summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdam Langley <agl@google.com>2015-03-24 18:25:20 -0700
committerAdam Langley <agl@google.com>2015-03-24 18:28:00 -0700
commitf40f42df67fffec64967b000e4fdad4b435611a5 (patch)
tree086deea6861fc4705bb472a41a0f3aa62c4c38da
parentb051df5cb1e83aa9ffdfe28406b6d9e33321912a (diff)
downloadexternal_boringssl-f40f42df67fffec64967b000e4fdad4b435611a5.zip
external_boringssl-f40f42df67fffec64967b000e4fdad4b435611a5.tar.gz
external_boringssl-f40f42df67fffec64967b000e4fdad4b435611a5.tar.bz2
Changes to work with OpenSSH and wpa_supplicant.
Change-Id: I19ed78acc67bd0ad8b905ce0ac628b39da8bb161
-rw-r--r--android_compat_hacks.c5
-rw-r--r--android_compat_keywrap.c125
-rw-r--r--sources.mk1
-rw-r--r--src/crypto/cipher/internal.h36
-rw-r--r--src/crypto/crypto.c8
-rw-r--r--src/include/openssl/aes.h12
-rw-r--r--src/include/openssl/cipher.h36
-rw-r--r--src/include/openssl/crypto.h11
-rw-r--r--src/include/openssl/opensslv.h2
-rw-r--r--src/include/openssl/ssl.h4
-rw-r--r--update_gypi_and_asm.py1
11 files changed, 204 insertions, 37 deletions
diff --git a/android_compat_hacks.c b/android_compat_hacks.c
index ac6a344..08377c5 100644
--- a/android_compat_hacks.c
+++ b/android_compat_hacks.c
@@ -73,3 +73,8 @@ int SSL_set_session_ticket_ext_cb(SSL *s, void *cb, void *arg) {
int SSL_set_session_secret_cb(SSL *s, void *cb, void *arg) {
return 0;
}
+
+int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method) {
+ /* This is only called when EAP-FAST is being used, which is not supported. */
+ abort();
+}
diff --git a/android_compat_keywrap.c b/android_compat_keywrap.c
new file mode 100644
index 0000000..9ffe17d
--- /dev/null
+++ b/android_compat_keywrap.c
@@ -0,0 +1,125 @@
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/aes.h>
+#include <openssl/mem.h>
+
+#include <string.h>
+#include <stdlib.h>
+
+static const uint8_t default_iv[] = {
+ 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
+};
+
+int AES_wrap_key(AES_KEY *key, const uint8_t *iv, uint8_t *out,
+ const uint8_t *in, unsigned int inlen) {
+ uint8_t *A, B[16], *R;
+ unsigned int i, j, t;
+ if ((inlen & 0x7) || (inlen < 8)) return -1;
+ A = B;
+ t = 1;
+ memcpy(out + 8, in, inlen);
+ if (!iv) iv = default_iv;
+
+ memcpy(A, iv, 8);
+
+ for (j = 0; j < 6; j++) {
+ R = out + 8;
+ for (i = 0; i < inlen; i += 8, t++, R += 8) {
+ memcpy(B + 8, R, 8);
+ AES_encrypt(B, B, key);
+ A[7] ^= (uint8_t)(t & 0xff);
+ if (t > 0xff) {
+ A[6] ^= (uint8_t)((t >> 8) & 0xff);
+ A[5] ^= (uint8_t)((t >> 16) & 0xff);
+ A[4] ^= (uint8_t)((t >> 24) & 0xff);
+ }
+ memcpy(R, B + 8, 8);
+ }
+ }
+ memcpy(out, A, 8);
+ return inlen + 8;
+}
+
+int AES_unwrap_key(AES_KEY *key, const uint8_t *iv, uint8_t *out,
+ const uint8_t *in, unsigned int inlen) {
+ uint8_t *A, B[16], *R;
+ unsigned int i, j, t;
+ inlen -= 8;
+ if (inlen & 0x7) return -1;
+ if (inlen < 8) return -1;
