external/boringssl: Sync to 689019fe40d5ad94df46ffeebcd794ff359a7074.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/67e64342c1aa0b31b0b5c11e5ee21c481ce530e8..689019fe40d5ad94df46ffeebcd794ff359a7074
Test: BoringSSL CTS Presubmits
Change-Id: Ib675c5478b0e45270e31248d1dadc5f4841da990
diff --git a/src/include/openssl/aead.h b/src/include/openssl/aead.h
index af31554..f19344e 100644
--- a/src/include/openssl/aead.h
+++ b/src/include/openssl/aead.h
@@ -425,7 +425,7 @@
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
using ScopedEVP_AEAD_CTX =
internal::StackAllocated<EVP_AEAD_CTX, void, EVP_AEAD_CTX_zero,
@@ -433,7 +433,7 @@
BORINGSSL_MAKE_DELETER(EVP_AEAD_CTX, EVP_AEAD_CTX_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
#endif
diff --git a/src/include/openssl/asn1.h b/src/include/openssl/asn1.h
index f7b6b86..46e5f53 100644
--- a/src/include/openssl/asn1.h
+++ b/src/include/openssl/asn1.h
@@ -875,13 +875,13 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(ASN1_OBJECT, ASN1_OBJECT_free)
BORINGSSL_MAKE_DELETER(ASN1_STRING, ASN1_STRING_free)
BORINGSSL_MAKE_DELETER(ASN1_TYPE, ASN1_TYPE_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} /* extern C++ */
diff --git a/src/include/openssl/base.h b/src/include/openssl/base.h
index aa1be1f..d134993 100644
--- a/src/include/openssl/base.h
+++ b/src/include/openssl/base.h
@@ -71,6 +71,10 @@
#include <openssl/is_boringssl.h>
#include <openssl/opensslconf.h>
+#if defined(BORINGSSL_PREFIX)
+#include <boringssl_prefix_symbols.h>
+#endif
+
#if defined(__cplusplus)
extern "C" {
#endif
@@ -227,9 +231,17 @@
#endif
#if __has_feature(memory_sanitizer)
#define OPENSSL_MSAN
+#define OPENSSL_ASM_INCOMPATIBLE
#endif
#endif
+#if defined(OPENSSL_ASM_INCOMPATIBLE)
+#undef OPENSSL_ASM_INCOMPATIBLE
+#if !defined(OPENSSL_NO_ASM)
+#define OPENSSL_NO_ASM
+#endif
+#endif // OPENSSL_ASM_INCOMPATIBLE
+
// CRYPTO_THREADID is a dummy value.
typedef int CRYPTO_THREADID;
@@ -358,6 +370,18 @@
#define BORINGSSL_NO_CXX
#endif
+#if defined(BORINGSSL_PREFIX)
+#define BSSL_NAMESPACE_BEGIN \
+ namespace bssl { \
+ inline namespace BORINGSSL_PREFIX {
+#define BSSL_NAMESPACE_END \
+ } \
+ }
+#else
+#define BSSL_NAMESPACE_BEGIN namespace bssl {
+#define BSSL_NAMESPACE_END }
+#endif
+
// MSVC doesn't set __cplusplus to 201103 to indicate C++11 support (see
// https://connect.microsoft.com/VisualStudio/feedback/details/763051/a-value-of-predefined-macro-cplusplus-is-still-199711l)
// so MSVC is just assumed to support C++11.
@@ -366,6 +390,7 @@
#endif
#if !defined(BORINGSSL_NO_CXX)
+
extern "C++" {
#include <memory>
@@ -387,7 +412,7 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
namespace internal {
@@ -464,7 +489,7 @@
return UpRef(ptr.get()); \
}
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/base64.h b/src/include/openssl/base64.h
index ef76088..c88546d 100644
--- a/src/include/openssl/base64.h
+++ b/src/include/openssl/base64.h
@@ -67,7 +67,10 @@
// base64 functions.
//
// For historical reasons, these functions have the EVP_ prefix but just do
-// base64 encoding and decoding.
+// base64 encoding and decoding. Note that BoringSSL is a cryptography library,
+// so these functions are implemented with side channel protections, at a
+// performance cost. For other base64 uses, use a general-purpose base64
+// implementation.
