From 8c7c6356e676a616d7aab9014374c5de69b06615 Mon Sep 17 00:00:00 2001 From: Joshua Liebow-Feeser Date: Sun, 26 Aug 2018 18:53:36 -0700 Subject: [PATCH] Support symbol prefixes - In base.h, if BORINGSSL_PREFIX is defined, include boringssl_prefix_symbols.h - In all .S files, if BORINGSSL_PREFIX is defined, include boringssl_prefix_symbols_asm.h - In base.h, BSSL_NAMESPACE_BEGIN and BSSL_NAMESPACE_END are defined with appropriate values depending on whether BORINGSSL_PREFIX is defined; these macros are used in place of 'namespace bssl {' and '}' - Add util/make_prefix_headers.go, which takes a list of symbols and auto-generates the header files mentioned above - In CMakeLists.txt, if BORINGSSL_PREFIX and BORINGSSL_PREFIX_SYMBOLS are defined, run util/make_prefix_headers.go to generate header files - In various CMakeLists.txt files, add "global_target" that all targets depend on to give us a place to hook logic that must run before all other targets (in particular, the header file generation logic) - Document this in BUILDING.md, including the fact that it is the caller's responsibility to provide the symbol list and keep it up to date - Note that this scheme has not been tested on Windows, and likely does not work on it; Windows support will need to be added in a future commit Change-Id: If66a7157f46b5b66230ef91e15826b910cf979a2 Reviewed-on: https://boringssl-review.googlesource.com/31364 Commit-Queue: David Benjamin CQ-Verified: CQ bot account: commit-bot@chromium.org Reviewed-by: David Benjamin --- BUILDING.md | 22 ++++ CMakeLists.txt | 32 +++++ crypto/CMakeLists.txt | 4 + crypto/err/internal.h | 4 +- crypto/fipsmodule/CMakeLists.txt | 8 ++ crypto/internal.h | 4 +- crypto/perlasm/x86_64-xlate.pl | 7 + crypto/test/CMakeLists.txt | 4 + crypto/test/gtest_main.h | 4 +- decrepit/CMakeLists.txt | 4 + fipstools/CMakeLists.txt | 4 + fuzz/CMakeLists.txt | 1 + include/openssl/aead.h | 4 +- include/openssl/asn1.h | 4 +- include/openssl/base.h | 21 ++- include/openssl/bio.h | 4 +- include/openssl/bn.h | 4 +- include/openssl/buf.h | 4 +- include/openssl/bytestring.h | 4 +- include/openssl/cipher.h | 4 +- include/openssl/cmac.h | 4 +- include/openssl/conf.h | 4 +- include/openssl/curve25519.h | 4 +- include/openssl/dh.h | 4 +- include/openssl/digest.h | 4 +- include/openssl/dsa.h | 4 +- include/openssl/ec.h | 4 +- include/openssl/ec_key.h | 4 +- include/openssl/ecdsa.h | 4 +- include/openssl/engine.h | 4 +- include/openssl/evp.h | 4 +- include/openssl/hmac.h | 4 +- include/openssl/mem.h | 4 +- include/openssl/pkcs7.h | 4 +- include/openssl/pkcs8.h | 4 +- include/openssl/pool.h | 4 +- include/openssl/rsa.h | 4 +- include/openssl/span.h | 4 +- include/openssl/ssl.h | 10 +- include/openssl/stack.h | 12 +- include/openssl/x509.h | 4 +- include/openssl/x509v3.h | 4 +- ssl/CMakeLists.txt | 4 + ssl/d1_both.cc | 4 +- ssl/d1_lib.cc | 4 +- ssl/d1_pkt.cc | 4 +- ssl/dtls_record.cc | 4 +- ssl/handoff.cc | 4 +- ssl/handshake.cc | 4 +- ssl/handshake_client.cc | 4 +- ssl/handshake_server.cc | 4 +- ssl/internal.h | 12 +- ssl/s3_both.cc | 4 +- ssl/s3_lib.cc | 4 +- ssl/s3_pkt.cc | 4 +- ssl/span_test.cc | 4 +- ssl/ssl_aead_ctx.cc | 4 +- ssl/ssl_asn1.cc | 4 +- ssl/ssl_buffer.cc | 4 +- ssl/ssl_cert.cc | 4 +- ssl/ssl_cipher.cc | 4 +- ssl/ssl_key_share.cc | 4 +- ssl/ssl_lib.cc | 4 +- ssl/ssl_privkey.cc | 4 +- ssl/ssl_session.cc | 4 +- ssl/ssl_test.cc | 4 +- ssl/ssl_transcript.cc | 4 +- ssl/ssl_versions.cc | 4 +- ssl/ssl_x509.cc | 4 +- ssl/t1_enc.cc | 4 +- ssl/t1_lib.cc | 4 +- ssl/test/CMakeLists.txt | 4 + ssl/tls13_both.cc | 4 +- ssl/tls13_client.cc | 4 +- ssl/tls13_enc.cc | 4 +- ssl/tls13_server.cc | 4 +- ssl/tls_method.cc | 4 +- ssl/tls_record.cc | 4 +- third_party/fiat/CMakeLists.txt | 9 -- tool/CMakeLists.txt | 2 + util/make_prefix_headers.go | 216 +++++++++++++++++++++++++++++++ 81 files changed, 477 insertions(+), 151 deletions(-) delete mode 100644 third_party/fiat/CMakeLists.txt create mode 100644 util/make_prefix_headers.go diff --git a/BUILDING.md b/BUILDING.md index 19dbe015..9bf9cb26 100644 --- a/BUILDING.md +++ b/BUILDING.md @@ -110,6 +110,28 @@ architecture, matching values used in the `-arch` flag in Apple's toolchain. Passing multiple architectures for a multiple-architecture build is not supported. +### Building with Prefixed Symbols + +BoringSSL's build system has experimental support for adding a custom prefix to +all symbols. This can be useful when linking multiple versions of BoringSSL in +the same project to avoid symbol conflicts. + +In order to build with prefixed symbols, the `BORINGSSL_PREFIX` CMake variable +should specify the prefix to add to all symbols, and the +`BORINGSSL_PREFIX_SYMBOLS` CMake variable should specify the path to a file +which contains a list of symbols which should be prefixed (one per line; +comments are supported with `#`). In other words, `cmake .. +-DBORINGSSL_PREFIX=MY_CUSTOM_PREFIX +-DBORINGSSL_PREFIX_SYMBOLS=/path/to/symbols.txt` will configure the build to add +the prefix `MY_CUSTOM_PREFIX` to all of the symbols listed in +`/path/to/symbols.txt`. + +It is currently the caller's responsibility to create and maintain the list of +symbols to be prefixed. + +This mechanism is under development and may change over time. Please contact the +BoringSSL maintainers if making use of it. + ## Known Limitations on Windows * Versions of CMake since 3.0.2 have a bug in its Ninja generator that causes diff --git a/CMakeLists.txt b/CMakeLists.txt index 21c7f016..fab1b3bf 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -20,6 +20,11 @@ include(sources.cmake) enable_language(C) enable_language(CXX) +# This is a dummy target which all other targets depend on (manually - see other +# CMakeLists.txt files). This gives us a hook to add any targets which need to +# run before all other targets. +add_custom_target(global_target) + if(ANDROID) # Android-NDK