kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Switch OPENSSL_VERSION_NUMBER to 1.1.0.

Browse Source 
Although we are derived from 1.0.2, we mimic 1.1.0 in some ways around
our FOO_up_ref functions and opaque libssl types. This causes some
difficulties when porting third-party code as any OPENSSL_VERSION_NUMBER
checks for 1.1.0 APIs we have will be wrong.

Moreover, adding accessors without changing OPENSSL_VERSION_NUMBER can
break external projects. It is common to implement a compatibility
version of an accessor under #ifdef as a static function. This then
conflicts with our headers if we, unlike OpenSSL 1.0.2, have this
function.

This change switches OPENSSL_VERSION_NUMBER to 1.1.0 and atomically adds
enough accessors for software with 1.1.0 support already. The hope is
this will unblock hiding SSL_CTX and SSL_SESSION, which will be
especially useful with C++-ficiation. The cost is we will hit some
growing pains as more 1.1.0 consumers enter the ecosystem and we
converge on the right set of APIs to import from upstream.

It does not remove any 1.0.2 APIs, so we will not require that all
projects support 1.1.0. The exception is APIs which changed in 1.1.0 but
did not change the function signature. Those are breaking changes.
Specifically:

- SSL_CTX_sess_set_get_cb is now const-correct.

- X509_get0_signature is now const-correct.

For C++ consumers only, this change temporarily includes an overload
hack for SSL_CTX_sess_set_get_cb that keeps the old callback working.
This is a workaround for Node not yet supporting OpenSSL 1.1.0.

The version number is set at (the as yet unreleased) 1.1.0g to denote
that this change includes https://github.com/openssl/openssl/pull/4384.

Bug: 91
Change-Id: I5eeb27448a6db4c25c244afac37f9604d9608a76
Reviewed-on: https://boringssl-review.googlesource.com/10340
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2016-08-12 14:48:19 -04:00 committed by CQ bot account: commit-bot@chromium.org
parent ced6e76661
commit 81f030b106
36 changed files with 731 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
PORTING.md
View File

@ -6,17 +6,27 @@ BoringSSL support, provided they do not use removed APIs. In general, see if the
library compiles and, on failure, consult the documentation in the header files
and see if problematic features can be removed.
In some cases, BoringSSL-specific code may be necessary. In that case, the
`OPENSSL_IS_BORINGSSL` preprocessor macro may be used in `#ifdef`s. This macro
should also be used in lieu of the presence of any particular function to detect
OpenSSL vs BoringSSL in configure scripts, etc., where those are necessary.
Before using the preprocessor, however, contact the BoringSSL maintainers about
the missing APIs. If not an intentionally removed feature, BoringSSL will
typically add compatibility functions for convenience.
BoringSSL's `OPENSSL_VERSION_NUMBER` matches the OpenSSL version it targets.
Version checks for OpenSSL should ideally work as-is in BoringSSL. BoringSSL
also defines upstream's `OPENSSL_NO_*` feature macros corresponding to removed
features. If the preprocessor is needed, use these version checks or feature
macros where possible, especially when patching third-party projects. Such
patches are more generally useful to OpenSSL consumers and thus more
appropriate to send upstream.
For convenience, BoringSSL defines upstream's `OPENSSL_NO_*` feature macros
corresponding to removed features. These may also be used to disable code which
uses a removed feature.
In some cases, BoringSSL-specific code may be necessary. Use the
`OPENSSL_IS_BORINGSSL` preprocessor macro in `#ifdef`s. However, first contact
the BoringSSL maintainers about the missing APIs. We will typically add
compatibility functions for convenience. In particular, *contact BoringSSL
maintainers before working around missing OpenSSL 1.1.0 accessors*. BoringSSL
was originally derived from OpenSSL 1.0.2 but now targets OpenSSL 1.1.0. Some
newer APIs may be missing but can be added on request. (Not all projects have
been ported to OpenSSL 1.1.0, so BoringSSL also remains largely compatible with
OpenSSL 1.0.2.)
The `OPENSSL_IS_BORINGSSL` macro may also be used to distinguish OpenSSL from
BoringSSL in configure scripts. Do not use the presence or absence of particular
symbols to detect BoringSSL.
Note: BoringSSL does *not* have a stable API or ABI. It must be updated with its
consumers. It is not suitable for, say, a system library in a traditional Linux
@ -39,15 +49,19 @@ code, particularly to avoid compiler warnings.
Most notably, the `STACK_OF(T)` types have all been converted to use `size_t`
instead of `int` for indices and lengths.
### Reference counts
### Reference counts and opaque types
Some external consumers increment reference counts directly by calling
`CRYPTO_add` with the corresponding `CRYPTO_LOCK_*` value.
`CRYPTO_add` with the corresponding `CRYPTO_LOCK_*` value. These APIs no longer
exist in BoringSSL. Instead, code which increments reference counts should call
the corresponding `FOO_up_ref` function, such as `EVP_PKEY_up_ref`.
These APIs no longer exist in BoringSSL. Instead, code which increments
reference counts should call the corresponding `FOO_up_ref` function, such as
`EVP_PKEY_up_ref`. Note that not all of these APIs are present in OpenSSL and
may require `#ifdef`s.
BoringSSL also hides some structs which were previously exposed in OpenSSL
1.0.2, particularly in libssl. Use the relevant accessors instead.
Note that some of these APIs were added in OpenSSL 1.1.0, so projects which do
not yet support 1.1.0 may need additional `#ifdef`s. Projects supporting OpenSSL
1.1.0 should not require modification.
### Error codes

5
crypto/asn1/asn1_lib.c
View File

@ -435,3 +435,8 @@ unsigned char *ASN1_STRING_data(ASN1_STRING *x)
{
return M_ASN1_STRING_data(x);
}
const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
{
return x->data;
}

