EVP_MD_CTX_FLAG_ONESHOT
is used appropriately (as done by EVP_Digest, and my previous HMAC patch).
Full support for VIA Nano including partial transformation.
Benchmarks from VIA Nano 1.6GHz, done with including the previous HMAC and
apps/speed patches done. From single run, error margin of about 100-200k.
No padlock
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
sha1 20057.60k 51514.05k 99721.39k 130167.81k 142811.14k
sha256 7757.72k 16907.18k 28937.05k 35181.23k 37568.51k
hmac(sha1) 8582.53k 27644.69k 70402.30k 114602.67k 140167.85k
With the patch
sha1 37713.77k 114562.71k 259637.33k 379907.41k 438818.13k
sha256 34262.86k 103233.75k 232476.07k 338386.60k 389860.01k
hmac(sha1) 8424.70k 31475.11k 104036.10k 245559.30k 406667.26k
---
crypto/engine/eng_padlock.c | 597 +++++++++++++++++++++++++++++++++++++++---
1 files changed, 554 insertions(+), 43 deletions(-)
diff --git a/crypto/engine/eng_padlock.c b/crypto/engine/eng_padlock.c
index 743558a..28ec0f7 100644
--- a/crypto/engine/eng_padlock.c
+++ b/crypto/engine/eng_padlock.c
@@ -3,6 +3,9 @@
* Written by Michal Ludvig <michal@logix.cz>
* http://www.logix.cz/michal
*
+ * SHA support by Timo Teras <timo.teras@iki.fi>. Portions based on
+ * code originally written by Michal Ludvig.
+ *
* Big thanks to Andy Polyakov for a help with optimization,
* assembler fixes, port to MS Windows and a lot of other
* valuable work on this engine!
@@ -74,12 +77,23 @@
#ifndef OPENSSL_NO_AES
#include <openssl/aes.h>
#endif
+#ifndef OPENSSL_NO_SHA
+#include <openssl/sha.h>
+#endif
#include <openssl/rand.h>
#include <openssl/err.h>
#ifndef OPENSSL_NO_HW
#ifndef OPENSSL_NO_HW_PADLOCK
+/* PadLock RNG is disabled by default */
+#define PADLOCK_NO_RNG 1
+
+/* No ASM routines for SHA in MSC yet */
+#ifdef _MSC_VER
+#define OPENSSL_NO_SHA
+#endif
+
/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
#if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
@@ -138,58 +152,40 @@ static int padlock_available(void);
static int padlock_init(ENGINE *e);
/* RNG Stuff */
+#ifndef PADLOCK_NO_RNG
static RAND_METHOD padlock_rand;
-
-/* Cipher Stuff */
-#ifndef OPENSSL_NO_AES
-static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
#endif
/* Engine names */
static const char *padlock_id = "padlock";
static char padlock_name[100];
-/* Available features */
-static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
-static int padlock_use_rng = 0; /* Random Number Generator */
-#ifndef OPENSSL_NO_AES
-static int padlock_aes_align_required = 1;
-#endif
-
-/* ===== Engine "management" functions ===== */
+static int padlock_bind_helper(ENGINE *e);
-/* Prepare the ENGINE structure for registration */
-static int
-padlock_bind_helper(ENGINE *e)
-{
- /* Check available features */
- padlock_available();
-
-#if 1 /* disable RNG for now, see commentary in vicinity of RNG code */
- padlock_use_rng=0;
-#endif
-
- /* Generate a nice engine name with available features */
- BIO_snprintf(padlock_name, sizeof(padlock_name),
- "VIA PadLock (%s, %s)",
- padlock_use_rng ? "RNG" : "no-RNG",
- padlock_use_ace ? "ACE" : "no-ACE");
+ /* Available features */
+enum padlock_flags {
+ PADLOCK_RNG = 0x01,
+ PADLOCK_ACE = 0x02,
+ PADLOCK_ACE2 = 0x04,
+ PADLOCK_PHE = 0x08,
+ PADLOCK_PMM = 0x10,
+ PADLOCK_NANO = 0x20,
+};
+enum padlock_flags padlock_flags;
- /* Register everything or return with an error */
- if (!ENGINE_set_id(e, padlock_id) ||
- !ENGINE_set_name(e, padlock_name) ||
+#define PADLOCK_HAVE_RNG (padlock_flags & PADLOCK_RNG)
+#define PADLOCK_HAVE_ACE (padlock_flags & (PADLOCK_ACE|PADLOCK_ACE2))
+#define PADLOCK_HAVE_ACE1 (padlock_flags & PADLOCK_ACE)
+#define PADLOCK_HAVE_ACE2 (padlock_flags & PADLOCK_ACE2)
+#define PADLOCK_HAVE_PHE (padlock_flags & PADLOCK_PHE)
+#define PADLOCK_HAVE_PMM (padlock_flags & PADLOCK_PMM)
+#define PADLOCK_HAVE_NANO (padlock_flags & PADLOCK_NANO)
- !ENGINE_set_init_function(e, padlock_init) ||
#ifndef OPENSSL_NO_AES
- (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||
+static int padlock_aes_align_required = 1;
#endif
- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
- return 0;
- }
- /* Everything looks good */
- return 1;
-}
+/* ===== Engine "management" functions ===== */
/* Constructor */
static ENGINE *
@@ -213,7 +209,7 @@ ENGINE_padlock(void)
static int
padlock_init(ENGINE *e)
{
- return (padlock_use_rng || padlock_use_ace);
+ return padlock_flags;
}