diff options
Diffstat (limited to 'src/include')
31 files changed, 230 insertions, 159 deletions
diff --git a/src/include/openssl/aead.h b/src/include/openssl/aead.h index af315548..f19344e4 100644 --- a/src/include/openssl/aead.h +++ b/src/include/openssl/aead.h @@ -425,7 +425,7 @@ OPENSSL_EXPORT int EVP_AEAD_CTX_tag_len(const EVP_AEAD_CTX *ctx, #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN using ScopedEVP_AEAD_CTX = internal::StackAllocated<EVP_AEAD_CTX, void, EVP_AEAD_CTX_zero, @@ -433,7 +433,7 @@ using ScopedEVP_AEAD_CTX = BORINGSSL_MAKE_DELETER(EVP_AEAD_CTX, EVP_AEAD_CTX_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/src/include/openssl/asn1.h b/src/include/openssl/asn1.h index f7b6b861..46e5f537 100644 --- a/src/include/openssl/asn1.h +++ b/src/include/openssl/asn1.h @@ -875,13 +875,13 @@ OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(ASN1_OBJECT, ASN1_OBJECT_free) BORINGSSL_MAKE_DELETER(ASN1_STRING, ASN1_STRING_free) BORINGSSL_MAKE_DELETER(ASN1_TYPE, ASN1_TYPE_free) -} // namespace bssl +BSSL_NAMESPACE_END } /* extern C++ */ diff --git a/src/include/openssl/base.h b/src/include/openssl/base.h index aa1be1f7..d1349934 100644 --- a/src/include/openssl/base.h +++ b/src/include/openssl/base.h @@ -71,6 +71,10 @@ #include <openssl/is_boringssl.h> #include <openssl/opensslconf.h> +#if defined(BORINGSSL_PREFIX) +#include <boringssl_prefix_symbols.h> +#endif + #if defined(__cplusplus) extern "C" { #endif @@ -227,9 +231,17 @@ extern "C" { #endif #if __has_feature(memory_sanitizer) #define OPENSSL_MSAN +#define OPENSSL_ASM_INCOMPATIBLE #endif #endif +#if defined(OPENSSL_ASM_INCOMPATIBLE) +#undef OPENSSL_ASM_INCOMPATIBLE +#if !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM +#endif +#endif // OPENSSL_ASM_INCOMPATIBLE + // CRYPTO_THREADID is a dummy value. typedef int CRYPTO_THREADID; @@ -358,6 +370,18 @@ typedef void *OPENSSL_BLOCK; #define BORINGSSL_NO_CXX #endif +#if defined(BORINGSSL_PREFIX) +#define BSSL_NAMESPACE_BEGIN \ + namespace bssl { \ + inline namespace BORINGSSL_PREFIX { +#define BSSL_NAMESPACE_END \ + } \ + } +#else +#define BSSL_NAMESPACE_BEGIN namespace bssl { +#define BSSL_NAMESPACE_END } +#endif + // MSVC doesn't set __cplusplus to 201103 to indicate C++11 support (see // https://connect.microsoft.com/VisualStudio/feedback/details/763051/a-value-of-predefined-macro-cplusplus-is-still-199711l) // so MSVC is just assumed to support C++11. @@ -366,6 +390,7 @@ typedef void *OPENSSL_BLOCK; #endif #if !defined(BORINGSSL_NO_CXX) + extern "C++" { #include <memory> @@ -387,7 +412,7 @@ extern "C++" { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN namespace internal { @@ -464,7 +489,7 @@ using UniquePtr = std::unique_ptr<T, internal::Deleter<T>>; return UpRef(ptr.get()); \ } -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/base64.h b/src/include/openssl/base64.h index ef760886..c88546d7 100644 --- a/src/include/openssl/base64.h +++ b/src/include/openssl/base64.h @@ -67,7 +67,10 @@ extern "C" { // base64 functions. // // For historical reasons, these functions have the EVP_ prefix but just do -// base64 encoding and decoding. +// base64 encoding and decoding. Note that BoringSSL is a cryptography library, +// so these functions are implemented with side channel protections, at a +// performance cost. For other base64 uses, use a general-purpose base64 +// implementation. // Encoding diff --git a/src/include/openssl/bio.h b/src/include/openssl/bio.h index adb641b2..70c2fbf7 100644 --- a/src/include/openssl/bio.h +++ b/src/include/openssl/bio.h @@ -677,26 +677,49 @@ OPENSSL_EXPORT void BIO_set_init(BIO *bio, int init); OPENSSL_EXPORT int BIO_get_init(BIO *bio); // These are values of the |cmd| argument to |BIO_ctrl|. -#define BIO_CTRL_RESET 1 // opt - rewind/zero etc -#define BIO_CTRL_EOF 2 // opt - are we at the eof -#define BIO_CTRL_INFO 3 // opt - extra tit-bits -#define BIO_CTRL_SET 4 // man - set the 'IO' type -#define BIO_CTRL_GET 5 // man - get the 'IO' type -#define BIO_CTRL_PUSH 6 -#define BIO_CTRL_POP 7 -#define BIO_CTRL_GET_CLOSE 8 // man - set the 'close' on free -#define BIO_CTRL_SET_CLOSE 9 // man - set the 'close' on free -#define BIO_CTRL_PENDING 10 // opt - is their more data buffered -#define BIO_CTRL_FLUSH 11 // opt - 'flush' buffered output -#define BIO_CTRL_WPENDING 13 // opt - number of bytes still to write -// callback is int cb(BIO *bio,state,ret); -#define BIO_CTRL_SET_CALLBACK 14 // opt - set callback function -#define BIO_CTRL_GET_CALLBACK 15 // opt - set callback function -#define BIO_CTRL_SET_FILENAME 30 // BIO_s_file special - -// BIO_CTRL_DUP is never used, but exists to allow code to compile more -// easily. -#define BIO_CTRL_DUP 12 + +// BIO_CTRL_RESET implements |BIO_reset|. The arguments are unused. +#define BIO_CTRL_RESET 1 + +// BIO_CTRL_EOF implements |BIO_eof|. The arguments are unused. +#define BIO_CTRL_EOF 2 + +// BIO_CTRL_INFO is a legacy command that returns information specific to the +// type of |BIO|. It is not safe to call generically and should not be +// implemented in new |BIO| types. +#define BIO_CTRL_INFO 3 + +// BIO_CTRL_GET_CLOSE returns the close flag set by |BIO_CTRL_SET_CLOSE|. The +// arguments are unused. +#define BIO_CTRL_GET_CLOSE 8 + +// BIO_CTRL_SET_CLOSE implements |BIO_set_close|. The |larg| argument is the +// close flag. +#define BIO_CTRL_SET_CLOSE 9 + +// BIO_CTRL_PENDING implements |BIO_pending|. The arguments are unused. +#define BIO_CTRL_PENDING 10 + +// BIO_CTRL_FLUSH implements |BIO_flush|. The arguments are unused. +#define BIO_CTRL_FLUSH 11 + +// BIO_CTRL_WPENDING implements |BIO_wpending|. The arguments are unused. +#define BIO_CTRL_WPENDING 13 + +// BIO_CTRL_SET_CALLBACK sets an informational callback of type +// int cb(BIO *bio, int state, int ret) +#define BIO_CTRL_SET_CALLBACK 14 + +// BIO_CTRL_GET_CALLBACK returns the callback set by |BIO_CTRL_SET_CALLBACK|. +#define BIO_CTRL_GET_CALLBACK 15 + +// The following are never used, but are defined to aid porting existing code. +#define BIO_CTRL_SET 4 +#define BIO_CTRL_GET 5 +#define BIO_CTRL_PUSH 6 +#define BIO_CTRL_POP 7 +#define BIO_CTRL_DUP 12 +#define BIO_CTRL_SET_FILENAME 30 // Deprecated functions. @@ -706,6 +729,8 @@ OPENSSL_EXPORT int BIO_get_init(BIO *bio); // |BIO_flush| when done writing, to signal that no more data are to be // encoded. The flag |BIO_FLAGS_BASE64_NO_NL| may be set to encode all the data // on one line. +// +// Use |EVP_EncodeBlock| and |EVP_DecodeBase64| instead. OPENSSL_EXPORT const BIO_METHOD *BIO_f_base64(void); OPENSSL_EXPORT void BIO_set_retry_special(BIO *bio); @@ -733,8 +758,8 @@ OPENSSL_EXPORT int BIO_meth_set_puts(BIO_METHOD *method, #define BIO_FLAGS_RWS (BIO_FLAGS_READ | BIO_FLAGS_WRITE | BIO_FLAGS_IO_SPECIAL) #define BIO_FLAGS_SHOULD_RETRY 0x08 #define BIO_FLAGS_BASE64_NO_NL 0x100 -// This is used with memory BIOs: it means we shouldn't free up or change the -// data in any way. +// BIO_FLAGS_MEM_RDONLY is used with memory BIOs. It means we shouldn't free up +// or change the data in any way. #define BIO_FLAGS_MEM_RDONLY 0x200 // These are the 'types' of BIOs @@ -762,7 +787,7 @@ OPENSSL_EXPORT int BIO_meth_set_puts(BIO_METHOD *method, #define BIO_TYPE_ASN1 (22 | 