// Encoding
diff --git a/src/include/openssl/bio.h b/src/include/openssl/bio.h
index adb641b..70c2fbf 100644
--- a/src/include/openssl/bio.h
+++ b/src/include/openssl/bio.h
@@ -677,26 +677,49 @@
OPENSSL_EXPORT int BIO_get_init(BIO *bio);
// These are values of the |cmd| argument to |BIO_ctrl|.
-#define BIO_CTRL_RESET 1 // opt - rewind/zero etc
-#define BIO_CTRL_EOF 2 // opt - are we at the eof
-#define BIO_CTRL_INFO 3 // opt - extra tit-bits
-#define BIO_CTRL_SET 4 // man - set the 'IO' type
-#define BIO_CTRL_GET 5 // man - get the 'IO' type
-#define BIO_CTRL_PUSH 6
-#define BIO_CTRL_POP 7
-#define BIO_CTRL_GET_CLOSE 8 // man - set the 'close' on free
-#define BIO_CTRL_SET_CLOSE 9 // man - set the 'close' on free
-#define BIO_CTRL_PENDING 10 // opt - is their more data buffered
-#define BIO_CTRL_FLUSH 11 // opt - 'flush' buffered output
-#define BIO_CTRL_WPENDING 13 // opt - number of bytes still to write
-// callback is int cb(BIO *bio,state,ret);
-#define BIO_CTRL_SET_CALLBACK 14 // opt - set callback function
-#define BIO_CTRL_GET_CALLBACK 15 // opt - set callback function
-#define BIO_CTRL_SET_FILENAME 30 // BIO_s_file special
-// BIO_CTRL_DUP is never used, but exists to allow code to compile more
-// easily.
-#define BIO_CTRL_DUP 12
+// BIO_CTRL_RESET implements |BIO_reset|. The arguments are unused.
+#define BIO_CTRL_RESET 1
+
+// BIO_CTRL_EOF implements |BIO_eof|. The arguments are unused.
+#define BIO_CTRL_EOF 2
+
+// BIO_CTRL_INFO is a legacy command that returns information specific to the
+// type of |BIO|. It is not safe to call generically and should not be
+// implemented in new |BIO| types.
+#define BIO_CTRL_INFO 3
+
+// BIO_CTRL_GET_CLOSE returns the close flag set by |BIO_CTRL_SET_CLOSE|. The
+// arguments are unused.
+#define BIO_CTRL_GET_CLOSE 8
+
+// BIO_CTRL_SET_CLOSE implements |BIO_set_close|. The |larg| argument is the
+// close flag.
+#define BIO_CTRL_SET_CLOSE 9
+
+// BIO_CTRL_PENDING implements |BIO_pending|. The arguments are unused.
+#define BIO_CTRL_PENDING 10
+
+// BIO_CTRL_FLUSH implements |BIO_flush|. The arguments are unused.
+#define BIO_CTRL_FLUSH 11
+
+// BIO_CTRL_WPENDING implements |BIO_wpending|. The arguments are unused.
+#define BIO_CTRL_WPENDING 13
+
+// BIO_CTRL_SET_CALLBACK sets an informational callback of type
+// int cb(BIO *bio, int state, int ret)
+#define BIO_CTRL_SET_CALLBACK 14
+
+// BIO_CTRL_GET_CALLBACK returns the callback set by |BIO_CTRL_SET_CALLBACK|.
+#define BIO_CTRL_GET_CALLBACK 15
+
+// The following are never used, but are defined to aid porting existing code.
+#define BIO_CTRL_SET 4
+#define BIO_CTRL_GET 5
+#define BIO_CTRL_PUSH 6
+#define BIO_CTRL_POP 7
+#define BIO_CTRL_DUP 12
+#define BIO_CTRL_SET_FILENAME 30
// Deprecated functions.
@@ -706,6 +729,8 @@
// |BIO_flush| when done writing, to signal that no more data are to be
// encoded. The flag |BIO_FLAGS_BASE64_NO_NL| may be set to encode all the data
// on one line.
+//
+// Use |EVP_EncodeBlock| and |EVP_DecodeBase64| instead.
