From bd94260799f90e7dffdae1df0bf94e03faad7926 Mon Sep 17 00:00:00 2001 From: Cory Benfield Date: Wed, 27 Nov 2024 11:24:17 +0000 Subject: [PATCH] Update BoringSSL to fcef13a49852397a0d39c00be8d7bc2ba1ab6fb9 & include C++ files (#303) * Update package vendoring script * Update BoringSSL to fcef13a49852397a0d39c00be8d7bc2ba1ab6fb9 * Handle ERR_GET_ERR becoming a function * Update CMake --- Package.swift | 4 +- Sources/CCryptoBoringSSL/CMakeLists.txt | 499 +++---- .../crypto/asn1/{a_bitstr.c => a_bitstr.cc} | 5 +- .../crypto/asn1/{a_bool.c => a_bool.cc} | 0 .../crypto/asn1/{a_d2i_fp.c => a_d2i_fp.cc} | 2 +- .../crypto/asn1/{a_dup.c => a_dup.cc} | 2 +- .../crypto/asn1/{a_gentm.c => a_gentm.cc} | 0 .../crypto/asn1/{a_i2d_fp.c => a_i2d_fp.cc} | 2 +- .../crypto/asn1/{a_int.c => a_int.cc} | 3 +- .../crypto/asn1/{a_mbstr.c => a_mbstr.cc} | 16 +- .../crypto/asn1/{a_object.c => a_object.cc} | 2 +- .../crypto/asn1/{a_octet.c => a_octet.cc} | 0 .../crypto/asn1/{a_strex.c => a_strex.cc} | 0 .../crypto/asn1/{a_strnid.c => a_strnid.cc} | 11 +- .../crypto/asn1/{a_time.c => a_time.cc} | 0 .../crypto/asn1/{a_type.c => a_type.cc} | 8 +- .../crypto/asn1/{a_utctm.c => a_utctm.cc} | 0 .../crypto/asn1/{asn1_lib.c => asn1_lib.cc} | 8 +- .../crypto/asn1/{asn1_par.c => asn1_par.cc} | 0 .../crypto/asn1/{asn_pack.c => asn_pack.cc} | 4 +- .../crypto/asn1/{f_int.c => f_int.cc} | 0 .../crypto/asn1/{f_string.c => f_string.cc} | 0 .../asn1/{posix_time.c => posix_time.cc} | 2 +- .../crypto/asn1/{tasn_dec.c => tasn_dec.cc} | 7 +- .../crypto/asn1/{tasn_enc.c => tasn_enc.cc} | 15 +- .../crypto/asn1/{tasn_fre.c => tasn_fre.cc} | 6 +- .../crypto/asn1/{tasn_new.c => tasn_new.cc} | 13 +- .../crypto/asn1/{tasn_typ.c => tasn_typ.cc} | 0 .../crypto/asn1/{tasn_utl.c => tasn_utl.cc} | 23 +- .../crypto/base64/{base64.c => base64.cc} | 21 +- .../crypto/bio/{bio.c => bio.cc} | 90 +- .../crypto/bio/{bio_mem.c => bio_mem.cc} | 15 +- .../crypto/bio/{connect.c => connect.cc} | 38 +- .../crypto/bio/{errno.c => errno.cc} | 0 .../crypto/bio/{fd.c => fd.cc} | 0 .../crypto/bio/{file.c => file.cc} | 6 +- .../crypto/bio/{hexdump.c => hexdump.cc} | 0 .../crypto/bio/{pair.c => pair.cc} | 42 +- .../crypto/bio/{printf.c => printf.cc} | 4 +- .../crypto/bio/{socket.c => socket.cc} | 0 .../bio/{socket_helper.c => socket_helper.cc} | 0 .../crypto/blake2/{blake2.c => blake2.cc} | 2 +- .../crypto/bn_extra/{bn_asn1.c => bn_asn1.cc} | 0 .../crypto/bn_extra/{convert.c => convert.cc} | 42 +- .../crypto/buf/{buf.c => buf.cc} | 9 +- .../{asn1_compat.c => asn1_compat.cc} | 0 .../crypto/bytestring/{ber.c => ber.cc} | 0 .../crypto/bytestring/{cbb.c => cbb.cc} | 80 +- .../crypto/bytestring/{cbs.c => cbs.cc} | 45 +- .../bytestring/{unicode.c => unicode.cc} | 0 .../crypto/chacha/{chacha.c => chacha.cc} | 0 .../{cipher_extra.c => cipher_extra.cc} | 0 .../{derive_key.c => derive_key.cc} | 0 .../{e_aesctrhmac.c => e_aesctrhmac.cc} | 0 .../{e_aesgcmsiv.c => e_aesgcmsiv.cc} | 47 +- ...acha20poly1305.c => e_chacha20poly1305.cc} | 0 .../crypto/cipher_extra/{e_des.c => e_des.cc} | 110 +- .../cipher_extra/{e_null.c => e_null.cc} | 21 +- .../crypto/cipher_extra/{e_rc2.c => e_rc2.cc} | 42 +- .../crypto/cipher_extra/{e_rc4.c => e_rc4.cc} | 18 +- .../crypto/cipher_extra/{e_tls.c => e_tls.cc} | 0 .../cipher_extra/{tls_cbc.c => tls_cbc.cc} | 0 .../crypto/conf/{conf.c => conf.cc} | 31 +- ...u_aarch64_apple.c => cpu_aarch64_apple.cc} | 0 ...rch64_fuchsia.c => cpu_aarch64_fuchsia.cc} | 0 ...u_aarch64_linux.c => cpu_aarch64_linux.cc} | 0 ...rch64_openbsd.c => cpu_aarch64_openbsd.cc} | 0 ...aarch64_sysreg.c => cpu_aarch64_sysreg.cc} | 0 .../{cpu_aarch64_win.c => cpu_aarch64_win.cc} | 0 .../{cpu_arm_freebsd.c => cpu_arm_freebsd.cc} | 4 +- .../{cpu_arm_linux.c => cpu_arm_linux.cc} | 8 +- .../crypto/{cpu_intel.c => cpu_intel.cc} | 61 +- .../crypto/{crypto.c => crypto.cc} | 10 +- .../{curve25519.c => curve25519.cc} | 57 +- ...rve25519_64_adx.c => curve25519_64_adx.cc} | 0 .../{spake25519.c => spake25519.cc} | 34 +- .../crypto/des/{des.c => des.cc} | 0 .../crypto/dh_extra/{dh_asn1.c => dh_asn1.cc} | 0 .../crypto/dh_extra/{params.c => params.cc} | 0 .../{digest_extra.c => digest_extra.cc} | 125 +- .../dilithium/{dilithium.c => dilithium.cc} | 31 +- .../crypto/dsa/{dsa.c => dsa.cc} | 307 +++-- .../crypto/dsa/{dsa_asn1.c => dsa_asn1.cc} | 0 .../crypto/ec_extra/{ec_asn1.c => ec_asn1.cc} | 0 .../ec_extra/{ec_derive.c => ec_derive.cc} | 0 .../{hash_to_curve.c => hash_to_curve.cc} | 128 +- .../{ecdh_extra.c => ecdh_extra.cc} | 0 .../{ecdsa_asn1.c => ecdsa_asn1.cc} | 40 +- .../crypto/engine/{engine.c => engine.cc} | 18 +- .../crypto/err/{err.c => err.cc} | 50 +- .../crypto/evp/{evp.c => evp.cc} | 17 +- .../crypto/evp/{evp_asn1.c => evp_asn1.cc} | 0 .../crypto/evp/{evp_ctx.c => evp_ctx.cc} | 15 +- .../crypto/evp/{p_dh.c => p_dh.cc} | 37 +- .../crypto/evp/{p_dh_asn1.c => p_dh_asn1.cc} | 59 +- .../evp/{p_dsa_asn1.c => p_dsa_asn1.cc} | 43 +- .../crypto/evp/{p_ec.c => p_ec.cc} | 39 +- .../crypto/evp/{p_ec_asn1.c => p_ec_asn1.cc} | 36 +- .../crypto/evp/{p_ed25519.c => p_ed25519.cc} | 39 +- .../{p_ed25519_asn1.c => p_ed25519_asn1.cc} | 25 +- .../crypto/evp/{p_hkdf.c => p_hkdf.cc} | 30 +- .../crypto/evp/{p_rsa.c => p_rsa.cc} | 71 +- .../evp/{p_rsa_asn1.c => p_rsa_asn1.cc} | 30 +- .../crypto/evp/{p_x25519.c => p_x25519.cc} | 39 +- .../evp/{p_x25519_asn1.c => p_x25519_asn1.cc} | 33 +- .../crypto/evp/{pbkdf.c => pbkdf.cc} | 0 .../crypto/evp/{print.c => print.cc} | 9 +- .../crypto/evp/{scrypt.c => scrypt.cc} | 10 +- .../crypto/evp/{sign.c => sign.cc} | 0 .../crypto/{ex_data.c => ex_data.cc} | 7 +- .../fipsmodule/aes/{aes.c.inc => aes.cc.inc} | 0 .../aes/{aes_nohw.c.inc => aes_nohw.cc.inc} | 0 .../crypto/fipsmodule/aes/internal.h | 4 - .../aes/{key_wrap.c.inc => key_wrap.cc.inc} | 2 +- ...de_wrappers.c.inc => mode_wrappers.cc.inc} | 0 .../crypto/fipsmodule/{bcm.c => bcm.cc} | 188 ++- .../fipsmodule/bn/{add.c.inc => add.cc.inc} | 1 + .../{x86_64-gcc.c.inc => x86_64-gcc.cc.inc} | 8 +- .../fipsmodule/bn/{bn.c.inc => bn.cc.inc} | 36 +- .../bn/{bytes.c.inc => bytes.cc.inc} | 0 .../fipsmodule/bn/{cmp.c.inc => cmp.cc.inc} | 0 .../fipsmodule/bn/{ctx.c.inc => ctx.cc.inc} | 12 +- .../fipsmodule/bn/{div.c.inc => div.cc.inc} | 67 +- .../bn/{div_extra.c.inc => div_extra.cc.inc} | 0 ...nentiation.c.inc => exponentiation.cc.inc} | 44 +- .../fipsmodule/bn/{gcd.c.inc => gcd.cc.inc} | 9 +- .../bn/{gcd_extra.c.inc => gcd_extra.cc.inc} | 56 +- .../bn/{generic.c.inc => generic.cc.inc} | 0 .../bn/{jacobi.c.inc => jacobi.cc.inc} | 0 .../{montgomery.c.inc => montgomery.cc.inc} | 27 +- ...gomery_inv.c.inc => montgomery_inv.cc.inc} | 0 .../fipsmodule/bn/{mul.c.inc => mul.cc.inc} | 26 +- .../bn/{prime.c.inc => prime.cc.inc} | 65 +- .../bn/{random.c.inc => random.cc.inc} | 0 .../bn/{rsaz_exp.c.inc => rsaz_exp.cc.inc} | 0 .../bn/{shift.c.inc => shift.cc.inc} | 7 +- .../fipsmodule/bn/{sqrt.c.inc => sqrt.cc.inc} | 0 .../cipher/{aead.c.inc => aead.cc.inc} | 25 +- .../cipher/{cipher.c.inc => cipher.cc.inc} | 15 +- .../cipher/{e_aes.c.inc => e_aes.cc.inc} | 100 +- .../{e_aesccm.c.inc => e_aesccm.cc.inc} | 0 .../cmac/{cmac.c.inc => cmac.cc.inc} | 12 +- .../crypto/fipsmodule/delocate.h | 22 +- .../dh/{check.c.inc => check.cc.inc} | 0 .../fipsmodule/dh/{dh.c.inc => dh.cc.inc} | 34 +- .../digest/{digest.c.inc => digest.cc.inc} | 17 +- .../digest/{digests.c.inc => digests.cc.inc} | 44 +- .../{digestsign.c.inc => digestsign.cc.inc} | 2 +- .../fipsmodule/ec/{ec.c.inc => ec.cc.inc} | 25 +- .../ec/{ec_key.c.inc => ec_key.cc.inc} | 23 +- ..._montgomery.c.inc => ec_montgomery.cc.inc} | 0 .../ec/{felem.c.inc => felem.cc.inc} | 0 .../fipsmodule/ec/{oct.c.inc => oct.cc.inc} | 11 +- .../ec/{p224-64.c.inc => p224-64.cc.inc} | 0 .../crypto/fipsmodule/ec/p256-nistz-table.h | 2 +- .../{p256-nistz.c.inc => p256-nistz.cc.inc} | 28 +- .../fipsmodule/ec/{p256.c.inc => p256.cc.inc} | 0 .../ec/{scalar.c.inc => scalar.cc.inc} | 0 .../ec/{simple.c.inc => simple.cc.inc} | 0 .../{simple_mul.c.inc => simple_mul.cc.inc} | 0 .../fipsmodule/ec/{util.c.inc => util.cc.inc} | 0 .../fipsmodule/ec/{wnaf.c.inc => wnaf.cc.inc} | 39 +- .../ecdh/{ecdh.c.inc => ecdh.cc.inc} | 0 .../ecdsa/{ecdsa.c.inc => ecdsa.cc.inc} | 0 ...hared_support.c => fips_shared_support.cc} | 3 +- .../hkdf/{hkdf.c.inc => hkdf.cc.inc} | 0 .../hmac/{hmac.c.inc => hmac.cc.inc} | 5 +- .../modes/{cbc.c.inc => cbc.cc.inc} | 0 .../modes/{cfb.c.inc => cfb.cc.inc} | 0 .../modes/{ctr.c.inc => ctr.cc.inc} | 0 .../modes/{gcm.c.inc => gcm.cc.inc} | 0 .../modes/{gcm_nohw.c.inc => gcm_nohw.cc.inc} | 0 .../modes/{ofb.c.inc => ofb.cc.inc} | 0 .../modes/{polyval.c.inc => polyval.cc.inc} | 0 .../rand/{ctrdrbg.c.inc => ctrdrbg.cc.inc} | 7 +- .../rand/{rand.c.inc => rand.cc.inc} | 18 +- .../rsa/{blinding.c.inc => blinding.cc.inc} | 9 +- .../rsa/{padding.c.inc => padding.cc.inc} | 37 +- .../fipsmodule/rsa/{rsa.c.inc => rsa.cc.inc} | 149 ++- .../rsa/{rsa_impl.c.inc => rsa_impl.cc.inc} | 99 +- .../self_check/{fips.c.inc => fips.cc.inc} | 18 +- .../{self_check.c.inc => self_check.cc.inc} | 56 +- ...dicator.c.inc => service_indicator.cc.inc} | 12 +- .../crypto/fipsmodule/sha/internal.h | 4 +- .../sha/{sha1.c.inc => sha1.cc.inc} | 27 +- .../sha/{sha256.c.inc => sha256.cc.inc} | 3 +- .../sha/{sha512.c.inc => sha512.cc.inc} | 4 +- .../fipsmodule/tls/{kdf.c.inc => kdf.cc.inc} | 0 .../crypto/hpke/{hpke.c => hpke.cc} | 9 +- .../crypto/hrss/{hrss.c => hrss.cc} | 161 +-- Sources/CCryptoBoringSSL/crypto/internal.h | 456 +++---- .../crypto/keccak/{keccak.c => keccak.cc} | 0 .../crypto/kyber/{kyber.c => kyber.cc} | 0 .../crypto/lhash/{lhash.c => lhash.cc} | 15 +- .../crypto/md4/{md4.c => md4.cc} | 5 +- .../crypto/md5/{md5.c => md5.cc} | 5 +- .../CCryptoBoringSSL/crypto/{mem.c => mem.cc} | 56 +- .../CCryptoBoringSSL/crypto/mldsa/internal.h | 3 + .../crypto/mldsa/{mldsa.c => mldsa.cc} | 1187 +++++++++-------- .../CCryptoBoringSSL/crypto/mlkem/mlkem.cc | 1097 +++++++++++++++ .../crypto/obj/{obj.c => obj.cc} | 57 +- .../crypto/obj/{obj_xref.c => obj_xref.cc} | 0 .../crypto/pem/{pem_all.c => pem_all.cc} | 0 .../crypto/pem/{pem_info.c => pem_info.cc} | 4 +- .../crypto/pem/{pem_lib.c => pem_lib.cc} | 7 +- .../crypto/pem/{pem_oth.c => pem_oth.cc} | 2 +- .../crypto/pem/{pem_pk8.c => pem_pk8.cc} | 0 .../crypto/pem/{pem_pkey.c => pem_pkey.cc} | 0 .../crypto/pem/{pem_x509.c => pem_x509.cc} | 0 .../crypto/pem/{pem_xaux.c => pem_xaux.cc} | 0 .../crypto/pkcs7/{pkcs7.c => pkcs7.cc} | 8 +- .../pkcs7/{pkcs7_x509.c => pkcs7_x509.cc} | 49 +- .../crypto/pkcs8/{p5_pbev2.c => p5_pbev2.cc} | 0 .../crypto/pkcs8/{pkcs8.c => pkcs8.cc} | 313 ++--- .../pkcs8/{pkcs8_x509.c => pkcs8_x509.cc} | 183 ++- .../poly1305/{poly1305.c => poly1305.cc} | 4 +- .../{poly1305_arm.c => poly1305_arm.cc} | 4 +- .../{poly1305_vec.c => poly1305_vec.cc} | 0 .../crypto/pool/{pool.c => pool.cc} | 21 +- .../{deterministic.c => deterministic.cc} | 2 +- .../{fork_detect.c => fork_detect.cc} | 21 +- .../{forkunsafe.c => forkunsafe.cc} | 2 +- .../{getentropy.c => getentropy.cc} | 0 .../crypto/rand_extra/{ios.c => ios.cc} | 0 .../rand_extra/{passive.c => passive.cc} | 38 +- .../{rand_extra.c => rand_extra.cc} | 0 .../crypto/rand_extra/{trusty.c => trusty.cc} | 0 .../rand_extra/{urandom.c => urandom.cc} | 12 +- .../rand_extra/{windows.c => windows.cc} | 0 .../crypto/rc4/{rc4.c => rc4.cc} | 0 .../crypto/{refcount.c => refcount.cc} | 0 .../rsa_extra/{rsa_asn1.c => rsa_asn1.cc} | 0 .../rsa_extra/{rsa_crypt.c => rsa_crypt.cc} | 159 +-- .../rsa_extra/{rsa_extra.c => rsa_extra.cc} | 0 .../rsa_extra/{rsa_print.c => rsa_print.cc} | 0 .../crypto/sha/{sha1.c => sha1.cc} | 0 .../crypto/sha/{sha256.c => sha256.cc} | 0 .../crypto/sha/{sha512.c => sha512.cc} | 0 .../crypto/siphash/{siphash.c => siphash.cc} | 0 .../crypto/slhdsa/{fors.c => fors.cc} | 0 .../crypto/slhdsa/{merkle.c => merkle.cc} | 0 .../crypto/slhdsa/{slhdsa.c => slhdsa.cc} | 105 +- .../crypto/slhdsa/{thash.c => thash.cc} | 0 .../crypto/slhdsa/{wots.c => wots.cc} | 0 .../crypto/spx/{spx.c => spx.cc} | 0 .../spx/{spx_address.c => spx_address.cc} | 0 .../crypto/spx/{spx_fors.c => spx_fors.cc} | 0 .../spx/{spx_merkle.c => spx_merkle.cc} | 0 .../crypto/spx/{spx_thash.c => spx_thash.cc} | 0 .../crypto/spx/{spx_util.c => spx_util.cc} | 0 .../crypto/spx/{spx_wots.c => spx_wots.cc} | 0 .../crypto/stack/{stack.c => stack.cc} | 16 +- .../crypto/{thread.c => thread.cc} | 0 .../crypto/{thread_none.c => thread_none.cc} | 0 .../{thread_pthread.c => thread_pthread.cc} | 15 +- .../crypto/{thread_win.c => thread_win.cc} | 36 +- .../trust_token/{pmbtoken.c => pmbtoken.cc} | 302 ++--- .../{trust_token.c => trust_token.cc} | 38 +- .../crypto/trust_token/{voprf.c => voprf.cc} | 332 +++-- .../crypto/x509/{a_digest.c => a_digest.cc} | 2 +- .../crypto/x509/{a_sign.c => a_sign.cc} | 71 +- .../crypto/x509/{a_verify.c => a_verify.cc} | 2 +- .../crypto/x509/{algorithm.c => algorithm.cc} | 0 .../crypto/x509/{asn1_gen.c => asn1_gen.cc} | 11 +- .../crypto/x509/{by_dir.c => by_dir.cc} | 13 +- .../crypto/x509/{by_file.c => by_file.cc} | 0 .../crypto/x509/{i2d_pr.c => i2d_pr.cc} | 0 .../x509/{name_print.c => name_print.cc} | 0 .../crypto/x509/{policy.c => policy.cc} | 364 ++--- .../crypto/x509/{rsa_pss.c => rsa_pss.cc} | 88 +- .../crypto/x509/{t_crl.c => t_crl.cc} | 0 .../crypto/x509/{t_req.c => t_req.cc} | 0 .../crypto/x509/{t_x509.c => t_x509.cc} | 0 .../crypto/x509/{t_x509a.c => t_x509a.cc} | 0 .../crypto/x509/{v3_akey.c => v3_akey.cc} | 6 +- .../crypto/x509/{v3_akeya.c => v3_akeya.cc} | 0 .../crypto/x509/{v3_alt.c => v3_alt.cc} | 7 +- .../crypto/x509/{v3_bcons.c => v3_bcons.cc} | 4 +- .../crypto/x509/{v3_bitst.c => v3_bitst.cc} | 9 +- .../crypto/x509/{v3_conf.c => v3_conf.cc} | 10 +- .../crypto/x509/{v3_cpols.c => v3_cpols.cc} | 88 +- .../crypto/x509/{v3_crld.c => v3_crld.cc} | 5 +- .../crypto/x509/{v3_enum.c => v3_enum.cc} | 7 +- .../crypto/x509/{v3_extku.c => v3_extku.cc} | 4 +- .../crypto/x509/{v3_genn.c => v3_genn.cc} | 14 +- .../crypto/x509/{v3_ia5.c => v3_ia5.cc} | 5 +- .../crypto/x509/{v3_info.c => v3_info.cc} | 6 +- .../crypto/x509/{v3_int.c => v3_int.cc} | 4 +- .../crypto/x509/{v3_lib.c => v3_lib.cc} | 15 +- .../crypto/x509/{v3_ncons.c => v3_ncons.cc} | 3 +- .../crypto/x509/{v3_ocsp.c => v3_ocsp.cc} | 5 +- .../crypto/x509/{v3_pcons.c => v3_pcons.cc} | 3 +- .../crypto/x509/{v3_pmaps.c => v3_pmaps.cc} | 3 +- .../crypto/x509/{v3_prn.c => v3_prn.cc} | 3 +- .../crypto/x509/{v3_purp.c => v3_purp.cc} | 24 +- .../crypto/x509/{v3_skey.c => v3_skey.cc} | 9 +- .../crypto/x509/{v3_utl.c => v3_utl.cc} | 22 +- .../crypto/x509/{x509.c => x509.cc} | 0 .../crypto/x509/{x509_att.c => x509_att.cc} | 5 +- .../crypto/x509/{x509_cmp.c => x509_cmp.cc} | 0 .../crypto/x509/{x509_d2.c => x509_d2.cc} | 0 .../crypto/x509/{x509_def.c => x509_def.cc} | 0 .../crypto/x509/{x509_ext.c => x509_ext.cc} | 0 .../crypto/x509/{x509_lu.c => x509_lu.cc} | 11 +- .../crypto/x509/{x509_obj.c => x509_obj.cc} | 0 .../crypto/x509/{x509_req.c => x509_req.cc} | 0 .../crypto/x509/{x509_set.c => x509_set.cc} | 0 .../crypto/x509/{x509_trs.c => x509_trs.cc} | 0 .../crypto/x509/{x509_txt.c => x509_txt.cc} | 0 .../crypto/x509/{x509_v3.c => x509_v3.cc} | 4 +- .../crypto/x509/{x509_vfy.c => x509_vfy.cc} | 428 +++--- .../crypto/x509/{x509_vpm.c => x509_vpm.cc} | 68 +- .../crypto/x509/{x509cset.c => x509cset.cc} | 0 .../crypto/x509/{x509name.c => x509name.cc} | 0 .../crypto/x509/{x509rset.c => x509rset.cc} | 0 .../crypto/x509/{x509spki.c => x509spki.cc} | 6 +- .../crypto/x509/{x_algor.c => x_algor.cc} | 0 .../crypto/x509/{x_all.c => x_all.cc} | 16 +- .../crypto/x509/{x_attrib.c => x_attrib.cc} | 0 .../crypto/x509/{x_crl.c => x_crl.cc} | 12 +- .../crypto/x509/{x_exten.c => x_exten.cc} | 0 .../crypto/x509/{x_name.c => x_name.cc} | 71 +- .../crypto/x509/{x_pubkey.c => x_pubkey.cc} | 6 +- .../crypto/x509/{x_req.c => x_req.cc} | 0 .../crypto/x509/{x_sig.c => x_sig.cc} | 0 .../crypto/x509/{x_spki.c => x_spki.cc} | 0 .../crypto/x509/{x_val.c => x_val.cc} | 0 .../crypto/x509/{x_x509.c => x_x509.cc} | 92 +- .../crypto/x509/{x_x509a.c => x_x509a.cc} | 6 +- .../gen/crypto/{err_data.c => err_data.cc} | 715 +++++----- Sources/CCryptoBoringSSL/hash.txt | 2 +- .../include/CCryptoBoringSSL_asn1t.h | 508 ++++--- .../include/CCryptoBoringSSL_base.h | 17 +- ...CryptoBoringSSL_boringssl_prefix_symbols.h | 502 +++++-- ...toBoringSSL_boringssl_prefix_symbols_asm.h | 358 ++++- .../include/CCryptoBoringSSL_crypto.h | 2 +- .../include/CCryptoBoringSSL_mldsa.h | 14 +- .../include/CCryptoBoringSSL_slhdsa.h | 54 + .../include/CCryptoBoringSSL_thread.h | 4 +- .../include/boringssl_prefix_symbols_nasm.inc | 716 +++++++++- .../third_party/fiat/curve25519_32.h | 6 + .../third_party/fiat/curve25519_64.h | 6 + .../third_party/fiat/curve25519_64_adx.h | 5 +- .../third_party/fiat/p256_32.h | 2 +- .../third_party/fiat/p256_64.h | 3 + Sources/_CryptoExtras/CMakeLists.txt | 8 + Sources/_CryptoExtras/RSA/RSA_boring.swift | 4 +- scripts/patch-1-inttypes.patch | 6 +- scripts/patch-2-more-inttypes.patch | 6 +- scripts/update-cmake-lists.sh | 4 +- scripts/vendor-boringssl.sh | 16 +- 351 files changed, 8011 insertions(+), 5312 deletions(-) rename Sources/CCryptoBoringSSL/crypto/asn1/{a_bitstr.c => a_bitstr.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/asn1/{a_bool.c => a_bool.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/asn1/{a_d2i_fp.c => a_d2i_fp.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/asn1/{a_dup.c => a_dup.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/asn1/{a_gentm.c => a_gentm.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/asn1/{a_i2d_fp.c => a_i2d_fp.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/asn1/{a_int.c => a_int.cc} (99%) rename Sources/CCryptoBoringSSL/crypto/asn1/{a_mbstr.c => a_mbstr.cc} (96%) rename Sources/CCryptoBoringSSL/crypto/asn1/{a_object.c => a_object.cc} (99%) rename Sources/CCryptoBoringSSL/crypto/asn1/{a_octet.c => a_octet.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/asn1/{a_strex.c => a_strex.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/asn1/{a_strnid.c => a_strnid.cc} (95%) rename Sources/CCryptoBoringSSL/crypto/asn1/{a_time.c => a_time.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/asn1/{a_type.c => a_type.cc} (96%) rename Sources/CCryptoBoringSSL/crypto/asn1/{a_utctm.c => a_utctm.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/asn1/{asn1_lib.c => asn1_lib.cc} (97%) rename Sources/CCryptoBoringSSL/crypto/asn1/{asn1_par.c => asn1_par.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/asn1/{asn_pack.c => asn_pack.cc} (96%) rename Sources/CCryptoBoringSSL/crypto/asn1/{f_int.c => f_int.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/asn1/{f_string.c => f_string.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/asn1/{posix_time.c => posix_time.cc} (99%) rename Sources/CCryptoBoringSSL/crypto/asn1/{tasn_dec.c => tasn_dec.cc} (99%) rename Sources/CCryptoBoringSSL/crypto/asn1/{tasn_enc.c => tasn_enc.cc} (97%) rename Sources/CCryptoBoringSSL/crypto/asn1/{tasn_fre.c => tasn_fre.cc} (97%) rename Sources/CCryptoBoringSSL/crypto/asn1/{tasn_new.c => tasn_new.cc} (95%) rename Sources/CCryptoBoringSSL/crypto/asn1/{tasn_typ.c => tasn_typ.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/asn1/{tasn_utl.c => tasn_utl.cc} (91%) rename Sources/CCryptoBoringSSL/crypto/base64/{base64.c => base64.cc} (96%) rename Sources/CCryptoBoringSSL/crypto/bio/{bio.c => bio.cc} (89%) rename Sources/CCryptoBoringSSL/crypto/bio/{bio_mem.c => bio_mem.cc} (95%) rename Sources/CCryptoBoringSSL/crypto/bio/{connect.c => connect.cc} (94%) rename Sources/CCryptoBoringSSL/crypto/bio/{errno.c => errno.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/bio/{fd.c => fd.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/bio/{file.c => file.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/bio/{hexdump.c => hexdump.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/bio/{pair.c => pair.cc} (90%) rename Sources/CCryptoBoringSSL/crypto/bio/{printf.c => printf.cc} (97%) rename Sources/CCryptoBoringSSL/crypto/bio/{socket.c => socket.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/bio/{socket_helper.c => socket_helper.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/blake2/{blake2.c => blake2.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/bn_extra/{bn_asn1.c => bn_asn1.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/bn_extra/{convert.c => convert.cc} (92%) rename Sources/CCryptoBoringSSL/crypto/buf/{buf.c => buf.cc} (96%) rename Sources/CCryptoBoringSSL/crypto/bytestring/{asn1_compat.c => asn1_compat.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/bytestring/{ber.c => ber.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/bytestring/{cbb.c => cbb.cc} (91%) rename Sources/CCryptoBoringSSL/crypto/bytestring/{cbs.c => cbs.cc} (95%) rename Sources/CCryptoBoringSSL/crypto/bytestring/{unicode.c => unicode.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/chacha/{chacha.c => chacha.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/cipher_extra/{cipher_extra.c => cipher_extra.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/cipher_extra/{derive_key.c => derive_key.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/cipher_extra/{e_aesctrhmac.c => e_aesctrhmac.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/cipher_extra/{e_aesgcmsiv.c => e_aesgcmsiv.cc} (96%) rename Sources/CCryptoBoringSSL/crypto/cipher_extra/{e_chacha20poly1305.c => e_chacha20poly1305.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/cipher_extra/{e_des.c => e_des.cc} (79%) rename Sources/CCryptoBoringSSL/crypto/cipher_extra/{e_null.c => e_null.cc} (91%) rename Sources/CCryptoBoringSSL/crypto/cipher_extra/{e_rc2.c => e_rc2.cc} (95%) rename Sources/CCryptoBoringSSL/crypto/cipher_extra/{e_rc4.c => e_rc4.cc} (93%) rename Sources/CCryptoBoringSSL/crypto/cipher_extra/{e_tls.c => e_tls.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/cipher_extra/{tls_cbc.c => tls_cbc.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/conf/{conf.c => conf.cc} (96%) rename Sources/CCryptoBoringSSL/crypto/{cpu_aarch64_apple.c => cpu_aarch64_apple.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/{cpu_aarch64_fuchsia.c => cpu_aarch64_fuchsia.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/{cpu_aarch64_linux.c => cpu_aarch64_linux.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/{cpu_aarch64_openbsd.c => cpu_aarch64_openbsd.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/{cpu_aarch64_sysreg.c => cpu_aarch64_sysreg.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/{cpu_aarch64_win.c => cpu_aarch64_win.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/{cpu_arm_freebsd.c => cpu_arm_freebsd.cc} (93%) rename Sources/CCryptoBoringSSL/crypto/{cpu_arm_linux.c => cpu_arm_linux.cc} (93%) rename Sources/CCryptoBoringSSL/crypto/{cpu_intel.c => cpu_intel.cc} (90%) rename Sources/CCryptoBoringSSL/crypto/{crypto.c => crypto.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/curve25519/{curve25519.c => curve25519.cc} (97%) rename Sources/CCryptoBoringSSL/crypto/curve25519/{curve25519_64_adx.c => curve25519_64_adx.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/curve25519/{spake25519.c => spake25519.cc} (95%) rename Sources/CCryptoBoringSSL/crypto/des/{des.c => des.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/dh_extra/{dh_asn1.c => dh_asn1.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/dh_extra/{params.c => params.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/digest_extra/{digest_extra.c => digest_extra.cc} (79%) rename Sources/CCryptoBoringSSL/crypto/dilithium/{dilithium.c => dilithium.cc} (99%) rename Sources/CCryptoBoringSSL/crypto/dsa/{dsa.c => dsa.cc} (79%) rename Sources/CCryptoBoringSSL/crypto/dsa/{dsa_asn1.c => dsa_asn1.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/ec_extra/{ec_asn1.c => ec_asn1.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/ec_extra/{ec_derive.c => ec_derive.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/ec_extra/{hash_to_curve.c => hash_to_curve.cc} (88%) rename Sources/CCryptoBoringSSL/crypto/ecdh_extra/{ecdh_extra.c => ecdh_extra.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/ecdsa_extra/{ecdsa_asn1.c => ecdsa_asn1.cc} (92%) rename Sources/CCryptoBoringSSL/crypto/engine/{engine.c => engine.cc} (84%) rename Sources/CCryptoBoringSSL/crypto/err/{err.c => err.cc} (95%) rename Sources/CCryptoBoringSSL/crypto/evp/{evp.c => evp.cc} (96%) rename Sources/CCryptoBoringSSL/crypto/evp/{evp_asn1.c => evp_asn1.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/evp/{evp_ctx.c => evp_ctx.cc} (97%) rename Sources/CCryptoBoringSSL/crypto/evp/{p_dh.c => p_dh.cc} (75%) rename Sources/CCryptoBoringSSL/crypto/evp/{p_dh_asn1.c => p_dh_asn1.cc} (63%) rename Sources/CCryptoBoringSSL/crypto/evp/{p_dsa_asn1.c => p_dsa_asn1.cc} (88%) rename Sources/CCryptoBoringSSL/crypto/evp/{p_ec.c => p_ec.cc} (86%) rename Sources/CCryptoBoringSSL/crypto/evp/{p_ec_asn1.c => p_ec_asn1.cc} (89%) rename Sources/CCryptoBoringSSL/crypto/evp/{p_ed25519.c => p_ed25519.cc} (76%) rename Sources/CCryptoBoringSSL/crypto/evp/{p_ed25519_asn1.c => p_ed25519_asn1.cc} (88%) rename Sources/CCryptoBoringSSL/crypto/evp/{p_hkdf.c => p_hkdf.cc} (86%) rename Sources/CCryptoBoringSSL/crypto/evp/{p_rsa.c => p_rsa.cc} (89%) rename Sources/CCryptoBoringSSL/crypto/evp/{p_rsa_asn1.c => p_rsa_asn1.cc} (89%) rename Sources/CCryptoBoringSSL/crypto/evp/{p_x25519.c => p_x25519.cc} (78%) rename Sources/CCryptoBoringSSL/crypto/evp/{p_x25519_asn1.c => p_x25519_asn1.cc} (85%) rename Sources/CCryptoBoringSSL/crypto/evp/{pbkdf.c => pbkdf.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/evp/{print.c => print.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/evp/{scrypt.c => scrypt.cc} (97%) rename Sources/CCryptoBoringSSL/crypto/evp/{sign.c => sign.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/{ex_data.c => ex_data.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/{aes.c.inc => aes.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/{aes_nohw.c.inc => aes_nohw.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/{key_wrap.c.inc => key_wrap.cc.inc} (99%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/{mode_wrappers.c.inc => mode_wrappers.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/{bcm.c => bcm.cc} (62%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{add.c.inc => add.cc.inc} (99%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/asm/{x86_64-gcc.c.inc => x86_64-gcc.cc.inc} (98%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{bn.c.inc => bn.cc.inc} (94%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{bytes.c.inc => bytes.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{cmp.c.inc => cmp.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{ctx.c.inc => ctx.cc.inc} (96%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{div.c.inc => div.cc.inc} (94%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{div_extra.c.inc => div_extra.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{exponentiation.c.inc => exponentiation.cc.inc} (97%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{gcd.c.inc => gcd.cc.inc} (98%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{gcd_extra.c.inc => gcd_extra.cc.inc} (89%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{generic.c.inc => generic.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{jacobi.c.inc => jacobi.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{montgomery.c.inc => montgomery.cc.inc} (96%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{montgomery_inv.c.inc => montgomery_inv.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{mul.c.inc => mul.cc.inc} (97%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{prime.c.inc => prime.cc.inc} (97%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{random.c.inc => random.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{rsaz_exp.c.inc => rsaz_exp.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{shift.c.inc => shift.cc.inc} (98%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/{sqrt.c.inc => sqrt.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/{aead.c.inc => aead.cc.inc} (92%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/{cipher.c.inc => cipher.cc.inc} (98%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/{e_aes.c.inc => e_aes.cc.inc} (93%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/{e_aesccm.c.inc => e_aesccm.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/cmac/{cmac.c.inc => cmac.cc.inc} (97%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/dh/{check.c.inc => check.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/dh/{dh.c.inc => dh.cc.inc} (96%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/digest/{digest.c.inc => digest.cc.inc} (95%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/digest/{digests.c.inc => digests.cc.inc} (82%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/digestsign/{digestsign.c.inc => digestsign.cc.inc} (99%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/{ec.c.inc => ec.cc.inc} (98%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/{ec_key.c.inc => ec_key.cc.inc} (96%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/{ec_montgomery.c.inc => ec_montgomery.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/{felem.c.inc => felem.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/{oct.c.inc => oct.cc.inc} (97%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/{p224-64.c.inc => p224-64.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/{p256-nistz.c.inc => p256-nistz.cc.inc} (97%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/{p256.c.inc => p256.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/{scalar.c.inc => scalar.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/{simple.c.inc => simple.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/{simple_mul.c.inc => simple_mul.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/{util.c.inc => util.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/{wnaf.c.inc => wnaf.cc.inc} (92%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/ecdh/{ecdh.c.inc => ecdh.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/ecdsa/{ecdsa.c.inc => ecdsa.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/{fips_shared_support.c => fips_shared_support.cc} (93%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/hkdf/{hkdf.c.inc => hkdf.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/hmac/{hmac.c.inc => hmac.cc.inc} (98%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/{cbc.c.inc => cbc.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/{cfb.c.inc => cfb.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/{ctr.c.inc => ctr.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/{gcm.c.inc => gcm.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/{gcm_nohw.c.inc => gcm_nohw.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/{ofb.c.inc => ofb.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/{polyval.c.inc => polyval.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/{ctrdrbg.c.inc => ctrdrbg.cc.inc} (97%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/{rand.c.inc => rand.cc.inc} (97%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/{blinding.c.inc => blinding.cc.inc} (98%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/{padding.c.inc => padding.cc.inc} (94%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/{rsa.c.inc => rsa.cc.inc} (88%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/{rsa_impl.c.inc => rsa_impl.cc.inc} (95%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/self_check/{fips.c.inc => fips.cc.inc} (91%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/self_check/{self_check.c.inc => self_check.cc.inc} (97%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/service_indicator/{service_indicator.c.inc => service_indicator.cc.inc} (96%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/{sha1.c.inc => sha1.cc.inc} (96%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/{sha256.c.inc => sha256.cc.inc} (99%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/{sha512.c.inc => sha512.cc.inc} (99%) rename Sources/CCryptoBoringSSL/crypto/fipsmodule/tls/{kdf.c.inc => kdf.cc.inc} (100%) rename Sources/CCryptoBoringSSL/crypto/hpke/{hpke.c => hpke.cc} (99%) rename Sources/CCryptoBoringSSL/crypto/hrss/{hrss.c => hrss.cc} (95%) rename Sources/CCryptoBoringSSL/crypto/keccak/{keccak.c => keccak.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/kyber/{kyber.c => kyber.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/lhash/{lhash.c => lhash.cc} (96%) rename Sources/CCryptoBoringSSL/crypto/md4/{md4.c => md4.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/md5/{md5.c => md5.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/{mem.c => mem.cc} (91%) rename Sources/CCryptoBoringSSL/crypto/mldsa/{mldsa.c => mldsa.cc} (63%) create mode 100644 Sources/CCryptoBoringSSL/crypto/mlkem/mlkem.cc rename Sources/CCryptoBoringSSL/crypto/obj/{obj.c => obj.cc} (92%) rename Sources/CCryptoBoringSSL/crypto/obj/{obj_xref.c => obj_xref.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/pem/{pem_all.c => pem_all.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/pem/{pem_info.c => pem_info.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/pem/{pem_lib.c => pem_lib.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/pem/{pem_oth.c => pem_oth.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/pem/{pem_pk8.c => pem_pk8.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/pem/{pem_pkey.c => pem_pkey.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/pem/{pem_x509.c => pem_x509.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/pem/{pem_xaux.c => pem_xaux.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/pkcs7/{pkcs7.c => pkcs7.cc} (97%) rename Sources/CCryptoBoringSSL/crypto/pkcs7/{pkcs7_x509.c => pkcs7_x509.cc} (91%) rename Sources/CCryptoBoringSSL/crypto/pkcs8/{p5_pbev2.c => p5_pbev2.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/pkcs8/{pkcs8.c => pkcs8.cc} (67%) rename Sources/CCryptoBoringSSL/crypto/pkcs8/{pkcs8_x509.c => pkcs8_x509.cc} (90%) rename Sources/CCryptoBoringSSL/crypto/poly1305/{poly1305.c => poly1305.cc} (99%) rename Sources/CCryptoBoringSSL/crypto/poly1305/{poly1305_arm.c => poly1305_arm.cc} (99%) rename Sources/CCryptoBoringSSL/crypto/poly1305/{poly1305_vec.c => poly1305_vec.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/pool/{pool.c => pool.cc} (92%) rename Sources/CCryptoBoringSSL/crypto/rand_extra/{deterministic.c => deterministic.cc} (97%) rename Sources/CCryptoBoringSSL/crypto/rand_extra/{fork_detect.c => fork_detect.cc} (95%) rename Sources/CCryptoBoringSSL/crypto/rand_extra/{forkunsafe.c => forkunsafe.cc} (96%) rename Sources/CCryptoBoringSSL/crypto/rand_extra/{getentropy.c => getentropy.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/rand_extra/{ios.c => ios.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/rand_extra/{passive.c => passive.cc} (86%) rename Sources/CCryptoBoringSSL/crypto/rand_extra/{rand_extra.c => rand_extra.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/rand_extra/{trusty.c => trusty.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/rand_extra/{urandom.c => urandom.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/rand_extra/{windows.c => windows.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/rc4/{rc4.c => rc4.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/{refcount.c => refcount.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/rsa_extra/{rsa_asn1.c => rsa_asn1.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/rsa_extra/{rsa_crypt.c => rsa_crypt.cc} (84%) rename Sources/CCryptoBoringSSL/crypto/rsa_extra/{rsa_extra.c => rsa_extra.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/rsa_extra/{rsa_print.c => rsa_print.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/sha/{sha1.c => sha1.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/sha/{sha256.c => sha256.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/sha/{sha512.c => sha512.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/siphash/{siphash.c => siphash.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/slhdsa/{fors.c => fors.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/slhdsa/{merkle.c => merkle.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/slhdsa/{slhdsa.c => slhdsa.cc} (68%) rename Sources/CCryptoBoringSSL/crypto/slhdsa/{thash.c => thash.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/slhdsa/{wots.c => wots.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/spx/{spx.c => spx.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/spx/{spx_address.c => spx_address.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/spx/{spx_fors.c => spx_fors.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/spx/{spx_merkle.c => spx_merkle.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/spx/{spx_thash.c => spx_thash.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/spx/{spx_util.c => spx_util.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/spx/{spx_wots.c => spx_wots.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/stack/{stack.c => stack.cc} (96%) rename Sources/CCryptoBoringSSL/crypto/{thread.c => thread.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/{thread_none.c => thread_none.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/{thread_pthread.c => thread_pthread.cc} (90%) rename Sources/CCryptoBoringSSL/crypto/{thread_win.c => thread_win.cc} (89%) rename Sources/CCryptoBoringSSL/crypto/trust_token/{pmbtoken.c => pmbtoken.cc} (88%) rename Sources/CCryptoBoringSSL/crypto/trust_token/{trust_token.c => trust_token.cc} (95%) rename Sources/CCryptoBoringSSL/crypto/trust_token/{voprf.c => voprf.cc} (83%) rename Sources/CCryptoBoringSSL/crypto/x509/{a_digest.c => a_digest.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/x509/{a_sign.c => a_sign.cc} (79%) rename Sources/CCryptoBoringSSL/crypto/x509/{a_verify.c => a_verify.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/x509/{algorithm.c => algorithm.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{asn1_gen.c => asn1_gen.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/x509/{by_dir.c => by_dir.cc} (96%) rename Sources/CCryptoBoringSSL/crypto/x509/{by_file.c => by_file.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{i2d_pr.c => i2d_pr.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{name_print.c => name_print.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{policy.c => policy.cc} (75%) rename Sources/CCryptoBoringSSL/crypto/x509/{rsa_pss.c => rsa_pss.cc} (86%) rename Sources/CCryptoBoringSSL/crypto/x509/{t_crl.c => t_crl.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{t_req.c => t_req.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{t_x509.c => t_x509.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{t_x509a.c => t_x509a.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_akey.c => v3_akey.cc} (97%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_akeya.c => v3_akeya.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_alt.c => v3_alt.cc} (99%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_bcons.c => v3_bcons.cc} (97%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_bitst.c => v3_bitst.cc} (94%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_conf.c => v3_conf.cc} (97%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_cpols.c => v3_cpols.cc} (90%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_crld.c => v3_crld.cc} (99%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_enum.c => v3_enum.cc} (94%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_extku.c => v3_extku.cc} (97%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_genn.c => v3_genn.cc} (94%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_ia5.c => v3_ia5.cc} (96%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_info.c => v3_info.cc} (97%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_int.c => v3_int.cc} (97%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_lib.c => v3_lib.cc} (95%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_ncons.c => v3_ncons.cc} (99%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_ocsp.c => v3_ocsp.cc} (94%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_pcons.c => v3_pcons.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_pmaps.c => v3_pmaps.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_prn.c => v3_prn.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_purp.c => v3_purp.cc} (95%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_skey.c => v3_skey.cc} (96%) rename Sources/CCryptoBoringSSL/crypto/x509/{v3_utl.c => v3_utl.cc} (97%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509.c => x509.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509_att.c => x509_att.cc} (97%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509_cmp.c => x509_cmp.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509_d2.c => x509_d2.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509_def.c => x509_def.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509_ext.c => x509_ext.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509_lu.c => x509_lu.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509_obj.c => x509_obj.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509_req.c => x509_req.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509_set.c => x509_set.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509_trs.c => x509_trs.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509_txt.c => x509_txt.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509_v3.c => x509_v3.cc} (99%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509_vfy.c => x509_vfy.cc} (83%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509_vpm.c => x509_vpm.cc} (90%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509cset.c => x509cset.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509name.c => x509name.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509rset.c => x509rset.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x509spki.c => x509spki.cc} (95%) rename Sources/CCryptoBoringSSL/crypto/x509/{x_algor.c => x_algor.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x_all.c => x_all.cc} (96%) rename Sources/CCryptoBoringSSL/crypto/x509/{x_attrib.c => x_attrib.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x_crl.c => x_crl.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/x509/{x_exten.c => x_exten.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x_name.c => x_name.cc} (92%) rename Sources/CCryptoBoringSSL/crypto/x509/{x_pubkey.c => x_pubkey.cc} (98%) rename Sources/CCryptoBoringSSL/crypto/x509/{x_req.c => x_req.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x_sig.c => x_sig.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x_spki.c => x_spki.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x_val.c => x_val.cc} (100%) rename Sources/CCryptoBoringSSL/crypto/x509/{x_x509.c => x_x509.cc} (87%) rename Sources/CCryptoBoringSSL/crypto/x509/{x_x509a.c => x_x509a.cc} (98%) rename Sources/CCryptoBoringSSL/gen/crypto/{err_data.c => err_data.cc} (83%) diff --git a/Package.swift b/Package.swift index 774329d1..c993da71 100644 --- a/Package.swift +++ b/Package.swift @@ -20,7 +20,7 @@ // Sources/CCryptoBoringSSL directory. The source repository is at // https://boringssl.googlesource.com/boringssl. // -// BoringSSL Commit: 2587c4974dbe9872451151c8e975f58567a1ce0d +// BoringSSL Commit: fcef13a49852397a0d39c00be8d7bc2ba1ab6fb9 import PackageDescription @@ -186,5 +186,5 @@ let package = Package( ), .testTarget(name: "CryptoBoringWrapperTests", dependencies: ["CryptoBoringWrapper"]), ], - cxxLanguageStandard: .cxx11 + cxxLanguageStandard: .cxx14 ) diff --git a/Sources/CCryptoBoringSSL/CMakeLists.txt b/Sources/CCryptoBoringSSL/CMakeLists.txt index f61d310b..79e11767 100644 --- a/Sources/CCryptoBoringSSL/CMakeLists.txt +++ b/Sources/CCryptoBoringSSL/CMakeLists.txt @@ -13,255 +13,256 @@ ##===----------------------------------------------------------------------===## add_library(CCryptoBoringSSL STATIC - "crypto/asn1/a_bitstr.c" - "crypto/asn1/a_bool.c" - "crypto/asn1/a_d2i_fp.c" - "crypto/asn1/a_dup.c" - "crypto/asn1/a_gentm.c" - "crypto/asn1/a_i2d_fp.c" - "crypto/asn1/a_int.c" - "crypto/asn1/a_mbstr.c" - "crypto/asn1/a_object.c" - "crypto/asn1/a_octet.c" - "crypto/asn1/a_strex.c" - "crypto/asn1/a_strnid.c" - "crypto/asn1/a_time.c" - "crypto/asn1/a_type.c" - "crypto/asn1/a_utctm.c" - "crypto/asn1/asn1_lib.c" - "crypto/asn1/asn1_par.c" - "crypto/asn1/asn_pack.c" - "crypto/asn1/f_int.c" - "crypto/asn1/f_string.c" - "crypto/asn1/posix_time.c" - "crypto/asn1/tasn_dec.c" - "crypto/asn1/tasn_enc.c" - "crypto/asn1/tasn_fre.c" - "crypto/asn1/tasn_new.c" - "crypto/asn1/tasn_typ.c" - "crypto/asn1/tasn_utl.c" - "crypto/base64/base64.c" - "crypto/bio/bio.c" - "crypto/bio/bio_mem.c" - "crypto/bio/connect.c" - "crypto/bio/errno.c" - "crypto/bio/fd.c" - "crypto/bio/file.c" - "crypto/bio/hexdump.c" - "crypto/bio/pair.c" - "crypto/bio/printf.c" - "crypto/bio/socket.c" - "crypto/bio/socket_helper.c" - "crypto/blake2/blake2.c" - "crypto/bn_extra/bn_asn1.c" - "crypto/bn_extra/convert.c" - "crypto/buf/buf.c" - "crypto/bytestring/asn1_compat.c" - "crypto/bytestring/ber.c" - "crypto/bytestring/cbb.c" - "crypto/bytestring/cbs.c" - "crypto/bytestring/unicode.c" - "crypto/chacha/chacha.c" - "crypto/cipher_extra/cipher_extra.c" - "crypto/cipher_extra/derive_key.c" - "crypto/cipher_extra/e_aesctrhmac.c" - "crypto/cipher_extra/e_aesgcmsiv.c" - "crypto/cipher_extra/e_chacha20poly1305.c" - "crypto/cipher_extra/e_des.c" - "crypto/cipher_extra/e_null.c" - "crypto/cipher_extra/e_rc2.c" - "crypto/cipher_extra/e_rc4.c" - "crypto/cipher_extra/e_tls.c" - "crypto/cipher_extra/tls_cbc.c" - "crypto/conf/conf.c" - "crypto/cpu_aarch64_apple.c" - "crypto/cpu_aarch64_fuchsia.c" - "crypto/cpu_aarch64_linux.c" - "crypto/cpu_aarch64_openbsd.c" - "crypto/cpu_aarch64_sysreg.c" - "crypto/cpu_aarch64_win.c" - "crypto/cpu_arm_freebsd.c" - "crypto/cpu_arm_linux.c" - "crypto/cpu_intel.c" - "crypto/crypto.c" - "crypto/curve25519/curve25519.c" - "crypto/curve25519/curve25519_64_adx.c" - "crypto/curve25519/spake25519.c" - "crypto/des/des.c" - "crypto/dh_extra/dh_asn1.c" - "crypto/dh_extra/params.c" - "crypto/digest_extra/digest_extra.c" - "crypto/dilithium/dilithium.c" - "crypto/dsa/dsa.c" - "crypto/dsa/dsa_asn1.c" - "crypto/ec_extra/ec_asn1.c" - "crypto/ec_extra/ec_derive.c" - "crypto/ec_extra/hash_to_curve.c" - "crypto/ecdh_extra/ecdh_extra.c" - "crypto/ecdsa_extra/ecdsa_asn1.c" - "crypto/engine/engine.c" - "crypto/err/err.c" - "crypto/evp/evp.c" - "crypto/evp/evp_asn1.c" - "crypto/evp/evp_ctx.c" - "crypto/evp/p_dh.c" - "crypto/evp/p_dh_asn1.c" - "crypto/evp/p_dsa_asn1.c" - "crypto/evp/p_ec.c" - "crypto/evp/p_ec_asn1.c" - "crypto/evp/p_ed25519.c" - "crypto/evp/p_ed25519_asn1.c" - "crypto/evp/p_hkdf.c" - "crypto/evp/p_rsa.c" - "crypto/evp/p_rsa_asn1.c" - "crypto/evp/p_x25519.c" - "crypto/evp/p_x25519_asn1.c" - "crypto/evp/pbkdf.c" - "crypto/evp/print.c" - "crypto/evp/scrypt.c" - "crypto/evp/sign.c" - "crypto/ex_data.c" - "crypto/fipsmodule/bcm.c" - "crypto/fipsmodule/fips_shared_support.c" - "crypto/hpke/hpke.c" - "crypto/hrss/hrss.c" - "crypto/keccak/keccak.c" - "crypto/kyber/kyber.c" - "crypto/lhash/lhash.c" - "crypto/md4/md4.c" - "crypto/md5/md5.c" - "crypto/mem.c" - "crypto/mldsa/mldsa.c" - "crypto/obj/obj.c" - "crypto/obj/obj_xref.c" - "crypto/pem/pem_all.c" - "crypto/pem/pem_info.c" - "crypto/pem/pem_lib.c" - "crypto/pem/pem_oth.c" - "crypto/pem/pem_pk8.c" - "crypto/pem/pem_pkey.c" - "crypto/pem/pem_x509.c" - "crypto/pem/pem_xaux.c" - "crypto/pkcs7/pkcs7.c" - "crypto/pkcs7/pkcs7_x509.c" - "crypto/pkcs8/p5_pbev2.c" - "crypto/pkcs8/pkcs8.c" - "crypto/pkcs8/pkcs8_x509.c" - "crypto/poly1305/poly1305.c" - "crypto/poly1305/poly1305_arm.c" - "crypto/poly1305/poly1305_vec.c" - "crypto/pool/pool.c" - "crypto/rand_extra/deterministic.c" - "crypto/rand_extra/fork_detect.c" - "crypto/rand_extra/forkunsafe.c" - "crypto/rand_extra/getentropy.c" - "crypto/rand_extra/ios.c" - "crypto/rand_extra/passive.c" - "crypto/rand_extra/rand_extra.c" - "crypto/rand_extra/trusty.c" - "crypto/rand_extra/urandom.c" - "crypto/rand_extra/windows.c" - "crypto/rc4/rc4.c" - "crypto/refcount.c" - "crypto/rsa_extra/rsa_asn1.c" - "crypto/rsa_extra/rsa_crypt.c" - "crypto/rsa_extra/rsa_extra.c" - "crypto/rsa_extra/rsa_print.c" - "crypto/sha/sha1.c" - "crypto/sha/sha256.c" - "crypto/sha/sha512.c" - "crypto/siphash/siphash.c" - "crypto/slhdsa/fors.c" - "crypto/slhdsa/merkle.c" - "crypto/slhdsa/slhdsa.c" - "crypto/slhdsa/thash.c" - "crypto/slhdsa/wots.c" - "crypto/spx/spx.c" - "crypto/spx/spx_address.c" - "crypto/spx/spx_fors.c" - "crypto/spx/spx_merkle.c" - "crypto/spx/spx_thash.c" - "crypto/spx/spx_util.c" - "crypto/spx/spx_wots.c" - "crypto/stack/stack.c" - "crypto/thread.c" - "crypto/thread_none.c" - "crypto/thread_pthread.c" - "crypto/thread_win.c" - "crypto/trust_token/pmbtoken.c" - "crypto/trust_token/trust_token.c" - "crypto/trust_token/voprf.c" - "crypto/x509/a_digest.c" - "crypto/x509/a_sign.c" - "crypto/x509/a_verify.c" - "crypto/x509/algorithm.c" - "crypto/x509/asn1_gen.c" - "crypto/x509/by_dir.c" - "crypto/x509/by_file.c" - "crypto/x509/i2d_pr.c" - "crypto/x509/name_print.c" - "crypto/x509/policy.c" - "crypto/x509/rsa_pss.c" - "crypto/x509/t_crl.c" - "crypto/x509/t_req.c" - "crypto/x509/t_x509.c" - "crypto/x509/t_x509a.c" - "crypto/x509/v3_akey.c" - "crypto/x509/v3_akeya.c" - "crypto/x509/v3_alt.c" - "crypto/x509/v3_bcons.c" - "crypto/x509/v3_bitst.c" - "crypto/x509/v3_conf.c" - "crypto/x509/v3_cpols.c" - "crypto/x509/v3_crld.c" - "crypto/x509/v3_enum.c" - "crypto/x509/v3_extku.c" - "crypto/x509/v3_genn.c" - "crypto/x509/v3_ia5.c" - "crypto/x509/v3_info.c" - "crypto/x509/v3_int.c" - "crypto/x509/v3_lib.c" - "crypto/x509/v3_ncons.c" - "crypto/x509/v3_ocsp.c" - "crypto/x509/v3_pcons.c" - "crypto/x509/v3_pmaps.c" - "crypto/x509/v3_prn.c" - "crypto/x509/v3_purp.c" - "crypto/x509/v3_skey.c" - "crypto/x509/v3_utl.c" - "crypto/x509/x509.c" - "crypto/x509/x509_att.c" - "crypto/x509/x509_cmp.c" - "crypto/x509/x509_d2.c" - "crypto/x509/x509_def.c" - "crypto/x509/x509_ext.c" - "crypto/x509/x509_lu.c" - "crypto/x509/x509_obj.c" - "crypto/x509/x509_req.c" - "crypto/x509/x509_set.c" - "crypto/x509/x509_trs.c" - "crypto/x509/x509_txt.c" - "crypto/x509/x509_v3.c" - "crypto/x509/x509_vfy.c" - "crypto/x509/x509_vpm.c" - "crypto/x509/x509cset.c" - "crypto/x509/x509name.c" - "crypto/x509/x509rset.c" - "crypto/x509/x509spki.c" - "crypto/x509/x_algor.c" - "crypto/x509/x_all.c" - "crypto/x509/x_attrib.c" - "crypto/x509/x_crl.c" - "crypto/x509/x_exten.c" - "crypto/x509/x_name.c" - "crypto/x509/x_pubkey.c" - "crypto/x509/x_req.c" - "crypto/x509/x_sig.c" - "crypto/x509/x_spki.c" - "crypto/x509/x_val.c" - "crypto/x509/x_x509.c" - "crypto/x509/x_x509a.c" - "gen/crypto/err_data.c") + "crypto/asn1/a_bitstr.cc" + "crypto/asn1/a_bool.cc" + "crypto/asn1/a_d2i_fp.cc" + "crypto/asn1/a_dup.cc" + "crypto/asn1/a_gentm.cc" + "crypto/asn1/a_i2d_fp.cc" + "crypto/asn1/a_int.cc" + "crypto/asn1/a_mbstr.cc" + "crypto/asn1/a_object.cc" + "crypto/asn1/a_octet.cc" + "crypto/asn1/a_strex.cc" + "crypto/asn1/a_strnid.cc" + "crypto/asn1/a_time.cc" + "crypto/asn1/a_type.cc" + "crypto/asn1/a_utctm.cc" + "crypto/asn1/asn1_lib.cc" + "crypto/asn1/asn1_par.cc" + "crypto/asn1/asn_pack.cc" + "crypto/asn1/f_int.cc" + "crypto/asn1/f_string.cc" + "crypto/asn1/posix_time.cc" + "crypto/asn1/tasn_dec.cc" + "crypto/asn1/tasn_enc.cc" + "crypto/asn1/tasn_fre.cc" + "crypto/asn1/tasn_new.cc" + "crypto/asn1/tasn_typ.cc" + "crypto/asn1/tasn_utl.cc" + "crypto/base64/base64.cc" + "crypto/bio/bio.cc" + "crypto/bio/bio_mem.cc" + "crypto/bio/connect.cc" + "crypto/bio/errno.cc" + "crypto/bio/fd.cc" + "crypto/bio/file.cc" + "crypto/bio/hexdump.cc" + "crypto/bio/pair.cc" + "crypto/bio/printf.cc" + "crypto/bio/socket.cc" + "crypto/bio/socket_helper.cc" + "crypto/blake2/blake2.cc" + "crypto/bn_extra/bn_asn1.cc" + "crypto/bn_extra/convert.cc" + "crypto/buf/buf.cc" + "crypto/bytestring/asn1_compat.cc" + "crypto/bytestring/ber.cc" + "crypto/bytestring/cbb.cc" + "crypto/bytestring/cbs.cc" + "crypto/bytestring/unicode.cc" + "crypto/chacha/chacha.cc" + "crypto/cipher_extra/cipher_extra.cc" + "crypto/cipher_extra/derive_key.cc" + "crypto/cipher_extra/e_aesctrhmac.cc" + "crypto/cipher_extra/e_aesgcmsiv.cc" + "crypto/cipher_extra/e_chacha20poly1305.cc" + "crypto/cipher_extra/e_des.cc" + "crypto/cipher_extra/e_null.cc" + "crypto/cipher_extra/e_rc2.cc" + "crypto/cipher_extra/e_rc4.cc" + "crypto/cipher_extra/e_tls.cc" + "crypto/cipher_extra/tls_cbc.cc" + "crypto/conf/conf.cc" + "crypto/cpu_aarch64_apple.cc" + "crypto/cpu_aarch64_fuchsia.cc" + "crypto/cpu_aarch64_linux.cc" + "crypto/cpu_aarch64_openbsd.cc" + "crypto/cpu_aarch64_sysreg.cc" + "crypto/cpu_aarch64_win.cc" + "crypto/cpu_arm_freebsd.cc" + "crypto/cpu_arm_linux.cc" + "crypto/cpu_intel.cc" + "crypto/crypto.cc" + "crypto/curve25519/curve25519.cc" + "crypto/curve25519/curve25519_64_adx.cc" + "crypto/curve25519/spake25519.cc" + "crypto/des/des.cc" + "crypto/dh_extra/dh_asn1.cc" + "crypto/dh_extra/params.cc" + "crypto/digest_extra/digest_extra.cc" + "crypto/dilithium/dilithium.cc" + "crypto/dsa/dsa.cc" + "crypto/dsa/dsa_asn1.cc" + "crypto/ec_extra/ec_asn1.cc" + "crypto/ec_extra/ec_derive.cc" + "crypto/ec_extra/hash_to_curve.cc" + "crypto/ecdh_extra/ecdh_extra.cc" + "crypto/ecdsa_extra/ecdsa_asn1.cc" + "crypto/engine/engine.cc" + "crypto/err/err.cc" + "crypto/evp/evp.cc" + "crypto/evp/evp_asn1.cc" + "crypto/evp/evp_ctx.cc" + "crypto/evp/p_dh.cc" + "crypto/evp/p_dh_asn1.cc" + "crypto/evp/p_dsa_asn1.cc" + "crypto/evp/p_ec.cc" + "crypto/evp/p_ec_asn1.cc" + "crypto/evp/p_ed25519.cc" + "crypto/evp/p_ed25519_asn1.cc" + "crypto/evp/p_hkdf.cc" + "crypto/evp/p_rsa.cc" + "crypto/evp/p_rsa_asn1.cc" + "crypto/evp/p_x25519.cc" + "crypto/evp/p_x25519_asn1.cc" + "crypto/evp/pbkdf.cc" + "crypto/evp/print.cc" + "crypto/evp/scrypt.cc" + "crypto/evp/sign.cc" + "crypto/ex_data.cc" + "crypto/fipsmodule/bcm.cc" + "crypto/fipsmodule/fips_shared_support.cc" + "crypto/hpke/hpke.cc" + "crypto/hrss/hrss.cc" + "crypto/keccak/keccak.cc" + "crypto/kyber/kyber.cc" + "crypto/lhash/lhash.cc" + "crypto/md4/md4.cc" + "crypto/md5/md5.cc" + "crypto/mem.cc" + "crypto/mldsa/mldsa.cc" + "crypto/mlkem/mlkem.cc" + "crypto/obj/obj.cc" + "crypto/obj/obj_xref.cc" + "crypto/pem/pem_all.cc" + "crypto/pem/pem_info.cc" + "crypto/pem/pem_lib.cc" + "crypto/pem/pem_oth.cc" + "crypto/pem/pem_pk8.cc" + "crypto/pem/pem_pkey.cc" + "crypto/pem/pem_x509.cc" + "crypto/pem/pem_xaux.cc" + "crypto/pkcs7/pkcs7.cc" + "crypto/pkcs7/pkcs7_x509.cc" + "crypto/pkcs8/p5_pbev2.cc" + "crypto/pkcs8/pkcs8.cc" + "crypto/pkcs8/pkcs8_x509.cc" + "crypto/poly1305/poly1305.cc" + "crypto/poly1305/poly1305_arm.cc" + "crypto/poly1305/poly1305_vec.cc" + "crypto/pool/pool.cc" + "crypto/rand_extra/deterministic.cc" + "crypto/rand_extra/fork_detect.cc" + "crypto/rand_extra/forkunsafe.cc" + "crypto/rand_extra/getentropy.cc" + "crypto/rand_extra/ios.cc" + "crypto/rand_extra/passive.cc" + "crypto/rand_extra/rand_extra.cc" + "crypto/rand_extra/trusty.cc" + "crypto/rand_extra/urandom.cc" + "crypto/rand_extra/windows.cc" + "crypto/rc4/rc4.cc" + "crypto/refcount.cc" + "crypto/rsa_extra/rsa_asn1.cc" + "crypto/rsa_extra/rsa_crypt.cc" + "crypto/rsa_extra/rsa_extra.cc" + "crypto/rsa_extra/rsa_print.cc" + "crypto/sha/sha1.cc" + "crypto/sha/sha256.cc" + "crypto/sha/sha512.cc" + "crypto/siphash/siphash.cc" + "crypto/slhdsa/fors.cc" + "crypto/slhdsa/merkle.cc" + "crypto/slhdsa/slhdsa.cc" + "crypto/slhdsa/thash.cc" + "crypto/slhdsa/wots.cc" + "crypto/spx/spx.cc" + "crypto/spx/spx_address.cc" + "crypto/spx/spx_fors.cc" + "crypto/spx/spx_merkle.cc" + "crypto/spx/spx_thash.cc" + "crypto/spx/spx_util.cc" + "crypto/spx/spx_wots.cc" + "crypto/stack/stack.cc" + "crypto/thread.cc" + "crypto/thread_none.cc" + "crypto/thread_pthread.cc" + "crypto/thread_win.cc" + "crypto/trust_token/pmbtoken.cc" + "crypto/trust_token/trust_token.cc" + "crypto/trust_token/voprf.cc" + "crypto/x509/a_digest.cc" + "crypto/x509/a_sign.cc" + "crypto/x509/a_verify.cc" + "crypto/x509/algorithm.cc" + "crypto/x509/asn1_gen.cc" + "crypto/x509/by_dir.cc" + "crypto/x509/by_file.cc" + "crypto/x509/i2d_pr.cc" + "crypto/x509/name_print.cc" + "crypto/x509/policy.cc" + "crypto/x509/rsa_pss.cc" + "crypto/x509/t_crl.cc" + "crypto/x509/t_req.cc" + "crypto/x509/t_x509.cc" + "crypto/x509/t_x509a.cc" + "crypto/x509/v3_akey.cc" + "crypto/x509/v3_akeya.cc" + "crypto/x509/v3_alt.cc" + "crypto/x509/v3_bcons.cc" + "crypto/x509/v3_bitst.cc" + "crypto/x509/v3_conf.cc" + "crypto/x509/v3_cpols.cc" + "crypto/x509/v3_crld.cc" + "crypto/x509/v3_enum.cc" + "crypto/x509/v3_extku.cc" + "crypto/x509/v3_genn.cc" + "crypto/x509/v3_ia5.cc" + "crypto/x509/v3_info.cc" + "crypto/x509/v3_int.cc" + "crypto/x509/v3_lib.cc" + "crypto/x509/v3_ncons.cc" + "crypto/x509/v3_ocsp.cc" + "crypto/x509/v3_pcons.cc" + "crypto/x509/v3_pmaps.cc" + "crypto/x509/v3_prn.cc" + "crypto/x509/v3_purp.cc" + "crypto/x509/v3_skey.cc" + "crypto/x509/v3_utl.cc" + "crypto/x509/x509.cc" + "crypto/x509/x509_att.cc" + "crypto/x509/x509_cmp.cc" + "crypto/x509/x509_d2.cc" + "crypto/x509/x509_def.cc" + "crypto/x509/x509_ext.cc" + "crypto/x509/x509_lu.cc" + "crypto/x509/x509_obj.cc" + "crypto/x509/x509_req.cc" + "crypto/x509/x509_set.cc" + "crypto/x509/x509_trs.cc" + "crypto/x509/x509_txt.cc" + "crypto/x509/x509_v3.cc" + "crypto/x509/x509_vfy.cc" + "crypto/x509/x509_vpm.cc" + "crypto/x509/x509cset.cc" + "crypto/x509/x509name.cc" + "crypto/x509/x509rset.cc" + "crypto/x509/x509spki.cc" + "crypto/x509/x_algor.cc" + "crypto/x509/x_all.cc" + "crypto/x509/x_attrib.cc" + "crypto/x509/x_crl.cc" + "crypto/x509/x_exten.cc" + "crypto/x509/x_name.cc" + "crypto/x509/x_pubkey.cc" + "crypto/x509/x_req.cc" + "crypto/x509/x_sig.cc" + "crypto/x509/x_spki.cc" + "crypto/x509/x_val.cc" + "crypto/x509/x_x509.cc" + "crypto/x509/x_x509a.cc" + "gen/crypto/err_data.cc") if(CMAKE_SYSTEM_NAME STREQUAL Darwin AND CMAKE_SYSTEM_PROCESSOR MATCHES "amd64|x86_64") target_sources(CCryptoBoringSSL PRIVATE diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_bitstr.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_bitstr.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/asn1/a_bitstr.c rename to Sources/CCryptoBoringSSL/crypto/asn1/a_bitstr.cc index f15b2d97..852c323e 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/a_bitstr.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/a_bitstr.cc @@ -142,6 +142,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char *p; unsigned char *s; int padding; + uint8_t padding_mask; if (len < 1) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_SHORT); @@ -170,7 +171,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, } // Unused bits in a BIT STRING must be zero. - uint8_t padding_mask = (1 << padding) - 1; + padding_mask = (1 << padding) - 1; if (padding != 0 && (len < 1 || (p[len - 1] & padding_mask) != 0)) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BIT_STRING_PADDING); goto err; @@ -182,7 +183,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | padding); // set if (len > 0) { - s = OPENSSL_memdup(p, len); + s = reinterpret_cast(OPENSSL_memdup(p, len)); if (s == NULL) { goto err; } diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_bool.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_bool.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/asn1/a_bool.c rename to Sources/CCryptoBoringSSL/crypto/asn1/a_bool.cc diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_d2i_fp.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_d2i_fp.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/asn1/a_d2i_fp.c rename to Sources/CCryptoBoringSSL/crypto/asn1/a_d2i_fp.cc index a376527e..b70bbe34 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/a_d2i_fp.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/a_d2i_fp.cc @@ -72,7 +72,7 @@ void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) { return NULL; } const uint8_t *ptr = data; - void *ret = ASN1_item_d2i(x, &ptr, len, it); + void *ret = ASN1_item_d2i(reinterpret_cast(x), &ptr, len, it); OPENSSL_free(data); return ret; } diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_dup.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_dup.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/asn1/a_dup.c rename to Sources/CCryptoBoringSSL/crypto/asn1/a_dup.cc index a6d771f2..2ce0d544 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/a_dup.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/a_dup.cc @@ -73,7 +73,7 @@ void *ASN1_item_dup(const ASN1_ITEM *it, void *x) { return NULL; } - i = ASN1_item_i2d(x, &b, it); + i = ASN1_item_i2d(reinterpret_cast(x), &b, it); if (b == NULL) { return NULL; } diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_gentm.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_gentm.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/asn1/a_gentm.c rename to Sources/CCryptoBoringSSL/crypto/asn1/a_gentm.cc diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_i2d_fp.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_i2d_fp.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/asn1/a_i2d_fp.c rename to Sources/CCryptoBoringSSL/crypto/asn1/a_i2d_fp.cc index bb0a0b5a..17bde3cc 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/a_i2d_fp.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/a_i2d_fp.cc @@ -74,7 +74,7 @@ int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) { int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) { unsigned char *b = NULL; - int n = ASN1_item_i2d(x, &b, it); + int n = ASN1_item_i2d(reinterpret_cast(x), &b, it); if (b == NULL) { return 0; } diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_int.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_int.cc similarity index 99% rename from Sources/CCryptoBoringSSL/crypto/asn1/a_int.c rename to Sources/CCryptoBoringSSL/crypto/asn1/a_int.cc index d82761d9..ad21d1db 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/a_int.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/a_int.cc @@ -408,6 +408,7 @@ static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai, } else { ret = ai; } + int len; if (ret == NULL) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); goto err; @@ -419,7 +420,7 @@ static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai, ret->type = type; } - int len = BN_num_bytes(bn); + len = BN_num_bytes(bn); if (!ASN1_STRING_set(ret, NULL, len) || !BN_bn2bin_padded(ret->data, len, bn)) { goto err; diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_mbstr.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_mbstr.cc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/asn1/a_mbstr.c rename to Sources/CCryptoBoringSSL/crypto/asn1/a_mbstr.cc index b5877267..e2aced9c 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/a_mbstr.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/a_mbstr.cc @@ -226,6 +226,8 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, CBB cbb; CBB_zero(&cbb); // If both the same type just copy across + uint8_t *data = NULL; + size_t data_len = 0; if (inform == outform) { if (!ASN1_STRING_set(dest, in, len)) { goto err; @@ -245,12 +247,12 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, goto err; } } - uint8_t *data = NULL; - size_t data_len; - if (// OpenSSL historically NUL-terminated this value with a single byte, - // even for |MBSTRING_BMP| and |MBSTRING_UNIV|. - !CBB_add_u8(&cbb, 0) || !CBB_finish(&cbb, &data, &data_len) || - data_len < 1 || data_len > INT_MAX) { + if (/* OpenSSL historically NUL-terminated this value with a single byte, + * even for |MBSTRING_BMP| and |MBSTRING_UNIV|. */ + !CBB_add_u8(&cbb, 0) || // + !CBB_finish(&cbb, &data, &data_len) || // + data_len < 1 || // + data_len > INT_MAX) { OPENSSL_PUT_ERROR(ASN1, ERR_R_INTERNAL_ERROR); OPENSSL_free(data); goto err; @@ -272,7 +274,7 @@ int asn1_is_printable(uint32_t value) { if (value > 0x7f) { return 0; } - return OPENSSL_isalnum(value) || // + return OPENSSL_isalnum(value) || // value == ' ' || value == '\'' || value == '(' || value == ')' || value == '+' || value == ',' || value == '-' || value == '.' || value == '/' || value == ':' || value == '=' || value == '?'; diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_object.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_object.cc similarity index 99% rename from Sources/CCryptoBoringSSL/crypto/asn1/a_object.c rename to Sources/CCryptoBoringSSL/crypto/asn1/a_object.cc index 9055e1c0..853137ed 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/a_object.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/a_object.cc @@ -114,7 +114,7 @@ int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a) { int len = i2t_ASN1_OBJECT(buf, sizeof(buf), a); if (len > (int)sizeof(buf) - 1) { // The input was truncated. Allocate a buffer that fits. - allocated = OPENSSL_malloc(len + 1); + allocated = reinterpret_cast(OPENSSL_malloc(len + 1)); if (allocated == NULL) { return -1; } diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_octet.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_octet.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/asn1/a_octet.c rename to Sources/CCryptoBoringSSL/crypto/asn1/a_octet.cc diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_strex.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_strex.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/asn1/a_strex.c rename to Sources/CCryptoBoringSSL/crypto/asn1/a_strex.cc diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_strnid.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_strnid.cc similarity index 95% rename from Sources/CCryptoBoringSSL/crypto/asn1/a_strnid.c rename to Sources/CCryptoBoringSSL/crypto/asn1/a_strnid.cc index 4850963d..795b951f 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/a_strnid.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/a_strnid.cc @@ -159,7 +159,8 @@ static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b) { } static int table_cmp_void(const void *a, const void *b) { - return table_cmp(a, b); + return table_cmp(reinterpret_cast(a), + reinterpret_cast(b)); } static uint32_t table_hash(const ASN1_STRING_TABLE *tbl) { @@ -169,9 +170,9 @@ static uint32_t table_hash(const ASN1_STRING_TABLE *tbl) { static const ASN1_STRING_TABLE *asn1_string_table_get(int nid) { ASN1_STRING_TABLE key; key.nid = nid; - const ASN1_STRING_TABLE *tbl = + const ASN1_STRING_TABLE *tbl = reinterpret_cast( bsearch(&key, tbl_standard, OPENSSL_ARRAY_SIZE(tbl_standard), - sizeof(ASN1_STRING_TABLE), table_cmp_void); + sizeof(ASN1_STRING_TABLE), table_cmp_void)); if (tbl != NULL) { return tbl; } @@ -198,6 +199,7 @@ int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, int ret = 0; CRYPTO_MUTEX_lock_write(&string_tables_lock); + ASN1_STRING_TABLE *tbl = NULL; if (string_tables == NULL) { string_tables = lh_ASN1_STRING_TABLE_new(table_hash, table_cmp); if (string_tables == NULL) { @@ -214,7 +216,8 @@ int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, } } - ASN1_STRING_TABLE *tbl = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); + tbl = reinterpret_cast( + OPENSSL_malloc(sizeof(ASN1_STRING_TABLE))); if (tbl == NULL) { goto err; } diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_time.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_time.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/asn1/a_time.c rename to Sources/CCryptoBoringSSL/crypto/asn1/a_time.cc diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_type.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_type.cc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/asn1/a_type.c rename to Sources/CCryptoBoringSSL/crypto/asn1/a_type.cc index f50717c2..31ed011e 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/a_type.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/a_type.cc @@ -137,10 +137,10 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) { a->value.boolean = value ? ASN1_BOOLEAN_TRUE : ASN1_BOOLEAN_FALSE; break; case V_ASN1_OBJECT: - a->value.object = value; + a->value.object = reinterpret_cast(value); break; default: - a->value.asn1_string = value; + a->value.asn1_string = reinterpret_cast(value); break; } } @@ -151,14 +151,14 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) { ASN1_TYPE_set(a, type, p); } else if (type == V_ASN1_OBJECT) { ASN1_OBJECT *odup; - odup = OBJ_dup(value); + odup = OBJ_dup(reinterpret_cast(value)); if (!odup) { return 0; } ASN1_TYPE_set(a, type, odup); } else { ASN1_STRING *sdup; - sdup = ASN1_STRING_dup(value); + sdup = ASN1_STRING_dup(reinterpret_cast(value)); if (!sdup) { return 0; } diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_utctm.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_utctm.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/asn1/a_utctm.c rename to Sources/CCryptoBoringSSL/crypto/asn1/a_utctm.cc diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/asn1_lib.c b/Sources/CCryptoBoringSSL/crypto/asn1/asn1_lib.cc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/asn1/asn1_lib.c rename to Sources/CCryptoBoringSSL/crypto/asn1/asn1_lib.cc index 5e988a78..9b84e024 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/asn1_lib.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/asn1_lib.cc @@ -271,7 +271,7 @@ ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str) { } int ASN1_STRING_set(ASN1_STRING *str, const void *_data, ossl_ssize_t len_s) { - const char *data = _data; + const char *data = reinterpret_cast(_data); size_t len; if (len_s < 0) { if (data == NULL) { @@ -291,9 +291,9 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, ossl_ssize_t len_s) { if (str->length <= (int)len || str->data == NULL) { unsigned char *c = str->data; if (c == NULL) { - str->data = OPENSSL_malloc(len + 1); + str->data = reinterpret_cast(OPENSSL_malloc(len + 1)); } else { - str->data = OPENSSL_realloc(c, len + 1); + str->data = reinterpret_cast(OPENSSL_realloc(c, len + 1)); } if (str->data == NULL) { @@ -315,7 +315,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, ossl_ssize_t len_s) { void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) { OPENSSL_free(str->data); - str->data = data; + str->data = reinterpret_cast(data); str->length = len; } diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/asn1_par.c b/Sources/CCryptoBoringSSL/crypto/asn1/asn1_par.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/asn1/asn1_par.c rename to Sources/CCryptoBoringSSL/crypto/asn1/asn1_par.cc diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/asn_pack.c b/Sources/CCryptoBoringSSL/crypto/asn1/asn_pack.cc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/asn1/asn_pack.c rename to Sources/CCryptoBoringSSL/crypto/asn1/asn_pack.cc index 3874c853..edbba084 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/asn_pack.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/asn_pack.cc @@ -62,7 +62,7 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **out) { uint8_t *new_data = NULL; - int len = ASN1_item_i2d(obj, &new_data, it); + int len = ASN1_item_i2d(reinterpret_cast(obj), &new_data, it); if (len <= 0) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_ENCODE_ERROR); return NULL; @@ -91,7 +91,7 @@ void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it) { void *ret = ASN1_item_d2i(NULL, &p, oct->length, it); if (ret == NULL || p != oct->data + oct->length) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR); - ASN1_item_free(ret, it); + ASN1_item_free(reinterpret_cast(ret), it); return NULL; } return ret; diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/f_int.c b/Sources/CCryptoBoringSSL/crypto/asn1/f_int.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/asn1/f_int.c rename to Sources/CCryptoBoringSSL/crypto/asn1/f_int.cc diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/f_string.c b/Sources/CCryptoBoringSSL/crypto/asn1/f_string.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/asn1/f_string.c rename to Sources/CCryptoBoringSSL/crypto/asn1/f_string.cc diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/posix_time.c b/Sources/CCryptoBoringSSL/crypto/asn1/posix_time.cc similarity index 99% rename from Sources/CCryptoBoringSSL/crypto/asn1/posix_time.c rename to Sources/CCryptoBoringSSL/crypto/asn1/posix_time.cc index 0dc8f428..22163921 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/posix_time.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/posix_time.cc @@ -154,7 +154,7 @@ int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out) { } int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm) { - struct tm tmp_tm = {0}; + struct tm tmp_tm = {}; if (!utc_from_posix_time(time, &tmp_tm.tm_year, &tmp_tm.tm_mon, &tmp_tm.tm_mday, &tmp_tm.tm_hour, &tmp_tm.tm_min, &tmp_tm.tm_sec)) { diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/tasn_dec.c b/Sources/CCryptoBoringSSL/crypto/asn1/tasn_dec.cc similarity index 99% rename from Sources/CCryptoBoringSSL/crypto/asn1/tasn_dec.c rename to Sources/CCryptoBoringSSL/crypto/asn1/tasn_dec.cc index 3a459f92..8f8203b0 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/tasn_dec.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/tasn_dec.cc @@ -282,7 +282,8 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE); goto err; } - const ASN1_EXTERN_FUNCS *ef = it->funcs; + const ASN1_EXTERN_FUNCS *ef = + reinterpret_cast(it->funcs); return ef->asn1_ex_d2i(pval, in, len, it, opt, NULL); } @@ -294,7 +295,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, goto err; } - const ASN1_AUX *aux = it->funcs; + const ASN1_AUX *aux = reinterpret_cast(it->funcs); ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL; if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) { goto auxerr; @@ -379,7 +380,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, goto err; } - const ASN1_AUX *aux = it->funcs; + const ASN1_AUX *aux = reinterpret_cast(it->funcs); ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL; if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) { goto auxerr; diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/tasn_enc.c b/Sources/CCryptoBoringSSL/crypto/asn1/tasn_enc.cc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/asn1/tasn_enc.c rename to Sources/CCryptoBoringSSL/crypto/asn1/tasn_enc.cc index 4ae35ffd..f907fbab 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/tasn_enc.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/tasn_enc.cc @@ -90,7 +90,7 @@ int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) { if (len <= 0) { return len; } - buf = OPENSSL_malloc(len); + buf = reinterpret_cast(OPENSSL_malloc(len)); if (!buf) { return -1; } @@ -191,7 +191,8 @@ int asn1_item_ex_i2d_opt(ASN1_VALUE **pval, unsigned char **out, OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE); return -1; } - const ASN1_EXTERN_FUNCS *ef = it->funcs; + const ASN1_EXTERN_FUNCS *ef = + reinterpret_cast(it->funcs); int ret = ef->asn1_ex_i2d(pval, out, it); if (ret == 0) { // |asn1_ex_i2d| should never return zero. We have already checked @@ -424,7 +425,8 @@ typedef struct { } DER_ENC; static int der_cmp(const void *a, const void *b) { - const DER_ENC *d1 = a, *d2 = b; + const DER_ENC *d1 = reinterpret_cast(a), + *d2 = reinterpret_cast(b); int cmplen, i; cmplen = (d1->length < d2->length) ? d1->length : d2->length; i = OPENSSL_memcmp(d1->data, d2->data, cmplen); @@ -453,14 +455,15 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, } int ret = 0; - unsigned char *const buf = OPENSSL_malloc(skcontlen); - DER_ENC *encoded = OPENSSL_calloc(sk_ASN1_VALUE_num(sk), sizeof(*encoded)); + uint8_t *const buf = reinterpret_cast(OPENSSL_malloc(skcontlen)); + DER_ENC *encoded = reinterpret_cast( + OPENSSL_calloc(sk_ASN1_VALUE_num(sk), sizeof(*encoded))); + uint8_t *p = buf; if (encoded == NULL || buf == NULL) { goto err; } // Encode all the elements into |buf| and populate |encoded|. - unsigned char *p = buf; for (size_t i = 0; i < sk_ASN1_VALUE_num(sk); i++) { ASN1_VALUE *skitem = sk_ASN1_VALUE_value(sk, i); encoded[i].data = p; diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/tasn_fre.c b/Sources/CCryptoBoringSSL/crypto/asn1/tasn_fre.cc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/asn1/tasn_fre.c rename to Sources/CCryptoBoringSSL/crypto/asn1/tasn_fre.cc index fae61a66..147503d7 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/tasn_fre.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/tasn_fre.cc @@ -94,7 +94,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { break; case ASN1_ITYPE_CHOICE: { - const ASN1_AUX *aux = it->funcs; + const ASN1_AUX *aux = reinterpret_cast(it->funcs); ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL; if (asn1_cb) { i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL); @@ -118,7 +118,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { } case ASN1_ITYPE_EXTERN: - ef = it->funcs; + ef = reinterpret_cast(it->funcs); if (ef && ef->asn1_ex_free) { ef->asn1_ex_free(pval, it); } @@ -128,7 +128,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { if (!asn1_refcount_dec_and_test_zero(pval, it)) { return; } - const ASN1_AUX *aux = it->funcs; + const ASN1_AUX *aux = reinterpret_cast(it->funcs); ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL; if (asn1_cb) { i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL); diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/tasn_new.c b/Sources/CCryptoBoringSSL/crypto/asn1/tasn_new.cc similarity index 95% rename from Sources/CCryptoBoringSSL/crypto/asn1/tasn_new.c rename to Sources/CCryptoBoringSSL/crypto/asn1/tasn_new.cc index a7fcc690..581eb449 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/tasn_new.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/tasn_new.cc @@ -91,7 +91,7 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { switch (it->itype) { case ASN1_ITYPE_EXTERN: - ef = it->funcs; + ef = reinterpret_cast(it->funcs); if (ef && ef->asn1_ex_new) { if (!ef->asn1_ex_new(pval, it)) { goto memerr; @@ -116,7 +116,7 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { break; case ASN1_ITYPE_CHOICE: { - const ASN1_AUX *aux = it->funcs; + const ASN1_AUX *aux = reinterpret_cast(it->funcs); ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL; if (asn1_cb) { i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL); @@ -127,7 +127,7 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { return 1; } } - *pval = OPENSSL_zalloc(it->size); + *pval = reinterpret_cast(OPENSSL_zalloc(it->size)); if (!*pval) { goto memerr; } @@ -139,7 +139,7 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { } case ASN1_ITYPE_SEQUENCE: { - const ASN1_AUX *aux = it->funcs; + const ASN1_AUX *aux = reinterpret_cast(it->funcs); ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL; if (asn1_cb) { i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL); @@ -150,7 +150,7 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { return 1; } } - *pval = OPENSSL_zalloc(it->size); + *pval = reinterpret_cast(OPENSSL_zalloc(it->size)); if (!*pval) { goto memerr; } @@ -279,7 +279,8 @@ static int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { return 1; case V_ASN1_ANY: { - ASN1_TYPE *typ = OPENSSL_malloc(sizeof(ASN1_TYPE)); + ASN1_TYPE *typ = + reinterpret_cast(OPENSSL_malloc(sizeof(ASN1_TYPE))); if (!typ) { return 0; } diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/tasn_typ.c b/Sources/CCryptoBoringSSL/crypto/asn1/tasn_typ.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/asn1/tasn_typ.c rename to Sources/CCryptoBoringSSL/crypto/asn1/tasn_typ.cc diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/tasn_utl.c b/Sources/CCryptoBoringSSL/crypto/asn1/tasn_utl.cc similarity index 91% rename from Sources/CCryptoBoringSSL/crypto/asn1/tasn_utl.c rename to Sources/CCryptoBoringSSL/crypto/asn1/tasn_utl.cc index 859f5f7f..a9424574 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/tasn_utl.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/tasn_utl.cc @@ -77,7 +77,7 @@ // Given an ASN1_ITEM CHOICE type return the selector value int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it) { - int *sel = offset2ptr(*pval, it->utype); + int *sel = reinterpret_cast(offset2ptr(*pval, it->utype)); return *sel; } @@ -85,7 +85,7 @@ int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it) { int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it) { int *sel, ret; - sel = offset2ptr(*pval, it->utype); + sel = reinterpret_cast(offset2ptr(*pval, it->utype)); ret = *sel; *sel = value; return ret; @@ -96,11 +96,12 @@ static CRYPTO_refcount_t *asn1_get_references(ASN1_VALUE **pval, if (it->itype != ASN1_ITYPE_SEQUENCE) { return NULL; } - const ASN1_AUX *aux = it->funcs; + const ASN1_AUX *aux = reinterpret_cast(it->funcs); if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) { return NULL; } - return offset2ptr(*pval, aux->ref_offset); + return reinterpret_cast( + offset2ptr(*pval, aux->ref_offset)); } void asn1_refcount_set_one(ASN1_VALUE **pval, const ASN1_ITEM *it) { @@ -124,11 +125,11 @@ static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it) { if (!pval || !*pval) { return NULL; } - aux = it->funcs; + aux = reinterpret_cast(it->funcs); if (!aux || !(aux->flags & ASN1_AFLG_ENCODING)) { return NULL; } - return offset2ptr(*pval, aux->enc_offset); + return reinterpret_cast(offset2ptr(*pval, aux->enc_offset)); } void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it) { @@ -163,7 +164,7 @@ int asn1_enc_save(ASN1_VALUE **pval, const uint8_t *in, size_t in_len, enc->buf = buf; enc->enc = (uint8_t *)in; } else { - enc->enc = OPENSSL_memdup(in, in_len); + enc->enc = reinterpret_cast(OPENSSL_memdup(in, in_len)); if (!enc->enc) { return 0; } @@ -202,7 +203,8 @@ int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, // Given an ASN1_TEMPLATE get a pointer to a field ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) { - ASN1_VALUE **pvaltmp = offset2ptr(*pval, tt->offset); + ASN1_VALUE **pvaltmp = + reinterpret_cast(offset2ptr(*pval, tt->offset)); // NOTE for BOOLEAN types the field is just a plain int so we can't return // int **, so settle for (int *). return pvaltmp; @@ -224,9 +226,10 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, adb = ASN1_ADB_ptr(tt->item); // Get the selector field - sfld = offset2ptr(*pval, adb->offset); + sfld = reinterpret_cast(offset2ptr(*pval, adb->offset)); // Check if NULL + int selector; if (*sfld == NULL) { if (!adb->null_tt) { goto err; @@ -238,7 +241,7 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, // NB: don't check for NID_undef here because it // might be a legitimate value in the table assert(tt->flags & ASN1_TFLG_ADB_OID); - int selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld); + selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld); // Try to find matching entry in table Maybe should check application types // first to allow application override? Might also be useful to have a flag diff --git a/Sources/CCryptoBoringSSL/crypto/base64/base64.c b/Sources/CCryptoBoringSSL/crypto/base64/base64.cc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/base64/base64.c rename to Sources/CCryptoBoringSSL/crypto/base64/base64.cc index 34e23e6b..6762f4c5 100644 --- a/Sources/CCryptoBoringSSL/crypto/base64/base64.c +++ b/Sources/CCryptoBoringSSL/crypto/base64/base64.cc @@ -121,12 +121,11 @@ int EVP_EncodedLength(size_t *out_len, size_t len) { } EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) { - return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX)); + return reinterpret_cast( + OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX))); } -void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) { - OPENSSL_free(ctx); -} +void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) { OPENSSL_free(ctx); } void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) { OPENSSL_memset(ctx, 0, sizeof(EVP_ENCODE_CTX)); @@ -302,9 +301,9 @@ static int base64_decode_quad(uint8_t *out, size_t *out_num_bytes, const uint32_t v = ((uint32_t)a) << 18 | ((uint32_t)b) << 12 | ((uint32_t)c) << 6 | (uint32_t)d; - const unsigned padding_pattern = (in[0] == '=') << 3 | - (in[1] == '=') << 2 | - (in[2] == '=') << 1 | + const unsigned padding_pattern = (in[0] == '=') << 3 | // + (in[1] == '=') << 2 | // + (in[2] == '=') << 1 | // (in[3] == '='); // In presence of padding, the lowest bits of v are unused. Canonical encoding @@ -412,8 +411,7 @@ int EVP_DecodeBase64(uint8_t *out, size_t *out_len, size_t max_out, } size_t max_len; - if (!EVP_DecodedLength(&max_len, in_len) || - max_out < max_len) { + if (!EVP_DecodedLength(&max_len, in_len) || max_out < max_len) { return 0; } @@ -449,7 +447,7 @@ int EVP_DecodeBlock(uint8_t *dst, const uint8_t *src, size_t src_len) { // Trim newlines, spaces and tabs from the end of the line. while (src_len > 0) { - switch (src[src_len-1]) { + switch (src[src_len - 1]) { case ' ': case '\t': case '\r': @@ -462,8 +460,7 @@ int EVP_DecodeBlock(uint8_t *dst, const uint8_t *src, size_t src_len) { } size_t dst_len; - if (!EVP_DecodedLength(&dst_len, src_len) || - dst_len > INT_MAX || + if (!EVP_DecodedLength(&dst_len, src_len) || dst_len > INT_MAX || !EVP_DecodeBase64(dst, &dst_len, dst_len, src, src_len)) { return -1; } diff --git a/Sources/CCryptoBoringSSL/crypto/bio/bio.c b/Sources/CCryptoBoringSSL/crypto/bio/bio.cc similarity index 89% rename from Sources/CCryptoBoringSSL/crypto/bio/bio.c rename to Sources/CCryptoBoringSSL/crypto/bio/bio.cc index 0de106b9..17b91b65 100644 --- a/Sources/CCryptoBoringSSL/crypto/bio/bio.c +++ b/Sources/CCryptoBoringSSL/crypto/bio/bio.cc @@ -73,7 +73,7 @@ static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA; BIO *BIO_new(const BIO_METHOD *method) { - BIO *ret = OPENSSL_zalloc(sizeof(BIO)); + BIO *ret = reinterpret_cast(OPENSSL_zalloc(sizeof(BIO))); if (ret == NULL) { return NULL; } @@ -116,13 +116,9 @@ int BIO_up_ref(BIO *bio) { return 1; } -void BIO_vfree(BIO *bio) { - BIO_free(bio); -} +void BIO_vfree(BIO *bio) { BIO_free(bio); } -void BIO_free_all(BIO *bio) { - BIO_free(bio); -} +void BIO_free_all(BIO *bio) { BIO_free(bio); } int BIO_read(BIO *bio, void *buf, int len) { if (bio == NULL || bio->method == NULL || bio->method->bread == NULL) { @@ -136,7 +132,7 @@ int BIO_read(BIO *bio, void *buf, int len) { if (len <= 0) { return 0; } - int ret = bio->method->bread(bio, buf, len); + int ret = bio->method->bread(bio, reinterpret_cast(buf), len); if (ret > 0) { bio->num_read += ret; } @@ -174,7 +170,7 @@ int BIO_write(BIO *bio, const void *in, int inl) { if (inl <= 0) { return 0; } - int ret = bio->method->bwrite(bio, in, inl); + int ret = bio->method->bwrite(bio, reinterpret_cast(in), inl); if (ret > 0) { bio->num_write += ret; } @@ -182,7 +178,7 @@ int BIO_write(BIO *bio, const void *in, int inl) { } int BIO_write_all(BIO *bio, const void *data, size_t len) { - const uint8_t *data_u8 = data; + const uint8_t *data_u8 = reinterpret_cast(data); while (len > 0) { int ret = BIO_write(bio, data_u8, len > INT_MAX ? INT_MAX : (int)len); if (ret <= 0) { @@ -204,9 +200,7 @@ int BIO_puts(BIO *bio, const char *in) { return BIO_write(bio, in, (int)len); } -int BIO_flush(BIO *bio) { - return (int)BIO_ctrl(bio, BIO_CTRL_FLUSH, 0, NULL); -} +int BIO_flush(BIO *bio) { return (int)BIO_ctrl(bio, BIO_CTRL_FLUSH, 0, NULL); } long BIO_ctrl(BIO *bio, int cmd, long larg, void *parg) { if (bio == NULL) { @@ -237,21 +231,13 @@ long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg) { return BIO_ctrl(b, cmd, larg, (void *)&i); } -int BIO_reset(BIO *bio) { - return (int)BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL); -} +int BIO_reset(BIO *bio) { return (int)BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL); } -int BIO_eof(BIO *bio) { - return (int)BIO_ctrl(bio, BIO_CTRL_EOF, 0, NULL); -} +int BIO_eof(BIO *bio) { return (int)BIO_ctrl(bio, BIO_CTRL_EOF, 0, NULL); } -void BIO_set_flags(BIO *bio, int flags) { - bio->flags |= flags; -} +void BIO_set_flags(BIO *bio, int flags) { bio->flags |= flags; } -int BIO_test_flags(const BIO *bio, int flags) { - return bio->flags & flags; -} +int BIO_test_flags(const BIO *bio, int flags) { return bio->flags & flags; } int BIO_should_read(const BIO *bio) { return BIO_test_flags(bio, BIO_FLAGS_READ); @@ -273,9 +259,7 @@ int BIO_get_retry_reason(const BIO *bio) { return bio->retry_reason; } void BIO_set_retry_reason(BIO *bio, int reason) { bio->retry_reason = reason; } -void BIO_clear_flags(BIO *bio, int flags) { - bio->flags &= ~flags; -} +void BIO_clear_flags(BIO *bio, int flags) { bio->flags &= ~flags; } void BIO_set_retry_read(BIO *bio) { bio->flags |= BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY; @@ -287,9 +271,7 @@ void BIO_set_retry_write(BIO *bio) { static const int kRetryFlags = BIO_FLAGS_RWS | BIO_FLAGS_SHOULD_RETRY; -int BIO_get_retry_flags(BIO *bio) { - return bio->flags & kRetryFlags; -} +int BIO_get_retry_flags(BIO *bio) { return bio->flags & kRetryFlags; } void BIO_clear_retry_flags(BIO *bio) { bio->flags &= ~kRetryFlags; @@ -318,7 +300,7 @@ long BIO_callback_ctrl(BIO *bio, int cmd, bio_info_cb fp) { } size_t BIO_pending(const BIO *bio) { - const long r = BIO_ctrl((BIO *) bio, BIO_CTRL_PENDING, 0, NULL); + const long r = BIO_ctrl((BIO *)bio, BIO_CTRL_PENDING, 0, NULL); assert(r >= 0); if (r < 0) { @@ -327,12 +309,10 @@ size_t BIO_pending(const BIO *bio) { return r; } -size_t BIO_ctrl_pending(const BIO *bio) { - return BIO_pending(bio); -} +size_t BIO_ctrl_pending(const BIO *bio) { return BIO_pending(bio); } size_t BIO_wpending(const BIO *bio) { - const long r = BIO_ctrl((BIO *) bio, BIO_CTRL_WPENDING, 0, NULL); + const long r = BIO_ctrl((BIO *)bio, BIO_CTRL_WPENDING, 0, NULL); assert(r >= 0); if (r < 0) { @@ -430,9 +410,7 @@ static int print_bio(const char *str, size_t len, void *bio) { return BIO_write_all((BIO *)bio, str, len); } -void ERR_print_errors(BIO *bio) { - ERR_print_errors_cb(print_bio, bio); -} +void ERR_print_errors(BIO *bio) { ERR_print_errors_cb(print_bio, bio); } // bio_read_all reads everything from |bio| and prepends |prefix| to it. On // success, |*out| is set to an allocated buffer (which should be freed with @@ -454,7 +432,7 @@ static int bio_read_all(BIO *bio, uint8_t **out, size_t *out_len, if (len < prefix_len) { return 0; } - *out = OPENSSL_malloc(len); + *out = reinterpret_cast(OPENSSL_malloc(len)); if (*out == NULL) { return 0; } @@ -485,7 +463,8 @@ static int bio_read_all(BIO *bio, uint8_t **out, size_t *out_len, if (len < kChunkSize || len > max_len) { len = max_len; } - uint8_t *new_buf = OPENSSL_realloc(*out, len); + uint8_t *new_buf = + reinterpret_cast(OPENSSL_realloc(*out, len)); if (new_buf == NULL) { OPENSSL_free(*out); return 0; @@ -594,7 +573,7 @@ int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) { return 0; } - if ((len32 >> ((num_bytes-1)*8)) == 0) { + if ((len32 >> ((num_bytes - 1) * 8)) == 0) { // Length should have been at least one byte shorter. OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR); return 0; @@ -603,16 +582,14 @@ int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) { len = len32; } - if (len + header_len < len || - len + header_len > max_len || - len > INT_MAX) { + if (len + header_len < len || len + header_len > max_len || len > INT_MAX) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG); return 0; } len += header_len; *out_len = len; - *out = OPENSSL_malloc(len); + *out = reinterpret_cast(OPENSSL_malloc(len)); if (*out == NULL) { return 0; } @@ -644,7 +621,8 @@ int BIO_get_new_index(void) { } BIO_METHOD *BIO_meth_new(int type, const char *name) { - BIO_METHOD *method = OPENSSL_zalloc(sizeof(BIO_METHOD)); + BIO_METHOD *method = + reinterpret_cast(OPENSSL_zalloc(sizeof(BIO_METHOD))); if (method == NULL) { return NULL; } @@ -653,18 +631,14 @@ BIO_METHOD *BIO_meth_new(int type, const char *name) { return method; } -void BIO_meth_free(BIO_METHOD *method) { - OPENSSL_free(method); -} +void BIO_meth_free(BIO_METHOD *method) { OPENSSL_free(method); } -int BIO_meth_set_create(BIO_METHOD *method, - int (*create_func)(BIO *)) { +int BIO_meth_set_create(BIO_METHOD *method, int (*create_func)(BIO *)) { method->create = create_func; return 1; } -int BIO_meth_set_destroy(BIO_METHOD *method, - int (*destroy_func)(BIO *)) { +int BIO_meth_set_destroy(BIO_METHOD *method, int (*destroy_func)(BIO *)) { method->destroy = destroy_func; return 1; } @@ -710,10 +684,10 @@ int BIO_meth_set_puts(BIO_METHOD *method, int (*puts)(BIO *, const char *)) { return 1; } -int BIO_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_unused *unused, - CRYPTO_EX_dup *dup_unused, - CRYPTO_EX_free *free_func) { +int BIO_get_ex_new_index(long argl, void *argp, // + CRYPTO_EX_unused *unused, // + CRYPTO_EX_dup *dup_unused, // + CRYPTO_EX_free *free_func) { return CRYPTO_get_ex_new_index_ex(&g_ex_data_class, argl, argp, free_func); } diff --git a/Sources/CCryptoBoringSSL/crypto/bio/bio_mem.c b/Sources/CCryptoBoringSSL/crypto/bio/bio_mem.cc similarity index 95% rename from Sources/CCryptoBoringSSL/crypto/bio/bio_mem.c rename to Sources/CCryptoBoringSSL/crypto/bio/bio_mem.cc index d8ae01b7..b5d7c7a2 100644 --- a/Sources/CCryptoBoringSSL/crypto/bio/bio_mem.c +++ b/Sources/CCryptoBoringSSL/crypto/bio/bio_mem.cc @@ -83,7 +83,7 @@ BIO *BIO_new_mem_buf(const void *buf, ossl_ssize_t len) { b = (BUF_MEM *)ret->ptr; // BIO_FLAGS_MEM_RDONLY ensures |b->data| is not written to. - b->data = (void *)buf; + b->data = reinterpret_cast(const_cast(buf)); b->length = size; b->max = size; @@ -135,7 +135,7 @@ static int mem_read(BIO *bio, char *out, int outl) { return 0; } - BUF_MEM *b = bio->ptr; + BUF_MEM *b = reinterpret_cast(bio->ptr); int ret = outl; if ((size_t)ret > b->length) { ret = (int)b->length; @@ -169,7 +169,7 @@ static int mem_write(BIO *bio, const char *in, int inl) { return -1; } - BUF_MEM *b = bio->ptr; + BUF_MEM *b = reinterpret_cast(bio->ptr); if (!BUF_MEM_append(b, in, inl)) { return -1; } @@ -185,14 +185,15 @@ static int mem_gets(BIO *bio, char *buf, int size) { // The buffer size includes space for the trailing NUL, so we can read at most // one fewer byte. - BUF_MEM *b = bio->ptr; + BUF_MEM *b = reinterpret_cast(bio->ptr); int ret = size - 1; if ((size_t)ret > b->length) { ret = (int)b->length; } // Stop at the first newline. - const char *newline = OPENSSL_memchr(b->data, '\n', ret); + const char *newline = + reinterpret_cast(OPENSSL_memchr(b->data, '\n', ret)); if (newline != NULL) { ret = (int)(newline - b->data + 1); } @@ -231,7 +232,7 @@ static long mem_ctrl(BIO *bio, int cmd, long num, void *ptr) { case BIO_CTRL_INFO: ret = (long)b->length; if (ptr != NULL) { - char **pptr = ptr; + char **pptr = reinterpret_cast(ptr); *pptr = b->data; } break; @@ -242,7 +243,7 @@ static long mem_ctrl(BIO *bio, int cmd, long num, void *ptr) { break; case BIO_C_GET_BUF_MEM_PTR: if (ptr != NULL) { - BUF_MEM **pptr = ptr; + BUF_MEM **pptr = reinterpret_cast(ptr); *pptr = b; } break; diff --git a/Sources/CCryptoBoringSSL/crypto/bio/connect.c b/Sources/CCryptoBoringSSL/crypto/bio/connect.cc similarity index 94% rename from Sources/CCryptoBoringSSL/crypto/bio/connect.c rename to Sources/CCryptoBoringSSL/crypto/bio/connect.cc index 79a663b8..bc817546 100644 --- a/Sources/CCryptoBoringSSL/crypto/bio/connect.c +++ b/Sources/CCryptoBoringSSL/crypto/bio/connect.cc @@ -63,9 +63,9 @@ #include #if !defined(OPENSSL_WINDOWS) -#include -#include #include +#include +#include #include #else OPENSSL_MSVC_PRAGMA(warning(push, 3)) @@ -77,8 +77,8 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) #include #include -#include "internal.h" #include "../internal.h" +#include "internal.h" enum { @@ -109,9 +109,7 @@ typedef struct bio_connect_st { } BIO_CONNECT; #if !defined(OPENSSL_WINDOWS) -static int closesocket(int sock) { - return close(sock); -} +static int closesocket(int sock) { return close(sock); } #endif // split_host_and_port sets |*out_host| and |*out_port| to the host and port @@ -231,7 +229,7 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) { } BIO_clear_retry_flags(bio); - ret = connect(bio->num, (struct sockaddr*) &c->them, c->them_length); + ret = connect(bio->num, (struct sockaddr *)&c->them, c->them_length); if (ret < 0) { if (bio_socket_should_retry(ret)) { BIO_set_flags(bio, (BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY)); @@ -261,7 +259,8 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) { BIO_clear_retry_flags(bio); OPENSSL_PUT_SYSTEM_ERROR(); OPENSSL_PUT_ERROR(BIO, BIO_R_NBIO_CONNECT_ERROR); - ERR_add_error_data(4, "host=", c->param_hostname, ":", c->param_port); + ERR_add_error_data(4, "host=", c->param_hostname, ":", + c->param_port); ret = 0; } goto exit_loop; @@ -296,7 +295,8 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) { } static BIO_CONNECT *BIO_CONNECT_new(void) { - BIO_CONNECT *ret = OPENSSL_zalloc(sizeof(BIO_CONNECT)); + BIO_CONNECT *ret = + reinterpret_cast(OPENSSL_zalloc(sizeof(BIO_CONNECT))); if (ret == NULL) { return NULL; } @@ -323,7 +323,7 @@ static int conn_new(BIO *bio) { } static void conn_close_socket(BIO *bio) { - BIO_CONNECT *c = (BIO_CONNECT *) bio->ptr; + BIO_CONNECT *c = (BIO_CONNECT *)bio->ptr; if (bio->num == -1) { return; @@ -342,7 +342,7 @@ static int conn_free(BIO *bio) { conn_close_socket(bio); } - BIO_CONNECT_free((BIO_CONNECT*) bio->ptr); + BIO_CONNECT_free((BIO_CONNECT *)bio->ptr); return 1; } @@ -422,13 +422,15 @@ static long conn_ctrl(BIO *bio, int cmd, long num, void *ptr) { bio->init = 1; if (num == 0) { OPENSSL_free(data->param_hostname); - data->param_hostname = OPENSSL_strdup(ptr); + data->param_hostname = + OPENSSL_strdup(reinterpret_cast(ptr)); if (data->param_hostname == NULL) { ret = 0; } } else if (num == 1) { OPENSSL_free(data->param_port); - data->param_port = OPENSSL_strdup(ptr); + data->param_port = + OPENSSL_strdup(reinterpret_cast(ptr)); if (data->param_port == NULL) { ret = 0; } @@ -464,7 +466,8 @@ static long conn_ctrl(BIO *bio, int cmd, long num, void *ptr) { case BIO_CTRL_FLUSH: break; case BIO_CTRL_GET_CALLBACK: { - int (**fptr)(const BIO *bio, int state, int xret) = ptr; + int (**fptr)(const BIO *bio, int state, int xret); + fptr = reinterpret_cast(ptr); *fptr = data->info_callback; } break; default: @@ -488,7 +491,8 @@ static long conn_callback_ctrl(BIO *bio, int cmd, bio_info_cb fp) { OPENSSL_MSVC_PRAGMA(warning(push)) OPENSSL_MSVC_PRAGMA(warning(disable : 4191)) OPENSSL_CLANG_PRAGMA("clang diagnostic push") - OPENSSL_CLANG_PRAGMA("clang diagnostic ignored \"-Wunknown-warning-option\"") + OPENSSL_CLANG_PRAGMA( + "clang diagnostic ignored \"-Wunknown-warning-option\"") OPENSSL_CLANG_PRAGMA("clang diagnostic ignored \"-Wcast-function-type\"") data->info_callback = (int (*)(const struct bio_st *, int, int))fp; OPENSSL_CLANG_PRAGMA("clang diagnostic pop") @@ -524,11 +528,11 @@ static const BIO_METHOD methods_connectp = { const BIO_METHOD *BIO_s_connect(void) { return &methods_connectp; } int BIO_set_conn_hostname(BIO *bio, const char *name) { - return (int)BIO_ctrl(bio, BIO_C_SET_CONNECT, 0, (void*) name); + return (int)BIO_ctrl(bio, BIO_C_SET_CONNECT, 0, (void *)name); } int BIO_set_conn_port(BIO *bio, const char *port_str) { - return (int)BIO_ctrl(bio, BIO_C_SET_CONNECT, 1, (void*) port_str); + return (int)BIO_ctrl(bio, BIO_C_SET_CONNECT, 1, (void *)port_str); } int BIO_set_conn_int_port(BIO *bio, const int *port) { diff --git a/Sources/CCryptoBoringSSL/crypto/bio/errno.c b/Sources/CCryptoBoringSSL/crypto/bio/errno.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/bio/errno.c rename to Sources/CCryptoBoringSSL/crypto/bio/errno.cc diff --git a/Sources/CCryptoBoringSSL/crypto/bio/fd.c b/Sources/CCryptoBoringSSL/crypto/bio/fd.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/bio/fd.c rename to Sources/CCryptoBoringSSL/crypto/bio/fd.cc diff --git a/Sources/CCryptoBoringSSL/crypto/bio/file.c b/Sources/CCryptoBoringSSL/crypto/bio/file.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/bio/file.c rename to Sources/CCryptoBoringSSL/crypto/bio/file.cc index f682c03f..933d24e5 100644 --- a/Sources/CCryptoBoringSSL/crypto/bio/file.c +++ b/Sources/CCryptoBoringSSL/crypto/bio/file.cc @@ -143,7 +143,7 @@ static int file_free(BIO *bio) { } if (bio->init && bio->ptr != NULL) { - fclose(bio->ptr); + fclose(reinterpret_cast(bio->ptr)); bio->ptr = NULL; } bio->init = 0; @@ -208,7 +208,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) { // tested under POSIX will inadvertently change the state of |FILE| // objects when wrapping them in a |BIO|. if (num & BIO_FP_TEXT) { - _setmode(_fileno(ptr), _O_TEXT); + _setmode(_fileno(reinterpret_cast(ptr)), _O_TEXT); } #endif b->shutdown = (int)num & BIO_CLOSE; @@ -236,7 +236,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) { ret = 0; break; } - fp = fopen_if_available(ptr, mode); + fp = fopen_if_available(reinterpret_cast(ptr), mode); if (fp == NULL) { OPENSSL_PUT_SYSTEM_ERROR(); ERR_add_error_data(5, "fopen('", ptr, "','", mode, "')"); diff --git a/Sources/CCryptoBoringSSL/crypto/bio/hexdump.c b/Sources/CCryptoBoringSSL/crypto/bio/hexdump.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/bio/hexdump.c rename to Sources/CCryptoBoringSSL/crypto/bio/hexdump.cc diff --git a/Sources/CCryptoBoringSSL/crypto/bio/pair.c b/Sources/CCryptoBoringSSL/crypto/bio/pair.cc similarity index 90% rename from Sources/CCryptoBoringSSL/crypto/bio/pair.c rename to Sources/CCryptoBoringSSL/crypto/bio/pair.cc index 516f4a42..1792c575 100644 --- a/Sources/CCryptoBoringSSL/crypto/bio/pair.c +++ b/Sources/CCryptoBoringSSL/crypto/bio/pair.cc @@ -81,7 +81,8 @@ struct bio_bio_st { }; static int bio_new(BIO *bio) { - struct bio_bio_st *b = OPENSSL_zalloc(sizeof *b); + struct bio_bio_st *b = + reinterpret_cast(OPENSSL_zalloc(sizeof *b)); if (b == NULL) { return 0; } @@ -92,7 +93,7 @@ static int bio_new(BIO *bio) { } static void bio_destroy_pair(BIO *bio) { - struct bio_bio_st *b = bio->ptr; + struct bio_bio_st *b = reinterpret_cast(bio->ptr); BIO *peer_bio; struct bio_bio_st *peer_b; @@ -105,7 +106,7 @@ static void bio_destroy_pair(BIO *bio) { return; } - peer_b = peer_bio->ptr; + peer_b = reinterpret_cast(peer_bio->ptr); assert(peer_b != NULL); assert(peer_b->peer == bio); @@ -124,7 +125,7 @@ static void bio_destroy_pair(BIO *bio) { } static int bio_free(BIO *bio) { - struct bio_bio_st *b = bio->ptr; + struct bio_bio_st *b = reinterpret_cast(bio->ptr); assert(b != NULL); @@ -149,10 +150,10 @@ static int bio_read(BIO *bio, char *buf, int size_) { return 0; } - b = bio->ptr; + b = reinterpret_cast(bio->ptr); assert(b != NULL); assert(b->peer != NULL); - peer_b = b->peer->ptr; + peer_b = reinterpret_cast(b->peer->ptr); assert(peer_b != NULL); assert(peer_b->buf != NULL); @@ -233,7 +234,7 @@ static int bio_write(BIO *bio, const char *buf, int num_) { return 0; } - b = bio->ptr; + b = reinterpret_cast(bio->ptr); assert(b != NULL); assert(b->peer != NULL); assert(b->buf != NULL); @@ -302,8 +303,8 @@ static int bio_make_pair(BIO *bio1, BIO *bio2, size_t writebuf1_len, assert(bio1 != NULL); assert(bio2 != NULL); - b1 = bio1->ptr; - b2 = bio2->ptr; + b1 = reinterpret_cast(bio1->ptr); + b2 = reinterpret_cast(bio2->ptr); if (b1->peer != NULL || b2->peer != NULL) { OPENSSL_PUT_ERROR(BIO, BIO_R_IN_USE); @@ -314,7 +315,7 @@ static int bio_make_pair(BIO *bio1, BIO *bio2, size_t writebuf1_len, if (writebuf1_len) { b1->size = writebuf1_len; } - b1->buf = OPENSSL_malloc(b1->size); + b1->buf = reinterpret_cast(OPENSSL_malloc(b1->size)); if (b1->buf == NULL) { return 0; } @@ -326,7 +327,7 @@ static int bio_make_pair(BIO *bio1, BIO *bio2, size_t writebuf1_len, if (writebuf2_len) { b2->size = writebuf2_len; } - b2->buf = OPENSSL_malloc(b2->size); + b2->buf = reinterpret_cast(OPENSSL_malloc(b2->size)); if (b2->buf == NULL) { return 0; } @@ -349,13 +350,12 @@ static int bio_make_pair(BIO *bio1, BIO *bio2, size_t writebuf1_len, static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) { long ret; - struct bio_bio_st *b = bio->ptr; + struct bio_bio_st *b = reinterpret_cast(bio->ptr); assert(b != NULL); switch (cmd) { - // specific CTRL codes - + // Specific control codes first: case BIO_C_GET_WRITE_BUF_SIZE: ret = (long)b->size; break; @@ -392,8 +392,8 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) { ret = 1; break; - // standard CTRL codes follow + // Standard control codes: case BIO_CTRL_GET_CLOSE: ret = bio->shutdown; break; @@ -405,7 +405,8 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) { case BIO_CTRL_PENDING: if (b->peer != NULL) { - struct bio_bio_st *peer_b = b->peer->ptr; + struct bio_bio_st *peer_b = + reinterpret_cast(b->peer->ptr); ret = (long)peer_b->len; } else { ret = 0; @@ -424,10 +425,11 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) { break; case BIO_CTRL_EOF: { - BIO *other_bio = ptr; + BIO *other_bio = reinterpret_cast(ptr); if (other_bio) { - struct bio_bio_st *other_b = other_bio->ptr; + struct bio_bio_st *other_b = + reinterpret_cast(other_bio->ptr); assert(other_b != NULL); ret = other_b->len == 0 && other_b->closed; } else { @@ -449,8 +451,8 @@ static const BIO_METHOD methods_biop = { static const BIO_METHOD *bio_s_bio(void) { return &methods_biop; } -int BIO_new_bio_pair(BIO** bio1_p, size_t writebuf1_len, - BIO** bio2_p, size_t writebuf2_len) { +int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1_len, BIO **bio2_p, + size_t writebuf2_len) { BIO *bio1 = BIO_new(bio_s_bio()); BIO *bio2 = BIO_new(bio_s_bio()); if (bio1 == NULL || bio2 == NULL || diff --git a/Sources/CCryptoBoringSSL/crypto/bio/printf.c b/Sources/CCryptoBoringSSL/crypto/bio/printf.cc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/bio/printf.c rename to Sources/CCryptoBoringSSL/crypto/bio/printf.cc index 415897eb..a50dd7b7 100644 --- a/Sources/CCryptoBoringSSL/crypto/bio/printf.c +++ b/Sources/CCryptoBoringSSL/crypto/bio/printf.cc @@ -75,12 +75,12 @@ int BIO_printf(BIO *bio, const char *format, ...) { return -1; } - if ((size_t) out_len >= sizeof(buf)) { + if ((size_t)out_len >= sizeof(buf)) { const int requested_len = out_len; // The output was truncated. Note that vsnprintf's return value // does not include a trailing NUL, but the buffer must be sized // for it. - out = OPENSSL_malloc(requested_len + 1); + out = reinterpret_cast(OPENSSL_malloc(requested_len + 1)); out_malloced = 1; if (out == NULL) { return -1; diff --git a/Sources/CCryptoBoringSSL/crypto/bio/socket.c b/Sources/CCryptoBoringSSL/crypto/bio/socket.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/bio/socket.c rename to Sources/CCryptoBoringSSL/crypto/bio/socket.cc diff --git a/Sources/CCryptoBoringSSL/crypto/bio/socket_helper.c b/Sources/CCryptoBoringSSL/crypto/bio/socket_helper.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/bio/socket_helper.c rename to Sources/CCryptoBoringSSL/crypto/bio/socket_helper.cc diff --git a/Sources/CCryptoBoringSSL/crypto/blake2/blake2.c b/Sources/CCryptoBoringSSL/crypto/blake2/blake2.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/blake2/blake2.c rename to Sources/CCryptoBoringSSL/crypto/blake2/blake2.cc index dc6ae9e5..691fc827 100644 --- a/Sources/CCryptoBoringSSL/crypto/blake2/blake2.c +++ b/Sources/CCryptoBoringSSL/crypto/blake2/blake2.cc @@ -121,7 +121,7 @@ void BLAKE2B256_Update(BLAKE2B_CTX *b2b, const void *in_data, size_t len) { return; } - const uint8_t *data = in_data; + const uint8_t *data = reinterpret_cast(in_data); size_t todo = sizeof(b2b->block) - b2b->block_used; if (todo > len) { todo = len; diff --git a/Sources/CCryptoBoringSSL/crypto/bn_extra/bn_asn1.c b/Sources/CCryptoBoringSSL/crypto/bn_extra/bn_asn1.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/bn_extra/bn_asn1.c rename to Sources/CCryptoBoringSSL/crypto/bn_extra/bn_asn1.cc diff --git a/Sources/CCryptoBoringSSL/crypto/bn_extra/convert.c b/Sources/CCryptoBoringSSL/crypto/bn_extra/convert.cc similarity index 92% rename from Sources/CCryptoBoringSSL/crypto/bn_extra/convert.c rename to Sources/CCryptoBoringSSL/crypto/bn_extra/convert.cc index b14acd29..52166c60 100644 --- a/Sources/CCryptoBoringSSL/crypto/bn_extra/convert.c +++ b/Sources/CCryptoBoringSSL/crypto/bn_extra/convert.cc @@ -78,8 +78,9 @@ static const char hextable[] = "0123456789abcdef"; char *BN_bn2hex(const BIGNUM *bn) { int width = bn_minimal_width(bn); - char *buf = OPENSSL_malloc(1 /* leading '-' */ + 1 /* zero is non-empty */ + - width * BN_BYTES * 2 + 1 /* trailing NUL */); + char *buf = reinterpret_cast( + OPENSSL_malloc(1 /* leading '-' */ + 1 /* zero is non-empty */ + + width * BN_BYTES * 2 + 1 /* trailing NUL */)); if (buf == NULL) { return NULL; } @@ -112,7 +113,7 @@ char *BN_bn2hex(const BIGNUM *bn) { // decode_hex decodes |in_len| bytes of hex data from |in| and updates |bn|. static int decode_hex(BIGNUM *bn, const char *in, int in_len) { - if (in_len > INT_MAX/4) { + if (in_len > INT_MAX / 4) { OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG); return 0; } @@ -163,8 +164,7 @@ static int decode_dec(BIGNUM *bn, const char *in, int in_len) { l *= 10; l += in[i] - '0'; if (++j == BN_DEC_NUM) { - if (!BN_mul_word(bn, BN_DEC_CONV) || - !BN_add_word(bn, l)) { + if (!BN_mul_word(bn, BN_DEC_CONV) || !BN_add_word(bn, l)) { return 0; } l = 0; @@ -174,10 +174,11 @@ static int decode_dec(BIGNUM *bn, const char *in, int in_len) { return 1; } -typedef int (*decode_func) (BIGNUM *bn, const char *in, int in_len); -typedef int (*char_test_func) (int c); +typedef int (*decode_func)(BIGNUM *bn, const char *in, int in_len); +typedef int (*char_test_func)(int c); -static int bn_x2bn(BIGNUM **outp, const char *in, decode_func decode, char_test_func want_char) { +static int bn_x2bn(BIGNUM **outp, const char *in, decode_func decode, + char_test_func want_char) { BIGNUM *ret = NULL; int neg = 0, i; int num; @@ -191,7 +192,8 @@ static int bn_x2bn(BIGNUM **outp, const char *in, decode_func decode, char_test_ in++; } - for (i = 0; want_char((unsigned char)in[i]) && i + neg < INT_MAX; i++) {} + for (i = 0; want_char((unsigned char)in[i]) && i + neg < INT_MAX; i++) { + } num = i + neg; if (outp == NULL) { @@ -238,7 +240,7 @@ char *BN_bn2dec(const BIGNUM *a) { // and fix at the end. BIGNUM *copy = NULL; CBB cbb; - if (!CBB_init(&cbb, 16) || + if (!CBB_init(&cbb, 16) || // !CBB_add_u8(&cbb, 0 /* trailing NUL */)) { goto err; } @@ -270,7 +272,7 @@ char *BN_bn2dec(const BIGNUM *a) { } } - if (BN_is_negative(a) && + if (BN_is_negative(a) && // !CBB_add_u8(&cbb, '-')) { goto err; } @@ -282,7 +284,7 @@ char *BN_bn2dec(const BIGNUM *a) { } // Reverse the buffer. - for (size_t i = 0; i < len/2; i++) { + for (size_t i = 0; i < len / 2; i++) { uint8_t tmp = data[i]; data[i] = data[len - 1 - i]; data[len - 1 - i] = tmp; @@ -308,7 +310,7 @@ int BN_asc2bn(BIGNUM **outp, const char *in) { } if (in[0] == '0' && (in[1] == 'X' || in[1] == 'x')) { - if (!BN_hex2bn(outp, in+2)) { + if (!BN_hex2bn(outp, in + 2)) { return 0; } } else { @@ -377,9 +379,7 @@ size_t BN_bn2mpi(const BIGNUM *in, uint8_t *out) { } const size_t len = bytes + extend; - if (len < bytes || - 4 + len < len || - (len & 0xffffffff) != len) { + if (len < bytes || 4 + len < len || (len & 0xffffffff) != len) { // If we cannot represent the number then we emit zero as the interface // doesn't allow an error to be signalled. if (out) { @@ -411,9 +411,9 @@ BIGNUM *BN_mpi2bn(const uint8_t *in, size_t len, BIGNUM *out) { OPENSSL_PUT_ERROR(BN, BN_R_BAD_ENCODING); return NULL; } - const size_t in_len = ((size_t)in[0] << 24) | - ((size_t)in[1] << 16) | - ((size_t)in[2] << 8) | + const size_t in_len = ((size_t)in[0] << 24) | // + ((size_t)in[1] << 16) | // + ((size_t)in[2] << 8) | // ((size_t)in[3]); if (in_len != len - 4) { OPENSSL_PUT_ERROR(BN, BN_R_BAD_ENCODING); @@ -449,7 +449,7 @@ BIGNUM *BN_mpi2bn(const uint8_t *in, size_t len, BIGNUM *out) { } int BN_bn2binpad(const BIGNUM *in, uint8_t *out, int len) { - if (len < 0 || + if (len < 0 || // !BN_bn2bin_padded(out, (size_t)len, in)) { return -1; } @@ -457,7 +457,7 @@ int BN_bn2binpad(const BIGNUM *in, uint8_t *out, int len) { } int BN_bn2lebinpad(const BIGNUM *in, uint8_t *out, int len) { - if (len < 0 || + if (len < 0 || // !BN_bn2le_padded(out, (size_t)len, in)) { return -1; } diff --git a/Sources/CCryptoBoringSSL/crypto/buf/buf.c b/Sources/CCryptoBoringSSL/crypto/buf/buf.cc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/buf/buf.c rename to Sources/CCryptoBoringSSL/crypto/buf/buf.cc index 2f2a77ff..55cc195c 100644 --- a/Sources/CCryptoBoringSSL/crypto/buf/buf.c +++ b/Sources/CCryptoBoringSSL/crypto/buf/buf.cc @@ -58,13 +58,15 @@ #include -#include #include +#include #include "../internal.h" -BUF_MEM *BUF_MEM_new(void) { return OPENSSL_zalloc(sizeof(BUF_MEM)); } +BUF_MEM *BUF_MEM_new(void) { + return reinterpret_cast(OPENSSL_zalloc(sizeof(BUF_MEM))); +} void BUF_MEM_free(BUF_MEM *buf) { if (buf == NULL) { @@ -92,7 +94,8 @@ int BUF_MEM_reserve(BUF_MEM *buf, size_t cap) { return 0; } - char *new_buf = OPENSSL_realloc(buf->data, alloc_size); + char *new_buf = + reinterpret_cast(OPENSSL_realloc(buf->data, alloc_size)); if (new_buf == NULL) { return 0; } diff --git a/Sources/CCryptoBoringSSL/crypto/bytestring/asn1_compat.c b/Sources/CCryptoBoringSSL/crypto/bytestring/asn1_compat.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/bytestring/asn1_compat.c rename to Sources/CCryptoBoringSSL/crypto/bytestring/asn1_compat.cc diff --git a/Sources/CCryptoBoringSSL/crypto/bytestring/ber.c b/Sources/CCryptoBoringSSL/crypto/bytestring/ber.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/bytestring/ber.c rename to Sources/CCryptoBoringSSL/crypto/bytestring/ber.cc diff --git a/Sources/CCryptoBoringSSL/crypto/bytestring/cbb.c b/Sources/CCryptoBoringSSL/crypto/bytestring/cbb.cc similarity index 91% rename from Sources/CCryptoBoringSSL/crypto/bytestring/cbb.c rename to Sources/CCryptoBoringSSL/crypto/bytestring/cbb.cc index 6386c5eb..cb54b9ca 100644 --- a/Sources/CCryptoBoringSSL/crypto/bytestring/cbb.c +++ b/Sources/CCryptoBoringSSL/crypto/bytestring/cbb.cc @@ -18,15 +18,13 @@ #include #include -#include #include +#include #include "../internal.h" -void CBB_zero(CBB *cbb) { - OPENSSL_memset(cbb, 0, sizeof(CBB)); -} +void CBB_zero(CBB *cbb) { OPENSSL_memset(cbb, 0, sizeof(CBB)); } static void cbb_init(CBB *cbb, uint8_t *buf, size_t cap, int can_resize) { cbb->is_child = 0; @@ -41,7 +39,7 @@ static void cbb_init(CBB *cbb, uint8_t *buf, size_t cap, int can_resize) { int CBB_init(CBB *cbb, size_t initial_capacity) { CBB_zero(cbb); - uint8_t *buf = OPENSSL_malloc(initial_capacity); + uint8_t *buf = reinterpret_cast(OPENSSL_malloc(initial_capacity)); if (initial_capacity > 0 && buf == NULL) { return 0; } @@ -92,7 +90,8 @@ static int cbb_buffer_reserve(struct cbb_buffer_st *base, uint8_t **out, if (newcap < base->cap || newcap < newlen) { newcap = newlen; } - uint8_t *newbuf = OPENSSL_realloc(base->buf, newcap); + uint8_t *newbuf = + reinterpret_cast(OPENSSL_realloc(base->buf, newcap)); if (newbuf == NULL) { goto err; } @@ -200,13 +199,13 @@ int CBB_flush(CBB *cbb) { assert(child->base == base); size_t child_start = child->offset + child->pending_len_len; - if (!CBB_flush(cbb->child) || - child_start < child->offset || + size_t len; + if (!CBB_flush(cbb->child) || child_start < child->offset || base->len < child_start) { goto err; } - size_t len = base->len - child_start; + len = base->len - child_start; if (child->pending_is_asn1) { // For ASN.1 we assume that we'll only need a single byte for the length. @@ -215,7 +214,7 @@ int CBB_flush(CBB *cbb) { uint8_t len_len; uint8_t initial_length_byte; - assert (child->pending_len_len == 1); + assert(child->pending_len_len == 1); if (len > 0xfffffffe) { OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW); @@ -403,8 +402,7 @@ int CBB_add_zeros(CBB *cbb, size_t len) { } int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len) { - if (!CBB_flush(cbb) || - !cbb_buffer_add(cbb_get_base(cbb), out_data, len)) { + if (!CBB_flush(cbb) || !cbb_buffer_add(cbb_get_base(cbb), out_data, len)) { return 0; } return 1; @@ -421,9 +419,7 @@ int CBB_reserve(CBB *cbb, uint8_t **out_data, size_t len) { int CBB_did_write(CBB *cbb, size_t len) { struct cbb_buffer_st *base = cbb_get_base(cbb); size_t newlen = base->len + len; - if (cbb->child != NULL || - newlen < base->len || - newlen > base->cap) { + if (cbb->child != NULL || newlen < base->len || newlen > base->cap) { return 0; } base->len = newlen; @@ -450,33 +446,23 @@ static int cbb_add_u(CBB *cbb, uint64_t v, size_t len_len) { return 1; } -int CBB_add_u8(CBB *cbb, uint8_t value) { - return cbb_add_u(cbb, value, 1); -} +int CBB_add_u8(CBB *cbb, uint8_t value) { return cbb_add_u(cbb, value, 1); } -int CBB_add_u16(CBB *cbb, uint16_t value) { - return cbb_add_u(cbb, value, 2); -} +int CBB_add_u16(CBB *cbb, uint16_t value) { return cbb_add_u(cbb, value, 2); } int CBB_add_u16le(CBB *cbb, uint16_t value) { return CBB_add_u16(cbb, CRYPTO_bswap2(value)); } -int CBB_add_u24(CBB *cbb, uint32_t value) { - return cbb_add_u(cbb, value, 3); -} +int CBB_add_u24(CBB *cbb, uint32_t value) { return cbb_add_u(cbb, value, 3); } -int CBB_add_u32(CBB *cbb, uint32_t value) { - return cbb_add_u(cbb, value, 4); -} +int CBB_add_u32(CBB *cbb, uint32_t value) { return cbb_add_u(cbb, value, 4); } int CBB_add_u32le(CBB *cbb, uint32_t value) { return CBB_add_u32(cbb, CRYPTO_bswap4(value)); } -int CBB_add_u64(CBB *cbb, uint64_t value) { - return cbb_add_u(cbb, value, 8); -} +int CBB_add_u64(CBB *cbb, uint64_t value) { return cbb_add_u(cbb, value, 8); } int CBB_add_u64le(CBB *cbb, uint64_t value) { return CBB_add_u64(cbb, CRYPTO_bswap8(value)); @@ -501,13 +487,13 @@ int CBB_add_asn1_uint64(CBB *cbb, uint64_t value) { int CBB_add_asn1_uint64_with_tag(CBB *cbb, uint64_t value, CBS_ASN1_TAG tag) { CBB child; + int started = 0; if (!CBB_add_asn1(cbb, &child, tag)) { goto err; } - int started = 0; for (size_t i = 0; i < 8; i++) { - uint8_t byte = (value >> 8*(7-i)) & 0xff; + uint8_t byte = (value >> 8 * (7 - i)) & 0xff; if (!started) { if (byte == 0) { // Don't encode leading zeros. @@ -573,8 +559,7 @@ int CBB_add_asn1_int64_with_tag(CBB *cbb, int64_t value, CBS_ASN1_TAG tag) { int CBB_add_asn1_octet_string(CBB *cbb, const uint8_t *data, size_t data_len) { CBB child; if (!CBB_add_asn1(cbb, &child, CBS_ASN1_OCTETSTRING) || - !CBB_add_bytes(&child, data, data_len) || - !CBB_flush(cbb)) { + !CBB_add_bytes(&child, data, data_len) || !CBB_flush(cbb)) { cbb_on_error(cbb); return 0; } @@ -585,8 +570,7 @@ int CBB_add_asn1_octet_string(CBB *cbb, const uint8_t *data, size_t data_len) { int CBB_add_asn1_bool(CBB *cbb, int value) { CBB child; if (!CBB_add_asn1(cbb, &child, CBS_ASN1_BOOLEAN) || - !CBB_add_u8(&child, value != 0 ? 0xff : 0) || - !CBB_flush(cbb)) { + !CBB_add_u8(&child, value != 0 ? 0xff : 0) || !CBB_flush(cbb)) { cbb_on_error(cbb); return 0; } @@ -620,24 +604,20 @@ int CBB_add_asn1_oid_from_text(CBB *cbb, const char *text, size_t len) { // OIDs must have at least two components. uint64_t a, b; - if (!parse_dotted_decimal(&cbs, &a) || - !parse_dotted_decimal(&cbs, &b)) { + if (!parse_dotted_decimal(&cbs, &a) || !parse_dotted_decimal(&cbs, &b)) { return 0; } // The first component is encoded as 40 * |a| + |b|. This assumes that |a| is // 0, 1, or 2 and that, when it is 0 or 1, |b| is at most 39. - if (a > 2 || - (a < 2 && b > 39) || - b > UINT64_MAX - 80 || + if (a > 2 || (a < 2 && b > 39) || b > UINT64_MAX - 80 || !add_base128_integer(cbb, 40u * a + b)) { return 0; } // The remaining components are encoded unmodified. while (CBS_len(&cbs) > 0) { - if (!parse_dotted_decimal(&cbs, &a) || - !add_base128_integer(cbb, a)) { + if (!parse_dotted_decimal(&cbs, &a) || !add_base128_integer(cbb, a)) { return 0; } } @@ -648,7 +628,8 @@ int CBB_add_asn1_oid_from_text(CBB *cbb, const char *text, size_t len) { static int compare_set_of_element(const void *a_ptr, const void *b_ptr) { // See X.690, section 11.6 for the ordering. They are sorted in ascending // order by their DER encoding. - const CBS *a = a_ptr, *b = b_ptr; + const CBS *a = reinterpret_cast(a_ptr), + *b = reinterpret_cast(b_ptr); size_t a_len = CBS_len(a), b_len = CBS_len(b); size_t min_len = a_len < b_len ? a_len : b_len; int ret = OPENSSL_memcmp(CBS_data(a), CBS_data(b), min_len); @@ -687,8 +668,12 @@ int CBB_flush_asn1_set_of(CBB *cbb) { // remain valid as we rewrite |cbb|. int ret = 0; size_t buf_len = CBB_len(cbb); - uint8_t *buf = OPENSSL_memdup(CBB_data(cbb), buf_len); - CBS *children = OPENSSL_calloc(num_children, sizeof(CBS)); + uint8_t *buf = + reinterpret_cast(OPENSSL_memdup(CBB_data(cbb), buf_len)); + CBS *children = + reinterpret_cast(OPENSSL_calloc(num_children, sizeof(CBS))); + uint8_t *out; + size_t offset = 0; if (buf == NULL || children == NULL) { goto err; } @@ -701,8 +686,7 @@ int CBB_flush_asn1_set_of(CBB *cbb) { qsort(children, num_children, sizeof(CBS), compare_set_of_element); // Write the contents back in the new order. - uint8_t *out = (uint8_t *)CBB_data(cbb); - size_t offset = 0; + out = (uint8_t *)CBB_data(cbb); for (size_t i = 0; i < num_children; i++) { OPENSSL_memcpy(out + offset, CBS_data(&children[i]), CBS_len(&children[i])); offset += CBS_len(&children[i]); diff --git a/Sources/CCryptoBoringSSL/crypto/bytestring/cbs.c b/Sources/CCryptoBoringSSL/crypto/bytestring/cbs.cc similarity index 95% rename from Sources/CCryptoBoringSSL/crypto/bytestring/cbs.c rename to Sources/CCryptoBoringSSL/crypto/bytestring/cbs.cc index 625c6a06..3101bacb 100644 --- a/Sources/CCryptoBoringSSL/crypto/bytestring/cbs.c +++ b/Sources/CCryptoBoringSSL/crypto/bytestring/cbs.cc @@ -50,7 +50,7 @@ int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len) { if (cbs->len == 0) { return 1; } - *out_ptr = OPENSSL_memdup(cbs->data, cbs->len); + *out_ptr = reinterpret_cast(OPENSSL_memdup(cbs->data, cbs->len)); if (*out_ptr == NULL) { return 0; } @@ -62,7 +62,7 @@ int CBS_strdup(const CBS *cbs, char **out_ptr) { if (*out_ptr != NULL) { OPENSSL_free(*out_ptr); } - *out_ptr = OPENSSL_strndup((const char*)cbs->data, cbs->len); + *out_ptr = OPENSSL_strndup((const char *)cbs->data, cbs->len); return (*out_ptr != NULL); } @@ -144,9 +144,7 @@ int CBS_get_u32le(CBS *cbs, uint32_t *out) { return 1; } -int CBS_get_u64(CBS *cbs, uint64_t *out) { - return cbs_get_u(cbs, out, 8); -} +int CBS_get_u64(CBS *cbs, uint64_t *out) { return cbs_get_u(cbs, out, 8); } int CBS_get_u64le(CBS *cbs, uint64_t *out) { if (!cbs_get_u(cbs, out, 8)) { @@ -207,7 +205,8 @@ int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out) { } int CBS_get_until_first(CBS *cbs, CBS *out, uint8_t c) { - const uint8_t *split = OPENSSL_memchr(CBS_data(cbs), c, CBS_len(cbs)); + const uint8_t *split = reinterpret_cast( + OPENSSL_memchr(CBS_data(cbs), c, CBS_len(cbs))); if (split == NULL) { return 0; } @@ -223,7 +222,7 @@ int CBS_get_u64_decimal(CBS *cbs, uint64_t *out) { break; } CBS_skip(cbs, 1); - if (// Forbid stray leading zeros. + if (/* Forbid stray leading zeros */ (v == 0 && seen_digit) || // Check for overflow. v > UINT64_MAX / 10 || // @@ -341,7 +340,7 @@ static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, CBS_ASN1_TAG *out_tag, // 8.1.3. if ((length_byte & 0x80) == 0) { // Short form length. - len = ((size_t) length_byte) + header_len; + len = ((size_t)length_byte) + header_len; if (out_header_len != NULL) { *out_header_len = header_len; } @@ -420,7 +419,7 @@ int CBS_get_any_asn1(CBS *cbs, CBS *out, CBS_ASN1_TAG *out_tag) { } int CBS_get_any_asn1_element(CBS *cbs, CBS *out, CBS_ASN1_TAG *out_tag, - size_t *out_header_len) { + size_t *out_header_len) { return cbs_get_any_asn1_element(cbs, out, out_tag, out_header_len, NULL, NULL, /*ber_ok=*/0); } @@ -515,8 +514,7 @@ int CBS_get_asn1_int64(CBS *cbs, int64_t *out) { int CBS_get_asn1_bool(CBS *cbs, int *out) { CBS bytes; - if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_BOOLEAN) || - CBS_len(&bytes) != 1) { + if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_BOOLEAN) || CBS_len(&bytes) != 1) { return 0; } @@ -529,7 +527,8 @@ int CBS_get_asn1_bool(CBS *cbs, int *out) { return 1; } -int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, CBS_ASN1_TAG tag) { +int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, + CBS_ASN1_TAG tag) { int present = 0; if (CBS_peek_asn1_tag(cbs, tag)) { @@ -576,8 +575,7 @@ int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, CBS_ASN1_TAG tag, return 0; } if (present) { - if (!CBS_get_asn1_uint64(&child, out) || - CBS_len(&child) != 0) { + if (!CBS_get_asn1_uint64(&child, out) || CBS_len(&child) != 0) { return 0; } } else { @@ -597,8 +595,7 @@ int CBS_get_optional_asn1_bool(CBS *cbs, int *out, CBS_ASN1_TAG tag, uint8_t boolean; if (!CBS_get_asn1(&child, &child2, CBS_ASN1_BOOLEAN) || - CBS_len(&child2) != 1 || - CBS_len(&child) != 0) { + CBS_len(&child2) != 1 || CBS_len(&child) != 0) { return 0; } @@ -619,8 +616,7 @@ int CBS_get_optional_asn1_bool(CBS *cbs, int *out, CBS_ASN1_TAG tag, int CBS_is_valid_asn1_bitstring(const CBS *cbs) { CBS in = *cbs; uint8_t num_unused_bits; - if (!CBS_get_u8(&in, &num_unused_bits) || - num_unused_bits > 7) { + if (!CBS_get_u8(&in, &num_unused_bits) || num_unused_bits > 7) { return 0; } @@ -707,12 +703,12 @@ int CBS_is_valid_asn1_oid(const CBS *cbs) { } char *CBS_asn1_oid_to_text(const CBS *cbs) { + CBS copy = *cbs; CBB cbb; if (!CBB_init(&cbb, 32)) { goto err; } - CBS copy = *cbs; // The first component is 40 * value1 + value2, where value1 is 0, 1, or 2. uint64_t v; if (!parse_base128_integer(©, &v)) { @@ -724,15 +720,13 @@ char *CBS_asn1_oid_to_text(const CBS *cbs) { !add_decimal(&cbb, v - 80)) { goto err; } - } else if (!add_decimal(&cbb, v / 40) || - !CBB_add_u8(&cbb, '.') || + } else if (!add_decimal(&cbb, v / 40) || !CBB_add_u8(&cbb, '.') || !add_decimal(&cbb, v % 40)) { goto err; } while (CBS_len(©) != 0) { - if (!parse_base128_integer(©, &v) || - !CBB_add_u8(&cbb, '.') || + if (!parse_base128_integer(©, &v) || !CBB_add_u8(&cbb, '.') || !add_decimal(&cbb, v)) { goto err; } @@ -740,8 +734,7 @@ char *CBS_asn1_oid_to_text(const CBS *cbs) { uint8_t *txt; size_t txt_len; - if (!CBB_add_u8(&cbb, '\0') || - !CBB_finish(&cbb, &txt, &txt_len)) { + if (!CBB_add_u8(&cbb, '\0') || !CBB_finish(&cbb, &txt, &txt_len)) { goto err; } @@ -814,7 +807,7 @@ static int CBS_parse_rfc5280_time_internal(const CBS *cbs, int is_gentime, if (!cbs_get_two_digits(©, &tmp)) { return 0; } - year += tmp; + year += tmp; } else { year = 1900; if (!cbs_get_two_digits(©, &tmp)) { diff --git a/Sources/CCryptoBoringSSL/crypto/bytestring/unicode.c b/Sources/CCryptoBoringSSL/crypto/bytestring/unicode.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/bytestring/unicode.c rename to Sources/CCryptoBoringSSL/crypto/bytestring/unicode.cc diff --git a/Sources/CCryptoBoringSSL/crypto/chacha/chacha.c b/Sources/CCryptoBoringSSL/crypto/chacha/chacha.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/chacha/chacha.c rename to Sources/CCryptoBoringSSL/crypto/chacha/chacha.cc diff --git a/Sources/CCryptoBoringSSL/crypto/cipher_extra/cipher_extra.c b/Sources/CCryptoBoringSSL/crypto/cipher_extra/cipher_extra.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/cipher_extra/cipher_extra.c rename to Sources/CCryptoBoringSSL/crypto/cipher_extra/cipher_extra.cc diff --git a/Sources/CCryptoBoringSSL/crypto/cipher_extra/derive_key.c b/Sources/CCryptoBoringSSL/crypto/cipher_extra/derive_key.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/cipher_extra/derive_key.c rename to Sources/CCryptoBoringSSL/crypto/cipher_extra/derive_key.cc diff --git a/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_aesctrhmac.c b/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_aesctrhmac.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/cipher_extra/e_aesctrhmac.c rename to Sources/CCryptoBoringSSL/crypto/cipher_extra/e_aesctrhmac.cc diff --git a/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_aesgcmsiv.c b/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_aesgcmsiv.cc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/cipher_extra/e_aesgcmsiv.c rename to Sources/CCryptoBoringSSL/crypto/cipher_extra/e_aesgcmsiv.cc index 63f2d710..9ef2b933 100644 --- a/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_aesgcmsiv.c +++ b/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_aesgcmsiv.cc @@ -36,7 +36,7 @@ // Optimised AES-GCM-SIV struct aead_aes_gcm_siv_asm_ctx { - alignas(16) uint8_t key[16*15]; + alignas(16) uint8_t key[16 * 15]; int is_128_bit; }; @@ -57,15 +57,17 @@ static struct aead_aes_gcm_siv_asm_ctx *asm_ctx_from_ctx( return (struct aead_aes_gcm_siv_asm_ctx *)(&ctx->state.opaque[offset]); } +extern "C" { // aes128gcmsiv_aes_ks writes an AES-128 key schedule for |key| to // |out_expanded_key|. -extern void aes128gcmsiv_aes_ks( - const uint8_t key[16], uint8_t out_expanded_key[16*15]); +extern void aes128gcmsiv_aes_ks(const uint8_t key[16], + uint8_t out_expanded_key[16 * 15]); // aes256gcmsiv_aes_ks writes an AES-256 key schedule for |key| to // |out_expanded_key|. -extern void aes256gcmsiv_aes_ks( - const uint8_t key[32], uint8_t out_expanded_key[16*15]); +extern void aes256gcmsiv_aes_ks(const uint8_t key[32], + uint8_t out_expanded_key[16 * 15]); +} static int aead_aes_gcm_siv_asm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t tag_len) { @@ -103,6 +105,7 @@ static int aead_aes_gcm_siv_asm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, static void aead_aes_gcm_siv_asm_cleanup(EVP_AEAD_CTX *ctx) {} +extern "C" { // aesgcmsiv_polyval_horner updates the POLYVAL value in |in_out_poly| to // include a number (|in_blocks|) of 16-byte blocks of data from |in|, given // the POLYVAL key in |key|. @@ -217,6 +220,7 @@ extern void aes256gcmsiv_enc_msg_x8(const uint8_t *in, uint8_t *out, const uint8_t *tag, const struct aead_aes_gcm_siv_asm_ctx *key, size_t in_len); +} // gcm_siv_asm_polyval evaluates POLYVAL at |auth_key| on the given plaintext // and AD. The result is written to |out_tag|. @@ -228,7 +232,7 @@ static void gcm_siv_asm_polyval(uint8_t out_tag[16], const uint8_t *in, const size_t ad_blocks = ad_len / 16; const size_t in_blocks = in_len / 16; int htable_init = 0; - alignas(16) uint8_t htable[16*8]; + alignas(16) uint8_t htable[16 * 8]; if (ad_blocks > 8 || in_blocks > 8) { htable_init = 1; @@ -335,8 +339,7 @@ static int aead_aes_gcm_siv_asm_seal_scatter( const uint64_t in_len_64 = in_len; const uint64_t ad_len_64 = ad_len; - if (in_len_64 > (UINT64_C(1) << 36) || - ad_len_64 >= (UINT64_C(1) << 61)) { + if (in_len_64 > (UINT64_C(1) << 36) || ad_len_64 >= (UINT64_C(1) << 61)) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } @@ -424,9 +427,9 @@ static int aead_aes_gcm_siv_asm_open_gather( struct aead_aes_gcm_siv_asm_ctx expanded_key; if (gcm_siv_ctx->is_128_bit) { - aes128gcmsiv_aes_ks((const uint8_t *) record_enc_key, &expanded_key.key[0]); + aes128gcmsiv_aes_ks((const uint8_t *)record_enc_key, &expanded_key.key[0]); } else { - aes256gcmsiv_aes_ks((const uint8_t *) record_enc_key, &expanded_key.key[0]); + aes256gcmsiv_aes_ks((const uint8_t *)record_enc_key, &expanded_key.key[0]); } // calculated_tag is 16*8 bytes, rather than 16 bytes, because // aes[128|256]gcmsiv_dec uses the extra as scratch space. @@ -535,7 +538,7 @@ struct aead_aes_gcm_siv_ctx { AES_KEY ks; } ks; block128_f kgk_block; - unsigned is_256:1; + unsigned is_256 : 1; }; static_assert(sizeof(((EVP_AEAD_CTX *)NULL)->state) >= @@ -635,8 +638,8 @@ static void gcm_siv_polyval( } uint8_t length_block[16]; - CRYPTO_store_u64_le(length_block, ((uint64_t) ad_len) * 8); - CRYPTO_store_u64_le(length_block + 8, ((uint64_t) in_len) * 8); + CRYPTO_store_u64_le(length_block, ((uint64_t)ad_len) * 8); + CRYPTO_store_u64_le(length_block + 8, ((uint64_t)in_len) * 8); CRYPTO_POLYVAL_update_blocks(&polyval_ctx, length_block, sizeof(length_block)); @@ -659,10 +662,9 @@ struct gcm_siv_record_keys { // gcm_siv_keys calculates the keys for a specific GCM-SIV record with the // given nonce and writes them to |*out_keys|. -static void gcm_siv_keys( - const struct aead_aes_gcm_siv_ctx *gcm_siv_ctx, - struct gcm_siv_record_keys *out_keys, - const uint8_t nonce[EVP_AEAD_AES_GCM_SIV_NONCE_LEN]) { +static void gcm_siv_keys(const struct aead_aes_gcm_siv_ctx *gcm_siv_ctx, + struct gcm_siv_record_keys *out_keys, + const uint8_t nonce[EVP_AEAD_AES_GCM_SIV_NONCE_LEN]) { const AES_KEY *const key = &gcm_siv_ctx->ks.ks; uint8_t key_material[(128 /* POLYVAL key */ + 256 /* max AES key */) / 8]; const size_t blocks_needed = gcm_siv_ctx->is_256 ? 6 : 4; @@ -703,8 +705,7 @@ static int aead_aes_gcm_siv_seal_scatter( const uint64_t ad_len_64 = ad_len; if (in_len + EVP_AEAD_AES_GCM_SIV_TAG_LEN < in_len || - in_len_64 > (UINT64_C(1) << 36) || - ad_len_64 >= (UINT64_C(1) << 61)) { + in_len_64 > (UINT64_C(1) << 36) || ad_len_64 >= (UINT64_C(1) << 61)) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } @@ -830,12 +831,8 @@ const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void) { #else -const EVP_AEAD *EVP_aead_aes_128_gcm_siv(void) { - return &aead_aes_128_gcm_siv; -} +const EVP_AEAD *EVP_aead_aes_128_gcm_siv(void) { return &aead_aes_128_gcm_siv; } -const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void) { - return &aead_aes_256_gcm_siv; -} +const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void) { return &aead_aes_256_gcm_siv; } #endif // AES_GCM_SIV_ASM diff --git a/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_chacha20poly1305.c b/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_chacha20poly1305.