0x0200) // filter #define BIO_TYPE_COMP (23 | 0x0200) // filter -// |BIO_TYPE_DESCRIPTOR| denotes that the |BIO| responds to the |BIO_C_SET_FD| +// BIO_TYPE_DESCRIPTOR denotes that the |BIO| responds to the |BIO_C_SET_FD| // (|BIO_set_fd|) and |BIO_C_GET_FD| (|BIO_get_fd|) control hooks. #define BIO_TYPE_DESCRIPTOR 0x0100 // socket, fd, connect or accept #define BIO_TYPE_FILTER 0x0200 @@ -809,61 +834,61 @@ struct bio_st { size_t num_read, num_write; }; -#define BIO_C_SET_CONNECT 100 -#define BIO_C_DO_STATE_MACHINE 101 -#define BIO_C_SET_NBIO 102 -#define BIO_C_SET_PROXY_PARAM 103 -#define BIO_C_SET_FD 104 -#define BIO_C_GET_FD 105 -#define BIO_C_SET_FILE_PTR 106 -#define BIO_C_GET_FILE_PTR 107 -#define BIO_C_SET_FILENAME 108 -#define BIO_C_SET_SSL 109 -#define BIO_C_GET_SSL 110 -#define BIO_C_SET_MD 111 -#define BIO_C_GET_MD 112 -#define BIO_C_GET_CIPHER_STATUS 113 -#define BIO_C_SET_BUF_MEM 114 -#define BIO_C_GET_BUF_MEM_PTR 115 -#define BIO_C_GET_BUFF_NUM_LINES 116 -#define BIO_C_SET_BUFF_SIZE 117 -#define BIO_C_SET_ACCEPT 118 -#define BIO_C_SSL_MODE 119 -#define BIO_C_GET_MD_CTX 120 -#define BIO_C_GET_PROXY_PARAM 121 -#define BIO_C_SET_BUFF_READ_DATA 122 // data to read first -#define BIO_C_GET_ACCEPT 124 -#define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 -#define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 -#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 -#define BIO_C_FILE_SEEK 128 -#define BIO_C_GET_CIPHER_CTX 129 -#define BIO_C_SET_BUF_MEM_EOF_RETURN 130 //return end of input value -#define BIO_C_SET_BIND_MODE 131 -#define BIO_C_GET_BIND_MODE 132 -#define BIO_C_FILE_TELL 133 -#define BIO_C_GET_SOCKS 134 -#define BIO_C_SET_SOCKS 135 - -#define BIO_C_SET_WRITE_BUF_SIZE 136 // for BIO_s_bio -#define BIO_C_GET_WRITE_BUF_SIZE 137 -#define BIO_C_GET_WRITE_GUARANTEE 140 -#define BIO_C_GET_READ_REQUEST 141 -#define BIO_C_SHUTDOWN_WR 142 -#define BIO_C_NREAD0 143 -#define BIO_C_NREAD 144 -#define BIO_C_NWRITE0 145 -#define BIO_C_NWRITE 146 -#define BIO_C_RESET_READ_REQUEST 147 -#define BIO_C_SET_MD_CTX 148 - -#define BIO_C_SET_PREFIX 149 -#define BIO_C_GET_PREFIX 150 -#define BIO_C_SET_SUFFIX 151 -#define BIO_C_GET_SUFFIX 152 - -#define BIO_C_SET_EX_ARG 153 -#define BIO_C_GET_EX_ARG 154 +#define BIO_C_SET_CONNECT 100 +#define BIO_C_DO_STATE_MACHINE 101 +#define BIO_C_SET_NBIO 102 +#define BIO_C_SET_PROXY_PARAM 103 +#define BIO_C_SET_FD 104 +#define BIO_C_GET_FD 105 +#define BIO_C_SET_FILE_PTR 106 +#define BIO_C_GET_FILE_PTR 107 +#define BIO_C_SET_FILENAME 108 +#define BIO_C_SET_SSL 109 +#define BIO_C_GET_SSL 110 +#define BIO_C_SET_MD 111 +#define BIO_C_GET_MD 112 +#define BIO_C_GET_CIPHER_STATUS 113 +#define BIO_C_SET_BUF_MEM 114 +#define BIO_C_GET_BUF_MEM_PTR 115 +#define BIO_C_GET_BUFF_NUM_LINES 116 +#define BIO_C_SET_BUFF_SIZE 117 +#define BIO_C_SET_ACCEPT 118 +#define BIO_C_SSL_MODE 119 +#define BIO_C_GET_MD_CTX 120 +#define BIO_C_GET_PROXY_PARAM 121 +#define BIO_C_SET_BUFF_READ_DATA 122 // data to read first +#define BIO_C_GET_ACCEPT 124 +#define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 +#define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 +#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 +#define BIO_C_FILE_SEEK 128 +#define BIO_C_GET_CIPHER_CTX 129 +#define BIO_C_SET_BUF_MEM_EOF_RETURN 130 // return end of input value +#define BIO_C_SET_BIND_MODE 131 +#define BIO_C_GET_BIND_MODE 132 +#define BIO_C_FILE_TELL 133 +#define BIO_C_GET_SOCKS 134 +#define BIO_C_SET_SOCKS 135 + +#define BIO_C_SET_WRITE_BUF_SIZE 136 // for BIO_s_bio +#define BIO_C_GET_WRITE_BUF_SIZE 137 +#define BIO_C_GET_WRITE_GUARANTEE 