79
crypto/bio/bio.c
View File

@ -555,3 +555,82 @@ void BIO_set_retry_special(BIO *bio) {
}
int BIO_set_write_buffer_size(BIO *bio, int buffer_size) { return 0; }
static struct CRYPTO_STATIC_MUTEX g_index_lock = CRYPTO_STATIC_MUTEX_INIT;
static int g_index = BIO_TYPE_START;
int BIO_get_new_index(void) {
CRYPTO_STATIC_MUTEX_lock_write(&g_index_lock);
// If |g_index| exceeds 255, it will collide with the flags bits.
int ret = g_index > 255 ? -1 : g_index++;
CRYPTO_STATIC_MUTEX_unlock_write(&g_index_lock);
return ret;
}
BIO_METHOD *BIO_meth_new(int type, const char *name) {
BIO_METHOD *method = OPENSSL_malloc(sizeof(BIO_METHOD));
if (method == NULL) {
return NULL;
}
OPENSSL_memset(method, 0, sizeof(BIO_METHOD));
method->type = type;
method->name = name;
return method;
}
void BIO_meth_free(BIO_METHOD *method) {
OPENSSL_free(method);
}
int BIO_meth_set_create(BIO_METHOD *method,
int (*create)(BIO *)) {
method->create = create;
return 1;
}
int BIO_meth_set_destroy(BIO_METHOD *method,
int (*destroy)(BIO *)) {
method->destroy = destroy;
return 1;
}
int BIO_meth_set_write(BIO_METHOD *method,
int (*write)(BIO *, const char *, int)) {
method->bwrite = write;
return 1;
}
int BIO_meth_set_read(BIO_METHOD *method,
int (*read)(BIO *, char *, int)) {
method->bread = read;
return 1;
}
int BIO_meth_set_gets(BIO_METHOD *method,
int (*gets)(BIO *, char *, int)) {
method->bgets = gets;
return 1;
}
int BIO_meth_set_ctrl(BIO_METHOD *method,
long (*ctrl)(BIO *, int, long, void *)) {
method->ctrl = ctrl;
return 1;
}
void BIO_set_data(BIO *bio, void *ptr) { bio->ptr = ptr; }
void *BIO_get_data(BIO *bio) { return bio->ptr; }
void BIO_set_init(BIO *bio, int init) { bio->init = init; }
int BIO_get_init(BIO *bio) { return bio->init; }
void BIO_set_shutdown(BIO *bio, int shutdown) { bio->shutdown = shutdown; }
int BIO_get_shutdown(BIO *bio) { return bio->shutdown; }
int BIO_meth_set_puts(BIO_METHOD *method, int (*puts)(BIO *, const char *)) {
// Ignore the parameter. We implement |BIO_puts| using |BIO_write|.
return 1;
}

13
crypto/crypto.c
View File

@ -156,10 +156,18 @@ const char *SSLeay_version(int unused) {
return "BoringSSL";
}
const char *OpenSSL_version(int unused) {
return "BoringSSL";
}
unsigned long SSLeay(void) {
return OPENSSL_VERSION_NUMBER;
}
unsigned long OpenSSL_version_num(void) {
return OPENSSL_VERSION_NUMBER;
}
int CRYPTO_malloc_init(void) {
return 1;
}
@ -171,3 +179,8 @@ int ENGINE_register_all_complete(void) {
}
void OPENSSL_load_builtin_modules(void) {}
int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
CRYPTO_library_init();
return 1;
}

38
crypto/dh/dh.c
View File

@ -124,6 +124,20 @@ void DH_get0_key(const DH *dh, const BIGNUM **out_pub_key,
}
}
int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) {
if (pub_key != NULL) {
BN_free(dh->pub_key);
dh->pub_key = pub_key;
}
if (priv_key != NULL) {
BN_free(dh->priv_key);
dh->priv_key = priv_key;
}
return 1;
}
void DH_get0_pqg(const DH *dh, const BIGNUM **out_p, const BIGNUM **out_q,
const BIGNUM **out_g) {
if (out_p != NULL) {
@ -137,6 +151,30 @@ void DH_get0_pqg(const DH *dh, const BIGNUM **out_p, const BIGNUM **out_q,
}
}
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
if ((dh->p == NULL && p == NULL) ||
(dh->g == NULL && g == NULL)) {
return 0;
}
if (p != NULL) {
BN_free(dh->p);
dh->p = p;
}
if (q != NULL) {
BN_free(dh->q);
dh->q = q;
}
if (g == NULL) {
BN_free(dh->g);
dh->g = g;
}
return 1;
}
int DH_generate_parameters_ex(DH *dh, int prime_bits, int generator, BN_GENCB *cb) {
// We generate DH parameters as follows
// find a prime q which is prime_bits/2 bits long.

40
crypto/dsa/dsa.c
View File

@ -153,6 +153,46 @@ void DSA_get0_pqg(const DSA *dsa, const BIGNUM **out_p, const BIGNUM **out_q,
}
}
int DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key) {
if (dsa->pub_key == NULL && pub_key == NULL) {
return 0;
}
if (pub_key != NULL) {
BN_free(dsa->pub_key);
dsa->pub_key = pub_key;
}
if (priv_key != NULL) {
BN_free(dsa->priv_key);
dsa->priv_key = priv_key;
}
return 1;
}
int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
if ((dsa->p == NULL && p == NULL) ||
(dsa->q == NULL && q == NULL) ||
(dsa->g == NULL && g == NULL)) {
return 0;
}
if (p != NULL) {
BN_free(dsa->p);
dsa->p = p;
}
if (q != NULL) {
BN_free(dsa->q);
dsa->q = q;
}
if (g != NULL) {
BN_free(dsa->g);
dsa->g = g;
}
return 1;
}
int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
size_t seed_len, int *out_counter,
unsigned long *out_h, BN_GENCB *cb) {

5
crypto/fipsmodule/cipher/cipher.c
View File

@ -125,6 +125,11 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) {
return 1;
}
void EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) {
EVP_CIPHER_CTX_cleanup(ctx);
EVP_CIPHER_CTX_init(ctx);
}
int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
ENGINE *engine, const uint8_t *key, const uint8_t *iv,
int enc) {

13
crypto/fipsmodule/digest/digest.c
View File

@ -79,7 +79,7 @@ void EVP_MD_CTX_init(EVP_MD_CTX *ctx) {
OPENSSL_memset(ctx, 0, sizeof(EVP_MD_CTX));
}
EVP_MD_CTX *EVP_MD_CTX_create(void) {
EVP_MD_CTX *EVP_MD_CTX_new(void) {
EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX));
if (ctx) {
@ -89,6 +89,8 @@ EVP_MD_CTX *EVP_MD_CTX_create(void) {
return ctx;
}
EVP_MD_CTX *EVP_MD_CTX_create(void) { return EVP_MD_CTX_new(); }
int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) {
OPENSSL_free(ctx->md_data);
@ -102,7 +104,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) {
return 1;
}
void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) {
void EVP_MD_CTX_free(EVP_MD_CTX *ctx) {
if (!ctx) {
return;
}
@ -111,6 +113,8 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) {
OPENSSL_free(ctx);
}
void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) { EVP_MD_CTX_free(ctx); }
int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) {
if (in == NULL || in->digest == NULL) {
OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_INPUT_NOT_INITIALIZED);
@ -162,6 +166,11 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) {
return EVP_MD_CTX_copy_ex(out, in);
}
void EVP_MD_CTX_reset(EVP_MD_CTX *ctx) {
EVP_MD_CTX_cleanup(ctx);
EVP_MD_CTX_init(ctx);
}
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *engine) {
if (ctx->digest != type) {
assert(type->ctx_size != 0);