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/cipher_extra/e_chacha20poly1305.c rename to Sources/CCryptoBoringSSL/crypto/cipher_extra/e_chacha20poly1305.cc diff --git a/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_des.c b/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_des.cc similarity index 79% rename from Sources/CCryptoBoringSSL/crypto/cipher_extra/e_des.c rename to Sources/CCryptoBoringSSL/crypto/cipher_extra/e_des.cc index d5aeaf96..fc43a3f4 100644 --- a/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_des.c +++ b/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_des.cc @@ -85,14 +85,16 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, } static const EVP_CIPHER evp_des_cbc = { - .nid = NID_des_cbc, - .block_size = 8, - .key_len = 8, - .iv_len = 8, - .ctx_size = sizeof(EVP_DES_KEY), - .flags = EVP_CIPH_CBC_MODE, - .init = des_init_key, - .cipher = des_cbc_cipher, + /*nid=*/NID_des_cbc, + /*block_size=*/8, + /*key_len=*/8, + /*iv_len=*/8, + /*ctx_size=*/sizeof(EVP_DES_KEY), + /*flags=*/EVP_CIPH_CBC_MODE, + /*init=*/des_init_key, + /*cipher=*/des_cbc_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/nullptr, }; const EVP_CIPHER *EVP_des_cbc(void) { return &evp_des_cbc; } @@ -112,14 +114,16 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, } static const EVP_CIPHER evp_des_ecb = { - .nid = NID_des_ecb, - .block_size = 8, - .key_len = 8, - .iv_len = 0, - .ctx_size = sizeof(EVP_DES_KEY), - .flags = EVP_CIPH_ECB_MODE, - .init = des_init_key, - .cipher = des_ecb_cipher, + /*nid=*/NID_des_ecb, + /*block_size=*/8, + /*key_len=*/8, + /*iv_len=*/0, + /*ctx_size=*/sizeof(EVP_DES_KEY), + /*flags=*/EVP_CIPH_ECB_MODE, + /*init=*/des_init_key, + /*cipher=*/des_ecb_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/nullptr, }; const EVP_CIPHER *EVP_des_ecb(void) { return &evp_des_ecb; } @@ -149,14 +153,16 @@ static int des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, } static const EVP_CIPHER evp_des_ede3_cbc = { - .nid = NID_des_ede3_cbc, - .block_size = 8, - .key_len = 24, - .iv_len = 8, - .ctx_size = sizeof(DES_EDE_KEY), - .flags = EVP_CIPH_CBC_MODE, - .init = des_ede3_init_key, - .cipher = des_ede3_cbc_cipher, + /*nid=*/NID_des_ede3_cbc, + /*block_size=*/8, + /*key_len=*/24, + /*iv_len=*/8, + /*ctx_size=*/sizeof(DES_EDE_KEY), + /*flags=*/EVP_CIPH_CBC_MODE, + /*init=*/des_ede3_init_key, + /*cipher=*/des_ede3_cbc_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/nullptr, }; const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &evp_des_ede3_cbc; } @@ -172,14 +178,16 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, } static const EVP_CIPHER evp_des_ede_cbc = { - .nid = NID_des_ede_cbc, - .block_size = 8, - .key_len = 16, - .iv_len = 8, - .ctx_size = sizeof(DES_EDE_KEY), - .flags = EVP_CIPH_CBC_MODE, - .init = des_ede_init_key, - .cipher = des_ede3_cbc_cipher, + /*nid=*/NID_des_ede_cbc, + /*block_size=*/8, + /*key_len=*/16, + /*iv_len=*/8, + /*ctx_size=*/sizeof(DES_EDE_KEY), + /*flags=*/EVP_CIPH_CBC_MODE, + /*init=*/des_ede_init_key, + /*cipher=*/des_ede3_cbc_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/nullptr, }; const EVP_CIPHER *EVP_des_ede_cbc(void) { return &evp_des_ede_cbc; } @@ -191,7 +199,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, } in_len -= ctx->cipher->block_size; - DES_EDE_KEY *dat = (DES_EDE_KEY *) ctx->cipher_data; + DES_EDE_KEY *dat = (DES_EDE_KEY *)ctx->cipher_data; for (size_t i = 0; i <= in_len; i += ctx->cipher->block_size) { DES_ecb3_encrypt_ex(in + i, out + i, &dat->ks.ks[0], &dat->ks.ks[1], &dat->ks.ks[2], ctx->encrypt); @@ -200,27 +208,31 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, } static const EVP_CIPHER evp_des_ede = { - .nid = NID_des_ede_ecb, - .block_size = 8, - .key_len = 16, - .iv_len = 0, - .ctx_size = sizeof(DES_EDE_KEY), - .flags = EVP_CIPH_ECB_MODE, - .init = des_ede_init_key, - .cipher = des_ede_ecb_cipher, + /*nid=*/NID_des_ede_ecb, + /*block_size=*/8, + /*key_len=*/16, + /*iv_len=*/0, + /*ctx_size=*/sizeof(DES_EDE_KEY), + /*flags=*/EVP_CIPH_ECB_MODE, + /*init=*/des_ede_init_key, + /*cipher=*/des_ede_ecb_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/nullptr, }; const EVP_CIPHER *EVP_des_ede(void) { return &evp_des_ede; } static const EVP_CIPHER evp_des_ede3 = { - .nid = NID_des_ede3_ecb, - .block_size = 8, - .key_len = 24, - .iv_len = 0, - .ctx_size = sizeof(DES_EDE_KEY), - .flags = EVP_CIPH_ECB_MODE, - .init = des_ede3_init_key, - .cipher = des_ede_ecb_cipher, + /*nid=*/NID_des_ede3_ecb, + /*block_size=*/8, + /*key_len=*/24, + /*iv_len=*/0, + /*ctx_size=*/sizeof(DES_EDE_KEY), + /*flags=*/EVP_CIPH_ECB_MODE, + /*init=*/des_ede3_init_key, + /*cipher=*/des_ede_ecb_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/nullptr, }; const EVP_CIPHER *EVP_des_ede3(void) { return &evp_des_ede3; } diff --git a/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_null.c b/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_null.cc similarity index 91% rename from Sources/CCryptoBoringSSL/crypto/cipher_extra/e_null.c rename to Sources/CCryptoBoringSSL/crypto/cipher_extra/e_null.cc index 15e2eb7b..9035f138 100644 --- a/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_null.c +++ b/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_null.cc @@ -69,8 +69,8 @@ static int null_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, return 1; } -static int null_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, - const uint8_t *in, size_t in_len) { +static int null_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, + size_t in_len) { if (in != out) { OPENSSL_memcpy(out, in, in_len); } @@ -78,13 +78,16 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, } static const EVP_CIPHER n_cipher = { - .nid = NID_undef, - .block_size = 1, - .key_len = 0, - .iv_len = 0, - .ctx_size = 0, - .init = null_init_key, - .cipher = null_cipher, + /*nid=*/NID_undef, + /*block_size=*/1, + /*key_len=*/0, + /*iv_len=*/0, + /*ctx_size=*/0, + /*flags=*/0, + /*init=*/null_init_key, + /*cipher=*/null_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/nullptr, }; const EVP_CIPHER *EVP_enc_null(void) { return &n_cipher; } diff --git a/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_rc2.c b/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_rc2.cc similarity index 95% rename from Sources/CCryptoBoringSSL/crypto/cipher_extra/e_rc2.c rename to Sources/CCryptoBoringSSL/crypto/cipher_extra/e_rc2.cc index 695b6de0..443ba7df 100644 --- a/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_rc2.c +++ b/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_rc2.cc @@ -138,7 +138,9 @@ } \ } while (0) -typedef struct rc2_key_st { uint16_t data[64]; } RC2_KEY; +typedef struct rc2_key_st { + uint16_t data[64]; +} RC2_KEY; static void RC2_encrypt(uint32_t *d, RC2_KEY *key) { int i, n; @@ -427,29 +429,31 @@ static int rc2_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { } static const EVP_CIPHER rc2_40_cbc = { - .nid = NID_rc2_40_cbc, - .block_size = 8, - .key_len = 5 /* 40 bit */, - .iv_len = 8, - .ctx_size = sizeof(EVP_RC2_KEY), - .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - .init = rc2_init_key, - .cipher = rc2_cbc_cipher, - .ctrl = rc2_ctrl, + /*nid=*/NID_rc2_40_cbc, + /*block_size=*/8, + /*key_len=*/5 /* 40 bit */, + /*iv_len=*/8, + /*ctx_size=*/sizeof(EVP_RC2_KEY), + /*flags=*/EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, + /*init=*/rc2_init_key, + /*cipher=*/rc2_cbc_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/rc2_ctrl, }; const EVP_CIPHER *EVP_rc2_40_cbc(void) { return &rc2_40_cbc; } static const EVP_CIPHER rc2_cbc = { - .nid = NID_rc2_cbc, - .block_size = 8, - .key_len = 16 /* 128 bit */, - .iv_len = 8, - .ctx_size = sizeof(EVP_RC2_KEY), - .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - .init = rc2_init_key, - .cipher = rc2_cbc_cipher, - .ctrl = rc2_ctrl, + /*nid=*/NID_rc2_cbc, + /*block_size=*/8, + /*key_len=*/16 /* 128 bit */, + /*iv_len=*/8, + /*ctx_size=*/sizeof(EVP_RC2_KEY), + /*flags=*/EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, + /*init=*/rc2_init_key, + /*cipher=*/rc2_cbc_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/rc2_ctrl, }; const EVP_CIPHER *EVP_rc2_cbc(void) { return &rc2_cbc; } diff --git a/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_rc4.c b/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_rc4.cc similarity index 93% rename from Sources/CCryptoBoringSSL/crypto/cipher_extra/e_rc4.c rename to Sources/CCryptoBoringSSL/crypto/cipher_extra/e_rc4.cc index 395ffdf4..7f557413 100644 --- a/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_rc4.c +++ b/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_rc4.cc @@ -81,14 +81,16 @@ static int rc4_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, } static const EVP_CIPHER rc4 = { - .nid = NID_rc4, - .block_size = 1, - .key_len = 16, - .iv_len = 0, - .ctx_size = sizeof(RC4_KEY), - .flags = EVP_CIPH_VARIABLE_LENGTH, - .init = rc4_init_key, - .cipher = rc4_cipher, + /*nid=*/NID_rc4, + /*block_size=*/1, + /*key_len=*/16, + /*iv_len=*/0, + /*ctx_size=*/sizeof(RC4_KEY), + /*flags=*/EVP_CIPH_VARIABLE_LENGTH, + /*init=*/rc4_init_key, + /*cipher=*/rc4_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/nullptr, }; const EVP_CIPHER *EVP_rc4(void) { return &rc4; } diff --git a/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_tls.c b/Sources/CCryptoBoringSSL/crypto/cipher_extra/e_tls.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/cipher_extra/e_tls.c rename to Sources/CCryptoBoringSSL/crypto/cipher_extra/e_tls.cc diff --git a/Sources/CCryptoBoringSSL/crypto/cipher_extra/tls_cbc.c b/Sources/CCryptoBoringSSL/crypto/cipher_extra/tls_cbc.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/cipher_extra/tls_cbc.c rename to Sources/CCryptoBoringSSL/crypto/cipher_extra/tls_cbc.cc diff --git a/Sources/CCryptoBoringSSL/crypto/conf/conf.c b/Sources/CCryptoBoringSSL/crypto/conf/conf.cc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/conf/conf.c rename to Sources/CCryptoBoringSSL/crypto/conf/conf.cc index 12e50f04..a8fdd993 100644 --- a/Sources/CCryptoBoringSSL/crypto/conf/conf.c +++ b/Sources/CCryptoBoringSSL/crypto/conf/conf.cc @@ -57,8 +57,8 @@ #include #include -#include #include +#include #include #include @@ -66,8 +66,8 @@ #include #include -#include "internal.h" #include "../internal.h" +#include "internal.h" struct conf_section_st { @@ -106,7 +106,7 @@ CONF *NCONF_new(void *method) { return NULL; } - CONF *conf = OPENSSL_malloc(sizeof(CONF)); + CONF *conf = reinterpret_cast(OPENSSL_malloc(sizeof(CONF))); if (conf == NULL) { return NULL; } @@ -121,7 +121,9 @@ CONF *NCONF_new(void *method) { return conf; } -CONF_VALUE *CONF_VALUE_new(void) { return OPENSSL_zalloc(sizeof(CONF_VALUE)); } +CONF_VALUE *CONF_VALUE_new(void) { + return reinterpret_cast(OPENSSL_zalloc(sizeof(CONF_VALUE))); +} static void value_free(CONF_VALUE *value) { if (value == NULL) { @@ -161,7 +163,8 @@ void NCONF_free(CONF *conf) { } static CONF_SECTION *NCONF_new_section(const CONF *conf, const char *section) { - CONF_SECTION *s = OPENSSL_malloc(sizeof(CONF_SECTION)); + CONF_SECTION *s = + reinterpret_cast(OPENSSL_malloc(sizeof(CONF_SECTION))); if (!s) { return NULL; } @@ -275,10 +278,10 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) { } static CONF_SECTION *get_section(const CONF *conf, const char *section) { - CONF_SECTION template; - OPENSSL_memset(&template, 0, sizeof(template)); - template.name = (char *) section; - return lh_CONF_SECTION_retrieve(conf->sections, &template); + CONF_SECTION templ; + OPENSSL_memset(&templ, 0, sizeof(templ)); + templ.name = (char *)section; + return lh_CONF_SECTION_retrieve(conf->sections, &templ); } const STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, @@ -292,16 +295,16 @@ const STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *NCONF_get_string(const CONF *conf, const char *section, const char *name) { - CONF_VALUE template, *value; + CONF_VALUE templ, *value; if (section == NULL) { section = kDefaultSectionName; } - OPENSSL_memset(&template, 0, sizeof(template)); - template.section = (char *)section; - template.name = (char *)name; - value = lh_CONF_VALUE_retrieve(conf->values, &template); + OPENSSL_memset(&templ, 0, sizeof(templ)); + templ.section = (char *)section; + templ.name = (char *)name; + value = lh_CONF_VALUE_retrieve(conf->values, &templ); if (value == NULL) { return NULL; } diff --git a/Sources/CCryptoBoringSSL/crypto/cpu_aarch64_apple.c b/Sources/CCryptoBoringSSL/crypto/cpu_aarch64_apple.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/cpu_aarch64_apple.c rename to Sources/CCryptoBoringSSL/crypto/cpu_aarch64_apple.cc diff --git a/Sources/CCryptoBoringSSL/crypto/cpu_aarch64_fuchsia.c b/Sources/CCryptoBoringSSL/crypto/cpu_aarch64_fuchsia.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/cpu_aarch64_fuchsia.c rename to Sources/CCryptoBoringSSL/crypto/cpu_aarch64_fuchsia.cc diff --git a/Sources/CCryptoBoringSSL/crypto/cpu_aarch64_linux.c b/Sources/CCryptoBoringSSL/crypto/cpu_aarch64_linux.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/cpu_aarch64_linux.c rename to Sources/CCryptoBoringSSL/crypto/cpu_aarch64_linux.cc diff --git a/Sources/CCryptoBoringSSL/crypto/cpu_aarch64_openbsd.c b/Sources/CCryptoBoringSSL/crypto/cpu_aarch64_openbsd.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/cpu_aarch64_openbsd.c rename to Sources/CCryptoBoringSSL/crypto/cpu_aarch64_openbsd.cc diff --git a/Sources/CCryptoBoringSSL/crypto/cpu_aarch64_sysreg.c b/Sources/CCryptoBoringSSL/crypto/cpu_aarch64_sysreg.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/cpu_aarch64_sysreg.c rename to Sources/CCryptoBoringSSL/crypto/cpu_aarch64_sysreg.cc diff --git a/Sources/CCryptoBoringSSL/crypto/cpu_aarch64_win.c b/Sources/CCryptoBoringSSL/crypto/cpu_aarch64_win.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/cpu_aarch64_win.c rename to Sources/CCryptoBoringSSL/crypto/cpu_aarch64_win.cc diff --git a/Sources/CCryptoBoringSSL/crypto/cpu_arm_freebsd.c b/Sources/CCryptoBoringSSL/crypto/cpu_arm_freebsd.cc similarity index 93% rename from Sources/CCryptoBoringSSL/crypto/cpu_arm_freebsd.c rename to Sources/CCryptoBoringSSL/crypto/cpu_arm_freebsd.cc index 9bcdccfa..c4504669 100644 --- a/Sources/CCryptoBoringSSL/crypto/cpu_arm_freebsd.c +++ b/Sources/CCryptoBoringSSL/crypto/cpu_arm_freebsd.cc @@ -14,8 +14,8 @@ #include "internal.h" -#if defined(OPENSSL_ARM) && defined(OPENSSL_FREEBSD) && \ - !defined(OPENSSL_STATIC_ARMCAP) +#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && \ + defined(OPENSSL_FREEBSD) && !defined(OPENSSL_STATIC_ARMCAP) #include #include diff --git a/Sources/CCryptoBoringSSL/crypto/cpu_arm_linux.c b/Sources/CCryptoBoringSSL/crypto/cpu_arm_linux.cc similarity index 93% rename from Sources/CCryptoBoringSSL/crypto/cpu_arm_linux.c rename to Sources/CCryptoBoringSSL/crypto/cpu_arm_linux.cc index 2921df86..93d26347 100644 --- a/Sources/CCryptoBoringSSL/crypto/cpu_arm_linux.c +++ b/Sources/CCryptoBoringSSL/crypto/cpu_arm_linux.cc @@ -14,8 +14,8 @@ #include "internal.h" -#if defined(OPENSSL_ARM) && defined(OPENSSL_LINUX) && \ - !defined(OPENSSL_STATIC_ARMCAP) +#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && \ + defined(OPENSSL_LINUX) && !defined(OPENSSL_STATIC_ARMCAP) #include #include #include @@ -55,7 +55,7 @@ static int read_file(char **out_ptr, size_t *out_len, const char *path) { static const size_t kReadSize = 1024; int ret = 0; size_t cap = kReadSize, len = 0; - char *buf = OPENSSL_malloc(cap); + char *buf = reinterpret_cast(OPENSSL_malloc(cap)); if (buf == NULL) { goto err; } @@ -66,7 +66,7 @@ static int read_file(char **out_ptr, size_t *out_len, const char *path) { if (new_cap < cap) { goto err; } - char *new_buf = OPENSSL_realloc(buf, new_cap); + char *new_buf = reinterpret_cast(OPENSSL_realloc(buf, new_cap)); if (new_buf == NULL) { goto err; } diff --git a/Sources/CCryptoBoringSSL/crypto/cpu_intel.c b/Sources/CCryptoBoringSSL/crypto/cpu_intel.cc similarity index 90% rename from Sources/CCryptoBoringSSL/crypto/cpu_intel.c rename to Sources/CCryptoBoringSSL/crypto/cpu_intel.cc index d5c7b8ba..a0cf3826 100644 --- a/Sources/CCryptoBoringSSL/crypto/cpu_intel.c +++ b/Sources/CCryptoBoringSSL/crypto/cpu_intel.cc @@ -56,7 +56,8 @@ #include -#if !defined(OPENSSL_NO_ASM) && (defined(OPENSSL_X86) || defined(OPENSSL_X86_64)) +#if !defined(OPENSSL_NO_ASM) && \ + (defined(OPENSSL_X86) || defined(OPENSSL_X86_64)) #include #include @@ -88,21 +89,19 @@ static void OPENSSL_cpuid(uint32_t *out_eax, uint32_t *out_ebx, #elif defined(__pic__) && defined(OPENSSL_32_BIT) // Inline assembly may not clobber the PIC register. For 32-bit, this is EBX. // See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=47602. - __asm__ volatile ( - "xor %%ecx, %%ecx\n" - "mov %%ebx, %%edi\n" - "cpuid\n" - "xchg %%edi, %%ebx\n" - : "=a"(*out_eax), "=D"(*out_ebx), "=c"(*out_ecx), "=d"(*out_edx) - : "a"(leaf) - ); + __asm__ volatile( + "xor %%ecx, %%ecx\n" + "mov %%ebx, %%edi\n" + "cpuid\n" + "xchg %%edi, %%ebx\n" + : "=a"(*out_eax), "=D"(*out_ebx), "=c"(*out_ecx), "=d"(*out_edx) + : "a"(leaf)); #else - __asm__ volatile ( - "xor %%ecx, %%ecx\n" - "cpuid\n" - : "=a"(*out_eax), "=b"(*out_ebx), "=c"(*out_ecx), "=d"(*out_edx) - : "a"(leaf) - ); + __asm__ volatile( + "xor %%ecx, %%ecx\n" + "cpuid\n" + : "=a"(*out_eax), "=b"(*out_ebx), "=c"(*out_ecx), "=d"(*out_edx) + : "a"(leaf)); #endif } @@ -113,7 +112,7 @@ static uint64_t OPENSSL_xgetbv(uint32_t xcr) { return (uint64_t)_xgetbv(xcr); #else uint32_t eax, edx; - __asm__ volatile ("xgetbv" : "=a"(eax), "=d"(edx) : "c"(xcr)); + __asm__ volatile("xgetbv" : "=a"(eax), "=d"(edx) : "c"(xcr)); return (((uint64_t)edx) << 32) | eax; #endif } @@ -121,27 +120,27 @@ static uint64_t OPENSSL_xgetbv(uint32_t xcr) { // handle_cpu_env applies the value from |in| to the CPUID values in |out[0]| // and |out[1]|. See the comment in |OPENSSL_cpuid_setup| about this. static void handle_cpu_env(uint32_t *out, const char *in) { - const int invert = in[0] == '~'; - const int or = in[0] == '|'; - const int skip_first_byte = invert || or; - const int hex = in[skip_first_byte] == '0' && in[skip_first_byte+1] == 'x'; + const int invert_op = in[0] == '~'; + const int or_op = in[0] == '|'; + const int skip_first_byte = invert_op || or_op; + const int hex = in[skip_first_byte] == '0' && in[skip_first_byte + 1] == 'x'; int sscanf_result; uint64_t v; if (hex) { - sscanf_result = sscanf(in + invert + 2, "%" PRIx64, &v); + sscanf_result = sscanf(in + invert_op + 2, "%" PRIx64, &v); } else { - sscanf_result = sscanf(in + invert, "%" PRIu64, &v); + sscanf_result = sscanf(in + invert_op, "%" PRIu64, &v); } if (!sscanf_result) { return; } - if (invert) { + if (invert_op) { out[0] &= ~v; out[1] &= ~(v >> 32); - } else if (or) { + } else if (or_op) { out[0] |= v; out[1] |= (v >> 32); } else { @@ -157,11 +156,11 @@ void OPENSSL_cpuid_setup(void) { uint32_t num_ids = eax; - int is_intel = ebx == 0x756e6547 /* Genu */ && - edx == 0x49656e69 /* ineI */ && + int is_intel = ebx == 0x756e6547 /* Genu */ && // + edx == 0x49656e69 /* ineI */ && // ecx == 0x6c65746e /* ntel */; - int is_amd = ebx == 0x68747541 /* Auth */ && - edx == 0x69746e65 /* enti */ && + int is_amd = ebx == 0x68747541 /* Auth */ && // + edx == 0x69746e65 /* enti */ && // ecx == 0x444d4163 /* cAMD */; uint32_t extended_features[2] = {0}; @@ -225,9 +224,9 @@ void OPENSSL_cpuid_setup(void) { // See Intel manual, volume 1, section 14.3. if ((xcr0 & 6) != 6) { // YMM registers cannot be used. - ecx &= ~(1u << 28); // AVX - ecx &= ~(1u << 12); // FMA - ecx &= ~(1u << 11); // AMD XOP + ecx &= ~(1u << 28); // AVX + ecx &= ~(1u << 12); // FMA + ecx &= ~(1u << 11); // AMD XOP extended_features[0] &= ~(1u << 5); // AVX2 extended_features[1] &= ~(1u << 9); // VAES extended_features[1] &= ~(1u << 10); // VPCLMULQDQ diff --git a/Sources/CCryptoBoringSSL/crypto/crypto.c b/Sources/CCryptoBoringSSL/crypto/crypto.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/crypto.c rename to Sources/CCryptoBoringSSL/crypto/crypto.cc index 2a86d115..b147f44a 100644 --- a/Sources/CCryptoBoringSSL/crypto/crypto.c +++ b/Sources/CCryptoBoringSSL/crypto/crypto.cc @@ -17,8 +17,8 @@ #include #include -#include "fipsmodule/rand/internal.h" #include "bcm_support.h" +#include "fipsmodule/rand/internal.h" #include "internal.h" @@ -132,14 +132,6 @@ int CRYPTO_is_confidential_build(void) { #endif } -int CRYPTO_has_asm(void) { -#if defined(OPENSSL_NO_ASM) - return 0; -#else - return 1; -#endif -} - void CRYPTO_pre_sandbox_init(void) { // Read from /proc/cpuinfo if needed. OPENSSL_init_cpuid(); diff --git a/Sources/CCryptoBoringSSL/crypto/curve25519/curve25519.c b/Sources/CCryptoBoringSSL/crypto/curve25519/curve25519.cc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/curve25519/curve25519.c rename to Sources/CCryptoBoringSSL/crypto/curve25519/curve25519.cc index 4cf870a5..155ab99e 100644 --- a/Sources/CCryptoBoringSSL/crypto/curve25519/curve25519.c +++ b/Sources/CCryptoBoringSSL/crypto/curve25519/curve25519.cc @@ -26,8 +26,8 @@ #include #include -#include "internal.h" #include "../internal.h" +#include "internal.h" // Various pre-computed constants. #include "./curve25519_tables.h" @@ -168,13 +168,9 @@ static void fe_tobytes(uint8_t s[32], const fe *f) { } // h = 0 -static void fe_0(fe *h) { - OPENSSL_memset(h, 0, sizeof(fe)); -} +static void fe_0(fe *h) { OPENSSL_memset(h, 0, sizeof(fe)); } -static void fe_loose_0(fe_loose *h) { - OPENSSL_memset(h, 0, sizeof(fe_loose)); -} +static void fe_loose_0(fe_loose *h) { OPENSSL_memset(h, 0, sizeof(fe_loose)); } // h = 1 static void fe_1(fe *h) { @@ -205,7 +201,7 @@ static void fe_sub(fe_loose *h, const fe *f, const fe *g) { assert_fe_loose(h->v); } -static void fe_carry(fe *h, const fe_loose* f) { +static void fe_carry(fe *h, const fe_loose *f) { assert_fe_loose(f->v); fiat_25519_carry(h->v, f->v); assert_fe(h->v); @@ -261,7 +257,7 @@ static void fe_sq_tt(fe *h, const fe *f) { // // Preconditions: b in {0,1}. static void fe_cswap(fe *f, fe *g, fe_limb_t b) { - b = 0-b; + b = 0 - b; for (unsigned i = 0; i < FE_NUM_LIMBS; i++) { fe_limb_t x = f->v[i] ^ g->v[i]; x &= b; @@ -293,9 +289,8 @@ static void fe_cmov(fe_loose *f, const fe_loose *g, fe_limb_t b) { // // TODO(davidben): Switch to fiat's calling convention, or ask fiat to emit a // different one. - (void)fiat_25519_selectznz; - b = 0-b; + b = 0 - b; for (unsigned i = 0; i < FE_NUM_LIMBS; i++) { fe_limb_t x = f->v[i] ^ g->v[i]; x &= b; @@ -304,9 +299,7 @@ static void fe_cmov(fe_loose *f, const fe_loose *g, fe_limb_t b) { } // h = f -static void fe_copy(fe *h, const fe *f) { - OPENSSL_memmove(h, f, sizeof(fe)); -} +static void fe_copy(fe *h, const fe *f) { OPENSSL_memmove(h, f, sizeof(fe)); } static void fe_copy_lt(fe_loose *h, const fe *f) { static_assert(sizeof(fe_loose) == sizeof(fe), "fe and fe_loose mismatch"); @@ -506,8 +499,8 @@ int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t s[32]) { fe_carry(&u, &v); fe_add(&v, &vxx, &h->Z); // v = dy^2+1 - fe_mul_ttl(&w, &u, &v); // w = u*v - fe_pow22523(&h->X, &w); // x = w^((q-5)/8) + fe_mul_ttl(&w, &u, &v); // w = u*v + fe_pow22523(&h->X, &w); // x = w^((q-5)/8) fe_mul_ttt(&h->X, &h->X, &u); // x = u*w^((q-5)/8) fe_sq_tt(&vxx, &h->X); @@ -706,7 +699,7 @@ void x25519_ge_scalarmult_small_precomp( for (i = 0; i < 15; i++) { // The precomputed table is assumed to already clear the top bit, so // |fe_frombytes_strict| may be used directly. - const uint8_t *bytes = &precomp_table[i*(2 * 32)]; + const uint8_t *bytes = &precomp_table[i * (2 * 32)]; fe x, y; fe_frombytes_strict(&x, bytes); fe_frombytes_strict(&y, bytes + 32); @@ -736,7 +729,7 @@ void x25519_ge_scalarmult_small_precomp( ge_precomp_0(&e); for (j = 1; j < 16; j++) { - cmov(&e, &multiples[j-1], 1&constant_time_eq_w(index, j)); + cmov(&e, &multiples[j - 1], 1 & constant_time_eq_w(index, j)); } ge_cached cached; @@ -763,9 +756,11 @@ static void table_select(ge_precomp *t, const int pos, const signed char b) { uint8_t babs = b - ((bnegative & b) << 1); uint8_t t_bytes[3][32] = { - {constant_time_is_zero_w(b) & 1}, {constant_time_is_zero_w(b) & 1}, {0}}; -#if defined(__clang__) // materialize for vectorization, 6% speedup - __asm__("" : "+m" (t_bytes) : /*no inputs*/); + {static_cast(constant_time_is_zero_w(b) & 1)}, + {static_cast(constant_time_is_zero_w(b) & 1)}, + {0}}; +#if defined(__clang__) // materialize for vectorization, 6% speedup + __asm__("" : "+m"(t_bytes) : /*no inputs*/); #endif static_assert(sizeof(t_bytes) == sizeof(k25519Precomp[pos][0]), ""); for (int i = 0; i < 8; i++) { @@ -787,7 +782,7 @@ static void table_select(ge_precomp *t, const int pos, const signed char b) { fe_copy_lt(&minust.yplusx, &yminusx); fe_copy_lt(&minust.yminusx, &yplusx); fe_neg(&minust.xy2d, &xy2d); - cmov(t, &minust, bnegative>>7); + cmov(t, &minust, bnegative >> 7); } // h = a * B @@ -903,7 +898,7 @@ void x25519_ge_scalarmult(ge_p2 *r, const uint8_t *scalar, const ge_p3 *A) { ge_p2_dbl(&t, r); x25519_ge_p1p1_to_p3(&u, &t); - uint8_t index = scalar[31 - i/8]; + uint8_t index = scalar[31 - i / 8]; index >>= 4 - (i & 4); index &= 0xf; @@ -911,7 +906,7 @@ void x25519_ge_scalarmult(ge_p2 *r, const uint8_t *scalar, const ge_p3 *A) { ge_cached selected; ge_cached_0(&selected); for (j = 0; j < 16; j++) { - cmov_cached(&selected, &Ai[j], 1&constant_time_eq_w(index, j)); + cmov_cached(&selected, &Ai[j], 1 & constant_time_eq_w(index, j)); } x25519_ge_add(&t, &u, &selected); @@ -1937,10 +1932,10 @@ int ED25519_verify(const uint8_t *message, size_t message_len, // kOrder is the order of Curve25519 in little-endian form. static const uint64_t kOrder[4] = { - UINT64_C(0x5812631a5cf5d3ed), - UINT64_C(0x14def9dea2f79cd6), - 0, - UINT64_C(0x1000000000000000), + UINT64_C(0x5812631a5cf5d3ed), + UINT64_C(0x14def9dea2f79cd6), + 0, + UINT64_C(0x1000000000000000), }; for (size_t i = 3;; i--) { uint64_t word = CRYPTO_load_u64_le(scopy + i * 8); @@ -2045,8 +2040,10 @@ static void x25519_scalar_mult_generic(uint8_t out[32], // Coq transcription of ladderstep formula (called from transcribed loop): // // - // x1 != 0 - // x1 = 0 + // x1 != 0 + // + // x1 = 0 + // fe_sub(&tmp0l, &x3, &z3); fe_sub(&tmp1l, &x2, &z2); fe_add(&x2l, &x2, &z2); diff --git a/Sources/CCryptoBoringSSL/crypto/curve25519/curve25519_64_adx.c b/Sources/CCryptoBoringSSL/crypto/curve25519/curve25519_64_adx.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/curve25519/curve25519_64_adx.c rename to Sources/CCryptoBoringSSL/crypto/curve25519/curve25519_64_adx.cc diff --git a/Sources/CCryptoBoringSSL/crypto/curve25519/spake25519.c b/Sources/CCryptoBoringSSL/crypto/curve25519/spake25519.cc similarity index 95% rename from Sources/CCryptoBoringSSL/crypto/curve25519/spake25519.c rename to Sources/CCryptoBoringSSL/crypto/curve25519/spake25519.cc index 42a41381..00c9f608 100644 --- a/Sources/CCryptoBoringSSL/crypto/curve25519/spake25519.c +++ b/Sources/CCryptoBoringSSL/crypto/curve25519/spake25519.cc @@ -31,13 +31,17 @@ // points used in the SPAKE2 protocol. // // N: -// x: 49918732221787544735331783592030787422991506689877079631459872391322455579424 -// y: 54629554431565467720832445949441049581317094546788069926228343916274969994000 +// x: +// 49918732221787544735331783592030787422991506689877079631459872391322455579424 +// y: +// 54629554431565467720832445949441049581317094546788069926228343916274969994000 // encoded: 10e3df0ae37d8e7a99b5fe74b44672103dbddcbd06af680d71329a11693bc778 // // M: -// x: 31406539342727633121250288103050113562375374900226415211311216773867585644232 -// y: 21177308356423958466833845032658859666296341766942662650232962324899758529114 +// x: +// 31406539342727633121250288103050113562375374900226415211311216773867585644232 +// y: +// 21177308356423958466833845032658859666296341766942662650232962324899758529114 // encoded: 5ada7e4bf6ddd9adb6626d32131c6b5c51a1e347a3478f53cfcf441b88eed12e // // These points and their precomputation tables are generated with the @@ -269,10 +273,11 @@ static const uint8_t kSpakeMSmallPrecomp[15 * 2 * 32] = { 0xa6, 0x76, 0x81, 0x28, 0xb2, 0x65, 0xe8, 0x47, 0x14, 0xc6, 0x39, 0x06, }; -SPAKE2_CTX *SPAKE2_CTX_new(enum spake2_role_t my_role, - const uint8_t *my_name, size_t my_name_len, - const uint8_t *their_name, size_t their_name_len) { - SPAKE2_CTX *ctx = OPENSSL_zalloc(sizeof(SPAKE2_CTX)); +SPAKE2_CTX *SPAKE2_CTX_new(enum spake2_role_t my_role, const uint8_t *my_name, + size_t my_name_len, const uint8_t *their_name, + size_t their_name_len) { + SPAKE2_CTX *ctx = + reinterpret_cast(OPENSSL_zalloc(sizeof(SPAKE2_CTX))); if (ctx == NULL) { return NULL; } @@ -341,8 +346,8 @@ static void scalar_add(scalar *dest, const scalar *src) { } int SPAKE2_generate_msg(SPAKE2_CTX *ctx, uint8_t *out, size_t *out_len, - size_t max_out_len, const uint8_t *password, - size_t password_len) { + size_t max_out_len, const uint8_t *password, + size_t password_len) { if (ctx->state != spake2_state_init) { return 0; } @@ -459,8 +464,7 @@ static void update_with_length_prefix(SHA512_CTX *sha, const uint8_t *data, int SPAKE2_process_msg(SPAKE2_CTX *ctx, uint8_t *out_key, size_t *out_key_len, size_t max_out_key_len, const uint8_t *their_msg, size_t their_msg_len) { - if (ctx->state != spake2_state_msg_generated || - their_msg_len != 32) { + if (ctx->state != spake2_state_msg_generated || their_msg_len != 32) { return 0; } @@ -473,9 +477,9 @@ int SPAKE2_process_msg(SPAKE2_CTX *ctx, uint8_t *out_key, size_t *out_key_len, // Unmask peer's value. ge_p3 peers_mask; x25519_ge_scalarmult_small_precomp(&peers_mask, ctx->password_scalar, - ctx->my_role == spake2_role_alice - ? kSpakeNSmallPrecomp - : kSpakeMSmallPrecomp); + ctx->my_role == spake2_role_alice + ? kSpakeNSmallPrecomp + : kSpakeMSmallPrecomp); ge_cached peers_mask_cached; x25519_ge_p3_to_cached(&peers_mask_cached, &peers_mask); diff --git a/Sources/CCryptoBoringSSL/crypto/des/des.c b/Sources/CCryptoBoringSSL/crypto/des/des.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/des/des.c rename to Sources/CCryptoBoringSSL/crypto/des/des.cc diff --git a/Sources/CCryptoBoringSSL/crypto/dh_extra/dh_asn1.c b/Sources/CCryptoBoringSSL/crypto/dh_extra/dh_asn1.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/dh_extra/dh_asn1.c rename to Sources/CCryptoBoringSSL/crypto/dh_extra/dh_asn1.cc diff --git a/Sources/CCryptoBoringSSL/crypto/dh_extra/params.c b/Sources/CCryptoBoringSSL/crypto/dh_extra/params.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/dh_extra/params.c rename to Sources/CCryptoBoringSSL/crypto/dh_extra/params.cc diff --git a/Sources/CCryptoBoringSSL/crypto/digest_extra/digest_extra.c b/Sources/CCryptoBoringSSL/crypto/digest_extra/digest_extra.cc similarity index 79% rename from Sources/CCryptoBoringSSL/crypto/digest_extra/digest_extra.c rename to Sources/CCryptoBoringSSL/crypto/digest_extra/digest_extra.cc index c6a9d443..1abb9332 100644 --- a/Sources/CCryptoBoringSSL/crypto/digest_extra/digest_extra.c +++ b/Sources/CCryptoBoringSSL/crypto/digest_extra/digest_extra.cc @@ -60,19 +60,19 @@ #include #include -#include #include #include #include +#include #include "../asn1/internal.h" -#include "../internal.h" #include "../fipsmodule/digest/internal.h" +#include "../internal.h" struct nid_to_digest { int nid; - const EVP_MD* (*md_func)(void); + const EVP_MD *(*md_func)(void); const char *short_name; const char *long_name; }; @@ -107,7 +107,7 @@ static const struct nid_to_digest nid_to_digest_mapping[] = { LN_sha512WithRSAEncryption}, }; -const EVP_MD* EVP_get_digestbynid(int nid) { +const EVP_MD *EVP_get_digestbynid(int nid) { if (nid == NID_undef) { // Skip the |NID_undef| entries in |nid_to_digest_mapping|. return NULL; @@ -127,20 +127,20 @@ static const struct { uint8_t oid_len; int nid; } kMDOIDs[] = { - // 1.2.840.113549.2.4 - { {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x04}, 8, NID_md4 }, - // 1.2.840.113549.2.5 - { {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05}, 8, NID_md5 }, - // 1.3.14.3.2.26 - { {0x2b, 0x0e, 0x03, 0x02, 0x1a}, 5, NID_sha1 }, - // 2.16.840.1.101.3.4.2.1 - { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01}, 9, NID_sha256 }, - // 2.16.840.1.101.3.4.2.2 - { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02}, 9, NID_sha384 }, - // 2.16.840.1.101.3.4.2.3 - { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03}, 9, NID_sha512 }, - // 2.16.840.1.101.3.4.2.4 - { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04}, 9, NID_sha224 }, + // 1.2.840.113549.2.4 + {{0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x04}, 8, NID_md4}, + // 1.2.840.113549.2.5 + {{0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05}, 8, NID_md5}, + // 1.3.14.3.2.26 + {{0x2b, 0x0e, 0x03, 0x02, 0x1a}, 5, NID_sha1}, + // 2.16.840.1.101.3.4.2.1 + {{0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01}, 9, NID_sha256}, + // 2.16.840.1.101.3.4.2.2 + {{0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02}, 9, NID_sha384}, + // 2.16.840.1.101.3.4.2.3 + {{0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03}, 9, NID_sha512}, + // 2.16.840.1.101.3.4.2.4 + {{0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04}, 9, NID_sha224}, }; static const EVP_MD *cbs_to_md(const CBS *cbs) { @@ -188,7 +188,7 @@ const EVP_MD *EVP_parse_digest_algorithm(CBS *cbs) { if (CBS_len(&algorithm) > 0) { CBS param; if (!CBS_get_asn1(&algorithm, ¶m, CBS_ASN1_NULL) || - CBS_len(¶m) != 0 || + CBS_len(¶m) != 0 || // CBS_len(&algorithm) != 0) { OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_DECODE_ERROR); return NULL; @@ -223,7 +223,7 @@ int EVP_marshal_digest_algorithm(CBB *cbb, const EVP_MD *md) { } // TODO(crbug.com/boringssl/710): Is this correct? See RFC 4055, section 2.1. - if (!CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) || + if (!CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) || // !CBB_flush(cbb)) { return 0; } @@ -244,76 +244,69 @@ const EVP_MD *EVP_get_digestbyname(const char *name) { return NULL; } -static void blake2b256_init(EVP_MD_CTX *ctx) { BLAKE2B256_Init(ctx->md_data); } +static void blake2b256_init(EVP_MD_CTX *ctx) { + BLAKE2B256_Init(reinterpret_cast(ctx->md_data)); +} static void blake2b256_update(EVP_MD_CTX *ctx, const void *data, size_t len) { - BLAKE2B256_Update(ctx->md_data, data, len); + BLAKE2B256_Update(reinterpret_cast(ctx->md_data), data, len); } static void blake2b256_final(EVP_MD_CTX *ctx, uint8_t *md) { - BLAKE2B256_Final(md, ctx->md_data); + BLAKE2B256_Final(md, reinterpret_cast(ctx->md_data)); } static const EVP_MD evp_md_blake2b256 = { - NID_undef, - BLAKE2B256_DIGEST_LENGTH, - 0, - blake2b256_init, - blake2b256_update, - blake2b256_final, - BLAKE2B_CBLOCK, - sizeof(BLAKE2B_CTX), + NID_undef, BLAKE2B256_DIGEST_LENGTH, 0, + blake2b256_init, blake2b256_update, blake2b256_final, + BLAKE2B_CBLOCK, sizeof(BLAKE2B_CTX), }; const EVP_MD *EVP_blake2b256(void) { return &evp_md_blake2b256; } static void md4_init(EVP_MD_CTX *ctx) { - BSSL_CHECK(MD4_Init(ctx->md_data)); + BSSL_CHECK(MD4_Init(reinterpret_cast(ctx->md_data))); } static void md4_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - BSSL_CHECK(MD4_Update(ctx->md_data, data, count)); + BSSL_CHECK( + MD4_Update(reinterpret_cast(ctx->md_data), data, count)); } static void md4_final(EVP_MD_CTX *ctx, uint8_t *out) { - BSSL_CHECK(MD4_Final(out, ctx->md_data)); + BSSL_CHECK(MD4_Final(out, reinterpret_cast(ctx->md_data))); } static const EVP_MD evp_md_md4 = { - NID_md4, - MD4_DIGEST_LENGTH, - 0, - md4_init, - md4_update, - md4_final, - 64, - sizeof(MD4_CTX), + NID_md4, // + MD4_DIGEST_LENGTH, // + 0, + md4_init, + md4_update, + md4_final, + 64, + sizeof(MD4_CTX), }; const EVP_MD *EVP_md4(void) { return &evp_md_md4; } static void md5_init(EVP_MD_CTX *ctx) { - BSSL_CHECK(MD5_Init(ctx->md_data)); + BSSL_CHECK(MD5_Init(reinterpret_cast(ctx->md_data))); } static void md5_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - BSSL_CHECK(MD5_Update(ctx->md_data, data, count)); + BSSL_CHECK( + MD5_Update(reinterpret_cast(ctx->md_data), data, count)); } static void md5_final(EVP_MD_CTX *ctx, uint8_t *out) { - BSSL_CHECK(MD5_Final(out, ctx->md_data)); + BSSL_CHECK(MD5_Final(out, reinterpret_cast(ctx->md_data))); } static const EVP_MD evp_md_md5 = { - NID_md5, - MD5_DIGEST_LENGTH, - 0, - md5_init, - md5_update, - md5_final, - 64, - sizeof(MD5_CTX), + NID_md5, MD5_DIGEST_LENGTH, 0, md5_init, + md5_update, md5_final, 64, sizeof(MD5_CTX), }; const EVP_MD *EVP_md5(void) { return &evp_md_md5; } @@ -324,32 +317,32 @@ typedef struct { } MD5_SHA1_CTX; static void md5_sha1_init(EVP_MD_CTX *md_ctx) { - MD5_SHA1_CTX *ctx = md_ctx->md_data; + MD5_SHA1_CTX *ctx = reinterpret_cast(md_ctx->md_data); BSSL_CHECK(MD5_Init(&ctx->md5) && SHA1_Init(&ctx->sha1)); } static void md5_sha1_update(EVP_MD_CTX *md_ctx, const void *data, size_t count) { - MD5_SHA1_CTX *ctx = md_ctx->md_data; + MD5_SHA1_CTX *ctx = reinterpret_cast(md_ctx->md_data); BSSL_CHECK(MD5_Update(&ctx->md5, data, count) && - SHA1_Update(&ctx->sha1, data, count)); + SHA1_Update(&ctx->sha1, data, count)); } static void md5_sha1_final(EVP_MD_CTX *md_ctx, uint8_t *out) { - MD5_SHA1_CTX *ctx = md_ctx->md_data; + MD5_SHA1_CTX *ctx = reinterpret_cast(md_ctx->md_data); BSSL_CHECK(MD5_Final(out, &ctx->md5) && - SHA1_Final(out + MD5_DIGEST_LENGTH, &ctx->sha1)); + SHA1_Final(out + MD5_DIGEST_LENGTH, &ctx->sha1)); } const EVP_MD evp_md_md5_sha1 = { - NID_md5_sha1, - MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, - 0, - md5_sha1_init, - md5_sha1_update, - md5_sha1_final, - 64, - sizeof(MD5_SHA1_CTX), + NID_md5_sha1, + MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, + 0, + md5_sha1_init, + md5_sha1_update, + md5_sha1_final, + 64, + sizeof(MD5_SHA1_CTX), }; const EVP_MD *EVP_md5_sha1(void) { return &evp_md_md5_sha1; } diff --git a/Sources/CCryptoBoringSSL/crypto/dilithium/dilithium.c b/Sources/CCryptoBoringSSL/crypto/dilithium/dilithium.cc similarity index 99% rename from Sources/CCryptoBoringSSL/crypto/dilithium/dilithium.c rename to Sources/CCryptoBoringSSL/crypto/dilithium/dilithium.cc index 770ed765..72f7e476 100644 --- a/Sources/CCryptoBoringSSL/crypto/dilithium/dilithium.c +++ b/Sources/CCryptoBoringSSL/crypto/dilithium/dilithium.cc @@ -1165,9 +1165,10 @@ int DILITHIUM_generate_key_external_entropy( vectorl s1_ntt; vectork t; }; - struct values_st *values = OPENSSL_malloc(sizeof(*values)); + struct values_st *values = + reinterpret_cast(OPENSSL_malloc(sizeof(*values))); if (values == NULL) { - goto err; + return 0; } struct private_key *priv = private_key_from_external(out_private_key); @@ -1217,8 +1218,6 @@ int DILITHIUM_generate_key_external_entropy( int DILITHIUM_public_from_private( struct DILITHIUM_public_key *out_public_key, const struct DILITHIUM_private_key *private_key) { - int ret = 0; - // Intermediate values, allocated on the heap to allow use when there is a // limited amount of stack. struct values_st { @@ -1227,9 +1226,10 @@ int DILITHIUM_public_from_private( vectork t; vectork t0; }; - struct values_st *values = OPENSSL_malloc(sizeof(*values)); + struct values_st *values = + reinterpret_cast(OPENSSL_malloc(sizeof(*values))); if (values == NULL) { - goto err; + return 0; } const struct private_key *priv = private_key_from_external(private_key); @@ -1250,10 +1250,8 @@ int DILITHIUM_public_from_private( vectork_power2_round(&pub->t1, &values->t0, &values->t); - ret = 1; -err: OPENSSL_free(values); - return ret; + return 1; } // FIPS 204, Algorithm 2 (`ML-DSA.Sign`). Returns 1 on success and 0 on failure. @@ -1299,7 +1297,8 @@ static int dilithium_sign_with_randomizer( vectork r0; vectork ct0; }; - struct values_st *values = OPENSSL_malloc(sizeof(*values)); + struct values_st *values = + reinterpret_cast(OPENSSL_malloc(sizeof(*values))); if (values == NULL) { goto err; } @@ -1428,8 +1427,6 @@ int DILITHIUM_sign(uint8_t out_encoded_signature[DILITHIUM_SIGNATURE_BYTES], int DILITHIUM_verify(const struct DILITHIUM_public_key *public_key, const uint8_t encoded_signature[DILITHIUM_SIGNATURE_BYTES], const uint8_t *msg, size_t msg_len) { - int ret = 0; - // Intermediate values, allocated on the heap to allow use when there is a // limited amount of stack. struct values_st { @@ -1442,9 +1439,10 @@ int DILITHIUM_verify(const struct DILITHIUM_public_key *public_key, vectork w_approx; vectork w1; }; - struct values_st *values = OPENSSL_malloc(sizeof(*values)); + struct values_st *values = + reinterpret_cast(OPENSSL_malloc(sizeof(*values))); if (values == NULL) { - goto err; + return 0; } const struct public_key *pub = public_key_from_external(public_key); @@ -1452,7 +1450,8 @@ int DILITHIUM_verify(const struct DILITHIUM_public_key *public_key, CBS cbs; CBS_init(&cbs, encoded_signature, DILITHIUM_SIGNATURE_BYTES); if (!dilithium_parse_signature(&values->sign, &cbs)) { - goto err; + OPENSSL_free(values); + return 0; } matrix_expand(&values->a_ntt, pub->rho); @@ -1494,12 +1493,12 @@ int DILITHIUM_verify(const struct DILITHIUM_public_key *public_key, uint32_t z_max = vectorl_max(&values->sign.z); size_t h_ones = vectork_count_ones(&values->sign.h); + int ret = 0; if (z_max < kGamma1 - BETA && h_ones <= OMEGA && OPENSSL_memcmp(c_tilde, values->sign.c_tilde, 2 * LAMBDA_BYTES) == 0) { ret = 1; } -err: OPENSSL_free(values); return ret; } diff --git a/Sources/CCryptoBoringSSL/crypto/dsa/dsa.c b/Sources/CCryptoBoringSSL/crypto/dsa/dsa.cc similarity index 79% rename from Sources/CCryptoBoringSSL/crypto/dsa/dsa.c rename to Sources/CCryptoBoringSSL/crypto/dsa/dsa.cc index 40be40e7..58e20149 100644 --- a/Sources/CCryptoBoringSSL/crypto/dsa/dsa.c +++ b/Sources/CCryptoBoringSSL/crypto/dsa/dsa.cc @@ -72,10 +72,10 @@ #include #include -#include "internal.h" #include "../fipsmodule/bn/internal.h" #include "../fipsmodule/dh/internal.h" #include "../internal.h" +#include "internal.h" // Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of @@ -88,7 +88,7 @@ static int dsa_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv, static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT; DSA *DSA_new(void) { - DSA *dsa = OPENSSL_zalloc(sizeof(DSA)); + DSA *dsa = reinterpret_cast(OPENSSL_zalloc(sizeof(DSA))); if (dsa == NULL) { return NULL; } @@ -179,8 +179,7 @@ int DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key) { } int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g) { - if ((dsa->p == NULL && p == NULL) || - (dsa->q == NULL && q == NULL) || + if ((dsa->p == NULL && p == NULL) || (dsa->q == NULL && q == NULL) || (dsa->g == NULL && g == NULL)) { return 0; } @@ -312,7 +311,8 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in, } // step 4 - r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, use_random_seed, cb); + r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, use_random_seed, + cb); if (r > 0) { break; } @@ -356,25 +356,20 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in, } // step 8 - if (!BN_bin2bn(md, qsize, r0) || - !BN_lshift(r0, r0, (qsize << 3) * k) || + if (!BN_bin2bn(md, qsize, r0) || !BN_lshift(r0, r0, (qsize << 3) * k) || !BN_add(W, W, r0)) { goto err; } } // more of step 8 - if (!BN_mask_bits(W, bits - 1) || - !BN_copy(X, W) || - !BN_add(X, X, test)) { + if (!BN_mask_bits(W, bits - 1) || !BN_copy(X, W) || !BN_add(X, X, test)) { goto err; } // step 9 - if (!BN_lshift1(r0, q) || - !BN_mod(c, X, r0, ctx) || - !BN_sub(r0, c, BN_value_one()) || - !BN_sub(p, X, r0)) { + if (!BN_lshift1(r0, q) || !BN_mod(c, X, r0, ctx) || + !BN_sub(r0, c, BN_value_one()) || !BN_sub(p, X, r0)) { goto err; } @@ -407,14 +402,12 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in, // We now need to generate g // Set r0=(p-1)/q - if (!BN_sub(test, p, BN_value_one()) || - !BN_div(r0, NULL, test, q, ctx)) { + if (!BN_sub(test, p, BN_value_one()) || !BN_div(r0, NULL, test, q, ctx)) { goto err; } mont = BN_MONT_CTX_new_for_modulus(p, ctx); - if (mont == NULL || - !BN_set_word(test, h)) { + if (mont == NULL || !BN_set_word(test, h)) { goto err; } @@ -541,7 +534,9 @@ int DSA_generate_key(DSA *dsa) { return ok; } -DSA_SIG *DSA_SIG_new(void) { return OPENSSL_zalloc(sizeof(DSA_SIG)); } +DSA_SIG *DSA_SIG_new(void) { + return reinterpret_cast(OPENSSL_zalloc(sizeof(DSA_SIG))); +} void DSA_SIG_free(DSA_SIG *sig) { if (!sig) { @@ -583,8 +578,7 @@ static int mod_mul_consttime(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BIGNUM *tmp = BN_CTX_get(ctx); // |BN_mod_mul_montgomery| removes a factor of R, so we cancel it with a // single |BN_to_montgomery| which adds one factor of R. - int ok = tmp != NULL && - BN_to_montgomery(tmp, a, mont, ctx) && + int ok = tmp != NULL && BN_to_montgomery(tmp, a, mont, ctx) && BN_mod_mul_montgomery(r, tmp, b, mont, ctx); BN_CTX_end(ctx); return ok; @@ -609,79 +603,80 @@ DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len, const DSA *dsa) { BN_init(&m); BN_init(&xr); s = BN_new(); - if (s == NULL) { - goto err; - } - ctx = BN_CTX_new(); - if (ctx == NULL) { - goto err; - } + { + if (s == NULL) { + goto err; + } + ctx = BN_CTX_new(); + if (ctx == NULL) { + goto err; + } - // Cap iterations so that invalid parameters do not infinite loop. This does - // not impact valid parameters because the probability of requiring even one - // retry is negligible, let alone 32. Unfortunately, DSA was mis-specified, so - // invalid parameters are reachable from most callers handling untrusted - // private keys. (The |dsa_check_key| call above is not sufficient. Checking - // whether arbitrary paremeters form a valid DSA group is expensive.) - static const int kMaxIterations = 32; - int iters = 0; -redo: - if (!dsa_sign_setup(dsa, ctx, &kinv, &r)) { - goto err; - } + // Cap iterations so that invalid parameters do not infinite loop. This does + // not impact valid parameters because the probability of requiring even one + // retry is negligible, let alone 32. Unfortunately, DSA was mis-specified, + // so invalid parameters are reachable from most callers handling untrusted + // private keys. (The |dsa_check_key| call above is not sufficient. Checking + // whether arbitrary paremeters form a valid DSA group is expensive.) + static const int kMaxIterations = 32; + int iters = 0; + redo: + if (!dsa_sign_setup(dsa, ctx, &kinv, &r)) { + goto err; + } - if (digest_len > BN_num_bytes(dsa->q)) { - // If the digest length is greater than the size of |dsa->q| use the - // BN_num_bits(dsa->q) leftmost bits of the digest, see FIPS 186-3, 4.2. - // Note the above check that |dsa->q| is a multiple of 8 bits. - digest_len = BN_num_bytes(dsa->q); - } + if (digest_len > BN_num_bytes(dsa->q)) { + // If the digest length is greater than the size of |dsa->q| use the + // BN_num_bits(dsa->q) leftmost bits of the digest, see FIPS 186-3, 4.2. + // Note the above check that |dsa->q| is a multiple of 8 bits. + digest_len = BN_num_bytes(dsa->q); + } - if (BN_bin2bn(digest, digest_len, &m) == NULL) { - goto err; - } + if (BN_bin2bn(digest, digest_len, &m) == NULL) { + goto err; + } - // |m| is bounded by 2^(num_bits(q)), which is slightly looser than q. This - // violates |bn_mod_add_consttime| and |mod_mul_consttime|'s preconditions. - // (The underlying algorithms could accept looser bounds, but we reduce for - // simplicity.) - size_t q_width = bn_minimal_width(dsa->q); - if (!bn_resize_words(&m, q_width) || - !bn_resize_words(&xr, q_width)) { - goto err; - } - bn_reduce_once_in_place(m.d, 0 /* no carry word */, dsa->q->d, - xr.d /* scratch space */, q_width); + // |m| is bounded by 2^(num_bits(q)), which is slightly looser than q. This + // violates |bn_mod_add_consttime| and |mod_mul_consttime|'s preconditions. + // (The underlying algorithms could accept looser bounds, but we reduce for + // simplicity.) + size_t q_width = bn_minimal_width(dsa->q); + if (!bn_resize_words(&m, q_width) || !bn_resize_words(&xr, q_width)) { + goto err; + } + bn_reduce_once_in_place(m.d, 0 /* no carry word */, dsa->q->d, + xr.d /* scratch space */, q_width); + + // Compute s = inv(k) (m + xr) mod q. Note |dsa->method_mont_q| is + // initialized by |dsa_sign_setup|. + if (!mod_mul_consttime(&xr, dsa->priv_key, r, dsa->method_mont_q, ctx) || + !bn_mod_add_consttime(s, &xr, &m, dsa->q, ctx) || + !mod_mul_consttime(s, s, kinv, dsa->method_mont_q, ctx)) { + goto err; + } - // Compute s = inv(k) (m + xr) mod q. Note |dsa->method_mont_q| is - // initialized by |dsa_sign_setup|. - if (!mod_mul_consttime(&xr, dsa->priv_key, r, dsa->method_mont_q, ctx) || - !bn_mod_add_consttime(s, &xr, &m, dsa->q, ctx) || - !mod_mul_consttime(s, s, kinv, dsa->method_mont_q, ctx)) { - goto err; - } + // The signature is computed from the private key, but is public. + bn_declassify(r); + bn_declassify(s); - // The signature is computed from the private key, but is public. - bn_declassify(r); - bn_declassify(s); - - // Redo if r or s is zero as required by FIPS 186-3: this is - // very unlikely. - if (BN_is_zero(r) || BN_is_zero(s)) { - iters++; - if (iters > kMaxIterations) { - OPENSSL_PUT_ERROR(DSA, DSA_R_TOO_MANY_ITERATIONS); - goto err; + // Redo if r or s is zero as required by FIPS 186-3: this is + // very unlikely. + if (BN_is_zero(r) || BN_is_zero(s)) { + iters++; + if (iters > kMaxIterations) { + OPENSSL_PUT_ERROR(DSA, DSA_R_TOO_MANY_ITERATIONS); + goto err; + } + goto redo; } - goto redo; - } - ret = DSA_SIG_new(); - if (ret == NULL) { - goto err; + ret = DSA_SIG_new(); + if (ret == NULL) { + goto err; + } + ret->r = r; + ret->s = s; } - ret->r = r; - ret->s = s; err: if (ret == NULL) { @@ -725,71 +720,73 @@ int DSA_do_check_signature(int *out_valid, const uint8_t *digest, BN_init(&u2); BN_init(&t1); BN_CTX *ctx = BN_CTX_new(); - if (ctx == NULL) { - goto err; - } + { + if (ctx == NULL) { + goto err; + } - if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || - BN_ucmp(sig->r, dsa->q) >= 0) { - ret = 1; - goto err; - } - if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || - BN_ucmp(sig->s, dsa->q) >= 0) { - ret = 1; - goto err; - } + if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || + BN_ucmp(sig->r, dsa->q) >= 0) { + ret = 1; + goto err; + } + if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || + BN_ucmp(sig->s, dsa->q) >= 0) { + ret = 1; + goto err; + } - // Calculate W = inv(S) mod Q - // save W in u2 - if (BN_mod_inverse(&u2, sig->s, dsa->q, ctx) == NULL) { - goto err; - } + // Calculate W = inv(S) mod Q + // save W in u2 + if (BN_mod_inverse(&u2, sig->s, dsa->q, ctx) == NULL) { + goto err; + } - // save M in u1 - unsigned q_bits = BN_num_bits(dsa->q); - if (digest_len > (q_bits >> 3)) { - // if the digest length is greater than the size of q use the - // BN_num_bits(dsa->q) leftmost bits of the digest, see - // fips 186-3, 4.2 - digest_len = (q_bits >> 3); - } + // save M in u1 + unsigned q_bits = BN_num_bits(dsa->q); + if (digest_len > (q_bits >> 3)) { + // if the digest length is greater than the size of q use the + // BN_num_bits(dsa->q) leftmost bits of the digest, see + // fips 186-3, 4.2 + digest_len = (q_bits >> 3); + } - if (BN_bin2bn(digest, digest_len, &u1) == NULL) { - goto err; - } + if (BN_bin2bn(digest, digest_len, &u1) == NULL) { + goto err; + } - // u1 = M * w mod q - if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx)) { - goto err; - } + // u1 = M * w mod q + if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx)) { + goto err; + } - // u2 = r * w mod q - if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx)) { - goto err; - } + // u2 = r * w mod q + if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx)) { + goto err; + } - if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p, - (CRYPTO_MUTEX *)&dsa->method_mont_lock, dsa->p, - ctx)) { - goto err; - } + if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p, + (CRYPTO_MUTEX *)&dsa->method_mont_lock, dsa->p, + ctx)) { + goto err; + } - if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, - dsa->method_mont_p)) { - goto err; - } + if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, + dsa->method_mont_p)) { + goto err; + } - // BN_copy(&u1,&t1); - // let u1 = u1 mod q - if (!BN_mod(&u1, &t1, dsa->q, ctx)) { - goto err; - } + // BN_copy(&u1,&t1); + // let u1 = u1 mod q + if (!BN_mod(&u1, &t1, dsa->q, ctx)) { + goto err; + } - // V is now in u1. If the signature is correct, it will be - // equal to R. - *out_valid = BN_ucmp(&u1, sig->r) == 0; - ret = 1; + // V is now in u1. If the signature is correct, it will be + // equal to R. + *out_valid = BN_ucmp(&u1, sig->r) == 0; + ret = 1; + } err: if (ret != 1) { @@ -835,23 +832,25 @@ int DSA_check_signature(int *out_valid, const uint8_t *digest, uint8_t *der = NULL; s = DSA_SIG_new(); - if (s == NULL) { - goto err; - } + { + if (s == NULL) { + goto err; + } - const uint8_t *sigp = sig; - if (d2i_DSA_SIG(&s, &sigp, sig_len) == NULL || sigp != sig + sig_len) { - goto err; - } + const uint8_t *sigp = sig; + if (d2i_DSA_SIG(&s, &sigp, sig_len) == NULL || sigp != sig + sig_len) { + goto err; + } - // Ensure that the signature uses DER and doesn't have trailing garbage. - int der_len = i2d_DSA_SIG(s, &der); - if (der_len < 0 || (size_t)der_len != sig_len || - OPENSSL_memcmp(sig, der, sig_len)) { - goto err; - } + // Ensure that the signature uses DER and doesn't have trailing garbage. + int der_len = i2d_DSA_SIG(s, &der); + if (der_len < 0 || (size_t)der_len != sig_len || + OPENSSL_memcmp(sig, der, sig_len)) { + goto err; + } - ret = DSA_do_check_signature(out_valid, digest, digest_len, s, dsa); + ret = DSA_do_check_signature(out_valid, digest, digest_len, s, dsa); + } err: OPENSSL_free(der); diff --git a/Sources/CCryptoBoringSSL/crypto/dsa/dsa_asn1.c b/Sources/CCryptoBoringSSL/crypto/dsa/dsa_asn1.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/dsa/dsa_asn1.c rename to Sources/CCryptoBoringSSL/crypto/dsa/dsa_asn1.cc diff --git a/Sources/CCryptoBoringSSL/crypto/ec_extra/ec_asn1.c b/Sources/CCryptoBoringSSL/crypto/ec_extra/ec_asn1.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/ec_extra/ec_asn1.c rename to Sources/CCryptoBoringSSL/crypto/ec_extra/ec_asn1.cc diff --git a/Sources/CCryptoBoringSSL/crypto/ec_extra/ec_derive.c b/Sources/CCryptoBoringSSL/crypto/ec_extra/ec_derive.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/ec_extra/ec_derive.c rename to Sources/CCryptoBoringSSL/crypto/ec_extra/ec_derive.cc diff --git a/Sources/CCryptoBoringSSL/crypto/ec_extra/hash_to_curve.c b/Sources/CCryptoBoringSSL/crypto/ec_extra/hash_to_curve.cc similarity index 88% rename from Sources/CCryptoBoringSSL/crypto/ec_extra/hash_to_curve.c rename to Sources/CCryptoBoringSSL/crypto/ec_extra/hash_to_curve.cc index b295cf0b..2e9b132c 100644 --- a/Sources/CCryptoBoringSSL/crypto/ec_extra/hash_to_curve.c +++ b/Sources/CCryptoBoringSSL/crypto/ec_extra/hash_to_curve.cc @@ -20,10 +20,10 @@ #include -#include "internal.h" #include "../fipsmodule/bn/internal.h" #include "../fipsmodule/ec/internal.h" #include "../internal.h" +#include "internal.h" // This file implements hash-to-curve, as described in RFC 9380. @@ -63,72 +63,75 @@ static int expand_message_xmd(const EVP_MD *md, uint8_t *out, size_t out_len, EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); - // Long DSTs are hashed down to size. See section 5.3.3. - static_assert(EVP_MAX_MD_SIZE < 256, "hashed DST still too large"); - uint8_t dst_buf[EVP_MAX_MD_SIZE]; - if (dst_len >= 256) { - static const char kPrefix[] = "H2C-OVERSIZE-DST-"; + { + // Long DSTs are hashed down to size. See section 5.3.3. + static_assert(EVP_MAX_MD_SIZE < 256, "hashed DST still too large"); + uint8_t dst_buf[EVP_MAX_MD_SIZE]; + if (dst_len >= 256) { + static const char kPrefix[] = "H2C-OVERSIZE-DST-"; + if (!EVP_DigestInit_ex(&ctx, md, NULL) || + !EVP_DigestUpdate(&ctx, kPrefix, sizeof(kPrefix) - 1) || + !EVP_DigestUpdate(&ctx, dst, dst_len) || + !EVP_DigestFinal_ex(&ctx, dst_buf, NULL)) { + goto err; + } + dst = dst_buf; + dst_len = md_size; + } + uint8_t dst_len_u8 = (uint8_t)dst_len; + + // Compute b_0. + static const uint8_t kZeros[EVP_MAX_MD_BLOCK_SIZE] = {0}; + // If |out_len| exceeds 16 bits then |i| will wrap below causing an error to + // be returned. This depends on the static assert above. + uint8_t l_i_b_str_zero[3] = {static_cast(out_len >> 8), + static_cast(out_len), 0}; + uint8_t b_0[EVP_MAX_MD_SIZE]; if (!EVP_DigestInit_ex(&ctx, md, NULL) || - !EVP_DigestUpdate(&ctx, kPrefix, sizeof(kPrefix) - 1) || + !EVP_DigestUpdate(&ctx, kZeros, block_size) || + !EVP_DigestUpdate(&ctx, msg, msg_len) || + !EVP_DigestUpdate(&ctx, l_i_b_str_zero, sizeof(l_i_b_str_zero)) || !EVP_DigestUpdate(&ctx, dst, dst_len) || - !EVP_DigestFinal_ex(&ctx, dst_buf, NULL)) { + !EVP_DigestUpdate(&ctx, &dst_len_u8, 1) || + !EVP_DigestFinal_ex(&ctx, b_0, NULL)) { goto err; } - dst = dst_buf; - dst_len = md_size; - } - uint8_t dst_len_u8 = (uint8_t)dst_len; - - // Compute b_0. - static const uint8_t kZeros[EVP_MAX_MD_BLOCK_SIZE] = {0}; - // If |out_len| exceeds 16 bits then |i| will wrap below causing an error to - // be returned. This depends on the static assert above. - uint8_t l_i_b_str_zero[3] = {out_len >> 8, out_len, 0}; - uint8_t b_0[EVP_MAX_MD_SIZE]; - if (!EVP_DigestInit_ex(&ctx, md, NULL) || - !EVP_DigestUpdate(&ctx, kZeros, block_size) || - !EVP_DigestUpdate(&ctx, msg, msg_len) || - !EVP_DigestUpdate(&ctx, l_i_b_str_zero, sizeof(l_i_b_str_zero)) || - !EVP_DigestUpdate(&ctx, dst, dst_len) || - !EVP_DigestUpdate(&ctx, &dst_len_u8, 1) || - !EVP_DigestFinal_ex(&ctx, b_0, NULL)) { - goto err; - } - uint8_t b_i[EVP_MAX_MD_SIZE]; - uint8_t i = 1; - while (out_len > 0) { - if (i == 0) { - // Input was too large. - OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); - goto err; - } - if (i > 1) { - for (size_t j = 0; j < md_size; j++) { - b_i[j] ^= b_0[j]; + uint8_t b_i[EVP_MAX_MD_SIZE]; + uint8_t i = 1; + while (out_len > 0) { + if (i == 0) { + // Input was too large. + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); + goto err; + } + if (i > 1) { + for (size_t j = 0; j < md_size; j++) { + b_i[j] ^= b_0[j]; + } + } else { + OPENSSL_memcpy(b_i, b_0, md_size); } - } else { - OPENSSL_memcpy(b_i, b_0, md_size); - } - if (!EVP_DigestInit_ex(&ctx, md, NULL) || - !EVP_DigestUpdate(&ctx, b_i, md_size) || - !EVP_DigestUpdate(&ctx, &i, 1) || - !EVP_DigestUpdate(&ctx, dst, dst_len) || - !EVP_DigestUpdate(&ctx, &dst_len_u8, 1) || - !EVP_DigestFinal_ex(&ctx, b_i, NULL)) { - goto err; + if (!EVP_DigestInit_ex(&ctx, md, NULL) || + !EVP_DigestUpdate(&ctx, b_i, md_size) || + !EVP_DigestUpdate(&ctx, &i, 1) || + !EVP_DigestUpdate(&ctx, dst, dst_len) || + !EVP_DigestUpdate(&ctx, &dst_len_u8, 1) || + !EVP_DigestFinal_ex(&ctx, b_i, NULL)) { + goto err; + } + + size_t todo = out_len >= md_size ? md_size : out_len; + OPENSSL_memcpy(out, b_i, todo); + out += todo; + out_len -= todo; + i++; } - size_t todo = out_len >= md_size ? md_size : out_len; - OPENSSL_memcpy(out, b_i, todo); - out += todo; - out_len -= todo; - i++; + ret = 1; } - ret = 1; - err: EVP_MD_CTX_cleanup(&ctx); return ret; @@ -144,8 +147,7 @@ static int num_bytes_to_derive(size_t *out, const BIGNUM *modulus, unsigned k) { // |felem_reduce| and |ec_scalar_reduce|. All defined hash-to-curve suites // define |k| to be well under this bound. (|k| is usually around half of // |p_bits|.) - if (L * 8 >= 2 * bits - 2 || - L > 2 * EC_MAX_BYTES) { + if (L * 8 >= 2 * bits - 2 || L > 2 * EC_MAX_BYTES) { assert(0); OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); return 0; @@ -462,9 +464,9 @@ int EC_hash_to_curve_p384_xmd_sha384_sswu(const EC_GROUP *group, EC_POINT *out, msg, msg_len); } -int ec_hash_to_scalar_p384_xmd_sha384( - const EC_GROUP *group, EC_SCALAR *out, const uint8_t *dst, size_t dst_len, - const uint8_t *msg, size_t msg_len) { +int ec_hash_to_scalar_p384_xmd_sha384(const EC_GROUP *group, EC_SCALAR *out, + const uint8_t *dst, size_t dst_len, + const uint8_t *msg, size_t msg_len) { if (EC_GROUP_get_curve_name(group) != NID_secp384r1) { OPENSSL_PUT_ERROR(EC, EC_R_GROUP_MISMATCH); return 0; @@ -475,8 +477,8 @@ int ec_hash_to_scalar_p384_xmd_sha384( } int ec_hash_to_curve_p384_xmd_sha512_sswu_draft07( - const EC_GROUP *group, EC_JACOBIAN *out, const uint8_t *dst, - size_t dst_len, const uint8_t *msg, size_t msg_len) { + const EC_GROUP *group, EC_JACOBIAN *out, const uint8_t *dst, size_t dst_len, + const uint8_t *msg, size_t msg_len) { // See section 8.3 of draft-irtf-cfrg-hash-to-curve-07. if (EC_GROUP_get_curve_name(group) != NID_secp384r1) { OPENSSL_PUT_ERROR(EC, EC_R_GROUP_MISMATCH); diff --git a/Sources/CCryptoBoringSSL/crypto/ecdh_extra/ecdh_extra.c b/Sources/CCryptoBoringSSL/crypto/ecdh_extra/ecdh_extra.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/ecdh_extra/ecdh_extra.c rename to Sources/CCryptoBoringSSL/crypto/ecdh_extra/ecdh_extra.cc diff --git a/Sources/CCryptoBoringSSL/crypto/ecdsa_extra/ecdsa_asn1.c b/Sources/CCryptoBoringSSL/crypto/ecdsa_extra/ecdsa_asn1.cc similarity index 92% rename from Sources/CCryptoBoringSSL/crypto/ecdsa_extra/ecdsa_asn1.c rename to Sources/CCryptoBoringSSL/crypto/ecdsa_extra/ecdsa_asn1.cc index 11c9deb9..21ef1743 100644 --- a/Sources/CCryptoBoringSSL/crypto/ecdsa_extra/ecdsa_asn1.c +++ b/Sources/CCryptoBoringSSL/crypto/ecdsa_extra/ecdsa_asn1.cc @@ -57,8 +57,8 @@ #include #include -#include #include +#include #include #include "../bytestring/internal.h" @@ -79,8 +79,7 @@ static ECDSA_SIG *ecdsa_sig_from_fixed(const EC_KEY *key, const uint8_t *in, return NULL; } ECDSA_SIG *ret = ECDSA_SIG_new(); - if (ret == NULL || - !BN_bin2bn(in, scalar_len, ret->r) || + if (ret == NULL || !BN_bin2bn(in, scalar_len, ret->r) || !BN_bin2bn(in + scalar_len, scalar_len, ret->s)) { ECDSA_SIG_free(ret); return NULL; @@ -100,8 +99,7 @@ static int ecdsa_sig_to_fixed(const EC_KEY *key, uint8_t *out, size_t *out_len, OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL); return 0; } - if (BN_is_negative(sig->r) || - !BN_bn2bin_padded(out, scalar_len, sig->r) || + if (BN_is_negative(sig->r) || !BN_bn2bin_padded(out, scalar_len, sig->r) || BN_is_negative(sig->s) || !BN_bn2bin_padded(out + scalar_len, scalar_len, sig->s)) { OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE); @@ -115,7 +113,7 @@ int ECDSA_sign(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig, unsigned int *out_sig_len, const EC_KEY *eckey) { if (eckey->ecdsa_meth && eckey->ecdsa_meth->sign) { return eckey->ecdsa_meth->sign(digest, digest_len, sig, out_sig_len, - (EC_KEY*) eckey /* cast away const */); + (EC_KEY *)eckey /* cast away const */); } *out_sig_len = 0; @@ -137,8 +135,7 @@ int ECDSA_sign(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig, CBB cbb; CBB_init_fixed(&cbb, sig, ECDSA_size(eckey)); size_t len; - if (!ECDSA_SIG_marshal(&cbb, s) || - !CBB_finish(&cbb, NULL, &len)) { + if (!ECDSA_SIG_marshal(&cbb, s) || !CBB_finish(&cbb, NULL, &len)) { OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR); goto err; } @@ -165,8 +162,8 @@ int ECDSA_verify(int type, const uint8_t *digest, size_t digest_len, // Defend against potential laxness in the DER parser. size_t der_len; - if (!ECDSA_SIG_to_bytes(&der, &der_len, s) || - der_len != sig_len || OPENSSL_memcmp(sig, der, sig_len) != 0) { + if (!ECDSA_SIG_to_bytes(&der, &der_len, s) || der_len != sig_len || + OPENSSL_memcmp(sig, der, sig_len) != 0) { // This should never happen. crypto/bytestring is strictly DER. OPENSSL_PUT_ERROR(ECDSA, ERR_R_INTERNAL_ERROR); goto err; @@ -205,7 +202,8 @@ size_t ECDSA_size(const EC_KEY *key) { } ECDSA_SIG *ECDSA_SIG_new(void) { - ECDSA_SIG *sig = OPENSSL_malloc(sizeof(ECDSA_SIG)); + ECDSA_SIG *sig = + reinterpret_cast(OPENSSL_malloc(sizeof(ECDSA_SIG))); if (sig == NULL) { return NULL; } @@ -228,13 +226,9 @@ void ECDSA_SIG_free(ECDSA_SIG *sig) { OPENSSL_free(sig); } -const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig) { - return sig->r; -} +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig) { return sig->r; } -const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig) { - return sig->s; -} +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig) { return sig->s; } void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **out_r, const BIGNUM **out_s) { @@ -301,8 +295,7 @@ ECDSA_SIG *ECDSA_SIG_parse(CBS *cbs) { CBS child; if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) || !BN_parse_asn1_unsigned(&child, ret->r) || - !BN_parse_asn1_unsigned(&child, ret->s) || - CBS_len(&child) != 0) { + !BN_parse_asn1_unsigned(&child, ret->s) || CBS_len(&child) != 0) { OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE); ECDSA_SIG_free(ret); return NULL; @@ -325,8 +318,7 @@ ECDSA_SIG *ECDSA_SIG_from_bytes(const uint8_t *in, size_t in_len) { int ECDSA_SIG_marshal(CBB *cbb, const ECDSA_SIG *sig) { CBB child; if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) || - !BN_marshal_asn1(&child, sig->r) || - !BN_marshal_asn1(&child, sig->s) || + !BN_marshal_asn1(&child, sig->r) || !BN_marshal_asn1(&child, sig->s) || !CBB_flush(cbb)) { OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR); return 0; @@ -338,8 +330,7 @@ int ECDSA_SIG_to_bytes(uint8_t **out_bytes, size_t *out_len, const ECDSA_SIG *sig) { CBB cbb; CBB_zero(&cbb); - if (!CBB_init(&cbb, 0) || - !ECDSA_SIG_marshal(&cbb, sig) || + if (!CBB_init(&cbb, 0) || !ECDSA_SIG_marshal(&cbb, sig) || !CBB_finish(&cbb, out_bytes, out_len)) { OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR); CBB_cleanup(&cbb); @@ -402,8 +393,7 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **out, const uint8_t **inp, long len) { int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp) { CBB cbb; - if (!CBB_init(&cbb, 0) || - !ECDSA_SIG_marshal(&cbb, sig)) { + if (!CBB_init(&cbb, 0) || !ECDSA_SIG_marshal(&cbb, sig)) { CBB_cleanup(&cbb); return -1; } diff --git a/Sources/CCryptoBoringSSL/crypto/engine/engine.c b/Sources/CCryptoBoringSSL/crypto/engine/engine.cc similarity index 84% rename from Sources/CCryptoBoringSSL/crypto/engine/engine.c rename to Sources/CCryptoBoringSSL/crypto/engine/engine.cc index 2458fcb8..8fd20174 100644 --- a/Sources/CCryptoBoringSSL/crypto/engine/engine.c +++ b/Sources/CCryptoBoringSSL/crypto/engine/engine.cc @@ -14,8 +14,8 @@ #include -#include #include +#include #include #include @@ -31,7 +31,9 @@ struct engine_st { ECDSA_METHOD *ecdsa_method; }; -ENGINE *ENGINE_new(void) { return OPENSSL_zalloc(sizeof(ENGINE)); } +ENGINE *ENGINE_new(void) { + return reinterpret_cast(OPENSSL_zalloc(sizeof(ENGINE))); +} int ENGINE_free(ENGINE *engine) { // Methods are currently required to be static so are not unref'ed. @@ -46,17 +48,18 @@ int ENGINE_free(ENGINE *engine) { // static. static int set_method(void **out_member, const void *method, size_t method_size, size_t compiled_size) { - const struct openssl_method_common_st *common = method; + const struct openssl_method_common_st *common = + reinterpret_cast(method); if (method_size != compiled_size || !common->is_static) { return 0; } - *out_member = (void*) method; + *out_member = (void *)method; return 1; } int ENGINE_set_RSA_method(ENGINE *engine, const RSA_METHOD *method, - size_t method_size) { + size_t method_size) { return set_method((void **)&engine->rsa_method, method, method_size, sizeof(RSA_METHOD)); } @@ -76,11 +79,12 @@ ECDSA_METHOD *ENGINE_get_ECDSA_method(const ENGINE *engine) { } void METHOD_ref(void *method_in) { - assert(((struct openssl_method_common_st*) method_in)->is_static); + assert(((struct openssl_method_common_st *)method_in)->is_static); } void METHOD_unref(void *method_in) { - struct openssl_method_common_st *method = method_in; + struct openssl_method_common_st *method = + reinterpret_cast(method_in); if (method == NULL) { return; diff --git a/Sources/CCryptoBoringSSL/crypto/err/err.c b/Sources/CCryptoBoringSSL/crypto/err/err.cc similarity index 95% rename from Sources/CCryptoBoringSSL/crypto/err/err.c rename to Sources/CCryptoBoringSSL/crypto/err/err.cc index 36a07eac..54d04a58 100644 --- a/Sources/CCryptoBoringSSL/crypto/err/err.c +++ b/Sources/CCryptoBoringSSL/crypto/err/err.cc @@ -168,7 +168,7 @@ static char *strdup_libc_malloc(const char *str) { // |strdup| is not in C until C23, so MSVC triggers deprecation warnings, and // glibc and musl gate it on a feature macro. Reimplementing it is easier. size_t len = strlen(str); - char *ret = malloc(len + 1); + char *ret = reinterpret_cast(malloc(len + 1)); if (ret != NULL) { memcpy(ret, str, len + 1); } @@ -202,7 +202,7 @@ static int global_next_library = ERR_NUM_LIBS; static CRYPTO_MUTEX global_next_library_mutex = CRYPTO_MUTEX_INIT; static void err_state_free(void *statep) { - ERR_STATE *state = statep; + ERR_STATE *state = reinterpret_cast(statep); if (state == NULL) { return; @@ -217,9 +217,10 @@ static void err_state_free(void *statep) { // err_get_state gets the ERR_STATE object for the current thread. static ERR_STATE *err_get_state(void) { - ERR_STATE *state = CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_ERR); + ERR_STATE *state = reinterpret_cast( + CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_ERR)); if (state == NULL) { - state = malloc(sizeof(ERR_STATE)); + state = reinterpret_cast(malloc(sizeof(ERR_STATE))); if (state == NULL) { return NULL; } @@ -380,19 +381,15 @@ int ERR_get_next_error_library(void) { return ret; } -void ERR_remove_state(unsigned long pid) { - ERR_clear_error(); -} +void ERR_remove_state(unsigned long pid) { ERR_clear_error(); } -void ERR_clear_system_error(void) { - errno = 0; -} +void ERR_clear_system_error(void) { errno = 0; } // err_string_cmp is a compare function for searching error values with // |bsearch| in |err_string_lookup|. static int err_string_cmp(const void *a, const void *b) { - const uint32_t a_key = *((const uint32_t*) a) >> 15; - const uint32_t b_key = *((const uint32_t*) b) >> 15; + const uint32_t a_key = *((const uint32_t *)a) >> 15; + const uint32_t b_key = *((const uint32_t *)b) >> 15; if (a_key < b_key) { return -1; @@ -406,8 +403,7 @@ static int err_string_cmp(const void *a, const void *b) { // err_string_lookup looks up the string associated with |lib| and |key| in // |values| and |string_data|. It returns the string or NULL if not found. static const char *err_string_lookup(uint32_t lib, uint32_t key, - const uint32_t *values, - size_t num_values, + const uint32_t *values, size_t num_values, const char *string_data) { // |values| points to data in err_data.h, which is generated by // err_data_generate.go. It's an array of uint32_t values. Each value has the @@ -426,8 +422,8 @@ static const char *err_string_lookup(uint32_t lib, uint32_t key, return NULL; } uint32_t search_key = lib << 26 | key << 15; - const uint32_t *result = bsearch(&search_key, values, num_values, - sizeof(uint32_t), err_string_cmp); + const uint32_t *result = reinterpret_cast(bsearch( + &search_key, values, num_values, sizeof(uint32_t), err_string_cmp)); if (result == NULL) { return NULL; } @@ -632,7 +628,7 @@ void ERR_print_errors_cb(ERR_print_errors_callback_t callback, void *ctx) { // thread_hash is the least-significant bits of the |ERR_STATE| pointer value // for this thread. - const unsigned long thread_hash = (uintptr_t) err_get_state(); + const unsigned long thread_hash = (uintptr_t)err_get_state(); for (;;) { packed_error = ERR_get_error_line_data(&file, &line, &data, &flags); @@ -649,9 +645,9 @@ void ERR_print_errors_cb(ERR_print_errors_callback_t callback, void *ctx) { } } -static int print_errors_to_file(const char* msg, size_t msg_len, void* ctx) { +static int print_errors_to_file(const char *msg, size_t msg_len, void *ctx) { assert(msg[msg_len] == '\0'); - FILE* fp = ctx; + FILE *fp = reinterpret_cast(ctx); int res = fputs(msg, fp); return res < 0 ? 0 : 1; } @@ -722,16 +718,16 @@ static void err_add_error_vdata(unsigned num, va_list args) { } size_t substr_len = strlen(substr); if (SIZE_MAX - total_size < substr_len) { - return; // Would overflow. + return; // Would overflow. } total_size += substr_len; } va_end(args_copy); if (total_size == SIZE_MAX) { - return; // Would overflow. + return; // Would overflow. } - total_size += 1; // NUL terminator. - if ((buf = malloc(total_size)) == NULL) { + total_size += 1; // NUL terminator. + if ((buf = reinterpret_cast(malloc(total_size))) == NULL) { return; } buf[0] = '\0'; @@ -741,7 +737,7 @@ static void err_add_error_vdata(unsigned num, va_list args) { continue; } if (OPENSSL_strlcat(buf, substr, total_size) >= total_size) { - assert(0); // should not be possible. + assert(0); // should not be possible. } } va_end(args); @@ -855,7 +851,8 @@ ERR_SAVE_STATE *ERR_save_state(void) { return NULL; } - ERR_SAVE_STATE *ret = malloc(sizeof(ERR_SAVE_STATE)); + ERR_SAVE_STATE *ret = + reinterpret_cast(malloc(sizeof(ERR_SAVE_STATE))); if (ret == NULL) { return NULL; } @@ -865,7 +862,8 @@ ERR_SAVE_STATE *ERR_save_state(void) { ? state->top - state->bottom : ERR_NUM_ERRORS + state->top - state->bottom; assert(num_errors < ERR_NUM_ERRORS); - ret->errors = malloc(num_errors * sizeof(struct err_error_st)); + ret->errors = reinterpret_cast( + malloc(num_errors * sizeof(struct err_error_st))); if (ret->errors == NULL) { free(ret); return NULL; diff --git a/Sources/CCryptoBoringSSL/crypto/evp/evp.c b/Sources/CCryptoBoringSSL/crypto/evp/evp.cc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/evp/evp.c rename to Sources/CCryptoBoringSSL/crypto/evp/evp.cc index db9fae49..966026a8 100644 --- a/Sources/CCryptoBoringSSL/crypto/evp/evp.c +++ b/Sources/CCryptoBoringSSL/crypto/evp/evp.cc @@ -64,8 +64,8 @@ #include #include -#include "internal.h" #include "../internal.h" +#include "internal.h" // Node depends on |EVP_R_NOT_XOF_OR_INVALID_LENGTH|. @@ -78,7 +78,8 @@ OPENSSL_DECLARE_ERROR_REASON(EVP, NOT_XOF_OR_INVALID_LENGTH) OPENSSL_DECLARE_ERROR_REASON(EVP, EMPTY_PSK) EVP_PKEY *EVP_PKEY_new(void) { - EVP_PKEY *ret = OPENSSL_zalloc(sizeof(EVP_PKEY)); + EVP_PKEY *ret = + reinterpret_cast(OPENSSL_zalloc(sizeof(EVP_PKEY))); if (ret == NULL) { return NULL; } @@ -196,9 +197,7 @@ int EVP_PKEY_bits(const EVP_PKEY *pkey) { return 0; } -int EVP_PKEY_id(const EVP_PKEY *pkey) { - return pkey->type; -} +int EVP_PKEY_id(const EVP_PKEY *pkey) { return pkey->type; } // evp_pkey_asn1_find returns the ASN.1 method table for the given |nid|, which // should be one of the |EVP_PKEY_*| values. It returns NULL if |nid| is @@ -238,13 +237,13 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) { // public API. switch (type) { case EVP_PKEY_RSA: - return EVP_PKEY_assign_RSA(pkey, key); + return EVP_PKEY_assign_RSA(pkey, reinterpret_cast(key)); case EVP_PKEY_DSA: - return EVP_PKEY_assign_DSA(pkey, key); + return EVP_PKEY_assign_DSA(pkey, reinterpret_cast(key)); case EVP_PKEY_EC: - return EVP_PKEY_assign_EC_KEY(pkey, key); + return EVP_PKEY_assign_EC_KEY(pkey, reinterpret_cast(key)); case EVP_PKEY_DH: - return EVP_PKEY_assign_DH(pkey, key); + return EVP_PKEY_assign_DH(pkey, reinterpret_cast(key)); } OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM); diff --git a/Sources/CCryptoBoringSSL/crypto/evp/evp_asn1.c b/Sources/CCryptoBoringSSL/crypto/evp/evp_asn1.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/evp/evp_asn1.c rename to Sources/CCryptoBoringSSL/crypto/evp/evp_asn1.cc diff --git a/Sources/CCryptoBoringSSL/crypto/evp/evp_ctx.c b/Sources/CCryptoBoringSSL/crypto/evp/evp_ctx.cc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/evp/evp_ctx.c rename to Sources/CCryptoBoringSSL/crypto/evp/evp_ctx.cc index 7ef9ec6e..533e4317 100644 --- a/Sources/CCryptoBoringSSL/crypto/evp/evp_ctx.c +++ b/Sources/CCryptoBoringSSL/crypto/evp/evp_ctx.cc @@ -67,15 +67,12 @@ static const EVP_PKEY_METHOD *const evp_methods[] = { - &rsa_pkey_meth, - &ec_pkey_meth, - &ed25519_pkey_meth, - &x25519_pkey_meth, - &hkdf_pkey_meth, + &rsa_pkey_meth, &ec_pkey_meth, &ed25519_pkey_meth, + &x25519_pkey_meth, &hkdf_pkey_meth, }; static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) { - for (size_t i = 0; i < sizeof(evp_methods)/sizeof(EVP_PKEY_METHOD*); i++) { + for (size_t i = 0; i < sizeof(evp_methods) / sizeof(EVP_PKEY_METHOD *); i++) { if (evp_methods[i]->pkey_id == type) { return evp_methods[i]; } @@ -86,7 +83,8 @@ static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) { static EVP_PKEY_CTX *evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *e, const EVP_PKEY_METHOD *pmeth) { - EVP_PKEY_CTX *ret = OPENSSL_zalloc(sizeof(EVP_PKEY_CTX)); + EVP_PKEY_CTX *ret = + reinterpret_cast(OPENSSL_zalloc(sizeof(EVP_PKEY_CTX))); if (!ret) { return NULL; } @@ -155,7 +153,8 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx) { return NULL; } - EVP_PKEY_CTX *ret = OPENSSL_zalloc(sizeof(EVP_PKEY_CTX)); + EVP_PKEY_CTX *ret = + reinterpret_cast(OPENSSL_zalloc(sizeof(EVP_PKEY_CTX))); if (!ret) { return NULL; } diff --git a/Sources/CCryptoBoringSSL/crypto/evp/p_dh.c b/Sources/CCryptoBoringSSL/crypto/evp/p_dh.cc similarity index 75% rename from Sources/CCryptoBoringSSL/crypto/evp/p_dh.c rename to Sources/CCryptoBoringSSL/crypto/evp/p_dh.cc index 5e901020..1f7659bf 100644 --- a/Sources/CCryptoBoringSSL/crypto/evp/p_dh.c +++ b/Sources/CCryptoBoringSSL/crypto/evp/p_dh.cc @@ -23,7 +23,8 @@ typedef struct dh_pkey_ctx_st { } DH_PKEY_CTX; static int pkey_dh_init(EVP_PKEY_CTX *ctx) { - DH_PKEY_CTX *dctx = OPENSSL_zalloc(sizeof(DH_PKEY_CTX)); + DH_PKEY_CTX *dctx = + reinterpret_cast(OPENSSL_zalloc(sizeof(DH_PKEY_CTX))); if (dctx == NULL) { return 0; } @@ -37,8 +38,8 @@ static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { return 0; } - const DH_PKEY_CTX *sctx = src->data; - DH_PKEY_CTX *dctx = dst->data; + const DH_PKEY_CTX *sctx = reinterpret_cast(src->data); + DH_PKEY_CTX *dctx = reinterpret_cast(dst->data); dctx->pad = sctx->pad; return 1; } @@ -63,14 +64,14 @@ static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { } static int pkey_dh_derive(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len) { - DH_PKEY_CTX *dctx = ctx->data; + DH_PKEY_CTX *dctx = reinterpret_cast(ctx->data); if (ctx->pkey == NULL || ctx->peerkey == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET); return 0; } - DH *our_key = ctx->pkey->pkey; - DH *peer_key = ctx->peerkey->pkey; + DH *our_key = reinterpret_cast(ctx->pkey->pkey); + DH *peer_key = reinterpret_cast(ctx->peerkey->pkey); if (our_key == NULL || peer_key == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET); return 0; @@ -104,7 +105,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len) { } static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { - DH_PKEY_CTX *dctx = ctx->data; + DH_PKEY_CTX *dctx = reinterpret_cast(ctx->data); switch (type) { case EVP_PKEY_CTRL_PEER_KEY: // |EVP_PKEY_derive_set_peer| requires the key implement this command, @@ -122,13 +123,21 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { } const EVP_PKEY_METHOD dh_pkey_meth = { - .pkey_id = EVP_PKEY_DH, - .init = pkey_dh_init, - .copy = pkey_dh_copy, - .cleanup = pkey_dh_cleanup, - .keygen = pkey_dh_keygen, - .derive = pkey_dh_derive, - .ctrl = pkey_dh_ctrl, + /*pkey_id=*/EVP_PKEY_DH, + /*init=*/pkey_dh_init, + /*copy=*/pkey_dh_copy, + /*cleanup=*/pkey_dh_cleanup, + /*keygen=*/pkey_dh_keygen, + /*sign=*/nullptr, + /*sign_message=*/nullptr, + /*verify=*/nullptr, + /*verify_message=*/nullptr, + /*verify_recover=*/nullptr, + /*encrypt=*/nullptr, + /*decrypt=*/nullptr, + /*derive=*/pkey_dh_derive, + /*paramgen=*/nullptr, + /*ctrl=*/pkey_dh_ctrl, }; int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) { diff --git a/Sources/CCryptoBoringSSL/crypto/evp/p_dh_asn1.c b/Sources/CCryptoBoringSSL/crypto/evp/p_dh_asn1.cc similarity index 63% rename from Sources/CCryptoBoringSSL/crypto/evp/p_dh_asn1.c rename to Sources/CCryptoBoringSSL/crypto/evp/p_dh_asn1.cc index 7132552e..f261f74b 100644 --- a/Sources/CCryptoBoringSSL/crypto/evp/p_dh_asn1.c +++ b/Sources/CCryptoBoringSSL/crypto/evp/p_dh_asn1.cc @@ -13,21 +13,25 @@ #include #include -#include "internal.h" #include "../internal.h" +#include "internal.h" static void dh_free(EVP_PKEY *pkey) { - DH_free(pkey->pkey); + DH_free(reinterpret_cast(pkey->pkey)); pkey->pkey = NULL; } -static int dh_size(const EVP_PKEY *pkey) { return DH_size(pkey->pkey); } +static int dh_size(const EVP_PKEY *pkey) { + return DH_size(reinterpret_cast(pkey->pkey)); +} -static int dh_bits(const EVP_PKEY *pkey) { return DH_bits(pkey->pkey); } +static int dh_bits(const EVP_PKEY *pkey) { + return DH_bits(reinterpret_cast(pkey->pkey)); +} static int dh_param_missing(const EVP_PKEY *pkey) { - const DH *dh = pkey->pkey; + const DH *dh = reinterpret_cast(pkey->pkey); return dh == NULL || DH_get0_p(dh) == NULL || DH_get0_g(dh) == NULL; } @@ -37,13 +41,13 @@ static int dh_param_copy(EVP_PKEY *to, const EVP_PKEY *from) { return 0; } - const DH *dh = from->pkey; + const DH *dh = reinterpret_cast(from->pkey); const BIGNUM *q_old = DH_get0_q(dh); BIGNUM *p = BN_dup(DH_get0_p(dh)); BIGNUM *q = q_old == NULL ? NULL : BN_dup(q_old); BIGNUM *g = BN_dup(DH_get0_g(dh)); if (p == NULL || (q_old != NULL && q == NULL) || g == NULL || - !DH_set0_pqg(to->pkey, p, q, g)) { + !DH_set0_pqg(reinterpret_cast(to->pkey), p, q, g)) { BN_free(p); BN_free(q); BN_free(g); @@ -61,8 +65,8 @@ static int dh_param_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { // Matching OpenSSL, only compare p and g for PKCS#3-style Diffie-Hellman. // OpenSSL only checks q in X9.42-style Diffie-Hellman ("DHX"). - const DH *a_dh = a->pkey; - const DH *b_dh = b->pkey; + const DH *a_dh = reinterpret_cast(a->pkey); + const DH *b_dh = reinterpret_cast(b->pkey); return BN_cmp(DH_get0_p(a_dh), DH_get0_p(b_dh)) == 0 && BN_cmp(DH_get0_g(a_dh), DH_get0_g(b_dh)) == 0; } @@ -72,21 +76,34 @@ static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { return 0; } - const DH *a_dh = a->pkey; - const DH *b_dh = b->pkey; + const DH *a_dh = reinterpret_cast(a->pkey); + const DH *b_dh = reinterpret_cast(b->pkey); return BN_cmp(DH_get0_pub_key(a_dh), DH_get0_pub_key(b_dh)) == 0; } const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { - .pkey_id = EVP_PKEY_DH, - .pkey_method = &dh_pkey_meth, - .pub_cmp = dh_pub_cmp, - .pkey_size = dh_size, - .pkey_bits = dh_bits, - .param_missing = dh_param_missing, - .param_copy = dh_param_copy, - .param_cmp = dh_param_cmp, - .pkey_free = dh_free, + /*pkey_id=*/EVP_PKEY_DH, + /*oid=*/{0}, + /*oid_len=*/0, + /*pkey_method=*/&dh_pkey_meth, + /*pub_decode=*/nullptr, + /*pub_encode=*/nullptr, + /*pub_cmp=*/dh_pub_cmp, + /*priv_decode=*/nullptr, + /*priv_encode=*/nullptr, + /*set_priv_raw=*/nullptr, + /*set_pub_raw=*/nullptr, + /*get_priv_raw=*/nullptr, + /*get_pub_raw=*/nullptr, + /*set1_tls_encodedpoint=*/nullptr, + /*get1_tls_encodedpoint=*/nullptr, + /*pkey_opaque=*/nullptr, + /*pkey_size=*/dh_size, + /*pkey_bits=*/dh_bits, + /*param_missing=*/dh_param_missing, + /*param_copy=*/dh_param_copy, + /*param_cmp=*/dh_param_cmp, + /*pkey_free=*/dh_free, }; int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) { @@ -108,7 +125,7 @@ DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) { OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_DH_KEY); return NULL; } - return pkey->pkey; + return reinterpret_cast(const_cast(pkey)->pkey); } DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey) { diff --git a/Sources/CCryptoBoringSSL/crypto/evp/p_dsa_asn1.c b/Sources/CCryptoBoringSSL/crypto/evp/p_dsa_asn1.cc similarity index 88% rename from Sources/CCryptoBoringSSL/crypto/evp/p_dsa_asn1.c rename to Sources/CCryptoBoringSSL/crypto/evp/p_dsa_asn1.cc index e7d13bba..585e6455 100644 --- a/Sources/CCryptoBoringSSL/crypto/evp/p_dsa_asn1.c +++ b/Sources/CCryptoBoringSSL/crypto/evp/p_dsa_asn1.cc @@ -55,9 +55,9 @@ #include -#include #include #include +#include #include #include @@ -88,8 +88,7 @@ static int dsa_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) { goto err; } - if (!BN_parse_asn1_unsigned(key, dsa->pub_key) || - CBS_len(key) != 0) { + if (!BN_parse_asn1_unsigned(key, dsa->pub_key) || CBS_len(key) != 0) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); goto err; } @@ -103,7 +102,7 @@ static int dsa_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) { } static int dsa_pub_encode(CBB *out, const EVP_PKEY *key) { - const DSA *dsa = key->pkey; + const DSA *dsa = reinterpret_cast(key->pkey); const int has_params = dsa->p != NULL && dsa->q != NULL && dsa->g != NULL; // See RFC 5480, section 2. @@ -112,12 +111,10 @@ static int dsa_pub_encode(CBB *out, const EVP_PKEY *key) { !CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) || !CBB_add_asn1(&algorithm, &oid, CBS_ASN1_OBJECT) || !CBB_add_bytes(&oid, dsa_asn1_meth.oid, dsa_asn1_meth.oid_len) || - (has_params && - !DSA_marshal_parameters(&algorithm, dsa)) || + (has_params && !DSA_marshal_parameters(&algorithm, dsa)) || !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) || !CBB_add_u8(&key_bitstring, 0 /* padding */) || - !BN_marshal_asn1(&key_bitstring, dsa->pub_key) || - !CBB_flush(out)) { + !BN_marshal_asn1(&key_bitstring, dsa->pub_key) || !CBB_flush(out)) { OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR); return 0; } @@ -140,8 +137,7 @@ static int dsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key) { if (dsa->priv_key == NULL) { goto err; } - if (!BN_parse_asn1_unsigned(key, dsa->priv_key) || - CBS_len(key) != 0) { + if (!BN_parse_asn1_unsigned(key, dsa->priv_key) || CBS_len(key) != 0) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); goto err; } @@ -174,7 +170,7 @@ static int dsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key) { } static int dsa_priv_encode(CBB *out, const EVP_PKEY *key) { - const DSA *dsa = key->pkey; + const DSA *dsa = reinterpret_cast(key->pkey); if (dsa == NULL || dsa->priv_key == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS); return 0; @@ -189,8 +185,7 @@ static int dsa_priv_encode(CBB *out, const EVP_PKEY *key) { !CBB_add_bytes(&oid, dsa_asn1_meth.oid, dsa_asn1_meth.oid_len) || !DSA_marshal_parameters(&algorithm, dsa) || !CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) || - !BN_marshal_asn1(&private_key, dsa->priv_key) || - !CBB_flush(out)) { + !BN_marshal_asn1(&private_key, dsa->priv_key) || !CBB_flush(out)) { OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR); return 0; } @@ -199,17 +194,17 @@ static int dsa_priv_encode(CBB *out, const EVP_PKEY *key) { } static int int_dsa_size(const EVP_PKEY *pkey) { - const DSA *dsa = pkey->pkey; + const DSA *dsa = reinterpret_cast(pkey->pkey); return DSA_size(dsa); } static int dsa_bits(const EVP_PKEY *pkey) { - const DSA *dsa = pkey->pkey; + const DSA *dsa = reinterpret_cast(pkey->pkey); return BN_num_bits(DSA_get0_p(dsa)); } static int dsa_missing_parameters(const EVP_PKEY *pkey) { - const DSA *dsa = pkey->pkey; + const DSA *dsa = reinterpret_cast(pkey->pkey); if (DSA_get0_p(dsa) == NULL || DSA_get0_q(dsa) == NULL || DSA_get0_g(dsa) == NULL) { return 1; @@ -231,8 +226,8 @@ static int dup_bn_into(BIGNUM **out, BIGNUM *src) { } static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { - DSA *to_dsa = to->pkey; - const DSA *from_dsa = from->pkey; + DSA *to_dsa = reinterpret_cast(to->pkey); + const DSA *from_dsa = reinterpret_cast(from->pkey); if (!dup_bn_into(&to_dsa->p, from_dsa->p) || !dup_bn_into(&to_dsa->q, from_dsa->q) || !dup_bn_into(&to_dsa->g, from_dsa->g)) { @@ -243,21 +238,21 @@ static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { } static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { - const DSA *a_dsa = a->pkey; - const DSA *b_dsa = b->pkey; + const DSA *a_dsa = reinterpret_cast(a->pkey); + const DSA *b_dsa = reinterpret_cast(b->pkey); return BN_cmp(DSA_get0_p(a_dsa), DSA_get0_p(b_dsa)) == 0 && BN_cmp(DSA_get0_q(a_dsa), DSA_get0_q(b_dsa)) == 0 && BN_cmp(DSA_get0_g(a_dsa), DSA_get0_g(b_dsa)) == 0; } static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { - const DSA *a_dsa = a->pkey; - const DSA *b_dsa = b->pkey; + const DSA *a_dsa = reinterpret_cast(a->pkey); + const DSA *b_dsa = reinterpret_cast(b->pkey); return BN_cmp(DSA_get0_pub_key(b_dsa), DSA_get0_pub_key(a_dsa)) == 0; } static void int_dsa_free(EVP_PKEY *pkey) { - DSA_free(pkey->pkey); + DSA_free(reinterpret_cast(pkey->pkey)); pkey->pkey = NULL; } @@ -326,7 +321,7 @@ DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey) { OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_DSA_KEY); return NULL; } - return pkey->pkey; + return reinterpret_cast(pkey->pkey); } DSA *EVP_PKEY_get1_DSA(const EVP_PKEY *pkey) { diff --git a/Sources/CCryptoBoringSSL/crypto/evp/p_ec.c b/Sources/CCryptoBoringSSL/crypto/evp/p_ec.cc similarity index 86% rename from Sources/CCryptoBoringSSL/crypto/evp/p_ec.c rename to Sources/CCryptoBoringSSL/crypto/evp/p_ec.cc index 3cebd638..940a2643 100644 --- a/Sources/CCryptoBoringSSL/crypto/evp/p_ec.c +++ b/Sources/CCryptoBoringSSL/crypto/evp/p_ec.cc @@ -67,9 +67,9 @@ #include #include -#include "internal.h" #include "../fipsmodule/ec/internal.h" #include "../internal.h" +#include "internal.h" typedef struct { @@ -80,7 +80,8 @@ typedef struct { static int pkey_ec_init(EVP_PKEY_CTX *ctx) { - EC_PKEY_CTX *dctx = OPENSSL_zalloc(sizeof(EC_PKEY_CTX)); + EC_PKEY_CTX *dctx = + reinterpret_cast(OPENSSL_zalloc(sizeof(EC_PKEY_CTX))); if (!dctx) { return 0; } @@ -94,15 +95,15 @@ static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { return 0; } - const EC_PKEY_CTX *sctx = src->data; - EC_PKEY_CTX *dctx = dst->data; + const EC_PKEY_CTX *sctx = reinterpret_cast(src->data); + EC_PKEY_CTX *dctx = reinterpret_cast(dst->data); dctx->md = sctx->md; dctx->gen_group = sctx->gen_group; return 1; } static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) { - EC_PKEY_CTX *dctx = ctx->data; + EC_PKEY_CTX *dctx = reinterpret_cast(ctx->data); if (!dctx) { return; } @@ -112,7 +113,7 @@ static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) { static int pkey_ec_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, const uint8_t *tbs, size_t tbslen) { - const EC_KEY *ec = ctx->pkey->pkey; + const EC_KEY *ec = reinterpret_cast(ctx->pkey->pkey); if (!sig) { *siglen = ECDSA_size(ec); return 1; @@ -131,18 +132,17 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, static int pkey_ec_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen, const uint8_t *tbs, size_t tbslen) { - const EC_KEY *ec_key = ctx->pkey->pkey; + const EC_KEY *ec_key = reinterpret_cast(ctx->pkey->pkey); return ECDSA_verify(0, tbs, tbslen, sig, siglen, ec_key); } -static int pkey_ec_derive(EVP_PKEY_CTX *ctx, uint8_t *key, - size_t *keylen) { +static int pkey_ec_derive(EVP_PKEY_CTX *ctx, uint8_t *key, size_t *keylen) { if (!ctx->pkey || !ctx->peerkey) { OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET); return 0; } - const EC_KEY *eckey = ctx->pkey->pkey; + const EC_KEY *eckey = reinterpret_cast(ctx->pkey->pkey); if (!key) { const EC_GROUP *group; group = EC_KEY_get0_group(eckey); @@ -150,7 +150,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, uint8_t *key, return 1; } - const EC_KEY *eckey_peer = ctx->peerkey->pkey; + const EC_KEY *eckey_peer = reinterpret_cast(ctx->peerkey->pkey); const EC_POINT *pubkey = EC_KEY_get0_public_key(eckey_peer); // NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is @@ -165,11 +165,11 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, uint8_t *key, } static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { - EC_PKEY_CTX *dctx = ctx->data; + EC_PKEY_CTX *dctx = reinterpret_cast(ctx->data); switch (type) { case EVP_PKEY_CTRL_MD: { - const EVP_MD *md = p2; + const EVP_MD *md = reinterpret_cast(p2); int md_type = EVP_MD_type(md); if (md_type != NID_sha1 && md_type != NID_sha224 && md_type != NID_sha256 && md_type != NID_sha384 && @@ -205,19 +205,17 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { } static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { - EC_PKEY_CTX *dctx = ctx->data; + EC_PKEY_CTX *dctx = reinterpret_cast(ctx->data); const EC_GROUP *group = dctx->gen_group; if (group == NULL) { if (ctx->pkey == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_NO_PARAMETERS_SET); return 0; } - group = EC_KEY_get0_group(ctx->pkey->pkey); + group = EC_KEY_get0_group(reinterpret_cast(ctx->pkey->pkey)); } EC_KEY *ec = EC_KEY_new(); - if (ec == NULL || - !EC_KEY_set_group(ec, group) || - !EC_KEY_generate_key(ec)) { + if (ec == NULL || !EC_KEY_set_group(ec, group) || !EC_KEY_generate_key(ec)) { EC_KEY_free(ec); return 0; } @@ -226,14 +224,13 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { } static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { - EC_PKEY_CTX *dctx = ctx->data; + EC_PKEY_CTX *dctx = reinterpret_cast(ctx->data); if (dctx->gen_group == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_NO_PARAMETERS_SET); return 0; } EC_KEY *ec = EC_KEY_new(); - if (ec == NULL || - !EC_KEY_set_group(ec, dctx->gen_group)) { + if (ec == NULL || !EC_KEY_set_group(ec, dctx->gen_group)) { EC_KEY_free(ec); return 0; } diff --git a/Sources/CCryptoBoringSSL/crypto/evp/p_ec_asn1.c b/Sources/CCryptoBoringSSL/crypto/evp/p_ec_asn1.cc similarity index 89% rename from Sources/CCryptoBoringSSL/crypto/evp/p_ec_asn1.c rename to Sources/CCryptoBoringSSL/crypto/evp/p_ec_asn1.cc index 2682cf8d..a298d440 100644 --- a/Sources/CCryptoBoringSSL/crypto/evp/p_ec_asn1.c +++ b/Sources/CCryptoBoringSSL/crypto/evp/p_ec_asn1.cc @@ -9,7 +9,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -66,7 +66,7 @@ static int eckey_pub_encode(CBB *out, const EVP_PKEY *key) { - const EC_KEY *ec_key = key->pkey; + const EC_KEY *ec_key = reinterpret_cast(key->pkey); const EC_GROUP *group = EC_KEY_get0_group(ec_key); const EC_POINT *public_key = EC_KEY_get0_public_key(ec_key); @@ -101,7 +101,7 @@ static int eckey_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) { } eckey = EC_KEY_new(); - if (eckey == NULL || // + if (eckey == NULL || // !EC_KEY_set_group(eckey, group) || !EC_KEY_oct2key(eckey, CBS_data(key), CBS_len(key), NULL)) { goto err; @@ -116,8 +116,8 @@ static int eckey_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) { } static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { - const EC_KEY *a_ec = a->pkey; - const EC_KEY *b_ec = b->pkey; + const EC_KEY *a_ec = reinterpret_cast(a->pkey); + const EC_KEY *b_ec = reinterpret_cast(b->pkey); const EC_GROUP *group = EC_KEY_get0_group(b_ec); const EC_POINT *pa = EC_KEY_get0_public_key(a_ec), *pb = EC_KEY_get0_public_key(b_ec); @@ -151,7 +151,7 @@ static int eckey_priv_decode(EVP_PKEY *out, CBS *params, CBS *key) { } static int eckey_priv_encode(CBB *out, const EVP_PKEY *key) { - const EC_KEY *ec_key = key->pkey; + const EC_KEY *ec_key = reinterpret_cast(key->pkey); // Omit the redundant copy of the curve name. This contradicts RFC 5915 but // aligns with PKCS #11. SEC 1 only says they may be omitted if known by other @@ -179,7 +179,7 @@ static int eckey_priv_encode(CBB *out, const EVP_PKEY *key) { static int eckey_set1_tls_encodedpoint(EVP_PKEY *pkey, const uint8_t *in, size_t len) { - EC_KEY *ec_key = pkey->pkey; + EC_KEY *ec_key = reinterpret_cast(pkey->pkey); if (ec_key == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET); return 0; @@ -190,7 +190,7 @@ static int eckey_set1_tls_encodedpoint(EVP_PKEY *pkey, const uint8_t *in, static size_t eckey_get1_tls_encodedpoint(const EVP_PKEY *pkey, uint8_t **out_ptr) { - const EC_KEY *ec_key = pkey->pkey; + const EC_KEY *ec_key = reinterpret_cast(pkey->pkey); if (ec_key == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET); return 0; @@ -200,12 +200,12 @@ static size_t eckey_get1_tls_encodedpoint(const EVP_PKEY *pkey, } static int int_ec_size(const EVP_PKEY *pkey) { - const EC_KEY *ec_key = pkey->pkey; + const EC_KEY *ec_key = reinterpret_cast(pkey->pkey); return ECDSA_size(ec_key); } static int ec_bits(const EVP_PKEY *pkey) { - const EC_KEY *ec_key = pkey->pkey; + const EC_KEY *ec_key = reinterpret_cast(pkey->pkey); const EC_GROUP *group = EC_KEY_get0_group(ec_key); if (group == NULL) { ERR_clear_error(); @@ -215,12 +215,12 @@ static int ec_bits(const EVP_PKEY *pkey) { } static int ec_missing_parameters(const EVP_PKEY *pkey) { - const EC_KEY *ec_key = pkey->pkey; + const EC_KEY *ec_key = reinterpret_cast(pkey->pkey); return ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL; } static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { - const EC_KEY *from_key = from->pkey; + const EC_KEY *from_key = reinterpret_cast(from->pkey); if (from_key == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET); return 0; @@ -236,12 +236,12 @@ static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { return 0; } } - return EC_KEY_set_group(to->pkey, group); + return EC_KEY_set_group(reinterpret_cast(to->pkey), group); } static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { - const EC_KEY *a_ec = a->pkey; - const EC_KEY *b_ec = b->pkey; + const EC_KEY *a_ec = reinterpret_cast(a->pkey); + const EC_KEY *b_ec = reinterpret_cast(b->pkey); if (a_ec == NULL || b_ec == NULL) { return -2; } @@ -258,12 +258,12 @@ static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { } static void int_ec_free(EVP_PKEY *pkey) { - EC_KEY_free(pkey->pkey); + EC_KEY_free(reinterpret_cast(pkey->pkey)); pkey->pkey = NULL; } static int eckey_opaque(const EVP_PKEY *pkey) { - const EC_KEY *ec_key = pkey->pkey; + const EC_KEY *ec_key = reinterpret_cast(pkey->pkey); return EC_KEY_is_opaque(ec_key); } @@ -320,7 +320,7 @@ EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) { OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_AN_EC_KEY_KEY); return NULL; } - return pkey->pkey; + return reinterpret_cast(pkey->pkey); } EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey) { diff --git a/Sources/CCryptoBoringSSL/crypto/evp/p_ed25519.c b/Sources/CCryptoBoringSSL/crypto/evp/p_ed25519.cc similarity index 76% rename from Sources/CCryptoBoringSSL/crypto/evp/p_ed25519.c rename to Sources/CCryptoBoringSSL/crypto/evp/p_ed25519.cc index 6aabdd1b..35214fa1 100644 --- a/Sources/CCryptoBoringSSL/crypto/evp/p_ed25519.c +++ b/Sources/CCryptoBoringSSL/crypto/evp/p_ed25519.cc @@ -25,7 +25,8 @@ static int pkey_ed25519_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { return 1; } static int pkey_ed25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { - ED25519_KEY *key = OPENSSL_malloc(sizeof(ED25519_KEY)); + ED25519_KEY *key = + reinterpret_cast(OPENSSL_malloc(sizeof(ED25519_KEY))); if (key == NULL) { return 0; } @@ -44,7 +45,8 @@ static int pkey_ed25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { static int pkey_ed25519_sign_message(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, const uint8_t *tbs, size_t tbslen) { - const ED25519_KEY *key = ctx->pkey->pkey; + const ED25519_KEY *key = + reinterpret_cast(ctx->pkey->pkey); if (!key->has_private) { OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY); return 0; @@ -71,7 +73,8 @@ static int pkey_ed25519_sign_message(EVP_PKEY_CTX *ctx, uint8_t *sig, static int pkey_ed25519_verify_message(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen, const uint8_t *tbs, size_t tbslen) { - const ED25519_KEY *key = ctx->pkey->pkey; + const ED25519_KEY *key = + reinterpret_cast(ctx->pkey->pkey); if (siglen != 64 || !ED25519_verify(tbs, tbslen, sig, key->key + ED25519_PUBLIC_KEY_OFFSET)) { OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_SIGNATURE); @@ -82,19 +85,19 @@ static int pkey_ed25519_verify_message(EVP_PKEY_CTX *ctx, const uint8_t *sig, } const EVP_PKEY_METHOD ed25519_pkey_meth = { - EVP_PKEY_ED25519, - NULL /* init */, - pkey_ed25519_copy, - NULL /* cleanup */, - pkey_ed25519_keygen, - NULL /* sign */, - pkey_ed25519_sign_message, - NULL /* verify */, - pkey_ed25519_verify_message, - NULL /* verify_recover */, - NULL /* encrypt */, - NULL /* decrypt */, - NULL /* derive */, - NULL /* paramgen */, - NULL /* ctrl */, + /*pkey_id=*/EVP_PKEY_ED25519, + /*init=*/nullptr, + /*copy=*/pkey_ed25519_copy, + /*cleanup=*/nullptr, + /*keygen=*/pkey_ed25519_keygen, + /*sign=*/nullptr, + /*sign_message=*/pkey_ed25519_sign_message, + /*verify=*/nullptr, + /*verify_message=*/pkey_ed25519_verify_message, + /*verify_recover=*/nullptr, + /*encrypt=*/nullptr, + /*decrypt=*/nullptr, + /*derive=*/nullptr, + /*paramgen=*/nullptr, + /*ctrl=*/nullptr, }; diff --git a/Sources/CCryptoBoringSSL/crypto/evp/p_ed25519_asn1.c b/Sources/CCryptoBoringSSL/crypto/evp/p_ed25519_asn1.cc similarity index 88% rename from Sources/CCryptoBoringSSL/crypto/evp/p_ed25519_asn1.c rename to Sources/CCryptoBoringSSL/crypto/evp/p_ed25519_asn1.cc index 31cd2fb7..d7264807 100644 --- a/Sources/CCryptoBoringSSL/crypto/evp/p_ed25519_asn1.c +++ b/Sources/CCryptoBoringSSL/crypto/evp/p_ed25519_asn1.cc @@ -19,8 +19,8 @@ #include #include -#include "internal.h" #include "../internal.h" +#include "internal.h" static void ed25519_free(EVP_PKEY *pkey) { @@ -34,7 +34,8 @@ static int ed25519_set_priv_raw(EVP_PKEY *pkey, const uint8_t *in, size_t len) { return 0; } - ED25519_KEY *key = OPENSSL_malloc(sizeof(ED25519_KEY)); + ED25519_KEY *key = + reinterpret_cast(OPENSSL_malloc(sizeof(ED25519_KEY))); if (key == NULL) { return 0; } @@ -56,7 +57,8 @@ static int ed25519_set_pub_raw(EVP_PKEY *pkey, const uint8_t *in, size_t len) { return 0; } - ED25519_KEY *key = OPENSSL_malloc(sizeof(ED25519_KEY)); + ED25519_KEY *key = + reinterpret_cast(OPENSSL_malloc(sizeof(ED25519_KEY))); if (key == NULL) { return 0; } @@ -71,7 +73,7 @@ static int ed25519_set_pub_raw(EVP_PKEY *pkey, const uint8_t *in, size_t len) { static int ed25519_get_priv_raw(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len) { - const ED25519_KEY *key = pkey->pkey; + const ED25519_KEY *key = reinterpret_cast(pkey->pkey); if (!key->has_private) { OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY); return 0; @@ -95,7 +97,7 @@ static int ed25519_get_priv_raw(const EVP_PKEY *pkey, uint8_t *out, static int ed25519_get_pub_raw(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len) { - const ED25519_KEY *key = pkey->pkey; + const ED25519_KEY *key = reinterpret_cast(pkey->pkey); if (out == NULL) { *out_len = 32; return 1; @@ -124,7 +126,7 @@ static int ed25519_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) { } static int ed25519_pub_encode(CBB *out, const EVP_PKEY *pkey) { - const ED25519_KEY *key = pkey->pkey; + const ED25519_KEY *key = reinterpret_cast(pkey->pkey); // See RFC 8410, section 4. CBB spki, algorithm, oid, key_bitstring; @@ -145,8 +147,8 @@ static int ed25519_pub_encode(CBB *out, const EVP_PKEY *pkey) { } static int ed25519_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { - const ED25519_KEY *a_key = a->pkey; - const ED25519_KEY *b_key = b->pkey; + const ED25519_KEY *a_key = reinterpret_cast(a->pkey); + const ED25519_KEY *b_key = reinterpret_cast(b->pkey); return OPENSSL_memcmp(a_key->key + ED25519_PUBLIC_KEY_OFFSET, b_key->key + ED25519_PUBLIC_KEY_OFFSET, 32) == 0; } @@ -158,8 +160,7 @@ static int ed25519_priv_decode(EVP_PKEY *out, CBS *params, CBS *key) { // OCTET STRING layer. CBS inner; if (CBS_len(params) != 0 || - !CBS_get_asn1(key, &inner, CBS_ASN1_OCTETSTRING) || - CBS_len(key) != 0) { + !CBS_get_asn1(key, &inner, CBS_ASN1_OCTETSTRING) || CBS_len(key) != 0) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); return 0; } @@ -168,7 +169,7 @@ static int ed25519_priv_decode(EVP_PKEY *out, CBS *params, CBS *key) { } static int ed25519_priv_encode(CBB *out, const EVP_PKEY *pkey) { - const ED25519_KEY *key = pkey->pkey; + const ED25519_KEY *key = reinterpret_cast(pkey->pkey); if (!key->has_private) { OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY); return 0; @@ -185,7 +186,7 @@ static int ed25519_priv_encode(CBB *out, const EVP_PKEY *pkey) { !CBB_add_asn1(&private_key, &inner, CBS_ASN1_OCTETSTRING) || // The PKCS#8 encoding stores only the 32-byte seed which is the first 32 // bytes of the private key. - !CBB_add_bytes(&inner, key->key, 32) || + !CBB_add_bytes(&inner, key->key, 32) || // !CBB_flush(out)) { OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR); return 0; diff --git a/Sources/CCryptoBoringSSL/crypto/evp/p_hkdf.c b/Sources/CCryptoBoringSSL/crypto/evp/p_hkdf.cc similarity index 86% rename from Sources/CCryptoBoringSSL/crypto/evp/p_hkdf.c rename to Sources/CCryptoBoringSSL/crypto/evp/p_hkdf.cc index 44fa907f..7b3381e3 100644 --- a/Sources/CCryptoBoringSSL/crypto/evp/p_hkdf.c +++ b/Sources/CCryptoBoringSSL/crypto/evp/p_hkdf.cc @@ -35,7 +35,8 @@ typedef struct { } HKDF_PKEY_CTX; static int pkey_hkdf_init(EVP_PKEY_CTX *ctx) { - HKDF_PKEY_CTX *hctx = OPENSSL_zalloc(sizeof(HKDF_PKEY_CTX)); + HKDF_PKEY_CTX *hctx = + reinterpret_cast(OPENSSL_zalloc(sizeof(HKDF_PKEY_CTX))); if (hctx == NULL) { return 0; } @@ -54,13 +55,15 @@ static int pkey_hkdf_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { return 0; } - HKDF_PKEY_CTX *hctx_dst = dst->data; - const HKDF_PKEY_CTX *hctx_src = src->data; + HKDF_PKEY_CTX *hctx_dst = reinterpret_cast(dst->data); + const HKDF_PKEY_CTX *hctx_src = + reinterpret_cast(src->data); hctx_dst->mode = hctx_src->mode; hctx_dst->md = hctx_src->md; if (hctx_src->key_len != 0) { - hctx_dst->key = OPENSSL_memdup(hctx_src->key, hctx_src->key_len); + hctx_dst->key = reinterpret_cast( + OPENSSL_memdup(hctx_src->key, hctx_src->key_len)); if (hctx_dst->key == NULL) { return 0; } @@ -68,7 +71,8 @@ static int pkey_hkdf_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { } if (hctx_src->salt_len != 0) { - hctx_dst->salt = OPENSSL_memdup(hctx_src->salt, hctx_src->salt_len); + hctx_dst->salt = reinterpret_cast( + OPENSSL_memdup(hctx_src->salt, hctx_src->salt_len)); if (hctx_dst->salt == NULL) { return 0; } @@ -84,7 +88,7 @@ static int pkey_hkdf_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { } static void pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx) { - HKDF_PKEY_CTX *hctx = ctx->data; + HKDF_PKEY_CTX *hctx = reinterpret_cast(ctx->data); if (hctx != NULL) { OPENSSL_free(hctx->key); OPENSSL_free(hctx->salt); @@ -95,7 +99,7 @@ static void pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx) { } static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len) { - HKDF_PKEY_CTX *hctx = ctx->data; + HKDF_PKEY_CTX *hctx = reinterpret_cast(ctx->data); if (hctx->md == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS); return 0; @@ -136,7 +140,7 @@ static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len) { } static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { - HKDF_PKEY_CTX *hctx = ctx->data; + HKDF_PKEY_CTX *hctx = reinterpret_cast(ctx->data); switch (type) { case EVP_PKEY_CTRL_HKDF_MODE: if (p1 != EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND && @@ -148,24 +152,24 @@ static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { hctx->mode = p1; return 1; case EVP_PKEY_CTRL_HKDF_MD: - hctx->md = p2; + hctx->md = reinterpret_cast(p2); return 1; case EVP_PKEY_CTRL_HKDF_KEY: { - const CBS *key = p2; + const CBS *key = reinterpret_cast(p2); if (!CBS_stow(key, &hctx->key, &hctx->key_len)) { return 0; } return 1; } case EVP_PKEY_CTRL_HKDF_SALT: { - const CBS *salt = p2; + const CBS *salt = reinterpret_cast(p2); if (!CBS_stow(salt, &hctx->salt, &hctx->salt_len)) { return 0; } return 1; } case EVP_PKEY_CTRL_HKDF_INFO: { - const CBS *info = p2; + const CBS *info = reinterpret_cast(p2); // |EVP_PKEY_CTX_add1_hkdf_info| appends to the info string, rather than // replacing it. if (!CBB_add_bytes(&hctx->info, CBS_data(info), CBS_len(info))) { @@ -180,7 +184,7 @@ static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { } const EVP_PKEY_METHOD hkdf_pkey_meth = { - EVP_PKEY_HKDF, + /*pkey_id=*/EVP_PKEY_HKDF, pkey_hkdf_init, pkey_hkdf_copy, pkey_hkdf_cleanup, diff --git a/Sources/CCryptoBoringSSL/crypto/evp/p_rsa.c b/Sources/CCryptoBoringSSL/crypto/evp/p_rsa.cc similarity index 89% rename from Sources/CCryptoBoringSSL/crypto/evp/p_rsa.c rename to Sources/CCryptoBoringSSL/crypto/evp/p_rsa.cc index a2eeb8d7..6c2c3db9 100644 --- a/Sources/CCryptoBoringSSL/crypto/evp/p_rsa.c +++ b/Sources/CCryptoBoringSSL/crypto/evp/p_rsa.cc @@ -97,7 +97,8 @@ typedef struct { } RSA_OAEP_LABEL_PARAMS; static int pkey_rsa_init(EVP_PKEY_CTX *ctx) { - RSA_PKEY_CTX *rctx = OPENSSL_zalloc(sizeof(RSA_PKEY_CTX)); + RSA_PKEY_CTX *rctx = + reinterpret_cast(OPENSSL_zalloc(sizeof(RSA_PKEY_CTX))); if (!rctx) { return 0; } @@ -116,8 +117,8 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { if (!pkey_rsa_init(dst)) { return 0; } - sctx = src->data; - dctx = dst->data; + sctx = reinterpret_cast(src->data); + dctx = reinterpret_cast(dst->data); dctx->nbits = sctx->nbits; if (sctx->pub_exp) { dctx->pub_exp = BN_dup(sctx->pub_exp); @@ -132,7 +133,8 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { dctx->saltlen = sctx->saltlen; if (sctx->oaep_label) { OPENSSL_free(dctx->oaep_label); - dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen); + dctx->oaep_label = reinterpret_cast( + OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen)); if (!dctx->oaep_label) { return 0; } @@ -143,7 +145,7 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { } static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) { - RSA_PKEY_CTX *rctx = ctx->data; + RSA_PKEY_CTX *rctx = reinterpret_cast(ctx->data); if (rctx == NULL) { return; @@ -159,7 +161,8 @@ static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) { if (ctx->tbuf) { return 1; } - ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey)); + ctx->tbuf = + reinterpret_cast(OPENSSL_malloc(EVP_PKEY_size(pk->pkey))); if (!ctx->tbuf) { return 0; } @@ -168,8 +171,8 @@ static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) { static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, const uint8_t *tbs, size_t tbslen) { - RSA_PKEY_CTX *rctx = ctx->data; - RSA *rsa = ctx->pkey->pkey; + RSA_PKEY_CTX *rctx = reinterpret_cast(ctx->data); + RSA *rsa = reinterpret_cast(ctx->pkey->pkey); const size_t key_len = EVP_PKEY_size(ctx->pkey); if (!sig) { @@ -204,11 +207,10 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, return RSA_sign_raw(rsa, siglen, sig, *siglen, tbs, tbslen, rctx->pad_mode); } -static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, - size_t siglen, const uint8_t *tbs, - size_t tbslen) { - RSA_PKEY_CTX *rctx = ctx->data; - RSA *rsa = ctx->pkey->pkey; +static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen, + const uint8_t *tbs, size_t tbslen) { + RSA_PKEY_CTX *rctx = reinterpret_cast(ctx->data); + RSA *rsa = reinterpret_cast(ctx->pkey->pkey); if (rctx->md) { switch (rctx->pad_mode) { @@ -229,8 +231,7 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, if (!setup_tbuf(rctx, ctx) || !RSA_verify_raw(rsa, &rslen, rctx->tbuf, key_len, sig, siglen, rctx->pad_mode) || - rslen != tbslen || - CRYPTO_memcmp(tbs, rctx->tbuf, rslen) != 0) { + rslen != tbslen || CRYPTO_memcmp(tbs, rctx->tbuf, rslen) != 0) { return 0; } @@ -240,8 +241,8 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, static int pkey_rsa_verify_recover(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len, const uint8_t *sig, size_t sig_len) { - RSA_PKEY_CTX *rctx = ctx->data; - RSA *rsa = ctx->pkey->pkey; + RSA_PKEY_CTX *rctx = reinterpret_cast(ctx->data); + RSA *rsa = reinterpret_cast(ctx->pkey->pkey); const size_t key_len = EVP_PKEY_size(ctx->pkey); if (out == NULL) { @@ -304,8 +305,8 @@ static int pkey_rsa_verify_recover(EVP_PKEY_CTX *ctx, uint8_t *out, static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen, const uint8_t *in, size_t inlen) { - RSA_PKEY_CTX *rctx = ctx->data; - RSA *rsa = ctx->pkey->pkey; + RSA_PKEY_CTX *rctx = reinterpret_cast(ctx->data); + RSA *rsa = reinterpret_cast(ctx->pkey->pkey); const size_t key_len = EVP_PKEY_size(ctx->pkey); if (!out) { @@ -333,11 +334,10 @@ static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen, return RSA_encrypt(rsa, outlen, out, *outlen, in, inlen, rctx->pad_mode); } -static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out, - size_t *outlen, const uint8_t *in, - size_t inlen) { - RSA_PKEY_CTX *rctx = ctx->data; - RSA *rsa = ctx->pkey->pkey; +static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen, + const uint8_t *in, size_t inlen) { + RSA_PKEY_CTX *rctx = reinterpret_cast(ctx->data); + RSA *rsa = reinterpret_cast(ctx->pkey->pkey); const size_t key_len = EVP_PKEY_size(ctx->pkey); if (!out) { @@ -392,7 +392,7 @@ static int is_known_padding(int padding_mode) { } static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { - RSA_PKEY_CTX *rctx = ctx->data; + RSA_PKEY_CTX *rctx = reinterpret_cast(ctx->data); switch (type) { case EVP_PKEY_CTRL_RSA_PADDING: if (!is_known_padding(p1) || !check_padding_md(rctx->md, p1) || @@ -443,7 +443,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { return 0; } BN_free(rctx->pub_exp); - rctx->pub_exp = p2; + rctx->pub_exp = reinterpret_cast(p2); return 1; case EVP_PKEY_CTRL_RSA_OAEP_MD: @@ -455,15 +455,15 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { if (type == EVP_PKEY_CTRL_GET_RSA_OAEP_MD) { *(const EVP_MD **)p2 = rctx->md; } else { - rctx->md = p2; + rctx->md = reinterpret_cast(p2); } return 1; case EVP_PKEY_CTRL_MD: - if (!check_padding_md(p2, rctx->pad_mode)) { + if (!check_padding_md(reinterpret_cast(p2), rctx->pad_mode)) { return 0; } - rctx->md = p2; + rctx->md = reinterpret_cast(p2); return 1; case EVP_PKEY_CTRL_GET_MD: @@ -484,7 +484,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { *(const EVP_MD **)p2 = rctx->md; } } else { - rctx->mgf1md = p2; + rctx->mgf1md = reinterpret_cast(p2); } return 1; @@ -494,7 +494,8 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { return 0; } OPENSSL_free(rctx->oaep_label); - RSA_OAEP_LABEL_PARAMS *params = p2; + RSA_OAEP_LABEL_PARAMS *params = + reinterpret_cast(p2); rctx->oaep_label = params->data; rctx->oaep_labellen = params->len; return 1; @@ -516,7 +517,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { RSA *rsa = NULL; - RSA_PKEY_CTX *rctx = ctx->data; + RSA_PKEY_CTX *rctx = reinterpret_cast(ctx->data); if (!rctx->pub_exp) { rctx->pub_exp = BN_new(); @@ -608,19 +609,19 @@ int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void*) out_md); + EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)out_md); } int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void*) md); + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md); } int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void*) out_md); + EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)out_md); } int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, uint8_t *label, diff --git a/Sources/CCryptoBoringSSL/crypto/evp/p_rsa_asn1.c b/Sources/CCryptoBoringSSL/crypto/evp/p_rsa_asn1.cc similarity index 89% rename from Sources/CCryptoBoringSSL/crypto/evp/p_rsa_asn1.c rename to Sources/CCryptoBoringSSL/crypto/evp/p_rsa_asn1.cc index fcba3e9f..eb01b6f1 100644 --- a/Sources/CCryptoBoringSSL/crypto/evp/p_rsa_asn1.c +++ b/Sources/CCryptoBoringSSL/crypto/evp/p_rsa_asn1.cc @@ -9,7 +9,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -68,7 +68,7 @@ static int rsa_pub_encode(CBB *out, const EVP_PKEY *key) { // See RFC 3279, section 2.3.1. - const RSA *rsa = key->pkey; + const RSA *rsa = reinterpret_cast(key->pkey); CBB spki, algorithm, oid, null, key_bitstring; if (!CBB_add_asn1(out, &spki, CBS_ASN1_SEQUENCE) || !CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) || @@ -77,7 +77,7 @@ static int rsa_pub_encode(CBB *out, const EVP_PKEY *key) { !CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) || !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) || !CBB_add_u8(&key_bitstring, 0 /* padding */) || - !RSA_marshal_public_key(&key_bitstring, rsa) || + !RSA_marshal_public_key(&key_bitstring, rsa) || // !CBB_flush(out)) { OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR); return 0; @@ -91,8 +91,7 @@ static int rsa_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) { // The parameters must be NULL. CBS null; - if (!CBS_get_asn1(params, &null, CBS_ASN1_NULL) || - CBS_len(&null) != 0 || + if (!CBS_get_asn1(params, &null, CBS_ASN1_NULL) || CBS_len(&null) != 0 || CBS_len(params) != 0) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); return 0; @@ -110,14 +109,14 @@ static int rsa_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) { } static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { - const RSA *a_rsa = a->pkey; - const RSA *b_rsa = b->pkey; + const RSA *a_rsa = reinterpret_cast(a->pkey); + const RSA *b_rsa = reinterpret_cast(b->pkey); return BN_cmp(RSA_get0_n(b_rsa), RSA_get0_n(a_rsa)) == 0 && BN_cmp(RSA_get0_e(b_rsa), RSA_get0_e(a_rsa)) == 0; } static int rsa_priv_encode(CBB *out, const EVP_PKEY *key) { - const RSA *rsa = key->pkey; + const RSA *rsa = reinterpret_cast(key->pkey); CBB pkcs8, algorithm, oid, null, private_key; if (!CBB_add_asn1(out, &pkcs8, CBS_ASN1_SEQUENCE) || !CBB_add_asn1_uint64(&pkcs8, 0 /* version */) || @@ -126,7 +125,7 @@ static int rsa_priv_encode(CBB *out, const EVP_PKEY *key) { !CBB_add_bytes(&oid, rsa_asn1_meth.oid, rsa_asn1_meth.oid_len) || !CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) || !CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) || - !RSA_marshal_private_key(&private_key, rsa) || + !RSA_marshal_private_key(&private_key, rsa) || // !CBB_flush(out)) { OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR); return 0; @@ -138,8 +137,7 @@ static int rsa_priv_encode(CBB *out, const EVP_PKEY *key) { static int rsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key) { // Per RFC 3447, A.1, the parameters have type NULL. CBS null; - if (!CBS_get_asn1(params, &null, CBS_ASN1_NULL) || - CBS_len(&null) != 0 || + if (!CBS_get_asn1(params, &null, CBS_ASN1_NULL) || CBS_len(&null) != 0 || CBS_len(params) != 0) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); return 0; @@ -157,22 +155,22 @@ static int rsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key) { } static int rsa_opaque(const EVP_PKEY *pkey) { - const RSA *rsa = pkey->pkey; + const RSA *rsa = reinterpret_cast(pkey->pkey); return RSA_is_opaque(rsa); } static int int_rsa_size(const EVP_PKEY *pkey) { - const RSA *rsa = pkey->pkey; + const RSA *rsa = reinterpret_cast(pkey->pkey); return RSA_size(rsa); } static int rsa_bits(const EVP_PKEY *pkey) { - const RSA *rsa = pkey->pkey; + const RSA *rsa = reinterpret_cast(pkey->pkey); return RSA_bits(rsa); } static void int_rsa_free(EVP_PKEY *pkey) { - RSA_free(pkey->pkey); + RSA_free(reinterpret_cast(pkey->pkey)); pkey->pkey = NULL; } @@ -229,7 +227,7 @@ RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) { OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_AN_RSA_KEY); return NULL; } - return pkey->pkey; + return reinterpret_cast(pkey->pkey); } RSA *EVP_PKEY_get1_RSA(const EVP_PKEY *pkey) { diff --git a/Sources/CCryptoBoringSSL/crypto/evp/p_x25519.c b/Sources/CCryptoBoringSSL/crypto/evp/p_x25519.cc similarity index 78% rename from Sources/CCryptoBoringSSL/crypto/evp/p_x25519.c rename to Sources/CCryptoBoringSSL/crypto/evp/p_x25519.cc index 7762d9e6..c3feef52 100644 --- a/Sources/CCryptoBoringSSL/crypto/evp/p_x25519.c +++ b/Sources/CCryptoBoringSSL/crypto/evp/p_x25519.cc @@ -25,7 +25,8 @@ static int pkey_x25519_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { return 1; } static int pkey_x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { - X25519_KEY *key = OPENSSL_malloc(sizeof(X25519_KEY)); + X25519_KEY *key = + reinterpret_cast(OPENSSL_malloc(sizeof(X25519_KEY))); if (key == NULL) { return 0; } @@ -47,8 +48,10 @@ static int pkey_x25519_derive(EVP_PKEY_CTX *ctx, uint8_t *out, return 0; } - const X25519_KEY *our_key = ctx->pkey->pkey; - const X25519_KEY *peer_key = ctx->peerkey->pkey; + const X25519_KEY *our_key = + reinterpret_cast(ctx->pkey->pkey); + const X25519_KEY *peer_key = + reinterpret_cast(ctx->peerkey->pkey); if (our_key == NULL || peer_key == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET); return 0; @@ -88,19 +91,19 @@ static int pkey_x25519_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { } const EVP_PKEY_METHOD x25519_pkey_meth = { - EVP_PKEY_X25519, - NULL /* init */, - pkey_x25519_copy, - NULL /* cleanup */, - pkey_x25519_keygen, - NULL /* sign */, - NULL /* sign_message */, - NULL /* verify */, - NULL /* verify_message */, - NULL /* verify_recover */, - NULL /* encrypt */, - NULL /* decrypt */, - pkey_x25519_derive, - NULL /* paramgen */, - pkey_x25519_ctrl, + /*pkey_id=*/EVP_PKEY_X25519, + /*init=*/NULL, + /*copy=*/pkey_x25519_copy, + /*cleanup=*/NULL, + /*keygen=*/pkey_x25519_keygen, + /*sign=*/NULL, + /*sign_message=*/NULL, + /*verify=*/NULL, + /*verify_message=*/NULL, + /*verify_recover=*/NULL, + /*encrypt=*/NULL, + /*decrypt=*/NULL, + /*derive=*/pkey_x25519_derive, + /*paramgen=*/NULL, + /*ctrl=*/pkey_x25519_ctrl, }; diff --git a/Sources/CCryptoBoringSSL/crypto/evp/p_x25519_asn1.c b/Sources/CCryptoBoringSSL/crypto/evp/p_x25519_asn1.cc similarity index 85% rename from Sources/CCryptoBoringSSL/crypto/evp/p_x25519_asn1.c rename to Sources/CCryptoBoringSSL/crypto/evp/p_x25519_asn1.cc index d694a297..62f49033 100644 --- a/Sources/CCryptoBoringSSL/crypto/evp/p_x25519_asn1.c +++ b/Sources/CCryptoBoringSSL/crypto/evp/p_x25519_asn1.cc @@ -19,8 +19,8 @@ #include #include -#include "internal.h" #include "../internal.h" +#include "internal.h" static void x25519_free(EVP_PKEY *pkey) { @@ -34,7 +34,8 @@ static int x25519_set_priv_raw(EVP_PKEY *pkey, const uint8_t *in, size_t len) { return 0; } - X25519_KEY *key = OPENSSL_malloc(sizeof(X25519_KEY)); + X25519_KEY *key = + reinterpret_cast(OPENSSL_malloc(sizeof(X25519_KEY))); if (key == NULL) { return 0; } @@ -54,7 +55,8 @@ static int x25519_set_pub_raw(EVP_PKEY *pkey, const uint8_t *in, size_t len) { return 0; } - X25519_KEY *key = OPENSSL_malloc(sizeof(X25519_KEY)); + X25519_KEY *key = + reinterpret_cast(OPENSSL_malloc(sizeof(X25519_KEY))); if (key == NULL) { return 0; } @@ -69,7 +71,7 @@ static int x25519_set_pub_raw(EVP_PKEY *pkey, const uint8_t *in, size_t len) { static int x25519_get_priv_raw(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len) { - const X25519_KEY *key = pkey->pkey; + const X25519_KEY *key = reinterpret_cast(pkey->pkey); if (!key->has_private) { OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY); return 0; @@ -91,8 +93,8 @@ static int x25519_get_priv_raw(const EVP_PKEY *pkey, uint8_t *out, } static int x25519_get_pub_raw(const EVP_PKEY *pkey, uint8_t *out, - size_t *out_len) { - const X25519_KEY *key = pkey->pkey; + size_t *out_len) { + const X25519_KEY *key = reinterpret_cast(pkey->pkey); if (out == NULL) { *out_len = 32; return 1; @@ -115,13 +117,13 @@ static int x25519_set1_tls_encodedpoint(EVP_PKEY *pkey, const uint8_t *in, static size_t x25519_get1_tls_encodedpoint(const EVP_PKEY *pkey, uint8_t **out_ptr) { - const X25519_KEY *key = pkey->pkey; + const X25519_KEY *key = reinterpret_cast(pkey->pkey); if (key == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET); return 0; } - *out_ptr = OPENSSL_memdup(key->pub, 32); + *out_ptr = reinterpret_cast(OPENSSL_memdup(key->pub, 32)); return *out_ptr == NULL ? 0 : 32; } @@ -138,7 +140,7 @@ static int x25519_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) { } static int x25519_pub_encode(CBB *out, const EVP_PKEY *pkey) { - const X25519_KEY *key = pkey->pkey; + const X25519_KEY *key = reinterpret_cast(pkey->pkey); // See RFC 8410, section 4. CBB spki, algorithm, oid, key_bitstring; @@ -148,7 +150,7 @@ static int x25519_pub_encode(CBB *out, const EVP_PKEY *pkey) { !CBB_add_bytes(&oid, x25519_asn1_meth.oid, x25519_asn1_meth.oid_len) || !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) || !CBB_add_u8(&key_bitstring, 0 /* padding */) || - !CBB_add_bytes(&key_bitstring, key->pub, 32) || + !CBB_add_bytes(&key_bitstring, key->pub, 32) || // !CBB_flush(out)) { OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR); return 0; @@ -158,8 +160,8 @@ static int x25519_pub_encode(CBB *out, const EVP_PKEY *pkey) { } static int x25519_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { - const X25519_KEY *a_key = a->pkey; - const X25519_KEY *b_key = b->pkey; + const X25519_KEY *a_key = reinterpret_cast(a->pkey); + const X25519_KEY *b_key = reinterpret_cast(b->pkey); return OPENSSL_memcmp(a_key->pub, b_key->pub, 32) == 0; } @@ -170,8 +172,7 @@ static int x25519_priv_decode(EVP_PKEY *out, CBS *params, CBS *key) { // OCTET STRING layer. CBS inner; if (CBS_len(params) != 0 || - !CBS_get_asn1(key, &inner, CBS_ASN1_OCTETSTRING) || - CBS_len(key) != 0) { + !CBS_get_asn1(key, &inner, CBS_ASN1_OCTETSTRING) || CBS_len(key) != 0) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); return 0; } @@ -180,7 +181,7 @@ static int x25519_priv_decode(EVP_PKEY *out, CBS *params, CBS *key) { } static int x25519_priv_encode(CBB *out, const EVP_PKEY *pkey) { - const X25519_KEY *key = pkey->pkey; + const X25519_KEY *key = reinterpret_cast(pkey->pkey); if (!key->has_private) { OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY); return 0; @@ -197,7 +198,7 @@ static int x25519_priv_encode(CBB *out, const EVP_PKEY *pkey) { !CBB_add_asn1(&private_key, &inner, CBS_ASN1_OCTETSTRING) || // The PKCS#8 encoding stores only the 32-byte seed which is the first 32 // bytes of the private key. - !CBB_add_bytes(&inner, key->priv, 32) || + !CBB_add_bytes(&inner, key->priv, 32) || // !CBB_flush(out)) { OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR); return 0; diff --git a/Sources/CCryptoBoringSSL/crypto/evp/pbkdf.c b/Sources/CCryptoBoringSSL/crypto/evp/pbkdf.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/evp/pbkdf.c rename to Sources/CCryptoBoringSSL/crypto/evp/pbkdf.cc diff --git a/Sources/CCryptoBoringSSL/crypto/evp/print.c b/Sources/CCryptoBoringSSL/crypto/evp/print.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/evp/print.c rename to Sources/CCryptoBoringSSL/crypto/evp/print.cc index 6e4c9a55..a84f7730 100644 --- a/Sources/CCryptoBoringSSL/crypto/evp/print.c +++ b/Sources/CCryptoBoringSSL/crypto/evp/print.cc @@ -62,8 +62,8 @@ #include #include -#include "../internal.h" #include "../fipsmodule/rsa/internal.h" +#include "../internal.h" static int print_hex(BIO *bp, const uint8_t *data, size_t len, int off) { @@ -107,7 +107,7 @@ static int bn_print(BIO *bp, const char *name, const BIGNUM *num, int off) { } if (BIO_printf(bp, "%s%s", name, - (BN_is_negative(num)) ? " (Negative)" : "") <= 0) { + (BN_is_negative(num)) ? " (Negative)" : "") <= 0) { return 0; } @@ -117,7 +117,7 @@ static int bn_print(BIO *bp, const char *name, const BIGNUM *num, int off) { // TODO(davidben): Do we need to do this? We already print "(Negative)" above // and negative values are never valid in keys anyway. size_t len = BN_num_bytes(num); - uint8_t *buf = OPENSSL_malloc(len + 1); + uint8_t *buf = reinterpret_cast(OPENSSL_malloc(len + 1)); if (buf == NULL) { return 0; } @@ -163,8 +163,7 @@ static int do_rsa_print(BIO *out, const RSA *rsa, int off, str = "Modulus:"; s = "Exponent:"; } - if (!bn_print(out, str, rsa->n, off) || - !bn_print(out, s, rsa->e, off)) { + if (!bn_print(out, str, rsa->n, off) || !bn_print(out, s, rsa->e, off)) { return 0; } diff --git a/Sources/CCryptoBoringSSL/crypto/evp/scrypt.c b/Sources/CCryptoBoringSSL/crypto/evp/scrypt.cc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/evp/scrypt.c rename to Sources/CCryptoBoringSSL/crypto/evp/scrypt.cc index 8577c1f7..39b0bb02 100644 --- a/Sources/CCryptoBoringSSL/crypto/evp/scrypt.c +++ b/Sources/CCryptoBoringSSL/crypto/evp/scrypt.cc @@ -27,7 +27,9 @@ // scrypt blocks, respectively. // A block_t is a Salsa20 block. -typedef struct { uint32_t words[16]; } block_t; +typedef struct { + uint32_t words[16]; +} block_t; static_assert(sizeof(block_t) == 64, "block_t has padding"); @@ -162,8 +164,7 @@ int EVP_PBE_scrypt(const char *password, size_t password_len, } size_t max_scrypt_blocks = max_mem / (2 * r * sizeof(block_t)); - if (max_scrypt_blocks < p + 1 || - max_scrypt_blocks - p - 1 < N) { + if (max_scrypt_blocks < p + 1 || max_scrypt_blocks - p - 1 < N) { OPENSSL_PUT_ERROR(EVP, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; } @@ -175,7 +176,8 @@ int EVP_PBE_scrypt(const char *password, size_t password_len, size_t B_bytes = B_blocks * sizeof(block_t); size_t T_blocks = 2 * r; size_t V_blocks = N * 2 * r; - block_t *B = OPENSSL_calloc(B_blocks + T_blocks + V_blocks, sizeof(block_t)); + block_t *B = reinterpret_cast( + OPENSSL_calloc(B_blocks + T_blocks + V_blocks, sizeof(block_t))); if (B == NULL) { return 0; } diff --git a/Sources/CCryptoBoringSSL/crypto/evp/sign.c b/Sources/CCryptoBoringSSL/crypto/evp/sign.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/evp/sign.c rename to Sources/CCryptoBoringSSL/crypto/evp/sign.cc diff --git a/Sources/CCryptoBoringSSL/crypto/ex_data.c b/Sources/CCryptoBoringSSL/crypto/ex_data.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/ex_data.c rename to Sources/CCryptoBoringSSL/crypto/ex_data.cc index ee3cba51..67f6df2d 100644 --- a/Sources/CCryptoBoringSSL/crypto/ex_data.c +++ b/Sources/CCryptoBoringSSL/crypto/ex_data.cc @@ -134,7 +134,8 @@ struct crypto_ex_data_func_st { int CRYPTO_get_ex_new_index_ex(CRYPTO_EX_DATA_CLASS *ex_data_class, long argl, void *argp, CRYPTO_EX_free *free_func) { - CRYPTO_EX_DATA_FUNCS *funcs = OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS)); + CRYPTO_EX_DATA_FUNCS *funcs = reinterpret_cast( + OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS))); if (funcs == NULL) { return -1; } @@ -202,9 +203,7 @@ void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) { return sk_void_value(ad->sk, idx); } -void CRYPTO_new_ex_data(CRYPTO_EX_DATA *ad) { - ad->sk = NULL; -} +void CRYPTO_new_ex_data(CRYPTO_EX_DATA *ad) { ad->sk = NULL; } void CRYPTO_free_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, void *obj, CRYPTO_EX_DATA *ad) { diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/aes.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/aes.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/aes.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/aes.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/aes_nohw.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/aes_nohw.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/aes_nohw.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/aes_nohw.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/internal.h b/Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/internal.h index b4990957..0ad8f8ff 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/internal.h +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/internal.h @@ -21,9 +21,7 @@ #include "../../internal.h" -#if defined(__cplusplus) extern "C" { -#endif #if !defined(OPENSSL_NO_ASM) @@ -247,8 +245,6 @@ void aes_nohw_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, const AES_KEY *key, uint8_t *ivec, int enc); -#if defined(__cplusplus) } // extern C -#endif #endif // OPENSSL_HEADER_AES_INTERNAL_H diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/key_wrap.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/key_wrap.cc.inc similarity index 99% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/key_wrap.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/key_wrap.cc.inc index 135c6e1d..95ccf91e 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/key_wrap.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/key_wrap.cc.inc @@ -184,7 +184,7 @@ int AES_wrap_key_padded(const AES_KEY *key, uint8_t *out, size_t *out_len, return 1; } - uint8_t *padded_in = OPENSSL_malloc(padded_len); + uint8_t *padded_in = reinterpret_cast(OPENSSL_malloc(padded_len)); if (padded_in == NULL) { return 0; } diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/mode_wrappers.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/mode_wrappers.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/mode_wrappers.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/aes/mode_wrappers.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bcm.c b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bcm.cc similarity index 62% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bcm.c rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bcm.cc index 6f297b49..51f74d07 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bcm.c +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bcm.cc @@ -28,84 +28,84 @@ #include #include -#include "bcm_interface.h" #include "../bcm_support.h" #include "../internal.h" +#include "bcm_interface.h" // TODO(crbug.com/362530616): When delocate is removed, build these files as // separate compilation units again. -#include "aes/aes.c.inc" -#include "aes/aes_nohw.c.inc" -#include "aes/key_wrap.c.inc" -#include "aes/mode_wrappers.c.inc" -#include "bn/add.c.inc" -#include "bn/asm/x86_64-gcc.c.inc" -#include "bn/bn.c.inc" -#include "bn/bytes.c.inc" -#include "bn/cmp.c.inc" -#include "bn/ctx.c.inc" -#include "bn/div.c.inc" -#include "bn/div_extra.c.inc" -#include "bn/exponentiation.c.inc" -#include "bn/gcd.c.inc" -#include "bn/gcd_extra.c.inc" -#include "bn/generic.c.inc" -#include "bn/jacobi.c.inc" -#include "bn/montgomery.c.inc" -#include "bn/montgomery_inv.c.inc" -#include "bn/mul.c.inc" -#include "bn/prime.c.inc" -#include "bn/random.c.inc" -#include "bn/rsaz_exp.c.inc" -#include "bn/shift.c.inc" -#include "bn/sqrt.c.inc" -#include "cipher/aead.c.inc" -#include "cipher/cipher.c.inc" -#include "cipher/e_aes.c.inc" -#include "cipher/e_aesccm.c.inc" -#include "cmac/cmac.c.inc" -#include "dh/check.c.inc" -#include "dh/dh.c.inc" -#include "digest/digest.c.inc" -#include "digest/digests.c.inc" -#include "digestsign/digestsign.c.inc" -#include "ecdh/ecdh.c.inc" -#include "ecdsa/ecdsa.c.inc" -#include "ec/ec.c.inc" -#include "ec/ec_key.c.inc" -#include "ec/ec_montgomery.c.inc" -#include "ec/felem.c.inc" -#include "ec/oct.c.inc" -#include "ec/p224-64.c.inc" -#include "ec/p256.c.inc" -#include "ec/p256-nistz.c.inc" -#include "ec/scalar.c.inc" -#include "ec/simple.c.inc" -#include "ec/simple_mul.c.inc" -#include "ec/util.c.inc" -#include "ec/wnaf.c.inc" -#include "hkdf/hkdf.c.inc" -#include "hmac/hmac.c.inc" -#include "modes/cbc.c.inc" -#include "modes/cfb.c.inc" -#include "modes/ctr.c.inc" -#include "modes/gcm.c.inc" -#include "modes/gcm_nohw.c.inc" -#include "modes/ofb.c.inc" -#include "modes/polyval.c.inc" -#include "rand/ctrdrbg.c.inc" -#include "rand/rand.c.inc" -#include "rsa/blinding.c.inc" -#include "rsa/padding.c.inc" -#include "rsa/rsa.c.inc" -#include "rsa/rsa_impl.c.inc" -#include "self_check/fips.c.inc" -#include "self_check/self_check.c.inc" -#include "service_indicator/service_indicator.c.inc" -#include "sha/sha1.c.inc" -#include "sha/sha256.c.inc" -#include "sha/sha512.c.inc" -#include "tls/kdf.c.inc" +#include "aes/aes.cc.inc" +#include "aes/aes_nohw.cc.inc" +#include "aes/key_wrap.cc.inc" +#include "aes/mode_wrappers.cc.inc" +#include "bn/add.cc.inc" +#include "bn/asm/x86_64-gcc.cc.inc" +#include "bn/bn.cc.inc" +#include "bn/bytes.cc.inc" +#include "bn/cmp.cc.inc" +#include "bn/ctx.cc.inc" +#include "bn/div.cc.inc" +#include "bn/div_extra.cc.inc" +#include "bn/exponentiation.cc.inc" +#include "bn/gcd.cc.inc" +#include "bn/gcd_extra.cc.inc" +#include "bn/generic.cc.inc" +#include "bn/jacobi.cc.inc" +#include "bn/montgomery.cc.inc" +#include "bn/montgomery_inv.cc.inc" +#include "bn/mul.cc.inc" +#include "bn/prime.cc.inc" +#include "bn/random.cc.inc" +#include "bn/rsaz_exp.cc.inc" +#include "bn/shift.cc.inc" +#include "bn/sqrt.cc.inc" +#include "cipher/aead.cc.inc" +#include "cipher/cipher.cc.inc" +#include "cipher/e_aes.cc.inc" +#include "cipher/e_aesccm.cc.inc" +#include "cmac/cmac.cc.inc" +#include "dh/check.cc.inc" +#include "dh/dh.cc.inc" +#include "digest/digest.cc.inc" +#include "digest/digests.cc.inc" +#include "digestsign/digestsign.cc.inc" +#include "ec/ec.cc.inc" +#include "ec/ec_key.cc.inc" +#include "ec/ec_montgomery.cc.inc" +#include "ec/felem.cc.inc" +#include "ec/oct.cc.inc" +#include "ec/p224-64.cc.inc" +#include "ec/p256-nistz.cc.inc" +#include "ec/p256.cc.inc" +#include "ec/scalar.cc.inc" +#include "ec/simple.cc.inc" +#include "ec/simple_mul.cc.inc" +#include "ec/util.cc.inc" +#include "ec/wnaf.cc.inc" +#include "ecdh/ecdh.cc.inc" +#include "ecdsa/ecdsa.cc.inc" +#include "hkdf/hkdf.cc.inc" +#include "hmac/hmac.cc.inc" +#include "modes/cbc.cc.inc" +#include "modes/cfb.cc.inc" +#include "modes/ctr.cc.inc" +#include "modes/gcm.cc.inc" +#include "modes/gcm_nohw.cc.inc" +#include "modes/ofb.cc.inc" +#include "modes/polyval.cc.inc" +#include "rand/ctrdrbg.cc.inc" +#include "rand/rand.cc.inc" +#include "rsa/blinding.cc.inc" +#include "rsa/padding.cc.inc" +#include "rsa/rsa.cc.inc" +#include "rsa/rsa_impl.cc.inc" +#include "self_check/fips.cc.inc" +#include "self_check/self_check.cc.inc" +#include "service_indicator/service_indicator.cc.inc" +#include "sha/sha1.cc.inc" +#include "sha/sha256.cc.inc" +#include "sha/sha512.cc.inc" +#include "tls/kdf.cc.inc" #if defined(BORINGSSL_FIPS) @@ -128,18 +128,17 @@ extern const uint8_t BORINGSSL_bcm_rodata_end[]; // aborts otherwise. static void assert_within(const void *start, const void *symbol, const void *end) { - const uintptr_t start_val = (uintptr_t) start; - const uintptr_t symbol_val = (uintptr_t) symbol; - const uintptr_t end_val = (uintptr_t) end; + const uintptr_t start_val = (uintptr_t)start; + const uintptr_t symbol_val = (uintptr_t)symbol; + const uintptr_t end_val = (uintptr_t)end; if (start_val <= symbol_val && symbol_val < end_val) { return; } - fprintf( - CRYPTO_get_stderr(), - "FIPS module doesn't span expected symbol. Expected %p <= %p < %p\n", - start, symbol, end); + fprintf(CRYPTO_get_stderr(), + "FIPS module doesn't span expected symbol. Expected %p <= %p < %p\n", + start, symbol, end); BORINGSSL_FIPS_abort(); } @@ -191,13 +190,13 @@ int BORINGSSL_integrity_test(void) { const uint8_t *const start = BORINGSSL_bcm_text_start; const uint8_t *const end = BORINGSSL_bcm_text_end; - assert_within(start, AES_encrypt, end); - assert_within(start, RSA_sign, end); - assert_within(start, BCM_rand_bytes, end); - assert_within(start, EC_GROUP_cmp, end); - assert_within(start, BCM_sha256_update, end); - assert_within(start, ecdsa_verify_fixed, end); - assert_within(start, EVP_AEAD_CTX_seal, end); + assert_within(start, reinterpret_cast(AES_encrypt), end); + assert_within(start, reinterpret_cast(RSA_sign), end); + assert_within(start, reinterpret_cast(BCM_rand_bytes), end); + assert_within(start, reinterpret_cast(EC_GROUP_cmp), end); + assert_within(start, reinterpret_cast(BCM_sha256_update), end); + assert_within(start, reinterpret_cast(ecdsa_verify_fixed), end); + assert_within(start, reinterpret_cast(EVP_AEAD_CTX_seal), end); #if defined(BORINGSSL_SHARED_LIBRARY) const uint8_t *const rodata_start = BORINGSSL_bcm_rodata_start; @@ -214,8 +213,7 @@ int BORINGSSL_integrity_test(void) { uint8_t result[SHA256_DIGEST_LENGTH]; const EVP_MD *const kHashFunction = EVP_sha256(); - if (!boringssl_self_test_sha256() || - !boringssl_self_test_hmac_sha256()) { + if (!boringssl_self_test_sha256() || !boringssl_self_test_hmac_sha256()) { return 0; } @@ -232,11 +230,11 @@ int BORINGSSL_integrity_test(void) { BORINGSSL_maybe_set_module_text_permissions(PROT_READ | PROT_EXEC); #if defined(BORINGSSL_SHARED_LIBRARY) uint64_t length = end - start; - HMAC_Update(&hmac_ctx, (const uint8_t *) &length, sizeof(length)); + HMAC_Update(&hmac_ctx, (const uint8_t *)&length, sizeof(length)); HMAC_Update(&hmac_ctx, start, length); length = rodata_end - rodata_start; - HMAC_Update(&hmac_ctx, (const uint8_t *) &length, sizeof(length)); + HMAC_Update(&hmac_ctx, (const uint8_t *)&length, sizeof(length)); HMAC_Update(&hmac_ctx, rodata_start, length); #else HMAC_Update(&hmac_ctx, start, end - start); @@ -248,7 +246,7 @@ int BORINGSSL_integrity_test(void) { fprintf(CRYPTO_get_stderr(), "HMAC failed.\n"); return 0; } - HMAC_CTX_cleanse(&hmac_ctx); // FIPS 140-3, AS05.10. + HMAC_CTX_cleanse(&hmac_ctx); // FIPS 140-3, AS05.10. const uint8_t *expected = BORINGSSL_bcm_text_hash; @@ -258,13 +256,11 @@ int BORINGSSL_integrity_test(void) { #endif } - OPENSSL_cleanse(result, sizeof(result)); // FIPS 140-3, AS05.10. + OPENSSL_cleanse(result, sizeof(result)); // FIPS 140-3, AS05.10. return 1; } -const uint8_t* FIPS_module_hash(void) { - return BORINGSSL_bcm_text_hash; -} +const uint8_t *FIPS_module_hash(void) { return BORINGSSL_bcm_text_hash; } #endif // OPENSSL_ASAN diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/add.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/add.cc.inc similarity index 99% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/add.