Namespace crypto/fipsmodule/bcm_interface.h's internal symbols. Down from 582 to 428 unintended exported symbols. Bug: 42220000 Change-Id: I33431193c01a212229b5740619d3da926a6a6964 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/86649 Reviewed-by: Xiangfei Ding <xfding@google.com> Commit-Queue: Rudolf Polzer <rpolzer@google.com>
diff --git a/crypto/aes/aes.cc b/crypto/aes/aes.cc index fc9b67d..ac2c943 100644 --- a/crypto/aes/aes.cc +++ b/crypto/aes/aes.cc
@@ -18,6 +18,9 @@ #include "../fipsmodule/bcm_interface.h" + +using namespace bssl; + void AES_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { BCM_aes_encrypt(in, out, key); }
diff --git a/crypto/fipsmodule/aes/aes.cc.inc b/crypto/fipsmodule/aes/aes.cc.inc index 2b57a6c..56a110f 100644 --- a/crypto/fipsmodule/aes/aes.cc.inc +++ b/crypto/fipsmodule/aes/aes.cc.inc
@@ -25,8 +25,8 @@ // value, or both. Therefore they cannot mix. Also, on AArch64, the plain-C // code, above, is incompatible with the |aes_hw_*| functions. -bcm_infallible BCM_aes_encrypt(const uint8_t *in, uint8_t *out, - const AES_KEY *key) { +bcm_infallible bssl::BCM_aes_encrypt(const uint8_t *in, uint8_t *out, + const AES_KEY *key) { if (hwaes_capable()) { aes_hw_encrypt(in, out, key); } else if (vpaes_capable()) { @@ -37,8 +37,8 @@ return bcm_infallible::not_approved; } -bcm_infallible BCM_aes_decrypt(const uint8_t *in, uint8_t *out, - const AES_KEY *key) { +bcm_infallible bssl::BCM_aes_decrypt(const uint8_t *in, uint8_t *out, + const AES_KEY *key) { if (hwaes_capable()) { aes_hw_decrypt(in, out, key); } else if (vpaes_capable()) { @@ -49,8 +49,8 @@ return bcm_infallible::not_approved; } -bcm_status BCM_aes_set_encrypt_key(const uint8_t *key, unsigned bits, - AES_KEY *aeskey) { +bcm_status bssl::BCM_aes_set_encrypt_key(const uint8_t *key, unsigned bits, + AES_KEY *aeskey) { int ret = -1; if (hwaes_capable()) { ret = aes_hw_set_encrypt_key(key, bits, aeskey); @@ -66,8 +66,8 @@ return bcm_status::not_approved; } -bcm_status BCM_aes_set_decrypt_key(const uint8_t *key, unsigned bits, - AES_KEY *aeskey) { +bcm_status bssl::BCM_aes_set_decrypt_key(const uint8_t *key, unsigned bits, + AES_KEY *aeskey) { int ret = -1; if (hwaes_capable()) { ret = aes_hw_set_decrypt_key(key, bits, aeskey);
diff --git a/crypto/fipsmodule/bcm_interface.h b/crypto/fipsmodule/bcm_interface.h index 654acf0..b78c372 100644 --- a/crypto/fipsmodule/bcm_interface.h +++ b/crypto/fipsmodule/bcm_interface.h
@@ -30,9 +30,7 @@ // Over time, calls from libcrypto to BCM will all move to this header // and the separation will become more meaningful. -#if defined(__cplusplus) -extern "C" { -#endif +BSSL_NAMESPACE_BEGIN // Enumerated types for return values from bcm functions, both infallible // and fallible functions. Two success values are used to correspond to the @@ -939,9 +937,7 @@ bcm_status BCM_aes_set_decrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey); +BSSL_NAMESPACE_END -#if defined(__cplusplus) -} // extern C -#endif #endif // OPENSSL_HEADER_CRYPTO_FIPSMODULE_BCM_INTERFACE_H
diff --git a/crypto/fipsmodule/digest/digests.cc.inc b/crypto/fipsmodule/digest/digests.cc.inc index 3a3bfd3..a246a51 100644 --- a/crypto/fipsmodule/digest/digests.cc.inc +++ b/crypto/fipsmodule/digest/digests.cc.inc
@@ -24,13 +24,15 @@ #include "../delocate.h" #include "internal.h" + +using namespace bssl; + #if defined(NDEBUG) #define CHECK(x) (void)(x) #else #define CHECK(x) assert(x) #endif - static void sha1_init(EVP_MD_CTX *ctx) { BCM_sha1_init(reinterpret_cast<SHA_CTX *>(ctx->md_data)); }
diff --git a/crypto/fipsmodule/mldsa/mldsa.cc.inc b/crypto/fipsmodule/mldsa/mldsa.cc.inc index 9493ed3..5c305b2 100644 --- a/crypto/fipsmodule/mldsa/mldsa.cc.inc +++ b/crypto/fipsmodule/mldsa/mldsa.cc.inc
@@ -2285,34 +2285,34 @@ // ML-DSA-65 specific wrappers. -bcm_status BCM_mldsa65_parse_public_key(MLDSA65_public_key *public_key, - CBS *in) { +bcm_status bssl::BCM_mldsa65_parse_public_key(MLDSA65_public_key *public_key, + CBS *in) { return bcm_as_approved_status(mldsa_parse_public_key( mldsa::public_key_from_external_65(public_key), in)); } -bcm_status BCM_mldsa65_marshal_private_key( +bcm_status bssl::BCM_mldsa65_marshal_private_key( CBB *out, const MLDSA65_private_key *private_key) { return bcm_as_approved_status(mldsa_marshal_private_key( out, mldsa::private_key_from_external_65(private_key))); } -bcm_status BCM_mldsa65_parse_private_key(MLDSA65_private_key *private_key, - CBS *in) { +bcm_status bssl::BCM_mldsa65_parse_private_key(MLDSA65_private_key *private_key, + CBS *in) { return bcm_as_approved_status( mldsa_parse_private_key(mldsa::private_key_from_external_65(private_key), in) && CBS_len(in) == 0); } -bcm_status BCM_mldsa65_check_key_fips(MLDSA65_private_key *private_key) { +bcm_status bssl::BCM_mldsa65_check_key_fips(MLDSA65_private_key *private_key) { return bcm_as_approved_status( mldsa::fips::check_key(mldsa::private_key_from_external_65(private_key))); } // Calls |MLDSA_generate_key_external_entropy| with random bytes from // |BCM_rand_bytes|. -bcm_status BCM_mldsa65_generate_key( +bcm_status bssl::BCM_mldsa65_generate_key( uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES], uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA65_private_key *out_private_key) { BCM_rand_bytes(out_seed, MLDSA_SEED_BYTES); @@ -2321,7 +2321,7 @@ out_private_key, out_seed); } -bcm_status BCM_mldsa65_private_key_from_seed( +bcm_status bssl::BCM_mldsa65_private_key_from_seed( MLDSA65_private_key *out_private_key, const uint8_t seed[MLDSA_SEED_BYTES]) { uint8_t public_key[MLDSA65_PUBLIC_KEY_BYTES]; @@ -2329,7 +2329,7 @@ seed); } -bcm_status BCM_mldsa65_generate_key_external_entropy( +bcm_status bssl::BCM_mldsa65_generate_key_external_entropy( uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES], MLDSA65_private_key *out_private_key, const uint8_t entropy[MLDSA_SEED_BYTES]) { @@ -2338,7 +2338,7 @@ mldsa::private_key_from_external_65(out_private_key), entropy)); } -bcm_status BCM_mldsa65_generate_key_fips( +bcm_status bssl::BCM_mldsa65_generate_key_fips( uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES], uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA65_private_key *out_private_key) { if (out_encoded_public_key == nullptr || out_private_key == nullptr) { @@ -2351,7 +2351,7 @@ return BCM_mldsa65_check_key_fips(out_private_key); } -bcm_status BCM_mldsa65_generate_key_external_entropy_fips( +bcm_status bssl::BCM_mldsa65_generate_key_external_entropy_fips( uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES], MLDSA65_private_key *out_private_key, const uint8_t entropy[MLDSA_SEED_BYTES]) { @@ -2366,7 +2366,7 @@ return BCM_mldsa65_check_key_fips(out_private_key); } -bcm_status