22
crypto/fipsmodule/hmac/hmac.c
View File

@ -87,6 +87,14 @@ void HMAC_CTX_init(HMAC_CTX *ctx) {
EVP_MD_CTX_init(&ctx->md_ctx);
}
HMAC_CTX *HMAC_CTX_new(void) {
HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
if (ctx != NULL) {
HMAC_CTX_init(ctx);
}
return ctx;
}
void HMAC_CTX_cleanup(HMAC_CTX *ctx) {
EVP_MD_CTX_cleanup(&ctx->i_ctx);
EVP_MD_CTX_cleanup(&ctx->o_ctx);
@ -94,6 +102,15 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx) {
OPENSSL_cleanse(ctx, sizeof(HMAC_CTX));
}
void HMAC_CTX_free(HMAC_CTX *ctx) {
if (ctx == NULL) {
return;
}
HMAC_CTX_cleanup(ctx);
OPENSSL_free(ctx);
}
int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len,
const EVP_MD *md, ENGINE *impl) {
if (md == NULL) {
@ -193,6 +210,11 @@ int HMAC_CTX_copy_ex(HMAC_CTX *dest, const HMAC_CTX *src) {
return 1;
}
void HMAC_CTX_reset(HMAC_CTX *ctx) {
HMAC_CTX_cleanup(ctx);
HMAC_CTX_init(ctx);
}
int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md) {
if (key && md) {
HMAC_CTX_init(ctx);

63
crypto/fipsmodule/rsa/rsa.c
View File

@ -193,6 +193,69 @@ void RSA_get0_crt_params(const RSA *rsa, const BIGNUM **out_dmp1,
}
}
int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
if ((rsa->n == NULL && n == NULL) ||
(rsa->e == NULL && e == NULL)) {
return 0;
}
if (n != NULL) {
BN_free(rsa->n);
rsa->n = n;
}
if (e != NULL) {
BN_free(rsa->e);
rsa->e = e;
}
if (d != NULL) {
BN_free(rsa->d);
rsa->d = d;
}
return 1;
}
int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q) {
if ((rsa->p == NULL && p == NULL) ||
(rsa->q == NULL && q == NULL)) {
return 0;
}
if (p != NULL) {
BN_free(rsa->p);
rsa->p = p;
}
if (q != NULL) {
BN_free(rsa->q);
rsa->q = q;
}
return 1;
}
int RSA_set0_crt_params(RSA *rsa, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) {
if ((rsa->dmp1 == NULL && dmp1 == NULL) ||
(rsa->dmq1 == NULL && dmq1 == NULL) ||
(rsa->iqmp == NULL && iqmp == NULL)) {
return 0;
}
if (dmp1 != NULL) {
BN_free(rsa->dmp1);
rsa->dmp1 = dmp1;
}
if (dmq1 != NULL) {
BN_free(rsa->dmq1);
rsa->dmq1 = dmq1;
}
if (iqmp != NULL) {
BN_free(rsa->iqmp);
rsa->iqmp = iqmp;
}
return 1;
}
int RSA_public_encrypt(size_t flen, const uint8_t *from, uint8_t *to, RSA *rsa,
int padding) {
size_t out_len;

16
crypto/obj/obj.c
View File

@ -172,6 +172,22 @@ int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b) {
return OPENSSL_memcmp(a->data, b->data, a->length);
}
const uint8_t *OBJ_get0_data(const ASN1_OBJECT *obj) {
if (obj == NULL) {
return NULL;
}
return obj->data;
}
size_t OBJ_length(const ASN1_OBJECT *obj) {
if (obj == NULL || obj->length < 0) {
return 0;
}
return (size_t)obj->length;
}
// obj_cmp is called to search the kNIDsInOIDOrder array. The |key| argument is
// an |ASN1_OBJECT|* that we're looking for and |element| is a pointer to an
// unsigned int in the array.

3
crypto/x509/t_x509.c
View File

@ -299,7 +299,8 @@ int X509_ocspid_print(BIO *bp, X509 *x)
return (0);
}
int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg,
const ASN1_STRING *sig)
{
if (BIO_puts(bp, " Signature Algorithm: ") <= 0)
return 0;

23
crypto/x509/x509_lu.c
View File

@ -434,6 +434,19 @@ void X509_OBJECT_free_contents(X509_OBJECT *a)
}
}
int X509_OBJECT_get_type(const X509_OBJECT *a)
{
return a->type;
}
X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a)
{
if (a == NULL || a->type != X509_LU_X509) {
return NULL;
}
return a->data.x509;
}
static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
X509_NAME *name, int *pnmatch)
{
@ -496,6 +509,11 @@ X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
return sk_X509_OBJECT_value(h, idx);
}
STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *st)
{
return st->objs;
}
STACK_OF (X509) * X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
{
int i, idx, cnt;
@ -684,6 +702,11 @@ int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
return X509_VERIFY_PARAM_set1(ctx->param, param);
}
X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx)
{
return ctx->param;
}
void X509_STORE_set_verify_cb(X509_STORE *ctx,
int (*verify_cb) (int, X509_STORE_CTX *))
{

10
crypto/x509/x509_set.c
View File

@ -124,6 +124,11 @@ int X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
return (in != NULL);
}
const ASN1_TIME *X509_get0_notBefore(const X509 *x)
{
return x->cert_info->validity->notBefore;
}
int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
{
ASN1_TIME *in;
@ -141,6 +146,11 @@ int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
return (in != NULL);
}
const ASN1_TIME *X509_get0_notAfter(const X509 *x)
{
return x->cert_info->validity->notAfter;
}
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
{
if ((x == NULL) || (x->cert_info == NULL))

5
crypto/x509/x509_vfy.c
View File

@ -2176,6 +2176,11 @@ void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
ctx->untrusted = sk;
}
STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
{
return ctx->untrusted;
}
void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
{
ctx->crls = sk;

5
crypto/x509/x_name.c
View File

@ -534,3 +534,8 @@ int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
}
IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
{
return ne->set;
}

2
crypto/x509/x_x509.c
View File

@ -313,7 +313,7 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp)
return length;
}
void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg,
const X509 *x)
{
if (psig)

1
include/openssl/asn1.h
View File

@ -660,6 +660,7 @@ OPENSSL_EXPORT int ASN1_STRING_length(const ASN1_STRING *x);
OPENSSL_EXPORT void ASN1_STRING_length_set(ASN1_STRING *x, int n);
OPENSSL_EXPORT int ASN1_STRING_type(ASN1_STRING *x);
OPENSSL_EXPORT unsigned char * ASN1_STRING_data(ASN1_STRING *x);
OPENSSL_EXPORT const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x);
DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
OPENSSL_EXPORT int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);

7
include/openssl/base.h
View File

@ -135,8 +135,12 @@ extern "C" {
#define OPENSSL_NO_THREADS
#endif
#if !defined(OPENSSL_NO_THREADS)
#define OPENSSL_THREADS
#endif
#define OPENSSL_IS_BORINGSSL
#define OPENSSL_VERSION_NUMBER 0x100020af
#define OPENSSL_VERSION_NUMBER 0x1010007f
#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
// BORINGSSL_API_VERSION is a positive integer that increments as BoringSSL
@ -318,6 +322,7 @@ typedef struct evp_pkey_st EVP_PKEY;
typedef struct hmac_ctx_st HMAC_CTX;
typedef struct md4_state_st MD4_CTX;
typedef struct md5_state_st MD5_CTX;
typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS;
typedef struct pkcs12_st PKCS12;
typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
typedef struct private_key_st X509_PKEY;