140 +#define BIO_C_GET_READ_REQUEST 141 +#define BIO_C_SHUTDOWN_WR 142 +#define BIO_C_NREAD0 143 +#define BIO_C_NREAD 144 +#define BIO_C_NWRITE0 145 +#define BIO_C_NWRITE 146 +#define BIO_C_RESET_READ_REQUEST 147 +#define BIO_C_SET_MD_CTX 148 + +#define BIO_C_SET_PREFIX 149 +#define BIO_C_GET_PREFIX 150 +#define BIO_C_SET_SUFFIX 151 +#define BIO_C_GET_SUFFIX 152 + +#define BIO_C_SET_EX_ARG 153 +#define BIO_C_GET_EX_ARG 154 #if defined(__cplusplus) @@ -871,12 +896,12 @@ struct bio_st { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(BIO, BIO_free) BORINGSSL_MAKE_UP_REF(BIO, BIO_up_ref) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/bn.h b/src/include/openssl/bn.h index e8cc70a8..251c717c 100644 --- a/src/include/openssl/bn.h +++ b/src/include/openssl/bn.h @@ -630,9 +630,12 @@ OPENSSL_EXPORT int BN_rand_range_ex(BIGNUM *r, BN_ULONG min_inclusive, // BN_pseudo_rand_range is an alias for BN_rand_range. OPENSSL_EXPORT int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); -// BN_GENCB holds a callback function that is used by generation functions that -// can take a very long time to complete. Use |BN_GENCB_set| to initialise a -// |BN_GENCB| structure. +#define BN_GENCB_GENERATED 0 +#define BN_GENCB_PRIME_TEST 1 + +// bn_gencb_st, or |BN_GENCB|, holds a callback function that is used by +// generation functions that can take a very long time to complete. Use +// |BN_GENCB_set| to initialise a |BN_GENCB| structure. // // The callback receives the address of that |BN_GENCB| structure as its last // argument and the user is free to put an arbitrary pointer in |arg|. The other @@ -648,9 +651,6 @@ OPENSSL_EXPORT int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); // // When other code needs to call a BN generation function it will often take a // BN_GENCB argument and may call the function with other argument values. -#define BN_GENCB_GENERATED 0 -#define BN_GENCB_PRIME_TEST 1 - struct bn_gencb_st { void *arg; // callback-specific data int (*callback)(int event, int n, struct bn_gencb_st *); @@ -987,7 +987,7 @@ OPENSSL_EXPORT unsigned BN_num_bits_word(BN_ULONG l); #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(BIGNUM, BN_free) BORINGSSL_MAKE_DELETER(BN_CTX, BN_CTX_free) @@ -1005,7 +1005,7 @@ class BN_CTXScope { BN_CTXScope &operator=(BN_CTXScope &) = delete; }; -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/src/include/openssl/buf.h b/src/include/openssl/buf.h index 3f961b87..10a555f4 100644 --- a/src/include/openssl/buf.h +++ b/src/include/openssl/buf.h @@ -124,11 +124,11 @@ OPENSSL_EXPORT size_t BUF_strlcat(char *dst, const char *src, size_t dst_size); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(BUF_MEM, BUF_MEM_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/bytestring.h b/src/include/openssl/bytestring.h index 30576042..1400f2ed 100644 --- a/src/include/openssl/bytestring.h +++ b/src/include/openssl/bytestring.h @@ -491,11 +491,11 @@ OPENSSL_EXPORT int CBB_flush_asn1_set_of(CBB *cbb); #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN using ScopedCBB = internal::StackAllocated<CBB, void, CBB_zero, CBB_cleanup>; -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/src/include/openssl/cipher.h b/src/include/openssl/cipher.h index 727d7a7f..59634138 100644 --- a/src/include/openssl/cipher.h +++ b/src/include/openssl/cipher.h @@ -438,7 +438,7 @@ OPENSSL_EXPORT void EVP_CIPHER_CTX_set_flags(const EVP_CIPHER_CTX *ctx, // EVP_CIPH_NO_PADDING disables padding in block ciphers. #define EVP_CIPH_NO_PADDING 0x800 -// EVP_CIPHER_CTX_ctrl commands. +// The following are |EVP_CIPHER_CTX_ctrl| commands. #define