Deprecate the "hw" configuration options, make "padlockeng" disablable

The "hw" and "hw-.*" style options are historical artifacts, sprung
from the time when ENGINE was first designed, with hardware crypto
accelerators and HSMs in mind.

Today, these options have largely lost their value, replaced by
options such as "no-{foo}eng" and "no-engine".

This completes the transition by making "hw" and "hw-.*" deprecated,
but automatically translated into more modern variants of the same.

In the process, we get rid of the last regular expression in
Configure's @disablables, a feature that was ill supported anyway.
Also, padlock now gets treated just as every other engine.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8380)

2 files changed, 66 insertions, 67 deletions

diff --git a/engines/build.info b/engines/build.info
index cf00a978cd..e5001c452c 100644
--- a/engines/build.info
+++ b/engines/build.info
@@ -1,9 +1,10 @@
 IF[{- !$disabled{"engine"} -}]
-
   IF[{- $disabled{"dynamic-engine"} -}]
     LIBS=../libcrypto
-    SOURCE[../libcrypto]=\
-            e_padlock.c {- $target{padlock_asm_src} -}
+    IF[{- !$disabled{padlockeng} -}]
+      SOURCE[../libcrypto]=\
+              e_padlock.c {- $target{padlock_asm_src} -}
+    ENDIF
     IF[{- !$disabled{capieng} -}]
       SOURCE[../libcrypto]=e_capi.c
     ENDIF
@@ -14,13 +15,18 @@ IF[{- !$disabled{"engine"} -}]
       SOURCE[../libcrypto]=e_devcrypto.c
     ENDIF
   ELSE
-    MODULES{engine}=padlock
-    SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -}
-    DEPEND[padlock]=../libcrypto
-    INCLUDE[padlock]=../include
-    IF[{- defined $target{shared_defflag} -}]
-      SHARED_SOURCE[padlock]=padlock.ld
-      GENERATE[padlock.ld]=../util/engines.num
+    IF[{- !$disabled{padlockeng} -}]
+      MODULES{engine}=padlock
+      SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -}
+      DEPEND[padlock]=../libcrypto
+      INCLUDE[padlock]=../include
+      GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl \
+        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
+      GENERATE[e_padlock-x86_64.s]=asm/e_padlock-x86_64.pl $(PERLASM_SCHEME)
+      IF[{- defined $target{shared_defflag} -}]
+        SHARED_SOURCE[padlock]=padlock.ld
+        GENERATE[padlock.ld]=../util/engines.num
+      ENDIF
     ENDIF
     IF[{- !$disabled{capieng} -}]
       MODULES{engine}=capi
@@ -69,8 +75,4 @@ IF[{- !$disabled{"engine"} -}]
       GENERATE[ossltest.ld]=../util/engines.num
     ENDIF
   ENDIF
-
-  GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl \
-        $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
-  GENERATE[e_padlock-x86_64.s]=asm/e_padlock-x86_64.pl $(PERLASM_SCHEME)
 ENDIF
diff --git a/engines/e_padlock.c b/engines/e_padlock.c
index 10b5a05ce8..78e9c79521 100644
--- a/engines/e_padlock.c
+++ b/engines/e_padlock.c
@@ -19,40 +19,39 @@
 #include <openssl/err.h>
 #include <openssl/modes.h>
 
-#ifndef OPENSSL_NO_HW
-# ifndef OPENSSL_NO_HW_PADLOCK
+#ifndef OPENSSL_NO_PADLOCKENG
 
 /*
  * VIA PadLock AES is available *ONLY* on some x86 CPUs. Not only that it
  * doesn't exist elsewhere, but it even can't be compiled on other platforms!
  */
 
-#  undef COMPILE_HW_PADLOCK
-#  if defined(PADLOCK_ASM)
-#   define COMPILE_HW_PADLOCK
-#   ifdef OPENSSL_NO_DYNAMIC_ENGINE
+# undef COMPILE_PADLOCKENG
+# if defined(PADLOCK_ASM)
+#  define COMPILE_PADLOCKENG
+#  ifdef OPENSSL_NO_DYNAMIC_ENGINE
 static ENGINE *ENGINE_padlock(void);
-#   endif
 #  endif
+# endif
 
-#  ifdef OPENSSL_NO_DYNAMIC_ENGINE
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
 void engine_load_padlock_int(void);
 void engine_load_padlock_int(void)
 {
 /* On non-x86 CPUs it just returns. */
-#   ifdef COMPILE_HW_PADLOCK
+#  ifdef COMPILE_PADLOCKENG
     ENGINE *toadd = ENGINE_padlock();
     if (!toadd)
         return;
     ENGINE_add(toadd);
     ENGINE_free(toadd);
     ERR_clear_error();
-#   endif
+#  endif
 }
 
-#  endif
+# endif
 
-#  ifdef COMPILE_HW_PADLOCK
+# ifdef COMPILE_PADLOCKENG
 
 /* Function for ENGINE detection and control */
 static int padlock_available(void);
@@ -106,7 +105,7 @@ static int padlock_bind_helper(ENGINE *e)
     return 1;
 }
 
-#   ifdef OPENSSL_NO_DYNAMIC_ENGINE
+#  ifdef OPENSSL_NO_DYNAMIC_ENGINE
 /* Constructor */
 static ENGINE *ENGINE_padlock(void)
 {
@@ -123,7 +122,7 @@ static ENGINE *ENGINE_padlock(void)
 
     return eng;
 }
-#   endif
+#  endif
 
 /* Check availability of the engine */
 static int padlock_init(ENGINE *e)
@@ -135,7 +134,7 @@ static int padlock_init(ENGINE *e)
  * This stuff is needed if this ENGINE is being compiled into a
  * self-contained shared-library.
  */
-#   ifndef OPENSSL_NO_DYNAMIC_ENGINE
+#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
 static int padlock_bind_fn(ENGINE *e, const char *id)
 {
     if (id && (strcmp(id, padlock_id) != 0)) {
@@ -151,14 +150,14 @@ static int padlock_bind_fn(ENGINE *e, const char *id)
 