BCM_mldsa65_private_key_from_seed_fips( +bcm_status bssl::BCM_mldsa65_private_key_from_seed_fips( MLDSA65_private_key *out_private_key, const uint8_t seed[MLDSA_SEED_BYTES]) { uint8_t public_key[MLDSA65_PUBLIC_KEY_BYTES]; @@ -2377,7 +2377,7 @@ return BCM_mldsa65_check_key_fips(out_private_key); } -bcm_status BCM_mldsa65_public_from_private( +bcm_status bssl::BCM_mldsa65_public_from_private( MLDSA65_public_key *out_public_key, const MLDSA65_private_key *private_key) { const auto *priv = mldsa::private_key_from_external_65(private_key); @@ -2386,13 +2386,13 @@ return bcm_status::approved; } -const MLDSA65_public_key *BCM_mldsa65_public_of_private( +const MLDSA65_public_key *bssl::BCM_mldsa65_public_of_private( const MLDSA65_private_key *private_key) { return reinterpret_cast<const MLDSA65_public_key *>( &mldsa::private_key_from_external_65(private_key)->pub); } -bcm_status BCM_mldsa65_sign_internal( +bcm_status bssl::BCM_mldsa65_sign_internal( uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES], const MLDSA65_private_key *private_key, const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix, size_t context_prefix_len, @@ -2404,7 +2404,7 @@ randomizer)); } -bcm_status BCM_mldsa65_sign_mu_internal( +bcm_status bssl::BCM_mldsa65_sign_mu_internal( uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES], const MLDSA65_private_key *private_key, const uint8_t msg_rep[MLDSA_MU_BYTES], @@ -2416,7 +2416,7 @@ // ML-DSA signature in randomized mode, filling the random bytes with // |BCM_rand_bytes|. -bcm_status BCM_mldsa65_sign( +bcm_status bssl::BCM_mldsa65_sign( uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES], const MLDSA65_private_key *private_key, const uint8_t *msg, size_t msg_len, const uint8_t *context, size_t context_len) { @@ -2432,9 +2432,10 @@ } // ML-DSA pre-hashed API: initializing a pre-hashing context. -void BCM_mldsa65_prehash_init(MLDSA65_prehash *out_prehash_ctx, - const MLDSA65_public_key *public_key, - const uint8_t *context, size_t context_len) { +void bssl::BCM_mldsa65_prehash_init(MLDSA65_prehash *out_prehash_ctx, + const MLDSA65_public_key *public_key, + const uint8_t *context, + size_t context_len) { BSSL_CHECK(context_len <= 255); const uint8_t context_prefix[2] = {0, static_cast<uint8_t>(context_len)}; @@ -2445,21 +2446,21 @@ } // ML-DSA pre-hashed API: updating a pre-hashing context with a message chunk. -void BCM_mldsa65_prehash_update(MLDSA65_prehash *inout_prehash_ctx, - const uint8_t *msg, size_t msg_len) { +void bssl::BCM_mldsa65_prehash_update(MLDSA65_prehash *inout_prehash_ctx, + const uint8_t *msg, size_t msg_len) { mldsa_prehash_update( mldsa::prehash_context_from_external_65(inout_prehash_ctx), msg, msg_len); } // ML-DSA pre-hashed API: obtaining a message representative to sign. -void BCM_mldsa65_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES], - MLDSA65_prehash *inout_prehash_ctx) { +void bssl::BCM_mldsa65_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES], + MLDSA65_prehash *inout_prehash_ctx) { mldsa_prehash_finalize( out_msg_rep, mldsa::prehash_context_from_external_65(inout_prehash_ctx)); } // ML-DSA pre-hashed API: signing a message representative. -bcm_status BCM_mldsa65_sign_message_representative( +bcm_status bssl::BCM_mldsa65_sign_message_representative( uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES], const MLDSA65_private_key *private_key, const uint8_t msg_rep[MLDSA_MU_BYTES]) { @@ -2473,7 +2474,7 @@ } // ML-DSA pre-hashed API: verifying a message representative. -bcm_status BCM_mldsa65_verify_message_representative( +bcm_status bssl::BCM_mldsa65_verify_message_representative( const MLDSA65_public_key *public_key, const uint8_t signature[MLDSA65_SIGNATURE_BYTES], const uint8_t msg_rep[MLDSA_MU_BYTES]) { @@ -2482,10 +2483,10 @@ } // FIPS 204, Algorithm 3 (`ML-DSA.Verify`). -bcm_status BCM_mldsa65_verify(const MLDSA65_public_key *public_key, - const uint8_t signature[MLDSA65_SIGNATURE_BYTES], - const uint8_t *msg, size_t msg_len, - const uint8_t *context, size_t context_len) { +bcm_status bssl::BCM_mldsa65_verify( + const MLDSA65_public_key *public_key, + const uint8_t signature[MLDSA65_SIGNATURE_BYTES], const uint8_t *msg, + size_t msg_len, const uint8_t *context, size_t context_len) { BSSL_CHECK(context_len <= 255); const uint8_t context_prefix[2] = {0, static_cast<uint8_t>(context_len)}; return BCM_mldsa65_verify_internal(public_key, signature, msg, msg_len, @@ -2493,7 +2494,7 @@ context, context_len); } -bcm_status BCM_mldsa65_verify_internal( +bcm_status bssl::BCM_mldsa65_verify_internal( const MLDSA65_public_key *public_key, const uint8_t encoded_signature[MLDSA65_SIGNATURE_BYTES], const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix, @@ -2503,14 +2504,14 @@ msg_len, context_prefix, context_prefix_len, context, context_len)); } -bcm_status BCM_mldsa65_marshal_public_key( +bcm_status bssl::BCM_mldsa65_marshal_public_key( CBB *out, const MLDSA65_public_key *public_key) { return bcm_as_approved_status(mldsa_marshal_public_key( out, mldsa::public_key_from_external_65(public_key))); } -int BCM_mldsa65_public_keys_equal(const MLDSA65_public_key *a, - const MLDSA65_public_key *b) { +int bssl::BCM_mldsa65_public_keys_equal(const MLDSA65_public_key *a, + const MLDSA65_public_key *b) { auto *a_pub = mldsa::public_key_from_external_65(a); auto *b_pub = mldsa::public_key_from_external_65(b); // It is sufficient to compare |public_key_hash|. When importing a public key, @@ -2524,34 +2525,34 @@ // ML-DSA-87 specific wrappers. -bcm_status BCM_mldsa87_parse_public_key(MLDSA87_public_key *public_key, - CBS *in) { +bcm_status bssl::BCM_mldsa87_parse_public_key(MLDSA87_public_key *public_key, + CBS *in) { return bcm_as_approved_status(mldsa_parse_public_key( mldsa::public_key_from_external_87(public_key), in)); } -bcm_status BCM_mldsa87_marshal_private_key( +bcm_status bssl::BCM_mldsa87_marshal_private_key( CBB *out, const MLDSA87_private_key *private_key) { return bcm_as_approved_status(mldsa_marshal_private_key( out, mldsa::private_key_from_external_87(private_key))); } -bcm_status BCM_mldsa87_parse_private_key(MLDSA87_private_key *private_key, - CBS *in) { +bcm_status bssl::BCM_mldsa87_parse_private_key(MLDSA87_private_key *private_key, + CBS *in) { return bcm_as_approved_status( mldsa_parse_private_key(mldsa::private_key_from_external_87(private_key), in) && CBS_len(in) == 0); } -bcm_status BCM_mldsa87_check_key_fips(MLDSA87_private_key *private_key) { +bcm_status bssl::BCM_mldsa87_check_key_fips(MLDSA87_private_key *private_key) { return bcm_as_approved_status( mldsa::fips::check_key(mldsa::private_key_from_external_87(private_key))); } // Calls |MLDSA_generate_key_external_entropy| with random bytes from // |BCM_rand_bytes|. -bcm_status BCM_mldsa87_generate_key( +bcm_status bssl::BCM_mldsa87_generate_key( uint8_t out_encoded_public_key[MLDSA87_PUBLIC_KEY_BYTES], uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA87_private_key *out_private_key) { BCM_rand_bytes(out_seed, MLDSA_SEED_BYTES); @@ -2559,7 +2560,7 @@ out_private_key, out_seed); } -bcm_status BCM_mldsa87_private_key_from_seed( +bcm_status bssl::BCM_mldsa87_private_key_from_seed( MLDSA87_private_key *out_private_key, const uint8_t seed[MLDSA_SEED_BYTES]) { uint8_t public_key[MLDSA87_PUBLIC_KEY_BYTES]; @@ -2567,7 +2568,7 @@ seed); } -bcm_status BCM_mldsa87_generate_key_external_entropy( +bcm_status bssl::BCM_mldsa87_generate_key_external_entropy( uint8_t out_encoded_public_key[MLDSA87_PUBLIC_KEY_BYTES], MLDSA87_private_key *out_private_key, const uint8_t entropy[MLDSA_SEED_BYTES]) { @@ -2576,7 +2577,7 @@ mldsa::private_key_from_external_87(out_private_key), entropy)); } -bcm_status BCM_mldsa87_generate_key_fips( +bcm_status bssl::BCM_mldsa87_generate_key_fips( uint8_t out_encoded_public_key[MLDSA87_PUBLIC_KEY_BYTES], uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA87_private_key *out_private_key) { if (out_encoded_public_key == nullptr || out_private_key == nullptr) { @@ -2589,7 +2590,7 @@ return BCM_mldsa87_check_key_fips(out_private_key); } -bcm_status BCM_mldsa87_generate_key_external_entropy_fips( +bcm_status bssl::BCM_mldsa87_generate_key_external_entropy_fips( uint8_t out_encoded_public_key[MLDSA87_PUBLIC_KEY_BYTES], MLDSA87_private_key *out_private_key, const uint8_t entropy[MLDSA_SEED_BYTES]) { @@ -2604,7 +2605,7 @@ return BCM_mldsa87_check_key_fips(out_private_key); } -bcm_status BCM_mldsa87_private_key_from_seed_fips( +bcm_status bssl::BCM_mldsa87_private_key_from_seed_fips( MLDSA87_private_key *out_private_key, const uint8_t seed[MLDSA_SEED_BYTES]) { uint8_t public_key[MLDSA87_PUBLIC_KEY_BYTES]; @@ -2615,7 +2616,7 @@ return BCM_mldsa87_check_key_fips(out_private_key); } -bcm_status BCM_mldsa87_public_from_private( +bcm_status bssl::BCM_mldsa87_public_from_private( MLDSA87_public_key *out_public_key, const MLDSA87_private_key *private_key) { const auto *priv = mldsa::private_key_from_external_87(private_key); @@ -2624,13 +2625,13 @@ return bcm_status::approved; } -const MLDSA87_public_key *BCM_mldsa87_public_of_private( +const MLDSA87_public_key *bssl::BCM_mldsa87_public_of_private( const MLDSA87_private_key *private_key) { return reinterpret_cast<const MLDSA87_public_key *>( &mldsa::private_key_from_external_87(private_key)->pub); } -bcm_status BCM_mldsa87_sign_internal( +bcm_status bssl::BCM_mldsa87_sign_internal( uint8_t out_encoded_signature[MLDSA87_SIGNATURE_BYTES], const MLDSA87_private_key *private_key, const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix, size_t context_prefix_len, @@ -2642,7 +2643,7 @@ randomizer)); } -bcm_status BCM_mldsa87_sign_mu_internal( +bcm_status bssl::BCM_mldsa87_sign_mu_internal( uint8_t out_encoded_signature[MLDSA87_SIGNATURE_BYTES], const MLDSA87_private_key *private_key, const uint8_t msg_rep[MLDSA_MU_BYTES], @@ -2654,7 +2655,7 @@ // ML-DSA signature in randomized mode, filling the random bytes with // |BCM_rand_bytes|. -bcm_status BCM_mldsa87_sign( +bcm_status bssl::BCM_mldsa87_sign( uint8_t out_encoded_signature[MLDSA87_SIGNATURE_BYTES], const MLDSA87_private_key *private_key, const uint8_t *msg, size_t msg_len, const uint8_t *context, size_t context_len) { @@ -2669,9 +2670,10 @@ } // ML-DSA pre-hashed API: initializing a pre-hashing context. -void BCM_mldsa87_prehash_init(MLDSA87_prehash *out_prehash_ctx, - const MLDSA87_public_key *public_key, - const uint8_t *context, size_t context_len) { +void bssl::BCM_mldsa87_prehash_init(MLDSA87_prehash *out_prehash_ctx, + const MLDSA87_public_key *public_key, + const uint8_t *context, + size_t context_len) { BSSL_CHECK(context_len <= 255); const uint8_t context_prefix[2] = {0, static_cast<uint8_t>(context_len)}; @@ -2682,21 +2684,21 @@ } // ML-DSA pre-hashed API: updating a pre-hashing context with a message chunk. -void BCM_mldsa87_prehash_update(MLDSA87_prehash *inout_prehash_ctx, - const uint8_t *msg, size_t msg_len) { +void bssl::BCM_mldsa87_prehash_update(MLDSA87_prehash *inout_prehash_ctx, + const uint8_t *msg, size_t msg_len) { mldsa_prehash_update( mldsa::prehash_context_from_external_87(inout_prehash_ctx), msg, msg_len); } // ML-DSA pre-hashed API: obtaining a message representative to sign. -void BCM_mldsa87_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES], - MLDSA87_prehash *inout_prehash_ctx) { +void bssl::BCM_mldsa87_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES], + MLDSA87_prehash *inout_prehash_ctx) { mldsa_prehash_finalize( out_msg_rep, mldsa::prehash_context_from_external_87(inout_prehash_ctx)); } // ML-DSA pre-hashed API: signing a message representative. -bcm_status BCM_mldsa87_sign_message_representative( +bcm_status bssl::BCM_mldsa87_sign_message_representative( uint8_t out_encoded_signature[MLDSA87_SIGNATURE_BYTES], const MLDSA87_private_key *private_key, const uint8_t msg_rep[MLDSA_MU_BYTES]) { @@ -2710,7 +2712,7 @@ } // ML-DSA pre-hashed API: verifying a message representative. -bcm_status BCM_mldsa87_verify_message_representative( +bcm_status bssl::BCM_mldsa87_verify_message_representative( const MLDSA87_public_key *public_key, const uint8_t signature[MLDSA87_SIGNATURE_BYTES], const uint8_t msg_rep[MLDSA_MU_BYTES]) { @@ -2719,10 +2721,11 @@ } // FIPS 204, Algorithm 3 (`ML-DSA.Verify`). -bcm_status BCM_mldsa87_verify(const MLDSA87_public_key *public_key, - const uint8_t *signature, const uint8_t *msg, - size_t msg_len, const uint8_t *context, - size_t context_len) { +bcm_status bssl::BCM_mldsa87_verify(const MLDSA87_public_key *public_key, + const uint8_t *signature, + const uint8_t *msg, size_t msg_len, + const uint8_t *context, + size_t context_len) { BSSL_CHECK(context_len <= 255); const uint8_t context_prefix[2] = {0, static_cast<uint8_t>(context_len)}; return BCM_mldsa87_verify_internal(public_key, signature, msg, msg_len, @@ -2730,7 +2733,7 @@ context, context_len); } -bcm_status BCM_mldsa87_verify_internal( +bcm_status bssl::BCM_mldsa87_verify_internal( const MLDSA87_public_key *public_key, const uint8_t encoded_signature[MLDSA87_SIGNATURE_BYTES], const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix, @@ -2740,14 +2743,14 @@ msg_len, context_prefix, context_prefix_len, context, context_len)); } -bcm_status BCM_mldsa87_marshal_public_key( +bcm_status bssl::BCM_mldsa87_marshal_public_key( CBB *out, const MLDSA87_public_key *public_key) { return bcm_as_approved_status(mldsa_marshal_public_key( out, mldsa::public_key_from_external_87(public_key))); } -int BCM_mldsa87_public_keys_equal(const