2014-07-14 23:28:14 +01:00
|
|
|
/* Copyright (c) 2014, Google Inc.
|
|
|
|
*
|
|
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
|
|
* copyright notice and this permission notice appear in all copies.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
|
|
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
|
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
|
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
|
|
|
2014-09-12 00:11:15 +01:00
|
|
|
#ifndef OPENSSL_HEADER_CRYPTO_H
|
|
|
|
#define OPENSSL_HEADER_CRYPTO_H
|
|
|
|
|
|
|
|
#include <openssl/base.h>
|
|
|
|
|
2015-04-24 15:15:31 +01:00
|
|
|
/* Upstream OpenSSL defines |OPENSSL_malloc|, etc., in crypto.h rather than
|
|
|
|
* mem.h. */
|
|
|
|
#include <openssl/mem.h>
|
|
|
|
|
2015-08-05 19:40:35 +01:00
|
|
|
/* Upstream OpenSSL defines |CRYPTO_LOCK|, etc., in crypto.h rather than
|
|
|
|
* thread.h. */
|
|
|
|
#include <openssl/thread.h>
|
|
|
|
|
2014-09-12 00:11:15 +01:00
|
|
|
|
|
|
|
#if defined(__cplusplus)
|
|
|
|
extern "C" {
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
/* crypto.h contains functions for initializing the crypto library. */
|
|
|
|
|
|
|
|
|
|
|
|
/* CRYPTO_library_init initializes the crypto library. It must be called if the
|
|
|
|
* library is built with BORINGSSL_NO_STATIC_INITIALIZER. Otherwise, it does
|
2016-03-26 04:58:38 +00:00
|
|
|
* nothing and a static initializer is used instead. It is safe to call this
|
|
|
|
* function multiple times and concurrently from multiple threads.
|
Rewrite ARM feature detection.
This removes the thread-unsafe SIGILL-based detection and the
multi-consumer-hostile CRYPTO_set_NEON_capable API. (Changing
OPENSSL_armcap_P after initialization is likely to cause problems.)
The right way to detect ARM features on Linux is getauxval. On aarch64,
we should be able to rely on this, so use it straight. Split this out
into its own file. The #ifdefs in the old cpu-arm.c meant it shared all
but no code with its arm counterpart anyway.
Unfortunately, various versions of Android have different missing APIs, so, on
arm, we need a series of workarounds. Previously, we used a SIGILL fallback
based on OpenSSL's logic, but this is inherently not thread-safe. (SIGILL also
does not tell us if the OS knows how to save and restore NEON state.) Instead,
base the behavior on Android NDK's cpu-features library, what Chromium
currently uses with CRYPTO_set_NEON_capable:
- Android before API level 20 does not provide getauxval. Where missing,
we can read from /proc/self/auxv.
- On some versions of Android, /proc/self/auxv is also not readable, so
use /proc/cpuinfo's Features line.
- Linux only advertises optional features in /proc/cpuinfo. ARMv8 makes NEON
mandatory, so /proc/cpuinfo can't be used without additional effort.
Finally, we must blacklist a particular chip because the NEON unit is broken
(https://crbug.com/341598).
Unfortunately, this means CRYPTO_library_init now depends on /proc being
available, which will require some care with Chromium's sandbox. The
simplest solution is to just call CRYPTO_library_init before entering
the sandbox.
It's worth noting that Chromium's current EnsureOpenSSLInit function already
depends on /proc/cpuinfo to detect the broken CPU, by way of base::CPU.
android_getCpuFeatures also interally depends on it. We were already relying on
both of those being stateful and primed prior to entering the sandbox.