CMake files reconfigure the path and so Go and Perl won't be # found. However, ninja will still find them in $PATH if we just name them. @@ -41,10 +46,37 @@ endif() if(USE_CUSTOM_LIBCXX) set(BORINGSSL_ALLOW_CXX_RUNTIME 1) endif() + if(BORINGSSL_ALLOW_CXX_RUNTIME) add_definitions(-DBORINGSSL_ALLOW_CXX_RUNTIME) endif() +if(BORINGSSL_PREFIX AND BORINGSSL_PREFIX_SYMBOLS) + add_definitions(-DBORINGSSL_PREFIX=${BORINGSSL_PREFIX}) + + # Use "symbol_prefix_include" to store generated header files + include_directories(${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include) + add_custom_command( + OUTPUT symbol_prefix_include/boringssl_prefix_symbols.h + symbol_prefix_include/boringssl_prefix_symbols_asm.h + symbol_prefix_include/boringssl_prefix_symbols_nasm.inc + COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include + COMMAND ${GO_EXECUTABLE} run ${CMAKE_CURRENT_SOURCE_DIR}/util/make_prefix_headers.go -out ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include ${BORINGSSL_PREFIX_SYMBOLS} + DEPENDS util/make_prefix_headers.go + ${CMAKE_BINARY_DIR}/${BORINGSSL_PREFIX_SYMBOLS}) + + # add_dependencies needs a target, not a file, so we add an intermediate + # target. + add_custom_target( + boringssl_prefix_symbols + DEPENDS symbol_prefix_include/boringssl_prefix_symbols.h + symbol_prefix_include/boringssl_prefix_symbols_asm.h + symbol_prefix_include/boringssl_prefix_symbols_nasm.inc) + add_dependencies(global_target boringssl_prefix_symbols) +elseif(BORINGSSL_PREFIX OR BORINGSSL_PREFIX_SYMBOLS) + message(FATAL_ERROR "Must specify both or neither of BORINGSSL_PREFIX and BORINGSSL_PREFIX_SYMBOLS") +endif() + if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") set(CLANG 1) endif() diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index ea24add6..ee7f8b64 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -401,6 +401,8 @@ add_library( ${CRYPTO_FIPS_OBJECTS} ) +add_dependencies(crypto global_target) + if(FIPS_DELOCATE) add_dependencies(crypto bcm_o_target) endif() @@ -476,6 +478,8 @@ add_executable( $ ) +add_dependencies(crypto_test global_target) + target_link_libraries(crypto_test crypto boringssl_gtest) if(WIN32) target_link_libraries(crypto_test ws2_32) diff --git a/crypto/err/internal.h b/crypto/err/internal.h index 3f2397c1..179f756b 100644 --- a/crypto/err/internal.h +++ b/crypto/err/internal.h @@ -46,11 +46,11 @@ OPENSSL_EXPORT void ERR_restore_state(const ERR_SAVE_STATE *state); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(ERR_SAVE_STATE, ERR_SAVE_STATE_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/crypto/fipsmodule/CMakeLists.txt b/crypto/fipsmodule/CMakeLists.txt index babda94c..1242aa2f 100644 --- a/crypto/fipsmodule/CMakeLists.txt +++ b/crypto/fipsmodule/CMakeLists.txt @@ -136,6 +136,8 @@ if(FIPS_DELOCATE) bcm.c ) + add_dependencies(bcm_c_generated_asm global_target) + set_target_properties(bcm_c_generated_asm PROPERTIES COMPILE_OPTIONS "-S") set_target_properties(bcm_c_generated_asm PROPERTIES POSITION_INDEPENDENT_CODE ON) @@ -164,6 +166,8 @@ if(FIPS_DELOCATE) bcm-delocated.S ) + add_dependencies(bcm_hashunset global_target) + set_target_properties(bcm_hashunset PROPERTIES POSITION_INDEPENDENT_CODE ON) set_target_properties(bcm_hashunset PROPERTIES LINKER_LANGUAGE C) @@ -187,6 +191,8 @@ if(FIPS_DELOCATE) is_fips.c ) + add_dependencies(fipsmodule global_target) + set_target_properties(fipsmodule PROPERTIES LINKER_LANGUAGE C) else() add_library( @@ -199,4 +205,6 @@ else() ${BCM_ASM_SOURCES} ) + + add_dependencies(fipsmodule global_target) endif() diff --git a/crypto/internal.h b/crypto/internal.h index c4e2e517..0e8ae3a6 100644 --- a/crypto/internal.h +++ b/crypto/internal.h @@ -488,7 +488,7 @@ OPENSSL_EXPORT void CRYPTO_STATIC_MUTEX_unlock_write( #if defined(__cplusplus) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN namespace internal { @@ -516,7 +516,7 @@ using MutexWriteLock = using MutexReadLock = internal::MutexLockBase; -} // namespace bssl +BSSL_NAMESPACE_END } // extern "C++" #endif // defined(__cplusplus) diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index e2ea0d27..f6a57e02 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -1129,6 +1129,10 @@ default rel %define XMMWORD %define YMMWORD %define ZMMWORD + +%ifdef BORINGSSL_PREFIX +%include "boringssl_prefix_symbols_nasm.inc" +%endif ___ } elsif ($masm) { print <<___; @@ -1136,6 +1140,9 @@ OPTION DOTNAME ___ } print STDOUT "#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM)\n" if ($gas); +print STDOUT "#if defined(BORINGSSL_PREFIX)\n" if ($gas); +print STDOUT "#include \n" if ($gas); +print STDOUT "#endif\n" if ($gas); while(defined(my $line=<>)) { diff --git a/crypto/test/CMakeLists.txt b/crypto/test/CMakeLists.txt index 90707dd3..3e02c3c7 100644 --- a/crypto/test/CMakeLists.txt +++ b/crypto/test/CMakeLists.txt @@ -9,6 +9,8 @@ add_library( wycheproof_util.cc ) +add_dependencies(test_support global_target) + add_library( boringssl_gtest_main @@ -16,3 +18,5 @@ add_library( gtest_main.cc ) + +add_dependencies(boringssl_gtest_main global_target) diff --git a/crypto/test/gtest_main.h b/crypto/test/gtest_main.h index d21af102..927ab178 100644 --- a/crypto/test/gtest_main.h +++ b/crypto/test/gtest_main.h @@ -30,7 +30,7 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) #endif -namespace bssl { +BSSL_NAMESPACE_BEGIN class ErrorTestEventListener : public testing::EmptyTestEventListener { public: @@ -73,7 +73,7 @@ inline void SetupGoogleTest() { new ErrorTestEventListener); } -} // namespace bssl +BSSL_NAMESPACE_END #endif // OPENSSL_HEADER_CRYPTO_TEST_GTEST_MAIN_H diff --git a/decrepit/CMakeLists.txt b/decrepit/CMakeLists.txt index e028f18d..1cb5e11f 100644 --- a/decrepit/CMakeLists.txt +++ b/decrepit/CMakeLists.txt @@ -22,6 +22,8 @@ add_library( xts/xts.c ) +add_dependencies(decrepit