Compatibility changes for wpa_supplicant and OpenSSH.

OpenSSH, especially, does some terrible things that mean that it needs the EVP_CIPHER structure to be exposed ☹. Damian is open to a better API to replace this, but only if OpenSSL agree too. Either way, it won't be happening soon. Change-Id: I393b7a6af6694d4d2fe9ebcccd40286eff4029bd Reviewed-on: https://boringssl-review.googlesource.com/4330 Reviewed-by: Adam Langley <agl@google.com>
hace 9 años · c3ef76f327
--- a/crypto/cipher/internal.h
+++ b/crypto/cipher/internal.h
@@ -66,42 +66,6 @@ extern "C" {
 #endif


 struct evp_cipher_st {
  /* type contains a NID identifing the cipher. (e.g. NID_aes_128_gcm.) */
  int nid;

  /* block_size contains the block size, in bytes, of the cipher, or 1 for a
   * stream cipher. */
  unsigned block_size;

  /* key_len contains the key size, in bytes, for the cipher. If the cipher
   * takes a variable key size then this contains the default size. */
  unsigned key_len;

  /* iv_len contains the IV size, in bytes, or zero if inapplicable. */
  unsigned iv_len;

  /* ctx_size contains the size, in bytes, of the per-key context for this
   * cipher. */
  unsigned ctx_size;

  /* flags contains the OR of a number of flags. See |EVP_CIPH_*|. */
  uint32_t flags;

  /* app_data is a pointer to opaque, user data. */
  void *app_data;

  int (*init)(EVP_CIPHER_CTX *ctx, const uint8_t *key, const uint8_t *iv,
              int enc);

  int (*cipher)(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
                size_t inl);

  void (*cleanup)(EVP_CIPHER_CTX *);

  int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
 };

 /* EVP_CIPH_MODE_MASK contains the bits of |flags| that represent the mode. */
 #define EVP_CIPH_MODE_MASK 0x3f

--- a/crypto/crypto.c
+++ b/crypto/crypto.c
@@ -102,3 +102,11 @@ void CRYPTO_library_init(void) {
  do_library_init();
 #endif
 }

 const char *SSLeay_version(int unused) {
  return SSLeay();
 }

 const char *SSLeay(void) {
  return "BoringSSL";
 }
--- a/crypto/ec/ec.c
+++ b/crypto/ec/ec.c
@@ -861,3 +861,13 @@ int ec_point_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *po
  return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y,
                                                            z, ctx);
 }

 void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag) {}

 const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) {
  return NULL;
 }

 int EC_METHOD_get_field_type(const EC_METHOD *meth) {
  return NID_X9_62_prime_field;
 }
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -515,3 +515,5 @@ int EC_KEY_set_ex_data(EC_KEY *d, int idx, void *arg) {
 void *EC_KEY_get_ex_data(const EC_KEY *d, int idx) {
  return CRYPTO_get_ex_data(&d->ex_data, idx);
 }

 void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) {}
--- a/crypto/rand/rand.c
+++ b/crypto/rand/rand.c
@@ -154,3 +154,7 @@ void RAND_add(const void *buf, int num, double entropy) {}
 int RAND_poll(void) {
  return 1;
 }

 int RAND_status(void) {
  return 1;
 }
--- a/crypto/rsa/rsa.c
+++ b/crypto/rsa/rsa.c
@@ -764,3 +764,7 @@ int RSA_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in,

  return RSA_default_method.private_transform(rsa, out, in, len);
 }

 int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) {
  return 1;
 }
--- a/include/openssl/aes.h
+++ b/include/openssl/aes.h
@@ -146,9 +146,9 @@ OPENSSL_EXPORT void AES_cfb128_encrypt(const uint8_t *in, uint8_t *out,
 * Android they'll have no definition. */

 OPENSSL_EXPORT int AES_wrap_key(AES_KEY *key, const uint8_t *iv, uint8_t *out,
                                const uint8_t *in, size_t in_len);
                                const uint8_t *in, unsigned in_len);
 OPENSSL_EXPORT int AES_unwrap_key(AES_KEY *key, const uint8_t *iv, uint8_t *out,
                                  const uint8_t *in, size_t in_len);
                                  const uint8_t *in, unsigned in_len);


