Tweaks for node.js
node.js is, effectively, another bindings library. However, it's better written than most and, with these changes, only a couple of tiny fixes are needed in node.js. Some of these changes are a little depressing however so we'll need to push node.js to use APIs where possible. Changes: ∙ Support verify_recover. This is very obscure and the motivation appears to be https://github.com/nodejs/node/issues/477 – where it's not clear that anyone understands what it means :( ∙ Add a few, no-op #defines ∙ Add some members to |SSL_CTX| and |SSL| – node.js needs to not reach into these structs in the future. ∙ Add EC_get_builtin_curves. ∙ Add EVP_[CIPHER|MD]_do_all_sorted – these functions are limited to decrepit. Change-Id: I9a3566054260d6c4db9d430beb7c46cc970a9d46 Reviewed-on: https://boringssl-review.googlesource.com/6952 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
eac0ce09d8
commit
ce9d85eedd
@ -883,3 +883,21 @@ void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
|
||||
abort();
|
||||
}
|
||||
}
|
||||
|
||||
size_t EC_get_builtin_curves(EC_builtin_curve *out_curves,
|
||||
size_t max_num_curves) {
|
||||
unsigned num_built_in_curves;
|
||||
for (num_built_in_curves = 0;; num_built_in_curves++) {
|
||||
if (OPENSSL_built_in_curves[num_built_in_curves].nid == NID_undef) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
unsigned i;
|
||||
for (i = 0; i < max_num_curves && i < num_built_in_curves; i++) {
|
||||
out_curves[i].comment = OPENSSL_built_in_curves[i].data->comment;
|
||||
out_curves[i].nid = OPENSSL_built_in_curves[i].nid;
|
||||
}
|
||||
|
||||
return num_built_in_curves;
|
||||
}
|
||||
|
@ -342,6 +342,35 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen,
|
||||
return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
|
||||
}
|
||||
|
||||
int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx) {
|
||||
if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) {
|
||||
OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
||||
return 0;
|
||||
}
|
||||
ctx->operation = EVP_PKEY_OP_VERIFYRECOVER;
|
||||
if (!ctx->pmeth->verify_recover_init) {
|
||||
return 1;
|
||||
}
|
||||
if (!ctx->pmeth->verify_recover_init(ctx)) {
|
||||
ctx->operation = EVP_PKEY_OP_UNDEFINED;
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len,
|
||||
const uint8_t *sig, size_t sig_len) {
|
||||
if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) {
|
||||
OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
||||
return 0;
|
||||
}
|
||||
if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
|
||||
OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED);
|
||||
return 0;
|
||||
}
|
||||
return ctx->pmeth->verify_recover(ctx, out, out_len, sig, sig_len);
|
||||
}
|
||||
|
||||
int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) {
|
||||
if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {
|
||||
OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
||||
|
@ -15,6 +15,7 @@
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <utility>
|
||||
#include <vector>
|
||||
@ -658,6 +659,84 @@ static bool TestEVP_DigestVerifyInitFromAlgorithm(void) {