EVP_CTRL_INIT 0x0 #define EVP_CTRL_SET_KEY_LENGTH 0x1 #define EVP_CTRL_GET_RC2_KEY_BITS 0x2 @@ -454,15 +454,12 @@ OPENSSL_EXPORT void EVP_CIPHER_CTX_set_flags(const EVP_CIPHER_CTX *ctx, #define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 #define EVP_CTRL_GCM_IV_GEN 0x13 #define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 -// Set the GCM invocation field, decrypt only +// EVP_CTRL_GCM_SET_IV_INV sets the GCM invocation field, decrypt only #define EVP_CTRL_GCM_SET_IV_INV 0x18 -// GCM TLS constants -// Length of fixed part of IV derived from PRF +// The following constants are unused. #define EVP_GCM_TLS_FIXED_IV_LEN 4 -// Length of explicit part of IV part of TLS records #define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 -// Length of tag for TLS #define EVP_GCM_TLS_TAG_LEN 16 // The following are legacy aliases for AEAD |EVP_CIPHER_CTX_ctrl| values. @@ -574,7 +571,7 @@ struct evp_cipher_st { #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(EVP_CIPHER_CTX, EVP_CIPHER_CTX_free) @@ -582,7 +579,7 @@ using ScopedEVP_CIPHER_CTX = internal::StackAllocated<EVP_CIPHER_CTX, int, EVP_CIPHER_CTX_init, EVP_CIPHER_CTX_cleanup>; -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/src/include/openssl/cmac.h b/src/include/openssl/cmac.h index 5e9f3d03..3e8cf929 100644 --- a/src/include/openssl/cmac.h +++ b/src/include/openssl/cmac.h @@ -78,11 +78,11 @@ OPENSSL_EXPORT int CMAC_Final(CMAC_CTX *ctx, uint8_t *out, size_t *out_len); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(CMAC_CTX, CMAC_CTX_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/conf.h b/src/include/openssl/conf.h index 4ffce378..07e34eec 100644 --- a/src/include/openssl/conf.h +++ b/src/include/openssl/conf.h @@ -162,11 +162,11 @@ OPENSSL_EXPORT void OPENSSL_no_config(void); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(CONF, NCONF_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/curve25519.h b/src/include/openssl/curve25519.h index 332215be..a455389c 100644 --- a/src/include/openssl/curve25519.h +++ b/src/include/openssl/curve25519.h @@ -188,11 +188,11 @@ OPENSSL_EXPORT int SPAKE2_process_msg(SPAKE2_CTX *ctx, uint8_t *out_key, extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(SPAKE2_CTX, SPAKE2_CTX_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/dh.h b/src/include/openssl/dh.h index ae24c25d..7188790a 100644 --- a/src/include/openssl/dh.h +++ b/src/include/openssl/dh.h @@ -278,11 +278,11 @@ struct dh_st { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(DH, DH_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/digest.h b/src/include/openssl/digest.h index 4a2b710f..1a1ca297 100644 --- a/src/include/openssl/digest.h +++ b/src/include/openssl/digest.h @@ -295,7 +295,7 @@ struct env_md_ctx_st { #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(EVP_MD_CTX, EVP_MD_CTX_free) @@ -303,7 +303,7 @@ using ScopedEVP_MD_CTX = internal::StackAllocated<EVP_MD_CTX, int, EVP_MD_CTX_init, EVP_MD_CTX_cleanup>; -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/src/include/openssl/dsa.h b/src/include/openssl/dsa.h index a5fa7678..70cde7bb 100644 --- a/src/include/openssl/dsa.h +++ b/src/include/openssl/dsa.h @@ -417,12 +417,12 @@ struct dsa_st { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(DSA, DSA_free) BORINGSSL_MAKE_DELETER(DSA_SIG, DSA_SIG_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/ec.h b/src/include/openssl/ec.h index dbb72abc..41a9c34c 100644 --- a/src/include/openssl/ec.h +++ b/src/include/openssl/ec.h @@ -357,12 +357,12 @@ OPENSSL_EXPORT void EC_POINT_clear_free(EC_POINT *point); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(EC_POINT, EC_POINT_free) BORINGSSL_MAKE_DELETER(EC_GROUP, EC_GROUP_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/ec_key.h b/src/include/openssl/ec_key.h index 69440498..7e9e4e8f 100644 --- a/src/include/openssl/ec_key.h +++ b/src/include/openssl/ec_key.h @@ -336,11 +336,11 @@ OPENSSL_EXPORT int i2o_ECPublicKey(const EC_KEY *key, unsigned char **outp); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(EC_KEY, EC_KEY_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/ecdsa.h b/src/include/openssl/ecdsa.h index ff326ab9..d4d353e0 100644 --- a/src/include/openssl/ecdsa.h +++ b/src/include/openssl/ecdsa.h @@ -179,11 +179,11 @@ OPENSSL_EXPORT int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(ECDSA_SIG, ECDSA_SIG_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/engine.h b/src/include/openssl/engine.h index 595e53c0..9d459527 100644 --- a/src/include/openssl/engine.h +++ b/src/include/openssl/engine.h @@ -94,11 +94,11 @@ struct openssl_method_common_st { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(ENGINE, ENGINE_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/evp.h b/src/include/openssl/evp.h index 9b00a070..1d7192da 100644 --- a/src/include/openssl/evp.h +++ b/src/include/openssl/evp.h @@ -839,8 +839,12 @@ OPENSSL_EXPORT DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey); // constants to 'ctrl' functions. To avoid breaking #ifdefs in consumers, this // section defines a number of legacy macros. +// |BORINGSSL_PREFIX| already makes each of these symbols into macros, so there +// is no need to define conflicting macros. +#if !defined(BORINGSSL_PREFIX) #define EVP_PKEY_CTX_set_rsa_oaep_md EVP_PKEY_CTX_set_rsa_oaep_md #define EVP_PKEY_CTX_set0_rsa_oaep_label EVP_PKEY_CTX_set0_rsa_oaep_label +#endif // Private structures. @@ -870,13 +874,13 @@ struct evp_pkey_st { } // extern C extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(EVP_PKEY, EVP_PKEY_free) BORINGSSL_MAKE_UP_REF(EVP_PKEY, EVP_PKEY_up_ref) BORINGSSL_MAKE_DELETER(EVP_PKEY_CTX, EVP_PKEY_CTX_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/hmac.h b/src/include/openssl/hmac.h index 977dea67..b5d1e420 100644 --- a/src/include/openssl/hmac.h +++ b/src/include/openssl/hmac.h @@ -169,14 +169,14 @@ struct hmac_ctx_st { #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(HMAC_CTX, HMAC_CTX_free) using ScopedHMAC_CTX = internal::StackAllocated<HMAC_CTX, void, HMAC_CTX_init, HMAC_CTX_cleanup>; -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/src/include/openssl/mem.h b/src/include/openssl/mem.h index 7d7087e6..9f9c00dd 100644 --- a/src/include/openssl/mem.h +++ b/src/include/openssl/mem.h @@ -142,12 +142,12 @@ OPENSSL_EXPORT int BIO_vsnprintf(char *buf, size_t n, const char *format, extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(char, OPENSSL_free) BORINGSSL_MAKE_DELETER(uint8_t, OPENSSL_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/pkcs7.h b/src/include/openssl/pkcs7.h index 52b649c2..cb6155ff 100644 --- a/src/include/openssl/pkcs7.h +++ b/src/include/openssl/pkcs7.h @@ -199,11 +199,11 @@ OPENSSL_EXPORT PKCS7 *PKCS7_sign(X509 *sign_cert, EVP_PKEY *pkey, } // extern C extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(PKCS7, PKCS7_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/src/include/openssl/pkcs8.h b/src/include/openssl/pkcs8.h index 9a66dd02..ee48f194 100644 --- a/src/include/openssl/pkcs8.h +++ b/src/include/openssl/pkcs8.h @@ -215,12 +215,12 @@ OPENSSL_EXPORT void PKCS12_free(PKCS12 *p12); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(PKCS12, PKCS12_free) BORINGSSL_MAKE_DELETER(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/pool.h b/src/include/openssl/pool.h index 1259f4a5..0e4bdd5c 100644 --- a/src/include/openssl/pool.h +++ b/src/include/openssl/pool.h @@ -87,13 +87,13 @@ OPENSSL_EXPORT void CRYPTO_BUFFER_init_CBS(const CRYPTO_BUFFER *buf, CBS *out); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER_POOL, CRYPTO_BUFFER_POOL_free) BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER, CRYPTO_BUFFER_free) BORINGSSL_MAKE_UP_REF(CRYPTO_BUFFER, CRYPTO_BUFFER_up_ref) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/rsa.h b/src/include/openssl/rsa.h index 98bb31c3..8098c482 100644 --- a/src/include/openssl/rsa.h +++ b/src/include/openssl/rsa.h @@ -175,11 +175,19 @@ OPENSSL_EXPORT int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb); // These functions are considered non-mutating for thread-safety purposes and // may be used concurrently. -// Padding types for encryption. +// RSA_PKCS1_PADDING denotes PKCS#1 v1.5 padding. When used with encryption, +// this is RSAES-PKCS1-v1_5. When used with signing, this is RSASSA-PKCS1-v1_5. #define RSA_PKCS1_PADDING 1 + +// RSA_NO_PADDING denotes a raw RSA operation. #define RSA_NO_PADDING 3 + +// RSA_PKCS1_OAEP_PADDING denotes the RSAES-OAEP encryption scheme. #define RSA_PKCS1_OAEP_PADDING 4 -// RSA_PKCS1_PSS_PADDING can only be used via the EVP interface. + +// RSA_PKCS1_PSS_PADDING denotes the RSASSA-PSS signature scheme. This value may +// not be passed into |RSA_sign_raw|, only |EVP_PKEY_CTX_set_rsa_padding|. See +// also |RSA_sign_pss_mgf1| and |RSA_verify_pss_mgf1|. #define RSA_PKCS1_PSS_PADDING 6 // RSA_encrypt encrypts |in_len| bytes from |in| to the public key from |rsa| @@ -285,7 +293,8 @@ OPENSSL_EXPORT int RSA_sign_pss_mgf1(RSA *rsa, size_t *out_len, uint8_t *out, // // The |padding| argument must be one of the |RSA_*_PADDING| values. If in // doubt, |RSA_PKCS1_PADDING| is the most common but |RSA_PKCS1_PSS_PADDING| -// (via the |EVP_PKEY| interface) is preferred for new protocols. +// (via |RSA_sign_pss_mgf1| or the |EVP_PKEY| interface) is preferred for new +// protocols. OPENSSL_EXPORT int RSA_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, const uint8_t *in, size_t in_len, int padding); @@ -330,7 +339,8 @@ OPENSSL_EXPORT int RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *msg, // // The |padding| argument must be one of the |RSA_*_PADDING| values. If in // doubt, |RSA_PKCS1_PADDING| is the most common but |RSA_PKCS1_PSS_PADDING| -// (via the |EVP_PKEY| interface) is preferred for new protocols. +// (via |RSA_verify_pss_mgf1| or the |EVP_PKEY| interface) is preferred for new +// protocols. OPENSSL_EXPORT int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, const uint8_t *in, size_t in_len, int padding); @@ -713,11 +723,11 @@ struct rsa_st { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(RSA, RSA_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/span.h b/src/include/openssl/span.h index 5ed96b7b..298a7222 100644 --- a/src/include/openssl/span.h +++ b/src/include/openssl/span.h @@ -25,7 +25,7 @@ extern "C++" { #include <cstdlib> #include <type_traits> -namespace bssl { +BSSL_NAMESPACE_BEGIN template <typename T> class Span; @@ -190,7 +190,7 @@ auto MakeConstSpan(const C &c) -> decltype(MakeConstSpan(c.data(), c.size())) { return MakeConstSpan(c.data(), c.size()); } -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h index daa58b05..0d5a444d 100644 --- a/src/include/openssl/ssl.h +++ b/src/include/openssl/ssl.h @@ -4314,6 +4314,7 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); // // These