+ A = B;
+ t = 6 * (inlen >> 3);
+ memcpy(A, in, 8);
+ memcpy(out, in + 8, inlen);
+ for (j = 0; j < 6; j++) {
+ R = out + inlen - 8;
+ for (i = 0; i < inlen; i += 8, t--, R -= 8) {
+ A[7] ^= (uint8_t)(t & 0xff);
+ if (t > 0xff) {
+ A[6] ^= (uint8_t)((t >> 8) & 0xff);
+ A[5] ^= (uint8_t)((t >> 16) & 0xff);
+ A[4] ^= (uint8_t)((t >> 24) & 0xff);
+ }
+ memcpy(B + 8, R, 8);
+ AES_decrypt(B, B, key);
+ memcpy(R, B + 8, 8);
+ }
+ }
+ if (!iv) iv = default_iv;
+ if (memcmp(A, iv, 8)) {
+ OPENSSL_cleanse(out, inlen);
+ return 0;
+ }
+ return inlen;
+}
diff --git a/sources.mk b/sources.mk
index cb0a94b..d16a893 100644
--- a/sources.mk
+++ b/sources.mk
@@ -2,6 +2,7 @@
crypto_sources := \
android_compat_hacks.c\
+ android_compat_keywrap.c\
src/crypto/aes/aes.c\
src/crypto/aes/mode_wrappers.c\
src/crypto/asn1/a_bitstr.c\
diff --git a/src/crypto/cipher/internal.h b/src/crypto/cipher/internal.h
index 2b8fb05..bc1e2de 100644
--- a/src/crypto/cipher/internal.h
+++ b/src/crypto/cipher/internal.h
@@ -66,42 +66,6 @@ extern "C" {
#endif
-struct evp_cipher_st {
- /* type contains a NID identifing the cipher. (For example, NID_rc4.) */
- int nid;
-
- /* block_size contains the block size, in bytes, of the cipher, or 1 for a
- * stream cipher. */
- unsigned block_size;
-
- /* key_len contains the key size, in bytes, for the cipher. If the cipher
- * takes a variable key size then this contains the default size. */
- unsigned key_len;
-
- /* iv_len contains the IV size, in bytes, or zero if inapplicable. */
- unsigned iv_len;
-
- /* ctx_size contains the size, in bytes, of the per-key context for this
- * cipher. */
- unsigned ctx_size;
-
- /* flags contains the OR of a number of flags. See |EVP_CIPH_*|. */
- uint32_t flags;
-
- /* app_data is a pointer to opaque, user data. */
- void *app_data;
-
- int (*init)(EVP_CIPHER_CTX *ctx, const uint8_t *key, const uint8_t *iv,
- int enc);
-
- int (*cipher)(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
- size_t inl);
-
- int (*cleanup)(EVP_CIPHER_CTX *);
-
- int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
-};
-
/* EVP_CIPH_MODE_MASK contains the bits of |flags| that represent the mode. */
#define EVP_CIPH_MODE_MASK 0x3f
diff --git a/src/crypto/crypto.c b/src/crypto/crypto.c
index c463d5e..64e55f4 100644
--- a/src/crypto/crypto.c
+++ b/src/crypto/crypto.c
@@ -102,3 +102,11 @@ void CRYPTO_library_init(void) {
do_library_init();
#endif
}
+
+const char *SSLeay_version(int unused) {
+ return SSLeay();
+}
+
+const char *SSLeay(void) {
+ return "BoringSSL";
+}
diff --git a/src/include/openssl/aes.h b/src/include/openssl/aes.h
index 11d83bb..84cde41 100644
--- a/src/include/openssl/aes.h
+++ b/src/include/openssl/aes.h
@@ -139,6 +139,18 @@ OPENSSL_EXPORT void AES_cfb128_encrypt(const uint8_t *in, uint8_t *out,
uint8_t *ivec, int *num, int enc);
+/* Android compatibility section.