112
include/openssl/bio.h
View File

@ -218,6 +218,18 @@ OPENSSL_EXPORT void BIO_clear_retry_flags(BIO *bio);
// values.
OPENSSL_EXPORT int BIO_method_type(const BIO *bio);
// These are passed to the BIO callback
#define BIO_CB_FREE 0x01
#define BIO_CB_READ 0x02
#define BIO_CB_WRITE 0x03
#define BIO_CB_PUTS 0x04
#define BIO_CB_GETS 0x05
#define BIO_CB_CTRL 0x06
// The callback is called before and after the underling operation,
// The BIO_CB_RETURN flag indicates if it is after the call
#define BIO_CB_RETURN 0x80
// bio_info_cb is the type of a callback function that can be called for most
// BIO operations. The |event| argument is one of |BIO_CB_*| and can be ORed
// with |BIO_CB_RETURN| if the callback is being made after the operation in
@ -348,6 +360,11 @@ OPENSSL_EXPORT int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len,
//
// |BIO_ctrl_pending| returns the number of bytes currently stored.
// BIO_NOCLOSE and |BIO_CLOSE| can be used as symbolic arguments when a "close
// flag" is passed to a BIO function.
#define BIO_NOCLOSE 0
#define BIO_CLOSE 1
// BIO_s_mem returns a |BIO_METHOD| that uses a in-memory buffer.
OPENSSL_EXPORT const BIO_METHOD *BIO_s_mem(void);
@ -589,22 +606,72 @@ OPENSSL_EXPORT size_t BIO_ctrl_get_write_guarantee(BIO *bio);
OPENSSL_EXPORT int BIO_shutdown_wr(BIO *bio);
// BIO_NOCLOSE and |BIO_CLOSE| can be used as symbolic arguments when a "close
// flag" is passed to a BIO function.
#define BIO_NOCLOSE 0
#define BIO_CLOSE 1
// Custom BIOs.
//
// Consumers can create custom |BIO|s by filling in a |BIO_METHOD| and using
// low-level control functions to set state.
// These are passed to the BIO callback
#define BIO_CB_FREE 0x01
#define BIO_CB_READ 0x02
#define BIO_CB_WRITE 0x03
#define BIO_CB_PUTS 0x04
#define BIO_CB_GETS 0x05
#define BIO_CB_CTRL 0x06
// BIO_get_new_index returns a new "type" value for a custom |BIO|.
OPENSSL_EXPORT int BIO_get_new_index(void);
// The callback is called before and after the underling operation,
// The BIO_CB_RETURN flag indicates if it is after the call
#define BIO_CB_RETURN 0x80
// BIO_meth_new returns a newly-allocated |BIO_METHOD| or NULL on allocation
// error. The |type| specifies the type that will be returned by
// |BIO_method_type|. If this is unnecessary, this value may be zero. The |name|
// parameter is vestigial and may be NULL.
//
// Use the |BIO_meth_set_*| functions below to initialize the |BIO_METHOD|. The
// function implementations may use |BIO_set_data| and |BIO_get_data| to add
// method-specific state to associated |BIO|s. Additionally, |BIO_set_init| must
// be called after an associated |BIO| is fully initialized.
OPENSSL_EXPORT BIO_METHOD *BIO_meth_new(int type, const char *name);
// BIO_meth_free releases memory associated with |method|.
OPENSSL_EXPORT void BIO_meth_free(BIO_METHOD *method);
// BIO_meth_set_create sets a function to be called on |BIO_new| for |method|
// and returns one. The function should return one on success and zero on
// error.
OPENSSL_EXPORT int BIO_meth_set_create(BIO_METHOD *method,
int (*create)(BIO *));
// BIO_meth_set_destroy sets a function to release data associated with a |BIO|
// and returns one. The function's return value is ignored.
OPENSSL_EXPORT int BIO_meth_set_destroy(BIO_METHOD *method,
int (*destroy)(BIO *));
// BIO_meth_set_write sets the implementation of |BIO_write| for |method| and
// returns one.
OPENSSL_EXPORT int BIO_meth_set_write(BIO_METHOD *method,
int (*write)(BIO *, const char *, int));
// BIO_meth_set_read sets the implementation of |BIO_read| for |method| and
// returns one.
OPENSSL_EXPORT int BIO_meth_set_read(BIO_METHOD *method,
int (*read)(BIO *, char *, int));
// BIO_meth_set_gets sets the implementation of |BIO_gets| for |method| and
// returns one.
OPENSSL_EXPORT int BIO_meth_set_gets(BIO_METHOD *method,
int (*gets)(BIO *, char *, int));
// BIO_meth_set_ctrl sets the implementation of |BIO_ctrl| for |method| and
// returns one.
OPENSSL_EXPORT int BIO_meth_set_ctrl(BIO_METHOD *method,
long (*ctrl)(BIO *, int, long, void *));
// BIO_set_data sets custom data on |bio|. It may be retried with
// |BIO_get_data|.
OPENSSL_EXPORT void BIO_set_data(BIO *bio, void *ptr);
// BIO_get_data returns custom data on |bio| set by |BIO_get_data|.
OPENSSL_EXPORT void *BIO_get_data(BIO *bio);
// BIO_set_init sets whether |bio| has been fully initialized. Until fully
// initialized, |BIO_read| and |BIO_write| will fail.
OPENSSL_EXPORT void BIO_set_init(BIO *bio, int init);
// BIO_get_init returns whether |bio| has been fully initialized.
OPENSSL_EXPORT int BIO_get_init(BIO *bio);
// These are values of the |cmd| argument to |BIO_ctrl|.
#define BIO_CTRL_RESET 1 // opt - rewind/zero etc
@ -643,6 +710,17 @@ OPENSSL_EXPORT void BIO_set_retry_special(BIO *bio);
// BIO_set_write_buffer_size returns zero.
OPENSSL_EXPORT int BIO_set_write_buffer_size(BIO *bio, int buffer_size);
// BIO_set_shutdown sets a method-specific "shutdown" bit on |bio|.
OPENSSL_EXPORT void BIO_set_shutdown(BIO *bio, int shutdown);
// BIO_get_shutdown returns the method-specific "shutdown" bit.
OPENSSL_EXPORT int BIO_get_shutdown(BIO *bio);
// BIO_meth_set_puts returns one. |BIO_puts| is implemented with |BIO_write| in
// BoringSSL.
OPENSSL_EXPORT int BIO_meth_set_puts(BIO_METHOD *method,
int (*puts)(BIO *, const char *));
// Private functions
@ -681,10 +759,16 @@ OPENSSL_EXPORT int BIO_set_write_buffer_size(BIO *bio, int buffer_size);
#define BIO_TYPE_ASN1 (22 | 0x0200) // filter
#define BIO_TYPE_COMP (23 | 0x0200) // filter
// |BIO_TYPE_DESCRIPTOR| denotes that the |BIO| responds to the |BIO_C_SET_FD|
// (|BIO_set_fd|) and |BIO_C_GET_FD| (|BIO_get_fd|) control hooks.
#define BIO_TYPE_DESCRIPTOR 0x0100 // socket, fd, connect or accept
#define BIO_TYPE_FILTER 0x0200
#define BIO_TYPE_SOURCE_SINK 0x0400
// BIO_TYPE_START is the first user-allocated |BIO| type. No pre-defined type,
// flag bits aside, may exceed this value.
#define BIO_TYPE_START 128
struct bio_method_st {
int type;
const char *name;

4
include/openssl/cipher.h
View File

@ -135,6 +135,10 @@ OPENSSL_EXPORT void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
OPENSSL_EXPORT int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out,
const EVP_CIPHER_CTX *in);
// EVP_CIPHER_CTX_reset calls |EVP_CIPHER_CTX_cleanup| followed by
// |EVP_CIPHER_CTX_init|.
OPENSSL_EXPORT void EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx);
// Cipher context configuration.

