Commit Graph

65 Commits

Author SHA1 Message Date
Adam Langley
6e96eaebe0 Add |X509_EXT_conf_nid| to decrepit.
This function is a deprecated version of |X509_EXT_nconf_nid| that takes
a hash of |CONF_VALUE|s directly rather than a |CONF|.

Change-Id: I5fd1025b31d73b988d9298b2624453017dd34ff4
Reviewed-on: https://boringssl-review.googlesource.com/7363
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-08 01:50:10 +00:00
Adam Langley
8ba4b2d5bf Add |RSA_[padding_add|verify]_PKCS1_PSS to decrepit.
These functions are just like the _mgf1 versions but omit one of the
parameters. It's easier to add them than to patch the callers in some
cases.

Change-Id: Idee5b81374bf15f2ea89b7e0c06400c2badbb275
Reviewed-on: https://boringssl-review.googlesource.com/7362
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-08 01:45:40 +00:00
Adam Langley
99a24ba0f1 Add DSA_generate_parameters to decrepit.
This function was deprecated by OpenSSL in 0.9.8 but code that uses it
still exists. This change adds an implementation of this function to
decreipt/ to support these programs.

Change-Id: Ie99cd00ff8b0ab2675f2b1c821c3d664b9811f16
Reviewed-on: https://boringssl-review.googlesource.com/7360
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-08 01:44:27 +00:00
Adam Langley
ce9d85eedd Tweaks for node.js
node.js is, effectively, another bindings library. However, it's better
written than most and, with these changes, only a couple of tiny fixes
are needed in node.js. Some of these changes are a little depressing
however so we'll need to push node.js to use APIs where possible.

Changes:
  ∙ Support verify_recover. This is very obscure and the motivation
    appears to be https://github.com/nodejs/node/issues/477 – where it's
    not clear that anyone understands what it means :(
  ∙ Add a few, no-op #defines
  ∙ Add some members to |SSL_CTX| and |SSL| – node.js needs to not
    reach into these structs in the future.
  ∙ Add EC_get_builtin_curves.
  ∙ Add EVP_[CIPHER|MD]_do_all_sorted – these functions are limited to
    decrepit.

Change-Id: I9a3566054260d6c4db9d430beb7c46cc970a9d46
Reviewed-on: https://boringssl-review.googlesource.com/6952
Reviewed-by: Adam Langley <agl@google.com>
2016-01-26 23:23:42 +00:00
Matt Braithwaite
e8fe07fcc4 Fix AES XTS mode key size.
I screwed up the |EVP_CIPHER| parameters for XTS when I first imported
it, and there were no tests to catch it.  (The problem was that
|EVP_CIPH_XTS_MODE| means “the key size is actually twice what it says
here.”)

With these changes, OpenSSL's tests pass.

(Along the way, make a few other things about XTS slightly less
decrepit.)

Change-Id: Icbfbc5e6d532d1c132392ee366f9cab42802d674
Reviewed-on: https://boringssl-review.googlesource.com/6529
Reviewed-by: Adam Langley <agl@google.com>
2015-11-19 18:08:33 +00:00
David Benjamin
20c373118c Become partially -Wmissing-variable-declarations-clean.
There's a few things that will be kind of a nuisance and possibly not worth it
(crypto/asn1 dumps a lot of undeclared things, etc.). But it caught some
mistakes. Even without the warning, making sure to include the externs before
defining a function helps catch type mismatches.

Change-Id: I3dab282aaba6023e7cebc94ed7a767a5d7446b08
Reviewed-on: https://boringssl-review.googlesource.com/6484
Reviewed-by: Adam Langley <agl@google.com>
2015-11-12 20:09:20 +00:00
David Benjamin
da084a3ebd Fix shared library build on OS X.
It seems OS X actually cares about symbol resolution and dependencies
when you create a dylib. Probably because they do two-level name
resolution.

(Obligatory disclaimer: BoringSSL does not have a stable ABI and is thus
not suitable for a traditional system-wide library.)