OPENSSL_EXPORT const BIO_METHOD *BIO_f_base64(void);
OPENSSL_EXPORT void BIO_set_retry_special(BIO *bio);
@@ -733,8 +758,8 @@
#define BIO_FLAGS_RWS (BIO_FLAGS_READ | BIO_FLAGS_WRITE | BIO_FLAGS_IO_SPECIAL)
#define BIO_FLAGS_SHOULD_RETRY 0x08
#define BIO_FLAGS_BASE64_NO_NL 0x100
-// This is used with memory BIOs: it means we shouldn't free up or change the
-// data in any way.
+// BIO_FLAGS_MEM_RDONLY is used with memory BIOs. It means we shouldn't free up
+// or change the data in any way.
#define BIO_FLAGS_MEM_RDONLY 0x200
// These are the 'types' of BIOs
@@ -762,7 +787,7 @@
#define BIO_TYPE_ASN1 (22 | 0x0200) // filter
#define BIO_TYPE_COMP (23 | 0x0200) // filter
-// |BIO_TYPE_DESCRIPTOR| denotes that the |BIO| responds to the |BIO_C_SET_FD|
+// BIO_TYPE_DESCRIPTOR denotes that the |BIO| responds to the |BIO_C_SET_FD|
// (|BIO_set_fd|) and |BIO_C_GET_FD| (|BIO_get_fd|) control hooks.
#define BIO_TYPE_DESCRIPTOR 0x0100 // socket, fd, connect or accept
#define BIO_TYPE_FILTER 0x0200
@@ -809,61 +834,61 @@
size_t num_read, num_write;
};
-#define BIO_C_SET_CONNECT 100
-#define BIO_C_DO_STATE_MACHINE 101
-#define BIO_C_SET_NBIO 102
-#define BIO_C_SET_PROXY_PARAM 103
-#define BIO_C_SET_FD 104
-#define BIO_C_GET_FD 105
-#define BIO_C_SET_FILE_PTR 106
-#define BIO_C_GET_FILE_PTR 107
-#define BIO_C_SET_FILENAME 108
-#define BIO_C_SET_SSL 109
-#define BIO_C_GET_SSL 110
-#define BIO_C_SET_MD 111
-#define BIO_C_GET_MD 112
-#define BIO_C_GET_CIPHER_STATUS 113
-#define BIO_C_SET_BUF_MEM 114
-#define BIO_C_GET_BUF_MEM_PTR 115
-#define BIO_C_GET_BUFF_NUM_LINES 116
-#define BIO_C_SET_BUFF_SIZE 117
-#define BIO_C_SET_ACCEPT 118
-#define BIO_C_SSL_MODE 119
-#define BIO_C_GET_MD_CTX 120
-#define BIO_C_GET_PROXY_PARAM 121
-#define BIO_C_SET_BUFF_READ_DATA 122 // data to read first
-#define BIO_C_GET_ACCEPT 124
-#define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125
-#define BIO_C_GET_SSL_NUM_RENEGOTIATES 126
-#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127
-#define BIO_C_FILE_SEEK 128
-#define BIO_C_GET_CIPHER_CTX 129
-#define BIO_C_SET_BUF_MEM_EOF_RETURN 130 //return end of input value
-#define BIO_C_SET_BIND_MODE 131
-#define BIO_C_GET_BIND_MODE 132
-#define BIO_C_FILE_TELL 133
-#define BIO_C_GET_SOCKS 134
-#define BIO_C_SET_SOCKS 135
+#define BIO_C_SET_CONNECT 100
+#define BIO_C_DO_STATE_MACHINE 101
+#define BIO_C_SET_NBIO 102
+#define BIO_C_SET_PROXY_PARAM 103
+#define BIO_C_SET_FD 104
+#define BIO_C_GET_FD 105
+#define BIO_C_SET_FILE_PTR 106
+#define BIO_C_GET_FILE_PTR 107
+#define BIO_C_SET_FILENAME 108
+#define BIO_C_SET_SSL 109
+#define BIO_C_GET_SSL 110
+#define BIO_C_SET_MD 111
+#define BIO_C_GET_MD 112
+#define BIO_C_GET_CIPHER_STATUS 113
+#define BIO_C_SET_BUF_MEM 114
+#define BIO_C_GET_BUF_MEM_PTR 115
+#define BIO_C_GET_BUFF_NUM_LINES 116
+#define BIO_C_SET_BUFF_SIZE 117
+#define BIO_C_SET_ACCEPT 118
+#define BIO_C_SSL_MODE 119
+#define BIO_C_GET_MD_CTX 120
