Add some more compatibility functions.

Change-Id: I56afcd896cb9de1c69c788b4f6395f4e78140d81 Reviewed-on: https://boringssl-review.googlesource.com/28265 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-05-08 16:07:00 -04:00 · 2018-05-08 16:07:00 -04:00 · 5d626b223b
commit 5d626b223b
parent 044f637fef
11 changed files with 73 additions and 12 deletions
--- a/crypto/cmac/cmac.c
+++ b/crypto/cmac/cmac.c
@ -124,6 +124,17 @@ void CMAC_CTX_free(CMAC_CTX *ctx) {
  OPENSSL_free(ctx);
 }

+int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) {
+  if (!EVP_CIPHER_CTX_copy(&out->cipher_ctx, &in->cipher_ctx)) {
+    return 0;
+  }
+  OPENSSL_memcpy(out->k1, in->k1, AES_BLOCK_SIZE);
+  OPENSSL_memcpy(out->k2, in->k2, AES_BLOCK_SIZE);
+  OPENSSL_memcpy(out->block, in->block, AES_BLOCK_SIZE);
+  out->block_used = in->block_used;
+  return 1;
+}
+
 // binary_field_mul_x treats the 128 bits at |in| as an element of GF(2¹²⁸)
 // with a hard-coded reduction polynomial and sets |out| as x times the
 // input.
--- a/crypto/cmac/cmac_test.cc
+++ b/crypto/cmac/cmac_test.cc
@ -54,6 +54,18 @@ static void test(const char *name, const uint8_t *key, size_t key_len,
    ASSERT_TRUE(CMAC_Final(ctx.get(), out, &out_len));
    EXPECT_EQ(Bytes(expected, sizeof(out)), Bytes(out, out_len));
  }
+
+  // Test that |CMAC_CTX_copy| works.
+  ASSERT_TRUE(CMAC_Reset(ctx.get()));
+  size_t chunk = msg_len / 2;
+  ASSERT_TRUE(CMAC_Update(ctx.get(), msg, chunk));
+  bssl::UniquePtr<CMAC_CTX> ctx2(CMAC_CTX_new());
+  ASSERT_TRUE(ctx2);
+  ASSERT_TRUE(CMAC_CTX_copy(ctx2.get(), ctx.get()));
+  ASSERT_TRUE(CMAC_Update(ctx2.get(), msg + chunk, msg_len - chunk));
+  size_t out_len;
+  ASSERT_TRUE(CMAC_Final(ctx2.get(), out, &out_len));
+  EXPECT_EQ(Bytes(expected, sizeof(out)), Bytes(out, out_len));
 }

 TEST(CMACTest, RFC4493TestVectors) {
--- a/crypto/crypto.c
+++ b/crypto/crypto.c
@ -164,9 +164,14 @@ int CRYPTO_has_asm(void) {
 #endif
 }

-const char *SSLeay_version(int unused) { return "BoringSSL"; }
+const char *SSLeay_version(int which) { return OpenSSL_version(which); }

-const char *OpenSSL_version(int unused) { return "BoringSSL"; }
+const char *OpenSSL_version(int which) {
+  if (which == OPENSSL_VERSION) {
+    return "BoringSSL";
+  }
+  return "";
+}

 unsigned long SSLeay(void) { return OPENSSL_VERSION_NUMBER; }

--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@ -781,6 +781,8 @@ void ERR_load_BIO_strings(void) {}

 void ERR_load_ERR_strings(void) {}

+void ERR_load_RAND_strings(void) {}
+
 struct err_save_state_st {
  struct err_error_st *errors;
  size_t num_errors;
--- a/crypto/fipsmodule/is_fips.c
+++ b/crypto/fipsmodule/is_fips.c
@ -25,3 +25,5 @@ int FIPS_mode(void) {
  return 0;
 #endif
 }
+
+int FIPS_mode_set(int on) { return on == FIPS_mode(); }
--- a/crypto/obj/obj.c
+++ b/crypto/obj/obj.c
@ -552,3 +552,5 @@ int OBJ_create(const char *oid, const char *short_name, const char *long_name) {
  }
  return op->nid;
 }
+
+void OBJ_cleanup(void) {}
--- a/include/openssl/cmac.h
+++ b/include/openssl/cmac.h
@ -46,6 +46,10 @@ OPENSSL_EXPORT CMAC_CTX *CMAC_CTX_new(void);
 // CMAC_CTX_free frees a |CMAC_CTX|.
 OPENSSL_EXPORT void CMAC_CTX_free(CMAC_CTX *ctx);