MLDSA87_public_key *a, - const MLDSA87_public_key *b) { +int bssl::BCM_mldsa87_public_keys_equal(const MLDSA87_public_key *a, + const MLDSA87_public_key *b) { auto *a_pub = mldsa::public_key_from_external_87(a); auto *b_pub = mldsa::public_key_from_external_87(b); // It is sufficient to compare |public_key_hash|. When importing a public key, @@ -2761,34 +2764,34 @@ // ML-DSA-44 specific wrappers. -bcm_status BCM_mldsa44_parse_public_key(MLDSA44_public_key *public_key, - CBS *in) { +bcm_status bssl::BCM_mldsa44_parse_public_key(MLDSA44_public_key *public_key, + CBS *in) { return bcm_as_approved_status(mldsa_parse_public_key( mldsa::public_key_from_external_44(public_key), in)); } -bcm_status BCM_mldsa44_marshal_private_key( +bcm_status bssl::BCM_mldsa44_marshal_private_key( CBB *out, const MLDSA44_private_key *private_key) { return bcm_as_approved_status(mldsa_marshal_private_key( out, mldsa::private_key_from_external_44(private_key))); } -bcm_status BCM_mldsa44_parse_private_key(MLDSA44_private_key *private_key, - CBS *in) { +bcm_status bssl::BCM_mldsa44_parse_private_key(MLDSA44_private_key *private_key, + CBS *in) { return bcm_as_approved_status( mldsa_parse_private_key(mldsa::private_key_from_external_44(private_key), in) && CBS_len(in) == 0); } -bcm_status BCM_mldsa44_check_key_fips(MLDSA44_private_key *private_key) { +bcm_status bssl::BCM_mldsa44_check_key_fips(MLDSA44_private_key *private_key) { return bcm_as_approved_status( mldsa::fips::check_key(mldsa::private_key_from_external_44(private_key))); } // Calls |MLDSA_generate_key_external_entropy| with random bytes from // |BCM_rand_bytes|. -bcm_status BCM_mldsa44_generate_key( +bcm_status bssl::BCM_mldsa44_generate_key( uint8_t out_encoded_public_key[MLDSA44_PUBLIC_KEY_BYTES], uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA44_private_key *out_private_key) { BCM_rand_bytes(out_seed, MLDSA_SEED_BYTES); @@ -2796,7 +2799,7 @@ out_private_key, out_seed); } -bcm_status BCM_mldsa44_private_key_from_seed( +bcm_status bssl::BCM_mldsa44_private_key_from_seed( MLDSA44_private_key *out_private_key, const uint8_t seed[MLDSA_SEED_BYTES]) { uint8_t public_key[MLDSA44_PUBLIC_KEY_BYTES]; @@ -2804,7 +2807,7 @@ seed); } -bcm_status BCM_mldsa44_generate_key_external_entropy( +bcm_status bssl::BCM_mldsa44_generate_key_external_entropy( uint8_t out_encoded_public_key[MLDSA44_PUBLIC_KEY_BYTES], MLDSA44_private_key *out_private_key, const uint8_t entropy[MLDSA_SEED_BYTES]) { @@ -2813,7 +2816,7 @@ mldsa::private_key_from_external_44(out_private_key), entropy)); } -bcm_status BCM_mldsa44_generate_key_fips( +bcm_status bssl::BCM_mldsa44_generate_key_fips( uint8_t out_encoded_public_key[MLDSA44_PUBLIC_KEY_BYTES], uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA44_private_key *out_private_key) { if (out_encoded_public_key == nullptr || out_private_key == nullptr) { @@ -2826,7 +2829,7 @@ return BCM_mldsa44_check_key_fips(out_private_key); } -bcm_status BCM_mldsa44_generate_key_external_entropy_fips( +bcm_status bssl::BCM_mldsa44_generate_key_external_entropy_fips( uint8_t out_encoded_public_key[MLDSA44_PUBLIC_KEY_BYTES], MLDSA44_private_key *out_private_key, const uint8_t entropy[MLDSA_SEED_BYTES]) { @@ -2841,7 +2844,7 @@ return BCM_mldsa44_check_key_fips(out_private_key); } -bcm_status BCM_mldsa44_private_key_from_seed_fips( +bcm_status bssl::BCM_mldsa44_private_key_from_seed_fips( MLDSA44_private_key *out_private_key, const uint8_t seed[MLDSA_SEED_BYTES]) { uint8_t public_key[MLDSA44_PUBLIC_KEY_BYTES]; @@ -2852,7 +2855,7 @@ return BCM_mldsa44_check_key_fips(out_private_key); } -bcm_status BCM_mldsa44_public_from_private( +bcm_status bssl::BCM_mldsa44_public_from_private( MLDSA44_public_key *out_public_key, const MLDSA44_private_key *private_key) { const auto *priv = mldsa::private_key_from_external_44(private_key); @@ -2861,13 +2864,13 @@ return bcm_status::approved; } -const MLDSA44_public_key *BCM_mldsa44_public_of_private( +const MLDSA44_public_key *bssl::BCM_mldsa44_public_of_private( const MLDSA44_private_key *private_key) { return reinterpret_cast<const MLDSA44_public_key *>( &mldsa::private_key_from_external_44(private_key)->pub); } -bcm_status BCM_mldsa44_sign_internal( +bcm_status bssl::BCM_mldsa44_sign_internal( uint8_t out_encoded_signature[MLDSA44_SIGNATURE_BYTES], const MLDSA44_private_key *private_key, const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix, size_t context_prefix_len, @@ -2879,7 +2882,7 @@ randomizer)); } -bcm_status BCM_mldsa44_sign_mu_internal( +bcm_status bssl::BCM_mldsa44_sign_mu_internal( uint8_t out_encoded_signature[MLDSA44_SIGNATURE_BYTES], const MLDSA44_private_key *private_key, const uint8_t msg_rep[MLDSA_MU_BYTES], @@ -2891,7 +2894,7 @@ // ML-DSA signature in randomized mode, filling the random bytes with // |BCM_rand_bytes|. -bcm_status BCM_mldsa44_sign( +bcm_status bssl::BCM_mldsa44_sign( uint8_t out_encoded_signature[MLDSA44_SIGNATURE_BYTES], const MLDSA44_private_key *private_key, const uint8_t *msg, size_t msg_len, const uint8_t *context, size_t context_len) { @@ -2906,9 +2909,10 @@ } // ML-DSA pre-hashed API: initializing a pre-hashing context. -void BCM_mldsa44_prehash_init(MLDSA44_prehash *out_prehash_ctx, - const MLDSA44_public_key *public_key, - const uint8_t *context, size_t context_len) { +void bssl::BCM_mldsa44_prehash_init(MLDSA44_prehash *out_prehash_ctx, + const MLDSA44_public_key *public_key, + const uint8_t *context, + size_t context_len) { BSSL_CHECK(context_len <= 255); const uint8_t context_prefix[2] = {0, static_cast<uint8_t>(context_len)}; @@ -2919,21 +2923,21 @@ } // ML-DSA pre-hashed API: updating a pre-hashing context with a message chunk. -void BCM_mldsa44_prehash_update(MLDSA44_prehash *inout_prehash_ctx, - const uint8_t *msg, size_t msg_len) { +void bssl::BCM_mldsa44_prehash_update(MLDSA44_prehash *inout_prehash_ctx, + const uint8_t *msg, size_t msg_len) { mldsa_prehash_update( mldsa::prehash_context_from_external_44(inout_prehash_ctx), msg, msg_len); } // ML-DSA pre-hashed API: obtaining a message representative to sign. -void BCM_mldsa44_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES], - MLDSA44_prehash *inout_prehash_ctx) { +void bssl::BCM_mldsa44_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES], + MLDSA44_prehash *inout_prehash_ctx) { mldsa_prehash_finalize( out_msg_rep, mldsa::prehash_context_from_external_44(inout_prehash_ctx)); } // ML-DSA pre-hashed API: signing a message representative. -bcm_status BCM_mldsa44_sign_message_representative( +bcm_status bssl::BCM_mldsa44_sign_message_representative( uint8_t out_encoded_signature[MLDSA44_SIGNATURE_BYTES], const MLDSA44_private_key *private_key, const uint8_t msg_rep[MLDSA_MU_BYTES]) { @@ -2947,7 +2951,7 @@ } // ML-DSA pre-hashed API: verifying a message representative. -bcm_status BCM_mldsa44_verify_message_representative( +bcm_status bssl::BCM_mldsa44_verify_message_representative( const MLDSA44_public_key *public_key, const uint8_t signature[MLDSA44_SIGNATURE_BYTES], const uint8_t msg_rep[MLDSA_MU_BYTES]) { @@ -2956,10 +2960,11 @@ } // FIPS 204, Algorithm 3 (`ML-DSA.Verify`). -bcm_status BCM_mldsa44_verify(const MLDSA44_public_key *public_key, - const uint8_t *signature, const uint8_t *msg, - size_t msg_len, const uint8_t *context, - size_t context_len) { +bcm_status bssl::BCM_mldsa44_verify(const MLDSA44_public_key *public_key, + const uint8_t *signature, + const uint8_t *msg, size_t msg_len, + const uint8_t *context, + size_t context_len) { BSSL_CHECK(context_len <= 255); const uint8_t context_prefix[2] = {0, static_cast<uint8_t>(context_len)}; return BCM_mldsa44_verify_internal(public_key, signature, msg, msg_len, @@ -2967,7 +2972,7 @@ context, context_len); } -bcm_status BCM_mldsa44_verify_internal( +bcm_status bssl::BCM_mldsa44_verify_internal( const MLDSA44_public_key *public_key, const uint8_t encoded_signature[MLDSA44_SIGNATURE_BYTES], const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix, @@ -2977,14 +2982,14 @@ msg_len, context_prefix, context_prefix_len, context, context_len)); } -bcm_status BCM_mldsa44_marshal_public_key( +bcm_status bssl::BCM_mldsa44_marshal_public_key( CBB *out, const MLDSA44_public_key *public_key) { return bcm_as_approved_status(mldsa_marshal_public_key( out, mldsa::public_key_from_external_44(public_key))); } -int BCM_mldsa44_public_keys_equal(const MLDSA44_public_key *a, - const MLDSA44_public_key *b) { +int bssl::BCM_mldsa44_public_keys_equal(const MLDSA44_public_key *a, + const MLDSA44_public_key *b) { auto *a_pub = mldsa::public_key_from_external_44(a); auto *b_pub = mldsa::public_key_from_external_44(b); // It is sufficient to compare |public_key_hash|. When importing a public key,
diff --git a/crypto/fipsmodule/mlkem/mlkem.cc.inc b/crypto/fipsmodule/mlkem/mlkem.cc.inc index 838c52b..5cd82a4 100644 --- a/crypto/fipsmodule/mlkem/mlkem.cc.inc +++ b/crypto/fipsmodule/mlkem/mlkem.cc.inc
@@ -1074,7 +1074,8 @@ } // namespace } // namespace mlkem -bcm_status BCM_mlkem768_check_fips(const MLKEM768_private_key *private_key) { +bcm_status bssl::BCM_mlkem768_check_fips( + const MLKEM768_private_key *private_key) { const mlkem::private_key<RANK768> *priv = mlkem::private_key_768_from_external(private_key); @@ -1097,7 +1098,7 @@ return bcm_status::approved; } -bcm_status BCM_mlkem768_generate_key_fips( +bcm_status bssl::BCM_mlkem768_generate_key_fips( uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES], uint8_t optional_out_seed[MLKEM_SEED_BYTES], MLKEM768_private_key *out_private_key) { @@ -1109,7 +1110,7 @@ return BCM_mlkem768_check_fips(out_private_key); } -bcm_infallible BCM_mlkem768_generate_key( +bcm_infallible bssl::BCM_mlkem768_generate_key( uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES], uint8_t optional_out_seed[MLKEM_SEED_BYTES], MLKEM768_private_key *out_private_key) { @@ -1124,7 +1125,7 @@ return bcm_infallible::not_approved; } -bcm_status BCM_mlkem768_private_key_from_seed( +bcm_status bssl::BCM_mlkem768_private_key_from_seed( MLKEM768_private_key *out_private_key, const uint8_t *seed, size_t seed_len) { if (seed_len != MLKEM_SEED_BYTES) { @@ -1137,7 +1138,8 @@ return bcm_status::not_approved; } -bcm_status BCM_mlkem1024_check_fips(const MLKEM1024_private_key *private_key) { +bcm_status bssl::BCM_mlkem1024_check_fips( + const MLKEM1024_private_key *private_key) { const mlkem::private_key<RANK1024> *priv = mlkem::private_key_1024_from_external(private_key); @@ -1160,7 +1162,7 @@ return bcm_status::approved; } -bcm_status BCM_mlkem1024_generate_key_fips( +bcm_status bssl::BCM_mlkem1024_generate_key_fips( uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES], uint8_t optional_out_seed[MLKEM_SEED_BYTES], MLKEM1024_private_key *out_private_key) { @@ -1172,7 +1174,7 @@ return BCM_mlkem1024_check_fips(out_private_key); } -bcm_infallible BCM_mlkem1024_generate_key( +bcm_infallible bssl::BCM_mlkem1024_generate_key( uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES], uint8_t optional_out_seed[MLKEM_SEED_BYTES], MLKEM1024_private_key *out_private_key) { @@ -1187,7 +1189,7 @@ return bcm_infallible::not_approved; } -bcm_status BCM_mlkem1024_private_key_from_seed( +bcm_status bssl::BCM_mlkem1024_private_key_from_seed( MLKEM1024_private_key *out_private_key, const uint8_t *seed, size_t seed_len) { if (seed_len != MLKEM_SEED_BYTES) { @@ -1199,7 +1201,7 @@ return bcm_status::not_approved; } -bcm_infallible BCM_mlkem768_generate_key_external_seed( +bcm_infallible bssl::BCM_mlkem768_generate_key_external_seed( uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES], MLKEM768_private_key *out_private_key, const uint8_t seed[MLKEM_SEED_BYTES]) { @@ -1209,7 +1211,7 @@ return bcm_infallible::approved; } -bcm_infallible BCM_mlkem1024_generate_key_external_seed( +bcm_infallible bssl::BCM_mlkem1024_generate_key_external_seed( uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES], MLKEM1024_private_key *out_private_key, const uint8_t seed[MLKEM_SEED_BYTES]) { @@ -1219,7 +1221,7 @@ return bcm_infallible::approved; } -bcm_infallible BCM_mlkem768_public_from_private( +bcm_infallible bssl::BCM_mlkem768_public_from_private( MLKEM768_public_key *out_public_key, const MLKEM768_private_key *private_key) { mlkem::public_key<RANK768> *const pub = @@ -1230,7 +1232,7 @@ return bcm_infallible::approved; } -bcm_infallible BCM_mlkem1024_public_from_private( +bcm_infallible bssl::BCM_mlkem1024_public_from_private( MLKEM1024_public_key *out_public_key, const MLKEM1024_private_key *private_key) { mlkem::public_key<RANK1024> *const pub = @@ -1243,7 +1245,7 @@ // Calls |MLKEM768_encap_external_entropy| with random bytes from // |BCM_rand_bytes| -bcm_infallible BCM_mlkem768_encap( +bcm_infallible bssl::BCM_mlkem768_encap( uint8_t out_ciphertext[MLKEM768_CIPHERTEXT_BYTES], uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], const MLKEM768_public_key *public_key) { @@ -1255,7 +1257,7 @@ return bcm_infallible::approved; } -bcm_infallible BCM_mlkem1024_encap( +bcm_infallible bssl::BCM_mlkem1024_encap( uint8_t out_ciphertext[MLKEM1024_CIPHERTEXT_BYTES], uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], const MLKEM1024_public_key *public_key) { @@ -1267,7 +1269,7 @@ return bcm_infallible::approved; } -bcm_infallible BCM_mlkem768_encap_external_entropy( +bcm_infallible bssl::BCM_mlkem768_encap_external_entropy( uint8_t out_ciphertext[MLKEM768_CIPHERTEXT_BYTES], uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], const