25
include/openssl/crypto.h
View File

@ -63,7 +63,7 @@ OPENSSL_EXPORT int FIPS_mode(void);
// OPENSSL_VERSION_TEXT contains a string the identifies the version of
// “OpenSSL”. node.js requires a version number in this text.
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2 (compatible; BoringSSL)"
#define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0 (compatible; BoringSSL)"
#define SSLEAY_VERSION 0
@ -71,10 +71,20 @@ OPENSSL_EXPORT int FIPS_mode(void);
// "BoringSSL".
OPENSSL_EXPORT const char *SSLeay_version(int unused);
#define OPENSSL_VERSION 0
// OpenSSL_version is a compatibility function that returns the string
// "BoringSSL".
OPENSSL_EXPORT const char *OpenSSL_version(int unused);
// SSLeay is a compatibility function that returns OPENSSL_VERSION_NUMBER from
// base.h.
OPENSSL_EXPORT unsigned long SSLeay(void);
// OpenSSL_version_num is a compatibility function that returns
// OPENSSL_VERSION_NUMBER from base.h.
OPENSSL_EXPORT unsigned long OpenSSL_version_num(void);
// CRYPTO_malloc_init returns one.
OPENSSL_EXPORT int CRYPTO_malloc_init(void);
@ -87,6 +97,19 @@ OPENSSL_EXPORT int ENGINE_register_all_complete(void);
// OPENSSL_load_builtin_modules does nothing.
OPENSSL_EXPORT void OPENSSL_load_builtin_modules(void);
#define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0
#define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0
#define OPENSSL_INIT_ADD_ALL_CIPHERS 0
#define OPENSSL_INIT_ADD_ALL_DIGESTS 0
#define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0
#define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0
#define OPENSSL_INIT_LOAD_CONFIG 0
#define OPENSSL_INIT_NO_LOAD_CONFIG 0
// OPENSSL_init_crypto calls |CRYPTO_library_init| and returns one.
OPENSSL_EXPORT int OPENSSL_init_crypto(uint64_t opts,
const OPENSSL_INIT_SETTINGS *settings);
#if defined(__cplusplus)
} // extern C

11
include/openssl/dh.h
View File

@ -92,11 +92,22 @@ OPENSSL_EXPORT int DH_up_ref(DH *dh);
OPENSSL_EXPORT void DH_get0_key(const DH *dh, const BIGNUM **out_pub_key,
const BIGNUM **out_priv_key);
// DH_set0_key sets |dh|'s public and private key to the specified values. If
// NULL, the field is left unchanged. On success, it takes ownership of each
// argument and returns one. Otherwise, it returns zero.
OPENSSL_EXPORT int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
// DH_get0_pqg sets |*out_p|, |*out_q|, and |*out_g|, if non-NULL, to |dh|'s p,
// q, and g parameters, respectively.
OPENSSL_EXPORT void DH_get0_pqg(const DH *dh, const BIGNUM **out_p,
const BIGNUM **out_q, const BIGNUM **out_g);
// DH_set0_pqg sets |dh|'s p, q, and g parameters to the specified values. If
// NULL, the field is left unchanged. On success, it takes ownership of each
// argument and returns one. Otherwise, it returns zero. |q| may be NULL, but
// |p| and |g| must either be specified or already configured on |dh|.
OPENSSL_EXPORT int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
// Standard parameters.

58
include/openssl/digest.h
View File

@ -106,21 +106,25 @@ OPENSSL_EXPORT const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *obj);
// same as setting the structure to zero.
OPENSSL_EXPORT void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
// EVP_MD_CTX_create allocates and initialises a fresh |EVP_MD_CTX| and returns
// it, or NULL on allocation failure.
OPENSSL_EXPORT EVP_MD_CTX *EVP_MD_CTX_create(void);
// EVP_MD_CTX_new allocates and initialises a fresh |EVP_MD_CTX| and returns
// it, or NULL on allocation failure. The caller must use |EVP_MD_CTX_free| to
// release the resulting object.
OPENSSL_EXPORT EVP_MD_CTX *EVP_MD_CTX_new(void);
// EVP_MD_CTX_cleanup frees any resources owned by |ctx| and resets it to a
// freshly initialised state. It does not free |ctx| itself. It returns one.
OPENSSL_EXPORT int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
// EVP_MD_CTX_destroy calls |EVP_MD_CTX_cleanup| and then frees |ctx| itself.
OPENSSL_EXPORT void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
// EVP_MD_CTX_free calls |EVP_MD_CTX_cleanup| and then frees |ctx| itself.
OPENSSL_EXPORT void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
// EVP_MD_CTX_copy_ex sets |out|, which must already be initialised, to be a
// copy of |in|. It returns one on success and zero on error.
OPENSSL_EXPORT int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
// EVP_MD_CTX_reset calls |EVP_MD_CTX_cleanup| followed by |EVP_MD_CTX_init|.
OPENSSL_EXPORT void EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
// Digest operations.
@ -201,6 +205,26 @@ OPENSSL_EXPORT size_t EVP_MD_block_size(const EVP_MD *md);
#define EVP_MD_FLAG_DIGALGID_ABSENT 2
// Digest operation accessors.
// EVP_MD_CTX_md returns the underlying digest function, or NULL if one has not
// been set.
OPENSSL_EXPORT const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
// EVP_MD_CTX_size returns the digest size of |ctx|, in bytes. It
// will crash if a digest hasn't been set on |ctx|.
OPENSSL_EXPORT size_t EVP_MD_CTX_size(const EVP_MD_CTX *ctx);
// EVP_MD_CTX_block_size returns the block size of the digest function used by
// |ctx|, in bytes. It will crash if a digest hasn't been set on |ctx|.
OPENSSL_EXPORT size_t EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
// EVP_MD_CTX_type returns a NID describing the digest function used by |ctx|.
// (For example, |NID_sha256|.) It will crash if a digest hasn't been set on
// |ctx|.
OPENSSL_EXPORT int EVP_MD_CTX_type(const EVP_MD_CTX *ctx);
// ASN.1 functions.
//
// These functions allow code to parse and serialize AlgorithmIdentifiers for
@ -238,25 +262,11 @@ OPENSSL_EXPORT const EVP_MD *EVP_get_digestbyname(const char *);
// interface will always fail.
OPENSSL_EXPORT const EVP_MD *EVP_dss1(void);
// EVP_MD_CTX_create calls |EVP_MD_CTX_new|.
OPENSSL_EXPORT EVP_MD_CTX *EVP_MD_CTX_create(void);
// Digest operation accessors.
// EVP_MD_CTX_md returns the underlying digest function, or NULL if one has not
// been set.
OPENSSL_EXPORT const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
// EVP_MD_CTX_size returns the digest size of |ctx|, in bytes. It
// will crash if a digest hasn't been set on |ctx|.
OPENSSL_EXPORT size_t EVP_MD_CTX_size(const EVP_MD_CTX *ctx);
// EVP_MD_CTX_block_size returns the block size of the digest function used by
// |ctx|, in bytes. It will crash if a digest hasn't been set on |ctx|.
OPENSSL_EXPORT size_t EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
// EVP_MD_CTX_type returns a NID describing the digest function used by |ctx|.
// (For example, |NID_sha256|.) It will crash if a digest hasn't been set on
// |ctx|.
OPENSSL_EXPORT int EVP_MD_CTX_type(const EVP_MD_CTX *ctx);
// EVP_MD_CTX_destroy calls |EVP_MD_CTX_free|.
OPENSSL_EXPORT void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
struct evp_md_pctx_ops;
@ -286,7 +296,7 @@ extern "C++" {
namespace bssl {
BORINGSSL_MAKE_DELETER(EVP_MD_CTX, EVP_MD_CTX_destroy)
BORINGSSL_MAKE_DELETER(EVP_MD_CTX, EVP_MD_CTX_free)
using ScopedEVP_MD_CTX =
internal::StackAllocated<EVP_MD_CTX, int, EVP_MD_CTX_init,