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/add.cc.inc index 70e82b38..ed781dbe 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/add.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/add.cc.inc @@ -61,6 +61,7 @@ #include #include +#include "../../internal.h" #include "internal.h" diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc index 80737931..24926911 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc @@ -67,7 +67,7 @@ // want to keep the value of zero; #define mul_add(r, a, word, carry) \ do { \ - register BN_ULONG high, low; \ + BN_ULONG high, low; \ __asm__("mulq %3" : "=a"(low), "=d"(high) : "a"(word), "m"(a) : "cc"); \ __asm__("addq %2,%0; adcq %3,%1" \ : "+r"(carry), "+d"(high) \ @@ -82,7 +82,7 @@ #define mul(r, a, word, carry) \ do { \ - register BN_ULONG high, low; \ + BN_ULONG high, low; \ __asm__("mulq %3" : "=a"(low), "=d"(high) : "a"(word), "g"(a) : "cc"); \ __asm__("addq %2,%0; adcq %3,%1" \ : "+r"(carry), "+d"(high) \ @@ -194,7 +194,7 @@ BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, return 0; } - __asm__ volatile ( + __asm__ volatile( " subq %0,%0 \n" // clear carry " jmp 1f \n" ".p2align 4 \n" @@ -222,7 +222,7 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, return 0; } - __asm__ volatile ( + __asm__ volatile( " subq %0,%0 \n" // clear borrow " jmp 1f \n" ".p2align 4 \n" diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/bn.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/bn.cc.inc similarity index 94% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/bn.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/bn.cc.inc index dc7d1714..1f68adaa 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/bn.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/bn.cc.inc @@ -63,8 +63,8 @@ #include #include -#include "internal.h" #include "../delocate.h" +#include "internal.h" // BN_MAX_WORDS is the maximum number of words allowed in a |BIGNUM|. It is @@ -73,7 +73,7 @@ #define BN_MAX_WORDS (INT_MAX / (4 * BN_BITS2)) BIGNUM *BN_new(void) { - BIGNUM *bn = OPENSSL_malloc(sizeof(BIGNUM)); + BIGNUM *bn = reinterpret_cast(OPENSSL_malloc(sizeof(BIGNUM))); if (bn == NULL) { return NULL; @@ -87,9 +87,7 @@ BIGNUM *BN_new(void) { BIGNUM *BN_secure_new(void) { return BN_new(); } -void BN_init(BIGNUM *bn) { - OPENSSL_memset(bn, 0, sizeof(BIGNUM)); -} +void BN_init(BIGNUM *bn) { OPENSSL_memset(bn, 0, sizeof(BIGNUM)); } void BN_free(BIGNUM *bn) { if (bn == NULL) { @@ -107,9 +105,7 @@ void BN_free(BIGNUM *bn) { } } -void BN_clear_free(BIGNUM *bn) { - BN_free(bn); -} +void BN_clear_free(BIGNUM *bn) { BN_free(bn); } BIGNUM *BN_dup(const BIGNUM *src) { BIGNUM *copy; @@ -157,8 +153,8 @@ void BN_clear(BIGNUM *bn) { } DEFINE_METHOD_FUNCTION(BIGNUM, BN_value_one) { - static const BN_ULONG kOneLimbs[1] = { 1 }; - out->d = (BN_ULONG*) kOneLimbs; + static const BN_ULONG kOneLimbs[1] = {1}; + out->d = (BN_ULONG *)kOneLimbs; out->width = 1; out->dmax = 1; out->neg = 0; @@ -229,17 +225,11 @@ unsigned BN_num_bits(const BIGNUM *bn) { return (width - 1) * BN_BITS2 + BN_num_bits_word(bn->d[width - 1]); } -unsigned BN_num_bytes(const BIGNUM *bn) { - return (BN_num_bits(bn) + 7) / 8; -} +unsigned BN_num_bytes(const BIGNUM *bn) { return (BN_num_bits(bn) + 7) / 8; } -void BN_zero(BIGNUM *bn) { - bn->width = bn->neg = 0; -} +void BN_zero(BIGNUM *bn) { bn->width = bn->neg = 0; } -int BN_one(BIGNUM *bn) { - return BN_set_word(bn, 1); -} +int BN_one(BIGNUM *bn) { return BN_set_word(bn, 1); } int BN_set_word(BIGNUM *bn, BN_ULONG value) { if (value == 0) { @@ -332,9 +322,7 @@ int bn_copy_words(BN_ULONG *out, size_t num, const BIGNUM *bn) { return 1; } -int BN_is_negative(const BIGNUM *bn) { - return bn->neg != 0; -} +int BN_is_negative(const BIGNUM *bn) { return bn->neg != 0; } void BN_set_negative(BIGNUM *bn, int sign) { if (sign && !BN_is_zero(bn)) { @@ -361,7 +349,7 @@ int bn_wexpand(BIGNUM *bn, size_t words) { return 0; } - a = OPENSSL_calloc(words, sizeof(BN_ULONG)); + a = reinterpret_cast(OPENSSL_calloc(words, sizeof(BN_ULONG))); if (a == NULL) { return 0; } @@ -380,7 +368,7 @@ int bn_expand(BIGNUM *bn, size_t bits) { OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG); return 0; } - return bn_wexpand(bn, (bits+BN_BITS2-1)/BN_BITS2); + return bn_wexpand(bn, (bits + BN_BITS2 - 1) / BN_BITS2); } int bn_resize_words(BIGNUM *bn, size_t words) { diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/bytes.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/bytes.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/bytes.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/bytes.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/cmp.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/cmp.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/cmp.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/cmp.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/ctx.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/ctx.cc.inc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/ctx.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/ctx.cc.inc index 1bf88271..81ec4a61 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/ctx.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/ctx.cc.inc @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -106,7 +106,7 @@ struct bignum_ctx { }; BN_CTX *BN_CTX_new(void) { - BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX)); + BN_CTX *ret = reinterpret_cast(OPENSSL_malloc(sizeof(BN_CTX))); if (!ret) { return NULL; } @@ -201,9 +201,7 @@ static void BN_STACK_init(BN_STACK *st) { st->depth = st->size = 0; } -static void BN_STACK_cleanup(BN_STACK *st) { - OPENSSL_free(st->indexes); -} +static void BN_STACK_cleanup(BN_STACK *st) { OPENSSL_free(st->indexes); } static int BN_STACK_push(BN_STACK *st, size_t idx) { if (st->depth == st->size) { @@ -213,8 +211,8 @@ static int BN_STACK_push(BN_STACK *st, size_t idx) { if (new_size <= st->size || new_size > SIZE_MAX / sizeof(size_t)) { return 0; } - size_t *new_indexes = - OPENSSL_realloc(st->indexes, new_size * sizeof(size_t)); + size_t *new_indexes = reinterpret_cast( + OPENSSL_realloc(st->indexes, new_size * sizeof(size_t))); if (new_indexes == NULL) { return 0; } diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/div.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/div.cc.inc similarity index 94% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/div.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/div.cc.inc index f15843fd..1c0664d0 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/div.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/div.cc.inc @@ -66,8 +66,7 @@ // bn_div_words divides a double-width |h|,|l| by |d| and returns the result, // which must fit in a |BN_ULONG|. -OPENSSL_UNUSED static BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, - BN_ULONG d) { +static inline BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) { BN_ULONG dh, dl, q, ret = 0, th, tl, t; int i, count = 2; @@ -195,6 +194,8 @@ int BN_div(BIGNUM *quotient, BIGNUM *rem, const BIGNUM *numerator, BIGNUM *snum = BN_CTX_get(ctx); BIGNUM *sdiv = BN_CTX_get(ctx); BIGNUM *res = quotient == NULL ? BN_CTX_get(ctx) : quotient; + int norm_shift, num_n, loop, div_n; + BN_ULONG d0, d1; if (tmp == NULL || snum == NULL || sdiv == NULL || res == NULL) { goto err; } @@ -202,7 +203,7 @@ int BN_div(BIGNUM *quotient, BIGNUM *rem, const BIGNUM *numerator, // Knuth step D1: Normalise the numbers such that the divisor's MSB is set. // This ensures, in Knuth's terminology, that v1 >= b/2, needed for the // quotient estimation step. - int norm_shift = BN_BITS2 - (BN_num_bits(divisor) % BN_BITS2); + norm_shift = BN_BITS2 - (BN_num_bits(divisor) % BN_BITS2); if (!BN_lshift(sdiv, divisor, norm_shift) || !BN_lshift(snum, numerator, norm_shift)) { goto err; @@ -213,9 +214,9 @@ int BN_div(BIGNUM *quotient, BIGNUM *rem, const BIGNUM *numerator, // avoid looping on leading zeros, as we're not trying to be leak-free. bn_set_minimal_width(sdiv); bn_set_minimal_width(snum); - int div_n = sdiv->width; - const BN_ULONG d0 = sdiv->d[div_n - 1]; - const BN_ULONG d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2]; + div_n = sdiv->width; + d0 = sdiv->d[div_n - 1]; + d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2]; assert(d0 & (((BN_ULONG)1) << (BN_BITS2 - 1))); // Extend |snum| with zeros to satisfy the long division invariants: @@ -223,14 +224,14 @@ int BN_div(BIGNUM *quotient, BIGNUM *rem, const BIGNUM *numerator, // - |snum|'s most significant word must be zero to guarantee the first loop // iteration works with a prefix greater than |sdiv|. (This is the extra u0 // digit in Knuth step D1.) - int num_n = snum->width <= div_n ? div_n + 1 : snum->width + 1; + num_n = snum->width <= div_n ? div_n + 1 : snum->width + 1; if (!bn_resize_words(snum, num_n)) { goto err; } // Knuth step D2: The quotient's width is the difference between numerator and // denominator. Also set up its sign and size a temporary for the loop. - int loop = num_n - div_n; + loop = num_n - div_n; res->neg = snum->neg ^ sdiv->neg; if (!bn_wexpand(res, loop) || // !bn_wexpand(tmp, div_n + 1)) { @@ -447,9 +448,9 @@ int bn_div_consttime(BIGNUM *quotient, BIGNUM *remainder, r = BN_CTX_get(ctx); } BIGNUM *tmp = BN_CTX_get(ctx); + int initial_words; if (q == NULL || r == NULL || tmp == NULL || - !bn_wexpand(q, numerator->width) || - !bn_wexpand(r, divisor->width) || + !bn_wexpand(q, numerator->width) || !bn_wexpand(r, divisor->width) || !bn_wexpand(tmp, divisor->width)) { goto err; } @@ -472,7 +473,7 @@ int bn_div_consttime(BIGNUM *quotient, BIGNUM *remainder, // without reductions. This significantly speeds up |RSA_check_key|. For // simplicity, we round down to a whole number of words. declassify_assert(divisor_min_bits <= BN_num_bits(divisor)); - int initial_words = 0; + initial_words = 0; if (divisor_min_bits > 0) { initial_words = (divisor_min_bits - 1) / BN_BITS2; if (initial_words > numerator->width) { @@ -514,8 +515,7 @@ err: static BIGNUM *bn_scratch_space_from_ctx(size_t width, BN_CTX *ctx) { BIGNUM *ret = BN_CTX_get(ctx); - if (ret == NULL || - !bn_wexpand(ret, width)) { + if (ret == NULL || !bn_wexpand(ret, width)) { return NULL; } ret->neg = 0; @@ -536,9 +536,7 @@ static const BIGNUM *bn_resized_from_ctx(const BIGNUM *bn, size_t width, return bn; } BIGNUM *ret = bn_scratch_space_from_ctx(width, ctx); - if (ret == NULL || - !BN_copy(ret, bn) || - !bn_resize_words(ret, width)) { + if (ret == NULL || !BN_copy(ret, bn) || !bn_resize_words(ret, width)) { return NULL; } return ret; @@ -555,8 +553,7 @@ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) { BN_CTX *ctx = BN_CTX_new(); - int ok = ctx != NULL && - bn_mod_add_consttime(r, a, b, m, ctx); + int ok = ctx != NULL && bn_mod_add_consttime(r, a, b, m, ctx); BN_CTX_free(ctx); return ok; } @@ -567,8 +564,7 @@ int bn_mod_add_consttime(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, a = bn_resized_from_ctx(a, m->width, ctx); b = bn_resized_from_ctx(b, m->width, ctx); BIGNUM *tmp = bn_scratch_space_from_ctx(m->width, ctx); - int ok = a != NULL && b != NULL && tmp != NULL && - bn_wexpand(r, m->width); + int ok = a != NULL && b != NULL && tmp != NULL && bn_wexpand(r, m->width); if (ok) { bn_mod_add_words(r->d, a->d, b->d, m->d, tmp->d, m->width); r->width = m->width; @@ -592,8 +588,7 @@ int bn_mod_sub_consttime(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, a = bn_resized_from_ctx(a, m->width, ctx); b = bn_resized_from_ctx(b, m->width, ctx); BIGNUM *tmp = bn_scratch_space_from_ctx(m->width, ctx); - int ok = a != NULL && b != NULL && tmp != NULL && - bn_wexpand(r, m->width); + int ok = a != NULL && b != NULL && tmp != NULL && bn_wexpand(r, m->width); if (ok) { bn_mod_sub_words(r->d, a->d, b->d, m->d, tmp->d, m->width); r->width = m->width; @@ -606,8 +601,7 @@ int bn_mod_sub_consttime(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) { BN_CTX *ctx = BN_CTX_new(); - int ok = ctx != NULL && - bn_mod_sub_consttime(r, a, b, m, ctx); + int ok = ctx != NULL && bn_mod_sub_consttime(r, a, b, m, ctx); BN_CTX_free(ctx); return ok; } @@ -678,8 +672,7 @@ int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, int bn_mod_lshift_consttime(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx) { - if (!BN_copy(r, a) || - !bn_resize_words(r, m->width)) { + if (!BN_copy(r, a) || !bn_resize_words(r, m->width)) { return 0; } @@ -698,8 +691,7 @@ int bn_mod_lshift_consttime(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) { BN_CTX *ctx = BN_CTX_new(); - int ok = ctx != NULL && - bn_mod_lshift_consttime(r, a, n, m, ctx); + int ok = ctx != NULL && bn_mod_lshift_consttime(r, a, n, m, ctx); BN_CTX_free(ctx); return ok; } @@ -719,8 +711,7 @@ int bn_mod_lshift1_consttime(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) { BN_CTX *ctx = BN_CTX_new(); - int ok = ctx != NULL && - bn_mod_lshift1_consttime(r, a, m, ctx); + int ok = ctx != NULL && bn_mod_lshift1_consttime(r, a, m, ctx); BN_CTX_free(ctx); return ok; } @@ -731,7 +722,7 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) { if (!w) { // actually this an error (division by zero) - return (BN_ULONG) - 1; + return (BN_ULONG)-1; } if (a->width == 0) { @@ -742,7 +733,7 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) { j = BN_BITS2 - BN_num_bits_word(w); w <<= j; if (!BN_lshift(a, a, j)) { - return (BN_ULONG) - 1; + return (BN_ULONG)-1; } for (i = a->width - 1; i >= 0; i--) { @@ -768,7 +759,7 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) { int i; if (w == 0) { - return (BN_ULONG) -1; + return (BN_ULONG)-1; } #ifndef BN_CAN_DIVIDE_ULLONG @@ -805,7 +796,7 @@ int BN_mod_pow2(BIGNUM *r, const BIGNUM *a, size_t e) { size_t num_words = 1 + ((e - 1) / BN_BITS2); // If |a| definitely has less than |e| bits, just BN_copy. - if ((size_t) a->width < num_words) { + if ((size_t)a->width < num_words) { return BN_copy(r, a) != NULL; } @@ -821,12 +812,12 @@ int BN_mod_pow2(BIGNUM *r, const BIGNUM *a, size_t e) { // If |e| isn't word-aligned, we have to mask off some of our bits. size_t top_word_exponent = e % (sizeof(BN_ULONG) * 8); if (top_word_exponent != 0) { - r->d[num_words - 1] &= (((BN_ULONG) 1) << top_word_exponent) - 1; + r->d[num_words - 1] &= (((BN_ULONG)1) << top_word_exponent) - 1; } // Fill in the remaining fields of |r|. r->neg = a->neg; - r->width = (int) num_words; + r->width = (int)num_words; bn_set_minimal_width(r); return 1; } @@ -853,7 +844,7 @@ int BN_nnmod_pow2(BIGNUM *r, const BIGNUM *a, size_t e) { // Set parameters of |r|. r->neg = 0; - r->width = (int) num_words; + r->width = (int)num_words; // Now, invert every word. The idea here is that we want to compute 2^e-|x|, // which is actually equivalent to the twos-complement representation of |x| @@ -865,7 +856,7 @@ int BN_nnmod_pow2(BIGNUM *r, const BIGNUM *a, size_t e) { // If our exponent doesn't span the top word, we have to mask the rest. size_t top_word_exponent = e % BN_BITS2; if (top_word_exponent != 0) { - r->d[r->width - 1] &= (((BN_ULONG) 1) << top_word_exponent) - 1; + r->d[r->width - 1] &= (((BN_ULONG)1) << top_word_exponent) - 1; } // Keep the minimal-width invariant for |BIGNUM|. diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/div_extra.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/div_extra.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/div_extra.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/div_extra.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/exponentiation.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/exponentiation.cc.inc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/exponentiation.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/exponentiation.cc.inc index b18520e7..1408f140 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/exponentiation.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/exponentiation.cc.inc @@ -130,9 +130,9 @@ // WARNING: This function implements Almost Montgomery Multiplication from // https://eprint.iacr.org/2011/239. The inputs do not need to be fully reduced. // However, even if they are fully reduced, the output may not be. -static void bn_mul_mont_gather5( - BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *table, const BN_ULONG *np, - const BN_ULONG *n0, int num, int power) { +static void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, + const BN_ULONG *table, const BN_ULONG *np, + const BN_ULONG *n0, int num, int power) { if (bn_mulx4x_mont_gather5_capable(num)) { bn_mulx4x_mont_gather5(rp, ap, table, np, n0, num, power); } else if (bn_mul4x_mont_gather5_capable(num)) { @@ -162,7 +162,7 @@ static void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *table, } } -#endif // defined(OPENSSL_BN_ASM_MONT5) +#endif // defined(OPENSSL_BN_ASM_MONT5) int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { int i, bits, ret = 0; @@ -534,9 +534,9 @@ static int mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, } } - start = 1; // This is used to avoid multiplication etc - // when there is only the value '1' in the - // buffer. + start = 1; // This is used to avoid multiplication etc + // when there is only the value '1' in the + // buffer. wstart = bits - 1; // The top bit of the window if (!BN_one(r)) { @@ -545,7 +545,7 @@ static int mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, for (;;) { int wvalue; // The 'value' of the window - int wend; // The bottom bit of the window + int wend; // The bottom bit of the window if (!BN_is_bit_set(p, wstart)) { if (!start) { @@ -661,6 +661,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, BN_CTX_start(ctx); BIGNUM *r = BN_CTX_get(ctx); val[0] = BN_CTX_get(ctx); + int window, r_is_one, wstart; if (r == NULL || val[0] == NULL) { goto err; } @@ -678,14 +679,13 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, // precomputing powers of |a|. Windows may be shifted so they always end on a // set bit, so only precompute odd powers. We compute val[i] = a^(2*i + 1) // for i = 0 to 2^(window-1), all in Montgomery form. - int window = BN_window_bits_for_exponent_size(bits); + window = BN_window_bits_for_exponent_size(bits); if (!BN_to_montgomery(val[0], a, mont, ctx)) { goto err; } if (window > 1) { BIGNUM *d = BN_CTX_get(ctx); - if (d == NULL || - !BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx)) { + if (d == NULL || !BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx)) { goto err; } for (int i = 1; i < 1 << (window - 1); i++) { @@ -699,8 +699,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, // |p| is non-zero, so at least one window is non-zero. To save some // multiplications, defer initializing |r| until then. - int r_is_one = 1; - int wstart = bits - 1; // The top bit of the window. + r_is_one = 1; + wstart = bits - 1; // The top bit of the window. for (;;) { if (!BN_is_bit_set(p, wstart)) { if (!r_is_one && !BN_mod_mul_montgomery(r, r, r, mont, ctx)) { @@ -930,7 +930,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, int i, ret = 0, wvalue; BN_MONT_CTX *new_mont = NULL; - unsigned char *powerbuf_free = NULL; + void *powerbuf_free = NULL; size_t powerbuf_len = 0; BN_ULONG *powerbuf = NULL; @@ -963,6 +963,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } // Allocate a montgomery context if it was not supplied by the caller. + int top, num_powers, window; if (mont == NULL) { new_mont = BN_MONT_CTX_new_consttime(m, ctx); if (new_mont == NULL) { @@ -973,7 +974,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, // Use the width in |mont->N|, rather than the copy in |m|. The assembly // implementation assumes it can use |top| to size R. - int top = mont->N.width; + top = mont->N.width; #if defined(OPENSSL_BN_ASM_MONT5) || defined(RSAZ_ENABLED) // Share one large stack-allocated buffer between the RSAZ and non-RSAZ code @@ -1001,7 +1002,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, #endif // Get the window size to use with size of p. - int window = BN_window_bits_for_ctime_exponent_size(bits); + window = BN_window_bits_for_ctime_exponent_size(bits); assert(window <= BN_MAX_MOD_EXP_CTIME_WINDOW); // Calculating |powerbuf_len| below cannot overflow because of the bound on @@ -1022,7 +1023,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, // Allocate a buffer large enough to hold all of the pre-computed // powers of |am|, |am| itself, and |tmp|. - int num_powers = 1 << window; + num_powers = 1 << window; powerbuf_len += sizeof(m->d[0]) * top * (num_powers + 2); #if defined(OPENSSL_BN_ASM_MONT5) @@ -1037,7 +1038,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, if (powerbuf_free == NULL) { goto err; } - powerbuf = align_pointer(powerbuf_free, MOD_EXP_CTIME_ALIGN); + powerbuf = reinterpret_cast( + align_pointer(powerbuf_free, MOD_EXP_CTIME_ALIGN)); } OPENSSL_memset(powerbuf, 0, powerbuf_len); @@ -1050,16 +1052,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, tmp.neg = am.neg = 0; tmp.flags = am.flags = BN_FLG_STATIC_DATA; - if (!bn_one_to_montgomery(&tmp, mont, ctx) || - !bn_resize_words(&tmp, top)) { + if (!bn_one_to_montgomery(&tmp, mont, ctx) || !bn_resize_words(&tmp, top)) { goto err; } // Prepare a^1 in the Montgomery domain. assert(!a->neg); declassify_assert(BN_ucmp(a, m) < 0); - if (!BN_to_montgomery(&am, a, mont, ctx) || - !bn_resize_words(&am, top)) { + if (!BN_to_montgomery(&am, a, mont, ctx) || !bn_resize_words(&am, top)) { goto err; } diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/gcd.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/gcd.cc.inc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/gcd.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/gcd.cc.inc index fd2515f9..44a93449 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/gcd.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/gcd.cc.inc @@ -136,12 +136,11 @@ int BN_mod_inverse_odd(BIGNUM *out, int *out_no_inverse, const BIGNUM *a, B = BN_CTX_get(ctx); X = BN_CTX_get(ctx); Y = BN_CTX_get(ctx); + BIGNUM *R = out; if (Y == NULL) { goto err; } - BIGNUM *R = out; - BN_zero(Y); if (!BN_one(X) || BN_copy(B, a) == NULL || BN_copy(A, n) == NULL) { goto err; @@ -376,8 +375,7 @@ int bn_mod_inverse_prime(BIGNUM *out, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx, const BN_MONT_CTX *mont_p) { BN_CTX_start(ctx); BIGNUM *p_minus_2 = BN_CTX_get(ctx); - int ok = p_minus_2 != NULL && - BN_copy(p_minus_2, p) && + int ok = p_minus_2 != NULL && BN_copy(p_minus_2, p) && BN_sub_word(p_minus_2, 2) && BN_mod_exp_mont(out, a, p_minus_2, p, ctx, mont_p); BN_CTX_end(ctx); @@ -388,8 +386,7 @@ int bn_mod_inverse_secret_prime(BIGNUM *out, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx, const BN_MONT_CTX *mont_p) { BN_CTX_start(ctx); BIGNUM *p_minus_2 = BN_CTX_get(ctx); - int ok = p_minus_2 != NULL && - BN_copy(p_minus_2, p) && + int ok = p_minus_2 != NULL && BN_copy(p_minus_2, p) && BN_sub_word(p_minus_2, 2) && BN_mod_exp_mont_consttime(out, a, p_minus_2, p, ctx, mont_p); BN_CTX_end(ctx); diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/gcd_extra.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/gcd_extra.cc.inc similarity index 89% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/gcd_extra.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/gcd_extra.cc.inc index 249ffbf8..60d0364b 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/gcd_extra.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/gcd_extra.cc.inc @@ -35,7 +35,7 @@ static void maybe_rshift1_words_carry(BN_ULONG *a, BN_ULONG carry, maybe_rshift1_words(a, mask, tmp, num); if (num != 0) { carry &= mask; - a[num - 1] |= carry << (BN_BITS2-1); + a[num - 1] |= carry << (BN_BITS2 - 1); } } @@ -61,25 +61,27 @@ static int bn_gcd_consttime(BIGNUM *r, unsigned *out_shift, const BIGNUM *x, BIGNUM *u = BN_CTX_get(ctx); BIGNUM *v = BN_CTX_get(ctx); BIGNUM *tmp = BN_CTX_get(ctx); - if (u == NULL || v == NULL || tmp == NULL || - !BN_copy(u, x) || - !BN_copy(v, y) || - !bn_resize_words(u, width) || - !bn_resize_words(v, width) || + unsigned x_bits, y_bits, num_iters, shift; + if (u == NULL || v == NULL || tmp == NULL || // + !BN_copy(u, x) || // + !BN_copy(v, y) || // + !bn_resize_words(u, width) || // + !bn_resize_words(v, width) || // !bn_resize_words(tmp, width)) { goto err; } // Each loop iteration halves at least one of |u| and |v|. Thus we need at // most the combined bit width of inputs for at least one value to be zero. - unsigned x_bits = x->width * BN_BITS2, y_bits = y->width * BN_BITS2; - unsigned num_iters = x_bits + y_bits; + x_bits = x->width * BN_BITS2; + y_bits = y->width * BN_BITS2; + num_iters = x_bits + y_bits; if (num_iters < x_bits) { OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG); goto err; } - unsigned shift = 0; + shift = 0; for (unsigned i = 0; i < num_iters; i++) { BN_ULONG both_odd = word_is_odd_mask(u->d[0]) & word_is_odd_mask(v->d[0]); @@ -121,8 +123,7 @@ err: int BN_gcd(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) { unsigned shift; - return bn_gcd_consttime(r, &shift, x, y, ctx) && - BN_lshift(r, r, shift); + return bn_gcd_consttime(r, &shift, x, y, ctx) && BN_lshift(r, r, shift); } int bn_is_relatively_prime(int *out_relatively_prime, const BIGNUM *x, @@ -131,8 +132,7 @@ int bn_is_relatively_prime(int *out_relatively_prime, const BIGNUM *x, BN_CTX_start(ctx); unsigned shift; BIGNUM *gcd = BN_CTX_get(ctx); - if (gcd == NULL || - !bn_gcd_consttime(gcd, &shift, x, y, ctx)) { + if (gcd == NULL || !bn_gcd_consttime(gcd, &shift, x, y, ctx)) { goto err; } @@ -217,23 +217,30 @@ int bn_mod_inverse_consttime(BIGNUM *r, int *out_no_inverse, const BIGNUM *a, BIGNUM *D = BN_CTX_get(ctx); BIGNUM *tmp = BN_CTX_get(ctx); BIGNUM *tmp2 = BN_CTX_get(ctx); - if (u == NULL || v == NULL || A == NULL || B == NULL || C == NULL || - D == NULL || tmp == NULL || tmp2 == NULL || - !BN_copy(u, a) || - !BN_copy(v, n) || - !BN_one(A) || + size_t a_bits, num_iters, n_bits; + if (u == NULL || // + v == NULL || // + A == NULL || // + B == NULL || // + C == NULL || // + D == NULL || // + tmp == NULL || // + tmp2 == NULL || // + !BN_copy(u, a) || // + !BN_copy(v, n) || // + !BN_one(A) || // !BN_one(D) || // For convenience, size |u| and |v| equivalently. - !bn_resize_words(u, n_width) || + !bn_resize_words(u, n_width) || // !bn_resize_words(v, n_width) || // |A| and |C| are bounded by |m|. - !bn_resize_words(A, n_width) || + !bn_resize_words(A, n_width) || // !bn_resize_words(C, n_width) || // |B| and |D| are bounded by |a|. - !bn_resize_words(B, a_width) || + !bn_resize_words(B, a_width) || // !bn_resize_words(D, a_width) || // |tmp| and |tmp2| may be used at either size. - !bn_resize_words(tmp, n_width) || + !bn_resize_words(tmp, n_width) || // !bn_resize_words(tmp2, n_width)) { goto err; } @@ -242,8 +249,9 @@ int bn_mod_inverse_consttime(BIGNUM *r, int *out_no_inverse, const BIGNUM *a, // most the combined bit width of inputs for at least one value to be zero. // |a_bits| and |n_bits| cannot overflow because |bn_wexpand| ensures bit // counts fit in even |int|. - size_t a_bits = a_width * BN_BITS2, n_bits = n_width * BN_BITS2; - size_t num_iters = a_bits + n_bits; + a_bits = a_width * BN_BITS2; + n_bits = n_width * BN_BITS2; + num_iters = a_bits + n_bits; if (num_iters < a_bits) { OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG); goto err; diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/generic.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/generic.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/generic.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/generic.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/jacobi.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/jacobi.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/jacobi.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/jacobi.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/montgomery.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/montgomery.cc.inc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/montgomery.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/montgomery.cc.inc index 56474234..638ae53c 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/montgomery.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/montgomery.cc.inc @@ -117,8 +117,8 @@ #include #include -#include "internal.h" #include "../../internal.h" +#include "internal.h" void bn_mont_ctx_init(BN_MONT_CTX *mont) { @@ -133,7 +133,8 @@ void bn_mont_ctx_cleanup(BN_MONT_CTX *mont) { } BN_MONT_CTX *BN_MONT_CTX_new(void) { - BN_MONT_CTX *ret = OPENSSL_malloc(sizeof(BN_MONT_CTX)); + BN_MONT_CTX *ret = + reinterpret_cast(OPENSSL_malloc(sizeof(BN_MONT_CTX))); if (ret == NULL) { return NULL; } @@ -156,8 +157,7 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, const BN_MONT_CTX *from) { return to; } - if (!BN_copy(&to->RR, &from->RR) || - !BN_copy(&to->N, &from->N)) { + if (!BN_copy(&to->RR, &from->RR) || !BN_copy(&to->N, &from->N)) { return NULL; } to->n0[0] = from->n0[0]; @@ -243,8 +243,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) { BN_MONT_CTX *BN_MONT_CTX_new_for_modulus(const BIGNUM *mod, BN_CTX *ctx) { BN_MONT_CTX *mont = BN_MONT_CTX_new(); - if (mont == NULL || - !BN_MONT_CTX_set(mont, mod, ctx)) { + if (mont == NULL || !BN_MONT_CTX_set(mont, mod, ctx)) { BN_MONT_CTX_free(mont); return NULL; } @@ -253,8 +252,7 @@ BN_MONT_CTX *BN_MONT_CTX_new_for_modulus(const BIGNUM *mod, BN_CTX *ctx) { BN_MONT_CTX *BN_MONT_CTX_new_consttime(const BIGNUM *mod, BN_CTX *ctx) { BN_MONT_CTX *mont = BN_MONT_CTX_new(); - if (mont == NULL || - !bn_mont_ctx_set_N_and_n0(mont, mod) || + if (mont == NULL || !bn_mont_ctx_set_N_and_n0(mont, mod) || !bn_mont_ctx_set_RR_consttime(mont, ctx)) { BN_MONT_CTX_free(mont); return NULL; @@ -331,8 +329,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, } int max = 2 * n->width; // carry is stored separately - if (!bn_resize_words(r, max) || - !bn_wexpand(ret, n->width)) { + if (!bn_resize_words(r, max) || !bn_wexpand(ret, n->width)) { return 0; } @@ -348,8 +345,7 @@ int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, const BN_MONT_CTX *mont, BN_CTX_start(ctx); t = BN_CTX_get(ctx); - if (t == NULL || - !BN_copy(t, a)) { + if (t == NULL || !BN_copy(t, a)) { goto err; } @@ -425,9 +421,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, #if defined(OPENSSL_BN_ASM_MONT) // |bn_mul_mont| requires at least 128 bits of limbs, at least for x86. int num = mont->N.width; - if (num >= (128 / BN_BITS2) && - a->width == num && - b->width == num) { + if (num >= (128 / BN_BITS2) && a->width == num && b->width == num) { if (!bn_wexpand(r, num)) { return 0; } @@ -450,8 +444,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } int bn_less_than_montgomery_R(const BIGNUM *bn, const BN_MONT_CTX *mont) { - return !BN_is_negative(bn) && - bn_fits_in_words(bn, mont->N.width); + return !BN_is_negative(bn) && bn_fits_in_words(bn, mont->N.width); } void bn_to_montgomery_small(BN_ULONG *r, const BN_ULONG *a, size_t num, diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/montgomery_inv.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/montgomery_inv.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/montgomery_inv.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/montgomery_inv.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/mul.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/mul.cc.inc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/mul.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/mul.cc.inc index e7fd224d..c65e59f0 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/mul.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/mul.cc.inc @@ -63,8 +63,8 @@ #include #include -#include "internal.h" #include "../../internal.h" +#include "internal.h" #define BN_MUL_RECURSIVE_SIZE_NORMAL 16 @@ -181,9 +181,7 @@ int bn_abs_sub_consttime(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, int r_len = a->width < b->width ? b->width : a->width; BN_CTX_start(ctx); BIGNUM *tmp = BN_CTX_get(ctx); - int ok = tmp != NULL && - bn_wexpand(r, r_len) && - bn_wexpand(tmp, r_len); + int ok = tmp != NULL && bn_wexpand(r, r_len) && bn_wexpand(tmp, r_len); if (ok) { bn_abs_sub_part_words(r->d, a->d, b->d, cl, dl, tmp->d); r->width = r_len; @@ -208,8 +206,8 @@ static void bn_mul_recursive(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, // |n2| is a power of two. assert(n2 != 0 && (n2 & (n2 - 1)) == 0); // Check |dna| and |dnb| are in range. - assert(-BN_MUL_RECURSIVE_SIZE_NORMAL/2 <= dna && dna <= 0); - assert(-BN_MUL_RECURSIVE_SIZE_NORMAL/2 <= dnb && dnb <= 0); + assert(-BN_MUL_RECURSIVE_SIZE_NORMAL / 2 <= dna && dna <= 0); + assert(-BN_MUL_RECURSIVE_SIZE_NORMAL / 2 <= dnb && dnb <= 0); // Only call bn_mul_comba 8 if n2 == 8 and the // two arrays are complete [steve] @@ -421,7 +419,7 @@ static int bn_mul_impl(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, return 1; } - int ret = 0; + int ret = 0, i, top; BIGNUM *rr; BN_CTX_start(ctx); if (r == a || r == b) { @@ -434,7 +432,7 @@ static int bn_mul_impl(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } rr->neg = a->neg ^ b->neg; - int i = al - bl; + i = al - bl; if (i == 0) { if (al == 8) { if (!bn_wexpand(rr, 16)) { @@ -446,7 +444,7 @@ static int bn_mul_impl(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } } - int top = al + bl; + top = al + bl; static const int kMulNormalSize = 16; if (al >= kMulNormalSize && bl >= kMulNormalSize) { if (-1 <= i && i <= 1) { @@ -471,8 +469,7 @@ static int bn_mul_impl(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, // algorithms. Is this optimization necessary? See notes in // https://boringssl-review.googlesource.com/q/I0bd604e2cd6a75c266f64476c23a730ca1721ea6 assert(al >= j && bl >= j); - if (!bn_wexpand(t, j * 8) || - !bn_wexpand(rr, j * 4)) { + if (!bn_wexpand(t, j * 8) || !bn_wexpand(rr, j * 4)) { goto err; } bn_mul_part_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d); @@ -480,8 +477,7 @@ static int bn_mul_impl(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, // al <= j && bl <= j. Additionally, we know j <= al or j <= bl, so one // of al - j or bl - j is zero. The other, by the bound on |i| above, is // zero or -1. Thus, we can use |bn_mul_recursive|. - if (!bn_wexpand(t, j * 4) || - !bn_wexpand(rr, j * 2)) { + if (!bn_wexpand(t, j * 4) || !bn_wexpand(rr, j * 2)) { goto err; } bn_mul_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d); @@ -669,7 +665,7 @@ int bn_sqr_consttime(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { return 1; } - int ret = 0; + int ret = 0, max; BN_CTX_start(ctx); BIGNUM *rr = (a != r) ? r : BN_CTX_get(ctx); BIGNUM *tmp = BN_CTX_get(ctx); @@ -677,7 +673,7 @@ int bn_sqr_consttime(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { goto err; } - int max = 2 * al; // Non-zero (from above) + max = 2 * al; // Non-zero (from above) if (!bn_wexpand(rr, max)) { goto err; } diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/prime.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/prime.cc.inc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/prime.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/prime.cc.inc index ee0ce622..13187577 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/prime.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/prime.cc.inc @@ -111,8 +111,8 @@ #include #include -#include "internal.h" #include "../../internal.h" +#include "internal.h" // kPrimes contains the first 1024 primes. @@ -359,13 +359,14 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM *add, static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); -BN_GENCB *BN_GENCB_new(void) { return OPENSSL_zalloc(sizeof(BN_GENCB)); } +BN_GENCB *BN_GENCB_new(void) { + return reinterpret_cast(OPENSSL_zalloc(sizeof(BN_GENCB))); +} void BN_GENCB_free(BN_GENCB *callback) { OPENSSL_free(callback); } void BN_GENCB_set(BN_GENCB *callback, - int (*f)(int event, int n, struct bn_gencb_st *), - void *arg) { + int (*f)(int event, int n, struct bn_gencb_st *), void *arg) { callback->callback = f; callback->arg = arg; } @@ -513,9 +514,9 @@ int bn_miller_rabin_init(BN_MILLER_RABIN *miller_rabin, const BN_MONT_CTX *mont, miller_rabin->m = BN_CTX_get(ctx); miller_rabin->one_mont = BN_CTX_get(ctx); miller_rabin->w1_mont = BN_CTX_get(ctx); - if (miller_rabin->w1 == NULL || - miller_rabin->m == NULL || - miller_rabin->one_mont == NULL || + if (miller_rabin->w1 == NULL || // + miller_rabin->m == NULL || // + miller_rabin->one_mont == NULL || // miller_rabin->w1_mont == NULL) { return 0; } @@ -553,6 +554,7 @@ int bn_miller_rabin_iteration(const BN_MILLER_RABIN *miller_rabin, // timing leaks. const BIGNUM *w = &mont->N; BIGNUM *z = BN_CTX_get(ctx); + crypto_word_t is_possibly_prime; if (z == NULL || !BN_mod_exp_mont_consttime(z, b, miller_rabin->m, w, ctx, mont) || !BN_to_montgomery(z, z, mont, ctx)) { @@ -563,7 +565,7 @@ int bn_miller_rabin_iteration(const BN_MILLER_RABIN *miller_rabin, // witness for |w|. This is equivalent to going to step 4.7 in the original // algorithm. To avoid timing leaks, we run the algorithm to the end for prime // inputs. - crypto_word_t is_possibly_prime = 0; + is_possibly_prime = 0; // Step 4.4. If z = 1 or z = w-1, b is not a composite witness and w is still // possibly prime. @@ -705,6 +707,7 @@ int BN_primality_test(int *out_is_probably_prime, const BIGNUM *w, int checks, BIGNUM *b = BN_CTX_get(ctx); BN_MONT_CTX *mont = BN_MONT_CTX_new_consttime(w, ctx); BN_MILLER_RABIN miller_rabin; + crypto_word_t uniform_iterations = 0; if (b == NULL || mont == NULL || // Steps 1-3. !bn_miller_rabin_init(&miller_rabin, mont, ctx)) { @@ -739,7 +742,6 @@ int BN_primality_test(int *out_is_probably_prime, const BIGNUM *w, int checks, // Note this blinding does not impact most calls when picking primes because // composites are rejected early. Only the two secret primes see extra work. - crypto_word_t uniform_iterations = 0; // Using |constant_time_lt_w| seems to prevent the compiler from optimizing // this into two jumps. for (int i = 1; constant_time_declassify_w( @@ -749,7 +751,7 @@ int BN_primality_test(int *out_is_probably_prime, const BIGNUM *w, int checks, // Step 4.1-4.2 int is_uniform; if (!bn_rand_secret_range(b, &is_uniform, 2, miller_rabin.w1)) { - goto err; + goto err; } uniform_iterations += is_uniform; @@ -818,33 +820,28 @@ int BN_enhanced_miller_rabin_primality_test( BN_CTX_start(ctx); BIGNUM *w1 = BN_CTX_get(ctx); - if (w1 == NULL || - !BN_copy(w1, w) || - !BN_sub_word(w1, 1)) { + BIGNUM *b, *g, *z, *x, *x1, *m; + int a; + if (w1 == NULL || !BN_copy(w1, w) || !BN_sub_word(w1, 1)) { goto err; } // Write w1 as m*2^a (Steps 1 and 2). - int a = 0; + a = 0; while (!BN_is_bit_set(w1, a)) { a++; } - BIGNUM *m = BN_CTX_get(ctx); - if (m == NULL || - !BN_rshift(m, w1, a)) { + m = BN_CTX_get(ctx); + if (m == NULL || !BN_rshift(m, w1, a)) { goto err; } - BIGNUM *b = BN_CTX_get(ctx); - BIGNUM *g = BN_CTX_get(ctx); - BIGNUM *z = BN_CTX_get(ctx); - BIGNUM *x = BN_CTX_get(ctx); - BIGNUM *x1 = BN_CTX_get(ctx); - if (b == NULL || - g == NULL || - z == NULL || - x == NULL || - x1 == NULL) { + b = BN_CTX_get(ctx); + g = BN_CTX_get(ctx); + z = BN_CTX_get(ctx); + x = BN_CTX_get(ctx); + x1 = BN_CTX_get(ctx); + if (b == NULL || g == NULL || z == NULL || x == NULL || x1 == NULL) { goto err; } @@ -905,11 +902,9 @@ int BN_enhanced_miller_rabin_primality_test( goto err; } - composite: + composite: // Step 4.12-4.14 - if (!BN_copy(x1, x) || - !BN_sub_word(x1, 1) || - !BN_gcd(g, x1, w, ctx)) { + if (!BN_copy(x1, x) || !BN_sub_word(x1, 1) || !BN_gcd(g, x1, w, ctx)) { goto err; } if (BN_cmp_word(g, 1) > 0) { @@ -921,7 +916,7 @@ int BN_enhanced_miller_rabin_primality_test( ret = 1; goto err; - loop: + loop: // Step 4.15 if (!BN_GENCB_call(cb, BN_GENCB_PRIME_TEST, i - 1)) { goto err; @@ -953,6 +948,7 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM *add, BIGNUM *t1; BN_CTX_start(ctx); + size_t num_primes; if ((t1 = BN_CTX_get(ctx)) == NULL) { goto err; } @@ -980,7 +976,7 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM *add, } // we now have a random number 'rand' to test. - const size_t num_primes = num_trial_division_primes(rnd); + num_primes = num_trial_division_primes(rnd); loop: for (size_t i = 1; i < num_primes; i++) { // check that rnd is a prime @@ -1009,6 +1005,7 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, t1 = BN_CTX_get(ctx); q = BN_CTX_get(ctx); qadd = BN_CTX_get(ctx); + size_t num_primes; if (qadd == NULL) { goto err; } @@ -1051,7 +1048,7 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, goto err; } - const size_t num_primes = num_trial_division_primes(p); + num_primes = num_trial_division_primes(p); loop: for (size_t i = 1; i < num_primes; i++) { // check that p and q are prime diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/random.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/random.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/random.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/random.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/rsaz_exp.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/rsaz_exp.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/rsaz_exp.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/rsaz_exp.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/shift.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/shift.cc.inc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/shift.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/shift.cc.inc index f8520888..cb7321c4 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/shift.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/shift.cc.inc @@ -174,14 +174,13 @@ int bn_rshift_secret_shift(BIGNUM *r, const BIGNUM *a, unsigned n, int ret = 0; BN_CTX_start(ctx); BIGNUM *tmp = BN_CTX_get(ctx); - if (tmp == NULL || - !BN_copy(r, a) || - !bn_wexpand(tmp, r->width)) { + unsigned max_bits; + if (tmp == NULL || !BN_copy(r, a) || !bn_wexpand(tmp, r->width)) { goto err; } // Shift conditionally by powers of two. - unsigned max_bits = BN_BITS2 * r->width; + max_bits = BN_BITS2 * r->width; for (unsigned i = 0; (max_bits >> i) != 0; i++) { BN_ULONG mask = (n >> i) & 1; mask = 0 - mask; diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/sqrt.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/sqrt.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/sqrt.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/sqrt.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/aead.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/aead.cc.inc similarity index 92% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/aead.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/aead.cc.inc index 4897970d..3cdc1788 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/aead.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/aead.cc.inc @@ -21,8 +21,8 @@ #include #include -#include "internal.h" #include "../../internal.h" +#include "internal.h" size_t EVP_AEAD_key_length(const EVP_AEAD *aead) { return aead->key_len; } @@ -39,7 +39,11 @@ void EVP_AEAD_CTX_zero(EVP_AEAD_CTX *ctx) { EVP_AEAD_CTX *EVP_AEAD_CTX_new(const EVP_AEAD *aead, const uint8_t *key, size_t key_len, size_t tag_len) { - EVP_AEAD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_AEAD_CTX)); + EVP_AEAD_CTX *ctx = + reinterpret_cast(OPENSSL_malloc(sizeof(EVP_AEAD_CTX))); + if (!ctx) { + return NULL; + } EVP_AEAD_CTX_zero(ctx); if (EVP_AEAD_CTX_init(ctx, aead, key, key_len, tag_len, NULL)) { @@ -150,11 +154,13 @@ error: return 0; } -int EVP_AEAD_CTX_seal_scatter( - const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag, size_t - *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce, size_t - nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, - size_t extra_in_len, const uint8_t *ad, size_t ad_len) { +int EVP_AEAD_CTX_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out, + uint8_t *out_tag, size_t *out_tag_len, + size_t max_out_tag_len, const uint8_t *nonce, + size_t nonce_len, const uint8_t *in, + size_t in_len, const uint8_t *extra_in, + size_t extra_in_len, const uint8_t *ad, + size_t ad_len) { // |in| and |out| may alias exactly, |out_tag| may not alias. if (!check_alias(in, in_len, out, in_len) || buffers_alias(out, in_len, out_tag, max_out_tag_len) || @@ -187,6 +193,7 @@ int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, size_t max_out_len, const uint8_t *nonce, size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *ad, size_t ad_len) { + size_t plaintext_len; if (!check_alias(in, in_len, out, max_out_len)) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_OUTPUT_ALIASES_INPUT); goto error; @@ -194,7 +201,7 @@ int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, if (ctx->aead->open) { if (!ctx->aead->open(ctx, out, out_len, max_out_len, nonce, nonce_len, in, - in_len, ad, ad_len)) { + in_len, ad, ad_len)) { goto error; } return 1; @@ -209,7 +216,7 @@ int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, goto error; } - size_t plaintext_len = in_len - ctx->tag_len; + plaintext_len = in_len - ctx->tag_len; if (max_out_len < plaintext_len) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); goto error; diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/cipher.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/cipher.cc.inc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/cipher.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/cipher.cc.inc index e721d764..b4cda12b 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/cipher.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/cipher.cc.inc @@ -64,9 +64,9 @@ #include #include -#include "internal.h" -#include "../service_indicator/internal.h" #include "../../internal.h" +#include "../service_indicator/internal.h" +#include "internal.h" void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) { @@ -74,7 +74,8 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) { } EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { - EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX)); + EVP_CIPHER_CTX *ctx = reinterpret_cast( + OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))); if (ctx) { EVP_CIPHER_CTX_init(ctx); } @@ -568,9 +569,7 @@ const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) { return ctx->cipher; } -int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) { - return ctx->cipher->nid; -} +int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) { return ctx->cipher->nid; } int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) { return ctx->encrypt; @@ -710,8 +709,6 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len) { return EVP_DecryptFinal_ex(ctx, out, out_len); } -int EVP_add_cipher_alias(const char *a, const char *b) { - return 1; -} +int EVP_add_cipher_alias(const char *a, const char *b) { return 1; } void EVP_CIPHER_CTX_set_flags(const EVP_CIPHER_CTX *ctx, uint32_t flags) {} diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/e_aes.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/e_aes.cc.inc similarity index 93% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/e_aes.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/e_aes.cc.inc index 57f8d16e..63c8aaa9 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/e_aes.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/e_aes.cc.inc @@ -57,17 +57,17 @@ #include #include -#include "internal.h" #include "../../internal.h" #include "../aes/internal.h" #include "../bcm_interface.h" +#include "../delocate.h" #include "../modes/internal.h" #include "../service_indicator/internal.h" -#include "../delocate.h" +#include "internal.h" OPENSSL_MSVC_PRAGMA(warning(push)) -OPENSSL_MSVC_PRAGMA(warning(disable: 4702)) // Unreachable code. +OPENSSL_MSVC_PRAGMA(warning(disable : 4702)) // Unreachable code. #define AES_GCM_NONCE_LENGTH 12 @@ -131,9 +131,9 @@ typedef struct { int key_set; // Set if key initialised int iv_set; // Set if an iv is set uint8_t *iv; // Temporary IV store - int ivlen; // IV length + int ivlen; // IV length int taglen; - int iv_gen; // It is OK to generate IVs + int iv_gen; // It is OK to generate IVs ctr128_f ctr; } EVP_AES_GCM_CTX; @@ -332,7 +332,7 @@ ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_KEY *gcm_key, } #if defined(OPENSSL_32_BIT) -#define EVP_AES_GCM_CTX_PADDING (4+8) +#define EVP_AES_GCM_CTX_PADDING (4 + 8) #else #define EVP_AES_GCM_CTX_PADDING 8 #endif @@ -347,7 +347,7 @@ static EVP_AES_GCM_CTX *aes_gcm_from_cipher_ctx(EVP_CIPHER_CTX *ctx) { assert(ctx->cipher->ctx_size == sizeof(EVP_AES_GCM_CTX) + EVP_AES_GCM_CTX_PADDING); - char *ptr = ctx->cipher_data; + char *ptr = reinterpret_cast(ctx->cipher_data); #if defined(OPENSSL_32_BIT) assert((uintptr_t)ptr % 4 == 0); ptr += (uintptr_t)ptr & 4; @@ -430,7 +430,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { if (gctx->iv != c->iv) { OPENSSL_free(gctx->iv); } - gctx->iv = OPENSSL_malloc(arg); + gctx->iv = reinterpret_cast(OPENSSL_malloc(arg)); if (!gctx->iv) { return 0; } @@ -508,7 +508,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { return 1; case EVP_CTRL_COPY: { - EVP_CIPHER_CTX *out = ptr; + EVP_CIPHER_CTX *out = reinterpret_cast(ptr); EVP_AES_GCM_CTX *gctx_out = aes_gcm_from_cipher_ctx(out); // |EVP_CIPHER_CTX_copy| copies this generically, but we must redo it in // case |out->cipher_data| and |in->cipher_data| are differently aligned. @@ -516,7 +516,8 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { if (gctx->iv == c->iv) { gctx_out->iv = out->iv; } else { - gctx_out->iv = OPENSSL_memdup(gctx->iv, gctx->ivlen); + gctx_out->iv = + reinterpret_cast(OPENSSL_memdup(gctx->iv, gctx->ivlen)); if (!gctx_out->iv) { return 0; } @@ -809,7 +810,9 @@ static int aes_hw_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, return 1; } - aes_hw_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt); + aes_hw_ecb_encrypt(in, out, len, + reinterpret_cast(ctx->cipher_data), + ctx->encrypt); return 1; } @@ -927,7 +930,7 @@ static_assert(alignof(union evp_aead_ctx_st_state) >= static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t requested_tag_len) { - struct aead_aes_gcm_ctx *gcm_ctx = (struct aead_aes_gcm_ctx *) &ctx->state; + struct aead_aes_gcm_ctx *gcm_ctx = (struct aead_aes_gcm_ctx *)&ctx->state; size_t actual_tag_len; if (!aead_aes_gcm_init_impl(gcm_ctx, &actual_tag_len, key, key_len, @@ -942,13 +945,10 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, static void aead_aes_gcm_cleanup(EVP_AEAD_CTX *ctx) {} static int aead_aes_gcm_seal_scatter_impl( - const struct aead_aes_gcm_ctx *gcm_ctx, - uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len, - const uint8_t *nonce, size_t nonce_len, - const uint8_t *in, size_t in_len, - const uint8_t *extra_in, size_t extra_in_len, - const uint8_t *ad, size_t ad_len, - size_t tag_len) { + const struct aead_aes_gcm_ctx *gcm_ctx, uint8_t *out, uint8_t *out_tag, + size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce, + size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, + size_t extra_in_len, const uint8_t *ad, size_t ad_len, size_t tag_len) { if (extra_in_len + tag_len < tag_len) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; @@ -1003,14 +1003,11 @@ static int aead_aes_gcm_seal_scatter_impl( return 1; } -static int aead_aes_gcm_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out, - uint8_t *out_tag, size_t *out_tag_len, - size_t max_out_tag_len, - const uint8_t *nonce, size_t nonce_len, - const uint8_t *in, size_t in_len, - const uint8_t *extra_in, - size_t extra_in_len, - const uint8_t *ad, size_t ad_len) { +static int aead_aes_gcm_seal_scatter( + const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag, + size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce, + size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, + size_t extra_in_len, const uint8_t *ad, size_t ad_len) { const struct aead_aes_gcm_ctx *gcm_ctx = (const struct aead_aes_gcm_ctx *)&ctx->state; return aead_aes_gcm_seal_scatter_impl( @@ -1019,13 +1016,11 @@ static int aead_aes_gcm_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out, } static int aead_aes_gcm_open_gather_impl(const struct aead_aes_gcm_ctx *gcm_ctx, - uint8_t *out, - const uint8_t *nonce, size_t nonce_len, - const uint8_t *in, size_t in_len, - const uint8_t *in_tag, - size_t in_tag_len, - const uint8_t *ad, size_t ad_len, - size_t tag_len) { + uint8_t *out, const uint8_t *nonce, + size_t nonce_len, const uint8_t *in, + size_t in_len, const uint8_t *in_tag, + size_t in_tag_len, const uint8_t *ad, + size_t ad_len, size_t tag_len) { uint8_t tag[EVP_AEAD_AES_GCM_TAG_LEN]; if (nonce_len == 0) { @@ -1150,12 +1145,11 @@ static int aead_aes_gcm_init_randnonce(EVP_AEAD_CTX *ctx, const uint8_t *key, } static int aead_aes_gcm_seal_scatter_randnonce( - const EVP_AEAD_CTX *ctx, - uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len, - const uint8_t *external_nonce, size_t external_nonce_len, - const uint8_t *in, size_t in_len, - const uint8_t *extra_in, size_t extra_in_len, - const uint8_t *ad, size_t ad_len) { + const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag, + size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *external_nonce, + size_t external_nonce_len, const uint8_t *in, size_t in_len, + const uint8_t *extra_in, size_t extra_in_len, const uint8_t *ad, + size_t ad_len) { if (external_nonce_len != 0) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE); return 0; @@ -1193,11 +1187,10 @@ static int aead_aes_gcm_seal_scatter_randnonce( } static int aead_aes_gcm_open_gather_randnonce( - const EVP_AEAD_CTX *ctx, uint8_t *out, - const uint8_t *external_nonce, size_t external_nonce_len, - const uint8_t *in, size_t in_len, - const uint8_t *in_tag, size_t in_tag_len, - const uint8_t *ad, size_t ad_len) { + const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *external_nonce, + size_t external_nonce_len, const uint8_t *in, size_t in_len, + const uint8_t *in_tag, size_t in_tag_len, const uint8_t *ad, + size_t ad_len) { if (external_nonce_len != 0) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE); return 0; @@ -1212,9 +1205,9 @@ static int aead_aes_gcm_open_gather_randnonce( const struct aead_aes_gcm_ctx *gcm_ctx = (const struct aead_aes_gcm_ctx *)&ctx->state; if (!aead_aes_gcm_open_gather_impl( - gcm_ctx, out, nonce, AES_GCM_NONCE_LENGTH, in, in_len, in_tag, - in_tag_len - AES_GCM_NONCE_LENGTH, ad, ad_len, - ctx->tag_len - AES_GCM_NONCE_LENGTH)) { + gcm_ctx, out, nonce, AES_GCM_NONCE_LENGTH, in, in_len, in_tag, + in_tag_len - AES_GCM_NONCE_LENGTH, ad, ad_len, + ctx->tag_len - AES_GCM_NONCE_LENGTH)) { return 0; } @@ -1267,7 +1260,7 @@ static_assert(alignof(union evp_aead_ctx_st_state) >= static int aead_aes_gcm_tls12_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t requested_tag_len) { struct aead_aes_gcm_tls12_ctx *gcm_ctx = - (struct aead_aes_gcm_tls12_ctx *) &ctx->state; + (struct aead_aes_gcm_tls12_ctx *)&ctx->state; gcm_ctx->min_next_nonce = 0; @@ -1287,7 +1280,7 @@ static int aead_aes_gcm_tls12_seal_scatter( size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, size_t extra_in_len, const uint8_t *ad, size_t ad_len) { struct aead_aes_gcm_tls12_ctx *gcm_ctx = - (struct aead_aes_gcm_tls12_ctx *) &ctx->state; + (struct aead_aes_gcm_tls12_ctx *)&ctx->state; if (nonce_len != AES_GCM_NONCE_LENGTH) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); @@ -1361,7 +1354,7 @@ static_assert(alignof(union evp_aead_ctx_st_state) >= static int aead_aes_gcm_tls13_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t requested_tag_len) { struct aead_aes_gcm_tls13_ctx *gcm_ctx = - (struct aead_aes_gcm_tls13_ctx *) &ctx->state; + (struct aead_aes_gcm_tls13_ctx *)&ctx->state; gcm_ctx->min_next_nonce = 0; gcm_ctx->first = 1; @@ -1382,7 +1375,7 @@ static int aead_aes_gcm_tls13_seal_scatter( size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, size_t extra_in_len, const uint8_t *ad, size_t ad_len) { struct aead_aes_gcm_tls13_ctx *gcm_ctx = - (struct aead_aes_gcm_tls13_ctx *) &ctx->state; + (struct aead_aes_gcm_tls13_ctx *)&ctx->state; if (nonce_len != AES_GCM_NONCE_LENGTH) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); @@ -1403,8 +1396,7 @@ static int aead_aes_gcm_tls13_seal_scatter( } given_counter ^= gcm_ctx->mask; - if (given_counter == UINT64_MAX || - given_counter < gcm_ctx->min_next_nonce) { + if (given_counter == UINT64_MAX || given_counter < gcm_ctx->min_next_nonce) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE); return 0; } diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/e_aesccm.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/e_aesccm.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/e_aesccm.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/cipher/e_aesccm.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/cmac/cmac.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/cmac/cmac.cc.inc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/cmac/cmac.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/cmac/cmac.cc.inc index 16265aaa..fe8f08be 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/cmac/cmac.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/cmac/cmac.cc.inc @@ -119,7 +119,7 @@ int AES_CMAC(uint8_t out[16], const uint8_t *key, size_t key_len, } CMAC_CTX *CMAC_CTX_new(void) { - CMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); + CMAC_CTX *ctx = reinterpret_cast(OPENSSL_malloc(sizeof(*ctx))); if (ctx != NULL) { CMAC_CTX_init(ctx); } @@ -155,7 +155,7 @@ static void binary_field_mul_x_128(uint8_t out[16], const uint8_t in[16]) { // Shift |in| to left, including carry. for (i = 0; i < 15; i++) { - out[i] = (in[i] << 1) | (in[i+1] >> 7); + out[i] = (in[i] << 1) | (in[i + 1] >> 7); } // If MSB set fixup with R. @@ -172,7 +172,7 @@ static void binary_field_mul_x_64(uint8_t out[8], const uint8_t in[8]) { // Shift |in| to left, including carry. for (i = 0; i < 7; i++) { - out[i] = (in[i] << 1) | (in[i+1] >> 7); + out[i] = (in[i] << 1) | (in[i + 1] >> 7); } // If MSB set fixup with R. @@ -194,7 +194,8 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t key_len, size_t block_size = EVP_CIPHER_block_size(cipher); if ((block_size != AES_BLOCK_SIZE && block_size != 8 /* 3-DES */) || EVP_CIPHER_key_length(cipher) != key_len || - !EVP_EncryptInit_ex(&ctx->cipher_ctx, cipher, NULL, key, kZeroIV) || + !EVP_EncryptInit_ex(&ctx->cipher_ctx, cipher, NULL, + reinterpret_cast(key), kZeroIV) || !EVP_Cipher(&ctx->cipher_ctx, scratch, kZeroIV, block_size) || // Reset context again ready for first data. !EVP_EncryptInit_ex(&ctx->cipher_ctx, NULL, NULL, NULL, kZeroIV)) { @@ -291,13 +292,12 @@ int CMAC_Final(CMAC_CTX *ctx, uint8_t *out, size_t *out_len) { FIPS_service_indicator_lock_state(); *out_len = block_size; + const uint8_t *mask = ctx->k1; if (out == NULL) { ret = 1; goto out; } - const uint8_t *mask = ctx->k1; - if (ctx->block_used != block_size) { // If the last block is incomplete, terminate it with a single 'one' bit // followed by zeros. diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/delocate.h b/Sources/CCryptoBoringSSL/crypto/fipsmodule/delocate.h index 8be14a2d..fe67dbd3 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/delocate.h +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/delocate.h @@ -22,19 +22,23 @@ #if !defined(BORINGSSL_SHARED_LIBRARY) && defined(BORINGSSL_FIPS) && \ !defined(OPENSSL_ASAN) && !defined(OPENSSL_MSAN) -#define DEFINE_BSS_GET(type, name) \ - static type name __attribute__((used)); \ - type *name##_bss_get(void) __attribute__((const)); +#define DEFINE_BSS_GET(type, name, init_value) \ + static type name __attribute__((used)) = init_value; \ + extern "C" { \ + type *name##_bss_get(void) __attribute__((const)); \ + } // For FIPS builds we require that CRYPTO_ONCE_INIT be zero. -#define DEFINE_STATIC_ONCE(name) DEFINE_BSS_GET(CRYPTO_once_t, name) +#define DEFINE_STATIC_ONCE(name) \ + DEFINE_BSS_GET(CRYPTO_once_t, name, CRYPTO_ONCE_INIT) // For FIPS builds we require that CRYPTO_MUTEX_INIT be zero. -#define DEFINE_STATIC_MUTEX(name) DEFINE_BSS_GET(CRYPTO_MUTEX, name) +#define DEFINE_STATIC_MUTEX(name) \ + DEFINE_BSS_GET(CRYPTO_MUTEX, name, CRYPTO_MUTEX_INIT) // For FIPS builds we require that CRYPTO_EX_DATA_CLASS_INIT be zero. #define DEFINE_STATIC_EX_DATA_CLASS(name) \ - DEFINE_BSS_GET(CRYPTO_EX_DATA_CLASS, name) + DEFINE_BSS_GET(CRYPTO_EX_DATA_CLASS, name, CRYPTO_EX_DATA_CLASS_INIT) #else -#define DEFINE_BSS_GET(type, name) \ - static type name; \ +#define DEFINE_BSS_GET(type, name, init_value) \ + static type name = init_value; \ static type *name##_bss_get(void) { return &name; } #define DEFINE_STATIC_ONCE(name) \ static CRYPTO_once_t name = CRYPTO_ONCE_INIT; \ @@ -48,7 +52,7 @@ #endif #define DEFINE_DATA(type, name, accessor_decorations) \ - DEFINE_BSS_GET(type, name##_storage) \ + DEFINE_BSS_GET(type, name##_storage, {}) \ DEFINE_STATIC_ONCE(name##_once) \ static void name##_do_init(type *out); \ static void name##_init(void) { name##_do_init(name##_storage_bss_get()); } \ diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/dh/check.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/dh/check.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/dh/check.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/dh/check.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/dh/dh.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/dh/dh.cc.inc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/dh/dh.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/dh/dh.cc.inc index 5fa26871..71dd0b8b 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/dh/dh.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/dh/dh.cc.inc @@ -59,8 +59,8 @@ #include #include -#include #include +#include #include #include @@ -71,7 +71,7 @@ DH *DH_new(void) { - DH *dh = OPENSSL_zalloc(sizeof(DH)); + DH *dh = reinterpret_cast(OPENSSL_zalloc(sizeof(DH))); if (dh == NULL) { return NULL; } @@ -151,8 +151,7 @@ void DH_get0_pqg(const DH *dh, const BIGNUM **out_p, const BIGNUM **out_q, } int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { - if ((dh->p == NULL && p == NULL) || - (dh->g == NULL && g == NULL)) { + if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL)) { return 0; } @@ -322,8 +321,7 @@ static int dh_compute_key(DH *dh, BIGNUM *out_shared_key, if (!BN_mod_exp_mont_consttime(out_shared_key, peers_key, dh->priv_key, dh->p, ctx, dh->method_mont_p) || - !BN_copy(p_minus_1, dh->p) || - !BN_sub_word(p_minus_1, 1)) { + !BN_copy(p_minus_1, dh->p) || !BN_sub_word(p_minus_1, 1)) { OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB); goto err; } @@ -337,7 +335,7 @@ static int dh_compute_key(DH *dh, BIGNUM *out_shared_key, ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -353,8 +351,7 @@ int dh_compute_key_padded_no_self_test(unsigned char *out, int dh_size = DH_size(dh); int ret = -1; BIGNUM *shared_key = BN_CTX_get(ctx); - if (shared_key && - dh_compute_key(dh, shared_key, peers_key, ctx) && + if (shared_key && dh_compute_key(dh, shared_key, peers_key, ctx) && BN_bn2bin_padded(out, dh_size, shared_key)) { ret = dh_size; } @@ -405,7 +402,7 @@ int DH_compute_key_hashed(DH *dh, uint8_t *out, size_t *out_len, int ret = 0; const size_t dh_len = DH_size(dh); - uint8_t *shared_bytes = OPENSSL_malloc(dh_len); + uint8_t *shared_bytes = reinterpret_cast(OPENSSL_malloc(dh_len)); unsigned out_len_unsigned; if (!shared_bytes || // SP 800-56A is ambiguous about whether the output should be padded prior @@ -423,7 +420,7 @@ int DH_compute_key_hashed(DH *dh, uint8_t *out, size_t *out_len, *out_len = digest_len; ret = 1; - err: +err: FIPS_service_indicator_unlock_state(); OPENSSL_free(shared_bytes); return ret; @@ -472,18 +469,17 @@ DH *DH_get_rfc7919_2048(void) { bn_set_static_words(ffdhe2048_p, kFFDHE2048Data, OPENSSL_ARRAY_SIZE(kFFDHE2048Data)); - if (!BN_rshift1(ffdhe2048_q, ffdhe2048_p) || - !BN_set_word(ffdhe2048_g, 2) || + if (!BN_rshift1(ffdhe2048_q, ffdhe2048_p) || !BN_set_word(ffdhe2048_g, 2) || !DH_set0_pqg(dh, ffdhe2048_p, ffdhe2048_q, ffdhe2048_g)) { goto err; } return dh; - err: - BN_free(ffdhe2048_p); - BN_free(ffdhe2048_q); - BN_free(ffdhe2048_g); - DH_free(dh); - return NULL; +err: + BN_free(ffdhe2048_p); + BN_free(ffdhe2048_q); + BN_free(ffdhe2048_g); + DH_free(dh); + return NULL; } diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/digest/digest.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/digest/digest.cc.inc similarity index 95% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/digest/digest.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/digest/digest.cc.inc index d721a99b..adf73b10 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/digest/digest.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/digest/digest.cc.inc @@ -62,8 +62,8 @@ #include #include -#include "internal.h" #include "../../internal.h" +#include "internal.h" int EVP_MD_type(const EVP_MD *md) { return md->type; } @@ -82,7 +82,8 @@ void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { } EVP_MD_CTX *EVP_MD_CTX_new(void) { - EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX)); + EVP_MD_CTX *ctx = + reinterpret_cast(OPENSSL_malloc(sizeof(EVP_MD_CTX))); if (ctx) { EVP_MD_CTX_init(ctx); @@ -152,7 +153,8 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) { if (in->digest != NULL) { if (out->digest != in->digest) { assert(in->digest->ctx_size != 0); - tmp_buf = OPENSSL_malloc(in->digest->ctx_size); + tmp_buf = + reinterpret_cast(OPENSSL_malloc(in->digest->ctx_size)); if (tmp_buf == NULL) { if (pctx) { in->pctx_ops->free(pctx); @@ -163,7 +165,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) { // |md_data| will be the correct size in this case. It's removed from // |out| so that |EVP_MD_CTX_cleanup| doesn't free it, and then it's // reused. - tmp_buf = out->md_data; + tmp_buf = reinterpret_cast(out->md_data); out->md_data = NULL; } } @@ -207,7 +209,8 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) { int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *engine) { if (ctx->digest != type) { assert(type->ctx_size != 0); - uint8_t *md_data = OPENSSL_malloc(type->ctx_size); + uint8_t *md_data = + reinterpret_cast(OPENSSL_malloc(type->ctx_size)); if (md_data == NULL) { return 0; } @@ -283,6 +286,4 @@ int EVP_MD_CTX_type(const EVP_MD_CTX *ctx) { return EVP_MD_type(EVP_MD_CTX_md(ctx)); } -int EVP_add_digest(const EVP_MD *digest) { - return 1; -} +int EVP_add_digest(const EVP_MD *digest) { return 1; } diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/digest/digests.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/digest/digests.cc.inc similarity index 82% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/digest/digests.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/digest/digests.cc.inc index 8287d5e8..fb034bc2 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/digest/digests.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/digest/digests.cc.inc @@ -61,27 +61,28 @@ #include -#include "internal.h" -#include "../delocate.h" #include "../../internal.h" +#include "../bcm_interface.h" +#include "../delocate.h" +#include "internal.h" #if defined(NDEBUG) -#define CHECK(x) (void) (x) +#define CHECK(x) (void)(x) #else #define CHECK(x) assert(x) #endif static void sha1_init(EVP_MD_CTX *ctx) { - BCM_sha1_init(ctx->md_data); + BCM_sha1_init(reinterpret_cast(ctx->md_data)); } static void sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - BCM_sha1_update(ctx->md_data, data, count); + BCM_sha1_update(reinterpret_cast(ctx->md_data), data, count); } static void sha1_final(EVP_MD_CTX *ctx, uint8_t *md) { - BCM_sha1_final(md, ctx->md_data); + BCM_sha1_final(md, reinterpret_cast(ctx->md_data)); } DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha1) { @@ -97,15 +98,15 @@ DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha1) { static void sha224_init(EVP_MD_CTX *ctx) { - BCM_sha224_init(ctx->md_data); + BCM_sha224_init(reinterpret_cast(ctx->md_data)); } static void sha224_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - BCM_sha224_update(ctx->md_data, data, count); + BCM_sha224_update(reinterpret_cast(ctx->md_data), data, count); } static void sha224_final(EVP_MD_CTX *ctx, uint8_t *md) { - BCM_sha224_final(md, ctx->md_data); + BCM_sha224_final(md, reinterpret_cast(ctx->md_data)); } DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha224) { @@ -121,15 +122,15 @@ DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha224) { static void sha256_init(EVP_MD_CTX *ctx) { - BCM_sha256_init(ctx->md_data); + BCM_sha256_init(reinterpret_cast(ctx->md_data)); } static void sha256_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - BCM_sha256_update(ctx->md_data, data, count); + BCM_sha256_update(reinterpret_cast(ctx->md_data), data, count); } static void sha256_final(EVP_MD_CTX *ctx, uint8_t *md) { - BCM_sha256_final(md, ctx->md_data); + BCM_sha256_final(md, reinterpret_cast(ctx->md_data)); } DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha256) { @@ -145,15 +146,15 @@ DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha256) { static void sha384_init(EVP_MD_CTX *ctx) { - BCM_sha384_init(ctx->md_data); + BCM_sha384_init(reinterpret_cast(ctx->md_data)); } static void sha384_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - BCM_sha384_update(ctx->md_data, data, count); + BCM_sha384_update(reinterpret_cast(ctx->md_data), data, count); } static void sha384_final(EVP_MD_CTX *ctx, uint8_t *md) { - BCM_sha384_final(md, ctx->md_data); + BCM_sha384_final(md, reinterpret_cast(ctx->md_data)); } DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha384) { @@ -169,15 +170,15 @@ DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha384) { static void sha512_init(EVP_MD_CTX *ctx) { - BCM_sha512_init(ctx->md_data); + BCM_sha512_init(reinterpret_cast(ctx->md_data)); } static void sha512_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - BCM_sha512_update(ctx->md_data, data, count); + BCM_sha512_update(reinterpret_cast(ctx->md_data), data, count); } static void sha512_final(EVP_MD_CTX *ctx, uint8_t *md) { - BCM_sha512_final(md, ctx->md_data); + BCM_sha512_final(md, reinterpret_cast(ctx->md_data)); } DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha512) { @@ -193,15 +194,16 @@ DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha512) { static void sha512_256_init(EVP_MD_CTX *ctx) { - BCM_sha512_256_init(ctx->md_data); + BCM_sha512_256_init(reinterpret_cast(ctx->md_data)); } static void sha512_256_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - BCM_sha512_256_update(ctx->md_data, data, count); + BCM_sha512_256_update(reinterpret_cast(ctx->md_data), data, + count); } static void sha512_256_final(EVP_MD_CTX *ctx, uint8_t *md) { - BCM_sha512_256_final(md, ctx->md_data); + BCM_sha512_256_final(md, reinterpret_cast(ctx->md_data)); } DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha512_256) { diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/digestsign/digestsign.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/digestsign/digestsign.cc.inc similarity index 99% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/digestsign/digestsign.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/digestsign/digestsign.cc.inc index e2eef8a8..87f6ad20 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/digestsign/digestsign.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/digestsign/digestsign.cc.inc @@ -71,7 +71,7 @@ enum evp_sign_verify_t { DEFINE_LOCAL_DATA(struct evp_md_pctx_ops, md_pctx_ops) { out->free = EVP_PKEY_CTX_free; out->dup = EVP_PKEY_CTX_dup; -}; +} static int uses_prehash(EVP_MD_CTX *ctx, enum evp_sign_verify_t op) { return (op == evp_sign) ? (ctx->pctx->pmeth->sign != NULL) diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/ec.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/ec.cc.inc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/ec.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/ec.cc.inc index abd77e97..39fb7eb7 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/ec.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/ec.cc.inc @@ -75,10 +75,10 @@ #include #include -#include "internal.h" #include "../../internal.h" #include "../bn/internal.h" #include "../delocate.h" +#include "internal.h" #include "builtin_curves.h" @@ -245,12 +245,11 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, BIGNUM *a_reduced = BN_CTX_get(ctx); BIGNUM *b_reduced = BN_CTX_get(ctx); if (a_reduced == NULL || b_reduced == NULL || - !BN_nnmod(a_reduced, a, p, ctx) || - !BN_nnmod(b_reduced, b, p, ctx)) { + !BN_nnmod(a_reduced, a, p, ctx) || !BN_nnmod(b_reduced, b, p, ctx)) { goto err; } - ret = OPENSSL_zalloc(sizeof(EC_GROUP)); + ret = reinterpret_cast(OPENSSL_zalloc(sizeof(EC_GROUP))); if (ret == NULL) { return NULL; } @@ -301,8 +300,7 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, // the ECDSA implementation. int ret = 0; BIGNUM *tmp = BN_new(); - if (tmp == NULL || - !BN_lshift1(tmp, order)) { + if (tmp == NULL || !BN_lshift1(tmp, order)) { goto err; } if (BN_cmp(tmp, &group->field.N) <= 0) { @@ -470,7 +468,7 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) { return NULL; } - EC_POINT *ret = OPENSSL_malloc(sizeof *ret); + EC_POINT *ret = reinterpret_cast(OPENSSL_malloc(sizeof *ret)); if (ret == NULL) { return NULL; } @@ -514,8 +512,7 @@ EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) { } EC_POINT *ret = EC_POINT_new(group); - if (ret == NULL || - !EC_POINT_copy(ret, a)) { + if (ret == NULL || !EC_POINT_copy(ret, a)) { EC_POINT_free(ret); return NULL; } @@ -720,8 +717,7 @@ static int arbitrary_bignum_to_scalar(const EC_GROUP *group, EC_SCALAR *out, // This is an unusual input, so we do not guarantee constant-time processing. BN_CTX_start(ctx); BIGNUM *tmp = BN_CTX_get(ctx); - int ok = tmp != NULL && - BN_nnmod(tmp, in, EC_GROUP_get0_order(group), ctx) && + int ok = tmp != NULL && BN_nnmod(tmp, in, EC_GROUP_get0_order(group), ctx) && ec_bignum_to_scalar(group, out, tmp); BN_CTX_end(ctx); return ok; @@ -734,7 +730,7 @@ int ec_point_mul_no_self_test(const EC_GROUP *group, EC_POINT *r, // nothing to multiply. But, nobody should be calling this function with // nothing to multiply in the first place. if ((g_scalar == NULL && p_scalar == NULL) || - (p == NULL) != (p_scalar == NULL)) { + (p == NULL) != (p_scalar == NULL)) { OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); return 0; } @@ -874,8 +870,7 @@ int ec_point_mul_scalar_base(const EC_GROUP *group, EC_JACOBIAN *r, int ec_point_mul_scalar_batch(const EC_GROUP *group, EC_JACOBIAN *r, const EC_JACOBIAN *p0, const EC_SCALAR *scalar0, const EC_JACOBIAN *p1, const EC_SCALAR *scalar1, - const EC_JACOBIAN *p2, - const EC_SCALAR *scalar2) { + const EC_JACOBIAN *p2, const EC_SCALAR *scalar2) { if (group->meth->mul_batch == NULL) { OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -926,7 +921,7 @@ int ec_point_mul_scalar_precomp(const EC_GROUP *group, EC_JACOBIAN *r, } void ec_point_select(const EC_GROUP *group, EC_JACOBIAN *out, BN_ULONG mask, - const EC_JACOBIAN *a, const EC_JACOBIAN *b) { + const EC_JACOBIAN *a, const EC_JACOBIAN *b) { ec_felem_select(group, &out->X, mask, &a->X, &b->X); ec_felem_select(group, &out->Y, mask, &a->Y, &b->Y); ec_felem_select(group, &out->Z, mask, &a->Z, &b->Z); diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/ec_key.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/ec_key.cc.inc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/ec_key.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/ec_key.cc.inc index 047e154c..7d9a0394 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/ec_key.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/ec_key.cc.inc @@ -77,17 +77,19 @@ #include #include -#include "internal.h" +#include "../../internal.h" +#include "../bcm_interface.h" #include "../delocate.h" #include "../ecdsa/internal.h" #include "../service_indicator/internal.h" -#include "../../internal.h" +#include "internal.h" DEFINE_STATIC_EX_DATA_CLASS(g_ec_ex_data_class) static EC_WRAPPED_SCALAR *ec_wrapped_scalar_new(const EC_GROUP *group) { - EC_WRAPPED_SCALAR *wrapped = OPENSSL_zalloc(sizeof(EC_WRAPPED_SCALAR)); + EC_WRAPPED_SCALAR *wrapped = reinterpret_cast( + OPENSSL_zalloc(sizeof(EC_WRAPPED_SCALAR))); if (wrapped == NULL) { return NULL; } @@ -106,7 +108,7 @@ static void ec_wrapped_scalar_free(EC_WRAPPED_SCALAR *scalar) { EC_KEY *EC_KEY_new(void) { return EC_KEY_new_method(NULL); } EC_KEY *EC_KEY_new_method(const ENGINE *engine) { - EC_KEY *ret = OPENSSL_zalloc(sizeof(EC_KEY)); + EC_KEY *ret = reinterpret_cast(OPENSSL_zalloc(sizeof(EC_KEY))); if (ret == NULL) { return NULL; } @@ -184,10 +186,8 @@ EC_KEY *EC_KEY_dup(const EC_KEY *src) { return NULL; } - if ((src->group != NULL && - !EC_KEY_set_group(ret, src->group)) || - (src->pub_key != NULL && - !EC_KEY_set_public_key(ret, src->pub_key)) || + if ((src->group != NULL && !EC_KEY_set_group(ret, src->group)) || + (src->pub_key != NULL && !EC_KEY_set_public_key(ret, src->pub_key)) || (src->priv_key != NULL && !EC_KEY_set_private_key(ret, EC_KEY_get0_private_key(src)))) { EC_KEY_free(ret); @@ -385,8 +385,7 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, const BIGNUM *x, point = EC_POINT_new(key->group); if (point == NULL || !EC_POINT_set_affine_coordinates_GFp(key->group, point, x, y, NULL) || - !EC_KEY_set_public_key(key, point) || - !EC_KEY_check_key(key)) { + !EC_KEY_set_public_key(key, point) || !EC_KEY_check_key(key)) { goto err; } @@ -468,7 +467,7 @@ size_t EC_KEY_priv2buf(const EC_KEY *key, uint8_t **out_buf) { return 0; } - uint8_t *buf = OPENSSL_malloc(len); + uint8_t *buf = reinterpret_cast(OPENSSL_malloc(len)); if (buf == NULL) { return 0; } @@ -546,7 +545,7 @@ int EC_KEY_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused, CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) { return CRYPTO_get_ex_new_index_ex(g_ec_ex_data_class_bss_get(), argl, argp, - free_func); + free_func); } int EC_KEY_set_ex_data(EC_KEY *d, int idx, void *arg) { diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/ec_montgomery.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/ec_montgomery.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/ec_montgomery.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/ec_montgomery.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/felem.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/felem.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/felem.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/felem.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/oct.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/oct.cc.inc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/oct.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/oct.cc.inc index 425cf4f1..73cebec4 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/oct.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/oct.cc.inc @@ -141,8 +141,8 @@ static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, return 0; } - point_conversion_form_t form = buf[0]; - if (form == POINT_CONVERSION_UNCOMPRESSED) { + uint8_t form = buf[0]; + if (form == static_cast(POINT_CONVERSION_UNCOMPRESSED)) { EC_AFFINE affine; if (!ec_point_from_uncompressed(group, &affine, buf, len)) { // In the event of an error, defend against the caller not checking the @@ -157,7 +157,7 @@ static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, const int y_bit = form & 1; const size_t field_len = BN_num_bytes(&group->field.N); form = form & ~1u; - if (form != POINT_CONVERSION_COMPRESSED || + if (form != static_cast(POINT_CONVERSION_COMPRESSED) || len != 1 /* type byte */ + field_len) { OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING); return 0; @@ -239,7 +239,7 @@ size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, if (len == 0) { return 0; } - uint8_t *buf = OPENSSL_malloc(len); + uint8_t *buf = reinterpret_cast(OPENSSL_malloc(len)); if (buf == NULL) { return 0; } @@ -286,8 +286,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, BIGNUM *a = BN_CTX_get(ctx); BIGNUM *b = BN_CTX_get(ctx); BIGNUM *y = BN_CTX_get(ctx); - if (y == NULL || - !EC_GROUP_get_curve_GFp(group, NULL, a, b, ctx)) { + if (y == NULL || !EC_GROUP_get_curve_GFp(group, NULL, a, b, ctx)) { goto err; } diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p224-64.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p224-64.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p224-64.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p224-64.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p256-nistz-table.h b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p256-nistz-table.h index b81480bd..f2c8a489 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p256-nistz-table.h +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p256-nistz-table.h @@ -22,7 +22,7 @@ // This file is generated by make_tables.go. -static const alignas(4096) PRECOMP256_ROW ecp_nistz256_precomputed[37] = { +static const PRECOMP256_ROW ecp_nistz256_precomputed alignas(4096)[37] = { {{{TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601), TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6)}, {TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c), diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p256-nistz.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p256-nistz.cc.inc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p256-nistz.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p256-nistz.cc.inc index 00d65264..c8514492 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p256-nistz.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p256-nistz.cc.inc @@ -26,22 +26,24 @@ #include #include +#include "../../internal.h" #include "../bn/internal.h" #include "../delocate.h" -#include "../../internal.h" #include "internal.h" #include "p256-nistz.h" -#if !defined(OPENSSL_NO_ASM) && \ - (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) && \ +#if !defined(OPENSSL_NO_ASM) && \ + (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) && \ !defined(OPENSSL_SMALL) typedef P256_POINT_AFFINE PRECOMP256_ROW[64]; // One converted into the Montgomery domain static const BN_ULONG ONE_MONT[P256_LIMBS] = { - TOBN(0x00000000, 0x00000001), TOBN(0xffffffff, 0x00000000), - TOBN(0xffffffff, 0xffffffff), TOBN(0x00000000, 0xfffffffe), + TOBN(0x00000000, 0x00000001), + TOBN(0xffffffff, 0x00000000), + TOBN(0xffffffff, 0xffffffff), + TOBN(0x00000000, 0xfffffffe), }; // Precomputed tables for the default generator @@ -104,11 +106,11 @@ static void copy_conditional(BN_ULONG dst[P256_LIMBS], // // (declare-fun x () (_ BitVec 64)) // -// (assert (and (= x #x0000000000000000) (= (is_not_zero x) #x0000000000000001))) -// (check-sat) +// (assert (and (= x #x0000000000000000) (= (is_not_zero x) +// #x0000000000000001))) (check-sat) // -// (assert (and (not (= x #x0000000000000000)) (= (is_not_zero x) #x0000000000000000))) -// (check-sat) +// (assert (and (not (= x #x0000000000000000)) (= (is_not_zero x) +// #x0000000000000000))) (check-sat) // static BN_ULONG is_not_zero(BN_ULONG in) { in |= (0 - in); @@ -651,8 +653,8 @@ static void ecp_nistz256_inv0_mod_ord(const EC_GROUP *group, EC_SCALAR *out, } static int ecp_nistz256_scalar_to_montgomery_inv_vartime(const EC_GROUP *group, - EC_SCALAR *out, - const EC_SCALAR *in) { + EC_SCALAR *out, + const EC_SCALAR *in) { #if defined(OPENSSL_X86_64) if (!CRYPTO_is_AVX_capable()) { // No AVX support; fallback to generic code. @@ -729,6 +731,6 @@ DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistz256_method) { out->cmp_x_coordinate = ecp_nistz256_cmp_x_coordinate; } -#endif /* !defined(OPENSSL_NO_ASM) && \ - (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) && \ +#endif /* !defined(OPENSSL_NO_ASM) && \ + (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) && \ !defined(OPENSSL_SMALL) */ diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p256.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p256.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p256.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/p256.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/scalar.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/scalar.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/scalar.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/scalar.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/simple.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/simple.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/simple.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/simple.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/simple_mul.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/simple_mul.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/simple_mul.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/simple_mul.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/util.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/util.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/util.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/util.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/wnaf.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/wnaf.cc.inc similarity index 92% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/wnaf.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/wnaf.cc.inc index af572502..c37f14b4 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/wnaf.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ec/wnaf.cc.inc @@ -75,9 +75,9 @@ #include #include -#include "internal.h" -#include "../bn/internal.h" #include "../../internal.h" +#include "../bn/internal.h" +#include "internal.h" // This file implements the wNAF-based interleaving multi-exponentiation method @@ -186,22 +186,34 @@ int ec_GFp_mont_mul_public_batch(const EC_GROUP *group, EC_JACOBIAN *r, size_t bits = EC_GROUP_order_bits(group); size_t wNAF_len = bits + 1; - int ret = 0; + // Stack-allocated space, which will be used if the task is small enough. int8_t wNAF_stack[EC_WNAF_STACK][EC_MAX_BYTES * 8 + 1]; - int8_t (*wNAF_alloc)[EC_MAX_BYTES * 8 + 1] = NULL; - int8_t (*wNAF)[EC_MAX_BYTES * 8 + 1]; EC_JACOBIAN precomp_stack[EC_WNAF_STACK][EC_WNAF_TABLE_SIZE]; - EC_JACOBIAN (*precomp_alloc)[EC_WNAF_TABLE_SIZE] = NULL; - EC_JACOBIAN (*precomp)[EC_WNAF_TABLE_SIZE]; + + // Allocated pointers, which will remain NULL unless needed. + EC_JACOBIAN(*precomp_alloc)[EC_WNAF_TABLE_SIZE] = NULL; + int8_t(*wNAF_alloc)[EC_MAX_BYTES * 8 + 1] = NULL; + + // These fields point either to the stack or heap buffers of the same name. + int8_t(*wNAF)[EC_MAX_BYTES * 8 + 1]; + EC_JACOBIAN(*precomp)[EC_WNAF_TABLE_SIZE]; + if (num <= EC_WNAF_STACK) { wNAF = wNAF_stack; precomp = precomp_stack; } else { - wNAF_alloc = OPENSSL_calloc(num, sizeof(wNAF_alloc[0])); - precomp_alloc = OPENSSL_calloc(num, sizeof(precomp_alloc[0])); - if (wNAF_alloc == NULL || precomp_alloc == NULL) { - goto err; + wNAF_alloc = reinterpret_cast( + OPENSSL_calloc(num, sizeof(wNAF_alloc[0]))); + if (wNAF_alloc == NULL) { + return 0; + } + precomp_alloc = reinterpret_cast( + OPENSSL_calloc(num, sizeof(precomp_alloc[0]))); + if (precomp_alloc == NULL) { + OPENSSL_free(wNAF_alloc); + return 0; } + wNAF = wNAF_alloc; precomp = precomp_alloc; } @@ -255,10 +267,7 @@ int ec_GFp_mont_mul_public_batch(const EC_GROUP *group, EC_JACOBIAN *r, ec_GFp_simple_point_set_to_infinity(group, r); } - ret = 1; - -err: OPENSSL_free(wNAF_alloc); OPENSSL_free(precomp_alloc); - return ret; + return 1; } diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ecdh/ecdh.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ecdh/ecdh.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/ecdh/ecdh.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/ecdh/ecdh.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/ecdsa/ecdsa.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/ecdsa/ecdsa.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/ecdsa/ecdsa.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/ecdsa/ecdsa.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/fips_shared_support.c b/Sources/CCryptoBoringSSL/crypto/fipsmodule/fips_shared_support.cc similarity index 93% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/fips_shared_support.c rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/fips_shared_support.cc index 74b35f01..01de6a13 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/fips_shared_support.c +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/fips_shared_support.cc @@ -20,8 +20,7 @@ // that must be replaced with the real value during the build process. This // value need only be distinct, i.e. so that we can safely search-and-replace it // in an object file. -const uint8_t BORINGSSL_bcm_text_hash[32]; -const uint8_t BORINGSSL_bcm_text_hash[32] = { +extern const uint8_t BORINGSSL_bcm_text_hash[32] = { 0xae, 0x2c, 0xea, 0x2a, 0xbd, 0xa6, 0xf3, 0xec, 0x97, 0x7f, 0x9b, 0xf6, 0x94, 0x9a, 0xfc, 0x83, 0x68, 0x27, 0xcb, 0xa0, 0xa0, 0x9f, 0x6b, 0x6f, 0xde, 0x52, 0xcd, 0xe2, 0xcd, 0xff, 0x31, 0x80, diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/hkdf/hkdf.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/hkdf/hkdf.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/hkdf/hkdf.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/hkdf/hkdf.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/hmac/hmac.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/hmac/hmac.cc.inc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/hmac/hmac.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/hmac/hmac.cc.inc index 91542a44..4b92b097 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/hmac/hmac.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/hmac/hmac.cc.inc @@ -98,7 +98,8 @@ void HMAC_CTX_init(HMAC_CTX *ctx) { } HMAC_CTX *HMAC_CTX_new(void) { - HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX)); + HMAC_CTX *ctx = + reinterpret_cast(OPENSSL_malloc(sizeof(HMAC_CTX))); if (ctx != NULL) { HMAC_CTX_init(ctx); } @@ -215,7 +216,7 @@ int HMAC_Final(HMAC_CTX *ctx, uint8_t *out, unsigned int *out_len) { ret = 1; - out: +out: FIPS_service_indicator_unlock_state(); if (ret) { HMAC_verify_service_indicator(ctx->md); diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/cbc.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/cbc.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/cbc.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/cbc.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/cfb.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/cfb.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/cfb.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/cfb.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/ctr.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/ctr.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/ctr.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/ctr.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/gcm.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/gcm.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/gcm.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/gcm.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/gcm_nohw.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/gcm_nohw.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/gcm_nohw.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/gcm_nohw.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/ofb.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/ofb.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/ofb.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/ofb.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/polyval.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/polyval.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/polyval.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/polyval.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/ctrdrbg.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/ctrdrbg.cc.inc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/ctrdrbg.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/ctrdrbg.cc.inc index 66a3ce3b..001993de 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/ctrdrbg.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/ctrdrbg.cc.inc @@ -18,9 +18,9 @@ #include -#include "internal.h" #include "../cipher/internal.h" #include "../service_indicator/internal.h" +#include "internal.h" // Section references in this file refer to SP 800-90Ar1: @@ -32,7 +32,8 @@ static const uint64_t kMaxReseedCount = UINT64_C(1) << 48; CTR_DRBG_STATE *CTR_DRBG_new(const uint8_t entropy[CTR_DRBG_ENTROPY_LEN], const uint8_t *personalization, size_t personalization_len) { - CTR_DRBG_STATE *drbg = OPENSSL_malloc(sizeof(CTR_DRBG_STATE)); + CTR_DRBG_STATE *drbg = reinterpret_cast( + OPENSSL_malloc(sizeof(CTR_DRBG_STATE))); if (drbg == NULL || !CTR_DRBG_init(drbg, entropy, personalization, personalization_len)) { CTR_DRBG_free(drbg); @@ -177,7 +178,7 @@ int CTR_DRBG_generate(CTR_DRBG_STATE *drbg, uint8_t *out, size_t out_len, todo = out_len; } - todo &= ~(AES_BLOCK_SIZE-1); + todo &= ~(AES_BLOCK_SIZE - 1); const size_t num_blocks = todo / AES_BLOCK_SIZE; if (drbg->ctr) { diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/rand.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/rand.cc.inc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/rand.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/rand.cc.inc index ea223b02..e8a42198 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/rand.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/rand.cc.inc @@ -85,8 +85,8 @@ struct rand_thread_state { // objects in the process, one per thread. This is needed because FIPS requires // that they be zeroed on process exit, but thread-local destructors aren't // called when the whole process is exiting. -DEFINE_BSS_GET(struct rand_thread_state *, thread_states_list); -DEFINE_STATIC_MUTEX(thread_states_list_lock); +DEFINE_BSS_GET(struct rand_thread_state *, thread_states_list, nullptr) +DEFINE_STATIC_MUTEX(thread_states_list_lock) static void rand_thread_state_clear_all(void) __attribute__((destructor)); static void rand_thread_state_clear_all(void) { @@ -106,7 +106,8 @@ static void rand_thread_state_clear_all(void) { // rand_thread_state_free frees a |rand_thread_state|. This is called when a // thread exits. static void rand_thread_state_free(void *state_in) { - struct rand_thread_state *state = state_in; + struct rand_thread_state *state = + reinterpret_cast(state_in); if (state_in == NULL) { return; @@ -195,8 +196,8 @@ struct entropy_buffer { int want_additional_input; }; -DEFINE_BSS_GET(struct entropy_buffer, entropy_buffer); -DEFINE_STATIC_MUTEX(entropy_buffer_lock); +DEFINE_BSS_GET(struct entropy_buffer, entropy_buffer, {}) +DEFINE_STATIC_MUTEX(entropy_buffer_lock) bcm_infallible BCM_rand_load_entropy(const uint8_t *entropy, size_t entropy_len, int want_additional_input) { @@ -366,11 +367,12 @@ bcm_infallible BCM_rand_bytes_with_additional_data( } struct rand_thread_state stack_state; - struct rand_thread_state *state = - CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_RAND); + struct rand_thread_state *state = reinterpret_cast( + CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_RAND)); if (state == NULL) { - state = OPENSSL_zalloc(sizeof(struct rand_thread_state)); + state = reinterpret_cast( + OPENSSL_zalloc(sizeof(struct rand_thread_state))); if (state == NULL || !CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_RAND, state, rand_thread_state_free)) { diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/blinding.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/blinding.cc.inc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/blinding.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/blinding.cc.inc index adfba401..80fa46fc 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/blinding.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/blinding.cc.inc @@ -111,17 +111,17 @@ #include #include -#include #include +#include -#include "internal.h" #include "../../internal.h" +#include "internal.h" #define BN_BLINDING_COUNTER 32 struct bn_blinding_st { - BIGNUM *A; // The base blinding factor, Montgomery-encoded. + BIGNUM *A; // The base blinding factor, Montgomery-encoded. BIGNUM *Ai; // The inverse of the blinding factor, Montgomery-encoded. unsigned counter; }; @@ -130,7 +130,8 @@ static int bn_blinding_create_param(BN_BLINDING *b, const BIGNUM *e, const BN_MONT_CTX *mont, BN_CTX *ctx); BN_BLINDING *BN_BLINDING_new(void) { - BN_BLINDING *ret = OPENSSL_zalloc(sizeof(BN_BLINDING)); + BN_BLINDING *ret = + reinterpret_cast(OPENSSL_zalloc(sizeof(BN_BLINDING))); if (ret == NULL) { return NULL; } diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/padding.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/padding.cc.inc similarity index 94% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/padding.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/padding.cc.inc index 1db38910..ce9b2862 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/padding.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/padding.cc.inc @@ -64,10 +64,10 @@ #include #include -#include "internal.h" -#include "../service_indicator/internal.h" -#include "../bcm_interface.h" #include "../../internal.h" +#include "../bcm_interface.h" +#include "../service_indicator/internal.h" +#include "internal.h" int RSA_padding_add_PKCS1_type_1(uint8_t *to, size_t to_len, @@ -215,8 +215,11 @@ int RSA_verify_PKCS1_PSS_mgf1(const RSA *rsa, const uint8_t *mHash, int ret = 0; uint8_t *DB = NULL; + const uint8_t *H; EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); + unsigned MSBits; + size_t emLen, maskedDBLen, salt_start; FIPS_service_indicator_lock_state(); // Negative sLen has special meanings: @@ -233,8 +236,8 @@ int RSA_verify_PKCS1_PSS_mgf1(const RSA *rsa, const uint8_t *mHash, goto err; } - unsigned MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; - size_t emLen = RSA_size(rsa); + MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; + emLen = RSA_size(rsa); if (EM[0] & (0xFF << MSBits)) { OPENSSL_PUT_ERROR(RSA, RSA_R_FIRST_OCTET_INVALID); goto err; @@ -244,8 +247,7 @@ int RSA_verify_PKCS1_PSS_mgf1(const RSA *rsa, const uint8_t *mHash, emLen--; } // |sLen| may be -2 for the non-standard salt length recovery mode. - if (emLen < hLen + 2 || - (sLen >= 0 && emLen < hLen + (size_t)sLen + 2)) { + if (emLen < hLen + 2 || (sLen >= 0 && emLen < hLen + (size_t)sLen + 2)) { OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE); goto err; } @@ -253,9 +255,9 @@ int RSA_verify_PKCS1_PSS_mgf1(const RSA *rsa, const uint8_t *mHash, OPENSSL_PUT_ERROR(RSA, RSA_R_LAST_OCTET_INVALID); goto err; } - size_t maskedDBLen = emLen - hLen - 1; - const uint8_t *H = EM + maskedDBLen; - DB = OPENSSL_malloc(maskedDBLen); + maskedDBLen = emLen - hLen - 1; + H = EM + maskedDBLen; + DB = reinterpret_cast(OPENSSL_malloc(maskedDBLen)); if (!DB) { goto err; } @@ -271,7 +273,6 @@ int RSA_verify_PKCS1_PSS_mgf1(const RSA *rsa, const uint8_t *mHash, // This step differs slightly from EMSA-PSS-VERIFY (RFC 8017) step 10 because // it accepts a non-standard salt recovery flow. DB should be some number of // zeros, a one, then the salt. - size_t salt_start; for (salt_start = 0; DB[salt_start] == 0 && salt_start < maskedDBLen - 1; salt_start++) { ; @@ -312,7 +313,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(const RSA *rsa, unsigned char *EM, const unsigned char *mHash, const EVP_MD *Hash, const EVP_MD *mgf1Hash, int sLenRequested) { - int ret = 0; + int ret = 0, digest_ok; size_t maskedDBLen, MSBits, emLen; size_t hLen; unsigned char *H, *salt = NULL, *p; @@ -364,7 +365,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(const RSA *rsa, unsigned char *EM, } if (sLen > 0) { - salt = OPENSSL_malloc(sLen); + salt = reinterpret_cast(OPENSSL_malloc(sLen)); if (!salt) { goto err; } @@ -375,11 +376,11 @@ int RSA_padding_add_PKCS1_PSS_mgf1(const RSA *rsa, unsigned char *EM, EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); - int digest_ok = EVP_DigestInit_ex(&ctx, Hash, NULL) && - EVP_DigestUpdate(&ctx, kPSSZeroes, sizeof(kPSSZeroes)) && - EVP_DigestUpdate(&ctx, mHash, hLen) && - EVP_DigestUpdate(&ctx, salt, sLen) && - EVP_DigestFinal_ex(&ctx, H, NULL); + digest_ok = EVP_DigestInit_ex(&ctx, Hash, NULL) && + EVP_DigestUpdate(&ctx, kPSSZeroes, sizeof(kPSSZeroes)) && + EVP_DigestUpdate(&ctx, mHash, hLen) && + EVP_DigestUpdate(&ctx, salt, sLen) && + EVP_DigestFinal_ex(&ctx, H, NULL); EVP_MD_CTX_cleanup(&ctx); if (!digest_ok) { goto err; diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa.cc.inc similarity index 88% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa.cc.inc index 8cd87d1c..7de94300 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa.cc.inc @@ -70,9 +70,10 @@ #include #include +#include "../../internal.h" +#include "../bcm_interface.h" #include "../bn/internal.h" #include "../delocate.h" -#include "../../internal.h" #include "internal.h" @@ -205,7 +206,7 @@ RSA *RSA_new_private_key_large_e(const BIGNUM *n, const BIGNUM *e, RSA *RSA_new(void) { return RSA_new_method(NULL); } RSA *RSA_new_method(const ENGINE *engine) { - RSA *rsa = OPENSSL_zalloc(sizeof(RSA)); + RSA *rsa = reinterpret_cast(OPENSSL_zalloc(sizeof(RSA))); if (rsa == NULL) { return NULL; } @@ -215,7 +216,7 @@ RSA *RSA_new_method(const ENGINE *engine) { } if (rsa->meth == NULL) { - rsa->meth = (RSA_METHOD *) RSA_default_method(); + rsa->meth = (RSA_METHOD *)RSA_default_method(); } METHOD_ref(rsa->meth); @@ -237,8 +238,7 @@ RSA *RSA_new_method(const ENGINE *engine) { RSA *RSA_new_method_no_e(const ENGINE *engine, const BIGNUM *n) { RSA *rsa = RSA_new_method(engine); - if (rsa == NULL || - !bn_dup_into(&rsa->n, n)) { + if (rsa == NULL || !bn_dup_into(&rsa->n, n)) { RSA_free(rsa); return NULL; } @@ -341,8 +341,7 @@ void RSA_get0_crt_params(const RSA *rsa, const BIGNUM **out_dmp1, } int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d) { - if ((rsa->n == NULL && n == NULL) || - (rsa->e == NULL && e == NULL)) { + if ((rsa->n == NULL && n == NULL) || (rsa->e == NULL && e == NULL)) { return 0; } @@ -364,8 +363,7 @@ int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d) { } int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q) { - if ((rsa->p == NULL && p == NULL) || - (rsa->q == NULL && q == NULL)) { + if ((rsa->p == NULL && p == NULL) || (rsa->q == NULL && q == NULL)) { return 0; } @@ -439,7 +437,7 @@ int RSA_is_opaque(const RSA *rsa) { int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused, CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) { return CRYPTO_get_ex_new_index_ex(g_rsa_ex_data_class_bss_get(), argl, argp, - free_func); + free_func); } int RSA_set_ex_data(RSA *rsa, int idx, void *arg) { @@ -471,49 +469,52 @@ struct pkcs1_sig_prefix { // different hash functions. static const struct pkcs1_sig_prefix kPKCS1SigPrefixes[] = { { - NID_md5, - MD5_DIGEST_LENGTH, - 18, - {0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x02, 0x05, 0x05, 0x00, 0x04, 0x10}, + NID_md5, + MD5_DIGEST_LENGTH, + 18, + {0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x02, 0x05, 0x05, 0x00, 0x04, 0x10}, }, { - NID_sha1, - BCM_SHA_DIGEST_LENGTH, - 15, - {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, - 0x00, 0x04, 0x14}, + NID_sha1, + BCM_SHA_DIGEST_LENGTH, + 15, + {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, + 0x00, 0x04, 0x14}, }, { - NID_sha224, - BCM_SHA224_DIGEST_LENGTH, - 19, - {0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, - 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c}, + NID_sha224, + BCM_SHA224_DIGEST_LENGTH, + 19, + {0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c}, }, { - NID_sha256, - BCM_SHA256_DIGEST_LENGTH, - 19, - {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, - 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20}, + NID_sha256, + BCM_SHA256_DIGEST_LENGTH, + 19, + {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20}, }, { - NID_sha384, - BCM_SHA384_DIGEST_LENGTH, - 19, - {0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, - 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30}, + NID_sha384, + BCM_SHA384_DIGEST_LENGTH, + 19, + {0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30}, }, { - NID_sha512, - BCM_SHA512_DIGEST_LENGTH, - 19, - {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, - 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40}, + NID_sha512, + BCM_SHA512_DIGEST_LENGTH, + 19, + {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40}, }, { - NID_undef, 0, 0, {0}, + NID_undef, + 0, + 0, + {0}, }, }; @@ -539,7 +540,6 @@ static int rsa_check_digest_size(int hash_nid, size_t digest_len) { OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_ALGORITHM_TYPE); return 0; - } int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len, @@ -566,7 +566,7 @@ int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len, // The length should already have been checked. assert(digest_len == sig_prefix->hash_len); - const uint8_t* prefix = sig_prefix->bytes; + const uint8_t *prefix = sig_prefix->bytes; size_t prefix_len = sig_prefix->len; size_t signed_msg_len = prefix_len + digest_len; if (signed_msg_len < prefix_len) { @@ -574,7 +574,8 @@ int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len, return 0; } - uint8_t *signed_msg = OPENSSL_malloc(signed_msg_len); + uint8_t *signed_msg = + reinterpret_cast(OPENSSL_malloc(signed_msg_len)); if (!signed_msg) { return 0; } @@ -653,7 +654,7 @@ int RSA_sign_pss_mgf1(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, } size_t padded_len = RSA_size(rsa); - uint8_t *padded = OPENSSL_malloc(padded_len); + uint8_t *padded = reinterpret_cast(OPENSSL_malloc(padded_len)); if (padded == NULL) { return 0; } @@ -686,7 +687,7 @@ int rsa_verify_no_self_test(int hash_nid, const uint8_t *digest, return 0; } - buf = OPENSSL_malloc(rsa_size); + buf = reinterpret_cast(OPENSSL_malloc(rsa_size)); if (!buf) { return 0; } @@ -732,7 +733,7 @@ int RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *digest, size_t digest_len, } size_t em_len = RSA_size(rsa); - uint8_t *em = OPENSSL_malloc(em_len); + uint8_t *em = reinterpret_cast(OPENSSL_malloc(em_len)); if (em == NULL) { return 0; } @@ -768,8 +769,7 @@ static int check_mod_inverse(int *out_ok, const BIGNUM *a, const BIGNUM *ainv, // were checked by the caller. BN_CTX_start(ctx); BIGNUM *tmp = BN_CTX_get(ctx); - int ret = tmp != NULL && - bn_mul_consttime(tmp, a, ainv, ctx) && + int ret = tmp != NULL && bn_mul_consttime(tmp, a, ainv, ctx) && bn_div_consttime(NULL, tmp, tmp, m, m_min_bits, ctx); if (ret) { *out_ok = constant_time_declassify_int(BN_is_one(tmp)); @@ -819,7 +819,8 @@ int RSA_check_key(const RSA *key) { } BIGNUM tmp, de, pm1, qm1, dmp1, dmq1; - int ok = 0; + int ok = 0, has_crt_values; + unsigned pm1_bits, qm1_bits; BN_init(&tmp); BN_init(&de); BN_init(&pm1); @@ -856,8 +857,8 @@ int RSA_check_key(const RSA *key) { OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN); goto out; } - const unsigned pm1_bits = BN_num_bits(&pm1); - const unsigned qm1_bits = BN_num_bits(&qm1); + pm1_bits = BN_num_bits(&pm1); + qm1_bits = BN_num_bits(&qm1); if (!bn_mul_consttime(&de, key->d, key->e, ctx) || !bn_div_consttime(NULL, &tmp, &de, &pm1, pm1_bits, ctx) || !bn_div_consttime(NULL, &de, &de, &qm1, qm1_bits, ctx)) { @@ -871,7 +872,7 @@ int RSA_check_key(const RSA *key) { goto out; } - int has_crt_values = key->dmp1 != NULL; + has_crt_values = key->dmp1 != NULL; if (has_crt_values != (key->dmq1 != NULL) || has_crt_values != (key->iqmp != NULL)) { OPENSSL_PUT_ERROR(RSA, RSA_R_INCONSISTENT_SET_OF_CRT_VALUES); @@ -912,20 +913,26 @@ out: // This is the product of the 132 smallest odd primes, from 3 to 751. -static const BN_ULONG kSmallFactorsLimbs[] = { - TOBN(0xc4309333, 0x3ef4e3e1), TOBN(0x71161eb6, 0xcd2d655f), - TOBN(0x95e2238c, 0x0bf94862), TOBN(0x3eb233d3, 0x24f7912b), - TOBN(0x6b55514b, 0xbf26c483), TOBN(0x0a84d817, 0x5a144871), - TOBN(0x77d12fee, 0x9b82210a), TOBN(0xdb5b93c2, 0x97f050b3), - TOBN(0x4acad6b9, 0x4d6c026b), TOBN(0xeb7751f3, 0x54aec893), - TOBN(0xdba53368, 0x36bc85c4), TOBN(0xd85a1b28, 0x7f5ec78e), - TOBN(0x2eb072d8, 0x6b322244), TOBN(0xbba51112, 0x5e2b3aea), - TOBN(0x36ed1a6c, 0x0e2486bf), TOBN(0x5f270460, 0xec0c5727), - 0x000017b1 -}; +static const BN_ULONG kSmallFactorsLimbs[] = {TOBN(0xc4309333, 0x3ef4e3e1), + TOBN(0x71161eb6, 0xcd2d655f), + TOBN(0x95e2238c, 0x0bf94862), + TOBN(0x3eb233d3, 0x24f7912b), + TOBN(0x6b55514b, 0xbf26c483), + TOBN(0x0a84d817, 0x5a144871), + TOBN(0x77d12fee, 0x9b82210a), + TOBN(0xdb5b93c2, 0x97f050b3), + TOBN(0x4acad6b9, 0x4d6c026b), + TOBN(0xeb7751f3, 0x54aec893), + TOBN(0xdba53368, 0x36bc85c4), + TOBN(0xd85a1b28, 0x7f5ec78e), + TOBN(0x2eb072d8, 0x6b322244), + TOBN(0xbba51112, 0x5e2b3aea), + TOBN(0x36ed1a6c, 0x0e2486bf), + TOBN(0x5f270460, 0xec0c5727), + 0x000017b1}; DEFINE_LOCAL_DATA(BIGNUM, g_small_factors) { - out->d = (BN_ULONG *) kSmallFactorsLimbs; + out->d = (BN_ULONG *)kSmallFactorsLimbs; out->width = OPENSSL_ARRAY_SIZE(kSmallFactorsLimbs); out->dmax = out->width; out->neg = 0; @@ -960,9 +967,9 @@ int RSA_check_fips(RSA *key) { // composite, so too few iterations will cause us to reject the key, not use // an implausible one. enum bn_primality_result_t primality_result; - if (BN_num_bits(key->e) <= 16 || - BN_num_bits(key->e) > 256 || - !BN_is_odd(key->n) || + if (BN_num_bits(key->e) <= 16 || // + BN_num_bits(key->e) > 256 || // + !BN_is_odd(key->n) || // !BN_is_odd(key->e) || !BN_gcd(&small_gcd, key->n, g_small_factors(), ctx) || !BN_is_one(&small_gcd) || @@ -989,7 +996,7 @@ int RSA_check_fips(RSA *key) { // perform a signing test. uint8_t data[32] = {0}; unsigned sig_len = RSA_size(key); - uint8_t *sig = OPENSSL_malloc(sig_len); + uint8_t *sig = reinterpret_cast(OPENSSL_malloc(sig_len)); if (sig == NULL) { return 0; } @@ -1032,6 +1039,4 @@ int RSA_flags(const RSA *rsa) { return rsa->flags; } int RSA_test_flags(const RSA *rsa, int flags) { return rsa->flags & flags; } -int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) { - return 1; -} +int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) { return 1; } diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa_impl.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa_impl.cc.inc similarity index 95% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa_impl.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa_impl.cc.inc index a2f04998..c0e822cc 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa_impl.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa_impl.cc.inc @@ -147,8 +147,7 @@ static int ensure_fixed_copy(BIGNUM **out, const BIGNUM *in, int width) { return 1; } BIGNUM *copy = BN_dup(in); - if (copy == NULL || - !bn_resize_words(copy, width)) { + if (copy == NULL || !bn_resize_words(copy, width)) { BN_free(copy); return 0; } @@ -171,6 +170,7 @@ static int freeze_private_key(RSA *rsa, BN_CTX *ctx) { } int ret = 0; + const BIGNUM *n_fixed; CRYPTO_MUTEX_lock_write(&rsa->lock); if (rsa->private_key_frozen) { ret = 1; @@ -194,7 +194,7 @@ static int freeze_private_key(RSA *rsa, BN_CTX *ctx) { goto err; } } - const BIGNUM *n_fixed = &rsa->mont_n->N; + n_fixed = &rsa->mont_n->N; // The only public upper-bound of |rsa->d| is the bit length of |rsa->n|. The // ASN.1 serialization of RSA private keys unfortunately leaks the byte length @@ -231,9 +231,8 @@ static int freeze_private_key(RSA *rsa, BN_CTX *ctx) { // Key generation relies on this function to compute |iqmp|. if (rsa->iqmp == NULL) { BIGNUM *iqmp = BN_new(); - if (iqmp == NULL || - !bn_mod_inverse_secret_prime(iqmp, rsa->q, rsa->p, ctx, - rsa->mont_p)) { + if (iqmp == NULL || !bn_mod_inverse_secret_prime(iqmp, rsa->q, rsa->p, + ctx, rsa->mont_p)) { BN_free(iqmp); goto err; } @@ -300,9 +299,7 @@ void rsa_invalidate_key(RSA *rsa) { rsa->blinding_fork_generation = 0; } -size_t rsa_default_size(const RSA *rsa) { - return BN_num_bytes(rsa->n); -} +size_t rsa_default_size(const RSA *rsa) { return BN_num_bytes(rsa->n); } // MAX_BLINDINGS_PER_RSA defines the maximum number of cached BN_BLINDINGs per // RSA*. Then this limit is exceeded, BN_BLINDING objects will be created and @@ -342,8 +339,11 @@ static BN_BLINDING *rsa_blinding_get(RSA *rsa, size_t *index_used, rsa->blinding_fork_generation = fork_generation; } - uint8_t *const free_inuse_flag = - OPENSSL_memchr(rsa->blindings_inuse, 0, rsa->num_blindings); + uint8_t *const free_inuse_flag = reinterpret_cast( + OPENSSL_memchr(rsa->blindings_inuse, 0, rsa->num_blindings)); + size_t new_num_blindings; + BN_BLINDING **new_blindings; + uint8_t *new_blindings_inuse; if (free_inuse_flag != NULL) { *free_inuse_flag = 1; *index_used = free_inuse_flag - rsa->blindings_inuse; @@ -363,7 +363,7 @@ static BN_BLINDING *rsa_blinding_get(RSA *rsa, size_t *index_used, // Double the length of the cache. static_assert(MAX_BLINDINGS_PER_RSA < UINT_MAX / 2, "MAX_BLINDINGS_PER_RSA too large"); - size_t new_num_blindings = rsa->num_blindings * 2; + new_num_blindings = rsa->num_blindings * 2; if (new_num_blindings == 0) { new_num_blindings = 1; } @@ -372,9 +372,10 @@ static BN_BLINDING *rsa_blinding_get(RSA *rsa, size_t *index_used, } assert(new_num_blindings > rsa->num_blindings); - BN_BLINDING **new_blindings = - OPENSSL_calloc(new_num_blindings, sizeof(BN_BLINDING *)); - uint8_t *new_blindings_inuse = OPENSSL_malloc(new_num_blindings); + new_blindings = reinterpret_cast( + OPENSSL_calloc(new_num_blindings, sizeof(BN_BLINDING *))); + new_blindings_inuse = + reinterpret_cast(OPENSSL_malloc(new_num_blindings)); if (new_blindings == NULL || new_blindings_inuse == NULL) { goto err; } @@ -445,7 +446,7 @@ int rsa_default_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out, return 0; } - buf = OPENSSL_malloc(rsa_size); + buf = reinterpret_cast(OPENSSL_malloc(rsa_size)); if (buf == NULL) { goto err; } @@ -527,7 +528,7 @@ int rsa_verify_raw_no_self_test(RSA *rsa, size_t *out_len, uint8_t *out, buf = out; } else { // Allocate a temporary buffer to hold the padded plaintext. - buf = OPENSSL_malloc(rsa_size); + buf = reinterpret_cast(OPENSSL_malloc(rsa_size)); if (buf == NULL) { goto err; } @@ -580,9 +581,8 @@ err: return ret; } -int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, - size_t max_out, const uint8_t *in, - size_t in_len, int padding) { +int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, + const uint8_t *in, size_t in_len, int padding) { boringssl_ensure_rsa_self_test(); return rsa_verify_raw_no_self_test(rsa, out_len, out, max_out, in, in_len, padding); @@ -599,7 +599,7 @@ int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in, BN_CTX *ctx = NULL; size_t blinding_index = 0; BN_BLINDING *blinding = NULL; - int ret = 0; + int ret = 0, do_blinding; ctx = BN_CTX_new(); if (ctx == NULL) { @@ -632,7 +632,7 @@ int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in, goto err; } - const int do_blinding = + do_blinding = (rsa->flags & (RSA_FLAG_NO_BLINDING | RSA_FLAG_NO_PUBLIC_EXPONENT)) == 0; if (rsa->e == NULL && do_blinding) { @@ -695,8 +695,7 @@ int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in, } } - if (do_blinding && - !BN_BLINDING_invert(result, blinding, rsa->mont_n, ctx)) { + if (do_blinding && !BN_BLINDING_invert(result, blinding, rsa->mont_n, ctx)) { goto err; } @@ -739,7 +738,7 @@ static int mod_montgomery(BIGNUM *r, const BIGNUM *I, const BIGNUM *p, return 0; } - if (// Reduce mod p with Montgomery reduction. This computes I * R^-1 mod p. + if ( // Reduce mod p with Montgomery reduction. This computes I * R^-1 mod p. !BN_from_montgomery(r, I, mont_p, ctx) || // Multiply by R^2 and do another Montgomery reduction to compute // I * R^-1 * R^2 * R^-1 = I mod p. @@ -775,8 +774,8 @@ static int mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { BN_CTX_start(ctx); r1 = BN_CTX_get(ctx); m1 = BN_CTX_get(ctx); - if (r1 == NULL || - m1 == NULL) { + BIGNUM *n, *p, *q; + if (r1 == NULL || m1 == NULL) { goto err; } @@ -787,15 +786,15 @@ static int mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { // Use the minimal-width versions of |n|, |p|, and |q|. Either works, but if // someone gives us non-minimal values, these will be slightly more efficient // on the non-Montgomery operations. - const BIGNUM *n = &rsa->mont_n->N; - const BIGNUM *p = &rsa->mont_p->N; - const BIGNUM *q = &rsa->mont_q->N; + n = &rsa->mont_n->N; + p = &rsa->mont_p->N; + q = &rsa->mont_q->N; // This is a pre-condition for |mod_montgomery|. It was already checked by the // caller. declassify_assert(BN_ucmp(I, n) < 0); - if (// |m1| is the result modulo |q|. + if ( // |m1| is the result modulo |q|. !mod_montgomery(r1, I, q, rsa->mont_q, p, ctx) || !BN_mod_exp_mont_consttime(m1, r1, rsa->dmq1_fixed, q, ctx, rsa->mont_q) || @@ -881,10 +880,12 @@ static int ensure_bignum(BIGNUM **out) { // then [] // else let (high, low) = divrem 64 x in low : bnWords high // -// showWord x = let (high, low) = divrem 32 x in printf "TOBN(0x%08x, 0x%08x)" high low +// showWord x = let (high, low) = divrem 32 x in printf "TOBN(0x%08x, 0x%08x)" +// high low // // output :: String -// output = intercalate ", " $ map showWord $ bnWords $ converge (2 ^ (pow2 `div` 2)) +// output = intercalate ", " $ map showWord $ bnWords $ converge (2 ^ (pow2 +// `div` 2)) // // To verify this number, check that n² < 2⁴⁰⁹⁵ < (n+1)², where n is value // represented here. Note the components are listed in little-endian order. Here @@ -962,7 +963,7 @@ static int generate_prime(BIGNUM *out, int bits, const BIGNUM *e, // 22.21518251065506 // >>> f(2048, 3, 8*2048) // 22.211701985875937 - if (bits >= INT_MAX/32) { + if (bits >= INT_MAX / 32) { OPENSSL_PUT_ERROR(RSA, RSA_R_MODULUS_TOO_LARGE); return 0; } @@ -1086,16 +1087,18 @@ static int rsa_generate_key_impl(RSA *rsa, int bits, const BIGNUM *e_value, int ret = 0; int prime_bits = bits / 2; BN_CTX *ctx = BN_CTX_new(); + BIGNUM *totient, *pm1, *qm1, *sqrt2, *pow2_prime_bits_100, *pow2_prime_bits; + int sqrt2_bits; if (ctx == NULL) { goto bn_err; } BN_CTX_start(ctx); - BIGNUM *totient = BN_CTX_get(ctx); - BIGNUM *pm1 = BN_CTX_get(ctx); - BIGNUM *qm1 = BN_CTX_get(ctx); - BIGNUM *sqrt2 = BN_CTX_get(ctx); - BIGNUM *pow2_prime_bits_100 = BN_CTX_get(ctx); - BIGNUM *pow2_prime_bits = BN_CTX_get(ctx); + totient = BN_CTX_get(ctx); + pm1 = BN_CTX_get(ctx); + qm1 = BN_CTX_get(ctx); + sqrt2 = BN_CTX_get(ctx); + pow2_prime_bits_100 = BN_CTX_get(ctx); + pow2_prime_bits = BN_CTX_get(ctx); if (totient == NULL || pm1 == NULL || qm1 == NULL || sqrt2 == NULL || pow2_prime_bits_100 == NULL || pow2_prime_bits == NULL || !BN_set_bit(pow2_prime_bits_100, prime_bits - 100) || @@ -1104,12 +1107,9 @@ static int rsa_generate_key_impl(RSA *rsa, int bits, const BIGNUM *e_value, } // We need the RSA components non-NULL. - if (!ensure_bignum(&rsa->n) || - !ensure_bignum(&rsa->d) || - !ensure_bignum(&rsa->e) || - !ensure_bignum(&rsa->p) || - !ensure_bignum(&rsa->q) || - !ensure_bignum(&rsa->dmp1) || + if (!ensure_bignum(&rsa->n) || !ensure_bignum(&rsa->d) || + !ensure_bignum(&rsa->e) || !ensure_bignum(&rsa->p) || + !ensure_bignum(&rsa->q) || !ensure_bignum(&rsa->dmp1) || !ensure_bignum(&rsa->dmq1)) { goto bn_err; } @@ -1122,7 +1122,7 @@ static int rsa_generate_key_impl(RSA *rsa, int bits, const BIGNUM *e_value, if (!bn_set_words(sqrt2, kBoringSSLRSASqrtTwo, kBoringSSLRSASqrtTwoLen)) { goto bn_err; } - int sqrt2_bits = kBoringSSLRSASqrtTwoLen * BN_BITS2; + sqrt2_bits = kBoringSSLRSASqrtTwoLen * BN_BITS2; assert(sqrt2_bits == (int)BN_num_bits(sqrt2)); if (sqrt2_bits > prime_bits) { // For key sizes up to 4096 (prime_bits = 2048), this is exactly @@ -1183,7 +1183,7 @@ static int rsa_generate_key_impl(RSA *rsa, int bits, const BIGNUM *e_value, assert(BN_num_bits(pm1) == (unsigned)prime_bits); assert(BN_num_bits(qm1) == (unsigned)prime_bits); - if (// Calculate n. + if ( // Calculate n. !bn_mul_consttime(rsa->n, rsa->p, rsa->q, ctx) || // Calculate d mod (p-1). !bn_div_consttime(NULL, rsa->dmp1, rsa->d, pm1, prime_bits, ctx) || @@ -1329,8 +1329,7 @@ int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb) { } BIGNUM *e = BN_new(); - int ret = e != NULL && - BN_set_word(e, RSA_F4) && + int ret = e != NULL && BN_set_word(e, RSA_F4) && RSA_generate_key_ex_maybe_fips(rsa, bits, e, cb, /*check_fips=*/1); BN_free(e); diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/self_check/fips.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/self_check/fips.cc.inc similarity index 91% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/self_check/fips.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/self_check/fips.cc.inc index 9bd9e7bd..382dfad0 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/self_check/fips.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/self_check/fips.cc.inc @@ -30,6 +30,14 @@ int FIPS_mode_set(int on) { return on == FIPS_mode(); } const char *FIPS_module_name(void) { return "BoringCrypto"; } +int CRYPTO_has_asm(void) { +#if defined(OPENSSL_NO_ASM) + return 0; +#else + return 1; +#endif +} + uint32_t FIPS_version(void) { return 0; } @@ -77,8 +85,8 @@ size_t FIPS_read_counter(enum fips_counter_t counter) { abort(); } - const size_t *array = - CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS); + const size_t *array = reinterpret_cast( + CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS)); if (!array) { return 0; } @@ -92,11 +100,11 @@ void boringssl_fips_inc_counter(enum fips_counter_t counter) { abort(); } - size_t *array = - CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS); + size_t *array = reinterpret_cast( + CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS)); if (!array) { const size_t num_bytes = sizeof(size_t) * (fips_counter_max + 1); - array = OPENSSL_zalloc(num_bytes); + array = reinterpret_cast(OPENSSL_zalloc(num_bytes)); if (!array) { return; } diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/self_check/self_check.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/self_check/self_check.cc.inc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/self_check/self_check.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/self_check/self_check.cc.inc index 9e7fd53f..2b5a772d 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/self_check/self_check.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/self_check/self_check.cc.inc @@ -24,8 +24,8 @@ #include #include #include -#include #include +#include #include #include #include @@ -48,15 +48,14 @@ // compile the real logic. #if defined(_MSC_VER) -int BORINGSSL_self_test(void) { - return 0; -} +int BORINGSSL_self_test(void) { return 0; } #else -static void hexdump(FILE *out, const uint8_t *in, size_t len) { +static void hexdump(FILE *out, const void *in, size_t len) { + const uint8_t *in8 = reinterpret_cast(in); for (size_t i = 0; i < len; i++) { - fprintf(out, "%02x", in[i]); + fprintf(out, "%02x", in8[i]); } } @@ -197,7 +196,7 @@ static RSA *self_test_rsa_key(void) { }; RSA *rsa = RSA_new(); - if (rsa == NULL || + if (rsa == NULL || // !set_bignum(&rsa->n, kN, sizeof(kN)) || !set_bignum(&rsa->e, kE, sizeof(kE)) || !set_bignum(&rsa->d, kD, sizeof(kD)) || @@ -396,6 +395,11 @@ static int boringssl_self_test_ecc(void) { EC_POINT *ec_point_in = NULL; EC_POINT *ec_point_out = NULL; BIGNUM *ec_scalar = NULL; + const EC_GROUP *ec_group = NULL; + + // The 'k' value for ECDSA is fixed to avoid an entropy draw. + uint8_t ecdsa_k[32] = {0}; + ecdsa_k[31] = 42; ec_key = self_test_ecdsa_key(); if (ec_key == NULL) { @@ -419,10 +423,6 @@ static int boringssl_self_test_ecc(void) { 0x70, 0xb5, 0xbb, 0x0d, 0xfd, 0x8e, 0x0c, 0x02, 0x3f, }; - // The 'k' value for ECDSA is fixed to avoid an entropy draw. - uint8_t ecdsa_k[32] = {0}; - ecdsa_k[31] = 42; - uint8_t ecdsa_sign_output[64]; size_t ecdsa_sign_output_len; if (!ecdsa_sign_fixed_with_nonce_for_known_answer_test( @@ -483,7 +483,7 @@ static int boringssl_self_test_ecc(void) { 0x7c, 0x41, 0x8f, 0xaf, 0x9c, 0x40, 0xaf, 0x2e, 0x4a, 0x0c, }; - const EC_GROUP *ec_group = EC_group_p256(); + ec_group = EC_group_p256(); ec_point_in = EC_POINT_new(ec_group); ec_point_out = EC_POINT_new(ec_group); ec_scalar = BN_new(); @@ -600,7 +600,7 @@ static void run_self_test_rsa(void) { FIPS_service_indicator_unlock_state(); } -DEFINE_STATIC_ONCE(g_self_test_once_rsa); +DEFINE_STATIC_ONCE(g_self_test_once_rsa) void boringssl_ensure_rsa_self_test(void) { CRYPTO_once(g_self_test_once_rsa_bss_get(), run_self_test_rsa); @@ -614,7 +614,7 @@ static void run_self_test_ecc(void) { FIPS_service_indicator_unlock_state(); } -DEFINE_STATIC_ONCE(g_self_test_once_ecc); +DEFINE_STATIC_ONCE(g_self_test_once_ecc) void boringssl_ensure_ecc_self_test(void) { CRYPTO_once(g_self_test_once_ecc_bss_get(), run_self_test_ecc); @@ -628,7 +628,7 @@ static void run_self_test_ffdh(void) { FIPS_service_indicator_unlock_state(); } -DEFINE_STATIC_ONCE(g_self_test_once_ffdh); +DEFINE_STATIC_ONCE(g_self_test_once_ffdh) void boringssl_ensure_ffdh_self_test(void) { CRYPTO_once(g_self_test_once_ffdh_bss_get(), run_self_test_ffdh); @@ -701,7 +701,10 @@ int boringssl_self_test_hmac_sha256(void) { } static int boringssl_self_test_fast(void) { - static const uint8_t kAESKey[16] = "BoringCrypto Key"; + static const uint8_t kAESKey[16] = { + 'B', 'o', 'r', 'i', 'n', 'g', 'C', 'r', + 'y', 'p', 't', 'o', ' ', 'K', 'e', 'y', + }; static const uint8_t kAESIV[16] = {0}; EVP_AEAD_CTX aead_ctx; @@ -823,13 +826,11 @@ static int boringssl_self_test_fast(void) { 0x09, 0x11, 0x6d, 0x1a, 0xfd, 0x0f, 0x1e, 0x11, 0xe3, 0xcb, }; SHA1(kSHA1Input, sizeof(kSHA1Input), output); - if (!check_test(kSHA1Digest, output, sizeof(kSHA1Digest), - "SHA-1 KAT")) { + if (!check_test(kSHA1Digest, output, sizeof(kSHA1Digest), "SHA-1 KAT")) { goto err; } - if (!boringssl_self_test_sha256() || - !boringssl_self_test_sha512() || + if (!boringssl_self_test_sha256() || !boringssl_self_test_sha512() || !boringssl_self_test_hmac_sha256()) { goto err; } @@ -841,8 +842,11 @@ static int boringssl_self_test_fast(void) { 0x3f, 0x17, 0x4c, 0xf4, 0x78, 0x7a, 0x4f, 0x1a, 0x40, 0xc2, 0xb5, 0x0b, 0xab, 0xe1, 0x4a, 0xae, 0x53, 0x0b, 0xe5, 0x88, 0x6d, 0x91, 0x0a, 0x27, }; - static const uint8_t kDRBGPersonalization[18] = "BCMPersonalization"; - static const uint8_t kDRBGAD[16] = "BCM DRBG KAT AD "; + static const uint8_t kDRBGPersonalization[18] = { + 'B', 'C', 'M', 'P', 'e', 'r', 's', 'o', 'n', + 'a', 'l', 'i', 'z', 'a', 't', 'i', 'o', 'n'}; + static const uint8_t kDRBGAD[16] = {'B', 'C', 'M', ' ', 'D', 'R', 'B', 'G', + ' ', 'K', 'A', 'T', ' ', 'A', 'D', ' '}; static const uint8_t kDRBGOutput[64] = { 0x19, 0x1f, 0x2b, 0x49, 0x76, 0x85, 0xfd, 0x51, 0xb6, 0x56, 0xbc, 0x1c, 0x7d, 0xd5, 0xdd, 0x44, 0x76, 0xa3, 0x5e, 0x17, 0x9b, 0x8e, @@ -1022,8 +1026,8 @@ err: int BORINGSSL_self_test(void) { if (!boringssl_self_test_fast() || // When requested to run self tests, also run the lazy tests. - !boringssl_self_test_rsa() || - !boringssl_self_test_ecc() || + !boringssl_self_test_rsa() || // + !boringssl_self_test_ecc() || // !boringssl_self_test_ffdh()) { return 0; } @@ -1032,9 +1036,7 @@ int BORINGSSL_self_test(void) { } #if defined(BORINGSSL_FIPS) -int boringssl_self_test_startup(void) { - return boringssl_self_test_fast(); -} +int boringssl_self_test_startup(void) { return boringssl_self_test_fast(); } #endif #endif // !_MSC_VER diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/service_indicator/service_indicator.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/service_indicator/service_indicator.cc.inc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/service_indicator/service_indicator.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/service_indicator/service_indicator.cc.inc index 71db464f..77f72204 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/service_indicator/service_indicator.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/service_indicator/service_indicator.cc.inc @@ -45,11 +45,13 @@ struct fips_service_indicator_state { // for approved services irrespective of whether the user queries it or not. // Hence, it is lazily initialized in any call to an approved service. static struct fips_service_indicator_state *service_indicator_get(void) { - struct fips_service_indicator_state *indicator = CRYPTO_get_thread_local( - OPENSSL_THREAD_LOCAL_FIPS_SERVICE_INDICATOR_STATE); + struct fips_service_indicator_state *indicator = + reinterpret_cast(CRYPTO_get_thread_local( + OPENSSL_THREAD_LOCAL_FIPS_SERVICE_INDICATOR_STATE)); if (indicator == NULL) { - indicator = OPENSSL_malloc(sizeof(struct fips_service_indicator_state)); + indicator = reinterpret_cast( + OPENSSL_malloc(sizeof(struct fips_service_indicator_state))); if (indicator == NULL) { return NULL; } @@ -186,7 +188,7 @@ static void evp_md_ctx_verify_service_indicator(const EVP_MD_CTX *ctx, int (*md_ok)(int md_type)) { if (EVP_MD_CTX_md(ctx) == NULL) { // Signature schemes without a prehash are currently never FIPS approved. - goto err; + return; } EVP_PKEY_CTX *const pctx = ctx->pctx; @@ -242,7 +244,7 @@ static void evp_md_ctx_verify_service_indicator(const EVP_MD_CTX *ctx, } } - err: +err: // Ensure that junk errors aren't left on the queue. ERR_clear_error(); } diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/internal.h b/Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/internal.h index 977c4041..bfdbc776 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/internal.h +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/internal.h @@ -196,9 +196,7 @@ void sha256_block_data_order_ssse3(uint32_t state[8], const uint8_t *data, #define SHA512_ASM_AVX OPENSSL_INLINE int sha512_avx_capable(void) { - // Pre-Zen AMD CPUs had slow SHLD/SHRD; Zen added the SHA extension; see the - // discussion in sha1-586.pl. - return CRYPTO_is_AVX_capable() && CRYPTO_is_intel_cpu(); + return CRYPTO_is_AVX_capable(); } void sha512_block_data_order_avx(uint64_t state[8], const uint8_t *data, size_t num); diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha1.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha1.cc.inc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha1.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha1.cc.inc index 5f14c166..a15c40b2 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha1.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha1.cc.inc @@ -58,8 +58,8 @@ #include -#include "../bcm_interface.h" #include "../../internal.h" +#include "../bcm_interface.h" #include "../digest/md32_common.h" #include "../service_indicator/internal.h" #include "internal.h" @@ -87,7 +87,8 @@ bcm_infallible BCM_sha1_transform(SHA_CTX *c, const uint8_t data[SHA_CBLOCK]) { bcm_infallible BCM_sha1_update(SHA_CTX *c, const void *data, size_t len) { crypto_md32_update(&sha1_block_data_order, c->h, c->data, SHA_CBLOCK, &c->num, - &c->Nh, &c->Nl, data, len); + &c->Nh, &c->Nl, reinterpret_cast(data), + len); return bcm_infallible_approved; } @@ -110,7 +111,7 @@ bcm_infallible BCM_sha1_final(uint8_t out[SHA_DIGEST_LENGTH], SHA_CTX *c) { } bcm_infallible BCM_fips_186_2_prf(uint8_t *out, size_t out_len, - const uint8_t xkey[SHA_DIGEST_LENGTH]) { + const uint8_t xkey[SHA_DIGEST_LENGTH]) { // XKEY and XVAL are 160-bit values, but are internally right-padded up to // block size. See FIPS 186-2, Appendix 3.3. This buffer maintains both the // current value of XKEY and the padding. @@ -215,22 +216,22 @@ bcm_infallible BCM_fips_186_2_prf(uint8_t *out, size_t out_len, #endif /* Originally X was an array. As it's automatic it's natural -* to expect RISC compiler to accomodate at least part of it in -* the register bank, isn't it? Unfortunately not all compilers -* "find" this expectation reasonable:-( On order to make such -* compilers generate better code I replace X[] with a bunch of -* X0, X1, etc. See the function body below... -* */ -#define X(i) XX##i + * to expect RISC compiler to accomodate at least part of it in + * the register bank, isn't it? Unfortunately not all compilers + * "find" this expectation reasonable:-( On order to make such + * compilers generate better code I replace X[] with a bunch of + * X0, X1, etc. See the function body below... + * */ +#define X(i) XX##i #if !defined(SHA1_ASM) #if !defined(SHA1_ASM_NOHW) static void sha1_block_data_order_nohw(uint32_t state[5], const uint8_t *data, size_t num) { - register uint32_t A, B, C, D, E, T; - uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, - XX11, XX12, XX13, XX14, XX15; + uint32_t A, B, C, D, E, T; + uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, + XX13, XX14, XX15; A = state[0]; B = state[1]; diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha256.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha256.cc.inc similarity index 99% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha256.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha256.cc.inc index 68af74ed..bba5276d 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha256.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha256.cc.inc @@ -106,7 +106,8 @@ bcm_infallible BCM_sha256_transform(SHA256_CTX *c, bcm_infallible BCM_sha256_update(SHA256_CTX *c, const void *data, size_t len) { crypto_md32_update(&sha256_block_data_order, c->h, c->data, BCM_SHA256_CBLOCK, - &c->num, &c->Nh, &c->Nl, data, len); + &c->num, &c->Nh, &c->Nl, + reinterpret_cast(data), len); return bcm_infallible_approved; } diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha512.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha512.cc.inc similarity index 99% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha512.