From 5d626b223b4060a44a0d9f1123b4e7983e2ff825 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 8 May 2018 16:07:00 -0400 Subject: [PATCH] Add some more compatibility functions. Change-Id: I56afcd896cb9de1c69c788b4f6395f4e78140d81 Reviewed-on: https://boringssl-review.googlesource.com/28265 Reviewed-by: Adam Langley Commit-Queue: Adam Langley CQ-Verified: CQ bot account: commit-bot@chromium.org --- crypto/cmac/cmac.c | 11 +++++++++++ crypto/cmac/cmac_test.cc | 12 ++++++++++++ crypto/crypto.c | 9 +++++++-- crypto/err/err.c | 2 ++ crypto/fipsmodule/is_fips.c | 2 ++ crypto/obj/obj.c | 2 ++ include/openssl/cmac.h | 4 ++++ include/openssl/crypto.h | 27 +++++++++++++++++++-------- include/openssl/err.h | 3 +++ include/openssl/obj.h | 3 +++ include/openssl/ssl.h | 10 ++++++++-- 11 files changed, 73 insertions(+), 12 deletions(-) diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index fb4e69c7..6805c432 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -124,6 +124,17 @@ void CMAC_CTX_free(CMAC_CTX *ctx) { OPENSSL_free(ctx); } +int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) { + if (!EVP_CIPHER_CTX_copy(&out->cipher_ctx, &in->cipher_ctx)) { + return 0; + } + OPENSSL_memcpy(out->k1, in->k1, AES_BLOCK_SIZE); + OPENSSL_memcpy(out->k2, in->k2, AES_BLOCK_SIZE); + OPENSSL_memcpy(out->block, in->block, AES_BLOCK_SIZE); + out->block_used = in->block_used; + return 1; +} + // binary_field_mul_x treats the 128 bits at |in| as an element of GF(2¹²⁸) // with a hard-coded reduction polynomial and sets |out| as x times the // input. diff --git a/crypto/cmac/cmac_test.cc b/crypto/cmac/cmac_test.cc index dbd63ead..3d01e087 100644 --- a/crypto/cmac/cmac_test.cc +++ b/crypto/cmac/cmac_test.cc @@ -54,6 +54,18 @@ static void test(const char *name, const uint8_t *key, size_t key_len, ASSERT_TRUE(CMAC_Final(ctx.get(), out, &out_len)); EXPECT_EQ(Bytes(expected, sizeof(out)), Bytes(out, out_len)); } + + // Test that |CMAC_CTX_copy| works. + ASSERT_TRUE(CMAC_Reset(ctx.get())); + size_t chunk = msg_len / 2; + ASSERT_TRUE(CMAC_Update(ctx.get(), msg, chunk)); + bssl::UniquePtr ctx2(CMAC_CTX_new()); + ASSERT_TRUE(ctx2); + ASSERT_TRUE(CMAC_CTX_copy(ctx2.get(), ctx.get())); + ASSERT_TRUE(CMAC_Update(ctx2.get(), msg + chunk, msg_len - chunk)); + size_t out_len; + ASSERT_TRUE(CMAC_Final(ctx2.get(), out, &out_len)); + EXPECT_EQ(Bytes(expected, sizeof(out)), Bytes(out, out_len)); } TEST(CMACTest, RFC4493TestVectors) { diff --git a/crypto/crypto.c b/crypto/crypto.c index 57527122..8ee4c822 100644 --- a/crypto/crypto.c +++ b/crypto/crypto.c @@ -164,9 +164,14 @@ int CRYPTO_has_asm(void) { #endif } -const char *SSLeay_version(int unused) { return "BoringSSL"; } +const char *SSLeay_version(int which) { return OpenSSL_version(which); } -const char *OpenSSL_version(int unused) { return "BoringSSL"; } +const char *OpenSSL_version(int which) { + if (which == OPENSSL_VERSION) { + return "BoringSSL"; + } + return ""; +} unsigned long SSLeay(void) { return OPENSSL_VERSION_NUMBER; } diff --git a/crypto/err/err.c b/crypto/err/err.c index c7bff168..43d3909e 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -781,6 +781,8 @@ void ERR_load_BIO_strings(void) {} void ERR_load_ERR_strings(void) {} +void ERR_load_RAND_strings(void) {} + struct err_save_state_st { struct err_error_st *errors; size_t num_errors; diff --git a/crypto/fipsmodule/is_fips.c b/crypto/fipsmodule/is_fips.c index 4182dfb7..2f8e408f 100644 --- a/crypto/fipsmodule/is_fips.c +++ b/crypto/fipsmodule/is_fips.c @@ -25,3 +25,5 @@ int FIPS_mode(void) { return 0; #endif } + +int FIPS_mode_set(int on) { return on == FIPS_mode(); } diff --git a/crypto/obj/obj.c b/crypto/obj/obj.c index a34d6dc0..c928889b 100644 --- a/crypto/obj/obj.c +++ b/crypto/obj/obj.c @@ -552,3 +552,5 @@ int OBJ_create(const char *oid, const char *short_name, const char *long_name) { } return op->nid; } + +void OBJ_cleanup(void) {} diff --git a/include/openssl/cmac.h b/include/openssl/cmac.h index dfcd37b9..5e9f3d03 100644 --- a/include/openssl/cmac.h +++ b/include/openssl/cmac.h @@ -46,6 +46,10 @@ OPENSSL_EXPORT CMAC_CTX *CMAC_CTX_new(void); // CMAC_CTX_free