+#define BIO_C_GET_PROXY_PARAM 121
+#define BIO_C_SET_BUFF_READ_DATA 122 // data to read first
+#define BIO_C_GET_ACCEPT 124
+#define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125
+#define BIO_C_GET_SSL_NUM_RENEGOTIATES 126
+#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127
+#define BIO_C_FILE_SEEK 128
+#define BIO_C_GET_CIPHER_CTX 129
+#define BIO_C_SET_BUF_MEM_EOF_RETURN 130 // return end of input value
+#define BIO_C_SET_BIND_MODE 131
+#define BIO_C_GET_BIND_MODE 132
+#define BIO_C_FILE_TELL 133
+#define BIO_C_GET_SOCKS 134
+#define BIO_C_SET_SOCKS 135
-#define BIO_C_SET_WRITE_BUF_SIZE 136 // for BIO_s_bio
-#define BIO_C_GET_WRITE_BUF_SIZE 137
-#define BIO_C_GET_WRITE_GUARANTEE 140
-#define BIO_C_GET_READ_REQUEST 141
-#define BIO_C_SHUTDOWN_WR 142
-#define BIO_C_NREAD0 143
-#define BIO_C_NREAD 144
-#define BIO_C_NWRITE0 145
-#define BIO_C_NWRITE 146
-#define BIO_C_RESET_READ_REQUEST 147
-#define BIO_C_SET_MD_CTX 148
+#define BIO_C_SET_WRITE_BUF_SIZE 136 // for BIO_s_bio
+#define BIO_C_GET_WRITE_BUF_SIZE 137
+#define BIO_C_GET_WRITE_GUARANTEE 140
+#define BIO_C_GET_READ_REQUEST 141
+#define BIO_C_SHUTDOWN_WR 142
+#define BIO_C_NREAD0 143
+#define BIO_C_NREAD 144
+#define BIO_C_NWRITE0 145
+#define BIO_C_NWRITE 146
+#define BIO_C_RESET_READ_REQUEST 147
+#define BIO_C_SET_MD_CTX 148
-#define BIO_C_SET_PREFIX 149
-#define BIO_C_GET_PREFIX 150
-#define BIO_C_SET_SUFFIX 151
-#define BIO_C_GET_SUFFIX 152
+#define BIO_C_SET_PREFIX 149
+#define BIO_C_GET_PREFIX 150
+#define BIO_C_SET_SUFFIX 151
+#define BIO_C_GET_SUFFIX 152
-#define BIO_C_SET_EX_ARG 153
-#define BIO_C_GET_EX_ARG 154
+#define BIO_C_SET_EX_ARG 153
+#define BIO_C_GET_EX_ARG 154
#if defined(__cplusplus)
@@ -871,12 +896,12 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(BIO, BIO_free)
BORINGSSL_MAKE_UP_REF(BIO, BIO_up_ref)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/bn.h b/src/include/openssl/bn.h
index e8cc70a..251c717 100644
--- a/src/include/openssl/bn.h
+++ b/src/include/openssl/bn.h
@@ -630,9 +630,12 @@
// BN_pseudo_rand_range is an alias for BN_rand_range.
OPENSSL_EXPORT int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
-// BN_GENCB holds a callback function that is used by generation functions that
-// can take a very long time to complete. Use |BN_GENCB_set| to initialise a
-// |BN_GENCB| structure.
+#define BN_GENCB_GENERATED 0
+#define BN_GENCB_PRIME_TEST 1
+
+// bn_gencb_st, or |BN_GENCB|, holds a callback function that is used by
+// generation functions that can take a very long time to complete. Use
+// |BN_GENCB_set| to initialise a |BN_GENCB| structure.
//
// The callback receives the address of that |BN_GENCB| structure as its last
// argument and the user is free to put an arbitrary pointer in |arg|. The other
@@ -648,9 +651,6 @@
//
// When other code needs to call a BN generation function it will often take a
// BN_GENCB argument and may call the function with other argument values.