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool TestVerifyRecover() {
|
||||
ScopedEVP_PKEY pkey = LoadExampleRSAKey();
|
||||
if (!pkey) {
|
||||
return false;
|
||||
}
|
||||
|
||||
ScopedRSA rsa(EVP_PKEY_get1_RSA(pkey.get()));
|
||||
if (!rsa) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const uint8_t kDummyHash[32] = {0};
|
||||
uint8_t sig[2048/8];
|
||||
unsigned sig_len = sizeof(sig);
|
||||
|
||||
if (!RSA_sign(NID_sha256, kDummyHash, sizeof(kDummyHash), sig, &sig_len,
|
||||
rsa.get())) {
|
||||
fprintf(stderr, "RSA_sign failed.\n");
|
||||
ERR_print_errors_fp(stderr);
|
||||
return false;
|
||||
}
|
||||
|
||||
size_t out_len;
|
||||
ScopedEVP_PKEY_CTX ctx(EVP_PKEY_CTX_new(pkey.get(), nullptr));
|
||||
if (!EVP_PKEY_verify_recover_init(ctx.get()) ||
|
||||
!EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_PKCS1_PADDING) ||
|
||||
!EVP_PKEY_CTX_set_signature_md(ctx.get(), EVP_sha256()) ||
|
||||
!EVP_PKEY_verify_recover(ctx.get(), nullptr, &out_len, sig, sig_len)) {
|
||||
fprintf(stderr, "verify_recover failed will nullptr buffer.\n");
|
||||
ERR_print_errors_fp(stderr);
|
||||
return false;
|
||||
}
|
||||
|
||||
std::vector<uint8_t> recovered;
|
||||
recovered.resize(out_len);
|
||||
|
||||
if (!EVP_PKEY_verify_recover(ctx.get(), recovered.data(), &out_len, sig,
|
||||
sig_len)) {
|
||||
fprintf(stderr, "verify_recover failed.\n");
|
||||
ERR_print_errors_fp(stderr);
|
||||
return false;
|
||||
}
|
||||
|
||||
if (out_len != sizeof(kDummyHash)) {
|
||||
fprintf(stderr, "verify_recover length is %u, expected %u.\n",
|
||||
static_cast<unsigned>(out_len),
|
||||
static_cast<unsigned>(sizeof(kDummyHash)));
|
||||
return false;
|
||||
}
|
||||
|
||||
if (memcmp(recovered.data(), kDummyHash, sizeof(kDummyHash)) != 0) {
|
||||
fprintf(stderr, "verify_recover got wrong value.\n");
|
||||
ERR_print_errors_fp(stderr);
|
||||
return false;
|
||||
}
|
||||
|
||||
out_len = recovered.size();
|
||||
if (!EVP_PKEY_CTX_set_signature_md(ctx.get(), nullptr) ||
|
||||
!EVP_PKEY_verify_recover(ctx.get(), recovered.data(), &out_len, sig,
|
||||
sig_len)) {
|
||||
fprintf(stderr, "verify_recover failed with NULL MD.\n");
|
||||
ERR_print_errors_fp(stderr);
|
||||
return false;
|
||||
}
|
||||
|
||||
/* The size of a SHA-256 hash plus PKCS#1 v1.5 ASN.1 stuff happens to be 51
|
||||
* bytes. */
|
||||
static const size_t kExpectedASN1Size = 51;
|
||||
if (out_len != kExpectedASN1Size) {
|
||||
fprintf(stderr, "verify_recover length without MD is %u, expected %u.\n",
|
||||
static_cast<unsigned>(out_len),
|
||||
static_cast<unsigned>(kExpectedASN1Size));
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool TestBadPSSParameters(void) {
|
||||
CBS in, tbs_cert, signature;
|
||||
ScopedEVP_PKEY pkey;
|
||||
@ -835,6 +914,12 @@ int main(void) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (!TestVerifyRecover()) {
|
||||
fprintf(stderr, "EVP_PKEY_verify_recover failed\n");
|
||||
ERR_print_errors_fp(stderr);
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (!TestBadPSSParameters()) {
|
||||
fprintf(stderr, "TestBadPSSParameters failed\n");
|
||||
ERR_print_errors_fp(stderr);
|
||||