 IMPLEMENT_DYNAMIC_CHECK_FN()
 IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn)
-#   endif                       /* !OPENSSL_NO_DYNAMIC_ENGINE */
+#  endif                       /* !OPENSSL_NO_DYNAMIC_ENGINE */
 /* ===== Here comes the "real" engine ===== */
 
 /* Some AES-related constants */
-#   define AES_BLOCK_SIZE          16
-#   define AES_KEY_SIZE_128        16
-#   define AES_KEY_SIZE_192        24
-#   define AES_KEY_SIZE_256        32
+#  define AES_BLOCK_SIZE          16
+#  define AES_KEY_SIZE_128        16
+#  define AES_KEY_SIZE_192        24
+#  define AES_KEY_SIZE_256        32
     /*
      * Here we store the status information relevant to the current context.
      */
@@ -224,29 +223,29 @@ static int padlock_available(void)
 
 /* ===== AES encryption/decryption ===== */
 
-#   if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
-#    define NID_aes_128_cfb NID_aes_128_cfb128
-#   endif
+#  if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
+#   define NID_aes_128_cfb NID_aes_128_cfb128
+#  endif
 
-#   if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
-#    define NID_aes_128_ofb NID_aes_128_ofb128
-#   endif
+#  if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
+#   define NID_aes_128_ofb NID_aes_128_ofb128
+#  endif
 
-#   if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
-#    define NID_aes_192_cfb NID_aes_192_cfb128
-#   endif
+#  if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
+#   define NID_aes_192_cfb NID_aes_192_cfb128
+#  endif
 
-#   if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
-#    define NID_aes_192_ofb NID_aes_192_ofb128
-#   endif
+#  if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
+#   define NID_aes_192_ofb NID_aes_192_ofb128
+#  endif
 
-#   if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
-#    define NID_aes_256_cfb NID_aes_256_cfb128
-#   endif
+#  if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
+#   define NID_aes_256_cfb NID_aes_256_cfb128
+#  endif
 
-#   if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
-#    define NID_aes_256_ofb NID_aes_256_ofb128
-#   endif
+#  if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
+#   define NID_aes_256_ofb NID_aes_256_ofb128
+#  endif
 
 /* List of supported ciphers. */
 static const int padlock_cipher_nids[] = {
@@ -276,9 +275,9 @@ static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) /
 static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                                 const unsigned char *iv, int enc);
 
-#   define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) +         \
+#  define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) +         \
         ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F )      )
-#   define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
+#  define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
         NEAREST_ALIGNED(EVP_CIPHER_CTX_get_cipher_data(ctx)))
 
 static int
@@ -453,17 +452,17 @@ padlock_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
     return 1;
 }
 
-#   define EVP_CIPHER_block_size_ECB       AES_BLOCK_SIZE
-#   define EVP_CIPHER_block_size_CBC       AES_BLOCK_SIZE
-#   define EVP_CIPHER_block_size_OFB       1
-#   define EVP_CIPHER_block_size_CFB       1
-#   define EVP_CIPHER_block_size_CTR       1
+#  define EVP_CIPHER_block_size_ECB       AES_BLOCK_SIZE
+#  define EVP_CIPHER_block_size_CBC       AES_BLOCK_SIZE
+#  define EVP_CIPHER_block_size_OFB       1
+#  define EVP_CIPHER_block_size_CFB       1
+#  define EVP_CIPHER_block_size_CTR       1
 
 /*
  * Declaring so many ciphers by hand would be a pain. Instead introduce a bit
  * of preprocessor magic :-)
  */
-#   define DECLARE_AES_EVP(ksize,lmode,umode)      \
+#  define DECLARE_AES_EVP(ksize,lmode,umode)      \
 static EVP_CIPHER *_hidden_aes_##ksize##_##lmode = NULL; \
 static const EVP_CIPHER *padlock_aes_##ksize##_##lmode(void) \
 {                                                                       \
@@ -626,12 +625,12 @@ padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
             AES_set_decrypt_key(key, key_len, &cdata->ks);
         else
             AES_set_encrypt_key(key, key_len, &cdata->ks);
-#   ifndef AES_ASM
+#  ifndef AES_ASM
         /*
          * OpenSSL C functions use byte-swapped extended key.
          */
         padlock_key_bswap(&cdata->ks);
-#   endif
+#  endif
         cdata->cword.b.keygen = 1;
         break;
 
@@ -714,12 +713,10 @@ static RAND_METHOD padlock_rand = {
     padlock_rand_status,        /* rand status */
 };
 
-#  endif                        /* COMPILE_HW_PADLOCK */
-# endif                         /* !OPENSSL_NO_HW_PADLOCK */
-#endif                          /* !OPENSSL_NO_HW */
+# endif                        /* COMPILE_PADLOCKENG */
+#endif                         /* !OPENSSL_NO_PADLOCKENG */
 
-#if defined(OPENSSL_NO_HW) || defined(OPENSSL_NO_HW_PADLOCK) \
-        || !defined(COMPILE_HW_PADLOCK)
+#if defined(OPENSSL_NO_PADLOCKENG) || !defined(COMPILE_PADLOCKENG)
 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
 OPENSSL_EXPORT
     int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);