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha512.cc.inc index 59708ede..2e2d3ab5 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha512.c.inc +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/sha/sha512.cc.inc @@ -168,7 +168,7 @@ bcm_infallible BCM_sha512_update(SHA512_CTX *c, const void *in_data, size_t len) { uint64_t l; uint8_t *p = c->p; - const uint8_t *data = in_data; + const uint8_t *data = reinterpret_cast(in_data); if (len == 0) { return bcm_infallible_approved; @@ -189,7 +189,7 @@ bcm_infallible BCM_sha512_update(SHA512_CTX *c, const void *in_data, if (len < n) { OPENSSL_memcpy(p + c->num, data, len); c->num += (unsigned int)len; - return 1; + return bcm_infallible_approved; } else { OPENSSL_memcpy(p + c->num, data, n), c->num = 0; len -= n; diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/tls/kdf.c.inc b/Sources/CCryptoBoringSSL/crypto/fipsmodule/tls/kdf.cc.inc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/fipsmodule/tls/kdf.c.inc rename to Sources/CCryptoBoringSSL/crypto/fipsmodule/tls/kdf.cc.inc diff --git a/Sources/CCryptoBoringSSL/crypto/hpke/hpke.c b/Sources/CCryptoBoringSSL/crypto/hpke/hpke.cc similarity index 99% rename from Sources/CCryptoBoringSSL/crypto/hpke/hpke.c rename to Sources/CCryptoBoringSSL/crypto/hpke/hpke.cc index 0350ecdb..592564ac 100644 --- a/Sources/CCryptoBoringSSL/crypto/hpke/hpke.c +++ b/Sources/CCryptoBoringSSL/crypto/hpke/hpke.cc @@ -137,7 +137,8 @@ static int dhkem_extract_and_expand(uint16_t kem_id, const EVP_MD *hkdf_md, const uint8_t *kem_context, size_t kem_context_len) { // concat("KEM", I2OSP(kem_id, 2)) - uint8_t suite_id[5] = {'K', 'E', 'M', kem_id >> 8, kem_id & 0xff}; + uint8_t suite_id[5] = {'K', 'E', 'M', static_cast(kem_id >> 8), + static_cast(kem_id & 0xff)}; uint8_t prk[EVP_MAX_MD_SIZE]; size_t prk_len; return hpke_labeled_extract(hkdf_md, prk, &prk_len, NULL, 0, suite_id, @@ -622,7 +623,8 @@ void EVP_HPKE_KEY_cleanup(EVP_HPKE_KEY *key) { } EVP_HPKE_KEY *EVP_HPKE_KEY_new(void) { - EVP_HPKE_KEY *key = OPENSSL_malloc(sizeof(EVP_HPKE_KEY)); + EVP_HPKE_KEY *key = + reinterpret_cast(OPENSSL_malloc(sizeof(EVP_HPKE_KEY))); if (key == NULL) { return NULL; } @@ -847,7 +849,8 @@ void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx) { } EVP_HPKE_CTX *EVP_HPKE_CTX_new(void) { - EVP_HPKE_CTX *ctx = OPENSSL_malloc(sizeof(EVP_HPKE_CTX)); + EVP_HPKE_CTX *ctx = + reinterpret_cast(OPENSSL_malloc(sizeof(EVP_HPKE_CTX))); if (ctx == NULL) { return NULL; } diff --git a/Sources/CCryptoBoringSSL/crypto/hrss/hrss.c b/Sources/CCryptoBoringSSL/crypto/hrss/hrss.cc similarity index 95% rename from Sources/CCryptoBoringSSL/crypto/hrss/hrss.c rename to Sources/CCryptoBoringSSL/crypto/hrss/hrss.cc index eec362e7..49df5279 100644 --- a/Sources/CCryptoBoringSSL/crypto/hrss/hrss.c +++ b/Sources/CCryptoBoringSSL/crypto/hrss/hrss.cc @@ -18,6 +18,7 @@ #include #include #include +#include #include #include @@ -25,12 +26,6 @@ #include #include -#if defined(_MSC_VER) -#define RESTRICT -#else -#define RESTRICT restrict -#endif - #include "../internal.h" #include "internal.h" @@ -227,9 +222,7 @@ static inline vec_t vec_merge_3_5(vec_t left, vec_t right) { return vextq_u16(left, right, 5); } -static inline uint16_t vec_get_word(vec_t v, unsigned i) { - return v[i]; -} +static inline uint16_t vec_get_word(vec_t v, unsigned i) { return v[i]; } #if !defined(OPENSSL_AARCH64) @@ -299,14 +292,6 @@ static inline void poly3_vec_rshift1(vec_t a_s[6], vec_t a_a[6]) { // crypto_word_t v[WORDS_PER_POLY]; // }; -OPENSSL_UNUSED static void hexdump(const void *void_in, size_t len) { - const uint8_t *in = (const uint8_t *)void_in; - for (size_t i = 0; i < len; i++) { - printf("%02x", in[i]); - } - printf("\n"); -} - static void poly2_zero(struct poly2 *p) { OPENSSL_memset(&p->v[0], 0, sizeof(crypto_word_t) * WORDS_PER_POLY); } @@ -315,20 +300,13 @@ static void poly2_zero(struct poly2 *p) { static crypto_word_t word_reverse(crypto_word_t in) { #if defined(OPENSSL_64_BIT) static const crypto_word_t kMasks[6] = { - UINT64_C(0x5555555555555555), - UINT64_C(0x3333333333333333), - UINT64_C(0x0f0f0f0f0f0f0f0f), - UINT64_C(0x00ff00ff00ff00ff), - UINT64_C(0x0000ffff0000ffff), - UINT64_C(0x00000000ffffffff), + UINT64_C(0x5555555555555555), UINT64_C(0x3333333333333333), + UINT64_C(0x0f0f0f0f0f0f0f0f), UINT64_C(0x00ff00ff00ff00ff), + UINT64_C(0x0000ffff0000ffff), UINT64_C(0x00000000ffffffff), }; #else static const crypto_word_t kMasks[5] = { - 0x55555555, - 0x33333333, - 0x0f0f0f0f, - 0x00ff00ff, - 0x0000ffff, + 0x55555555, 0x33333333, 0x0f0f0f0f, 0x00ff00ff, 0x0000ffff, }; #endif @@ -363,12 +341,12 @@ static void poly2_reverse_700(struct poly2 *out, const struct poly2 *in) { t.v[i] = word_reverse(in->v[i]); } - static const size_t shift = BITS_PER_WORD - ((N-1) % BITS_PER_WORD); - for (size_t i = 0; i < WORDS_PER_POLY-1; i++) { - out->v[i] = t.v[WORDS_PER_POLY-1-i] >> shift; - out->v[i] |= t.v[WORDS_PER_POLY-2-i] << (BITS_PER_WORD - shift); + static const size_t shift = BITS_PER_WORD - ((N - 1) % BITS_PER_WORD); + for (size_t i = 0; i < WORDS_PER_POLY - 1; i++) { + out->v[i] = t.v[WORDS_PER_POLY - 1 - i] >> shift; + out->v[i] |= t.v[WORDS_PER_POLY - 2 - i] << (BITS_PER_WORD - shift); } - out->v[WORDS_PER_POLY-1] = t.v[0] >> shift; + out->v[WORDS_PER_POLY - 1] = t.v[0] >> shift; } // poly2_cswap exchanges the values of |a| and |b| if |swap| is all ones. @@ -417,13 +395,6 @@ static void poly2_clear_top_bits(struct poly2 *p) { p->v[WORDS_PER_POLY - 1] &= (UINT64_C(1) << BITS_IN_LAST_WORD) - 1; } -// poly2_top_bits_are_clear returns one iff the extra bits in the final words of -// |p| are zero. -static int poly2_top_bits_are_clear(const struct poly2 *p) { - return (p->v[WORDS_PER_POLY - 1] & - ~((UINT64_C(1) << BITS_IN_LAST_WORD) - 1)) == 0; -} - // Ternary polynomials. // poly3 represents a degree-N polynomial over GF(3). Each coefficient is @@ -461,29 +432,6 @@ static int poly2_top_bits_are_clear(const struct poly2 *p) { // struct poly2 s, a; // }; -OPENSSL_UNUSED static void poly3_print(const struct poly3 *in) { - struct poly3 p; - OPENSSL_memcpy(&p, in, sizeof(p)); - p.s.v[WORDS_PER_POLY - 1] &= ((crypto_word_t)1 << BITS_IN_LAST_WORD) - 1; - p.a.v[WORDS_PER_POLY - 1] &= ((crypto_word_t)1 << BITS_IN_LAST_WORD) - 1; - - printf("{["); - for (unsigned i = 0; i < WORDS_PER_POLY; i++) { - if (i) { - printf(" "); - } - printf(BN_HEX_FMT2, p.s.v[i]); - } - printf("] ["); - for (unsigned i = 0; i < WORDS_PER_POLY; i++) { - if (i) { - printf(" "); - } - printf(BN_HEX_FMT2, p.a.v[i]); - } - printf("]}\n"); -} - static void poly3_zero(struct poly3 *p) { poly2_zero(&p->s); poly2_zero(&p->a); @@ -534,9 +482,8 @@ static void poly3_mul_const(struct poly3 *p, crypto_word_t ms, } // poly3_fmadd sets |out| to |out| - |in|×m, where m is (ms, ma). -static void poly3_fmsub(struct poly3 *RESTRICT out, - const struct poly3 *RESTRICT in, crypto_word_t ms, - crypto_word_t ma) { +static void poly3_fmsub(struct poly3 *out, const struct poly3 *in, + crypto_word_t ms, crypto_word_t ma) { crypto_word_t product_s, product_a; for (size_t i = 0; i < WORDS_PER_POLY; i++) { poly3_word_mul(&product_s, &product_a, in->s.v[i], in->a.v[i], ms, ma); @@ -551,12 +498,6 @@ static crypto_word_t final_bit_to_all(crypto_word_t v) { return lsb_to_all(v >> (BITS_IN_LAST_WORD - 1)); } -// poly3_top_bits_are_clear returns one iff the extra bits in the final words of -// |p| are zero. -OPENSSL_UNUSED static int poly3_top_bits_are_clear(const struct poly3 *p) { - return poly2_top_bits_are_clear(&p->s) && poly2_top_bits_are_clear(&p->a); -} - // poly3_mod_phiN reduces |p| by Φ(N). static void poly3_mod_phiN(struct poly3 *p) { // In order to reduce by Φ(N) we subtract by the value of the greatest @@ -803,15 +744,16 @@ static void poly3_invert_vec(struct poly3 *out, const struct poly3 *in) { int delta = 1; - for (size_t i = 0; i < (2*(N-1)) - 1; i++) { + for (size_t i = 0; i < (2 * (N - 1)) - 1; i++) { poly3_vec_lshift1(v_s, v_a); const crypto_word_t delta_sign_bit = (delta >> (sizeof(delta) * 8 - 1)) & 1; const crypto_word_t delta_is_non_negative = delta_sign_bit - 1; const crypto_word_t delta_is_non_zero = ~constant_time_is_zero_w(delta); const vec_t g_has_constant_term = vec_broadcast_bit(g_a[0]); - const vec_t mask_w = - {delta_is_non_negative & delta_is_non_zero}; + const vec_t mask_w = { + static_cast::type>( + delta_is_non_negative & delta_is_non_zero)}; const vec_t mask = vec_broadcast_bit(mask_w) & g_has_constant_term; const vec_t c_a = vec_broadcast_bit(f_a[0] & g_a[0]); @@ -864,7 +806,7 @@ void HRSS_poly3_invert(struct poly3 *out, const struct poly3 *in) { poly3_reverse_700(&g, in); int delta = 1; - for (size_t i = 0; i < (2*(N-1)) - 1; i++) { + for (size_t i = 0; i < (2 * (N - 1)) - 1; i++) { poly3_lshift1(&v); const crypto_word_t delta_sign_bit = (delta >> (sizeof(delta) * 8 - 1)) & 1; @@ -941,17 +883,6 @@ static void poly_assert_normalized(const struct poly *x) { assert(x->v[N + 2] == 0); } -OPENSSL_UNUSED static void poly_print(const struct poly *p) { - printf("["); - for (unsigned i = 0; i < N; i++) { - if (i) { - printf(" "); - } - printf("%d", p->v[i]); - } - printf("]\n"); -} - // POLY_MUL_SCRATCH contains space for the working variables needed by // |poly_mul|. The contents afterwards may be discarded, but the object may also // be reused with future |poly_mul| calls to save heap allocations. @@ -987,9 +918,8 @@ struct POLY_MUL_SCRATCH { // of |scratch| and the function recurses, except if |n| < 3, when |scratch| // isn't used and the recursion stops. If |n| == |VECS_PER_POLY| then |scratch| // needs 172 elements. -static void poly_mul_vec_aux(vec_t *restrict out, vec_t *restrict scratch, - const vec_t *restrict a, const vec_t *restrict b, - const size_t n) { +static void poly_mul_vec_aux(vec_t *out, vec_t *scratch, const vec_t *a, + const vec_t *b, const size_t n) { // In [HRSS], the technique they used for polynomial multiplication is // described: they start with Toom-4 at the top level and then two layers of // Karatsuba. Karatsuba is a specific instance of the general Toom–Cook @@ -1246,8 +1176,8 @@ static void poly_mul_vec(struct POLY_MUL_SCRATCH *scratch, struct poly *out, for (size_t i = 0; i < VECS_PER_POLY; i++) { const vec_t prev = prod[VECS_PER_POLY - 1 + i]; - const vec_t this = prod[VECS_PER_POLY + i]; - out_vecs[i] = vec_add(prod[i], vec_merge_3_5(prev, this)); + const vec_t this_vec = prod[VECS_PER_POLY + i]; + out_vecs[i] = vec_add(prod[i], vec_merge_3_5(prev, this_vec)); } OPENSSL_memset(&out->v[N], 0, 3 * sizeof(uint16_t)); @@ -1267,7 +1197,7 @@ static void poly_mul_novec_aux(uint16_t *out, uint16_t *scratch, OPENSSL_memset(out, 0, sizeof(uint16_t) * n * 2); for (size_t i = 0; i < n; i++) { for (size_t j = 0; j < n; j++) { - out[i + j] += (unsigned) a[i] * b[j]; + out[i + j] += (unsigned)a[i] * b[j]; } } @@ -1335,7 +1265,7 @@ static void poly_mul(struct POLY_MUL_SCRATCH *scratch, struct poly *r, #endif #if defined(HRSS_HAVE_VECTOR_UNIT) - if (vec_capable()) { + if (vec_capable()) { poly_mul_vec(scratch, r, a, b); } else #endif @@ -1564,7 +1494,7 @@ static void poly_invert_mod2(struct poly *out, const struct poly *in) { poly2_reverse_700(&g, &g); int delta = 1; - for (size_t i = 0; i < (2*(N-1)) - 1; i++) { + for (size_t i = 0; i < (2 * (N - 1)) - 1; i++) { poly2_lshift1(&v); const crypto_word_t delta_sign_bit = (delta >> (sizeof(delta) * 8 - 1)) & 1; @@ -1729,7 +1659,7 @@ static void poly_marshal_mod3(uint8_t out[HRSS_POLY3_BYTES], const uint16_t *coeffs = in->v; // Only 700 coefficients are marshaled because in[700] must be zero. - assert(coeffs[N-1] == 0); + assert(coeffs[N - 1] == 0); for (size_t i = 0; i < HRSS_POLY3_BYTES; i++) { const uint16_t coeffs0 = mod3_from_modQ(coeffs[0]); @@ -1773,15 +1703,15 @@ static void poly_short_sample_plus(struct poly *out, // because |sum| is bound by +/- (N-2), and N < 2^15 so it works out. uint16_t sum = 0; for (unsigned i = 0; i < N - 2; i++) { - sum += (unsigned) out->v[i] * out->v[i + 1]; + sum += (unsigned)out->v[i] * out->v[i + 1]; } // If the sum is negative, flip the sign of even-positioned coefficients. (See // page 8 of [HRSS].) - sum = ((int16_t) sum) >> 15; + sum = ((int16_t)sum) >> 15; const uint16_t scale = sum | (~sum & 1); for (unsigned i = 0; i < N; i += 2) { - out->v[i] = (unsigned) out->v[i] * scale; + out->v[i] = (unsigned)out->v[i] * scale; } poly_assert_normalized(out); } @@ -1878,7 +1808,7 @@ static void poly_lift(struct poly *out, const struct poly *a) { // Note that s0 + s1 + s2 = 0. out->v[0] += s0; - out->v[1] -= (s0 + s2); // = s1 + out->v[1] -= (s0 + s2); // = s1 out->v[2] += s2; // Calculate the remaining inner products by taking advantage of the @@ -1925,7 +1855,7 @@ static struct public_key *public_key_from_external( sizeof(struct HRSS_public_key) >= sizeof(struct public_key) + 15, "HRSS public key too small"); - return align_pointer(ext->opaque, 16); + return reinterpret_cast(align_pointer(ext->opaque, 16)); } // private_key_from_external does the same thing as |public_key_from_external|, @@ -1937,7 +1867,7 @@ static struct private_key *private_key_from_external( sizeof(struct HRSS_private_key) >= sizeof(struct private_key) + 15, "HRSS private key too small"); - return align_pointer(ext->opaque, 16); + return reinterpret_cast(align_pointer(ext->opaque, 16)); } // malloc_align32 returns a pointer to |size| bytes of 32-byte-aligned heap and @@ -1969,13 +1899,14 @@ int HRSS_generate_key( }; void *malloc_ptr; - struct vars *const vars = malloc_align32(&malloc_ptr, sizeof(struct vars)); + struct vars *const vars = reinterpret_cast( + malloc_align32(&malloc_ptr, sizeof(struct vars))); if (!vars) { // If the caller ignores the return value the output will still be safe. // The private key output is randomised in case it's later passed to // |HRSS_encap|. memset(out_pub, 0, sizeof(struct HRSS_public_key)); - RAND_bytes((uint8_t*) out_priv, sizeof(struct HRSS_private_key)); + RAND_bytes((uint8_t *)out_priv, sizeof(struct HRSS_private_key)); return 0; } @@ -2032,7 +1963,8 @@ int HRSS_encap(uint8_t out_ciphertext[POLY_BYTES], uint8_t out_shared_key[32], }; void *malloc_ptr; - struct vars *const vars = malloc_align32(&malloc_ptr, sizeof(struct vars)); + struct vars *const vars = reinterpret_cast( + malloc_align32(&malloc_ptr, sizeof(struct vars))); if (!vars) { // If the caller ignores the return value the output will still be safe. // The private key output is randomised in case it's used to encrypt and @@ -2072,11 +2004,17 @@ int HRSS_encap(uint8_t out_ciphertext[POLY_BYTES], uint8_t out_shared_key[32], } int HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES], - const struct HRSS_private_key *in_priv, - const uint8_t *ciphertext, size_t ciphertext_len) { + const struct HRSS_private_key *in_priv, + const uint8_t *ciphertext, size_t ciphertext_len) { const struct private_key *priv = private_key_from_external((struct HRSS_private_key *)in_priv); +#if defined(_MSC_VER) + // MSVC will produce this useless warning: + // warning C4324: structure was padded due to alignment specifier +#pragma warning(push) +#pragma warning(disable : 4324) +#endif struct vars { struct POLY_MUL_SCRATCH scratch; uint8_t masked_key[SHA256_CBLOCK]; @@ -2092,9 +2030,13 @@ int HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES], uint8_t r_bytes[HRSS_POLY3_BYTES]; uint8_t shared_key[32]; }; +#if defined(_MSC_VER) +#pragma warning(pop) +#endif void *malloc_ptr; - struct vars *const vars = malloc_align32(&malloc_ptr, sizeof(struct vars)); + struct vars *const vars = reinterpret_cast( + malloc_align32(&malloc_ptr, sizeof(struct vars))); if (!vars) { // If the caller ignores the return value the output will still be safe. // The private key output is randomised in case it's used to encrypt and @@ -2140,6 +2082,7 @@ int HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES], // If the ciphertext is publicly invalid then a random shared key is still // returned to simply the logic of the caller, but this path is not constant // time. + crypto_word_t ok = 0; if (ciphertext_len != HRSS_CIPHERTEXT_BYTES || !poly_unmarshal(&vars->c, ciphertext)) { goto out; @@ -2162,7 +2105,7 @@ int HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES], poly_mod_phiN(&vars->r); poly_clamp(&vars->r); - crypto_word_t ok = poly3_from_poly_checked(&vars->r3, &vars->r); + ok = poly3_from_poly_checked(&vars->r3, &vars->r); // [NTRUCOMP] section 5.1 includes ReEnc2 and a proof that it's valid. Rather // than do an expensive |poly_mul|, it rebuilds |c'| from |c - lift(m)| diff --git a/Sources/CCryptoBoringSSL/crypto/internal.h b/Sources/CCryptoBoringSSL/crypto/internal.h index a24dedaa..b6a5d168 100644 --- a/Sources/CCryptoBoringSSL/crypto/internal.h +++ b/Sources/CCryptoBoringSSL/crypto/internal.h @@ -126,16 +126,6 @@ #include #endif -#if !defined(__cplusplus) -#if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 201112L -// BoringSSL requires C11 to build the library. The most likely cause of -// pre-C11 modes is stale -std=c99 or -std=gnu99 flags in build configuration. -// Such flags can be removed. If building with MSVC, build with /std:c11. -#error "BoringSSL must be built in C11 mode or higher." -#endif -#include -#endif - #if defined(OPENSSL_THREADS) && \ (!defined(OPENSSL_WINDOWS) || defined(__MINGW32__)) #include @@ -147,29 +137,11 @@ #define OPENSSL_WINDOWS_THREADS #endif -// Determine the atomics implementation to use with C. -#if !defined(__cplusplus) -#if !defined(OPENSSL_C11_ATOMIC) && defined(OPENSSL_THREADS) && \ - !defined(__STDC_NO_ATOMICS__) -#define OPENSSL_C11_ATOMIC -#endif - -#if defined(OPENSSL_C11_ATOMIC) -#include -#endif - -// Older MSVC does not support C11 atomics, so we fallback to the Windows APIs. -// When both are available (e.g. clang-cl), we prefer the C11 ones. The Windows -// APIs don't allow some operations to be implemented as efficiently. This can -// be removed once we can rely on -// https://devblogs.microsoft.com/cppblog/c11-atomics-in-visual-studio-2022-version-17-5-preview-2/ -#if !defined(OPENSSL_C11_ATOMIC) && defined(OPENSSL_THREADS) && \ - defined(OPENSSL_WINDOWS) -#define OPENSSL_WINDOWS_ATOMIC +#if defined(OPENSSL_THREADS) +#include #endif -#endif // !__cplusplus -#if defined(OPENSSL_WINDOWS_THREADS) || defined(OPENSSL_WINDOWS_ATOMIC) +#if defined(OPENSSL_WINDOWS_THREADS) OPENSSL_MSVC_PRAGMA(warning(push, 3)) #include OPENSSL_MSVC_PRAGMA(warning(pop)) @@ -219,33 +191,35 @@ typedef __uint128_t uint128_t; // These may be bugs in the toolchain definition, but just disable it for now. // EDK2's toolchain is missing __udivti3 (b/339380897) so cannot support // 128-bit division currently. -#if !defined(_MSC_VER) && !defined(OPENSSL_NANOLIBC) && !defined(__EDK2_BORINGSSL__) +#if !defined(_MSC_VER) && !defined(OPENSSL_NANOLIBC) && \ + !defined(__EDK2_BORINGSSL__) #define BORINGSSL_CAN_DIVIDE_UINT128 #endif #endif #define OPENSSL_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0])) +#if defined(__clang__) && __clang_major__ >= 5 +#if __has_attribute(fallthrough) +#define OPENSSL_CAN_USE_ATTR_FALLTHROUGH +#endif +#endif + // Have a generic fall-through for different versions of C/C++. #if defined(__cplusplus) && __cplusplus >= 201703L #define OPENSSL_FALLTHROUGH [[fallthrough]] #elif defined(__cplusplus) && __cplusplus >= 201103L && defined(__clang__) #define OPENSSL_FALLTHROUGH [[clang::fallthrough]] -#elif defined(__cplusplus) && __cplusplus >= 201103L && defined(__GNUC__) && \ - __GNUC__ >= 7 +#elif defined(__cplusplus) && __cplusplus >= 201103L && defined(__GNUC__) #define OPENSSL_FALLTHROUGH [[gnu::fallthrough]] -#elif defined(__GNUC__) && __GNUC__ >= 7 // gcc 7 -#define OPENSSL_FALLTHROUGH __attribute__ ((fallthrough)) -#elif defined(__clang__) -#if __has_attribute(fallthrough) && __clang_major__ >= 5 +#elif defined(__GNUC__) +#define OPENSSL_FALLTHROUGH __attribute__((fallthrough)) +#elif defined(OPENSSL_CAN_USE_ATTR_FALLTHROUGH) // Clang 3.5, at least, complains about "error: declaration does not declare // anything", possibily because we put a semicolon after this macro in // practice. Thus limit it to >= Clang 5, which does work. -#define OPENSSL_FALLTHROUGH __attribute__ ((fallthrough)) -#else // clang versions that do not support fallthrough. -#define OPENSSL_FALLTHROUGH -#endif -#else // C++11 on gcc 6, and all other cases +#define OPENSSL_FALLTHROUGH __attribute__((fallthrough)) +#else // all other cases #define OPENSSL_FALLTHROUGH #endif @@ -311,8 +285,8 @@ OPENSSL_INLINE void OPENSSL_enable_malloc_failures_for_testing(void) {} // Pointer utility functions. // buffers_alias returns one if |a| and |b| alias and zero otherwise. -static inline int buffers_alias(const void *a, size_t a_bytes, - const void *b, size_t b_bytes) { +static inline int buffers_alias(const void *a, size_t a_bytes, const void *b, + size_t b_bytes) { // Cast |a| and |b| to integers. In C, pointer comparisons between unrelated // objects are undefined whereas pointer to integer conversions are merely // implementation-defined. We assume the implementation defined it in a sane @@ -448,7 +422,7 @@ static inline crypto_word_t constant_time_lt_w(crypto_word_t a, // (assert (not (= (= #x00000001 (bvlshr (lt a b) #x0000001f)) (bvult a b)))) // (check-sat) // (get-model) - return constant_time_msb_w(a^((a^b)|((a-b)^a))); + return constant_time_msb_w(a ^ ((a ^ b) | ((a - b) ^ a))); } // constant_time_lt_8 acts like |constant_time_lt_w| but returns an 8-bit @@ -479,9 +453,8 @@ static inline crypto_word_t constant_time_is_zero_w(crypto_word_t a) { // // (declare-fun a () (_ BitVec 32)) // - // (assert (not (= (= #x00000001 (bvlshr (is_zero a) #x0000001f)) (= a #x00000000)))) - // (check-sat) - // (get-model) + // (assert (not (= (= #x00000001 (bvlshr (is_zero a) #x0000001f)) (= a + // #x00000000)))) (check-sat) (get-model) return constant_time_msb_w(~a & (a - 1)); } @@ -577,10 +550,10 @@ static inline void constant_time_conditional_memxor(void *dst, const void *src, #if defined(__GNUC__) && !defined(__clang__) // gcc 13.2.0 doesn't automatically vectorize this loop regardless of barrier typedef uint8_t v32u8 __attribute__((vector_size(32), aligned(1), may_alias)); - size_t n_vec = n&~(size_t)31; - v32u8 masks = ((uint8_t)mask-(v32u8){}); // broadcast + size_t n_vec = n & ~(size_t)31; + v32u8 masks = ((uint8_t)mask - (v32u8){}); // broadcast for (size_t i = 0; i < n_vec; i += 32) { - *(v32u8*)&out[i] ^= masks & *(v32u8*)&in[i]; + *(v32u8 *)&out[i] ^= masks & *(v32u8 *)&in[i]; } out += n_vec; n -= n_vec; @@ -671,73 +644,28 @@ OPENSSL_EXPORT void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void)); // The following functions provide an API analogous to from C11 // and abstract between a few variations on atomics we need to support. -#if defined(__cplusplus) - -// In C++, we can't easily detect whether C will use |OPENSSL_C11_ATOMIC| or -// |OPENSSL_WINDOWS_ATOMIC|. Instead, we define a layout-compatible type without -// the corresponding functions. When we can rely on C11 atomics in MSVC, that -// will no longer be a concern. -typedef uint32_t CRYPTO_atomic_u32; - -#elif defined(OPENSSL_C11_ATOMIC) - -typedef _Atomic uint32_t CRYPTO_atomic_u32; - -// This should be const, but the |OPENSSL_WINDOWS_ATOMIC| implementation is not -// const due to Windows limitations. When we can rely on C11 atomics, make this -// const-correct. -OPENSSL_INLINE uint32_t CRYPTO_atomic_load_u32(CRYPTO_atomic_u32 *val) { - return atomic_load(val); -} - -OPENSSL_INLINE int CRYPTO_atomic_compare_exchange_weak_u32( - CRYPTO_atomic_u32 *val, uint32_t *expected, uint32_t desired) { - return atomic_compare_exchange_weak(val, expected, desired); -} - -OPENSSL_INLINE void CRYPTO_atomic_store_u32(CRYPTO_atomic_u32 *val, - uint32_t desired) { - atomic_store(val, desired); -} +#if defined(OPENSSL_THREADS) -#elif defined(OPENSSL_WINDOWS_ATOMIC) +using CRYPTO_atomic_u32 = std::atomic; -typedef LONG CRYPTO_atomic_u32; +static_assert(sizeof(CRYPTO_atomic_u32) == sizeof(uint32_t), ""); -OPENSSL_INLINE uint32_t CRYPTO_atomic_load_u32(volatile CRYPTO_atomic_u32 *val) { - // This is not ideal because it still writes to a cacheline. MSVC is not able - // to optimize this to a true atomic read, and Windows does not provide an - // InterlockedLoad function. - // - // The Windows documentation [1] does say "Simple reads and writes to - // properly-aligned 32-bit variables are atomic operations", but this is not - // phrased in terms of the C11 and C++11 memory models, and indeed a read or - // write seems to produce slightly different code on MSVC than a sequentially - // consistent std::atomic::load in C++. Moreover, it is unclear if non-MSVC - // compilers on Windows provide the same guarantees. Thus we avoid relying on - // this and instead still use an interlocked function. This is still - // preferable a global mutex, and eventually this code will be replaced by - // [2]. Additionally, on clang-cl, we'll use the |OPENSSL_C11_ATOMIC| path. - // - // [1] https://learn.microsoft.com/en-us/windows/win32/sync/interlocked-variable-access - // [2] https://devblogs.microsoft.com/cppblog/c11-atomics-in-visual-studio-2022-version-17-5-preview-2/ - return (uint32_t)InterlockedCompareExchange(val, 0, 0); +inline uint32_t CRYPTO_atomic_load_u32(const CRYPTO_atomic_u32 *val) { + return val->load(std::memory_order_seq_cst); } -OPENSSL_INLINE int CRYPTO_atomic_compare_exchange_weak_u32( - volatile CRYPTO_atomic_u32 *val, uint32_t *expected32, uint32_t desired) { - LONG expected = (LONG)*expected32; - LONG actual = InterlockedCompareExchange(val, (LONG)desired, expected); - *expected32 = (uint32_t)actual; - return actual == expected; +inline bool CRYPTO_atomic_compare_exchange_weak_u32(CRYPTO_atomic_u32 *val, + uint32_t *expected, + uint32_t desired) { + return val->compare_exchange_weak( + *expected, desired, std::memory_order_seq_cst, std::memory_order_seq_cst); } -OPENSSL_INLINE void CRYPTO_atomic_store_u32(volatile CRYPTO_atomic_u32 *val, - uint32_t desired) { - InterlockedExchange(val, (LONG)desired); +inline void CRYPTO_atomic_store_u32(CRYPTO_atomic_u32 *val, uint32_t desired) { + val->store(desired, std::memory_order_seq_cst); } -#elif !defined(OPENSSL_THREADS) +#else typedef uint32_t CRYPTO_atomic_u32; @@ -760,12 +688,6 @@ OPENSSL_INLINE void CRYPTO_atomic_store_u32(CRYPTO_atomic_u32 *val, *val = desired; } -#else - -// Require some atomics implementation. Contact BoringSSL maintainers if you -// have a platform with fails this check. -#error "Thread-compatible configurations require atomics" - #endif // See the comment in the |__cplusplus| section above. @@ -803,7 +725,8 @@ OPENSSL_EXPORT int CRYPTO_refcount_dec_and_test_zero(CRYPTO_refcount_t *count); typedef struct crypto_mutex_st { char padding; // Empty structs have different sizes in C and C++. } CRYPTO_MUTEX; -#define CRYPTO_MUTEX_INIT { 0 } +#define CRYPTO_MUTEX_INIT \ + { 0 } #elif defined(OPENSSL_WINDOWS_THREADS) typedef SRWLOCK CRYPTO_MUTEX; #define CRYPTO_MUTEX_INIT SRWLOCK_INIT @@ -868,7 +791,7 @@ using MutexReadLock = BSSL_NAMESPACE_END -} // extern "C++" +} // extern "C++" #endif // defined(__cplusplus) @@ -932,9 +855,10 @@ typedef struct { uint8_t num_reserved; } CRYPTO_EX_DATA_CLASS; -#define CRYPTO_EX_DATA_CLASS_INIT {CRYPTO_MUTEX_INIT, NULL, NULL, 0, 0} +#define CRYPTO_EX_DATA_CLASS_INIT \ + { CRYPTO_MUTEX_INIT, NULL, NULL, {}, 0 } #define CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA \ - {CRYPTO_MUTEX_INIT, NULL, NULL, 0, 1} + { CRYPTO_MUTEX_INIT, NULL, NULL, {}, 1 } // CRYPTO_get_ex_new_index_ex allocates a new index for |ex_data_class|. Each // class of object should provide a wrapper function that uses the correct @@ -980,21 +904,13 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3)) #include OPENSSL_MSVC_PRAGMA(warning(pop)) #pragma intrinsic(_byteswap_uint64, _byteswap_ulong, _byteswap_ushort) -static inline uint16_t CRYPTO_bswap2(uint16_t x) { - return _byteswap_ushort(x); -} +static inline uint16_t CRYPTO_bswap2(uint16_t x) { return _byteswap_ushort(x); } -static inline uint32_t CRYPTO_bswap4(uint32_t x) { - return _byteswap_ulong(x); -} +static inline uint32_t CRYPTO_bswap4(uint32_t x) { return _byteswap_ulong(x); } -static inline uint64_t CRYPTO_bswap8(uint64_t x) { - return _byteswap_uint64(x); -} +static inline uint64_t CRYPTO_bswap8(uint64_t x) { return _byteswap_uint64(x); } #else -static inline uint16_t CRYPTO_bswap2(uint16_t x) { - return (x >> 8) | (x << 8); -} +static inline uint16_t CRYPTO_bswap2(uint16_t x) { return (x >> 8) | (x << 8); } static inline uint32_t CRYPTO_bswap4(uint32_t x) { x = (x >> 16) | (x << 16); @@ -1041,7 +957,7 @@ static inline void *OPENSSL_memchr(void *s, int c, size_t n) { return memchr(s, c, n); } -} // extern "C++" +} // extern "C++" #else // __cplusplus static inline void *OPENSSL_memchr(const void *s, int c, size_t n) { @@ -1208,117 +1124,6 @@ static inline uint64_t CRYPTO_rotr_u64(uint64_t value, int shift) { } -// Arithmetic functions. - -// The most efficient versions of these functions on GCC and Clang depend on C11 -// |_Generic|. If we ever need to call these from C++, we'll need to add a -// variant that uses C++ overloads instead. -#if !defined(__cplusplus) - -// CRYPTO_addc_* returns |x + y + carry|, and sets |*out_carry| to the carry -// bit. |carry| must be zero or one. -#if OPENSSL_HAS_BUILTIN(__builtin_addc) - -#define CRYPTO_GENERIC_ADDC(x, y, carry, out_carry) \ - (_Generic((x), \ - unsigned: __builtin_addc, \ - unsigned long: __builtin_addcl, \ - unsigned long long: __builtin_addcll))((x), (y), (carry), (out_carry)) - -static inline uint32_t CRYPTO_addc_u32(uint32_t x, uint32_t y, uint32_t carry, - uint32_t *out_carry) { - declassify_assert(carry <= 1); - return CRYPTO_GENERIC_ADDC(x, y, carry, out_carry); -} - -static inline uint64_t CRYPTO_addc_u64(uint64_t x, uint64_t y, uint64_t carry, - uint64_t *out_carry) { - declassify_assert(carry <= 1); - return CRYPTO_GENERIC_ADDC(x, y, carry, out_carry); -} - -#else - -static inline uint32_t CRYPTO_addc_u32(uint32_t x, uint32_t y, uint32_t carry, - uint32_t *out_carry) { - declassify_assert(carry <= 1); - uint64_t ret = carry; - ret += (uint64_t)x + y; - *out_carry = (uint32_t)(ret >> 32); - return (uint32_t)ret; -} - -static inline uint64_t CRYPTO_addc_u64(uint64_t x, uint64_t y, uint64_t carry, - uint64_t *out_carry) { - declassify_assert(carry <= 1); -#if defined(BORINGSSL_HAS_UINT128) - uint128_t ret = carry; - ret += (uint128_t)x + y; - *out_carry = (uint64_t)(ret >> 64); - return (uint64_t)ret; -#else - x += carry; - carry = x < carry; - uint64_t ret = x + y; - carry += ret < x; - *out_carry = carry; - return ret; -#endif -} -#endif - -// CRYPTO_subc_* returns |x - y - borrow|, and sets |*out_borrow| to the borrow -// bit. |borrow| must be zero or one. -#if OPENSSL_HAS_BUILTIN(__builtin_subc) - -#define CRYPTO_GENERIC_SUBC(x, y, borrow, out_borrow) \ - (_Generic((x), \ - unsigned: __builtin_subc, \ - unsigned long: __builtin_subcl, \ - unsigned long long: __builtin_subcll))((x), (y), (borrow), (out_borrow)) - -static inline uint32_t CRYPTO_subc_u32(uint32_t x, uint32_t y, uint32_t borrow, - uint32_t *out_borrow) { - declassify_assert(borrow <= 1); - return CRYPTO_GENERIC_SUBC(x, y, borrow, out_borrow); -} - -static inline uint64_t CRYPTO_subc_u64(uint64_t x, uint64_t y, uint64_t borrow, - uint64_t *out_borrow) { - declassify_assert(borrow <= 1); - return CRYPTO_GENERIC_SUBC(x, y, borrow, out_borrow); -} - -#else - -static inline uint32_t CRYPTO_subc_u32(uint32_t x, uint32_t y, uint32_t borrow, - uint32_t *out_borrow) { - declassify_assert(borrow <= 1); - uint32_t ret = x - y - borrow; - *out_borrow = (x < y) | ((x == y) & borrow); - return ret; -} - -static inline uint64_t CRYPTO_subc_u64(uint64_t x, uint64_t y, uint64_t borrow, - uint64_t *out_borrow) { - declassify_assert(borrow <= 1); - uint64_t ret = x - y - borrow; - *out_borrow = (x < y) | ((x == y) & borrow); - return ret; -} -#endif - -#if defined(OPENSSL_64_BIT) -#define CRYPTO_addc_w CRYPTO_addc_u64 -#define CRYPTO_subc_w CRYPTO_subc_u64 -#else -#define CRYPTO_addc_w CRYPTO_addc_u32 -#define CRYPTO_subc_w CRYPTO_subc_u32 -#endif - -#endif // !__cplusplus - - // FIPS functions. #if defined(BORINGSSL_FIPS) @@ -1379,9 +1184,7 @@ OPENSSL_INLINE int boringssl_fips_break_test(const char *test) { return value != NULL && strcmp(value, test) == 0; } #else -OPENSSL_INLINE int boringssl_fips_break_test(const char *test) { - return 0; -} +OPENSSL_INLINE int boringssl_fips_break_test(const char *test) { return 0; } #endif // BORINGSSL_FIPS_BREAK_TESTS @@ -1749,4 +1552,163 @@ OPENSSL_EXPORT int OPENSSL_vasprintf_internal(char **str, const char *format, } // extern C #endif +// Arithmetic functions. + +// CRYPTO_addc_* returns |x + y + carry|, and sets |*out_carry| to the carry +// bit. |carry| must be zero or one. +#if OPENSSL_HAS_BUILTIN(__builtin_addc) + +template +struct CRYPTO_addc_impl { + static_assert(sizeof(T) == 0, "Unsupported type for addc operation"); +}; + +template <> +struct CRYPTO_addc_impl { + static unsigned int add(unsigned int x, unsigned int y, unsigned int carry, + unsigned int *out_carry) { + return __builtin_addc(x, y, carry, out_carry); + } +}; + +template <> +struct CRYPTO_addc_impl { + static unsigned long add(unsigned long x, unsigned long y, + unsigned long carry, unsigned long *out_carry) { + return __builtin_addcl(x, y, carry, out_carry); + } +}; + +template <> +struct CRYPTO_addc_impl { + static unsigned long long add(unsigned long long x, unsigned long long y, + unsigned long long carry, + unsigned long long *out_carry) { + return __builtin_addcll(x, y, carry, out_carry); + } +}; + +template +inline T CRYPTO_addc(T x, T y, T carry, T *out_carry) { + return CRYPTO_addc_impl::add(x, y, carry, out_carry); +} + +inline uint32_t CRYPTO_addc_u32(uint32_t x, uint32_t y, uint32_t carry, + uint32_t *out_carry) { + return CRYPTO_addc(x, y, carry, out_carry); +} + +inline uint64_t CRYPTO_addc_u64(uint64_t x, uint64_t y, uint64_t carry, + uint64_t *out_carry) { + return CRYPTO_addc(x, y, carry, out_carry); +} + +#else + +static inline uint32_t CRYPTO_addc_u32(uint32_t x, uint32_t y, uint32_t carry, + uint32_t *out_carry) { + declassify_assert(carry <= 1); + uint64_t ret = carry; + ret += (uint64_t)x + y; + *out_carry = (uint32_t)(ret >> 32); + return (uint32_t)ret; +} + +static inline uint64_t CRYPTO_addc_u64(uint64_t x, uint64_t y, uint64_t carry, + uint64_t *out_carry) { + declassify_assert(carry <= 1); +#if defined(BORINGSSL_HAS_UINT128) + uint128_t ret = carry; + ret += (uint128_t)x + y; + *out_carry = (uint64_t)(ret >> 64); + return (uint64_t)ret; +#else + x += carry; + carry = x < carry; + uint64_t ret = x + y; + carry += ret < x; + *out_carry = carry; + return ret; +#endif +} +#endif + + +// CRYPTO_subc_* returns |x - y - borrow|, and sets |*out_borrow| to the borrow +// bit. |borrow| must be zero or one. +#if OPENSSL_HAS_BUILTIN(__builtin_subc) + +template +struct CRYPTO_subc_impl { + static_assert(sizeof(T) == 0, "Unsupported type for subc operation"); +}; + +template <> +struct CRYPTO_subc_impl { + static unsigned int sub(unsigned int x, unsigned int y, unsigned int borrow, + unsigned int *out_borrow) { + return __builtin_subc(x, y, borrow, out_borrow); + } +}; + +template <> +struct CRYPTO_subc_impl { + static unsigned long sub(unsigned long x, unsigned long y, + unsigned long borrow, unsigned long *out_borrow) { + return __builtin_subcl(x, y, borrow, out_borrow); + } +}; + +template <> +struct CRYPTO_subc_impl { + static unsigned long long sub(unsigned long long x, unsigned long long y, + unsigned long long borrow, + unsigned long long *out_borrow) { + return __builtin_subcll(x, y, borrow, out_borrow); + } +}; + +template +inline T CRYPTO_subc(T x, T y, T borrow, T *out_borrow) { + return CRYPTO_subc_impl::sub(x, y, borrow, out_borrow); +} + +inline uint32_t CRYPTO_subc_u32(uint32_t x, uint32_t y, uint32_t borrow, + uint32_t *out_borrow) { + return CRYPTO_subc(x, y, borrow, out_borrow); +} + +inline uint64_t CRYPTO_subc_u64(uint64_t x, uint64_t y, uint64_t borrow, + uint64_t *out_borrow) { + return CRYPTO_subc(x, y, borrow, out_borrow); +} + +#else + +static inline uint32_t CRYPTO_subc_u32(uint32_t x, uint32_t y, uint32_t borrow, + uint32_t *out_borrow) { + declassify_assert(borrow <= 1); + uint32_t ret = x - y - borrow; + *out_borrow = (x < y) | ((x == y) & borrow); + return ret; +} + +static inline uint64_t CRYPTO_subc_u64(uint64_t x, uint64_t y, uint64_t borrow, + uint64_t *out_borrow) { + declassify_assert(borrow <= 1); + uint64_t ret = x - y - borrow; + *out_borrow = (x < y) | ((x == y) & borrow); + return ret; +} +#endif + +#if defined(OPENSSL_64_BIT) +#define CRYPTO_addc_w CRYPTO_addc_u64 +#define CRYPTO_subc_w CRYPTO_subc_u64 +#else +#define CRYPTO_addc_w CRYPTO_addc_u32 +#define CRYPTO_subc_w CRYPTO_subc_u32 +#endif + + #endif // OPENSSL_HEADER_CRYPTO_INTERNAL_H diff --git a/Sources/CCryptoBoringSSL/crypto/keccak/keccak.c b/Sources/CCryptoBoringSSL/crypto/keccak/keccak.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/keccak/keccak.c rename to Sources/CCryptoBoringSSL/crypto/keccak/keccak.cc diff --git a/Sources/CCryptoBoringSSL/crypto/kyber/kyber.c b/Sources/CCryptoBoringSSL/crypto/kyber/kyber.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/kyber/kyber.c rename to Sources/CCryptoBoringSSL/crypto/kyber/kyber.cc diff --git a/Sources/CCryptoBoringSSL/crypto/lhash/lhash.c b/Sources/CCryptoBoringSSL/crypto/lhash/lhash.cc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/lhash/lhash.c rename to Sources/CCryptoBoringSSL/crypto/lhash/lhash.cc index 03a3e661..3c33d5ef 100644 --- a/Sources/CCryptoBoringSSL/crypto/lhash/lhash.c +++ b/Sources/CCryptoBoringSSL/crypto/lhash/lhash.cc @@ -62,8 +62,8 @@ #include -#include "internal.h" #include "../internal.h" +#include "internal.h" // kMinNumBuckets is the minimum size of the buckets array in an |_LHASH|. @@ -104,13 +104,14 @@ struct lhash_st { }; _LHASH *OPENSSL_lh_new(lhash_hash_func hash, lhash_cmp_func comp) { - _LHASH *ret = OPENSSL_zalloc(sizeof(_LHASH)); + _LHASH *ret = reinterpret_cast<_LHASH *>(OPENSSL_zalloc(sizeof(_LHASH))); if (ret == NULL) { return NULL; } ret->num_buckets = kMinNumBuckets; - ret->buckets = OPENSSL_calloc(ret->num_buckets, sizeof(LHASH_ITEM *)); + ret->buckets = reinterpret_cast( + OPENSSL_calloc(ret->num_buckets, sizeof(LHASH_ITEM *))); if (ret->buckets == NULL) { OPENSSL_free(ret); return NULL; @@ -208,11 +209,11 @@ static void lh_rebucket(_LHASH *lh, const size_t new_num_buckets) { size_t i, alloc_size; alloc_size = sizeof(LHASH_ITEM *) * new_num_buckets; - if (alloc_size / sizeof(LHASH_ITEM*) != new_num_buckets) { + if (alloc_size / sizeof(LHASH_ITEM *) != new_num_buckets) { return; } - new_buckets = OPENSSL_zalloc(alloc_size); + new_buckets = reinterpret_cast(OPENSSL_zalloc(alloc_size)); if (new_buckets == NULL) { return; } @@ -282,7 +283,7 @@ int OPENSSL_lh_insert(_LHASH *lh, void **old_data, void *data, } // An element equal to |data| doesn't exist in the hash table yet. - item = OPENSSL_malloc(sizeof(LHASH_ITEM)); + item = reinterpret_cast(OPENSSL_malloc(sizeof(LHASH_ITEM))); if (item == NULL) { return 0; } @@ -312,7 +313,7 @@ void *OPENSSL_lh_delete(_LHASH *lh, const void *data, item = *next_ptr; *next_ptr = item->next; - ret = item->data; + ret = reinterpret_cast(item->data); OPENSSL_free(item); lh->num_items--; diff --git a/Sources/CCryptoBoringSSL/crypto/md4/md4.c b/Sources/CCryptoBoringSSL/crypto/md4/md4.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/md4/md4.c rename to Sources/CCryptoBoringSSL/crypto/md4/md4.cc index 2782e991..f50ceb04 100644 --- a/Sources/CCryptoBoringSSL/crypto/md4/md4.c +++ b/Sources/CCryptoBoringSSL/crypto/md4/md4.cc @@ -59,8 +59,8 @@ #include #include -#include "../internal.h" #include "../crypto/fipsmodule/digest/md32_common.h" +#include "../internal.h" uint8_t *MD4(const uint8_t *data, size_t len, uint8_t out[MD4_DIGEST_LENGTH]) { @@ -91,7 +91,8 @@ void MD4_Transform(MD4_CTX *c, const uint8_t data[MD4_CBLOCK]) { int MD4_Update(MD4_CTX *c, const void *data, size_t len) { crypto_md32_update(&md4_block_data_order, c->h, c->data, MD4_CBLOCK, &c->num, - &c->Nh, &c->Nl, data, len); + &c->Nh, &c->Nl, reinterpret_cast(data), + len); return 1; } diff --git a/Sources/CCryptoBoringSSL/crypto/md5/md5.c b/Sources/CCryptoBoringSSL/crypto/md5/md5.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/md5/md5.c rename to Sources/CCryptoBoringSSL/crypto/md5/md5.cc index fccbd6eb..1870aa4a 100644 --- a/Sources/CCryptoBoringSSL/crypto/md5/md5.c +++ b/Sources/CCryptoBoringSSL/crypto/md5/md5.cc @@ -60,8 +60,8 @@ #include -#include "../internal.h" #include "../fipsmodule/digest/md32_common.h" +#include "../internal.h" #include "internal.h" @@ -96,7 +96,8 @@ void MD5_Transform(MD5_CTX *c, const uint8_t data[MD5_CBLOCK]) { int MD5_Update(MD5_CTX *c, const void *data, size_t len) { crypto_md32_update(&md5_block_data_order, c->h, c->data, MD5_CBLOCK, &c->num, - &c->Nh, &c->Nl, data, len); + &c->Nh, &c->Nl, reinterpret_cast(data), + len); return 1; } diff --git a/Sources/CCryptoBoringSSL/crypto/mem.c b/Sources/CCryptoBoringSSL/crypto/mem.cc similarity index 91% rename from Sources/CCryptoBoringSSL/crypto/mem.c rename to Sources/CCryptoBoringSSL/crypto/mem.cc index 446b9d2d..ce75fbf9 100644 --- a/Sources/CCryptoBoringSSL/crypto/mem.c +++ b/Sources/CCryptoBoringSSL/crypto/mem.cc @@ -84,8 +84,10 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) static_assert(OPENSSL_MALLOC_PREFIX >= sizeof(size_t), "size_t too large"); #if defined(OPENSSL_ASAN) +extern "C" { void __asan_poison_memory_region(const volatile void *addr, size_t size); void __asan_unpoison_memory_region(const volatile void *addr, size_t size); +} #else static void __asan_poison_memory_region(const void *addr, size_t size) {} static void __asan_unpoison_memory_region(const void *addr, size_t size) {} @@ -100,20 +102,27 @@ static void __asan_unpoison_memory_region(const void *addr, size_t size) {} // weak symbols. #if !defined(__EDK2_BORINGSSL__) && defined(__ELF__) && defined(__GNUC__) #define WEAK_SYMBOL_FUNC(rettype, name, args) \ - rettype name args __attribute__((weak)); + extern "C" { \ + rettype name args __attribute__((weak)); \ + } #else -#define WEAK_SYMBOL_FUNC(rettype, name, args) static rettype(*name) args = NULL; +#define WEAK_SYMBOL_FUNC(rettype, name, args) \ + static rettype(*const name) args = NULL; #endif +#if defined(BORINGSSL_DETECT_SDALLOCX) // sdallocx is a sized |free| function. By passing the size (which we happen to // always know in BoringSSL), the malloc implementation can save work. We cannot // depend on |sdallocx| being available, however, so it's a weak symbol. // -// This will always be safe, but will only be overridden if the malloc -// implementation is statically linked with BoringSSL. So, if |sdallocx| is -// provided in, say, libc.so, we still won't use it because that's dynamically -// linked. This isn't an ideal result, but its helps in some cases. -WEAK_SYMBOL_FUNC(void, sdallocx, (void *ptr, size_t size, int flags)); +// This mechanism is kept opt-in because it assumes that, when |sdallocx| is +// defined, it is part of the same allocator as |malloc|. This is usually true +// but may break if |malloc| does not implement |sdallocx|, but some other +// allocator with |sdallocx| is imported which does. +WEAK_SYMBOL_FUNC(void, sdallocx, (void *ptr, size_t size, int flags)) +#else +static void (*const sdallocx)(void *ptr, size_t size, int flags) = NULL; +#endif // The following three functions can be defined to override default heap // allocation and freeing. If defined, it is the responsibility of @@ -133,9 +142,9 @@ WEAK_SYMBOL_FUNC(void, sdallocx, (void *ptr, size_t size, int flags)); // primitives used must tolerate every other synchronization primitive linked // into the process, including pthreads locks. Failing to meet these constraints // may result in deadlocks, crashes, or memory corruption. -WEAK_SYMBOL_FUNC(void *, OPENSSL_memory_alloc, (size_t size)); -WEAK_SYMBOL_FUNC(void, OPENSSL_memory_free, (void *ptr)); -WEAK_SYMBOL_FUNC(size_t, OPENSSL_memory_get_size, (void *ptr)); +WEAK_SYMBOL_FUNC(void *, OPENSSL_memory_alloc, (size_t size)) +WEAK_SYMBOL_FUNC(void, OPENSSL_memory_free, (void *ptr)) +WEAK_SYMBOL_FUNC(size_t, OPENSSL_memory_get_size, (void *ptr)) #if defined(BORINGSSL_MALLOC_FAILURE_TESTING) static CRYPTO_MUTEX malloc_failure_lock = CRYPTO_MUTEX_INIT; @@ -218,6 +227,7 @@ static int should_fail_allocation(void) { return 0; } #endif void *OPENSSL_malloc(size_t size) { + void *ptr = nullptr; if (should_fail_allocation()) { goto err; } @@ -225,18 +235,18 @@ void *OPENSSL_malloc(size_t size) { if (OPENSSL_memory_alloc != NULL) { assert(OPENSSL_memory_free != NULL); assert(OPENSSL_memory_get_size != NULL); - void *ptr = OPENSSL_memory_alloc(size); - if (ptr == NULL && size != 0) { + void *ptr2 = OPENSSL_memory_alloc(size); + if (ptr2 == NULL && size != 0) { goto err; } - return ptr; + return ptr2; } if (size + OPENSSL_MALLOC_PREFIX < size) { goto err; } - void *ptr = malloc(size + OPENSSL_MALLOC_PREFIX); + ptr = malloc(size + OPENSSL_MALLOC_PREFIX); if (ptr == NULL) { goto err; } @@ -359,8 +369,8 @@ void OPENSSL_secure_clear_free(void *ptr, size_t len) { } int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) { - const uint8_t *a = in_a; - const uint8_t *b = in_b; + const uint8_t *a = reinterpret_cast(in_a); + const uint8_t *b = reinterpret_cast(in_b); uint8_t x = 0; for (size_t i = 0; i < len; i++) { @@ -375,7 +385,7 @@ uint32_t OPENSSL_hash32(const void *ptr, size_t len) { static const uint32_t kPrime = 16777619u; static const uint32_t kOffsetBasis = 2166136261u; - const uint8_t *in = ptr; + const uint8_t *in = reinterpret_cast(ptr); uint32_t h = kOffsetBasis; for (size_t i = 0; i < len; i++) { @@ -403,7 +413,7 @@ char *OPENSSL_strdup(const char *s) { return NULL; } // Copy the NUL terminator. - return OPENSSL_memdup(s, strlen(s) + 1); + return reinterpret_cast(OPENSSL_memdup(s, strlen(s) + 1)); } int OPENSSL_isalpha(int c) { @@ -498,13 +508,14 @@ int OPENSSL_vasprintf_internal(char **str, const char *format, va_list args, system_malloc ? realloc : OPENSSL_realloc; char *candidate = NULL; size_t candidate_len = 64; // TODO(bbe) what's the best initial size? + int ret; - if ((candidate = allocate(candidate_len)) == NULL) { + if ((candidate = reinterpret_cast(allocate(candidate_len))) == NULL) { goto err; } va_list args_copy; va_copy(args_copy, args); - int ret = vsnprintf(candidate, candidate_len, format, args_copy); + ret = vsnprintf(candidate, candidate_len, format, args_copy); va_end(args_copy); if (ret < 0) { goto err; @@ -514,7 +525,8 @@ int OPENSSL_vasprintf_internal(char **str, const char *format, va_list args, char *tmp; candidate_len = (size_t)ret + 1; - if ((tmp = reallocate(candidate, candidate_len)) == NULL) { + if ((tmp = reinterpret_cast( + reallocate(candidate, candidate_len))) == NULL) { goto err; } candidate = tmp; @@ -555,7 +567,7 @@ char *OPENSSL_strndup(const char *str, size_t size) { OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE); return NULL; } - char *ret = OPENSSL_malloc(alloc_size); + char *ret = reinterpret_cast(OPENSSL_malloc(alloc_size)); if (ret == NULL) { return NULL; } diff --git a/Sources/CCryptoBoringSSL/crypto/mldsa/internal.h b/Sources/CCryptoBoringSSL/crypto/mldsa/internal.h index dca55274..874d65d7 100644 --- a/Sources/CCryptoBoringSSL/crypto/mldsa/internal.h +++ b/Sources/CCryptoBoringSSL/crypto/mldsa/internal.h @@ -27,6 +27,9 @@ extern "C" { // random entropy necessary to generate a signature in randomized mode. #define MLDSA_SIGNATURE_RANDOMIZER_BYTES 32 + +// ML-DSA-65 + // MLDSA65_generate_key_external_entropy generates a public/private key pair // using the given seed, writes the encoded public key to // |out_encoded_public_key| and sets |out_private_key| to the private key. diff --git a/Sources/CCryptoBoringSSL/crypto/mldsa/mldsa.c b/Sources/CCryptoBoringSSL/crypto/mldsa/mldsa.cc similarity index 63% rename from Sources/CCryptoBoringSSL/crypto/mldsa/mldsa.c rename to Sources/CCryptoBoringSSL/crypto/mldsa/mldsa.cc index 8454debd..6ca75bde 100644 --- a/Sources/CCryptoBoringSSL/crypto/mldsa/mldsa.c +++ b/Sources/CCryptoBoringSSL/crypto/mldsa/mldsa.cc @@ -14,6 +14,8 @@ #include +#include + #include #include @@ -25,49 +27,121 @@ #include "../keccak/internal.h" #include "./internal.h" -#define DEGREE 256 -#define K 6 -#define L 5 -#define ETA 4 -#define TAU 49 -#define BETA 196 -#define OMEGA 55 - -#define RHO_BYTES 32 -#define SIGMA_BYTES 64 -#define K_BYTES 32 -#define TR_BYTES 64 -#define MU_BYTES 64 -#define RHO_PRIME_BYTES 64 -#define LAMBDA_BITS 192 -#define LAMBDA_BYTES (LAMBDA_BITS / 8) +namespace { + +constexpr int kDegree = 256; +constexpr int kRhoBytes = 32; +constexpr int kSigmaBytes = 64; +constexpr int kKBytes = 32; +constexpr int kTrBytes = 64; +constexpr int kMuBytes = 64; +constexpr int kRhoPrimeBytes = 64; // 2^23 - 2^13 + 1 -static const uint32_t kPrime = 8380417; +constexpr uint32_t kPrime = 8380417; // Inverse of -kPrime modulo 2^32 -static const uint32_t kPrimeNegInverse = 4236238847; -static const int kDroppedBits = 13; -static const uint32_t kHalfPrime = (8380417 - 1) / 2; -static const uint32_t kGamma1 = 1 << 19; -static const uint32_t kGamma2 = (8380417 - 1) / 32; +constexpr uint32_t kPrimeNegInverse = 4236238847; +constexpr int kDroppedBits = 13; +constexpr uint32_t kHalfPrime = (kPrime - 1) / 2; +constexpr uint32_t kGamma2 = (kPrime - 1) / 32; // 256^-1 mod kPrime, in Montgomery form. -static const uint32_t kInverseDegreeMontgomery = 41978; +constexpr uint32_t kInverseDegreeMontgomery = 41978; + +// Constants that vary depending on ML-DSA size. +// +// These are implemented as templates which take the K parameter to distinguish +// the ML-DSA sizes. (At the time of writing, `if constexpr` was not available.) +// +// TODO(crbug.com/42290600): Switch this to `if constexpr` when C++17 is +// available. + +template +constexpr size_t public_key_bytes(); + +template <> +constexpr size_t public_key_bytes<6>() { + return MLDSA65_PUBLIC_KEY_BYTES; +} + +template +constexpr size_t signature_bytes(); + +template <> +constexpr size_t signature_bytes<6>() { + return MLDSA65_SIGNATURE_BYTES; +} + +template +constexpr int tau(); + +template <> +constexpr int tau<6>() { + return 49; +} + +template +constexpr int lambda_bytes(); + +template <> +constexpr int lambda_bytes<6>() { + return 192 / 8; +} + +template +constexpr int gamma1(); + +template <> +constexpr int gamma1<6>() { + return 1 << 19; +} + +template +constexpr int beta(); + +template <> +constexpr int beta<6>() { + return 196; +} + +template +constexpr int omega(); + +template <> +constexpr int omega<6>() { + return 55; +} + +template +constexpr int eta(); + +template <> +constexpr int eta<6>() { + return 4; +} + +template +constexpr int plus_minus_eta_bitlen(); + +template <> +constexpr int plus_minus_eta_bitlen<6>() { + return 4; +} + +// Fundamental types. typedef struct scalar { - uint32_t c[DEGREE]; + uint32_t c[kDegree]; } scalar; -typedef struct vectork { +template +struct vector { scalar v[K]; -} vectork; - -typedef struct vectorl { - scalar v[L]; -} vectorl; +}; -typedef struct matrix { +template +struct matrix { scalar v[K][L]; -} matrix; +}; /* Arithmetic */ @@ -173,13 +247,13 @@ static uint32_t mod_sub(uint32_t a, uint32_t b) { } static void scalar_add(scalar *out, const scalar *lhs, const scalar *rhs) { - for (int i = 0; i < DEGREE; i++) { + for (int i = 0; i < kDegree; i++) { out->c[i] = reduce_once(lhs->c[i] + rhs->c[i]); } } static void scalar_sub(scalar *out, const scalar *lhs, const scalar *rhs) { - for (int i = 0; i < DEGREE; i++) { + for (int i = 0; i < kDegree; i++) { out->c[i] = mod_sub(lhs->c[i], rhs->c[i]); } } @@ -195,7 +269,7 @@ static uint32_t reduce_montgomery(uint64_t x) { // Multiply two scalars in the number theoretically transformed state. static void scalar_mult(scalar *out, const scalar *lhs, const scalar *rhs) { - for (int i = 0; i < DEGREE; i++) { + for (int i = 0; i < kDegree; i++) { out->c[i] = reduce_montgomery((uint64_t)lhs->c[i] * (uint64_t)rhs->c[i]); } } @@ -206,8 +280,8 @@ static void scalar_mult(scalar *out, const scalar *lhs, const scalar *rhs) { static void scalar_ntt(scalar *s) { // Step: 1, 2, 4, 8, ..., 128 // Offset: 128, 64, 32, 16, ..., 1 - int offset = DEGREE; - for (int step = 1; step < DEGREE; step <<= 1) { + int offset = kDegree; + for (int step = 1; step < kDegree; step <<= 1) { offset >>= 1; int k = 0; for (int i = 0; i < step; i++) { @@ -234,8 +308,8 @@ static void scalar_ntt(scalar *s) { static void scalar_inverse_ntt(scalar *s) { // Step: 128, 64, 32, 16, ..., 1 // Offset: 1, 2, 4, 8, ..., 128 - int step = DEGREE; - for (int offset = 1; offset < DEGREE; offset <<= 1) { + int step = kDegree; + for (int offset = 1; offset < kDegree; offset <<= 1) { step >>= 1; int k = 0; for (int i = 0; i < step; i++) { @@ -258,72 +332,59 @@ static void scalar_inverse_ntt(scalar *s) { k += 2 * offset; } } - for (int i = 0; i < DEGREE; i++) { + for (int i = 0; i < kDegree; i++) { s->c[i] = reduce_montgomery((uint64_t)s->c[i] * (uint64_t)kInverseDegreeMontgomery); } } -static void vectork_zero(vectork *out) { OPENSSL_memset(out, 0, sizeof(*out)); } +template +static void vector_zero(vector *out) { + OPENSSL_memset(out, 0, sizeof(*out)); +} -static void vectork_add(vectork *out, const vectork *lhs, const vectork *rhs) { - for (int i = 0; i < K; i++) { +template +static void vector_add(vector *out, const vector *lhs, + const vector *rhs) { + for (int i = 0; i < X; i++) { scalar_add(&out->v[i], &lhs->v[i], &rhs->v[i]); } } -static void vectork_sub(vectork *out, const vectork *lhs, const vectork *rhs) { - for (int i = 0; i < K; i++) { +template +static void vector_sub(vector *out, const vector *lhs, + const vector *rhs) { + for (int i = 0; i < X; i++) { scalar_sub(&out->v[i], &lhs->v[i], &rhs->v[i]); } } -static void vectork_mult_scalar(vectork *out, const vectork *lhs, - const scalar *rhs) { - for (int i = 0; i < K; i++) { +template +static void vector_mult_scalar(vector *out, const vector *lhs, + const scalar *rhs) { + for (int i = 0; i < X; i++) { scalar_mult(&out->v[i], &lhs->v[i], rhs); } } -static void vectork_ntt(vectork *a) { - for (int i = 0; i < K; i++) { +template +static void vector_ntt(vector *a) { + for (int i = 0; i < X; i++) { scalar_ntt(&a->v[i]); } } -static void vectork_inverse_ntt(vectork *a) { - for (int i = 0; i < K; i++) { +template +static void vector_inverse_ntt(vector *a) { + for (int i = 0; i < X; i++) { scalar_inverse_ntt(&a->v[i]); } } -static void vectorl_add(vectorl *out, const vectorl *lhs, const vectorl *rhs) { - for (int i = 0; i < L; i++) { - scalar_add(&out->v[i], &lhs->v[i], &rhs->v[i]); - } -} - -static void vectorl_mult_scalar(vectorl *out, const vectorl *lhs, - const scalar *rhs) { - for (int i = 0; i < L; i++) { - scalar_mult(&out->v[i], &lhs->v[i], rhs); - } -} - -static void vectorl_ntt(vectorl *a) { - for (int i = 0; i < L; i++) { - scalar_ntt(&a->v[i]); - } -} - -static void vectorl_inverse_ntt(vectorl *a) { - for (int i = 0; i < L; i++) { - scalar_inverse_ntt(&a->v[i]); - } -} - -static void matrix_mult(vectork *out, const matrix *m, const vectorl *a) { - vectork_zero(out); +template +static void matrix_mult(vector *out, const matrix *m, + const vector *a) { + vector_zero(out); for (int i = 0; i < K; i++) { for (int j = 0; j < L; j++) { scalar product; @@ -435,38 +496,38 @@ static uint32_t use_hint_vartime(uint32_t h, uint32_t r) { } static void scalar_power2_round(scalar *s1, scalar *s0, const scalar *s) { - for (int i = 0; i < DEGREE; i++) { + for (int i = 0; i < kDegree; i++) { power2_round(&s1->c[i], &s0->c[i], s->c[i]); } } static void scalar_scale_power2_round(scalar *out, const scalar *in) { - for (int i = 0; i < DEGREE; i++) { + for (int i = 0; i < kDegree; i++) { scale_power2_round(&out->c[i], in->c[i]); } } static void scalar_high_bits(scalar *out, const scalar *in) { - for (int i = 0; i < DEGREE; i++) { + for (int i = 0; i < kDegree; i++) { out->c[i] = high_bits(in->c[i]); } } static void scalar_low_bits(scalar *out, const scalar *in) { - for (int i = 0; i < DEGREE; i++) { + for (int i = 0; i < kDegree; i++) { out->c[i] = low_bits(in->c[i]); } } static void scalar_max(uint32_t *max, const scalar *s) { - for (int i = 0; i < DEGREE; i++) { + for (int i = 0; i < kDegree; i++) { uint32_t abs = abs_mod_prime(s->c[i]); *max = maximum(*max, abs); } } static void scalar_max_signed(uint32_t *max, const scalar *s) { - for (int i = 0; i < DEGREE; i++) { + for (int i = 0; i < kDegree; i++) { uint32_t abs = abs_signed(s->c[i]); *max = maximum(*max, abs); } @@ -474,98 +535,100 @@ static void scalar_max_signed(uint32_t *max, const scalar *s) { static void scalar_make_hint(scalar *out, const scalar *ct0, const scalar *cs2, const scalar *w) { - for (int i = 0; i < DEGREE; i++) { + for (int i = 0; i < kDegree; i++) { out->c[i] = make_hint(ct0->c[i], cs2->c[i], w->c[i]); } } static void scalar_use_hint_vartime(scalar *out, const scalar *h, const scalar *r) { - for (int i = 0; i < DEGREE; i++) { + for (int i = 0; i < kDegree; i++) { out->c[i] = use_hint_vartime(h->c[i], r->c[i]); } } -static void vectork_power2_round(vectork *t1, vectork *t0, const vectork *t) { - for (int i = 0; i < K; i++) { +template +static void vector_power2_round(vector *t1, vector *t0, + const vector *t) { + for (int i = 0; i < X; i++) { scalar_power2_round(&t1->v[i], &t0->v[i], &t->v[i]); } } -static void vectork_scale_power2_round(vectork *out, const vectork *in) { - for (int i = 0; i < K; i++) { +template +static void vector_scale_power2_round(vector *out, const vector *in) { + for (int i = 0; i < X; i++) { scalar_scale_power2_round(&out->v[i], &in->v[i]); } } -static void vectork_high_bits(vectork *out, const vectork *in) { - for (int i = 0; i < K; i++) { +template +static void vector_high_bits(vector *out, const vector *in) { + for (int i = 0; i < X; i++) { scalar_high_bits(&out->v[i], &in->v[i]); } } -static void vectork_low_bits(vectork *out, const vectork *in) { - for (int i = 0; i < K; i++) { +template +static void vector_low_bits(vector *out, const vector *in) { + for (int i = 0; i < X; i++) { scalar_low_bits(&out->v[i], &in->v[i]); } } -static uint32_t vectork_max(const vectork *a) { +template +static uint32_t vector_max(const vector *a) { uint32_t max = 0; - for (int i = 0; i < K; i++) { + for (int i = 0; i < X; i++) { scalar_max(&max, &a->v[i]); } return max; } -static uint32_t vectork_max_signed(const vectork *a) { +template +static uint32_t vector_max_signed(const vector *a) { uint32_t max = 0; - for (int i = 0; i < K; i++) { + for (int i = 0; i < X; i++) { scalar_max_signed(&max, &a->v[i]); } return max; } // The input vector contains only zeroes and ones. -static size_t vectork_count_ones(const vectork *a) { +template +static size_t vector_count_ones(const vector *a) { size_t count = 0; - for (int i = 0; i < K; i++) { - for (int j = 0; j < DEGREE; j++) { + for (int i = 0; i < X; i++) { + for (int j = 0; j < kDegree; j++) { count += a->v[i].c[j]; } } return count; } -static void vectork_make_hint(vectork *out, const vectork *ct0, - const vectork *cs2, const vectork *w) { - for (int i = 0; i < K; i++) { +template +static void vector_make_hint(vector *out, const vector *ct0, + const vector *cs2, const vector *w) { + for (int i = 0; i < X; i++) { scalar_make_hint(&out->v[i], &ct0->v[i], &cs2->v[i], &w->v[i]); } } -static void vectork_use_hint_vartime(vectork *out, const vectork *h, - const vectork *r) { - for (int i = 0; i < K; i++) { +template +static void vector_use_hint_vartime(vector *out, const vector *h, + const vector *r) { + for (int i = 0; i < X; i++) { scalar_use_hint_vartime(&out->v[i], &h->v[i], &r->v[i]); } } -static uint32_t vectorl_max(const vectorl *a) { - uint32_t max = 0; - for (int i = 0; i < L; i++) { - scalar_max(&max, &a->v[i]); - } - return max; -} - /* Bit packing */ // FIPS 204, Algorithm 16 (`SimpleBitPack`). Specialized to bitlen(b) = 4. static void scalar_encode_4(uint8_t out[128], const scalar *s) { // Every two elements lands on a byte boundary. - static_assert(DEGREE % 2 == 0, "DEGREE must be a multiple of 2"); - for (int i = 0; i < DEGREE / 2; i++) { + static_assert(kDegree % 2 == 0, "kDegree must be a multiple of 2"); + for (int i = 0; i < kDegree / 2; i++) { uint32_t a = s->c[2 * i]; uint32_t b = s->c[2 * i + 1]; declassify_assert(a < 16); @@ -577,8 +640,8 @@ static void scalar_encode_4(uint8_t out[128], const scalar *s) { // FIPS 204, Algorithm 16 (`SimpleBitPack`). Specialized to bitlen(b) = 10. static void scalar_encode_10(uint8_t out[320], const scalar *s) { // Every four elements lands on a byte boundary. - static_assert(DEGREE % 4 == 0, "DEGREE must be a multiple of 4"); - for (int i = 0; i < DEGREE / 4; i++) { + static_assert(kDegree % 4 == 0, "kDegree must be a multiple of 4"); + for (int i = 0; i < kDegree / 4; i++) { uint32_t a = s->c[4 * i]; uint32_t b = s->c[4 * i + 1]; uint32_t c = s->c[4 * i + 2]; @@ -595,14 +658,13 @@ static void scalar_encode_10(uint8_t out[320], const scalar *s) { } } -// FIPS 204, Algorithm 17 (`BitPack`). Specialized to bitlen(b) = 4 and b = -// 2^19. -static void scalar_encode_signed_4_eta(uint8_t out[128], const scalar *s) { +// FIPS 204, Algorithm 17 (`BitPack`). Specialized to bitlen(b) = 4 and b = 4. +static void scalar_encode_signed_4_4(uint8_t out[128], const scalar *s) { // Every two elements lands on a byte boundary. - static_assert(DEGREE % 2 == 0, "DEGREE must be a multiple of 2"); - for (int i = 0; i < DEGREE / 2; i++) { - uint32_t a = mod_sub(ETA, s->c[2 * i]); - uint32_t b = mod_sub(ETA, s->c[2 * i + 1]); + static_assert(kDegree % 2 == 0, "kDegree must be a multiple of 2"); + for (int i = 0; i < kDegree / 2; i++) { + uint32_t a = mod_sub(4, s->c[2 * i]); + uint32_t b = mod_sub(4, s->c[2 * i + 1]); declassify_assert(a < 16); declassify_assert(b < 16); out[i] = a | (b << 4); @@ -614,8 +676,8 @@ static void scalar_encode_signed_4_eta(uint8_t out[128], const scalar *s) { static void scalar_encode_signed_13_12(uint8_t out[416], const scalar *s) { static const uint32_t kMax = 1u << 12; // Every two elements lands on a byte boundary. - static_assert(DEGREE % 8 == 0, "DEGREE must be a multiple of 8"); - for (int i = 0; i < DEGREE / 8; i++) { + static_assert(kDegree % 8 == 0, "kDegree must be a multiple of 8"); + for (int i = 0; i < kDegree / 8; i++) { uint32_t a = mod_sub(kMax, s->c[8 * i]); uint32_t b = mod_sub(kMax, s->c[8 * i + 1]); uint32_t c = mod_sub(kMax, s->c[8 * i + 2]); @@ -654,8 +716,8 @@ static void scalar_encode_signed_13_12(uint8_t out[416], const scalar *s) { static void scalar_encode_signed_20_19(uint8_t out[640], const scalar *s) { static const uint32_t kMax = 1u << 19; // Every two elements lands on a byte boundary. - static_assert(DEGREE % 4 == 0, "DEGREE must be a multiple of 4"); - for (int i = 0; i < DEGREE / 4; i++) { + static_assert(kDegree % 4 == 0, "kDegree must be a multiple of 4"); + for (int i = 0; i < kDegree / 4; i++) { uint32_t a = mod_sub(kMax, s->c[4 * i]); uint32_t b = mod_sub(kMax, s->c[4 * i + 1]); uint32_t c = mod_sub(kMax, s->c[4 * i + 2]); @@ -679,8 +741,8 @@ static void scalar_encode_signed_20_19(uint8_t out[640], const scalar *s) { static void scalar_encode_signed(uint8_t *out, const scalar *s, int bits, uint32_t max) { if (bits == 4) { - assert(max == ETA); - scalar_encode_signed_4_eta(out, s); + assert(max == 4); + scalar_encode_signed_4_4(out, s); } else if (bits == 20) { assert(max == 1u << 19); scalar_encode_signed_20_19(out, s); @@ -694,8 +756,8 @@ static void scalar_encode_signed(uint8_t *out, const scalar *s, int bits, // FIPS 204, Algorithm 18 (`SimpleBitUnpack`). Specialized for bitlen(b) == 10. static void scalar_decode_10(scalar *out, const uint8_t in[320]) { uint32_t v; - static_assert(DEGREE % 4 == 0, "DEGREE must be a multiple of 4"); - for (int i = 0; i < DEGREE / 4; i++) { + static_assert(kDegree % 4 == 0, "kDegree must be a multiple of 4"); + for (int i = 0; i < kDegree / 4; i++) { OPENSSL_memcpy(&v, &in[5 * i], sizeof(v)); out->c[4 * i] = v & 0x3ff; out->c[4 * i + 1] = (v >> 10) & 0x3ff; @@ -705,13 +767,12 @@ static void scalar_decode_10(scalar *out, const uint8_t in[320]) { } // FIPS 204, Algorithm 19 (`BitUnpack`). Specialized to bitlen(a+b) = 4 and b = -// eta. -static int scalar_decode_signed_4_eta(scalar *out, const uint8_t in[128]) { +// 4. +static int scalar_decode_signed_4_4(scalar *out, const uint8_t in[128]) { uint32_t v; - static_assert(DEGREE % 8 == 0, "DEGREE must be a multiple of 8"); - for (int i = 0; i < DEGREE / 8; i++) { + static_assert(kDegree % 8 == 0, "kDegree must be a multiple of 8"); + for (int i = 0; i < kDegree / 8; i++) { OPENSSL_memcpy(&v, &in[4 * i], sizeof(v)); - static_assert(ETA == 4, "ETA must be 4"); // None of the nibbles may be >= 9. So if the MSB of any nibble is set, none // of the other bits may be set. First, select all the MSBs. const uint32_t msbs = v & 0x88888888u; @@ -723,14 +784,14 @@ static int scalar_decode_signed_4_eta(scalar *out, const uint8_t in[128]) { return 0; } - out->c[i * 8] = mod_sub(ETA, v & 15); - out->c[i * 8 + 1] = mod_sub(ETA, (v >> 4) & 15); - out->c[i * 8 + 2] = mod_sub(ETA, (v >> 8) & 15); - out->c[i * 8 + 3] = mod_sub(ETA, (v >> 12) & 15); - out->c[i * 8 + 4] = mod_sub(ETA, (v >> 16) & 15); - out->c[i * 8 + 5] = mod_sub(ETA, (v >> 20) & 15); - out->c[i * 8 + 6] = mod_sub(ETA, (v >> 24) & 15); - out->c[i * 8 + 7] = mod_sub(ETA, v >> 28); + out->c[i * 8] = mod_sub(4, v & 15); + out->c[i * 8 + 1] = mod_sub(4, (v >> 4) & 15); + out->c[i * 8 + 2] = mod_sub(4, (v >> 8) & 15); + out->c[i * 8 + 3] = mod_sub(4, (v >> 12) & 15); + out->c[i * 8 + 4] = mod_sub(4, (v >> 16) & 15); + out->c[i * 8 + 5] = mod_sub(4, (v >> 20) & 15); + out->c[i * 8 + 6] = mod_sub(4, (v >> 24) & 15); + out->c[i * 8 + 7] = mod_sub(4, v >> 28); } return 1; } @@ -744,8 +805,8 @@ static void scalar_decode_signed_13_12(scalar *out, const uint8_t in[416]) { uint32_t a, b, c; uint8_t d; - static_assert(DEGREE % 8 == 0, "DEGREE must be a multiple of 8"); - for (int i = 0; i < DEGREE / 8; i++) { + static_assert(kDegree % 8 == 0, "kDegree must be a multiple of 8"); + for (int i = 0; i < kDegree / 8; i++) { OPENSSL_memcpy(&a, &in[13 * i], sizeof(a)); OPENSSL_memcpy(&b, &in[13 * i + 4], sizeof(b)); OPENSSL_memcpy(&c, &in[13 * i + 8], sizeof(c)); @@ -772,8 +833,8 @@ static void scalar_decode_signed_20_19(scalar *out, const uint8_t in[640]) { uint32_t a, b; uint16_t c; - static_assert(DEGREE % 4 == 0, "DEGREE must be a multiple of 4"); - for (int i = 0; i < DEGREE / 4; i++) { + static_assert(kDegree % 4 == 0, "kDegree must be a multiple of 4"); + for (int i = 0; i < kDegree / 4; i++) { OPENSSL_memcpy(&a, &in[10 * i], sizeof(a)); OPENSSL_memcpy(&b, &in[10 * i + 4], sizeof(b)); OPENSSL_memcpy(&c, &in[10 * i + 8], sizeof(c)); @@ -791,8 +852,8 @@ static void scalar_decode_signed_20_19(scalar *out, const uint8_t in[640]) { static int scalar_decode_signed(scalar *out, const uint8_t *in, int bits, uint32_t max) { if (bits == 4) { - assert(max == ETA); - return scalar_decode_signed_4_eta(out, in); + assert(max == 4); + return scalar_decode_signed_4_4(out, in); } else if (bits == 13) { assert(max == (1u << 12)); scalar_decode_signed_13_12(out, in); @@ -813,19 +874,19 @@ static int scalar_decode_signed(scalar *out, const uint8_t *in, int bits, // Rejection samples a Keccak stream to get uniformly distributed elements. This // is used for matrix expansion and only operates on public inputs. static void scalar_from_keccak_vartime( - scalar *out, const uint8_t derived_seed[RHO_BYTES + 2]) { + scalar *out, const uint8_t derived_seed[kRhoBytes + 2]) { struct BORINGSSL_keccak_st keccak_ctx; BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake128); - BORINGSSL_keccak_absorb(&keccak_ctx, derived_seed, RHO_BYTES + 2); + BORINGSSL_keccak_absorb(&keccak_ctx, derived_seed, kRhoBytes + 2); assert(keccak_ctx.squeeze_offset == 0); assert(keccak_ctx.rate_bytes == 168); static_assert(168 % 3 == 0, "block and coefficient boundaries do not align"); int done = 0; - while (done < DEGREE) { + while (done < kDegree) { uint8_t block[168]; BORINGSSL_keccak_squeeze(&keccak_ctx, block, sizeof(block)); - for (size_t i = 0; i < sizeof(block) && done < DEGREE; i += 3) { + for (size_t i = 0; i < sizeof(block) && done < kDegree; i += 3) { // FIPS 204, Algorithm 14 (`CoeffFromThreeBytes`). uint32_t value = (uint32_t)block[i] | ((uint32_t)block[i + 1] << 8) | (((uint32_t)block[i + 2] & 0x7f) << 16); @@ -836,22 +897,33 @@ static void scalar_from_keccak_vartime( } } -// FIPS 204, Algorithm 31 (`RejBoundedPoly`). -static void scalar_uniform_eta_4(scalar *out, - const uint8_t derived_seed[SIGMA_BYTES + 2]) { - static_assert(ETA == 4, "This implementation is specialized for ETA == 4"); +template +static bool coefficient_from_nibble(uint32_t nibble, uint32_t *result); +template <> +bool coefficient_from_nibble<4>(uint32_t nibble, uint32_t *result) { + if (constant_time_declassify_int(nibble < 9)) { + *result = mod_sub(4, nibble); + return true; + } + return false; +} + +// FIPS 204, Algorithm 31 (`RejBoundedPoly`). +template +static void scalar_uniform(scalar *out, + const uint8_t derived_seed[kSigmaBytes + 2]) { struct BORINGSSL_keccak_st keccak_ctx; BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake256); - BORINGSSL_keccak_absorb(&keccak_ctx, derived_seed, SIGMA_BYTES + 2); + BORINGSSL_keccak_absorb(&keccak_ctx, derived_seed, kSigmaBytes + 2); assert(keccak_ctx.squeeze_offset == 0); assert(keccak_ctx.rate_bytes == 136); int done = 0; - while (done < DEGREE) { + while (done < kDegree) { uint8_t block[136]; BORINGSSL_keccak_squeeze(&keccak_ctx, block, sizeof(block)); - for (size_t i = 0; i < sizeof(block) && done < DEGREE; ++i) { + for (size_t i = 0; i < sizeof(block) && done < kDegree; ++i) { uint32_t t0 = block[i] & 0x0F; uint32_t t1 = block[i] >> 4; // FIPS 204, Algorithm 15 (`CoefFromHalfByte`). Although both the input @@ -859,21 +931,22 @@ static void scalar_uniform_eta_4(scalar *out, // Individual bytes of the SHAKE-256 stream are (indistiguishable from) // independent of each other and the original seed, so leaking information // about the rejected bytes does not reveal the input or output. - if (constant_time_declassify_int(t0 < 9)) { - out->c[done++] = mod_sub(ETA, t0); + uint32_t v; + if (coefficient_from_nibble(t0, &v)) { + out->c[done++] = v; } - if (done < DEGREE && constant_time_declassify_int(t1 < 9)) { - out->c[done++] = mod_sub(ETA, t1); + if (done < kDegree && coefficient_from_nibble(t1, &v)) { + out->c[done++] = v; } } } } // FIPS 204, Algorithm 34 (`ExpandMask`), but just a single step. -static void scalar_sample_mask( - scalar *out, const uint8_t derived_seed[RHO_PRIME_BYTES + 2]) { +static void scalar_sample_mask(scalar *out, + const uint8_t derived_seed[kRhoPrimeBytes + 2]) { uint8_t buf[640]; - BORINGSSL_keccak(buf, sizeof(buf), derived_seed, RHO_PRIME_BYTES + 2, + BORINGSSL_keccak(buf, sizeof(buf), derived_seed, kRhoPrimeBytes + 2, boringssl_shake256); scalar_decode_signed_20_19(out, buf); @@ -881,9 +954,7 @@ static void scalar_sample_mask( // FIPS 204, Algorithm 29 (`SampleInBall`). static void scalar_sample_in_ball_vartime(scalar *out, const uint8_t *seed, - int len) { - assert(len == 2 * LAMBDA_BYTES); - + int len, int tau) { struct BORINGSSL_keccak_st keccak_ctx; BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake256); BORINGSSL_keccak_absorb(&keccak_ctx, seed, len); @@ -902,7 +973,7 @@ static void scalar_sample_in_ball_vartime(scalar *out, const uint8_t *seed, CONSTTIME_DECLASSIFY(block + offset, sizeof(block) - offset); OPENSSL_memset(out, 0, sizeof(*out)); - for (size_t i = DEGREE - TAU; i < DEGREE; i++) { + for (size_t i = kDegree - tau; i < kDegree; i++) { size_t byte; for (;;) { if (offset == 136) { @@ -925,54 +996,57 @@ static void scalar_sample_in_ball_vartime(scalar *out, const uint8_t *seed, } // FIPS 204, Algorithm 32 (`ExpandA`). -static void matrix_expand(matrix *out, const uint8_t rho[RHO_BYTES]) { +template +static void matrix_expand(matrix *out, const uint8_t rho[kRhoBytes]) { static_assert(K <= 0x100, "K must fit in 8 bits"); static_assert(L <= 0x100, "L must fit in 8 bits"); - uint8_t derived_seed[RHO_BYTES + 2]; - OPENSSL_memcpy(derived_seed, rho, RHO_BYTES); + uint8_t derived_seed[kRhoBytes + 2]; + OPENSSL_memcpy(derived_seed, rho, kRhoBytes); for (int i = 0; i < K; i++) { for (int j = 0; j < L; j++) { - derived_seed[RHO_BYTES + 1] = (uint8_t)i; - derived_seed[RHO_BYTES] = (uint8_t)j; + derived_seed[kRhoBytes + 1] = (uint8_t)i; + derived_seed[kRhoBytes] = (uint8_t)j; scalar_from_keccak_vartime(&out->v[i][j], derived_seed); } } } // FIPS 204, Algorithm 33 (`ExpandS`). -static void vector_expand_short(vectorl *s1, vectork *s2, - const uint8_t sigma[SIGMA_BYTES]) { +template +static void vector_expand_short(vector *s1, vector *s2, + const uint8_t sigma[kSigmaBytes]) { static_assert(K <= 0x100, "K must fit in 8 bits"); static_assert(L <= 0x100, "L must fit in 8 bits"); static_assert(K + L <= 0x100, "K+L must fit in 8 bits"); - uint8_t derived_seed[SIGMA_BYTES + 2]; - OPENSSL_memcpy(derived_seed, sigma, SIGMA_BYTES); - derived_seed[SIGMA_BYTES] = 0; - derived_seed[SIGMA_BYTES + 1] = 0; + uint8_t derived_seed[kSigmaBytes + 2]; + OPENSSL_memcpy(derived_seed, sigma, kSigmaBytes); + derived_seed[kSigmaBytes] = 0; + derived_seed[kSigmaBytes + 1] = 0; for (int i = 0; i < L; i++) { - scalar_uniform_eta_4(&s1->v[i], derived_seed); - ++derived_seed[SIGMA_BYTES]; + scalar_uniform()>(&s1->v[i], derived_seed); + ++derived_seed[kSigmaBytes]; } for (int i = 0; i < K; i++) { - scalar_uniform_eta_4(&s2->v[i], derived_seed); - ++derived_seed[SIGMA_BYTES]; + scalar_uniform()>(&s2->v[i], derived_seed); + ++derived_seed[kSigmaBytes]; } } // FIPS 204, Algorithm 34 (`ExpandMask`). -static void vectorl_expand_mask(vectorl *out, - const uint8_t seed[RHO_PRIME_BYTES], - size_t kappa) { +template +static void vector_expand_mask(vector *out, + const uint8_t seed[kRhoPrimeBytes], + size_t kappa) { assert(kappa + L <= 0x10000); - uint8_t derived_seed[RHO_PRIME_BYTES + 2]; - OPENSSL_memcpy(derived_seed, seed, RHO_PRIME_BYTES); + uint8_t derived_seed[kRhoPrimeBytes + 2]; + OPENSSL_memcpy(derived_seed, seed, kRhoPrimeBytes); for (int i = 0; i < L; i++) { size_t index = kappa + i; - derived_seed[RHO_PRIME_BYTES] = index & 0xFF; - derived_seed[RHO_PRIME_BYTES + 1] = (index >> 8) & 0xFF; + derived_seed[kRhoPrimeBytes] = index & 0xFF; + derived_seed[kRhoPrimeBytes + 1] = (index >> 8) & 0xFF; scalar_sample_mask(&out->v[i], derived_seed); } } @@ -981,63 +1055,49 @@ static void vectorl_expand_mask(vectorl *out, // FIPS 204, Algorithm 16 (`SimpleBitPack`). // -// Encodes an entire vector into 32*K*|bits| bytes. Note that since 256 (DEGREE) -// is divisible by 8, the individual vector entries will always fill a whole -// number of bytes, so we do not need to worry about bit packing here. -static void vectork_encode(uint8_t *out, const vectork *a, int bits) { +// Encodes an entire vector into 32*K*|bits| bytes. Note that since 256 +// (kDegree) is divisible by 8, the individual vector entries will always fill a +// whole number of bytes, so we do not need to worry about bit packing here. +template +static void vector_encode(uint8_t *out, const vector *a, int bits) { if (bits == 4) { for (int i = 0; i < K; i++) { - scalar_encode_4(out + i * bits * DEGREE / 8, &a->v[i]); + scalar_encode_4(out + i * bits * kDegree / 8, &a->v[i]); } } else { assert(bits == 10); for (int i = 0; i < K; i++) { - scalar_encode_10(out + i * bits * DEGREE / 8, &a->v[i]); + scalar_encode_10(out + i * bits * kDegree / 8, &a->v[i]); } } } // FIPS 204, Algorithm 18 (`SimpleBitUnpack`). -static void vectork_decode_10(vectork *out, const uint8_t *in) { - for (int i = 0; i < K; i++) { - scalar_decode_10(&out->v[i], in + i * 10 * DEGREE / 8); - } -} - -static void vectork_encode_signed(uint8_t *out, const vectork *a, int bits, - uint32_t max) { +template +static void vector_decode_10(vector *out, const uint8_t *in) { for (int i = 0; i < K; i++) { - scalar_encode_signed(out + i * bits * DEGREE / 8, &a->v[i], bits, max); + scalar_decode_10(&out->v[i], in + i * 10 * kDegree / 8); } } -static int vectork_decode_signed(vectork *out, const uint8_t *in, int bits, - uint32_t max) { - for (int i = 0; i < K; i++) { - if (!scalar_decode_signed(&out->v[i], in + i * bits * DEGREE / 8, bits, - max)) { - return 0; - } - } - return 1; -} - // FIPS 204, Algorithm 17 (`BitPack`). // -// Encodes an entire vector into 32*L*|bits| bytes. Note that since 256 (DEGREE) -// is divisible by 8, the individual vector entries will always fill a whole -// number of bytes, so we do not need to worry about bit packing here. -static void vectorl_encode_signed(uint8_t *out, const vectorl *a, int bits, - uint32_t max) { - for (int i = 0; i < L; i++) { - scalar_encode_signed(out + i * bits * DEGREE / 8, &a->v[i], bits, max); +// Encodes an entire vector into 32*L*|bits| bytes. Note that since 256 +// (kDegree) is divisible by 8, the individual vector entries will always fill a +// whole number of bytes, so we do not need to worry about bit packing here. +template +static void vector_encode_signed(uint8_t *out, const vector *a, int bits, + uint32_t max) { + for (int i = 0; i < X; i++) { + scalar_encode_signed(out + i * bits * kDegree / 8, &a->v[i], bits, max); } } -static int vectorl_decode_signed(vectorl *out, const uint8_t *in, int bits, - uint32_t max) { - for (int i = 0; i < L; i++) { - if (!scalar_decode_signed(&out->v[i], in + i * bits * DEGREE / 8, bits, +template +static int vector_decode_signed(vector *out, const uint8_t *in, int bits, + uint32_t max) { + for (int i = 0; i < X; i++) { + if (!scalar_decode_signed(&out->v[i], in + i * bits * kDegree / 8, bits, max)) { return 0; } @@ -1046,33 +1106,36 @@ static int vectorl_decode_signed(vectorl *out, const uint8_t *in, int bits, } // FIPS 204, Algorithm 28 (`w1Encode`). -static void w1_encode(uint8_t out[128 * K], const vectork *w1) { - vectork_encode(out, w1, 4); +template +static void w1_encode(uint8_t out[128 * K], const vector *w1) { + vector_encode(out, w1, 4); } // FIPS 204, Algorithm 20 (`HintBitPack`). -static void hint_bit_pack(uint8_t out[OMEGA + K], const vectork *h) { - OPENSSL_memset(out, 0, OMEGA + K); +template +static void hint_bit_pack(uint8_t out[omega() + K], const vector *h) { + OPENSSL_memset(out, 0, omega() + K); int index = 0; for (int i = 0; i < K; i++) { - for (int j = 0; j < DEGREE; j++) { + for (int j = 0; j < kDegree; j++) { if (h->v[i].c[j]) { - // h must have at most OMEGA non-zero coefficients. - BSSL_CHECK(index < OMEGA); + // h must have at most omega() non-zero coefficients. + BSSL_CHECK(index < omega()); out[index++] = j; } } - out[OMEGA + i] = index; + out[omega() + i] = index; } } // FIPS 204, Algorithm 21 (`HintBitUnpack`). -static int hint_bit_unpack(vectork *h, const uint8_t in[OMEGA + K]) { - vectork_zero(h); +template +static int hint_bit_unpack(vector *h, const uint8_t in[omega() + K]) { + vector_zero(h); int index = 0; for (int i = 0; i < K; i++) { - const int limit = in[OMEGA + i]; - if (limit < index || limit > OMEGA) { + const int limit = in[omega() + i]; + if (limit < index || limit > omega()) { return 0; } @@ -1083,12 +1146,12 @@ static int hint_bit_unpack(vectork *h, const uint8_t in[OMEGA + K]) { return 0; } last = byte; - static_assert(DEGREE == 256, - "DEGREE must be 256 for this write to be in bounds"); + static_assert(kDegree == 256, + "kDegree must be 256 for this write to be in bounds"); h->v[i].c[byte] = 1; } } - for (; index < OMEGA; index++) { + for (; index < omega(); index++) { if (in[index] != 0) { return 0; } @@ -1096,30 +1159,34 @@ static int hint_bit_unpack(vectork *h, const uint8_t in[OMEGA + K]) { return 1; } +template struct public_key { - uint8_t rho[RHO_BYTES]; - vectork t1; + uint8_t rho[kRhoBytes]; + vector t1; // Pre-cached value(s). - uint8_t public_key_hash[TR_BYTES]; + uint8_t public_key_hash[kTrBytes]; }; +template struct private_key { - uint8_t rho[RHO_BYTES]; - uint8_t k[K_BYTES]; - uint8_t public_key_hash[TR_BYTES]; - vectorl s1; - vectork s2; - vectork t0; + uint8_t rho[kRhoBytes]; + uint8_t k[kKBytes]; + uint8_t public_key_hash[kTrBytes]; + vector s1; + vector s2; + vector t0; }; +template struct signature { - uint8_t c_tilde[2 * LAMBDA_BYTES]; - vectorl z; - vectork h; + uint8_t c_tilde[2 * lambda_bytes()]; + vector z; + vector h; }; // FIPS 204, Algorithm 22 (`pkEncode`). -static int mldsa_marshal_public_key(CBB *out, const struct public_key *pub) { +template +static int mldsa_marshal_public_key(CBB *out, const struct public_key *pub) { if (!CBB_add_bytes(out, pub->rho, sizeof(pub->rho))) { return 0; } @@ -1128,28 +1195,37 @@ static int mldsa_marshal_public_key(CBB *out, const struct public_key *pub) { if (!CBB_add_space(out, &vectork_output, 320 * K)) { return 0; } - vectork_encode(vectork_output, &pub->t1, 10); + vector_encode(vectork_output, &pub->t1, 10); return 1; } // FIPS 204, Algorithm 23 (`pkDecode`). -static int mldsa_parse_public_key(struct public_key *pub, CBS *in) { +template +static int mldsa_parse_public_key(struct public_key *pub, CBS *in) { + const CBS orig_in = *in; + if (!CBS_copy_bytes(in, pub->rho, sizeof(pub->rho))) { return 0; } CBS t1_bytes; - if (!CBS_get_bytes(in, &t1_bytes, 320 * K)) { + if (!CBS_get_bytes(in, &t1_bytes, 320 * K) || CBS_len(in) != 0) { return 0; } - vectork_decode_10(&pub->t1, CBS_data(&t1_bytes)); + vector_decode_10(&pub->t1, CBS_data(&t1_bytes)); + + // Compute pre-cached values. + BORINGSSL_keccak(pub->public_key_hash, sizeof(pub->public_key_hash), + CBS_data(&orig_in), CBS_len(&orig_in), boringssl_shake256); return 1; } // FIPS 204, Algorithm 24 (`skEncode`). -static int mldsa_marshal_private_key(CBB *out, const struct private_key *priv) { +template +static int mldsa_marshal_private_key(CBB *out, + const struct private_key *priv) { if (!CBB_add_bytes(out, priv->rho, sizeof(priv->rho)) || !CBB_add_bytes(out, priv->k, sizeof(priv->k)) || !CBB_add_bytes(out, priv->public_key_hash, @@ -1157,42 +1233,52 @@ static int mldsa_marshal_private_key(CBB *out, const struct private_key *priv) { return 0; } + constexpr size_t scalar_bytes = + (kDegree * plus_minus_eta_bitlen() + 7) / 8; uint8_t *vectorl_output; - if (!CBB_add_space(out, &vectorl_output, 128 * L)) { + if (!CBB_add_space(out, &vectorl_output, scalar_bytes * L)) { return 0; } - vectorl_encode_signed(vectorl_output, &priv->s1, 4, ETA); + vector_encode_signed(vectorl_output, &priv->s1, plus_minus_eta_bitlen(), + eta()); - uint8_t *vectork_output; - if (!CBB_add_space(out, &vectork_output, 128 * K)) { + uint8_t *s2_output; + if (!CBB_add_space(out, &s2_output, scalar_bytes * K)) { return 0; } - vectork_encode_signed(vectork_output, &priv->s2, 4, ETA); + vector_encode_signed(s2_output, &priv->s2, plus_minus_eta_bitlen(), + eta()); - if (!CBB_add_space(out, &vectork_output, 416 * K)) { + uint8_t *t0_output; + if (!CBB_add_space(out, &t0_output, 416 * K)) { return 0; } - vectork_encode_signed(vectork_output, &priv->t0, 13, 1 << 12); + vector_encode_signed(t0_output, &priv->t0, 13, 1 << 12); return 1; } // FIPS 204, Algorithm 25 (`skDecode`). -static int mldsa_parse_private_key(struct private_key *priv, CBS *in) { +template +static int mldsa_parse_private_key(struct private_key *priv, CBS *in) { CBS s1_bytes; CBS s2_bytes; CBS t0_bytes; + constexpr size_t scalar_bytes = + (kDegree * plus_minus_eta_bitlen() + 7) / 8; if (!CBS_copy_bytes(in, priv->rho, sizeof(priv->rho)) || !CBS_copy_bytes(in, priv->k, sizeof(priv->k)) || !CBS_copy_bytes(in, priv->public_key_hash, sizeof(priv->public_key_hash)) || - !CBS_get_bytes(in, &s1_bytes, 128 * L) || - !vectorl_decode_signed(&priv->s1, CBS_data(&s1_bytes), 4, ETA) || - !CBS_get_bytes(in, &s2_bytes, 128 * K) || - !vectork_decode_signed(&priv->s2, CBS_data(&s2_bytes), 4, ETA) || + !CBS_get_bytes(in, &s1_bytes, scalar_bytes * L) || + !vector_decode_signed(&priv->s1, CBS_data(&s1_bytes), + plus_minus_eta_bitlen(), eta()) || + !CBS_get_bytes(in, &s2_bytes, scalar_bytes * K) || + !vector_decode_signed(&priv->s2, CBS_data(&s2_bytes), + plus_minus_eta_bitlen(), eta()) || !CBS_get_bytes(in, &t0_bytes, 416 * K) || // Note: Decoding 13 bits into (-2^12, 2^12] cannot fail. - !vectork_decode_signed(&priv->t0, CBS_data(&t0_bytes), 13, 1 << 12)) { + !vector_decode_signed(&priv->t0, CBS_data(&t0_bytes), 13, 1 << 12)) { return 0; } @@ -1200,7 +1286,9 @@ static int mldsa_parse_private_key(struct private_key *priv, CBS *in) { } // FIPS 204, Algorithm 26 (`sigEncode`). -static int mldsa_marshal_signature(CBB *out, const struct signature *sign) { +template +static int mldsa_marshal_signature(CBB *out, + const struct signature *sign) { if (!CBB_add_bytes(out, sign->c_tilde, sizeof(sign->c_tilde))) { return 0; } @@ -1209,10 +1297,10 @@ static int mldsa_marshal_signature(CBB *out, const struct signature *sign) { if (!CBB_add_space(out, &vectorl_output, 640 * L)) { return 0; } - vectorl_encode_signed(vectorl_output, &sign->z, 20, 1 << 19); + vector_encode_signed(vectorl_output, &sign->z, 20, 1 << 19); uint8_t *hint_output; - if (!CBB_add_space(out, &hint_output, OMEGA + K)) { + if (!CBB_add_space(out, &hint_output, omega() + K)) { return 0; } hint_bit_pack(hint_output, &sign->h); @@ -1221,14 +1309,15 @@ static int mldsa_marshal_signature(CBB *out, const struct signature *sign) { } // FIPS 204, Algorithm 27 (`sigDecode`). -static int mldsa_parse_signature(struct signature *sign, CBS *in) { +template +static int mldsa_parse_signature(struct signature *sign, CBS *in) { CBS z_bytes; CBS hint_bytes; if (!CBS_copy_bytes(in, sign->c_tilde, sizeof(sign->c_tilde)) || !CBS_get_bytes(in, &z_bytes, 640 * L) || // Note: Decoding 20 bits into (-2^19, 2^19] cannot fail. - !vectorl_decode_signed(&sign->z, CBS_data(&z_bytes), 20, 1 << 19) || - !CBS_get_bytes(in, &hint_bytes, OMEGA + K) || + !vector_decode_signed(&sign->z, CBS_data(&z_bytes), 20, 1 << 19) || + !CBS_get_bytes(in, &hint_bytes, omega() + K) || !hint_bit_unpack(&sign->h, CBS_data(&hint_bytes))) { return 0; }; @@ -1236,86 +1325,44 @@ static int mldsa_parse_signature(struct signature *sign, CBS *in) { return 1; } -static struct private_key *private_key_from_external( - const struct MLDSA65_private_key *external) { - static_assert( - sizeof(struct MLDSA65_private_key) == sizeof(struct private_key), - "Kyber private key size incorrect"); - static_assert( - alignof(struct MLDSA65_private_key) == alignof(struct private_key), - "Kyber private key align incorrect"); - return (struct private_key *)external; -} - -static struct public_key *public_key_from_external( - const struct MLDSA65_public_key *external) { - static_assert(sizeof(struct MLDSA65_public_key) == sizeof(struct public_key), - "mldsa public key size incorrect"); - static_assert( - alignof(struct MLDSA65_public_key) == alignof(struct public_key), - "mldsa public key align incorrect"); - return (struct public_key *)external; -} - -/* API */ - -// Calls |MLDSA_generate_key_external_entropy| with random bytes from -// |RAND_bytes|. Returns 1 on success and 0 on failure. -int MLDSA65_generate_key( - uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES], - uint8_t out_seed[MLDSA_SEED_BYTES], - struct MLDSA65_private_key *out_private_key) { - RAND_bytes(out_seed, MLDSA_SEED_BYTES); - return MLDSA65_generate_key_external_entropy(out_encoded_public_key, - out_private_key, out_seed); -} - -int MLDSA65_private_key_from_seed(struct MLDSA65_private_key *out_private_key, - const uint8_t *seed, size_t seed_len) { - if (seed_len != MLDSA_SEED_BYTES) { - return 0; - } - uint8_t public_key[MLDSA65_PUBLIC_KEY_BYTES]; - return MLDSA65_generate_key_external_entropy(public_key, out_private_key, - seed); -} +template +struct DeleterFree { + void operator()(T *ptr) { OPENSSL_free(ptr); } +}; // FIPS 204, Algorithm 6 (`ML-DSA.KeyGen_internal`). Returns 1 on success and 0 // on failure. -int MLDSA65_generate_key_external_entropy( - uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES], - struct MLDSA65_private_key *out_private_key, - const uint8_t entropy[MLDSA_SEED_BYTES]) { - int ret = 0; - +template +static int mldsa_generate_key_external_entropy( + uint8_t out_encoded_public_key[public_key_bytes()], + struct private_key *priv, const uint8_t entropy[MLDSA_SEED_BYTES]) { // Intermediate values, allocated on the heap to allow use when there is a // limited amount of stack. struct values_st { - struct public_key pub; - matrix a_ntt; - vectorl s1_ntt; - vectork t; + struct public_key pub; + matrix a_ntt; + vector s1_ntt; + vector t; }; - struct values_st *values = OPENSSL_malloc(sizeof(*values)); + std::unique_ptr> values( + reinterpret_cast(OPENSSL_malloc(sizeof(values_st)))); if (values == NULL) { - goto err; + return 0; } - struct private_key *priv = private_key_from_external(out_private_key); - uint8_t augmented_entropy[MLDSA_SEED_BYTES + 2]; OPENSSL_memcpy(augmented_entropy, entropy, MLDSA_SEED_BYTES); // The k and l parameters are appended to the seed. augmented_entropy[MLDSA_SEED_BYTES] = K; augmented_entropy[MLDSA_SEED_BYTES + 1] = L; - uint8_t expanded_seed[RHO_BYTES + SIGMA_BYTES + K_BYTES]; + uint8_t expanded_seed[kRhoBytes + kSigmaBytes + kKBytes]; BORINGSSL_keccak(expanded_seed, sizeof(expanded_seed), augmented_entropy, sizeof(augmented_entropy), boringssl_shake256); const uint8_t *const rho = expanded_seed; - const uint8_t *const sigma = expanded_seed + RHO_BYTES; - const uint8_t *const k = expanded_seed + RHO_BYTES + SIGMA_BYTES; + const uint8_t *const sigma = expanded_seed + kRhoBytes; + const uint8_t *const k = expanded_seed + kRhoBytes + kSigmaBytes; // rho is public. - CONSTTIME_DECLASSIFY(rho, RHO_BYTES); + CONSTTIME_DECLASSIFY(rho, kRhoBytes); OPENSSL_memcpy(values->pub.rho, rho, sizeof(values->pub.rho)); OPENSSL_memcpy(priv->rho, rho, sizeof(priv->rho)); OPENSSL_memcpy(priv->k, k, sizeof(priv->k)); @@ -1324,52 +1371,47 @@ int MLDSA65_generate_key_external_entropy( vector_expand_short(&priv->s1, &priv->s2, sigma); OPENSSL_memcpy(&values->s1_ntt, &priv->s1, sizeof(values->s1_ntt)); - vectorl_ntt(&values->s1_ntt); + vector_ntt(&values->s1_ntt); matrix_mult(&values->t, &values->a_ntt, &values->s1_ntt); - vectork_inverse_ntt(&values->t); - vectork_add(&values->t, &values->t, &priv->s2); + vector_inverse_ntt(&values->t); + vector_add(&values->t, &values->t, &priv->s2); - vectork_power2_round(&values->pub.t1, &priv->t0, &values->t); + vector_power2_round(&values->pub.t1, &priv->t0, &values->t); // t1 is public. CONSTTIME_DECLASSIFY(&values->pub.t1, sizeof(values->pub.t1)); CBB cbb; - CBB_init_fixed(&cbb, out_encoded_public_key, MLDSA65_PUBLIC_KEY_BYTES); + CBB_init_fixed(&cbb, out_encoded_public_key, public_key_bytes()); if (!mldsa_marshal_public_key(&cbb, &values->pub)) { - goto err; + return 0; } - assert(CBB_len(&cbb) == MLDSA65_PUBLIC_KEY_BYTES); + assert(CBB_len(&cbb) == public_key_bytes()); BORINGSSL_keccak(priv->public_key_hash, sizeof(priv->public_key_hash), - out_encoded_public_key, MLDSA65_PUBLIC_KEY_BYTES, + out_encoded_public_key, public_key_bytes(), boringssl_shake256); - ret = 1; -err: - OPENSSL_free(values); - return ret; + return 1; } -int MLDSA65_public_from_private(struct MLDSA65_public_key *out_public_key, - const struct MLDSA65_private_key *private_key) { - int ret = 0; - +template +static int mldsa_public_from_private(struct public_key *pub, + const struct private_key *priv) { // Intermediate values, allocated on the heap to allow use when there is a // limited amount of stack. struct values_st { - matrix a_ntt; - vectorl s1_ntt; - vectork t; - vectork t0; + matrix a_ntt; + vector s1_ntt; + vector t; + vector t0; }; - struct values_st *values = OPENSSL_malloc(sizeof(*values)); + std::unique_ptr> values( + reinterpret_cast(OPENSSL_malloc(sizeof(values_st)))); if (values == NULL) { - goto err; + return 0; } - const struct private_key *priv = private_key_from_external(private_key); - struct public_key *pub = public_key_from_external(out_public_key); OPENSSL_memcpy(pub->rho, priv->rho, sizeof(pub->rho)); OPENSSL_memcpy(pub->public_key_hash, priv->public_key_hash, @@ -1378,32 +1420,26 @@ int MLDSA65_public_from_private(struct MLDSA65_public_key *out_public_key, matrix_expand(&values->a_ntt, priv->rho); OPENSSL_memcpy(&values->s1_ntt, &priv->s1, sizeof(values->s1_ntt)); - vectorl_ntt(&values->s1_ntt); + vector_ntt(&values->s1_ntt); matrix_mult(&values->t, &values->a_ntt, &values->s1_ntt); - vectork_inverse_ntt(&values->t); - vectork_add(&values->t, &values->t, &priv->s2); - - vectork_power2_round(&pub->t1, &values->t0, &values->t); + vector_inverse_ntt(&values->t); + vector_add(&values->t, &values->t, &priv->s2); - ret = 1; -err: - OPENSSL_free(values); - return ret; + vector_power2_round(&pub->t1, &values->t0, &values->t); + return 1; } -// FIPS 204, Algorithm 7 (`ML-DSA.Sign_internal`). Returns 1 on success and 0 on -// failure. -int MLDSA65_sign_internal( - uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES], - const struct MLDSA65_private_key *private_key, const uint8_t *msg, - size_t msg_len, const uint8_t *context_prefix, size_t context_prefix_len, +// FIPS 204, Algorithm 7 (`ML-DSA.Sign_internal`). Returns 1 on success and 0 +// on failure. +template +static int mldsa_sign_internal( + uint8_t out_encoded_signature[signature_bytes()], + const struct private_key *priv, const uint8_t *msg, size_t msg_len, + const uint8_t *context_prefix, size_t context_prefix_len, const uint8_t *context, size_t context_len, const uint8_t randomizer[MLDSA_SIGNATURE_RANDOMIZER_BYTES]) { - int ret = 0; - const struct private_key *priv = private_key_from_external(private_key); - - uint8_t mu[MU_BYTES]; + uint8_t mu[kMuBytes]; struct BORINGSSL_keccak_st keccak_ctx; BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake256); BORINGSSL_keccak_absorb(&keccak_ctx, priv->public_key_hash, @@ -1411,82 +1447,83 @@ int MLDSA65_sign_internal( BORINGSSL_keccak_absorb(&keccak_ctx, context_prefix, context_prefix_len); BORINGSSL_keccak_absorb(&keccak_ctx, context, context_len); BORINGSSL_keccak_absorb(&keccak_ctx, msg, msg_len); - BORINGSSL_keccak_squeeze(&keccak_ctx, mu, MU_BYTES); + BORINGSSL_keccak_squeeze(&keccak_ctx, mu, kMuBytes); - uint8_t rho_prime[RHO_PRIME_BYTES]; + uint8_t rho_prime[kRhoPrimeBytes]; BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake256); BORINGSSL_keccak_absorb(&keccak_ctx, priv->k, sizeof(priv->k)); BORINGSSL_keccak_absorb(&keccak_ctx, randomizer, MLDSA_SIGNATURE_RANDOMIZER_BYTES); - BORINGSSL_keccak_absorb(&keccak_ctx, mu, MU_BYTES); - BORINGSSL_keccak_squeeze(&keccak_ctx, rho_prime, RHO_PRIME_BYTES); + BORINGSSL_keccak_absorb(&keccak_ctx, mu, kMuBytes); + BORINGSSL_keccak_squeeze(&keccak_ctx, rho_prime, kRhoPrimeBytes); // Intermediate values, allocated on the heap to allow use when there is a // limited amount of stack. struct values_st { - struct signature sign; - vectorl s1_ntt; - vectork s2_ntt; - vectork t0_ntt; - matrix a_ntt; - vectorl y; - vectork w; - vectork w1; - vectorl cs1; - vectork cs2; + struct signature sign; + vector s1_ntt; + vector s2_ntt; + vector t0_ntt; + matrix a_ntt; + vector y; + vector w; + vector w1; + vector cs1; + vector cs2; }; - struct values_st *values = OPENSSL_malloc(sizeof(*values)); + std::unique_ptr> values( + reinterpret_cast(OPENSSL_malloc(sizeof(values_st)))); if (values == NULL) { - goto err; + return 0; } OPENSSL_memcpy(&values->s1_ntt, &priv->s1, sizeof(values->s1_ntt)); - vectorl_ntt(&values->s1_ntt); + vector_ntt(&values->s1_ntt); OPENSSL_memcpy(&values->s2_ntt, &priv->s2, sizeof(values->s2_ntt)); - vectork_ntt(&values->s2_ntt); + vector_ntt(&values->s2_ntt); OPENSSL_memcpy(&values->t0_ntt, &priv->t0, sizeof(values->t0_ntt)); - vectork_ntt(&values->t0_ntt); + vector_ntt(&values->t0_ntt); matrix_expand(&values->a_ntt, priv->rho); - // kappa must not exceed 2**16/L = 13107. But the probability of it exceeding - // even 1000 iterations is vanishingly small. + // kappa must not exceed 2**16/L = 13107. But the probability of it + // exceeding even 1000 iterations is vanishingly small. for (size_t kappa = 0;; kappa += L) { - vectorl_expand_mask(&values->y, rho_prime, kappa); + vector_expand_mask(&values->y, rho_prime, kappa); - vectorl *y_ntt = &values->cs1; + vector *y_ntt = &values->cs1; OPENSSL_memcpy(y_ntt, &values->y, sizeof(*y_ntt)); - vectorl_ntt(y_ntt); + vector_ntt(y_ntt); matrix_mult(&values->w, &values->a_ntt, y_ntt); - vectork_inverse_ntt(&values->w); + vector_inverse_ntt(&values->w); - vectork_high_bits(&values->w1, &values->w); + vector_high_bits(&values->w1, &values->w); uint8_t w1_encoded[128 * K]; w1_encode(w1_encoded, &values->w1); BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake256); - BORINGSSL_keccak_absorb(&keccak_ctx, mu, MU_BYTES); + BORINGSSL_keccak_absorb(&keccak_ctx, mu, kMuBytes); BORINGSSL_keccak_absorb(&keccak_ctx, w1_encoded, 128 * K); BORINGSSL_keccak_squeeze(&keccak_ctx, values->sign.c_tilde, - 2 * LAMBDA_BYTES); + 2 * lambda_bytes()); scalar c_ntt; scalar_sample_in_ball_vartime(&c_ntt, values->sign.c_tilde, - sizeof(values->sign.c_tilde)); + sizeof(values->sign.c_tilde), tau()); scalar_ntt(&c_ntt); - vectorl_mult_scalar(&values->cs1, &values->s1_ntt, &c_ntt); - vectorl_inverse_ntt(&values->cs1); - vectork_mult_scalar(&values->cs2, &values->s2_ntt, &c_ntt); - vectork_inverse_ntt(&values->cs2); + vector_mult_scalar(&values->cs1, &values->s1_ntt, &c_ntt); + vector_inverse_ntt(&values->cs1); + vector_mult_scalar(&values->cs2, &values->s2_ntt, &c_ntt); + vector_inverse_ntt(&values->cs2); - vectorl_add(&values->sign.z, &values->y, &values->cs1); + vector_add(&values->sign.z, &values->y, &values->cs1); - vectork *r0 = &values->w1; - vectork_sub(r0, &values->w, &values->cs2); - vectork_low_bits(r0, r0); + vector *r0 = &values->w1; + vector_sub(r0, &values->w, &values->cs2); + vector_low_bits(r0, r0); // Leaking the fact that a signature was rejected is fine as the next // attempt at a signature will be (indistinguishable from) independent of @@ -1494,27 +1531,27 @@ int MLDSA65_sign_internal( // branches rejected the signature. Section 5.5 of // https://pq-crystals.org/dilithium/data/dilithium-specification-round3.pdf // describes this leak as OK. Note we leak less than what is described by - // the paper; we do not reveal which coefficient violated the bound, and we - // hide which of the |z_max| or |r0_max| bound failed. See also + // the paper; we do not reveal which coefficient violated the bound, and + // we hide which of the |z_max| or |r0_max| bound failed. See also // https://boringssl-review.googlesource.com/c/boringssl/+/67747/comment/2bbab0fa_d241d35a/ - uint32_t z_max = vectorl_max(&values->sign.z); - uint32_t r0_max = vectork_max_signed(r0); + uint32_t z_max = vector_max(&values->sign.z); + uint32_t r0_max = vector_max_signed(r0); if (constant_time_declassify_w( - constant_time_ge_w(z_max, kGamma1 - BETA) | - constant_time_ge_w(r0_max, kGamma2 - BETA))) { + constant_time_ge_w(z_max, gamma1() - beta()) | + constant_time_ge_w(r0_max, kGamma2 - beta()))) { continue; } - vectork *ct0 = &values->w1; - vectork_mult_scalar(ct0, &values->t0_ntt, &c_ntt); - vectork_inverse_ntt(ct0); - vectork_make_hint(&values->sign.h, ct0, &values->cs2, &values->w); + vector *ct0 = &values->w1; + vector_mult_scalar(ct0, &values->t0_ntt, &c_ntt); + vector_inverse_ntt(ct0); + vector_make_hint(&values->sign.h, ct0, &values->cs2, &values->w); // See above. - uint32_t ct0_max = vectork_max(ct0); - size_t h_ones = vectork_count_ones(&values->sign.h); + uint32_t ct0_max = vector_max(ct0); + size_t h_ones = vector_count_ones(&values->sign.h); if (constant_time_declassify_w(constant_time_ge_w(ct0_max, kGamma2) | - constant_time_lt_w(OMEGA, h_ones))) { + constant_time_lt_w(omega(), h_ones))) { continue; } @@ -1524,88 +1561,47 @@ int MLDSA65_sign_internal( CONSTTIME_DECLASSIFY(&values->sign.h, sizeof(values->sign.h)); CBB cbb; - CBB_init_fixed(&cbb, out_encoded_signature, MLDSA65_SIGNATURE_BYTES); + CBB_init_fixed(&cbb, out_encoded_signature, signature_bytes()); if (!mldsa_marshal_signature(&cbb, &values->sign)) { - goto err; + return 0; } - BSSL_CHECK(CBB_len(&cbb) == MLDSA65_SIGNATURE_BYTES); - ret = 1; - break; - } - -err: - OPENSSL_free(values); - return ret; -} - -// mldsa signature in randomized mode, filling the random bytes with -// |RAND_bytes|. Returns 1 on success and 0 on failure. -int MLDSA65_sign(uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES], - const struct MLDSA65_private_key *private_key, - const uint8_t *msg, size_t msg_len, const uint8_t *context, - size_t context_len) { - if (context_len > 255) { - return 0; - } - - uint8_t randomizer[MLDSA_SIGNATURE_RANDOMIZER_BYTES]; - RAND_bytes(randomizer, sizeof(randomizer)); - - const uint8_t context_prefix[2] = {0, context_len}; - return MLDSA65_sign_internal(out_encoded_signature, private_key, msg, msg_len, - context_prefix, sizeof(context_prefix), context, - context_len, randomizer); -} - -// FIPS 204, Algorithm 3 (`ML-DSA.Verify`). -int MLDSA65_verify(const struct MLDSA65_public_key *public_key, - const uint8_t *signature, size_t signature_len, - const uint8_t *msg, size_t msg_len, const uint8_t *context, - size_t context_len) { - if (context_len > 255 || signature_len != MLDSA65_SIGNATURE_BYTES) { - return 0; + BSSL_CHECK(CBB_len(&cbb) == signature_bytes()); + return 1; } - - const uint8_t context_prefix[2] = {0, context_len}; - return MLDSA65_verify_internal(public_key, signature, msg, msg_len, - context_prefix, sizeof(context_prefix), - context, context_len); } // FIPS 204, Algorithm 8 (`ML-DSA.Verify_internal`). -int MLDSA65_verify_internal( - const struct MLDSA65_public_key *public_key, - const uint8_t encoded_signature[MLDSA65_SIGNATURE_BYTES], - const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix, - size_t context_prefix_len, const uint8_t *context, size_t context_len) { - int ret = 0; - +template +static int mldsa_verify_internal( + const struct public_key *pub, + const uint8_t encoded_signature[signature_bytes()], const uint8_t *msg, + size_t msg_len, const uint8_t *context_prefix, size_t context_prefix_len, + const uint8_t *context, size_t context_len) { // Intermediate values, allocated on the heap to allow use when there is a // limited amount of stack. struct values_st { - struct signature sign; - matrix a_ntt; - vectorl z_ntt; - vectork az_ntt; - vectork ct1_ntt; + struct signature sign; + matrix a_ntt; + vector z_ntt; + vector az_ntt; + vector ct1_ntt; }; - struct values_st *values = OPENSSL_malloc(sizeof(*values)); + std::unique_ptr> values( + reinterpret_cast(OPENSSL_malloc(sizeof(values_st)))); if (values == NULL) { - goto err; + return 0; } - const struct public_key *pub = public_key_from_external(public_key); - CBS cbs; - CBS_init(&cbs, encoded_signature, MLDSA65_SIGNATURE_BYTES); + CBS_init(&cbs, encoded_signature, signature_bytes()); if (!mldsa_parse_signature(&values->sign, &cbs)) { - goto err; + return 0; } matrix_expand(&values->a_ntt, pub->rho); - uint8_t mu[MU_BYTES]; + uint8_t mu[kMuBytes]; struct BORINGSSL_keccak_st keccak_ctx; BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake256); BORINGSSL_keccak_absorb(&keccak_ctx, pub->public_key_hash, @@ -1613,75 +1609,182 @@ int MLDSA65_verify_internal( BORINGSSL_keccak_absorb(&keccak_ctx, context_prefix, context_prefix_len); BORINGSSL_keccak_absorb(&keccak_ctx, context, context_len); BORINGSSL_keccak_absorb(&keccak_ctx, msg, msg_len); - BORINGSSL_keccak_squeeze(&keccak_ctx, mu, MU_BYTES); + BORINGSSL_keccak_squeeze(&keccak_ctx, mu, kMuBytes); scalar c_ntt; scalar_sample_in_ball_vartime(&c_ntt, values->sign.c_tilde, - sizeof(values->sign.c_tilde)); + sizeof(values->sign.c_tilde), tau()); scalar_ntt(&c_ntt); OPENSSL_memcpy(&values->z_ntt, &values->sign.z, sizeof(values->z_ntt)); - vectorl_ntt(&values->z_ntt); + vector_ntt(&values->z_ntt); matrix_mult(&values->az_ntt, &values->a_ntt, &values->z_ntt); - vectork_scale_power2_round(&values->ct1_ntt, &pub->t1); - vectork_ntt(&values->ct1_ntt); + vector_scale_power2_round(&values->ct1_ntt, &pub->t1); + vector_ntt(&values->ct1_ntt); - vectork_mult_scalar(&values->ct1_ntt, &values->ct1_ntt, &c_ntt); + vector_mult_scalar(&values->ct1_ntt, &values->ct1_ntt, &c_ntt); - vectork *const w1 = &values->az_ntt; - vectork_sub(w1, &values->az_ntt, &values->ct1_ntt); - vectork_inverse_ntt(w1); + vector *const w1 = &values->az_ntt; + vector_sub(w1, &values->az_ntt, &values->ct1_ntt); + vector_inverse_ntt(w1); - vectork_use_hint_vartime(w1, &values->sign.h, w1); + vector_use_hint_vartime(w1, &values->sign.h, w1); uint8_t w1_encoded[128 * K]; w1_encode(w1_encoded, w1); - uint8_t c_tilde[2 * LAMBDA_BYTES]; + uint8_t c_tilde[2 * lambda_bytes()]; BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake256); - BORINGSSL_keccak_absorb(&keccak_ctx, mu, MU_BYTES); + BORINGSSL_keccak_absorb(&keccak_ctx, mu, kMuBytes); BORINGSSL_keccak_absorb(&keccak_ctx, w1_encoded, 128 * K); - BORINGSSL_keccak_squeeze(&keccak_ctx, c_tilde, 2 * LAMBDA_BYTES); - - uint32_t z_max = vectorl_max(&values->sign.z); - if (z_max < kGamma1 - BETA && - OPENSSL_memcmp(c_tilde, values->sign.c_tilde, 2 * LAMBDA_BYTES) == 0) { - ret = 1; - } + BORINGSSL_keccak_squeeze(&keccak_ctx, c_tilde, 2 * lambda_bytes()); -err: - OPENSSL_free(values); - return ret; + uint32_t z_max = vector_max(&values->sign.z); + return z_max < static_cast(gamma1() - beta()) && + OPENSSL_memcmp(c_tilde, values->sign.c_tilde, 2 * lambda_bytes()) == + 0; } -/* Serialization of keys. */ +} // namespace -int MLDSA65_marshal_public_key(CBB *out, - const struct MLDSA65_public_key *public_key) { - return mldsa_marshal_public_key(out, public_key_from_external(public_key)); +// ML-DSA-65 specific wrappers. + +static struct private_key<6, 5> *mldsa65_private_key_from_external( + const struct MLDSA65_private_key *external) { + static_assert(sizeof(struct MLDSA65_private_key) == + sizeof(struct private_key<6, 5>), + "MLDSA65 private key size incorrect"); + static_assert(alignof(struct MLDSA65_private_key) == + alignof(struct private_key<6, 5>), + "MLDSA65 private key align incorrect"); + return (struct private_key<6, 5> *)external; +} + +static struct public_key<6> * +mldsa65_public_key_from_external(const struct MLDSA65_public_key *external) { + static_assert(sizeof(struct MLDSA65_public_key) == + sizeof(struct public_key<6>), + "MLDSA65 public key size incorrect"); + static_assert(alignof(struct MLDSA65_public_key) == + alignof(struct public_key<6>), + "MLDSA65 public key align incorrect"); + return (struct public_key<6> *)external; } int MLDSA65_parse_public_key(struct MLDSA65_public_key *public_key, CBS *in) { - struct public_key *pub = public_key_from_external(public_key); - CBS orig_in = *in; - if (!mldsa_parse_public_key(pub, in) || CBS_len(in) != 0) { - return 0; - } - - // Compute pre-cached values. - BORINGSSL_keccak(pub->public_key_hash, sizeof(pub->public_key_hash), - CBS_data(&orig_in), CBS_len(&orig_in), boringssl_shake256); - return 1; + return mldsa_parse_public_key(mldsa65_public_key_from_external(public_key), + in); } int MLDSA65_marshal_private_key(CBB *out, const struct MLDSA65_private_key *private_key) { - return mldsa_marshal_private_key(out, private_key_from_external(private_key)); + return mldsa_marshal_private_key( + out, mldsa65_private_key_from_external(private_key)); } int MLDSA65_parse_private_key(struct MLDSA65_private_key *private_key, CBS *in) { - struct private_key *priv = private_key_from_external(private_key); - return mldsa_parse_private_key(priv, in) && CBS_len(in) == 0; + return mldsa_parse_private_key(mldsa65_private_key_from_external(private_key), + in) && + CBS_len(in) == 0; +} + +// Calls |MLDSA_generate_key_external_entropy| with random bytes from +// |RAND_bytes|. Returns 1 on success and 0 on failure. +int MLDSA65_generate_key( + uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES], + uint8_t out_seed[MLDSA_SEED_BYTES], + struct MLDSA65_private_key *out_private_key) { + RAND_bytes(out_seed, MLDSA_SEED_BYTES); + return MLDSA65_generate_key_external_entropy(out_encoded_public_key, + out_private_key, out_seed); +} + +int MLDSA65_private_key_from_seed(struct MLDSA65_private_key *out_private_key, + const uint8_t *seed, size_t seed_len) { + if (seed_len != MLDSA_SEED_BYTES) { + return 0; + } + uint8_t public_key[MLDSA65_PUBLIC_KEY_BYTES]; + return MLDSA65_generate_key_external_entropy(public_key, out_private_key, + seed); +} + +int MLDSA65_generate_key_external_entropy( + uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES], + struct MLDSA65_private_key *out_private_key, + const uint8_t entropy[MLDSA_SEED_BYTES]) { + return mldsa_generate_key_external_entropy( + out_encoded_public_key, + mldsa65_private_key_from_external(out_private_key), entropy); +} + +int MLDSA65_public_from_private(struct MLDSA65_public_key *out_public_key, + const struct MLDSA65_private_key *private_key) { + return mldsa_public_from_private( + mldsa65_public_key_from_external(out_public_key), + mldsa65_private_key_from_external(private_key)); +} + +int MLDSA65_sign_internal( + uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES], + const struct MLDSA65_private_key *private_key, const uint8_t *msg, + size_t msg_len, const uint8_t *context_prefix, size_t context_prefix_len, + const uint8_t *context, size_t context_len, + const uint8_t randomizer[MLDSA_SIGNATURE_RANDOMIZER_BYTES]) { + return mldsa_sign_internal(out_encoded_signature, + mldsa65_private_key_from_external(private_key), + msg, msg_len, context_prefix, context_prefix_len, + context, context_len, randomizer); +} + +// ML-DSA signature in randomized mode, filling the random bytes with +// |RAND_bytes|. Returns 1 on success and 0 on failure. +int MLDSA65_sign(uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES], + const struct MLDSA65_private_key *private_key, + const uint8_t *msg, size_t msg_len, const uint8_t *context, + size_t context_len) { + if (context_len > 255) { + return 0; + } + + uint8_t randomizer[MLDSA_SIGNATURE_RANDOMIZER_BYTES]; + RAND_bytes(randomizer, sizeof(randomizer)); + + const uint8_t context_prefix[2] = {0, static_cast(context_len)}; + return MLDSA65_sign_internal(out_encoded_signature, private_key, msg, msg_len, + context_prefix, sizeof(context_prefix), context, + context_len, randomizer); +} + +// FIPS 204, Algorithm 3 (`ML-DSA.Verify`). +int MLDSA65_verify(const struct MLDSA65_public_key *public_key, + const uint8_t *signature, size_t signature_len, + const uint8_t *msg, size_t msg_len, const uint8_t *context, + size_t context_len) { + if (context_len > 255 || signature_len != MLDSA65_SIGNATURE_BYTES) { + return 0; + } + + const uint8_t context_prefix[2] = {0, static_cast(context_len)}; + return MLDSA65_verify_internal(public_key, signature, msg, msg_len, + context_prefix, sizeof(context_prefix), + context, context_len); +} + +int MLDSA65_verify_internal( + const struct MLDSA65_public_key *public_key, + const uint8_t encoded_signature[MLDSA65_SIGNATURE_BYTES], + const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix, + size_t context_prefix_len, const uint8_t *context, size_t context_len) { + return mldsa_verify_internal<6, 5>( + mldsa65_public_key_from_external(public_key), encoded_signature, msg, + msg_len, context_prefix, context_prefix_len, context, context_len); +} + +int MLDSA65_marshal_public_key(CBB *out, + const struct MLDSA65_public_key *public_key) { + return mldsa_marshal_public_key(out, + mldsa65_public_key_from_external(public_key)); } diff --git a/Sources/CCryptoBoringSSL/crypto/mlkem/mlkem.cc b/Sources/CCryptoBoringSSL/crypto/mlkem/mlkem.cc new file mode 100644 index 00000000..1752dcab --- /dev/null +++ b/Sources/CCryptoBoringSSL/crypto/mlkem/mlkem.cc @@ -0,0 +1,1097 @@ +/* Copyright (c) 2024, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include + +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "../internal.h" +#include "../keccak/internal.h" +#include "./internal.h" + + +// See +// https://csrc.nist.gov/pubs/fips/203/final + +static void prf(uint8_t *out, size_t out_len, const uint8_t in[33]) { + BORINGSSL_keccak(out, out_len, in, 33, boringssl_shake256); +} + +// Section 4.1 +static void hash_h(uint8_t out[32], const uint8_t *in, size_t len) { + BORINGSSL_keccak(out, 32, in, len, boringssl_sha3_256); +} + +static void hash_g(uint8_t out[64], const uint8_t *in, size_t len) { + BORINGSSL_keccak(out, 64, in, len, boringssl_sha3_512); +} + +// This is called `J` in the spec. +static void kdf(uint8_t out[MLKEM_SHARED_SECRET_BYTES], + const uint8_t failure_secret[32], const uint8_t *ciphertext, + size_t ciphertext_len) { + struct BORINGSSL_keccak_st st; + BORINGSSL_keccak_init(&st, boringssl_shake256); + BORINGSSL_keccak_absorb(&st, failure_secret, 32); + BORINGSSL_keccak_absorb(&st, ciphertext, ciphertext_len); + BORINGSSL_keccak_squeeze(&st, out, MLKEM_SHARED_SECRET_BYTES); +} + +// Constants that are common across all sizes. +#define DEGREE 256 +static const size_t kBarrettMultiplier = 5039; +static const unsigned kBarrettShift = 24; +static const uint16_t kPrime = 3329; +static const int kLog2Prime = 12; +static const uint16_t kHalfPrime = (/*kPrime=*/3329 - 1) / 2; +// kInverseDegree is 128^-1 mod 3329; 128 because kPrime does not have a 512th +// root of unity. +static const uint16_t kInverseDegree = 3303; + +// Rank-specific constants. +#define RANK768 3 +static const int kDU768 = 10; +static const int kDV768 = 4; +#define RANK1024 4 +static const int kDU1024 = 11; +static const int kDV1024 = 5; + +constexpr size_t encoded_vector_size(int rank) { + return (kLog2Prime * DEGREE / 8) * static_cast(rank); +} + +constexpr size_t encoded_public_key_size(int rank) { + return encoded_vector_size(rank) + /*sizeof(rho)=*/32; +} + +static_assert(encoded_public_key_size(RANK768) == MLKEM768_PUBLIC_KEY_BYTES, + ""); +static_assert(encoded_public_key_size(RANK1024) == MLKEM1024_PUBLIC_KEY_BYTES, + ""); + +constexpr size_t compressed_vector_size(int rank) { + // `if constexpr` isn't available in C++17. + return (rank == RANK768 ? kDU768 : kDU1024) * static_cast(rank) * + DEGREE / 8; +} + +constexpr size_t ciphertext_size(int rank) { + return compressed_vector_size(rank) + + (rank == RANK768 ? kDV768 : kDV1024) * DEGREE / 8; +} + +static_assert(ciphertext_size(RANK768) == MLKEM768_CIPHERTEXT_BYTES, ""); +static_assert(ciphertext_size(RANK1024) == MLKEM1024_CIPHERTEXT_BYTES, ""); + +typedef struct scalar { + // On every function entry and exit, 0 <= c < kPrime. + uint16_t c[DEGREE]; +} scalar; + +template +struct vector { + scalar v[RANK]; +}; + +template +struct matrix { + scalar v[RANK][RANK]; +}; + +// This bit of Python will be referenced in some of the following comments: +// +// p = 3329 +// +// def bitreverse(i): +// ret = 0 +// for n in range(7): +// bit = i & 1 +// ret <<= 1 +// ret |= bit +// i >>= 1 +// return ret + +// kNTTRoots = [pow(17, bitreverse(i), p) for i in range(128)] +static const uint16_t kNTTRoots[128] = { + 1, 1729, 2580, 3289, 2642, 630, 1897, 848, 1062, 1919, 193, 797, + 2786, 3260, 569, 1746, 296, 2447, 1339, 1476, 3046, 56, 2240, 1333, + 1426, 2094, 535, 2882, 2393, 2879, 1974, 821, 289, 331, 3253, 1756, + 1197, 2304, 2277, 2055, 650, 1977, 2513, 632, 2865, 33, 1320, 1915, + 2319, 1435, 807, 452, 1438, 2868, 1534, 2402, 2647, 2617, 1481, 648, + 2474, 3110, 1227, 910, 17, 2761, 583, 2649, 1637, 723, 2288, 1100, + 1409, 2662, 3281, 233, 756, 2156, 3015, 3050, 1703, 1651, 2789, 1789, + 1847, 952, 1461, 2687, 939, 2308, 2437, 2388, 733, 2337, 268, 641, + 1584, 2298, 2037, 3220, 375, 2549, 2090, 1645, 1063, 319, 2773, 757, + 2099, 561, 2466, 2594, 2804, 1092, 403, 1026, 1143, 2150, 2775, 886, + 1722, 1212, 1874, 1029, 2110, 2935, 885, 2154, +}; + +// kInverseNTTRoots = [pow(17, -bitreverse(i), p) for i in range(128)] +static const uint16_t kInverseNTTRoots[128] = { + 1, 1600, 40, 749, 2481, 1432, 2699, 687, 1583, 2760, 69, 543, + 2532, 3136, 1410, 2267, 2508, 1355, 450, 936, 447, 2794, 1235, 1903, + 1996, 1089, 3273, 283, 1853, 1990, 882, 3033, 2419, 2102, 219, 855, + 2681, 1848, 712, 682, 927, 1795, 461, 1891, 2877, 2522, 1894, 1010, + 1414, 2009, 3296, 464, 2697, 816, 1352, 2679, 1274, 1052, 1025, 2132, + 1573, 76, 2998, 3040, 1175, 2444, 394, 1219, 2300, 1455, 2117, 1607, + 2443, 554, 1179, 2186, 2303, 2926, 2237, 525, 735, 863, 2768, 1230, + 2572, 556, 3010, 2266, 1684, 1239, 780, 2954, 109, 1292, 1031, 1745, + 2688, 3061, 992, 2596, 941, 892, 1021, 2390, 642, 1868, 2377, 1482, + 1540, 540, 1678, 1626, 279, 314, 1173, 2573, 3096, 48, 667, 1920, + 2229, 1041, 2606, 1692, 680, 2746, 568, 3312, +}; + +// kModRoots = [pow(17, 2*bitreverse(i) + 1, p) for i in range(128)] +static const uint16_t kModRoots[128] = { + 17, 3312, 2761, 568, 583, 2746, 2649, 680, 1637, 1692, 723, 2606, + 2288, 1041, 1100, 2229, 1409, 1920, 2662, 667, 3281, 48, 233, 3096, + 756, 2573, 2156, 1173, 3015, 314, 3050, 279, 1703, 1626, 1651, 1678, + 2789, 540, 1789, 1540, 1847, 1482, 952, 2377, 1461, 1868, 2687, 642, + 939, 2390, 2308, 1021, 2437, 892, 2388, 941, 733, 2596, 2337, 992, + 268, 3061, 641, 2688, 1584, 1745, 2298, 1031, 2037, 1292, 3220, 109, + 375, 2954, 2549, 780, 2090, 1239, 1645, 1684, 1063, 2266, 319, 3010, + 2773, 556, 757, 2572, 2099, 1230, 561, 2768, 2466, 863, 2594, 735, + 2804, 525, 1092, 2237, 403, 2926, 1026, 2303, 1143, 2186, 2150, 1179, + 2775, 554, 886, 2443, 1722, 1607, 1212, 2117, 1874, 1455, 1029, 2300, + 2110, 1219, 2935, 394, 885, 2444, 2154, 1175, +}; + +// reduce_once reduces 0 <= x < 2*kPrime, mod kPrime. +static uint16_t reduce_once(uint16_t x) { + assert(x < 2 * kPrime); + const uint16_t subtracted = x - kPrime; + uint16_t mask = 0u - (subtracted >> 15); + // On Aarch64, omitting a |value_barrier_u16| results in a 2x speedup of + // ML-KEM overall and Clang still produces constant-time code using `csel`. On + // other platforms & compilers on godbolt that we care about, this code also + // produces constant-time output. + return (mask & x) | (~mask & subtracted); +} + +// constant time reduce x mod kPrime using Barrett reduction. x must be less +// than kPrime + 2×kPrime². +static uint16_t reduce(uint32_t x) { + assert(x < kPrime + 2u * kPrime * kPrime); + uint64_t product = (uint64_t)x * kBarrettMultiplier; + uint32_t quotient = (uint32_t)(product >> kBarrettShift); + uint32_t remainder = x - quotient * kPrime; + return reduce_once(remainder); +} + +static void scalar_zero(scalar *out) { OPENSSL_memset(out, 0, sizeof(*out)); } + +template +static void vector_zero(vector *out) { + OPENSSL_memset(out->v, 0, sizeof(scalar) * RANK); +} + +// In place number theoretic transform of a given scalar. +// Note that MLKEM's kPrime 3329 does not have a 512th root of unity, so this +// transform leaves off the last iteration of the usual FFT code, with the 128 +// relevant roots of unity being stored in |kNTTRoots|. This means the output +// should be seen as 128 elements in GF(3329^2), with the coefficients of the +// elements being consecutive entries in |s->c|. +static void scalar_ntt(scalar *s) { + int offset = DEGREE; + // `int` is used here because using `size_t` throughout caused a ~5% slowdown + // with Clang 14 on Aarch64. + for (int step = 1; step < DEGREE / 2; step <<= 1) { + offset >>= 1; + int k = 0; + for (int i = 0; i < step; i++) { + const uint32_t step_root = kNTTRoots[i + step]; + for (int j = k; j < k + offset; j++) { + uint16_t odd = reduce(step_root * s->c[j + offset]); + uint16_t even = s->c[j]; + s->c[j] = reduce_once(odd + even); + s->c[j + offset] = reduce_once(even - odd + kPrime); + } + k += 2 * offset; + } + } +} + +template +static void vector_ntt(vector *a) { + for (int i = 0; i < RANK; i++) { + scalar_ntt(&a->v[i]); + } +} + +// In place inverse number theoretic transform of a given scalar, with pairs of +// entries of s->v being interpreted as elements of GF(3329^2). Just as with the +// number theoretic transform, this leaves off the first step of the normal iFFT +// to account for the fact that 3329 does not have a 512th root of unity, using +// the precomputed 128 roots of unity stored in |kInverseNTTRoots|. +static void scalar_inverse_ntt(scalar *s) { + int step = DEGREE / 2; + // `int` is used here because using `size_t` throughout caused a ~5% slowdown + // with Clang 14 on Aarch64. + for (int offset = 2; offset < DEGREE; offset <<= 1) { + step >>= 1; + int k = 0; + for (int i = 0; i < step; i++) { + uint32_t step_root = kInverseNTTRoots[i + step]; + for (int j = k; j < k + offset; j++) { + uint16_t odd = s->c[j + offset]; + uint16_t even = s->c[j]; + s->c[j] = reduce_once(odd + even); + s->c[j + offset] = reduce(step_root * (even - odd + kPrime)); + } + k += 2 * offset; + } + } + for (int i = 0; i < DEGREE; i++) { + s->c[i] = reduce(s->c[i] * kInverseDegree); + } +} + +template +static void vector_inverse_ntt(vector *a) { + for (int i = 0; i < RANK; i++) { + scalar_inverse_ntt(&a->v[i]); + } +} + +static void scalar_add(scalar *lhs, const scalar *rhs) { + for (int i = 0; i < DEGREE; i++) { + lhs->c[i] = reduce_once(lhs->c[i] + rhs->c[i]); + } +} + +static void scalar_sub(scalar *lhs, const scalar *rhs) { + for (int i = 0; i < DEGREE; i++) { + lhs->c[i] = reduce_once(lhs->c[i] - rhs->c[i] + kPrime); + } +} + +// Multiplying two scalars in the number theoretically transformed state. Since +// 3329 does not have a 512th root of unity, this means we have to interpret +// the 2*ith and (2*i+1)th entries of the scalar as elements of GF(3329)[X]/(X^2 +// - 17^(2*bitreverse(i)+1)) The value of 17^(2*bitreverse(i)+1) mod 3329 is +// stored in the precomputed |kModRoots| table. Note that our Barrett transform +// only allows us to multipy two reduced numbers together, so we need some +// intermediate reduction steps, even if an uint64_t could hold 3 multiplied +// numbers. +static void scalar_mult(scalar *out, const scalar *lhs, const scalar *rhs) { + for (int i = 0; i < DEGREE / 2; i++) { + uint32_t real_real = (uint32_t)lhs->c[2 * i] * rhs->c[2 * i]; + uint32_t img_img = (uint32_t)lhs->c[2 * i + 1] * rhs->c[2 * i + 1]; + uint32_t real_img = (uint32_t)lhs->c[2 * i] * rhs->c[2 * i + 1]; + uint32_t img_real = (uint32_t)lhs->c[2 * i + 1] * rhs->c[2 * i]; + out->c[2 * i] = + reduce(real_real + (uint32_t)reduce(img_img) * kModRoots[i]); + out->c[2 * i + 1] = reduce(img_real + real_img); + } +} + +template +static void vector_add(vector *lhs, const vector *rhs) { + for (int i = 0; i < RANK; i++) { + scalar_add(&lhs->v[i], &rhs->v[i]); + } +} + +template +static void matrix_mult(vector *out, const matrix *m, + const vector *a) { + vector_zero(out); + for (int i = 0; i < RANK; i++) { + for (int j = 0; j < RANK; j++) { + scalar product; + scalar_mult(&product, &m->v[i][j], &a->v[j]); + scalar_add(&out->v[i], &product); + } + } +} + +template +static void matrix_mult_transpose(vector *out, const matrix *m, + const vector *a) { + vector_zero(out); + for (int i = 0; i < RANK; i++) { + for (int j = 0; j < RANK; j++) { + scalar product; + scalar_mult(&product, &m->v[j][i], &a->v[j]); + scalar_add(&out->v[i], &product); + } + } +} + +template +static void scalar_inner_product(scalar *out, const vector *lhs, + const vector *rhs) { + scalar_zero(out); + for (int i = 0; i < RANK; i++) { + scalar product; + scalar_mult(&product, &lhs->v[i], &rhs->v[i]); + scalar_add(out, &product); + } +} + +// Algorithm 6 from the spec. Rejection samples a Keccak stream to get +// uniformly distributed elements. This is used for matrix expansion and only +// operates on public inputs. +static void scalar_from_keccak_vartime(scalar *out, + struct BORINGSSL_keccak_st *keccak_ctx) { + assert(keccak_ctx->squeeze_offset == 0); + assert(keccak_ctx->rate_bytes == 168); + static_assert(168 % 3 == 0, "block and coefficient boundaries do not align"); + + int done = 0; + while (done < DEGREE) { + uint8_t block[168]; + BORINGSSL_keccak_squeeze(keccak_ctx, block, sizeof(block)); + for (size_t i = 0; i < sizeof(block) && done < DEGREE; i += 3) { + uint16_t d1 = block[i] + 256 * (block[i + 1] % 16); + uint16_t d2 = block[i + 1] / 16 + 16 * block[i + 2]; + if (d1 < kPrime) { + out->c[done++] = d1; + } + if (d2 < kPrime && done < DEGREE) { + out->c[done++] = d2; + } + } + } +} + +// Algorithm 7 from the spec, with eta fixed to two and the PRF call +// included. Creates binominally distributed elements by sampling 2*|eta| bits, +// and setting the coefficient to the count of the first bits minus the count of +// the second bits, resulting in a centered binomial distribution. Since eta is +// two this gives -2/2 with a probability of 1/16, -1/1 with probability 1/4, +// and 0 with probability 3/8. +static void scalar_centered_binomial_distribution_eta_2_with_prf( + scalar *out, const uint8_t input[33]) { + uint8_t entropy[128]; + static_assert(sizeof(entropy) == 2 * /*kEta=*/2 * DEGREE / 8, ""); + prf(entropy, sizeof(entropy), input); + + for (int i = 0; i < DEGREE; i += 2) { + uint8_t byte = entropy[i / 2]; + + uint16_t value = kPrime; + value += (byte & 1) + ((byte >> 1) & 1); + value -= ((byte >> 2) & 1) + ((byte >> 3) & 1); + out->c[i] = reduce_once(value); + + byte >>= 4; + value = kPrime; + value += (byte & 1) + ((byte >> 1) & 1); + value -= ((byte >> 2) & 1) + ((byte >> 3) & 1); + out->c[i + 1] = reduce_once(value); + } +} + +// Generates a secret vector by using +// |scalar_centered_binomial_distribution_eta_2_with_prf|, using the given seed +// appending and incrementing |counter| for entry of the vector. +template +static void vector_generate_secret_eta_2(vector *out, uint8_t *counter, + const uint8_t seed[32]) { + uint8_t input[33]; + OPENSSL_memcpy(input, seed, 32); + for (int i = 0; i < RANK; i++) { + input[32] = (*counter)++; + scalar_centered_binomial_distribution_eta_2_with_prf(&out->v[i], input); + } +} + +// Expands the matrix of a seed for key generation and for encaps-CPA. +template +static void matrix_expand(matrix *out, const uint8_t rho[32]) { + uint8_t input[34]; + OPENSSL_memcpy(input, rho, 32); + for (int i = 0; i < RANK; i++) { + for (int j = 0; j < RANK; j++) { + input[32] = i; + input[33] = j; + struct BORINGSSL_keccak_st keccak_ctx; + BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake128); + BORINGSSL_keccak_absorb(&keccak_ctx, input, sizeof(input)); + scalar_from_keccak_vartime(&out->v[i][j], &keccak_ctx); + } + } +} + +static const uint8_t kMasks[8] = {0x01, 0x03, 0x07, 0x0f, + 0x1f, 0x3f, 0x7f, 0xff}; + +static void scalar_encode(uint8_t *out, const scalar *s, int bits) { + assert(bits <= (int)sizeof(*s->c) * 8 && bits != 1); + + uint8_t out_byte = 0; + int out_byte_bits = 0; + + for (int i = 0; i < DEGREE; i++) { + uint16_t element = s->c[i]; + int element_bits_done = 0; + + while (element_bits_done < bits) { + int chunk_bits = bits - element_bits_done; + int out_bits_remaining = 8 - out_byte_bits; + if (chunk_bits >= out_bits_remaining) { + chunk_bits = out_bits_remaining; + out_byte |= (element & kMasks[chunk_bits - 1]) << out_byte_bits; + *out = out_byte; + out++; + out_byte_bits = 0; + out_byte = 0; + } else { + out_byte |= (element & kMasks[chunk_bits - 1]) << out_byte_bits; + out_byte_bits += chunk_bits; + } + + element_bits_done += chunk_bits; + element >>= chunk_bits; + } + } + + if (out_byte_bits > 0) { + *out = out_byte; + } +} + +// scalar_encode_1 is |scalar_encode| specialised for |bits| == 1. +static void scalar_encode_1(uint8_t out[32], const scalar *s) { + for (int i = 0; i < DEGREE; i += 8) { + uint8_t out_byte = 0; + for (int j = 0; j < 8; j++) { + out_byte |= (s->c[i + j] & 1) << j; + } + *out = out_byte; + out++; + } +} + +// Encodes an entire vector into 32*|RANK|*|bits| bytes. Note that since 256 +// (DEGREE) is divisible by 8, the individual vector entries will always fill a +// whole number of bytes, so we do not need to worry about bit packing here. +template +static void vector_encode(uint8_t *out, const vector *a, int bits) { + for (int i = 0; i < RANK; i++) { + scalar_encode(out + i * bits * DEGREE / 8, &a->v[i], bits); + } +} + +// scalar_decode parses |DEGREE * bits| bits from |in| into |DEGREE| values in +// |out|. It returns one on success and zero if any parsed value is >= +// |kPrime|. +static int scalar_decode(scalar *out, const uint8_t *in, int bits) { + assert(bits <= (int)sizeof(*out->c) * 8 && bits != 1); + + uint8_t in_byte = 0; + int in_byte_bits_left = 0; + + for (int i = 0; i < DEGREE; i++) { + uint16_t element = 0; + int element_bits_done = 0; + + while (element_bits_done < bits) { + if (in_byte_bits_left == 0) { + in_byte = *in; + in++; + in_byte_bits_left = 8; + } + + int chunk_bits = bits - element_bits_done; + if (chunk_bits > in_byte_bits_left) { + chunk_bits = in_byte_bits_left; + } + + element |= (in_byte & kMasks[chunk_bits - 1]) << element_bits_done; + in_byte_bits_left -= chunk_bits; + in_byte >>= chunk_bits; + + element_bits_done += chunk_bits; + } + + if (element >= kPrime) { + return 0; + } + out->c[i] = element; + } + + return 1; +} + +// scalar_decode_1 is |scalar_decode| specialised for |bits| == 1. +static void scalar_decode_1(scalar *out, const uint8_t in[32]) { + for (int i = 0; i < DEGREE; i += 8) { + uint8_t in_byte = *in; + in++; + for (int j = 0; j < 8; j++) { + out->c[i + j] = in_byte & 1; + in_byte >>= 1; + } + } +} + +// Decodes 32*|RANK|*|bits| bytes from |in| into |out|. It returns one on +// success or zero if any parsed value is >= |kPrime|. +template +static int vector_decode(vector *out, const uint8_t *in, int bits) { + for (int i = 0; i < RANK; i++) { + if (!scalar_decode(&out->v[i], in + i * bits * DEGREE / 8, bits)) { + return 0; + } + } + return 1; +} + +// Compresses (lossily) an input |x| mod 3329 into |bits| many bits by grouping +// numbers close to each other together. The formula used is +// round(2^|bits|/kPrime*x) mod 2^|bits|. +// Uses Barrett reduction to achieve constant time. Since we need both the +// remainder (for rounding) and the quotient (as the result), we cannot use +// |reduce| here, but need to do the Barrett reduction directly. +static uint16_t compress(uint16_t x, int bits) { + uint32_t shifted = (uint32_t)x << bits; + uint64_t product = (uint64_t)shifted * kBarrettMultiplier; + uint32_t quotient = (uint32_t)(product >> kBarrettShift); + uint32_t remainder = shifted - quotient * kPrime; + + // Adjust the quotient to round correctly: + // 0 <= remainder <= kHalfPrime round to 0 + // kHalfPrime < remainder <= kPrime + kHalfPrime round to 1 + // kPrime + kHalfPrime < remainder < 2 * kPrime round to 2 + assert(remainder < 2u * kPrime); + quotient += 1 & constant_time_lt_w(kHalfPrime, remainder); + quotient += 1 & constant_time_lt_w(kPrime + kHalfPrime, remainder); + return quotient & ((1 << bits) - 1); +} + +// Decompresses |x| by using an equi-distant representative. The formula is +// round(kPrime/2^|bits|*x). Note that 2^|bits| being the divisor allows us to +// implement this logic using only bit operations. +static uint16_t decompress(uint16_t x, int bits) { + uint32_t product = (uint32_t)x * kPrime; + uint32_t power = 1 << bits; + // This is |product| % power, since |power| is a power of 2. + uint32_t remainder = product & (power - 1); + // This is |product| / power, since |power| is a power of 2. + uint32_t lower = product >> bits; + // The rounding logic works since the first half of numbers mod |power| have a + // 0 as first bit, and the second half has a 1 as first bit, since |power| is + // a power of 2. As a 12 bit number, |remainder| is always positive, so we + // will shift in 0s for a right shift. + return lower + (remainder >> (bits - 1)); +} + +static void scalar_compress(scalar *s, int bits) { + for (int i = 0; i < DEGREE; i++) { + s->c[i] = compress(s->c[i], bits); + } +} + +static void scalar_decompress(scalar *s, int bits) { + for (int i = 0; i < DEGREE; i++) { + s->c[i] = decompress(s->c[i], bits); + } +} + +template +static void vector_compress(vector *a, int bits) { + for (int i = 0; i < RANK; i++) { + scalar_compress(&a->v[i], bits); + } +} + +template +static void vector_decompress(vector *a, int bits) { + for (int i = 0; i < RANK; i++) { + scalar_decompress(&a->v[i], bits); + } +} + +template +struct public_key { + vector t; + uint8_t rho[32]; + uint8_t public_key_hash[32]; + matrix m; +}; + +static struct public_key *public_key_768_from_external( + const struct MLKEM768_public_key *external) { + static_assert(sizeof(struct MLKEM768_public_key) >= + sizeof(struct public_key), + "MLKEM public key is too small"); + static_assert(alignof(struct MLKEM768_public_key) >= + alignof(struct public_key), + "MLKEM public key alignment incorrect"); + return (struct public_key *)external; +} + +static struct public_key * +public_key_1024_from_external(const struct MLKEM1024_public_key *external) { + static_assert(sizeof(struct MLKEM1024_public_key) >= + sizeof(struct public_key), + "MLKEM1024 public key is too small"); + static_assert(alignof(struct MLKEM1024_public_key) >= + alignof(struct public_key), + "MLKEM1024 public key alignment incorrect"); + return (struct public_key *)external; +} + +template +struct private_key { + struct public_key pub; + vector s; + uint8_t fo_failure_secret[32]; +}; + +static struct private_key *private_key_768_from_external( + const struct MLKEM768_private_key *external) { + static_assert(sizeof(struct MLKEM768_private_key) >= + sizeof(struct private_key), + "MLKEM private key too small"); + static_assert(alignof(struct MLKEM768_private_key) >= + alignof(struct private_key), + "MLKEM private key alignment incorrect"); + return (struct private_key *)external; +} + +static struct private_key * +private_key_1024_from_external(const struct MLKEM1024_private_key *external) { + static_assert(sizeof(struct MLKEM1024_private_key) >= + sizeof(struct private_key), + "MLKEM1024 private key too small"); + static_assert(alignof(struct MLKEM1024_private_key) >= + alignof(struct private_key), + "MLKEM1024 private key alignment incorrect"); + return (struct private_key *)external; +} + +void MLKEM768_generate_key(uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES], + uint8_t optional_out_seed[MLKEM_SEED_BYTES], + struct MLKEM768_private_key *out_private_key) { + uint8_t seed[MLKEM_SEED_BYTES]; + RAND_bytes(seed, sizeof(seed)); + if (optional_out_seed) { + OPENSSL_memcpy(optional_out_seed, seed, sizeof(seed)); + } + MLKEM768_generate_key_external_seed(out_encoded_public_key, out_private_key, + seed); +} + +int MLKEM768_private_key_from_seed(struct MLKEM768_private_key *out_private_key, + const uint8_t *seed, size_t seed_len) { + if (seed_len != MLKEM_SEED_BYTES) { + return 0; + } + uint8_t public_key_bytes[MLKEM768_PUBLIC_KEY_BYTES]; + MLKEM768_generate_key_external_seed(public_key_bytes, out_private_key, seed); + return 1; +} + +void MLKEM1024_generate_key( + uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES], + uint8_t optional_out_seed[MLKEM_SEED_BYTES], + struct MLKEM1024_private_key *out_private_key) { + uint8_t seed[MLKEM_SEED_BYTES]; + RAND_bytes(seed, sizeof(seed)); + if (optional_out_seed) { + OPENSSL_memcpy(optional_out_seed, seed, sizeof(seed)); + } + MLKEM1024_generate_key_external_seed(out_encoded_public_key, out_private_key, + seed); +} + +int MLKEM1024_private_key_from_seed( + struct MLKEM1024_private_key *out_private_key, const uint8_t *seed, + size_t seed_len) { + if (seed_len != MLKEM_SEED_BYTES) { + return 0; + } + uint8_t public_key_bytes[MLKEM1024_PUBLIC_KEY_BYTES]; + MLKEM1024_generate_key_external_seed(public_key_bytes, out_private_key, seed); + return 1; +} + +template +static int mlkem_marshal_public_key(CBB *out, + const struct public_key *pub) { + uint8_t *vector_output; + if (!CBB_add_space(out, &vector_output, encoded_vector_size(RANK))) { + return 0; + } + vector_encode(vector_output, &pub->t, kLog2Prime); + if (!CBB_add_bytes(out, pub->rho, sizeof(pub->rho))) { + return 0; + } + return 1; +} + +template +void mlkem_generate_key_external_seed(uint8_t *out_encoded_public_key, + private_key *priv, + const uint8_t seed[MLKEM_SEED_BYTES]) { + uint8_t augmented_seed[33]; + OPENSSL_memcpy(augmented_seed, seed, 32); + augmented_seed[32] = RANK; + + uint8_t hashed[64]; + hash_g(hashed, augmented_seed, sizeof(augmented_seed)); + const uint8_t *const rho = hashed; + const uint8_t *const sigma = hashed + 32; + OPENSSL_memcpy(priv->pub.rho, hashed, sizeof(priv->pub.rho)); + matrix_expand(&priv->pub.m, rho); + uint8_t counter = 0; + vector_generate_secret_eta_2(&priv->s, &counter, sigma); + vector_ntt(&priv->s); + vector error; + vector_generate_secret_eta_2(&error, &counter, sigma); + vector_ntt(&error); + matrix_mult_transpose(&priv->pub.t, &priv->pub.m, &priv->s); + vector_add(&priv->pub.t, &error); + + CBB cbb; + CBB_init_fixed(&cbb, out_encoded_public_key, encoded_public_key_size(RANK)); + if (!mlkem_marshal_public_key(&cbb, &priv->pub)) { + abort(); + } + + hash_h(priv->pub.public_key_hash, out_encoded_public_key, + encoded_public_key_size(RANK)); + OPENSSL_memcpy(priv->fo_failure_secret, seed + 32, 32); +} + +void MLKEM768_generate_key_external_seed( + uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES], + struct MLKEM768_private_key *out_private_key, + const uint8_t seed[MLKEM_SEED_BYTES]) { + private_key *priv = private_key_768_from_external(out_private_key); + mlkem_generate_key_external_seed(out_encoded_public_key, priv, seed); +} + +void MLKEM1024_generate_key_external_seed( + uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES], + struct MLKEM1024_private_key *out_private_key, + const uint8_t seed[MLKEM_SEED_BYTES]) { + private_key *priv = private_key_1024_from_external(out_private_key); + mlkem_generate_key_external_seed(out_encoded_public_key, priv, seed); +} + +void MLKEM768_public_from_private( + struct MLKEM768_public_key *out_public_key, + const struct MLKEM768_private_key *private_key) { + struct public_key *const pub = + public_key_768_from_external(out_public_key); + const struct ::private_key *const priv = + private_key_768_from_external(private_key); + *pub = priv->pub; +} + +void MLKEM1024_public_from_private( + struct MLKEM1024_public_key *out_public_key, + const struct MLKEM1024_private_key *private_key) { + struct public_key *const pub = + public_key_1024_from_external(out_public_key); + const struct ::private_key *const priv = + private_key_1024_from_external(private_key); + *pub = priv->pub; +} + +// Encrypts a message with given randomness to +// the ciphertext in |out|. Without applying the Fujisaki-Okamoto transform this +// would not result in a CCA secure scheme, since lattice schemes are vulnerable +// to decryption failure oracles. +template +static void encrypt_cpa(uint8_t *out, const struct public_key *pub, + const uint8_t message[32], + const uint8_t randomness[32]) { + constexpr int du = RANK == RANK768 ? kDU768 : kDU1024; + constexpr int dv = RANK == RANK768 ? kDV768 : kDV1024; + + uint8_t counter = 0; + vector secret; + vector_generate_secret_eta_2(&secret, &counter, randomness); + vector_ntt(&secret); + vector error; + vector_generate_secret_eta_2(&error, &counter, randomness); + uint8_t input[33]; + OPENSSL_memcpy(input, randomness, 32); + input[32] = counter; + scalar scalar_error; + scalar_centered_binomial_distribution_eta_2_with_prf(&scalar_error, input); + vector u; + matrix_mult(&u, &pub->m, &secret); + vector_inverse_ntt(&u); + vector_add(&u, &error); + scalar v; + scalar_inner_product(&v, &pub->t, &secret); + scalar_inverse_ntt(&v); + scalar_add(&v, &scalar_error); + scalar expanded_message; + scalar_decode_1(&expanded_message, message); + scalar_decompress(&expanded_message, 1); + scalar_add(&v, &expanded_message); + vector_compress(&u, du); + vector_encode(out, &u, du); + scalar_compress(&v, dv); + scalar_encode(out + compressed_vector_size(RANK), &v, dv); +} + +// Calls |MLKEM768_encap_external_entropy| with random bytes from |RAND_bytes| +void MLKEM768_encap(uint8_t out_ciphertext[MLKEM768_CIPHERTEXT_BYTES], + uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], + const struct MLKEM768_public_key *public_key) { + uint8_t entropy[MLKEM_ENCAP_ENTROPY]; + RAND_bytes(entropy, MLKEM_ENCAP_ENTROPY); + MLKEM768_encap_external_entropy(out_ciphertext, out_shared_secret, public_key, + entropy); +} + +void MLKEM1024_encap(uint8_t out_ciphertext[MLKEM1024_CIPHERTEXT_BYTES], + uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], + const struct MLKEM1024_public_key *public_key) { + uint8_t entropy[MLKEM_ENCAP_ENTROPY]; + RAND_bytes(entropy, MLKEM_ENCAP_ENTROPY); + MLKEM1024_encap_external_entropy(out_ciphertext, out_shared_secret, + public_key, entropy); +} + +// See section 6.2. +template +static void mlkem_encap_external_entropy( + uint8_t *out_ciphertext, + uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], + const struct public_key *pub, + const uint8_t entropy[MLKEM_ENCAP_ENTROPY]) { + uint8_t input[64]; + OPENSSL_memcpy(input, entropy, MLKEM_ENCAP_ENTROPY); + OPENSSL_memcpy(input + MLKEM_ENCAP_ENTROPY, pub->public_key_hash, + sizeof(input) - MLKEM_ENCAP_ENTROPY); + uint8_t key_and_randomness[64]; + hash_g(key_and_randomness, input, sizeof(input)); + encrypt_cpa(out_ciphertext, pub, entropy, key_and_randomness + 32); + static_assert(MLKEM_SHARED_SECRET_BYTES == 32, ""); + memcpy(out_shared_secret, key_and_randomness, 32); +} + +void MLKEM768_encap_external_entropy( + uint8_t out_ciphertext[MLKEM768_CIPHERTEXT_BYTES], + uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], + const struct MLKEM768_public_key *public_key, + const uint8_t entropy[MLKEM_ENCAP_ENTROPY]) { + const struct ::public_key *pub = + public_key_768_from_external(public_key); + mlkem_encap_external_entropy(out_ciphertext, out_shared_secret, pub, entropy); +} + +void MLKEM1024_encap_external_entropy( + uint8_t out_ciphertext[MLKEM1024_CIPHERTEXT_BYTES], + uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], + const struct MLKEM1024_public_key *public_key, + const uint8_t entropy[MLKEM_ENCAP_ENTROPY]) { + const struct ::public_key *pub = + public_key_1024_from_external(public_key); + mlkem_encap_external_entropy(out_ciphertext, out_shared_secret, pub, entropy); +} + +template +static void decrypt_cpa(uint8_t out[32], const struct private_key *priv, + const uint8_t ciphertext[MLKEM768_CIPHERTEXT_BYTES]) { + constexpr int du = RANK == RANK768 ? kDU768 : kDU1024; + constexpr int dv = RANK == RANK768 ? kDV768 : kDV1024; + + vector u; + vector_decode(&u, ciphertext, du); + vector_decompress(&u, du); + vector_ntt(&u); + scalar v; + scalar_decode(&v, ciphertext + compressed_vector_size(RANK), dv); + scalar_decompress(&v, dv); + scalar mask; + scalar_inner_product(&mask, &priv->s, &u); + scalar_inverse_ntt(&mask); + scalar_sub(&v, &mask); + scalar_compress(&v, 1); + scalar_encode_1(out, &v); +} + +// See section 6.3 +template +static void mlkem_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], + const uint8_t *ciphertext, + const struct private_key *priv) { + uint8_t decrypted[64]; + decrypt_cpa(decrypted, priv, ciphertext); + OPENSSL_memcpy(decrypted + 32, priv->pub.public_key_hash, + sizeof(decrypted) - 32); + uint8_t key_and_randomness[64]; + hash_g(key_and_randomness, decrypted, sizeof(decrypted)); + constexpr size_t ciphertext_len = ciphertext_size(RANK); + uint8_t expected_ciphertext[MLKEM1024_CIPHERTEXT_BYTES]; + static_assert(ciphertext_len <= sizeof(expected_ciphertext), ""); + encrypt_cpa(expected_ciphertext, &priv->pub, decrypted, + key_and_randomness + 32); + + uint8_t failure_key[32]; + kdf(failure_key, priv->fo_failure_secret, ciphertext, ciphertext_len); + + uint8_t mask = constant_time_eq_int_8( + CRYPTO_memcmp(ciphertext, expected_ciphertext, ciphertext_len), 0); + for (int i = 0; i < MLKEM_SHARED_SECRET_BYTES; i++) { + out_shared_secret[i] = + constant_time_select_8(mask, key_and_randomness[i], failure_key[i]); + } +} + +int MLKEM768_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], + const uint8_t *ciphertext, size_t ciphertext_len, + const struct MLKEM768_private_key *private_key) { + if (ciphertext_len != MLKEM768_CIPHERTEXT_BYTES) { + RAND_bytes(out_shared_secret, MLKEM_SHARED_SECRET_BYTES); + return 0; + } + const struct ::private_key *priv = + private_key_768_from_external(private_key); + mlkem_decap(out_shared_secret, ciphertext, priv); + return 1; +} + +int MLKEM1024_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], + const uint8_t *ciphertext, size_t ciphertext_len, + const struct MLKEM1024_private_key *private_key) { + if (ciphertext_len != MLKEM1024_CIPHERTEXT_BYTES) { + RAND_bytes(out_shared_secret, MLKEM_SHARED_SECRET_BYTES); + return 0; + } + const struct ::private_key *priv = + private_key_1024_from_external(private_key); + mlkem_decap(out_shared_secret, ciphertext, priv); + return 1; +} + +int MLKEM768_marshal_public_key(CBB *out, + const struct MLKEM768_public_key *public_key) { + return mlkem_marshal_public_key(out, + public_key_768_from_external(public_key)); +} + +int MLKEM1024_marshal_public_key( + CBB *out, const struct MLKEM1024_public_key *public_key) { + return mlkem_marshal_public_key(out, + public_key_1024_from_external(public_key)); +} + +// mlkem_parse_public_key_no_hash parses |in| into |pub| but doesn't calculate +// the value of |pub->public_key_hash|. +template +static int mlkem_parse_public_key_no_hash(struct public_key *pub, + CBS *in) { + CBS t_bytes; + if (!CBS_get_bytes(in, &t_bytes, encoded_vector_size(RANK)) || + !vector_decode(&pub->t, CBS_data(&t_bytes), kLog2Prime) || + !CBS_copy_bytes(in, pub->rho, sizeof(pub->rho))) { + return 0; + } + matrix_expand(&pub->m, pub->rho); + return 1; +} + +template +static int mlkem_parse_public_key(struct public_key *pub, CBS *in) { + CBS orig_in = *in; + if (!mlkem_parse_public_key_no_hash(pub, in) || // + CBS_len(in) != 0) { + return 0; + } + hash_h(pub->public_key_hash, CBS_data(&orig_in), CBS_len(&orig_in)); + return 1; +} + +int MLKEM768_parse_public_key(struct MLKEM768_public_key *public_key, CBS *in) { + struct ::public_key *pub = public_key_768_from_external(public_key); + return mlkem_parse_public_key(pub, in); +} + +int MLKEM1024_parse_public_key(struct MLKEM1024_public_key *public_key, + CBS *in) { + struct ::public_key *pub = + public_key_1024_from_external(public_key); + return mlkem_parse_public_key(pub, in); +} + +template +static int mlkem_marshal_private_key(CBB *out, + const struct private_key *priv) { + uint8_t *s_output; + if (!CBB_add_space(out, &s_output, encoded_vector_size(RANK))) { + return 0; + } + vector_encode(s_output, &priv->s, kLog2Prime); + if (!mlkem_marshal_public_key(out, &priv->pub) || + !CBB_add_bytes(out, priv->pub.public_key_hash, + sizeof(priv->pub.public_key_hash)) || + !CBB_add_bytes(out, priv->fo_failure_secret, + sizeof(priv->fo_failure_secret))) { + return 0; + } + return 1; +} + +int MLKEM768_marshal_private_key( + CBB *out, const struct MLKEM768_private_key *private_key) { + const struct ::private_key *const priv = + private_key_768_from_external(private_key); + return mlkem_marshal_private_key(out, priv); +} + +int MLKEM1024_marshal_private_key( + CBB *out, const struct MLKEM1024_private_key *private_key) { + const struct ::private_key *const priv = + private_key_1024_from_external(private_key); + return mlkem_marshal_private_key(out, priv); +} + +template +static int mlkem_parse_private_key(struct private_key *priv, CBS *in) { + CBS s_bytes; + if (!CBS_get_bytes(in, &s_bytes, encoded_vector_size(RANK)) || + !vector_decode(&priv->s, CBS_data(&s_bytes), kLog2Prime) || + !mlkem_parse_public_key_no_hash(&priv->pub, in) || + !CBS_copy_bytes(in, priv->pub.public_key_hash, + sizeof(priv->pub.public_key_hash)) || + !CBS_copy_bytes(in, priv->fo_failure_secret, + sizeof(priv->fo_failure_secret)) || + CBS_len(in) != 0) { + return 0; + } + return 1; +} + +int MLKEM768_parse_private_key(struct MLKEM768_private_key *out_private_key, + CBS *in) { + struct private_key *const priv = + private_key_768_from_external(out_private_key); + return mlkem_parse_private_key(priv, in); +} + +int MLKEM1024_parse_private_key(struct MLKEM1024_private_key *out_private_key, + CBS *in) { + struct private_key *const priv = + private_key_1024_from_external(out_private_key); + return mlkem_parse_private_key(priv, in); +} diff --git a/Sources/CCryptoBoringSSL/crypto/obj/obj.c b/Sources/CCryptoBoringSSL/crypto/obj/obj.cc similarity index 92% rename from Sources/CCryptoBoringSSL/crypto/obj/obj.c rename to Sources/CCryptoBoringSSL/crypto/obj/obj.cc index 2a1c04ab..a8e30516 100644 --- a/Sources/CCryptoBoringSSL/crypto/obj/obj.c +++ b/Sources/CCryptoBoringSSL/crypto/obj/obj.cc @@ -116,7 +116,7 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) { r->ln = r->sn = NULL; // once data is attached to an object, it remains const - r->data = OPENSSL_memdup(o->data, o->length); + r->data = reinterpret_cast(OPENSSL_memdup(o->data, o->length)); if (o->length != 0 && r->data == NULL) { goto err; } @@ -191,7 +191,8 @@ static const ASN1_OBJECT *get_builtin_object(int nid) { // unsigned int in the array. static int obj_cmp(const void *key, const void *element) { uint16_t nid = *((const uint16_t *)element); - return OBJ_cmp(key, get_builtin_object(nid)); + return OBJ_cmp(reinterpret_cast(key), + get_builtin_object(nid)); } int OBJ_obj2nid(const ASN1_OBJECT *obj) { @@ -215,9 +216,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *obj) { } CRYPTO_MUTEX_unlock_read(&global_added_lock); - const uint16_t *nid_ptr = + const uint16_t *nid_ptr = reinterpret_cast( bsearch(obj, kNIDsInOIDOrder, OPENSSL_ARRAY_SIZE(kNIDsInOIDOrder), - sizeof(kNIDsInOIDOrder[0]), obj_cmp); + sizeof(kNIDsInOIDOrder[0]), obj_cmp)); if (nid_ptr == NULL) { return NID_undef; } @@ -251,10 +252,10 @@ static int short_name_cmp(const void *key, const void *element) { int OBJ_sn2nid(const char *short_name) { CRYPTO_MUTEX_lock_read(&global_added_lock); if (global_added_by_short_name != NULL) { - ASN1_OBJECT *match, template; + ASN1_OBJECT *match, templ; - template.sn = short_name; - match = lh_ASN1_OBJECT_retrieve(global_added_by_short_name, &template); + templ.sn = short_name; + match = lh_ASN1_OBJECT_retrieve(global_added_by_short_name, &templ); if (match != NULL) { CRYPTO_MUTEX_unlock_read(&global_added_lock); return match->nid; @@ -262,10 +263,10 @@ int OBJ_sn2nid(const char *short_name) { } CRYPTO_MUTEX_unlock_read(&global_added_lock); - const uint16_t *nid_ptr = + const uint16_t *nid_ptr = reinterpret_cast( bsearch(short_name, kNIDsInShortNameOrder, OPENSSL_ARRAY_SIZE(kNIDsInShortNameOrder), - sizeof(kNIDsInShortNameOrder[0]), short_name_cmp); + sizeof(kNIDsInShortNameOrder[0]), short_name_cmp)); if (nid_ptr == NULL) { return NID_undef; } @@ -286,10 +287,10 @@ static int long_name_cmp(const void *key, const void *element) { int OBJ_ln2nid(const char *long_name) { CRYPTO_MUTEX_lock_read(&global_added_lock); if (global_added_by_long_name != NULL) { - ASN1_OBJECT *match, template; + ASN1_OBJECT *match, templ; - template.ln = long_name; - match = lh_ASN1_OBJECT_retrieve(global_added_by_long_name, &template); + templ.ln = long_name; + match = lh_ASN1_OBJECT_retrieve(global_added_by_long_name, &templ); if (match != NULL) { CRYPTO_MUTEX_unlock_read(&global_added_lock); return match->nid; @@ -297,9 +298,9 @@ int OBJ_ln2nid(const char *long_name) { } CRYPTO_MUTEX_unlock_read(&global_added_lock); - const uint16_t *nid_ptr = bsearch( + const uint16_t *nid_ptr = reinterpret_cast(bsearch( long_name, kNIDsInLongNameOrder, OPENSSL_ARRAY_SIZE(kNIDsInLongNameOrder), - sizeof(kNIDsInLongNameOrder[0]), long_name_cmp); + sizeof(kNIDsInLongNameOrder[0]), long_name_cmp)); if (nid_ptr == NULL) { return NID_undef; } @@ -321,10 +322,8 @@ OPENSSL_EXPORT int OBJ_nid2cbb(CBB *out, int nid) { const ASN1_OBJECT *obj = OBJ_nid2obj(nid); CBB oid; - if (obj == NULL || - !CBB_add_asn1(out, &oid, CBS_ASN1_OBJECT) || - !CBB_add_bytes(&oid, obj->data, obj->length) || - !CBB_flush(out)) { + if (obj == NULL || !CBB_add_asn1(out, &oid, CBS_ASN1_OBJECT) || + !CBB_add_bytes(&oid, obj->data, obj->length) || !CBB_flush(out)) { return 0; } @@ -358,10 +357,10 @@ ASN1_OBJECT *OBJ_nid2obj(int nid) { CRYPTO_MUTEX_lock_read(&global_added_lock); if (global_added_by_nid != NULL) { - ASN1_OBJECT *match, template; + ASN1_OBJECT *match, templ; - template.nid = nid; - match = lh_ASN1_OBJECT_retrieve(global_added_by_nid, &template); + templ.nid = nid; + match = lh_ASN1_OBJECT_retrieve(global_added_by_nid, &templ); if (match != NULL) { CRYPTO_MUTEX_unlock_read(&global_added_lock); return match; @@ -473,9 +472,7 @@ int OBJ_obj2txt(char *out, int out_len, const ASN1_OBJECT *obj, return ret; } -static uint32_t hash_nid(const ASN1_OBJECT *obj) { - return obj->nid; -} +static uint32_t hash_nid(const ASN1_OBJECT *obj) { return obj->nid; } static int cmp_nid(const ASN1_OBJECT *a, const ASN1_OBJECT *b) { return a->nid - b->nid; @@ -519,13 +516,14 @@ static int obj_add_object(ASN1_OBJECT *obj) { lh_ASN1_OBJECT_new(hash_short_name, cmp_short_name); } if (global_added_by_long_name == NULL) { - global_added_by_long_name = lh_ASN1_OBJECT_new(hash_long_name, cmp_long_name); + global_added_by_long_name = + lh_ASN1_OBJECT_new(hash_long_name, cmp_long_name); } int ok = 0; - if (global_added_by_nid == NULL || - global_added_by_data == NULL || - global_added_by_short_name == NULL || + if (global_added_by_nid == NULL || // + global_added_by_data == NULL || // + global_added_by_short_name == NULL || // global_added_by_long_name == NULL) { goto err; } @@ -554,8 +552,7 @@ static int obj_add_object(ASN1_OBJECT *obj) { int OBJ_create(const char *oid, const char *short_name, const char *long_name) { ASN1_OBJECT *op = create_object_with_text_oid(obj_next_nid, oid, short_name, long_name); - if (op == NULL || - !obj_add_object(op)) { + if (op == NULL || !obj_add_object(op)) { return NID_undef; } return op->nid; diff --git a/Sources/CCryptoBoringSSL/crypto/obj/obj_xref.c b/Sources/CCryptoBoringSSL/crypto/obj/obj_xref.