|
@ -249,6 +249,10 @@ struct evp_pkey_method_st {
|
||||
int (*verify)(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen,
|
||||
const uint8_t *tbs, size_t tbslen);
|
||||
|
||||
int (*verify_recover_init)(EVP_PKEY_CTX *ctx);
|
||||
int (*verify_recover)(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len,
|
||||
const uint8_t *sig, size_t sig_len);
|
||||
|
||||
int (*encrypt_init)(EVP_PKEY_CTX *ctx);
|
||||
int (*encrypt)(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen,
|
||||
const uint8_t *in, size_t inlen);
|
||||
|
@ -273,11 +273,26 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) {
|
||||
}
|
||||
|
||||
const EVP_PKEY_METHOD ec_pkey_meth = {
|
||||
EVP_PKEY_EC, 0 /* flags */, pkey_ec_init,
|
||||
pkey_ec_copy, pkey_ec_cleanup, 0 /* paramgen_init */,
|
||||
pkey_ec_paramgen, 0 /* keygen_init */, pkey_ec_keygen,
|
||||
0 /* sign_init */, pkey_ec_sign, 0 /* verify_init */,
|
||||
pkey_ec_verify, 0 /* encrypt_init */, 0 /* encrypt */,
|
||||
0 /* decrypt_init */, 0 /* decrypt */, 0 /* derive_init */,
|
||||
pkey_ec_derive, pkey_ec_ctrl,
|
||||
EVP_PKEY_EC,
|
||||
0 /* flags */,
|
||||
pkey_ec_init,
|
||||
pkey_ec_copy,
|
||||
pkey_ec_cleanup,
|
||||
0 /* paramgen_init */,
|
||||
pkey_ec_paramgen,
|
||||
0 /* keygen_init */,
|
||||
pkey_ec_keygen,
|
||||
0 /* sign_init */,
|
||||
pkey_ec_sign,
|
||||
0 /* verify_init */,
|
||||
pkey_ec_verify,
|
||||
0 /* verify_recover_init */,
|
||||
0 /* verify_recover */,
|
||||
0 /* encrypt_init */,
|
||||
0 /* encrypt */,
|
||||
0 /* decrypt_init */,
|
||||
0 /* decrypt */,
|
||||
0 /* derive_init */,
|
||||
pkey_ec_derive,
|
||||
pkey_ec_ctrl,
|
||||
};
|
||||
|
@ -256,6 +256,81 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig,
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int pkey_rsa_verify_recover(EVP_PKEY_CTX *ctx, uint8_t *out,
|
||||
size_t *out_len, const uint8_t *sig,
|
||||
size_t sig_len) {
|
||||
RSA_PKEY_CTX *rctx = ctx->data;
|
||||
RSA *rsa = ctx->pkey->pkey.rsa;
|
||||
const size_t key_len = EVP_PKEY_size(ctx->pkey);
|
||||
|
||||
if (out == NULL) {
|
||||
*out_len = key_len;
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (*out_len < key_len) {
|
||||
OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!setup_tbuf(rctx, ctx)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (rctx->md == NULL) {
|
||||
const size_t ret = RSA_public_decrypt(sig_len, sig, rctx->tbuf,
|
||||
ctx->pkey->pkey.rsa, rctx->pad_mode);
|
||||
if (ret < 0) {
|
||||
return 0;
|
||||
}
|
||||
*out_len = ret;
|
||||
memcpy(out, rctx->tbuf, *out_len);
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (rctx->pad_mode != RSA_PKCS1_PADDING) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
uint8_t *asn1_prefix;
|
||||
size_t asn1_prefix_len;
|
||||
int asn1_prefix_allocated;
|
||||
if (!RSA_add_pkcs1_prefix(&asn1_prefix, &asn1_prefix_len,
|
||||
&asn1_prefix_allocated, EVP_MD_type(rctx->md), NULL,
|
||||
0)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
size_t rslen;
|
||||
int ok = 1;
|
||||
if (!RSA_verify_raw(rsa, &rslen, rctx->tbuf, key_len, sig, sig_len,
|
||||
RSA_PKCS1_PADDING) ||
|
||||
rslen < asn1_prefix_len ||