frees a |CMAC_CTX|. OPENSSL_EXPORT void CMAC_CTX_free(CMAC_CTX *ctx); +// CMAC_CTX_copy sets |out| to be a duplicate of the current state |in|. It +// returns one on success and zero on error. +OPENSSL_EXPORT int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in); + // CMAC_Init configures |ctx| to use the given |key| and |cipher|. The CMAC RFC // only specifies the use of AES-128 thus |key_len| should be 16 and |cipher| // should be |EVP_aes_128_cbc()|. However, this implementation also supports diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index cc6fc3ca..6678f2a7 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -69,17 +69,24 @@ OPENSSL_EXPORT int BORINGSSL_self_test(void); // “OpenSSL”. node.js requires a version number in this text. #define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0 (compatible; BoringSSL)" -#define SSLEAY_VERSION 0 - -// SSLeay_version is a compatibility function that returns the string -// "BoringSSL". -OPENSSL_EXPORT const char *SSLeay_version(int unused); - #define OPENSSL_VERSION 0 +#define OPENSSL_CFLAGS 1 +#define OPENSSL_BUILT_ON 2 +#define OPENSSL_PLATFORM 3 +#define OPENSSL_DIR 4 // OpenSSL_version is a compatibility function that returns the string -// "BoringSSL". -OPENSSL_EXPORT const char *OpenSSL_version(int unused); +// "BoringSSL" if |which| is |OPENSSL_VERSION| and "" otherwise. +OPENSSL_EXPORT const char *OpenSSL_version(int which); + +#define SSLEAY_VERSION OPENSSL_VERSION +#define SSLEAY_CFLAGS OPENSSL_CFLAGS +#define SSLEAY_BUILT_ON OPENSSL_BUILT_ON +#define SSLEAY_PLATFORM OPENSSL_PLATFORM +#define SSLEAY_DIR OPENSSL_DIR + +// SSLeay_version calls |OpenSSL_version|. +OPENSSL_EXPORT const char *SSLeay_version(int which); // SSLeay is a compatibility function that returns OPENSSL_VERSION_NUMBER from // base.h. @@ -117,6 +124,10 @@ OPENSSL_EXPORT void OPENSSL_load_builtin_modules(void); OPENSSL_EXPORT int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +// FIPS_mode_set returns one if |on| matches whether BoringSSL was built with +// |BORINGSSL_FIPS| and zero otherwise. +OPENSSL_EXPORT int FIPS_mode_set(int on); + #if defined(__cplusplus) } // extern C diff --git a/include/openssl/err.h b/include/openssl/err.h index a39c0909..4721f757 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -152,6 +152,9 @@ OPENSSL_EXPORT void ERR_load_ERR_strings(void); // ERR_load_crypto_strings does nothing. OPENSSL_EXPORT void ERR_load_crypto_strings(void); +// ERR_load_RAND_strings does nothing. +OPENSSL_EXPORT void ERR_load_RAND_strings(void); + // ERR_free_strings does nothing. OPENSSL_EXPORT void ERR_free_strings(void); diff --git a/include/openssl/obj.h b/include/openssl/obj.h index 374658ea..764188f4 100644 --- a/include/openssl/obj.h +++ b/include/openssl/obj.h @@ -222,6 +222,9 @@ OPENSSL_EXPORT void OBJ_NAME_do_all(int type, void (*callback)(const OBJ_NAME *, void *arg), void *arg); +// OBJ_cleanup does nothing. +OPENSSL_EXPORT void OBJ_cleanup(void); + #if defined(__cplusplus) } // extern C diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 1ad70420..4108c427 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -3471,14 +3471,20 @@ OPENSSL_EXPORT void SSL_CTX_set_select_certificate_cb( OPENSSL_EXPORT void SSL_CTX_set_dos_protection_cb( SSL_CTX *ctx, int (*cb)(const SSL_CLIENT_HELLO *)); -// SSL_ST_* are possible values for |SSL_state| and the bitmasks that make them -// up. +// SSL_ST_* are possible values for |SSL_state|, the bitmasks that make them up, +// and some historical values for compatibility. Only |SSL_ST_INIT| and +// |SSL_ST_OK| are ever returned. #define SSL_ST_CONNECT 0x1000 #define SSL_ST_ACCEPT 0x2000 #define SSL_ST_MASK 0x0FFF #define SSL_ST_INIT (SSL_ST_CONNECT | SSL_ST_ACCEPT) #define SSL_ST_OK 0x03 #define SSL_ST_RENEGOTIATE (0x04 | SSL_ST_INIT) +#define SSL_ST_BEFORE (0x05 | SSL_ST_INIT) + +// TLS_ST_* are aliases for |SSL_ST_*| for OpenSSL 1.1.0 compatibility. +#define TLS_ST_OK SSL_ST_OK +#define TLS_ST_BEFORE SSL_ST_BEFORE // SSL_CB_* are possible values for the |type| parameter in the info // callback and the bitmasks that make them up.