15
include/openssl/dsa.h
View File

@ -101,6 +101,21 @@ OPENSSL_EXPORT void DSA_get0_key(const DSA *dsa, const BIGNUM **out_pub_key,
OPENSSL_EXPORT void DSA_get0_pqg(const DSA *dsa, const BIGNUM **out_p,
const BIGNUM **out_q, const BIGNUM **out_g);
// DSA_set0_key sets |dsa|'s public and private key to |pub_key| and |priv_key|,
// respectively, if non-NULL. On success, it takes ownership of each argument
// and returns one. Otherwise, it returns zero.
//
// |priv_key| may be NULL, but |pub_key| must either be non-NULL or already
// configured on |dsa|.
OPENSSL_EXPORT int DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key);
// DSA_set0_pqg sets |dsa|'s parameters to |p|, |q|, and |g|, if non-NULL, and
// takes ownership of them. On success, it takes ownership of each argument and
// returns one. Otherwise, it returns zero.
//
// Each argument must either be non-NULL or already configured on |dsa|.
OPENSSL_EXPORT int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g);
// Parameter generation.

18
include/openssl/hmac.h
View File

@ -87,13 +87,20 @@ OPENSSL_EXPORT uint8_t *HMAC(const EVP_MD *evp_md, const void *key,
// HMAC_CTX_init initialises |ctx| for use in an HMAC operation. It's assumed
// that HMAC_CTX objects will be allocated on the stack thus no allocation
// function is provided. If needed, allocate |sizeof(HMAC_CTX)| and call
// |HMAC_CTX_init| on it.
// function is provided.
OPENSSL_EXPORT void HMAC_CTX_init(HMAC_CTX *ctx);
// HMAC_CTX_cleanup frees data owned by |ctx|.
// HMAC_CTX_new allocates and initialises a new |HMAC_CTX| and returns it, or
// NULL on allocation failure. The caller must use |HMAC_CTX_free| to release
// the resulting object.
OPENSSL_EXPORT HMAC_CTX *HMAC_CTX_new(void);
// HMAC_CTX_cleanup frees data owned by |ctx|. It does not free |ctx| itself.
OPENSSL_EXPORT void HMAC_CTX_cleanup(HMAC_CTX *ctx);
// HMAC_CTX_free calls |HMAC_CTX_cleanup| and then frees |ctx| itself.
OPENSSL_EXPORT void HMAC_CTX_free(HMAC_CTX *ctx);
// HMAC_Init_ex sets up an initialised |HMAC_CTX| to use |md| as the hash
// function and |key| as the key. For a non-initial call, |md| may be NULL, in
// which case the previous hash function will be used. If the hash function has
@ -131,6 +138,9 @@ OPENSSL_EXPORT size_t HMAC_size(const HMAC_CTX *ctx);
// on error.
OPENSSL_EXPORT int HMAC_CTX_copy_ex(HMAC_CTX *dest, const HMAC_CTX *src);
// HMAC_CTX_reset calls |HMAC_CTX_cleanup| followed by |HMAC_CTX_init|.
OPENSSL_EXPORT void HMAC_CTX_reset(HMAC_CTX *ctx);
// Deprecated functions.
@ -161,6 +171,8 @@ extern "C++" {
namespace bssl {
BORINGSSL_MAKE_DELETER(HMAC_CTX, HMAC_CTX_free)
using ScopedHMAC_CTX =
internal::StackAllocated<HMAC_CTX, void, HMAC_CTX_init, HMAC_CTX_cleanup>;

6
include/openssl/obj.h
View File

@ -91,6 +91,12 @@ OPENSSL_EXPORT ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *obj);
// less than, equal to or greater than |b|, respectively.
OPENSSL_EXPORT int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
// OBJ_get0_data returns a pointer to the DER representation of |obj|.
OPENSSL_EXPORT const uint8_t *OBJ_get0_data(const ASN1_OBJECT *obj);
// OBJ_length returns the length of the DER representation of |obj|.
OPENSSL_EXPORT size_t OBJ_length(const ASN1_OBJECT *obj);
// Looking up nids.

5
include/openssl/opensslconf.h
View File

@ -19,18 +19,23 @@
#define OPENSSL_HEADER_OPENSSLCONF_H
#define OPENSSL_NO_ASYNC
#define OPENSSL_NO_BF
#define OPENSSL_NO_BLAKE2
#define OPENSSL_NO_BUF_FREELISTS
#define OPENSSL_NO_CAMELLIA
#define OPENSSL_NO_CAPIENG
#define OPENSSL_NO_CAST
#define OPENSSL_NO_CMS
#define OPENSSL_NO_COMP
#define OPENSSL_NO_CT
#define OPENSSL_NO_DANE
#define OPENSSL_NO_DEPRECATED
#define OPENSSL_NO_DGRAM
#define OPENSSL_NO_DYNAMIC_ENGINE
#define OPENSSL_NO_EC_NISTP_64_GCC_128
#define OPENSSL_NO_EC2M
#define OPENSSL_NO_EGD
#define OPENSSL_NO_ENGINE
#define OPENSSL_NO_GMP
#define OPENSSL_NO_GOST

