From c3ef76f32740238d9553dc123ac567920331286f Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 13 Apr 2015 14:34:17 -0700 Subject: [PATCH] Compatibility changes for wpa_supplicant and OpenSSH. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenSSH, especially, does some terrible things that mean that it needs the EVP_CIPHER structure to be exposed ☹. Damian is open to a better API to replace this, but only if OpenSSL agree too. Either way, it won't be happening soon. Change-Id: I393b7a6af6694d4d2fe9ebcccd40286eff4029bd Reviewed-on: https://boringssl-review.googlesource.com/4330 Reviewed-by: Adam Langley --- crypto/cipher/internal.h | 36 ------------------------------------ crypto/crypto.c | 8 ++++++++ crypto/ec/ec.c | 10 ++++++++++ crypto/ec/ec_key.c | 2 ++ crypto/rand/rand.c | 4 ++++ crypto/rsa/rsa.c | 4 ++++ include/openssl/aes.h | 4 ++-- include/openssl/cipher.h | 36 ++++++++++++++++++++++++++++++++++++ include/openssl/crypto.h | 14 ++++++++++++++ include/openssl/ec.h | 16 ++++++++++++++++ include/openssl/ec_key.h | 6 ++++++ include/openssl/rand.h | 3 +++ include/openssl/rsa.h | 6 ++++++ include/openssl/ssl.h | 3 +++ 14 files changed, 114 insertions(+), 38 deletions(-) diff --git a/crypto/cipher/internal.h b/crypto/cipher/internal.h index e6220d41..1ce2e588 100644 --- a/crypto/cipher/internal.h +++ b/crypto/cipher/internal.h @@ -66,42 +66,6 @@ extern "C" { #endif -struct evp_cipher_st { - /* type contains a NID identifing the cipher. (e.g. NID_aes_128_gcm.) */ - int nid; - - /* block_size contains the block size, in bytes, of the cipher, or 1 for a - * stream cipher. */ - unsigned block_size; - - /* key_len contains the key size, in bytes, for the cipher. If the cipher - * takes a variable key size then this contains the default size. */ - unsigned key_len; - - /* iv_len contains the IV size, in bytes, or zero if inapplicable. */ - unsigned iv_len; - - /* ctx_size contains the size, in bytes, of the per-key context for this - * cipher. */ - unsigned ctx_size; - - /* flags contains the OR of a number of flags. See |EVP_CIPH_*|. */ - uint32_t flags; - - /* app_data is a pointer to opaque, user data. */ - void *app_data; - - int (*init)(EVP_CIPHER_CTX *ctx, const uint8_t *key, const uint8_t *iv, - int enc); - - int (*cipher)(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, - size_t inl); - - void (*cleanup)(EVP_CIPHER_CTX *); - - int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); -}; - /* EVP_CIPH_MODE_MASK contains the bits of |flags| that represent the mode. */ #define EVP_CIPH_MODE_MASK 0x3f diff --git a/crypto/crypto.c b/crypto/crypto.c index c463d5ec..64e55f4b 100644 --- a/crypto/crypto.c +++ b/crypto/crypto.c @@ -102,3 +102,11 @@ void CRYPTO_library_init(void) { do_library_init(); #endif } + +const char *SSLeay_version(int unused) { + return SSLeay(); +} + +const char *SSLeay(void) { + return "BoringSSL"; +} diff --git a/crypto/ec/ec.c b/crypto/ec/ec.c index 9a4a8388..5378fcf7 100644 --- a/crypto/ec/ec.c +++ b/crypto/ec/ec.c @@ -861,3 +861,13 @@ int ec_point_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *po return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); } + +void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag) {} + +const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) { + return NULL; +} + +int EC_METHOD_get_field_type(const EC_METHOD *meth) { + return NID_X9_62_prime_field; +} diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index b4671ed5..74ed4be5 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -515,3 +515,5 @@ int EC_KEY_set_ex_data(EC_KEY *d, int idx, void *arg) { void *EC_KEY_get_ex_data(const EC_KEY *d, int idx) { return CRYPTO_get_ex_data(&d->ex_data, idx); } + +void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) {} diff --git a/crypto/rand/rand.c b/crypto/rand/rand.c index 5f94a150..66558279 100644 --- a/crypto/rand/rand.c +++ b/crypto/rand/rand.c @@ -154,3 +154,7 @@ void RAND_add(const void *buf, int num, double entropy) {} int RAND_poll(void) { return 1; } + +int RAND_status(void) { + return 1; +} diff --git a/crypto/rsa/rsa.c b/crypto/rsa/rsa.c index 88d38a23..48be5953 100644 --- a/crypto/rsa/rsa.c +++ b/crypto/rsa/rsa.c @@ -764,3 +764,7 @@ int RSA_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in, return RSA_default_method.private_transform(rsa, out, in, len); } + +int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) { + return 1; +} diff --git a/include/openssl/aes.h b/include/openssl/aes.h index 166b61c7..84cde416 100644 --- a/include/openssl/aes.h +++ b/include/openssl/aes.h @@ -146,9 +146,9 @@ OPENSSL_EXPORT void AES_cfb128_encrypt(const uint8_t *in, uint8_t *out, * Android they'll have no definition. */ OPENSSL_EXPORT int