-#define BN_GENCB_GENERATED 0
-#define BN_GENCB_PRIME_TEST 1
-
struct bn_gencb_st {
void *arg; // callback-specific data
int (*callback)(int event, int n, struct bn_gencb_st *);
@@ -987,7 +987,7 @@
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(BIGNUM, BN_free)
BORINGSSL_MAKE_DELETER(BN_CTX, BN_CTX_free)
@@ -1005,7 +1005,7 @@
BN_CTXScope &operator=(BN_CTXScope &) = delete;
};
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
#endif
diff --git a/src/include/openssl/buf.h b/src/include/openssl/buf.h
index 3f961b8..10a555f 100644
--- a/src/include/openssl/buf.h
+++ b/src/include/openssl/buf.h
@@ -124,11 +124,11 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(BUF_MEM, BUF_MEM_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/bytestring.h b/src/include/openssl/bytestring.h
index 3057604..1400f2e 100644
--- a/src/include/openssl/bytestring.h
+++ b/src/include/openssl/bytestring.h
@@ -491,11 +491,11 @@
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
using ScopedCBB = internal::StackAllocated<CBB, void, CBB_zero, CBB_cleanup>;
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
#endif
diff --git a/src/include/openssl/cipher.h b/src/include/openssl/cipher.h
index 727d7a7..5963413 100644
--- a/src/include/openssl/cipher.h
+++ b/src/include/openssl/cipher.h
@@ -438,7 +438,7 @@
// EVP_CIPH_NO_PADDING disables padding in block ciphers.
#define EVP_CIPH_NO_PADDING 0x800
-// EVP_CIPHER_CTX_ctrl commands.
+// The following are |EVP_CIPHER_CTX_ctrl| commands.
#define EVP_CTRL_INIT 0x0
#define EVP_CTRL_SET_KEY_LENGTH 0x1
#define EVP_CTRL_GET_RC2_KEY_BITS 0x2
@@ -454,15 +454,12 @@
#define EVP_CTRL_AEAD_SET_IV_FIXED 0x12
#define EVP_CTRL_GCM_IV_GEN 0x13
#define EVP_CTRL_AEAD_SET_MAC_KEY 0x17
-// Set the GCM invocation field, decrypt only
+// EVP_CTRL_GCM_SET_IV_INV sets the GCM invocation field, decrypt only
#define EVP_CTRL_GCM_SET_IV_INV 0x18
-// GCM TLS constants
-// Length of fixed part of IV derived from PRF
+// The following constants are unused.
#define EVP_GCM_TLS_FIXED_IV_LEN 4
-// Length of explicit part of IV part of TLS records
#define EVP_GCM_TLS_EXPLICIT_IV_LEN 8
-// Length of tag for TLS
#define EVP_GCM_TLS_TAG_LEN 16
// The following are legacy aliases for AEAD |EVP_CIPHER_CTX_ctrl| values.
@@ -574,7 +571,7 @@
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(EVP_CIPHER_CTX, EVP_CIPHER_CTX_free)
@@ -582,7 +579,7 @@
internal::StackAllocated<EVP_CIPHER_CTX, int, EVP_CIPHER_CTX_init,
EVP_CIPHER_CTX_cleanup>;
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
#endif
diff --git a/src/include/openssl/cmac.h b/src/include/openssl/cmac.h
index 5e9f3d0..3e8cf92 100644
--- a/src/include/openssl/cmac.h
+++ b/src/include/openssl/cmac.h
@@ -78,11 +78,11 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(CMAC_CTX, CMAC_CTX_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/conf.h b/src/include/openssl/conf.h
index 4ffce37..07e34ee 100644
--- a/src/include/openssl/conf.h
+++ b/src/include/openssl/conf.h
@@ -162,11 +162,11 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(CONF, NCONF_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/curve25519.h b/src/include/openssl/curve25519.h
index 332215b..a455389 100644
--- a/src/include/openssl/curve25519.h
+++ b/src/include/openssl/curve25519.h
@@ -188,11 +188,11 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(SPAKE2_CTX, SPAKE2_CTX_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/dh.h b/src/include/openssl/dh.h
index ae24c25..7188790 100644
--- a/src/include/openssl/dh.h
+++ b/src/include/openssl/dh.h
@@ -278,11 +278,11 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(DH, DH_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/digest.h b/src/include/openssl/digest.h
index 4a2b710..1a1ca29 100644
--- a/src/include/openssl/digest.h
+++ b/src/include/openssl/digest.h
@@ -295,7 +295,7 @@
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(EVP_MD_CTX, EVP_MD_CTX_free)
@@ -303,7 +303,7 @@
internal::StackAllocated<EVP_MD_CTX, int, EVP_MD_CTX_init,
EVP_MD_CTX_cleanup>;
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
#endif
diff --git a/src/include/openssl/dsa.h b/src/include/openssl/dsa.h
index a5fa767..70cde7b 100644
--- a/src/include/openssl/dsa.h
+++ b/src/include/openssl/dsa.h