|
||||
CRYPTO_memcmp(rctx->tbuf, asn1_prefix, asn1_prefix_len) != 0) {
|
||||
ok = 0;
|
||||
}
|
||||
|
||||
if (asn1_prefix_allocated) {
|
||||
OPENSSL_free(asn1_prefix);
|
||||
}
|
||||
|
||||
if (!ok) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
const size_t result_len = rslen - asn1_prefix_len;
|
||||
if (result_len != EVP_MD_size(rctx->md)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (out != NULL) {
|
||||
memcpy(out, rctx->tbuf + asn1_prefix_len, result_len);
|
||||
}
|
||||
*out_len = result_len;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen,
|
||||
const uint8_t *in, size_t inlen) {
|
||||
RSA_PKEY_CTX *rctx = ctx->data;
|
||||
@ -503,13 +578,28 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) {
|
||||
}
|
||||
|
||||
const EVP_PKEY_METHOD rsa_pkey_meth = {
|
||||
EVP_PKEY_RSA, 0 /* flags */, pkey_rsa_init,
|
||||
pkey_rsa_copy, pkey_rsa_cleanup, 0 /* paramgen_init */,
|
||||
0 /* paramgen */, 0 /* keygen_init */, pkey_rsa_keygen,
|
||||
0 /* sign_init */, pkey_rsa_sign, 0 /* verify_init */,
|
||||
pkey_rsa_verify, 0 /* encrypt_init */, pkey_rsa_encrypt,
|
||||
0 /* decrypt_init */, pkey_rsa_decrypt, 0 /* derive_init */,
|
||||
0 /* derive */, pkey_rsa_ctrl,
|
||||
EVP_PKEY_RSA,
|
||||
0 /* flags */,
|
||||
pkey_rsa_init,
|
||||
pkey_rsa_copy,
|
||||
pkey_rsa_cleanup,
|
||||
0 /* paramgen_init */,
|
||||
0 /* paramgen */,
|
||||
0 /* keygen_init */,
|
||||
pkey_rsa_keygen,
|
||||
0 /* sign_init */,
|
||||
pkey_rsa_sign,
|
||||
0 /* verify_init */,
|
||||
pkey_rsa_verify,
|
||||
0 /* verify_recover_init */,
|
||||
pkey_rsa_verify_recover,
|
||||
0 /* encrypt_init */,
|
||||
pkey_rsa_encrypt,
|
||||
0 /* decrypt_init */,
|
||||
pkey_rsa_decrypt,
|
||||
0 /* derive_init */,
|
||||
0 /* derive */,
|
||||
pkey_rsa_ctrl,
|
||||
};
|
||||
|
||||
int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int padding) {
|
||||
|
@ -2,6 +2,7 @@ add_subdirectory(bio)
|
||||
add_subdirectory(blowfish)
|
||||
add_subdirectory(cast)
|
||||
add_subdirectory(des)
|
||||
add_subdirectory(evp)
|
||||
add_subdirectory(rsa)
|
||||
add_subdirectory(xts)
|
||||
|
||||
@ -12,6 +13,7 @@ add_library(
|
||||
$<TARGET_OBJECTS:blowfish>
|
||||
$<TARGET_OBJECTS:cast>
|
||||
$<TARGET_OBJECTS:des_decrepit>
|
||||
$<TARGET_OBJECTS:evp_decrepit>
|
||||
$<TARGET_OBJECTS:rsa_decrepit>
|
||||
$<TARGET_OBJECTS:xts>
|
||||
)
|
||||
|
9
decrepit/evp/CMakeLists.txt
Normal file
9
decrepit/evp/CMakeLists.txt
Normal file
@ -0,0 +1,9 @@
|
||||
include_directories(../../include)
|
||||
|
||||
add_library(
|
||||
evp_decrepit
|
||||
|
||||
OBJECT
|
||||
|
||||
evp_do_all.c
|
||||
)
|
77
decrepit/evp/evp_do_all.c
Normal file
77
decrepit/evp/evp_do_all.c
Normal file
@ -0,0 +1,77 @@
|
||||
/* Copyright (c) 2016, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
|
||||
void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
|
||||
const char *name,
|
||||
const char *unused, void *arg),
|
||||
void *arg) {
|
||||
callback(EVP_aes_128_cbc(), "AES-128-CBC", NULL, arg);
|
||||
callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg);
|
||||
callback(EVP_aes_128_ecb(), "AES-128-ECB", NULL, arg);
|