MLKEM768_public_key *public_key, @@ -1278,7 +1280,7 @@ return bcm_infallible::approved; } -bcm_infallible BCM_mlkem1024_encap_external_entropy( +bcm_infallible bssl::BCM_mlkem1024_encap_external_entropy( uint8_t out_ciphertext[MLKEM1024_CIPHERTEXT_BYTES], uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], const MLKEM1024_public_key *public_key, @@ -1289,7 +1291,7 @@ return bcm_infallible::approved; } -bcm_status BCM_mlkem768_decap( +bcm_status bssl::BCM_mlkem768_decap( uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], const uint8_t *ciphertext, size_t ciphertext_len, const MLKEM768_private_key *private_key) { @@ -1303,7 +1305,7 @@ return bcm_status::approved; } -bcm_status BCM_mlkem1024_decap( +bcm_status bssl::BCM_mlkem1024_decap( uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES], const uint8_t *ciphertext, size_t ciphertext_len, const MLKEM1024_private_key *private_key) { @@ -1317,20 +1319,20 @@ return bcm_status::approved; } -bcm_status BCM_mlkem768_marshal_public_key( +bcm_status bssl::BCM_mlkem768_marshal_public_key( CBB *out, const MLKEM768_public_key *public_key) { return mlkem_marshal_public_key( out, mlkem::public_key_768_from_external(public_key)); } -bcm_status BCM_mlkem1024_marshal_public_key( +bcm_status bssl::BCM_mlkem1024_marshal_public_key( CBB *out, const MLKEM1024_public_key *public_key) { return mlkem_marshal_public_key( out, mlkem::public_key_1024_from_external(public_key)); } -bcm_status BCM_mlkem768_parse_public_key(MLKEM768_public_key *public_key, - CBS *in) { +bcm_status bssl::BCM_mlkem768_parse_public_key(MLKEM768_public_key *public_key, + CBS *in) { mlkem::public_key<RANK768> *pub = mlkem::public_key_768_from_external(public_key); if (!mlkem_parse_public_key(pub, in)) { @@ -1339,8 +1341,8 @@ return bcm_status::approved; } -bcm_status BCM_mlkem1024_parse_public_key(MLKEM1024_public_key *public_key, - CBS *in) { +bcm_status bssl::BCM_mlkem1024_parse_public_key( + MLKEM1024_public_key *public_key, CBS *in) { mlkem::public_key<RANK1024> *pub = mlkem::public_key_1024_from_external(public_key); if (!mlkem_parse_public_key(pub, in)) { @@ -1349,7 +1351,7 @@ return bcm_status::approved; } -bcm_status BCM_mlkem768_marshal_private_key( +bcm_status bssl::BCM_mlkem768_marshal_private_key( CBB *out, const MLKEM768_private_key *private_key) { const mlkem::private_key<RANK768> *const priv = mlkem::private_key_768_from_external(private_key); @@ -1359,7 +1361,7 @@ return bcm_status::approved; } -bcm_status BCM_mlkem1024_marshal_private_key( +bcm_status bssl::BCM_mlkem1024_marshal_private_key( CBB *out, const MLKEM1024_private_key *private_key) { const mlkem::private_key<RANK1024> *const priv = mlkem::private_key_1024_from_external(private_key); @@ -1369,8 +1371,8 @@ return bcm_status::approved; } -bcm_status BCM_mlkem768_parse_private_key(MLKEM768_private_key *out_private_key, - CBS *in) { +bcm_status bssl::BCM_mlkem768_parse_private_key( + MLKEM768_private_key *out_private_key, CBS *in) { mlkem::private_key<RANK768> *const priv = mlkem::private_key_768_from_external(out_private_key); if (!mlkem_parse_private_key(priv, in)) { @@ -1379,7 +1381,7 @@ return bcm_status::approved; } -bcm_status BCM_mlkem1024_parse_private_key( +bcm_status bssl::BCM_mlkem1024_parse_private_key( MLKEM1024_private_key *out_private_key, CBS *in) { mlkem::private_key<RANK1024> *const priv = mlkem::private_key_1024_from_external(out_private_key);
diff --git a/crypto/fipsmodule/rand/rand.cc.inc b/crypto/fipsmodule/rand/rand.cc.inc index f7a2c58..da47583 100644 --- a/crypto/fipsmodule/rand/rand.cc.inc +++ b/crypto/fipsmodule/rand/rand.cc.inc
@@ -172,7 +172,7 @@ #endif -bcm_status BCM_rand_bytes_hwrng(uint8_t *buf, const size_t len) { +bcm_status bssl::BCM_rand_bytes_hwrng(uint8_t *buf, const size_t len) { if (!have_rdrand()) { return bcm_status::failure; } @@ -203,8 +203,9 @@ DEFINE_BSS_GET(struct entropy_buffer, entropy_buffer, {}) DEFINE_STATIC_MUTEX(entropy_buffer_lock) -bcm_infallible BCM_rand_load_entropy(const uint8_t *entropy, size_t entropy_len, - int want_additional_input) { +bcm_infallible bssl::BCM_rand_load_entropy(const uint8_t *entropy, + size_t entropy_len, + int want_additional_input) { struct entropy_buffer *const buffer = entropy_buffer_bss_get(); CRYPTO_MUTEX_lock_write(entropy_buffer_lock_bss_get()); @@ -332,7 +333,7 @@ #endif -bcm_infallible BCM_rand_bytes_with_additional_data( +bcm_infallible bssl::BCM_rand_bytes_with_additional_data( uint8_t *out, size_t out_len, const uint8_t user_additional_data[32]) { if (out_len == 0) { return bcm_infallible::approved; @@ -474,7 +475,7 @@ return bcm_infallible::approved; } -bcm_infallible BCM_rand_bytes(uint8_t *out, size_t out_len) { +bcm_infallible bssl::BCM_rand_bytes(uint8_t *out, size_t out_len) { static const uint8_t kZeroAdditionalData[32] = {0}; BCM_rand_bytes_with_additional_data(out, out_len, kZeroAdditionalData); return bcm_infallible::approved;
diff --git a/crypto/fipsmodule/sha/sha1.cc.inc b/crypto/fipsmodule/sha/sha1.cc.inc index 68bf91f..ce962d3 100644 --- a/crypto/fipsmodule/sha/sha1.cc.inc +++ b/crypto/fipsmodule/sha/sha1.cc.inc
@@ -26,7 +26,7 @@ using namespace bssl; -bcm_infallible BCM_sha1_init(SHA_CTX *sha) { +bcm_infallible bssl::BCM_sha1_init(SHA_CTX *sha) { OPENSSL_memset(sha, 0, sizeof(SHA_CTX)); sha->h[0] = 0x67452301UL; sha->h[1] = 0xefcdab89UL; @@ -41,7 +41,8 @@ size_t num); #endif -bcm_infallible BCM_sha1_transform(SHA_CTX *c, const uint8_t data[SHA_CBLOCK]) { +bcm_infallible bssl::BCM_sha1_transform(SHA_CTX *c, + const uint8_t data[SHA_CBLOCK]) { sha1_block_data_order(c->h, data, 1); return bcm_infallible::approved; } @@ -58,7 +59,7 @@ }; } // namespace -bcm_infallible BCM_sha1_update(SHA_CTX *c, const void *data, size_t len) { +bcm_infallible bssl::BCM_sha1_update(SHA_CTX *c, const void *data, size_t len) { crypto_md32_update<SHA1Traits>(c, Span(static_cast<const uint8_t *>(data), len)); return bcm_infallible::approved; @@ -73,15 +74,16 @@ CRYPTO_store_u32_be(out + 16, ctx->h[4]); } -bcm_infallible BCM_sha1_final(uint8_t out[SHA_DIGEST_LENGTH], SHA_CTX *c) { +bcm_infallible bssl::BCM_sha1_final(uint8_t out[SHA_DIGEST_LENGTH], + SHA_CTX *c) { crypto_md32_final<SHA1Traits>(c); sha1_output_state(out, c); FIPS_service_indicator_update_state(); return bcm_infallible::approved; } -bcm_infallible BCM_fips_186_2_prf(uint8_t *out, size_t out_len, - const uint8_t xkey[SHA_DIGEST_LENGTH]) { +bcm_infallible bssl::BCM_fips_186_2_prf(uint8_t *out, size_t out_len, + const uint8_t xkey[SHA_DIGEST_LENGTH]) { // XKEY and XVAL are 160-bit values, but are internally right-padded up to // block size. See FIPS 186-2, Appendix 3.3. This buffer maintains both the // current value of XKEY and the padding.