@@ -417,12 +417,12 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(DSA, DSA_free)
BORINGSSL_MAKE_DELETER(DSA_SIG, DSA_SIG_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/ec.h b/src/include/openssl/ec.h
index dbb72ab..41a9c34 100644
--- a/src/include/openssl/ec.h
+++ b/src/include/openssl/ec.h
@@ -357,12 +357,12 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(EC_POINT, EC_POINT_free)
BORINGSSL_MAKE_DELETER(EC_GROUP, EC_GROUP_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/ec_key.h b/src/include/openssl/ec_key.h
index 6944049..7e9e4e8 100644
--- a/src/include/openssl/ec_key.h
+++ b/src/include/openssl/ec_key.h
@@ -336,11 +336,11 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(EC_KEY, EC_KEY_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/ecdsa.h b/src/include/openssl/ecdsa.h
index ff326ab..d4d353e 100644
--- a/src/include/openssl/ecdsa.h
+++ b/src/include/openssl/ecdsa.h
@@ -179,11 +179,11 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(ECDSA_SIG, ECDSA_SIG_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/engine.h b/src/include/openssl/engine.h
index 595e53c..9d45952 100644
--- a/src/include/openssl/engine.h
+++ b/src/include/openssl/engine.h
@@ -94,11 +94,11 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(ENGINE, ENGINE_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/evp.h b/src/include/openssl/evp.h
index 9b00a07..1d7192d 100644
--- a/src/include/openssl/evp.h
+++ b/src/include/openssl/evp.h
@@ -839,8 +839,12 @@
// constants to 'ctrl' functions. To avoid breaking #ifdefs in consumers, this
// section defines a number of legacy macros.
+// |BORINGSSL_PREFIX| already makes each of these symbols into macros, so there
+// is no need to define conflicting macros.
+#if !defined(BORINGSSL_PREFIX)
#define EVP_PKEY_CTX_set_rsa_oaep_md EVP_PKEY_CTX_set_rsa_oaep_md
#define EVP_PKEY_CTX_set0_rsa_oaep_label EVP_PKEY_CTX_set0_rsa_oaep_label
+#endif
// Private structures.
@@ -870,13 +874,13 @@
} // extern C
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(EVP_PKEY, EVP_PKEY_free)
BORINGSSL_MAKE_UP_REF(EVP_PKEY, EVP_PKEY_up_ref)
BORINGSSL_MAKE_DELETER(EVP_PKEY_CTX, EVP_PKEY_CTX_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/hmac.h b/src/include/openssl/hmac.h
index 977dea6..b5d1e42 100644
--- a/src/include/openssl/hmac.h
+++ b/src/include/openssl/hmac.h
@@ -169,14 +169,14 @@
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(HMAC_CTX, HMAC_CTX_free)
using ScopedHMAC_CTX =
internal::StackAllocated<HMAC_CTX, void, HMAC_CTX_init, HMAC_CTX_cleanup>;
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
#endif
diff --git a/src/include/openssl/mem.h b/src/include/openssl/mem.h
index 7d7087e..9f9c00d 100644
--- a/src/include/openssl/mem.h
+++ b/src/include/openssl/mem.h
@@ -142,12 +142,12 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(char, OPENSSL_free)
BORINGSSL_MAKE_DELETER(uint8_t, OPENSSL_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/pkcs7.h b/src/include/openssl/pkcs7.h
index 52b649c..cb6155f 100644
--- a/src/include/openssl/pkcs7.h
+++ b/src/include/openssl/pkcs7.h
@@ -199,11 +199,11 @@
} // extern C
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(PKCS7, PKCS7_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
#endif
diff --git a/src/include/openssl/pkcs8.h b/src/include/openssl/pkcs8.h
index 9a66dd0..ee48f19 100644
--- a/src/include/openssl/pkcs8.h
+++ b/src/include/openssl/pkcs8.h
@@ -215,12 +215,12 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(PKCS12, PKCS12_free)
BORINGSSL_MAKE_DELETER(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/pool.h b/src/include/openssl/pool.h
index 1259f4a..0e4bdd5 100644
--- a/src/include/openssl/pool.h
+++ b/src/include/openssl/pool.h
@@ -87,13 +87,13 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER_POOL, CRYPTO_BUFFER_POOL_free)
BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER, CRYPTO_BUFFER_free)
BORINGSSL_MAKE_UP_REF(CRYPTO_BUFFER, CRYPTO_BUFFER_up_ref)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/rsa.h b/src/include/openssl/rsa.h
index 98bb31c..8098c48 100644
--- a/src/include/openssl/rsa.h
+++ b/src/include/openssl/rsa.h
@@ -175,11 +175,19 @@
// These functions are considered non-mutating for thread-safety purposes and
// may be used concurrently.