||||
callback(EVP_aes_128_ofb(), "AES-128-OFB", NULL, arg);
|
||||
callback(EVP_aes_256_cbc(), "AES-256-CBC", NULL, arg);
|
||||
callback(EVP_aes_256_ctr(), "AES-256-CTR", NULL, arg);
|
||||
callback(EVP_aes_256_ecb(), "AES-256-ECB", NULL, arg);
|
||||
callback(EVP_aes_256_ofb(), "AES-256-OFB", NULL, arg);
|
||||
callback(EVP_aes_256_xts(), "AES-256-XTS", NULL, arg);
|
||||
callback(EVP_des_cbc(), "DES-CBC", NULL, arg);
|
||||
callback(EVP_des_ecb(), "DES-ECB", NULL, arg);
|
||||
callback(EVP_des_ede(), "DES-EDE", NULL, arg);
|
||||
callback(EVP_des_ede_cbc(), "DES-EDE-CBC", NULL, arg);
|
||||
callback(EVP_des_ede3_cbc(), "DES-EDE3-CBC", NULL, arg);
|
||||
callback(EVP_rc2_cbc(), "RC2-CBC", NULL, arg);
|
||||
callback(EVP_rc4(), "RC4", NULL, arg);
|
||||
|
||||
/* OpenSSL returns everything twice, the second time in lower case. */
|
||||
callback(EVP_aes_128_cbc(), "aes-128-cbc", NULL, arg);
|
||||
callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg);
|
||||
callback(EVP_aes_128_ecb(), "aes-128-ecb", NULL, arg);
|
||||
callback(EVP_aes_128_ofb(), "aes-128-ofb", NULL, arg);
|
||||
callback(EVP_aes_256_cbc(), "aes-256-cbc", NULL, arg);
|
||||
callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg);
|
||||
callback(EVP_aes_256_ecb(), "aes-256-ecb", NULL, arg);
|
||||
callback(EVP_aes_256_ofb(), "aes-256-ofb", NULL, arg);
|
||||
callback(EVP_aes_256_xts(), "aes-256-xts", NULL, arg);
|
||||
callback(EVP_des_cbc(), "des-cbc", NULL, arg);
|
||||
callback(EVP_des_ecb(), "des-ecb", NULL, arg);
|
||||
callback(EVP_des_ede(), "des-ede", NULL, arg);
|
||||
callback(EVP_des_ede_cbc(), "des-ede-cbc", NULL, arg);
|
||||
callback(EVP_des_ede3_cbc(), "des-ede3-cbc", NULL, arg);
|
||||
callback(EVP_rc2_cbc(), "rc2-cbc", NULL, arg);
|
||||
callback(EVP_rc4(), "rc4", NULL, arg);
|
||||
}
|
||||
|
||||
void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher,
|
||||
const char *name, const char *unused,
|
||||
void *arg),
|
||||
void *arg) {
|
||||
callback(EVP_md4(), "MD4", NULL, arg);
|
||||
callback(EVP_md5(), "MD5", NULL, arg);
|
||||
callback(EVP_sha1(), "SHA1", NULL, arg);
|
||||
callback(EVP_sha224(), "SHA224", NULL, arg);
|
||||
callback(EVP_sha256(), "SHA256", NULL, arg);
|
||||
callback(EVP_sha384(), "SHA384", NULL, arg);
|
||||
callback(EVP_sha512(), "SHA512", NULL, arg);
|
||||
|
||||
callback(EVP_md4(), "md4", NULL, arg);
|
||||
callback(EVP_md5(), "md5", NULL, arg);
|
||||
callback(EVP_sha1(), "sha1", NULL, arg);
|
||||
callback(EVP_sha224(), "sha224", NULL, arg);
|
||||
callback(EVP_sha256(), "sha256", NULL, arg);
|
||||
callback(EVP_sha384(), "sha384", NULL, arg);
|
||||
callback(EVP_sha512(), "sha512", NULL, arg);
|
||||
}
|
@ -711,6 +711,11 @@ OPENSSL_EXPORT int BIO_zero_copy_get_write_buf_done(BIO* bio,
|
||||
#define BIO_CTRL_GET_CALLBACK 15 /* opt - set callback function */
|
||||
#define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */
|
||||
|
||||
/* These are never used, but exist to allow code to compile more easily. */
|
||||
#define BIO_CTRL_DUP 100
|
||||
#define BIO_CTRL_PUSH 101
|
||||
#define BIO_CTRL_POP 102
|
||||
|
||||
|
||||
/* Android compatibility section.