BUG=chromium:589200
Change-Id: Ic5d1c341aab5a614eb129d8aa5ada2809edd6af8
Reviewed-on: https://boringssl-review.googlesource.com/7506
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-01 22:35:47 +00:00
|
|
|
*
|
|
|
|
* On some ARM configurations, this function may require filesystem access and
|
|
|
|
* should be called before entering a sandbox. */
|
2014-09-12 00:11:15 +01:00
|
|
|
OPENSSL_EXPORT void CRYPTO_library_init(void);
|
|
|
|
|
2016-05-03 17:16:21 +01:00
|
|
|
/* CRYPTO_is_confidential_build returns one if the linked version of BoringSSL
|
|
|
|
* has been built with the BORINGSSL_CONFIDENTIAL define and zero otherwise.
|
|
|
|
*
|
|
|
|
* This is used by some consumers to identify whether they are using an
|
|
|
|
* internal version of BoringSSL. */
|
|
|
|
OPENSSL_EXPORT int CRYPTO_is_confidential_build(void);
|
|
|
|
|
2016-05-16 21:44:40 +01:00
|
|
|
/* CRYPTO_has_asm returns one unless BoringSSL was built with OPENSSL_NO_ASM,
|
|
|
|
* in which case it returns zero. */
|
|
|
|
OPENSSL_EXPORT int CRYPTO_has_asm(void);
|
|
|
|
|
2017-04-04 22:21:43 +01:00
|
|
|
/* FIPS_mode returns zero unless BoringSSL is built with BORINGSSL_FIPS, in
|
|
|
|
* which case it returns one. */
|
|
|
|
OPENSSL_EXPORT int FIPS_mode(void);
|
|
|
|
|
2014-09-12 00:11:15 +01:00
|
|
|
|
2015-04-13 22:34:17 +01:00
|
|
|
/* Deprecated functions. */
|
|
|
|
|
2016-01-24 23:58:39 +00:00
|
|
|
/* OPENSSL_VERSION_TEXT contains a string the identifies the version of
|
|
|
|
* “OpenSSL”. node.js requires a version number in this text. */
|
|
|
|
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2 (compatible; BoringSSL)"
|
2015-04-13 22:34:17 +01:00
|
|
|
|
|
|
|
#define SSLEAY_VERSION 0
|
|
|
|
|
|
|
|
/* SSLeay_version is a compatibility function that returns the string
|
|
|
|
* "BoringSSL". */
|
|
|
|
OPENSSL_EXPORT const char *SSLeay_version(int unused);
|
|
|
|
|
2015-05-20 00:30:20 +01:00
|
|
|
/* SSLeay is a compatibility function that returns OPENSSL_VERSION_NUMBER from
|
|
|
|
* base.h. */
|
|
|
|
OPENSSL_EXPORT unsigned long SSLeay(void);
|
2015-04-13 22:34:17 +01:00
|
|
|
|
2015-08-02 17:35:44 +01:00
|
|
|
/* CRYPTO_malloc_init returns one. */
|
|
|
|
OPENSSL_EXPORT int CRYPTO_malloc_init(void);
|
|
|
|
|
|
|
|
/* ENGINE_load_builtin_engines does nothing. */
|
|
|
|
OPENSSL_EXPORT void ENGINE_load_builtin_engines(void);
|
|
|
|
|
2016-07-12 18:26:56 +01:00
|
|
|
/* ENGINE_register_all_complete returns one. */
|
|
|
|
OPENSSL_EXPORT int ENGINE_register_all_complete(void);
|
|
|
|
|
2016-01-26 06:09:19 +00:00
|
|
|
/* OPENSSL_load_builtin_modules does nothing. */
|
|
|
|
OPENSSL_EXPORT void OPENSSL_load_builtin_modules(void);
|
|
|
|
|
2015-04-13 22:34:17 +01:00
|
|
|
|
2014-09-12 00:11:15 +01:00
|
|
|
#if defined(__cplusplus)
|
|
|
|
} /* extern C */
|
|
|
|
#endif
|
2014-07-14 23:28:14 +01:00
|
|
|
|
2014-09-12 00:11:15 +01:00
|
|
|
#endif /* OPENSSL_HEADER_CRYPTO_H */
|