diff --git a/crypto/fipsmodule/sha/sha256.cc.inc b/crypto/fipsmodule/sha/sha256.cc.inc index ed6f3b4..00a278e 100644 --- a/crypto/fipsmodule/sha/sha256.cc.inc +++ b/crypto/fipsmodule/sha/sha256.cc.inc
@@ -26,7 +26,7 @@ using namespace bssl; -bcm_infallible BCM_sha224_init(SHA256_CTX *sha) { +bcm_infallible bssl::BCM_sha224_init(SHA256_CTX *sha) { OPENSSL_memset(sha, 0, sizeof(SHA256_CTX)); sha->h[0] = 0xc1059ed8UL; sha->h[1] = 0x367cd507UL; @@ -40,7 +40,7 @@ return bcm_infallible::approved; } -bcm_infallible BCM_sha256_init(SHA256_CTX *sha) { +bcm_infallible bssl::BCM_sha256_init(SHA256_CTX *sha) { OPENSSL_memset(sha, 0, sizeof(SHA256_CTX)); sha->h[0] = 0x6a09e667UL; sha->h[1] = 0xbb67ae85UL; @@ -59,8 +59,8 @@ size_t num); #endif -bcm_infallible BCM_sha256_transform(SHA256_CTX *c, - const uint8_t data[SHA256_CBLOCK]) { +bcm_infallible bssl::BCM_sha256_transform(SHA256_CTX *c, + const uint8_t data[SHA256_CBLOCK]) { sha256_block_data_order(c->h, data, 1); return bcm_infallible::approved; } @@ -77,14 +77,15 @@ }; } // namespace -bcm_infallible BCM_sha256_update(SHA256_CTX *c, const void *data, size_t len) { +bcm_infallible bssl::BCM_sha256_update(SHA256_CTX *c, const void *data, + size_t len) { crypto_md32_update<SHA256Traits>( c, Span(static_cast<const uint8_t *>(data), len)); return bcm_infallible::approved; } -bcm_infallible BCM_sha224_update(SHA256_CTX *ctx, const void *data, - size_t len) { +bcm_infallible bssl::BCM_sha224_update(SHA256_CTX *ctx, const void *data, + size_t len) { return BCM_sha256_update(ctx, data, len); } @@ -103,8 +104,8 @@ FIPS_service_indicator_update_state(); } -bcm_infallible BCM_sha256_final(uint8_t out[SHA256_DIGEST_LENGTH], - SHA256_CTX *c) { +bcm_infallible bssl::BCM_sha256_final(uint8_t out[SHA256_DIGEST_LENGTH], + SHA256_CTX *c) { // Ideally we would assert |sha->md_len| is |SHA256_DIGEST_LENGTH| tomatch the // size hint, but calling code often pairs |SHA224_Init| with |SHA256_Final| // and expects |sha->md_len| to carry the size over. @@ -114,8 +115,8 @@ return bcm_infallible::approved; } -bcm_infallible BCM_sha224_final(uint8_t out[SHA224_DIGEST_LENGTH], - SHA256_CTX *ctx) { +bcm_infallible bssl::BCM_sha224_final(uint8_t out[SHA224_DIGEST_LENGTH], + SHA256_CTX *ctx) { // This function must be paired with |SHA224_Init|, which sets |ctx->md_len| // to |SHA224_DIGEST_LENGTH|. assert(ctx->md_len == SHA224_DIGEST_LENGTH); @@ -295,9 +296,9 @@ #endif // !defined(SHA256_ASM) -bcm_infallible BCM_sha256_transform_blocks(uint32_t state[8], - const uint8_t *data, - size_t num_blocks) { +bcm_infallible bssl::BCM_sha256_transform_blocks(uint32_t state[8], + const uint8_t *data, + size_t num_blocks) { sha256_block_data_order(state, data, num_blocks); return bcm_infallible::approved; }
diff --git a/crypto/fipsmodule/sha/sha512.cc.inc b/crypto/fipsmodule/sha/sha512.cc.inc index ed11237..f2282f4 100644 --- a/crypto/fipsmodule/sha/sha512.cc.inc +++ b/crypto/fipsmodule/sha/sha512.cc.inc
@@ -32,7 +32,7 @@ static void sha512_final_impl(uint8_t *out, size_t md_len, SHA512_CTX *sha); -bcm_infallible BCM_sha384_init(SHA512_CTX *sha) { +bcm_infallible bssl::BCM_sha384_init(SHA512_CTX *sha) { sha->h[0] = UINT64_C(0xcbbb9d5dc1059ed8); sha->h[1] = UINT64_C(0x629a292a367cd507); sha->h[2] = UINT64_C(0x9159015a3070dd17); @@ -50,7 +50,7 @@ } -bcm_infallible BCM_sha512_init(SHA512_CTX *sha) { +bcm_infallible bssl::BCM_sha512_init(SHA512_CTX *sha) { sha->h[0] = UINT64_C(0x6a09e667f3bcc908); sha->h[1] = UINT64_C(0xbb67ae8584caa73b); sha->h[2] = UINT64_C(0x3c6ef372fe94f82b); @@ -67,7 +67,7 @@ return bcm_infallible::approved; } -bcm_infallible BCM_sha512_256_init(SHA512_CTX *sha) { +bcm_infallible bssl::BCM_sha512_256_init(SHA512_CTX *sha) { sha->h[0] = UINT64_C(0x22312194fc2bf72c); sha->h[1] = UINT64_C(0x9f555fa3c84c64c2); sha->h[2] = UINT64_C(0x2393b86b6f53b151); @@ -90,8 +90,8 @@ #endif -bcm_infallible BCM_sha384_final(uint8_t out[SHA384_DIGEST_LENGTH], - SHA512_CTX *sha) { +bcm_infallible bssl::BCM_sha384_final(uint8_t out[SHA384_DIGEST_LENGTH], + SHA512_CTX *sha) { // This function must be paired with |BCM_sha384_init|, which sets // |sha->md_len| to |SHA384_DIGEST_LENGTH|. assert(sha->md_len == SHA384_DIGEST_LENGTH); @@ -99,18 +99,18 @@ return bcm_infallible::approved; } -bcm_infallible BCM_sha384_update(SHA512_CTX *sha, const void *data, - size_t len) { +bcm_infallible bssl::BCM_sha384_update(SHA512_CTX *sha, const void *data, + size_t len) { return BCM_sha512_update(sha, data, len); } -bcm_infallible BCM_sha512_256_update(SHA512_CTX *sha, const void *data, - size_t len) { +bcm_infallible bssl::BCM_sha512_256_update(SHA512_CTX *sha, const void *data, + size_t len) { return BCM_sha512_update(sha, data, len); } -bcm_infallible BCM_sha512_256_final(uint8_t out[SHA512_256_DIGEST_LENGTH], - SHA512_CTX *sha) { +bcm_infallible bssl::BCM_sha512_256_final(uint8_t out[SHA512_256_DIGEST_LENGTH], + SHA512_CTX *sha) { // This function must be paired with |BCM_sha512_256_init|, which sets // |sha->md_len| to |SHA512_256_DIGEST_LENGTH|. assert(sha->md_len == SHA512_256_DIGEST_LENGTH); @@ -118,14 +118,14 @@ return bcm_infallible::approved; } -bcm_infallible BCM_sha512_transform(SHA512_CTX *c, - const uint8_t block[SHA512_CBLOCK]) { +bcm_infallible bssl::BCM_sha512_transform(SHA512_CTX *c, + const uint8_t block[SHA512_CBLOCK]) { sha512_block_data_order(c->h, block, 1); return bcm_infallible::approved; } -bcm_infallible BCM_sha512_update(SHA512_CTX *c, const void *in_data, - size_t len) { +bcm_infallible bssl::BCM_sha512_update(SHA512_CTX *c, const void *in_data, + size_t len) { uint8_t *p = c->p; const uint8_t *data = reinterpret_cast<const uint8_t *>(in_data); @@ -168,8 +168,8 @@ return bcm_infallible::approved; } -bcm_infallible BCM_sha512_final(uint8_t out[SHA512_DIGEST_LENGTH], - SHA512_CTX *sha) { +bcm_infallible bssl::BCM_sha512_final(uint8_t out[SHA512_DIGEST_LENGTH], + SHA512_CTX *sha) { // Ideally we would assert |sha->md_len| is |SHA512_DIGEST_LENGTH| to match // the size hint, but calling code often pairs |BCM_sha384_init| with // |BCM_sha512_final| and expects |sha->md_len| to carry the size over.