|
||||
*
|
||||
|
@ -42,7 +42,9 @@ OPENSSL_EXPORT void CRYPTO_library_init(void);
|
||||
|
||||
/* Deprecated functions. */
|
||||
|
||||
#define OPENSSL_VERSION_TEXT "BoringSSL"
|
||||
/* OPENSSL_VERSION_TEXT contains a string the identifies the version of
|
||||
* “OpenSSL”. node.js requires a version number in this text. */
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2 (compatible; BoringSSL)"
|
||||
|
||||
#define SSLEAY_VERSION 0
|
||||
|
||||
|
@ -81,14 +81,24 @@ extern "C" {
|
||||
typedef struct ec_group_st EC_GROUP;
|
||||
typedef struct ec_point_st EC_POINT;
|
||||
|
||||
/** Enum for the point conversion form as defined in X9.62 (ECDSA)
|
||||
* for the encoding of a elliptic curve point (x,y) */
|
||||
/* point_conversion_form_t enumerates forms, as defined in X9.62 (ECDSA), for
|
||||
* the encoding of a elliptic curve point (x,y) */
|
||||
typedef enum {
|
||||
/** the point is encoded as z||x, where the octet z specifies
|
||||
* which solution of the quadratic equation y is */
|
||||
/* POINT_CONVERSION_COMPRESSED indicates that the point is encoded as z||x,
|
||||
* where the octet z specifies which solution of the quadratic equation y
|
||||
* is. */
|
||||
POINT_CONVERSION_COMPRESSED = 2,
|
||||
/** the point is encoded as z||x||y, where z is the octet 0x04 */
|
||||
POINT_CONVERSION_UNCOMPRESSED = 4
|
||||
|
||||
/* POINT_CONVERSION_COMPRESSED indicates that the point is encoded as
|
||||
* z||x||y, where z is the octet 0x04. */
|
||||
POINT_CONVERSION_UNCOMPRESSED = 4,
|
||||
|
||||
/* POINT_CONVERSION_HYBRID indicates that the point is encoded as z||x||y,
|
||||
* where z specifies which solution of the quadratic equation y is. This is
|
||||
* not supported by the code and has never been observed in use.
|
||||
*
|
||||
* TODO(agl): remove once node.js no longer references this. */
|
||||
POINT_CONVERSION_HYBRID = 6,
|
||||
} point_conversion_form_t;
|
||||
|
||||
|
||||
@ -306,6 +316,19 @@ OPENSSL_EXPORT int EC_METHOD_get_field_type(const EC_METHOD *meth);
|
||||
OPENSSL_EXPORT void EC_GROUP_set_point_conversion_form(
|
||||
EC_GROUP *group, point_conversion_form_t form);
|
||||
|
||||
/* EC_builtin_curve describes a supported elliptic curve. */
|
||||
typedef struct {
|
||||
int nid;
|
||||
const char *comment;
|
||||
} EC_builtin_curve;
|
||||
|
||||
/* EC_get_builtin_curves writes at most |max_num_curves| elements to
|
||||
* |out_curves| and returns the total number that it would have written, had
|
||||
* |max_num_curves| been large enough.