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/obj/obj_xref.c rename to Sources/CCryptoBoringSSL/crypto/obj/obj_xref.cc diff --git a/Sources/CCryptoBoringSSL/crypto/pem/pem_all.c b/Sources/CCryptoBoringSSL/crypto/pem/pem_all.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/pem/pem_all.c rename to Sources/CCryptoBoringSSL/crypto/pem/pem_all.cc diff --git a/Sources/CCryptoBoringSSL/crypto/pem/pem_info.c b/Sources/CCryptoBoringSSL/crypto/pem/pem_info.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/pem/pem_info.c rename to Sources/CCryptoBoringSSL/crypto/pem/pem_info.cc index d2622e23..007b27be 100644 --- a/Sources/CCryptoBoringSSL/crypto/pem/pem_info.c +++ b/Sources/CCryptoBoringSSL/crypto/pem/pem_info.cc @@ -71,7 +71,7 @@ static X509_PKEY *X509_PKEY_new(void) { - return OPENSSL_zalloc(sizeof(X509_PKEY)); + return reinterpret_cast(OPENSSL_zalloc(sizeof(X509_PKEY))); } static void X509_PKEY_free(X509_PKEY *x) { @@ -84,7 +84,7 @@ static void X509_PKEY_free(X509_PKEY *x) { } static X509_INFO *X509_INFO_new(void) { - return OPENSSL_zalloc(sizeof(X509_INFO)); + return reinterpret_cast(OPENSSL_zalloc(sizeof(X509_INFO))); } void X509_INFO_free(X509_INFO *x) { diff --git a/Sources/CCryptoBoringSSL/crypto/pem/pem_lib.c b/Sources/CCryptoBoringSSL/crypto/pem/pem_lib.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/pem/pem_lib.c rename to Sources/CCryptoBoringSSL/crypto/pem/pem_lib.cc index b291782e..496335fa 100644 --- a/Sources/CCryptoBoringSSL/crypto/pem/pem_lib.c +++ b/Sources/CCryptoBoringSSL/crypto/pem/pem_lib.cc @@ -467,8 +467,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) { p = header; for (;;) { c = *header; - if (!((c >= 'A' && c <= 'Z') || c == '-' || - OPENSSL_isdigit(c))) { + if (!((c >= 'A' && c <= 'Z') || c == '-' || OPENSSL_isdigit(c))) { break; } header++; @@ -553,7 +552,7 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header, } } - buf = OPENSSL_malloc(PEM_BUFSIZE * 8); + buf = reinterpret_cast(OPENSSL_malloc(PEM_BUFSIZE * 8)); if (buf == NULL) { goto err; } @@ -784,6 +783,6 @@ int PEM_def_callback(char *buf, int size, int rwflag, void *userdata) { if (len >= (size_t)size) { return -1; } - OPENSSL_strlcpy(buf, userdata, (size_t)size); + OPENSSL_strlcpy(buf, reinterpret_cast(userdata), (size_t)size); return (int)len; } diff --git a/Sources/CCryptoBoringSSL/crypto/pem/pem_oth.c b/Sources/CCryptoBoringSSL/crypto/pem/pem_oth.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/pem/pem_oth.c rename to Sources/CCryptoBoringSSL/crypto/pem/pem_oth.cc index cbc241a6..d8e31ed9 100644 --- a/Sources/CCryptoBoringSSL/crypto/pem/pem_oth.c +++ b/Sources/CCryptoBoringSSL/crypto/pem/pem_oth.cc @@ -78,7 +78,7 @@ void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, return NULL; } p = data; - ret = d2i(x, &p, len); + ret = reinterpret_cast(d2i(x, &p, len)); if (ret == NULL) { OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB); } diff --git a/Sources/CCryptoBoringSSL/crypto/pem/pem_pk8.c b/Sources/CCryptoBoringSSL/crypto/pem/pem_pk8.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/pem/pem_pk8.c rename to Sources/CCryptoBoringSSL/crypto/pem/pem_pk8.cc diff --git a/Sources/CCryptoBoringSSL/crypto/pem/pem_pkey.c b/Sources/CCryptoBoringSSL/crypto/pem/pem_pkey.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/pem/pem_pkey.c rename to Sources/CCryptoBoringSSL/crypto/pem/pem_pkey.cc diff --git a/Sources/CCryptoBoringSSL/crypto/pem/pem_x509.c b/Sources/CCryptoBoringSSL/crypto/pem/pem_x509.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/pem/pem_x509.c rename to Sources/CCryptoBoringSSL/crypto/pem/pem_x509.cc diff --git a/Sources/CCryptoBoringSSL/crypto/pem/pem_xaux.c b/Sources/CCryptoBoringSSL/crypto/pem/pem_xaux.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/pem/pem_xaux.c rename to Sources/CCryptoBoringSSL/crypto/pem/pem_xaux.cc diff --git a/Sources/CCryptoBoringSSL/crypto/pkcs7/pkcs7.c b/Sources/CCryptoBoringSSL/crypto/pkcs7/pkcs7.cc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/pkcs7/pkcs7.c rename to Sources/CCryptoBoringSSL/crypto/pkcs7/pkcs7.cc index 7483d8a8..43a92ff5 100644 --- a/Sources/CCryptoBoringSSL/crypto/pkcs7/pkcs7.c +++ b/Sources/CCryptoBoringSSL/crypto/pkcs7/pkcs7.cc @@ -20,8 +20,8 @@ #include #include -#include "internal.h" #include "../bytestring/internal.h" +#include "internal.h" // 1.2.840.113549.1.7.1 @@ -109,8 +109,7 @@ int PKCS7_get_raw_certificates(STACK_OF(CRYPTO_BUFFER) *out_certs, CBS *cbs, } CRYPTO_BUFFER *buf = CRYPTO_BUFFER_new_from_CBS(&cert, pool); - if (buf == NULL || - !sk_CRYPTO_BUFFER_push(out_certs, buf)) { + if (buf == NULL || !sk_CRYPTO_BUFFER_push(out_certs, buf)) { CRYPTO_BUFFER_free(buf); goto err; } @@ -132,7 +131,8 @@ int PKCS7_get_raw_certificates(STACK_OF(CRYPTO_BUFFER) *out_certs, CBS *cbs, } static int pkcs7_bundle_raw_certificates_cb(CBB *out, const void *arg) { - const STACK_OF(CRYPTO_BUFFER) *certs = arg; + const STACK_OF(CRYPTO_BUFFER) *certs = + reinterpret_cast(arg); CBB certificates; // See https://tools.ietf.org/html/rfc2315#section-9.1 diff --git a/Sources/CCryptoBoringSSL/crypto/pkcs7/pkcs7_x509.c b/Sources/CCryptoBoringSSL/crypto/pkcs7/pkcs7_x509.cc similarity index 91% rename from Sources/CCryptoBoringSSL/crypto/pkcs7/pkcs7_x509.c rename to Sources/CCryptoBoringSSL/crypto/pkcs7/pkcs7_x509.cc index 7aaabc79..a5d942aa 100644 --- a/Sources/CCryptoBoringSSL/crypto/pkcs7/pkcs7_x509.c +++ b/Sources/CCryptoBoringSSL/crypto/pkcs7/pkcs7_x509.cc @@ -26,24 +26,22 @@ #include #include -#include "internal.h" #include "../internal.h" +#include "internal.h" int PKCS7_get_certificates(STACK_OF(X509) *out_certs, CBS *cbs) { int ret = 0; const size_t initial_certs_len = sk_X509_num(out_certs); STACK_OF(CRYPTO_BUFFER) *raw = sk_CRYPTO_BUFFER_new_null(); - if (raw == NULL || - !PKCS7_get_raw_certificates(raw, cbs, NULL)) { + if (raw == NULL || !PKCS7_get_raw_certificates(raw, cbs, NULL)) { goto err; } for (size_t i = 0; i < sk_CRYPTO_BUFFER_num(raw); i++) { CRYPTO_BUFFER *buf = sk_CRYPTO_BUFFER_value(raw, i); X509 *x509 = X509_parse_from_buffer(buf); - if (x509 == NULL || - !sk_X509_push(out_certs, x509)) { + if (x509 == NULL || !sk_X509_push(out_certs, x509)) { X509_free(x509); goto err; } @@ -171,7 +169,7 @@ int PKCS7_get_PEM_CRLs(STACK_OF(X509_CRL) *out_crls, BIO *pem_bio) { } static int pkcs7_bundle_certificates_cb(CBB *out, const void *arg) { - const STACK_OF(X509) *certs = arg; + const STACK_OF(X509) *certs = reinterpret_cast(arg); size_t i; CBB certificates; @@ -186,8 +184,7 @@ static int pkcs7_bundle_certificates_cb(CBB *out, const void *arg) { uint8_t *buf; int len = i2d_X509(x509, NULL); - if (len < 0 || - !CBB_add_space(&certificates, &buf, len) || + if (len < 0 || !CBB_add_space(&certificates, &buf, len) || i2d_X509(x509, &buf) < 0) { return 0; } @@ -204,7 +201,8 @@ int PKCS7_bundle_certificates(CBB *out, const STACK_OF(X509) *certs) { } static int pkcs7_bundle_crls_cb(CBB *out, const void *arg) { - const STACK_OF(X509_CRL) *crls = arg; + const STACK_OF(X509_CRL) *crls = + reinterpret_cast(arg); size_t i; CBB crl_data; @@ -219,8 +217,7 @@ static int pkcs7_bundle_crls_cb(CBB *out, const void *arg) { uint8_t *buf; int len = i2d_X509_CRL(crl, NULL); - if (len < 0 || - !CBB_add_space(&crl_data, &buf, len) || + if (len < 0 || !CBB_add_space(&crl_data, &buf, len) || i2d_X509_CRL(crl, &buf) < 0) { return 0; } @@ -237,18 +234,19 @@ int PKCS7_bundle_CRLs(CBB *out, const STACK_OF(X509_CRL) *crls) { } static PKCS7 *pkcs7_new(CBS *cbs) { - PKCS7 *ret = OPENSSL_zalloc(sizeof(PKCS7)); + CBS copy = *cbs, copy2 = *cbs; + PKCS7 *ret = reinterpret_cast(OPENSSL_zalloc(sizeof(PKCS7))); if (ret == NULL) { return NULL; } ret->type = OBJ_nid2obj(NID_pkcs7_signed); - ret->d.sign = OPENSSL_malloc(sizeof(PKCS7_SIGNED)); + ret->d.sign = + reinterpret_cast(OPENSSL_malloc(sizeof(PKCS7_SIGNED))); if (ret->d.sign == NULL) { goto err; } ret->d.sign->cert = sk_X509_new_null(); ret->d.sign->crl = sk_X509_CRL_new_null(); - CBS copy = *cbs, copy2 = *cbs; if (ret->d.sign->cert == NULL || ret->d.sign->crl == NULL || !PKCS7_get_certificates(ret->d.sign->cert, ©) || !PKCS7_get_CRLs(ret->d.sign->crl, cbs)) { @@ -266,7 +264,8 @@ static PKCS7 *pkcs7_new(CBS *cbs) { } ret->ber_len = CBS_len(©2) - CBS_len(cbs); - ret->ber_bytes = OPENSSL_memdup(CBS_data(©2), ret->ber_len); + ret->ber_bytes = reinterpret_cast( + OPENSSL_memdup(CBS_data(©2), ret->ber_len)); if (ret->ber_bytes == NULL) { goto err; } @@ -278,8 +277,7 @@ static PKCS7 *pkcs7_new(CBS *cbs) { return NULL; } -PKCS7 *d2i_PKCS7(PKCS7 **out, const uint8_t **inp, - size_t len) { +PKCS7 *d2i_PKCS7(PKCS7 **out, const uint8_t **inp, size_t len) { CBS cbs; CBS_init(&cbs, *inp, len); PKCS7 *ret = pkcs7_new(&cbs); @@ -325,7 +323,8 @@ int i2d_PKCS7(const PKCS7 *p7, uint8_t **out) { } if (*out == NULL) { - *out = OPENSSL_memdup(p7->ber_bytes, p7->ber_len); + *out = + reinterpret_cast(OPENSSL_memdup(p7->ber_bytes, p7->ber_len)); if (*out == NULL) { return -1; } @@ -382,7 +381,7 @@ static int write_sha256_ai(CBB *digest_algos_set, const void *arg) { static int sign_sha256(uint8_t *out_sig, size_t *out_sig_len, size_t max_out_sig, EVP_PKEY *pkey, BIO *data) { static const size_t kBufSize = 4096; - uint8_t *buffer = OPENSSL_malloc(kBufSize); + uint8_t *buffer = reinterpret_cast(OPENSSL_malloc(kBufSize)); if (!buffer) { return 0; } @@ -427,7 +426,8 @@ struct signer_info_data { // https://datatracker.ietf.org/doc/html/rfc2315#section-9.2 to |out|. It // returns one on success or zero on error. static int write_signer_info(CBB *out, const void *arg) { - const struct signer_info_data *const si_data = arg; + const struct signer_info_data *const si_data = + reinterpret_cast(arg); int ret = 0; uint8_t *subject_bytes = NULL; @@ -440,8 +440,7 @@ static int write_signer_info(CBB *out, const void *arg) { &serial_bytes); CBB seq, issuer_and_serial, signing_algo, null, signature; - if (subject_len < 0 || - serial_len < 0 || + if (subject_len < 0 || serial_len < 0 || !CBB_add_asn1(out, &seq, CBS_ASN1_SEQUENCE) || // version !CBB_add_asn1_uint64(&seq, 1) || @@ -490,8 +489,10 @@ PKCS7 *PKCS7_sign(X509 *sign_cert, EVP_PKEY *pkey, STACK_OF(X509) *certs, // sign-file.c from the Linux kernel. const size_t signature_max_len = EVP_PKEY_size(pkey); struct signer_info_data si_data = { - .sign_cert = sign_cert, - .signature = OPENSSL_malloc(signature_max_len), + /*sign_cert=*/sign_cert, + /*signature=*/ + reinterpret_cast(OPENSSL_malloc(signature_max_len)), + /*signature_len=*/0, }; if (!si_data.signature || diff --git a/Sources/CCryptoBoringSSL/crypto/pkcs8/p5_pbev2.c b/Sources/CCryptoBoringSSL/crypto/pkcs8/p5_pbev2.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/pkcs8/p5_pbev2.c rename to Sources/CCryptoBoringSSL/crypto/pkcs8/p5_pbev2.cc diff --git a/Sources/CCryptoBoringSSL/crypto/pkcs8/pkcs8.c b/Sources/CCryptoBoringSSL/crypto/pkcs8/pkcs8.cc similarity index 67% rename from Sources/CCryptoBoringSSL/crypto/pkcs8/pkcs8.c rename to Sources/CCryptoBoringSSL/crypto/pkcs8/pkcs8.cc index fdc80e29..ab39d17e 100644 --- a/Sources/CCryptoBoringSSL/crypto/pkcs8/pkcs8.c +++ b/Sources/CCryptoBoringSSL/crypto/pkcs8/pkcs8.cc @@ -67,9 +67,9 @@ #include #include -#include "internal.h" #include "../bytestring/internal.h" #include "../internal.h" +#include "internal.h" static int pkcs12_encode_password(const char *in, size_t in_len, uint8_t **out, @@ -85,16 +85,14 @@ static int pkcs12_encode_password(const char *in, size_t in_len, uint8_t **out, CBS_init(&cbs, (const uint8_t *)in, in_len); while (CBS_len(&cbs) != 0) { uint32_t c; - if (!CBS_get_utf8(&cbs, &c) || - !CBB_add_ucs2_be(&cbb, c)) { + if (!CBS_get_utf8(&cbs, &c) || !CBB_add_ucs2_be(&cbb, c)) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_INVALID_CHARACTERS); goto err; } } // Terminate the result with a UCS-2 NUL. - if (!CBB_add_ucs2_be(&cbb, 0) || - !CBB_finish(&cbb, out, out_len)) { + if (!CBB_add_ucs2_be(&cbb, 0) || !CBB_finish(&cbb, out, out_len)) { goto err; } @@ -121,105 +119,108 @@ int pkcs12_key_gen(const char *pass, size_t pass_len, const uint8_t *salt, EVP_MD_CTX_init(&ctx); uint8_t *pass_raw = NULL, *I = NULL; size_t pass_raw_len = 0, I_len = 0; - // If |pass| is NULL, we use the empty string rather than {0, 0} as the raw - // password. - if (pass != NULL && - !pkcs12_encode_password(pass, pass_len, &pass_raw, &pass_raw_len)) { - goto err; - } - - // In the spec, |block_size| is called "v", but measured in bits. - size_t block_size = EVP_MD_block_size(md); - - // 1. Construct a string, D (the "diversifier"), by concatenating v/8 copies - // of ID. - uint8_t D[EVP_MAX_MD_BLOCK_SIZE]; - OPENSSL_memset(D, id, block_size); - - // 2. Concatenate copies of the salt together to create a string S of length - // v(ceiling(s/v)) bits (the final copy of the salt may be truncated to - // create S). Note that if the salt is the empty string, then so is S. - // - // 3. Concatenate copies of the password together to create a string P of - // length v(ceiling(p/v)) bits (the final copy of the password may be - // truncated to create P). Note that if the password is the empty string, - // then so is P. - // - // 4. Set I=S||P to be the concatenation of S and P. - if (salt_len + block_size - 1 < salt_len || - pass_raw_len + block_size - 1 < pass_raw_len) { - OPENSSL_PUT_ERROR(PKCS8, ERR_R_OVERFLOW); - goto err; - } - size_t S_len = block_size * ((salt_len + block_size - 1) / block_size); - size_t P_len = block_size * ((pass_raw_len + block_size - 1) / block_size); - I_len = S_len + P_len; - if (I_len < S_len) { - OPENSSL_PUT_ERROR(PKCS8, ERR_R_OVERFLOW); - goto err; - } - I = OPENSSL_malloc(I_len); - if (I_len != 0 && I == NULL) { - goto err; - } + { + // If |pass| is NULL, we use the empty string rather than {0, 0} as the raw + // password. + if (pass != NULL && + !pkcs12_encode_password(pass, pass_len, &pass_raw, &pass_raw_len)) { + goto err; + } - for (size_t i = 0; i < S_len; i++) { - I[i] = salt[i % salt_len]; - } - for (size_t i = 0; i < P_len; i++) { - I[i + S_len] = pass_raw[i % pass_raw_len]; - } + // In the spec, |block_size| is called "v", but measured in bits. + size_t block_size = EVP_MD_block_size(md); + + // 1. Construct a string, D (the "diversifier"), by concatenating v/8 copies + // of ID. + uint8_t D[EVP_MAX_MD_BLOCK_SIZE]; + OPENSSL_memset(D, id, block_size); + + // 2. Concatenate copies of the salt together to create a string S of length + // v(ceiling(s/v)) bits (the final copy of the salt may be truncated to + // create S). Note that if the salt is the empty string, then so is S. + // + // 3. Concatenate copies of the password together to create a string P of + // length v(ceiling(p/v)) bits (the final copy of the password may be + // truncated to create P). Note that if the password is the empty string, + // then so is P. + // + // 4. Set I=S||P to be the concatenation of S and P. + if (salt_len + block_size - 1 < salt_len || + pass_raw_len + block_size - 1 < pass_raw_len) { + OPENSSL_PUT_ERROR(PKCS8, ERR_R_OVERFLOW); + goto err; + } + size_t S_len = block_size * ((salt_len + block_size - 1) / block_size); + size_t P_len = block_size * ((pass_raw_len + block_size - 1) / block_size); + I_len = S_len + P_len; + if (I_len < S_len) { + OPENSSL_PUT_ERROR(PKCS8, ERR_R_OVERFLOW); + goto err; + } - while (out_len != 0) { - // A. Set A_i=H^r(D||I). (i.e., the r-th hash of D||I, - // H(H(H(... H(D||I)))) - uint8_t A[EVP_MAX_MD_SIZE]; - unsigned A_len; - if (!EVP_DigestInit_ex(&ctx, md, NULL) || - !EVP_DigestUpdate(&ctx, D, block_size) || - !EVP_DigestUpdate(&ctx, I, I_len) || - !EVP_DigestFinal_ex(&ctx, A, &A_len)) { + I = reinterpret_cast(OPENSSL_malloc(I_len)); + if (I_len != 0 && I == NULL) { goto err; } - for (uint32_t iter = 1; iter < iterations; iter++) { + + for (size_t i = 0; i < S_len; i++) { + I[i] = salt[i % salt_len]; + } + for (size_t i = 0; i < P_len; i++) { + I[i + S_len] = pass_raw[i % pass_raw_len]; + } + + while (out_len != 0) { + // A. Set A_i=H^r(D||I). (i.e., the r-th hash of D||I, + // H(H(H(... H(D||I)))) + uint8_t A[EVP_MAX_MD_SIZE]; + unsigned A_len; if (!EVP_DigestInit_ex(&ctx, md, NULL) || - !EVP_DigestUpdate(&ctx, A, A_len) || + !EVP_DigestUpdate(&ctx, D, block_size) || + !EVP_DigestUpdate(&ctx, I, I_len) || !EVP_DigestFinal_ex(&ctx, A, &A_len)) { goto err; } - } + for (uint32_t iter = 1; iter < iterations; iter++) { + if (!EVP_DigestInit_ex(&ctx, md, NULL) || + !EVP_DigestUpdate(&ctx, A, A_len) || + !EVP_DigestFinal_ex(&ctx, A, &A_len)) { + goto err; + } + } - size_t todo = out_len < A_len ? out_len : A_len; - OPENSSL_memcpy(out, A, todo); - out += todo; - out_len -= todo; - if (out_len == 0) { - break; - } + size_t todo = out_len < A_len ? out_len : A_len; + OPENSSL_memcpy(out, A, todo); + out += todo; + out_len -= todo; + if (out_len == 0) { + break; + } - // B. Concatenate copies of A_i to create a string B of length v bits (the - // final copy of A_i may be truncated to create B). - uint8_t B[EVP_MAX_MD_BLOCK_SIZE]; - for (size_t i = 0; i < block_size; i++) { - B[i] = A[i % A_len]; - } + // B. Concatenate copies of A_i to create a string B of length v bits (the + // final copy of A_i may be truncated to create B). + uint8_t B[EVP_MAX_MD_BLOCK_SIZE]; + for (size_t i = 0; i < block_size; i++) { + B[i] = A[i % A_len]; + } - // C. Treating I as a concatenation I_0, I_1, ..., I_(k-1) of v-bit blocks, - // where k=ceiling(s/v)+ceiling(p/v), modify I by setting I_j=(I_j+B+1) mod - // 2^v for each j. - assert(I_len % block_size == 0); - for (size_t i = 0; i < I_len; i += block_size) { - unsigned carry = 1; - for (size_t j = block_size - 1; j < block_size; j--) { - carry += I[i + j] + B[j]; - I[i + j] = (uint8_t)carry; - carry >>= 8; + // C. Treating I as a concatenation I_0, I_1, ..., I_(k-1) of v-bit + // blocks, where k=ceiling(s/v)+ceiling(p/v), modify I by setting + // I_j=(I_j+B+1) mod 2^v for each j. + assert(I_len % block_size == 0); + for (size_t i = 0; i < I_len; i += block_size) { + unsigned carry = 1; + for (size_t j = block_size - 1; j < block_size; j--) { + carry += I[i + j] + B[j]; + I[i + j] = (uint8_t)carry; + carry >>= 8; + } } } - } - ret = 1; + ret = 1; + } err: OPENSSL_free(I); @@ -260,8 +261,7 @@ static int pkcs12_pbe_decrypt_init(const struct pbe_suite *suite, if (!CBS_get_asn1(param, &pbe_param, CBS_ASN1_SEQUENCE) || !CBS_get_asn1(&pbe_param, &salt, CBS_ASN1_OCTETSTRING) || !CBS_get_asn1_uint64(&pbe_param, &iterations) || - CBS_len(&pbe_param) != 0 || - CBS_len(param) != 0) { + CBS_len(&pbe_param) != 0 || CBS_len(param) != 0) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); return 0; } @@ -319,8 +319,7 @@ static const struct pbe_suite *get_pkcs12_pbe_suite(int pbe_nid) { for (unsigned i = 0; i < OPENSSL_ARRAY_SIZE(kBuiltinPBE); i++) { if (kBuiltinPBE[i].pbe_nid == pbe_nid && // If |cipher_func| or |md_func| are missing, this is a PBES2 scheme. - kBuiltinPBE[i].cipher_func != NULL && - kBuiltinPBE[i].md_func != NULL) { + kBuiltinPBE[i].cipher_func != NULL && kBuiltinPBE[i].md_func != NULL) { return &kBuiltinPBE[i]; } } @@ -346,8 +345,7 @@ int pkcs12_pbe_encrypt_init(CBB *out, EVP_CIPHER_CTX *ctx, int alg, !CBB_add_asn1(&algorithm, ¶m, CBS_ASN1_SEQUENCE) || !CBB_add_asn1(¶m, &salt_cbb, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&salt_cbb, salt, salt_len) || - !CBB_add_asn1_uint64(¶m, iterations) || - !CBB_flush(out)) { + !CBB_add_asn1_uint64(¶m, iterations) || !CBB_flush(out)) { return 0; } @@ -359,17 +357,18 @@ int pkcs8_pbe_decrypt(uint8_t **out, size_t *out_len, CBS *algorithm, const char *pass, size_t pass_len, const uint8_t *in, size_t in_len) { int ret = 0; - uint8_t *buf = NULL;; + uint8_t *buf = NULL; + ; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); CBS obj; + const struct pbe_suite *suite = NULL; if (!CBS_get_asn1(algorithm, &obj, CBS_ASN1_OBJECT)) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); goto err; } - const struct pbe_suite *suite = NULL; for (unsigned i = 0; i < OPENSSL_ARRAY_SIZE(kBuiltinPBE); i++) { if (CBS_mem_equal(&obj, kBuiltinPBE[i].oid, kBuiltinPBE[i].oid_len)) { suite = &kBuiltinPBE[i]; @@ -386,7 +385,7 @@ int pkcs8_pbe_decrypt(uint8_t **out, size_t *out_len, CBS *algorithm, goto err; } - buf = OPENSSL_malloc(in_len); + buf = reinterpret_cast(OPENSSL_malloc(in_len)); if (buf == NULL) { goto err; } @@ -450,75 +449,77 @@ int PKCS8_marshal_encrypted_private_key(CBB *out, int pbe_nid, EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); - // Generate a random salt if necessary. - if (salt == NULL) { - if (salt_len == 0) { - salt_len = PKCS5_SALT_LEN; - } + { + // Generate a random salt if necessary. + if (salt == NULL) { + if (salt_len == 0) { + salt_len = PKCS5_SALT_LEN; + } - salt_buf = OPENSSL_malloc(salt_len); - if (salt_buf == NULL || - !RAND_bytes(salt_buf, salt_len)) { - goto err; + salt_buf = reinterpret_cast(OPENSSL_malloc(salt_len)); + if (salt_buf == NULL || !RAND_bytes(salt_buf, salt_len)) { + goto err; + } + + salt = salt_buf; } - salt = salt_buf; - } + if (iterations <= 0) { + iterations = PKCS12_DEFAULT_ITER; + } - if (iterations <= 0) { - iterations = PKCS12_DEFAULT_ITER; - } + // Serialize the input key. + CBB plaintext_cbb; + if (!CBB_init(&plaintext_cbb, 128) || + !EVP_marshal_private_key(&plaintext_cbb, pkey) || + !CBB_finish(&plaintext_cbb, &plaintext, &plaintext_len)) { + CBB_cleanup(&plaintext_cbb); + goto err; + } - // Serialize the input key. - CBB plaintext_cbb; - if (!CBB_init(&plaintext_cbb, 128) || - !EVP_marshal_private_key(&plaintext_cbb, pkey) || - !CBB_finish(&plaintext_cbb, &plaintext, &plaintext_len)) { - CBB_cleanup(&plaintext_cbb); - goto err; - } + CBB epki; + if (!CBB_add_asn1(out, &epki, CBS_ASN1_SEQUENCE)) { + goto err; + } - CBB epki; - if (!CBB_add_asn1(out, &epki, CBS_ASN1_SEQUENCE)) { - goto err; - } + // TODO(davidben): OpenSSL has since extended |pbe_nid| to control either + // the PBES1 scheme or the PBES2 PRF. E.g. passing |NID_hmacWithSHA256| will + // select PBES2 with HMAC-SHA256 as the PRF. Implement this if anything uses + // it. See 5693a30813a031d3921a016a870420e7eb93ec90 in OpenSSL. + int alg_ok; + if (pbe_nid == -1) { + alg_ok = + PKCS5_pbe2_encrypt_init(&epki, &ctx, cipher, (uint32_t)iterations, + pass, pass_len, salt, salt_len); + } else { + alg_ok = + pkcs12_pbe_encrypt_init(&epki, &ctx, pbe_nid, (uint32_t)iterations, + pass, pass_len, salt, salt_len); + } + if (!alg_ok) { + goto err; + } - // TODO(davidben): OpenSSL has since extended |pbe_nid| to control either the - // PBES1 scheme or the PBES2 PRF. E.g. passing |NID_hmacWithSHA256| will - // select PBES2 with HMAC-SHA256 as the PRF. Implement this if anything uses - // it. See 5693a30813a031d3921a016a870420e7eb93ec90 in OpenSSL. - int alg_ok; - if (pbe_nid == -1) { - alg_ok = PKCS5_pbe2_encrypt_init(&epki, &ctx, cipher, (uint32_t)iterations, - pass, pass_len, salt, salt_len); - } else { - alg_ok = pkcs12_pbe_encrypt_init(&epki, &ctx, pbe_nid, (uint32_t)iterations, - pass, pass_len, salt, salt_len); - } - if (!alg_ok) { - goto err; - } + size_t max_out = plaintext_len + EVP_CIPHER_CTX_block_size(&ctx); + if (max_out < plaintext_len) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_TOO_LONG); + goto err; + } - size_t max_out = plaintext_len + EVP_CIPHER_CTX_block_size(&ctx); - if (max_out < plaintext_len) { - OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_TOO_LONG); - goto err; - } + CBB ciphertext; + uint8_t *ptr; + int n1, n2; + if (!CBB_add_asn1(&epki, &ciphertext, CBS_ASN1_OCTETSTRING) || + !CBB_reserve(&ciphertext, &ptr, max_out) || + !EVP_CipherUpdate(&ctx, ptr, &n1, plaintext, plaintext_len) || + !EVP_CipherFinal_ex(&ctx, ptr + n1, &n2) || + !CBB_did_write(&ciphertext, n1 + n2) || !CBB_flush(out)) { + goto err; + } - CBB ciphertext; - uint8_t *ptr; - int n1, n2; - if (!CBB_add_asn1(&epki, &ciphertext, CBS_ASN1_OCTETSTRING) || - !CBB_reserve(&ciphertext, &ptr, max_out) || - !EVP_CipherUpdate(&ctx, ptr, &n1, plaintext, plaintext_len) || - !EVP_CipherFinal_ex(&ctx, ptr + n1, &n2) || - !CBB_did_write(&ciphertext, n1 + n2) || - !CBB_flush(out)) { - goto err; + ret = 1; } - ret = 1; - err: OPENSSL_free(plaintext); OPENSSL_free(salt_buf); diff --git a/Sources/CCryptoBoringSSL/crypto/pkcs8/pkcs8_x509.c b/Sources/CCryptoBoringSSL/crypto/pkcs8/pkcs8_x509.cc similarity index 90% rename from Sources/CCryptoBoringSSL/crypto/pkcs8/pkcs8_x509.c rename to Sources/CCryptoBoringSSL/crypto/pkcs8/pkcs8_x509.cc index 0fd27fee..f1f4634e 100644 --- a/Sources/CCryptoBoringSSL/crypto/pkcs8/pkcs8_x509.c +++ b/Sources/CCryptoBoringSSL/crypto/pkcs8/pkcs8_x509.cc @@ -57,14 +57,14 @@ #include -#include #include +#include #include #include #include +#include #include #include -#include #include #include #include @@ -126,13 +126,12 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey) { CBB cbb; uint8_t *der = NULL; size_t der_len; - if (!CBB_init(&cbb, 0) || - !EVP_marshal_private_key(&cbb, pkey) || - !CBB_finish(&cbb, &der, &der_len) || - der_len > LONG_MAX) { + if (!CBB_init(&cbb, 0) || !EVP_marshal_private_key(&cbb, pkey) || + !CBB_finish(&cbb, &der, &der_len) || der_len > LONG_MAX) { CBB_cleanup(&cbb); OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_ENCODE_ERROR); - goto err; + OPENSSL_free(der); + return NULL; } const uint8_t *p = der; @@ -203,6 +202,7 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, X509_SIG *ret = NULL; uint8_t *der = NULL; + const uint8_t *ptr; size_t der_len; CBB cbb; if (!CBB_init(&cbb, 128) || @@ -215,7 +215,7 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, } // Convert back to legacy ASN.1 objects. - const uint8_t *ptr = der; + ptr = der; ret = d2i_X509_SIG(NULL, &ptr, der_len); if (ret == NULL || ptr != der + der_len) { OPENSSL_PUT_ERROR(PKCS8, ERR_R_INTERNAL_ERROR); @@ -255,8 +255,7 @@ static int PKCS12_handle_sequence( } CBS child; - if (!CBS_get_asn1(&in, &child, CBS_ASN1_SEQUENCE) || - CBS_len(&in) != 0) { + if (!CBS_get_asn1(&in, &child, CBS_ASN1_SEQUENCE) || CBS_len(&in) != 0) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -318,8 +317,7 @@ static int parse_bag_attributes(CBS *attrs, uint8_t **out_friendly_name, CBS attr, oid, values; if (!CBS_get_asn1(attrs, &attr, CBS_ASN1_SEQUENCE) || !CBS_get_asn1(&attr, &oid, CBS_ASN1_OBJECT) || - !CBS_get_asn1(&attr, &values, CBS_ASN1_SET) || - CBS_len(&attr) != 0) { + !CBS_get_asn1(&attr, &values, CBS_ASN1_SET) || CBS_len(&attr) != 0) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -328,8 +326,7 @@ static int parse_bag_attributes(CBS *attrs, uint8_t **out_friendly_name, CBS value; if (*out_friendly_name != NULL || !CBS_get_asn1(&values, &value, CBS_ASN1_BMPSTRING) || - CBS_len(&values) != 0 || - CBS_len(&value) == 0) { + CBS_len(&values) != 0 || CBS_len(&value) == 0) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -340,8 +337,7 @@ static int parse_bag_attributes(CBS *attrs, uint8_t **out_friendly_name, } while (CBS_len(&value) != 0) { uint32_t c; - if (!CBS_get_ucs2_be(&value, &c) || - !CBB_add_utf8(&cbb, c)) { + if (!CBS_get_ucs2_be(&value, &c) || !CBB_add_utf8(&cbb, c)) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_INVALID_CHARACTERS); CBB_cleanup(&cbb); goto err; @@ -454,8 +450,7 @@ static int PKCS12_handle_safe_bag(CBS *safe_bag, struct pkcs12_context *ctx) { int ok = friendly_name_len == 0 || X509_alias_set1(x509, friendly_name, friendly_name_len); OPENSSL_free(friendly_name); - if (!ok || - 0 == sk_X509_push(ctx->out_certs, x509)) { + if (!ok || 0 == sk_X509_push(ctx->out_certs, x509)) { X509_free(x509); return 0; } @@ -485,7 +480,7 @@ static int PKCS12_handle_content_info(CBS *content_info, if (!CBS_get_asn1(content_info, &content_type, CBS_ASN1_OBJECT) || !CBS_get_asn1(content_info, &wrapped_contents, - CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) || + CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) || CBS_len(content_info) != 0) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; @@ -511,9 +506,9 @@ static int PKCS12_handle_content_info(CBS *content_info, // AlgorithmIdentifier, see // https://tools.ietf.org/html/rfc5280#section-4.1.1.2 !CBS_get_asn1(&eci, &ai, CBS_ASN1_SEQUENCE) || - !CBS_get_asn1_implicit_string( - &eci, &encrypted_contents, &storage, - CBS_ASN1_CONTEXT_SPECIFIC | 0, CBS_ASN1_OCTETSTRING)) { + !CBS_get_asn1_implicit_string(&eci, &encrypted_contents, &storage, + CBS_ASN1_CONTEXT_SPECIFIC | 0, + CBS_ASN1_OCTETSTRING)) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -605,8 +600,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, // See ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf, section // four. - if (!CBS_get_asn1(&in, &pfx, CBS_ASN1_SEQUENCE) || - CBS_len(&in) != 0 || + if (!CBS_get_asn1(&in, &pfx, CBS_ASN1_SEQUENCE) || CBS_len(&in) != 0 || !CBS_get_asn1_uint64(&pfx, &version)) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; @@ -636,7 +630,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, // https://tools.ietf.org/html/rfc2315#section-7. if (!CBS_get_asn1(&authsafe, &content_type, CBS_ASN1_OBJECT) || !CBS_get_asn1(&authsafe, &wrapped_authsafes, - CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) { + CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -742,12 +736,13 @@ struct pkcs12_st { PKCS12 *d2i_PKCS12(PKCS12 **out_p12, const uint8_t **ber_bytes, size_t ber_len) { - PKCS12 *p12 = OPENSSL_malloc(sizeof(PKCS12)); + PKCS12 *p12 = reinterpret_cast(OPENSSL_malloc(sizeof(PKCS12))); if (!p12) { return NULL; } - p12->ber_bytes = OPENSSL_memdup(*ber_bytes, ber_len); + p12->ber_bytes = + reinterpret_cast(OPENSSL_memdup(*ber_bytes, ber_len)); if (!p12->ber_bytes) { OPENSSL_free(p12); return NULL; @@ -764,7 +759,7 @@ PKCS12 *d2i_PKCS12(PKCS12 **out_p12, const uint8_t **ber_bytes, return p12; } -PKCS12* d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12) { +PKCS12 *d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12) { size_t used = 0; BUF_MEM *buf; const uint8_t *dummy; @@ -801,13 +796,12 @@ PKCS12* d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12) { continue; } - if (buf->length > kMaxSize || - BUF_MEM_grow(buf, buf->length * 2) == 0) { + if (buf->length > kMaxSize || BUF_MEM_grow(buf, buf->length * 2) == 0) { goto out; } } - dummy = (uint8_t*) buf->data; + dummy = (uint8_t *)buf->data; ret = d2i_PKCS12(out_p12, &dummy, used); out: @@ -815,7 +809,7 @@ PKCS12* d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12) { return ret; } -PKCS12* d2i_PKCS12_fp(FILE *fp, PKCS12 **out_p12) { +PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **out_p12) { BIO *bio; PKCS12 *ret; @@ -840,7 +834,8 @@ int i2d_PKCS12(const PKCS12 *p12, uint8_t **out) { } if (*out == NULL) { - *out = OPENSSL_memdup(p12->ber_bytes, p12->ber_len); + *out = reinterpret_cast( + OPENSSL_memdup(p12->ber_bytes, p12->ber_len)); if (*out == NULL) { return -1; } @@ -968,8 +963,7 @@ static int add_bag_attributes(CBB *bag, const char *name, size_t name_len, CBS_init(&name_cbs, (const uint8_t *)name, name_len); while (CBS_len(&name_cbs) != 0) { uint32_t c; - if (!CBS_get_utf8(&name_cbs, &c) || - !CBB_add_ucs2_be(&value, c)) { + if (!CBS_get_utf8(&name_cbs, &c) || !CBB_add_ucs2_be(&value, c)) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_INVALID_CHARACTERS); return 0; } @@ -986,14 +980,13 @@ static int add_bag_attributes(CBB *bag, const char *name, size_t name_len, return 0; } } - return CBB_flush_asn1_set_of(&attrs) && - CBB_flush(bag); + return CBB_flush_asn1_set_of(&attrs) && CBB_flush(bag); } static int add_cert_bag(CBB *cbb, X509 *cert, const char *name, const uint8_t *key_id, size_t key_id_len) { CBB bag, bag_oid, bag_contents, cert_bag, cert_type, wrapped_cert, cert_value; - if (// See https://tools.ietf.org/html/rfc7292#section-4.2. + if ( // See https://tools.ietf.org/html/rfc7292#section-4.2. !CBB_add_asn1(cbb, &bag, CBS_ASN1_SEQUENCE) || !CBB_add_asn1(&bag, &bag_oid, CBS_ASN1_OBJECT) || !CBB_add_bytes(&bag_oid, kCertBag, sizeof(kCertBag)) || @@ -1024,8 +1017,7 @@ static int add_cert_bag(CBB *cbb, X509 *cert, const char *name, name = cert_name; } - if (len < 0 || - !CBB_add_space(&cert_value, &buf, (size_t)len) || + if (len < 0 || !CBB_add_space(&cert_value, &buf, (size_t)len) || i2d_X509(cert, &buf) < 0 || !add_bag_attributes(&bag, name, name_len, key_id, key_id_len) || !CBB_flush(cbb)) { @@ -1067,7 +1059,7 @@ static int add_encrypted_data(CBB *out, int pbe_nid, const char *password, EVP_CIPHER_CTX_init(&ctx); CBB content_info, type, wrapper, encrypted_data, encrypted_content_info, inner_type, encrypted_content; - if (// Add the ContentInfo wrapping. + if ( // Add the ContentInfo wrapping. !CBB_add_asn1(out, &content_info, CBS_ASN1_SEQUENCE) || !CBB_add_asn1(&content_info, &type, CBS_ASN1_OBJECT) || !CBB_add_bytes(&type, kPKCS7EncryptedData, sizeof(kPKCS7EncryptedData)) || @@ -1092,20 +1084,21 @@ static int add_encrypted_data(CBB *out, int pbe_nid, const char *password, goto err; } - size_t max_out = in_len + EVP_CIPHER_CTX_block_size(&ctx); - if (max_out < in_len) { - OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_TOO_LONG); - goto err; - } + { + size_t max_out = in_len + EVP_CIPHER_CTX_block_size(&ctx); + if (max_out < in_len) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_TOO_LONG); + goto err; + } - uint8_t *ptr; - int n1, n2; - if (!CBB_reserve(&encrypted_content, &ptr, max_out) || - !EVP_CipherUpdate(&ctx, ptr, &n1, in, in_len) || - !EVP_CipherFinal_ex(&ctx, ptr + n1, &n2) || - !CBB_did_write(&encrypted_content, n1 + n2) || - !CBB_flush(out)) { - goto err; + uint8_t *ptr; + int n1, n2; + if (!CBB_reserve(&encrypted_content, &ptr, max_out) || + !EVP_CipherUpdate(&ctx, ptr, &n1, in, in_len) || + !EVP_CipherFinal_ex(&ctx, ptr + n1, &n2) || + !CBB_did_write(&encrypted_content, n1 + n2) || !CBB_flush(out)) { + goto err; + } } ret = 1; @@ -1117,7 +1110,7 @@ static int add_encrypted_data(CBB *out, int pbe_nid, const char *password, PKCS12 *PKCS12_create(const char *password, const char *name, const EVP_PKEY *pkey, X509 *cert, - const STACK_OF(X509)* chain, int key_nid, int cert_nid, + const STACK_OF(X509) *chain, int key_nid, int cert_nid, int iterations, int mac_iterations, int key_type) { if (key_nid == 0) { key_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; @@ -1131,8 +1124,8 @@ PKCS12 *PKCS12_create(const char *password, const char *name, if (mac_iterations == 0) { mac_iterations = 1; } - if (// In OpenSSL, this specifies a non-standard Microsoft key usage extension - // which we do not currently support. + if ( // In OpenSSL, this specifies a non-standard Microsoft key usage + // extension which we do not currently support. key_type != 0 || // In OpenSSL, -1 here means to omit the MAC, which we do not // currently support. Omitting it is also invalid for a password-based @@ -1196,8 +1189,7 @@ PKCS12 *PKCS12_create(const char *password, const char *name, CBB cbb, pfx, auth_safe, auth_safe_oid, auth_safe_wrapper, auth_safe_data, content_infos; uint8_t mac_key[EVP_MAX_MD_SIZE]; - if (!CBB_init(&cbb, 0) || - !CBB_add_asn1(&cbb, &pfx, CBS_ASN1_SEQUENCE) || + if (!CBB_init(&cbb, 0) || !CBB_add_asn1(&cbb, &pfx, CBS_ASN1_SEQUENCE) || !CBB_add_asn1_uint64(&pfx, 3) || // auth_safe is a data ContentInfo. !CBB_add_asn1(&pfx, &auth_safe, CBS_ASN1_SEQUENCE) || @@ -1256,7 +1248,7 @@ PKCS12 *PKCS12_create(const char *password, const char *name, if (pkey != NULL) { CBB content_info, oid, wrapper, data, safe_contents, bag, bag_oid, bag_contents; - if (// Add another data ContentInfo. + if ( // Add another data ContentInfo. !CBB_add_asn1(&content_infos, &content_info, CBS_ASN1_SEQUENCE) || !CBB_add_asn1(&content_info, &oid, CBS_ASN1_OBJECT) || !CBB_add_bytes(&oid, kPKCS7Data, sizeof(kPKCS7Data)) || @@ -1298,43 +1290,44 @@ PKCS12 *PKCS12_create(const char *password, const char *name, } } - // Compute the MAC. Match OpenSSL in using SHA-1 as the hash function. The MAC - // covers |auth_safe_data|. - const EVP_MD *mac_md = EVP_sha1(); - uint8_t mac_salt[PKCS5_SALT_LEN]; - uint8_t mac[EVP_MAX_MD_SIZE]; - unsigned mac_len; - if (!CBB_flush(&auth_safe_data) || - !RAND_bytes(mac_salt, sizeof(mac_salt)) || - !pkcs12_key_gen(password, password_len, mac_salt, sizeof(mac_salt), - PKCS12_MAC_ID, mac_iterations, EVP_MD_size(mac_md), - mac_key, mac_md) || - !HMAC(mac_md, mac_key, EVP_MD_size(mac_md), CBB_data(&auth_safe_data), - CBB_len(&auth_safe_data), mac, &mac_len)) { - goto err; - } + { + // Compute the MAC. Match OpenSSL in using SHA-1 as the hash function. The + // MAC covers |auth_safe_data|. + const EVP_MD *mac_md = EVP_sha1(); + uint8_t mac_salt[PKCS5_SALT_LEN]; + uint8_t mac[EVP_MAX_MD_SIZE]; + unsigned mac_len; + if (!CBB_flush(&auth_safe_data) || + !RAND_bytes(mac_salt, sizeof(mac_salt)) || + !pkcs12_key_gen(password, password_len, mac_salt, sizeof(mac_salt), + PKCS12_MAC_ID, mac_iterations, EVP_MD_size(mac_md), + mac_key, mac_md) || + !HMAC(mac_md, mac_key, EVP_MD_size(mac_md), CBB_data(&auth_safe_data), + CBB_len(&auth_safe_data), mac, &mac_len)) { + goto err; + } - CBB mac_data, digest_info, mac_cbb, mac_salt_cbb; - if (!CBB_add_asn1(&pfx, &mac_data, CBS_ASN1_SEQUENCE) || - !CBB_add_asn1(&mac_data, &digest_info, CBS_ASN1_SEQUENCE) || - !EVP_marshal_digest_algorithm(&digest_info, mac_md) || - !CBB_add_asn1(&digest_info, &mac_cbb, CBS_ASN1_OCTETSTRING) || - !CBB_add_bytes(&mac_cbb, mac, mac_len) || - !CBB_add_asn1(&mac_data, &mac_salt_cbb, CBS_ASN1_OCTETSTRING) || - !CBB_add_bytes(&mac_salt_cbb, mac_salt, sizeof(mac_salt)) || - // The iteration count has a DEFAULT of 1, but RFC 7292 says "The default - // is for historical reasons and its use is deprecated." Thus we - // explicitly encode the iteration count, though it is not valid DER. - !CBB_add_asn1_uint64(&mac_data, mac_iterations)) { - goto err; - } + CBB mac_data, digest_info, mac_cbb, mac_salt_cbb; + if (!CBB_add_asn1(&pfx, &mac_data, CBS_ASN1_SEQUENCE) || + !CBB_add_asn1(&mac_data, &digest_info, CBS_ASN1_SEQUENCE) || + !EVP_marshal_digest_algorithm(&digest_info, mac_md) || + !CBB_add_asn1(&digest_info, &mac_cbb, CBS_ASN1_OCTETSTRING) || + !CBB_add_bytes(&mac_cbb, mac, mac_len) || + !CBB_add_asn1(&mac_data, &mac_salt_cbb, CBS_ASN1_OCTETSTRING) || + !CBB_add_bytes(&mac_salt_cbb, mac_salt, sizeof(mac_salt)) || + // The iteration count has a DEFAULT of 1, but RFC 7292 says "The + // default is for historical reasons and its use is deprecated." Thus we + // explicitly encode the iteration count, though it is not valid DER. + !CBB_add_asn1_uint64(&mac_data, mac_iterations)) { + goto err; + } - ret = OPENSSL_malloc(sizeof(PKCS12)); - if (ret == NULL || - !CBB_finish(&cbb, &ret->ber_bytes, &ret->ber_len)) { - OPENSSL_free(ret); - ret = NULL; - goto err; + ret = reinterpret_cast(OPENSSL_malloc(sizeof(PKCS12))); + if (ret == NULL || !CBB_finish(&cbb, &ret->ber_bytes, &ret->ber_len)) { + OPENSSL_free(ret); + ret = NULL; + goto err; + } } err: diff --git a/Sources/CCryptoBoringSSL/crypto/poly1305/poly1305.c b/Sources/CCryptoBoringSSL/crypto/poly1305/poly1305.cc similarity index 99% rename from Sources/CCryptoBoringSSL/crypto/poly1305/poly1305.c rename to Sources/CCryptoBoringSSL/crypto/poly1305/poly1305.cc index 89fc36e1..49161789 100644 --- a/Sources/CCryptoBoringSSL/crypto/poly1305/poly1305.c +++ b/Sources/CCryptoBoringSSL/crypto/poly1305/poly1305.cc @@ -21,8 +21,8 @@ #include #include -#include "internal.h" #include "../internal.h" +#include "internal.h" #if !defined(BORINGSSL_HAS_UINT128) || !defined(OPENSSL_X86_64) @@ -44,7 +44,7 @@ static_assert( static inline struct poly1305_state_st *poly1305_aligned_state( poly1305_state *state) { - return align_pointer(state, 64); + return reinterpret_cast(align_pointer(state, 64)); } // poly1305_blocks updates |state| given some amount of input data. This diff --git a/Sources/CCryptoBoringSSL/crypto/poly1305/poly1305_arm.c b/Sources/CCryptoBoringSSL/crypto/poly1305/poly1305_arm.cc similarity index 99% rename from Sources/CCryptoBoringSSL/crypto/poly1305/poly1305_arm.c rename to Sources/CCryptoBoringSSL/crypto/poly1305/poly1305_arm.cc index aaa00750..b8c9380e 100644 --- a/Sources/CCryptoBoringSSL/crypto/poly1305/poly1305_arm.c +++ b/Sources/CCryptoBoringSSL/crypto/poly1305/poly1305_arm.cc @@ -33,11 +33,13 @@ typedef struct { #define addmulmod openssl_poly1305_neon2_addmulmod #define blocks openssl_poly1305_neon2_blocks +extern "C" { extern void addmulmod(fe1305x2 *r, const fe1305x2 *x, const fe1305x2 *y, const fe1305x2 *c); extern int blocks(fe1305x2 *h, const fe1305x2 *precomp, const uint8_t *in, size_t inlen); +} static void freeze(fe1305x2 *r) { int i; @@ -175,7 +177,7 @@ static void fe1305x2_frombytearray(fe1305x2 *r, const uint8_t *x, size_t xlen) { } } -static const alignas(16) fe1305x2 zero; +static const fe1305x2 zero alignas(16) = {0}; struct poly1305_state_st { uint8_t data[sizeof(fe1305x2[5]) + 128]; diff --git a/Sources/CCryptoBoringSSL/crypto/poly1305/poly1305_vec.c b/Sources/CCryptoBoringSSL/crypto/poly1305/poly1305_vec.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/poly1305/poly1305_vec.c rename to Sources/CCryptoBoringSSL/crypto/poly1305/poly1305_vec.cc diff --git a/Sources/CCryptoBoringSSL/crypto/pool/pool.c b/Sources/CCryptoBoringSSL/crypto/pool/pool.cc similarity index 92% rename from Sources/CCryptoBoringSSL/crypto/pool/pool.c rename to Sources/CCryptoBoringSSL/crypto/pool/pool.cc index d67ca47f..6761837e 100644 --- a/Sources/CCryptoBoringSSL/crypto/pool/pool.c +++ b/Sources/CCryptoBoringSSL/crypto/pool/pool.cc @@ -41,8 +41,9 @@ static int CRYPTO_BUFFER_cmp(const CRYPTO_BUFFER *a, const CRYPTO_BUFFER *b) { return OPENSSL_memcmp(a->data, b->data, a->len); } -CRYPTO_BUFFER_POOL* CRYPTO_BUFFER_POOL_new(void) { - CRYPTO_BUFFER_POOL *pool = OPENSSL_zalloc(sizeof(CRYPTO_BUFFER_POOL)); +CRYPTO_BUFFER_POOL *CRYPTO_BUFFER_POOL_new(void) { + CRYPTO_BUFFER_POOL *pool = reinterpret_cast( + OPENSSL_zalloc(sizeof(CRYPTO_BUFFER_POOL))); if (pool == NULL) { return NULL; } @@ -87,7 +88,7 @@ static CRYPTO_BUFFER *crypto_buffer_new(const uint8_t *data, size_t len, CRYPTO_BUFFER_POOL *pool) { if (pool != NULL) { CRYPTO_BUFFER tmp; - tmp.data = (uint8_t *) data; + tmp.data = (uint8_t *)data; tmp.len = len; tmp.pool = pool; @@ -108,7 +109,8 @@ static CRYPTO_BUFFER *crypto_buffer_new(const uint8_t *data, size_t len, } } - CRYPTO_BUFFER *const buf = OPENSSL_zalloc(sizeof(CRYPTO_BUFFER)); + CRYPTO_BUFFER *const buf = + reinterpret_cast(OPENSSL_zalloc(sizeof(CRYPTO_BUFFER))); if (buf == NULL) { return NULL; } @@ -117,7 +119,7 @@ static CRYPTO_BUFFER *crypto_buffer_new(const uint8_t *data, size_t len, buf->data = (uint8_t *)data; buf->data_is_static = 1; } else { - buf->data = OPENSSL_memdup(data, len); + buf->data = reinterpret_cast(OPENSSL_memdup(data, len)); if (len != 0 && buf->data == NULL) { OPENSSL_free(buf); return NULL; @@ -168,12 +170,13 @@ CRYPTO_BUFFER *CRYPTO_BUFFER_new(const uint8_t *data, size_t len, } CRYPTO_BUFFER *CRYPTO_BUFFER_alloc(uint8_t **out_data, size_t len) { - CRYPTO_BUFFER *const buf = OPENSSL_zalloc(sizeof(CRYPTO_BUFFER)); + CRYPTO_BUFFER *const buf = + reinterpret_cast(OPENSSL_zalloc(sizeof(CRYPTO_BUFFER))); if (buf == NULL) { return NULL; } - buf->data = OPENSSL_malloc(len); + buf->data = reinterpret_cast(OPENSSL_malloc(len)); if (len != 0 && buf->data == NULL) { OPENSSL_free(buf); return NULL; @@ -252,9 +255,7 @@ const uint8_t *CRYPTO_BUFFER_data(const CRYPTO_BUFFER *buf) { return buf->data; } -size_t CRYPTO_BUFFER_len(const CRYPTO_BUFFER *buf) { - return buf->len; -} +size_t CRYPTO_BUFFER_len(const CRYPTO_BUFFER *buf) { return buf->len; } void CRYPTO_BUFFER_init_CBS(const CRYPTO_BUFFER *buf, CBS *out) { CBS_init(out, buf->data, buf->len); diff --git a/Sources/CCryptoBoringSSL/crypto/rand_extra/deterministic.c b/Sources/CCryptoBoringSSL/crypto/rand_extra/deterministic.cc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/rand_extra/deterministic.c rename to Sources/CCryptoBoringSSL/crypto/rand_extra/deterministic.cc index 0c2c5a9d..3204cca1 100644 --- a/Sources/CCryptoBoringSSL/crypto/rand_extra/deterministic.c +++ b/Sources/CCryptoBoringSSL/crypto/rand_extra/deterministic.cc @@ -39,7 +39,7 @@ void RAND_reset_for_fuzzing(void) { g_num_calls = 0; } void CRYPTO_init_sysrand(void) {} void CRYPTO_sysrand(uint8_t *out, size_t requested) { - static const uint8_t kZeroKey[32]; + static const uint8_t kZeroKey[32] = {0}; CRYPTO_MUTEX_lock_write(&g_num_calls_lock); uint64_t num_calls = g_num_calls++; diff --git a/Sources/CCryptoBoringSSL/crypto/rand_extra/fork_detect.c b/Sources/CCryptoBoringSSL/crypto/rand_extra/fork_detect.cc similarity index 95% rename from Sources/CCryptoBoringSSL/crypto/rand_extra/fork_detect.c rename to Sources/CCryptoBoringSSL/crypto/rand_extra/fork_detect.cc index 99be497a..af1e6077 100644 --- a/Sources/CCryptoBoringSSL/crypto/rand_extra/fork_detect.c +++ b/Sources/CCryptoBoringSSL/crypto/rand_extra/fork_detect.cc @@ -19,20 +19,20 @@ #include "../bcm_support.h" #if defined(OPENSSL_FORK_DETECTION_MADVISE) -#include -#include #include +#include #include +#include #if defined(MADV_WIPEONFORK) static_assert(MADV_WIPEONFORK == 18, "MADV_WIPEONFORK is not 18"); #else #define MADV_WIPEONFORK 18 #endif #elif defined(OPENSSL_FORK_DETECTION_PTHREAD_ATFORK) -#include -#include #include -#endif // OPENSSL_FORK_DETECTION_MADVISE +#include +#include +#endif // OPENSSL_FORK_DETECTION_PTHREAD_ATFORK #include "../internal.h" @@ -41,7 +41,7 @@ static int g_force_madv_wipeonfork; static int g_force_madv_wipeonfork_enabled; static CRYPTO_once_t g_fork_detect_once = CRYPTO_ONCE_INIT; static CRYPTO_MUTEX g_fork_detect_lock = CRYPTO_MUTEX_INIT; -static CRYPTO_atomic_u32 * g_fork_detect_addr; +static CRYPTO_atomic_u32 *g_fork_detect_addr; static uint64_t g_fork_generation; static void init_fork_detect(void) { @@ -71,10 +71,10 @@ static void init_fork_detect(void) { return; } - CRYPTO_atomic_store_u32(addr, 1); - g_fork_detect_addr = addr; + CRYPTO_atomic_u32 *const atomic = reinterpret_cast(addr); + CRYPTO_atomic_store_u32(atomic, 1); + g_fork_detect_addr = atomic; g_fork_generation = 1; - } uint64_t CRYPTO_get_fork_generation(void) { @@ -95,8 +95,7 @@ uint64_t CRYPTO_get_fork_generation(void) { if (flag_ptr == NULL) { // Our kernel is too old to support |MADV_WIPEONFORK| or // |g_force_madv_wipeonfork| is set. - if (g_force_madv_wipeonfork && - g_force_madv_wipeonfork_enabled) { + if (g_force_madv_wipeonfork && g_force_madv_wipeonfork_enabled) { // A constant generation number to simulate support, even if the kernel // doesn't support it. return 42; diff --git a/Sources/CCryptoBoringSSL/crypto/rand_extra/forkunsafe.c b/Sources/CCryptoBoringSSL/crypto/rand_extra/forkunsafe.cc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/rand_extra/forkunsafe.c rename to Sources/CCryptoBoringSSL/crypto/rand_extra/forkunsafe.cc index cef8a1db..ad69a428 100644 --- a/Sources/CCryptoBoringSSL/crypto/rand_extra/forkunsafe.c +++ b/Sources/CCryptoBoringSSL/crypto/rand_extra/forkunsafe.cc @@ -22,7 +22,7 @@ // g_buffering_enabled is one if fork-unsafe buffering has been enabled and zero // otherwise. -static CRYPTO_atomic_u32 g_buffering_enabled = 0; +static CRYPTO_atomic_u32 g_buffering_enabled; #if !defined(OPENSSL_WINDOWS) void RAND_enable_fork_unsafe_buffering(int fd) { diff --git a/Sources/CCryptoBoringSSL/crypto/rand_extra/getentropy.c b/Sources/CCryptoBoringSSL/crypto/rand_extra/getentropy.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/rand_extra/getentropy.c rename to Sources/CCryptoBoringSSL/crypto/rand_extra/getentropy.cc diff --git a/Sources/CCryptoBoringSSL/crypto/rand_extra/ios.c b/Sources/CCryptoBoringSSL/crypto/rand_extra/ios.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/rand_extra/ios.c rename to Sources/CCryptoBoringSSL/crypto/rand_extra/ios.cc diff --git a/Sources/CCryptoBoringSSL/crypto/rand_extra/passive.c b/Sources/CCryptoBoringSSL/crypto/rand_extra/passive.cc similarity index 86% rename from Sources/CCryptoBoringSSL/crypto/rand_extra/passive.c rename to Sources/CCryptoBoringSSL/crypto/rand_extra/passive.cc index e693ba1a..65d01079 100644 --- a/Sources/CCryptoBoringSSL/crypto/rand_extra/passive.c +++ b/Sources/CCryptoBoringSSL/crypto/rand_extra/passive.cc @@ -14,12 +14,14 @@ #include -#include "../fipsmodule/bcm_interface.h" #include "../bcm_support.h" +#include "../fipsmodule/bcm_interface.h" #include "../internal.h" #if defined(BORINGSSL_FIPS) +#include + // passive_get_seed_entropy writes |out_entropy_len| bytes of entropy, suitable // for seeding a DRBG, to |out_entropy|. It sets |*out_used_cpu| to one if the // entropy came directly from the CPU and zero if it came from the OS. It @@ -41,7 +43,6 @@ static void passive_get_seed_entropy(uint8_t *out_entropy, #if defined(OPENSSL_ANDROID) #include -#include #include #include #include @@ -52,7 +53,7 @@ static void passive_get_seed_entropy(uint8_t *out_entropy, // sticky so if the first attempt to read from the daemon fails it's assumed // that the daemon is not present and no more attempts will be made. If the // first attempt is successful then attempts will be made forever more. -enum socket_history_t { +enum class socket_history_t { // initial value, no connections to the entropy daemon have been made yet. socket_not_yet_attempted = 0, // reading from the entropy daemon was successful @@ -61,8 +62,8 @@ enum socket_history_t { socket_failed, }; -static _Atomic enum socket_history_t g_socket_history = - socket_not_yet_attempted; +static std::atomic g_socket_history{ + socket_history_t::socket_not_yet_attempted}; // DAEMON_RESPONSE_LEN is the number of bytes that the entropy daemon replies // with. @@ -78,31 +79,31 @@ static int get_seed_from_daemon(uint8_t *out_entropy, size_t out_entropy_len) { abort(); } - const enum socket_history_t socket_history = atomic_load(&g_socket_history); - if (socket_history == socket_failed) { + const socket_history_t socket_history = + g_socket_history.load(std::memory_order_acquire); + if (socket_history == socket_history_t::socket_failed) { return 0; } int ret = 0; + static const char kSocketPath[] = "/dev/socket/prng_seeder"; + struct sockaddr_un sun; + uint8_t buffer[DAEMON_RESPONSE_LEN]; + size_t done = 0; const int sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock < 0) { goto out; } - struct sockaddr_un sun; memset(&sun, 0, sizeof(sun)); sun.sun_family = AF_UNIX; - static const char kSocketPath[] = "/dev/socket/prng_seeder"; - static_assert(sizeof(kSocketPath) <= UNIX_PATH_MAX, - "kSocketPath too long"); + static_assert(sizeof(kSocketPath) <= UNIX_PATH_MAX, "kSocketPath too long"); OPENSSL_memcpy(sun.sun_path, kSocketPath, sizeof(kSocketPath)); if (connect(sock, (struct sockaddr *)&sun, sizeof(sun))) { goto out; } - uint8_t buffer[DAEMON_RESPONSE_LEN]; - size_t done = 0; while (done < sizeof(buffer)) { ssize_t n; do { @@ -126,12 +127,15 @@ static int get_seed_from_daemon(uint8_t *out_entropy, size_t out_entropy_len) { ret = 1; out: - if (socket_history == socket_not_yet_attempted) { - enum socket_history_t expected = socket_history; + if (socket_history == socket_history_t::socket_not_yet_attempted) { + socket_history_t expected = socket_history_t::socket_not_yet_attempted; // If another thread has already updated |g_socket_history| then we defer // to their value. - atomic_compare_exchange_strong(&g_socket_history, &expected, - (ret == 0) ? socket_failed : socket_success); + g_socket_history.compare_exchange_strong( + expected, + (ret == 0) ? socket_history_t::socket_failed + : socket_history_t::socket_success, + std::memory_order_release, std::memory_order_relaxed); } close(sock); diff --git a/Sources/CCryptoBoringSSL/crypto/rand_extra/rand_extra.c b/Sources/CCryptoBoringSSL/crypto/rand_extra/rand_extra.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/rand_extra/rand_extra.c rename to Sources/CCryptoBoringSSL/crypto/rand_extra/rand_extra.cc diff --git a/Sources/CCryptoBoringSSL/crypto/rand_extra/trusty.c b/Sources/CCryptoBoringSSL/crypto/rand_extra/trusty.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/rand_extra/trusty.c rename to Sources/CCryptoBoringSSL/crypto/rand_extra/trusty.cc diff --git a/Sources/CCryptoBoringSSL/crypto/rand_extra/urandom.c b/Sources/CCryptoBoringSSL/crypto/rand_extra/urandom.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/rand_extra/urandom.c rename to Sources/CCryptoBoringSSL/crypto/rand_extra/urandom.cc index eabb7e8d..75863de6 100644 --- a/Sources/CCryptoBoringSSL/crypto/rand_extra/urandom.c +++ b/Sources/CCryptoBoringSSL/crypto/rand_extra/urandom.cc @@ -59,17 +59,19 @@ #endif #endif // OPENSSL_LINUX -#include #include +#include -#include "getrandom_fillin.h" #include "../internal.h" +#include "getrandom_fillin.h" #if defined(USE_NR_getrandom) #if defined(OPENSSL_MSAN) +extern "C" { void __msan_unpoison(void *, size_t); +} #endif static ssize_t boringssl_getrandom(void *buf, size_t buf_len, unsigned flags) { @@ -254,7 +256,7 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) { } #endif -#if defined (USE_NR_getrandom) +#if defined(USE_NR_getrandom) if (seed) { getrandom_flags |= extra_getrandom_flags_for_seed; } @@ -294,9 +296,7 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) { return 1; } -void CRYPTO_init_sysrand(void) { - CRYPTO_once(&rand_once, init_once); -} +void CRYPTO_init_sysrand(void) { CRYPTO_once(&rand_once, init_once); } // CRYPTO_sysrand puts |requested| random bytes into |out|. void CRYPTO_sysrand(uint8_t *out, size_t requested) { diff --git a/Sources/CCryptoBoringSSL/crypto/rand_extra/windows.c b/Sources/CCryptoBoringSSL/crypto/rand_extra/windows.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/rand_extra/windows.c rename to Sources/CCryptoBoringSSL/crypto/rand_extra/windows.cc diff --git a/Sources/CCryptoBoringSSL/crypto/rc4/rc4.c b/Sources/CCryptoBoringSSL/crypto/rc4/rc4.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/rc4/rc4.c rename to Sources/CCryptoBoringSSL/crypto/rc4/rc4.cc diff --git a/Sources/CCryptoBoringSSL/crypto/refcount.c b/Sources/CCryptoBoringSSL/crypto/refcount.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/refcount.c rename to Sources/CCryptoBoringSSL/crypto/refcount.cc diff --git a/Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_asn1.c b/Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_asn1.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_asn1.c rename to Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_asn1.cc diff --git a/Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_crypt.c b/Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_crypt.cc similarity index 84% rename from Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_crypt.c rename to Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_crypt.cc index cbb25013..f6a8637b 100644 --- a/Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_crypt.c +++ b/Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_crypt.cc @@ -58,12 +58,12 @@ #include -#include -#include #include -#include -#include +#include #include +#include +#include +#include #include "../fipsmodule/bn/internal.h" #include "../fipsmodule/rsa/internal.h" @@ -128,7 +128,7 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(uint8_t *to, size_t to_len, goto out; } - dbmask = OPENSSL_malloc(emlen - mdlen); + dbmask = reinterpret_cast(OPENSSL_malloc(emlen - mdlen)); if (dbmask == NULL) { goto out; } @@ -161,92 +161,95 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *out, size_t *out_len, const EVP_MD *mgf1md) { uint8_t *db = NULL; - if (md == NULL) { - md = EVP_sha1(); - } - if (mgf1md == NULL) { - mgf1md = md; - } + { + if (md == NULL) { + md = EVP_sha1(); + } + if (mgf1md == NULL) { + mgf1md = md; + } - size_t mdlen = EVP_MD_size(md); + size_t mdlen = EVP_MD_size(md); - // The encoded message is one byte smaller than the modulus to ensure that it - // doesn't end up greater than the modulus. Thus there's an extra "+1" here - // compared to https://tools.ietf.org/html/rfc2437#section-9.1.1.2. - if (from_len < 1 + 2 * mdlen + 1) { - // 'from_len' is the length of the modulus, i.e. does not depend on the - // particular ciphertext. - goto decoding_err; - } + // The encoded message is one byte smaller than the modulus to ensure that + // it doesn't end up greater than the modulus. Thus there's an extra "+1" + // here compared to https://tools.ietf.org/html/rfc2437#section-9.1.1.2. + if (from_len < 1 + 2 * mdlen + 1) { + // 'from_len' is the length of the modulus, i.e. does not depend on the + // particular ciphertext. + goto decoding_err; + } - size_t dblen = from_len - mdlen - 1; - db = OPENSSL_malloc(dblen); - if (db == NULL) { - goto err; - } + size_t dblen = from_len - mdlen - 1; + db = reinterpret_cast(OPENSSL_malloc(dblen)); + if (db == NULL) { + goto err; + } - const uint8_t *maskedseed = from + 1; - const uint8_t *maskeddb = from + 1 + mdlen; + const uint8_t *maskedseed = from + 1; + const uint8_t *maskeddb = from + 1 + mdlen; - uint8_t seed[EVP_MAX_MD_SIZE]; - if (!PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) { - goto err; - } - for (size_t i = 0; i < mdlen; i++) { - seed[i] ^= maskedseed[i]; - } + uint8_t seed[EVP_MAX_MD_SIZE]; + if (!PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) { + goto err; + } + for (size_t i = 0; i < mdlen; i++) { + seed[i] ^= maskedseed[i]; + } - if (!PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md)) { - goto err; - } - for (size_t i = 0; i < dblen; i++) { - db[i] ^= maskeddb[i]; - } + if (!PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md)) { + goto err; + } + for (size_t i = 0; i < dblen; i++) { + db[i] ^= maskeddb[i]; + } - uint8_t phash[EVP_MAX_MD_SIZE]; - if (!EVP_Digest(param, param_len, phash, NULL, md, NULL)) { - goto err; - } + uint8_t phash[EVP_MAX_MD_SIZE]; + if (!EVP_Digest(param, param_len, phash, NULL, md, NULL)) { + goto err; + } - crypto_word_t bad = ~constant_time_is_zero_w(CRYPTO_memcmp(db, phash, mdlen)); - bad |= ~constant_time_is_zero_w(from[0]); + crypto_word_t bad = + ~constant_time_is_zero_w(CRYPTO_memcmp(db, phash, mdlen)); + bad |= ~constant_time_is_zero_w(from[0]); + + crypto_word_t looking_for_one_byte = CONSTTIME_TRUE_W; + size_t one_index = 0; + for (size_t i = mdlen; i < dblen; i++) { + crypto_word_t equals1 = constant_time_eq_w(db[i], 1); + crypto_word_t equals0 = constant_time_eq_w(db[i], 0); + one_index = + constant_time_select_w(looking_for_one_byte & equals1, i, one_index); + looking_for_one_byte = + constant_time_select_w(equals1, 0, looking_for_one_byte); + bad |= looking_for_one_byte & ~equals0; + } - crypto_word_t looking_for_one_byte = CONSTTIME_TRUE_W; - size_t one_index = 0; - for (size_t i = mdlen; i < dblen; i++) { - crypto_word_t equals1 = constant_time_eq_w(db[i], 1); - crypto_word_t equals0 = constant_time_eq_w(db[i], 0); - one_index = - constant_time_select_w(looking_for_one_byte & equals1, i, one_index); - looking_for_one_byte = - constant_time_select_w(equals1, 0, looking_for_one_byte); - bad |= looking_for_one_byte & ~equals0; - } + bad |= looking_for_one_byte; - bad |= looking_for_one_byte; + // Whether the overall padding was valid or not in OAEP is public. + if (constant_time_declassify_w(bad)) { + goto decoding_err; + } - // Whether the overall padding was valid or not in OAEP is public. - if (constant_time_declassify_w(bad)) { - goto decoding_err; - } + // Once the padding is known to be valid, the output length is also public. + static_assert(sizeof(size_t) <= sizeof(crypto_word_t), + "size_t does not fit in crypto_word_t"); + one_index = constant_time_declassify_w(one_index); - // Once the padding is known to be valid, the output length is also public. - static_assert(sizeof(size_t) <= sizeof(crypto_word_t), - "size_t does not fit in crypto_word_t"); - one_index = constant_time_declassify_w(one_index); + one_index++; + size_t mlen = dblen - one_index; + if (max_out < mlen) { + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE); + goto err; + } - one_index++; - size_t mlen = dblen - one_index; - if (max_out < mlen) { - OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE); - goto err; + OPENSSL_memcpy(out, db + one_index, mlen); + *out_len = mlen; + OPENSSL_free(db); + return 1; } - OPENSSL_memcpy(out, db + one_index, mlen); - *out_len = mlen; - OPENSSL_free(db); - return 1; - decoding_err: // To avoid chosen ciphertext attacks, the error message should not reveal // which kind of decoding error happened. @@ -406,7 +409,7 @@ int RSA_encrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, BN_CTX_start(ctx); f = BN_CTX_get(ctx); result = BN_CTX_get(ctx); - buf = OPENSSL_malloc(rsa_size); + buf = reinterpret_cast(OPENSSL_malloc(rsa_size)); if (!f || !result || !buf) { goto err; } @@ -483,7 +486,7 @@ static int rsa_default_decrypt(RSA *rsa, size_t *out_len, uint8_t *out, buf = out; } else { // Allocate a temporary buffer to hold the padded plaintext. - buf = OPENSSL_malloc(rsa_size); + buf = reinterpret_cast(OPENSSL_malloc(rsa_size)); if (buf == NULL) { goto err; } diff --git a/Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_extra.c b/Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_extra.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_extra.c rename to Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_extra.cc diff --git a/Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_print.c b/Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_print.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_print.c rename to Sources/CCryptoBoringSSL/crypto/rsa_extra/rsa_print.cc diff --git a/Sources/CCryptoBoringSSL/crypto/sha/sha1.c b/Sources/CCryptoBoringSSL/crypto/sha/sha1.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/sha/sha1.c rename to Sources/CCryptoBoringSSL/crypto/sha/sha1.cc diff --git a/Sources/CCryptoBoringSSL/crypto/sha/sha256.c b/Sources/CCryptoBoringSSL/crypto/sha/sha256.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/sha/sha256.c rename to Sources/CCryptoBoringSSL/crypto/sha/sha256.cc diff --git a/Sources/CCryptoBoringSSL/crypto/sha/sha512.c b/Sources/CCryptoBoringSSL/crypto/sha/sha512.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/sha/sha512.c rename to Sources/CCryptoBoringSSL/crypto/sha/sha512.cc diff --git a/Sources/CCryptoBoringSSL/crypto/siphash/siphash.c b/Sources/CCryptoBoringSSL/crypto/siphash/siphash.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/siphash/siphash.c rename to Sources/CCryptoBoringSSL/crypto/siphash/siphash.cc diff --git a/Sources/CCryptoBoringSSL/crypto/slhdsa/fors.c b/Sources/CCryptoBoringSSL/crypto/slhdsa/fors.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/slhdsa/fors.c rename to Sources/CCryptoBoringSSL/crypto/slhdsa/fors.cc diff --git a/Sources/CCryptoBoringSSL/crypto/slhdsa/merkle.c b/Sources/CCryptoBoringSSL/crypto/slhdsa/merkle.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/slhdsa/merkle.c rename to Sources/CCryptoBoringSSL/crypto/slhdsa/merkle.cc diff --git a/Sources/CCryptoBoringSSL/crypto/slhdsa/slhdsa.c b/Sources/CCryptoBoringSSL/crypto/slhdsa/slhdsa.cc similarity index 68% rename from Sources/CCryptoBoringSSL/crypto/slhdsa/slhdsa.c rename to Sources/CCryptoBoringSSL/crypto/slhdsa/slhdsa.cc index 4a076cfd..c9347724 100644 --- a/Sources/CCryptoBoringSSL/crypto/slhdsa/slhdsa.c +++ b/Sources/CCryptoBoringSSL/crypto/slhdsa/slhdsa.cc @@ -16,6 +16,8 @@ #include +#include +#include #include #include "../internal.h" @@ -27,6 +29,12 @@ #include "thash.h" +// The OBJECT IDENTIFIER header is also included in these values, per the spec. +static const uint8_t kSHA384OID[] = {0x06, 0x09, 0x60, 0x86, 0x48, 0x01, + 0x65, 0x03, 0x04, 0x02, 0x02}; +#define MAX_OID_LENGTH 11 +#define MAX_CONTEXT_LENGTH 255 + void SLHDSA_SHA2_128S_generate_key_from_seed( uint8_t out_public_key[SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES], uint8_t out_secret_key[SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES], @@ -129,7 +137,7 @@ int SLHDSA_SHA2_128S_sign( const uint8_t private_key[SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES], const uint8_t *msg, size_t msg_len, const uint8_t *context, size_t context_len) { - if (context_len > 255) { + if (context_len > MAX_CONTEXT_LENGTH) { return 0; } @@ -145,13 +153,80 @@ int SLHDSA_SHA2_128S_sign( return 1; } +static int slhdsa_get_nonstandard_context_and_oid( + uint8_t *out_context_and_oid, size_t *out_context_and_oid_len, + size_t max_out_context_and_oid, const uint8_t *context, size_t context_len, + int hash_nid, size_t hashed_msg_len) { + const uint8_t *oid; + size_t oid_len; + size_t expected_hash_len; + switch (hash_nid) { + // The SLH-DSA spec only lists SHA-256 and SHA-512. This function supports + // SHA-384, which is non-standard. + case NID_sha384: + oid = kSHA384OID; + oid_len = sizeof(kSHA384OID); + static_assert(sizeof(kSHA384OID) <= MAX_OID_LENGTH, ""); + expected_hash_len = 48; + break; + // If adding a hash function with a larger `oid_len`, update the size of + // `context_and_oid` in the callers. + default: + return 0; + } + + if (hashed_msg_len != expected_hash_len) { + return 0; + } + + *out_context_and_oid_len = context_len + oid_len; + if (*out_context_and_oid_len > max_out_context_and_oid) { + return 0; + } + + OPENSSL_memcpy(out_context_and_oid, context, context_len); + OPENSSL_memcpy(out_context_and_oid + context_len, oid, oid_len); + + return 1; +} + + +int SLHDSA_SHA2_128S_prehash_warning_nonstandard_sign( + uint8_t out_signature[SLHDSA_SHA2_128S_SIGNATURE_BYTES], + const uint8_t private_key[SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES], + const uint8_t *hashed_msg, size_t hashed_msg_len, int hash_nid, + const uint8_t *context, size_t context_len) { + if (context_len > MAX_CONTEXT_LENGTH) { + return 0; + } + + uint8_t M_prime_header[2]; + M_prime_header[0] = 1; // domain separator for prehashed signing + M_prime_header[1] = (uint8_t)context_len; + + uint8_t context_and_oid[MAX_CONTEXT_LENGTH + MAX_OID_LENGTH]; + size_t context_and_oid_len; + if (!slhdsa_get_nonstandard_context_and_oid( + context_and_oid, &context_and_oid_len, sizeof(context_and_oid), + context, context_len, hash_nid, hashed_msg_len)) { + return 0; + } + + uint8_t entropy[SLHDSA_SHA2_128S_N]; + RAND_bytes(entropy, sizeof(entropy)); + SLHDSA_SHA2_128S_sign_internal(out_signature, private_key, M_prime_header, + context_and_oid, context_and_oid_len, + hashed_msg, hashed_msg_len, entropy); + return 1; +} + // Implements Algorithm 24: slh_verify function (Section 10.3, page 41) int SLHDSA_SHA2_128S_verify( const uint8_t *signature, size_t signature_len, const uint8_t public_key[SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES], const uint8_t *msg, size_t msg_len, const uint8_t *context, size_t context_len) { - if (context_len > 255) { + if (context_len > MAX_CONTEXT_LENGTH) { return 0; } @@ -165,6 +240,32 @@ int SLHDSA_SHA2_128S_verify( msg, msg_len); } +int SLHDSA_SHA2_128S_prehash_warning_nonstandard_verify( + const uint8_t *signature, size_t signature_len, + const uint8_t public_key[SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES], + const uint8_t *hashed_msg, size_t hashed_msg_len, int hash_nid, + const uint8_t *context, size_t context_len) { + if (context_len > MAX_CONTEXT_LENGTH) { + return 0; + } + + uint8_t M_prime_header[2]; + M_prime_header[0] = 1; // domain separator for prehashed verification + M_prime_header[1] = (uint8_t)context_len; + + uint8_t context_and_oid[MAX_CONTEXT_LENGTH + MAX_OID_LENGTH]; + size_t context_and_oid_len; + if (!slhdsa_get_nonstandard_context_and_oid( + context_and_oid, &context_and_oid_len, sizeof(context_and_oid), + context, context_len, hash_nid, hashed_msg_len)) { + return 0; + } + + return SLHDSA_SHA2_128S_verify_internal( + signature, signature_len, public_key, M_prime_header, context_and_oid, + context_and_oid_len, hashed_msg, hashed_msg_len); +} + int SLHDSA_SHA2_128S_verify_internal( const uint8_t *signature, size_t signature_len, const uint8_t public_key[SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES], diff --git a/Sources/CCryptoBoringSSL/crypto/slhdsa/thash.c b/Sources/CCryptoBoringSSL/crypto/slhdsa/thash.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/slhdsa/thash.c rename to Sources/CCryptoBoringSSL/crypto/slhdsa/thash.cc diff --git a/Sources/CCryptoBoringSSL/crypto/slhdsa/wots.c b/Sources/CCryptoBoringSSL/crypto/slhdsa/wots.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/slhdsa/wots.c rename to Sources/CCryptoBoringSSL/crypto/slhdsa/wots.cc diff --git a/Sources/CCryptoBoringSSL/crypto/spx/spx.c b/Sources/CCryptoBoringSSL/crypto/spx/spx.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/spx/spx.c rename to Sources/CCryptoBoringSSL/crypto/spx/spx.cc diff --git a/Sources/CCryptoBoringSSL/crypto/spx/spx_address.c b/Sources/CCryptoBoringSSL/crypto/spx/spx_address.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/spx/spx_address.c rename to Sources/CCryptoBoringSSL/crypto/spx/spx_address.cc diff --git a/Sources/CCryptoBoringSSL/crypto/spx/spx_fors.c b/Sources/CCryptoBoringSSL/crypto/spx/spx_fors.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/spx/spx_fors.c rename to Sources/CCryptoBoringSSL/crypto/spx/spx_fors.cc diff --git a/Sources/CCryptoBoringSSL/crypto/spx/spx_merkle.c b/Sources/CCryptoBoringSSL/crypto/spx/spx_merkle.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/spx/spx_merkle.c rename to Sources/CCryptoBoringSSL/crypto/spx/spx_merkle.cc diff --git a/Sources/CCryptoBoringSSL/crypto/spx/spx_thash.c b/Sources/CCryptoBoringSSL/crypto/spx/spx_thash.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/spx/spx_thash.c rename to Sources/CCryptoBoringSSL/crypto/spx/spx_thash.cc diff --git a/Sources/CCryptoBoringSSL/crypto/spx/spx_util.c b/Sources/CCryptoBoringSSL/crypto/spx/spx_util.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/spx/spx_util.c rename to Sources/CCryptoBoringSSL/crypto/spx/spx_util.cc diff --git a/Sources/CCryptoBoringSSL/crypto/spx/spx_wots.c b/Sources/CCryptoBoringSSL/crypto/spx/spx_wots.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/spx/spx_wots.c rename to Sources/CCryptoBoringSSL/crypto/spx/spx_wots.cc diff --git a/Sources/CCryptoBoringSSL/crypto/stack/stack.c b/Sources/CCryptoBoringSSL/crypto/stack/stack.cc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/stack/stack.c rename to Sources/CCryptoBoringSSL/crypto/stack/stack.cc index b5b67fef..085dac45 100644 --- a/Sources/CCryptoBoringSSL/crypto/stack/stack.c +++ b/Sources/CCryptoBoringSSL/crypto/stack/stack.cc @@ -84,12 +84,14 @@ struct stack_st { static const size_t kMinSize = 4; OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_cmp_func comp) { - OPENSSL_STACK *ret = OPENSSL_zalloc(sizeof(OPENSSL_STACK)); + OPENSSL_STACK *ret = + reinterpret_cast(OPENSSL_zalloc(sizeof(OPENSSL_STACK))); if (ret == NULL) { return NULL; } - ret->data = OPENSSL_calloc(kMinSize, sizeof(void *)); + ret->data = + reinterpret_cast(OPENSSL_calloc(kMinSize, sizeof(void *))); if (ret->data == NULL) { goto err; } @@ -117,7 +119,7 @@ void OPENSSL_sk_zero(OPENSSL_STACK *sk) { if (sk == NULL || sk->num == 0) { return; } - OPENSSL_memset(sk->data, 0, sizeof(void*) * sk->num); + OPENSSL_memset(sk->data, 0, sizeof(void *) * sk->num); sk->num = 0; sk->sorted = 0; } @@ -197,7 +199,7 @@ size_t OPENSSL_sk_insert(OPENSSL_STACK *sk, void *p, size_t where) { return 0; } - data = OPENSSL_realloc(sk->data, alloc_size); + data = reinterpret_cast(OPENSSL_realloc(sk->data, alloc_size)); if (data == NULL) { return 0; } @@ -367,12 +369,14 @@ OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk) { return NULL; } - OPENSSL_STACK *ret = OPENSSL_zalloc(sizeof(OPENSSL_STACK)); + OPENSSL_STACK *ret = + reinterpret_cast(OPENSSL_zalloc(sizeof(OPENSSL_STACK))); if (ret == NULL) { return NULL; } - ret->data = OPENSSL_memdup(sk->data, sizeof(void *) * sk->num_alloc); + ret->data = reinterpret_cast( + OPENSSL_memdup(sk->data, sizeof(void *) * sk->num_alloc)); if (ret->data == NULL) { goto err; } diff --git a/Sources/CCryptoBoringSSL/crypto/thread.c b/Sources/CCryptoBoringSSL/crypto/thread.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/thread.c rename to Sources/CCryptoBoringSSL/crypto/thread.cc diff --git a/Sources/CCryptoBoringSSL/crypto/thread_none.c b/Sources/CCryptoBoringSSL/crypto/thread_none.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/thread_none.c rename to Sources/CCryptoBoringSSL/crypto/thread_none.cc diff --git a/Sources/CCryptoBoringSSL/crypto/thread_pthread.c b/Sources/CCryptoBoringSSL/crypto/thread_pthread.cc similarity index 90% rename from Sources/CCryptoBoringSSL/crypto/thread_pthread.c rename to Sources/CCryptoBoringSSL/crypto/thread_pthread.cc index a40fbc00..e4c88838 100644 --- a/Sources/CCryptoBoringSSL/crypto/thread_pthread.c +++ b/Sources/CCryptoBoringSSL/crypto/thread_pthread.cc @@ -53,9 +53,7 @@ void CRYPTO_MUTEX_unlock_write(CRYPTO_MUTEX *lock) { } } -void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock) { - pthread_rwlock_destroy(lock); -} +void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock) { pthread_rwlock_destroy(lock); } void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void)) { if (pthread_once(once, init) != 0) { @@ -81,7 +79,7 @@ static void thread_local_destructor(void *arg) { pthread_mutex_unlock(&g_destructors_lock); unsigned i; - void **pointers = arg; + void **pointers = reinterpret_cast(arg); for (i = 0; i < NUM_OPENSSL_THREAD_LOCALS; i++) { if (destructors[i] != NULL) { destructors[i](pointers[i]); @@ -106,7 +104,8 @@ void *CRYPTO_get_thread_local(thread_local_data_t index) { return NULL; } - void **pointers = pthread_getspecific(g_thread_local_key); + void **pointers = + reinterpret_cast(pthread_getspecific(g_thread_local_key)); if (pointers == NULL) { return NULL; } @@ -121,9 +120,11 @@ int CRYPTO_set_thread_local(thread_local_data_t index, void *value, return 0; } - void **pointers = pthread_getspecific(g_thread_local_key); + void **pointers = + reinterpret_cast(pthread_getspecific(g_thread_local_key)); if (pointers == NULL) { - pointers = malloc(sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS); + pointers = reinterpret_cast( + malloc(sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS)); if (pointers == NULL) { destructor(value); return 0; diff --git a/Sources/CCryptoBoringSSL/crypto/thread_win.c b/Sources/CCryptoBoringSSL/crypto/thread_win.cc similarity index 89% rename from Sources/CCryptoBoringSSL/crypto/thread_win.c rename to Sources/CCryptoBoringSSL/crypto/thread_win.cc index 6daa8144..c0d794f7 100644 --- a/Sources/CCryptoBoringSSL/crypto/thread_win.c +++ b/Sources/CCryptoBoringSSL/crypto/thread_win.cc @@ -38,13 +38,9 @@ void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void)) { } } -void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock) { - InitializeSRWLock(lock); -} +void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock) { InitializeSRWLock(lock); } -void CRYPTO_MUTEX_lock_read(CRYPTO_MUTEX *lock) { - AcquireSRWLockShared(lock); -} +void CRYPTO_MUTEX_lock_read(CRYPTO_MUTEX *lock) { AcquireSRWLockShared(lock); } void CRYPTO_MUTEX_lock_write(CRYPTO_MUTEX *lock) { AcquireSRWLockExclusive(lock); @@ -90,7 +86,7 @@ static void NTAPI thread_local_destructor(PVOID module, DWORD reason, return; } - void **pointers = (void**) TlsGetValue(g_thread_local_key); + void **pointers = (void **)TlsGetValue(g_thread_local_key); if (pointers == NULL) { return; } @@ -126,12 +122,10 @@ static void NTAPI thread_local_destructor(PVOID module, DWORD reason, #define STRINGIFY(x) #x #define EXPAND_AND_STRINGIFY(x) STRINGIFY(x) #ifdef _WIN64 -__pragma(comment(linker, "/INCLUDE:_tls_used")) -__pragma(comment( +__pragma(comment(linker, "/INCLUDE:_tls_used")) __pragma(comment( linker, "/INCLUDE:" EXPAND_AND_STRINGIFY(p_thread_callback_boringssl))) #else -__pragma(comment(linker, "/INCLUDE:__tls_used")) -__pragma(comment( +__pragma(comment(linker, "/INCLUDE:__tls_used")) __pragma(comment( linker, "/INCLUDE:_" EXPAND_AND_STRINGIFY(p_thread_callback_boringssl))) #endif @@ -155,9 +149,13 @@ __pragma(comment( // .CRT section is merged with .rdata on x64 so it must be constant data. #pragma const_seg(".CRT$XLC") -// When defining a const variable, it must have external linkage to be sure the -// linker doesn't discard it. -extern const PIMAGE_TLS_CALLBACK p_thread_callback_boringssl; + // clang-format off + // When defining a const variable, it must have external linkage to be sure + // the linker doesn't discard it. +extern "C" { + extern const PIMAGE_TLS_CALLBACK p_thread_callback_boringssl; +} +// clang-format on const PIMAGE_TLS_CALLBACK p_thread_callback_boringssl = thread_local_destructor; // Reset the default section. #pragma const_seg() @@ -165,6 +163,11 @@ const PIMAGE_TLS_CALLBACK p_thread_callback_boringssl = thread_local_destructor; #else #pragma data_seg(".CRT$XLC") + // clang-format off +extern "C" { + extern PIMAGE_TLS_CALLBACK p_thread_callback_boringssl; +} +// clang-format on PIMAGE_TLS_CALLBACK p_thread_callback_boringssl = thread_local_destructor; // Reset the default section. #pragma data_seg() @@ -184,7 +187,7 @@ static void **get_thread_locals(void) { // // https://msdn.microsoft.com/en-us/library/windows/desktop/ms686812(v=vs.85).aspx DWORD last_error = GetLastError(); - void **ret = TlsGetValue(g_thread_local_key); + void **ret = reinterpret_cast(TlsGetValue(g_thread_local_key)); SetLastError(last_error); return ret; } @@ -212,7 +215,8 @@ int CRYPTO_set_thread_local(thread_local_data_t index, void *value, void **pointers = get_thread_locals(); if (pointers == NULL) { - pointers = malloc(sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS); + pointers = reinterpret_cast( + malloc(sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS)); if (pointers == NULL) { destructor(value); return 0; diff --git a/Sources/CCryptoBoringSSL/crypto/trust_token/pmbtoken.c b/Sources/CCryptoBoringSSL/crypto/trust_token/pmbtoken.cc similarity index 88% rename from Sources/CCryptoBoringSSL/crypto/trust_token/pmbtoken.c rename to Sources/CCryptoBoringSSL/crypto/trust_token/pmbtoken.cc index 885987fa..8f5c5349 100644 --- a/Sources/CCryptoBoringSSL/crypto/trust_token/pmbtoken.c +++ b/Sources/CCryptoBoringSSL/crypto/trust_token/pmbtoken.cc @@ -134,13 +134,11 @@ static int cbb_add_prefixed_point(CBB *out, const EC_GROUP *group, if (prefix_point) { CBB child; if (!CBB_add_u16_length_prefixed(out, &child) || - !point_to_cbb(&child, group, point) || - !CBB_flush(out)) { + !point_to_cbb(&child, group, point) || !CBB_flush(out)) { return 0; } } else { - if (!point_to_cbb(out, group, point) || - !CBB_flush(out)) { + if (!point_to_cbb(out, group, point) || !CBB_flush(out)) { return 0; } } @@ -186,10 +184,10 @@ static int pmbtoken_compute_keys(const PMBTOKEN_METHOD *method, const EC_SCALAR *xs, const EC_SCALAR *ys) { const EC_GROUP *group = method->group; EC_JACOBIAN pub[3]; - if (!ec_point_mul_scalar_precomp(group, &pub[0], &method->g_precomp, - x0, &method->h_precomp, y0, NULL, NULL) || - !ec_point_mul_scalar_precomp(group, &pub[1], &method->g_precomp, - x1, &method->h_precomp, y1, NULL, NULL) || + if (!ec_point_mul_scalar_precomp(group, &pub[0], &method->g_precomp, x0, + &method->h_precomp, y0, NULL, NULL) || + !ec_point_mul_scalar_precomp(group, &pub[1], &method->g_precomp, x1, + &method->h_precomp, y1, NULL, NULL) || !ec_point_mul_scalar_precomp(method->group, &pub[2], &method->g_precomp, xs, &method->h_precomp, ys, NULL, NULL)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_KEYGEN_FAILURE); @@ -326,14 +324,16 @@ static STACK_OF(TRUST_TOKEN_PRETOKEN) *pmbtoken_blind( SHA512_CTX hash_ctx; const EC_GROUP *group = method->group; - STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens = sk_TRUST_TOKEN_PRETOKEN_new_null(); + STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens = + sk_TRUST_TOKEN_PRETOKEN_new_null(); if (pretokens == NULL) { goto err; } for (size_t i = 0; i < count; i++) { // Insert |pretoken| into |pretokens| early to simplify error-handling. - TRUST_TOKEN_PRETOKEN *pretoken = OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN)); + TRUST_TOKEN_PRETOKEN *pretoken = reinterpret_cast( + OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN))); if (pretoken == NULL || !sk_TRUST_TOKEN_PRETOKEN_push(pretokens, pretoken)) { TRUST_TOKEN_PRETOKEN_free(pretoken); @@ -424,8 +424,7 @@ static int hash_c_dleq(const PMBTOKEN_METHOD *method, EC_SCALAR *out, !point_to_cbb(&cbb, method->group, S) || !point_to_cbb(&cbb, method->group, W) || !point_to_cbb(&cbb, method->group, K0) || - !point_to_cbb(&cbb, method->group, K1) || - !CBB_finish(&cbb, &buf, &len) || + !point_to_cbb(&cbb, method->group, K1) || !CBB_finish(&cbb, &buf, &len) || !method->hash_c(method->group, out, buf, len)) { goto err; } @@ -492,8 +491,7 @@ static int hash_c_batch(const PMBTOKEN_METHOD *method, EC_SCALAR *out, if (!CBB_init(&cbb, 0) || !CBB_add_bytes(&cbb, kDLEQBatchLabel, sizeof(kDLEQBatchLabel)) || !CBB_add_bytes(&cbb, CBB_data(points), CBB_len(points)) || - !CBB_add_u16(&cbb, (uint16_t)index) || - !CBB_finish(&cbb, &buf, &len) || + !CBB_add_u16(&cbb, (uint16_t)index) || !CBB_finish(&cbb, &buf, &len) || !method->hash_c(method->group, out, buf, len)) { goto err; } @@ -537,7 +535,7 @@ static int dleq_generate(const PMBTOKEN_METHOD *method, CBB *cbb, // Setup the DLEQ proof. EC_SCALAR ks0, ks1; - if (// ks0, ks1 <- Zp + if ( // ks0, ks1 <- Zp !ec_random_nonzero_scalar(group, &ks0, kDefaultAdditionalData) || !ec_random_nonzero_scalar(group, &ks1, kDefaultAdditionalData) || // Ks = ks0*(G;T) + ks1*(H;S) @@ -561,7 +559,7 @@ static int dleq_generate(const PMBTOKEN_METHOD *method, CBB *cbb, &priv->pub1_precomp); EC_SCALAR k0, k1, minus_co, uo, vo; - if (// k0, k1 <- Zp + if ( // k0, k1 <- Zp !ec_random_nonzero_scalar(group, &k0, kDefaultAdditionalData) || !ec_random_nonzero_scalar(group, &k1, kDefaultAdditionalData) || // Kb = k0*(G;T) + k1*(H;S) @@ -626,8 +624,7 @@ static int dleq_generate(const PMBTOKEN_METHOD *method, CBB *cbb, ec_scalar_add(group, &vs, &ks1, &vs); // Store DLEQ2 proof in transcript. - if (!scalar_to_cbb(cbb, group, &cs) || - !scalar_to_cbb(cbb, group, &us) || + if (!scalar_to_cbb(cbb, group, &cs) || !scalar_to_cbb(cbb, group, &us) || !scalar_to_cbb(cbb, group, &vs)) { return 0; } @@ -658,12 +655,9 @@ static int dleq_generate(const PMBTOKEN_METHOD *method, CBB *cbb, ec_scalar_select(group, &v1, mask, &vb, &vo); // Store DLEQOR2 proof in transcript. - if (!scalar_to_cbb(cbb, group, &c0) || - !scalar_to_cbb(cbb, group, &c1) || - !scalar_to_cbb(cbb, group, &u0) || - !scalar_to_cbb(cbb, group, &u1) || - !scalar_to_cbb(cbb, group, &v0) || - !scalar_to_cbb(cbb, group, &v1)) { + if (!scalar_to_cbb(cbb, group, &c0) || !scalar_to_cbb(cbb, group, &c1) || + !scalar_to_cbb(cbb, group, &u0) || !scalar_to_cbb(cbb, group, &u1) || + !scalar_to_cbb(cbb, group, &v0) || !scalar_to_cbb(cbb, group, &v1)) { return 0; } @@ -699,8 +693,7 @@ static int dleq_verify(const PMBTOKEN_METHOD *method, CBS *cbs, // Decode the DLEQ proof. EC_SCALAR cs, us, vs; - if (!scalar_from_cbs(cbs, group, &cs) || - !scalar_from_cbs(cbs, group, &us) || + if (!scalar_from_cbs(cbs, group, &cs) || !scalar_from_cbs(cbs, group, &us) || !scalar_from_cbs(cbs, group, &vs)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); return 0; @@ -720,12 +713,9 @@ static int dleq_verify(const PMBTOKEN_METHOD *method, CBS *cbs, // Decode the DLEQOR proof. EC_SCALAR c0, c1, u0, u1, v0, v1; - if (!scalar_from_cbs(cbs, group, &c0) || - !scalar_from_cbs(cbs, group, &c1) || - !scalar_from_cbs(cbs, group, &u0) || - !scalar_from_cbs(cbs, group, &u1) || - !scalar_from_cbs(cbs, group, &v0) || - !scalar_from_cbs(cbs, group, &v1)) { + if (!scalar_from_cbs(cbs, group, &c0) || !scalar_from_cbs(cbs, group, &c1) || + !scalar_from_cbs(cbs, group, &u0) || !scalar_from_cbs(cbs, group, &u1) || + !scalar_from_cbs(cbs, group, &v0) || !scalar_from_cbs(cbs, group, &v1)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); return 0; } @@ -736,7 +726,7 @@ static int dleq_verify(const PMBTOKEN_METHOD *method, CBS *cbs, EC_SCALAR minus_c0, minus_c1; ec_scalar_neg(group, &minus_c0, &c0); ec_scalar_neg(group, &minus_c1, &c1); - if (// K0 = u0*(G;T) + v0*(H;S) - c0*(pub0;W) + if ( // K0 = u0*(G;T) + v0*(H;S) - c0*(pub0;W) !mul_public_3(group, &jacobians[idx_K00], g, &u0, &method->h, &v0, &pub0, &minus_c0) || !mul_public_3(group, &jacobians[idx_K01], T, &u0, S, &v0, W, &minus_c0) || @@ -800,120 +790,124 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method, } int ret = 0; - EC_JACOBIAN *Tps = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Sps = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Wps = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Wsps = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); - EC_SCALAR *es = OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR)); + EC_JACOBIAN *Tps = reinterpret_cast( + OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Sps = reinterpret_cast( + OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Wps = reinterpret_cast( + OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Wsps = reinterpret_cast( + OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN))); + EC_SCALAR *es = reinterpret_cast( + OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR))); CBB batch_cbb; CBB_zero(&batch_cbb); - if (!Tps || - !Sps || - !Wps || - !Wsps || - !es || - !CBB_init(&batch_cbb, 0) || - !point_to_cbb(&batch_cbb, method->group, &key->pubs) || - !point_to_cbb(&batch_cbb, method->group, &key->pub0) || - !point_to_cbb(&batch_cbb, method->group, &key->pub1)) { - goto err; - } - for (size_t i = 0; i < num_to_issue; i++) { - EC_AFFINE Tp_affine; - EC_JACOBIAN Tp; - if (!cbs_get_prefixed_point(cbs, group, &Tp_affine, method->prefix_point)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + { + if (!Tps || !Sps || !Wps || !Wsps || !es || !CBB_init(&batch_cbb, 0) || + !point_to_cbb(&batch_cbb, method->group, &key->pubs) || + !point_to_cbb(&batch_cbb, method->group, &key->pub0) || + !point_to_cbb(&batch_cbb, method->group, &key->pub1)) { goto err; } - ec_affine_to_jacobian(group, &Tp, &Tp_affine); - EC_SCALAR xb, yb; - BN_ULONG mask = ((BN_ULONG)0) - (private_metadata & 1); - ec_scalar_select(group, &xb, mask, &key->x1, &key->x0); - ec_scalar_select(group, &yb, mask, &key->y1, &key->y0); + for (size_t i = 0; i < num_to_issue; i++) { + EC_AFFINE Tp_affine; + EC_JACOBIAN Tp; + if (!cbs_get_prefixed_point(cbs, group, &Tp_affine, + method->prefix_point)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + goto err; + } + ec_affine_to_jacobian(group, &Tp, &Tp_affine); + + EC_SCALAR xb, yb; + BN_ULONG mask = ((BN_ULONG)0) - (private_metadata & 1); + ec_scalar_select(group, &xb, mask, &key->x1, &key->x0); + ec_scalar_select(group, &yb, mask, &key->y1, &key->y0); + + uint8_t s[TRUST_TOKEN_NONCE_SIZE]; + RAND_bytes(s, TRUST_TOKEN_NONCE_SIZE); + // The |jacobians| and |affines| contain Sp, Wp, and Wsp. + EC_JACOBIAN jacobians[3]; + EC_AFFINE affines[3]; + if (!method->hash_s(group, &jacobians[0], &Tp_affine, s) || + !ec_point_mul_scalar_batch(group, &jacobians[1], &Tp, &xb, + &jacobians[0], &yb, NULL, NULL) || + !ec_point_mul_scalar_batch(group, &jacobians[2], &Tp, &key->xs, + &jacobians[0], &key->ys, NULL, NULL) || + !ec_jacobian_to_affine_batch(group, affines, jacobians, 3) || + !CBB_add_bytes(cbb, s, TRUST_TOKEN_NONCE_SIZE) || + !cbb_add_prefixed_point(cbb, group, &affines[1], + method->prefix_point) || + !cbb_add_prefixed_point(cbb, group, &affines[2], + method->prefix_point)) { + goto err; + } + + if (!point_to_cbb(&batch_cbb, group, &Tp_affine) || + !point_to_cbb(&batch_cbb, group, &affines[0]) || + !point_to_cbb(&batch_cbb, group, &affines[1]) || + !point_to_cbb(&batch_cbb, group, &affines[2])) { + goto err; + } + Tps[i] = Tp; + Sps[i] = jacobians[0]; + Wps[i] = jacobians[1]; + Wsps[i] = jacobians[2]; + + if (!CBB_flush(cbb)) { + goto err; + } + } - uint8_t s[TRUST_TOKEN_NONCE_SIZE]; - RAND_bytes(s, TRUST_TOKEN_NONCE_SIZE); - // The |jacobians| and |affines| contain Sp, Wp, and Wsp. - EC_JACOBIAN jacobians[3]; - EC_AFFINE affines[3]; - if (!method->hash_s(group, &jacobians[0], &Tp_affine, s) || - !ec_point_mul_scalar_batch(group, &jacobians[1], &Tp, &xb, - &jacobians[0], &yb, NULL, NULL) || - !ec_point_mul_scalar_batch(group, &jacobians[2], &Tp, &key->xs, - &jacobians[0], &key->ys, NULL, NULL) || - !ec_jacobian_to_affine_batch(group, affines, jacobians, 3) || - !CBB_add_bytes(cbb, s, TRUST_TOKEN_NONCE_SIZE) || - !cbb_add_prefixed_point(cbb, group, &affines[1], - method->prefix_point) || - !cbb_add_prefixed_point(cbb, group, &affines[2], - method->prefix_point)) { - goto err; + // The DLEQ batching construction is described in appendix B of + // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional + // computations all act on public inputs. + for (size_t i = 0; i < num_to_issue; i++) { + if (!hash_c_batch(method, &es[i], &batch_cbb, i)) { + goto err; + } } - if (!point_to_cbb(&batch_cbb, group, &Tp_affine) || - !point_to_cbb(&batch_cbb, group, &affines[0]) || - !point_to_cbb(&batch_cbb, group, &affines[1]) || - !point_to_cbb(&batch_cbb, group, &affines[2])) { + EC_JACOBIAN Tp_batch, Sp_batch, Wp_batch, Wsp_batch; + if (!ec_point_mul_scalar_public_batch(group, &Tp_batch, + /*g_scalar=*/NULL, Tps, es, + num_to_issue) || + !ec_point_mul_scalar_public_batch(group, &Sp_batch, + /*g_scalar=*/NULL, Sps, es, + num_to_issue) || + !ec_point_mul_scalar_public_batch(group, &Wp_batch, + /*g_scalar=*/NULL, Wps, es, + num_to_issue) || + !ec_point_mul_scalar_public_batch(group, &Wsp_batch, + /*g_scalar=*/NULL, Wsps, es, + num_to_issue)) { goto err; } - Tps[i] = Tp; - Sps[i] = jacobians[0]; - Wps[i] = jacobians[1]; - Wsps[i] = jacobians[2]; - if (!CBB_flush(cbb)) { + CBB proof; + if (!CBB_add_u16_length_prefixed(cbb, &proof) || + !dleq_generate(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch, + &Wsp_batch, private_metadata) || + !CBB_flush(cbb)) { goto err; } - } - // The DLEQ batching construction is described in appendix B of - // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional - // computations all act on public inputs. - for (size_t i = 0; i < num_to_issue; i++) { - if (!hash_c_batch(method, &es[i], &batch_cbb, i)) { + // Skip over any unused requests. + size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED); + size_t token_len = point_len; + if (method->prefix_point) { + token_len += 2; + } + if (!CBS_skip(cbs, token_len * (num_requested - num_to_issue))) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); goto err; } - } - EC_JACOBIAN Tp_batch, Sp_batch, Wp_batch, Wsp_batch; - if (!ec_point_mul_scalar_public_batch(group, &Tp_batch, - /*g_scalar=*/NULL, Tps, es, - num_to_issue) || - !ec_point_mul_scalar_public_batch(group, &Sp_batch, - /*g_scalar=*/NULL, Sps, es, - num_to_issue) || - !ec_point_mul_scalar_public_batch(group, &Wp_batch, - /*g_scalar=*/NULL, Wps, es, - num_to_issue) || - !ec_point_mul_scalar_public_batch(group, &Wsp_batch, - /*g_scalar=*/NULL, Wsps, es, - num_to_issue)) { - goto err; - } - - CBB proof; - if (!CBB_add_u16_length_prefixed(cbb, &proof) || - !dleq_generate(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch, - &Wsp_batch, private_metadata) || - !CBB_flush(cbb)) { - goto err; - } - - // Skip over any unused requests. - size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED); - size_t token_len = point_len; - if (method->prefix_point) { - token_len += 2; - } - if (!CBS_skip(cbs, token_len * (num_requested - num_to_issue))) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); - goto err; + ret = 1; } - ret = 1; - err: OPENSSL_free(Tps); OPENSSL_free(Sps); @@ -936,20 +930,20 @@ static STACK_OF(TRUST_TOKEN) *pmbtoken_unblind( int ok = 0; STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null(); - EC_JACOBIAN *Tps = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Sps = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Wps = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Wsps = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); - EC_SCALAR *es = OPENSSL_calloc(count, sizeof(EC_SCALAR)); + EC_JACOBIAN *Tps = reinterpret_cast( + OPENSSL_calloc(count, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Sps = reinterpret_cast( + OPENSSL_calloc(count, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Wps = reinterpret_cast( + OPENSSL_calloc(count, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Wsps = reinterpret_cast( + OPENSSL_calloc(count, sizeof(EC_JACOBIAN))); + EC_SCALAR *es = + reinterpret_cast(OPENSSL_calloc(count, sizeof(EC_SCALAR))); CBB batch_cbb; CBB_zero(&batch_cbb); - if (ret == NULL || - Tps == NULL || - Sps == NULL || - Wps == NULL || - Wsps == NULL || - es == NULL || - !CBB_init(&batch_cbb, 0) || + if (ret == NULL || Tps == NULL || Sps == NULL || Wps == NULL || + Wsps == NULL || es == NULL || !CBB_init(&batch_cbb, 0) || !point_to_cbb(&batch_cbb, method->group, &key->pubs) || !point_to_cbb(&batch_cbb, method->group, &key->pub0) || !point_to_cbb(&batch_cbb, method->group, &key->pub1)) { @@ -1018,8 +1012,7 @@ static STACK_OF(TRUST_TOKEN) *pmbtoken_unblind( TRUST_TOKEN *token = TRUST_TOKEN_new(CBB_data(&token_cbb), CBB_len(&token_cbb)); CBB_cleanup(&token_cbb); - if (token == NULL || - !sk_TRUST_TOKEN_push(ret, token)) { + if (token == NULL || !sk_TRUST_TOKEN_push(ret, token)) { TRUST_TOKEN_free(token); goto err; } @@ -1163,8 +1156,7 @@ static int pmbtoken_exp1_hash_s(const EC_GROUP *group, EC_JACOBIAN *out, CBB cbb; uint8_t *buf = NULL; size_t len; - if (!CBB_init(&cbb, 0) || - !point_to_cbb(&cbb, group, t) || + if (!CBB_init(&cbb, 0) || !point_to_cbb(&cbb, group, t) || !CBB_add_bytes(&cbb, s, TRUST_TOKEN_NONCE_SIZE) || !CBB_finish(&cbb, &buf, &len) || !ec_hash_to_curve_p384_xmd_sha512_sswu_draft07( @@ -1336,8 +1328,7 @@ static int pmbtoken_exp2_hash_s(const EC_GROUP *group, EC_JACOBIAN *out, CBB cbb; uint8_t *buf = NULL; size_t len; - if (!CBB_init(&cbb, 0) || - !point_to_cbb(&cbb, group, t) || + if (!CBB_init(&cbb, 0) || !point_to_cbb(&cbb, group, t) || !CBB_add_bytes(&cbb, s, TRUST_TOKEN_NONCE_SIZE) || !CBB_finish(&cbb, &buf, &len) || !ec_hash_to_curve_p384_xmd_sha512_sswu_draft07( @@ -1383,8 +1374,7 @@ static void pmbtoken_exp2_init_method_impl(void) { 0x1c, 0x2c, 0x72, 0x25, 0xf0, 0x4a, 0x45, 0x23, 0x2d, 0x57, 0x93, 0x0e, 0xb2, 0x55, 0xb8, 0x57, 0x25, 0x4c, 0x1e, 0xdb, 0xfd, 0x58, 0x70, 0x17, 0x9a, 0xbb, 0x9e, 0x5e, 0x93, 0x9e, 0x92, 0xd3, 0xe8, - 0x25, 0x62, 0xbf, 0x59, 0xb2, 0xd2, 0x3d, 0x71, 0xff - }; + 0x25, 0x62, 0xbf, 0x59, 0xb2, 0xd2, 0x3d, 0x71, 0xff}; pmbtoken_exp2_ok = pmbtoken_init_method( &pmbtoken_exp2_method, EC_group_p384(), kH, sizeof(kH), @@ -1510,12 +1500,11 @@ static int pmbtoken_pst1_hash_s(const EC_GROUP *group, EC_JACOBIAN *out, CBB cbb; uint8_t *buf = NULL; size_t len; - if (!CBB_init(&cbb, 0) || - !point_to_cbb(&cbb, group, t) || + if (!CBB_init(&cbb, 0) || !point_to_cbb(&cbb, group, t) || !CBB_add_bytes(&cbb, s, TRUST_TOKEN_NONCE_SIZE) || !CBB_finish(&cbb, &buf, &len) || - !ec_hash_to_curve_p384_xmd_sha384_sswu( - group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) { + !ec_hash_to_curve_p384_xmd_sha384_sswu(group, out, kHashSLabel, + sizeof(kHashSLabel), buf, len)) { goto err; } @@ -1530,15 +1519,15 @@ static int pmbtoken_pst1_hash_s(const EC_GROUP *group, EC_JACOBIAN *out, static int pmbtoken_pst1_hash_c(const EC_GROUP *group, EC_SCALAR *out, uint8_t *buf, size_t len) { const uint8_t kHashCLabel[] = "PMBTokens PST V1 HashC"; - return ec_hash_to_scalar_p384_xmd_sha384( - group, out, kHashCLabel, sizeof(kHashCLabel), buf, len); + return ec_hash_to_scalar_p384_xmd_sha384(group, out, kHashCLabel, + sizeof(kHashCLabel), buf, len); } static int pmbtoken_pst1_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out, uint8_t *buf, size_t len) { const uint8_t kHashLabel[] = "PMBTokens PST V1 HashToScalar"; - return ec_hash_to_scalar_p384_xmd_sha384( - group, out, kHashLabel, sizeof(kHashLabel), buf, len); + return ec_hash_to_scalar_p384_xmd_sha384(group, out, kHashLabel, + sizeof(kHashLabel), buf, len); } static int pmbtoken_pst1_ok = 0; @@ -1557,8 +1546,7 @@ static void pmbtoken_pst1_init_method_impl(void) { 0xa2, 0x32, 0xf4, 0x22, 0x40, 0x07, 0x2d, 0x9b, 0x6f, 0xab, 0xff, 0x2a, 0x92, 0x03, 0xb1, 0x73, 0x09, 0x1a, 0x6a, 0x4a, 0xc2, 0x4c, 0xac, 0x13, 0x59, 0xf4, 0x28, 0x0e, 0x78, 0x69, 0xa5, 0xdf, 0x0d, - 0x74, 0xeb, 0x14, 0xca, 0x8a, 0x32, 0xbb, 0xd3, 0x91 - }; + 0x74, 0xeb, 0x14, 0xca, 0x8a, 0x32, 0xbb, 0xd3, 0x91}; pmbtoken_pst1_ok = pmbtoken_init_method( &pmbtoken_pst1_method, EC_group_p384(), kH, sizeof(kH), diff --git a/Sources/CCryptoBoringSSL/crypto/trust_token/trust_token.c b/Sources/CCryptoBoringSSL/crypto/trust_token/trust_token.cc similarity index 95% rename from Sources/CCryptoBoringSSL/crypto/trust_token/trust_token.c rename to Sources/CCryptoBoringSSL/crypto/trust_token/trust_token.cc index 31a4fbc9..bc13c604 100644 --- a/Sources/CCryptoBoringSSL/crypto/trust_token/trust_token.c +++ b/Sources/CCryptoBoringSSL/crypto/trust_token/trust_token.cc @@ -118,11 +118,12 @@ void TRUST_TOKEN_PRETOKEN_free(TRUST_TOKEN_PRETOKEN *pretoken) { } TRUST_TOKEN *TRUST_TOKEN_new(const uint8_t *data, size_t len) { - TRUST_TOKEN *ret = OPENSSL_zalloc(sizeof(TRUST_TOKEN)); + TRUST_TOKEN *ret = + reinterpret_cast(OPENSSL_zalloc(sizeof(TRUST_TOKEN))); if (ret == NULL) { return NULL; } - ret->data = OPENSSL_memdup(data, len); + ret->data = reinterpret_cast(OPENSSL_memdup(data, len)); if (len != 0 && ret->data == NULL) { OPENSSL_free(ret); return NULL; @@ -183,7 +184,7 @@ int TRUST_TOKEN_derive_key_from_secret( } if (!method->derive_key_from_secret(&priv_cbb, &pub_cbb, secret, - secret_len)) { + secret_len)) { return 0; } @@ -204,7 +205,8 @@ TRUST_TOKEN_CLIENT *TRUST_TOKEN_CLIENT_new(const TRUST_TOKEN_METHOD *method, return NULL; } - TRUST_TOKEN_CLIENT *ret = OPENSSL_zalloc(sizeof(TRUST_TOKEN_CLIENT)); + TRUST_TOKEN_CLIENT *ret = reinterpret_cast( + OPENSSL_zalloc(sizeof(TRUST_TOKEN_CLIENT))); if (ret == NULL) { return NULL; } @@ -266,8 +268,7 @@ static int trust_token_client_begin_issuance_impl( int ret = 0; CBB request; STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens = NULL; - if (!CBB_init(&request, 0) || - !CBB_add_u16(&request, count)) { + if (!CBB_init(&request, 0) || !CBB_add_u16(&request, count)) { goto err; } @@ -306,17 +307,14 @@ int TRUST_TOKEN_CLIENT_begin_issuance_over_message( } -STACK_OF(TRUST_TOKEN) * - TRUST_TOKEN_CLIENT_finish_issuance(TRUST_TOKEN_CLIENT *ctx, - size_t *out_key_index, - const uint8_t *response, - size_t response_len) { +STACK_OF(TRUST_TOKEN) *TRUST_TOKEN_CLIENT_finish_issuance( + TRUST_TOKEN_CLIENT *ctx, size_t *out_key_index, const uint8_t *response, + size_t response_len) { CBS in; CBS_init(&in, response, response_len); uint16_t count; uint32_t key_id; - if (!CBS_get_u16(&in, &count) || - !CBS_get_u32(&in, &key_id)) { + if (!CBS_get_u16(&in, &count) || !CBS_get_u32(&in, &key_id)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); return NULL; } @@ -397,8 +395,7 @@ int TRUST_TOKEN_CLIENT_finish_redemption(TRUST_TOKEN_CLIENT *ctx, } if (!CBS_get_u16_length_prefixed(&in, &srr) || - !CBS_get_u16_length_prefixed(&in, &sig) || - CBS_len(&in) != 0) { + !CBS_get_u16_length_prefixed(&in, &sig) || CBS_len(&in) != 0) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_ERROR); return 0; } @@ -444,7 +441,8 @@ TRUST_TOKEN_ISSUER *TRUST_TOKEN_ISSUER_new(const TRUST_TOKEN_METHOD *method, return NULL; } - TRUST_TOKEN_ISSUER *ret = OPENSSL_zalloc(sizeof(TRUST_TOKEN_ISSUER)); + TRUST_TOKEN_ISSUER *ret = reinterpret_cast( + OPENSSL_zalloc(sizeof(TRUST_TOKEN_ISSUER))); if (ret == NULL) { return NULL; } @@ -500,7 +498,7 @@ int TRUST_TOKEN_ISSUER_set_metadata_key(TRUST_TOKEN_ISSUER *ctx, } OPENSSL_free(ctx->metadata_key); ctx->metadata_key_len = 0; - ctx->metadata_key = OPENSSL_memdup(key, len); + ctx->metadata_key = reinterpret_cast(OPENSSL_memdup(key, len)); if (ctx->metadata_key == NULL) { return 0; } @@ -550,8 +548,7 @@ int TRUST_TOKEN_ISSUER_issue(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, int ret = 0; CBB response; - if (!CBB_init(&response, 0) || - !CBB_add_u16(&response, num_to_issue) || + if (!CBB_init(&response, 0) || !CBB_add_u16(&response, num_to_issue) || !CBB_add_u32(&response, public_metadata)) { goto err; } @@ -620,11 +617,12 @@ static int trust_token_issuer_redeem_impl( uint8_t *client_data_buf = NULL; size_t client_data_len = 0; + TRUST_TOKEN *token; if (!CBS_stow(&client_data, &client_data_buf, &client_data_len)) { goto err; } - TRUST_TOKEN *token = TRUST_TOKEN_new(nonce, TRUST_TOKEN_NONCE_SIZE); + token = TRUST_TOKEN_new(nonce, TRUST_TOKEN_NONCE_SIZE); if (token == NULL) { goto err; } diff --git a/Sources/CCryptoBoringSSL/crypto/trust_token/voprf.c b/Sources/CCryptoBoringSSL/crypto/trust_token/voprf.cc similarity index 83% rename from Sources/CCryptoBoringSSL/crypto/trust_token/voprf.c rename to Sources/CCryptoBoringSSL/crypto/trust_token/voprf.cc index 5c1d372d..25e2e45e 100644 --- a/Sources/CCryptoBoringSSL/crypto/trust_token/voprf.c +++ b/Sources/CCryptoBoringSSL/crypto/trust_token/voprf.cc @@ -209,8 +209,8 @@ static STACK_OF(TRUST_TOKEN_PRETOKEN) *voprf_blind(const VOPRF_METHOD *method, for (size_t i = 0; i < count; i++) { // Insert |pretoken| into |pretokens| early to simplify error-handling. - TRUST_TOKEN_PRETOKEN *pretoken = - OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN)); + TRUST_TOKEN_PRETOKEN *pretoken = reinterpret_cast( + OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN))); if (pretoken == NULL || !sk_TRUST_TOKEN_PRETOKEN_push(pretokens, pretoken)) { TRUST_TOKEN_PRETOKEN_free(pretoken); @@ -230,8 +230,7 @@ static STACK_OF(TRUST_TOKEN_PRETOKEN) *voprf_blind(const VOPRF_METHOD *method, // We sample r in Montgomery form to simplify inverting. EC_SCALAR r; - if (!ec_random_nonzero_scalar(group, &r, - kDefaultAdditionalData)) { + if (!ec_random_nonzero_scalar(group, &r, kDefaultAdditionalData)) { goto err; } @@ -275,12 +274,9 @@ static int hash_to_scalar_dleq(const VOPRF_METHOD *method, EC_SCALAR *out, size_t len; if (!CBB_init(&cbb, 0) || !CBB_add_bytes(&cbb, kDLEQLabel, sizeof(kDLEQLabel)) || - !cbb_add_point(&cbb, group, X) || - !cbb_add_point(&cbb, group, T) || - !cbb_add_point(&cbb, group, W) || - !cbb_add_point(&cbb, group, K0) || - !cbb_add_point(&cbb, group, K1) || - !CBB_finish(&cbb, &buf, &len) || + !cbb_add_point(&cbb, group, X) || !cbb_add_point(&cbb, group, T) || + !cbb_add_point(&cbb, group, W) || !cbb_add_point(&cbb, group, K0) || + !cbb_add_point(&cbb, group, K1) || !CBB_finish(&cbb, &buf, &len) || !method->hash_to_scalar(group, out, buf, len)) { goto err; } @@ -335,8 +331,7 @@ static int hash_to_scalar_batch(const VOPRF_METHOD *method, EC_SCALAR *out, if (!CBB_init(&cbb, 0) || !CBB_add_bytes(&cbb, kDLEQBatchLabel, sizeof(kDLEQBatchLabel)) || !CBB_add_bytes(&cbb, CBB_data(points), CBB_len(points)) || - !CBB_add_u16(&cbb, (uint16_t)index) || - !CBB_finish(&cbb, &buf, &len) || + !CBB_add_u16(&cbb, (uint16_t)index) || !CBB_finish(&cbb, &buf, &len) || !method->hash_to_scalar(method->group_func(), out, buf, len)) { goto err; } @@ -365,11 +360,11 @@ static int dleq_generate(const VOPRF_METHOD *method, CBB *cbb, // Setup the DLEQ proof. EC_SCALAR r; - if (// r <- Zp + if ( // r <- Zp !ec_random_nonzero_scalar(group, &r, kDefaultAdditionalData) || // k0;k1 = r*(G;T) !ec_point_mul_scalar_base(group, &jacobians[idx_k0], &r) || - !ec_point_mul_scalar(group, &jacobians[idx_k1], T, &r)) { + !ec_point_mul_scalar(group, &jacobians[idx_k1], T, &r)) { return 0; } @@ -398,8 +393,7 @@ static int dleq_generate(const VOPRF_METHOD *method, CBB *cbb, ec_scalar_add(group, &u, &r, &u); // Store DLEQ proof in transcript. - if (!scalar_to_cbb(cbb, group, &c) || - !scalar_to_cbb(cbb, group, &u)) { + if (!scalar_to_cbb(cbb, group, &c) || !scalar_to_cbb(cbb, group, &u)) { return 0; } @@ -432,8 +426,7 @@ static int dleq_verify(const VOPRF_METHOD *method, CBS *cbs, // Decode the DLEQ proof. EC_SCALAR c, u; - if (!scalar_from_cbs(cbs, group, &c) || - !scalar_from_cbs(cbs, group, &u)) { + if (!scalar_from_cbs(cbs, group, &c) || !scalar_from_cbs(cbs, group, &u)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); return 0; } @@ -484,80 +477,83 @@ static int voprf_sign_tt(const VOPRF_METHOD *method, } int ret = 0; - EC_JACOBIAN *BTs = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Zs = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); - EC_SCALAR *es = OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR)); + EC_JACOBIAN *BTs = reinterpret_cast( + OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Zs = reinterpret_cast( + OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN))); + EC_SCALAR *es = reinterpret_cast( + OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR))); CBB batch_cbb; CBB_zero(&batch_cbb); - if (!BTs || - !Zs || - !es || - !CBB_init(&batch_cbb, 0) || - !cbb_add_point(&batch_cbb, group, &key->pubs)) { - goto err; - } - for (size_t i = 0; i < num_to_issue; i++) { - EC_AFFINE BT_affine, Z_affine; - EC_JACOBIAN BT, Z; - if (!cbs_get_point(cbs, group, &BT_affine)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + { + if (!BTs || !Zs || !es || !CBB_init(&batch_cbb, 0) || + !cbb_add_point(&batch_cbb, group, &key->pubs)) { goto err; } - ec_affine_to_jacobian(group, &BT, &BT_affine); - if (!ec_point_mul_scalar(group, &Z, &BT, &key->xs) || - !ec_jacobian_to_affine(group, &Z_affine, &Z) || - !cbb_add_point(cbb, group, &Z_affine)) { - goto err; + + for (size_t i = 0; i < num_to_issue; i++) { + EC_AFFINE BT_affine, Z_affine; + EC_JACOBIAN BT, Z; + if (!cbs_get_point(cbs, group, &BT_affine)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + goto err; + } + ec_affine_to_jacobian(group, &BT, &BT_affine); + if (!ec_point_mul_scalar(group, &Z, &BT, &key->xs) || + !ec_jacobian_to_affine(group, &Z_affine, &Z) || + !cbb_add_point(cbb, group, &Z_affine)) { + goto err; + } + + if (!cbb_add_point(&batch_cbb, group, &BT_affine) || + !cbb_add_point(&batch_cbb, group, &Z_affine)) { + goto err; + } + BTs[i] = BT; + Zs[i] = Z; + + if (!CBB_flush(cbb)) { + goto err; + } } - if (!cbb_add_point(&batch_cbb, group, &BT_affine) || - !cbb_add_point(&batch_cbb, group, &Z_affine)) { - goto err; + // The DLEQ batching construction is described in appendix B of + // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional + // computations all act on public inputs. + for (size_t i = 0; i < num_to_issue; i++) { + if (!hash_to_scalar_batch(method, &es[i], &batch_cbb, i)) { + goto err; + } } - BTs[i] = BT; - Zs[i] = Z; - if (!CBB_flush(cbb)) { + EC_JACOBIAN BT_batch, Z_batch; + if (!ec_point_mul_scalar_public_batch(group, &BT_batch, + /*g_scalar=*/NULL, BTs, es, + num_to_issue) || + !ec_point_mul_scalar_public_batch(group, &Z_batch, + /*g_scalar=*/NULL, Zs, es, + num_to_issue)) { goto err; } - } - // The DLEQ batching construction is described in appendix B of - // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional - // computations all act on public inputs. - for (size_t i = 0; i < num_to_issue; i++) { - if (!hash_to_scalar_batch(method, &es[i], &batch_cbb, i)) { + CBB proof; + if (!CBB_add_u16_length_prefixed(cbb, &proof) || + !dleq_generate(method, &proof, key, &BT_batch, &Z_batch) || + !CBB_flush(cbb)) { goto err; } - } - - EC_JACOBIAN BT_batch, Z_batch; - if (!ec_point_mul_scalar_public_batch(group, &BT_batch, - /*g_scalar=*/NULL, BTs, es, - num_to_issue) || - !ec_point_mul_scalar_public_batch(group, &Z_batch, - /*g_scalar=*/NULL, Zs, es, - num_to_issue)) { - goto err; - } - CBB proof; - if (!CBB_add_u16_length_prefixed(cbb, &proof) || - !dleq_generate(method, &proof, key, &BT_batch, &Z_batch) || - !CBB_flush(cbb)) { - goto err; - } + // Skip over any unused requests. + size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED); + if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + goto err; + } - // Skip over any unused requests. - size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED); - if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); - goto err; + ret = 1; } - ret = 1; - err: OPENSSL_free(BTs); OPENSSL_free(Zs); @@ -578,15 +574,15 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind_tt( int ok = 0; STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null(); - EC_JACOBIAN *BTs = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Zs = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); - EC_SCALAR *es = OPENSSL_calloc(count, sizeof(EC_SCALAR)); + EC_JACOBIAN *BTs = reinterpret_cast( + OPENSSL_calloc(count, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Zs = reinterpret_cast( + OPENSSL_calloc(count, sizeof(EC_JACOBIAN))); + EC_SCALAR *es = + reinterpret_cast(OPENSSL_calloc(count, sizeof(EC_SCALAR))); CBB batch_cbb; CBB_zero(&batch_cbb); - if (ret == NULL || - BTs == NULL || - Zs == NULL || - es == NULL || + if (ret == NULL || BTs == NULL || Zs == NULL || es == NULL || !CBB_init(&batch_cbb, 0) || !cbb_add_point(&batch_cbb, group, &key->pubs)) { goto err; @@ -635,8 +631,7 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind_tt( TRUST_TOKEN *token = TRUST_TOKEN_new(CBB_data(&token_cbb), CBB_len(&token_cbb)); CBB_cleanup(&token_cbb); - if (token == NULL || - !sk_TRUST_TOKEN_push(ret, token)) { + if (token == NULL || !sk_TRUST_TOKEN_push(ret, token)) { TRUST_TOKEN_free(token); goto err; } @@ -681,15 +676,17 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind_tt( } static void sha384_update_u16(SHA512_CTX *ctx, uint16_t v) { - uint8_t buf[2] = {v >> 8, v & 0xff}; + uint8_t buf[2] = {static_cast(v >> 8), + static_cast(v & 0xff)}; SHA384_Update(ctx, buf, 2); } -static void sha384_update_point_with_length( - SHA512_CTX *ctx, const EC_GROUP *group, const EC_AFFINE *point) { +static void sha384_update_point_with_length(SHA512_CTX *ctx, + const EC_GROUP *group, + const EC_AFFINE *point) { uint8_t buf[EC_MAX_COMPRESSED]; - size_t len = ec_point_to_bytes(group, point, POINT_CONVERSION_COMPRESSED, - buf, sizeof(buf)); + size_t len = ec_point_to_bytes(group, point, POINT_CONVERSION_COMPRESSED, buf, + sizeof(buf)); assert(len > 0); sha384_update_u16(ctx, (uint16_t)len); SHA384_Update(ctx, buf, len); @@ -729,11 +726,9 @@ static int compute_composite_element(const VOPRF_METHOD *method, if (!CBB_init_fixed(&cbb, transcript, sizeof(transcript)) || !CBB_add_u16(&cbb, SHA384_DIGEST_LENGTH) || !CBB_add_bytes(&cbb, seed, SHA384_DIGEST_LENGTH) || - !CBB_add_u16(&cbb, index) || - !cbb_serialize_point(&cbb, group, C) || + !CBB_add_u16(&cbb, index) || !cbb_serialize_point(&cbb, group, C) || !cbb_serialize_point(&cbb, group, D) || - !CBB_add_bytes(&cbb, kCompositeLabel, - sizeof(kCompositeLabel) - 1) || + !CBB_add_bytes(&cbb, kCompositeLabel, sizeof(kCompositeLabel) - 1) || !CBB_finish(&cbb, NULL, &len) || !method->hash_to_scalar(group, di, transcript, len)) { return 0; @@ -786,8 +781,7 @@ static int generate_proof(const VOPRF_METHOD *method, CBB *cbb, ec_scalar_sub(group, &s, r, &s); // Store DLEQ proof in transcript. - if (!scalar_to_cbb(cbb, group, &c) || - !scalar_to_cbb(cbb, group, &s)) { + if (!scalar_to_cbb(cbb, group, &c) || !scalar_to_cbb(cbb, group, &s)) { return 0; } @@ -795,8 +789,8 @@ static int generate_proof(const VOPRF_METHOD *method, CBB *cbb, } static int verify_proof(const VOPRF_METHOD *method, CBS *cbs, - const TRUST_TOKEN_CLIENT_KEY *pub, - const EC_JACOBIAN *M, const EC_JACOBIAN *Z) { + const TRUST_TOKEN_CLIENT_KEY *pub, const EC_JACOBIAN *M, + const EC_JACOBIAN *Z) { const EC_GROUP *group = method->group_func(); enum { @@ -809,16 +803,14 @@ static int verify_proof(const VOPRF_METHOD *method, CBS *cbs, EC_JACOBIAN jacobians[num_idx]; EC_SCALAR c, s; - if (!scalar_from_cbs(cbs, group, &c) || - !scalar_from_cbs(cbs, group, &s)) { + if (!scalar_from_cbs(cbs, group, &c) || !scalar_from_cbs(cbs, group, &s)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); return 0; } EC_JACOBIAN pubs; ec_affine_to_jacobian(group, &pubs, &pub->pubs); - if (!ec_point_mul_scalar_public(group, &jacobians[idx_t2], &s, &pubs, - &c) || + if (!ec_point_mul_scalar_public(group, &jacobians[idx_t2], &s, &pubs, &c) || !mul_public_2(group, &jacobians[idx_t3], M, &s, Z, &c)) { return 0; } @@ -857,72 +849,78 @@ static int voprf_sign_impl(const VOPRF_METHOD *method, } int ret = 0; - EC_JACOBIAN *BTs = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Zs = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); - EC_SCALAR *dis = OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR)); - if (!BTs || !Zs || !dis) { - goto err; - } - - uint8_t seed[SHA384_DIGEST_LENGTH]; - if (!compute_composite_seed(method, seed, &key->pubs)) { - goto err; - } - - // This implements the BlindEvaluateBatch as defined in section 4 of - // draft-robert-privacypass-batched-tokens-01, based on the constructions - // in draft-irtf-cfrg-voprf-21. To optimize the computation of the proof, - // the computation of di is done during the token signing and passed into - // the proof generation. - for (size_t i = 0; i < num_to_issue; i++) { - EC_AFFINE BT_affine, Z_affine; - EC_JACOBIAN BT, Z; - if (!cbs_get_point(cbs, group, &BT_affine)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + EC_JACOBIAN *BTs = reinterpret_cast( + OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Zs = reinterpret_cast( + OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN))); + EC_SCALAR *dis = reinterpret_cast( + OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR))); + + { + if (!BTs || !Zs || !dis) { goto err; } - ec_affine_to_jacobian(group, &BT, &BT_affine); - if (!ec_point_mul_scalar(group, &Z, &BT, &key->xs) || - !ec_jacobian_to_affine(group, &Z_affine, &Z) || - !cbb_add_point(cbb, group, &Z_affine)) { + + uint8_t seed[SHA384_DIGEST_LENGTH]; + if (!compute_composite_seed(method, seed, &key->pubs)) { goto err; } - BTs[i] = BT; - Zs[i] = Z; - if (!compute_composite_element(method, seed, &dis[i], i, &BT_affine, - &Z_affine)) { - goto err; + + // This implements the BlindEvaluateBatch as defined in section 4 of + // draft-robert-privacypass-batched-tokens-01, based on the constructions + // in draft-irtf-cfrg-voprf-21. To optimize the computation of the proof, + // the computation of di is done during the token signing and passed into + // the proof generation. + for (size_t i = 0; i < num_to_issue; i++) { + EC_AFFINE BT_affine, Z_affine; + EC_JACOBIAN BT, Z; + if (!cbs_get_point(cbs, group, &BT_affine)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + goto err; + } + ec_affine_to_jacobian(group, &BT, &BT_affine); + if (!ec_point_mul_scalar(group, &Z, &BT, &key->xs) || + !ec_jacobian_to_affine(group, &Z_affine, &Z) || + !cbb_add_point(cbb, group, &Z_affine)) { + goto err; + } + BTs[i] = BT; + Zs[i] = Z; + if (!compute_composite_element(method, seed, &dis[i], i, &BT_affine, + &Z_affine)) { + goto err; + } + + if (!CBB_flush(cbb)) { + goto err; + } } - if (!CBB_flush(cbb)) { + EC_JACOBIAN M, Z; + if (!ec_point_mul_scalar_public_batch(group, &M, + /*g_scalar=*/NULL, BTs, dis, + num_to_issue) || + !ec_point_mul_scalar(group, &Z, &M, &key->xs)) { goto err; } - } - EC_JACOBIAN M, Z; - if (!ec_point_mul_scalar_public_batch(group, &M, - /*g_scalar=*/NULL, BTs, dis, - num_to_issue) || - !ec_point_mul_scalar(group, &Z, &M, &key->xs)) { - goto err; - } + CBB proof; + if (!CBB_add_u16_length_prefixed(cbb, &proof) || + !generate_proof(method, &proof, key, proof_scalar, &M, &Z) || + !CBB_flush(cbb)) { + goto err; + } - CBB proof; - if (!CBB_add_u16_length_prefixed(cbb, &proof) || - !generate_proof(method, &proof, key, proof_scalar, &M, &Z) || - !CBB_flush(cbb)) { - goto err; - } + // Skip over any unused requests. + size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED); + if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + goto err; + } - // Skip over any unused requests. - size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED); - if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); - goto err; + ret = 1; } - ret = 1; - err: OPENSSL_free(BTs); OPENSSL_free(Zs); @@ -968,9 +966,12 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind( int ok = 0; STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null(); - EC_JACOBIAN *BTs = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Zs = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); - EC_SCALAR *dis = OPENSSL_calloc(count, sizeof(EC_SCALAR)); + EC_JACOBIAN *BTs = reinterpret_cast( + OPENSSL_calloc(count, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Zs = reinterpret_cast( + OPENSSL_calloc(count, sizeof(EC_JACOBIAN))); + EC_SCALAR *dis = + reinterpret_cast(OPENSSL_calloc(count, sizeof(EC_SCALAR))); if (ret == NULL || !BTs || !Zs || !dis) { goto err; } @@ -1022,8 +1023,7 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind( TRUST_TOKEN *token = TRUST_TOKEN_new(CBB_data(&token_cbb), CBB_len(&token_cbb)); CBB_cleanup(&token_cbb); - if (token == NULL || - !sk_TRUST_TOKEN_push(ret, token)) { + if (token == NULL || !sk_TRUST_TOKEN_push(ret, token)) { TRUST_TOKEN_free(token); goto err; } @@ -1031,18 +1031,15 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind( EC_JACOBIAN M, Z; if (!ec_point_mul_scalar_public_batch(group, &M, - /*g_scalar=*/NULL, BTs, dis, - count) || + /*g_scalar=*/NULL, BTs, dis, count) || !ec_point_mul_scalar_public_batch(group, &Z, - /*g_scalar=*/NULL, Zs, dis, - count)) { + /*g_scalar=*/NULL, Zs, dis, count)) { goto err; } CBS proof; if (!CBS_get_u16_length_prefixed(cbs, &proof) || - !verify_proof(method, &proof, key, &M, &Z) || - CBS_len(&proof) != 0) { + !verify_proof(method, &proof, key, &M, &Z) || CBS_len(&proof) != 0) { goto err; } @@ -1069,8 +1066,7 @@ static int voprf_read(const VOPRF_METHOD *method, CBS_init(&cbs, token, token_len); EC_AFFINE Ws; if (!CBS_get_bytes(&cbs, &salt, TRUST_TOKEN_NONCE_SIZE) || - !cbs_get_point(&cbs, group, &Ws) || - CBS_len(&cbs) != 0) { + !cbs_get_point(&cbs, group, &Ws) || CBS_len(&cbs) != 0) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN); return 0; } @@ -1113,7 +1109,7 @@ static int voprf_exp2_hash_to_group(const EC_GROUP *group, EC_JACOBIAN *out, } static int voprf_exp2_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out, - uint8_t *buf, size_t len) { + uint8_t *buf, size_t len) { const uint8_t kHashCLabel[] = "TrustToken VOPRF Experiment V2 HashToScalar"; return ec_hash_to_scalar_p384_xmd_sha512_draft07( group, out, kHashCLabel, sizeof(kHashCLabel), buf, len); @@ -1189,7 +1185,7 @@ static int voprf_pst1_hash_to_group(const EC_GROUP *group, EC_JACOBIAN *out, } static int voprf_pst1_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out, - uint8_t *buf, size_t len) { + uint8_t *buf, size_t len) { const uint8_t kHashCLabel[] = "HashToScalar-OPRFV1-\x01-P384-SHA384"; return ec_hash_to_scalar_p384_xmd_sha384(group, out, kHashCLabel, sizeof(kHashCLabel) - 1, buf, len); diff --git a/Sources/CCryptoBoringSSL/crypto/x509/a_digest.c b/Sources/CCryptoBoringSSL/crypto/x509/a_digest.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/x509/a_digest.c rename to Sources/CCryptoBoringSSL/crypto/x509/a_digest.cc index 77a185f2..af9394ad 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/a_digest.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/a_digest.cc @@ -83,7 +83,7 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, int i, ret; unsigned char *str = NULL; - i = ASN1_item_i2d(asn, &str, it); + i = ASN1_item_i2d(reinterpret_cast(asn), &str, it); if (!str) { return 0; } diff --git a/Sources/CCryptoBoringSSL/crypto/x509/a_sign.c b/Sources/CCryptoBoringSSL/crypto/x509/a_sign.cc similarity index 79% rename from Sources/CCryptoBoringSSL/crypto/x509/a_sign.c rename to Sources/CCryptoBoringSSL/crypto/x509/a_sign.cc index 2bb6770e..1ebc5e05 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/a_sign.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/a_sign.cc @@ -87,46 +87,49 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, void *asn, EVP_MD_CTX *ctx) { int ret = 0; uint8_t *in = NULL, *out = NULL; - if (signature->type != V_ASN1_BIT_STRING) { - OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE); - goto err; - } - // Write out the requested copies of the AlgorithmIdentifier. - if (algor1 && !x509_digest_sign_algorithm(ctx, algor1)) { - goto err; - } - if (algor2 && !x509_digest_sign_algorithm(ctx, algor2)) { - goto err; - } + { + if (signature->type != V_ASN1_BIT_STRING) { + OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE); + goto err; + } - int in_len = ASN1_item_i2d(asn, &in, it); - if (in_len < 0) { - goto err; - } + // Write out the requested copies of the AlgorithmIdentifier. + if (algor1 && !x509_digest_sign_algorithm(ctx, algor1)) { + goto err; + } + if (algor2 && !x509_digest_sign_algorithm(ctx, algor2)) { + goto err; + } - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); - size_t out_len = EVP_PKEY_size(pkey); - if (out_len > INT_MAX) { - OPENSSL_PUT_ERROR(X509, ERR_R_OVERFLOW); - goto err; - } + int in_len = ASN1_item_i2d(reinterpret_cast(asn), &in, it); + if (in_len < 0) { + goto err; + } - out = OPENSSL_malloc(out_len); - if (out == NULL) { - goto err; - } + EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); + size_t out_len = EVP_PKEY_size(pkey); + if (out_len > INT_MAX) { + OPENSSL_PUT_ERROR(X509, ERR_R_OVERFLOW); + goto err; + } - if (!EVP_DigestSign(ctx, out, &out_len, in, in_len)) { - OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB); - goto err; - } + out = reinterpret_cast(OPENSSL_malloc(out_len)); + if (out == NULL) { + goto err; + } - ASN1_STRING_set0(signature, out, (int)out_len); - out = NULL; - signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; - ret = (int)out_len; + if (!EVP_DigestSign(ctx, out, &out_len, in, in_len)) { + OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB); + goto err; + } + + ASN1_STRING_set0(signature, out, (int)out_len); + out = NULL; + signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); + signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; + ret = (int)out_len; + } err: EVP_MD_CTX_cleanup(ctx); diff --git a/Sources/CCryptoBoringSSL/crypto/x509/a_verify.c b/Sources/CCryptoBoringSSL/crypto/x509/a_verify.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/x509/a_verify.c rename to Sources/CCryptoBoringSSL/crypto/x509/a_verify.cc index e7c1e356..55b12857 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/a_verify.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/a_verify.cc @@ -95,7 +95,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *a, goto err; } - inl = ASN1_item_i2d(asn, &buf_in, it); + inl = ASN1_item_i2d(reinterpret_cast(asn), &buf_in, it); if (buf_in == NULL) { goto err; diff --git a/Sources/CCryptoBoringSSL/crypto/x509/algorithm.c b/Sources/CCryptoBoringSSL/crypto/x509/algorithm.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/algorithm.c rename to Sources/CCryptoBoringSSL/crypto/x509/algorithm.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/asn1_gen.c b/Sources/CCryptoBoringSSL/crypto/x509/asn1_gen.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/x509/asn1_gen.c rename to Sources/CCryptoBoringSSL/crypto/x509/asn1_gen.cc index 2517eeb0..2725de3d 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/asn1_gen.