global_target) + target_link_libraries(decrepit crypto ssl) add_executable( @@ -34,6 +36,8 @@ add_executable( $ ) +add_dependencies(decrepit_test global_target) + target_link_libraries(decrepit_test crypto decrepit boringssl_gtest) if(WIN32) target_link_libraries(decrepit_test ws2_32) diff --git a/fipstools/CMakeLists.txt b/fipstools/CMakeLists.txt index f0f7b2cb..779fcd1a 100644 --- a/fipstools/CMakeLists.txt +++ b/fipstools/CMakeLists.txt @@ -29,6 +29,8 @@ if(FIPS) $ ) + add_dependencies(cavp global_target) + add_executable( test_fips @@ -36,6 +38,8 @@ if(FIPS) $ ) + add_dependencies(test_fips global_target) + target_link_libraries(cavp crypto) target_link_libraries(test_fips crypto) endif() diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt index f60dc000..03d0326c 100644 --- a/fuzz/CMakeLists.txt +++ b/fuzz/CMakeLists.txt @@ -4,6 +4,7 @@ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-missing-prototypes") macro(fuzzer name) add_executable(${name} ${name}.cc) + add_dependencies(${name} global_target) target_link_libraries(${name} crypto ${ARGN}) set_target_properties(${name} PROPERTIES LINK_FLAGS "-fsanitize=fuzzer") endmacro() diff --git a/include/openssl/aead.h b/include/openssl/aead.h index af315548..f19344e4 100644 --- a/include/openssl/aead.h +++ b/include/openssl/aead.h @@ -425,7 +425,7 @@ OPENSSL_EXPORT int EVP_AEAD_CTX_tag_len(const EVP_AEAD_CTX *ctx, #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN using ScopedEVP_AEAD_CTX = internal::StackAllocated #include +#if defined(BORINGSSL_PREFIX) +#include +#endif + #if defined(__cplusplus) extern "C" { #endif @@ -366,6 +370,19 @@ typedef void *OPENSSL_BLOCK; #endif #if !defined(BORINGSSL_NO_CXX) + +#if defined(BORINGSSL_PREFIX) +#define BSSL_NAMESPACE_BEGIN \ + namespace bssl { \ + inline namespace BORINGSSL_PREFIX { +#define BSSL_NAMESPACE_END \ + } \ + } +#else +#define BSSL_NAMESPACE_BEGIN namespace bssl { +#define BSSL_NAMESPACE_END } +#endif + extern "C++" { #include @@ -387,7 +404,7 @@ extern "C++" { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN namespace internal { @@ -464,7 +481,7 @@ using UniquePtr = std::unique_ptr>; return UpRef(ptr.get()); \ } -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/bio.h b/include/openssl/bio.h index dcf8ab70..2e056a1a 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -894,12 +894,12 @@ struct bio_st { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(BIO, BIO_free) BORINGSSL_MAKE_UP_REF(BIO, BIO_up_ref) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 82195edd..251c717c 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -987,7 +987,7 @@ OPENSSL_EXPORT unsigned BN_num_bits_word(BN_ULONG l); #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(BIGNUM, BN_free) BORINGSSL_MAKE_DELETER(BN_CTX, BN_CTX_free) @@ -1005,7 +1005,7 @@ class BN_CTXScope { BN_CTXScope &operator=(BN_CTXScope &) = delete; }; -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/include/openssl/buf.h b/include/openssl/buf.h index 3f961b87..10a555f4 100644 --- a/include/openssl/buf.h +++ b/include/openssl/buf.h @@ -124,11 +124,11 @@ OPENSSL_EXPORT size_t BUF_strlcat(char *dst, const char *src, size_t dst_size); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(BUF_MEM, BUF_MEM_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/bytestring.h b/include/openssl/bytestring.h index 30576042..1400f2ed 100644 --- a/include/openssl/bytestring.h +++ b/include/openssl/bytestring.h @@ -491,11 +491,11 @@ OPENSSL_EXPORT int CBB_flush_asn1_set_of(CBB *cbb); #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN using ScopedCBB = internal::StackAllocated; -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h index b8d4e524..59634138 100644 --- a/include/openssl/cipher.h +++ b/include/openssl/cipher.h @@ -571,7 +571,7 @@ struct evp_cipher_st { #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(EVP_CIPHER_CTX, EVP_CIPHER_CTX_free) @@ -579,7 +579,7 @@ using ScopedEVP_CIPHER_CTX = internal::StackAllocated; -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/include/openssl/cmac.h b/include/openssl/cmac.h index 5e9f3d03..3e8cf929 100644 --- a/include/openssl/cmac.h +++ b/include/openssl/cmac.h @@ -78,11 +78,11 @@ OPENSSL_EXPORT int CMAC_Final(CMAC_CTX *ctx, uint8_t *out, size_t *out_len); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(CMAC_CTX, CMAC_CTX_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/conf.h b/include/openssl/conf.h index 4ffce378..07e34eec 100644 --- a/include/openssl/conf.h +++ b/include/openssl/conf.h @@ -162,11 +162,11 @@ OPENSSL_EXPORT void OPENSSL_no_config(void); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(CONF, NCONF_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/curve25519.h b/include/openssl/curve25519.h index 332215be..a455389c 100644 --- a/include/openssl/curve25519.h +++ b/include/openssl/curve25519.h @@ -188,11 +188,11 @@ OPENSSL_EXPORT int SPAKE2_process_msg(SPAKE2_CTX *ctx, uint8_t *out_key, extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(SPAKE2_CTX, SPAKE2_CTX_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/dh.h b/include/openssl/dh.h index ae24c25d..7188790a 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -278,11 +278,11 @@ struct dh_st { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(DH, DH_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/digest.h b/include/openssl/digest.h index 4a2b710f..1a1ca297 100644 --- a/include/openssl/digest.h +++ b/include/openssl/digest.h @@ -295,7 +295,7 @@ struct env_md_ctx_st { #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(EVP_MD_CTX, EVP_MD_CTX_free) @@ -303,7 +303,7 @@ using ScopedEVP_MD_CTX = internal::StackAllocated; -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index a5fa7678..70cde7bb 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -417,12 +417,12 @@ struct dsa_st { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(DSA, DSA_free) BORINGSSL_MAKE_DELETER(DSA_SIG, DSA_SIG_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/ec.h b/include/openssl/ec.h index dbb72abc..41a9c34c 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -357,12 +357,12 @@ OPENSSL_EXPORT void EC_POINT_clear_free(EC_POINT *point); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(EC_POINT, EC_POINT_free) BORINGSSL_MAKE_DELETER(EC_GROUP, EC_GROUP_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/ec_key.h b/include/openssl/ec_key.h index 69440498..7e9e4e8f 100644 --- a/include/openssl/ec_key.h +++ b/include/openssl/ec_key.h @@ -336,11 +336,11 @@ OPENSSL_EXPORT int i2o_ECPublicKey(const EC_KEY *key, unsigned char **outp); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(EC_KEY, EC_KEY_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/ecdsa.h b/include/openssl/ecdsa.h index ff326ab9..d4d353e0 100644 --- a/include/openssl/ecdsa.h +++ b/include/openssl/ecdsa.h @@ -179,11 +179,11 @@ OPENSSL_EXPORT int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(ECDSA_SIG, ECDSA_SIG_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/engine.h b/include/openssl/engine.h index 595e53c0..9d459527 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -94,11 +94,11 @@ struct openssl_method_common_st { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(ENGINE, ENGINE_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 9b00a070..45e1b6da 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -870,13 +870,13 @@ struct evp_pkey_st { } // extern C extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(EVP_PKEY, EVP_PKEY_free) BORINGSSL_MAKE_UP_REF(EVP_PKEY, EVP_PKEY_up_ref) BORINGSSL_MAKE_DELETER(EVP_PKEY_CTX, EVP_PKEY_CTX_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h index 977dea67..b5d1e420 100644 --- a/include/openssl/hmac.h +++ b/include/openssl/hmac.h @@ -169,14 +169,14 @@ struct hmac_ctx_st { #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(HMAC_CTX, HMAC_CTX_free) using ScopedHMAC_CTX = internal::StackAllocated; -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/include/openssl/mem.h b/include/openssl/mem.h index 7d7087e6..9f9c00dd 100644 --- a/include/openssl/mem.h +++ b/include/openssl/mem.h @@ -142,12 +142,12 @@ OPENSSL_EXPORT int BIO_vsnprintf(char *buf, size_t n, const char *format, extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(char, OPENSSL_free) BORINGSSL_MAKE_DELETER(uint8_t, OPENSSL_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h index 52b649c2..cb6155ff 100644 --- a/include/openssl/pkcs7.h +++ b/include/openssl/pkcs7.h @@ -199,11 +199,11 @@ OPENSSL_EXPORT PKCS7 *PKCS7_sign(X509 *sign_cert, EVP_PKEY *pkey, } // extern C extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(PKCS7, PKCS7_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/include/openssl/pkcs8.h b/include/openssl/pkcs8.h index 9a66dd02..ee48f194 100644 --- a/include/openssl/pkcs8.h +++ b/include/openssl/pkcs8.h @@ -215,12 +215,12 @@ OPENSSL_EXPORT void PKCS12_free(PKCS12 *p12); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(PKCS12, PKCS12_free) BORINGSSL_MAKE_DELETER(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/pool.h b/include/openssl/pool.h index 1259f4a5..0e4bdd5c 100644 --- a/include/openssl/pool.h +++ b/include/openssl/pool.h @@ -87,13 +87,13 @@ OPENSSL_EXPORT void CRYPTO_BUFFER_init_CBS(const CRYPTO_BUFFER *buf, CBS *out); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER_POOL, CRYPTO_BUFFER_POOL_free) BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER, CRYPTO_BUFFER_free) BORINGSSL_MAKE_UP_REF(CRYPTO_BUFFER, CRYPTO_BUFFER_up_ref) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 47e2d34b..8098c482 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -723,11 +723,11 @@ struct rsa_st { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(RSA, RSA_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/span.h b/include/openssl/span.h index 5ed96b7b..298a7222 100644 --- a/include/openssl/span.h +++ b/include/openssl/span.h @@ -25,7 +25,7 @@ extern "C++" { #include #include -namespace bssl { +BSSL_NAMESPACE_BEGIN template class Span; @@ -190,7 +190,7 @@ auto MakeConstSpan(const C &c) -> decltype(MakeConstSpan(c.data(), c.size())) { return MakeConstSpan(c.data(), c.size()); } -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 5546f4e7..0d5a444d 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -4383,6 +4383,10 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); #define SSL_CTRL_SET_TMP_RSA doesnt_exist #define SSL_CTRL_SET_TMP_RSA_CB doesnt_exist +// |BORINGSSL_PREFIX| already makes each of these symbols into macros, so there +// is no need to define conflicting macros. +#if !defined(BORINGSSL_PREFIX) + #define DTLSv1_get_timeout DTLSv1_get_timeout #define DTLSv1_handle_timeout DTLSv1_handle_timeout #define SSL_CTX_add0_chain_cert SSL_CTX_add0_chain_cert @@ -4452,6 +4456,8 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); #define SSL_set_tmp_rsa SSL_set_tmp_rsa #define SSL_total_renegotiations SSL_total_renegotiations +#endif // !defined(BORINGSSL_PREFIX) + #if defined(__cplusplus) } // extern C @@ -4460,7 +4466,7 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(SSL, SSL_free) BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free) @@ -4572,7 +4578,7 @@ OPENSSL_EXPORT bool SSL_apply_handoff(SSL *ssl, Span handoff); OPENSSL_EXPORT bool SSL_serialize_handback(const SSL *ssl, CBB *out); OPENSSL_EXPORT bool SSL_apply_handback(SSL *ssl, Span handback); -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/include/openssl/stack.h b/include/openssl/stack.h index a1cca59c..15b6adf7 100644 --- a/include/openssl/stack.h +++ b/include/openssl/stack.h @@ -219,17 +219,17 @@ OPENSSL_EXPORT _STACK *sk_deep_copy(const _STACK *sk, #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN namespace internal { template struct StackTraits {}; } -} +BSSL_NAMESPACE_END } #define BORINGSSL_DEFINE_STACK_TRAITS(name, type, is_const) \ extern "C++" { \ - namespace bssl { \ + BSSL_NAMESPACE_BEGIN \ namespace internal { \ template <> \ struct StackTraits { \ @@ -238,7 +238,7 @@ struct StackTraits {}; static constexpr bool kIsConst = is_const; \ }; \ } \ - } \ + BSSL_NAMESPACE_END \ } #else @@ -393,7 +393,7 @@ extern "C++" { #include -namespace bssl { +BSSL_NAMESPACE_BEGIN namespace internal { @@ -474,7 +474,7 @@ static inline return true; } -} // namespace bssl +BSSL_NAMESPACE_END // Define begin() and end() for stack types so C++ range for loops work. template diff --git a/include/openssl/x509.h b/include/openssl/x509.h index eeab5ec5..72f7314b 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1129,7 +1129,7 @@ DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(NETSCAPE_SPKI, NETSCAPE_SPKI_free) BORINGSSL_MAKE_DELETER(RSA_PSS_PARAMS, RSA_PSS_PARAMS_free) @@ -1158,7 +1158,7 @@ using ScopedX509_STORE_CTX = internal::StackAllocated; -} // namespace bssl +BSSL_NAMESPACE_END } /* extern C++ */ #endif /* !BORINGSSL_NO_CXX */ diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 1af439d7..53e20a07 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -751,7 +751,7 @@ DEFINE_STACK_OF(X509_POLICY_NODE) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(ACCESS_DESCRIPTION, ACCESS_DESCRIPTION_free) BORINGSSL_MAKE_DELETER(AUTHORITY_KEYID, AUTHORITY_KEYID_free) @@ -760,7 +760,7 @@ BORINGSSL_MAKE_DELETER(DIST_POINT, DIST_POINT_free) BORINGSSL_MAKE_DELETER(GENERAL_NAME, GENERAL_NAME_free) BORINGSSL_MAKE_DELETER(POLICYINFO, POLICYINFO_free) -} // namespace bssl +BSSL_NAMESPACE_END } /* extern C++ */ #endif diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt index 6881089f..d6c1294f 100644 --- a/ssl/CMakeLists.txt +++ b/ssl/CMakeLists.txt @@ -41,6 +41,8 @@ add_library( tls13_server.cc ) +add_dependencies(ssl global_target) + target_link_libraries(ssl crypto) add_executable( @@ -53,6 +55,8 @@ add_executable( $ ) +add_dependencies(ssl_test global_target) + target_link_libraries(ssl_test ssl crypto boringssl_gtest) if(WIN32) target_link_libraries(ssl_test ws2_32) diff --git a/ssl/d1_both.cc b/ssl/d1_both.cc index f22a4981..3f7739ed 100644 --- a/ssl/d1_both.cc +++ b/ssl/d1_both.cc @@ -127,7 +127,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // TODO(davidben): 28 comes from the size of IP + UDP header. Is this reasonable // for these values? Notably, why is kMinMTU a function of the transport @@ -848,4 +848,4 @@ unsigned int dtls1_min_mtu(void) { return kMinMTU; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/ssl/d1_lib.cc b/ssl/d1_lib.cc index d73e5382..0e0b211b 100644 --- a/ssl/d1_lib.cc +++ b/ssl/d1_lib.cc @@ -68,7 +68,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // DTLS1_MTU_TIMEOUTS is the maximum number of timeouts to expire // before starting to decrease the MTU. @@ -187,7 +187,7 @@ bool dtls1_check_timeout_num(SSL *ssl) { return true; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/ssl/d1_pkt.cc b/ssl/d1_pkt.cc index a694c5f3..be595b07 100644 --- a/ssl/d1_pkt.cc +++ b/ssl/d1_pkt.cc @@ -126,7 +126,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN ssl_open_record_t dtls1_open_app_data(SSL *ssl, Span *out, size_t *out_consumed, uint8_t *out_alert, @@ -271,4 +271,4 @@ int dtls1_dispatch_alert(SSL *ssl) { return 1; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/ssl/dtls_record.cc b/ssl/dtls_record.cc index d3486015..3950ae2d 100644 --- a/ssl/dtls_record.cc +++ b/ssl/dtls_record.cc @@ -121,7 +121,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // to_u64_be treats |in| as a 8-byte big-endian integer and returns the value as // a |uint64_t|. @@ -350,4 +350,4 @@ int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, return 1; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/ssl/handoff.cc b/ssl/handoff.cc index 68cac5b1..a47b7c15 100644 --- a/ssl/handoff.cc +++ b/ssl/handoff.cc @@ -19,7 +19,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN constexpr int kHandoffVersion = 0; constexpr int kHandbackVersion = 0; @@ -359,4 +359,4 @@ bool SSL_apply_handback(SSL *ssl, Span handback) { return CBS_len(&seq) == 0; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/ssl/handshake.cc b/ssl/handshake.cc index 8e5c62c3..963038f5 100644 --- a/ssl/handshake.cc +++ b/ssl/handshake.cc @@ -122,7 +122,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg) : ssl(ssl_arg), @@ -667,4 +667,4 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) { } } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc index ae6670f8..ae96bcf2 100644 --- a/ssl/handshake_client.cc +++ b/ssl/handshake_client.cc @@ -172,7 +172,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN enum ssl_client_hs_state_t { state_start_connect = 0, @@ -1820,4 +1820,4 @@ const char *ssl_client_handshake_state(SSL_HANDSHAKE *hs) { return "TLS client unknown"; } -} +BSSL_NAMESPACE_END diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc index f0ed0d89..c5460886 100644 --- a/ssl/handshake_server.cc +++ b/ssl/handshake_server.cc @@ -170,7 +170,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN bool ssl_client_cipher_list_contains_cipher( const SSL_CLIENT_HELLO *client_hello, uint16_t id) { @@ -1626,4 +1626,4 @@ const char *ssl_server_handshake_state(SSL_HANDSHAKE *hs) { return "TLS server unknown"; } -} +BSSL_NAMESPACE_END diff --git a/ssl/internal.h b/ssl/internal.h index 28778969..98ce6e06 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -173,7 +173,7 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) #endif -namespace bssl { +BSSL_NAMESPACE_BEGIN struct SSL_CONFIG; struct SSL_HANDSHAKE; @@ -414,7 +414,7 @@ bool ssl_is_draft28(uint16_t version); // Cipher suites. -} // namespace bssl +BSSL_NAMESPACE_END