 #if defined(__cplusplus)
--- a/include/openssl/cipher.h
+++ b/include/openssl/cipher.h
@@ -488,6 +488,42 @@ typedef struct evp_cipher_info_st {
  unsigned char iv[EVP_MAX_IV_LENGTH];
 } EVP_CIPHER_INFO;

 struct evp_cipher_st {
  /* type contains a NID identifing the cipher. (e.g. NID_aes_128_gcm.) */
  int nid;

  /* block_size contains the block size, in bytes, of the cipher, or 1 for a
   * stream cipher. */
  unsigned block_size;

  /* key_len contains the key size, in bytes, for the cipher. If the cipher
   * takes a variable key size then this contains the default size. */
  unsigned key_len;

  /* iv_len contains the IV size, in bytes, or zero if inapplicable. */
  unsigned iv_len;

  /* ctx_size contains the size, in bytes, of the per-key context for this
   * cipher. */
  unsigned ctx_size;

  /* flags contains the OR of a number of flags. See |EVP_CIPH_*|. */
  uint32_t flags;

  /* app_data is a pointer to opaque, user data. */
  void *app_data;

  int (*init)(EVP_CIPHER_CTX *ctx, const uint8_t *key, const uint8_t *iv,
              int enc);

  int (*cipher)(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
                size_t inl);

  void (*cleanup)(EVP_CIPHER_CTX *);

  int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
 };


 /* Android compatibility section.
 *
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -32,6 +32,20 @@ extern "C" {
 OPENSSL_EXPORT void CRYPTO_library_init(void);


 /* Deprecated functions. */

 #define OPENSSL_VERSION_TEXT "BoringSSL"

 #define SSLEAY_VERSION 0

 /* SSLeay_version is a compatibility function that returns the string
 * "BoringSSL". */
 OPENSSL_EXPORT const char *SSLeay_version(int unused);

 /* SSLeay is a compatibility function that returns the string "BoringSSL". */
 OPENSSL_EXPORT const char *SSLeay(void);


 #if defined(__cplusplus)
 }  /* extern C */
 #endif
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -284,6 +284,22 @@ OPENSSL_EXPORT int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r,
                                 BN_CTX *ctx);


 /* Deprecated functions. */

 /* EC_GROUP_set_asn1_flag does nothing. */
 OPENSSL_EXPORT void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);

 #define OPENSSL_EC_NAMED_CURVE 0

 typedef struct ec_method_st EC_METHOD;

 /* EC_GROUP_method_of returns NULL. */
 OPENSSL_EXPORT const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);

 /* EC_METHOD_get_field_type returns NID_X9_62_prime_field. */
 OPENSSL_EXPORT int EC_METHOD_get_field_type(const EC_METHOD *meth);


 /* Old code expects to get EC_KEY from ec.h. */
 #if !defined(OPENSSL_HEADER_EC_KEY_H)
 #include <openssl/ec_key.h>
--- a/include/openssl/ec_key.h
+++ b/include/openssl/ec_key.h
@@ -273,6 +273,12 @@ struct ecdsa_method_st {
 };


 /* Deprecated functions. */

 /* EC_KEY_set_asn1_flag does nothing. */
 OPENSSL_EXPORT void EC_KEY_set_asn1_flag(EC_KEY *key, int flag);


 #if defined(__cplusplus)
 }  /* extern C */
 #endif
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -47,6 +47,9 @@ OPENSSL_EXPORT void RAND_add(const void *buf, int num, double entropy);
 /* RAND_poll returns one. */
 OPENSSL_EXPORT int RAND_poll(void);

 /* RAND_status returns one. */
 OPENSSL_EXPORT int RAND_status(void);


 #if defined(__cplusplus)
 }  /* extern C */
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -390,6 +390,12 @@ OPENSSL_EXPORT void *RSA_get_ex_data(const RSA *r, int idx);
 #define RSA_F4 0x10001


 /* Deprecated functions. */

 /* RSA_blinding_on returns one. */
 OPENSSL_EXPORT int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);


 struct rsa_meth_st {
  struct openssl_method_common_st common;

--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -159,6 +159,9 @@
 /* Some code expected to get the threading functions by including ssl.h. */
 #include <openssl/thread.h>

 /* wpa_supplicant expects to get the version functions from ssl.h */
 #include <openssl/crypto.h>

 #if defined(__cplusplus)
 extern "C" {
 #endif