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/asn1_gen.cc @@ -133,8 +133,7 @@ static int cbs_str_equal(const CBS *cbs, const char *str) { static CBS_ASN1_TAG parse_tag(const CBS *cbs) { CBS copy = *cbs; uint64_t num; - if (!CBS_get_u64_decimal(©, &num) || - num > CBS_ASN1_TAG_NUMBER_MASK) { + if (!CBS_get_u64_decimal(©, &num) || num > CBS_ASN1_TAG_NUMBER_MASK) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER); return 0; } @@ -400,8 +399,7 @@ static int generate_v3(CBB *cbb, const char *str, const X509V3_CTX *cnf, uint8_t *out; int ok = len > 0 && // CBB_add_space(&child, &out, len) && - i2c_ASN1_INTEGER(obj, &out) == len && - CBB_flush(cbb); + i2c_ASN1_INTEGER(obj, &out) == len && CBB_flush(cbb); ASN1_INTEGER_free(obj); return ok; } @@ -428,7 +426,7 @@ static int generate_v3(CBB *cbb, const char *str, const X509V3_CTX *cnf, return 0; } CBS value_cbs; - CBS_init(&value_cbs, (const uint8_t*)value, strlen(value)); + CBS_init(&value_cbs, (const uint8_t *)value, strlen(value)); int ok = type == CBS_ASN1_UTCTIME ? CBS_parse_utc_time(&value_cbs, NULL, /*allow_timezone_offset=*/0) @@ -578,7 +576,8 @@ static int bitstr_cb(const char *elem, size_t len, void *bitstr) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER); return 0; } - if (!ASN1_BIT_STRING_set_bit(bitstr, (int)bitnum, 1)) { + if (!ASN1_BIT_STRING_set_bit(reinterpret_cast(bitstr), + (int)bitnum, 1)) { return 0; } return 1; diff --git a/Sources/CCryptoBoringSSL/crypto/x509/by_dir.c b/Sources/CCryptoBoringSSL/crypto/x509/by_dir.cc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/x509/by_dir.c rename to Sources/CCryptoBoringSSL/crypto/x509/by_dir.cc index 6b71063e..41db918c 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/by_dir.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/by_dir.cc @@ -108,7 +108,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, int ret = 0; char *dir = NULL; - BY_DIR *ld = ctx->method_data; + BY_DIR *ld = reinterpret_cast(ctx->method_data); switch (cmd) { case X509_L_ADD_DIR: @@ -165,7 +165,7 @@ static void by_dir_entry_free(BY_DIR_ENTRY *ent) { } static void free_dir(X509_LOOKUP *lu) { - BY_DIR *a = lu->method_data; + BY_DIR *a = reinterpret_cast(lu->method_data); if (a != NULL) { sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free); OPENSSL_free(a); @@ -213,7 +213,8 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) { return 0; } } - ent = OPENSSL_malloc(sizeof(BY_DIR_ENTRY)); + ent = reinterpret_cast( + OPENSSL_malloc(sizeof(BY_DIR_ENTRY))); if (!ent) { return 0; } @@ -258,6 +259,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, } stmp.type = type; + BY_DIR *ctx = reinterpret_cast(xl->method_data); if (type == X509_LU_X509) { data.x509.st_x509.cert_info = &data.x509.st_x509_cinf; data.x509.st_x509_cinf.subject = name; @@ -278,8 +280,6 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, goto finish; } - BY_DIR *ctx = xl->method_data; - hash_array[0] = X509_NAME_hash(name); hash_array[1] = X509_NAME_hash_old(name); for (hash_index = 0; hash_index < 2; ++hash_index) { @@ -353,7 +353,8 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, } } if (!hent) { - hent = OPENSSL_malloc(sizeof(BY_DIR_HASH)); + hent = reinterpret_cast( + OPENSSL_malloc(sizeof(BY_DIR_HASH))); if (hent == NULL) { CRYPTO_MUTEX_unlock_write(&ent->lock); ok = 0; diff --git a/Sources/CCryptoBoringSSL/crypto/x509/by_file.c b/Sources/CCryptoBoringSSL/crypto/x509/by_file.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/by_file.c rename to Sources/CCryptoBoringSSL/crypto/x509/by_file.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/i2d_pr.c b/Sources/CCryptoBoringSSL/crypto/x509/i2d_pr.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/i2d_pr.c rename to Sources/CCryptoBoringSSL/crypto/x509/i2d_pr.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/name_print.c b/Sources/CCryptoBoringSSL/crypto/x509/name_print.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/name_print.c rename to Sources/CCryptoBoringSSL/crypto/x509/name_print.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/policy.c b/Sources/CCryptoBoringSSL/crypto/x509/policy.cc similarity index 75% rename from Sources/CCryptoBoringSSL/crypto/x509/policy.c rename to Sources/CCryptoBoringSSL/crypto/x509/policy.cc index b102e32e..16f6d00b 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/policy.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/policy.cc @@ -105,7 +105,8 @@ static void x509_policy_node_free(X509_POLICY_NODE *node) { static X509_POLICY_NODE *x509_policy_node_new(const ASN1_OBJECT *policy) { assert(!is_any_policy(policy)); - X509_POLICY_NODE *node = OPENSSL_zalloc(sizeof(X509_POLICY_NODE)); + X509_POLICY_NODE *node = reinterpret_cast( + OPENSSL_zalloc(sizeof(X509_POLICY_NODE))); if (node == NULL) { return NULL; } @@ -131,7 +132,8 @@ static void x509_policy_level_free(X509_POLICY_LEVEL *level) { } static X509_POLICY_LEVEL *x509_policy_level_new(void) { - X509_POLICY_LEVEL *level = OPENSSL_zalloc(sizeof(X509_POLICY_LEVEL)); + X509_POLICY_LEVEL *level = reinterpret_cast( + OPENSSL_zalloc(sizeof(X509_POLICY_LEVEL))); if (level == NULL) { return NULL; } @@ -203,7 +205,8 @@ static int policyinfo_cmp(const POLICYINFO *const *a, } static int delete_if_not_in_policies(X509_POLICY_NODE *node, void *data) { - const CERTIFICATEPOLICIES *policies = data; + const CERTIFICATEPOLICIES *policies = + reinterpret_cast(data); assert(sk_POLICYINFO_is_sorted(policies)); POLICYINFO info; info.policyid = node->policy; @@ -227,81 +230,86 @@ static int process_certificate_policies(const X509 *x509, int ret = 0; int critical; STACK_OF(X509_POLICY_NODE) *new_nodes = NULL; - CERTIFICATEPOLICIES *policies = - X509_get_ext_d2i(x509, NID_certificate_policies, &critical, NULL); - if (policies == NULL) { - if (critical != -1) { - return 0; // Syntax error in the extension. - } - - // RFC 5280, section 6.1.3, step (e). - x509_policy_level_clear(level); - return 1; - } + CERTIFICATEPOLICIES *policies = reinterpret_cast( + X509_get_ext_d2i(x509, NID_certificate_policies, &critical, NULL)); - // certificatePolicies may not be empty. See RFC 5280, section 4.2.1.4. - // TODO(https://crbug.com/boringssl/443): Move this check into the parser. - if (sk_POLICYINFO_num(policies) == 0) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); - goto err; - } + { + if (policies == NULL) { + if (critical != -1) { + return 0; // Syntax error in the extension. + } - sk_POLICYINFO_set_cmp_func(policies, policyinfo_cmp); - sk_POLICYINFO_sort(policies); - int cert_has_any_policy = 0; - for (size_t i = 0; i < sk_POLICYINFO_num(policies); i++) { - const POLICYINFO *policy = sk_POLICYINFO_value(policies, i); - if (is_any_policy(policy->policyid)) { - cert_has_any_policy = 1; + // RFC 5280, section 6.1.3, step (e). + x509_policy_level_clear(level); + return 1; } - if (i > 0 && OBJ_cmp(sk_POLICYINFO_value(policies, i - 1)->policyid, - policy->policyid) == 0) { - // Per RFC 5280, section 4.2.1.4, |policies| may not have duplicates. + + // certificatePolicies may not be empty. See RFC 5280, section 4.2.1.4. + // TODO(https://crbug.com/boringssl/443): Move this check into the parser. + if (sk_POLICYINFO_num(policies) == 0) { OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); goto err; } - } - // This does the same thing as RFC 5280, section 6.1.3, step (d), though in - // a slighty different order. |level| currently contains "expected_policy_set" - // values of the previous level. See |process_policy_mappings| for details. - const int previous_level_has_any_policy = level->has_any_policy; - - // First, we handle steps (d.1.i) and (d.2). The net effect of these two steps - // is to intersect |level| with |policies|, ignoring anyPolicy if it is - // inhibited. - if (!cert_has_any_policy || !any_policy_allowed) { - sk_X509_POLICY_NODE_delete_if(level->nodes, delete_if_not_in_policies, - policies); - level->has_any_policy = 0; - } - - // Step (d.1.ii) may attach new nodes to the previous level's anyPolicy node. - if (previous_level_has_any_policy) { - new_nodes = sk_X509_POLICY_NODE_new_null(); - if (new_nodes == NULL) { - goto err; - } + sk_POLICYINFO_set_cmp_func(policies, policyinfo_cmp); + sk_POLICYINFO_sort(policies); + int cert_has_any_policy = 0; for (size_t i = 0; i < sk_POLICYINFO_num(policies); i++) { const POLICYINFO *policy = sk_POLICYINFO_value(policies, i); - // Though we've reordered the steps slightly, |policy| is in |level| if - // and only if it would have been a match in step (d.1.ii). - if (!is_any_policy(policy->policyid) && - x509_policy_level_find(level, policy->policyid) == NULL) { - X509_POLICY_NODE *node = x509_policy_node_new(policy->policyid); - if (node == NULL || // - !sk_X509_POLICY_NODE_push(new_nodes, node)) { - x509_policy_node_free(node); - goto err; - } + if (is_any_policy(policy->policyid)) { + cert_has_any_policy = 1; + } + if (i > 0 && OBJ_cmp(sk_POLICYINFO_value(policies, i - 1)->policyid, + policy->policyid) == 0) { + // Per RFC 5280, section 4.2.1.4, |policies| may not have duplicates. + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); + goto err; } } - if (!x509_policy_level_add_nodes(level, new_nodes)) { - goto err; + + // This does the same thing as RFC 5280, section 6.1.3, step (d), though in + // a slighty different order. |level| currently contains + // "expected_policy_set" values of the previous level. See + // |process_policy_mappings| for details. + const int previous_level_has_any_policy = level->has_any_policy; + + // First, we handle steps (d.1.i) and (d.2). The net effect of these two + // steps is to intersect |level| with |policies|, ignoring anyPolicy if it + // is inhibited. + if (!cert_has_any_policy || !any_policy_allowed) { + sk_X509_POLICY_NODE_delete_if(level->nodes, delete_if_not_in_policies, + policies); + level->has_any_policy = 0; + } + + // Step (d.1.ii) may attach new nodes to the previous level's anyPolicy + // node. + if (previous_level_has_any_policy) { + new_nodes = sk_X509_POLICY_NODE_new_null(); + if (new_nodes == NULL) { + goto err; + } + for (size_t i = 0; i < sk_POLICYINFO_num(policies); i++) { + const POLICYINFO *policy = sk_POLICYINFO_value(policies, i); + // Though we've reordered the steps slightly, |policy| is in |level| if + // and only if it would have been a match in step (d.1.ii). + if (!is_any_policy(policy->policyid) && + x509_policy_level_find(level, policy->policyid) == NULL) { + X509_POLICY_NODE *node = x509_policy_node_new(policy->policyid); + if (node == NULL || // + !sk_X509_POLICY_NODE_push(new_nodes, node)) { + x509_policy_node_free(node); + goto err; + } + } + } + if (!x509_policy_level_add_nodes(level, new_nodes)) { + goto err; + } } - } - ret = 1; + ret = 1; + } err: sk_X509_POLICY_NODE_pop_free(new_nodes, x509_policy_node_free); @@ -320,7 +328,7 @@ static int compare_subject_policy(const POLICY_MAPPING *const *a, } static int delete_if_mapped(X509_POLICY_NODE *node, void *data) { - const POLICY_MAPPINGS *mappings = data; + const POLICY_MAPPINGS *mappings = reinterpret_cast(data); // |mappings| must have been sorted by |compare_issuer_policy|. assert(sk_POLICY_MAPPING_is_sorted(mappings)); POLICY_MAPPING mapping; @@ -355,144 +363,147 @@ static X509_POLICY_LEVEL *process_policy_mappings(const X509 *cert, STACK_OF(X509_POLICY_NODE) *new_nodes = NULL; X509_POLICY_LEVEL *next = NULL; int critical; - POLICY_MAPPINGS *mappings = - X509_get_ext_d2i(cert, NID_policy_mappings, &critical, NULL); - if (mappings == NULL && critical != -1) { - // Syntax error in the policy mappings extension. - goto err; - } + POLICY_MAPPINGS *mappings = reinterpret_cast( + X509_get_ext_d2i(cert, NID_policy_mappings, &critical, NULL)); - if (mappings != NULL) { - // PolicyMappings may not be empty. See RFC 5280, section 4.2.1.5. - // TODO(https://crbug.com/boringssl/443): Move this check into the parser. - if (sk_POLICY_MAPPING_num(mappings) == 0) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); + { + if (mappings == NULL && critical != -1) { + // Syntax error in the policy mappings extension. goto err; } - // RFC 5280, section 6.1.4, step (a). - for (size_t i = 0; i < sk_POLICY_MAPPING_num(mappings); i++) { - POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i); - if (is_any_policy(mapping->issuerDomainPolicy) || - is_any_policy(mapping->subjectDomainPolicy)) { + if (mappings != NULL) { + // PolicyMappings may not be empty. See RFC 5280, section 4.2.1.5. + // TODO(https://crbug.com/boringssl/443): Move this check into the parser. + if (sk_POLICY_MAPPING_num(mappings) == 0) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); goto err; } - } - // Sort to group by issuerDomainPolicy. - sk_POLICY_MAPPING_set_cmp_func(mappings, compare_issuer_policy); - sk_POLICY_MAPPING_sort(mappings); - - if (mapping_allowed) { - // Mark nodes as mapped, and add any nodes to |level| which may be needed - // as part of RFC 5280, section 6.1.4, step (b.1). - new_nodes = sk_X509_POLICY_NODE_new_null(); - if (new_nodes == NULL) { - goto err; - } - const ASN1_OBJECT *last_policy = NULL; + // RFC 5280, section 6.1.4, step (a). for (size_t i = 0; i < sk_POLICY_MAPPING_num(mappings); i++) { - const POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i); - // There may be multiple mappings with the same |issuerDomainPolicy|. - if (last_policy != NULL && - OBJ_cmp(mapping->issuerDomainPolicy, last_policy) == 0) { - continue; + POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i); + if (is_any_policy(mapping->issuerDomainPolicy) || + is_any_policy(mapping->subjectDomainPolicy)) { + goto err; } - last_policy = mapping->issuerDomainPolicy; + } + + // Sort to group by issuerDomainPolicy. + sk_POLICY_MAPPING_set_cmp_func(mappings, compare_issuer_policy); + sk_POLICY_MAPPING_sort(mappings); - X509_POLICY_NODE *node = - x509_policy_level_find(level, mapping->issuerDomainPolicy); - if (node == NULL) { - if (!level->has_any_policy) { + if (mapping_allowed) { + // Mark nodes as mapped, and add any nodes to |level| which may be + // needed as part of RFC 5280, section 6.1.4, step (b.1). + new_nodes = sk_X509_POLICY_NODE_new_null(); + if (new_nodes == NULL) { + goto err; + } + const ASN1_OBJECT *last_policy = NULL; + for (size_t i = 0; i < sk_POLICY_MAPPING_num(mappings); i++) { + const POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i); + // There may be multiple mappings with the same |issuerDomainPolicy|. + if (last_policy != NULL && + OBJ_cmp(mapping->issuerDomainPolicy, last_policy) == 0) { continue; } - node = x509_policy_node_new(mapping->issuerDomainPolicy); - if (node == NULL || // - !sk_X509_POLICY_NODE_push(new_nodes, node)) { - x509_policy_node_free(node); - goto err; + last_policy = mapping->issuerDomainPolicy; + + X509_POLICY_NODE *node = + x509_policy_level_find(level, mapping->issuerDomainPolicy); + if (node == NULL) { + if (!level->has_any_policy) { + continue; + } + node = x509_policy_node_new(mapping->issuerDomainPolicy); + if (node == NULL || // + !sk_X509_POLICY_NODE_push(new_nodes, node)) { + x509_policy_node_free(node); + goto err; + } } + node->mapped = 1; } - node->mapped = 1; - } - if (!x509_policy_level_add_nodes(level, new_nodes)) { - goto err; + if (!x509_policy_level_add_nodes(level, new_nodes)) { + goto err; + } + } else { + // RFC 5280, section 6.1.4, step (b.2). If mapping is inhibited, delete + // all mapped nodes. + sk_X509_POLICY_NODE_delete_if(level->nodes, delete_if_mapped, mappings); + sk_POLICY_MAPPING_pop_free(mappings, POLICY_MAPPING_free); + mappings = NULL; } - } else { - // RFC 5280, section 6.1.4, step (b.2). If mapping is inhibited, delete - // all mapped nodes. - sk_X509_POLICY_NODE_delete_if(level->nodes, delete_if_mapped, mappings); - sk_POLICY_MAPPING_pop_free(mappings, POLICY_MAPPING_free); - mappings = NULL; } - } - // If a node was not mapped, it retains the original "explicit_policy_set" - // value, itself. Add those to |mappings|. - if (mappings == NULL) { - mappings = sk_POLICY_MAPPING_new_null(); + // If a node was not mapped, it retains the original "explicit_policy_set" + // value, itself. Add those to |mappings|. if (mappings == NULL) { - goto err; - } - } - for (size_t i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) { - X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(level->nodes, i); - if (!node->mapped) { - POLICY_MAPPING *mapping = POLICY_MAPPING_new(); - if (mapping == NULL) { + mappings = sk_POLICY_MAPPING_new_null(); + if (mappings == NULL) { goto err; } - mapping->issuerDomainPolicy = OBJ_dup(node->policy); - mapping->subjectDomainPolicy = OBJ_dup(node->policy); - if (mapping->issuerDomainPolicy == NULL || - mapping->subjectDomainPolicy == NULL || - !sk_POLICY_MAPPING_push(mappings, mapping)) { - POLICY_MAPPING_free(mapping); - goto err; + } + for (size_t i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) { + X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(level->nodes, i); + if (!node->mapped) { + POLICY_MAPPING *mapping = POLICY_MAPPING_new(); + if (mapping == NULL) { + goto err; + } + mapping->issuerDomainPolicy = OBJ_dup(node->policy); + mapping->subjectDomainPolicy = OBJ_dup(node->policy); + if (mapping->issuerDomainPolicy == NULL || + mapping->subjectDomainPolicy == NULL || + !sk_POLICY_MAPPING_push(mappings, mapping)) { + POLICY_MAPPING_free(mapping); + goto err; + } } } - } - // Sort to group by subjectDomainPolicy. - sk_POLICY_MAPPING_set_cmp_func(mappings, compare_subject_policy); - sk_POLICY_MAPPING_sort(mappings); + // Sort to group by subjectDomainPolicy. + sk_POLICY_MAPPING_set_cmp_func(mappings, compare_subject_policy); + sk_POLICY_MAPPING_sort(mappings); - // Convert |mappings| to our "expected_policy_set" representation. - next = x509_policy_level_new(); - if (next == NULL) { - goto err; - } - next->has_any_policy = level->has_any_policy; - - X509_POLICY_NODE *last_node = NULL; - for (size_t i = 0; i < sk_POLICY_MAPPING_num(mappings); i++) { - POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i); - // Skip mappings where |issuerDomainPolicy| does not appear in the graph. - if (!level->has_any_policy && - x509_policy_level_find(level, mapping->issuerDomainPolicy) == NULL) { - continue; + // Convert |mappings| to our "expected_policy_set" representation. + next = x509_policy_level_new(); + if (next == NULL) { + goto err; } + next->has_any_policy = level->has_any_policy; + + X509_POLICY_NODE *last_node = NULL; + for (size_t i = 0; i < sk_POLICY_MAPPING_num(mappings); i++) { + POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i); + // Skip mappings where |issuerDomainPolicy| does not appear in the graph. + if (!level->has_any_policy && + x509_policy_level_find(level, mapping->issuerDomainPolicy) == NULL) { + continue; + } - if (last_node == NULL || - OBJ_cmp(last_node->policy, mapping->subjectDomainPolicy) != 0) { - last_node = x509_policy_node_new(mapping->subjectDomainPolicy); if (last_node == NULL || - !sk_X509_POLICY_NODE_push(next->nodes, last_node)) { - x509_policy_node_free(last_node); + OBJ_cmp(last_node->policy, mapping->subjectDomainPolicy) != 0) { + last_node = x509_policy_node_new(mapping->subjectDomainPolicy); + if (last_node == NULL || + !sk_X509_POLICY_NODE_push(next->nodes, last_node)) { + x509_policy_node_free(last_node); + goto err; + } + } + + if (!sk_ASN1_OBJECT_push(last_node->parent_policies, + mapping->issuerDomainPolicy)) { goto err; } + mapping->issuerDomainPolicy = NULL; } - if (!sk_ASN1_OBJECT_push(last_node->parent_policies, - mapping->issuerDomainPolicy)) { - goto err; - } - mapping->issuerDomainPolicy = NULL; + sk_X509_POLICY_NODE_sort(next->nodes); + ok = 1; } - sk_X509_POLICY_NODE_sort(next->nodes); - ok = 1; - err: if (!ok) { x509_policy_level_free(next); @@ -535,8 +546,8 @@ static int process_policy_constraints(const X509 *x509, size_t *explicit_policy, size_t *policy_mapping, size_t *inhibit_any_policy) { int critical; - POLICY_CONSTRAINTS *constraints = - X509_get_ext_d2i(x509, NID_policy_constraints, &critical, NULL); + POLICY_CONSTRAINTS *constraints = reinterpret_cast( + X509_get_ext_d2i(x509, NID_policy_constraints, &critical, NULL)); if (constraints == NULL && critical != -1) { return 0; } @@ -558,8 +569,8 @@ static int process_policy_constraints(const X509 *x509, size_t *explicit_policy, } } - ASN1_INTEGER *inhibit_any_policy_ext = - X509_get_ext_d2i(x509, NID_inhibit_any_policy, &critical, NULL); + ASN1_INTEGER *inhibit_any_policy_ext = reinterpret_cast( + X509_get_ext_d2i(x509, NID_inhibit_any_policy, &critical, NULL)); if (inhibit_any_policy_ext == NULL && critical != -1) { return 0; } @@ -673,8 +684,7 @@ int X509_policy_check(const STACK_OF(X509) *certs, (flags & X509_V_FLAG_EXPLICIT_POLICY) ? 0 : num_certs + 1; size_t inhibit_any_policy = (flags & X509_V_FLAG_INHIBIT_ANY) ? 0 : num_certs + 1; - size_t policy_mapping = - (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : num_certs + 1; + size_t policy_mapping = (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : num_certs + 1; levels = sk_X509_POLICY_LEVEL_new_null(); if (levels == NULL) { diff --git a/Sources/CCryptoBoringSSL/crypto/x509/rsa_pss.c b/Sources/CCryptoBoringSSL/crypto/x509/rsa_pss.cc similarity index 86% rename from Sources/CCryptoBoringSSL/crypto/x509/rsa_pss.c rename to Sources/CCryptoBoringSSL/crypto/x509/rsa_pss.cc index 5c74fb5d..fc40fdf2 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/rsa_pss.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/rsa_pss.cc @@ -89,8 +89,7 @@ IMPLEMENT_ASN1_FUNCTIONS_const(RSA_PSS_PARAMS) // Given an MGF1 Algorithm ID decode to an Algorithm Identifier static X509_ALGOR *rsa_mgf1_decode(const X509_ALGOR *alg) { - if (OBJ_obj2nid(alg->algorithm) != NID_mgf1 || - alg->parameter == NULL || + if (OBJ_obj2nid(alg->algorithm) != NID_mgf1 || alg->parameter == NULL || alg->parameter->type != V_ASN1_SEQUENCE) { return NULL; } @@ -241,7 +240,8 @@ int x509_rsa_ctx_to_pss(EVP_MD_CTX *ctx, X509_ALGOR *algor) { goto err; } - if (!X509_ALGOR_set0(algor, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os)) { + if (!X509_ALGOR_set0(algor, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, + os)) { goto err; } os = NULL; @@ -260,51 +260,55 @@ int x509_rsa_pss_to_ctx(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg, // Decode PSS parameters int ret = 0; RSA_PSS_PARAMS *pss = rsa_pss_decode(sigalg); - if (pss == NULL) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); - goto err; - } - const EVP_MD *mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm); - const EVP_MD *md = rsa_algor_to_md(pss->hashAlgorithm); - if (mgf1md == NULL || md == NULL) { - goto err; - } + { + if (pss == NULL) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); + goto err; + } - // We require the MGF-1 and signing hashes to match. - if (mgf1md != md) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); - goto err; - } + const EVP_MD *mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm); + const EVP_MD *md = rsa_algor_to_md(pss->hashAlgorithm); + if (mgf1md == NULL || md == NULL) { + goto err; + } - // We require the salt length be the hash length. The DEFAULT value is 20, but - // this does not match any supported salt length. - uint64_t salt_len = 0; - if (pss->saltLength == NULL || - !ASN1_INTEGER_get_uint64(&salt_len, pss->saltLength) || - salt_len != EVP_MD_size(md)) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); - goto err; - } - assert(salt_len <= INT_MAX); + // We require the MGF-1 and signing hashes to match. + if (mgf1md != md) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); + goto err; + } - // The trailer field must be 1 (0xbc). This value is DEFAULT, so the structure - // is required to omit it in DER. Although a syntax error, we also tolerate an - // explicitly-encoded value. See the certificates in cl/362617931. - if (pss->trailerField != NULL && ASN1_INTEGER_get(pss->trailerField) != 1) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); - goto err; - } + // We require the salt length be the hash length. The DEFAULT value is 20, + // but this does not match any supported salt length. + uint64_t salt_len = 0; + if (pss->saltLength == NULL || + !ASN1_INTEGER_get_uint64(&salt_len, pss->saltLength) || + salt_len != EVP_MD_size(md)) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); + goto err; + } + assert(salt_len <= INT_MAX); + + // The trailer field must be 1 (0xbc). This value is DEFAULT, so the + // structure is required to omit it in DER. Although a syntax error, we also + // tolerate an explicitly-encoded value. See the certificates in + // cl/362617931. + if (pss->trailerField != NULL && ASN1_INTEGER_get(pss->trailerField) != 1) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); + goto err; + } - EVP_PKEY_CTX *pctx; - if (!EVP_DigestVerifyInit(ctx, &pctx, md, NULL, pkey) || - !EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || - !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, (int)salt_len) || - !EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, mgf1md)) { - goto err; - } + EVP_PKEY_CTX *pctx; + if (!EVP_DigestVerifyInit(ctx, &pctx, md, NULL, pkey) || + !EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || + !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, (int)salt_len) || + !EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, mgf1md)) { + goto err; + } - ret = 1; + ret = 1; + } err: RSA_PSS_PARAMS_free(pss); diff --git a/Sources/CCryptoBoringSSL/crypto/x509/t_crl.c b/Sources/CCryptoBoringSSL/crypto/x509/t_crl.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/t_crl.c rename to Sources/CCryptoBoringSSL/crypto/x509/t_crl.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/t_req.c b/Sources/CCryptoBoringSSL/crypto/x509/t_req.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/t_req.c rename to Sources/CCryptoBoringSSL/crypto/x509/t_req.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/t_x509.c b/Sources/CCryptoBoringSSL/crypto/x509/t_x509.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/t_x509.c rename to Sources/CCryptoBoringSSL/crypto/x509/t_x509.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/t_x509a.c b/Sources/CCryptoBoringSSL/crypto/x509/t_x509a.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/t_x509a.c rename to Sources/CCryptoBoringSSL/crypto/x509/t_x509a.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_akey.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_akey.cc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_akey.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_akey.cc index 8ad0aedc..eb0959d7 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_akey.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_akey.cc @@ -65,6 +65,7 @@ #include #include +#include "ext_dat.h" #include "internal.h" @@ -93,7 +94,8 @@ const X509V3_EXT_METHOD v3_akey_id = { static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID( const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *extlist) { - const AUTHORITY_KEYID *akeyid = ext; + const AUTHORITY_KEYID *akeyid = + reinterpret_cast(ext); int extlist_was_null = extlist == NULL; if (akeyid->keyid) { char *tmp = x509v3_bytes_to_hex(akeyid->keyid->data, akeyid->keyid->length); @@ -177,7 +179,7 @@ static void *v2i_AUTHORITY_KEYID(const X509V3_EXT_METHOD *method, j = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); const X509_EXTENSION *ext; if ((j >= 0) && (ext = X509_get_ext(cert, j))) { - ikeyid = X509V3_EXT_d2i(ext); + ikeyid = reinterpret_cast(X509V3_EXT_d2i(ext)); } if (keyid == 2 && !ikeyid) { OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_akeya.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_akeya.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_akeya.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_akeya.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_alt.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_alt.cc similarity index 99% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_alt.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_alt.cc index fc05416a..6bb43dc2 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_alt.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_alt.cc @@ -63,6 +63,7 @@ #include #include +#include "ext_dat.h" #include "internal.h" @@ -81,7 +82,7 @@ static int do_dirname(GENERAL_NAME *gen, const char *value, static STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES_cb( const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *ret) { - return i2v_GENERAL_NAMES(method, ext, ret); + return i2v_GENERAL_NAMES(method, reinterpret_cast(ext), ret); } const X509V3_EXT_METHOD v3_alt[] = { @@ -314,7 +315,7 @@ static int copy_issuer(const X509V3_CTX *ctx, GENERAL_NAMES *gens) { GENERAL_NAMES *ialt = NULL; X509_EXTENSION *ext; if (!(ext = X509_get_ext(ctx->issuer_cert, i)) || - !(ialt = X509V3_EXT_d2i(ext))) { + !(ialt = reinterpret_cast(X509V3_EXT_d2i(ext)))) { OPENSSL_PUT_ERROR(X509V3, X509V3_R_ISSUER_DECODE_ERROR); goto err; } @@ -608,11 +609,11 @@ static int do_othername(GENERAL_NAME *gen, const char *value, static int do_dirname(GENERAL_NAME *gen, const char *value, const X509V3_CTX *ctx) { int ret = 0; + const STACK_OF(CONF_VALUE) *sk = X509V3_get_section(ctx, value); X509_NAME *nm = X509_NAME_new(); if (nm == NULL) { goto err; } - const STACK_OF(CONF_VALUE) *sk = X509V3_get_section(ctx, value); if (sk == NULL) { OPENSSL_PUT_ERROR(X509V3, X509V3_R_SECTION_NOT_FOUND); ERR_add_error_data(2, "section=", value); diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_bcons.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_bcons.cc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_bcons.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_bcons.cc index 57c40892..8c8d846b 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_bcons.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_bcons.cc @@ -64,6 +64,7 @@ #include #include +#include "ext_dat.h" #include "internal.h" @@ -99,7 +100,8 @@ IMPLEMENT_ASN1_FUNCTIONS_const(BASIC_CONSTRAINTS) static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS( const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *extlist) { - const BASIC_CONSTRAINTS *bcons = ext; + const BASIC_CONSTRAINTS *bcons = + reinterpret_cast(ext); X509V3_add_value_bool("CA", bcons->ca, &extlist); X509V3_add_value_int("pathlen", bcons->pathlen, &extlist); return extlist; diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_bitst.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_bitst.cc similarity index 94% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_bitst.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_bitst.cc index 1d1f16c4..cf4ec9ba 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_bitst.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_bitst.cc @@ -62,6 +62,7 @@ #include #include +#include "ext_dat.h" #include "internal.h" @@ -90,9 +91,10 @@ static const BIT_STRING_BITNAME key_usage_type_table[] = { static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING( const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *ret) { - const ASN1_BIT_STRING *bits = ext; + const ASN1_BIT_STRING *bits = reinterpret_cast(ext); const BIT_STRING_BITNAME *bnam; - for (bnam = method->usr_data; bnam->lname; bnam++) { + for (bnam = reinterpret_cast(method->usr_data); + bnam->lname; bnam++) { if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) { X509V3_add_value(bnam->lname, NULL, &ret); } @@ -110,7 +112,8 @@ static void *v2i_ASN1_BIT_STRING(const X509V3_EXT_METHOD *method, for (size_t i = 0; i < sk_CONF_VALUE_num(nval); i++) { const CONF_VALUE *val = sk_CONF_VALUE_value(nval, i); const BIT_STRING_BITNAME *bnam; - for (bnam = method->usr_data; bnam->lname; bnam++) { + for (bnam = reinterpret_cast(method->usr_data); + bnam->lname; bnam++) { if (!strcmp(bnam->sname, val->name) || !strcmp(bnam->lname, val->name)) { if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { ASN1_BIT_STRING_free(bs); diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_conf.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_conf.cc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_conf.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_conf.cc index 2746dec5..311417a0 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_conf.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_conf.cc @@ -190,7 +190,8 @@ static X509_EXTENSION *do_ext_nconf(const CONF *conf, const X509V3_CTX *ctx, } ext = do_ext_i2d(method, ext_nid, crit, ext_struc); - ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); + ASN1_item_free(reinterpret_cast(ext_struc), + ASN1_ITEM_ptr(method->it)); return ext; } @@ -198,7 +199,8 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc) { // Convert the extension's internal representation to DER. unsigned char *ext_der = NULL; - int ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); + int ext_len = ASN1_item_i2d(reinterpret_cast(ext_struc), + &ext_der, ASN1_ITEM_ptr(method->it)); if (ext_len < 0) { return NULL; } @@ -401,9 +403,7 @@ const STACK_OF(CONF_VALUE) *X509V3_get_section(const X509V3_CTX *ctx, return NCONF_get_section(ctx->db, section); } -void X509V3_set_nconf(X509V3_CTX *ctx, const CONF *conf) { - ctx->db = conf; -} +void X509V3_set_nconf(X509V3_CTX *ctx, const CONF *conf) { ctx->db = conf; } void X509V3_set_ctx(X509V3_CTX *ctx, const X509 *issuer, const X509 *subj, const X509_REQ *req, const X509_CRL *crl, int flags) { diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_cpols.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_cpols.cc similarity index 90% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_cpols.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_cpols.cc index ffc8a697..ef64272f 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_cpols.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_cpols.cc @@ -68,6 +68,7 @@ #include #include +#include "ext_dat.h" #include "internal.h" // Certificate policies extension support: this one is a bit complex... @@ -161,56 +162,60 @@ static void *r2i_certpol(const X509V3_EXT_METHOD *method, const X509V3_CTX *ctx, return NULL; } STACK_OF(CONF_VALUE) *vals = X509V3_parse_list(value); - if (vals == NULL) { - OPENSSL_PUT_ERROR(X509V3, ERR_R_X509V3_LIB); - goto err; - } - int ia5org = 0; - for (size_t i = 0; i < sk_CONF_VALUE_num(vals); i++) { - const CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i); - if (cnf->value || !cnf->name) { - OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_POLICY_IDENTIFIER); - X509V3_conf_err(cnf); + + { + if (vals == NULL) { + OPENSSL_PUT_ERROR(X509V3, ERR_R_X509V3_LIB); goto err; } - POLICYINFO *pol; - const char *pstr = cnf->name; - if (!strcmp(pstr, "ia5org")) { - ia5org = 1; - continue; - } else if (*pstr == '@') { - const STACK_OF(CONF_VALUE) *polsect = X509V3_get_section(ctx, pstr + 1); - if (!polsect) { - OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_SECTION); - + int ia5org = 0; + for (size_t i = 0; i < sk_CONF_VALUE_num(vals); i++) { + const CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i); + if (cnf->value || !cnf->name) { + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_POLICY_IDENTIFIER); X509V3_conf_err(cnf); goto err; } - pol = policy_section(ctx, polsect, ia5org); - if (!pol) { - goto err; - } - } else { - ASN1_OBJECT *pobj = OBJ_txt2obj(cnf->name, 0); - if (pobj == NULL) { - OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER); - X509V3_conf_err(cnf); - goto err; + POLICYINFO *pol; + const char *pstr = cnf->name; + if (!strcmp(pstr, "ia5org")) { + ia5org = 1; + continue; + } else if (*pstr == '@') { + const STACK_OF(CONF_VALUE) *polsect = X509V3_get_section(ctx, pstr + 1); + if (!polsect) { + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_SECTION); + + X509V3_conf_err(cnf); + goto err; + } + pol = policy_section(ctx, polsect, ia5org); + if (!pol) { + goto err; + } + } else { + ASN1_OBJECT *pobj = OBJ_txt2obj(cnf->name, 0); + if (pobj == NULL) { + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(cnf); + goto err; + } + pol = POLICYINFO_new(); + if (pol == NULL) { + ASN1_OBJECT_free(pobj); + goto err; + } + pol->policyid = pobj; } - pol = POLICYINFO_new(); - if (pol == NULL) { - ASN1_OBJECT_free(pobj); + if (!sk_POLICYINFO_push(pols, pol)) { + POLICYINFO_free(pol); goto err; } - pol->policyid = pobj; - } - if (!sk_POLICYINFO_push(pols, pol)) { - POLICYINFO_free(pol); - goto err; } + sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); + return pols; } - sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); - return pols; + err: sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); sk_POLICYINFO_pop_free(pols, POLICYINFO_free); @@ -408,7 +413,8 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, static int i2r_certpol(const X509V3_EXT_METHOD *method, void *ext, BIO *out, int indent) { - const STACK_OF(POLICYINFO) *pol = ext; + const STACK_OF(POLICYINFO) *pol = + reinterpret_cast(ext); // First print out the policy OIDs for (size_t i = 0; i < sk_POLICYINFO_num(pol); i++) { const POLICYINFO *pinfo = sk_POLICYINFO_value(pol, i); diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_crld.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_crld.cc similarity index 99% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_crld.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_crld.cc index e9d5e8cc..13319dad 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_crld.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_crld.cc @@ -65,6 +65,7 @@ #include #include +#include "ext_dat.h" #include "internal.h" @@ -518,7 +519,7 @@ static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent) { static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent) { - ISSUING_DIST_POINT *idp = pidp; + ISSUING_DIST_POINT *idp = reinterpret_cast(pidp); if (idp->distpoint) { print_distpoint(out, idp->distpoint, indent); } @@ -548,7 +549,7 @@ static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, int indent) { - STACK_OF(DIST_POINT) *crld = pcrldp; + STACK_OF(DIST_POINT) *crld = reinterpret_cast(pcrldp); DIST_POINT *point; size_t i; for (i = 0; i < sk_DIST_POINT_num(crld); i++) { diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_enum.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_enum.cc similarity index 94% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_enum.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_enum.cc index b34ce83d..45af1981 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_enum.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_enum.cc @@ -61,6 +61,7 @@ #include #include +#include "ext_dat.h" #include "internal.h" @@ -84,9 +85,11 @@ static const ENUMERATED_NAMES crl_reasons[] = { static char *i2s_ASN1_ENUMERATED_TABLE(const X509V3_EXT_METHOD *method, void *ext) { - const ASN1_ENUMERATED *e = ext; + const ASN1_ENUMERATED *e = reinterpret_cast(ext); long strval = ASN1_ENUMERATED_get(e); - for (const ENUMERATED_NAMES *enam = method->usr_data; enam->lname; enam++) { + for (const ENUMERATED_NAMES *enam = + reinterpret_cast(method->usr_data); + enam->lname; enam++) { if (strval == enam->bitnum) { return OPENSSL_strdup(enam->lname); } diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_extku.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_extku.cc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_extku.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_extku.cc index 3664a370..9ae679ed 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_extku.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_extku.cc @@ -62,6 +62,7 @@ #include #include +#include "ext_dat.h" #include "internal.h" @@ -114,7 +115,8 @@ IMPLEMENT_ASN1_FUNCTIONS_const(EXTENDED_KEY_USAGE) static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE( const X509V3_EXT_METHOD *method, void *a, STACK_OF(CONF_VALUE) *ext_list) { - const EXTENDED_KEY_USAGE *eku = a; + const EXTENDED_KEY_USAGE *eku = + reinterpret_cast(a); for (size_t i = 0; i < sk_ASN1_OBJECT_num(eku); i++) { const ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(eku, i); char obj_tmp[80]; diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_genn.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_genn.cc similarity index 94% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_genn.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_genn.cc index bd267710..af7a5abb 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_genn.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_genn.cc @@ -176,33 +176,33 @@ int GENERAL_NAME_cmp(const GENERAL_NAME *a, const GENERAL_NAME *b) { void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value) { switch (type) { case GEN_X400: - a->d.x400Address = value; + a->d.x400Address = reinterpret_cast(value); break; case GEN_EDIPARTY: - a->d.ediPartyName = value; + a->d.ediPartyName = reinterpret_cast(value); break; case GEN_OTHERNAME: - a->d.otherName = value; + a->d.otherName = reinterpret_cast(value); break; case GEN_EMAIL: case GEN_DNS: case GEN_URI: - a->d.ia5 = value; + a->d.ia5 = reinterpret_cast(value); break; case GEN_DIRNAME: - a->d.dirn = value; + a->d.dirn = reinterpret_cast(value); break; case GEN_IPADD: - a->d.ip = value; + a->d.ip = reinterpret_cast(value); break; case GEN_RID: - a->d.rid = value; + a->d.rid = reinterpret_cast(value); break; } a->type = type; diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_ia5.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_ia5.cc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_ia5.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_ia5.cc index 0d407139..7e5f0efa 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_ia5.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_ia5.cc @@ -67,15 +67,16 @@ #include #include "../internal.h" +#include "ext_dat.h" static char *i2s_ASN1_IA5STRING(const X509V3_EXT_METHOD *method, void *ext) { - const ASN1_IA5STRING *ia5 = ext; + const ASN1_IA5STRING *ia5 = reinterpret_cast(ext); char *tmp; if (!ia5 || !ia5->length) { return NULL; } - if (!(tmp = OPENSSL_malloc(ia5->length + 1))) { + if (!(tmp = reinterpret_cast(OPENSSL_malloc(ia5->length + 1)))) { return NULL; } OPENSSL_memcpy(tmp, ia5->data, ia5->length); diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_info.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_info.cc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_info.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_info.cc index adbb5693..cbba63e8 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_info.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_info.cc @@ -67,6 +67,7 @@ #include #include +#include "ext_dat.h" #include "internal.h" @@ -125,7 +126,8 @@ IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS( const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *ret) { - const AUTHORITY_INFO_ACCESS *ainfo = ext; + const AUTHORITY_INFO_ACCESS *ainfo = + reinterpret_cast(ext); ACCESS_DESCRIPTION *desc; int nlen; char objtmp[80], *ntmp; @@ -144,7 +146,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS( vtmp = sk_CONF_VALUE_value(tret, i); i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); nlen = strlen(objtmp) + strlen(vtmp->name) + 5; - ntmp = OPENSSL_malloc(nlen); + ntmp = reinterpret_cast(OPENSSL_malloc(nlen)); if (ntmp == NULL) { goto err; } diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_int.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_int.cc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_int.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_int.cc index 1ebab15f..5f1e6ca5 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_int.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_int.cc @@ -59,9 +59,11 @@ #include #include +#include "ext_dat.h" + static char *i2s_ASN1_INTEGER_cb(const X509V3_EXT_METHOD *method, void *ext) { - return i2s_ASN1_INTEGER(method, ext); + return i2s_ASN1_INTEGER(method, reinterpret_cast(ext)); } static void *s2i_asn1_int(const X509V3_EXT_METHOD *meth, const X509V3_CTX *ctx, diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_lib.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_lib.cc similarity index 95% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_lib.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_lib.cc index f63b2379..9d793907 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_lib.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_lib.cc @@ -109,8 +109,9 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) { return NULL; } tmp.ext_nid = nid; - ret = bsearch(&t, standard_exts, STANDARD_EXTENSION_COUNT, - sizeof(X509V3_EXT_METHOD *), ext_cmp); + ret = reinterpret_cast( + bsearch(&t, standard_exts, STANDARD_EXTENSION_COUNT, + sizeof(X509V3_EXT_METHOD *), ext_cmp)); if (ret) { return *ret; } @@ -139,12 +140,13 @@ int X509V3_EXT_free(int nid, void *ext_data) { return 0; } - ASN1_item_free(ext_data, ASN1_ITEM_ptr(ext_method->it)); + ASN1_item_free(reinterpret_cast(ext_data), + ASN1_ITEM_ptr(ext_method->it)); return 1; } int X509V3_EXT_add_alias(int nid_to, int nid_from) { -OPENSSL_BEGIN_ALLOW_DEPRECATED + OPENSSL_BEGIN_ALLOW_DEPRECATED const X509V3_EXT_METHOD *ext; X509V3_EXT_METHOD *tmpext; @@ -163,7 +165,7 @@ OPENSSL_BEGIN_ALLOW_DEPRECATED return 0; } return 1; -OPENSSL_END_ALLOW_DEPRECATED + OPENSSL_END_ALLOW_DEPRECATED } // Legacy function: we don't need to add standard extensions any more because @@ -188,7 +190,8 @@ void *X509V3_EXT_d2i(const X509_EXTENSION *ext) { } // Check for trailing data. if (p != ext->value->data + ext->value->length) { - ASN1_item_free(ret, ASN1_ITEM_ptr(method->it)); + ASN1_item_free(reinterpret_cast(ret), + ASN1_ITEM_ptr(method->it)); OPENSSL_PUT_ERROR(X509V3, X509V3_R_TRAILING_DATA_IN_EXTENSION); return NULL; } diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_ncons.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_ncons.cc similarity index 99% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_ncons.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_ncons.cc index 0b96a5c5..46df627a 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_ncons.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_ncons.cc @@ -65,6 +65,7 @@ #include #include "../internal.h" +#include "ext_dat.h" #include "internal.h" @@ -166,7 +167,7 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, BIO *bp, int ind) { - NAME_CONSTRAINTS *ncons = a; + NAME_CONSTRAINTS *ncons = reinterpret_cast(a); do_i2r_name_constraints(method, ncons->permittedSubtrees, bp, ind, "Permitted"); do_i2r_name_constraints(method, ncons->excludedSubtrees, bp, ind, "Excluded"); diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_ocsp.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_ocsp.cc similarity index 94% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_ocsp.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_ocsp.cc index 7391c188..5048e96d 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_ocsp.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_ocsp.cc @@ -13,6 +13,8 @@ #include #include +#include "ext_dat.h" + // OCSP extensions and a couple of CRL entry extensions static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, @@ -62,7 +64,8 @@ static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, if (BIO_printf(bp, "%*s", ind, "") <= 0) { return 0; } - if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) { + if (!ASN1_GENERALIZEDTIME_print( + bp, reinterpret_cast(cutoff))) { return 0; } return 1; diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_pcons.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_pcons.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_pcons.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_pcons.cc index 27d4687f..74f1ab82 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_pcons.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_pcons.cc @@ -64,6 +64,7 @@ #include #include +#include "ext_dat.h" #include "internal.h" @@ -99,7 +100,7 @@ IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS( const X509V3_EXT_METHOD *method, void *a, STACK_OF(CONF_VALUE) *extlist) { - const POLICY_CONSTRAINTS *pcons = a; + const POLICY_CONSTRAINTS *pcons = reinterpret_cast(a); X509V3_add_value_int("Require Explicit Policy", pcons->requireExplicitPolicy, &extlist); X509V3_add_value_int("Inhibit Policy Mapping", pcons->inhibitPolicyMapping, diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_pmaps.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_pmaps.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_pmaps.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_pmaps.cc index 47a5f141..624e07a8 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_pmaps.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_pmaps.cc @@ -62,6 +62,7 @@ #include #include +#include "ext_dat.h" #include "internal.h" @@ -101,7 +102,7 @@ IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS( const X509V3_EXT_METHOD *method, void *a, STACK_OF(CONF_VALUE) *ext_list) { - const POLICY_MAPPINGS *pmaps = a; + const POLICY_MAPPINGS *pmaps = reinterpret_cast(a); for (size_t i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) { const POLICY_MAPPING *pmap = sk_POLICY_MAPPING_value(pmaps, i); char obj_tmp1[80], obj_tmp2[80]; diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_prn.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_prn.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_prn.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_prn.cc index e4ea256f..16ea12ab 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_prn.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_prn.cc @@ -144,7 +144,8 @@ int X509V3_EXT_print(BIO *out, const X509_EXTENSION *ext, unsigned long flag, err: sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); OPENSSL_free(value); - ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it)); + ASN1_item_free(reinterpret_cast(ext_str), + ASN1_ITEM_ptr(method->it)); return ok; } diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_purp.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_purp.cc similarity index 95% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_purp.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_purp.cc index 90317e10..756edbbb 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_purp.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_purp.cc @@ -203,7 +203,8 @@ static int setup_dp(X509 *x, DIST_POINT *dp) { static int setup_crldp(X509 *x) { int j; - x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, &j, NULL); + x->crldp = reinterpret_cast( + X509_get_ext_d2i(x, NID_crl_distribution_points, &j, NULL)); if (x->crldp == NULL && j != -1) { return 0; } @@ -244,7 +245,8 @@ int x509v3_cache_extensions(X509 *x) { x->ex_flags |= EXFLAG_V1; } // Handle basic constraints - if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &j, NULL))) { + if ((bs = reinterpret_cast( + X509_get_ext_d2i(x, NID_basic_constraints, &j, NULL)))) { if (bs->ca) { x->ex_flags |= EXFLAG_CA; } @@ -269,7 +271,8 @@ int x509v3_cache_extensions(X509 *x) { x->ex_flags |= EXFLAG_INVALID; } // Handle key usage - if ((usage = X509_get_ext_d2i(x, NID_key_usage, &j, NULL))) { + if ((usage = reinterpret_cast( + X509_get_ext_d2i(x, NID_key_usage, &j, NULL)))) { if (usage->length > 0) { x->ex_kusage = usage->data[0]; if (usage->length > 1) { @@ -284,7 +287,8 @@ int x509v3_cache_extensions(X509 *x) { x->ex_flags |= EXFLAG_INVALID; } x->ex_xkusage = 0; - if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, &j, NULL))) { + if ((extusage = reinterpret_cast( + X509_get_ext_d2i(x, NID_ext_key_usage, &j, NULL)))) { x->ex_flags |= EXFLAG_XKUSAGE; for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) { @@ -331,11 +335,13 @@ int x509v3_cache_extensions(X509 *x) { x->ex_flags |= EXFLAG_INVALID; } - x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, &j, NULL); + x->skid = reinterpret_cast( + X509_get_ext_d2i(x, NID_subject_key_identifier, &j, NULL)); if (x->skid == NULL && j != -1) { x->ex_flags |= EXFLAG_INVALID; } - x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, &j, NULL); + x->akid = reinterpret_cast( + X509_get_ext_d2i(x, NID_authority_key_identifier, &j, NULL)); if (x->akid == NULL && j != -1) { x->ex_flags |= EXFLAG_INVALID; } @@ -348,11 +354,13 @@ int x509v3_cache_extensions(X509 *x) { x->ex_flags |= EXFLAG_SS; } } - x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &j, NULL); + x->altname = reinterpret_cast( + X509_get_ext_d2i(x, NID_subject_alt_name, &j, NULL)); if (x->altname == NULL && j != -1) { x->ex_flags |= EXFLAG_INVALID; } - x->nc = X509_get_ext_d2i(x, NID_name_constraints, &j, NULL); + x->nc = reinterpret_cast( + X509_get_ext_d2i(x, NID_name_constraints, &j, NULL)); if (x->nc == NULL && j != -1) { x->ex_flags |= EXFLAG_INVALID; } diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_skey.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_skey.cc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_skey.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_skey.cc index 1f9f82fc..1495ee15 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_skey.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_skey.cc @@ -60,10 +60,11 @@ #include #include -#include #include +#include #include +#include "ext_dat.h" #include "internal.h" @@ -77,6 +78,7 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(const X509V3_EXT_METHOD *method, const char *str) { size_t len; uint8_t *data = x509v3_hex_to_bytes(str, &len); + ASN1_OCTET_STRING *oct; if (data == NULL) { return NULL; } @@ -85,7 +87,7 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(const X509V3_EXT_METHOD *method, goto err; } - ASN1_OCTET_STRING *oct = ASN1_OCTET_STRING_new(); + oct = ASN1_OCTET_STRING_new(); if (oct == NULL) { goto err; } @@ -99,7 +101,8 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(const X509V3_EXT_METHOD *method, static char *i2s_ASN1_OCTET_STRING_cb(const X509V3_EXT_METHOD *method, void *ext) { - return i2s_ASN1_OCTET_STRING(method, ext); + return i2s_ASN1_OCTET_STRING(method, + reinterpret_cast(ext)); } static void *s2i_skey_id(const X509V3_EXT_METHOD *method, const X509V3_CTX *ctx, diff --git a/Sources/CCryptoBoringSSL/crypto/x509/v3_utl.c b/Sources/CCryptoBoringSSL/crypto/x509/v3_utl.cc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/x509/v3_utl.c rename to Sources/CCryptoBoringSSL/crypto/x509/v3_utl.cc index 7da46d17..b43b3a15 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/v3_utl.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/v3_utl.cc @@ -182,7 +182,7 @@ static char *bignum_to_string(const BIGNUM *bn) { } len = strlen(tmp) + 3; - ret = OPENSSL_malloc(len); + ret = reinterpret_cast(OPENSSL_malloc(len)); if (ret == NULL) { OPENSSL_free(tmp); return NULL; @@ -502,7 +502,8 @@ unsigned char *x509v3_hex_to_bytes(const char *str, size_t *len) { OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_ARGUMENT); return NULL; } - if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) { + if (!(hexbuf = + reinterpret_cast(OPENSSL_malloc(strlen(str) >> 1)))) { goto err; } for (p = (unsigned char *)str, q = hexbuf; *p;) { @@ -559,7 +560,8 @@ STACK_OF(OPENSSL_STRING) *X509_get1_email(const X509 *x) { GENERAL_NAMES *gens; STACK_OF(OPENSSL_STRING) *ret; - gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); + gens = reinterpret_cast( + X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL)); ret = get_email(X509_get_subject_name(x), gens); sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); return ret; @@ -570,7 +572,8 @@ STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(const X509 *x) { STACK_OF(OPENSSL_STRING) *ret = NULL; size_t i; - info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); + info = reinterpret_cast( + X509_get_ext_d2i(x, NID_info_access, NULL, NULL)); if (!info) { return NULL; } @@ -594,7 +597,8 @@ STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(const X509_REQ *x) { STACK_OF(OPENSSL_STRING) *ret; exts = X509_REQ_get_extensions(x); - gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); + gens = reinterpret_cast( + X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL)); ret = get_email(X509_REQ_get_subject_name(x), gens); sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); @@ -995,7 +999,8 @@ static int do_x509_check(const X509 *x, const char *chk, size_t chklen, equal = equal_case; } - GENERAL_NAMES *gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); + GENERAL_NAMES *gens = reinterpret_cast( + X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL)); if (gens) { for (size_t i = 0; i < sk_GENERAL_NAME_num(gens); i++) { const GENERAL_NAME *gen = sk_GENERAL_NAME_value(gens, i); @@ -1112,7 +1117,8 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) { unsigned char ipout[32]; char *iptmp = NULL, *p; int iplen1, iplen2; - p = strchr(ipasc, '/'); + // FIXME: yes, this function takes a const pointer and writes to it! + p = const_cast(strchr(ipasc, '/')); if (!p) { return NULL; } @@ -1293,7 +1299,7 @@ static int ipv6_from_asc(uint8_t v6[16], const char *in) { } static int ipv6_cb(const char *elem, size_t len, void *usr) { - IPV6_STAT *s = usr; + IPV6_STAT *s = reinterpret_cast(usr); // Error if 16 bytes written if (s->total == 16) { return 0; diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509.c b/Sources/CCryptoBoringSSL/crypto/x509/x509.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x509.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509_att.c b/Sources/CCryptoBoringSSL/crypto/x509/x509_att.cc similarity index 97% rename from Sources/CCryptoBoringSSL/crypto/x509/x509_att.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509_att.cc index 8be19409..0b63f774 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/x509_att.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/x509_att.cc @@ -157,8 +157,9 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, // |data| is an encoded string. We must decode and re-encode it to |attr|'s // preferred ASN.1 type. Note |len| may be -1, in which case // |ASN1_STRING_set_by_NID| calls |strlen| automatically. - ASN1_STRING *str = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, - OBJ_obj2nid(attr->object)); + ASN1_STRING *str = + ASN1_STRING_set_by_NID(NULL, reinterpret_cast(data), + len, attrtype, OBJ_obj2nid(attr->object)); if (str == NULL) { OPENSSL_PUT_ERROR(X509, ERR_R_ASN1_LIB); goto err; diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509_cmp.c b/Sources/CCryptoBoringSSL/crypto/x509/x509_cmp.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x509_cmp.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509_cmp.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509_d2.c b/Sources/CCryptoBoringSSL/crypto/x509/x509_d2.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x509_d2.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509_d2.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509_def.c b/Sources/CCryptoBoringSSL/crypto/x509/x509_def.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x509_def.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509_def.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509_ext.c b/Sources/CCryptoBoringSSL/crypto/x509/x509_ext.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x509_ext.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509_ext.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509_lu.c b/Sources/CCryptoBoringSSL/crypto/x509/x509_lu.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/x509/x509_lu.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509_lu.cc index 29c22d83..3217d196 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/x509_lu.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/x509_lu.cc @@ -80,7 +80,8 @@ static int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, static X509_LOOKUP *X509_LOOKUP_new(const X509_LOOKUP_METHOD *method, X509_STORE *store) { - X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(X509_LOOKUP)); + X509_LOOKUP *ret = + reinterpret_cast(OPENSSL_zalloc(sizeof(X509_LOOKUP))); if (ret == NULL) { return NULL; } @@ -150,7 +151,8 @@ static int x509_object_cmp_sk(const X509_OBJECT *const *a, } X509_STORE *X509_STORE_new(void) { - X509_STORE *ret = OPENSSL_zalloc(sizeof(X509_STORE)); + X509_STORE *ret = + reinterpret_cast(OPENSSL_zalloc(sizeof(X509_STORE))); if (ret == NULL) { return NULL; } @@ -160,8 +162,7 @@ X509_STORE *X509_STORE_new(void) { ret->objs = sk_X509_OBJECT_new(x509_object_cmp_sk); ret->get_cert_methods = sk_X509_LOOKUP_new_null(); ret->param = X509_VERIFY_PARAM_new(); - if (ret->objs == NULL || - ret->get_cert_methods == NULL || + if (ret->objs == NULL || ret->get_cert_methods == NULL || ret->param == NULL) { X509_STORE_free(ret); return NULL; @@ -284,7 +285,7 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) { } X509_OBJECT *X509_OBJECT_new(void) { - return OPENSSL_zalloc(sizeof(X509_OBJECT)); + return reinterpret_cast(OPENSSL_zalloc(sizeof(X509_OBJECT))); } void X509_OBJECT_free(X509_OBJECT *obj) { diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509_obj.c b/Sources/CCryptoBoringSSL/crypto/x509/x509_obj.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x509_obj.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509_obj.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509_req.c b/Sources/CCryptoBoringSSL/crypto/x509/x509_req.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x509_req.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509_req.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509_set.c b/Sources/CCryptoBoringSSL/crypto/x509/x509_set.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x509_set.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509_set.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509_trs.c b/Sources/CCryptoBoringSSL/crypto/x509/x509_trs.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x509_trs.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509_trs.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509_txt.c b/Sources/CCryptoBoringSSL/crypto/x509/x509_txt.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x509_txt.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509_txt.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509_v3.c b/Sources/CCryptoBoringSSL/crypto/x509/x509_v3.cc similarity index 99% rename from Sources/CCryptoBoringSSL/crypto/x509/x509_v3.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509_v3.cc index 66a3cab4..0426c453 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/x509_v3.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/x509_v3.cc @@ -143,7 +143,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, const X509_EXTENSION *ex, int loc) { X509_EXTENSION *new_ex = NULL; STACK_OF(X509_EXTENSION) *sk = NULL; - int free_sk = 0; + int free_sk = 0, n; if (x == NULL) { OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER); @@ -159,7 +159,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, sk = *x; } - int n = (int)sk_X509_EXTENSION_num(sk); + n = (int)sk_X509_EXTENSION_num(sk); if (loc > n) { loc = n; } else if (loc < 0) { diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509_vfy.c b/Sources/CCryptoBoringSSL/crypto/x509/x509_vfy.cc similarity index 83% rename from Sources/CCryptoBoringSSL/crypto/x509/x509_vfy.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509_vfy.cc index 20f26aa3..ff76db30 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/x509_vfy.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/x509_vfy.cc @@ -180,261 +180,265 @@ int X509_verify_cert(X509_STORE_CTX *ctx) { int j, retry, trust; STACK_OF(X509) *sktmp = NULL; - if (ctx->cert == NULL) { - OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); - ctx->error = X509_V_ERR_INVALID_CALL; - return 0; - } - - if (ctx->chain != NULL) { - // This X509_STORE_CTX has already been used to verify a cert. We - // cannot do another one. - OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - ctx->error = X509_V_ERR_INVALID_CALL; - return 0; - } - - if (ctx->param->flags & - (X509_V_FLAG_EXTENDED_CRL_SUPPORT | X509_V_FLAG_USE_DELTAS)) { - // We do not support indirect or delta CRLs. The flags still exist for - // compatibility with bindings libraries, but to ensure we do not - // inadvertently skip a CRL check that the caller expects, fail closed. - OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - ctx->error = X509_V_ERR_INVALID_CALL; - return 0; - } - - // first we make sure the chain we are going to build is present and that - // the first entry is in place - ctx->chain = sk_X509_new_null(); - if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) { - ctx->error = X509_V_ERR_OUT_OF_MEM; - goto end; - } - X509_up_ref(ctx->cert); - ctx->last_untrusted = 1; - - // We use a temporary STACK so we can chop and hack at it. - if (ctx->untrusted != NULL && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { - ctx->error = X509_V_ERR_OUT_OF_MEM; - goto end; - } - - int num = (int)sk_X509_num(ctx->chain); - X509 *x = sk_X509_value(ctx->chain, num - 1); - // |param->depth| does not include the leaf certificate or the trust anchor, - // so the maximum size is 2 more. - int max_chain = param->depth >= INT_MAX - 2 ? INT_MAX : param->depth + 2; - - for (;;) { - if (num >= max_chain) { - // FIXME: If this happens, we should take note of it and, if appropriate, - // use the X509_V_ERR_CERT_CHAIN_TOO_LONG error code later. - break; + { + if (ctx->cert == NULL) { + OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); + ctx->error = X509_V_ERR_INVALID_CALL; + return 0; } - int is_self_signed; - if (!cert_self_signed(x, &is_self_signed)) { - ctx->error = X509_V_ERR_INVALID_EXTENSION; - goto end; + if (ctx->chain != NULL) { + // This X509_STORE_CTX has already been used to verify a cert. We + // cannot do another one. + OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ctx->error = X509_V_ERR_INVALID_CALL; + return 0; } - // If we are self signed, we break - if (is_self_signed) { - break; - } - // If asked see if we can find issuer in trusted store first - if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { - X509 *issuer = get_trusted_issuer(ctx, x); - if (issuer != NULL) { - // Free the certificate. It will be picked up again later. - X509_free(issuer); - break; - } + if (ctx->param->flags & + (X509_V_FLAG_EXTENDED_CRL_SUPPORT | X509_V_FLAG_USE_DELTAS)) { + // We do not support indirect or delta CRLs. The flags still exist for + // compatibility with bindings libraries, but to ensure we do not + // inadvertently skip a CRL check that the caller expects, fail closed. + OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ctx->error = X509_V_ERR_INVALID_CALL; + return 0; } - // If we were passed a cert chain, use it first - if (sktmp != NULL) { - X509 *issuer = find_issuer(ctx, sktmp, x); - if (issuer != NULL) { - if (!sk_X509_push(ctx->chain, issuer)) { - ctx->error = X509_V_ERR_OUT_OF_MEM; - goto end; - } - X509_up_ref(issuer); - (void)sk_X509_delete_ptr(sktmp, issuer); - ctx->last_untrusted++; - x = issuer; - num++; - // reparse the full chain for the next one - continue; - } + // first we make sure the chain we are going to build is present and that + // the first entry is in place + ctx->chain = sk_X509_new_null(); + if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) { + ctx->error = X509_V_ERR_OUT_OF_MEM; + goto end; } - break; - } + X509_up_ref(ctx->cert); + ctx->last_untrusted = 1; - // Remember how many untrusted certs we have - j = num; - // at this point, chain should contain a list of untrusted certificates. - // We now need to add at least one trusted one, if possible, otherwise we - // complain. - - do { - // Examine last certificate in chain and see if it is self signed. - i = (int)sk_X509_num(ctx->chain); - x = sk_X509_value(ctx->chain, i - 1); - - int is_self_signed; - if (!cert_self_signed(x, &is_self_signed)) { - ctx->error = X509_V_ERR_INVALID_EXTENSION; + // We use a temporary STACK so we can chop and hack at it. + if (ctx->untrusted != NULL && + (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { + ctx->error = X509_V_ERR_OUT_OF_MEM; goto end; } - if (is_self_signed) { - // we have a self signed certificate - if (sk_X509_num(ctx->chain) == 1) { - // We have a single self signed certificate: see if we can - // find it in the store. We must have an exact match to avoid - // possible impersonation. - X509 *issuer = get_trusted_issuer(ctx, x); - if (issuer == NULL || X509_cmp(x, issuer) != 0) { - X509_free(issuer); - ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; - ctx->current_cert = x; - ctx->error_depth = i - 1; - bad_chain = 1; - if (!call_verify_cb(0, ctx)) { - goto end; - } - } else { - // We have a match: replace certificate with store - // version so we get any trust settings. - X509_free(x); - x = issuer; - (void)sk_X509_set(ctx->chain, i - 1, x); - ctx->last_untrusted = 0; - } - } else { - // extract and save self signed certificate for later use - chain_ss = sk_X509_pop(ctx->chain); - ctx->last_untrusted--; - num--; - j--; - x = sk_X509_value(ctx->chain, num - 1); - } - } - // We now lookup certs from the certificate store + int num = (int)sk_X509_num(ctx->chain); + X509 *x = sk_X509_value(ctx->chain, num - 1); + // |param->depth| does not include the leaf certificate or the trust anchor, + // so the maximum size is 2 more. + int max_chain = param->depth >= INT_MAX - 2 ? INT_MAX : param->depth + 2; + for (;;) { if (num >= max_chain) { // FIXME: If this happens, we should take note of it and, if // appropriate, use the X509_V_ERR_CERT_CHAIN_TOO_LONG error code later. break; } + + int is_self_signed; if (!cert_self_signed(x, &is_self_signed)) { ctx->error = X509_V_ERR_INVALID_EXTENSION; goto end; } + // If we are self signed, we break if (is_self_signed) { break; } - X509 *issuer = get_trusted_issuer(ctx, x); - if (issuer == NULL) { - break; + // If asked see if we can find issuer in trusted store first + if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { + X509 *issuer = get_trusted_issuer(ctx, x); + if (issuer != NULL) { + // Free the certificate. It will be picked up again later. + X509_free(issuer); + break; + } } - x = issuer; - if (!sk_X509_push(ctx->chain, x)) { - X509_free(issuer); - ctx->error = X509_V_ERR_OUT_OF_MEM; - goto end; + + // If we were passed a cert chain, use it first + if (sktmp != NULL) { + X509 *issuer = find_issuer(ctx, sktmp, x); + if (issuer != NULL) { + if (!sk_X509_push(ctx->chain, issuer)) { + ctx->error = X509_V_ERR_OUT_OF_MEM; + goto end; + } + X509_up_ref(issuer); + (void)sk_X509_delete_ptr(sktmp, issuer); + ctx->last_untrusted++; + x = issuer; + num++; + // reparse the full chain for the next one + continue; + } } - num++; + break; } - // we now have our chain, lets check it... - trust = check_trust(ctx); + // Remember how many untrusted certs we have + j = num; + // at this point, chain should contain a list of untrusted certificates. + // We now need to add at least one trusted one, if possible, otherwise we + // complain. - // If explicitly rejected error - if (trust == X509_TRUST_REJECTED) { - goto end; - } - // If it's not explicitly trusted then check if there is an alternative - // chain that could be used. We only do this if we haven't already - // checked via TRUSTED_FIRST and the user hasn't switched off alternate - // chain checking - retry = 0; - if (trust != X509_TRUST_TRUSTED && - !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) && - !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { - while (j-- > 1) { - X509 *issuer = - get_trusted_issuer(ctx, sk_X509_value(ctx->chain, j - 1)); - // Check if we found an alternate chain - if (issuer != NULL) { - // Free up the found cert we'll add it again later - X509_free(issuer); + do { + // Examine last certificate in chain and see if it is self signed. + i = (int)sk_X509_num(ctx->chain); + x = sk_X509_value(ctx->chain, i - 1); + + int is_self_signed; + if (!cert_self_signed(x, &is_self_signed)) { + ctx->error = X509_V_ERR_INVALID_EXTENSION; + goto end; + } - // Dump all the certs above this point - we've found an - // alternate chain - while (num > j) { - X509_free(sk_X509_pop(ctx->chain)); - num--; + if (is_self_signed) { + // we have a self signed certificate + if (sk_X509_num(ctx->chain) == 1) { + // We have a single self signed certificate: see if we can + // find it in the store. We must have an exact match to avoid + // possible impersonation. + X509 *issuer = get_trusted_issuer(ctx, x); + if (issuer == NULL || X509_cmp(x, issuer) != 0) { + X509_free(issuer); + ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; + ctx->current_cert = x; + ctx->error_depth = i - 1; + bad_chain = 1; + if (!call_verify_cb(0, ctx)) { + goto end; + } + } else { + // We have a match: replace certificate with store + // version so we get any trust settings. + X509_free(x); + x = issuer; + (void)sk_X509_set(ctx->chain, i - 1, x); + ctx->last_untrusted = 0; } - ctx->last_untrusted = (int)sk_X509_num(ctx->chain); - retry = 1; + } else { + // extract and save self signed certificate for later use + chain_ss = sk_X509_pop(ctx->chain); + ctx->last_untrusted--; + num--; + j--; + x = sk_X509_value(ctx->chain, num - 1); + } + } + // We now lookup certs from the certificate store + for (;;) { + if (num >= max_chain) { + // FIXME: If this happens, we should take note of it and, if + // appropriate, use the X509_V_ERR_CERT_CHAIN_TOO_LONG error code + // later. break; } + if (!cert_self_signed(x, &is_self_signed)) { + ctx->error = X509_V_ERR_INVALID_EXTENSION; + goto end; + } + // If we are self signed, we break + if (is_self_signed) { + break; + } + X509 *issuer = get_trusted_issuer(ctx, x); + if (issuer == NULL) { + break; + } + x = issuer; + if (!sk_X509_push(ctx->chain, x)) { + X509_free(issuer); + ctx->error = X509_V_ERR_OUT_OF_MEM; + goto end; + } + num++; } - } - } while (retry); - // If not explicitly trusted then indicate error unless it's a single - // self signed certificate in which case we've indicated an error already - // and set bad_chain == 1 - if (trust != X509_TRUST_TRUSTED && !bad_chain) { - if (chain_ss == NULL || - !x509_check_issued_with_callback(ctx, x, chain_ss)) { - if (ctx->last_untrusted >= num) { - ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; + // we now have our chain, lets check it... + trust = check_trust(ctx); + + // If explicitly rejected error + if (trust == X509_TRUST_REJECTED) { + goto end; + } + // If it's not explicitly trusted then check if there is an alternative + // chain that could be used. We only do this if we haven't already + // checked via TRUSTED_FIRST and the user hasn't switched off alternate + // chain checking + retry = 0; + if (trust != X509_TRUST_TRUSTED && + !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) && + !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { + while (j-- > 1) { + X509 *issuer = + get_trusted_issuer(ctx, sk_X509_value(ctx->chain, j - 1)); + // Check if we found an alternate chain + if (issuer != NULL) { + // Free up the found cert we'll add it again later + X509_free(issuer); + + // Dump all the certs above this point - we've found an + // alternate chain + while (num > j) { + X509_free(sk_X509_pop(ctx->chain)); + num--; + } + ctx->last_untrusted = (int)sk_X509_num(ctx->chain); + retry = 1; + break; + } + } + } + } while (retry); + + // If not explicitly trusted then indicate error unless it's a single + // self signed certificate in which case we've indicated an error already + // and set bad_chain == 1 + if (trust != X509_TRUST_TRUSTED && !bad_chain) { + if (chain_ss == NULL || + !x509_check_issued_with_callback(ctx, x, chain_ss)) { + if (ctx->last_untrusted >= num) { + ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; + } else { + ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; + } + ctx->current_cert = x; } else { - ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; + if (!sk_X509_push(ctx->chain, chain_ss)) { + ctx->error = X509_V_ERR_OUT_OF_MEM; + goto end; + } + num++; + ctx->last_untrusted = num; + ctx->current_cert = chain_ss; + ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; + chain_ss = NULL; } - ctx->current_cert = x; - } else { - if (!sk_X509_push(ctx->chain, chain_ss)) { - ctx->error = X509_V_ERR_OUT_OF_MEM; + + ctx->error_depth = num - 1; + bad_chain = 1; + if (!call_verify_cb(0, ctx)) { goto end; } - num++; - ctx->last_untrusted = num; - ctx->current_cert = chain_ss; - ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; - chain_ss = NULL; } - ctx->error_depth = num - 1; - bad_chain = 1; - if (!call_verify_cb(0, ctx)) { + // We have the chain complete: now we need to check its purpose + if (!check_chain_extensions(ctx) || // + !check_id(ctx) || + // We check revocation status after copying parameters because they may + // be needed for CRL signature verification. + !check_revocation(ctx) || // + !internal_verify(ctx) || // + !check_name_constraints(ctx) || + // TODO(davidben): Does |check_policy| still need to be conditioned on + // |!bad_chain|? DoS concerns have been resolved. + (!bad_chain && !check_policy(ctx))) { goto end; } - } - // We have the chain complete: now we need to check its purpose - if (!check_chain_extensions(ctx) || // - !check_id(ctx) || - // We check revocation status after copying parameters because they may be - // needed for CRL signature verification. - !check_revocation(ctx) || // - !internal_verify(ctx) || // - !check_name_constraints(ctx) || - // TODO(davidben): Does |check_policy| still need to be conditioned on - // |!bad_chain|? DoS concerns have been resolved. - (!bad_chain && !check_policy(ctx))) { - goto end; + ok = 1; } - ok = 1; - end: sk_X509_free(sktmp); X509_free(chain_ss); @@ -1099,13 +1103,13 @@ static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x) { X509 *issuer = NULL; int crl_score = 0; X509_CRL *crl = NULL; + STACK_OF(X509_CRL) *skcrl = NULL; if (get_crl_sk(ctx, &crl, &issuer, &crl_score, ctx->crls)) { goto done; } // Lookup CRLs from store - STACK_OF(X509_CRL) *skcrl = - X509_STORE_CTX_get1_crls(ctx, X509_get_issuer_name(x)); + skcrl = X509_STORE_CTX_get1_crls(ctx, X509_get_issuer_name(x)); // If no CRLs found and a near match from get_crl_sk use that if (!skcrl && crl) { @@ -1117,7 +1121,6 @@ static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x) { sk_X509_CRL_pop_free(skcrl, X509_CRL_free); done: - // If we got any kind of CRL use it and return success if (crl) { ctx->current_crl_issuer = issuer; @@ -1515,7 +1518,8 @@ int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) { } X509_STORE_CTX *X509_STORE_CTX_new(void) { - return OPENSSL_zalloc(sizeof(X509_STORE_CTX)); + return reinterpret_cast( + OPENSSL_zalloc(sizeof(X509_STORE_CTX))); } void X509_STORE_CTX_free(X509_STORE_CTX *ctx) { diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509_vpm.c b/Sources/CCryptoBoringSSL/crypto/x509/x509_vpm.cc similarity index 90% rename from Sources/CCryptoBoringSSL/crypto/x509/x509_vpm.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509_vpm.cc index 67236014..40ca53d3 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/x509_vpm.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/x509_vpm.cc @@ -116,7 +116,8 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM *param, int mode, } X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) { - X509_VERIFY_PARAM *param = OPENSSL_zalloc(sizeof(X509_VERIFY_PARAM)); + X509_VERIFY_PARAM *param = reinterpret_cast( + OPENSSL_zalloc(sizeof(X509_VERIFY_PARAM))); if (!param) { return NULL; } @@ -246,7 +247,7 @@ static int int_x509_param_set1(char **pdest, size_t *pdestlen, const char *src, if (*pdest) { OPENSSL_free(*pdest); } - *pdest = tmp; + *pdest = reinterpret_cast(tmp); if (pdestlen) { *pdestlen = srclen; } @@ -397,26 +398,67 @@ int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) { } static const X509_VERIFY_PARAM kDefaultParam = { - .flags = X509_V_FLAG_TRUSTED_FIRST, - .depth = 100, + /*check_time=*/0, + /*flags=*/X509_V_FLAG_TRUSTED_FIRST, + /*purpose=*/0, + /*trust=*/0, + /*depth=*/100, + /*policies=*/nullptr, + /*hosts=*/nullptr, + /*hostflags=*/0, + /*email=*/nullptr, + /*emaillen=*/0, + /*ip=*/nullptr, + /*iplen=*/0, + /*poison=*/0, }; static const X509_VERIFY_PARAM kSMIMESignParam = { - .purpose = X509_PURPOSE_SMIME_SIGN, - .trust = X509_TRUST_EMAIL, - .depth = -1, + /*check_time=*/0, + /*flags=*/0, + /*purpose=*/X509_PURPOSE_SMIME_SIGN, + /*trust=*/X509_TRUST_EMAIL, + /*depth=*/-1, + /*policies=*/nullptr, + /*hosts=*/nullptr, + /*hostflags=*/0, + /*email=*/nullptr, + /*emaillen=*/0, + /*ip=*/nullptr, + /*iplen=*/0, + /*poison=*/0, }; static const X509_VERIFY_PARAM kSSLClientParam = { - .purpose = X509_PURPOSE_SSL_CLIENT, - .trust = X509_TRUST_SSL_CLIENT, - .depth = -1, + /*check_time=*/0, + /*flags=*/0, + /*purpose=*/X509_PURPOSE_SSL_CLIENT, + /*trust=*/X509_TRUST_SSL_CLIENT, + /*depth=*/-1, + /*policies=*/nullptr, + /*hosts=*/nullptr, + /*hostflags=*/0, + /*email=*/nullptr, + /*emaillen=*/0, + /*ip=*/nullptr, + /*iplen=*/0, + /*poison=*/0, }; static const X509_VERIFY_PARAM kSSLServerParam = { - .purpose = X509_PURPOSE_SSL_SERVER, - .trust = X509_TRUST_SSL_SERVER, - .depth = -1, + /*check_time=*/0, + /*flags=*/0, + /*purpose=*/X509_PURPOSE_SSL_SERVER, + /*trust=*/X509_TRUST_SSL_SERVER, + /*depth=*/-1, + /*policies=*/nullptr, + /*hosts=*/nullptr, + /*hostflags=*/0, + /*email=*/nullptr, + /*emaillen=*/0, + /*ip=*/nullptr, + /*iplen=*/0, + /*poison=*/0, }; const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) { diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509cset.c b/Sources/CCryptoBoringSSL/crypto/x509/x509cset.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x509cset.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509cset.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509name.c b/Sources/CCryptoBoringSSL/crypto/x509/x509name.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x509name.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509name.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509rset.c b/Sources/CCryptoBoringSSL/crypto/x509/x509rset.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x509rset.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509rset.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509spki.c b/Sources/CCryptoBoringSSL/crypto/x509/x509spki.cc similarity index 95% rename from Sources/CCryptoBoringSSL/crypto/x509/x509spki.c rename to Sources/CCryptoBoringSSL/crypto/x509/x509spki.cc index 63fca089..b44709ef 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/x509spki.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/x509spki.cc @@ -89,7 +89,7 @@ NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, ossl_ssize_t len) { OPENSSL_PUT_ERROR(X509, X509_R_BASE64_DECODE_ERROR); return NULL; } - if (!(spki_der = OPENSSL_malloc(spki_len))) { + if (!(spki_der = reinterpret_cast(OPENSSL_malloc(spki_len)))) { return NULL; } if (!EVP_DecodeBase64(spki_der, &spki_len, spki_len, (const uint8_t *)str, @@ -116,11 +116,11 @@ char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) { OPENSSL_PUT_ERROR(X509, ERR_R_OVERFLOW); return NULL; } - der_spki = OPENSSL_malloc(der_len); + der_spki = reinterpret_cast(OPENSSL_malloc(der_len)); if (der_spki == NULL) { return NULL; } - b64_str = OPENSSL_malloc(b64_len); + b64_str = reinterpret_cast(OPENSSL_malloc(b64_len)); if (b64_str == NULL) { OPENSSL_free(der_spki); return NULL; diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x_algor.c b/Sources/CCryptoBoringSSL/crypto/x509/x_algor.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x_algor.c rename to Sources/CCryptoBoringSSL/crypto/x509/x_algor.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x_all.c b/Sources/CCryptoBoringSSL/crypto/x509/x_all.cc similarity index 96% rename from Sources/CCryptoBoringSSL/crypto/x509/x_all.c rename to Sources/CCryptoBoringSSL/crypto/x509/x_all.cc index 50b3488e..a2c70578 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/x_all.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/x_all.cc @@ -131,7 +131,8 @@ int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *spki, EVP_PKEY *pkey) { } X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); + return reinterpret_cast( + ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl)); } int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl) { @@ -139,7 +140,8 @@ int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl) { } X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl) { - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); + return reinterpret_cast( + ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl)); } int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) { @@ -147,7 +149,8 @@ int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) { } X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); + return reinterpret_cast( + ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req)); } int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req) { @@ -155,7 +158,8 @@ int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req) { } X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req) { - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); + return reinterpret_cast( + ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req)); } int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) { @@ -185,8 +189,8 @@ int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) { return ret; \ } -IMPLEMENT_D2I_FP(X509, d2i_X509_fp, d2i_X509_bio); -IMPLEMENT_I2D_FP(X509, i2d_X509_fp, i2d_X509_bio); +IMPLEMENT_D2I_FP(X509, d2i_X509_fp, d2i_X509_bio) +IMPLEMENT_I2D_FP(X509, i2d_X509_fp, i2d_X509_bio) IMPLEMENT_D2I_FP(RSA, d2i_RSAPrivateKey_fp, d2i_RSAPrivateKey_bio) IMPLEMENT_I2D_FP(RSA, i2d_RSAPrivateKey_fp, i2d_RSAPrivateKey_bio) diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x_attrib.c b/Sources/CCryptoBoringSSL/crypto/x509/x_attrib.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x_attrib.c rename to Sources/CCryptoBoringSSL/crypto/x509/x_attrib.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x_crl.c b/Sources/CCryptoBoringSSL/crypto/x509/x_crl.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/x509/x_crl.c rename to Sources/CCryptoBoringSSL/crypto/x509/x_crl.cc index 7fa6ebcb..0b935fb6 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/x_crl.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/x_crl.cc @@ -121,8 +121,8 @@ static int crl_parse_entry_extensions(X509_CRL *crl) { X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i); int crit; - ASN1_ENUMERATED *reason = - X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, &crit, NULL); + ASN1_ENUMERATED *reason = reinterpret_cast( + X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, &crit, NULL)); if (!reason && crit != -1) { crl->flags |= EXFLAG_INVALID; return 1; @@ -188,8 +188,8 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, return 0; } - crl->idp = - X509_CRL_get_ext_d2i(crl, NID_issuing_distribution_point, &i, NULL); + crl->idp = reinterpret_cast( + X509_CRL_get_ext_d2i(crl, NID_issuing_distribution_point, &i, NULL)); if (crl->idp != NULL) { if (!setup_idp(crl, crl->idp)) { return 0; @@ -198,8 +198,8 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, return 0; } - crl->akid = - X509_CRL_get_ext_d2i(crl, NID_authority_key_identifier, &i, NULL); + crl->akid = reinterpret_cast( + X509_CRL_get_ext_d2i(crl, NID_authority_key_identifier, &i, NULL)); if (crl->akid == NULL && i != -1) { return 0; } diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x_exten.c b/Sources/CCryptoBoringSSL/crypto/x509/x_exten.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x_exten.c rename to Sources/CCryptoBoringSSL/crypto/x509/x_exten.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x_name.c b/Sources/CCryptoBoringSSL/crypto/x509/x_name.cc similarity index 92% rename from Sources/CCryptoBoringSSL/crypto/x509/x_name.c rename to Sources/CCryptoBoringSSL/crypto/x509/x_name.cc index 2c6fd9e6..316162d8 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/x_name.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/x_name.cc @@ -65,6 +65,7 @@ #include #include #include +#include #include "../asn1/internal.h" #include "../internal.h" @@ -134,7 +135,7 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME) static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) { X509_NAME *ret = NULL; - ret = OPENSSL_malloc(sizeof(X509_NAME)); + ret = reinterpret_cast(OPENSSL_malloc(sizeof(X509_NAME))); if (!ret) { goto memerr; } @@ -276,43 +277,49 @@ static int x509_name_encode(X509_NAME *a) { size_t i; STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = sk_STACK_OF_X509_NAME_ENTRY_new_null(); - if (!intname) { - goto err; - } - for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { - entry = sk_X509_NAME_ENTRY_value(a->entries, i); - if (entry->set != set) { - entries = sk_X509_NAME_ENTRY_new_null(); - if (!entries) { - goto err; + + { + if (!intname) { + goto err; + } + for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { + entry = sk_X509_NAME_ENTRY_value(a->entries, i); + if (entry->set != set) { + entries = sk_X509_NAME_ENTRY_new_null(); + if (!entries) { + goto err; + } + if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) { + sk_X509_NAME_ENTRY_free(entries); + goto err; + } + set = entry->set; } - if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) { - sk_X509_NAME_ENTRY_free(entries); + if (!sk_X509_NAME_ENTRY_push(entries, entry)) { goto err; } - set = entry->set; } - if (!sk_X509_NAME_ENTRY_push(entries, entry)) { + ASN1_VALUE *intname_val = (ASN1_VALUE *)intname; + len = + ASN1_item_ex_i2d(&intname_val, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), + /*tag=*/-1, /*aclass=*/0); + if (len <= 0) { + goto err; + } + if (!BUF_MEM_grow(a->bytes, len)) { goto err; } + p = (unsigned char *)a->bytes->data; + if (ASN1_item_ex_i2d(&intname_val, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), + /*tag=*/-1, /*aclass=*/0) <= 0) { + goto err; + } + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, + local_sk_X509_NAME_ENTRY_free); + a->modified = 0; + return 1; } - ASN1_VALUE *intname_val = (ASN1_VALUE *)intname; - len = ASN1_item_ex_i2d(&intname_val, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), - /*tag=*/-1, /*aclass=*/0); - if (len <= 0) { - goto err; - } - if (!BUF_MEM_grow(a->bytes, len)) { - goto err; - } - p = (unsigned char *)a->bytes->data; - if (ASN1_item_ex_i2d(&intname_val, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), - /*tag=*/-1, /*aclass=*/0) <= 0) { - goto err; - } - sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, local_sk_X509_NAME_ENTRY_free); - a->modified = 0; - return 1; + err: sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, local_sk_X509_NAME_ENTRY_free); return 0; @@ -383,7 +390,7 @@ static int x509_name_canon(X509_NAME *a) { } a->canon_enclen = len; - p = OPENSSL_malloc(a->canon_enclen); + p = reinterpret_cast(OPENSSL_malloc(a->canon_enclen)); if (!p) { goto err; diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x_pubkey.c b/Sources/CCryptoBoringSSL/crypto/x509/x_pubkey.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/x509/x_pubkey.c rename to Sources/CCryptoBoringSSL/crypto/x509/x_pubkey.cc index 3acd75f7..8c0f2386 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/x_pubkey.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/x_pubkey.cc @@ -77,13 +77,14 @@ static void x509_pubkey_changed(X509_PUBKEY *pub) { // Re-encode the |X509_PUBKEY| to DER and parse it with EVP's APIs. uint8_t *spki = NULL; int spki_len = i2d_X509_PUBKEY(pub, &spki); + EVP_PKEY *pkey; if (spki_len < 0) { goto err; } CBS cbs; CBS_init(&cbs, spki, (size_t)spki_len); - EVP_PKEY *pkey = EVP_parse_public_key(&cbs); + pkey = EVP_parse_public_key(&cbs); if (pkey == NULL || CBS_len(&cbs) != 0) { EVP_PKEY_free(pkey); goto err; @@ -126,6 +127,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) { } CBB cbb; + const uint8_t *p; if (!CBB_init(&cbb, 0) || // !EVP_marshal_public_key(&cbb, pkey) || !CBB_finish(&cbb, &spki, &spki_len) || // @@ -135,7 +137,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) { goto error; } - const uint8_t *p = spki; + p = spki; pk = d2i_X509_PUBKEY(NULL, &p, (long)spki_len); if (pk == NULL || p != spki + spki_len) { OPENSSL_PUT_ERROR(X509, X509_R_PUBLIC_KEY_DECODE_ERROR); diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x_req.c b/Sources/CCryptoBoringSSL/crypto/x509/x_req.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x_req.c rename to Sources/CCryptoBoringSSL/crypto/x509/x_req.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x_sig.c b/Sources/CCryptoBoringSSL/crypto/x509/x_sig.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x_sig.c rename to Sources/CCryptoBoringSSL/crypto/x509/x_sig.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x_spki.c b/Sources/CCryptoBoringSSL/crypto/x509/x_spki.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x_spki.c rename to Sources/CCryptoBoringSSL/crypto/x509/x_spki.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x_val.c b/Sources/CCryptoBoringSSL/crypto/x509/x_val.cc similarity index 100% rename from Sources/CCryptoBoringSSL/crypto/x509/x_val.c rename to Sources/CCryptoBoringSSL/crypto/x509/x_val.cc diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x_x509.c b/Sources/CCryptoBoringSSL/crypto/x509/x_x509.cc similarity index 87% rename from Sources/CCryptoBoringSSL/crypto/x509/x_x509.c rename to Sources/CCryptoBoringSSL/crypto/x509/x_x509.cc index bc0160ee..0200ac62 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/x_x509.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/x_x509.cc @@ -91,7 +91,7 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) // x509_new_null returns a new |X509| object where the |cert_info|, |sig_alg|, // and |signature| fields are not yet filled in. static X509 *x509_new_null(void) { - X509 *ret = OPENSSL_zalloc(sizeof(X509)); + X509 *ret = reinterpret_cast(OPENSSL_zalloc(sizeof(X509))); if (ret == NULL) { return NULL; } @@ -177,56 +177,59 @@ static X509 *x509_parse(CBS *cbs, CRYPTO_BUFFER *buf) { return NULL; } - // TODO(crbug.com/boringssl/443): When the rest of the library is decoupled - // from the tasn_*.c implementation, replace this with |CBS|-based functions. - const uint8_t *inp = CBS_data(&tbs); - if (ASN1_item_ex_d2i((ASN1_VALUE **)&ret->cert_info, &inp, CBS_len(&tbs), - ASN1_ITEM_rptr(X509_CINF), /*tag=*/-1, - /*aclass=*/0, /*opt=*/0, buf) <= 0 || - inp != CBS_data(&tbs) + CBS_len(&tbs)) { - goto err; - } + { + // TODO(crbug.com/boringssl/443): When the rest of the library is decoupled + // from the tasn_*.c implementation, replace this with |CBS|-based + // functions. + const uint8_t *inp = CBS_data(&tbs); + if (ASN1_item_ex_d2i((ASN1_VALUE **)&ret->cert_info, &inp, CBS_len(&tbs), + ASN1_ITEM_rptr(X509_CINF), /*tag=*/-1, + /*aclass=*/0, /*opt=*/0, buf) <= 0 || + inp != CBS_data(&tbs) + CBS_len(&tbs)) { + goto err; + } - inp = CBS_data(&sigalg); - ret->sig_alg = d2i_X509_ALGOR(NULL, &inp, CBS_len(&sigalg)); - if (ret->sig_alg == NULL || inp != CBS_data(&sigalg) + CBS_len(&sigalg)) { - goto err; - } + inp = CBS_data(&sigalg); + ret->sig_alg = d2i_X509_ALGOR(NULL, &inp, CBS_len(&sigalg)); + if (ret->sig_alg == NULL || inp != CBS_data(&sigalg) + CBS_len(&sigalg)) { + goto err; + } - inp = CBS_data(&sig); - ret->signature = c2i_ASN1_BIT_STRING(NULL, &inp, CBS_len(&sig)); - if (ret->signature == NULL || inp != CBS_data(&sig) + CBS_len(&sig)) { - goto err; - } + inp = CBS_data(&sig); + ret->signature = c2i_ASN1_BIT_STRING(NULL, &inp, CBS_len(&sig)); + if (ret->signature == NULL || inp != CBS_data(&sig) + CBS_len(&sig)) { + goto err; + } + + // The version must be one of v1(0), v2(1), or v3(2). + long version = X509_VERSION_1; + if (ret->cert_info->version != NULL) { + version = ASN1_INTEGER_get(ret->cert_info->version); + // TODO(https://crbug.com/boringssl/364): |X509_VERSION_1| should + // also be rejected here. This means an explicitly-encoded X.509v1 + // version. v1 is DEFAULT, so DER requires it be omitted. + if (version < X509_VERSION_1 || version > X509_VERSION_3) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_VERSION); + goto err; + } + } - // The version must be one of v1(0), v2(1), or v3(2). - long version = X509_VERSION_1; - if (ret->cert_info->version != NULL) { - version = ASN1_INTEGER_get(ret->cert_info->version); - // TODO(https://crbug.com/boringssl/364): |X509_VERSION_1| should - // also be rejected here. This means an explicitly-encoded X.509v1 - // version. v1 is DEFAULT, so DER requires it be omitted. - if (version < X509_VERSION_1 || version > X509_VERSION_3) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_VERSION); + // Per RFC 5280, section 4.1.2.8, these fields require v2 or v3. + if (version == X509_VERSION_1 && (ret->cert_info->issuerUID != NULL || + ret->cert_info->subjectUID != NULL)) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION); goto err; } - } - // Per RFC 5280, section 4.1.2.8, these fields require v2 or v3. - if (version == X509_VERSION_1 && (ret->cert_info->issuerUID != NULL || - ret->cert_info->subjectUID != NULL)) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION); - goto err; - } + // Per RFC 5280, section 4.1.2.9, extensions require v3. + if (version != X509_VERSION_3 && ret->cert_info->extensions != NULL) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION); + goto err; + } - // Per RFC 5280, section 4.1.2.9, extensions require v3. - if (version != X509_VERSION_3 && ret->cert_info->extensions != NULL) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION); - goto err; + return ret; } - return ret; - err: X509_free(ret); return NULL; @@ -263,6 +266,7 @@ int i2d_X509(X509 *x509, uint8_t **outp) { } CBB cbb, cert; + int len; if (!CBB_init(&cbb, 64) || // !CBB_add_asn1(&cbb, &cert, CBS_ASN1_SEQUENCE)) { goto err; @@ -271,7 +275,7 @@ int i2d_X509(X509 *x509, uint8_t **outp) { // TODO(crbug.com/boringssl/443): When the rest of the library is decoupled // from the tasn_*.c implementation, replace this with |CBS|-based functions. uint8_t *out; - int len = i2d_X509_CINF(x509->cert_info, NULL); + len = i2d_X509_CINF(x509->cert_info, NULL); if (len < 0 || // !CBB_add_space(&cert, &out, (size_t)len) || i2d_X509_CINF(x509->cert_info, &out) != len) { @@ -481,7 +485,7 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp) { } // Allocate requisite combined storage - *pp = tmp = OPENSSL_malloc(length); + *pp = tmp = reinterpret_cast(OPENSSL_malloc(length)); if (tmp == NULL) { return -1; // Push error onto error stack? } diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x_x509a.c b/Sources/CCryptoBoringSSL/crypto/x509/x_x509a.cc similarity index 98% rename from Sources/CCryptoBoringSSL/crypto/x509/x_x509a.c rename to Sources/CCryptoBoringSSL/crypto/x509/x_x509a.cc index a80c8cfc..63e0fd2c 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/x_x509a.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/x_x509a.cc @@ -151,11 +151,12 @@ const uint8_t *X509_keyid_get0(const X509 *x, int *out_len) { } int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj) { + X509_CERT_AUX *aux; ASN1_OBJECT *objtmp = OBJ_dup(obj); if (objtmp == NULL) { goto err; } - X509_CERT_AUX *aux = aux_get(x); + aux = aux_get(x); if (aux->trust == NULL) { aux->trust = sk_ASN1_OBJECT_new_null(); if (aux->trust == NULL) { @@ -173,11 +174,12 @@ int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj) { } int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj) { + X509_CERT_AUX *aux; ASN1_OBJECT *objtmp = OBJ_dup(obj); if (objtmp == NULL) { goto err; } - X509_CERT_AUX *aux = aux_get(x); + aux = aux_get(x); if (aux->reject == NULL) { aux->reject = sk_ASN1_OBJECT_new_null(); if (aux->reject == NULL) { diff --git a/Sources/CCryptoBoringSSL/gen/crypto/err_data.c b/Sources/CCryptoBoringSSL/gen/crypto/err_data.cc similarity index 83% rename from Sources/CCryptoBoringSSL/gen/crypto/err_data.c rename to Sources/CCryptoBoringSSL/gen/crypto/err_data.cc index d7612384..6a83865e 100644 --- a/Sources/CCryptoBoringSSL/gen/crypto/err_data.c +++ b/Sources/CCryptoBoringSSL/gen/crypto/err_data.cc @@ -54,6 +54,7 @@ static_assert(ERR_LIB_TRUST_TOKEN == 32, "library value changed"); static_assert(ERR_LIB_USER == 33, "library value changed"); static_assert(ERR_NUM_LIBS == 34, "number of libraries changed"); +extern const uint32_t kOpenSSLReasonValues[]; const uint32_t kOpenSSLReasonValues[] = { 0xc320885, 0xc32889f, @@ -196,51 +197,51 @@ const uint32_t kOpenSSLReasonValues[] = { 0x283500f7, 0x28358c81, 0x2836099a, - 0x2c3232fa, + 0x2c3232d4, 0x2c329385, - 0x2c333308, - 0x2c33b31a, - 0x2c34332e, - 0x2c34b340, - 0x2c35335b, - 0x2c35b36d, - 0x2c36339d, + 0x2c3332e2, + 0x2c33b2f4, + 0x2c343308, + 0x2c34b31a, + 0x2c353335, + 0x2c35b347, + 0x2c363377, 0x2c36833a, - 0x2c3733aa, - 0x2c37b3d6, - 0x2c383414, - 0x2c38b42b, - 0x2c393449, - 0x2c39b459, - 0x2c3a346b, - 0x2c3ab47f, - 0x2c3b3490, - 0x2c3bb4af, + 0x2c373384, + 0x2c37b3b0, + 0x2c3833ee, + 0x2c38b405, + 0x2c393423, + 0x2c39b433, + 0x2c3a3445, + 0x2c3ab459, + 0x2c3b346a, + 0x2c3bb489, 0x2c3c1397, 0x2c3c93ad, - 0x2c3d34f4, + 0x2c3d34ce, 0x2c3d93c6, - 0x2c3e351e, - 0x2c3eb52c, - 0x2c3f3544, - 0x2c3fb55c, - 0x2c403586, + 0x2c3e34f8, + 0x2c3eb506, + 0x2c3f351e, + 0x2c3fb536, + 0x2c403560, 0x2c409298, - 0x2c413597, - 0x2c41b5aa, + 0x2c413571, + 0x2c41b584, 0x2c42125e, - 0x2c42b5bb, + 0x2c42b595, 0x2c43076d, - 0x2c43b4a1, - 0x2c4433e9, - 0x2c44b569, - 0x2c453380, - 0x2c45b3bc, - 0x2c463439, - 0x2c46b4c3, - 0x2c4734d8, - 0x2c47b511, - 0x2c4833fb, + 0x2c43b47b, + 0x2c4433c3, + 0x2c44b543, + 0x2c45335a, + 0x2c45b396, + 0x2c463413, + 0x2c46b49d, + 0x2c4734b2, + 0x2c47b4eb, + 0x2c4833d5, 0x30320000, 0x30328015, 0x3033001f, @@ -380,261 +381,260 @@ const uint32_t kOpenSSLReasonValues[] = { 0x3c418dd3, 0x3c420edf, 0x3c428e69, - 0x40321a42, - 0x40329a58, - 0x40331a86, - 0x40339a90, - 0x40341aa7, - 0x40349ac5, - 0x40351ad5, - 0x40359ae7, - 0x40361af4, - 0x40369b00, - 0x40371b15, - 0x40379b27, - 0x40381b32, - 0x40389b44, + 0x40321a1c, + 0x40329a32, + 0x40331a60, + 0x40339a6a, + 0x40341a81, + 0x40349a9f, + 0x40351aaf, + 0x40359ac1, + 0x40361ace, + 0x40369ada, + 0x40371aef, + 0x40379b01, + 0x40381b0c, + 0x40389b1e, 0x40390f93, - 0x40399b54, - 0x403a1b67, - 0x403a9b88, - 0x403b1b99, - 0x403b9ba9, + 0x40399b2e, + 0x403a1b41, + 0x403a9b62, + 0x403b1b73, + 0x403b9b83, 0x403c0071, 0x403c8090, - 0x403d1c0a, - 0x403d9c20, - 0x403e1c2f, - 0x403e9c67, - 0x403f1c81, - 0x403f9ca9, - 0x40401cbe, - 0x40409cd2, - 0x40411d0d, - 0x40419d28, - 0x40421d41, - 0x40429d54, - 0x40431d68, - 0x40439d96, - 0x40441dad, + 0x403d1be4, + 0x403d9bfa, + 0x403e1c09, + 0x403e9c41, + 0x403f1c5b, + 0x403f9c83, + 0x40401c98, + 0x40409cac, + 0x40411ce7, + 0x40419d02, + 0x40421d1b, + 0x40429d2e, + 0x40431d42, + 0x40439d70, + 0x40441d87, 0x404480b9, - 0x40451dc2, - 0x40459dd4, - 0x40461df8, - 0x40469e18, - 0x40471e26, - 0x40479e4d, - 0x40481ebe, - 0x40489f78, - 0x40491f8f, - 0x40499fa9, - 0x404a1fc0, - 0x404a9fde, - 0x404b1ff6, - 0x404ba023, - 0x404c2039, - 0x404ca04b, - 0x404d206c, - 0x404da0a5, - 0x404e20b9, - 0x404ea0c6, - 0x404f2177, - 0x404fa1ed, - 0x4050225c, - 0x4050a270, - 0x405122a3, - 0x405222b3, - 0x4052a2d7, - 0x405322ef, - 0x4053a302, - 0x40542317, - 0x4054a33a, - 0x40552365, - 0x4055a3a2, - 0x405623c7, - 0x4056a3e0, - 0x405723f8, - 0x4057a40b, - 0x40582420, - 0x4058a447, - 0x40592476, - 0x4059a4a3, - 0x405aa4b7, - 0x405b24cf, - 0x405ba4e0, - 0x405c24f3, - 0x405ca532, - 0x405d253f, - 0x405da564, - 0x405e25a2, + 0x40451d9c, + 0x40459dae, + 0x40461dd2, + 0x40469df2, + 0x40471e00, + 0x40479e27, + 0x40481e98, + 0x40489f52, + 0x40491f69, + 0x40499f83, + 0x404a1f9a, + 0x404a9fb8, + 0x404b1fd0, + 0x404b9ffd, + 0x404c2013, + 0x404ca025, + 0x404d2046, + 0x404da07f, + 0x404e2093, + 0x404ea0a0, + 0x404f2151, + 0x404fa1c7, + 0x40502236, + 0x4050a24a, + 0x4051227d, + 0x4052228d, + 0x4052a2b1, + 0x405322c9, + 0x4053a2dc, + 0x405422f1, + 0x4054a314, + 0x4055233f, + 0x4055a37c, + 0x405623a1, + 0x4056a3ba, + 0x405723d2, + 0x4057a3e5, + 0x405823fa, + 0x4058a421, + 0x40592450, + 0x4059a47d, + 0x405aa491, + 0x405b24a9, + 0x405ba4ba, + 0x405c24cd, + 0x405ca50c, + 0x405d2519, + 0x405da53e, + 0x405e257c, 0x405e8afe, - 0x405f25c3, - 0x405fa5d0, - 0x406025de, - 0x4060a600, - 0x40612661, - 0x4061a699, - 0x406226b0, - 0x4062a6c1, - 0x4063270e, - 0x4063a723, - 0x4064273a, - 0x4064a766, - 0x40652781, - 0x4065a798, - 0x406627b0, - 0x4066a7da, - 0x40672805, - 0x4067a84a, - 0x40682892, - 0x4068a8b3, - 0x406928e5, - 0x4069a913, - 0x406a2934, - 0x406aa954, - 0x406b2adc, - 0x406baaff, - 0x406c2b15, - 0x406cae1f, - 0x406d2e4e, - 0x406dae76, - 0x406e2ea4, - 0x406eaef1, - 0x406f2f4a, - 0x406faf82, - 0x40702f95, - 0x4070afb2, + 0x405f259d, + 0x405fa5aa, + 0x406025b8, + 0x4060a5da, + 0x4061263b, + 0x4061a673, + 0x4062268a, + 0x4062a69b, + 0x406326e8, + 0x4063a6fd, + 0x40642714, + 0x4064a740, + 0x4065275b, + 0x4065a772, + 0x4066278a, + 0x4066a7b4, + 0x406727df, + 0x4067a824, + 0x4068286c, + 0x4068a88d, + 0x406928bf, + 0x4069a8ed, + 0x406a290e, + 0x406aa92e, + 0x406b2ab6, + 0x406baad9, + 0x406c2aef, + 0x406cadf9, + 0x406d2e28, + 0x406dae50, + 0x406e2e7e, + 0x406eaecb, + 0x406f2f24, + 0x406faf5c, + 0x40702f6f, + 0x4070af8c, 0x4071084d, - 0x4071afc4, - 0x40722fd7, - 0x4072b00d, - 0x40733025, + 0x4071af9e, + 0x40722fb1, + 0x4072afe7, + 0x40732fff, 0x407395af, - 0x40743039, - 0x4074b053, - 0x40753064, - 0x4075b078, - 0x40763086, + 0x40743013, + 0x4074b02d, + 0x4075303e, + 0x4075b052, + 0x40763060, 0x4076935b, - 0x407730ab, - 0x4077b0eb, - 0x40783106, - 0x4078b13f, - 0x40793156, - 0x4079b16c, - 0x407a3198, - 0x407ab1ab, - 0x407b31c0, - 0x407bb1d2, - 0x407c3203, - 0x407cb20c, - 0x407d28ce, - 0x407da215, - 0x407e311b, - 0x407ea457, - 0x407f1e3a, - 0x407fa00d, - 0x40802187, - 0x40809e62, - 0x408122c5, - 0x4081a114, - 0x40822e8f, - 0x40829bb5, - 0x40832432, - 0x4083a74b, - 0x40841e76, - 0x4084a48f, - 0x40852504, - 0x4085a628, - 0x40862584, - 0x4086a22f, - 0x40872ed5, - 0x4087a676, - 0x40881bf3, - 0x4088a85d, - 0x40891c42, - 0x40899bcf, - 0x408a2b4d, + 0x40773085, + 0x4077b0c5, + 0x407830e0, + 0x4078b119, + 0x40793130, + 0x4079b146, + 0x407a3172, + 0x407ab185, + 0x407b319a, + 0x407bb1ac, + 0x407c31dd, + 0x407cb1e6, + 0x407d28a8, + 0x407da1ef, + 0x407e30f5, + 0x407ea431, + 0x407f1e14, + 0x407f9fe7, + 0x40802161, + 0x40809e3c, + 0x4081229f, + 0x4081a0ee, + 0x40822e69, + 0x40829b8f, + 0x4083240c, + 0x4083a725, + 0x40841e50, + 0x4084a469, + 0x408524de, + 0x4085a602, + 0x4086255e, + 0x4086a209, + 0x40872eaf, + 0x4087a650, + 0x40881bcd, + 0x4088a837, + 0x40891c1c, + 0x40899ba9, + 0x408a2b27, 0x408a99c7, - 0x408b31e7, - 0x408baf5f, - 0x408c2514, - 0x408c99ff, - 0x408d1f5e, - 0x408d9ea8, - 0x408e208e, - 0x408ea382, - 0x408f2871, - 0x408fa644, - 0x40902826, - 0x4090a556, - 0x40912b35, - 0x40919a25, - 0x40921c8f, - 0x4092af10, - 0x40932ff0, - 0x4093a240, - 0x40941e8a, - 0x4094ab66, - 0x409526d2, - 0x4095b178, - 0x40962ebc, - 0x4096a1a0, - 0x4097228b, - 0x4097a0dd, - 0x40981cef, - 0x4098a6e6, - 0x40992f2c, - 0x4099a3af, - 0x409a2348, + 0x408b31c1, + 0x408baf39, + 0x408c24ee, + 0x408d1f38, + 0x408d9e82, + 0x408e2068, + 0x408ea35c, + 0x408f284b, + 0x408fa61e, + 0x40902800, + 0x4090a530, + 0x40912b0f, + 0x409199ff, + 0x40921c69, + 0x4092aeea, + 0x40932fca, + 0x4093a21a, + 0x40941e64, + 0x4094ab40, + 0x409526ac, + 0x4095b152, + 0x40962e96, + 0x4096a17a, + 0x40972265, + 0x4097a0b7, + 0x40981cc9, + 0x4098a6c0, + 0x40992f06, + 0x4099a389, + 0x409a2322, 0x409a99e3, - 0x409b1ee4, - 0x409b9f0f, - 0x409c30cd, - 0x409c9f37, - 0x409d215c, - 0x409da12a, - 0x409e1d80, - 0x409ea1d5, - 0x409f21bd, - 0x409f9ed7, - 0x40a021fd, - 0x40a0a0f7, - 0x40a12145, - 0x41f42a07, - 0x41f92a99, - 0x41fe298c, - 0x41feac42, - 0x41ff2d70, - 0x42032a20, - 0x42082a42, - 0x4208aa7e, - 0x42092970, - 0x4209aab8, - 0x420a29c7, - 0x420aa9a7, - 0x420b29e7, - 0x420baa60, - 0x420c2d8c, - 0x420cab76, - 0x420d2c29, - 0x420dac60, - 0x42122c93, - 0x42172d53, - 0x4217acd5, - 0x421c2cf7, - 0x421f2cb2, - 0x42212e04, - 0x42262d36, - 0x422b2de2, - 0x422bac04, - 0x422c2dc4, - 0x422cabb7, - 0x422d2b90, - 0x422dada3, - 0x422e2be3, - 0x42302d12, - 0x4230ac7a, + 0x409b1ebe, + 0x409b9ee9, + 0x409c30a7, + 0x409c9f11, + 0x409d2136, + 0x409da104, + 0x409e1d5a, + 0x409ea1af, + 0x409f2197, + 0x409f9eb1, + 0x40a021d7, + 0x40a0a0d1, + 0x40a1211f, + 0x41f429e1, + 0x41f92a73, + 0x41fe2966, + 0x41feac1c, + 0x41ff2d4a, + 0x420329fa, + 0x42082a1c, + 0x4208aa58, + 0x4209294a, + 0x4209aa92, + 0x420a29a1, + 0x420aa981, + 0x420b29c1, + 0x420baa3a, + 0x420c2d66, + 0x420cab50, + 0x420d2c03, + 0x420dac3a, + 0x42122c6d, + 0x42172d2d, + 0x4217acaf, + 0x421c2cd1, + 0x421f2c8c, + 0x42212dde, + 0x42262d10, + 0x422b2dbc, + 0x422babde, + 0x422c2d9e, + 0x422cab91, + 0x422d2b6a, + 0x422dad7d, + 0x422e2bbd, + 0x42302cec, + 0x4230ac54, 0x44320778, 0x44328787, 0x44330793, @@ -690,71 +690,71 @@ const uint32_t kOpenSSLReasonValues[] = { 0x4c41948f, 0x4c4215f8, 0x4c4293d7, - 0x503235cd, - 0x5032b5dc, - 0x503335e7, - 0x5033b5f7, - 0x50343610, - 0x5034b62a, - 0x50353638, - 0x5035b64e, - 0x50363660, - 0x5036b676, - 0x5037368f, - 0x5037b6a2, - 0x503836ba, - 0x5038b6cb, - 0x503936e0, - 0x5039b6f4, - 0x503a3714, - 0x503ab72a, - 0x503b3742, - 0x503bb754, - 0x503c3770, - 0x503cb787, - 0x503d37a0, - 0x503db7b6, - 0x503e37c3, - 0x503eb7d9, - 0x503f37eb, + 0x503235a7, + 0x5032b5b6, + 0x503335c1, + 0x5033b5d1, + 0x503435ea, + 0x5034b604, + 0x50353612, + 0x5035b628, + 0x5036363a, + 0x5036b650, + 0x50373669, + 0x5037b67c, + 0x50383694, + 0x5038b6a5, + 0x503936ba, + 0x5039b6ce, + 0x503a36ee, + 0x503ab704, + 0x503b371c, + 0x503bb72e, + 0x503c374a, + 0x503cb761, + 0x503d377a, + 0x503db790, + 0x503e379d, + 0x503eb7b3, + 0x503f37c5, 0x503f83b3, - 0x504037fe, - 0x5040b80e, - 0x50413828, - 0x5041b837, - 0x50423851, - 0x5042b86e, - 0x5043387e, - 0x5043b88e, - 0x504438ab, + 0x504037d8, + 0x5040b7e8, + 0x50413802, + 0x5041b811, + 0x5042382b, + 0x5042b848, + 0x50433858, + 0x5043b868, + 0x50443885, 0x50448469, - 0x504538bf, - 0x5045b8dd, - 0x504638f0, - 0x5046b906, - 0x50473918, - 0x5047b92d, - 0x50483953, - 0x5048b961, - 0x50493974, - 0x5049b989, - 0x504a399f, - 0x504ab9af, - 0x504b39cf, - 0x504bb9e2, - 0x504c3a05, - 0x504cba33, - 0x504d3a60, - 0x504dba7d, - 0x504e3a98, - 0x504ebab4, - 0x504f3ac6, - 0x504fbadd, - 0x50503aec, + 0x50453899, + 0x5045b8b7, + 0x504638ca, + 0x5046b8e0, + 0x504738f2, + 0x5047b907, + 0x5048392d, + 0x5048b93b, + 0x5049394e, + 0x5049b963, + 0x504a3979, + 0x504ab989, + 0x504b39a9, + 0x504bb9bc, + 0x504c39df, + 0x504cba0d, + 0x504d3a3a, + 0x504dba57, + 0x504e3a72, + 0x504eba8e, + 0x504f3aa0, + 0x504fbab7, + 0x50503ac6, 0x50508729, - 0x50513aff, - 0x5051b89d, - 0x50523a45, + 0x50513ad9, + 0x5051b877, + 0x50523a1f, 0x58320fd1, 0x68320f93, 0x68328ceb, @@ -799,23 +799,25 @@ const uint32_t kOpenSSLReasonValues[] = { 0x7c321274, 0x803214a2, 0x80328090, - 0x803332c9, + 0x803332a3, 0x803380b9, - 0x803432d8, - 0x8034b240, - 0x8035325e, - 0x8035b2ec, - 0x803632a0, - 0x8036b24f, - 0x80373292, - 0x8037b22d, - 0x803832b3, - 0x8038b26f, - 0x80393284, + 0x803432b2, + 0x8034b21a, + 0x80353238, + 0x8035b2c6, + 0x8036327a, + 0x8036b229, + 0x8037326c, + 0x8037b207, + 0x8038328d, + 0x8038b249, + 0x8039325e, }; +extern const size_t kOpenSSLReasonValuesLen; const size_t kOpenSSLReasonValuesLen = sizeof(kOpenSSLReasonValues) / sizeof(kOpenSSLReasonValues[0]); +extern const char kOpenSSLReasonStringData[]; const char kOpenSSLReasonStringData[] = "ASN1_LENGTH_MISMATCH\0" "AUX_ERROR\0" @@ -1154,7 +1156,6 @@ const char kOpenSSLReasonStringData[] = "WRONG_SIGNATURE_LENGTH\0" "ALPN_MISMATCH_ON_EARLY_DATA\0" "ALPS_MISMATCH_ON_EARLY_DATA\0" - "APPLICATION_DATA_INSTEAD_OF_HANDSHAKE\0" "APPLICATION_DATA_ON_SHUTDOWN\0" "APP_DATA_IN_HANDSHAKE\0" "ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT\0" diff --git a/Sources/CCryptoBoringSSL/hash.txt b/Sources/CCryptoBoringSSL/hash.txt index c8314b90..9844d768 100644 --- a/Sources/CCryptoBoringSSL/hash.txt +++ b/Sources/CCryptoBoringSSL/hash.txt @@ -1 +1 @@ -This directory is derived from BoringSSL cloned from https://boringssl.googlesource.com/boringssl at revision 2587c4974dbe9872451151c8e975f58567a1ce0d +This directory is derived from BoringSSL cloned from https://boringssl.googlesource.com/boringssl at revision fcef13a49852397a0d39c00be8d7bc2ba1ab6fb9 diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_asn1t.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_asn1t.h index 4b071971..3e55b93b 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_asn1t.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_asn1t.h @@ -9,7 +9,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,8 +57,8 @@ #ifndef OPENSSL_HEADER_ASN1T_H #define OPENSSL_HEADER_ASN1T_H -#include "CCryptoBoringSSL_base.h" #include "CCryptoBoringSSL_asn1.h" +#include "CCryptoBoringSSL_base.h" #if defined(__cplusplus) extern "C" { @@ -81,32 +81,23 @@ typedef struct ASN1_TLC_st ASN1_TLC; /* Macros for start and end of ASN1_ITEM definition */ -#define ASN1_ITEM_start(itname) \ - const ASN1_ITEM itname##_it = { - +#define ASN1_ITEM_start(itname) const ASN1_ITEM itname##_it = { #define ASN1_ITEM_end(itname) \ - }; + } \ + ; /* Macros to aid ASN1 template writing */ -#define ASN1_ITEM_TEMPLATE(tname) \ - static const ASN1_TEMPLATE tname##_item_tt +#define ASN1_ITEM_TEMPLATE(tname) static const ASN1_TEMPLATE tname##_item_tt -#define ASN1_ITEM_TEMPLATE_END(tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_PRIMITIVE,\ - -1,\ - &tname##_item_tt,\ - 0,\ - NULL,\ - 0,\ - #tname \ - ASN1_ITEM_end(tname) +#define ASN1_ITEM_TEMPLATE_END(tname) \ + ; \ + ASN1_ITEM_start(tname) ASN1_ITYPE_PRIMITIVE, -1, &tname##_item_tt, 0, NULL, \ + 0, #tname ASN1_ITEM_end(tname) /* This is a ASN1 type which just embeds a template */ - + /* This pair helps declare a SEQUENCE. We can do: * * ASN1_SEQUENCE(stname) = { @@ -127,50 +118,40 @@ typedef struct ASN1_TLC_st ASN1_TLC; * a structure called stname. */ -#define ASN1_SEQUENCE(tname) \ - static const ASN1_TEMPLATE tname##_seq_tt[] +#define ASN1_SEQUENCE(tname) static const ASN1_TEMPLATE tname##_seq_tt[] #define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) -#define ASN1_SEQUENCE_END_name(stname, tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - NULL,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) +#define ASN1_SEQUENCE_END_name(stname, tname) \ + ; \ + ASN1_ITEM_start(tname) ASN1_ITYPE_SEQUENCE, V_ASN1_SEQUENCE, tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), NULL, sizeof(stname), \ + #stname ASN1_ITEM_end(tname) -#define ASN1_SEQUENCE_cb(tname, cb) \ - static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \ - ASN1_SEQUENCE(tname) +#define ASN1_SEQUENCE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \ + ASN1_SEQUENCE(tname) -#define ASN1_SEQUENCE_ref(tname, cb) \ - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), cb, 0}; \ - ASN1_SEQUENCE(tname) +#define ASN1_SEQUENCE_ref(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, \ + offsetof(tname, references), cb, 0}; \ + ASN1_SEQUENCE(tname) -#define ASN1_SEQUENCE_enc(tname, enc, cb) \ - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, cb, offsetof(tname, enc)}; \ - ASN1_SEQUENCE(tname) +#define ASN1_SEQUENCE_enc(tname, enc, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, cb, \ + offsetof(tname, enc)}; \ + ASN1_SEQUENCE(tname) -#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) +#define ASN1_SEQUENCE_END_enc(stname, tname) \ + ASN1_SEQUENCE_END_ref(stname, tname) #define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) -#define ASN1_SEQUENCE_END_ref(stname, tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - &tname##_aux,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) +#define ASN1_SEQUENCE_END_ref(stname, tname) \ + ; \ + ASN1_ITEM_start(tname) ASN1_ITYPE_SEQUENCE, V_ASN1_SEQUENCE, tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), &tname##_aux, \ + sizeof(stname), #stname ASN1_ITEM_end(tname) /* This pair helps declare a CHOICE type. We can do: @@ -189,152 +170,145 @@ typedef struct ASN1_TLC_st ASN1_TLC; * ASN1_SOMEOTHER *opt2; * } value; * } chname; - * + * * the name of the selector must be 'type'. * to use an alternative selector name use the * ASN1_CHOICE_END_selector() version. */ -#define ASN1_CHOICE(tname) \ - static const ASN1_TEMPLATE tname##_ch_tt[] +#define ASN1_CHOICE(tname) static const ASN1_TEMPLATE tname##_ch_tt[] -#define ASN1_CHOICE_cb(tname, cb) \ - static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \ - ASN1_CHOICE(tname) +#define ASN1_CHOICE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \ + ASN1_CHOICE(tname) #define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) -#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) - -#define ASN1_CHOICE_END_selector(stname, tname, selname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_CHOICE,\ - offsetof(stname,selname) ,\ - tname##_ch_tt,\ - sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ - NULL,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) - -#define ASN1_CHOICE_END_cb(stname, tname, selname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_CHOICE,\ - offsetof(stname,selname) ,\ - tname##_ch_tt,\ - sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ - &tname##_aux,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) +#define ASN1_CHOICE_END_name(stname, tname) \ + ASN1_CHOICE_END_selector(stname, tname, type) + +#define ASN1_CHOICE_END_selector(stname, tname, selname) \ + ; \ + ASN1_ITEM_start(tname) ASN1_ITYPE_CHOICE, offsetof(stname, selname), \ + tname##_ch_tt, sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE), NULL, \ + sizeof(stname), #stname ASN1_ITEM_end(tname) + +#define ASN1_CHOICE_END_cb(stname, tname, selname) \ + ; \ + ASN1_ITEM_start(tname) ASN1_ITYPE_CHOICE, offsetof(stname, selname), \ + tname##_ch_tt, sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE), \ + &tname##_aux, sizeof(stname), #stname ASN1_ITEM_end(tname) /* This helps with the template wrapper form of ASN1_ITEM */ -#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ - (flags), (tag), 0,\ - #name, ASN1_ITEM_ref(type) } +#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) \ + { (flags), (tag), 0, #name, ASN1_ITEM_ref(type) } /* These help with SEQUENCE or CHOICE components */ /* used to declare other types */ -#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ - (flags), (tag), offsetof(stname, field),\ - #field, ASN1_ITEM_ref(type) } +#define ASN1_EX_TYPE(flags, tag, stname, field, type) \ + { (flags), (tag), offsetof(stname, field), #field, ASN1_ITEM_ref(type) } /* implicit and explicit helper macros */ #define ASN1_IMP_EX(stname, field, type, tag, ex) \ - ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type) + ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type) #define ASN1_EXP_EX(stname, field, type, tag, ex) \ - ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type) + ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type) /* Any defined by macros: the field used is in the table itself */ -#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +#define ASN1_ADB_OBJECT(tblname) \ + { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } /* Plain simple type */ -#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) +#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0, 0, stname, field, type) /* OPTIONAL simple type */ -#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) +#define ASN1_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) /* IMPLICIT tagged simple type */ -#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) +#define ASN1_IMP(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, 0) /* IMPLICIT tagged OPTIONAL simple type */ -#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +#define ASN1_IMP_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) /* Same as above but EXPLICIT */ -#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) -#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +#define ASN1_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, 0) +#define ASN1_EXP_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) /* SEQUENCE OF type */ #define ASN1_SEQUENCE_OF(stname, field, type) \ - ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) /* OPTIONAL SEQUENCE OF */ -#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ - ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) +#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, 0, stname, field, \ + type) /* Same as above but for SET OF */ #define ASN1_SET_OF(stname, field, type) \ - ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) + ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) #define ASN1_SET_OF_OPT(stname, field, type) \ - ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + ASN1_EX_TYPE(ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 0, stname, field, type) /* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */ #define ASN1_IMP_SET_OF(stname, field, type, tag) \ - ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) #define ASN1_EXP_SET_OF(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) #define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ - ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL) #define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL) #define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ - ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) #define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ - ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + ASN1_IMP_EX(stname, field, type, tag, \ + ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL) #define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) #define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + ASN1_EXP_EX(stname, field, type, tag, \ + ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL) /* Macros for the ASN1_ADB structure */ -#define ASN1_ADB(name) \ - static const ASN1_ADB_TABLE name##_adbtbl[] +#define ASN1_ADB(name) static const ASN1_ADB_TABLE name##_adbtbl[] #define ASN1_ADB_END(name, flags, field, app_table, def, none) \ - ;\ - static const ASN1_ADB name##_adb = {\ - flags,\ - offsetof(name, field),\ - app_table,\ - name##_adbtbl,\ - sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ - def,\ - none\ - } - -#define ADB_ENTRY(val, template) {val, template} - -#define ASN1_ADB_TEMPLATE(name) \ - static const ASN1_TEMPLATE name##_tt + ; \ + static const ASN1_ADB name##_adb = { \ + flags, \ + offsetof(name, field), \ + app_table, \ + name##_adbtbl, \ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE), \ + def, \ + none} + +#define ADB_ENTRY(val, template) \ + { val, template } + +#define ASN1_ADB_TEMPLATE(name) static const ASN1_TEMPLATE name##_tt /* This is the ASN1 template structure that defines * a wrapper round the actual type. It determines the @@ -343,11 +317,11 @@ typedef struct ASN1_TLC_st ASN1_TLC; */ struct ASN1_TEMPLATE_st { -uint32_t flags; /* Various flags */ -int tag; /* tag, not used if no tagging */ -unsigned long offset; /* Offset of this field in structure */ -const char *field_name; /* Field name */ -ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ + uint32_t flags; /* Various flags */ + int tag; /* tag, not used if no tagging */ + unsigned long offset; /* Offset of this field in structure */ + const char *field_name; /* Field name */ + ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ }; /* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ @@ -361,33 +335,33 @@ typedef struct ASN1_ADB_st ASN1_ADB; typedef struct asn1_must_be_null_st ASN1_MUST_BE_NULL; struct ASN1_ADB_st { - uint32_t flags; /* Various flags */ - unsigned long offset; /* Offset of selector field */ - ASN1_MUST_BE_NULL *unused; - const ASN1_ADB_TABLE *tbl; /* Table of possible types */ - long tblcount; /* Number of entries in tbl */ - const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ - const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ + uint32_t flags; /* Various flags */ + unsigned long offset; /* Offset of selector field */ + ASN1_MUST_BE_NULL *unused; + const ASN1_ADB_TABLE *tbl; /* Table of possible types */ + long tblcount; /* Number of entries in tbl */ + const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ + const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ }; struct ASN1_ADB_TABLE_st { - int value; /* NID for an object */ - const ASN1_TEMPLATE tt; /* item for this value */ + int value; /* NID for an object */ + const ASN1_TEMPLATE tt; /* item for this value */ }; /* template flags */ /* Field is optional */ -#define ASN1_TFLG_OPTIONAL (0x1) +#define ASN1_TFLG_OPTIONAL (0x1) /* Field is a SET OF */ -#define ASN1_TFLG_SET_OF (0x1 << 1) +#define ASN1_TFLG_SET_OF (0x1 << 1) /* Field is a SEQUENCE OF */ -#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) +#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) /* Mask for SET OF or SEQUENCE OF */ -#define ASN1_TFLG_SK_MASK (0x3 << 1) +#define ASN1_TFLG_SK_MASK (0x3 << 1) /* These flags mean the tag should be taken from the * tag field. If EXPLICIT then the underlying type @@ -395,36 +369,36 @@ struct ASN1_ADB_TABLE_st { */ /* IMPLICIT tagging */ -#define ASN1_TFLG_IMPTAG (0x1 << 3) +#define ASN1_TFLG_IMPTAG (0x1 << 3) /* EXPLICIT tagging, inner tag from underlying type */ -#define ASN1_TFLG_EXPTAG (0x2 << 3) +#define ASN1_TFLG_EXPTAG (0x2 << 3) -#define ASN1_TFLG_TAG_MASK (0x3 << 3) +#define ASN1_TFLG_TAG_MASK (0x3 << 3) /* context specific IMPLICIT */ -#define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT +#define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG | ASN1_TFLG_CONTEXT /* context specific EXPLICIT */ -#define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT +#define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG | ASN1_TFLG_CONTEXT /* If tagging is in force these determine the * type of tag to use. Otherwise the tag is - * determined by the underlying type. These + * determined by the underlying type. These * values reflect the actual octet format. */ -/* Universal tag */ -#define ASN1_TFLG_UNIVERSAL (0x0<<6) -/* Application tag */ -#define ASN1_TFLG_APPLICATION (0x1<<6) -/* Context specific tag */ -#define ASN1_TFLG_CONTEXT (0x2<<6) -/* Private tag */ -#define ASN1_TFLG_PRIVATE (0x3<<6) +/* Universal tag */ +#define ASN1_TFLG_UNIVERSAL (0x0 << 6) +/* Application tag */ +#define ASN1_TFLG_APPLICATION (0x1 << 6) +/* Context specific tag */ +#define ASN1_TFLG_CONTEXT (0x2 << 6) +/* Private tag */ +#define ASN1_TFLG_PRIVATE (0x3 << 6) -#define ASN1_TFLG_TAG_CLASS (0x3<<6) +#define ASN1_TFLG_TAG_CLASS (0x3 << 6) /* These are for ANY DEFINED BY type. In this case * the 'item' field points to an ASN1_ADB structure @@ -432,20 +406,21 @@ struct ASN1_ADB_TABLE_st { * relevant type */ -#define ASN1_TFLG_ADB_MASK (0x3<<8) +#define ASN1_TFLG_ADB_MASK (0x3 << 8) -#define ASN1_TFLG_ADB_OID (0x1<<8) +#define ASN1_TFLG_ADB_OID (0x1 << 8) /* This is the actual ASN1 item itself */ struct ASN1_ITEM_st { -char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */ -int utype; /* underlying type */ -const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */ -long tcount; /* Number of templates if SEQUENCE or CHOICE */ -const void *funcs; /* functions that handle this type */ -long size; /* Structure size (usually)*/ -const char *sname; /* Structure name */ + char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */ + int utype; /* underlying type */ + const ASN1_TEMPLATE + *templates; /* If SEQUENCE or CHOICE this contains the contents */ + long tcount; /* Number of templates if SEQUENCE or CHOICE */ + const void *funcs; /* functions that handle this type */ + long size; /* Structure size (usually)*/ + const char *sname; /* Structure name */ }; /* These are values for the itype field and @@ -454,7 +429,7 @@ const char *sname; /* Structure name */ * For PRIMITIVE types the underlying type * determines the behaviour if items is NULL. * - * Otherwise templates must contain a single + * Otherwise templates must contain a single * template and the type is treated in the * same way as the type specified in the template. * @@ -468,7 +443,7 @@ const char *sname; /* Structure name */ * selector. * * The 'funcs' field is used for application - * specific functions. + * specific functions. * * The EXTERN type uses a new style d2i/i2d. * The new style should be used where possible @@ -484,15 +459,15 @@ const char *sname; /* Structure name */ * */ -#define ASN1_ITYPE_PRIMITIVE 0x0 +#define ASN1_ITYPE_PRIMITIVE 0x0 -#define ASN1_ITYPE_SEQUENCE 0x1 +#define ASN1_ITYPE_SEQUENCE 0x1 -#define ASN1_ITYPE_CHOICE 0x2 +#define ASN1_ITYPE_CHOICE 0x2 -#define ASN1_ITYPE_EXTERN 0x4 +#define ASN1_ITYPE_EXTERN 0x4 -#define ASN1_ITYPE_MSTRING 0x5 +#define ASN1_ITYPE_MSTRING 0x5 /* Deprecated tag and length cache */ struct ASN1_TLC_st; @@ -507,7 +482,7 @@ struct ASN1_TLC_st; * used. This is most useful where the supplied routines * *almost* do the right thing but need some extra help * at a few points. If the callback returns zero then - * it is assumed a fatal error has occurred and the + * it is assumed a fatal error has occurred and the * main operation should be abandoned. * * If major changes in the default behaviour are required @@ -515,142 +490,129 @@ struct ASN1_TLC_st; */ typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, - void *exarg); + void *exarg); typedef struct ASN1_AUX_st { - void *app_data; - uint32_t flags; - int ref_offset; /* Offset of reference value */ - ASN1_aux_cb *asn1_cb; - int enc_offset; /* Offset of ASN1_ENCODING structure */ + void *app_data; + uint32_t flags; + int ref_offset; /* Offset of reference value */ + ASN1_aux_cb *asn1_cb; + int enc_offset; /* Offset of ASN1_ENCODING structure */ } ASN1_AUX; /* Flags in ASN1_AUX */ /* Use a reference count */ -#define ASN1_AFLG_REFCOUNT 1 +#define ASN1_AFLG_REFCOUNT 1 /* Save the encoding of structure (useful for signatures) */ -#define ASN1_AFLG_ENCODING 2 +#define ASN1_AFLG_ENCODING 2 /* operation values for asn1_cb */ -#define ASN1_OP_NEW_PRE 0 -#define ASN1_OP_NEW_POST 1 -#define ASN1_OP_FREE_PRE 2 -#define ASN1_OP_FREE_POST 3 -#define ASN1_OP_D2I_PRE 4 -#define ASN1_OP_D2I_POST 5 +#define ASN1_OP_NEW_PRE 0 +#define ASN1_OP_NEW_POST 1 +#define ASN1_OP_FREE_PRE 2 +#define ASN1_OP_FREE_POST 3 +#define ASN1_OP_D2I_PRE 4 +#define ASN1_OP_D2I_POST 5 /* ASN1_OP_I2D_PRE and ASN1_OP_I2D_POST are not supported. We leave the * constants undefined so code relying on them does not accidentally compile. */ -#define ASN1_OP_PRINT_PRE 8 -#define ASN1_OP_PRINT_POST 9 -#define ASN1_OP_STREAM_PRE 10 -#define ASN1_OP_STREAM_POST 11 -#define ASN1_OP_DETACHED_PRE 12 -#define ASN1_OP_DETACHED_POST 13 +#define ASN1_OP_PRINT_PRE 8 +#define ASN1_OP_PRINT_POST 9 +#define ASN1_OP_STREAM_PRE 10 +#define ASN1_OP_STREAM_POST 11 +#define ASN1_OP_DETACHED_PRE 12 +#define ASN1_OP_DETACHED_POST 13 /* Macro to implement a primitive type */ #define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) -#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ - ASN1_ITEM_start(itname) \ - ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ - ASN1_ITEM_end(itname) +#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ + ASN1_ITEM_start(itname) ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, \ + #itname ASN1_ITEM_end(itname) /* Macro to implement a multi string type */ -#define IMPLEMENT_ASN1_MSTRING(itname, mask) \ - ASN1_ITEM_start(itname) \ - ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ - ASN1_ITEM_end(itname) - -#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ - ASN1_ITEM_start(sname) \ - ASN1_ITYPE_EXTERN, \ - tag, \ - NULL, \ - 0, \ - &fptrs, \ - 0, \ - #sname \ - ASN1_ITEM_end(sname) +#define IMPLEMENT_ASN1_MSTRING(itname, mask) \ + ASN1_ITEM_start(itname) ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, \ + sizeof(ASN1_STRING), #itname ASN1_ITEM_end(itname) + +#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ + ASN1_ITEM_start(sname) ASN1_ITYPE_EXTERN, tag, NULL, 0, &fptrs, 0, \ + #sname ASN1_ITEM_end(sname) /* Macro to implement standard functions in terms of ASN1_ITEM structures */ -#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) +#define IMPLEMENT_ASN1_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) -#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) +#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) \ + IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) #define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ - IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) + IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) #define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ - IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ - IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ - pre stname *fname##_new(void) \ - { \ - return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ - } \ - pre void fname##_free(stname *a) \ - { \ - ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ - } + pre stname *fname##_new(void) { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ - stname *fname##_new(void) \ - { \ - return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ - } \ - void fname##_free(stname *a) \ - { \ - ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ - } - -#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ - IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) - -#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ - stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ - { \ - return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ - } \ - int i2d_##fname(stname *a, unsigned char **out) \ - { \ - return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ - } + stname *fname##_new(void) { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + void fname##_free(stname *a) { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ + ASN1_ITEM_rptr(itname)); \ + } \ + int i2d_##fname(stname *a, unsigned char **out) { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname)); \ + } /* This includes evil casts to remove const: they will go away when full * ASN1 constification is done. */ #define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ - stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ - { \ - return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ - } \ - int i2d_##fname(const stname *a, unsigned char **out) \ - { \ - return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ - } - -#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ - stname *stname##_dup(stname *x) { \ - return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ + ASN1_ITEM_rptr(itname)); \ + } \ + int i2d_##fname(const stname *a, unsigned char **out) { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname)); \ + } + +#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ + stname *stname##_dup(stname *x) { \ + return (stname *)ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ } -#define IMPLEMENT_ASN1_DUP_FUNCTION_const(stname) \ - stname *stname##_dup(const stname *x) { \ - return ASN1_item_dup(ASN1_ITEM_rptr(stname), (void *)x); \ +#define IMPLEMENT_ASN1_DUP_FUNCTION_const(stname) \ + stname *stname##_dup(const stname *x) { \ + return (stname *)ASN1_item_dup(ASN1_ITEM_rptr(stname), (void *)x); \ } #define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ - IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) + IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) -#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \ - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ - IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) +#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) /* external definitions for primitive types */ diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_base.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_base.h index 3fb7f81c..d329f0f1 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_base.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_base.h @@ -114,7 +114,7 @@ extern "C" { // A consumer may use this symbol in the preprocessor to temporarily build // against multiple revisions of BoringSSL at the same time. It is not // recommended to do so for longer than is necessary. -#define BORINGSSL_API_VERSION 32 +#define BORINGSSL_API_VERSION 33 #if defined(BORINGSSL_SHARED_LIBRARY) @@ -176,8 +176,8 @@ extern "C" { // https://sourceforge.net/p/mingw-w64/wiki2/gnu%20printf/. #if defined(__MINGW_PRINTF_FORMAT) #define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \ - __attribute__( \ - (__format__(__MINGW_PRINTF_FORMAT, string_index, first_to_check))) + __attribute__(( \ + __format__(__MINGW_PRINTF_FORMAT, string_index, first_to_check))) #else #define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \ __attribute__((__format__(__printf__, string_index, first_to_check))) @@ -202,6 +202,13 @@ extern "C" { #if defined(__GNUC__) || defined(__clang__) #define OPENSSL_UNUSED __attribute__((unused)) +#elif defined(_MSC_VER) +// __pragma wants to be on a separate line. The following is what it takes to +// stop clang-format from messing with that. +// clang-format off +#define OPENSSL_UNUSED __pragma(warning(suppress : 4505)) \ +/* */ +// clang-format on #else #define OPENSSL_UNUSED #endif @@ -443,7 +450,7 @@ extern "C++" { #define BORINGSSL_NO_CXX #endif -} // extern C++ +} // extern C++ #endif // !BORINGSSL_NO_CXX #if defined(BORINGSSL_NO_CXX) @@ -487,7 +494,7 @@ class StackAllocated { ~StackAllocated() { cleanup(&ctx_); } StackAllocated(const StackAllocated &) = delete; - StackAllocated& operator=(const StackAllocated &) = delete; + StackAllocated &operator=(const StackAllocated &) = delete; T *get() { return &ctx_; } const T *get() const { return &ctx_; } diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_boringssl_prefix_symbols.