23
include/openssl/rsa.h
View File

@ -108,6 +108,29 @@ OPENSSL_EXPORT void RSA_get0_crt_params(const RSA *rsa, const BIGNUM **out_dmp1,
const BIGNUM **out_dmq1,
const BIGNUM **out_iqmp);
// RSA_set0_key sets |rsa|'s modulus, public exponent, and private exponent to
// |n|, |e|, and |d| respectively, if non-NULL. On success, it takes ownership
// of each argument and returns one. Otherwise, it returns zero.
//
// |d| may be NULL, but |n| and |e| must either be non-NULL or already
// configured on |rsa|.
OPENSSL_EXPORT int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d);
// RSA_set0_factors sets |rsa|'s prime factors to |p| and |q|, if non-NULL, and
// takes ownership of them. On success, it takes ownership of each argument and
// returns one. Otherwise, it returns zero.
//
// Each argument must either be non-NULL or already configured on |rsa|.
OPENSSL_EXPORT int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q);
// RSA_set0_crt_params sets |rsa|'s CRT parameters to |dmp1|, |dmq1|, and
// |iqmp|, if non-NULL, and takes ownership of them. On success, it takes
// ownership of its parameters and returns one. Otherwise, it returns zero.
//
// Each argument must either be non-NULL or already configured on |rsa|.
OPENSSL_EXPORT int RSA_set0_crt_params(RSA *rsa, BIGNUM *dmp1, BIGNUM *dmq1,
BIGNUM *iqmp);
// Key generation.

61
include/openssl/ssl.h
View File

@ -1074,11 +1074,20 @@ OPENSSL_EXPORT int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx,
OPENSSL_EXPORT void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,
pem_password_cb *cb);
// SSL_CTX_get_default_passwd_cb returns the callback set by
// |SSL_CTX_set_default_passwd_cb|.
OPENSSL_EXPORT pem_password_cb *SSL_CTX_get_default_passwd_cb(
const SSL_CTX *ctx);
// SSL_CTX_set_default_passwd_cb_userdata sets the userdata parameter for
// |ctx|'s password callback.
OPENSSL_EXPORT void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,
void *data);
// SSL_CTX_get_default_passwd_cb_userdata returns the userdata parameter set by
// |SSL_CTX_set_default_passwd_cb_userdata|.
OPENSSL_EXPORT void *SSL_CTX_get_default_passwd_cb_userdata(const SSL_CTX *ctx);
// Custom private keys.
@ -1718,6 +1727,26 @@ OPENSSL_EXPORT int SSL_SESSION_set1_id_context(SSL_SESSION *session,
// |session| cannot be used without leaking a correlator.
OPENSSL_EXPORT int SSL_SESSION_should_be_single_use(const SSL_SESSION *session);
// SSL_SESSION_is_resumable returns one if |session| is resumable and zero
// otherwise.
OPENSSL_EXPORT int SSL_SESSION_is_resumable(const SSL_SESSION *session);
// SSL_SESSION_has_ticket returns one if |session| has a ticket and zero
// otherwise.
OPENSSL_EXPORT int SSL_SESSION_has_ticket(const SSL_SESSION *session);
// SSL_SESSION_get0_ticket sets |*out_ticket| and |*out_len| to |session|'s
// ticket, or NULL and zero if it does not have one. |out_ticket| may be NULL
// if only the ticket length is needed.
OPENSSL_EXPORT void SSL_SESSION_get0_ticket(const SSL_SESSION *session,
const uint8_t **out_ticket,
size_t *out_len);
// SSL_SESSION_get_ticket_lifetime_hint returns ticket lifetime hint of
// |session| in seconds or zero if none was set.
OPENSSL_EXPORT uint32_t
SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session);
// Session caching.
//
@ -1945,18 +1974,14 @@ OPENSSL_EXPORT void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(
//
// If the internal session cache is enabled, the callback is only consulted if
// the internal cache does not return a match.
//
// The callback's |id| parameter is not const for historical reasons, but the
// contents may not be modified.
OPENSSL_EXPORT void SSL_CTX_sess_set_get_cb(
SSL_CTX *ctx,
SSL_SESSION *(*get_session_cb)(SSL *ssl, uint8_t *id, int id_len,
int *out_copy));
SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(SSL *ssl, const uint8_t *id,
int id_len, int *out_copy));
// SSL_CTX_sess_get_get_cb returns the callback set by
// |SSL_CTX_sess_set_get_cb|.
OPENSSL_EXPORT SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(
SSL *ssl, uint8_t *id, int id_len, int *out_copy);
SSL *ssl, const uint8_t *id, int id_len, int *out_copy);
// SSL_magic_pending_session_ptr returns a magic |SSL_SESSION|* which indicates
// that the session isn't currently unavailable. |SSL_get_error| will then
@ -3985,6 +4010,24 @@ OPENSSL_EXPORT SSL_SESSION *SSL_get_session(const SSL *ssl);
// the session.
OPENSSL_EXPORT SSL_SESSION *SSL_get1_session(SSL *ssl);
#define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0
#define OPENSSL_INIT_LOAD_SSL_STRINGS 0
#define OPENSSL_INIT_SSL_DEFAULT 0
// OPENSSL_init_ssl calls |CRYPTO_library_init| and returns one.
OPENSSL_EXPORT int OPENSSL_init_ssl(uint64_t opts,
const OPENSSL_INIT_SETTINGS *settings);
#if !defined(BORINGSSL_NO_CXX)
// SSL_CTX_sess_set_get_cb is a legacy C++ overload of |SSL_CTX_sess_set_get_cb|
// which supports the old callback signature.
//
// TODO(davidben): Remove this once Node is compatible with OpenSSL 1.1.0.
extern "C++" OPENSSL_EXPORT void SSL_CTX_sess_set_get_cb(
SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(SSL *ssl, uint8_t *id,
int id_len, int *out_copy));
#endif
// Private structures.
//
@ -4233,8 +4276,10 @@ struct ssl_ctx_st {
// it.
int (*new_session_cb)(SSL *ssl, SSL_SESSION *sess);
void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *sess);
SSL_SESSION *(*get_session_cb)(SSL *ssl, uint8_t *data, int len,
SSL_SESSION *(*get_session_cb)(SSL *ssl, const uint8_t *data, int len,
int *copy);
SSL_SESSION *(*get_session_cb_legacy)(SSL *ssl, uint8_t *data, int len,
int *copy);
CRYPTO_refcount_t references;

