kris
/
boringssl
1
0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
2823 Revīzijas
12 Atzari
38 MiB
Koks: 9d632f4582
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '9d632f4582'
${ noResults }
boringssl/include/openssl/crypto.h

crypto.h 3.1 KiB
Neapstrādāts Parastais skats Vēsture

Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add a CRYPTO_library_init and static-initializer-less build option. Chromium does not like static initializers, and the CPU logic uses one to initialize CPU bits. However, the crypto library lacks an explicit initialization function, which could complicate (no compile-time errors) porting existing code which uses crypto/, but not ssl/. Add an explicit CRYPTO_library_init function, but make it a no-op by default. It only does anything (and is required) if building with BORINGSSL_NO_STATIC_INITIALIZER. Change-Id: I6933bdc3447fb382b1f87c788e5b8142d6f3fe39 Reviewed-on: https://boringssl-review.googlesource.com/1770 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Put the mem.h include back into crypto.h. 054e68267553e0b64975444741efa8099688d960 removed the compatibility include of mem.h in crypto.h. mem.h doesn't exist in upstream which defines these functions in crypto.h instead. The compatibility include should probably be restored to avoid causing all kinds of grief when porting consumers over. Change-Id: Idfe0f9b43ebee5df22bebfe0ed6dc85ec98b4de0 Reviewed-on: https://boringssl-review.googlesource.com/4530 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Include thread.h from crypto.h, like OpenSSL. thread.h defines |CRYPTO_num_locks| and friends. Change-Id: Id28484d20226bf3ab49b2a75c48210167b96a2f3 Reviewed-on: https://boringssl-review.googlesource.com/5592 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add a CRYPTO_library_init and static-initializer-less build option. Chromium does not like static initializers, and the CPU logic uses one to initialize CPU bits. However, the crypto library lacks an explicit initialization function, which could complicate (no compile-time errors) porting existing code which uses crypto/, but not ssl/. Add an explicit CRYPTO_library_init function, but make it a no-op by default. It only does anything (and is required) if building with BORINGSSL_NO_STATIC_INITIALIZER. Change-Id: I6933bdc3447fb382b1f87c788e5b8142d6f3fe39 Reviewed-on: https://boringssl-review.googlesource.com/1770 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Document that CRYPTO_library_init may be called concurrently. This was fixed in 93a5b442964d9770b5faa0fb381a8c4f43e65abe, but it wasn't documented. Now that there are no pre-init functions to call like CRYPTO_set_neon_capable, one instance of BoringSSL may be safely shared between multiple consumers. As part of that, multiple consumers need to be able to call CRYPTO_library_init possibly redundantlyand possibly on different threads without synchronization. (Though there is still that static initializer nuisance. It would be nice to replace this with internal CRYPTO_once_t's and then CRYPTO_library_init need only be called to prime armcap for a sandbox. But one thing at a time.) Change-Id: I48430182d3649c8cf19082e34da24dee48e6119e Reviewed-on: https://boringssl-review.googlesource.com/7571 Reviewed-by: Emily Stark (Dunn) <estark@google.com> Reviewed-by: David Benjamin <davidben@google.com>
pirms 8 gadiem
Rewrite ARM feature detection. This removes the thread-unsafe SIGILL-based detection and the multi-consumer-hostile CRYPTO_set_NEON_capable API. (Changing OPENSSL_armcap_P after initialization is likely to cause problems.) The right way to detect ARM features on Linux is getauxval. On aarch64, we should be able to rely on this, so use it straight. Split this out into its own file. The #ifdefs in the old cpu-arm.c meant it shared all but no code with its arm counterpart anyway. Unfortunately, various versions of Android have different missing APIs, so, on arm, we need a series of workarounds. Previously, we used a SIGILL fallback based on OpenSSL's logic, but this is inherently not thread-safe. (SIGILL also does not tell us if the OS knows how to save and restore NEON state.) Instead, base the behavior on Android NDK's cpu-features library, what Chromium currently uses with CRYPTO_set_NEON_capable: - Android before API level 20 does not provide getauxval. Where missing, we can read from /proc/self/auxv. - On some versions of Android, /proc/self/auxv is also not readable, so use /proc/cpuinfo's Features line. - Linux only advertises optional features