+ *
+ * These functions are declared, temporarily, for Android because
+ * wpa_supplicant will take a little time to sync with upstream. Outside of
+ * Android they'll have no definition. */
+
+OPENSSL_EXPORT int AES_wrap_key(AES_KEY *key, const uint8_t *iv, uint8_t *out,
+ const uint8_t *in, unsigned in_len);
+OPENSSL_EXPORT int AES_unwrap_key(AES_KEY *key, const uint8_t *iv, uint8_t *out,
+ const uint8_t *in, unsigned in_len);
+
+
#if defined(__cplusplus)
} /* extern C */
#endif
diff --git a/src/include/openssl/cipher.h b/src/include/openssl/cipher.h
index 0dfd97b..b614333 100644
--- a/src/include/openssl/cipher.h
+++ b/src/include/openssl/cipher.h
@@ -484,6 +484,42 @@ typedef struct evp_cipher_info_st {
unsigned char iv[EVP_MAX_IV_LENGTH];
} EVP_CIPHER_INFO;
+struct evp_cipher_st {
+ /* type contains a NID identifing the cipher. (For example, NID_rc4.) */
+ int nid;
+
+ /* block_size contains the block size, in bytes, of the cipher, or 1 for a
+ * stream cipher. */
+ unsigned block_size;
+
+ /* key_len contains the key size, in bytes, for the cipher. If the cipher
+ * takes a variable key size then this contains the default size. */
+ unsigned key_len;
+
+ /* iv_len contains the IV size, in bytes, or zero if inapplicable. */
+ unsigned iv_len;
+
+ /* ctx_size contains the size, in bytes, of the per-key context for this
+ * cipher. */
+ unsigned ctx_size;
+
+ /* flags contains the OR of a number of flags. See |EVP_CIPH_*|. */
+ uint32_t flags;
+
+ /* app_data is a pointer to opaque, user data. */
+ void *app_data;
+
+ int (*init)(EVP_CIPHER_CTX *ctx, const uint8_t *key, const uint8_t *iv,
+ int enc);
+
+ int (*cipher)(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
+ size_t inl);
+
+ int (*cleanup)(EVP_CIPHER_CTX *);
+
+ int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+};
+
/* Android compatibility section.
*
diff --git a/src/include/openssl/crypto.h b/src/include/openssl/crypto.h
index 112431e..e58d5f0 100644
--- a/src/include/openssl/crypto.h
+++ b/src/include/openssl/crypto.h
@@ -32,6 +32,17 @@ extern "C" {
* nothing and a static initializer is used instead. */
OPENSSL_EXPORT void CRYPTO_library_init(void);
+#define OPENSSL_VERSION_TEXT "BoringSSL"
+
+#define SSLEAY_VERSION 0
+
+/* SSLeay_version is a compatibility function that returns the string
+ * "BoringSSL". */
+OPENSSL_EXPORT const char *SSLeay_version(int unused);
+
+/* SSLeay is a compatibility function that returns the string "BoringSSL". */
+OPENSSL_EXPORT const char *SSLeay(void);
+
#if defined(__cplusplus)
} /* extern C */
diff --git a/src/include/openssl/opensslv.h b/src/include/openssl/opensslv.h
index c2b3fe7..a3555d4 100644
--- a/src/include/openssl/opensslv.h
+++ b/src/include/openssl/opensslv.h
@@ -15,4 +15,4 @@
/* This header is provided in order to make compiling against code that expects
OpenSSL easier. */
-#include "base.h"
+#include "crypto.h"
diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h
index 649e38f..eb8cad0 100644
--- a/src/include/openssl/ssl.h
+++ b/src/include/openssl/ssl.h
@@ -155,6 +155,9 @@
/* Some code expected to get the threading functions by including ssl.h. */
#include <openssl/thread.h>
+/* wpa_supplicant expects to get the version functions from ssl.h */
+#include <openssl/crypto.h>
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -2192,6 +2195,7 @@ OPENSSL_EXPORT int SSL_set_session_ticket_ext(SSL *s, void *ext_data,
int ext_len);
OPENSSL_EXPORT int SSL_set_session_secret_cb(SSL *s, void *cb, void *arg);
OPENSSL_EXPORT int SSL_set_session_ticket_ext_cb(SSL *s, void *cb, void *arg);
+OPENSSL_EXPORT int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
#ifdef __cplusplus
diff --git a/update_gypi_and_asm.py b/update_gypi_and_asm.py
index 6ac8383..349a7e7 100644
--- a/update_gypi_and_asm.py
+++ b/update_gypi_and_asm.py
@@ -187,6 +187,7 @@ def main():
tool_cc_files = FindCFiles(os.path.join('src', 'tool'), NoTests)
crypto_c_files.append('android_compat_hacks.c')
+ crypto_c_files.append('android_compat_keywrap.c')
with open('sources.mk', 'w+') as makefile:
makefile.write(FILE_HEADER)