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_boringssl_prefix_symbols.h index e31d964b..81701320 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_boringssl_prefix_symbols.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_boringssl_prefix_symbols.h @@ -18,7 +18,6 @@ #define BORINGSSL_ADD_PREFIX_INNER(a, b) a ## _ ## b #define ACCESS_DESCRIPTION_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ACCESS_DESCRIPTION_free) -#define ACCESS_DESCRIPTION_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ACCESS_DESCRIPTION_it) #define ACCESS_DESCRIPTION_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ACCESS_DESCRIPTION_new) #define AES_CMAC BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, AES_CMAC) #define AES_cbc_encrypt BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, AES_cbc_encrypt) @@ -103,9 +102,7 @@ #define ASN1_PRINTABLE_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ASN1_PRINTABLE_free) #define ASN1_PRINTABLE_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ASN1_PRINTABLE_it) #define ASN1_PRINTABLE_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ASN1_PRINTABLE_new) -#define ASN1_SEQUENCE_ANY_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ASN1_SEQUENCE_ANY_it) #define ASN1_SEQUENCE_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ASN1_SEQUENCE_it) -#define ASN1_SET_ANY_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ASN1_SET_ANY_it) #define ASN1_STRING_TABLE_add BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ASN1_STRING_TABLE_add) #define ASN1_STRING_TABLE_cleanup BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ASN1_STRING_TABLE_cleanup) #define ASN1_STRING_cmp BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ASN1_STRING_cmp) @@ -245,6 +242,7 @@ #define BIO_ctrl_get_read_request BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_ctrl_get_read_request) #define BIO_ctrl_get_write_guarantee BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_ctrl_get_write_guarantee) #define BIO_ctrl_pending BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_ctrl_pending) +#define BIO_do_connect BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_do_connect) #define BIO_eof BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_eof) #define BIO_find_type BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_find_type) #define BIO_flush BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_flush) @@ -279,10 +277,12 @@ #define BIO_method_type BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_method_type) #define BIO_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_new) #define BIO_new_bio_pair BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_new_bio_pair) +#define BIO_new_connect BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_new_connect) #define BIO_new_fd BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_new_fd) #define BIO_new_file BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_new_file) #define BIO_new_fp BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_new_fp) #define BIO_new_mem_buf BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_new_mem_buf) +#define BIO_new_socket BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_new_socket) #define BIO_next BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_next) #define BIO_number_read BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_number_read) #define BIO_number_written BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_number_written) @@ -297,11 +297,16 @@ #define BIO_read_filename BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_read_filename) #define BIO_reset BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_reset) #define BIO_rw_filename BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_rw_filename) +#define BIO_s_connect BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_s_connect) #define BIO_s_fd BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_s_fd) #define BIO_s_file BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_s_file) #define BIO_s_mem BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_s_mem) +#define BIO_s_socket BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_s_socket) #define BIO_seek BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_seek) #define BIO_set_close BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_set_close) +#define BIO_set_conn_hostname BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_set_conn_hostname) +#define BIO_set_conn_int_port BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_set_conn_int_port) +#define BIO_set_conn_port BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_set_conn_port) #define BIO_set_data BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_set_data) #define BIO_set_ex_data BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_set_ex_data) #define BIO_set_fd BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_set_fd) @@ -310,6 +315,7 @@ #define BIO_set_init BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_set_init) #define BIO_set_mem_buf BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_set_mem_buf) #define BIO_set_mem_eof_return BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_set_mem_eof_return) +#define BIO_set_nbio BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_set_nbio) #define BIO_set_retry_read BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_set_retry_read) #define BIO_set_retry_reason BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_set_retry_reason) #define BIO_set_retry_special BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, BIO_set_retry_special) @@ -536,6 +542,7 @@ #define CBS_asn1_oid_to_text BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_asn1_oid_to_text) #define CBS_contains_zero_byte BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_contains_zero_byte) #define CBS_copy_bytes BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_copy_bytes) +#define CBS_data BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_data) #define CBS_get_any_asn1 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_get_any_asn1) #define CBS_get_any_asn1_element BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_get_any_asn1_element) #define CBS_get_any_ber_asn1_element BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_get_any_ber_asn1_element) @@ -568,10 +575,12 @@ #define CBS_get_until_first BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_get_until_first) #define CBS_get_utf32_be BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_get_utf32_be) #define CBS_get_utf8 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_get_utf8) +#define CBS_init BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_init) #define CBS_is_unsigned_asn1_integer BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_is_unsigned_asn1_integer) #define CBS_is_valid_asn1_bitstring BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_is_valid_asn1_bitstring) #define CBS_is_valid_asn1_integer BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_is_valid_asn1_integer) #define CBS_is_valid_asn1_oid BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_is_valid_asn1_oid) +#define CBS_len BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_len) #define CBS_mem_equal BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_mem_equal) #define CBS_parse_generalized_time BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_parse_generalized_time) #define CBS_parse_utc_time BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_parse_utc_time) @@ -620,6 +629,9 @@ #define CRYPTO_THREADID_set_callback BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_THREADID_set_callback) #define CRYPTO_THREADID_set_numeric BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_THREADID_set_numeric) #define CRYPTO_THREADID_set_pointer BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_THREADID_set_pointer) +#define CRYPTO_atomic_compare_exchange_weak_u32 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_atomic_compare_exchange_weak_u32) +#define CRYPTO_atomic_load_u32 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_atomic_load_u32) +#define CRYPTO_atomic_store_u32 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_atomic_store_u32) #define CRYPTO_cbc128_decrypt BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_cbc128_decrypt) #define CRYPTO_cbc128_encrypt BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_cbc128_encrypt) #define CRYPTO_cfb128_1_encrypt BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_cfb128_1_encrypt) @@ -627,6 +639,7 @@ #define CRYPTO_cfb128_encrypt BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_cfb128_encrypt) #define CRYPTO_chacha_20 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_chacha_20) #define CRYPTO_cleanup_all_ex_data BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_cleanup_all_ex_data) +#define CRYPTO_cpu_perf_is_like_silvermont BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_cpu_perf_is_like_silvermont) #define CRYPTO_ctr128_encrypt BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_ctr128_encrypt) #define CRYPTO_ctr128_encrypt_ctr32 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_ctr128_encrypt_ctr32) #define CRYPTO_fips_186_2_prf BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_fips_186_2_prf) @@ -656,7 +669,27 @@ #define CRYPTO_has_asm BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_has_asm) #define CRYPTO_hchacha20 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_hchacha20) #define CRYPTO_init_sysrand BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_init_sysrand) +#define CRYPTO_is_ADX_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_ADX_capable) +#define CRYPTO_is_AESNI_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_AESNI_capable) +#define CRYPTO_is_ARMv8_AES_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_ARMv8_AES_capable) +#define CRYPTO_is_ARMv8_PMULL_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_ARMv8_PMULL_capable) +#define CRYPTO_is_ARMv8_SHA1_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_ARMv8_SHA1_capable) +#define CRYPTO_is_ARMv8_SHA256_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_ARMv8_SHA256_capable) +#define CRYPTO_is_ARMv8_SHA512_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_ARMv8_SHA512_capable) +#define CRYPTO_is_AVX2_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_AVX2_capable) +#define CRYPTO_is_AVX_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_AVX_capable) +#define CRYPTO_is_BMI1_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_BMI1_capable) +#define CRYPTO_is_BMI2_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_BMI2_capable) +#define CRYPTO_is_FXSR_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_FXSR_capable) +#define CRYPTO_is_MOVBE_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_MOVBE_capable) +#define CRYPTO_is_NEON_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_NEON_capable) +#define CRYPTO_is_PCLMUL_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_PCLMUL_capable) +#define CRYPTO_is_RDRAND_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_RDRAND_capable) +#define CRYPTO_is_SSE4_1_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_SSE4_1_capable) +#define CRYPTO_is_SSSE3_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_SSSE3_capable) #define CRYPTO_is_confidential_build BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_confidential_build) +#define CRYPTO_is_intel_cpu BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_intel_cpu) +#define CRYPTO_is_x86_SHA_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_is_x86_SHA_capable) #define CRYPTO_library_init BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_library_init) #define CRYPTO_malloc BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_malloc) #define CRYPTO_malloc_init BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_malloc_init) @@ -690,6 +723,7 @@ #define CRYPTO_sysrand_if_available BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_sysrand_if_available) #define CRYPTO_tls13_hkdf_expand_label BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_tls13_hkdf_expand_label) #define CRYPTO_tls1_prf BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_tls1_prf) +#define CRYPTO_xor16 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CRYPTO_xor16) #define CTR_DRBG_clear BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CTR_DRBG_clear) #define CTR_DRBG_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CTR_DRBG_free) #define CTR_DRBG_generate BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CTR_DRBG_generate) @@ -697,10 +731,14 @@ #define CTR_DRBG_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CTR_DRBG_new) #define CTR_DRBG_reseed BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CTR_DRBG_reseed) #define ChaCha20_ctr32_avx2 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ChaCha20_ctr32_avx2) +#define ChaCha20_ctr32_avx2_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ChaCha20_ctr32_avx2_capable) #define ChaCha20_ctr32_neon BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ChaCha20_ctr32_neon) +#define ChaCha20_ctr32_neon_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ChaCha20_ctr32_neon_capable) #define ChaCha20_ctr32_nohw BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ChaCha20_ctr32_nohw) #define ChaCha20_ctr32_ssse3 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ChaCha20_ctr32_ssse3) #define ChaCha20_ctr32_ssse3_4x BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ChaCha20_ctr32_ssse3_4x) +#define ChaCha20_ctr32_ssse3_4x_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ChaCha20_ctr32_ssse3_4x_capable) +#define ChaCha20_ctr32_ssse3_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ChaCha20_ctr32_ssse3_capable) #define DES_decrypt3 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, DES_decrypt3) #define DES_ecb3_encrypt BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, DES_ecb3_encrypt) #define DES_ecb3_encrypt_ex BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, DES_ecb3_encrypt_ex) @@ -760,10 +798,8 @@ #define DISPLAYTEXT_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, DISPLAYTEXT_it) #define DISPLAYTEXT_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, DISPLAYTEXT_new) #define DIST_POINT_NAME_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, DIST_POINT_NAME_free) -#define DIST_POINT_NAME_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, DIST_POINT_NAME_it) #define DIST_POINT_NAME_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, DIST_POINT_NAME_new) #define DIST_POINT_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, DIST_POINT_free) -#define DIST_POINT_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, DIST_POINT_it) #define DIST_POINT_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, DIST_POINT_new) #define DIST_POINT_set_dpname BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, DIST_POINT_set_dpname) #define DSA_SIG_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, DSA_SIG_free) @@ -920,7 +956,6 @@ #define ED25519_sign BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ED25519_sign) #define ED25519_verify BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ED25519_verify) #define EDIPARTYNAME_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, EDIPARTYNAME_free) -#define EDIPARTYNAME_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, EDIPARTYNAME_it) #define EDIPARTYNAME_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, EDIPARTYNAME_new) #define ENGINE_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ENGINE_free) #define ENGINE_get_ECDSA_method BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ENGINE_get_ECDSA_method) @@ -930,6 +965,8 @@ #define ENGINE_register_all_complete BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ENGINE_register_all_complete) #define ENGINE_set_ECDSA_method BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ENGINE_set_ECDSA_method) #define ENGINE_set_RSA_method BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ENGINE_set_RSA_method) +#define ERR_GET_LIB BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ERR_GET_LIB) +#define ERR_GET_REASON BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ERR_GET_REASON) #define ERR_SAVE_STATE_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ERR_SAVE_STATE_free) #define ERR_add_error_data BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ERR_add_error_data) #define ERR_add_error_dataf BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ERR_add_error_dataf) @@ -1329,7 +1366,6 @@ #define GENERAL_NAME_set0_othername BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, GENERAL_NAME_set0_othername) #define GENERAL_NAME_set0_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, GENERAL_NAME_set0_value) #define GENERAL_SUBTREE_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, GENERAL_SUBTREE_free) -#define GENERAL_SUBTREE_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, GENERAL_SUBTREE_it) #define GENERAL_SUBTREE_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, GENERAL_SUBTREE_new) #define HKDF BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, HKDF) #define HKDF_expand BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, HKDF_expand) @@ -1393,6 +1429,28 @@ #define MLDSA65_sign_internal BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLDSA65_sign_internal) #define MLDSA65_verify BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLDSA65_verify) #define MLDSA65_verify_internal BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLDSA65_verify_internal) +#define MLKEM1024_decap BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM1024_decap) +#define MLKEM1024_encap BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM1024_encap) +#define MLKEM1024_encap_external_entropy BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM1024_encap_external_entropy) +#define MLKEM1024_generate_key BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM1024_generate_key) +#define MLKEM1024_generate_key_external_seed BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM1024_generate_key_external_seed) +#define MLKEM1024_marshal_private_key BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM1024_marshal_private_key) +#define MLKEM1024_marshal_public_key BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM1024_marshal_public_key) +#define MLKEM1024_parse_private_key BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM1024_parse_private_key) +#define MLKEM1024_parse_public_key BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM1024_parse_public_key) +#define MLKEM1024_private_key_from_seed BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM1024_private_key_from_seed) +#define MLKEM1024_public_from_private BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM1024_public_from_private) +#define MLKEM768_decap BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM768_decap) +#define MLKEM768_encap BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM768_encap) +#define MLKEM768_encap_external_entropy BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM768_encap_external_entropy) +#define MLKEM768_generate_key BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM768_generate_key) +#define MLKEM768_generate_key_external_seed BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM768_generate_key_external_seed) +#define MLKEM768_marshal_private_key BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM768_marshal_private_key) +#define MLKEM768_marshal_public_key BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM768_marshal_public_key) +#define MLKEM768_parse_private_key BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM768_parse_private_key) +#define MLKEM768_parse_public_key BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM768_parse_public_key) +#define MLKEM768_private_key_from_seed BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM768_private_key_from_seed) +#define MLKEM768_public_from_private BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, MLKEM768_public_from_private) #define NAME_CONSTRAINTS_check BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, NAME_CONSTRAINTS_check) #define NAME_CONSTRAINTS_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, NAME_CONSTRAINTS_free) #define NAME_CONSTRAINTS_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, NAME_CONSTRAINTS_it) @@ -1519,7 +1577,6 @@ #define OPENSSL_vasprintf_internal BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, OPENSSL_vasprintf_internal) #define OPENSSL_zalloc BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, OPENSSL_zalloc) #define OTHERNAME_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, OTHERNAME_free) -#define OTHERNAME_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, OTHERNAME_it) #define OTHERNAME_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, OTHERNAME_new) #define OpenSSL_add_all_algorithms BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, OpenSSL_add_all_algorithms) #define OpenSSL_add_all_ciphers BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, OpenSSL_add_all_ciphers) @@ -1646,7 +1703,6 @@ #define PKCS7_type_is_signed BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, PKCS7_type_is_signed) #define PKCS7_type_is_signedAndEnveloped BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, PKCS7_type_is_signedAndEnveloped) #define PKCS8_PRIV_KEY_INFO_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, PKCS8_PRIV_KEY_INFO_free) -#define PKCS8_PRIV_KEY_INFO_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, PKCS8_PRIV_KEY_INFO_it) #define PKCS8_PRIV_KEY_INFO_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, PKCS8_PRIV_KEY_INFO_new) #define PKCS8_decrypt BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, PKCS8_decrypt) #define PKCS8_encrypt BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, PKCS8_encrypt) @@ -1663,7 +1719,6 @@ #define POLICY_CONSTRAINTS_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, POLICY_CONSTRAINTS_new) #define POLICY_MAPPINGS_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, POLICY_MAPPINGS_it) #define POLICY_MAPPING_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, POLICY_MAPPING_free) -#define POLICY_MAPPING_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, POLICY_MAPPING_it) #define POLICY_MAPPING_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, POLICY_MAPPING_new) #define RAND_OpenSSL BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, RAND_OpenSSL) #define RAND_SSLeay BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, RAND_SSLeay) @@ -1791,6 +1846,8 @@ #define SIPHASH_24 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, SIPHASH_24) #define SLHDSA_SHA2_128S_generate_key BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, SLHDSA_SHA2_128S_generate_key) #define SLHDSA_SHA2_128S_generate_key_from_seed BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, SLHDSA_SHA2_128S_generate_key_from_seed) +#define SLHDSA_SHA2_128S_prehash_warning_nonstandard_sign BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, SLHDSA_SHA2_128S_prehash_warning_nonstandard_sign) +#define SLHDSA_SHA2_128S_prehash_warning_nonstandard_verify BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, SLHDSA_SHA2_128S_prehash_warning_nonstandard_verify) #define SLHDSA_SHA2_128S_public_from_private BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, SLHDSA_SHA2_128S_public_from_private) #define SLHDSA_SHA2_128S_sign BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, SLHDSA_SHA2_128S_sign) #define SLHDSA_SHA2_128S_sign_internal BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, SLHDSA_SHA2_128S_sign_internal) @@ -1965,7 +2022,6 @@ #define X509_LOOKUP_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_LOOKUP_free) #define X509_LOOKUP_hash_dir BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_LOOKUP_hash_dir) #define X509_LOOKUP_load_file BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_LOOKUP_load_file) -#define X509_NAME_ENTRIES_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_NAME_ENTRIES_it) #define X509_NAME_ENTRY_create_by_NID BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_NAME_ENTRY_create_by_NID) #define X509_NAME_ENTRY_create_by_OBJ BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_NAME_ENTRY_create_by_OBJ) #define X509_NAME_ENTRY_create_by_txt BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_NAME_ENTRY_create_by_txt) @@ -1978,7 +2034,6 @@ #define X509_NAME_ENTRY_set BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_NAME_ENTRY_set) #define X509_NAME_ENTRY_set_data BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_NAME_ENTRY_set_data) #define X509_NAME_ENTRY_set_object BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_NAME_ENTRY_set_object) -#define X509_NAME_INTERNAL_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_NAME_INTERNAL_it) #define X509_NAME_add_entry BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_NAME_add_entry) #define X509_NAME_add_entry_by_NID BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_NAME_add_entry_by_NID) #define X509_NAME_add_entry_by_OBJ BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_NAME_add_entry_by_OBJ) @@ -2083,7 +2138,6 @@ #define X509_SIG_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_SIG_free) #define X509_SIG_get0 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_SIG_get0) #define X509_SIG_getm BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_SIG_getm) -#define X509_SIG_it BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_SIG_it) #define X509_SIG_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_SIG_new) #define X509_STORE_CTX_cleanup BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_STORE_CTX_cleanup) #define X509_STORE_CTX_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509_STORE_CTX_free) @@ -2290,6 +2344,7 @@ #define X509v3_get_ext_by_OBJ BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509v3_get_ext_by_OBJ) #define X509v3_get_ext_by_critical BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509v3_get_ext_by_critical) #define X509v3_get_ext_count BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, X509v3_get_ext_count) +#define __clang_call_terminate BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, __clang_call_terminate) #define a2i_IPADDRESS BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, a2i_IPADDRESS) #define a2i_IPADDRESS_NC BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, a2i_IPADDRESS_NC) #define aes128gcmsiv_aes_ks BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, aes128gcmsiv_aes_ks) @@ -2318,6 +2373,7 @@ #define aes_hw_set_decrypt_key BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, aes_hw_set_decrypt_key) #define aes_hw_set_encrypt_key BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, aes_hw_set_encrypt_key) #define aes_hw_set_encrypt_key_alt BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, aes_hw_set_encrypt_key_alt) +#define aes_hw_set_encrypt_key_alt_preferred BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, aes_hw_set_encrypt_key_alt_preferred) #define aes_hw_set_encrypt_key_base BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, aes_hw_set_encrypt_key_base) #define aes_nohw_cbc_encrypt BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, aes_nohw_cbc_encrypt) #define aes_nohw_ctr32_encrypt_blocks BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, aes_nohw_ctr32_encrypt_blocks) @@ -2351,12 +2407,18 @@ #define asn1_type_value_as_pointer BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, asn1_type_value_as_pointer) #define asn1_utctime_to_tm BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, asn1_utctime_to_tm) #define beeu_mod_inverse_vartime BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, beeu_mod_inverse_vartime) +#define bio_clear_socket_error BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bio_clear_socket_error) #define bio_errno_should_retry BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bio_errno_should_retry) +#define bio_ip_and_port_to_socket_and_addr BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bio_ip_and_port_to_socket_and_addr) +#define bio_sock_error BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bio_sock_error) +#define bio_socket_nbio BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bio_socket_nbio) +#define bio_socket_should_retry BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bio_socket_should_retry) #define bn_abs_sub_consttime BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_abs_sub_consttime) #define bn_add_words BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_add_words) #define bn_assert_fits_in_bytes BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_assert_fits_in_bytes) #define bn_big_endian_to_words BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_big_endian_to_words) #define bn_copy_words BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_copy_words) +#define bn_declassify BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_declassify) #define bn_div_consttime BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_div_consttime) #define bn_expand BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_expand) #define bn_fits_in_words BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_fits_in_words) @@ -2390,7 +2452,9 @@ #define bn_mont_ctx_set_RR_consttime BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_mont_ctx_set_RR_consttime) #define bn_mont_n0 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_mont_n0) #define bn_mul4x_mont BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_mul4x_mont) +#define bn_mul4x_mont_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_mul4x_mont_capable) #define bn_mul4x_mont_gather5 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_mul4x_mont_gather5) +#define bn_mul4x_mont_gather5_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_mul4x_mont_gather5_capable) #define bn_mul_add_words BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_mul_add_words) #define bn_mul_comba4 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_mul_comba4) #define bn_mul_comba8 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_mul_comba8) @@ -2401,11 +2465,16 @@ #define bn_mul_small BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_mul_small) #define bn_mul_words BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_mul_words) #define bn_mulx4x_mont BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_mulx4x_mont) +#define bn_mulx4x_mont_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_mulx4x_mont_capable) #define bn_mulx4x_mont_gather5 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_mulx4x_mont_gather5) +#define bn_mulx4x_mont_gather5_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_mulx4x_mont_gather5_capable) +#define bn_mulx_adx_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_mulx_adx_capable) #define bn_odd_number_is_obviously_composite BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_odd_number_is_obviously_composite) #define bn_one_to_montgomery BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_one_to_montgomery) +#define bn_power5_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_power5_capable) #define bn_power5_nohw BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_power5_nohw) #define bn_powerx5 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_powerx5) +#define bn_powerx5_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_powerx5_capable) #define bn_rand_range_words BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_rand_range_words) #define bn_rand_secret_range BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_rand_secret_range) #define bn_reduce_once BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_reduce_once) @@ -2415,12 +2484,14 @@ #define bn_rshift_secret_shift BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_rshift_secret_shift) #define bn_rshift_words BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_rshift_words) #define bn_scatter5 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_scatter5) +#define bn_secret BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_secret) #define bn_select_words BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_select_words) #define bn_set_minimal_width BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_set_minimal_width) #define bn_set_static_words BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_set_static_words) #define bn_set_words BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_set_words) #define bn_sqr8x_internal BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_sqr8x_internal) #define bn_sqr8x_mont BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_sqr8x_mont) +#define bn_sqr8x_mont_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_sqr8x_mont_capable) #define bn_sqr_comba4 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_sqr_comba4) #define bn_sqr_comba8 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_sqr_comba8) #define bn_sqr_consttime BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_sqr_consttime) @@ -2433,12 +2504,20 @@ #define bn_usub_consttime BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_usub_consttime) #define bn_wexpand BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_wexpand) #define bn_words_to_big_endian BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bn_words_to_big_endian) +#define boringssl_ensure_ecc_self_test BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, boringssl_ensure_ecc_self_test) +#define boringssl_ensure_ffdh_self_test BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, boringssl_ensure_ffdh_self_test) +#define boringssl_ensure_rsa_self_test BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, boringssl_ensure_rsa_self_test) +#define boringssl_fips_break_test BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, boringssl_fips_break_test) +#define boringssl_fips_inc_counter BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, boringssl_fips_inc_counter) #define boringssl_self_test_hmac_sha256 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, boringssl_self_test_hmac_sha256) #define boringssl_self_test_sha256 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, boringssl_self_test_sha256) #define boringssl_self_test_sha512 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, boringssl_self_test_sha512) +#define bsaes_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bsaes_capable) +#define bsaes_cbc_encrypt BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, bsaes_cbc_encrypt) #define c2i_ASN1_BIT_STRING BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, c2i_ASN1_BIT_STRING) #define c2i_ASN1_INTEGER BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, c2i_ASN1_INTEGER) #define c2i_ASN1_OBJECT BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, c2i_ASN1_OBJECT) +#define chacha20_poly1305_asm_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, chacha20_poly1305_asm_capable) #define chacha20_poly1305_open BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, chacha20_poly1305_open) #define chacha20_poly1305_open_avx2 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, chacha20_poly1305_open_avx2) #define chacha20_poly1305_open_nohw BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, chacha20_poly1305_open_nohw) @@ -2685,7 +2764,6 @@ #define ecp_nistz256_sub BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ecp_nistz256_sub) #define ed25519_asn1_meth BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ed25519_asn1_meth) #define ed25519_pkey_meth BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, ed25519_pkey_meth) -#define evp_md_md5_sha1 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, evp_md_md5_sha1) #define evp_pkey_set_method BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, evp_pkey_set_method) #define fiat_curve25519_adx_mul BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, fiat_curve25519_adx_mul) #define fiat_curve25519_adx_square BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, fiat_curve25519_adx_square) @@ -2709,7 +2787,12 @@ #define gcm_init_nohw BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, gcm_init_nohw) #define gcm_init_ssse3 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, gcm_init_ssse3) #define gcm_init_v8 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, gcm_init_v8) +#define gcm_neon_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, gcm_neon_capable) +#define gcm_pmull_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, gcm_pmull_capable) +#define have_fast_rdrand BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, have_fast_rdrand) +#define have_rdrand BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, have_rdrand) #define hkdf_pkey_meth BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, hkdf_pkey_meth) +#define hwaes_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, hwaes_capable) #define i2a_ASN1_ENUMERATED BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, i2a_ASN1_ENUMERATED) #define i2a_ASN1_INTEGER BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, i2a_ASN1_INTEGER) #define i2a_ASN1_OBJECT BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, i2a_ASN1_OBJECT) @@ -2845,7 +2928,30 @@ #define kOpenSSLReasonStringData BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, kOpenSSLReasonStringData) #define kOpenSSLReasonValues BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, kOpenSSLReasonValues) #define kOpenSSLReasonValuesLen BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, kOpenSSLReasonValuesLen) -#define md4_block_data_order BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, md4_block_data_order) +#define lh_CONF_SECTION_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CONF_SECTION_call_cmp_func) +#define lh_CONF_SECTION_call_doall_arg BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CONF_SECTION_call_doall_arg) +#define lh_CONF_SECTION_call_hash_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CONF_SECTION_call_hash_func) +#define lh_CONF_SECTION_doall_arg BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CONF_SECTION_doall_arg) +#define lh_CONF_SECTION_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CONF_SECTION_free) +#define lh_CONF_SECTION_insert BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CONF_SECTION_insert) +#define lh_CONF_SECTION_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CONF_SECTION_new) +#define lh_CONF_SECTION_retrieve BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CONF_SECTION_retrieve) +#define lh_CONF_VALUE_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CONF_VALUE_call_cmp_func) +#define lh_CONF_VALUE_call_doall_arg BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CONF_VALUE_call_doall_arg) +#define lh_CONF_VALUE_call_hash_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CONF_VALUE_call_hash_func) +#define lh_CONF_VALUE_doall_arg BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CONF_VALUE_doall_arg) +#define lh_CONF_VALUE_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CONF_VALUE_free) +#define lh_CONF_VALUE_insert BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CONF_VALUE_insert) +#define lh_CONF_VALUE_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CONF_VALUE_new) +#define lh_CONF_VALUE_retrieve BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CONF_VALUE_retrieve) +#define lh_CRYPTO_BUFFER_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CRYPTO_BUFFER_call_cmp_func) +#define lh_CRYPTO_BUFFER_call_hash_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CRYPTO_BUFFER_call_hash_func) +#define lh_CRYPTO_BUFFER_delete BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CRYPTO_BUFFER_delete) +#define lh_CRYPTO_BUFFER_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CRYPTO_BUFFER_free) +#define lh_CRYPTO_BUFFER_insert BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CRYPTO_BUFFER_insert) +#define lh_CRYPTO_BUFFER_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CRYPTO_BUFFER_new) +#define lh_CRYPTO_BUFFER_num_items BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CRYPTO_BUFFER_num_items) +#define lh_CRYPTO_BUFFER_retrieve BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, lh_CRYPTO_BUFFER_retrieve) #define md5_block_asm_data_order BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, md5_block_asm_data_order) #define o2i_ECPublicKey BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, o2i_ECPublicKey) #define pkcs12_iterations_acceptable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, pkcs12_iterations_acceptable) @@ -2901,20 +3007,224 @@ #define rsaz_1024_red2norm_avx2 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, rsaz_1024_red2norm_avx2) #define rsaz_1024_scatter5_avx2 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, rsaz_1024_scatter5_avx2) #define rsaz_1024_sqr_avx2 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, rsaz_1024_sqr_avx2) +#define rsaz_avx2_preferred BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, rsaz_avx2_preferred) #define s2i_ASN1_INTEGER BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, s2i_ASN1_INTEGER) #define s2i_ASN1_OCTET_STRING BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, s2i_ASN1_OCTET_STRING) +#define sha1_avx2_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha1_avx2_capable) +#define sha1_avx_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha1_avx_capable) #define sha1_block_data_order_avx BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha1_block_data_order_avx) #define sha1_block_data_order_avx2 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha1_block_data_order_avx2) #define sha1_block_data_order_hw BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha1_block_data_order_hw) #define sha1_block_data_order_nohw BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha1_block_data_order_nohw) #define sha1_block_data_order_ssse3 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha1_block_data_order_ssse3) +#define sha1_hw_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha1_hw_capable) +#define sha1_ssse3_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha1_ssse3_capable) +#define sha256_avx_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha256_avx_capable) #define sha256_block_data_order_avx BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha256_block_data_order_avx) #define sha256_block_data_order_hw BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha256_block_data_order_hw) #define sha256_block_data_order_nohw BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha256_block_data_order_nohw) #define sha256_block_data_order_ssse3 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha256_block_data_order_ssse3) +#define sha256_hw_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha256_hw_capable) +#define sha256_ssse3_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha256_ssse3_capable) +#define sha512_avx_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha512_avx_capable) #define sha512_block_data_order_avx BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha512_block_data_order_avx) #define sha512_block_data_order_hw BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha512_block_data_order_hw) #define sha512_block_data_order_nohw BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha512_block_data_order_nohw) +#define sha512_hw_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sha512_hw_capable) +#define sk_ACCESS_DESCRIPTION_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ACCESS_DESCRIPTION_call_free_func) +#define sk_ACCESS_DESCRIPTION_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ACCESS_DESCRIPTION_new_null) +#define sk_ACCESS_DESCRIPTION_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ACCESS_DESCRIPTION_num) +#define sk_ACCESS_DESCRIPTION_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ACCESS_DESCRIPTION_pop_free) +#define sk_ACCESS_DESCRIPTION_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ACCESS_DESCRIPTION_push) +#define sk_ACCESS_DESCRIPTION_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ACCESS_DESCRIPTION_value) +#define sk_ASN1_INTEGER_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_INTEGER_num) +#define sk_ASN1_INTEGER_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_INTEGER_push) +#define sk_ASN1_INTEGER_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_INTEGER_value) +#define sk_ASN1_OBJECT_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_OBJECT_call_cmp_func) +#define sk_ASN1_OBJECT_call_copy_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_OBJECT_call_copy_func) +#define sk_ASN1_OBJECT_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_OBJECT_call_free_func) +#define sk_ASN1_OBJECT_deep_copy BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_OBJECT_deep_copy) +#define sk_ASN1_OBJECT_dup BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_OBJECT_dup) +#define sk_ASN1_OBJECT_find BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_OBJECT_find) +#define sk_ASN1_OBJECT_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_OBJECT_free) +#define sk_ASN1_OBJECT_is_sorted BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_OBJECT_is_sorted) +#define sk_ASN1_OBJECT_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_OBJECT_new_null) +#define sk_ASN1_OBJECT_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_OBJECT_num) +#define sk_ASN1_OBJECT_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_OBJECT_pop_free) +#define sk_ASN1_OBJECT_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_OBJECT_push) +#define sk_ASN1_OBJECT_set_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_OBJECT_set_cmp_func) +#define sk_ASN1_OBJECT_sort BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_OBJECT_sort) +#define sk_ASN1_OBJECT_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_OBJECT_value) +#define sk_ASN1_TYPE_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_TYPE_num) +#define sk_ASN1_TYPE_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_TYPE_push) +#define sk_ASN1_TYPE_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_TYPE_value) +#define sk_ASN1_VALUE_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_VALUE_free) +#define sk_ASN1_VALUE_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_VALUE_new_null) +#define sk_ASN1_VALUE_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_VALUE_num) +#define sk_ASN1_VALUE_pop BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_VALUE_pop) +#define sk_ASN1_VALUE_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_VALUE_push) +#define sk_ASN1_VALUE_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_ASN1_VALUE_value) +#define sk_CONF_VALUE_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CONF_VALUE_call_free_func) +#define sk_CONF_VALUE_delete_ptr BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CONF_VALUE_delete_ptr) +#define sk_CONF_VALUE_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CONF_VALUE_free) +#define sk_CONF_VALUE_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CONF_VALUE_new_null) +#define sk_CONF_VALUE_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CONF_VALUE_num) +#define sk_CONF_VALUE_pop BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CONF_VALUE_pop) +#define sk_CONF_VALUE_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CONF_VALUE_pop_free) +#define sk_CONF_VALUE_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CONF_VALUE_push) +#define sk_CONF_VALUE_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CONF_VALUE_value) +#define sk_CRYPTO_BUFFER_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_BUFFER_call_free_func) +#define sk_CRYPTO_BUFFER_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_BUFFER_new_null) +#define sk_CRYPTO_BUFFER_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_BUFFER_num) +#define sk_CRYPTO_BUFFER_pop BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_BUFFER_pop) +#define sk_CRYPTO_BUFFER_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_BUFFER_pop_free) +#define sk_CRYPTO_BUFFER_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_BUFFER_push) +#define sk_CRYPTO_BUFFER_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_BUFFER_value) +#define sk_DIST_POINT_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_DIST_POINT_call_free_func) +#define sk_DIST_POINT_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_DIST_POINT_new_null) +#define sk_DIST_POINT_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_DIST_POINT_num) +#define sk_DIST_POINT_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_DIST_POINT_pop_free) +#define sk_DIST_POINT_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_DIST_POINT_push) +#define sk_DIST_POINT_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_DIST_POINT_value) +#define sk_GENERAL_NAME_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_GENERAL_NAME_call_free_func) +#define sk_GENERAL_NAME_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_GENERAL_NAME_new_null) +#define sk_GENERAL_NAME_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_GENERAL_NAME_num) +#define sk_GENERAL_NAME_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_GENERAL_NAME_pop_free) +#define sk_GENERAL_NAME_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_GENERAL_NAME_push) +#define sk_GENERAL_NAME_set BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_GENERAL_NAME_set) +#define sk_GENERAL_NAME_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_GENERAL_NAME_value) +#define sk_GENERAL_SUBTREE_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_GENERAL_SUBTREE_new_null) +#define sk_GENERAL_SUBTREE_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_GENERAL_SUBTREE_num) +#define sk_GENERAL_SUBTREE_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_GENERAL_SUBTREE_push) +#define sk_GENERAL_SUBTREE_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_GENERAL_SUBTREE_value) +#define sk_OPENSSL_STRING_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_OPENSSL_STRING_call_cmp_func) +#define sk_OPENSSL_STRING_call_copy_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_OPENSSL_STRING_call_copy_func) +#define sk_OPENSSL_STRING_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_OPENSSL_STRING_call_free_func) +#define sk_OPENSSL_STRING_deep_copy BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_OPENSSL_STRING_deep_copy) +#define sk_OPENSSL_STRING_find BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_OPENSSL_STRING_find) +#define sk_OPENSSL_STRING_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_OPENSSL_STRING_free) +#define sk_OPENSSL_STRING_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_OPENSSL_STRING_new) +#define sk_OPENSSL_STRING_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_OPENSSL_STRING_new_null) +#define sk_OPENSSL_STRING_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_OPENSSL_STRING_num) +#define sk_OPENSSL_STRING_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_OPENSSL_STRING_pop_free) +#define sk_OPENSSL_STRING_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_OPENSSL_STRING_push) +#define sk_OPENSSL_STRING_sort BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_OPENSSL_STRING_sort) +#define sk_OPENSSL_STRING_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_OPENSSL_STRING_value) +#define sk_POLICYINFO_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICYINFO_call_cmp_func) +#define sk_POLICYINFO_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICYINFO_call_free_func) +#define sk_POLICYINFO_find BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICYINFO_find) +#define sk_POLICYINFO_is_sorted BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICYINFO_is_sorted) +#define sk_POLICYINFO_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICYINFO_new_null) +#define sk_POLICYINFO_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICYINFO_num) +#define sk_POLICYINFO_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICYINFO_pop_free) +#define sk_POLICYINFO_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICYINFO_push) +#define sk_POLICYINFO_set_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICYINFO_set_cmp_func) +#define sk_POLICYINFO_sort BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICYINFO_sort) +#define sk_POLICYINFO_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICYINFO_value) +#define sk_POLICYQUALINFO_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICYQUALINFO_new_null) +#define sk_POLICYQUALINFO_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICYQUALINFO_num) +#define sk_POLICYQUALINFO_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICYQUALINFO_push) +#define sk_POLICYQUALINFO_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICYQUALINFO_value) +#define sk_POLICY_MAPPING_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICY_MAPPING_call_cmp_func) +#define sk_POLICY_MAPPING_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICY_MAPPING_call_free_func) +#define sk_POLICY_MAPPING_find BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICY_MAPPING_find) +#define sk_POLICY_MAPPING_is_sorted BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICY_MAPPING_is_sorted) +#define sk_POLICY_MAPPING_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICY_MAPPING_new_null) +#define sk_POLICY_MAPPING_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICY_MAPPING_num) +#define sk_POLICY_MAPPING_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICY_MAPPING_pop_free) +#define sk_POLICY_MAPPING_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICY_MAPPING_push) +#define sk_POLICY_MAPPING_set_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICY_MAPPING_set_cmp_func) +#define sk_POLICY_MAPPING_sort BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICY_MAPPING_sort) +#define sk_POLICY_MAPPING_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_POLICY_MAPPING_value) +#define sk_TRUST_TOKEN_PRETOKEN_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_TRUST_TOKEN_PRETOKEN_call_free_func) +#define sk_TRUST_TOKEN_PRETOKEN_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_TRUST_TOKEN_PRETOKEN_new_null) +#define sk_TRUST_TOKEN_PRETOKEN_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_TRUST_TOKEN_PRETOKEN_num) +#define sk_TRUST_TOKEN_PRETOKEN_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_TRUST_TOKEN_PRETOKEN_pop_free) +#define sk_TRUST_TOKEN_PRETOKEN_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_TRUST_TOKEN_PRETOKEN_push) +#define sk_TRUST_TOKEN_PRETOKEN_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_TRUST_TOKEN_PRETOKEN_value) +#define sk_TRUST_TOKEN_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_TRUST_TOKEN_call_free_func) +#define sk_TRUST_TOKEN_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_TRUST_TOKEN_new_null) +#define sk_TRUST_TOKEN_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_TRUST_TOKEN_pop_free) +#define sk_TRUST_TOKEN_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_TRUST_TOKEN_push) +#define sk_X509_ATTRIBUTE_delete BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_ATTRIBUTE_delete) +#define sk_X509_ATTRIBUTE_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_ATTRIBUTE_new_null) +#define sk_X509_ATTRIBUTE_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_ATTRIBUTE_num) +#define sk_X509_ATTRIBUTE_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_ATTRIBUTE_push) +#define sk_X509_ATTRIBUTE_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_ATTRIBUTE_value) +#define sk_X509_CRL_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_CRL_call_free_func) +#define sk_X509_CRL_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_CRL_free) +#define sk_X509_CRL_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_CRL_new_null) +#define sk_X509_CRL_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_CRL_num) +#define sk_X509_CRL_pop BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_CRL_pop) +#define sk_X509_CRL_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_CRL_pop_free) +#define sk_X509_CRL_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_CRL_push) +#define sk_X509_CRL_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_CRL_value) +#define sk_X509_EXTENSION_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_EXTENSION_call_free_func) +#define sk_X509_EXTENSION_delete BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_EXTENSION_delete) +#define sk_X509_EXTENSION_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_EXTENSION_free) +#define sk_X509_EXTENSION_insert BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_EXTENSION_insert) +#define sk_X509_EXTENSION_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_EXTENSION_new_null) +#define sk_X509_EXTENSION_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_EXTENSION_num) +#define sk_X509_EXTENSION_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_EXTENSION_pop_free) +#define sk_X509_EXTENSION_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_EXTENSION_push) +#define sk_X509_EXTENSION_set BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_EXTENSION_set) +#define sk_X509_EXTENSION_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_EXTENSION_value) +#define sk_X509_INFO_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_INFO_call_free_func) +#define sk_X509_INFO_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_INFO_free) +#define sk_X509_INFO_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_INFO_new_null) +#define sk_X509_INFO_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_INFO_num) +#define sk_X509_INFO_pop BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_INFO_pop) +#define sk_X509_INFO_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_INFO_pop_free) +#define sk_X509_INFO_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_INFO_push) +#define sk_X509_INFO_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_INFO_value) +#define sk_X509_LOOKUP_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_LOOKUP_call_free_func) +#define sk_X509_LOOKUP_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_LOOKUP_new_null) +#define sk_X509_LOOKUP_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_LOOKUP_num) +#define sk_X509_LOOKUP_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_LOOKUP_pop_free) +#define sk_X509_LOOKUP_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_LOOKUP_push) +#define sk_X509_LOOKUP_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_LOOKUP_value) +#define sk_X509_NAME_ENTRY_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_call_free_func) +#define sk_X509_NAME_ENTRY_delete BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_delete) +#define sk_X509_NAME_ENTRY_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_free) +#define sk_X509_NAME_ENTRY_insert BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_insert) +#define sk_X509_NAME_ENTRY_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_new_null) +#define sk_X509_NAME_ENTRY_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_num) +#define sk_X509_NAME_ENTRY_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_pop_free) +#define sk_X509_NAME_ENTRY_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_push) +#define sk_X509_NAME_ENTRY_set BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_set) +#define sk_X509_NAME_ENTRY_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_value) +#define sk_X509_OBJECT_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_OBJECT_call_cmp_func) +#define sk_X509_OBJECT_call_copy_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_OBJECT_call_copy_func) +#define sk_X509_OBJECT_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_OBJECT_call_free_func) +#define sk_X509_OBJECT_deep_copy BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_OBJECT_deep_copy) +#define sk_X509_OBJECT_find BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_OBJECT_find) +#define sk_X509_OBJECT_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_OBJECT_new) +#define sk_X509_OBJECT_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_OBJECT_num) +#define sk_X509_OBJECT_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_OBJECT_pop_free) +#define sk_X509_OBJECT_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_OBJECT_push) +#define sk_X509_OBJECT_sort BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_OBJECT_sort) +#define sk_X509_OBJECT_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_OBJECT_value) +#define sk_X509_REVOKED_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_REVOKED_call_cmp_func) +#define sk_X509_REVOKED_find BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_REVOKED_find) +#define sk_X509_REVOKED_is_sorted BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_REVOKED_is_sorted) +#define sk_X509_REVOKED_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_REVOKED_new) +#define sk_X509_REVOKED_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_REVOKED_num) +#define sk_X509_REVOKED_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_REVOKED_push) +#define sk_X509_REVOKED_set_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_REVOKED_set_cmp_func) +#define sk_X509_REVOKED_sort BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_REVOKED_sort) +#define sk_X509_REVOKED_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_REVOKED_value) +#define sk_X509_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_call_free_func) +#define sk_X509_delete BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_delete) +#define sk_X509_delete_ptr BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_delete_ptr) +#define sk_X509_dup BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_dup) +#define sk_X509_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_free) +#define sk_X509_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_new_null) +#define sk_X509_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_num) +#define sk_X509_pop BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_pop) +#define sk_X509_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_pop_free) +#define sk_X509_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_push) +#define sk_X509_set BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_set) +#define sk_X509_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_value) #define sk_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_free) #define sk_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_new_null) #define sk_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_num) @@ -2923,12 +3233,28 @@ #define sk_pop_free_ex BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_pop_free_ex) #define sk_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_push) #define sk_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_value) +#define sk_void_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_void_free) +#define sk_void_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_void_new_null) +#define sk_void_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_void_num) +#define sk_void_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_void_push) +#define sk_void_set BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_void_set) +#define sk_void_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_void_value) +#define slhdsa_copy_keypair_addr BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_copy_keypair_addr) #define slhdsa_fors_pk_from_sig BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_fors_pk_from_sig) #define slhdsa_fors_sign BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_fors_sign) #define slhdsa_fors_sk_gen BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_fors_sk_gen) #define slhdsa_fors_treehash BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_fors_treehash) +#define slhdsa_get_tree_index BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_get_tree_index) #define slhdsa_ht_sign BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_ht_sign) #define slhdsa_ht_verify BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_ht_verify) +#define slhdsa_set_chain_addr BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_set_chain_addr) +#define slhdsa_set_hash_addr BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_set_hash_addr) +#define slhdsa_set_keypair_addr BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_set_keypair_addr) +#define slhdsa_set_layer_addr BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_set_layer_addr) +#define slhdsa_set_tree_addr BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_set_tree_addr) +#define slhdsa_set_tree_height BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_set_tree_height) +#define slhdsa_set_tree_index BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_set_tree_index) +#define slhdsa_set_type BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_set_type) #define slhdsa_thash_f BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_thash_f) #define slhdsa_thash_h BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_thash_h) #define slhdsa_thash_hmsg BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, slhdsa_thash_hmsg) @@ -3019,9 +3345,11 @@ #define voprf_pst1_sign BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, voprf_pst1_sign) #define voprf_pst1_sign_with_proof_scalar_for_testing BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, voprf_pst1_sign_with_proof_scalar_for_testing) #define voprf_pst1_unblind BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, voprf_pst1_unblind) +#define vpaes_capable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, vpaes_capable) #define vpaes_cbc_encrypt BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, vpaes_cbc_encrypt) #define vpaes_ctr32_encrypt_blocks BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, vpaes_ctr32_encrypt_blocks) #define vpaes_decrypt BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, vpaes_decrypt) +#define vpaes_decrypt_key_to_bsaes BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, vpaes_decrypt_key_to_bsaes) #define vpaes_encrypt BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, vpaes_encrypt) #define vpaes_set_decrypt_key BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, vpaes_set_decrypt_key) #define vpaes_set_encrypt_key BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, vpaes_set_encrypt_key) @@ -3077,30 +3405,6 @@ #define sk_TRUST_TOKEN_PRETOKEN_set_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_TRUST_TOKEN_PRETOKEN_set_cmp_func) #define sk_TRUST_TOKEN_PRETOKEN_deep_copy BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_TRUST_TOKEN_PRETOKEN_deep_copy) #define sk_TRUST_TOKEN_PRETOKEN_delete_if BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_TRUST_TOKEN_PRETOKEN_delete_if) -#define sk_CRYPTO_EX_DATA_FUNCS_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_call_free_func) -#define sk_CRYPTO_EX_DATA_FUNCS_call_copy_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_call_copy_func) -#define sk_CRYPTO_EX_DATA_FUNCS_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_call_cmp_func) -#define sk_CRYPTO_EX_DATA_FUNCS_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_new) -#define sk_CRYPTO_EX_DATA_FUNCS_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_new_null) -#define sk_CRYPTO_EX_DATA_FUNCS_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_num) -#define sk_CRYPTO_EX_DATA_FUNCS_zero BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_zero) -#define sk_CRYPTO_EX_DATA_FUNCS_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_value) -#define sk_CRYPTO_EX_DATA_FUNCS_set BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_set) -#define sk_CRYPTO_EX_DATA_FUNCS_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_free) -#define sk_CRYPTO_EX_DATA_FUNCS_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_pop_free) -#define sk_CRYPTO_EX_DATA_FUNCS_insert BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_insert) -#define sk_CRYPTO_EX_DATA_FUNCS_delete BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_delete) -#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_delete_ptr) -#define sk_CRYPTO_EX_DATA_FUNCS_find BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_find) -#define sk_CRYPTO_EX_DATA_FUNCS_shift BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_shift) -#define sk_CRYPTO_EX_DATA_FUNCS_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_push) -#define sk_CRYPTO_EX_DATA_FUNCS_pop BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_pop) -#define sk_CRYPTO_EX_DATA_FUNCS_dup BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_dup) -#define sk_CRYPTO_EX_DATA_FUNCS_sort BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_sort) -#define sk_CRYPTO_EX_DATA_FUNCS_is_sorted BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_is_sorted) -#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func) -#define sk_CRYPTO_EX_DATA_FUNCS_deep_copy BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_deep_copy) -#define sk_CRYPTO_EX_DATA_FUNCS_delete_if BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_delete_if) #define sk_BIGNUM_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_BIGNUM_call_free_func) #define sk_BIGNUM_call_copy_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_BIGNUM_call_copy_func) #define sk_BIGNUM_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_BIGNUM_call_cmp_func) @@ -3125,30 +3429,6 @@ #define sk_BIGNUM_set_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_BIGNUM_set_cmp_func) #define sk_BIGNUM_deep_copy BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_BIGNUM_deep_copy) #define sk_BIGNUM_delete_if BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_BIGNUM_delete_if) -#define sk_X509V3_EXT_METHOD_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_call_free_func) -#define sk_X509V3_EXT_METHOD_call_copy_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_call_copy_func) -#define sk_X509V3_EXT_METHOD_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_call_cmp_func) -#define sk_X509V3_EXT_METHOD_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_new) -#define sk_X509V3_EXT_METHOD_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_new_null) -#define sk_X509V3_EXT_METHOD_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_num) -#define sk_X509V3_EXT_METHOD_zero BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_zero) -#define sk_X509V3_EXT_METHOD_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_value) -#define sk_X509V3_EXT_METHOD_set BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_set) -#define sk_X509V3_EXT_METHOD_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_free) -#define sk_X509V3_EXT_METHOD_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_pop_free) -#define sk_X509V3_EXT_METHOD_insert BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_insert) -#define sk_X509V3_EXT_METHOD_delete BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_delete) -#define sk_X509V3_EXT_METHOD_delete_ptr BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_delete_ptr) -#define sk_X509V3_EXT_METHOD_find BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_find) -#define sk_X509V3_EXT_METHOD_shift BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_shift) -#define sk_X509V3_EXT_METHOD_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_push) -#define sk_X509V3_EXT_METHOD_pop BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_pop) -#define sk_X509V3_EXT_METHOD_dup BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_dup) -#define sk_X509V3_EXT_METHOD_sort BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_sort) -#define sk_X509V3_EXT_METHOD_is_sorted BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_is_sorted) -#define sk_X509V3_EXT_METHOD_set_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_set_cmp_func) -#define sk_X509V3_EXT_METHOD_deep_copy BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_deep_copy) -#define sk_X509V3_EXT_METHOD_delete_if BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_delete_if) #define sk_X509_LOOKUP_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_LOOKUP_call_free_func) #define sk_X509_LOOKUP_call_copy_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_LOOKUP_call_copy_func) #define sk_X509_LOOKUP_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_LOOKUP_call_cmp_func) @@ -3173,30 +3453,6 @@ #define sk_X509_LOOKUP_set_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_LOOKUP_set_cmp_func) #define sk_X509_LOOKUP_deep_copy BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_LOOKUP_deep_copy) #define sk_X509_LOOKUP_delete_if BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_LOOKUP_delete_if) -#define sk_STACK_OF_X509_NAME_ENTRY_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_call_free_func) -#define sk_STACK_OF_X509_NAME_ENTRY_call_copy_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_call_copy_func) -#define sk_STACK_OF_X509_NAME_ENTRY_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_call_cmp_func) -#define sk_STACK_OF_X509_NAME_ENTRY_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_new) -#define sk_STACK_OF_X509_NAME_ENTRY_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_new_null) -#define sk_STACK_OF_X509_NAME_ENTRY_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_num) -#define sk_STACK_OF_X509_NAME_ENTRY_zero BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_zero) -#define sk_STACK_OF_X509_NAME_ENTRY_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_value) -#define sk_STACK_OF_X509_NAME_ENTRY_set BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_set) -#define sk_STACK_OF_X509_NAME_ENTRY_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_free) -#define sk_STACK_OF_X509_NAME_ENTRY_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_pop_free) -#define sk_STACK_OF_X509_NAME_ENTRY_insert BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_insert) -#define sk_STACK_OF_X509_NAME_ENTRY_delete BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_delete) -#define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_delete_ptr) -#define sk_STACK_OF_X509_NAME_ENTRY_find BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_find) -#define sk_STACK_OF_X509_NAME_ENTRY_shift BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_shift) -#define sk_STACK_OF_X509_NAME_ENTRY_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_push) -#define sk_STACK_OF_X509_NAME_ENTRY_pop BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_pop) -#define sk_STACK_OF_X509_NAME_ENTRY_dup BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_dup) -#define sk_STACK_OF_X509_NAME_ENTRY_sort BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_sort) -#define sk_STACK_OF_X509_NAME_ENTRY_is_sorted BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_is_sorted) -#define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func) -#define sk_STACK_OF_X509_NAME_ENTRY_deep_copy BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_deep_copy) -#define sk_STACK_OF_X509_NAME_ENTRY_delete_if BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_delete_if) #define sk_BY_DIR_HASH_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_BY_DIR_HASH_call_free_func) #define sk_BY_DIR_HASH_call_copy_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_BY_DIR_HASH_call_copy_func) #define sk_BY_DIR_HASH_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_BY_DIR_HASH_call_cmp_func) @@ -3245,6 +3501,30 @@ #define sk_BY_DIR_ENTRY_set_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_BY_DIR_ENTRY_set_cmp_func) #define sk_BY_DIR_ENTRY_deep_copy BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_BY_DIR_ENTRY_deep_copy) #define sk_BY_DIR_ENTRY_delete_if BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_BY_DIR_ENTRY_delete_if) +#define sk_X509V3_EXT_METHOD_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_call_free_func) +#define sk_X509V3_EXT_METHOD_call_copy_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_call_copy_func) +#define sk_X509V3_EXT_METHOD_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_call_cmp_func) +#define sk_X509V3_EXT_METHOD_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_new) +#define sk_X509V3_EXT_METHOD_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_new_null) +#define sk_X509V3_EXT_METHOD_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_num) +#define sk_X509V3_EXT_METHOD_zero BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_zero) +#define sk_X509V3_EXT_METHOD_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_value) +#define sk_X509V3_EXT_METHOD_set BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_set) +#define sk_X509V3_EXT_METHOD_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_free) +#define sk_X509V3_EXT_METHOD_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_pop_free) +#define sk_X509V3_EXT_METHOD_insert BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_insert) +#define sk_X509V3_EXT_METHOD_delete BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_delete) +#define sk_X509V3_EXT_METHOD_delete_ptr BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_delete_ptr) +#define sk_X509V3_EXT_METHOD_find BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_find) +#define sk_X509V3_EXT_METHOD_shift BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_shift) +#define sk_X509V3_EXT_METHOD_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_push) +#define sk_X509V3_EXT_METHOD_pop BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_pop) +#define sk_X509V3_EXT_METHOD_dup BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_dup) +#define sk_X509V3_EXT_METHOD_sort BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_sort) +#define sk_X509V3_EXT_METHOD_is_sorted BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_is_sorted) +#define sk_X509V3_EXT_METHOD_set_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_set_cmp_func) +#define sk_X509V3_EXT_METHOD_deep_copy BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_deep_copy) +#define sk_X509V3_EXT_METHOD_delete_if BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509V3_EXT_METHOD_delete_if) #define sk_X509_POLICY_NODE_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_POLICY_NODE_call_free_func) #define sk_X509_POLICY_NODE_call_copy_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_POLICY_NODE_call_copy_func) #define sk_X509_POLICY_NODE_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_POLICY_NODE_call_cmp_func) @@ -3293,6 +3573,54 @@ #define sk_X509_POLICY_LEVEL_set_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_POLICY_LEVEL_set_cmp_func) #define sk_X509_POLICY_LEVEL_deep_copy BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_POLICY_LEVEL_deep_copy) #define sk_X509_POLICY_LEVEL_delete_if BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_POLICY_LEVEL_delete_if) +#define sk_STACK_OF_X509_NAME_ENTRY_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_call_free_func) +#define sk_STACK_OF_X509_NAME_ENTRY_call_copy_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_call_copy_func) +#define sk_STACK_OF_X509_NAME_ENTRY_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_call_cmp_func) +#define sk_STACK_OF_X509_NAME_ENTRY_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_new) +#define sk_STACK_OF_X509_NAME_ENTRY_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_new_null) +#define sk_STACK_OF_X509_NAME_ENTRY_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_num) +#define sk_STACK_OF_X509_NAME_ENTRY_zero BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_zero) +#define sk_STACK_OF_X509_NAME_ENTRY_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_value) +#define sk_STACK_OF_X509_NAME_ENTRY_set BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_set) +#define sk_STACK_OF_X509_NAME_ENTRY_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_free) +#define sk_STACK_OF_X509_NAME_ENTRY_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_pop_free) +#define sk_STACK_OF_X509_NAME_ENTRY_insert BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_insert) +#define sk_STACK_OF_X509_NAME_ENTRY_delete BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_delete) +#define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_delete_ptr) +#define sk_STACK_OF_X509_NAME_ENTRY_find BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_find) +#define sk_STACK_OF_X509_NAME_ENTRY_shift BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_shift) +#define sk_STACK_OF_X509_NAME_ENTRY_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_push) +#define sk_STACK_OF_X509_NAME_ENTRY_pop BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_pop) +#define sk_STACK_OF_X509_NAME_ENTRY_dup BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_dup) +#define sk_STACK_OF_X509_NAME_ENTRY_sort BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_sort) +#define sk_STACK_OF_X509_NAME_ENTRY_is_sorted BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_is_sorted) +#define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func) +#define sk_STACK_OF_X509_NAME_ENTRY_deep_copy BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_deep_copy) +#define sk_STACK_OF_X509_NAME_ENTRY_delete_if BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_STACK_OF_X509_NAME_ENTRY_delete_if) +#define sk_CRYPTO_EX_DATA_FUNCS_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_call_free_func) +#define sk_CRYPTO_EX_DATA_FUNCS_call_copy_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_call_copy_func) +#define sk_CRYPTO_EX_DATA_FUNCS_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_call_cmp_func) +#define sk_CRYPTO_EX_DATA_FUNCS_new BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_new) +#define sk_CRYPTO_EX_DATA_FUNCS_new_null BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_new_null) +#define sk_CRYPTO_EX_DATA_FUNCS_num BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_num) +#define sk_CRYPTO_EX_DATA_FUNCS_zero BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_zero) +#define sk_CRYPTO_EX_DATA_FUNCS_value BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_value) +#define sk_CRYPTO_EX_DATA_FUNCS_set BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_set) +#define sk_CRYPTO_EX_DATA_FUNCS_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_free) +#define sk_CRYPTO_EX_DATA_FUNCS_pop_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_pop_free) +#define sk_CRYPTO_EX_DATA_FUNCS_insert BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_insert) +#define sk_CRYPTO_EX_DATA_FUNCS_delete BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_delete) +#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_delete_ptr) +#define sk_CRYPTO_EX_DATA_FUNCS_find BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_find) +#define sk_CRYPTO_EX_DATA_FUNCS_shift BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_shift) +#define sk_CRYPTO_EX_DATA_FUNCS_push BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_push) +#define sk_CRYPTO_EX_DATA_FUNCS_pop BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_pop) +#define sk_CRYPTO_EX_DATA_FUNCS_dup BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_dup) +#define sk_CRYPTO_EX_DATA_FUNCS_sort BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_sort) +#define sk_CRYPTO_EX_DATA_FUNCS_is_sorted BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_is_sorted) +#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func) +#define sk_CRYPTO_EX_DATA_FUNCS_deep_copy BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_deep_copy) +#define sk_CRYPTO_EX_DATA_FUNCS_delete_if BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_CRYPTO_EX_DATA_FUNCS_delete_if) #define sk_X509_call_free_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_call_free_func) #define sk_X509_call_copy_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_call_copy_func) #define sk_X509_call_cmp_func BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, sk_X509_call_cmp_func) diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_boringssl_prefix_symbols_asm.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_boringssl_prefix_symbols_asm.h index 4767eab2..f42d3d3f 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_boringssl_prefix_symbols_asm.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_boringssl_prefix_symbols_asm.h @@ -23,7 +23,6 @@ #define BORINGSSL_ADD_PREFIX_INNER_MAC_ASM(a, b) _ ## a ## _ ## b #define _ACCESS_DESCRIPTION_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ACCESS_DESCRIPTION_free) -#define _ACCESS_DESCRIPTION_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ACCESS_DESCRIPTION_it) #define _ACCESS_DESCRIPTION_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ACCESS_DESCRIPTION_new) #define _AES_CMAC BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, AES_CMAC) #define _AES_cbc_encrypt BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, AES_cbc_encrypt) @@ -108,9 +107,7 @@ #define _ASN1_PRINTABLE_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ASN1_PRINTABLE_free) #define _ASN1_PRINTABLE_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ASN1_PRINTABLE_it) #define _ASN1_PRINTABLE_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ASN1_PRINTABLE_new) -#define _ASN1_SEQUENCE_ANY_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ASN1_SEQUENCE_ANY_it) #define _ASN1_SEQUENCE_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ASN1_SEQUENCE_it) -#define _ASN1_SET_ANY_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ASN1_SET_ANY_it) #define _ASN1_STRING_TABLE_add BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ASN1_STRING_TABLE_add) #define _ASN1_STRING_TABLE_cleanup BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ASN1_STRING_TABLE_cleanup) #define _ASN1_STRING_cmp BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ASN1_STRING_cmp) @@ -250,6 +247,7 @@ #define _BIO_ctrl_get_read_request BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_ctrl_get_read_request) #define _BIO_ctrl_get_write_guarantee BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_ctrl_get_write_guarantee) #define _BIO_ctrl_pending BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_ctrl_pending) +#define _BIO_do_connect BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_do_connect) #define _BIO_eof BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_eof) #define _BIO_find_type BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_find_type) #define _BIO_flush BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_flush) @@ -284,10 +282,12 @@ #define _BIO_method_type BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_method_type) #define _BIO_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_new) #define _BIO_new_bio_pair BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_new_bio_pair) +#define _BIO_new_connect BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_new_connect) #define _BIO_new_fd BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_new_fd) #define _BIO_new_file BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_new_file) #define _BIO_new_fp BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_new_fp) #define _BIO_new_mem_buf BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_new_mem_buf) +#define _BIO_new_socket BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_new_socket) #define _BIO_next BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_next) #define _BIO_number_read BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_number_read) #define _BIO_number_written BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_number_written) @@ -302,11 +302,16 @@ #define _BIO_read_filename BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_read_filename) #define _BIO_reset BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_reset) #define _BIO_rw_filename BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_rw_filename) +#define _BIO_s_connect BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_s_connect) #define _BIO_s_fd BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_s_fd) #define _BIO_s_file BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_s_file) #define _BIO_s_mem BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_s_mem) +#define _BIO_s_socket BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_s_socket) #define _BIO_seek BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_seek) #define _BIO_set_close BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_set_close) +#define _BIO_set_conn_hostname BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_set_conn_hostname) +#define _BIO_set_conn_int_port BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_set_conn_int_port) +#define _BIO_set_conn_port BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_set_conn_port) #define _BIO_set_data BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_set_data) #define _BIO_set_ex_data BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_set_ex_data) #define _BIO_set_fd BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_set_fd) @@ -315,6 +320,7 @@ #define _BIO_set_init BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_set_init) #define _BIO_set_mem_buf BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_set_mem_buf) #define _BIO_set_mem_eof_return BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_set_mem_eof_return) +#define _BIO_set_nbio BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_set_nbio) #define _BIO_set_retry_read BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_set_retry_read) #define _BIO_set_retry_reason BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_set_retry_reason) #define _BIO_set_retry_special BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, BIO_set_retry_special) @@ -541,6 +547,7 @@ #define _CBS_asn1_oid_to_text BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_asn1_oid_to_text) #define _CBS_contains_zero_byte BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_contains_zero_byte) #define _CBS_copy_bytes BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_copy_bytes) +#define _CBS_data BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_data) #define _CBS_get_any_asn1 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_get_any_asn1) #define _CBS_get_any_asn1_element BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_get_any_asn1_element) #define _CBS_get_any_ber_asn1_element BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_get_any_ber_asn1_element) @@ -573,10 +580,12 @@ #define _CBS_get_until_first BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_get_until_first) #define _CBS_get_utf32_be BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_get_utf32_be) #define _CBS_get_utf8 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_get_utf8) +#define _CBS_init BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_init) #define _CBS_is_unsigned_asn1_integer BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_is_unsigned_asn1_integer) #define _CBS_is_valid_asn1_bitstring BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_is_valid_asn1_bitstring) #define _CBS_is_valid_asn1_integer BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_is_valid_asn1_integer) #define _CBS_is_valid_asn1_oid BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_is_valid_asn1_oid) +#define _CBS_len BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_len) #define _CBS_mem_equal BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_mem_equal) #define _CBS_parse_generalized_time BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_parse_generalized_time) #define _CBS_parse_utc_time BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_parse_utc_time) @@ -625,6 +634,9 @@ #define _CRYPTO_THREADID_set_callback BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_THREADID_set_callback) #define _CRYPTO_THREADID_set_numeric BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_THREADID_set_numeric) #define _CRYPTO_THREADID_set_pointer BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_THREADID_set_pointer) +#define _CRYPTO_atomic_compare_exchange_weak_u32 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_atomic_compare_exchange_weak_u32) +#define _CRYPTO_atomic_load_u32 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_atomic_load_u32) +#define _CRYPTO_atomic_store_u32 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_atomic_store_u32) #define _CRYPTO_cbc128_decrypt BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_cbc128_decrypt) #define _CRYPTO_cbc128_encrypt BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_cbc128_encrypt) #define _CRYPTO_cfb128_1_encrypt BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_cfb128_1_encrypt) @@ -632,6 +644,7 @@ #define _CRYPTO_cfb128_encrypt BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_cfb128_encrypt) #define _CRYPTO_chacha_20 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_chacha_20) #define _CRYPTO_cleanup_all_ex_data BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_cleanup_all_ex_data) +#define _CRYPTO_cpu_perf_is_like_silvermont BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_cpu_perf_is_like_silvermont) #define _CRYPTO_ctr128_encrypt BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_ctr128_encrypt) #define _CRYPTO_ctr128_encrypt_ctr32 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_ctr128_encrypt_ctr32) #define _CRYPTO_fips_186_2_prf BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_fips_186_2_prf) @@ -661,7 +674,27 @@ #define _CRYPTO_has_asm BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_has_asm) #define _CRYPTO_hchacha20 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_hchacha20) #define _CRYPTO_init_sysrand BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_init_sysrand) +#define _CRYPTO_is_ADX_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_ADX_capable) +#define _CRYPTO_is_AESNI_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_AESNI_capable) +#define _CRYPTO_is_ARMv8_AES_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_ARMv8_AES_capable) +#define _CRYPTO_is_ARMv8_PMULL_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_ARMv8_PMULL_capable) +#define _CRYPTO_is_ARMv8_SHA1_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_ARMv8_SHA1_capable) +#define _CRYPTO_is_ARMv8_SHA256_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_ARMv8_SHA256_capable) +#define _CRYPTO_is_ARMv8_SHA512_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_ARMv8_SHA512_capable) +#define _CRYPTO_is_AVX2_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_AVX2_capable) +#define _CRYPTO_is_AVX_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_AVX_capable) +#define _CRYPTO_is_BMI1_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_BMI1_capable) +#define _CRYPTO_is_BMI2_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_BMI2_capable) +#define _CRYPTO_is_FXSR_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_FXSR_capable) +#define _CRYPTO_is_MOVBE_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_MOVBE_capable) +#define _CRYPTO_is_NEON_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_NEON_capable) +#define _CRYPTO_is_PCLMUL_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_PCLMUL_capable) +#define _CRYPTO_is_RDRAND_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_RDRAND_capable) +#define _CRYPTO_is_SSE4_1_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_SSE4_1_capable) +#define _CRYPTO_is_SSSE3_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_SSSE3_capable) #define _CRYPTO_is_confidential_build BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_confidential_build) +#define _CRYPTO_is_intel_cpu BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_intel_cpu) +#define _CRYPTO_is_x86_SHA_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_is_x86_SHA_capable) #define _CRYPTO_library_init BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_library_init) #define _CRYPTO_malloc BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_malloc) #define _CRYPTO_malloc_init BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_malloc_init) @@ -695,6 +728,7 @@ #define _CRYPTO_sysrand_if_available BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_sysrand_if_available) #define _CRYPTO_tls13_hkdf_expand_label BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_tls13_hkdf_expand_label) #define _CRYPTO_tls1_prf BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_tls1_prf) +#define _CRYPTO_xor16 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CRYPTO_xor16) #define _CTR_DRBG_clear BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CTR_DRBG_clear) #define _CTR_DRBG_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CTR_DRBG_free) #define _CTR_DRBG_generate BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CTR_DRBG_generate) @@ -702,10 +736,14 @@ #define _CTR_DRBG_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CTR_DRBG_new) #define _CTR_DRBG_reseed BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CTR_DRBG_reseed) #define _ChaCha20_ctr32_avx2 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ChaCha20_ctr32_avx2) +#define _ChaCha20_ctr32_avx2_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ChaCha20_ctr32_avx2_capable) #define _ChaCha20_ctr32_neon BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ChaCha20_ctr32_neon) +#define _ChaCha20_ctr32_neon_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ChaCha20_ctr32_neon_capable) #define _ChaCha20_ctr32_nohw BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ChaCha20_ctr32_nohw) #define _ChaCha20_ctr32_ssse3 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ChaCha20_ctr32_ssse3) #define _ChaCha20_ctr32_ssse3_4x BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ChaCha20_ctr32_ssse3_4x) +#define _ChaCha20_ctr32_ssse3_4x_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ChaCha20_ctr32_ssse3_4x_capable) +#define _ChaCha20_ctr32_ssse3_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ChaCha20_ctr32_ssse3_capable) #define _DES_decrypt3 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, DES_decrypt3) #define _DES_ecb3_encrypt BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, DES_ecb3_encrypt) #define _DES_ecb3_encrypt_ex BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, DES_ecb3_encrypt_ex) @@ -765,10 +803,8 @@ #define _DISPLAYTEXT_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, DISPLAYTEXT_it) #define _DISPLAYTEXT_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, DISPLAYTEXT_new) #define _DIST_POINT_NAME_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, DIST_POINT_NAME_free) -#define _DIST_POINT_NAME_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, DIST_POINT_NAME_it) #define _DIST_POINT_NAME_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, DIST_POINT_NAME_new) #define _DIST_POINT_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, DIST_POINT_free) -#define _DIST_POINT_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, DIST_POINT_it) #define _DIST_POINT_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, DIST_POINT_new) #define _DIST_POINT_set_dpname BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, DIST_POINT_set_dpname) #define _DSA_SIG_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, DSA_SIG_free) @@ -925,7 +961,6 @@ #define _ED25519_sign BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ED25519_sign) #define _ED25519_verify BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ED25519_verify) #define _EDIPARTYNAME_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, EDIPARTYNAME_free) -#define _EDIPARTYNAME_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, EDIPARTYNAME_it) #define _EDIPARTYNAME_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, EDIPARTYNAME_new) #define _ENGINE_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ENGINE_free) #define _ENGINE_get_ECDSA_method BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ENGINE_get_ECDSA_method) @@ -935,6 +970,8 @@ #define _ENGINE_register_all_complete BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ENGINE_register_all_complete) #define _ENGINE_set_ECDSA_method BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ENGINE_set_ECDSA_method) #define _ENGINE_set_RSA_method BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ENGINE_set_RSA_method) +#define _ERR_GET_LIB BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ERR_GET_LIB) +#define _ERR_GET_REASON BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ERR_GET_REASON) #define _ERR_SAVE_STATE_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ERR_SAVE_STATE_free) #define _ERR_add_error_data BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ERR_add_error_data) #define _ERR_add_error_dataf BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ERR_add_error_dataf) @@ -1334,7 +1371,6 @@ #define _GENERAL_NAME_set0_othername BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, GENERAL_NAME_set0_othername) #define _GENERAL_NAME_set0_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, GENERAL_NAME_set0_value) #define _GENERAL_SUBTREE_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, GENERAL_SUBTREE_free) -#define _GENERAL_SUBTREE_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, GENERAL_SUBTREE_it) #define _GENERAL_SUBTREE_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, GENERAL_SUBTREE_new) #define _HKDF BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, HKDF) #define _HKDF_expand BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, HKDF_expand) @@ -1398,6 +1434,28 @@ #define _MLDSA65_sign_internal BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLDSA65_sign_internal) #define _MLDSA65_verify BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLDSA65_verify) #define _MLDSA65_verify_internal BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLDSA65_verify_internal) +#define _MLKEM1024_decap BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM1024_decap) +#define _MLKEM1024_encap BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM1024_encap) +#define _MLKEM1024_encap_external_entropy BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM1024_encap_external_entropy) +#define _MLKEM1024_generate_key BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM1024_generate_key) +#define _MLKEM1024_generate_key_external_seed BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM1024_generate_key_external_seed) +#define _MLKEM1024_marshal_private_key BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM1024_marshal_private_key) +#define _MLKEM1024_marshal_public_key BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM1024_marshal_public_key) +#define _MLKEM1024_parse_private_key BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM1024_parse_private_key) +#define _MLKEM1024_parse_public_key BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM1024_parse_public_key) +#define _MLKEM1024_private_key_from_seed BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM1024_private_key_from_seed) +#define _MLKEM1024_public_from_private BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM1024_public_from_private) +#define _MLKEM768_decap BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM768_decap) +#define _MLKEM768_encap BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM768_encap) +#define _MLKEM768_encap_external_entropy BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM768_encap_external_entropy) +#define _MLKEM768_generate_key BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM768_generate_key) +#define _MLKEM768_generate_key_external_seed BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM768_generate_key_external_seed) +#define _MLKEM768_marshal_private_key BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM768_marshal_private_key) +#define _MLKEM768_marshal_public_key BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM768_marshal_public_key) +#define _MLKEM768_parse_private_key BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM768_parse_private_key) +#define _MLKEM768_parse_public_key BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM768_parse_public_key) +#define _MLKEM768_private_key_from_seed BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM768_private_key_from_seed) +#define _MLKEM768_public_from_private BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, MLKEM768_public_from_private) #define _NAME_CONSTRAINTS_check BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, NAME_CONSTRAINTS_check) #define _NAME_CONSTRAINTS_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, NAME_CONSTRAINTS_free) #define _NAME_CONSTRAINTS_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, NAME_CONSTRAINTS_it) @@ -1524,7 +1582,6 @@ #define _OPENSSL_vasprintf_internal BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, OPENSSL_vasprintf_internal) #define _OPENSSL_zalloc BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, OPENSSL_zalloc) #define _OTHERNAME_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, OTHERNAME_free) -#define _OTHERNAME_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, OTHERNAME_it) #define _OTHERNAME_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, OTHERNAME_new) #define _OpenSSL_add_all_algorithms BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, OpenSSL_add_all_algorithms) #define _OpenSSL_add_all_ciphers BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, OpenSSL_add_all_ciphers) @@ -1651,7 +1708,6 @@ #define _PKCS7_type_is_signed BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, PKCS7_type_is_signed) #define _PKCS7_type_is_signedAndEnveloped BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, PKCS7_type_is_signedAndEnveloped) #define _PKCS8_PRIV_KEY_INFO_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, PKCS8_PRIV_KEY_INFO_free) -#define _PKCS8_PRIV_KEY_INFO_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, PKCS8_PRIV_KEY_INFO_it) #define _PKCS8_PRIV_KEY_INFO_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, PKCS8_PRIV_KEY_INFO_new) #define _PKCS8_decrypt BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, PKCS8_decrypt) #define _PKCS8_encrypt BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, PKCS8_encrypt) @@ -1668,7 +1724,6 @@ #define _POLICY_CONSTRAINTS_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, POLICY_CONSTRAINTS_new) #define _POLICY_MAPPINGS_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, POLICY_MAPPINGS_it) #define _POLICY_MAPPING_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, POLICY_MAPPING_free) -#define _POLICY_MAPPING_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, POLICY_MAPPING_it) #define _POLICY_MAPPING_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, POLICY_MAPPING_new) #define _RAND_OpenSSL BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, RAND_OpenSSL) #define _RAND_SSLeay BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, RAND_SSLeay) @@ -1796,6 +1851,8 @@ #define _SIPHASH_24 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, SIPHASH_24) #define _SLHDSA_SHA2_128S_generate_key BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, SLHDSA_SHA2_128S_generate_key) #define _SLHDSA_SHA2_128S_generate_key_from_seed BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, SLHDSA_SHA2_128S_generate_key_from_seed) +#define _SLHDSA_SHA2_128S_prehash_warning_nonstandard_sign BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, SLHDSA_SHA2_128S_prehash_warning_nonstandard_sign) +#define _SLHDSA_SHA2_128S_prehash_warning_nonstandard_verify BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, SLHDSA_SHA2_128S_prehash_warning_nonstandard_verify) #define _SLHDSA_SHA2_128S_public_from_private BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, SLHDSA_SHA2_128S_public_from_private) #define _SLHDSA_SHA2_128S_sign BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, SLHDSA_SHA2_128S_sign) #define _SLHDSA_SHA2_128S_sign_internal BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, SLHDSA_SHA2_128S_sign_internal) @@ -1970,7 +2027,6 @@ #define _X509_LOOKUP_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_LOOKUP_free) #define _X509_LOOKUP_hash_dir BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_LOOKUP_hash_dir) #define _X509_LOOKUP_load_file BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_LOOKUP_load_file) -#define _X509_NAME_ENTRIES_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_NAME_ENTRIES_it) #define _X509_NAME_ENTRY_create_by_NID BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_NAME_ENTRY_create_by_NID) #define _X509_NAME_ENTRY_create_by_OBJ BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_NAME_ENTRY_create_by_OBJ) #define _X509_NAME_ENTRY_create_by_txt BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_NAME_ENTRY_create_by_txt) @@ -1983,7 +2039,6 @@ #define _X509_NAME_ENTRY_set BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_NAME_ENTRY_set) #define _X509_NAME_ENTRY_set_data BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_NAME_ENTRY_set_data) #define _X509_NAME_ENTRY_set_object BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_NAME_ENTRY_set_object) -#define _X509_NAME_INTERNAL_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_NAME_INTERNAL_it) #define _X509_NAME_add_entry BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_NAME_add_entry) #define _X509_NAME_add_entry_by_NID BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_NAME_add_entry_by_NID) #define _X509_NAME_add_entry_by_OBJ BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_NAME_add_entry_by_OBJ) @@ -2088,7 +2143,6 @@ #define _X509_SIG_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_SIG_free) #define _X509_SIG_get0 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_SIG_get0) #define _X509_SIG_getm BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_SIG_getm) -#define _X509_SIG_it BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_SIG_it) #define _X509_SIG_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_SIG_new) #define _X509_STORE_CTX_cleanup BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_STORE_CTX_cleanup) #define _X509_STORE_CTX_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509_STORE_CTX_free) @@ -2295,6 +2349,7 @@ #define _X509v3_get_ext_by_OBJ BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509v3_get_ext_by_OBJ) #define _X509v3_get_ext_by_critical BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509v3_get_ext_by_critical) #define _X509v3_get_ext_count BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, X509v3_get_ext_count) +#define ___clang_call_terminate BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, __clang_call_terminate) #define _a2i_IPADDRESS BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, a2i_IPADDRESS) #define _a2i_IPADDRESS_NC BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, a2i_IPADDRESS_NC) #define _aes128gcmsiv_aes_ks BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, aes128gcmsiv_aes_ks) @@ -2323,6 +2378,7 @@ #define _aes_hw_set_decrypt_key BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, aes_hw_set_decrypt_key) #define _aes_hw_set_encrypt_key BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, aes_hw_set_encrypt_key) #define _aes_hw_set_encrypt_key_alt BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, aes_hw_set_encrypt_key_alt) +#define _aes_hw_set_encrypt_key_alt_preferred BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, aes_hw_set_encrypt_key_alt_preferred) #define _aes_hw_set_encrypt_key_base BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, aes_hw_set_encrypt_key_base) #define _aes_nohw_cbc_encrypt BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, aes_nohw_cbc_encrypt) #define _aes_nohw_ctr32_encrypt_blocks BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, aes_nohw_ctr32_encrypt_blocks) @@ -2356,12 +2412,18 @@ #define _asn1_type_value_as_pointer BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, asn1_type_value_as_pointer) #define _asn1_utctime_to_tm BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, asn1_utctime_to_tm) #define _beeu_mod_inverse_vartime BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, beeu_mod_inverse_vartime) +#define _bio_clear_socket_error BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bio_clear_socket_error) #define _bio_errno_should_retry BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bio_errno_should_retry) +#define _bio_ip_and_port_to_socket_and_addr BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bio_ip_and_port_to_socket_and_addr) +#define _bio_sock_error BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bio_sock_error) +#define _bio_socket_nbio BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bio_socket_nbio) +#define _bio_socket_should_retry BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bio_socket_should_retry) #define _bn_abs_sub_consttime BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_abs_sub_consttime) #define _bn_add_words BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_add_words) #define _bn_assert_fits_in_bytes BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_assert_fits_in_bytes) #define _bn_big_endian_to_words BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_big_endian_to_words) #define _bn_copy_words BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_copy_words) +#define _bn_declassify BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_declassify) #define _bn_div_consttime BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_div_consttime) #define _bn_expand BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_expand) #define _bn_fits_in_words BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_fits_in_words) @@ -2395,7 +2457,9 @@ #define _bn_mont_ctx_set_RR_consttime BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_mont_ctx_set_RR_consttime) #define _bn_mont_n0 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_mont_n0) #define _bn_mul4x_mont BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_mul4x_mont) +#define _bn_mul4x_mont_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_mul4x_mont_capable) #define _bn_mul4x_mont_gather5 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_mul4x_mont_gather5) +#define _bn_mul4x_mont_gather5_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_mul4x_mont_gather5_capable) #define _bn_mul_add_words BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_mul_add_words) #define _bn_mul_comba4 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_mul_comba4) #define _bn_mul_comba8 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_mul_comba8) @@ -2406,11 +2470,16 @@ #define _bn_mul_small BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_mul_small) #define _bn_mul_words BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_mul_words) #define _bn_mulx4x_mont BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_mulx4x_mont) +#define _bn_mulx4x_mont_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_mulx4x_mont_capable) #define _bn_mulx4x_mont_gather5 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_mulx4x_mont_gather5) +#define _bn_mulx4x_mont_gather5_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_mulx4x_mont_gather5_capable) +#define _bn_mulx_adx_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_mulx_adx_capable) #define _bn_odd_number_is_obviously_composite BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_odd_number_is_obviously_composite) #define _bn_one_to_montgomery BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_one_to_montgomery) +#define _bn_power5_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_power5_capable) #define _bn_power5_nohw BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_power5_nohw) #define _bn_powerx5 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_powerx5) +#define _bn_powerx5_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_powerx5_capable) #define _bn_rand_range_words BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_rand_range_words) #define _bn_rand_secret_range BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_rand_secret_range) #define _bn_reduce_once BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_reduce_once) @@ -2420,12 +2489,14 @@ #define _bn_rshift_secret_shift BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_rshift_secret_shift) #define _bn_rshift_words BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_rshift_words) #define _bn_scatter5 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_scatter5) +#define _bn_secret BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_secret) #define _bn_select_words BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_select_words) #define _bn_set_minimal_width BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_set_minimal_width) #define _bn_set_static_words BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_set_static_words) #define _bn_set_words BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_set_words) #define _bn_sqr8x_internal BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_sqr8x_internal) #define _bn_sqr8x_mont BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_sqr8x_mont) +#define _bn_sqr8x_mont_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_sqr8x_mont_capable) #define _bn_sqr_comba4 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_sqr_comba4) #define _bn_sqr_comba8 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_sqr_comba8) #define _bn_sqr_consttime BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_sqr_consttime) @@ -2438,12 +2509,20 @@ #define _bn_usub_consttime BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_usub_consttime) #define _bn_wexpand BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_wexpand) #define _bn_words_to_big_endian BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bn_words_to_big_endian) +#define _boringssl_ensure_ecc_self_test BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, boringssl_ensure_ecc_self_test) +#define _boringssl_ensure_ffdh_self_test BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, boringssl_ensure_ffdh_self_test) +#define _boringssl_ensure_rsa_self_test BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, boringssl_ensure_rsa_self_test) +#define _boringssl_fips_break_test BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, boringssl_fips_break_test) +#define _boringssl_fips_inc_counter BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, boringssl_fips_inc_counter) #define _boringssl_self_test_hmac_sha256 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, boringssl_self_test_hmac_sha256) #define _boringssl_self_test_sha256 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, boringssl_self_test_sha256) #define _boringssl_self_test_sha512 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, boringssl_self_test_sha512) +#define _bsaes_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bsaes_capable) +#define _bsaes_cbc_encrypt BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, bsaes_cbc_encrypt) #define _c2i_ASN1_BIT_STRING BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, c2i_ASN1_BIT_STRING) #define _c2i_ASN1_INTEGER BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, c2i_ASN1_INTEGER) #define _c2i_ASN1_OBJECT BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, c2i_ASN1_OBJECT) +#define _chacha20_poly1305_asm_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, chacha20_poly1305_asm_capable) #define _chacha20_poly1305_open BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, chacha20_poly1305_open) #define _chacha20_poly1305_open_avx2 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, chacha20_poly1305_open_avx2) #define _chacha20_poly1305_open_nohw BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, chacha20_poly1305_open_nohw) @@ -2690,7 +2769,6 @@ #define _ecp_nistz256_sub BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ecp_nistz256_sub) #define _ed25519_asn1_meth BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ed25519_asn1_meth) #define _ed25519_pkey_meth BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, ed25519_pkey_meth) -#define _evp_md_md5_sha1 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, evp_md_md5_sha1) #define _evp_pkey_set_method BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, evp_pkey_set_method) #define _fiat_curve25519_adx_mul BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, fiat_curve25519_adx_mul) #define _fiat_curve25519_adx_square BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, fiat_curve25519_adx_square) @@ -2714,7 +2792,12 @@ #define _gcm_init_nohw BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, gcm_init_nohw) #define _gcm_init_ssse3 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, gcm_init_ssse3) #define _gcm_init_v8 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, gcm_init_v8) +#define _gcm_neon_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, gcm_neon_capable) +#define _gcm_pmull_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, gcm_pmull_capable) +#define _have_fast_rdrand BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, have_fast_rdrand) +#define _have_rdrand BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, have_rdrand) #define _hkdf_pkey_meth BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, hkdf_pkey_meth) +#define _hwaes_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, hwaes_capable) #define _i2a_ASN1_ENUMERATED BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, i2a_ASN1_ENUMERATED) #define _i2a_ASN1_INTEGER BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, i2a_ASN1_INTEGER) #define _i2a_ASN1_OBJECT BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, i2a_ASN1_OBJECT) @@ -2850,7 +2933,30 @@ #define _kOpenSSLReasonStringData BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, kOpenSSLReasonStringData) #define _kOpenSSLReasonValues BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, kOpenSSLReasonValues) #define _kOpenSSLReasonValuesLen BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, kOpenSSLReasonValuesLen) -#define _md4_block_data_order BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, md4_block_data_order) +#define _lh_CONF_SECTION_call_cmp_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CONF_SECTION_call_cmp_func) +#define _lh_CONF_SECTION_call_doall_arg BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CONF_SECTION_call_doall_arg) +#define _lh_CONF_SECTION_call_hash_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CONF_SECTION_call_hash_func) +#define _lh_CONF_SECTION_doall_arg BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CONF_SECTION_doall_arg) +#define _lh_CONF_SECTION_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CONF_SECTION_free) +#define _lh_CONF_SECTION_insert BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CONF_SECTION_insert) +#define _lh_CONF_SECTION_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CONF_SECTION_new) +#define _lh_CONF_SECTION_retrieve BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CONF_SECTION_retrieve) +#define _lh_CONF_VALUE_call_cmp_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CONF_VALUE_call_cmp_func) +#define _lh_CONF_VALUE_call_doall_arg BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CONF_VALUE_call_doall_arg) +#define _lh_CONF_VALUE_call_hash_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CONF_VALUE_call_hash_func) +#define _lh_CONF_VALUE_doall_arg BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CONF_VALUE_doall_arg) +#define _lh_CONF_VALUE_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CONF_VALUE_free) +#define _lh_CONF_VALUE_insert BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CONF_VALUE_insert) +#define _lh_CONF_VALUE_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CONF_VALUE_new) +#define _lh_CONF_VALUE_retrieve BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CONF_VALUE_retrieve) +#define _lh_CRYPTO_BUFFER_call_cmp_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CRYPTO_BUFFER_call_cmp_func) +#define _lh_CRYPTO_BUFFER_call_hash_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CRYPTO_BUFFER_call_hash_func) +#define _lh_CRYPTO_BUFFER_delete BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CRYPTO_BUFFER_delete) +#define _lh_CRYPTO_BUFFER_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CRYPTO_BUFFER_free) +#define _lh_CRYPTO_BUFFER_insert BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CRYPTO_BUFFER_insert) +#define _lh_CRYPTO_BUFFER_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CRYPTO_BUFFER_new) +#define _lh_CRYPTO_BUFFER_num_items BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CRYPTO_BUFFER_num_items) +#define _lh_CRYPTO_BUFFER_retrieve BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, lh_CRYPTO_BUFFER_retrieve) #define _md5_block_asm_data_order BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, md5_block_asm_data_order) #define _o2i_ECPublicKey BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, o2i_ECPublicKey) #define _pkcs12_iterations_acceptable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, pkcs12_iterations_acceptable) @@ -2906,20 +3012,224 @@ #define _rsaz_1024_red2norm_avx2 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, rsaz_1024_red2norm_avx2) #define _rsaz_1024_scatter5_avx2 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, rsaz_1024_scatter5_avx2) #define _rsaz_1024_sqr_avx2 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, rsaz_1024_sqr_avx2) +#define _rsaz_avx2_preferred BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, rsaz_avx2_preferred) #define _s2i_ASN1_INTEGER BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, s2i_ASN1_INTEGER) #define _s2i_ASN1_OCTET_STRING BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, s2i_ASN1_OCTET_STRING) +#define _sha1_avx2_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha1_avx2_capable) +#define _sha1_avx_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha1_avx_capable) #define _sha1_block_data_order_avx BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha1_block_data_order_avx) #define _sha1_block_data_order_avx2 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha1_block_data_order_avx2) #define _sha1_block_data_order_hw BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha1_block_data_order_hw) #define _sha1_block_data_order_nohw BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha1_block_data_order_nohw) #define _sha1_block_data_order_ssse3 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha1_block_data_order_ssse3) +#define _sha1_hw_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha1_hw_capable) +#define _sha1_ssse3_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha1_ssse3_capable) +#define _sha256_avx_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha256_avx_capable) #define _sha256_block_data_order_avx BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha256_block_data_order_avx) #define _sha256_block_data_order_hw BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha256_block_data_order_hw) #define _sha256_block_data_order_nohw BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha256_block_data_order_nohw) #define _sha256_block_data_order_ssse3 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha256_block_data_order_ssse3) +#define _sha256_hw_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha256_hw_capable) +#define _sha256_ssse3_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha256_ssse3_capable) +#define _sha512_avx_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha512_avx_capable) #define _sha512_block_data_order_avx BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha512_block_data_order_avx) #define _sha512_block_data_order_hw BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha512_block_data_order_hw) #define _sha512_block_data_order_nohw BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha512_block_data_order_nohw) +#define _sha512_hw_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sha512_hw_capable) +#define _sk_ACCESS_DESCRIPTION_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ACCESS_DESCRIPTION_call_free_func) +#define _sk_ACCESS_DESCRIPTION_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ACCESS_DESCRIPTION_new_null) +#define _sk_ACCESS_DESCRIPTION_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ACCESS_DESCRIPTION_num) +#define _sk_ACCESS_DESCRIPTION_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ACCESS_DESCRIPTION_pop_free) +#define _sk_ACCESS_DESCRIPTION_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ACCESS_DESCRIPTION_push) +#define _sk_ACCESS_DESCRIPTION_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ACCESS_DESCRIPTION_value) +#define _sk_ASN1_INTEGER_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_INTEGER_num) +#define _sk_ASN1_INTEGER_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_INTEGER_push) +#define _sk_ASN1_INTEGER_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_INTEGER_value) +#define _sk_ASN1_OBJECT_call_cmp_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_OBJECT_call_cmp_func) +#define _sk_ASN1_OBJECT_call_copy_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_OBJECT_call_copy_func) +#define _sk_ASN1_OBJECT_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_OBJECT_call_free_func) +#define _sk_ASN1_OBJECT_deep_copy BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_OBJECT_deep_copy) +#define _sk_ASN1_OBJECT_dup BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_OBJECT_dup) +#define _sk_ASN1_OBJECT_find BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_OBJECT_find) +#define _sk_ASN1_OBJECT_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_OBJECT_free) +#define _sk_ASN1_OBJECT_is_sorted BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_OBJECT_is_sorted) +#define _sk_ASN1_OBJECT_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_OBJECT_new_null) +#define _sk_ASN1_OBJECT_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_OBJECT_num) +#define _sk_ASN1_OBJECT_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_OBJECT_pop_free) +#define _sk_ASN1_OBJECT_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_OBJECT_push) +#define _sk_ASN1_OBJECT_set_cmp_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_OBJECT_set_cmp_func) +#define _sk_ASN1_OBJECT_sort BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_OBJECT_sort) +#define _sk_ASN1_OBJECT_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_OBJECT_value) +#define _sk_ASN1_TYPE_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_TYPE_num) +#define _sk_ASN1_TYPE_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_TYPE_push) +#define _sk_ASN1_TYPE_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_TYPE_value) +#define _sk_ASN1_VALUE_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_VALUE_free) +#define _sk_ASN1_VALUE_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_VALUE_new_null) +#define _sk_ASN1_VALUE_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_VALUE_num) +#define _sk_ASN1_VALUE_pop BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_VALUE_pop) +#define _sk_ASN1_VALUE_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_VALUE_push) +#define _sk_ASN1_VALUE_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_ASN1_VALUE_value) +#define _sk_CONF_VALUE_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_CONF_VALUE_call_free_func) +#define _sk_CONF_VALUE_delete_ptr BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_CONF_VALUE_delete_ptr) +#define _sk_CONF_VALUE_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_CONF_VALUE_free) +#define _sk_CONF_VALUE_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_CONF_VALUE_new_null) +#define _sk_CONF_VALUE_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_CONF_VALUE_num) +#define _sk_CONF_VALUE_pop BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_CONF_VALUE_pop) +#define _sk_CONF_VALUE_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_CONF_VALUE_pop_free) +#define _sk_CONF_VALUE_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_CONF_VALUE_push) +#define _sk_CONF_VALUE_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_CONF_VALUE_value) +#define _sk_CRYPTO_BUFFER_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_CRYPTO_BUFFER_call_free_func) +#define _sk_CRYPTO_BUFFER_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_CRYPTO_BUFFER_new_null) +#define _sk_CRYPTO_BUFFER_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_CRYPTO_BUFFER_num) +#define _sk_CRYPTO_BUFFER_pop BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_CRYPTO_BUFFER_pop) +#define _sk_CRYPTO_BUFFER_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_CRYPTO_BUFFER_pop_free) +#define _sk_CRYPTO_BUFFER_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_CRYPTO_BUFFER_push) +#define _sk_CRYPTO_BUFFER_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_CRYPTO_BUFFER_value) +#define _sk_DIST_POINT_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_DIST_POINT_call_free_func) +#define _sk_DIST_POINT_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_DIST_POINT_new_null) +#define _sk_DIST_POINT_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_DIST_POINT_num) +#define _sk_DIST_POINT_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_DIST_POINT_pop_free) +#define _sk_DIST_POINT_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_DIST_POINT_push) +#define _sk_DIST_POINT_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_DIST_POINT_value) +#define _sk_GENERAL_NAME_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_GENERAL_NAME_call_free_func) +#define _sk_GENERAL_NAME_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_GENERAL_NAME_new_null) +#define _sk_GENERAL_NAME_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_GENERAL_NAME_num) +#define _sk_GENERAL_NAME_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_GENERAL_NAME_pop_free) +#define _sk_GENERAL_NAME_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_GENERAL_NAME_push) +#define _sk_GENERAL_NAME_set BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_GENERAL_NAME_set) +#define _sk_GENERAL_NAME_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_GENERAL_NAME_value) +#define _sk_GENERAL_SUBTREE_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_GENERAL_SUBTREE_new_null) +#define _sk_GENERAL_SUBTREE_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_GENERAL_SUBTREE_num) +#define _sk_GENERAL_SUBTREE_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_GENERAL_SUBTREE_push) +#define _sk_GENERAL_SUBTREE_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_GENERAL_SUBTREE_value) +#define _sk_OPENSSL_STRING_call_cmp_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_OPENSSL_STRING_call_cmp_func) +#define _sk_OPENSSL_STRING_call_copy_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_OPENSSL_STRING_call_copy_func) +#define _sk_OPENSSL_STRING_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_OPENSSL_STRING_call_free_func) +#define _sk_OPENSSL_STRING_deep_copy BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_OPENSSL_STRING_deep_copy) +#define _sk_OPENSSL_STRING_find BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_OPENSSL_STRING_find) +#define _sk_OPENSSL_STRING_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_OPENSSL_STRING_free) +#define _sk_OPENSSL_STRING_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_OPENSSL_STRING_new) +#define _sk_OPENSSL_STRING_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_OPENSSL_STRING_new_null) +#define _sk_OPENSSL_STRING_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_OPENSSL_STRING_num) +#define _sk_OPENSSL_STRING_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_OPENSSL_STRING_pop_free) +#define _sk_OPENSSL_STRING_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_OPENSSL_STRING_push) +#define _sk_OPENSSL_STRING_sort BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_OPENSSL_STRING_sort) +#define _sk_OPENSSL_STRING_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_OPENSSL_STRING_value) +#define _sk_POLICYINFO_call_cmp_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICYINFO_call_cmp_func) +#define _sk_POLICYINFO_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICYINFO_call_free_func) +#define _sk_POLICYINFO_find BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICYINFO_find) +#define _sk_POLICYINFO_is_sorted BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICYINFO_is_sorted) +#define _sk_POLICYINFO_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICYINFO_new_null) +#define _sk_POLICYINFO_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICYINFO_num) +#define _sk_POLICYINFO_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICYINFO_pop_free) +#define _sk_POLICYINFO_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICYINFO_push) +#define _sk_POLICYINFO_set_cmp_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICYINFO_set_cmp_func) +#define _sk_POLICYINFO_sort BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICYINFO_sort) +#define _sk_POLICYINFO_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICYINFO_value) +#define _sk_POLICYQUALINFO_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICYQUALINFO_new_null) +#define _sk_POLICYQUALINFO_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICYQUALINFO_num) +#define _sk_POLICYQUALINFO_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICYQUALINFO_push) +#define _sk_POLICYQUALINFO_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICYQUALINFO_value) +#define _sk_POLICY_MAPPING_call_cmp_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICY_MAPPING_call_cmp_func) +#define _sk_POLICY_MAPPING_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICY_MAPPING_call_free_func) +#define _sk_POLICY_MAPPING_find BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICY_MAPPING_find) +#define _sk_POLICY_MAPPING_is_sorted BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICY_MAPPING_is_sorted) +#define _sk_POLICY_MAPPING_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICY_MAPPING_new_null) +#define _sk_POLICY_MAPPING_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICY_MAPPING_num) +#define _sk_POLICY_MAPPING_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICY_MAPPING_pop_free) +#define _sk_POLICY_MAPPING_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICY_MAPPING_push) +#define _sk_POLICY_MAPPING_set_cmp_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICY_MAPPING_set_cmp_func) +#define _sk_POLICY_MAPPING_sort BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICY_MAPPING_sort) +#define _sk_POLICY_MAPPING_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_POLICY_MAPPING_value) +#define _sk_TRUST_TOKEN_PRETOKEN_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_TRUST_TOKEN_PRETOKEN_call_free_func) +#define _sk_TRUST_TOKEN_PRETOKEN_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_TRUST_TOKEN_PRETOKEN_new_null) +#define _sk_TRUST_TOKEN_PRETOKEN_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_TRUST_TOKEN_PRETOKEN_num) +#define _sk_TRUST_TOKEN_PRETOKEN_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_TRUST_TOKEN_PRETOKEN_pop_free) +#define _sk_TRUST_TOKEN_PRETOKEN_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_TRUST_TOKEN_PRETOKEN_push) +#define _sk_TRUST_TOKEN_PRETOKEN_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_TRUST_TOKEN_PRETOKEN_value) +#define _sk_TRUST_TOKEN_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_TRUST_TOKEN_call_free_func) +#define _sk_TRUST_TOKEN_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_TRUST_TOKEN_new_null) +#define _sk_TRUST_TOKEN_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_TRUST_TOKEN_pop_free) +#define _sk_TRUST_TOKEN_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_TRUST_TOKEN_push) +#define _sk_X509_ATTRIBUTE_delete BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_ATTRIBUTE_delete) +#define _sk_X509_ATTRIBUTE_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_ATTRIBUTE_new_null) +#define _sk_X509_ATTRIBUTE_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_ATTRIBUTE_num) +#define _sk_X509_ATTRIBUTE_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_ATTRIBUTE_push) +#define _sk_X509_ATTRIBUTE_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_ATTRIBUTE_value) +#define _sk_X509_CRL_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_CRL_call_free_func) +#define _sk_X509_CRL_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_CRL_free) +#define _sk_X509_CRL_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_CRL_new_null) +#define _sk_X509_CRL_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_CRL_num) +#define _sk_X509_CRL_pop BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_CRL_pop) +#define _sk_X509_CRL_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_CRL_pop_free) +#define _sk_X509_CRL_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_CRL_push) +#define _sk_X509_CRL_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_CRL_value) +#define _sk_X509_EXTENSION_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_EXTENSION_call_free_func) +#define _sk_X509_EXTENSION_delete BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_EXTENSION_delete) +#define _sk_X509_EXTENSION_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_EXTENSION_free) +#define _sk_X509_EXTENSION_insert BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_EXTENSION_insert) +#define _sk_X509_EXTENSION_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_EXTENSION_new_null) +#define _sk_X509_EXTENSION_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_EXTENSION_num) +#define _sk_X509_EXTENSION_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_EXTENSION_pop_free) +#define _sk_X509_EXTENSION_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_EXTENSION_push) +#define _sk_X509_EXTENSION_set BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_EXTENSION_set) +#define _sk_X509_EXTENSION_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_EXTENSION_value) +#define _sk_X509_INFO_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_INFO_call_free_func) +#define _sk_X509_INFO_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_INFO_free) +#define _sk_X509_INFO_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_INFO_new_null) +#define _sk_X509_INFO_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_INFO_num) +#define _sk_X509_INFO_pop BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_INFO_pop) +#define _sk_X509_INFO_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_INFO_pop_free) +#define _sk_X509_INFO_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_INFO_push) +#define _sk_X509_INFO_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_INFO_value) +#define _sk_X509_LOOKUP_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_LOOKUP_call_free_func) +#define _sk_X509_LOOKUP_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_LOOKUP_new_null) +#define _sk_X509_LOOKUP_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_LOOKUP_num) +#define _sk_X509_LOOKUP_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_LOOKUP_pop_free) +#define _sk_X509_LOOKUP_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_LOOKUP_push) +#define _sk_X509_LOOKUP_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_LOOKUP_value) +#define _sk_X509_NAME_ENTRY_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_call_free_func) +#define _sk_X509_NAME_ENTRY_delete BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_delete) +#define _sk_X509_NAME_ENTRY_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_free) +#define _sk_X509_NAME_ENTRY_insert BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_insert) +#define _sk_X509_NAME_ENTRY_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_new_null) +#define _sk_X509_NAME_ENTRY_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_num) +#define _sk_X509_NAME_ENTRY_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_pop_free) +#define _sk_X509_NAME_ENTRY_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_push) +#define _sk_X509_NAME_ENTRY_set BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_set) +#define _sk_X509_NAME_ENTRY_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_NAME_ENTRY_value) +#define _sk_X509_OBJECT_call_cmp_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_OBJECT_call_cmp_func) +#define _sk_X509_OBJECT_call_copy_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_OBJECT_call_copy_func) +#define _sk_X509_OBJECT_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_OBJECT_call_free_func) +#define _sk_X509_OBJECT_deep_copy BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_OBJECT_deep_copy) +#define _sk_X509_OBJECT_find BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_OBJECT_find) +#define _sk_X509_OBJECT_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_OBJECT_new) +#define _sk_X509_OBJECT_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_OBJECT_num) +#define _sk_X509_OBJECT_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_OBJECT_pop_free) +#define _sk_X509_OBJECT_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_OBJECT_push) +#define _sk_X509_OBJECT_sort BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_OBJECT_sort) +#define _sk_X509_OBJECT_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_OBJECT_value) +#define _sk_X509_REVOKED_call_cmp_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_REVOKED_call_cmp_func) +#define _sk_X509_REVOKED_find BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_REVOKED_find) +#define _sk_X509_REVOKED_is_sorted BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_REVOKED_is_sorted) +#define _sk_X509_REVOKED_new BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_REVOKED_new) +#define _sk_X509_REVOKED_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_REVOKED_num) +#define _sk_X509_REVOKED_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_REVOKED_push) +#define _sk_X509_REVOKED_set_cmp_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_REVOKED_set_cmp_func) +#define _sk_X509_REVOKED_sort BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_REVOKED_sort) +#define _sk_X509_REVOKED_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_REVOKED_value) +#define _sk_X509_call_free_func BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_call_free_func) +#define _sk_X509_delete BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_delete) +#define _sk_X509_delete_ptr BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_delete_ptr) +#define _sk_X509_dup BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_dup) +#define _sk_X509_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_free) +#define _sk_X509_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_new_null) +#define _sk_X509_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_num) +#define _sk_X509_pop BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_pop) +#define _sk_X509_pop_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_pop_free) +#define _sk_X509_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_push) +#define _sk_X509_set BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_set) +#define _sk_X509_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_X509_value) #define _sk_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_free) #define _sk_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_new_null) #define _sk_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_num) @@ -2928,12 +3238,28 @@ #define _sk_pop_free_ex BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_pop_free_ex) #define _sk_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_push) #define _sk_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_value) +#define _sk_void_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_void_free) +#define _sk_void_new_null BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_void_new_null) +#define _sk_void_num BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_void_num) +#define _sk_void_push BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_void_push) +#define _sk_void_set BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_void_set) +#define _sk_void_value BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, sk_void_value) +#define _slhdsa_copy_keypair_addr BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_copy_keypair_addr) #define _slhdsa_fors_pk_from_sig BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_fors_pk_from_sig) #define _slhdsa_fors_sign BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_fors_sign) #define _slhdsa_fors_sk_gen BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_fors_sk_gen) #define _slhdsa_fors_treehash BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_fors_treehash) +#define _slhdsa_get_tree_index BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_get_tree_index) #define _slhdsa_ht_sign BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_ht_sign) #define _slhdsa_ht_verify BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_ht_verify) +#define _slhdsa_set_chain_addr BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_set_chain_addr) +#define _slhdsa_set_hash_addr BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_set_hash_addr) +#define _slhdsa_set_keypair_addr BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_set_keypair_addr) +#define _slhdsa_set_layer_addr BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_set_layer_addr) +#define _slhdsa_set_tree_addr BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_set_tree_addr) +#define _slhdsa_set_tree_height BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_set_tree_height) +#define _slhdsa_set_tree_index BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_set_tree_index) +#define _slhdsa_set_type BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_set_type) #define _slhdsa_thash_f BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_thash_f) #define _slhdsa_thash_h BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_thash_h) #define _slhdsa_thash_hmsg BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, slhdsa_thash_hmsg) @@ -3024,9 +3350,11 @@ #define _voprf_pst1_sign BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, voprf_pst1_sign) #define _voprf_pst1_sign_with_proof_scalar_for_testing BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, voprf_pst1_sign_with_proof_scalar_for_testing) #define _voprf_pst1_unblind BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, voprf_pst1_unblind) +#define _vpaes_capable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, vpaes_capable) #define _vpaes_cbc_encrypt BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, vpaes_cbc_encrypt) #define _vpaes_ctr32_encrypt_blocks BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, vpaes_ctr32_encrypt_blocks) #define _vpaes_decrypt BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, vpaes_decrypt) +#define _vpaes_decrypt_key_to_bsaes BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, vpaes_decrypt_key_to_bsaes) #define _vpaes_encrypt BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, vpaes_encrypt) #define _vpaes_set_decrypt_key BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, vpaes_set_decrypt_key) #define _vpaes_set_encrypt_key BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, vpaes_set_encrypt_key) diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_crypto.