|
||||
*
|
||||
* The |EC_builtin_curve| items describe the supported elliptic curves. */
|
||||
OPENSSL_EXPORT size_t EC_get_builtin_curves(EC_builtin_curve *out_curves,
|
||||
size_t max_num_curves);
|
||||
|
||||
/* Old code expects to get EC_KEY from ec.h. */
|
||||
#include <openssl/ec_key.h>
|
||||
|
@ -511,6 +511,34 @@ OPENSSL_EXPORT int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out,
|
||||
size_t *out_len, const uint8_t *in,
|
||||
size_t in_len);
|
||||
|
||||
/* EVP_PKEY_verify_recover_init initialises an |EVP_PKEY_CTX| for a public-key
|
||||
* decryption operation. It should be called before |EVP_PKEY_verify_recover|.
|
||||
*
|
||||
* Public-key decryption is a very obscure operation that is only implemented
|
||||
* by RSA keys. It is effectively a signature verification operation that
|
||||
* returns the signed message directly. It is almost certainly not what you
|
||||
* want.
|
||||
*
|
||||
* It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
|
||||
|
||||
/* EVP_PKEY_verify_recover decrypts |sig_len| bytes from |sig|. If |out| is
|
||||
* NULL, the maximum size of the plaintext is written to |out_len|. Otherwise,
|
||||
* |*out_len| must contain the number of bytes of space available at |out|. If
|
||||
* sufficient, the ciphertext will be written to |out| and |*out_len| updated
|
||||
* with the true length.
|
||||
*
|
||||
* WARNING: Setting |out| to NULL only gives the maximum size of the
|
||||
* plaintext. The actual plaintext may be smaller.
|
||||
*
|
||||
* See the warning about this operation in |EVP_PKEY_verify_recover_init|. It
|
||||
* is probably not what you want.
|
||||
*
|
||||
* It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, uint8_t *out,
|
||||
size_t *out_len, const uint8_t *sig,
|
||||
size_t siglen);
|
||||
|
||||
/* EVP_PKEY_derive_init initialises an |EVP_PKEY_CTX| for a key derivation
|
||||
* operation. It should be called before |EVP_PKEY_derive_set_peer| and
|
||||
* |EVP_PKEY_derive|.
|
||||
@ -659,6 +687,16 @@ OPENSSL_EXPORT void OpenSSL_add_all_digests(void);
|
||||
/* EVP_cleanup does nothing. */
|
||||
OPENSSL_EXPORT void EVP_cleanup(void);
|
||||
|
||||
OPENSSL_EXPORT void EVP_CIPHER_do_all_sorted(
|
||||
void (*callback)(const EVP_CIPHER *cipher, const char *name,
|
||||
const char *unused, void *arg),
|
||||
void *arg);
|
||||
|
||||
OPENSSL_EXPORT void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher,
|
||||
const char *name,
|
||||
const char *unused,
|
||||
void *arg),
|
||||
void *arg);
|
||||
|
||||
/* Private functions */
|
||||
|
||||
|
@ -2704,14 +2704,16 @@ OPENSSL_EXPORT void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list);
|
||||
|
||||
/* SSL_CTX_set_max_send_fragment sets the maximum length, in bytes, of records
|
||||
* sent by |ctx|. Beyond this length, handshake messages and application data
|
||||
* will be split into multiple records. */
|
||||
OPENSSL_EXPORT void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx,
|
||||
* will be split into multiple records. It returns one on success or zero on
|
||||
* error. */
|
||||
OPENSSL_EXPORT int SSL_CTX_set_max_send_fragment(SSL_CTX *ctx,
|
||||
size_t max_send_fragment);
|
||||
|
||||
/* SSL_set_max_send_fragment sets the maximum length, in bytes, of records
|
||||
* sent by |ssl|. Beyond this length, handshake messages and application data
|
||||
* will be split into multiple records. */
|
||||
OPENSSL_EXPORT void SSL_set_max_send_fragment(SSL *ssl,
|
||||
/* SSL_set_max_send_fragment sets the maximum length, in bytes, of records sent
|
||||
* by |ssl|. Beyond this length, handshake messages and application data will
|
||||
* be split into multiple records. It returns one on success or zero on
|
||||
* error. */
|
||||
OPENSSL_EXPORT int SSL_set_max_send_fragment(SSL *ssl,
|
||||
size_t max_send_fragment);
|
||||
|
||||
/* ssl_early_callback_ctx is passed to certain callbacks that are called very
|
||||
@ -3732,6 +3734,11 @@ struct ssl_ctx_st {
|
||||
* means that we'll accept Channel IDs from clients. For a client, means that
|
||||
* we'll advertise support. */
|
||||
unsigned tlsext_channel_id_enabled:1;
|
||||
|
||||
/* extra_certs is a dummy value included for compatibility.