defines exist for node.js, with the hope that we can eliminate the // need for them over time. + #define SSLerr(function, reason) \ ERR_put_error(ERR_LIB_SSL, 0, reason, __FILE__, __LINE__) @@ -4382,6 +4383,10 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); #define SSL_CTRL_SET_TMP_RSA doesnt_exist #define SSL_CTRL_SET_TMP_RSA_CB doesnt_exist +// |BORINGSSL_PREFIX| already makes each of these symbols into macros, so there +// is no need to define conflicting macros. +#if !defined(BORINGSSL_PREFIX) + #define DTLSv1_get_timeout DTLSv1_get_timeout #define DTLSv1_handle_timeout DTLSv1_handle_timeout #define SSL_CTX_add0_chain_cert SSL_CTX_add0_chain_cert @@ -4451,6 +4456,8 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); #define SSL_set_tmp_rsa SSL_set_tmp_rsa #define SSL_total_renegotiations SSL_total_renegotiations +#endif // !defined(BORINGSSL_PREFIX) + #if defined(__cplusplus) } // extern C @@ -4459,7 +4466,7 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(SSL, SSL_free) BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free) @@ -4571,7 +4578,7 @@ OPENSSL_EXPORT bool SSL_apply_handoff(SSL *ssl, Span<const uint8_t> handoff); OPENSSL_EXPORT bool SSL_serialize_handback(const SSL *ssl, CBB *out); OPENSSL_EXPORT bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback); -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/stack.h b/src/include/openssl/stack.h index a1cca59c..15b6adf7 100644 --- a/src/include/openssl/stack.h +++ b/src/include/openssl/stack.h @@ -219,17 +219,17 @@ OPENSSL_EXPORT _STACK *sk_deep_copy(const _STACK *sk, #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN namespace internal { template <typename T> struct StackTraits {}; } -} +BSSL_NAMESPACE_END } #define BORINGSSL_DEFINE_STACK_TRAITS(name, type, is_const) \ extern "C++" { \ - namespace bssl { \ + BSSL_NAMESPACE_BEGIN \ namespace internal { \ template <> \ struct StackTraits<STACK_OF(name)> { \ @@ -238,7 +238,7 @@ struct StackTraits {}; static constexpr bool kIsConst = is_const; \ }; \ } \ - } \ + BSSL_NAMESPACE_END \ } #else @@ -393,7 +393,7 @@ extern "C++" { #include <type_traits> -namespace bssl { +BSSL_NAMESPACE_BEGIN namespace internal { @@ -474,7 +474,7 @@ static inline return true; } -} // namespace bssl +BSSL_NAMESPACE_END // Define begin() and end() for stack types so C++ range for loops work. template <typename Stack> diff --git a/src/include/openssl/x509.h b/src/include/openssl/x509.h index eeab5ec5..72f7314b 100644 --- a/src/include/openssl/x509.h +++ b/src/include/openssl/x509.h @@ -1129,7 +1129,7 @@ DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(NETSCAPE_SPKI, NETSCAPE_SPKI_free) BORINGSSL_MAKE_DELETER(RSA_PSS_PARAMS, RSA_PSS_PARAMS_free) @@ -1158,7 +1158,7 @@ using ScopedX509_STORE_CTX = internal::StackAllocated<X509_STORE_CTX, void, X509_STORE_CTX_zero, X509_STORE_CTX_cleanup>; -} // namespace bssl +BSSL_NAMESPACE_END } /* extern C++ */ #endif /* !BORINGSSL_NO_CXX */ diff --git a/src/include/openssl/x509v3.h b/src/include/openssl/x509v3.h index 1af439d7..53e20a07 100644 --- a/src/include/openssl/x509v3.h +++ b/src/include/openssl/x509v3.h @@ -751,7 +751,7 @@ DEFINE_STACK_OF(X509_POLICY_NODE) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(ACCESS_DESCRIPTION, ACCESS_DESCRIPTION_free) BORINGSSL_MAKE_DELETER(AUTHORITY_KEYID, AUTHORITY_KEYID_free) @@ -760,7 +760,7 @@ BORINGSSL_MAKE_DELETER(DIST_POINT, DIST_POINT_free) BORINGSSL_MAKE_DELETER(GENERAL_NAME, GENERAL_NAME_free) BORINGSSL_MAKE_DELETER(POLICYINFO, POLICYINFO_free) -} // namespace bssl +BSSL_NAMESPACE_END } /* extern C++ */ #endif |