in /proc/cpuinfo. ARMv8 makes NEON mandatory, so /proc/cpuinfo can't be used without additional effort. Finally, we must blacklist a particular chip because the NEON unit is broken (https://crbug.com/341598). Unfortunately, this means CRYPTO_library_init now depends on /proc being available, which will require some care with Chromium's sandbox. The simplest solution is to just call CRYPTO_library_init before entering the sandbox. It's worth noting that Chromium's current EnsureOpenSSLInit function already depends on /proc/cpuinfo to detect the broken CPU, by way of base::CPU. android_getCpuFeatures also interally depends on it. We were already relying on both of those being stateful and primed prior to entering the sandbox. BUG=chromium:589200 Change-Id: Ic5d1c341aab5a614eb129d8aa5ada2809edd6af8 Reviewed-on: https://boringssl-review.googlesource.com/7506 Reviewed-by: David Benjamin <davidben@google.com>
pirms 8 gadiem
Add a CRYPTO_library_init and static-initializer-less build option. Chromium does not like static initializers, and the CPU logic uses one to initialize CPU bits. However, the crypto library lacks an explicit initialization function, which could complicate (no compile-time errors) porting existing code which uses crypto/, but not ssl/. Add an explicit CRYPTO_library_init function, but make it a no-op by default. It only does anything (and is required) if building with BORINGSSL_NO_STATIC_INITIALIZER. Change-Id: I6933bdc3447fb382b1f87c788e5b8142d6f3fe39 Reviewed-on: https://boringssl-review.googlesource.com/1770 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add |CRYPTO_is_confidential_build|. In the past we have needed the ability to deploy security fixes to our frontend systems without leaking them in source code or in published binaries. This change adds a function that provides some infrastructure for supporting this in BoringSSL while meeting our internal build needs. We do not currently have any specific patch that requires this—this is purely preparation. Change-Id: I5c64839e86db4e5ea7419a38106d8f88b8e5987e Reviewed-on: https://boringssl-review.googlesource.com/7849 Reviewed-by: David Benjamin <davidben@google.com>
pirms 8 gadiem
Add CRYPTO_has_asm. This function will return whether BoringSSL was built with OPENSSL_NO_ASM. This will allow us to write a test in our internal codebase which asserts that normal builds should always have assembly code included. Change-Id: Ib226bf63199022f0039d590edd50c0cc823927b9 Reviewed-on: https://boringssl-review.googlesource.com/7960 Reviewed-by: David Benjamin <davidben@google.com>
pirms 8 gadiem
Add a CRYPTO_library_init and static-initializer-less build option. Chromium does not like static initializers, and the CPU logic uses one to initialize CPU bits. However, the crypto library lacks an explicit initialization function, which could complicate (no compile-time errors) porting existing code which uses crypto/, but not ssl/. Add an explicit CRYPTO_library_init function, but make it a no-op by default. It only does anything (and is required) if building with BORINGSSL_NO_STATIC_INITIALIZER. Change-Id: I6933bdc3447fb382b1f87c788e5b8142d6f3fe39 Reviewed-on: https://boringssl-review.googlesource.com/1770 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Compatibility changes for wpa_supplicant and OpenSSH. OpenSSH, especially, does some terrible things that mean that it needs the EVP_CIPHER structure to be exposed ☹. Damian is open to a better API to replace this, but only if OpenSSL agree too. Either way, it won't be happening soon. Change-Id: I393b7a6af6694d4d2fe9ebcccd40286eff4029bd Reviewed-on: https://boringssl-review.googlesource.com/4330 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Tweaks for node.js node.js is, effectively, another bindings library. However, it's better written than most and, with these changes, only a couple of tiny fixes are needed in node.js. Some of these changes are a little depressing however so we'll need to push node.js to use APIs where possible. Changes: ∙ Support verify_recover. This is very obscure and the motivation appears to be https://github.com/nodejs/node/issues/477 – where it's not clear that anyone understands what it means :( ∙ Add a few, no-op #defines ∙ Add some members to |SSL_CTX| and |SSL| – node.js needs to not reach into these structs in the future. ∙ Add EC_get_builtin_curves. ∙ Add EVP_[CIPHER|MD]_do_all_sorted – these functions are limited to decrepit. Change-Id: I9a3566054260d6c4db9d430beb7c46cc970a9d46 Reviewed-on: https://boringssl-review.googlesource.com/6952 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Compatibility changes for wpa_supplicant and OpenSSH. OpenSSH, especially, does some terrible things that mean that it needs the EVP_CIPHER structure to be exposed ☹. Damian is open to a better API to replace this, but only if OpenSSL agree too. Either way, it won't be happening soon. Change-Id: I393b7a6af6694d4d2fe9ebcccd40286eff4029bd Reviewed-on: https://boringssl-review.googlesource.com/4330 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Fix |SSLeay|. SSLeay is a compatibility function for OpenSSL, but I got it wrong. It doesn't return a string, it returns a number. This doesn't end up making any difference, but it fixes a warning when building OpenSSH. Change-Id: I327ab4f70313c93c18f81d8804ba4acdc3bc1a4a Reviewed-on: https://boringssl-review.googlesource.com/4811 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Compatibility changes for wpa_supplicant and OpenSSH. OpenSSH, especially, does some terrible things that mean that it needs the EVP_CIPHER structure to be exposed ☹. Damian is open to a better API to replace this, but only if OpenSSL agree too. Either way, it won't be happening soon. Change-Id: I393b7a6af6694d4d2fe9ebcccd40286eff4029bd Reviewed-on: https://boringssl-review.googlesource.com/4330 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add no-op functions |CRYPTO_malloc_init| and |ENGINE_load_builtin_engines|. This reduces the impact on Netty. See https://github.com/Scottmitch/netty-tcnative/commit/904b84ce41fc44dd1d3955df69912d91906c9877#commitcomment-12159877 Change-Id: I22f9e1edaeb9e721326867ae2b4f3da2c5441437 Reviewed-on: https://boringssl-review.googlesource.com/5535 Reviewed-by: Adam Langley <alangley@gmail.com>
pirms 9 gadiem
Add a few more no-op stubs for cURL compatibility. With these stubs, cURL should not need any BoringSSL #ifdefs at all, except for their OCSP #ifdefs (which can switch to the more generally useful OPENSSL_NO_OCSP) and the workaround for wincrypt.h macro collisions. That we intentionally leave to the consumer rather than add a partial hack that makes the build sensitive to include order. (I'll send them a patch upstream once this cycles in.) Change-Id: I815fe67e51e80e9aafa9b91ae68867ca1ff1d623 Reviewed-on: https://boringssl-review.googlesource.com/6980 Reviewed-by: Adam Langley <agl@google.com>
pirms 8 gadiem
Add |FIPS_mode|, which returns zero. (node.js calls it.) Change-Id: I7401f4cb4dfc61d500331821784ae717ad9f7adf Reviewed-on: https://boringssl-review.googlesource.com/7271 Reviewed-by: David Benjamin <davidben@google.com>
pirms 8 gadiem
Compatibility changes for wpa_supplicant and OpenSSH. OpenSSH, especially, does some terrible things that mean that it needs the EVP_CIPHER structure to be exposed ☹. Damian is open to a better API to replace this, but only if OpenSSL agree too. Either way, it won't be happening soon. Change-Id: I393b7a6af6694d4d2fe9ebcccd40286eff4029bd Reviewed-on: https://boringssl-review.googlesource.com/4330 Reviewed-by: Adam Langley <agl@google.com>
pirms 9 gadiem
Add a CRYPTO_library_init and static-initializer-less build option. Chromium does not like static initializers, and the CPU logic uses one to initialize CPU bits. However, the crypto library lacks an explicit initialization function, which could complicate (no compile-time errors) porting existing code which uses crypto/, but not ssl/. Add an explicit CRYPTO_library_init function, but make it a no-op by default. It only does anything (and is required) if building with BORINGSSL_NO_STATIC_INITIALIZER. Change-Id: I6933bdc3447fb382b1f87c788e5b8142d6f3fe39 Reviewed-on: https://boringssl-review.googlesource.com/1770 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add a CRYPTO_library_init and static-initializer-less build option. Chromium does not like static initializers, and the CPU logic uses one to initialize CPU bits. However, the crypto library lacks an explicit initialization function, which could complicate (no compile-time errors) porting existing code which uses crypto/, but not ssl/. Add an explicit CRYPTO_library_init function, but make it a no-op by default. It only does anything (and is required) if building with BORINGSSL_NO_STATIC_INITIALIZER. Change-Id: I6933bdc3447fb382b1f87c788e5b8142d6f3fe39 Reviewed-on: https://boringssl-review.googlesource.com/1770 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 
  1. /* Copyright (c) 2014, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #ifndef OPENSSL_HEADER_CRYPTO_H