|
||||
* TODO(agl): remove once node.js no longer references this. */
|
||||
STACK_OF(X509)* extra_certs;
|
||||
int freelist_max_len;
|
||||
};
|
||||
|
||||
struct ssl_st {
|
||||
@ -3914,6 +3921,9 @@ struct ssl_st {
|
||||
* means that we'll accept Channel IDs from clients. For a client, means that
|
||||
* we'll advertise support. */
|
||||
unsigned tlsext_channel_id_enabled:1;
|
||||
|
||||
/* TODO(agl): remove once node.js not longer references this. */
|
||||
int tlsext_status_type;
|
||||
};
|
||||
|
||||
typedef struct ssl3_record_st {
|
||||
@ -4179,6 +4189,14 @@ OPENSSL_EXPORT int SSL_set_session_ticket_ext_cb(SSL *s, void *cb, void *arg);
|
||||
OPENSSL_EXPORT int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
|
||||
|
||||
|
||||
/* Nodejs compatibility section (hidden).
|
||||
*
|
||||
* These defines exist for node.js, with the hope that we can eliminate the
|
||||
* need for them over time. */
|
||||
#define SSLerr(function, reason) \
|
||||
ERR_put_error(ERR_LIB_SSL, 0, reason, __FILE__, __LINE__)
|
||||
|
||||
|
||||
/* Preprocessor compatibility section (hidden).
|
||||
*
|
||||
* Historically, a number of APIs were implemented in OpenSSL as macros and
|
||||
|
@ -1180,7 +1180,7 @@ void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list) {
|
||||
ssl->max_cert_list = (uint32_t)max_cert_list;
|
||||
}
|
||||
|
||||
void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) {
|
||||
int SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) {
|
||||
if (max_send_fragment < 512) {
|
||||
max_send_fragment = 512;
|
||||
}
|
||||
@ -1188,9 +1188,11 @@ void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, size_t max_send_fragment) {
|
||||
max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
|
||||
}
|
||||
ctx->max_send_fragment = (uint16_t)max_send_fragment;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
void SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) {
|
||||
int SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) {
|
||||
if (max_send_fragment < 512) {
|
||||
max_send_fragment = 512;
|
||||
}
|
||||
@ -1198,6 +1200,8 @@ void SSL_set_max_send_fragment(SSL *ssl, size_t max_send_fragment) {
|
||||
max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
|
||||
}
|
||||
ssl->max_send_fragment = (uint16_t)max_send_fragment;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int SSL_set_mtu(SSL *ssl, unsigned mtu) {
|
||||
|
@ -1144,6 +1144,7 @@ static int ext_sigalgs_add_serverhello(SSL *ssl, CBB *out) {
|
||||
|
||||
static void ext_ocsp_init(SSL *ssl) {
|
||||
ssl->s3->tmp.certificate_status_expected = 0;
|
||||
ssl->tlsext_status_type = -1;
|
||||
}
|
||||
|
||||
static int ext_ocsp_add_clienthello(SSL *ssl, CBB *out) {
|
||||
@ -1161,6 +1162,7 @@ static int ext_ocsp_add_clienthello(SSL *ssl, CBB *out) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
ssl->tlsext_status_type = TLSEXT_STATUSTYPE_ocsp;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user