10
include/openssl/x509.h
View File

@ -575,7 +575,8 @@ OPENSSL_EXPORT int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
OPENSSL_EXPORT int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
OPENSSL_EXPORT int X509_signature_dump(BIO *bp,const ASN1_STRING *sig, int indent);
OPENSSL_EXPORT int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
OPENSSL_EXPORT int X509_signature_print(BIO *bp, const X509_ALGOR *alg,
const ASN1_STRING *sig);
OPENSSL_EXPORT int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
OPENSSL_EXPORT int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
@ -686,6 +687,7 @@ OPENSSL_EXPORT int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
OPENSSL_EXPORT X509_NAME *X509_NAME_dup(X509_NAME *xn);
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
OPENSSL_EXPORT int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne);
OPENSSL_EXPORT int X509_cmp_time(const ASN1_TIME *s, time_t *t);
OPENSSL_EXPORT int X509_cmp_current_time(const ASN1_TIME *s);
@ -756,8 +758,8 @@ OPENSSL_EXPORT void *X509_get_ex_data(X509 *r, int idx);
OPENSSL_EXPORT int i2d_X509_AUX(X509 *a,unsigned char **pp);
OPENSSL_EXPORT X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);
OPENSSL_EXPORT void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
const X509 *x);
OPENSSL_EXPORT void X509_get0_signature(const ASN1_BIT_STRING **psig,
const X509_ALGOR **palg, const X509 *x);
OPENSSL_EXPORT int X509_get_signature_nid(const X509 *x);
OPENSSL_EXPORT int X509_alias_set1(X509 *x, unsigned char *name, int len);
@ -816,7 +818,9 @@ OPENSSL_EXPORT X509_NAME * X509_get_issuer_name(X509 *a);
OPENSSL_EXPORT int X509_set_subject_name(X509 *x, X509_NAME *name);
OPENSSL_EXPORT X509_NAME * X509_get_subject_name(X509 *a);
OPENSSL_EXPORT int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
OPENSSL_EXPORT const ASN1_TIME *X509_get0_notBefore(const X509 *x);
OPENSSL_EXPORT int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
OPENSSL_EXPORT const ASN1_TIME *X509_get0_notAfter(const X509 *x);
OPENSSL_EXPORT int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
OPENSSL_EXPORT EVP_PKEY * X509_get_pubkey(X509 *x);
OPENSSL_EXPORT ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);

6
include/openssl/x509_vfy.h
View File

@ -423,16 +423,20 @@ OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT
OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
OPENSSL_EXPORT int X509_OBJECT_up_ref_count(X509_OBJECT *a);
OPENSSL_EXPORT void X509_OBJECT_free_contents(X509_OBJECT *a);
OPENSSL_EXPORT int X509_OBJECT_get_type(const X509_OBJECT *a);
OPENSSL_EXPORT X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
OPENSSL_EXPORT X509_STORE *X509_STORE_new(void );
OPENSSL_EXPORT int X509_STORE_up_ref(X509_STORE *store);
OPENSSL_EXPORT void X509_STORE_free(X509_STORE *v);
OPENSSL_EXPORT STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *st);
OPENSSL_EXPORT STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
OPENSSL_EXPORT STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
OPENSSL_EXPORT int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
OPENSSL_EXPORT int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
OPENSSL_EXPORT int X509_STORE_set_trust(X509_STORE *ctx, int trust);
OPENSSL_EXPORT int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
/* X509_STORE_set0_additional_untrusted sets a stack of additional, untrusted
* certificates that are available for chain building. This function does not
* take ownership of the stack. */
@ -513,6 +517,8 @@ OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
OPENSSL_EXPORT void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
OPENSSL_EXPORT void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
OPENSSL_EXPORT STACK_OF(X509) *
X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
OPENSSL_EXPORT void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk);
OPENSSL_EXPORT int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
OPENSSL_EXPORT int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);

8
ssl/ssl_file.cc
View File

@ -570,6 +570,14 @@ void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) {
ctx->default_passwd_callback = cb;
}
pem_password_cb *SSL_CTX_get_default_passwd_cb(const SSL_CTX *ctx) {
return ctx->default_passwd_callback;
}
void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *data) {
ctx->default_passwd_callback_userdata = data;
}
void *SSL_CTX_get_default_passwd_cb_userdata(const SSL_CTX *ctx) {
return ctx->default_passwd_callback_userdata;
}

5
ssl/ssl_lib.cc
View File

@ -429,6 +429,11 @@ int SSL_library_init(void) {
return 1;
}
int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
CRYPTO_library_init();
return 1;
}
static uint32_t ssl_session_hash(const SSL_SESSION *sess) {
const uint8_t *session_id = sess->session_id;

49
ssl/ssl_session.cc
View File

@ -682,10 +682,16 @@ static enum ssl_hs_wait_t ssl_lookup_session(
}
// Fall back to the external cache, if it exists.
if (!session && ssl->session_ctx->get_session_cb != NULL) {
if (!session && (ssl->session_ctx->get_session_cb != nullptr ||
ssl->session_ctx->get_session_cb_legacy != nullptr)) {
int copy = 1;
session.reset(ssl->session_ctx->get_session_cb(ssl, (uint8_t *)session_id,
session_id_len, &copy));
if (ssl->session_ctx->get_session_cb != nullptr) {
session.reset(ssl->session_ctx->get_session_cb(ssl, session_id,
session_id_len, &copy));
} else {
session.reset(ssl->session_ctx->get_session_cb_legacy(
ssl, const_cast<uint8_t *>(session_id), session_id_len, &copy));
}
if (!session) {
return ssl_hs_ok;
@ -964,6 +970,26 @@ int SSL_SESSION_should_be_single_use(const SSL_SESSION *session) {
return SSL_SESSION_protocol_version(session) >= TLS1_3_VERSION;
}
int SSL_SESSION_is_resumable(const SSL_SESSION *session) {
return !session->not_resumable;
}
int SSL_SESSION_has_ticket(const SSL_SESSION *session) {
return session->tlsext_ticklen > 0;
}
void SSL_SESSION_get0_ticket(const SSL_SESSION *session,
const uint8_t **out_ticket, size_t *out_len) {
if (out_ticket != nullptr) {
*out_ticket = session->tlsext_tick;
}
*out_len = session->tlsext_ticklen;
}
uint32_t SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session) {
return session->tlsext_tick_lifetime_hint;
}
SSL_SESSION *SSL_magic_pending_session_ptr(void) {
return (SSL_SESSION *)&g_pending_session_magic;
}
@ -1157,14 +1183,21 @@ void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX *ctx,
}
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
SSL_SESSION *(*cb)(SSL *ssl,
uint8_t *id, int id_len,
int *out_copy)) {
SSL_SESSION *(*cb)(SSL *ssl, const uint8_t *id,
int id_len, int *out_copy)) {
ctx->get_session_cb = cb;
}
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(
SSL *ssl, uint8_t *id, int id_len, int *out_copy) {
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
SSL_SESSION *(*cb)(SSL *ssl, uint8_t *id,
int id_len, int *out_copy)) {
ctx->get_session_cb_legacy = cb;
}
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl,
const uint8_t *id,
int id_len,
int *out_copy) {
return ctx->get_session_cb;
}

2
ssl/test/bssl_shim.cc
View File

@ -854,7 +854,7 @@ static void ChannelIdCallback(SSL *ssl, EVP_PKEY **out_pkey) {
*out_pkey = GetTestState(ssl)->channel_id.release();
}
static SSL_SESSION *GetSessionCallback(SSL *ssl, uint8_t *data, int len,
static SSL_SESSION *GetSessionCallback(SSL *ssl, const uint8_t *data, int len,
int *copy) {
TestState *async_state = GetTestState(ssl);
if (async_state->session) {