  16. #define OPENSSL_HEADER_CRYPTO_H

  17. 

  18. #include <openssl/base.h>

  19. 

  20. /* Upstream OpenSSL defines |OPENSSL_malloc|, etc., in crypto.h rather than

  21.  * mem.h. */

  22. #include <openssl/mem.h>

  23. 

  24. /* Upstream OpenSSL defines |CRYPTO_LOCK|, etc., in crypto.h rather than

  25.  * thread.h. */

  26. #include <openssl/thread.h>

  27. 

  28. 

  29. #if defined(__cplusplus)

  30. extern "C" {

  31. #endif

  32. 

  33. 

  34. /* crypto.h contains functions for initializing the crypto library. */

  35. 

  36. 

  37. /* CRYPTO_library_init initializes the crypto library. It must be called if the

  38.  * library is built with BORINGSSL_NO_STATIC_INITIALIZER. Otherwise, it does

  39.  * nothing and a static initializer is used instead. It is safe to call this

  40.  * function multiple times and concurrently from multiple threads.

  41.  *

  42.  * On some ARM configurations, this function may require filesystem access and

  43.  * should be called before entering a sandbox. */

  44. OPENSSL_EXPORT void CRYPTO_library_init(void);

  45. 

  46. /* CRYPTO_is_confidential_build returns one if the linked version of BoringSSL

  47.  * has been built with the BORINGSSL_CONFIDENTIAL define and zero otherwise.

  48.  *

  49.  * This is used by some consumers to identify whether they are using an

  50.  * internal version of BoringSSL. */

  51. OPENSSL_EXPORT int CRYPTO_is_confidential_build(void);

  52. 

  53. /* CRYPTO_has_asm returns one unless BoringSSL was built with OPENSSL_NO_ASM,

  54.  * in which case it returns zero. */

  55. OPENSSL_EXPORT int CRYPTO_has_asm(void);

  56. 

  57. 

  58. /* Deprecated functions. */

  59. 

  60. /* OPENSSL_VERSION_TEXT contains a string the identifies the version of

  61.  * “OpenSSL”. node.js requires a version number in this text. */

  62. #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2 (compatible; BoringSSL)"

  63. 

  64. #define SSLEAY_VERSION 0

  65. 

  66. /* SSLeay_version is a compatibility function that returns the string

  67.  * "BoringSSL". */

  68. OPENSSL_EXPORT const char *SSLeay_version(int unused);

  69. 

  70. /* SSLeay is a compatibility function that returns OPENSSL_VERSION_NUMBER from

  71.  * base.h. */

  72. OPENSSL_EXPORT unsigned long SSLeay(void);

  73. 

  74. /* CRYPTO_malloc_init returns one. */

  75. OPENSSL_EXPORT int CRYPTO_malloc_init(void);

  76. 

  77. /* ENGINE_load_builtin_engines does nothing. */

  78. OPENSSL_EXPORT void ENGINE_load_builtin_engines(void);

  79. 

  80. /* OPENSSL_load_builtin_modules does nothing. */

  81. OPENSSL_EXPORT void OPENSSL_load_builtin_modules(void);

  82. 

  83. /* FIPS_mode returns zero. */

  84. OPENSSL_EXPORT int FIPS_mode(void);

  85. 

  86. 

  87. #if defined(__cplusplus)

  88. }  /* extern C */

  89. #endif

  90. 

  91. #endif  /* OPENSSL_HEADER_CRYPTO_H */