-// Padding types for encryption.
+// RSA_PKCS1_PADDING denotes PKCS#1 v1.5 padding. When used with encryption,
+// this is RSAES-PKCS1-v1_5. When used with signing, this is RSASSA-PKCS1-v1_5.
#define RSA_PKCS1_PADDING 1
+
+// RSA_NO_PADDING denotes a raw RSA operation.
#define RSA_NO_PADDING 3
+
+// RSA_PKCS1_OAEP_PADDING denotes the RSAES-OAEP encryption scheme.
#define RSA_PKCS1_OAEP_PADDING 4
-// RSA_PKCS1_PSS_PADDING can only be used via the EVP interface.
+
+// RSA_PKCS1_PSS_PADDING denotes the RSASSA-PSS signature scheme. This value may
+// not be passed into |RSA_sign_raw|, only |EVP_PKEY_CTX_set_rsa_padding|. See
+// also |RSA_sign_pss_mgf1| and |RSA_verify_pss_mgf1|.
#define RSA_PKCS1_PSS_PADDING 6
// RSA_encrypt encrypts |in_len| bytes from |in| to the public key from |rsa|
@@ -285,7 +293,8 @@
//
// The |padding| argument must be one of the |RSA_*_PADDING| values. If in
// doubt, |RSA_PKCS1_PADDING| is the most common but |RSA_PKCS1_PSS_PADDING|
-// (via the |EVP_PKEY| interface) is preferred for new protocols.
+// (via |RSA_sign_pss_mgf1| or the |EVP_PKEY| interface) is preferred for new
+// protocols.
OPENSSL_EXPORT int RSA_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out,
size_t max_out, const uint8_t *in,
size_t in_len, int padding);
@@ -330,7 +339,8 @@
//
// The |padding| argument must be one of the |RSA_*_PADDING| values. If in
// doubt, |RSA_PKCS1_PADDING| is the most common but |RSA_PKCS1_PSS_PADDING|
-// (via the |EVP_PKEY| interface) is preferred for new protocols.
+// (via |RSA_verify_pss_mgf1| or the |EVP_PKEY| interface) is preferred for new
+// protocols.
OPENSSL_EXPORT int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out,
size_t max_out, const uint8_t *in,
size_t in_len, int padding);
@@ -713,11 +723,11 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(RSA, RSA_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/span.h b/src/include/openssl/span.h
index 5ed96b7..298a722 100644
--- a/src/include/openssl/span.h
+++ b/src/include/openssl/span.h
@@ -25,7 +25,7 @@
#include <cstdlib>
#include <type_traits>
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
template <typename T>
class Span;
@@ -190,7 +190,7 @@
return MakeConstSpan(c.data(), c.size());
}
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h
index daa58b0..0d5a444 100644
--- a/src/include/openssl/ssl.h
+++ b/src/include/openssl/ssl.h
@@ -4314,6 +4314,7 @@
//
// These defines exist for node.js, with the hope that we can eliminate the
// need for them over time.