struct ssl_cipher_st { // name is the OpenSSL name for the cipher. @@ -432,7 +432,7 @@ struct ssl_cipher_st { uint32_t algorithm_prf; }; -namespace bssl { +BSSL_NAMESPACE_BEGIN // Bits for |algorithm_mkey| (key exchange algorithm). #define SSL_kRSA 0x00000001u @@ -2015,13 +2015,13 @@ struct CertCompressionAlg { uint16_t alg_id = 0; }; -} // namespace bssl +BSSL_NAMESPACE_END DECLARE_LHASH_OF(SSL_SESSION) DEFINE_NAMED_STACK_OF(CertCompressionAlg, bssl::CertCompressionAlg); -namespace bssl { +BSSL_NAMESPACE_BEGIN // An ssl_shutdown_t describes the shutdown state of one end of the connection, // whether it is alive or has been shutdown via close_notify or fatal alert. @@ -2749,7 +2749,7 @@ void ssl_reset_error_state(SSL *ssl); // current state of the error queue. void ssl_set_read_error(SSL *ssl); -} // namespace bssl +BSSL_NAMESPACE_END // Opaque C types. diff --git a/ssl/s3_both.cc b/ssl/s3_both.cc index 98896a3d..c1d4b652 100644 --- a/ssl/s3_both.cc +++ b/ssl/s3_both.cc @@ -130,7 +130,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN static bool add_record_to_flight(SSL *ssl, uint8_t type, Span in) { @@ -636,4 +636,4 @@ void ssl3_next_message(SSL *ssl) { } } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/ssl/s3_lib.cc b/ssl/s3_lib.cc index 0b24f941..0e0770c1 100644 --- a/ssl/s3_lib.cc +++ b/ssl/s3_lib.cc @@ -162,7 +162,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN SSL3_STATE::SSL3_STATE() : skip_early_data(false), @@ -215,4 +215,4 @@ void ssl3_free(SSL *ssl) { ssl->s3 = NULL; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/ssl/s3_pkt.cc b/ssl/s3_pkt.cc index 50e709b9..1ccbf9f1 100644 --- a/ssl/s3_pkt.cc +++ b/ssl/s3_pkt.cc @@ -122,7 +122,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN static int do_ssl3_write(SSL *ssl, int type, const uint8_t *in, unsigned len); @@ -425,4 +425,4 @@ int ssl3_dispatch_alert(SSL *ssl) { return 1; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/ssl/span_test.cc b/ssl/span_test.cc index 0aa7f3de..7db3d708 100644 --- a/ssl/span_test.cc +++ b/ssl/span_test.cc @@ -19,7 +19,7 @@ #include -namespace bssl { +BSSL_NAMESPACE_BEGIN namespace { static void TestCtor(Span s, const int *ptr, size_t size) { @@ -87,4 +87,4 @@ TEST(SpanTest, Accessor) { } } // namespace -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/ssl/ssl_aead_ctx.cc b/ssl/ssl_aead_ctx.cc index 322b1b57..6a257800 100644 --- a/ssl/ssl_aead_ctx.cc +++ b/ssl/ssl_aead_ctx.cc @@ -31,7 +31,7 @@ #define FUZZER_MODE false #endif -namespace bssl { +BSSL_NAMESPACE_BEGIN SSLAEADContext::SSLAEADContext(uint16_t version_arg, bool is_dtls_arg, const SSL_CIPHER *cipher_arg) @@ -433,4 +433,4 @@ bool SSLAEADContext::GetIV(const uint8_t **out_iv, size_t *out_iv_len) const { EVP_AEAD_CTX_get_iv(ctx_.get(), out_iv, out_iv_len); } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/ssl/ssl_asn1.cc b/ssl/ssl_asn1.cc index 5dfacb22..caccef4d 100644 --- a/ssl/ssl_asn1.cc +++ b/ssl/ssl_asn1.cc @@ -104,7 +104,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // An SSL_SESSION is serialized as the following ASN.1 structure: // @@ -751,7 +751,7 @@ int ssl_session_serialize(const SSL_SESSION *in, CBB *cbb) { return SSL_SESSION_to_bytes_full(in, cbb, 0); } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/ssl/ssl_buffer.cc b/ssl/ssl_buffer.cc index 72647a4c..b94f0811 100644 --- a/ssl/ssl_buffer.cc +++ b/ssl/ssl_buffer.cc @@ -27,7 +27,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // BIO uses int instead of size_t. No lengths will exceed uint16_t, so this will // not overflow. @@ -284,4 +284,4 @@ int ssl_write_buffer_flush(SSL *ssl) { } } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc index 4842974c..3f3a1c50 100644 --- a/ssl/ssl_cert.cc +++ b/ssl/ssl_cert.cc @@ -133,7 +133,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN CERT::CERT(const SSL_X509_METHOD *x509_method_arg) : x509_method(x509_method_arg) {} @@ -750,7 +750,7 @@ int ssl_on_certificate_selected(SSL_HANDSHAKE *hs) { return hs->local_pubkey != NULL; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc index 58995003..1e5320c9 100644 --- a/ssl/ssl_cipher.cc +++ b/ssl/ssl_cipher.cc @@ -154,7 +154,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // kCiphers is an array of all supported ciphers, sorted by id. static constexpr SSL_CIPHER kCiphers[] = { @@ -1306,7 +1306,7 @@ size_t ssl_cipher_get_record_split_len(const SSL_CIPHER *cipher) { return ret; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/ssl/ssl_key_share.cc b/ssl/ssl_key_share.cc index c7f6f88f..866da67e 100644 --- a/ssl/ssl_key_share.cc +++ b/ssl/ssl_key_share.cc @@ -31,7 +31,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN namespace { @@ -292,7 +292,7 @@ int ssl_name_to_group_id(uint16_t *out_group_id, const char *name, size_t len) { return 0; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc index 120c2760..13b9cacc 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc @@ -162,7 +162,7 @@ #endif -namespace bssl { +BSSL_NAMESPACE_BEGIN // |SSL_R_UNKNOWN_PROTOCOL| is no longer emitted, but continue to define it // to avoid downstream churn. @@ -506,7 +506,7 @@ void SSL_set_handoff_mode(SSL *ssl, bool on) { ssl->config->handoff = on; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/ssl/ssl_privkey.cc b/ssl/ssl_privkey.cc index fecac39e..b2f8177b 100644 --- a/ssl/ssl_privkey.cc +++ b/ssl/ssl_privkey.cc @@ -69,7 +69,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN int ssl_is_key_type_supported(int key_type) { return key_type == EVP_PKEY_RSA || key_type == EVP_PKEY_EC || @@ -287,7 +287,7 @@ bool ssl_private_key_supports_signature_algorithm(SSL_HANDSHAKE *hs, return true; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc index 1b0b68a4..927dd1ba 100644 --- a/ssl/ssl_session.cc +++ b/ssl/ssl_session.cc @@ -151,7 +151,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // The address of this is a magic value, a pointer to which is returned by // SSL_magic_pending_session_ptr(). It allows a session callback to indicate @@ -838,7 +838,7 @@ static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *session) { } } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 2f78032d..bb47b70b 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -53,7 +53,7 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) #endif -namespace bssl { +BSSL_NAMESPACE_BEGIN namespace { @@ -4443,4 +4443,4 @@ TEST(SSLTest, AllTests) { } } // namespace -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/ssl/ssl_transcript.cc b/ssl/ssl_transcript.cc index 24b86bf5..8bb513da 100644 --- a/ssl/ssl_transcript.cc +++ b/ssl/ssl_transcript.cc @@ -141,7 +141,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN SSLTranscript::SSLTranscript() {} @@ -261,4 +261,4 @@ bool SSLTranscript::GetFinishedMAC(uint8_t *out, size_t *out_len, return true; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc index 212c3ac9..911fb7e5 100644 --- a/ssl/ssl_versions.cc +++ b/ssl/ssl_versions.cc @@ -23,7 +23,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) { switch (version) { @@ -360,7 +360,7 @@ bool ssl_is_draft28(uint16_t version) { return version == TLS1_3_DRAFT28_VERSION || version == TLS1_3_VERSION; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/ssl/ssl_x509.cc b/ssl/ssl_x509.cc index ef095898..9fa800ff 100644 --- a/ssl/ssl_x509.cc +++ b/ssl/ssl_x509.cc @@ -155,7 +155,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // check_ssl_x509_method asserts that |ssl| has the X509-based method // installed. Calling an X509-based method on an |ssl| with a different method @@ -506,7 +506,7 @@ const SSL_X509_METHOD ssl_crypto_x509_method = { ssl_crypto_x509_ssl_ctx_flush_cached_client_CA, }; -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/ssl/t1_enc.cc b/ssl/t1_enc.cc index 93170b96..c6b2844d 100644 --- a/ssl/t1_enc.cc +++ b/ssl/t1_enc.cc @@ -153,7 +153,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN bool tls1_prf(const EVP_MD *digest, Span out, Span secret, Span label, @@ -277,7 +277,7 @@ int tls1_generate_master_secret(SSL_HANDSHAKE *hs, uint8_t *out, return SSL3_MASTER_SECRET_SIZE; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc index 32ea2d40..3f4818f5 100644 --- a/ssl/t1_lib.cc +++ b/ssl/t1_lib.cc @@ -129,7 +129,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs); @@ -3836,7 +3836,7 @@ bool ssl_is_sct_list_valid(const CBS *contents) { return true; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/ssl/test/CMakeLists.txt b/ssl/test/CMakeLists.txt index 425b43b6..d86464c4 100644 --- a/ssl/test/CMakeLists.txt +++ b/ssl/test/CMakeLists.txt @@ -14,6 +14,8 @@ add_executable( $ ) +add_dependencies(bssl_shim global_target) + target_link_libraries(bssl_shim ssl crypto) if(UNIX AND NOT APPLE AND NOT ANDROID) @@ -31,6 +33,8 @@ if(UNIX AND NOT APPLE AND NOT ANDROID) $ ) + add_dependencies(handshaker global_target) + target_link_libraries(handshaker ssl crypto) else() # Declare a dummy target for run_tests to depend on. diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc index faaa88d3..a02d35d7 100644 --- a/ssl/tls13_both.cc +++ b/ssl/tls13_both.cc @@ -30,7 +30,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // kMaxKeyUpdates is the number of consecutive KeyUpdates that will be // processed. Without this limit an attacker could force unbounded processing @@ -665,4 +665,4 @@ bool tls13_post_handshake(SSL *ssl, const SSLMessage &msg) { return false; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc index 7de70b05..26f5fb99 100644 --- a/ssl/tls13_client.cc +++ b/ssl/tls13_client.cc @@ -31,7 +31,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN enum client_hs_state_t { state_read_hello_retry_request = 0, @@ -929,4 +929,4 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) { return true; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/ssl/tls13_enc.cc b/ssl/tls13_enc.cc index 84bc5d22..e451838c 100644 --- a/ssl/tls13_enc.cc +++ b/ssl/tls13_enc.cc @@ -30,7 +30,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN static int init_key_schedule(SSL_HANDSHAKE *hs, uint16_t version, const SSL_CIPHER *cipher) { @@ -487,4 +487,4 @@ int tls13_verify_psk_binder(SSL_HANDSHAKE *hs, SSL_SESSION *session, return 1; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc index bf3e2cfd..b1940d8d 100644 --- a/ssl/tls13_server.cc +++ b/ssl/tls13_server.cc @@ -36,7 +36,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN enum server_hs_state_t { state_select_parameters = 0, @@ -1028,4 +1028,4 @@ const char *tls13_server_handshake_state(SSL_HANDSHAKE *hs) { return "TLS 1.3 server unknown"; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/ssl/tls_method.cc b/ssl/tls_method.cc index 2af51719..116f0270 100644 --- a/ssl/tls_method.cc +++ b/ssl/tls_method.cc @@ -65,7 +65,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN static void ssl3_on_handshake_complete(SSL *ssl) { // The handshake should have released its final message. @@ -182,7 +182,7 @@ const SSL_X509_METHOD ssl_noop_x509_method = { ssl_noop_x509_ssl_ctx_flush_cached_client_CA, }; -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/ssl/tls_record.cc b/ssl/tls_record.cc index a2e4a20f..452b0cf4 100644 --- a/ssl/tls_record.cc +++ b/ssl/tls_record.cc @@ -119,7 +119,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // kMaxEmptyRecords is the number of consecutive, empty records that will be // processed. Without this limit an attacker could send empty records at a @@ -674,7 +674,7 @@ bool SealRecord(SSL *ssl, const Span out_prefix, in.data(), in.size()); } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/third_party/fiat/CMakeLists.txt b/third_party/fiat/CMakeLists.txt deleted file mode 100644 index fcc77d52..00000000 --- a/third_party/fiat/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - fiat - - OBJECT - - curve25519.c -) diff --git a/tool/CMakeLists.txt b/tool/CMakeLists.txt index 87efb09f..7f340171 100644 --- a/tool/CMakeLists.txt +++ b/tool/CMakeLists.txt @@ -20,6 +20,8 @@ add_executable( transport_common.cc ) +add_dependencies(bssl global_target) + if(APPLE OR WIN32 OR ANDROID) target_link_libraries(bssl ssl crypto) else() diff --git a/util/make_prefix_headers.go b/util/make_prefix_headers.go new file mode 100644 index 00000000..a5e5441f --- /dev/null +++ b/util/make_prefix_headers.go @@ -0,0 +1,216 @@ +// Copyright (c) 2018, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +// This program takes a file containing newline-separated symbols, and generates +// boringssl_prefix_symbols.h, boringssl_prefix_symbols_asm.h, and +// boringssl_prefix_symbols_nasm.inc. These header files can be used to build +// BoringSSL with a prefix for all symbols in order to avoid symbol name +// conflicts when linking a project with multiple copies of BoringSSL; see +// BUILDING.md for more details. + +// TODO(joshlf): For platforms which support it, use '#pragma redefine_extname' +// instead of a custom macro. This avoids the need for a custom macro, but also +// ensures that our renaming won't conflict with symbols defined and used by our +// consumers (the "HMAC" problem). An example of this approach can be seen in +// IllumOS' fork of OpenSSL: +// https://github.com/joyent/illumos-extra/blob/master/openssl1x/sunw_prefix.h + +package main + +import ( + "bufio" + "flag" + "fmt" + "os" + "path/filepath" + "strings" +) + +var out = flag.String("out", ".", "Path to a directory where the outputs will be written") + +// Read newline-separated symbols from a file, ignoring any comments started +// with '#'. +func readSymbols(path string) ([]string, error) { + f, err := os.Open(path) + if err != nil { + return nil, err + } + defer f.Close() + scanner := bufio.NewScanner(f) + var ret []string + for scanner.Scan() { + line := scanner.Text() + if idx := strings.IndexByte(line, '#'); idx >= 0 { + line = line[:idx] + } + line = strings.TrimSpace(line) + if len(line) == 0 { + continue + } + ret = append(ret, line) + } + if err := scanner.Err(); err != nil { + return nil, err + } + return ret, nil +} + +func writeCHeader(symbols []string, path string) error { + f, err := os.Create(path) + if err != nil { + return err + } + defer f.Close() + + if _, err := f.WriteString(`// Copyright (c) 2018, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +// BORINGSSL_ADD_PREFIX pastes two identifiers into one. It performs one +// iteration of macro expansion on its arguments before pasting. +#define BORINGSSL_ADD_PREFIX(a, b) BORINGSSL_ADD_PREFIX_INNER(a, b) +#define BORINGSSL_ADD_PREFIX_INNER(a, b) a ## _ ## b + +`); err != nil { + return err + } + + for _, symbol := range symbols { + if _, err := fmt.Fprintf(f, "#define %s BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, %s)\n", symbol, symbol); err != nil { + return err + } + } + + return nil +} + +func writeASMHeader(symbols []string, path string) error { + f, err := os.Create(path) + if err != nil { + return err + } + defer f.Close() + + if _, err := f.WriteString(`// Copyright (c) 2018, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +#if !defined(__APPLE__) +#include +#else +// On iOS and macOS, we need to treat assembly symbols differently from other +// symbols. The linker expects symbols to be prefixed with an underscore. +// Perlasm thus generates symbol with this underscore applied. Our macros must, +// in turn, incorporate it. +#define BORINGSSL_ADD_PREFIX_MAC_ASM(a, b) BORINGSSL_ADD_PREFIX_INNER_MAC_ASM(a, b) +#define BORINGSSL_ADD_PREFIX_INNER_MAC_ASM(a, b) _ ## a ## _ ## b + +`); err != nil { + return err + } + + for _, symbol := range symbols { + if _, err := fmt.Fprintf(f, "#define _%s BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, %s)\n", symbol, symbol); err != nil { + return err + } + } + + _, err = fmt.Fprintf(f, "#endif\n") + return nil +} + +func writeNASMHeader(symbols []string, path string) error { + f, err := os.Create(path) + if err != nil { + return err + } + defer f.Close() + + // NASM uses a different syntax from the C preprocessor. + if _, err := f.WriteString(`; Copyright (c) 2018, Google Inc. +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +; WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +; MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +; SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +; WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +; OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +; CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +`); err != nil { + return err + } + + for _, symbol := range symbols { + if _, err := fmt.Fprintf(f, "%%define %s BORINGSSL_PREFIX %%+ %s\n", symbol, symbol); err != nil { + return err + } + } + + return nil +} + +func main() { + flag.Parse() + if flag.NArg() != 1 { + fmt.Fprintf(os.Stderr, "Usage: %s [-out OUT] SYMBOLS\n", os.Args[0]) + os.Exit(1) + } + + symbols, err := readSymbols(flag.Arg(0)) + if err != nil { + fmt.Fprintf(os.Stderr, "Error reading symbols: %s\n", err) + os.Exit(1) + } + + if err := writeCHeader(symbols, filepath.Join(*out, "boringssl_prefix_symbols.h")); err != nil { + fmt.Fprintf(os.Stderr, "Error writing boringssl_prefix_symbols.h: %s\n", err) + os.Exit(1) + } + + if err := writeASMHeader(symbols, filepath.Join(*out, "boringssl_prefix_symbols_asm.h")); err != nil { + fmt.Fprintf(os.Stderr, "Error writing boringssl_prefix_symbols_asm.h: %s\n", err) + os.Exit(1) + } + + if err := writeNASMHeader(symbols, filepath.Join(*out, "boringssl_prefix_symbols_nasm.inc")); err != nil { + fmt.Fprintf(os.Stderr, "Error writing boringssl_prefix_symbols_nasm.inc: %s\n", err) + os.Exit(1) + } + +}