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_crypto.h index 4c441a0d..092cd4c6 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_crypto.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_crypto.h @@ -181,7 +181,7 @@ OPENSSL_EXPORT int FIPS_mode_set(int on); OPENSSL_EXPORT const char *FIPS_module_name(void); // FIPS_module_hash returns the 32-byte hash of the FIPS module. -OPENSSL_EXPORT const uint8_t* FIPS_module_hash(void); +OPENSSL_EXPORT const uint8_t *FIPS_module_hash(void); // FIPS_version returns the version of the FIPS module, or zero if the build // isn't exactly at a verified version. The version, expressed in base 10, will diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_mldsa.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_mldsa.h index 80a70307..a99e6434 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_mldsa.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_mldsa.h @@ -22,12 +22,18 @@ extern "C" { #endif -// ML-DSA-65. +// ML-DSA. // // This implements the Module-Lattice-Based Digital Signature Standard from // https://csrc.nist.gov/pubs/fips/204/final +// MLDSA_SEED_BYTES is the number of bytes in an ML-DSA seed value. +#define MLDSA_SEED_BYTES 32 + + +// ML-DSA-65. + // MLDSA65_private_key contains an ML-DSA-65 private key. The contents of this // object should never leave the address space since the format is unstable. struct MLDSA65_private_key { @@ -58,9 +64,6 @@ struct MLDSA65_public_key { // signature. #define MLDSA65_SIGNATURE_BYTES 3309 -// MLDSA_SEED_BYTES is the number of bytes in an ML-DSA seed value. -#define MLDSA_SEED_BYTES 32 - // MLDSA65_generate_key generates a random public/private key pair, writes the // encoded public key to |out_encoded_public_key|, writes the seed to // |out_seed|, and sets |out_private_key| to the private key. Returns 1 on @@ -106,9 +109,6 @@ OPENSSL_EXPORT int MLDSA65_verify(const struct MLDSA65_public_key *public_key, size_t msg_len, const uint8_t *context, size_t context_len); - -// Serialisation of keys. - // MLDSA65_marshal_public_key serializes |public_key| to |out| in the standard // format for ML-DSA-65 public keys. It returns 1 on success or 0 on // allocation error. diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_slhdsa.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_slhdsa.h index 4c1d2237..a79fa512 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_slhdsa.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_slhdsa.h @@ -72,6 +72,60 @@ OPENSSL_EXPORT int SLHDSA_SHA2_128S_verify( size_t context_len); +// Prehashed SLH-DSA-SHA2-128s. +// +// These functions sign the hash of a message. They should generally not be +// used. The general functions are perfectly capable of signing a hash if you +// wish. These functions should only be used when: +// +// a) Compatibility with an external system that uses prehashed messages is +// required. (The general signature of a hash is not compatible with a +// "prehash" signature of the same hash.) +// b) A single private key is used to sign both prehashed and raw messages, +// and there's no other way to prevent ambiguity. + +// SLHDSA_SHA2_128S_prehash_warning_nonstandard_sign slowly generates a +// SLH-DSA-SHA2-128s signature of the prehashed |hashed_msg| using |private_key| +// and writes it to |out_signature|. The |context| argument is also signed over +// and can be used to include implicit contextual information that isn't +// included in |hashed_msg|. The same value of |context| must be presented to +// |SLHDSA_SHA2_128S_prehash_warning_nonstandard_verify| in order for the +// generated signature to be considered valid. |context| and |context_len| may +// be |NULL| and 0 to use an empty context (this is common). +// +// The |hash_nid| argument must specify the hash function that was used to +// generate |hashed_msg|. This function only accepts non-standard hash functions +// that are not compliant with FIPS 205. +// +// This function returns 1 on success and 0 if |context_len| is larger than 255, +// if the hash function is not supported, or if |hashed_msg| is the wrong +// length. +OPENSSL_EXPORT int SLHDSA_SHA2_128S_prehash_warning_nonstandard_sign( + uint8_t out_signature[SLHDSA_SHA2_128S_SIGNATURE_BYTES], + const uint8_t private_key[SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES], + const uint8_t *hashed_msg, size_t hashed_msg_len, int hash_nid, + const uint8_t *context, size_t context_len); + +// SLHDSA_SHA2_128S_prehash_warning_nonstandard_verify verifies that |signature| +// is a valid SLH-DSA-SHA2-128s signature of the prehashed |hashed_msg| by +// |public_key|, using the hash algorithm identified by |hash_nid|. The value of +// |context| must equal the value that was passed to +// |SLHDSA_SHA2_128S_prehash_sign| when the signature was generated. +// +// The |hash_nid| argument must specify the hash function that was used to +// generate |hashed_msg|. This function only accepts non-standard hash functions +// that are not compliant with FIPS 205. +// +// This function returns 1 if the signature is valid and 0 if the signature is +// invalid, the hash function is not supported, or if |hashed_msg| is the wrong +// length. +OPENSSL_EXPORT int SLHDSA_SHA2_128S_prehash_warning_nonstandard_verify( + const uint8_t *signature, size_t signature_len, + const uint8_t public_key[SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES], + const uint8_t *hashed_msg, size_t hashed_msg_len, int hash_nid, + const uint8_t *context, size_t context_len); + + #if defined(__cplusplus) } // extern C #endif diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_thread.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_thread.h index b893e0a4..0a7cb0ee 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_thread.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_thread.h @@ -79,8 +79,8 @@ typedef uint32_t CRYPTO_refcount_t; // Deprecated functions. // // Historically, OpenSSL required callers to provide locking callbacks. -// BoringSSL is thread-safe by default, but some old code calls these functions -// and so no-op implementations are provided. +// BoringSSL does not use external callbacks for locking, but some old code +// calls these functions and so no-op implementations are provided. // These defines do nothing but are provided to make old code easier to // compile. diff --git a/Sources/CCryptoBoringSSL/include/boringssl_prefix_symbols_nasm.inc b/Sources/CCryptoBoringSSL/include/boringssl_prefix_symbols_nasm.inc index e1ebe170..9e089b92 100644 --- a/Sources/CCryptoBoringSSL/include/boringssl_prefix_symbols_nasm.inc +++ b/Sources/CCryptoBoringSSL/include/boringssl_prefix_symbols_nasm.inc @@ -15,7 +15,6 @@ ; 32-bit Windows adds underscores to C functions, while 64-bit Windows does not. %ifidn __OUTPUT_FORMAT__, win32 %xdefine _ACCESS_DESCRIPTION_free _ %+ BORINGSSL_PREFIX %+ _ACCESS_DESCRIPTION_free -%xdefine _ACCESS_DESCRIPTION_it _ %+ BORINGSSL_PREFIX %+ _ACCESS_DESCRIPTION_it %xdefine _ACCESS_DESCRIPTION_new _ %+ BORINGSSL_PREFIX %+ _ACCESS_DESCRIPTION_new %xdefine _AES_CMAC _ %+ BORINGSSL_PREFIX %+ _AES_CMAC %xdefine _AES_cbc_encrypt _ %+ BORINGSSL_PREFIX %+ _AES_cbc_encrypt @@ -100,9 +99,7 @@ %xdefine _ASN1_PRINTABLE_free _ %+ BORINGSSL_PREFIX %+ _ASN1_PRINTABLE_free %xdefine _ASN1_PRINTABLE_it _ %+ BORINGSSL_PREFIX %+ _ASN1_PRINTABLE_it %xdefine _ASN1_PRINTABLE_new _ %+ BORINGSSL_PREFIX %+ _ASN1_PRINTABLE_new -%xdefine _ASN1_SEQUENCE_ANY_it _ %+ BORINGSSL_PREFIX %+ _ASN1_SEQUENCE_ANY_it %xdefine _ASN1_SEQUENCE_it _ %+ BORINGSSL_PREFIX %+ _ASN1_SEQUENCE_it -%xdefine _ASN1_SET_ANY_it _ %+ BORINGSSL_PREFIX %+ _ASN1_SET_ANY_it %xdefine _ASN1_STRING_TABLE_add _ %+ BORINGSSL_PREFIX %+ _ASN1_STRING_TABLE_add %xdefine _ASN1_STRING_TABLE_cleanup _ %+ BORINGSSL_PREFIX %+ _ASN1_STRING_TABLE_cleanup %xdefine _ASN1_STRING_cmp _ %+ BORINGSSL_PREFIX %+ _ASN1_STRING_cmp @@ -242,6 +239,7 @@ %xdefine _BIO_ctrl_get_read_request _ %+ BORINGSSL_PREFIX %+ _BIO_ctrl_get_read_request %xdefine _BIO_ctrl_get_write_guarantee _ %+ BORINGSSL_PREFIX %+ _BIO_ctrl_get_write_guarantee %xdefine _BIO_ctrl_pending _ %+ BORINGSSL_PREFIX %+ _BIO_ctrl_pending +%xdefine _BIO_do_connect _ %+ BORINGSSL_PREFIX %+ _BIO_do_connect %xdefine _BIO_eof _ %+ BORINGSSL_PREFIX %+ _BIO_eof %xdefine _BIO_find_type _ %+ BORINGSSL_PREFIX %+ _BIO_find_type %xdefine _BIO_flush _ %+ BORINGSSL_PREFIX %+ _BIO_flush @@ -276,10 +274,12 @@ %xdefine _BIO_method_type _ %+ BORINGSSL_PREFIX %+ _BIO_method_type %xdefine _BIO_new _ %+ BORINGSSL_PREFIX %+ _BIO_new %xdefine _BIO_new_bio_pair _ %+ BORINGSSL_PREFIX %+ _BIO_new_bio_pair +%xdefine _BIO_new_connect _ %+ BORINGSSL_PREFIX %+ _BIO_new_connect %xdefine _BIO_new_fd _ %+ BORINGSSL_PREFIX %+ _BIO_new_fd %xdefine _BIO_new_file _ %+ BORINGSSL_PREFIX %+ _BIO_new_file %xdefine _BIO_new_fp _ %+ BORINGSSL_PREFIX %+ _BIO_new_fp %xdefine _BIO_new_mem_buf _ %+ BORINGSSL_PREFIX %+ _BIO_new_mem_buf +%xdefine _BIO_new_socket _ %+ BORINGSSL_PREFIX %+ _BIO_new_socket %xdefine _BIO_next _ %+ BORINGSSL_PREFIX %+ _BIO_next %xdefine _BIO_number_read _ %+ BORINGSSL_PREFIX %+ _BIO_number_read %xdefine _BIO_number_written _ %+ BORINGSSL_PREFIX %+ _BIO_number_written @@ -294,11 +294,16 @@ %xdefine _BIO_read_filename _ %+ BORINGSSL_PREFIX %+ _BIO_read_filename %xdefine _BIO_reset _ %+ BORINGSSL_PREFIX %+ _BIO_reset %xdefine _BIO_rw_filename _ %+ BORINGSSL_PREFIX %+ _BIO_rw_filename +%xdefine _BIO_s_connect _ %+ BORINGSSL_PREFIX %+ _BIO_s_connect %xdefine _BIO_s_fd _ %+ BORINGSSL_PREFIX %+ _BIO_s_fd %xdefine _BIO_s_file _ %+ BORINGSSL_PREFIX %+ _BIO_s_file %xdefine _BIO_s_mem _ %+ BORINGSSL_PREFIX %+ _BIO_s_mem +%xdefine _BIO_s_socket _ %+ BORINGSSL_PREFIX %+ _BIO_s_socket %xdefine _BIO_seek _ %+ BORINGSSL_PREFIX %+ _BIO_seek %xdefine _BIO_set_close _ %+ BORINGSSL_PREFIX %+ _BIO_set_close +%xdefine _BIO_set_conn_hostname _ %+ BORINGSSL_PREFIX %+ _BIO_set_conn_hostname +%xdefine _BIO_set_conn_int_port _ %+ BORINGSSL_PREFIX %+ _BIO_set_conn_int_port +%xdefine _BIO_set_conn_port _ %+ BORINGSSL_PREFIX %+ _BIO_set_conn_port %xdefine _BIO_set_data _ %+ BORINGSSL_PREFIX %+ _BIO_set_data %xdefine _BIO_set_ex_data _ %+ BORINGSSL_PREFIX %+ _BIO_set_ex_data %xdefine _BIO_set_fd _ %+ BORINGSSL_PREFIX %+ _BIO_set_fd @@ -307,6 +312,7 @@ %xdefine _BIO_set_init _ %+ BORINGSSL_PREFIX %+ _BIO_set_init %xdefine _BIO_set_mem_buf _ %+ BORINGSSL_PREFIX %+ _BIO_set_mem_buf %xdefine _BIO_set_mem_eof_return _ %+ BORINGSSL_PREFIX %+ _BIO_set_mem_eof_return +%xdefine _BIO_set_nbio _ %+ BORINGSSL_PREFIX %+ _BIO_set_nbio %xdefine _BIO_set_retry_read _ %+ BORINGSSL_PREFIX %+ _BIO_set_retry_read %xdefine _BIO_set_retry_reason _ %+ BORINGSSL_PREFIX %+ _BIO_set_retry_reason %xdefine _BIO_set_retry_special _ %+ BORINGSSL_PREFIX %+ _BIO_set_retry_special @@ -533,6 +539,7 @@ %xdefine _CBS_asn1_oid_to_text _ %+ BORINGSSL_PREFIX %+ _CBS_asn1_oid_to_text %xdefine _CBS_contains_zero_byte _ %+ BORINGSSL_PREFIX %+ _CBS_contains_zero_byte %xdefine _CBS_copy_bytes _ %+ BORINGSSL_PREFIX %+ _CBS_copy_bytes +%xdefine _CBS_data _ %+ BORINGSSL_PREFIX %+ _CBS_data %xdefine _CBS_get_any_asn1 _ %+ BORINGSSL_PREFIX %+ _CBS_get_any_asn1 %xdefine _CBS_get_any_asn1_element _ %+ BORINGSSL_PREFIX %+ _CBS_get_any_asn1_element %xdefine _CBS_get_any_ber_asn1_element _ %+ BORINGSSL_PREFIX %+ _CBS_get_any_ber_asn1_element @@ -565,10 +572,12 @@ %xdefine _CBS_get_until_first _ %+ BORINGSSL_PREFIX %+ _CBS_get_until_first %xdefine _CBS_get_utf32_be _ %+ BORINGSSL_PREFIX %+ _CBS_get_utf32_be %xdefine _CBS_get_utf8 _ %+ BORINGSSL_PREFIX %+ _CBS_get_utf8 +%xdefine _CBS_init _ %+ BORINGSSL_PREFIX %+ _CBS_init %xdefine _CBS_is_unsigned_asn1_integer _ %+ BORINGSSL_PREFIX %+ _CBS_is_unsigned_asn1_integer %xdefine _CBS_is_valid_asn1_bitstring _ %+ BORINGSSL_PREFIX %+ _CBS_is_valid_asn1_bitstring %xdefine _CBS_is_valid_asn1_integer _ %+ BORINGSSL_PREFIX %+ _CBS_is_valid_asn1_integer %xdefine _CBS_is_valid_asn1_oid _ %+ BORINGSSL_PREFIX %+ _CBS_is_valid_asn1_oid +%xdefine _CBS_len _ %+ BORINGSSL_PREFIX %+ _CBS_len %xdefine _CBS_mem_equal _ %+ BORINGSSL_PREFIX %+ _CBS_mem_equal %xdefine _CBS_parse_generalized_time _ %+ BORINGSSL_PREFIX %+ _CBS_parse_generalized_time %xdefine _CBS_parse_utc_time _ %+ BORINGSSL_PREFIX %+ _CBS_parse_utc_time @@ -617,6 +626,9 @@ %xdefine _CRYPTO_THREADID_set_callback _ %+ BORINGSSL_PREFIX %+ _CRYPTO_THREADID_set_callback %xdefine _CRYPTO_THREADID_set_numeric _ %+ BORINGSSL_PREFIX %+ _CRYPTO_THREADID_set_numeric %xdefine _CRYPTO_THREADID_set_pointer _ %+ BORINGSSL_PREFIX %+ _CRYPTO_THREADID_set_pointer +%xdefine _CRYPTO_atomic_compare_exchange_weak_u32 _ %+ BORINGSSL_PREFIX %+ _CRYPTO_atomic_compare_exchange_weak_u32 +%xdefine _CRYPTO_atomic_load_u32 _ %+ BORINGSSL_PREFIX %+ _CRYPTO_atomic_load_u32 +%xdefine _CRYPTO_atomic_store_u32 _ %+ BORINGSSL_PREFIX %+ _CRYPTO_atomic_store_u32 %xdefine _CRYPTO_cbc128_decrypt _ %+ BORINGSSL_PREFIX %+ _CRYPTO_cbc128_decrypt %xdefine _CRYPTO_cbc128_encrypt _ %+ BORINGSSL_PREFIX %+ _CRYPTO_cbc128_encrypt %xdefine _CRYPTO_cfb128_1_encrypt _ %+ BORINGSSL_PREFIX %+ _CRYPTO_cfb128_1_encrypt @@ -624,6 +636,7 @@ %xdefine _CRYPTO_cfb128_encrypt _ %+ BORINGSSL_PREFIX %+ _CRYPTO_cfb128_encrypt %xdefine _CRYPTO_chacha_20 _ %+ BORINGSSL_PREFIX %+ _CRYPTO_chacha_20 %xdefine _CRYPTO_cleanup_all_ex_data _ %+ BORINGSSL_PREFIX %+ _CRYPTO_cleanup_all_ex_data +%xdefine _CRYPTO_cpu_perf_is_like_silvermont _ %+ BORINGSSL_PREFIX %+ _CRYPTO_cpu_perf_is_like_silvermont %xdefine _CRYPTO_ctr128_encrypt _ %+ BORINGSSL_PREFIX %+ _CRYPTO_ctr128_encrypt %xdefine _CRYPTO_ctr128_encrypt_ctr32 _ %+ BORINGSSL_PREFIX %+ _CRYPTO_ctr128_encrypt_ctr32 %xdefine _CRYPTO_fips_186_2_prf _ %+ BORINGSSL_PREFIX %+ _CRYPTO_fips_186_2_prf @@ -653,7 +666,27 @@ %xdefine _CRYPTO_has_asm _ %+ BORINGSSL_PREFIX %+ _CRYPTO_has_asm %xdefine _CRYPTO_hchacha20 _ %+ BORINGSSL_PREFIX %+ _CRYPTO_hchacha20 %xdefine _CRYPTO_init_sysrand _ %+ BORINGSSL_PREFIX %+ _CRYPTO_init_sysrand +%xdefine _CRYPTO_is_ADX_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_ADX_capable +%xdefine _CRYPTO_is_AESNI_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_AESNI_capable +%xdefine _CRYPTO_is_ARMv8_AES_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_ARMv8_AES_capable +%xdefine _CRYPTO_is_ARMv8_PMULL_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_ARMv8_PMULL_capable +%xdefine _CRYPTO_is_ARMv8_SHA1_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_ARMv8_SHA1_capable +%xdefine _CRYPTO_is_ARMv8_SHA256_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_ARMv8_SHA256_capable +%xdefine _CRYPTO_is_ARMv8_SHA512_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_ARMv8_SHA512_capable +%xdefine _CRYPTO_is_AVX2_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_AVX2_capable +%xdefine _CRYPTO_is_AVX_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_AVX_capable +%xdefine _CRYPTO_is_BMI1_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_BMI1_capable +%xdefine _CRYPTO_is_BMI2_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_BMI2_capable +%xdefine _CRYPTO_is_FXSR_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_FXSR_capable +%xdefine _CRYPTO_is_MOVBE_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_MOVBE_capable +%xdefine _CRYPTO_is_NEON_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_NEON_capable +%xdefine _CRYPTO_is_PCLMUL_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_PCLMUL_capable +%xdefine _CRYPTO_is_RDRAND_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_RDRAND_capable +%xdefine _CRYPTO_is_SSE4_1_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_SSE4_1_capable +%xdefine _CRYPTO_is_SSSE3_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_SSSE3_capable %xdefine _CRYPTO_is_confidential_build _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_confidential_build +%xdefine _CRYPTO_is_intel_cpu _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_intel_cpu +%xdefine _CRYPTO_is_x86_SHA_capable _ %+ BORINGSSL_PREFIX %+ _CRYPTO_is_x86_SHA_capable %xdefine _CRYPTO_library_init _ %+ BORINGSSL_PREFIX %+ _CRYPTO_library_init %xdefine _CRYPTO_malloc _ %+ BORINGSSL_PREFIX %+ _CRYPTO_malloc %xdefine _CRYPTO_malloc_init _ %+ BORINGSSL_PREFIX %+ _CRYPTO_malloc_init @@ -687,6 +720,7 @@ %xdefine _CRYPTO_sysrand_if_available _ %+ BORINGSSL_PREFIX %+ _CRYPTO_sysrand_if_available %xdefine _CRYPTO_tls13_hkdf_expand_label _ %+ BORINGSSL_PREFIX %+ _CRYPTO_tls13_hkdf_expand_label %xdefine _CRYPTO_tls1_prf _ %+ BORINGSSL_PREFIX %+ _CRYPTO_tls1_prf +%xdefine _CRYPTO_xor16 _ %+ BORINGSSL_PREFIX %+ _CRYPTO_xor16 %xdefine _CTR_DRBG_clear _ %+ BORINGSSL_PREFIX %+ _CTR_DRBG_clear %xdefine _CTR_DRBG_free _ %+ BORINGSSL_PREFIX %+ _CTR_DRBG_free %xdefine _CTR_DRBG_generate _ %+ BORINGSSL_PREFIX %+ _CTR_DRBG_generate @@ -694,10 +728,14 @@ %xdefine _CTR_DRBG_new _ %+ BORINGSSL_PREFIX %+ _CTR_DRBG_new %xdefine _CTR_DRBG_reseed _ %+ BORINGSSL_PREFIX %+ _CTR_DRBG_reseed %xdefine _ChaCha20_ctr32_avx2 _ %+ BORINGSSL_PREFIX %+ _ChaCha20_ctr32_avx2 +%xdefine _ChaCha20_ctr32_avx2_capable _ %+ BORINGSSL_PREFIX %+ _ChaCha20_ctr32_avx2_capable %xdefine _ChaCha20_ctr32_neon _ %+ BORINGSSL_PREFIX %+ _ChaCha20_ctr32_neon +%xdefine _ChaCha20_ctr32_neon_capable _ %+ BORINGSSL_PREFIX %+ _ChaCha20_ctr32_neon_capable %xdefine _ChaCha20_ctr32_nohw _ %+ BORINGSSL_PREFIX %+ _ChaCha20_ctr32_nohw %xdefine _ChaCha20_ctr32_ssse3 _ %+ BORINGSSL_PREFIX %+ _ChaCha20_ctr32_ssse3 %xdefine _ChaCha20_ctr32_ssse3_4x _ %+ BORINGSSL_PREFIX %+ _ChaCha20_ctr32_ssse3_4x +%xdefine _ChaCha20_ctr32_ssse3_4x_capable _ %+ BORINGSSL_PREFIX %+ _ChaCha20_ctr32_ssse3_4x_capable +%xdefine _ChaCha20_ctr32_ssse3_capable _ %+ BORINGSSL_PREFIX %+ _ChaCha20_ctr32_ssse3_capable %xdefine _DES_decrypt3 _ %+ BORINGSSL_PREFIX %+ _DES_decrypt3 %xdefine _DES_ecb3_encrypt _ %+ BORINGSSL_PREFIX %+ _DES_ecb3_encrypt %xdefine _DES_ecb3_encrypt_ex _ %+ BORINGSSL_PREFIX %+ _DES_ecb3_encrypt_ex @@ -757,10 +795,8 @@ %xdefine _DISPLAYTEXT_it _ %+ BORINGSSL_PREFIX %+ _DISPLAYTEXT_it %xdefine _DISPLAYTEXT_new _ %+ BORINGSSL_PREFIX %+ _DISPLAYTEXT_new %xdefine _DIST_POINT_NAME_free _ %+ BORINGSSL_PREFIX %+ _DIST_POINT_NAME_free -%xdefine _DIST_POINT_NAME_it _ %+ BORINGSSL_PREFIX %+ _DIST_POINT_NAME_it %xdefine _DIST_POINT_NAME_new _ %+ BORINGSSL_PREFIX %+ _DIST_POINT_NAME_new %xdefine _DIST_POINT_free _ %+ BORINGSSL_PREFIX %+ _DIST_POINT_free -%xdefine _DIST_POINT_it _ %+ BORINGSSL_PREFIX %+ _DIST_POINT_it %xdefine _DIST_POINT_new _ %+ BORINGSSL_PREFIX %+ _DIST_POINT_new %xdefine _DIST_POINT_set_dpname _ %+ BORINGSSL_PREFIX %+ _DIST_POINT_set_dpname %xdefine _DSA_SIG_free _ %+ BORINGSSL_PREFIX %+ _DSA_SIG_free @@ -917,7 +953,6 @@ %xdefine _ED25519_sign _ %+ BORINGSSL_PREFIX %+ _ED25519_sign %xdefine _ED25519_verify _ %+ BORINGSSL_PREFIX %+ _ED25519_verify %xdefine _EDIPARTYNAME_free _ %+ BORINGSSL_PREFIX %+ _EDIPARTYNAME_free -%xdefine _EDIPARTYNAME_it _ %+ BORINGSSL_PREFIX %+ _EDIPARTYNAME_it %xdefine _EDIPARTYNAME_new _ %+ BORINGSSL_PREFIX %+ _EDIPARTYNAME_new %xdefine _ENGINE_free _ %+ BORINGSSL_PREFIX %+ _ENGINE_free %xdefine _ENGINE_get_ECDSA_method _ %+ BORINGSSL_PREFIX %+ _ENGINE_get_ECDSA_method @@ -927,6 +962,8 @@ %xdefine _ENGINE_register_all_complete _ %+ BORINGSSL_PREFIX %+ _ENGINE_register_all_complete %xdefine _ENGINE_set_ECDSA_method _ %+ BORINGSSL_PREFIX %+ _ENGINE_set_ECDSA_method %xdefine _ENGINE_set_RSA_method _ %+ BORINGSSL_PREFIX %+ _ENGINE_set_RSA_method +%xdefine _ERR_GET_LIB _ %+ BORINGSSL_PREFIX %+ _ERR_GET_LIB +%xdefine _ERR_GET_REASON _ %+ BORINGSSL_PREFIX %+ _ERR_GET_REASON %xdefine _ERR_SAVE_STATE_free _ %+ BORINGSSL_PREFIX %+ _ERR_SAVE_STATE_free %xdefine _ERR_add_error_data _ %+ BORINGSSL_PREFIX %+ _ERR_add_error_data %xdefine _ERR_add_error_dataf _ %+ BORINGSSL_PREFIX %+ _ERR_add_error_dataf @@ -1326,7 +1363,6 @@ %xdefine _GENERAL_NAME_set0_othername _ %+ BORINGSSL_PREFIX %+ _GENERAL_NAME_set0_othername %xdefine _GENERAL_NAME_set0_value _ %+ BORINGSSL_PREFIX %+ _GENERAL_NAME_set0_value %xdefine _GENERAL_SUBTREE_free _ %+ BORINGSSL_PREFIX %+ _GENERAL_SUBTREE_free -%xdefine _GENERAL_SUBTREE_it _ %+ BORINGSSL_PREFIX %+ _GENERAL_SUBTREE_it %xdefine _GENERAL_SUBTREE_new _ %+ BORINGSSL_PREFIX %+ _GENERAL_SUBTREE_new %xdefine _HKDF _ %+ BORINGSSL_PREFIX %+ _HKDF %xdefine _HKDF_expand _ %+ BORINGSSL_PREFIX %+ _HKDF_expand @@ -1390,6 +1426,28 @@ %xdefine _MLDSA65_sign_internal _ %+ BORINGSSL_PREFIX %+ _MLDSA65_sign_internal %xdefine _MLDSA65_verify _ %+ BORINGSSL_PREFIX %+ _MLDSA65_verify %xdefine _MLDSA65_verify_internal _ %+ BORINGSSL_PREFIX %+ _MLDSA65_verify_internal +%xdefine _MLKEM1024_decap _ %+ BORINGSSL_PREFIX %+ _MLKEM1024_decap +%xdefine _MLKEM1024_encap _ %+ BORINGSSL_PREFIX %+ _MLKEM1024_encap +%xdefine _MLKEM1024_encap_external_entropy _ %+ BORINGSSL_PREFIX %+ _MLKEM1024_encap_external_entropy +%xdefine _MLKEM1024_generate_key _ %+ BORINGSSL_PREFIX %+ _MLKEM1024_generate_key +%xdefine _MLKEM1024_generate_key_external_seed _ %+ BORINGSSL_PREFIX %+ _MLKEM1024_generate_key_external_seed +%xdefine _MLKEM1024_marshal_private_key _ %+ BORINGSSL_PREFIX %+ _MLKEM1024_marshal_private_key +%xdefine _MLKEM1024_marshal_public_key _ %+ BORINGSSL_PREFIX %+ _MLKEM1024_marshal_public_key +%xdefine _MLKEM1024_parse_private_key _ %+ BORINGSSL_PREFIX %+ _MLKEM1024_parse_private_key +%xdefine _MLKEM1024_parse_public_key _ %+ BORINGSSL_PREFIX %+ _MLKEM1024_parse_public_key +%xdefine _MLKEM1024_private_key_from_seed _ %+ BORINGSSL_PREFIX %+ _MLKEM1024_private_key_from_seed +%xdefine _MLKEM1024_public_from_private _ %+ BORINGSSL_PREFIX %+ _MLKEM1024_public_from_private +%xdefine _MLKEM768_decap _ %+ BORINGSSL_PREFIX %+ _MLKEM768_decap +%xdefine _MLKEM768_encap _ %+ BORINGSSL_PREFIX %+ _MLKEM768_encap +%xdefine _MLKEM768_encap_external_entropy _ %+ BORINGSSL_PREFIX %+ _MLKEM768_encap_external_entropy +%xdefine _MLKEM768_generate_key _ %+ BORINGSSL_PREFIX %+ _MLKEM768_generate_key +%xdefine _MLKEM768_generate_key_external_seed _ %+ BORINGSSL_PREFIX %+ _MLKEM768_generate_key_external_seed +%xdefine _MLKEM768_marshal_private_key _ %+ BORINGSSL_PREFIX %+ _MLKEM768_marshal_private_key +%xdefine _MLKEM768_marshal_public_key _ %+ BORINGSSL_PREFIX %+ _MLKEM768_marshal_public_key +%xdefine _MLKEM768_parse_private_key _ %+ BORINGSSL_PREFIX %+ _MLKEM768_parse_private_key +%xdefine _MLKEM768_parse_public_key _ %+ BORINGSSL_PREFIX %+ _MLKEM768_parse_public_key +%xdefine _MLKEM768_private_key_from_seed _ %+ BORINGSSL_PREFIX %+ _MLKEM768_private_key_from_seed +%xdefine _MLKEM768_public_from_private _ %+ BORINGSSL_PREFIX %+ _MLKEM768_public_from_private %xdefine _NAME_CONSTRAINTS_check _ %+ BORINGSSL_PREFIX %+ _NAME_CONSTRAINTS_check %xdefine _NAME_CONSTRAINTS_free _ %+ BORINGSSL_PREFIX %+ _NAME_CONSTRAINTS_free %xdefine _NAME_CONSTRAINTS_it _ %+ BORINGSSL_PREFIX %+ _NAME_CONSTRAINTS_it @@ -1516,7 +1574,6 @@ %xdefine _OPENSSL_vasprintf_internal _ %+ BORINGSSL_PREFIX %+ _OPENSSL_vasprintf_internal %xdefine _OPENSSL_zalloc _ %+ BORINGSSL_PREFIX %+ _OPENSSL_zalloc %xdefine _OTHERNAME_free _ %+ BORINGSSL_PREFIX %+ _OTHERNAME_free -%xdefine _OTHERNAME_it _ %+ BORINGSSL_PREFIX %+ _OTHERNAME_it %xdefine _OTHERNAME_new _ %+ BORINGSSL_PREFIX %+ _OTHERNAME_new %xdefine _OpenSSL_add_all_algorithms _ %+ BORINGSSL_PREFIX %+ _OpenSSL_add_all_algorithms %xdefine _OpenSSL_add_all_ciphers _ %+ BORINGSSL_PREFIX %+ _OpenSSL_add_all_ciphers @@ -1643,7 +1700,6 @@ %xdefine _PKCS7_type_is_signed _ %+ BORINGSSL_PREFIX %+ _PKCS7_type_is_signed %xdefine _PKCS7_type_is_signedAndEnveloped _ %+ BORINGSSL_PREFIX %+ _PKCS7_type_is_signedAndEnveloped %xdefine _PKCS8_PRIV_KEY_INFO_free _ %+ BORINGSSL_PREFIX %+ _PKCS8_PRIV_KEY_INFO_free -%xdefine _PKCS8_PRIV_KEY_INFO_it _ %+ BORINGSSL_PREFIX %+ _PKCS8_PRIV_KEY_INFO_it %xdefine _PKCS8_PRIV_KEY_INFO_new _ %+ BORINGSSL_PREFIX %+ _PKCS8_PRIV_KEY_INFO_new %xdefine _PKCS8_decrypt _ %+ BORINGSSL_PREFIX %+ _PKCS8_decrypt %xdefine _PKCS8_encrypt _ %+ BORINGSSL_PREFIX %+ _PKCS8_encrypt @@ -1660,7 +1716,6 @@ %xdefine _POLICY_CONSTRAINTS_new _ %+ BORINGSSL_PREFIX %+ _POLICY_CONSTRAINTS_new %xdefine _POLICY_MAPPINGS_it _ %+ BORINGSSL_PREFIX %+ _POLICY_MAPPINGS_it %xdefine _POLICY_MAPPING_free _ %+ BORINGSSL_PREFIX %+ _POLICY_MAPPING_free -%xdefine _POLICY_MAPPING_it _ %+ BORINGSSL_PREFIX %+ _POLICY_MAPPING_it %xdefine _POLICY_MAPPING_new _ %+ BORINGSSL_PREFIX %+ _POLICY_MAPPING_new %xdefine _RAND_OpenSSL _ %+ BORINGSSL_PREFIX %+ _RAND_OpenSSL %xdefine _RAND_SSLeay _ %+ BORINGSSL_PREFIX %+ _RAND_SSLeay @@ -1788,6 +1843,8 @@ %xdefine _SIPHASH_24 _ %+ BORINGSSL_PREFIX %+ _SIPHASH_24 %xdefine _SLHDSA_SHA2_128S_generate_key _ %+ BORINGSSL_PREFIX %+ _SLHDSA_SHA2_128S_generate_key %xdefine _SLHDSA_SHA2_128S_generate_key_from_seed _ %+ BORINGSSL_PREFIX %+ _SLHDSA_SHA2_128S_generate_key_from_seed +%xdefine _SLHDSA_SHA2_128S_prehash_warning_nonstandard_sign _ %+ BORINGSSL_PREFIX %+ _SLHDSA_SHA2_128S_prehash_warning_nonstandard_sign +%xdefine _SLHDSA_SHA2_128S_prehash_warning_nonstandard_verify _ %+ BORINGSSL_PREFIX %+ _SLHDSA_SHA2_128S_prehash_warning_nonstandard_verify %xdefine _SLHDSA_SHA2_128S_public_from_private _ %+ BORINGSSL_PREFIX %+ _SLHDSA_SHA2_128S_public_from_private %xdefine _SLHDSA_SHA2_128S_sign _ %+ BORINGSSL_PREFIX %+ _SLHDSA_SHA2_128S_sign %xdefine _SLHDSA_SHA2_128S_sign_internal _ %+ BORINGSSL_PREFIX %+ _SLHDSA_SHA2_128S_sign_internal @@ -1962,7 +2019,6 @@ %xdefine _X509_LOOKUP_free _ %+ BORINGSSL_PREFIX %+ _X509_LOOKUP_free %xdefine _X509_LOOKUP_hash_dir _ %+ BORINGSSL_PREFIX %+ _X509_LOOKUP_hash_dir %xdefine _X509_LOOKUP_load_file _ %+ BORINGSSL_PREFIX %+ _X509_LOOKUP_load_file -%xdefine _X509_NAME_ENTRIES_it _ %+ BORINGSSL_PREFIX %+ _X509_NAME_ENTRIES_it %xdefine _X509_NAME_ENTRY_create_by_NID _ %+ BORINGSSL_PREFIX %+ _X509_NAME_ENTRY_create_by_NID %xdefine _X509_NAME_ENTRY_create_by_OBJ _ %+ BORINGSSL_PREFIX %+ _X509_NAME_ENTRY_create_by_OBJ %xdefine _X509_NAME_ENTRY_create_by_txt _ %+ BORINGSSL_PREFIX %+ _X509_NAME_ENTRY_create_by_txt @@ -1975,7 +2031,6 @@ %xdefine _X509_NAME_ENTRY_set _ %+ BORINGSSL_PREFIX %+ _X509_NAME_ENTRY_set %xdefine _X509_NAME_ENTRY_set_data _ %+ BORINGSSL_PREFIX %+ _X509_NAME_ENTRY_set_data %xdefine _X509_NAME_ENTRY_set_object _ %+ BORINGSSL_PREFIX %+ _X509_NAME_ENTRY_set_object -%xdefine _X509_NAME_INTERNAL_it _ %+ BORINGSSL_PREFIX %+ _X509_NAME_INTERNAL_it %xdefine _X509_NAME_add_entry _ %+ BORINGSSL_PREFIX %+ _X509_NAME_add_entry %xdefine _X509_NAME_add_entry_by_NID _ %+ BORINGSSL_PREFIX %+ _X509_NAME_add_entry_by_NID %xdefine _X509_NAME_add_entry_by_OBJ _ %+ BORINGSSL_PREFIX %+ _X509_NAME_add_entry_by_OBJ @@ -2080,7 +2135,6 @@ %xdefine _X509_SIG_free _ %+ BORINGSSL_PREFIX %+ _X509_SIG_free %xdefine _X509_SIG_get0 _ %+ BORINGSSL_PREFIX %+ _X509_SIG_get0 %xdefine _X509_SIG_getm _ %+ BORINGSSL_PREFIX %+ _X509_SIG_getm -%xdefine _X509_SIG_it _ %+ BORINGSSL_PREFIX %+ _X509_SIG_it %xdefine _X509_SIG_new _ %+ BORINGSSL_PREFIX %+ _X509_SIG_new %xdefine _X509_STORE_CTX_cleanup _ %+ BORINGSSL_PREFIX %+ _X509_STORE_CTX_cleanup %xdefine _X509_STORE_CTX_free _ %+ BORINGSSL_PREFIX %+ _X509_STORE_CTX_free @@ -2287,6 +2341,7 @@ %xdefine _X509v3_get_ext_by_OBJ _ %+ BORINGSSL_PREFIX %+ _X509v3_get_ext_by_OBJ %xdefine _X509v3_get_ext_by_critical _ %+ BORINGSSL_PREFIX %+ _X509v3_get_ext_by_critical %xdefine _X509v3_get_ext_count _ %+ BORINGSSL_PREFIX %+ _X509v3_get_ext_count +%xdefine ___clang_call_terminate _ %+ BORINGSSL_PREFIX %+ ___clang_call_terminate %xdefine _a2i_IPADDRESS _ %+ BORINGSSL_PREFIX %+ _a2i_IPADDRESS %xdefine _a2i_IPADDRESS_NC _ %+ BORINGSSL_PREFIX %+ _a2i_IPADDRESS_NC %xdefine _aes128gcmsiv_aes_ks _ %+ BORINGSSL_PREFIX %+ _aes128gcmsiv_aes_ks @@ -2315,6 +2370,7 @@ %xdefine _aes_hw_set_decrypt_key _ %+ BORINGSSL_PREFIX %+ _aes_hw_set_decrypt_key %xdefine _aes_hw_set_encrypt_key _ %+ BORINGSSL_PREFIX %+ _aes_hw_set_encrypt_key %xdefine _aes_hw_set_encrypt_key_alt _ %+ BORINGSSL_PREFIX %+ _aes_hw_set_encrypt_key_alt +%xdefine _aes_hw_set_encrypt_key_alt_preferred _ %+ BORINGSSL_PREFIX %+ _aes_hw_set_encrypt_key_alt_preferred %xdefine _aes_hw_set_encrypt_key_base _ %+ BORINGSSL_PREFIX %+ _aes_hw_set_encrypt_key_base %xdefine _aes_nohw_cbc_encrypt _ %+ BORINGSSL_PREFIX %+ _aes_nohw_cbc_encrypt %xdefine _aes_nohw_ctr32_encrypt_blocks _ %+ BORINGSSL_PREFIX %+ _aes_nohw_ctr32_encrypt_blocks @@ -2348,12 +2404,18 @@ %xdefine _asn1_type_value_as_pointer _ %+ BORINGSSL_PREFIX %+ _asn1_type_value_as_pointer %xdefine _asn1_utctime_to_tm _ %+ BORINGSSL_PREFIX %+ _asn1_utctime_to_tm %xdefine _beeu_mod_inverse_vartime _ %+ BORINGSSL_PREFIX %+ _beeu_mod_inverse_vartime +%xdefine _bio_clear_socket_error _ %+ BORINGSSL_PREFIX %+ _bio_clear_socket_error %xdefine _bio_errno_should_retry _ %+ BORINGSSL_PREFIX %+ _bio_errno_should_retry +%xdefine _bio_ip_and_port_to_socket_and_addr _ %+ BORINGSSL_PREFIX %+ _bio_ip_and_port_to_socket_and_addr +%xdefine _bio_sock_error _ %+ BORINGSSL_PREFIX %+ _bio_sock_error +%xdefine _bio_socket_nbio _ %+ BORINGSSL_PREFIX %+ _bio_socket_nbio +%xdefine _bio_socket_should_retry _ %+ BORINGSSL_PREFIX %+ _bio_socket_should_retry %xdefine _bn_abs_sub_consttime _ %+ BORINGSSL_PREFIX %+ _bn_abs_sub_consttime %xdefine _bn_add_words _ %+ BORINGSSL_PREFIX %+ _bn_add_words %xdefine _bn_assert_fits_in_bytes _ %+ BORINGSSL_PREFIX %+ _bn_assert_fits_in_bytes %xdefine _bn_big_endian_to_words _ %+ BORINGSSL_PREFIX %+ _bn_big_endian_to_words %xdefine _bn_copy_words _ %+ BORINGSSL_PREFIX %+ _bn_copy_words +%xdefine _bn_declassify _ %+ BORINGSSL_PREFIX %+ _bn_declassify %xdefine _bn_div_consttime _ %+ BORINGSSL_PREFIX %+ _bn_div_consttime %xdefine _bn_expand _ %+ BORINGSSL_PREFIX %+ _bn_expand %xdefine _bn_fits_in_words _ %+ BORINGSSL_PREFIX %+ _bn_fits_in_words @@ -2387,7 +2449,9 @@ %xdefine _bn_mont_ctx_set_RR_consttime _ %+ BORINGSSL_PREFIX %+ _bn_mont_ctx_set_RR_consttime %xdefine _bn_mont_n0 _ %+ BORINGSSL_PREFIX %+ _bn_mont_n0 %xdefine _bn_mul4x_mont _ %+ BORINGSSL_PREFIX %+ _bn_mul4x_mont +%xdefine _bn_mul4x_mont_capable _ %+ BORINGSSL_PREFIX %+ _bn_mul4x_mont_capable %xdefine _bn_mul4x_mont_gather5 _ %+ BORINGSSL_PREFIX %+ _bn_mul4x_mont_gather5 +%xdefine _bn_mul4x_mont_gather5_capable _ %+ BORINGSSL_PREFIX %+ _bn_mul4x_mont_gather5_capable %xdefine _bn_mul_add_words _ %+ BORINGSSL_PREFIX %+ _bn_mul_add_words %xdefine _bn_mul_comba4 _ %+ BORINGSSL_PREFIX %+ _bn_mul_comba4 %xdefine _bn_mul_comba8 _ %+ BORINGSSL_PREFIX %+ _bn_mul_comba8 @@ -2398,11 +2462,16 @@ %xdefine _bn_mul_small _ %+ BORINGSSL_PREFIX %+ _bn_mul_small %xdefine _bn_mul_words _ %+ BORINGSSL_PREFIX %+ _bn_mul_words %xdefine _bn_mulx4x_mont _ %+ BORINGSSL_PREFIX %+ _bn_mulx4x_mont +%xdefine _bn_mulx4x_mont_capable _ %+ BORINGSSL_PREFIX %+ _bn_mulx4x_mont_capable %xdefine _bn_mulx4x_mont_gather5 _ %+ BORINGSSL_PREFIX %+ _bn_mulx4x_mont_gather5 +%xdefine _bn_mulx4x_mont_gather5_capable _ %+ BORINGSSL_PREFIX %+ _bn_mulx4x_mont_gather5_capable +%xdefine _bn_mulx_adx_capable _ %+ BORINGSSL_PREFIX %+ _bn_mulx_adx_capable %xdefine _bn_odd_number_is_obviously_composite _ %+ BORINGSSL_PREFIX %+ _bn_odd_number_is_obviously_composite %xdefine _bn_one_to_montgomery _ %+ BORINGSSL_PREFIX %+ _bn_one_to_montgomery +%xdefine _bn_power5_capable _ %+ BORINGSSL_PREFIX %+ _bn_power5_capable %xdefine _bn_power5_nohw _ %+ BORINGSSL_PREFIX %+ _bn_power5_nohw %xdefine _bn_powerx5 _ %+ BORINGSSL_PREFIX %+ _bn_powerx5 +%xdefine _bn_powerx5_capable _ %+ BORINGSSL_PREFIX %+ _bn_powerx5_capable %xdefine _bn_rand_range_words _ %+ BORINGSSL_PREFIX %+ _bn_rand_range_words %xdefine _bn_rand_secret_range _ %+ BORINGSSL_PREFIX %+ _bn_rand_secret_range %xdefine _bn_reduce_once _ %+ BORINGSSL_PREFIX %+ _bn_reduce_once @@ -2412,12 +2481,14 @@ %xdefine _bn_rshift_secret_shift _ %+ BORINGSSL_PREFIX %+ _bn_rshift_secret_shift %xdefine _bn_rshift_words _ %+ BORINGSSL_PREFIX %+ _bn_rshift_words %xdefine _bn_scatter5 _ %+ BORINGSSL_PREFIX %+ _bn_scatter5 +%xdefine _bn_secret _ %+ BORINGSSL_PREFIX %+ _bn_secret %xdefine _bn_select_words _ %+ BORINGSSL_PREFIX %+ _bn_select_words %xdefine _bn_set_minimal_width _ %+ BORINGSSL_PREFIX %+ _bn_set_minimal_width %xdefine _bn_set_static_words _ %+ BORINGSSL_PREFIX %+ _bn_set_static_words %xdefine _bn_set_words _ %+ BORINGSSL_PREFIX %+ _bn_set_words %xdefine _bn_sqr8x_internal _ %+ BORINGSSL_PREFIX %+ _bn_sqr8x_internal %xdefine _bn_sqr8x_mont _ %+ BORINGSSL_PREFIX %+ _bn_sqr8x_mont +%xdefine _bn_sqr8x_mont_capable _ %+ BORINGSSL_PREFIX %+ _bn_sqr8x_mont_capable %xdefine _bn_sqr_comba4 _ %+ BORINGSSL_PREFIX %+ _bn_sqr_comba4 %xdefine _bn_sqr_comba8 _ %+ BORINGSSL_PREFIX %+ _bn_sqr_comba8 %xdefine _bn_sqr_consttime _ %+ BORINGSSL_PREFIX %+ _bn_sqr_consttime @@ -2430,12 +2501,20 @@ %xdefine _bn_usub_consttime _ %+ BORINGSSL_PREFIX %+ _bn_usub_consttime %xdefine _bn_wexpand _ %+ BORINGSSL_PREFIX %+ _bn_wexpand %xdefine _bn_words_to_big_endian _ %+ BORINGSSL_PREFIX %+ _bn_words_to_big_endian +%xdefine _boringssl_ensure_ecc_self_test _ %+ BORINGSSL_PREFIX %+ _boringssl_ensure_ecc_self_test +%xdefine _boringssl_ensure_ffdh_self_test _ %+ BORINGSSL_PREFIX %+ _boringssl_ensure_ffdh_self_test +%xdefine _boringssl_ensure_rsa_self_test _ %+ BORINGSSL_PREFIX %+ _boringssl_ensure_rsa_self_test +%xdefine _boringssl_fips_break_test _ %+ BORINGSSL_PREFIX %+ _boringssl_fips_break_test +%xdefine _boringssl_fips_inc_counter _ %+ BORINGSSL_PREFIX %+ _boringssl_fips_inc_counter %xdefine _boringssl_self_test_hmac_sha256 _ %+ BORINGSSL_PREFIX %+ _boringssl_self_test_hmac_sha256 %xdefine _boringssl_self_test_sha256 _ %+ BORINGSSL_PREFIX %+ _boringssl_self_test_sha256 %xdefine _boringssl_self_test_sha512 _ %+ BORINGSSL_PREFIX %+ _boringssl_self_test_sha512 +%xdefine _bsaes_capable _ %+ BORINGSSL_PREFIX %+ _bsaes_capable +%xdefine _bsaes_cbc_encrypt _ %+ BORINGSSL_PREFIX %+ _bsaes_cbc_encrypt %xdefine _c2i_ASN1_BIT_STRING _ %+ BORINGSSL_PREFIX %+ _c2i_ASN1_BIT_STRING %xdefine _c2i_ASN1_INTEGER _ %+ BORINGSSL_PREFIX %+ _c2i_ASN1_INTEGER %xdefine _c2i_ASN1_OBJECT _ %+ BORINGSSL_PREFIX %+ _c2i_ASN1_OBJECT +%xdefine _chacha20_poly1305_asm_capable _ %+ BORINGSSL_PREFIX %+ _chacha20_poly1305_asm_capable %xdefine _chacha20_poly1305_open _ %+ BORINGSSL_PREFIX %+ _chacha20_poly1305_open %xdefine _chacha20_poly1305_open_avx2 _ %+ BORINGSSL_PREFIX %+ _chacha20_poly1305_open_avx2 %xdefine _chacha20_poly1305_open_nohw _ %+ BORINGSSL_PREFIX %+ _chacha20_poly1305_open_nohw @@ -2682,7 +2761,6 @@ %xdefine _ecp_nistz256_sub _ %+ BORINGSSL_PREFIX %+ _ecp_nistz256_sub %xdefine _ed25519_asn1_meth _ %+ BORINGSSL_PREFIX %+ _ed25519_asn1_meth %xdefine _ed25519_pkey_meth _ %+ BORINGSSL_PREFIX %+ _ed25519_pkey_meth -%xdefine _evp_md_md5_sha1 _ %+ BORINGSSL_PREFIX %+ _evp_md_md5_sha1 %xdefine _evp_pkey_set_method _ %+ BORINGSSL_PREFIX %+ _evp_pkey_set_method %xdefine _fiat_curve25519_adx_mul _ %+ BORINGSSL_PREFIX %+ _fiat_curve25519_adx_mul %xdefine _fiat_curve25519_adx_square _ %+ BORINGSSL_PREFIX %+ _fiat_curve25519_adx_square @@ -2706,7 +2784,12 @@ %xdefine _gcm_init_nohw _ %+ BORINGSSL_PREFIX %+ _gcm_init_nohw %xdefine _gcm_init_ssse3 _ %+ BORINGSSL_PREFIX %+ _gcm_init_ssse3 %xdefine _gcm_init_v8 _ %+ BORINGSSL_PREFIX %+ _gcm_init_v8 +%xdefine _gcm_neon_capable _ %+ BORINGSSL_PREFIX %+ _gcm_neon_capable +%xdefine _gcm_pmull_capable _ %+ BORINGSSL_PREFIX %+ _gcm_pmull_capable +%xdefine _have_fast_rdrand _ %+ BORINGSSL_PREFIX %+ _have_fast_rdrand +%xdefine _have_rdrand _ %+ BORINGSSL_PREFIX %+ _have_rdrand %xdefine _hkdf_pkey_meth _ %+ BORINGSSL_PREFIX %+ _hkdf_pkey_meth +%xdefine _hwaes_capable _ %+ BORINGSSL_PREFIX %+ _hwaes_capable %xdefine _i2a_ASN1_ENUMERATED _ %+ BORINGSSL_PREFIX %+ _i2a_ASN1_ENUMERATED %xdefine _i2a_ASN1_INTEGER _ %+ BORINGSSL_PREFIX %+ _i2a_ASN1_INTEGER %xdefine _i2a_ASN1_OBJECT _ %+ BORINGSSL_PREFIX %+ _i2a_ASN1_OBJECT @@ -2842,7 +2925,30 @@ %xdefine _kOpenSSLReasonStringData _ %+ BORINGSSL_PREFIX %+ _kOpenSSLReasonStringData %xdefine _kOpenSSLReasonValues _ %+ BORINGSSL_PREFIX %+ _kOpenSSLReasonValues %xdefine _kOpenSSLReasonValuesLen _ %+ BORINGSSL_PREFIX %+ _kOpenSSLReasonValuesLen -%xdefine _md4_block_data_order _ %+ BORINGSSL_PREFIX %+ _md4_block_data_order +%xdefine _lh_CONF_SECTION_call_cmp_func _ %+ BORINGSSL_PREFIX %+ _lh_CONF_SECTION_call_cmp_func +%xdefine _lh_CONF_SECTION_call_doall_arg _ %+ BORINGSSL_PREFIX %+ _lh_CONF_SECTION_call_doall_arg +%xdefine _lh_CONF_SECTION_call_hash_func _ %+ BORINGSSL_PREFIX %+ _lh_CONF_SECTION_call_hash_func +%xdefine _lh_CONF_SECTION_doall_arg _ %+ BORINGSSL_PREFIX %+ _lh_CONF_SECTION_doall_arg +%xdefine _lh_CONF_SECTION_free _ %+ BORINGSSL_PREFIX %+ _lh_CONF_SECTION_free +%xdefine _lh_CONF_SECTION_insert _ %+ BORINGSSL_PREFIX %+ _lh_CONF_SECTION_insert +%xdefine _lh_CONF_SECTION_new _ %+ BORINGSSL_PREFIX %+ _lh_CONF_SECTION_new +%xdefine _lh_CONF_SECTION_retrieve _ %+ BORINGSSL_PREFIX %+ _lh_CONF_SECTION_retrieve +%xdefine _lh_CONF_VALUE_call_cmp_func _ %+ BORINGSSL_PREFIX %+ _lh_CONF_VALUE_call_cmp_func +%xdefine _lh_CONF_VALUE_call_doall_arg _ %+ BORINGSSL_PREFIX %+ _lh_CONF_VALUE_call_doall_arg +%xdefine _lh_CONF_VALUE_call_hash_func _ %+ BORINGSSL_PREFIX %+ _lh_CONF_VALUE_call_hash_func +%xdefine _lh_CONF_VALUE_doall_arg _ %+ BORINGSSL_PREFIX %+ _lh_CONF_VALUE_doall_arg +%xdefine _lh_CONF_VALUE_free _ %+ BORINGSSL_PREFIX %+ _lh_CONF_VALUE_free +%xdefine _lh_CONF_VALUE_insert _ %+ BORINGSSL_PREFIX %+ _lh_CONF_VALUE_insert +%xdefine _lh_CONF_VALUE_new _ %+ BORINGSSL_PREFIX %+ _lh_CONF_VALUE_new +%xdefine _lh_CONF_VALUE_retrieve _ %+ BORINGSSL_PREFIX %+ _lh_CONF_VALUE_retrieve +%xdefine _lh_CRYPTO_BUFFER_call_cmp_func _ %+ BORINGSSL_PREFIX %+ _lh_CRYPTO_BUFFER_call_cmp_func +%xdefine _lh_CRYPTO_BUFFER_call_hash_func _ %+ BORINGSSL_PREFIX %+ _lh_CRYPTO_BUFFER_call_hash_func +%xdefine _lh_CRYPTO_BUFFER_delete _ %+ BORINGSSL_PREFIX %+ _lh_CRYPTO_BUFFER_delete +%xdefine _lh_CRYPTO_BUFFER_free _ %+ BORINGSSL_PREFIX %+ _lh_CRYPTO_BUFFER_free +%xdefine _lh_CRYPTO_BUFFER_insert _ %+ BORINGSSL_PREFIX %+ _lh_CRYPTO_BUFFER_insert +%xdefine _lh_CRYPTO_BUFFER_new _ %+ BORINGSSL_PREFIX %+ _lh_CRYPTO_BUFFER_new +%xdefine _lh_CRYPTO_BUFFER_num_items _ %+ BORINGSSL_PREFIX %+ _lh_CRYPTO_BUFFER_num_items +%xdefine _lh_CRYPTO_BUFFER_retrieve _ %+ BORINGSSL_PREFIX %+ _lh_CRYPTO_BUFFER_retrieve %xdefine _md5_block_asm_data_order _ %+ BORINGSSL_PREFIX %+ _md5_block_asm_data_order %xdefine _o2i_ECPublicKey _ %+ BORINGSSL_PREFIX %+ _o2i_ECPublicKey %xdefine _pkcs12_iterations_acceptable _ %+ BORINGSSL_PREFIX %+ _pkcs12_iterations_acceptable @@ -2898,20 +3004,224 @@ %xdefine _rsaz_1024_red2norm_avx2 _ %+ BORINGSSL_PREFIX %+ _rsaz_1024_red2norm_avx2 %xdefine _rsaz_1024_scatter5_avx2 _ %+ BORINGSSL_PREFIX %+ _rsaz_1024_scatter5_avx2 %xdefine _rsaz_1024_sqr_avx2 _ %+ BORINGSSL_PREFIX %+ _rsaz_1024_sqr_avx2 +%xdefine _rsaz_avx2_preferred _ %+ BORINGSSL_PREFIX %+ _rsaz_avx2_preferred %xdefine _s2i_ASN1_INTEGER _ %+ BORINGSSL_PREFIX %+ _s2i_ASN1_INTEGER %xdefine _s2i_ASN1_OCTET_STRING _ %+ BORINGSSL_PREFIX %+ _s2i_ASN1_OCTET_STRING +%xdefine _sha1_avx2_capable _ %+ BORINGSSL_PREFIX %+ _sha1_avx2_capable +%xdefine _sha1_avx_capable _ %+ BORINGSSL_PREFIX %+ _sha1_avx_capable %xdefine _sha1_block_data_order_avx _ %+ BORINGSSL_PREFIX %+ _sha1_block_data_order_avx %xdefine _sha1_block_data_order_avx2 _ %+ BORINGSSL_PREFIX %+ _sha1_block_data_order_avx2 %xdefine _sha1_block_data_order_hw _ %+ BORINGSSL_PREFIX %+ _sha1_block_data_order_hw %xdefine _sha1_block_data_order_nohw _ %+ BORINGSSL_PREFIX %+ _sha1_block_data_order_nohw %xdefine _sha1_block_data_order_ssse3 _ %+ BORINGSSL_PREFIX %+ _sha1_block_data_order_ssse3 +%xdefine _sha1_hw_capable _ %+ BORINGSSL_PREFIX %+ _sha1_hw_capable +%xdefine _sha1_ssse3_capable _ %+ BORINGSSL_PREFIX %+ _sha1_ssse3_capable +%xdefine _sha256_avx_capable _ %+ BORINGSSL_PREFIX %+ _sha256_avx_capable %xdefine _sha256_block_data_order_avx _ %+ BORINGSSL_PREFIX %+ _sha256_block_data_order_avx %xdefine _sha256_block_data_order_hw _ %+ BORINGSSL_PREFIX %+ _sha256_block_data_order_hw %xdefine _sha256_block_data_order_nohw _ %+ BORINGSSL_PREFIX %+ _sha256_block_data_order_nohw %xdefine _sha256_block_data_order_ssse3 _ %+ BORINGSSL_PREFIX %+ _sha256_block_data_order_ssse3 +%xdefine _sha256_hw_capable _ %+ BORINGSSL_PREFIX %+ _sha256_hw_capable +%xdefine _sha256_ssse3_capable _ %+ BORINGSSL_PREFIX %+ _sha256_ssse3_capable +%xdefine _sha512_avx_capable _ %+ BORINGSSL_PREFIX %+ _sha512_avx_capable %xdefine _sha512_block_data_order_avx _ %+ BORINGSSL_PREFIX %+ _sha512_block_data_order_avx %xdefine _sha512_block_data_order_hw _ %+ BORINGSSL_PREFIX %+ _sha512_block_data_order_hw %xdefine _sha512_block_data_order_nohw _ %+ BORINGSSL_PREFIX %+ _sha512_block_data_order_nohw +%xdefine _sha512_hw_capable _ %+ BORINGSSL_PREFIX %+ _sha512_hw_capable +%xdefine _sk_ACCESS_DESCRIPTION_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_ACCESS_DESCRIPTION_call_free_func +%xdefine _sk_ACCESS_DESCRIPTION_new_null _ %+ BORINGSSL_PREFIX %+ _sk_ACCESS_DESCRIPTION_new_null +%xdefine _sk_ACCESS_DESCRIPTION_num _ %+ BORINGSSL_PREFIX %+ _sk_ACCESS_DESCRIPTION_num +%xdefine _sk_ACCESS_DESCRIPTION_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_ACCESS_DESCRIPTION_pop_free +%xdefine _sk_ACCESS_DESCRIPTION_push _ %+ BORINGSSL_PREFIX %+ _sk_ACCESS_DESCRIPTION_push +%xdefine _sk_ACCESS_DESCRIPTION_value _ %+ BORINGSSL_PREFIX %+ _sk_ACCESS_DESCRIPTION_value +%xdefine _sk_ASN1_INTEGER_num _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_INTEGER_num +%xdefine _sk_ASN1_INTEGER_push _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_INTEGER_push +%xdefine _sk_ASN1_INTEGER_value _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_INTEGER_value +%xdefine _sk_ASN1_OBJECT_call_cmp_func _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_call_cmp_func +%xdefine _sk_ASN1_OBJECT_call_copy_func _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_call_copy_func +%xdefine _sk_ASN1_OBJECT_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_call_free_func +%xdefine _sk_ASN1_OBJECT_deep_copy _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_deep_copy +%xdefine _sk_ASN1_OBJECT_dup _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_dup +%xdefine _sk_ASN1_OBJECT_find _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_find +%xdefine _sk_ASN1_OBJECT_free _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_free +%xdefine _sk_ASN1_OBJECT_is_sorted _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_is_sorted +%xdefine _sk_ASN1_OBJECT_new_null _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_new_null +%xdefine _sk_ASN1_OBJECT_num _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_num +%xdefine _sk_ASN1_OBJECT_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_pop_free +%xdefine _sk_ASN1_OBJECT_push _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_push +%xdefine _sk_ASN1_OBJECT_set_cmp_func _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_set_cmp_func +%xdefine _sk_ASN1_OBJECT_sort _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_sort +%xdefine _sk_ASN1_OBJECT_value _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_value +%xdefine _sk_ASN1_TYPE_num _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_TYPE_num +%xdefine _sk_ASN1_TYPE_push _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_TYPE_push +%xdefine _sk_ASN1_TYPE_value _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_TYPE_value +%xdefine _sk_ASN1_VALUE_free _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_VALUE_free +%xdefine _sk_ASN1_VALUE_new_null _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_VALUE_new_null +%xdefine _sk_ASN1_VALUE_num _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_VALUE_num +%xdefine _sk_ASN1_VALUE_pop _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_VALUE_pop +%xdefine _sk_ASN1_VALUE_push _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_VALUE_push +%xdefine _sk_ASN1_VALUE_value _ %+ BORINGSSL_PREFIX %+ _sk_ASN1_VALUE_value +%xdefine _sk_CONF_VALUE_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_CONF_VALUE_call_free_func +%xdefine _sk_CONF_VALUE_delete_ptr _ %+ BORINGSSL_PREFIX %+ _sk_CONF_VALUE_delete_ptr +%xdefine _sk_CONF_VALUE_free _ %+ BORINGSSL_PREFIX %+ _sk_CONF_VALUE_free +%xdefine _sk_CONF_VALUE_new_null _ %+ BORINGSSL_PREFIX %+ _sk_CONF_VALUE_new_null +%xdefine _sk_CONF_VALUE_num _ %+ BORINGSSL_PREFIX %+ _sk_CONF_VALUE_num +%xdefine _sk_CONF_VALUE_pop _ %+ BORINGSSL_PREFIX %+ _sk_CONF_VALUE_pop +%xdefine _sk_CONF_VALUE_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_CONF_VALUE_pop_free +%xdefine _sk_CONF_VALUE_push _ %+ BORINGSSL_PREFIX %+ _sk_CONF_VALUE_push +%xdefine _sk_CONF_VALUE_value _ %+ BORINGSSL_PREFIX %+ _sk_CONF_VALUE_value +%xdefine _sk_CRYPTO_BUFFER_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_CRYPTO_BUFFER_call_free_func +%xdefine _sk_CRYPTO_BUFFER_new_null _ %+ BORINGSSL_PREFIX %+ _sk_CRYPTO_BUFFER_new_null +%xdefine _sk_CRYPTO_BUFFER_num _ %+ BORINGSSL_PREFIX %+ _sk_CRYPTO_BUFFER_num +%xdefine _sk_CRYPTO_BUFFER_pop _ %+ BORINGSSL_PREFIX %+ _sk_CRYPTO_BUFFER_pop +%xdefine _sk_CRYPTO_BUFFER_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_CRYPTO_BUFFER_pop_free +%xdefine _sk_CRYPTO_BUFFER_push _ %+ BORINGSSL_PREFIX %+ _sk_CRYPTO_BUFFER_push +%xdefine _sk_CRYPTO_BUFFER_value _ %+ BORINGSSL_PREFIX %+ _sk_CRYPTO_BUFFER_value +%xdefine _sk_DIST_POINT_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_DIST_POINT_call_free_func +%xdefine _sk_DIST_POINT_new_null _ %+ BORINGSSL_PREFIX %+ _sk_DIST_POINT_new_null +%xdefine _sk_DIST_POINT_num _ %+ BORINGSSL_PREFIX %+ _sk_DIST_POINT_num +%xdefine _sk_DIST_POINT_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_DIST_POINT_pop_free +%xdefine _sk_DIST_POINT_push _ %+ BORINGSSL_PREFIX %+ _sk_DIST_POINT_push +%xdefine _sk_DIST_POINT_value _ %+ BORINGSSL_PREFIX %+ _sk_DIST_POINT_value +%xdefine _sk_GENERAL_NAME_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_GENERAL_NAME_call_free_func +%xdefine _sk_GENERAL_NAME_new_null _ %+ BORINGSSL_PREFIX %+ _sk_GENERAL_NAME_new_null +%xdefine _sk_GENERAL_NAME_num _ %+ BORINGSSL_PREFIX %+ _sk_GENERAL_NAME_num +%xdefine _sk_GENERAL_NAME_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_GENERAL_NAME_pop_free +%xdefine _sk_GENERAL_NAME_push _ %+ BORINGSSL_PREFIX %+ _sk_GENERAL_NAME_push +%xdefine _sk_GENERAL_NAME_set _ %+ BORINGSSL_PREFIX %+ _sk_GENERAL_NAME_set +%xdefine _sk_GENERAL_NAME_value _ %+ BORINGSSL_PREFIX %+ _sk_GENERAL_NAME_value +%xdefine _sk_GENERAL_SUBTREE_new_null _ %+ BORINGSSL_PREFIX %+ _sk_GENERAL_SUBTREE_new_null +%xdefine _sk_GENERAL_SUBTREE_num _ %+ BORINGSSL_PREFIX %+ _sk_GENERAL_SUBTREE_num +%xdefine _sk_GENERAL_SUBTREE_push _ %+ BORINGSSL_PREFIX %+ _sk_GENERAL_SUBTREE_push +%xdefine _sk_GENERAL_SUBTREE_value _ %+ BORINGSSL_PREFIX %+ _sk_GENERAL_SUBTREE_value +%xdefine _sk_OPENSSL_STRING_call_cmp_func _ %+ BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_call_cmp_func +%xdefine _sk_OPENSSL_STRING_call_copy_func _ %+ BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_call_copy_func +%xdefine _sk_OPENSSL_STRING_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_call_free_func +%xdefine _sk_OPENSSL_STRING_deep_copy _ %+ BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_deep_copy +%xdefine _sk_OPENSSL_STRING_find _ %+ BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_find +%xdefine _sk_OPENSSL_STRING_free _ %+ BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_free +%xdefine _sk_OPENSSL_STRING_new _ %+ BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_new +%xdefine _sk_OPENSSL_STRING_new_null _ %+ BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_new_null +%xdefine _sk_OPENSSL_STRING_num _ %+ BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_num +%xdefine _sk_OPENSSL_STRING_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_pop_free +%xdefine _sk_OPENSSL_STRING_push _ %+ BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_push +%xdefine _sk_OPENSSL_STRING_sort _ %+ BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_sort +%xdefine _sk_OPENSSL_STRING_value _ %+ BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_value +%xdefine _sk_POLICYINFO_call_cmp_func _ %+ BORINGSSL_PREFIX %+ _sk_POLICYINFO_call_cmp_func +%xdefine _sk_POLICYINFO_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_POLICYINFO_call_free_func +%xdefine _sk_POLICYINFO_find _ %+ BORINGSSL_PREFIX %+ _sk_POLICYINFO_find +%xdefine _sk_POLICYINFO_is_sorted _ %+ BORINGSSL_PREFIX %+ _sk_POLICYINFO_is_sorted +%xdefine _sk_POLICYINFO_new_null _ %+ BORINGSSL_PREFIX %+ _sk_POLICYINFO_new_null +%xdefine _sk_POLICYINFO_num _ %+ BORINGSSL_PREFIX %+ _sk_POLICYINFO_num +%xdefine _sk_POLICYINFO_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_POLICYINFO_pop_free +%xdefine _sk_POLICYINFO_push _ %+ BORINGSSL_PREFIX %+ _sk_POLICYINFO_push +%xdefine _sk_POLICYINFO_set_cmp_func _ %+ BORINGSSL_PREFIX %+ _sk_POLICYINFO_set_cmp_func +%xdefine _sk_POLICYINFO_sort _ %+ BORINGSSL_PREFIX %+ _sk_POLICYINFO_sort +%xdefine _sk_POLICYINFO_value _ %+ BORINGSSL_PREFIX %+ _sk_POLICYINFO_value +%xdefine _sk_POLICYQUALINFO_new_null _ %+ BORINGSSL_PREFIX %+ _sk_POLICYQUALINFO_new_null +%xdefine _sk_POLICYQUALINFO_num _ %+ BORINGSSL_PREFIX %+ _sk_POLICYQUALINFO_num +%xdefine _sk_POLICYQUALINFO_push _ %+ BORINGSSL_PREFIX %+ _sk_POLICYQUALINFO_push +%xdefine _sk_POLICYQUALINFO_value _ %+ BORINGSSL_PREFIX %+ _sk_POLICYQUALINFO_value +%xdefine _sk_POLICY_MAPPING_call_cmp_func _ %+ BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_call_cmp_func +%xdefine _sk_POLICY_MAPPING_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_call_free_func +%xdefine _sk_POLICY_MAPPING_find _ %+ BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_find +%xdefine _sk_POLICY_MAPPING_is_sorted _ %+ BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_is_sorted +%xdefine _sk_POLICY_MAPPING_new_null _ %+ BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_new_null +%xdefine _sk_POLICY_MAPPING_num _ %+ BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_num +%xdefine _sk_POLICY_MAPPING_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_pop_free +%xdefine _sk_POLICY_MAPPING_push _ %+ BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_push +%xdefine _sk_POLICY_MAPPING_set_cmp_func _ %+ BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_set_cmp_func +%xdefine _sk_POLICY_MAPPING_sort _ %+ BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_sort +%xdefine _sk_POLICY_MAPPING_value _ %+ BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_value +%xdefine _sk_TRUST_TOKEN_PRETOKEN_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_PRETOKEN_call_free_func +%xdefine _sk_TRUST_TOKEN_PRETOKEN_new_null _ %+ BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_PRETOKEN_new_null +%xdefine _sk_TRUST_TOKEN_PRETOKEN_num _ %+ BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_PRETOKEN_num +%xdefine _sk_TRUST_TOKEN_PRETOKEN_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_PRETOKEN_pop_free +%xdefine _sk_TRUST_TOKEN_PRETOKEN_push _ %+ BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_PRETOKEN_push +%xdefine _sk_TRUST_TOKEN_PRETOKEN_value _ %+ BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_PRETOKEN_value +%xdefine _sk_TRUST_TOKEN_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_call_free_func +%xdefine _sk_TRUST_TOKEN_new_null _ %+ BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_new_null +%xdefine _sk_TRUST_TOKEN_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_pop_free +%xdefine _sk_TRUST_TOKEN_push _ %+ BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_push +%xdefine _sk_X509_ATTRIBUTE_delete _ %+ BORINGSSL_PREFIX %+ _sk_X509_ATTRIBUTE_delete +%xdefine _sk_X509_ATTRIBUTE_new_null _ %+ BORINGSSL_PREFIX %+ _sk_X509_ATTRIBUTE_new_null +%xdefine _sk_X509_ATTRIBUTE_num _ %+ BORINGSSL_PREFIX %+ _sk_X509_ATTRIBUTE_num +%xdefine _sk_X509_ATTRIBUTE_push _ %+ BORINGSSL_PREFIX %+ _sk_X509_ATTRIBUTE_push +%xdefine _sk_X509_ATTRIBUTE_value _ %+ BORINGSSL_PREFIX %+ _sk_X509_ATTRIBUTE_value +%xdefine _sk_X509_CRL_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_X509_CRL_call_free_func +%xdefine _sk_X509_CRL_free _ %+ BORINGSSL_PREFIX %+ _sk_X509_CRL_free +%xdefine _sk_X509_CRL_new_null _ %+ BORINGSSL_PREFIX %+ _sk_X509_CRL_new_null +%xdefine _sk_X509_CRL_num _ %+ BORINGSSL_PREFIX %+ _sk_X509_CRL_num +%xdefine _sk_X509_CRL_pop _ %+ BORINGSSL_PREFIX %+ _sk_X509_CRL_pop +%xdefine _sk_X509_CRL_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_X509_CRL_pop_free +%xdefine _sk_X509_CRL_push _ %+ BORINGSSL_PREFIX %+ _sk_X509_CRL_push +%xdefine _sk_X509_CRL_value _ %+ BORINGSSL_PREFIX %+ _sk_X509_CRL_value +%xdefine _sk_X509_EXTENSION_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_call_free_func +%xdefine _sk_X509_EXTENSION_delete _ %+ BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_delete +%xdefine _sk_X509_EXTENSION_free _ %+ BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_free +%xdefine _sk_X509_EXTENSION_insert _ %+ BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_insert +%xdefine _sk_X509_EXTENSION_new_null _ %+ BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_new_null +%xdefine _sk_X509_EXTENSION_num _ %+ BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_num +%xdefine _sk_X509_EXTENSION_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_pop_free +%xdefine _sk_X509_EXTENSION_push _ %+ BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_push +%xdefine _sk_X509_EXTENSION_set _ %+ BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_set +%xdefine _sk_X509_EXTENSION_value _ %+ BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_value +%xdefine _sk_X509_INFO_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_X509_INFO_call_free_func +%xdefine _sk_X509_INFO_free _ %+ BORINGSSL_PREFIX %+ _sk_X509_INFO_free +%xdefine _sk_X509_INFO_new_null _ %+ BORINGSSL_PREFIX %+ _sk_X509_INFO_new_null +%xdefine _sk_X509_INFO_num _ %+ BORINGSSL_PREFIX %+ _sk_X509_INFO_num +%xdefine _sk_X509_INFO_pop _ %+ BORINGSSL_PREFIX %+ _sk_X509_INFO_pop +%xdefine _sk_X509_INFO_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_X509_INFO_pop_free +%xdefine _sk_X509_INFO_push _ %+ BORINGSSL_PREFIX %+ _sk_X509_INFO_push +%xdefine _sk_X509_INFO_value _ %+ BORINGSSL_PREFIX %+ _sk_X509_INFO_value +%xdefine _sk_X509_LOOKUP_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_X509_LOOKUP_call_free_func +%xdefine _sk_X509_LOOKUP_new_null _ %+ BORINGSSL_PREFIX %+ _sk_X509_LOOKUP_new_null +%xdefine _sk_X509_LOOKUP_num _ %+ BORINGSSL_PREFIX %+ _sk_X509_LOOKUP_num +%xdefine _sk_X509_LOOKUP_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_X509_LOOKUP_pop_free +%xdefine _sk_X509_LOOKUP_push _ %+ BORINGSSL_PREFIX %+ _sk_X509_LOOKUP_push +%xdefine _sk_X509_LOOKUP_value _ %+ BORINGSSL_PREFIX %+ _sk_X509_LOOKUP_value +%xdefine _sk_X509_NAME_ENTRY_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_call_free_func +%xdefine _sk_X509_NAME_ENTRY_delete _ %+ BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_delete +%xdefine _sk_X509_NAME_ENTRY_free _ %+ BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_free +%xdefine _sk_X509_NAME_ENTRY_insert _ %+ BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_insert +%xdefine _sk_X509_NAME_ENTRY_new_null _ %+ BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_new_null +%xdefine _sk_X509_NAME_ENTRY_num _ %+ BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_num +%xdefine _sk_X509_NAME_ENTRY_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_pop_free +%xdefine _sk_X509_NAME_ENTRY_push _ %+ BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_push +%xdefine _sk_X509_NAME_ENTRY_set _ %+ BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_set +%xdefine _sk_X509_NAME_ENTRY_value _ %+ BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_value +%xdefine _sk_X509_OBJECT_call_cmp_func _ %+ BORINGSSL_PREFIX %+ _sk_X509_OBJECT_call_cmp_func +%xdefine _sk_X509_OBJECT_call_copy_func _ %+ BORINGSSL_PREFIX %+ _sk_X509_OBJECT_call_copy_func +%xdefine _sk_X509_OBJECT_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_X509_OBJECT_call_free_func +%xdefine _sk_X509_OBJECT_deep_copy _ %+ BORINGSSL_PREFIX %+ _sk_X509_OBJECT_deep_copy +%xdefine _sk_X509_OBJECT_find _ %+ BORINGSSL_PREFIX %+ _sk_X509_OBJECT_find +%xdefine _sk_X509_OBJECT_new _ %+ BORINGSSL_PREFIX %+ _sk_X509_OBJECT_new +%xdefine _sk_X509_OBJECT_num _ %+ BORINGSSL_PREFIX %+ _sk_X509_OBJECT_num +%xdefine _sk_X509_OBJECT_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_X509_OBJECT_pop_free +%xdefine _sk_X509_OBJECT_push _ %+ BORINGSSL_PREFIX %+ _sk_X509_OBJECT_push +%xdefine _sk_X509_OBJECT_sort _ %+ BORINGSSL_PREFIX %+ _sk_X509_OBJECT_sort +%xdefine _sk_X509_OBJECT_value _ %+ BORINGSSL_PREFIX %+ _sk_X509_OBJECT_value +%xdefine _sk_X509_REVOKED_call_cmp_func _ %+ BORINGSSL_PREFIX %+ _sk_X509_REVOKED_call_cmp_func +%xdefine _sk_X509_REVOKED_find _ %+ BORINGSSL_PREFIX %+ _sk_X509_REVOKED_find +%xdefine _sk_X509_REVOKED_is_sorted _ %+ BORINGSSL_PREFIX %+ _sk_X509_REVOKED_is_sorted +%xdefine _sk_X509_REVOKED_new _ %+ BORINGSSL_PREFIX %+ _sk_X509_REVOKED_new +%xdefine _sk_X509_REVOKED_num _ %+ BORINGSSL_PREFIX %+ _sk_X509_REVOKED_num +%xdefine _sk_X509_REVOKED_push _ %+ BORINGSSL_PREFIX %+ _sk_X509_REVOKED_push +%xdefine _sk_X509_REVOKED_set_cmp_func _ %+ BORINGSSL_PREFIX %+ _sk_X509_REVOKED_set_cmp_func +%xdefine _sk_X509_REVOKED_sort _ %+ BORINGSSL_PREFIX %+ _sk_X509_REVOKED_sort +%xdefine _sk_X509_REVOKED_value _ %+ BORINGSSL_PREFIX %+ _sk_X509_REVOKED_value +%xdefine _sk_X509_call_free_func _ %+ BORINGSSL_PREFIX %+ _sk_X509_call_free_func +%xdefine _sk_X509_delete _ %+ BORINGSSL_PREFIX %+ _sk_X509_delete +%xdefine _sk_X509_delete_ptr _ %+ BORINGSSL_PREFIX %+ _sk_X509_delete_ptr +%xdefine _sk_X509_dup _ %+ BORINGSSL_PREFIX %+ _sk_X509_dup +%xdefine _sk_X509_free _ %+ BORINGSSL_PREFIX %+ _sk_X509_free +%xdefine _sk_X509_new_null _ %+ BORINGSSL_PREFIX %+ _sk_X509_new_null +%xdefine _sk_X509_num _ %+ BORINGSSL_PREFIX %+ _sk_X509_num +%xdefine _sk_X509_pop _ %+ BORINGSSL_PREFIX %+ _sk_X509_pop +%xdefine _sk_X509_pop_free _ %+ BORINGSSL_PREFIX %+ _sk_X509_pop_free +%xdefine _sk_X509_push _ %+ BORINGSSL_PREFIX %+ _sk_X509_push +%xdefine _sk_X509_set _ %+ BORINGSSL_PREFIX %+ _sk_X509_set +%xdefine _sk_X509_value _ %+ BORINGSSL_PREFIX %+ _sk_X509_value %xdefine _sk_free _ %+ BORINGSSL_PREFIX %+ _sk_free %xdefine _sk_new_null _ %+ BORINGSSL_PREFIX %+ _sk_new_null %xdefine _sk_num _ %+ BORINGSSL_PREFIX %+ _sk_num @@ -2920,12 +3230,28 @@ %xdefine _sk_pop_free_ex _ %+ BORINGSSL_PREFIX %+ _sk_pop_free_ex %xdefine _sk_push _ %+ BORINGSSL_PREFIX %+ _sk_push %xdefine _sk_value _ %+ BORINGSSL_PREFIX %+ _sk_value +%xdefine _sk_void_free _ %+ BORINGSSL_PREFIX %+ _sk_void_free +%xdefine _sk_void_new_null _ %+ BORINGSSL_PREFIX %+ _sk_void_new_null +%xdefine _sk_void_num _ %+ BORINGSSL_PREFIX %+ _sk_void_num +%xdefine _sk_void_push _ %+ BORINGSSL_PREFIX %+ _sk_void_push +%xdefine _sk_void_set _ %+ BORINGSSL_PREFIX %+ _sk_void_set +%xdefine _sk_void_value _ %+ BORINGSSL_PREFIX %+ _sk_void_value +%xdefine _slhdsa_copy_keypair_addr _ %+ BORINGSSL_PREFIX %+ _slhdsa_copy_keypair_addr %xdefine _slhdsa_fors_pk_from_sig _ %+ BORINGSSL_PREFIX %+ _slhdsa_fors_pk_from_sig %xdefine _slhdsa_fors_sign _ %+ BORINGSSL_PREFIX %+ _slhdsa_fors_sign %xdefine _slhdsa_fors_sk_gen _ %+ BORINGSSL_PREFIX %+ _slhdsa_fors_sk_gen %xdefine _slhdsa_fors_treehash _ %+ BORINGSSL_PREFIX %+ _slhdsa_fors_treehash +%xdefine _slhdsa_get_tree_index _ %+ BORINGSSL_PREFIX %+ _slhdsa_get_tree_index %xdefine _slhdsa_ht_sign _ %+ BORINGSSL_PREFIX %+ _slhdsa_ht_sign %xdefine _slhdsa_ht_verify _ %+ BORINGSSL_PREFIX %+ _slhdsa_ht_verify +%xdefine _slhdsa_set_chain_addr _ %+ BORINGSSL_PREFIX %+ _slhdsa_set_chain_addr +%xdefine _slhdsa_set_hash_addr _ %+ BORINGSSL_PREFIX %+ _slhdsa_set_hash_addr +%xdefine _slhdsa_set_keypair_addr _ %+ BORINGSSL_PREFIX %+ _slhdsa_set_keypair_addr +%xdefine _slhdsa_set_layer_addr _ %+ BORINGSSL_PREFIX %+ _slhdsa_set_layer_addr +%xdefine _slhdsa_set_tree_addr _ %+ BORINGSSL_PREFIX %+ _slhdsa_set_tree_addr +%xdefine _slhdsa_set_tree_height _ %+ BORINGSSL_PREFIX %+ _slhdsa_set_tree_height +%xdefine _slhdsa_set_tree_index _ %+ BORINGSSL_PREFIX %+ _slhdsa_set_tree_index +%xdefine _slhdsa_set_type _ %+ BORINGSSL_PREFIX %+ _slhdsa_set_type %xdefine _slhdsa_thash_f _ %+ BORINGSSL_PREFIX %+ _slhdsa_thash_f %xdefine _slhdsa_thash_h _ %+ BORINGSSL_PREFIX %+ _slhdsa_thash_h %xdefine _slhdsa_thash_hmsg _ %+ BORINGSSL_PREFIX %+ _slhdsa_thash_hmsg @@ -3016,9 +3342,11 @@ %xdefine _voprf_pst1_sign _ %+ BORINGSSL_PREFIX %+ _voprf_pst1_sign %xdefine _voprf_pst1_sign_with_proof_scalar_for_testing _ %+ BORINGSSL_PREFIX %+ _voprf_pst1_sign_with_proof_scalar_for_testing %xdefine _voprf_pst1_unblind _ %+ BORINGSSL_PREFIX %+ _voprf_pst1_unblind +%xdefine _vpaes_capable _ %+ BORINGSSL_PREFIX %+ _vpaes_capable %xdefine _vpaes_cbc_encrypt _ %+ BORINGSSL_PREFIX %+ _vpaes_cbc_encrypt %xdefine _vpaes_ctr32_encrypt_blocks _ %+ BORINGSSL_PREFIX %+ _vpaes_ctr32_encrypt_blocks %xdefine _vpaes_decrypt _ %+ BORINGSSL_PREFIX %+ _vpaes_decrypt +%xdefine _vpaes_decrypt_key_to_bsaes _ %+ BORINGSSL_PREFIX %+ _vpaes_decrypt_key_to_bsaes %xdefine _vpaes_encrypt _ %+ BORINGSSL_PREFIX %+ _vpaes_encrypt %xdefine _vpaes_set_decrypt_key _ %+ BORINGSSL_PREFIX %+ _vpaes_set_decrypt_key %xdefine _vpaes_set_encrypt_key _ %+ BORINGSSL_PREFIX %+ _vpaes_set_encrypt_key @@ -3052,7 +3380,6 @@ %xdefine _x509v3_looks_like_dns_name _ %+ BORINGSSL_PREFIX %+ _x509v3_looks_like_dns_name %else %xdefine ACCESS_DESCRIPTION_free BORINGSSL_PREFIX %+ _ACCESS_DESCRIPTION_free -%xdefine ACCESS_DESCRIPTION_it BORINGSSL_PREFIX %+ _ACCESS_DESCRIPTION_it %xdefine ACCESS_DESCRIPTION_new BORINGSSL_PREFIX %+ _ACCESS_DESCRIPTION_new %xdefine AES_CMAC BORINGSSL_PREFIX %+ _AES_CMAC %xdefine AES_cbc_encrypt BORINGSSL_PREFIX %+ _AES_cbc_encrypt @@ -3137,9 +3464,7 @@ %xdefine ASN1_PRINTABLE_free BORINGSSL_PREFIX %+ _ASN1_PRINTABLE_free %xdefine ASN1_PRINTABLE_it BORINGSSL_PREFIX %+ _ASN1_PRINTABLE_it %xdefine ASN1_PRINTABLE_new BORINGSSL_PREFIX %+ _ASN1_PRINTABLE_new -%xdefine ASN1_SEQUENCE_ANY_it BORINGSSL_PREFIX %+ _ASN1_SEQUENCE_ANY_it %xdefine ASN1_SEQUENCE_it BORINGSSL_PREFIX %+ _ASN1_SEQUENCE_it -%xdefine ASN1_SET_ANY_it BORINGSSL_PREFIX %+ _ASN1_SET_ANY_it %xdefine ASN1_STRING_TABLE_add BORINGSSL_PREFIX %+ _ASN1_STRING_TABLE_add %xdefine ASN1_STRING_TABLE_cleanup BORINGSSL_PREFIX %+ _ASN1_STRING_TABLE_cleanup %xdefine ASN1_STRING_cmp BORINGSSL_PREFIX %+ _ASN1_STRING_cmp @@ -3279,6 +3604,7 @@ %xdefine BIO_ctrl_get_read_request BORINGSSL_PREFIX %+ _BIO_ctrl_get_read_request %xdefine BIO_ctrl_get_write_guarantee BORINGSSL_PREFIX %+ _BIO_ctrl_get_write_guarantee %xdefine BIO_ctrl_pending BORINGSSL_PREFIX %+ _BIO_ctrl_pending +%xdefine BIO_do_connect BORINGSSL_PREFIX %+ _BIO_do_connect %xdefine BIO_eof BORINGSSL_PREFIX %+ _BIO_eof %xdefine BIO_find_type BORINGSSL_PREFIX %+ _BIO_find_type %xdefine BIO_flush BORINGSSL_PREFIX %+ _BIO_flush @@ -3313,10 +3639,12 @@ %xdefine BIO_method_type BORINGSSL_PREFIX %+ _BIO_method_type %xdefine BIO_new BORINGSSL_PREFIX %+ _BIO_new %xdefine BIO_new_bio_pair BORINGSSL_PREFIX %+ _BIO_new_bio_pair +%xdefine BIO_new_connect BORINGSSL_PREFIX %+ _BIO_new_connect %xdefine BIO_new_fd BORINGSSL_PREFIX %+ _BIO_new_fd %xdefine BIO_new_file BORINGSSL_PREFIX %+ _BIO_new_file %xdefine BIO_new_fp BORINGSSL_PREFIX %+ _BIO_new_fp %xdefine BIO_new_mem_buf BORINGSSL_PREFIX %+ _BIO_new_mem_buf +%xdefine BIO_new_socket BORINGSSL_PREFIX %+ _BIO_new_socket %xdefine BIO_next BORINGSSL_PREFIX %+ _BIO_next %xdefine BIO_number_read BORINGSSL_PREFIX %+ _BIO_number_read %xdefine BIO_number_written BORINGSSL_PREFIX %+ _BIO_number_written @@ -3331,11 +3659,16 @@ %xdefine BIO_read_filename BORINGSSL_PREFIX %+ _BIO_read_filename %xdefine BIO_reset BORINGSSL_PREFIX %+ _BIO_reset %xdefine BIO_rw_filename BORINGSSL_PREFIX %+ _BIO_rw_filename +%xdefine BIO_s_connect BORINGSSL_PREFIX %+ _BIO_s_connect %xdefine BIO_s_fd BORINGSSL_PREFIX %+ _BIO_s_fd %xdefine BIO_s_file BORINGSSL_PREFIX %+ _BIO_s_file %xdefine BIO_s_mem BORINGSSL_PREFIX %+ _BIO_s_mem +%xdefine BIO_s_socket BORINGSSL_PREFIX %+ _BIO_s_socket %xdefine BIO_seek BORINGSSL_PREFIX %+ _BIO_seek %xdefine BIO_set_close BORINGSSL_PREFIX %+ _BIO_set_close +%xdefine BIO_set_conn_hostname BORINGSSL_PREFIX %+ _BIO_set_conn_hostname +%xdefine BIO_set_conn_int_port BORINGSSL_PREFIX %+ _BIO_set_conn_int_port +%xdefine BIO_set_conn_port BORINGSSL_PREFIX %+ _BIO_set_conn_port %xdefine BIO_set_data BORINGSSL_PREFIX %+ _BIO_set_data %xdefine BIO_set_ex_data BORINGSSL_PREFIX %+ _BIO_set_ex_data %xdefine BIO_set_fd BORINGSSL_PREFIX %+ _BIO_set_fd @@ -3344,6 +3677,7 @@ %xdefine BIO_set_init BORINGSSL_PREFIX %+ _BIO_set_init %xdefine BIO_set_mem_buf BORINGSSL_PREFIX %+ _BIO_set_mem_buf %xdefine BIO_set_mem_eof_return BORINGSSL_PREFIX %+ _BIO_set_mem_eof_return +%xdefine BIO_set_nbio BORINGSSL_PREFIX %+ _BIO_set_nbio %xdefine BIO_set_retry_read BORINGSSL_PREFIX %+ _BIO_set_retry_read %xdefine BIO_set_retry_reason BORINGSSL_PREFIX %+ _BIO_set_retry_reason %xdefine BIO_set_retry_special BORINGSSL_PREFIX %+ _BIO_set_retry_special @@ -3570,6 +3904,7 @@ %xdefine CBS_asn1_oid_to_text BORINGSSL_PREFIX %+ _CBS_asn1_oid_to_text %xdefine CBS_contains_zero_byte BORINGSSL_PREFIX %+ _CBS_contains_zero_byte %xdefine CBS_copy_bytes BORINGSSL_PREFIX %+ _CBS_copy_bytes +%xdefine CBS_data BORINGSSL_PREFIX %+ _CBS_data %xdefine CBS_get_any_asn1 BORINGSSL_PREFIX %+ _CBS_get_any_asn1 %xdefine CBS_get_any_asn1_element BORINGSSL_PREFIX %+ _CBS_get_any_asn1_element %xdefine CBS_get_any_ber_asn1_element BORINGSSL_PREFIX %+ _CBS_get_any_ber_asn1_element @@ -3602,10 +3937,12 @@ %xdefine CBS_get_until_first BORINGSSL_PREFIX %+ _CBS_get_until_first %xdefine CBS_get_utf32_be BORINGSSL_PREFIX %+ _CBS_get_utf32_be %xdefine CBS_get_utf8 BORINGSSL_PREFIX %+ _CBS_get_utf8 +%xdefine CBS_init BORINGSSL_PREFIX %+ _CBS_init %xdefine CBS_is_unsigned_asn1_integer BORINGSSL_PREFIX %+ _CBS_is_unsigned_asn1_integer %xdefine CBS_is_valid_asn1_bitstring BORINGSSL_PREFIX %+ _CBS_is_valid_asn1_bitstring %xdefine CBS_is_valid_asn1_integer BORINGSSL_PREFIX %+ _CBS_is_valid_asn1_integer %xdefine CBS_is_valid_asn1_oid BORINGSSL_PREFIX %+ _CBS_is_valid_asn1_oid +%xdefine CBS_len BORINGSSL_PREFIX %+ _CBS_len %xdefine CBS_mem_equal BORINGSSL_PREFIX %+ _CBS_mem_equal %xdefine CBS_parse_generalized_time BORINGSSL_PREFIX %+ _CBS_parse_generalized_time %xdefine CBS_parse_utc_time BORINGSSL_PREFIX %+ _CBS_parse_utc_time @@ -3654,6 +3991,9 @@ %xdefine CRYPTO_THREADID_set_callback BORINGSSL_PREFIX %+ _CRYPTO_THREADID_set_callback %xdefine CRYPTO_THREADID_set_numeric BORINGSSL_PREFIX %+ _CRYPTO_THREADID_set_numeric %xdefine CRYPTO_THREADID_set_pointer BORINGSSL_PREFIX %+ _CRYPTO_THREADID_set_pointer +%xdefine CRYPTO_atomic_compare_exchange_weak_u32 BORINGSSL_PREFIX %+ _CRYPTO_atomic_compare_exchange_weak_u32 +%xdefine CRYPTO_atomic_load_u32 BORINGSSL_PREFIX %+ _CRYPTO_atomic_load_u32 +%xdefine CRYPTO_atomic_store_u32 BORINGSSL_PREFIX %+ _CRYPTO_atomic_store_u32 %xdefine CRYPTO_cbc128_decrypt BORINGSSL_PREFIX %+ _CRYPTO_cbc128_decrypt %xdefine CRYPTO_cbc128_encrypt BORINGSSL_PREFIX %+ _CRYPTO_cbc128_encrypt %xdefine CRYPTO_cfb128_1_encrypt BORINGSSL_PREFIX %+ _CRYPTO_cfb128_1_encrypt @@ -3661,6 +4001,7 @@ %xdefine CRYPTO_cfb128_encrypt BORINGSSL_PREFIX %+ _CRYPTO_cfb128_encrypt %xdefine CRYPTO_chacha_20 BORINGSSL_PREFIX %+ _CRYPTO_chacha_20 %xdefine CRYPTO_cleanup_all_ex_data BORINGSSL_PREFIX %+ _CRYPTO_cleanup_all_ex_data +%xdefine CRYPTO_cpu_perf_is_like_silvermont BORINGSSL_PREFIX %+ _CRYPTO_cpu_perf_is_like_silvermont %xdefine CRYPTO_ctr128_encrypt BORINGSSL_PREFIX %+ _CRYPTO_ctr128_encrypt %xdefine CRYPTO_ctr128_encrypt_ctr32 BORINGSSL_PREFIX %+ _CRYPTO_ctr128_encrypt_ctr32 %xdefine CRYPTO_fips_186_2_prf BORINGSSL_PREFIX %+ _CRYPTO_fips_186_2_prf @@ -3690,7 +4031,27 @@ %xdefine CRYPTO_has_asm BORINGSSL_PREFIX %+ _CRYPTO_has_asm %xdefine CRYPTO_hchacha20 BORINGSSL_PREFIX %+ _CRYPTO_hchacha20 %xdefine CRYPTO_init_sysrand BORINGSSL_PREFIX %+ _CRYPTO_init_sysrand +%xdefine CRYPTO_is_ADX_capable BORINGSSL_PREFIX %+ _CRYPTO_is_ADX_capable +%xdefine CRYPTO_is_AESNI_capable BORINGSSL_PREFIX %+ _CRYPTO_is_AESNI_capable +%xdefine CRYPTO_is_ARMv8_AES_capable BORINGSSL_PREFIX %+ _CRYPTO_is_ARMv8_AES_capable +%xdefine CRYPTO_is_ARMv8_PMULL_capable BORINGSSL_PREFIX %+ _CRYPTO_is_ARMv8_PMULL_capable +%xdefine CRYPTO_is_ARMv8_SHA1_capable BORINGSSL_PREFIX %+ _CRYPTO_is_ARMv8_SHA1_capable +%xdefine CRYPTO_is_ARMv8_SHA256_capable BORINGSSL_PREFIX %+ _CRYPTO_is_ARMv8_SHA256_capable +%xdefine CRYPTO_is_ARMv8_SHA512_capable BORINGSSL_PREFIX %+ _CRYPTO_is_ARMv8_SHA512_capable +%xdefine CRYPTO_is_AVX2_capable BORINGSSL_PREFIX %+ _CRYPTO_is_AVX2_capable +%xdefine CRYPTO_is_AVX_capable BORINGSSL_PREFIX %+ _CRYPTO_is_AVX_capable +%xdefine CRYPTO_is_BMI1_capable BORINGSSL_PREFIX %+ _CRYPTO_is_BMI1_capable +%xdefine CRYPTO_is_BMI2_capable BORINGSSL_PREFIX %+ _CRYPTO_is_BMI2_capable +%xdefine CRYPTO_is_FXSR_capable BORINGSSL_PREFIX %+ _CRYPTO_is_FXSR_capable +%xdefine CRYPTO_is_MOVBE_capable BORINGSSL_PREFIX %+ _CRYPTO_is_MOVBE_capable +%xdefine CRYPTO_is_NEON_capable BORINGSSL_PREFIX %+ _CRYPTO_is_NEON_capable +%xdefine CRYPTO_is_PCLMUL_capable BORINGSSL_PREFIX %+ _CRYPTO_is_PCLMUL_capable +%xdefine CRYPTO_is_RDRAND_capable BORINGSSL_PREFIX %+ _CRYPTO_is_RDRAND_capable +%xdefine CRYPTO_is_SSE4_1_capable BORINGSSL_PREFIX %+ _CRYPTO_is_SSE4_1_capable +%xdefine CRYPTO_is_SSSE3_capable BORINGSSL_PREFIX %+ _CRYPTO_is_SSSE3_capable %xdefine CRYPTO_is_confidential_build BORINGSSL_PREFIX %+ _CRYPTO_is_confidential_build +%xdefine CRYPTO_is_intel_cpu BORINGSSL_PREFIX %+ _CRYPTO_is_intel_cpu +%xdefine CRYPTO_is_x86_SHA_capable BORINGSSL_PREFIX %+ _CRYPTO_is_x86_SHA_capable %xdefine CRYPTO_library_init BORINGSSL_PREFIX %+ _CRYPTO_library_init %xdefine CRYPTO_malloc BORINGSSL_PREFIX %+ _CRYPTO_malloc %xdefine CRYPTO_malloc_init BORINGSSL_PREFIX %+ _CRYPTO_malloc_init @@ -3724,6 +4085,7 @@ %xdefine CRYPTO_sysrand_if_available BORINGSSL_PREFIX %+ _CRYPTO_sysrand_if_available %xdefine CRYPTO_tls13_hkdf_expand_label BORINGSSL_PREFIX %+ _CRYPTO_tls13_hkdf_expand_label %xdefine CRYPTO_tls1_prf BORINGSSL_PREFIX %+ _CRYPTO_tls1_prf +%xdefine CRYPTO_xor16 BORINGSSL_PREFIX %+ _CRYPTO_xor16 %xdefine CTR_DRBG_clear BORINGSSL_PREFIX %+ _CTR_DRBG_clear %xdefine CTR_DRBG_free BORINGSSL_PREFIX %+ _CTR_DRBG_free %xdefine CTR_DRBG_generate BORINGSSL_PREFIX %+ _CTR_DRBG_generate @@ -3731,10 +4093,14 @@ %xdefine CTR_DRBG_new BORINGSSL_PREFIX %+ _CTR_DRBG_new %xdefine CTR_DRBG_reseed BORINGSSL_PREFIX %+ _CTR_DRBG_reseed %xdefine ChaCha20_ctr32_avx2 BORINGSSL_PREFIX %+ _ChaCha20_ctr32_avx2 +%xdefine ChaCha20_ctr32_avx2_capable BORINGSSL_PREFIX %+ _ChaCha20_ctr32_avx2_capable %xdefine ChaCha20_ctr32_neon BORINGSSL_PREFIX %+ _ChaCha20_ctr32_neon +%xdefine ChaCha20_ctr32_neon_capable BORINGSSL_PREFIX %+ _ChaCha20_ctr32_neon_capable %xdefine ChaCha20_ctr32_nohw BORINGSSL_PREFIX %+ _ChaCha20_ctr32_nohw %xdefine ChaCha20_ctr32_ssse3 BORINGSSL_PREFIX %+ _ChaCha20_ctr32_ssse3 %xdefine ChaCha20_ctr32_ssse3_4x BORINGSSL_PREFIX %+ _ChaCha20_ctr32_ssse3_4x +%xdefine ChaCha20_ctr32_ssse3_4x_capable BORINGSSL_PREFIX %+ _ChaCha20_ctr32_ssse3_4x_capable +%xdefine ChaCha20_ctr32_ssse3_capable BORINGSSL_PREFIX %+ _ChaCha20_ctr32_ssse3_capable %xdefine DES_decrypt3 BORINGSSL_PREFIX %+ _DES_decrypt3 %xdefine DES_ecb3_encrypt BORINGSSL_PREFIX %+ _DES_ecb3_encrypt %xdefine DES_ecb3_encrypt_ex BORINGSSL_PREFIX %+ _DES_ecb3_encrypt_ex @@ -3794,10 +4160,8 @@ %xdefine DISPLAYTEXT_it BORINGSSL_PREFIX %+ _DISPLAYTEXT_it %xdefine DISPLAYTEXT_new BORINGSSL_PREFIX %+ _DISPLAYTEXT_new %xdefine DIST_POINT_NAME_free BORINGSSL_PREFIX %+ _DIST_POINT_NAME_free -%xdefine DIST_POINT_NAME_it BORINGSSL_PREFIX %+ _DIST_POINT_NAME_it %xdefine DIST_POINT_NAME_new BORINGSSL_PREFIX %+ _DIST_POINT_NAME_new %xdefine DIST_POINT_free BORINGSSL_PREFIX %+ _DIST_POINT_free -%xdefine DIST_POINT_it BORINGSSL_PREFIX %+ _DIST_POINT_it %xdefine DIST_POINT_new BORINGSSL_PREFIX %+ _DIST_POINT_new %xdefine DIST_POINT_set_dpname BORINGSSL_PREFIX %+ _DIST_POINT_set_dpname %xdefine DSA_SIG_free BORINGSSL_PREFIX %+ _DSA_SIG_free @@ -3954,7 +4318,6 @@ %xdefine ED25519_sign BORINGSSL_PREFIX %+ _ED25519_sign %xdefine ED25519_verify BORINGSSL_PREFIX %+ _ED25519_verify %xdefine EDIPARTYNAME_free BORINGSSL_PREFIX %+ _EDIPARTYNAME_free -%xdefine EDIPARTYNAME_it BORINGSSL_PREFIX %+ _EDIPARTYNAME_it %xdefine EDIPARTYNAME_new BORINGSSL_PREFIX %+ _EDIPARTYNAME_new %xdefine ENGINE_free BORINGSSL_PREFIX %+ _ENGINE_free %xdefine ENGINE_get_ECDSA_method BORINGSSL_PREFIX %+ _ENGINE_get_ECDSA_method @@ -3964,6 +4327,8 @@ %xdefine ENGINE_register_all_complete BORINGSSL_PREFIX %+ _ENGINE_register_all_complete %xdefine ENGINE_set_ECDSA_method BORINGSSL_PREFIX %+ _ENGINE_set_ECDSA_method %xdefine ENGINE_set_RSA_method BORINGSSL_PREFIX %+ _ENGINE_set_RSA_method +%xdefine ERR_GET_LIB BORINGSSL_PREFIX %+ _ERR_GET_LIB +%xdefine ERR_GET_REASON BORINGSSL_PREFIX %+ _ERR_GET_REASON %xdefine ERR_SAVE_STATE_free BORINGSSL_PREFIX %+ _ERR_SAVE_STATE_free %xdefine ERR_add_error_data BORINGSSL_PREFIX %+ _ERR_add_error_data %xdefine ERR_add_error_dataf BORINGSSL_PREFIX %+ _ERR_add_error_dataf @@ -4363,7 +4728,6 @@ %xdefine GENERAL_NAME_set0_othername BORINGSSL_PREFIX %+ _GENERAL_NAME_set0_othername %xdefine GENERAL_NAME_set0_value BORINGSSL_PREFIX %+ _GENERAL_NAME_set0_value %xdefine GENERAL_SUBTREE_free BORINGSSL_PREFIX %+ _GENERAL_SUBTREE_free -%xdefine GENERAL_SUBTREE_it BORINGSSL_PREFIX %+ _GENERAL_SUBTREE_it %xdefine GENERAL_SUBTREE_new BORINGSSL_PREFIX %+ _GENERAL_SUBTREE_new %xdefine HKDF BORINGSSL_PREFIX %+ _HKDF %xdefine HKDF_expand BORINGSSL_PREFIX %+ _HKDF_expand @@ -4427,6 +4791,28 @@ %xdefine MLDSA65_sign_internal BORINGSSL_PREFIX %+ _MLDSA65_sign_internal %xdefine MLDSA65_verify BORINGSSL_PREFIX %+ _MLDSA65_verify %xdefine MLDSA65_verify_internal BORINGSSL_PREFIX %+ _MLDSA65_verify_internal +%xdefine MLKEM1024_decap BORINGSSL_PREFIX %+ _MLKEM1024_decap +%xdefine MLKEM1024_encap BORINGSSL_PREFIX %+ _MLKEM1024_encap +%xdefine MLKEM1024_encap_external_entropy BORINGSSL_PREFIX %+ _MLKEM1024_encap_external_entropy +%xdefine MLKEM1024_generate_key BORINGSSL_PREFIX %+ _MLKEM1024_generate_key +%xdefine MLKEM1024_generate_key_external_seed BORINGSSL_PREFIX %+ _MLKEM1024_generate_key_external_seed +%xdefine MLKEM1024_marshal_private_key BORINGSSL_PREFIX %+ _MLKEM1024_marshal_private_key +%xdefine MLKEM1024_marshal_public_key BORINGSSL_PREFIX %+ _MLKEM1024_marshal_public_key +%xdefine MLKEM1024_parse_private_key BORINGSSL_PREFIX %+ _MLKEM1024_parse_private_key +%xdefine MLKEM1024_parse_public_key BORINGSSL_PREFIX %+ _MLKEM1024_parse_public_key +%xdefine MLKEM1024_private_key_from_seed BORINGSSL_PREFIX %+ _MLKEM1024_private_key_from_seed +%xdefine MLKEM1024_public_from_private BORINGSSL_PREFIX %+ _MLKEM1024_public_from_private +%xdefine MLKEM768_decap BORINGSSL_PREFIX %+ _MLKEM768_decap +%xdefine MLKEM768_encap BORINGSSL_PREFIX %+ _MLKEM768_encap +%xdefine MLKEM768_encap_external_entropy BORINGSSL_PREFIX %+ _MLKEM768_encap_external_entropy +%xdefine MLKEM768_generate_key BORINGSSL_PREFIX %+ _MLKEM768_generate_key +%xdefine MLKEM768_generate_key_external_seed BORINGSSL_PREFIX %+ _MLKEM768_generate_key_external_seed +%xdefine MLKEM768_marshal_private_key BORINGSSL_PREFIX %+ _MLKEM768_marshal_private_key +%xdefine MLKEM768_marshal_public_key BORINGSSL_PREFIX %+ _MLKEM768_marshal_public_key +%xdefine MLKEM768_parse_private_key BORINGSSL_PREFIX %+ _MLKEM768_parse_private_key +%xdefine MLKEM768_parse_public_key BORINGSSL_PREFIX %+ _MLKEM768_parse_public_key +%xdefine MLKEM768_private_key_from_seed BORINGSSL_PREFIX %+ _MLKEM768_private_key_from_seed +%xdefine MLKEM768_public_from_private BORINGSSL_PREFIX %+ _MLKEM768_public_from_private %xdefine NAME_CONSTRAINTS_check BORINGSSL_PREFIX %+ _NAME_CONSTRAINTS_check %xdefine NAME_CONSTRAINTS_free BORINGSSL_PREFIX %+ _NAME_CONSTRAINTS_free %xdefine NAME_CONSTRAINTS_it BORINGSSL_PREFIX %+ _NAME_CONSTRAINTS_it @@ -4553,7 +4939,6 @@ %xdefine OPENSSL_vasprintf_internal BORINGSSL_PREFIX %+ _OPENSSL_vasprintf_internal %xdefine OPENSSL_zalloc BORINGSSL_PREFIX %+ _OPENSSL_zalloc %xdefine OTHERNAME_free BORINGSSL_PREFIX %+ _OTHERNAME_free -%xdefine OTHERNAME_it BORINGSSL_PREFIX %+ _OTHERNAME_it %xdefine OTHERNAME_new BORINGSSL_PREFIX %+ _OTHERNAME_new %xdefine OpenSSL_add_all_algorithms BORINGSSL_PREFIX %+ _OpenSSL_add_all_algorithms %xdefine OpenSSL_add_all_ciphers BORINGSSL_PREFIX %+ _OpenSSL_add_all_ciphers @@ -4680,7 +5065,6 @@ %xdefine PKCS7_type_is_signed BORINGSSL_PREFIX %+ _PKCS7_type_is_signed %xdefine PKCS7_type_is_signedAndEnveloped BORINGSSL_PREFIX %+ _PKCS7_type_is_signedAndEnveloped %xdefine PKCS8_PRIV_KEY_INFO_free BORINGSSL_PREFIX %+ _PKCS8_PRIV_KEY_INFO_free -%xdefine PKCS8_PRIV_KEY_INFO_it BORINGSSL_PREFIX %+ _PKCS8_PRIV_KEY_INFO_it %xdefine PKCS8_PRIV_KEY_INFO_new BORINGSSL_PREFIX %+ _PKCS8_PRIV_KEY_INFO_new %xdefine PKCS8_decrypt BORINGSSL_PREFIX %+ _PKCS8_decrypt %xdefine PKCS8_encrypt BORINGSSL_PREFIX %+ _PKCS8_encrypt @@ -4697,7 +5081,6 @@ %xdefine POLICY_CONSTRAINTS_new BORINGSSL_PREFIX %+ _POLICY_CONSTRAINTS_new %xdefine POLICY_MAPPINGS_it BORINGSSL_PREFIX %+ _POLICY_MAPPINGS_it %xdefine POLICY_MAPPING_free BORINGSSL_PREFIX %+ _POLICY_MAPPING_free -%xdefine POLICY_MAPPING_it BORINGSSL_PREFIX %+ _POLICY_MAPPING_it %xdefine POLICY_MAPPING_new BORINGSSL_PREFIX %+ _POLICY_MAPPING_new %xdefine RAND_OpenSSL BORINGSSL_PREFIX %+ _RAND_OpenSSL %xdefine RAND_SSLeay BORINGSSL_PREFIX %+ _RAND_SSLeay @@ -4825,6 +5208,8 @@ %xdefine SIPHASH_24 BORINGSSL_PREFIX %+ _SIPHASH_24 %xdefine SLHDSA_SHA2_128S_generate_key BORINGSSL_PREFIX %+ _SLHDSA_SHA2_128S_generate_key %xdefine SLHDSA_SHA2_128S_generate_key_from_seed BORINGSSL_PREFIX %+ _SLHDSA_SHA2_128S_generate_key_from_seed +%xdefine SLHDSA_SHA2_128S_prehash_warning_nonstandard_sign BORINGSSL_PREFIX %+ _SLHDSA_SHA2_128S_prehash_warning_nonstandard_sign +%xdefine SLHDSA_SHA2_128S_prehash_warning_nonstandard_verify BORINGSSL_PREFIX %+ _SLHDSA_SHA2_128S_prehash_warning_nonstandard_verify %xdefine SLHDSA_SHA2_128S_public_from_private BORINGSSL_PREFIX %+ _SLHDSA_SHA2_128S_public_from_private %xdefine SLHDSA_SHA2_128S_sign BORINGSSL_PREFIX %+ _SLHDSA_SHA2_128S_sign %xdefine SLHDSA_SHA2_128S_sign_internal BORINGSSL_PREFIX %+ _SLHDSA_SHA2_128S_sign_internal @@ -4999,7 +5384,6 @@ %xdefine X509_LOOKUP_free BORINGSSL_PREFIX %+ _X509_LOOKUP_free %xdefine X509_LOOKUP_hash_dir BORINGSSL_PREFIX %+ _X509_LOOKUP_hash_dir %xdefine X509_LOOKUP_load_file BORINGSSL_PREFIX %+ _X509_LOOKUP_load_file -%xdefine X509_NAME_ENTRIES_it BORINGSSL_PREFIX %+ _X509_NAME_ENTRIES_it %xdefine X509_NAME_ENTRY_create_by_NID BORINGSSL_PREFIX %+ _X509_NAME_ENTRY_create_by_NID %xdefine X509_NAME_ENTRY_create_by_OBJ BORINGSSL_PREFIX %+ _X509_NAME_ENTRY_create_by_OBJ %xdefine X509_NAME_ENTRY_create_by_txt BORINGSSL_PREFIX %+ _X509_NAME_ENTRY_create_by_txt @@ -5012,7 +5396,6 @@ %xdefine X509_NAME_ENTRY_set BORINGSSL_PREFIX %+ _X509_NAME_ENTRY_set %xdefine X509_NAME_ENTRY_set_data BORINGSSL_PREFIX %+ _X509_NAME_ENTRY_set_data %xdefine X509_NAME_ENTRY_set_object BORINGSSL_PREFIX %+ _X509_NAME_ENTRY_set_object -%xdefine X509_NAME_INTERNAL_it BORINGSSL_PREFIX %+ _X509_NAME_INTERNAL_it %xdefine X509_NAME_add_entry BORINGSSL_PREFIX %+ _X509_NAME_add_entry %xdefine X509_NAME_add_entry_by_NID BORINGSSL_PREFIX %+ _X509_NAME_add_entry_by_NID %xdefine X509_NAME_add_entry_by_OBJ BORINGSSL_PREFIX %+ _X509_NAME_add_entry_by_OBJ @@ -5117,7 +5500,6 @@ %xdefine X509_SIG_free BORINGSSL_PREFIX %+ _X509_SIG_free %xdefine X509_SIG_get0 BORINGSSL_PREFIX %+ _X509_SIG_get0 %xdefine X509_SIG_getm BORINGSSL_PREFIX %+ _X509_SIG_getm -%xdefine X509_SIG_it BORINGSSL_PREFIX %+ _X509_SIG_it %xdefine X509_SIG_new BORINGSSL_PREFIX %+ _X509_SIG_new %xdefine X509_STORE_CTX_cleanup BORINGSSL_PREFIX %+ _X509_STORE_CTX_cleanup %xdefine X509_STORE_CTX_free BORINGSSL_PREFIX %+ _X509_STORE_CTX_free @@ -5324,6 +5706,7 @@ %xdefine X509v3_get_ext_by_OBJ BORINGSSL_PREFIX %+ _X509v3_get_ext_by_OBJ %xdefine X509v3_get_ext_by_critical BORINGSSL_PREFIX %+ _X509v3_get_ext_by_critical %xdefine X509v3_get_ext_count BORINGSSL_PREFIX %+ _X509v3_get_ext_count +%xdefine __clang_call_terminate BORINGSSL_PREFIX %+ ___clang_call_terminate %xdefine a2i_IPADDRESS BORINGSSL_PREFIX %+ _a2i_IPADDRESS %xdefine a2i_IPADDRESS_NC BORINGSSL_PREFIX %+ _a2i_IPADDRESS_NC %xdefine aes128gcmsiv_aes_ks BORINGSSL_PREFIX %+ _aes128gcmsiv_aes_ks @@ -5352,6 +5735,7 @@ %xdefine aes_hw_set_decrypt_key BORINGSSL_PREFIX %+ _aes_hw_set_decrypt_key %xdefine aes_hw_set_encrypt_key BORINGSSL_PREFIX %+ _aes_hw_set_encrypt_key %xdefine aes_hw_set_encrypt_key_alt BORINGSSL_PREFIX %+ _aes_hw_set_encrypt_key_alt +%xdefine aes_hw_set_encrypt_key_alt_preferred BORINGSSL_PREFIX %+ _aes_hw_set_encrypt_key_alt_preferred %xdefine aes_hw_set_encrypt_key_base BORINGSSL_PREFIX %+ _aes_hw_set_encrypt_key_base %xdefine aes_nohw_cbc_encrypt BORINGSSL_PREFIX %+ _aes_nohw_cbc_encrypt %xdefine aes_nohw_ctr32_encrypt_blocks BORINGSSL_PREFIX %+ _aes_nohw_ctr32_encrypt_blocks @@ -5385,12 +5769,18 @@ %xdefine asn1_type_value_as_pointer BORINGSSL_PREFIX %+ _asn1_type_value_as_pointer %xdefine asn1_utctime_to_tm BORINGSSL_PREFIX %+ _asn1_utctime_to_tm %xdefine beeu_mod_inverse_vartime BORINGSSL_PREFIX %+ _beeu_mod_inverse_vartime +%xdefine bio_clear_socket_error BORINGSSL_PREFIX %+ _bio_clear_socket_error %xdefine bio_errno_should_retry BORINGSSL_PREFIX %+ _bio_errno_should_retry +%xdefine bio_ip_and_port_to_socket_and_addr BORINGSSL_PREFIX %+ _bio_ip_and_port_to_socket_and_addr +%xdefine bio_sock_error BORINGSSL_PREFIX %+ _bio_sock_error +%xdefine bio_socket_nbio BORINGSSL_PREFIX %+ _bio_socket_nbio +%xdefine bio_socket_should_retry BORINGSSL_PREFIX %+ _bio_socket_should_retry %xdefine bn_abs_sub_consttime BORINGSSL_PREFIX %+ _bn_abs_sub_consttime %xdefine bn_add_words BORINGSSL_PREFIX %+ _bn_add_words %xdefine bn_assert_fits_in_bytes BORINGSSL_PREFIX %+ _bn_assert_fits_in_bytes %xdefine bn_big_endian_to_words BORINGSSL_PREFIX %+ _bn_big_endian_to_words %xdefine bn_copy_words BORINGSSL_PREFIX %+ _bn_copy_words +%xdefine bn_declassify BORINGSSL_PREFIX %+ _bn_declassify %xdefine bn_div_consttime BORINGSSL_PREFIX %+ _bn_div_consttime %xdefine bn_expand BORINGSSL_PREFIX %+ _bn_expand %xdefine bn_fits_in_words BORINGSSL_PREFIX %+ _bn_fits_in_words @@ -5424,7 +5814,9 @@ %xdefine bn_mont_ctx_set_RR_consttime BORINGSSL_PREFIX %+ _bn_mont_ctx_set_RR_consttime %xdefine bn_mont_n0 BORINGSSL_PREFIX %+ _bn_mont_n0 %xdefine bn_mul4x_mont BORINGSSL_PREFIX %+ _bn_mul4x_mont +%xdefine bn_mul4x_mont_capable BORINGSSL_PREFIX %+ _bn_mul4x_mont_capable %xdefine bn_mul4x_mont_gather5 BORINGSSL_PREFIX %+ _bn_mul4x_mont_gather5 +%xdefine bn_mul4x_mont_gather5_capable BORINGSSL_PREFIX %+ _bn_mul4x_mont_gather5_capable %xdefine bn_mul_add_words BORINGSSL_PREFIX %+ _bn_mul_add_words %xdefine bn_mul_comba4 BORINGSSL_PREFIX %+ _bn_mul_comba4 %xdefine bn_mul_comba8 BORINGSSL_PREFIX %+ _bn_mul_comba8 @@ -5435,11 +5827,16 @@ %xdefine bn_mul_small BORINGSSL_PREFIX %+ _bn_mul_small %xdefine bn_mul_words BORINGSSL_PREFIX %+ _bn_mul_words %xdefine bn_mulx4x_mont BORINGSSL_PREFIX %+ _bn_mulx4x_mont +%xdefine bn_mulx4x_mont_capable BORINGSSL_PREFIX %+ _bn_mulx4x_mont_capable %xdefine bn_mulx4x_mont_gather5 BORINGSSL_PREFIX %+ _bn_mulx4x_mont_gather5 +%xdefine bn_mulx4x_mont_gather5_capable BORINGSSL_PREFIX %+ _bn_mulx4x_mont_gather5_capable +%xdefine bn_mulx_adx_capable BORINGSSL_PREFIX %+ _bn_mulx_adx_capable %xdefine bn_odd_number_is_obviously_composite BORINGSSL_PREFIX %+ _bn_odd_number_is_obviously_composite %xdefine bn_one_to_montgomery BORINGSSL_PREFIX %+ _bn_one_to_montgomery +%xdefine bn_power5_capable BORINGSSL_PREFIX %+ _bn_power5_capable %xdefine bn_power5_nohw BORINGSSL_PREFIX %+ _bn_power5_nohw %xdefine bn_powerx5 BORINGSSL_PREFIX %+ _bn_powerx5 +%xdefine bn_powerx5_capable BORINGSSL_PREFIX %+ _bn_powerx5_capable %xdefine bn_rand_range_words BORINGSSL_PREFIX %+ _bn_rand_range_words %xdefine bn_rand_secret_range BORINGSSL_PREFIX %+ _bn_rand_secret_range %xdefine bn_reduce_once BORINGSSL_PREFIX %+ _bn_reduce_once @@ -5449,12 +5846,14 @@ %xdefine bn_rshift_secret_shift BORINGSSL_PREFIX %+ _bn_rshift_secret_shift %xdefine bn_rshift_words BORINGSSL_PREFIX %+ _bn_rshift_words %xdefine bn_scatter5 BORINGSSL_PREFIX %+ _bn_scatter5 +%xdefine bn_secret BORINGSSL_PREFIX %+ _bn_secret %xdefine bn_select_words BORINGSSL_PREFIX %+ _bn_select_words %xdefine bn_set_minimal_width BORINGSSL_PREFIX %+ _bn_set_minimal_width %xdefine bn_set_static_words BORINGSSL_PREFIX %+ _bn_set_static_words %xdefine bn_set_words BORINGSSL_PREFIX %+ _bn_set_words %xdefine bn_sqr8x_internal BORINGSSL_PREFIX %+ _bn_sqr8x_internal %xdefine bn_sqr8x_mont BORINGSSL_PREFIX %+ _bn_sqr8x_mont +%xdefine bn_sqr8x_mont_capable BORINGSSL_PREFIX %+ _bn_sqr8x_mont_capable %xdefine bn_sqr_comba4 BORINGSSL_PREFIX %+ _bn_sqr_comba4 %xdefine bn_sqr_comba8 BORINGSSL_PREFIX %+ _bn_sqr_comba8 %xdefine bn_sqr_consttime BORINGSSL_PREFIX %+ _bn_sqr_consttime @@ -5467,12 +5866,20 @@ %xdefine bn_usub_consttime BORINGSSL_PREFIX %+ _bn_usub_consttime %xdefine bn_wexpand BORINGSSL_PREFIX %+ _bn_wexpand %xdefine bn_words_to_big_endian BORINGSSL_PREFIX %+ _bn_words_to_big_endian +%xdefine boringssl_ensure_ecc_self_test BORINGSSL_PREFIX %+ _boringssl_ensure_ecc_self_test +%xdefine boringssl_ensure_ffdh_self_test BORINGSSL_PREFIX %+ _boringssl_ensure_ffdh_self_test +%xdefine boringssl_ensure_rsa_self_test BORINGSSL_PREFIX %+ _boringssl_ensure_rsa_self_test +%xdefine boringssl_fips_break_test BORINGSSL_PREFIX %+ _boringssl_fips_break_test +%xdefine boringssl_fips_inc_counter BORINGSSL_PREFIX %+ _boringssl_fips_inc_counter %xdefine boringssl_self_test_hmac_sha256 BORINGSSL_PREFIX %+ _boringssl_self_test_hmac_sha256 %xdefine boringssl_self_test_sha256 BORINGSSL_PREFIX %+ _boringssl_self_test_sha256 %xdefine boringssl_self_test_sha512 BORINGSSL_PREFIX %+ _boringssl_self_test_sha512 +%xdefine bsaes_capable BORINGSSL_PREFIX %+ _bsaes_capable +%xdefine bsaes_cbc_encrypt BORINGSSL_PREFIX %+ _bsaes_cbc_encrypt %xdefine c2i_ASN1_BIT_STRING BORINGSSL_PREFIX %+ _c2i_ASN1_BIT_STRING %xdefine c2i_ASN1_INTEGER BORINGSSL_PREFIX %+ _c2i_ASN1_INTEGER %xdefine c2i_ASN1_OBJECT BORINGSSL_PREFIX %+ _c2i_ASN1_OBJECT +%xdefine chacha20_poly1305_asm_capable BORINGSSL_PREFIX %+ _chacha20_poly1305_asm_capable %xdefine chacha20_poly1305_open BORINGSSL_PREFIX %+ _chacha20_poly1305_open %xdefine chacha20_poly1305_open_avx2 BORINGSSL_PREFIX %+ _chacha20_poly1305_open_avx2 %xdefine chacha20_poly1305_open_nohw BORINGSSL_PREFIX %+ _chacha20_poly1305_open_nohw @@ -5719,7 +6126,6 @@ %xdefine ecp_nistz256_sub BORINGSSL_PREFIX %+ _ecp_nistz256_sub %xdefine ed25519_asn1_meth BORINGSSL_PREFIX %+ _ed25519_asn1_meth %xdefine ed25519_pkey_meth BORINGSSL_PREFIX %+ _ed25519_pkey_meth -%xdefine evp_md_md5_sha1 BORINGSSL_PREFIX %+ _evp_md_md5_sha1 %xdefine evp_pkey_set_method BORINGSSL_PREFIX %+ _evp_pkey_set_method %xdefine fiat_curve25519_adx_mul BORINGSSL_PREFIX %+ _fiat_curve25519_adx_mul %xdefine fiat_curve25519_adx_square BORINGSSL_PREFIX %+ _fiat_curve25519_adx_square @@ -5743,7 +6149,12 @@ %xdefine gcm_init_nohw BORINGSSL_PREFIX %+ _gcm_init_nohw %xdefine gcm_init_ssse3 BORINGSSL_PREFIX %+ _gcm_init_ssse3 %xdefine gcm_init_v8 BORINGSSL_PREFIX %+ _gcm_init_v8 +%xdefine gcm_neon_capable BORINGSSL_PREFIX %+ _gcm_neon_capable +%xdefine gcm_pmull_capable BORINGSSL_PREFIX %+ _gcm_pmull_capable +%xdefine have_fast_rdrand BORINGSSL_PREFIX %+ _have_fast_rdrand +%xdefine have_rdrand BORINGSSL_PREFIX %+ _have_rdrand %xdefine hkdf_pkey_meth BORINGSSL_PREFIX %+ _hkdf_pkey_meth +%xdefine hwaes_capable BORINGSSL_PREFIX %+ _hwaes_capable %xdefine i2a_ASN1_ENUMERATED BORINGSSL_PREFIX %+ _i2a_ASN1_ENUMERATED %xdefine i2a_ASN1_INTEGER BORINGSSL_PREFIX %+ _i2a_ASN1_INTEGER %xdefine i2a_ASN1_OBJECT BORINGSSL_PREFIX %+ _i2a_ASN1_OBJECT @@ -5879,7 +6290,30 @@ %xdefine kOpenSSLReasonStringData BORINGSSL_PREFIX %+ _kOpenSSLReasonStringData %xdefine kOpenSSLReasonValues BORINGSSL_PREFIX %+ _kOpenSSLReasonValues %xdefine kOpenSSLReasonValuesLen BORINGSSL_PREFIX %+ _kOpenSSLReasonValuesLen -%xdefine md4_block_data_order BORINGSSL_PREFIX %+ _md4_block_data_order +%xdefine lh_CONF_SECTION_call_cmp_func BORINGSSL_PREFIX %+ _lh_CONF_SECTION_call_cmp_func +%xdefine lh_CONF_SECTION_call_doall_arg BORINGSSL_PREFIX %+ _lh_CONF_SECTION_call_doall_arg +%xdefine lh_CONF_SECTION_call_hash_func BORINGSSL_PREFIX %+ _lh_CONF_SECTION_call_hash_func +%xdefine lh_CONF_SECTION_doall_arg BORINGSSL_PREFIX %+ _lh_CONF_SECTION_doall_arg +%xdefine lh_CONF_SECTION_free BORINGSSL_PREFIX %+ _lh_CONF_SECTION_free +%xdefine lh_CONF_SECTION_insert BORINGSSL_PREFIX %+ _lh_CONF_SECTION_insert +%xdefine lh_CONF_SECTION_new BORINGSSL_PREFIX %+ _lh_CONF_SECTION_new +%xdefine lh_CONF_SECTION_retrieve BORINGSSL_PREFIX %+ _lh_CONF_SECTION_retrieve +%xdefine lh_CONF_VALUE_call_cmp_func BORINGSSL_PREFIX %+ _lh_CONF_VALUE_call_cmp_func +%xdefine lh_CONF_VALUE_call_doall_arg BORINGSSL_PREFIX %+ _lh_CONF_VALUE_call_doall_arg +%xdefine lh_CONF_VALUE_call_hash_func BORINGSSL_PREFIX %+ _lh_CONF_VALUE_call_hash_func +%xdefine lh_CONF_VALUE_doall_arg BORINGSSL_PREFIX %+ _lh_CONF_VALUE_doall_arg +%xdefine lh_CONF_VALUE_free BORINGSSL_PREFIX %+ _lh_CONF_VALUE_free +%xdefine lh_CONF_VALUE_insert BORINGSSL_PREFIX %+ _lh_CONF_VALUE_insert +%xdefine lh_CONF_VALUE_new BORINGSSL_PREFIX %+ _lh_CONF_VALUE_new +%xdefine lh_CONF_VALUE_retrieve BORINGSSL_PREFIX %+ _lh_CONF_VALUE_retrieve +%xdefine lh_CRYPTO_BUFFER_call_cmp_func BORINGSSL_PREFIX %+ _lh_CRYPTO_BUFFER_call_cmp_func +%xdefine lh_CRYPTO_BUFFER_call_hash_func BORINGSSL_PREFIX %+ _lh_CRYPTO_BUFFER_call_hash_func +%xdefine lh_CRYPTO_BUFFER_delete BORINGSSL_PREFIX %+ _lh_CRYPTO_BUFFER_delete +%xdefine lh_CRYPTO_BUFFER_free BORINGSSL_PREFIX %+ _lh_CRYPTO_BUFFER_free +%xdefine lh_CRYPTO_BUFFER_insert BORINGSSL_PREFIX %+ _lh_CRYPTO_BUFFER_insert +%xdefine lh_CRYPTO_BUFFER_new BORINGSSL_PREFIX %+ _lh_CRYPTO_BUFFER_new +%xdefine lh_CRYPTO_BUFFER_num_items BORINGSSL_PREFIX %+ _lh_CRYPTO_BUFFER_num_items +%xdefine lh_CRYPTO_BUFFER_retrieve BORINGSSL_PREFIX %+ _lh_CRYPTO_BUFFER_retrieve %xdefine md5_block_asm_data_order BORINGSSL_PREFIX %+ _md5_block_asm_data_order %xdefine o2i_ECPublicKey BORINGSSL_PREFIX %+ _o2i_ECPublicKey %xdefine pkcs12_iterations_acceptable BORINGSSL_PREFIX %+ _pkcs12_iterations_acceptable @@ -5935,20 +6369,224 @@ %xdefine rsaz_1024_red2norm_avx2 BORINGSSL_PREFIX %+ _rsaz_1024_red2norm_avx2 %xdefine rsaz_1024_scatter5_avx2 BORINGSSL_PREFIX %+ _rsaz_1024_scatter5_avx2 %xdefine rsaz_1024_sqr_avx2 BORINGSSL_PREFIX %+ _rsaz_1024_sqr_avx2 +%xdefine rsaz_avx2_preferred BORINGSSL_PREFIX %+ _rsaz_avx2_preferred %xdefine s2i_ASN1_INTEGER BORINGSSL_PREFIX %+ _s2i_ASN1_INTEGER %xdefine s2i_ASN1_OCTET_STRING BORINGSSL_PREFIX %+ _s2i_ASN1_OCTET_STRING +%xdefine sha1_avx2_capable BORINGSSL_PREFIX %+ _sha1_avx2_capable +%xdefine sha1_avx_capable BORINGSSL_PREFIX %+ _sha1_avx_capable %xdefine sha1_block_data_order_avx BORINGSSL_PREFIX %+ _sha1_block_data_order_avx %xdefine sha1_block_data_order_avx2 BORINGSSL_PREFIX %+ _sha1_block_data_order_avx2 %xdefine sha1_block_data_order_hw BORINGSSL_PREFIX %+ _sha1_block_data_order_hw %xdefine sha1_block_data_order_nohw BORINGSSL_PREFIX %+ _sha1_block_data_order_nohw %xdefine sha1_block_data_order_ssse3 BORINGSSL_PREFIX %+ _sha1_block_data_order_ssse3 +%xdefine sha1_hw_capable BORINGSSL_PREFIX %+ _sha1_hw_capable +%xdefine sha1_ssse3_capable BORINGSSL_PREFIX %+ _sha1_ssse3_capable +%xdefine sha256_avx_capable BORINGSSL_PREFIX %+ _sha256_avx_capable %xdefine sha256_block_data_order_avx BORINGSSL_PREFIX %+ _sha256_block_data_order_avx %xdefine sha256_block_data_order_hw BORINGSSL_PREFIX %+ _sha256_block_data_order_hw %xdefine sha256_block_data_order_nohw BORINGSSL_PREFIX %+ _sha256_block_data_order_nohw %xdefine sha256_block_data_order_ssse3 BORINGSSL_PREFIX %+ _sha256_block_data_order_ssse3 +%xdefine sha256_hw_capable BORINGSSL_PREFIX %+ _sha256_hw_capable +%xdefine sha256_ssse3_capable BORINGSSL_PREFIX %+ _sha256_ssse3_capable +%xdefine sha512_avx_capable BORINGSSL_PREFIX %+ _sha512_avx_capable %xdefine sha512_block_data_order_avx BORINGSSL_PREFIX %+ _sha512_block_data_order_avx %xdefine sha512_block_data_order_hw BORINGSSL_PREFIX %+ _sha512_block_data_order_hw %xdefine sha512_block_data_order_nohw BORINGSSL_PREFIX %+ _sha512_block_data_order_nohw +%xdefine sha512_hw_capable BORINGSSL_PREFIX %+ _sha512_hw_capable +%xdefine sk_ACCESS_DESCRIPTION_call_free_func BORINGSSL_PREFIX %+ _sk_ACCESS_DESCRIPTION_call_free_func +%xdefine sk_ACCESS_DESCRIPTION_new_null BORINGSSL_PREFIX %+ _sk_ACCESS_DESCRIPTION_new_null +%xdefine sk_ACCESS_DESCRIPTION_num BORINGSSL_PREFIX %+ _sk_ACCESS_DESCRIPTION_num +%xdefine sk_ACCESS_DESCRIPTION_pop_free BORINGSSL_PREFIX %+ _sk_ACCESS_DESCRIPTION_pop_free +%xdefine sk_ACCESS_DESCRIPTION_push BORINGSSL_PREFIX %+ _sk_ACCESS_DESCRIPTION_push +%xdefine sk_ACCESS_DESCRIPTION_value BORINGSSL_PREFIX %+ _sk_ACCESS_DESCRIPTION_value +%xdefine sk_ASN1_INTEGER_num BORINGSSL_PREFIX %+ _sk_ASN1_INTEGER_num +%xdefine sk_ASN1_INTEGER_push BORINGSSL_PREFIX %+ _sk_ASN1_INTEGER_push +%xdefine sk_ASN1_INTEGER_value BORINGSSL_PREFIX %+ _sk_ASN1_INTEGER_value +%xdefine sk_ASN1_OBJECT_call_cmp_func BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_call_cmp_func +%xdefine sk_ASN1_OBJECT_call_copy_func BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_call_copy_func +%xdefine sk_ASN1_OBJECT_call_free_func BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_call_free_func +%xdefine sk_ASN1_OBJECT_deep_copy BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_deep_copy +%xdefine sk_ASN1_OBJECT_dup BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_dup +%xdefine sk_ASN1_OBJECT_find BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_find +%xdefine sk_ASN1_OBJECT_free BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_free +%xdefine sk_ASN1_OBJECT_is_sorted BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_is_sorted +%xdefine sk_ASN1_OBJECT_new_null BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_new_null +%xdefine sk_ASN1_OBJECT_num BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_num +%xdefine sk_ASN1_OBJECT_pop_free BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_pop_free +%xdefine sk_ASN1_OBJECT_push BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_push +%xdefine sk_ASN1_OBJECT_set_cmp_func BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_set_cmp_func +%xdefine sk_ASN1_OBJECT_sort BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_sort +%xdefine sk_ASN1_OBJECT_value BORINGSSL_PREFIX %+ _sk_ASN1_OBJECT_value +%xdefine sk_ASN1_TYPE_num BORINGSSL_PREFIX %+ _sk_ASN1_TYPE_num +%xdefine sk_ASN1_TYPE_push BORINGSSL_PREFIX %+ _sk_ASN1_TYPE_push +%xdefine sk_ASN1_TYPE_value BORINGSSL_PREFIX %+ _sk_ASN1_TYPE_value +%xdefine sk_ASN1_VALUE_free BORINGSSL_PREFIX %+ _sk_ASN1_VALUE_free +%xdefine sk_ASN1_VALUE_new_null BORINGSSL_PREFIX %+ _sk_ASN1_VALUE_new_null +%xdefine sk_ASN1_VALUE_num BORINGSSL_PREFIX %+ _sk_ASN1_VALUE_num +%xdefine sk_ASN1_VALUE_pop BORINGSSL_PREFIX %+ _sk_ASN1_VALUE_pop +%xdefine sk_ASN1_VALUE_push BORINGSSL_PREFIX %+ _sk_ASN1_VALUE_push +%xdefine sk_ASN1_VALUE_value BORINGSSL_PREFIX %+ _sk_ASN1_VALUE_value +%xdefine sk_CONF_VALUE_call_free_func BORINGSSL_PREFIX %+ _sk_CONF_VALUE_call_free_func +%xdefine sk_CONF_VALUE_delete_ptr BORINGSSL_PREFIX %+ _sk_CONF_VALUE_delete_ptr +%xdefine sk_CONF_VALUE_free BORINGSSL_PREFIX %+ _sk_CONF_VALUE_free +%xdefine sk_CONF_VALUE_new_null BORINGSSL_PREFIX %+ _sk_CONF_VALUE_new_null +%xdefine sk_CONF_VALUE_num BORINGSSL_PREFIX %+ _sk_CONF_VALUE_num +%xdefine sk_CONF_VALUE_pop BORINGSSL_PREFIX %+ _sk_CONF_VALUE_pop +%xdefine sk_CONF_VALUE_pop_free BORINGSSL_PREFIX %+ _sk_CONF_VALUE_pop_free +%xdefine sk_CONF_VALUE_push BORINGSSL_PREFIX %+ _sk_CONF_VALUE_push +%xdefine sk_CONF_VALUE_value BORINGSSL_PREFIX %+ _sk_CONF_VALUE_value +%xdefine sk_CRYPTO_BUFFER_call_free_func BORINGSSL_PREFIX %+ _sk_CRYPTO_BUFFER_call_free_func +%xdefine sk_CRYPTO_BUFFER_new_null BORINGSSL_PREFIX %+ _sk_CRYPTO_BUFFER_new_null +%xdefine sk_CRYPTO_BUFFER_num BORINGSSL_PREFIX %+ _sk_CRYPTO_BUFFER_num +%xdefine sk_CRYPTO_BUFFER_pop BORINGSSL_PREFIX %+ _sk_CRYPTO_BUFFER_pop +%xdefine sk_CRYPTO_BUFFER_pop_free BORINGSSL_PREFIX %+ _sk_CRYPTO_BUFFER_pop_free +%xdefine sk_CRYPTO_BUFFER_push BORINGSSL_PREFIX %+ _sk_CRYPTO_BUFFER_push +%xdefine sk_CRYPTO_BUFFER_value BORINGSSL_PREFIX %+ _sk_CRYPTO_BUFFER_value +%xdefine sk_DIST_POINT_call_free_func BORINGSSL_PREFIX %+ _sk_DIST_POINT_call_free_func +%xdefine sk_DIST_POINT_new_null BORINGSSL_PREFIX %+ _sk_DIST_POINT_new_null +%xdefine sk_DIST_POINT_num BORINGSSL_PREFIX %+ _sk_DIST_POINT_num +%xdefine sk_DIST_POINT_pop_free BORINGSSL_PREFIX %+ _sk_DIST_POINT_pop_free +%xdefine sk_DIST_POINT_push BORINGSSL_PREFIX %+ _sk_DIST_POINT_push +%xdefine sk_DIST_POINT_value BORINGSSL_PREFIX %+ _sk_DIST_POINT_value +%xdefine sk_GENERAL_NAME_call_free_func BORINGSSL_PREFIX %+ _sk_GENERAL_NAME_call_free_func +%xdefine sk_GENERAL_NAME_new_null BORINGSSL_PREFIX %+ _sk_GENERAL_NAME_new_null +%xdefine sk_GENERAL_NAME_num BORINGSSL_PREFIX %+ _sk_GENERAL_NAME_num +%xdefine sk_GENERAL_NAME_pop_free BORINGSSL_PREFIX %+ _sk_GENERAL_NAME_pop_free +%xdefine sk_GENERAL_NAME_push BORINGSSL_PREFIX %+ _sk_GENERAL_NAME_push +%xdefine sk_GENERAL_NAME_set BORINGSSL_PREFIX %+ _sk_GENERAL_NAME_set +%xdefine sk_GENERAL_NAME_value BORINGSSL_PREFIX %+ _sk_GENERAL_NAME_value +%xdefine sk_GENERAL_SUBTREE_new_null BORINGSSL_PREFIX %+ _sk_GENERAL_SUBTREE_new_null +%xdefine sk_GENERAL_SUBTREE_num BORINGSSL_PREFIX %+ _sk_GENERAL_SUBTREE_num +%xdefine sk_GENERAL_SUBTREE_push BORINGSSL_PREFIX %+ _sk_GENERAL_SUBTREE_push +%xdefine sk_GENERAL_SUBTREE_value BORINGSSL_PREFIX %+ _sk_GENERAL_SUBTREE_value +%xdefine sk_OPENSSL_STRING_call_cmp_func BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_call_cmp_func +%xdefine sk_OPENSSL_STRING_call_copy_func BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_call_copy_func +%xdefine sk_OPENSSL_STRING_call_free_func BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_call_free_func +%xdefine sk_OPENSSL_STRING_deep_copy BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_deep_copy +%xdefine sk_OPENSSL_STRING_find BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_find +%xdefine sk_OPENSSL_STRING_free BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_free +%xdefine sk_OPENSSL_STRING_new BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_new +%xdefine sk_OPENSSL_STRING_new_null BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_new_null +%xdefine sk_OPENSSL_STRING_num BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_num +%xdefine sk_OPENSSL_STRING_pop_free BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_pop_free +%xdefine sk_OPENSSL_STRING_push BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_push +%xdefine sk_OPENSSL_STRING_sort BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_sort +%xdefine sk_OPENSSL_STRING_value BORINGSSL_PREFIX %+ _sk_OPENSSL_STRING_value +%xdefine sk_POLICYINFO_call_cmp_func BORINGSSL_PREFIX %+ _sk_POLICYINFO_call_cmp_func +%xdefine sk_POLICYINFO_call_free_func BORINGSSL_PREFIX %+ _sk_POLICYINFO_call_free_func +%xdefine sk_POLICYINFO_find BORINGSSL_PREFIX %+ _sk_POLICYINFO_find +%xdefine sk_POLICYINFO_is_sorted BORINGSSL_PREFIX %+ _sk_POLICYINFO_is_sorted +%xdefine sk_POLICYINFO_new_null BORINGSSL_PREFIX %+ _sk_POLICYINFO_new_null +%xdefine sk_POLICYINFO_num BORINGSSL_PREFIX %+ _sk_POLICYINFO_num +%xdefine sk_POLICYINFO_pop_free BORINGSSL_PREFIX %+ _sk_POLICYINFO_pop_free +%xdefine sk_POLICYINFO_push BORINGSSL_PREFIX %+ _sk_POLICYINFO_push +%xdefine sk_POLICYINFO_set_cmp_func BORINGSSL_PREFIX %+ _sk_POLICYINFO_set_cmp_func +%xdefine sk_POLICYINFO_sort BORINGSSL_PREFIX %+ _sk_POLICYINFO_sort +%xdefine sk_POLICYINFO_value BORINGSSL_PREFIX %+ _sk_POLICYINFO_value +%xdefine sk_POLICYQUALINFO_new_null BORINGSSL_PREFIX %+ _sk_POLICYQUALINFO_new_null +%xdefine sk_POLICYQUALINFO_num BORINGSSL_PREFIX %+ _sk_POLICYQUALINFO_num +%xdefine sk_POLICYQUALINFO_push BORINGSSL_PREFIX %+ _sk_POLICYQUALINFO_push +%xdefine sk_POLICYQUALINFO_value BORINGSSL_PREFIX %+ _sk_POLICYQUALINFO_value +%xdefine sk_POLICY_MAPPING_call_cmp_func BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_call_cmp_func +%xdefine sk_POLICY_MAPPING_call_free_func BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_call_free_func +%xdefine sk_POLICY_MAPPING_find BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_find +%xdefine sk_POLICY_MAPPING_is_sorted BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_is_sorted +%xdefine sk_POLICY_MAPPING_new_null BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_new_null +%xdefine sk_POLICY_MAPPING_num BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_num +%xdefine sk_POLICY_MAPPING_pop_free BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_pop_free +%xdefine sk_POLICY_MAPPING_push BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_push +%xdefine sk_POLICY_MAPPING_set_cmp_func BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_set_cmp_func +%xdefine sk_POLICY_MAPPING_sort BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_sort +%xdefine sk_POLICY_MAPPING_value BORINGSSL_PREFIX %+ _sk_POLICY_MAPPING_value +%xdefine sk_TRUST_TOKEN_PRETOKEN_call_free_func BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_PRETOKEN_call_free_func +%xdefine sk_TRUST_TOKEN_PRETOKEN_new_null BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_PRETOKEN_new_null +%xdefine sk_TRUST_TOKEN_PRETOKEN_num BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_PRETOKEN_num +%xdefine sk_TRUST_TOKEN_PRETOKEN_pop_free BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_PRETOKEN_pop_free +%xdefine sk_TRUST_TOKEN_PRETOKEN_push BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_PRETOKEN_push +%xdefine sk_TRUST_TOKEN_PRETOKEN_value BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_PRETOKEN_value +%xdefine sk_TRUST_TOKEN_call_free_func BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_call_free_func +%xdefine sk_TRUST_TOKEN_new_null BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_new_null +%xdefine sk_TRUST_TOKEN_pop_free BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_pop_free +%xdefine sk_TRUST_TOKEN_push BORINGSSL_PREFIX %+ _sk_TRUST_TOKEN_push +%xdefine sk_X509_ATTRIBUTE_delete BORINGSSL_PREFIX %+ _sk_X509_ATTRIBUTE_delete +%xdefine sk_X509_ATTRIBUTE_new_null BORINGSSL_PREFIX %+ _sk_X509_ATTRIBUTE_new_null +%xdefine sk_X509_ATTRIBUTE_num BORINGSSL_PREFIX %+ _sk_X509_ATTRIBUTE_num +%xdefine sk_X509_ATTRIBUTE_push BORINGSSL_PREFIX %+ _sk_X509_ATTRIBUTE_push +%xdefine sk_X509_ATTRIBUTE_value BORINGSSL_PREFIX %+ _sk_X509_ATTRIBUTE_value +%xdefine sk_X509_CRL_call_free_func BORINGSSL_PREFIX %+ _sk_X509_CRL_call_free_func +%xdefine sk_X509_CRL_free BORINGSSL_PREFIX %+ _sk_X509_CRL_free +%xdefine sk_X509_CRL_new_null BORINGSSL_PREFIX %+ _sk_X509_CRL_new_null +%xdefine sk_X509_CRL_num BORINGSSL_PREFIX %+ _sk_X509_CRL_num +%xdefine sk_X509_CRL_pop BORINGSSL_PREFIX %+ _sk_X509_CRL_pop +%xdefine sk_X509_CRL_pop_free BORINGSSL_PREFIX %+ _sk_X509_CRL_pop_free +%xdefine sk_X509_CRL_push BORINGSSL_PREFIX %+ _sk_X509_CRL_push +%xdefine sk_X509_CRL_value BORINGSSL_PREFIX %+ _sk_X509_CRL_value +%xdefine sk_X509_EXTENSION_call_free_func BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_call_free_func +%xdefine sk_X509_EXTENSION_delete BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_delete +%xdefine sk_X509_EXTENSION_free BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_free +%xdefine sk_X509_EXTENSION_insert BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_insert +%xdefine sk_X509_EXTENSION_new_null BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_new_null +%xdefine sk_X509_EXTENSION_num BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_num +%xdefine sk_X509_EXTENSION_pop_free BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_pop_free +%xdefine sk_X509_EXTENSION_push BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_push +%xdefine sk_X509_EXTENSION_set BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_set +%xdefine sk_X509_EXTENSION_value BORINGSSL_PREFIX %+ _sk_X509_EXTENSION_value +%xdefine sk_X509_INFO_call_free_func BORINGSSL_PREFIX %+ _sk_X509_INFO_call_free_func +%xdefine sk_X509_INFO_free BORINGSSL_PREFIX %+ _sk_X509_INFO_free +%xdefine sk_X509_INFO_new_null BORINGSSL_PREFIX %+ _sk_X509_INFO_new_null +%xdefine sk_X509_INFO_num BORINGSSL_PREFIX %+ _sk_X509_INFO_num +%xdefine sk_X509_INFO_pop BORINGSSL_PREFIX %+ _sk_X509_INFO_pop +%xdefine sk_X509_INFO_pop_free BORINGSSL_PREFIX %+ _sk_X509_INFO_pop_free +%xdefine sk_X509_INFO_push BORINGSSL_PREFIX %+ _sk_X509_INFO_push +%xdefine sk_X509_INFO_value BORINGSSL_PREFIX %+ _sk_X509_INFO_value +%xdefine sk_X509_LOOKUP_call_free_func BORINGSSL_PREFIX %+ _sk_X509_LOOKUP_call_free_func +%xdefine sk_X509_LOOKUP_new_null BORINGSSL_PREFIX %+ _sk_X509_LOOKUP_new_null +%xdefine sk_X509_LOOKUP_num BORINGSSL_PREFIX %+ _sk_X509_LOOKUP_num +%xdefine sk_X509_LOOKUP_pop_free BORINGSSL_PREFIX %+ _sk_X509_LOOKUP_pop_free +%xdefine sk_X509_LOOKUP_push BORINGSSL_PREFIX %+ _sk_X509_LOOKUP_push +%xdefine sk_X509_LOOKUP_value BORINGSSL_PREFIX %+ _sk_X509_LOOKUP_value +%xdefine sk_X509_NAME_ENTRY_call_free_func BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_call_free_func +%xdefine sk_X509_NAME_ENTRY_delete BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_delete +%xdefine sk_X509_NAME_ENTRY_free BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_free +%xdefine sk_X509_NAME_ENTRY_insert BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_insert +%xdefine sk_X509_NAME_ENTRY_new_null BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_new_null +%xdefine sk_X509_NAME_ENTRY_num BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_num +%xdefine sk_X509_NAME_ENTRY_pop_free BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_pop_free +%xdefine sk_X509_NAME_ENTRY_push BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_push +%xdefine sk_X509_NAME_ENTRY_set BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_set +%xdefine sk_X509_NAME_ENTRY_value BORINGSSL_PREFIX %+ _sk_X509_NAME_ENTRY_value +%xdefine sk_X509_OBJECT_call_cmp_func BORINGSSL_PREFIX %+ _sk_X509_OBJECT_call_cmp_func +%xdefine sk_X509_OBJECT_call_copy_func BORINGSSL_PREFIX %+ _sk_X509_OBJECT_call_copy_func +%xdefine sk_X509_OBJECT_call_free_func BORINGSSL_PREFIX %+ _sk_X509_OBJECT_call_free_func +%xdefine sk_X509_OBJECT_deep_copy BORINGSSL_PREFIX %+ _sk_X509_OBJECT_deep_copy +%xdefine sk_X509_OBJECT_find BORINGSSL_PREFIX %+ _sk_X509_OBJECT_find +%xdefine sk_X509_OBJECT_new BORINGSSL_PREFIX %+ _sk_X509_OBJECT_new +%xdefine sk_X509_OBJECT_num BORINGSSL_PREFIX %+ _sk_X509_OBJECT_num +%xdefine sk_X509_OBJECT_pop_free BORINGSSL_PREFIX %+ _sk_X509_OBJECT_pop_free +%xdefine sk_X509_OBJECT_push BORINGSSL_PREFIX %+ _sk_X509_OBJECT_push +%xdefine sk_X509_OBJECT_sort BORINGSSL_PREFIX %+ _sk_X509_OBJECT_sort +%xdefine sk_X509_OBJECT_value BORINGSSL_PREFIX %+ _sk_X509_OBJECT_value +%xdefine sk_X509_REVOKED_call_cmp_func BORINGSSL_PREFIX %+ _sk_X509_REVOKED_call_cmp_func +%xdefine sk_X509_REVOKED_find BORINGSSL_PREFIX %+ _sk_X509_REVOKED_find +%xdefine sk_X509_REVOKED_is_sorted BORINGSSL_PREFIX %+ _sk_X509_REVOKED_is_sorted +%xdefine sk_X509_REVOKED_new BORINGSSL_PREFIX %+ _sk_X509_REVOKED_new +%xdefine sk_X509_REVOKED_num BORINGSSL_PREFIX %+ _sk_X509_REVOKED_num +%xdefine sk_X509_REVOKED_push BORINGSSL_PREFIX %+ _sk_X509_REVOKED_push +%xdefine sk_X509_REVOKED_set_cmp_func BORINGSSL_PREFIX %+ _sk_X509_REVOKED_set_cmp_func +%xdefine sk_X509_REVOKED_sort BORINGSSL_PREFIX %+ _sk_X509_REVOKED_sort +%xdefine sk_X509_REVOKED_value BORINGSSL_PREFIX %+ _sk_X509_REVOKED_value +%xdefine sk_X509_call_free_func BORINGSSL_PREFIX %+ _sk_X509_call_free_func +%xdefine sk_X509_delete BORINGSSL_PREFIX %+ _sk_X509_delete +%xdefine sk_X509_delete_ptr BORINGSSL_PREFIX %+ _sk_X509_delete_ptr +%xdefine sk_X509_dup BORINGSSL_PREFIX %+ _sk_X509_dup +%xdefine sk_X509_free BORINGSSL_PREFIX %+ _sk_X509_free +%xdefine sk_X509_new_null BORINGSSL_PREFIX %+ _sk_X509_new_null +%xdefine sk_X509_num BORINGSSL_PREFIX %+ _sk_X509_num +%xdefine sk_X509_pop BORINGSSL_PREFIX %+ _sk_X509_pop +%xdefine sk_X509_pop_free BORINGSSL_PREFIX %+ _sk_X509_pop_free +%xdefine sk_X509_push BORINGSSL_PREFIX %+ _sk_X509_push +%xdefine sk_X509_set BORINGSSL_PREFIX %+ _sk_X509_set +%xdefine sk_X509_value BORINGSSL_PREFIX %+ _sk_X509_value %xdefine sk_free BORINGSSL_PREFIX %+ _sk_free %xdefine sk_new_null BORINGSSL_PREFIX %+ _sk_new_null %xdefine sk_num BORINGSSL_PREFIX %+ _sk_num @@ -5957,12 +6595,28 @@ %xdefine sk_pop_free_ex BORINGSSL_PREFIX %+ _sk_pop_free_ex %xdefine sk_push BORINGSSL_PREFIX %+ _sk_push %xdefine sk_value BORINGSSL_PREFIX %+ _sk_value +%xdefine sk_void_free BORINGSSL_PREFIX %+ _sk_void_free +%xdefine sk_void_new_null BORINGSSL_PREFIX %+ _sk_void_new_null +%xdefine sk_void_num BORINGSSL_PREFIX %+ _sk_void_num +%xdefine sk_void_push BORINGSSL_PREFIX %+ _sk_void_push +%xdefine sk_void_set BORINGSSL_PREFIX %+ _sk_void_set +%xdefine sk_void_value BORINGSSL_PREFIX %+ _sk_void_value +%xdefine slhdsa_copy_keypair_addr BORINGSSL_PREFIX %+ _slhdsa_copy_keypair_addr %xdefine slhdsa_fors_pk_from_sig BORINGSSL_PREFIX %+ _slhdsa_fors_pk_from_sig %xdefine slhdsa_fors_sign BORINGSSL_PREFIX %+ _slhdsa_fors_sign %xdefine slhdsa_fors_sk_gen BORINGSSL_PREFIX %+ _slhdsa_fors_sk_gen %xdefine slhdsa_fors_treehash BORINGSSL_PREFIX %+ _slhdsa_fors_treehash +%xdefine slhdsa_get_tree_index BORINGSSL_PREFIX %+ _slhdsa_get_tree_index %xdefine slhdsa_ht_sign BORINGSSL_PREFIX %+ _slhdsa_ht_sign %xdefine slhdsa_ht_verify BORINGSSL_PREFIX %+ _slhdsa_ht_verify +%xdefine slhdsa_set_chain_addr BORINGSSL_PREFIX %+ _slhdsa_set_chain_addr +%xdefine slhdsa_set_hash_addr BORINGSSL_PREFIX %+ _slhdsa_set_hash_addr +%xdefine slhdsa_set_keypair_addr BORINGSSL_PREFIX %+ _slhdsa_set_keypair_addr +%xdefine slhdsa_set_layer_addr BORINGSSL_PREFIX %+ _slhdsa_set_layer_addr +%xdefine slhdsa_set_tree_addr BORINGSSL_PREFIX %+ _slhdsa_set_tree_addr +%xdefine slhdsa_set_tree_height BORINGSSL_PREFIX %+ _slhdsa_set_tree_height +%xdefine slhdsa_set_tree_index BORINGSSL_PREFIX %+ _slhdsa_set_tree_index +%xdefine slhdsa_set_type BORINGSSL_PREFIX %+ _slhdsa_set_type %xdefine slhdsa_thash_f BORINGSSL_PREFIX %+ _slhdsa_thash_f %xdefine slhdsa_thash_h BORINGSSL_PREFIX %+ _slhdsa_thash_h %xdefine slhdsa_thash_hmsg BORINGSSL_PREFIX %+ _slhdsa_thash_hmsg @@ -6053,9 +6707,11 @@ %xdefine voprf_pst1_sign BORINGSSL_PREFIX %+ _voprf_pst1_sign %xdefine voprf_pst1_sign_with_proof_scalar_for_testing BORINGSSL_PREFIX %+ _voprf_pst1_sign_with_proof_scalar_for_testing %xdefine voprf_pst1_unblind BORINGSSL_PREFIX %+ _voprf_pst1_unblind +%xdefine vpaes_capable BORINGSSL_PREFIX %+ _vpaes_capable %xdefine vpaes_cbc_encrypt BORINGSSL_PREFIX %+ _vpaes_cbc_encrypt %xdefine vpaes_ctr32_encrypt_blocks BORINGSSL_PREFIX %+ _vpaes_ctr32_encrypt_blocks %xdefine vpaes_decrypt BORINGSSL_PREFIX %+ _vpaes_decrypt +%xdefine vpaes_decrypt_key_to_bsaes BORINGSSL_PREFIX %+ _vpaes_decrypt_key_to_bsaes %xdefine vpaes_encrypt BORINGSSL_PREFIX %+ _vpaes_encrypt %xdefine vpaes_set_decrypt_key BORINGSSL_PREFIX %+ _vpaes_set_decrypt_key %xdefine vpaes_set_encrypt_key BORINGSSL_PREFIX %+ _vpaes_set_encrypt_key diff --git a/Sources/CCryptoBoringSSL/third_party/fiat/curve25519_32.h b/Sources/CCryptoBoringSSL/third_party/fiat/curve25519_32.h index cb83c606..45dd682d 100644 --- a/Sources/CCryptoBoringSSL/third_party/fiat/curve25519_32.h +++ b/Sources/CCryptoBoringSSL/third_party/fiat/curve25519_32.h @@ -928,6 +928,8 @@ static FIAT_25519_FIAT_INLINE void fiat_25519_opp(fiat_25519_loose_field_element out1[9] = x10; } +/* Not used in BoringSSL. */ +#if 0 /* * The function fiat_25519_selectznz is a multi-limb conditional select. * @@ -973,6 +975,7 @@ static FIAT_25519_FIAT_INLINE void fiat_25519_selectznz(uint32_t out1[10], fiat_ out1[8] = x9; out1[9] = x10; } +#endif /* * The function fiat_25519_to_bytes serializes a field element to bytes in little-endian order. @@ -1410,6 +1413,8 @@ static FIAT_25519_FIAT_INLINE void fiat_25519_from_bytes(fiat_25519_tight_field_ out1[9] = x78; } +/* Not used in BoringSSL. */ +#if 0 /* * The function fiat_25519_relax is the identity function converting from tight field elements to loose field elements. * @@ -1449,6 +1454,7 @@ static FIAT_25519_FIAT_INLINE void fiat_25519_relax(fiat_25519_loose_field_eleme out1[8] = x9; out1[9] = x10; } +#endif /* * The function fiat_25519_carry_scmul_121666 multiplies a field element by 121666 and reduces the result. diff --git a/Sources/CCryptoBoringSSL/third_party/fiat/curve25519_64.h b/Sources/CCryptoBoringSSL/third_party/fiat/curve25519_64.h index faed049d..ea5b78fd 100644 --- a/Sources/CCryptoBoringSSL/third_party/fiat/curve25519_64.h +++ b/Sources/CCryptoBoringSSL/third_party/fiat/curve25519_64.h @@ -471,6 +471,8 @@ static FIAT_25519_FIAT_INLINE void fiat_25519_opp(fiat_25519_loose_field_element out1[4] = x5; } +/* Not used in BoringSSL. */ +#if 0 /* * The function fiat_25519_selectznz is a multi-limb conditional select. * @@ -501,6 +503,7 @@ static FIAT_25519_FIAT_INLINE void fiat_25519_selectznz(uint64_t out1[5], fiat_2 out1[3] = x4; out1[4] = x5; } +#endif /* * The function fiat_25519_to_bytes serializes a field element to bytes in little-endian order. @@ -877,6 +880,8 @@ static FIAT_25519_FIAT_INLINE void fiat_25519_from_bytes(fiat_25519_tight_field_ out1[4] = x71; } +/* Not used in BoringSSL. */ +#if 0 /* * The function fiat_25519_relax is the identity function converting from tight field elements to loose field elements. * @@ -901,6 +906,7 @@ static FIAT_25519_FIAT_INLINE void fiat_25519_relax(fiat_25519_loose_field_eleme out1[3] = x4; out1[4] = x5; } +#endif /* * The function fiat_25519_carry_scmul_121666 multiplies a field element by 121666 and reduces the result. diff --git a/Sources/CCryptoBoringSSL/third_party/fiat/curve25519_64_adx.h b/Sources/CCryptoBoringSSL/third_party/fiat/curve25519_64_adx.h index 69031302..4d0c93f8 100644 --- a/Sources/CCryptoBoringSSL/third_party/fiat/curve25519_64_adx.h +++ b/Sources/CCryptoBoringSSL/third_party/fiat/curve25519_64_adx.h @@ -611,7 +611,10 @@ static inline void table_select_4(ge_precomp_4 *t, const int pos, uint8_t babs = b - ((bnegative & b) << 1); uint8_t t_bytes[3][32] = { - {constant_time_is_zero_w(b) & 1}, {constant_time_is_zero_w(b) & 1}, {0}}; + {static_cast(constant_time_is_zero_w(b) & 1)}, + {static_cast(constant_time_is_zero_w(b) & 1)}, + {0}, + }; #if defined(__clang__) __asm__("" : "+m" (t_bytes) : /*no inputs*/); #endif diff --git a/Sources/CCryptoBoringSSL/third_party/fiat/p256_32.h b/Sources/CCryptoBoringSSL/third_party/fiat/p256_32.h index 3812d8ce..e1840492 100644 --- a/Sources/CCryptoBoringSSL/third_party/fiat/p256_32.h +++ b/Sources/CCryptoBoringSSL/third_party/fiat/p256_32.h @@ -23,7 +23,7 @@ typedef signed char fiat_p256_int1; #if defined(__GNUC__) || defined(__clang__) # define FIAT_P256_FIAT_INLINE __inline__ #else -# define FIAT_P256_FIAT_INLINE +# define FIAT_P256_FIAT_INLINE inline #endif /* The type fiat_p256_montgomery_domain_field_element is a field element in the Montgomery domain. */ diff --git a/Sources/CCryptoBoringSSL/third_party/fiat/p256_64.h b/Sources/CCryptoBoringSSL/third_party/fiat/p256_64.h index 9b1d10ff..0aaac28c 100644 --- a/Sources/CCryptoBoringSSL/third_party/fiat/p256_64.h +++ b/Sources/CCryptoBoringSSL/third_party/fiat/p256_64.h @@ -1,8 +1,11 @@ #include #include "../../crypto/internal.h" + #if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) && defined(__x86_64__) +extern "C" { void fiat_p256_adx_mul(uint64_t*, const uint64_t*, const uint64_t*); void fiat_p256_adx_sqr(uint64_t*, const uint64_t*); +} #endif /* Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --inline --static --use-value-barrier p256 64 '2^256 - 2^224 + 2^192 + 2^96 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp */ diff --git a/Sources/_CryptoExtras/CMakeLists.txt b/Sources/_CryptoExtras/CMakeLists.txt index 1229d508..9c578708 100644 --- a/Sources/_CryptoExtras/CMakeLists.txt +++ b/Sources/_CryptoExtras/CMakeLists.txt @@ -13,6 +13,14 @@ ##===----------------------------------------------------------------------===## add_library(_CryptoExtras + "AES/AES_CBC.swift" + "AES/AES_CFB.swift" + "AES/AES_CTR.swift" + "AES/AES_GCM_SIV.swift" + "AES/Block Function.swift" + "AES/BoringSSL/AES_CFB_boring.swift" + "AES/BoringSSL/AES_CTR_boring.swift" + "AES/BoringSSL/AES_GCM_SIV_boring.swift" "ChaCha20CTR/BoringSSL/ChaCha20CTR_boring.swift" "ChaCha20CTR/ChaCha20CTR.swift" "ECToolbox/BoringSSL/ECToolbox_boring.swift" diff --git a/Sources/_CryptoExtras/RSA/RSA_boring.swift b/Sources/_CryptoExtras/RSA/RSA_boring.swift index 8c776145..b0a9ca27 100644 --- a/Sources/_CryptoExtras/RSA/RSA_boring.swift +++ b/Sources/_CryptoExtras/RSA/RSA_boring.swift @@ -804,7 +804,7 @@ extension BoringSSLRSAPrivateKey { messageBufferPtr.count, RSA_NO_PADDING ) == 1 else { - switch ERR_GET_REASON(CCryptoBoringSSL_ERR_peek_last_error()) { + switch CCryptoBoringSSL_ERR_GET_REASON(CCryptoBoringSSL_ERR_peek_last_error()) { case RSA_R_DATA_TOO_LARGE_FOR_MODULUS: throw CryptoKitError(_RSA.BlindSigning.ProtocolError.messageRepresentativeOutOfRange) default: @@ -916,7 +916,7 @@ enum BlindSigningHelpers { parameters.saltLength ) }) == 1 else { - switch ERR_GET_REASON(CCryptoBoringSSL_ERR_peek_last_error()) { + switch CCryptoBoringSSL_ERR_GET_REASON(CCryptoBoringSSL_ERR_peek_last_error()) { case RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE: throw CryptoKitError(_RSA.BlindSigning.ProtocolError.messageTooLong) default: diff --git a/scripts/patch-1-inttypes.patch b/scripts/patch-1-inttypes.patch index e2e68a4d..89797a35 100644 --- a/scripts/patch-1-inttypes.patch +++ b/scripts/patch-1-inttypes.patch @@ -1,7 +1,7 @@ -diff --git a/Sources/CCryptoBoringSSL/crypto/hrss/hrss.c b/Sources/CCryptoBoringSSL/crypto/hrss/hrss.c +diff --git a/Sources/CCryptoBoringSSL/crypto/hrss/hrss.cc b/Sources/CCryptoBoringSSL/crypto/hrss/hrss.cc index 93a214e..eee4e58 100644 ---- a/Sources/CCryptoBoringSSL/crypto/hrss/hrss.c -+++ b/Sources/CCryptoBoringSSL/crypto/hrss/hrss.c +--- a/Sources/CCryptoBoringSSL/crypto/hrss/hrss.cc ++++ b/Sources/CCryptoBoringSSL/crypto/hrss/hrss.cc @@ -13,6 +13,7 @@ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ diff --git a/scripts/patch-2-more-inttypes.patch b/scripts/patch-2-more-inttypes.patch index 7efcf7c6..6222c9dc 100644 --- a/scripts/patch-2-more-inttypes.patch +++ b/scripts/patch-2-more-inttypes.patch @@ -1,7 +1,7 @@ -diff --git a/Sources/CCryptoBoringSSL/crypto/evp/print.c b/Sources/CCryptoBoringSSL/crypto/evp/print.c +diff --git a/Sources/CCryptoBoringSSL/crypto/evp/print.cc b/Sources/CCryptoBoringSSL/crypto/evp/print.cc index 89ceb32..5e6fb2f 100644 ---- a/Sources/CCryptoBoringSSL/crypto/evp/print.c -+++ b/Sources/CCryptoBoringSSL/crypto/evp/print.c +--- a/Sources/CCryptoBoringSSL/crypto/evp/print.cc ++++ b/Sources/CCryptoBoringSSL/crypto/evp/print.cc @@ -50,6 +50,8 @@ * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). */ diff --git a/scripts/update-cmake-lists.sh b/scripts/update-cmake-lists.sh index 46057567..d884239e 100755 --- a/scripts/update-cmake-lists.sh +++ b/scripts/update-cmake-lists.sh @@ -3,7 +3,7 @@ ## ## This source file is part of the SwiftCrypto open source project ## -## Copyright (c) 2021-2023 Apple Inc. and the SwiftCrypto project authors +## Copyright (c) 2021-2024 Apple Inc. and the SwiftCrypto project authors ## Licensed under Apache License v2.0 ## ## See LICENSE.txt for license information @@ -30,7 +30,7 @@ esac function update_cmakelists_source() { src_root="$here/Sources/$1" - src_exts=("*.c" "*.swift") + src_exts=("*.c" "*.swift" "*.cc") num_exts=${#src_exts[@]} echo "Finding source files (" "${src_exts[@]}" ") under $src_root" diff --git a/scripts/vendor-boringssl.sh b/scripts/vendor-boringssl.sh index a3f13fb1..7d187b89 100755 --- a/scripts/vendor-boringssl.sh +++ b/scripts/vendor-boringssl.sh @@ -162,8 +162,8 @@ echo "REMOVING any previously-vendored BoringSSL code" rm -rf $DSTROOT/include rm -rf $DSTROOT/ssl rm -rf $DSTROOT/crypto +rm -rf $DSTROOT/gen rm -rf $DSTROOT/third_party -rm -rf $DSTROOT/err_data.c echo "CLONING boringssl" mkdir -p "$SRCROOT" @@ -193,15 +193,15 @@ PATTERNS=( 'ssl/*.h' 'ssl/*.cc' 'crypto/*.h' -'crypto/*.c' +'crypto/*.cc' 'crypto/*/*.h' -'crypto/*/*.c' +'crypto/*/*.cc' 'crypto/*/*.S' 'crypto/*/*/*.h' -'crypto/*/*/*.c.inc' +'crypto/*/*/*.cc.inc' 'crypto/*/*/*.S' -'crypto/*/*/*/*.c.inc' -'gen/crypto/*.c' +'crypto/*/*/*/*.cc.inc' +'gen/crypto/*.cc' 'gen/crypto/*.S' 'gen/bcm/*.S' 'third_party/fiat/*.h' @@ -213,7 +213,7 @@ EXCLUDES=( '*_test.*' 'test_*.*' 'test' -'example_*.c' +'example_*.cc' ) echo "COPYING boringssl" @@ -267,7 +267,7 @@ echo "RENAMING header files" # Now change the imports from " to "", apply the same prefix to the 'boringssl_prefix_symbols' headers. # shellcheck disable=SC2038 - find . -name "*.[ch]" -or -name "*.cc" -or -name "*.S" -or -name "*.c.inc" | xargs $sed -i -e 's+include