BUG=539603

Change-Id: Ic26c4ad23840fe6c1f4825c44671e74dd2e33870
Reviewed-on: https://boringssl-review.googlesource.com/6131
Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-26 23:39:47 +00:00
Adam Langley
0f9f0ead2e Fix the shared builders by exporting GCM symbols.
gcm_test.cc needs to access the internal GCM symbols. This is
unfortunate because it means that they have to be marked OPENSSL_EXPORT
just for this.

To compensate, modes.h is removed and its contents copied into
crypto/modes/internal.h.

Change-Id: I1777b2ef8afd154c43417137673a28598a7ec30e
Reviewed-on: https://boringssl-review.googlesource.com/6360
Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-26 23:26:40 +00:00
Adam Langley
73415b6aa0 Move arm_arch.h and fix up lots of include paths.
arm_arch.h is included from ARM asm files, but lives in crypto/, not
openssl/include/. Since the asm files are often built from a different
location than their position in the source tree, relative include paths
are unlikely to work so, rather than having crypto/ be a de-facto,
second global include path, this change moves arm_arch.h to
include/openssl/.

It also removes entries from many include paths because they should be
needed as relative includes are always based on the locations of the
source file.

Change-Id: I638ff43d641ca043a4fc06c0d901b11c6ff73542
Reviewed-on: https://boringssl-review.googlesource.com/5746
Reviewed-by: Adam Langley <agl@google.com>
2015-08-26 01:57:59 +00:00
Matt Braithwaite
12fe1b25ea Re-add the C version (only) of |EVP_aes_256_xts|
Change-Id: I63c70f93a0f9395673c9fbe01eb5d864a14a48b6
Reviewed-on: https://boringssl-review.googlesource.com/5520
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Matt Braithwaite <mab@google.com>
2015-08-19 01:35:50 +00:00
Matt Braithwaite
50365f25ba Restore |DES_ede3_cfb_encrypt| and |DES_ede3_cfb64_encrypt| from OpenSSL at ce7e647b.
Change-Id: I7ab7ea3cdabc697b2945a50c8d8f349d6b408848
Reviewed-on: https://boringssl-review.googlesource.com/5211
Reviewed-by: Adam Langley <agl@google.com>
2015-06-24 01:33:31 +00:00
Matt Braithwaite
1cb49cd2ac Restore |RSA_generate_key()| from OpenSSL at b4f0d1a.
The callback arguments are required to be NULL.

Change-Id: I266ec46efdaca411a7f0c2b645883b2c5bec1c96
Reviewed-on: https://boringssl-review.googlesource.com/5160
Reviewed-by: Adam Langley <agl@google.com>
2015-06-23 21:37:49 +00:00
Matt Braithwaite
e17d45f069 Restore |BIO_f_base64| from OpenSSL at b4f0d1a, modulo style fixes.
Change-Id: Ia7f4f4f6d063d882cf3d3ac0f5f33ad8d8cd9875
Reviewed-on: https://boringssl-review.googlesource.com/5151
Reviewed-by: Adam Langley <agl@google.com>
2015-06-23 21:20:04 +00:00
Brian Smith
054e682675 Eliminate unnecessary includes from low-level crypto modules.
Beyond generally eliminating unnecessary includes, eliminate as many
includes of headers that declare/define particularly error-prone
functionality like strlen, malloc, and free. crypto/err/internal.h was
added to remove the dependency on openssl/thread.h from the public
openssl/err.h header. The include of <stdlib.h> in openssl/mem.h was
retained since it defines OPENSSL_malloc and friends as macros around
the stdlib.h functions. The public x509.h, x509v3.h, and ssl.h headers
were not changed in order to minimize breakage of source compatibility
with external code.

Change-Id: I0d264b73ad0a720587774430b2ab8f8275960329
Reviewed-on: https://boringssl-review.googlesource.com/4220
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:49:18 +00:00
Adam Langley
c004dfc3d1 Add decrepit, initially containing CAST and Blowfish.
decrepit will contain algorithms that we really wish didn't exist any
longer. It won't be built by default in Chromium etc, but the code
will exist for crummy code that still needs it.

Change-Id: Ic307f5f0a69efe9e0a5fd54052f49d219e90dcdd
2015-04-06 16:58:45 -07:00