+
#define SSLerr(function, reason) \
ERR_put_error(ERR_LIB_SSL, 0, reason, __FILE__, __LINE__)
@@ -4382,6 +4383,10 @@
#define SSL_CTRL_SET_TMP_RSA doesnt_exist
#define SSL_CTRL_SET_TMP_RSA_CB doesnt_exist
+// |BORINGSSL_PREFIX| already makes each of these symbols into macros, so there
+// is no need to define conflicting macros.
+#if !defined(BORINGSSL_PREFIX)
+
#define DTLSv1_get_timeout DTLSv1_get_timeout
#define DTLSv1_handle_timeout DTLSv1_handle_timeout
#define SSL_CTX_add0_chain_cert SSL_CTX_add0_chain_cert
@@ -4451,6 +4456,8 @@
#define SSL_set_tmp_rsa SSL_set_tmp_rsa
#define SSL_total_renegotiations SSL_total_renegotiations
+#endif // !defined(BORINGSSL_PREFIX)
+
#if defined(__cplusplus)
} // extern C
@@ -4459,7 +4466,7 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(SSL, SSL_free)
BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free)
@@ -4571,7 +4578,7 @@
OPENSSL_EXPORT bool SSL_serialize_handback(const SSL *ssl, CBB *out);
OPENSSL_EXPORT bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback);
-} // namespace bssl
+BSSL_NAMESPACE_END
} // extern C++
diff --git a/src/include/openssl/stack.h b/src/include/openssl/stack.h
index a1cca59..15b6adf 100644
--- a/src/include/openssl/stack.h
+++ b/src/include/openssl/stack.h
@@ -219,17 +219,17 @@
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
namespace internal {
template <typename T>
struct StackTraits {};
}
-}
+BSSL_NAMESPACE_END
}
#define BORINGSSL_DEFINE_STACK_TRAITS(name, type, is_const) \
extern "C++" { \
- namespace bssl { \
+ BSSL_NAMESPACE_BEGIN \
namespace internal { \
template <> \
struct StackTraits<STACK_OF(name)> { \
@@ -238,7 +238,7 @@
static constexpr bool kIsConst = is_const; \
}; \
} \
- } \
+ BSSL_NAMESPACE_END \
}
#else
@@ -393,7 +393,7 @@
#include <type_traits>
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
namespace internal {
@@ -474,7 +474,7 @@
return true;
}
-} // namespace bssl
+BSSL_NAMESPACE_END
// Define begin() and end() for stack types so C++ range for loops work.
template <typename Stack>
diff --git a/src/include/openssl/x509.h b/src/include/openssl/x509.h
index eeab5ec..72f7314 100644
--- a/src/include/openssl/x509.h
+++ b/src/include/openssl/x509.h
@@ -1129,7 +1129,7 @@
#if !defined(BORINGSSL_NO_CXX)
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(NETSCAPE_SPKI, NETSCAPE_SPKI_free)
BORINGSSL_MAKE_DELETER(RSA_PSS_PARAMS, RSA_PSS_PARAMS_free)
@@ -1158,7 +1158,7 @@
internal::StackAllocated<X509_STORE_CTX, void, X509_STORE_CTX_zero,
X509_STORE_CTX_cleanup>;
-} // namespace bssl
+BSSL_NAMESPACE_END
} /* extern C++ */
#endif /* !BORINGSSL_NO_CXX */
diff --git a/src/include/openssl/x509v3.h b/src/include/openssl/x509v3.h
index 1af439d..53e20a0 100644
--- a/src/include/openssl/x509v3.h
+++ b/src/include/openssl/x509v3.h
@@ -751,7 +751,7 @@
extern "C++" {
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
BORINGSSL_MAKE_DELETER(ACCESS_DESCRIPTION, ACCESS_DESCRIPTION_free)
BORINGSSL_MAKE_DELETER(AUTHORITY_KEYID, AUTHORITY_KEYID_free)
@@ -760,7 +760,7 @@
BORINGSSL_MAKE_DELETER(GENERAL_NAME, GENERAL_NAME_free)
BORINGSSL_MAKE_DELETER(POLICYINFO, POLICYINFO_free)
-} // namespace bssl
+BSSL_NAMESPACE_END
} /* extern C++ */
#endif