AES_wrap_key(AES_KEY *key, const uint8_t *iv, uint8_t *out, - const uint8_t *in, size_t in_len); + const uint8_t *in, unsigned in_len); OPENSSL_EXPORT int AES_unwrap_key(AES_KEY *key, const uint8_t *iv, uint8_t *out, - const uint8_t *in, size_t in_len); + const uint8_t *in, unsigned in_len); #if defined(__cplusplus) diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h index 3148664e..240aa996 100644 --- a/include/openssl/cipher.h +++ b/include/openssl/cipher.h @@ -488,6 +488,42 @@ typedef struct evp_cipher_info_st { unsigned char iv[EVP_MAX_IV_LENGTH]; } EVP_CIPHER_INFO; +struct evp_cipher_st { + /* type contains a NID identifing the cipher. (e.g. NID_aes_128_gcm.) */ + int nid; + + /* block_size contains the block size, in bytes, of the cipher, or 1 for a + * stream cipher. */ + unsigned block_size; + + /* key_len contains the key size, in bytes, for the cipher. If the cipher + * takes a variable key size then this contains the default size. */ + unsigned key_len; + + /* iv_len contains the IV size, in bytes, or zero if inapplicable. */ + unsigned iv_len; + + /* ctx_size contains the size, in bytes, of the per-key context for this + * cipher. */ + unsigned ctx_size; + + /* flags contains the OR of a number of flags. See |EVP_CIPH_*|. */ + uint32_t flags; + + /* app_data is a pointer to opaque, user data. */ + void *app_data; + + int (*init)(EVP_CIPHER_CTX *ctx, const uint8_t *key, const uint8_t *iv, + int enc); + + int (*cipher)(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, + size_t inl); + + void (*cleanup)(EVP_CIPHER_CTX *); + + int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); +}; + /* Android compatibility section. * diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 1dc83464..20c850ee 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -32,6 +32,20 @@ extern "C" { OPENSSL_EXPORT void CRYPTO_library_init(void); +/* Deprecated functions. */ + +#define OPENSSL_VERSION_TEXT "BoringSSL" + +#define SSLEAY_VERSION 0 + +/* SSLeay_version is a compatibility function that returns the string + * "BoringSSL". */ +OPENSSL_EXPORT const char *SSLeay_version(int unused); + +/* SSLeay is a compatibility function that returns the string "BoringSSL". */ +OPENSSL_EXPORT const char *SSLeay(void); + + #if defined(__cplusplus) } /* extern C */ #endif diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 511cb2df..b1cf79bc 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -284,6 +284,22 @@ OPENSSL_EXPORT int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, BN_CTX *ctx); +/* Deprecated functions. */ + +/* EC_GROUP_set_asn1_flag does nothing. */ +OPENSSL_EXPORT void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); + +#define OPENSSL_EC_NAMED_CURVE 0 + +typedef struct ec_method_st EC_METHOD; + +/* EC_GROUP_method_of returns NULL. */ +OPENSSL_EXPORT const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + +/* EC_METHOD_get_field_type returns NID_X9_62_prime_field. */ +OPENSSL_EXPORT int EC_METHOD_get_field_type(const EC_METHOD *meth); + + /* Old code expects to get EC_KEY from ec.h. */ #if !defined(OPENSSL_HEADER_EC_KEY_H) #include diff --git a/include/openssl/ec_key.h b/include/openssl/ec_key.h index 9603952f..ee64030b 100644 --- a/include/openssl/ec_key.h +++ b/include/openssl/ec_key.h @@ -273,6 +273,12 @@ struct ecdsa_method_st { }; +/* Deprecated functions. */ + +/* EC_KEY_set_asn1_flag does nothing. */ +OPENSSL_EXPORT void EC_KEY_set_asn1_flag(EC_KEY *key, int flag); + + #if defined(__cplusplus) } /* extern C */ #endif diff --git a/include/openssl/rand.h b/include/openssl/rand.h index 0b2ead8e..01ef4f8b 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -47,6 +47,9 @@ OPENSSL_EXPORT void RAND_add(const void *buf, int num, double entropy); /* RAND_poll returns one. */ OPENSSL_EXPORT int RAND_poll(void); +/* RAND_status returns one. */ +OPENSSL_EXPORT int RAND_status(void); + #if defined(__cplusplus) } /* extern C */ diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 889ad192..dacb80e6 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -390,6 +390,12 @@ OPENSSL_EXPORT void *RSA_get_ex_data(const RSA *r, int idx); #define RSA_F4 0x10001 +/* Deprecated functions. */ + +/* RSA_blinding_on returns one. */ +OPENSSL_EXPORT int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); + + struct rsa_meth_st { struct openssl_method_common_st common; diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index e6545dab..138f525a 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -159,6 +159,9 @@ /* Some code expected to get the threading functions by including ssl.h. */ #include +/* wpa_supplicant expects to get the version functions from ssl.h */ +#include + #if defined(__cplusplus) extern "C" { #endif