+// CMAC_CTX_copy sets |out| to be a duplicate of the current state |in|. It
+// returns one on success and zero on error.
+OPENSSL_EXPORT int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
+
 // CMAC_Init configures |ctx| to use the given |key| and |cipher|. The CMAC RFC
 // only specifies the use of AES-128 thus |key_len| should be 16 and |cipher|
 // should be |EVP_aes_128_cbc()|. However, this implementation also supports
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@ -69,17 +69,24 @@ OPENSSL_EXPORT int BORINGSSL_self_test(void);
 // “OpenSSL”. node.js requires a version number in this text.
 #define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0 (compatible; BoringSSL)"

-#define SSLEAY_VERSION 0
-
-// SSLeay_version is a compatibility function that returns the string
-// "BoringSSL".
-OPENSSL_EXPORT const char *SSLeay_version(int unused);
-
 #define OPENSSL_VERSION 0
+#define OPENSSL_CFLAGS 1
+#define OPENSSL_BUILT_ON 2
+#define OPENSSL_PLATFORM 3
+#define OPENSSL_DIR 4

 // OpenSSL_version is a compatibility function that returns the string
-// "BoringSSL".
-OPENSSL_EXPORT const char *OpenSSL_version(int unused);
+// "BoringSSL" if |which| is |OPENSSL_VERSION| and "" otherwise.
+OPENSSL_EXPORT const char *OpenSSL_version(int which);
+
+#define SSLEAY_VERSION OPENSSL_VERSION
+#define SSLEAY_CFLAGS OPENSSL_CFLAGS
+#define SSLEAY_BUILT_ON OPENSSL_BUILT_ON
+#define SSLEAY_PLATFORM OPENSSL_PLATFORM
+#define SSLEAY_DIR OPENSSL_DIR
+
+// SSLeay_version calls |OpenSSL_version|.
+OPENSSL_EXPORT const char *SSLeay_version(int which);

 // SSLeay is a compatibility function that returns OPENSSL_VERSION_NUMBER from
 // base.h.
@ -117,6 +124,10 @@ OPENSSL_EXPORT void OPENSSL_load_builtin_modules(void);
 OPENSSL_EXPORT int OPENSSL_init_crypto(uint64_t opts,
                                       const OPENSSL_INIT_SETTINGS *settings);

+// FIPS_mode_set returns one if |on| matches whether BoringSSL was built with
+// |BORINGSSL_FIPS| and zero otherwise.
+OPENSSL_EXPORT int FIPS_mode_set(int on);
+

 #if defined(__cplusplus)
 }  // extern C
--- a/include/openssl/err.h
+++ b/include/openssl/err.h
@ -152,6 +152,9 @@ OPENSSL_EXPORT void ERR_load_ERR_strings(void);
 // ERR_load_crypto_strings does nothing.
 OPENSSL_EXPORT void ERR_load_crypto_strings(void);

+// ERR_load_RAND_strings does nothing.
+OPENSSL_EXPORT void ERR_load_RAND_strings(void);
+
 // ERR_free_strings does nothing.
 OPENSSL_EXPORT void ERR_free_strings(void);

--- a/include/openssl/obj.h
+++ b/include/openssl/obj.h
@ -222,6 +222,9 @@ OPENSSL_EXPORT void OBJ_NAME_do_all(int type, void (*callback)(const OBJ_NAME *,
                                                               void *arg),
                                    void *arg);

+// OBJ_cleanup does nothing.
+OPENSSL_EXPORT void OBJ_cleanup(void);
+

 #if defined(__cplusplus)
 }  // extern C
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@ -3471,14 +3471,20 @@ OPENSSL_EXPORT void SSL_CTX_set_select_certificate_cb(
 OPENSSL_EXPORT void SSL_CTX_set_dos_protection_cb(
    SSL_CTX *ctx, int (*cb)(const SSL_CLIENT_HELLO *));

-// SSL_ST_* are possible values for |SSL_state| and the bitmasks that make them
-// up.
+// SSL_ST_* are possible values for |SSL_state|, the bitmasks that make them up,
+// and some historical values for compatibility. Only |SSL_ST_INIT| and
+// |SSL_ST_OK| are ever returned.
 #define SSL_ST_CONNECT 0x1000
 #define SSL_ST_ACCEPT 0x2000
 #define SSL_ST_MASK 0x0FFF
 #define SSL_ST_INIT (SSL_ST_CONNECT | SSL_ST_ACCEPT)
 #define SSL_ST_OK 0x03
 #define SSL_ST_RENEGOTIATE (0x04 | SSL_ST_INIT)
+#define SSL_ST_BEFORE (0x05 | SSL_ST_INIT)
+
+// TLS_ST_* are aliases for |SSL_ST_*| for OpenSSL 1.1.0 compatibility.
+#define TLS_ST_OK SSL_ST_OK
+#define TLS_ST_BEFORE SSL_ST_BEFORE

 // SSL_CB_* are possible values for the |type| parameter in the info
 // callback and the bitmasks that make them up.