Move libssl's internals into the bssl namespace.
This is horrible, but everything else I tried was worse. The goal with
this CL is to take the extern "C" out of ssl/internal.h and move most
symbols to namespace bssl, so we can start using C++ helpers and
destructors without worry.
Complications:
- Public API functions must be extern "C" and match their declaration in
ssl.h, which is unnamespaced. C++ really does not want you to
interleave namespaced and unnamespaced things. One can actually write
a namespaced extern "C" function, but this means, from C++'s
perspective, the function is namespaced. Trying to namespace the
public header would worked but ended up too deep a rabbithole.
- Our STACK_OF macros do not work right in namespaces.
- The typedefs for our exposed but opaque types are visible in the
header files and copied into consuming projects as forward
declarations. We ultimately want to give SSL a destructor, but
clobbering an unnamespaced ssl_st::~ssl_st seems bad manners.
- MSVC complains about ambiguous names if one typedefs SSL to bssl::SSL.
This CL opts for:
- ssl/*.cc must begin with #define BORINGSSL_INTERNAL_CXX_TYPES. This
informs the public headers to create forward declarations which are
compatible with our namespaces.
- For now, C++-defined type FOO ends up at bssl::FOO with a typedef
outside. Later I imagine we'll rename many of them.
- Internal functions get namespace bssl, so we stop worrying about
stomping the tls1_prf symbol. Exported C functions are stuck as they
are. Rather than try anything weird, bite the bullet and reorder files
which have a mix of public and private functions. I expect that over
time, the public functions will become fairly small as we move logic
to more idiomatic C++.
Files without any public C functions can just be written normally.
- To avoid MSVC troubles, some bssl types are renamed to CPlusPlusStyle
in advance of them being made idiomatic C++.
Bug: 132
Change-Id: Ic931895e117c38b14ff8d6e5a273e868796c7581
Reviewed-on: https://boringssl-review.googlesource.com/18124
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 76469eb..228c1c5 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -106,6 +106,8 @@
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com). */
+#define BORINGSSL_INTERNAL_CXX_TYPES
+
#include <openssl/ssl.h>
#include <assert.h>
@@ -126,6 +128,8 @@
#include "../crypto/internal.h"
+namespace bssl {
+
static int ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs);
static int compare_uint16_t(const void *p1, const void *p2) {
@@ -289,20 +293,6 @@
return 0;
}
-int SSL_early_callback_ctx_extension_get(const SSL_CLIENT_HELLO *client_hello,
- uint16_t extension_type,
- const uint8_t **out_data,
- size_t *out_len) {
- CBS cbs;
- if (!ssl_client_hello_get_extension(client_hello, &cbs, extension_type)) {
- return 0;
- }
-
- *out_data = CBS_data(&cbs);
- *out_len = CBS_len(&cbs);
- return 1;
-}
-
static const uint16_t kDefaultGroups[] = {
SSL_CURVE_X25519,
SSL_CURVE_SECP256R1,
@@ -508,10 +498,6 @@
SSL_SIGN_RSA_PKCS1_SHA1,
};
-void SSL_CTX_set_ed25519_enabled(SSL_CTX *ctx, int enabled) {
- ctx->ed25519_enabled = !!enabled;
-}
-
int tls12_add_verify_sigalgs(const SSL *ssl, CBB *out) {
const uint16_t *sigalgs = kVerifySignatureAlgorithms;
size_t num_sigalgs = OPENSSL_ARRAY_SIZE(kVerifySignatureAlgorithms);
@@ -2658,12 +2644,6 @@
return NULL;
}
-int SSL_extension_supported(unsigned extension_value) {
- uint32_t index;
- return extension_value == TLSEXT_TYPE_padding ||
- tls_extension_find(&index, extension_value) != NULL;
-}
-
int ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, size_t header_len) {
SSL *const ssl = hs->ssl;
/* Don't add extensions for SSLv3 unless doing secure renegotiation. */
@@ -3044,8 +3024,8 @@
size_t ticket_len) {
const SSL_CTX *const ssl_ctx = ssl->session_ctx;
- bssl::ScopedHMAC_CTX hmac_ctx;
- bssl::ScopedEVP_CIPHER_CTX cipher_ctx;
+ ScopedHMAC_CTX hmac_ctx;
+ ScopedEVP_CIPHER_CTX cipher_ctx;
/* Ensure there is room for the key name and the largest IV
* |tlsext_ticket_key_cb| may try to consume. The real limit may be lower, but
@@ -3105,7 +3085,7 @@
const uint8_t *ciphertext = ticket + SSL_TICKET_KEY_NAME_LEN + iv_len;
size_t ciphertext_len = ticket_len - SSL_TICKET_KEY_NAME_LEN - iv_len -
mac_len;
- bssl::UniquePtr<uint8_t> plaintext((uint8_t *)OPENSSL_malloc(ciphertext_len));
+ UniquePtr<uint8_t> plaintext((uint8_t *)OPENSSL_malloc(ciphertext_len));
if (!plaintext) {
return ssl_ticket_aead_error;
}
@@ -3328,15 +3308,14 @@
return 0;
}
- bssl::UniquePtr<EC_GROUP> p256(
- EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
+ UniquePtr<EC_GROUP> p256(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
if (!p256) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_P256_SUPPORT);
return 0;
}
- bssl::UniquePtr<ECDSA_SIG> sig(ECDSA_SIG_new());
- bssl::UniquePtr<BIGNUM> x(BN_new()), y(BN_new());
+ UniquePtr<ECDSA_SIG> sig(ECDSA_SIG_new());
+ UniquePtr<BIGNUM> x(BN_new()), y(BN_new());
if (!sig || !x || !y) {
return 0;
}
@@ -3349,8 +3328,8 @@
return 0;
}
- bssl::UniquePtr<EC_KEY> key(EC_KEY_new());
- bssl::UniquePtr<EC_POINT> point(EC_POINT_new(p256.get()));
+ UniquePtr<EC_KEY> key(EC_KEY_new());
+ UniquePtr<EC_POINT> point(EC_POINT_new(p256.get()));
if (!key || !point ||
!EC_POINT_set_affine_coordinates_GFp(p256.get(), point.get(), x.get(),
y.get(), nullptr) ||
@@ -3543,3 +3522,31 @@
return 1;
}
+
+} // namespace bssl
+
+using namespace bssl;
+
+int SSL_early_callback_ctx_extension_get(const SSL_CLIENT_HELLO *client_hello,
+ uint16_t extension_type,
+ const uint8_t **out_data,
+ size_t *out_len) {
+ CBS cbs;
+ if (!ssl_client_hello_get_extension(client_hello, &cbs, extension_type)) {
+ return 0;
+ }
+
+ *out_data = CBS_data(&cbs);
+ *out_len = CBS_len(&cbs);
+ return 1;
+}
+
+void SSL_CTX_set_ed25519_enabled(SSL_CTX *ctx, int enabled) {
+ ctx->ed25519_enabled = !!enabled;
+}
+
+int SSL_extension_supported(unsigned extension_value) {
+ uint32_t index;
+ return extension_value == TLSEXT_TYPE_padding ||
+ tls_extension_find(&index, extension_value) != NULL;
+}