diff --git a/crypto/fipsmodule/slhdsa/slhdsa.cc.inc b/crypto/fipsmodule/slhdsa/slhdsa.cc.inc index 51854a6..b48f8fb 100644 --- a/crypto/fipsmodule/slhdsa/slhdsa.cc.inc +++ b/crypto/fipsmodule/slhdsa/slhdsa.cc.inc
@@ -307,7 +307,7 @@ } // namespace -bcm_infallible BCM_slhdsa_sha2_128s_generate_key_from_seed( +bcm_infallible bssl::BCM_slhdsa_sha2_128s_generate_key_from_seed( uint8_t out_public_key[BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES], uint8_t out_secret_key[BCM_SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES], const uint8_t seed[3 * BCM_SLHDSA_SHA2_128S_N]) { @@ -316,7 +316,7 @@ &kSLHDSAConfigSHA2_128s, out_public_key, out_secret_key, seed); } -bcm_infallible BCM_slhdsa_shake_256f_generate_key_from_seed( +bcm_infallible bssl::BCM_slhdsa_shake_256f_generate_key_from_seed( uint8_t out_public_key[BCM_SLHDSA_SHAKE_256F_PUBLIC_KEY_BYTES], uint8_t out_secret_key[BCM_SLHDSA_SHAKE_256F_PRIVATE_KEY_BYTES], const uint8_t seed[3 * BCM_SLHDSA_SHAKE_256F_N]) { @@ -325,7 +325,7 @@ &kSLHDSAConfigSHAKE_256f, out_public_key, out_secret_key, seed); } -bcm_status BCM_slhdsa_sha2_128s_generate_key_from_seed_fips( +bcm_status bssl::BCM_slhdsa_sha2_128s_generate_key_from_seed_fips( uint8_t out_public_key[BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES], uint8_t out_secret_key[BCM_SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES], const uint8_t seed[3 * BCM_SLHDSA_SHA2_128S_N]) { @@ -337,7 +337,7 @@ return bcm_status::approved; } -bcm_status BCM_slhdsa_shake_256f_generate_key_from_seed_fips( +bcm_status bssl::BCM_slhdsa_shake_256f_generate_key_from_seed_fips( uint8_t out_public_key[BCM_SLHDSA_SHAKE_256F_PUBLIC_KEY_BYTES], uint8_t out_secret_key[BCM_SLHDSA_SHAKE_256F_PRIVATE_KEY_BYTES], const uint8_t seed[3 * BCM_SLHDSA_SHAKE_256F_N]) { @@ -349,7 +349,7 @@ return bcm_status::approved; } -bcm_infallible BCM_slhdsa_sha2_128s_generate_key( +bcm_infallible bssl::BCM_slhdsa_sha2_128s_generate_key( uint8_t out_public_key[BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES], uint8_t out_private_key[BCM_SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES]) { uint8_t seed[3 * BCM_SLHDSA_SHA2_128S_N]; @@ -358,7 +358,7 @@ out_private_key, seed); } -bcm_infallible BCM_slhdsa_shake_256f_generate_key( +bcm_infallible bssl::BCM_slhdsa_shake_256f_generate_key( uint8_t out_public_key[BCM_SLHDSA_SHAKE_256F_PUBLIC_KEY_BYTES], uint8_t out_private_key[BCM_SLHDSA_SHAKE_256F_PRIVATE_KEY_BYTES]) { uint8_t seed[3 * BCM_SLHDSA_SHAKE_256F_N]; @@ -367,7 +367,7 @@ out_private_key, seed); } -bcm_status BCM_slhdsa_sha2_128s_generate_key_fips( +bcm_status bssl::BCM_slhdsa_sha2_128s_generate_key_fips( uint8_t out_public_key[BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES], uint8_t out_private_key[BCM_SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES]) { if (out_public_key == nullptr || out_private_key == nullptr) { @@ -377,7 +377,7 @@ return bcm_status::approved; } -bcm_status BCM_slhdsa_shake_256f_generate_key_fips( +bcm_status bssl::BCM_slhdsa_shake_256f_generate_key_fips( uint8_t out_public_key[BCM_SLHDSA_SHAKE_256F_PUBLIC_KEY_BYTES], uint8_t out_private_key[BCM_SLHDSA_SHAKE_256F_PRIVATE_KEY_BYTES]) { if (out_public_key == nullptr || out_private_key == nullptr) { @@ -387,7 +387,7 @@ return bcm_status::approved; } -bcm_infallible BCM_slhdsa_sha2_128s_public_from_private( +bcm_infallible bssl::BCM_slhdsa_sha2_128s_public_from_private( uint8_t out_public_key[BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES], const uint8_t private_key[BCM_SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES]) { OPENSSL_memcpy(out_public_key, private_key + 2 * BCM_SLHDSA_SHA2_128S_N, @@ -395,7 +395,7 @@ return bcm_infallible::approved; } -bcm_infallible BCM_slhdsa_shake_256f_public_from_private( +bcm_infallible bssl::BCM_slhdsa_shake_256f_public_from_private( uint8_t out_public_key[BCM_SLHDSA_SHAKE_256F_PUBLIC_KEY_BYTES], const uint8_t private_key[BCM_SLHDSA_SHAKE_256F_PRIVATE_KEY_BYTES]) { OPENSSL_memcpy(out_public_key, private_key + 2 * BCM_SLHDSA_SHAKE_256F_N, @@ -403,7 +403,7 @@ return bcm_infallible::approved; } -bcm_status BCM_slhdsa_sha2_128s_sign( +bcm_status bssl::BCM_slhdsa_sha2_128s_sign( uint8_t out_signature[BCM_SLHDSA_SHA2_128S_SIGNATURE_BYTES], const uint8_t private_key[BCM_SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES], const uint8_t *msg, size_t msg_len, const uint8_t *context, @@ -425,7 +425,7 @@ return bcm_status::approved; } -bcm_status BCM_slhdsa_shake_256f_sign( +bcm_status bssl::BCM_slhdsa_shake_256f_sign( uint8_t out_signature[BCM_SLHDSA_SHAKE_256F_SIGNATURE_BYTES], const uint8_t private_key[BCM_SLHDSA_SHAKE_256F_PRIVATE_KEY_BYTES], const uint8_t *msg, size_t msg_len, const uint8_t *context, @@ -493,7 +493,7 @@ return 1; } -bcm_infallible BCM_slhdsa_sha2_128s_sign_internal( +bcm_infallible bssl::BCM_slhdsa_sha2_128s_sign_internal( uint8_t out_signature[BCM_SLHDSA_SHA2_128S_SIGNATURE_BYTES], const uint8_t secret_key[BCM_SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES], const uint8_t header[BCM_SLHDSA_M_PRIME_HEADER_LEN], const uint8_t *context, @@ -505,7 +505,7 @@ msg, msg_len, entropy); } -bcm_infallible BCM_slhdsa_shake_256f_sign_internal( +bcm_infallible bssl::BCM_slhdsa_shake_256f_sign_internal( uint8_t out_signature[BCM_SLHDSA_SHAKE_256F_SIGNATURE_BYTES], const uint8_t secret_key[BCM_SLHDSA_SHAKE_256F_PRIVATE_KEY_BYTES], const uint8_t header[BCM_SLHDSA_M_PRIME_HEADER_LEN], const uint8_t *context, @@ -517,7 +517,7 @@ msg, msg_len, entropy); } -bcm_status BCM_slhdsa_sha2_128s_prehash_sign( +bcm_status bssl::BCM_slhdsa_sha2_128s_prehash_sign( uint8_t out_signature[BCM_SLHDSA_SHA2_128S_SIGNATURE_BYTES], const uint8_t private_key[BCM_SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES], const uint8_t *hashed_msg, size_t hashed_msg_len, int hash_nid, @@ -546,7 +546,7 @@ return bcm_status::approved; } -bcm_status BCM_slhdsa_shake_256f_prehash_sign( +bcm_status bssl::BCM_slhdsa_shake_256f_prehash_sign( uint8_t out_signature[BCM_SLHDSA_SHAKE_256F_SIGNATURE_BYTES], const uint8_t private_key[BCM_SLHDSA_SHAKE_256F_PRIVATE_KEY_BYTES], const uint8_t *hashed_msg, size_t hashed_msg_len, int hash_nid, @@ -576,7 +576,7 @@ } // Implements Algorithm 24: slh_verify function (Section 10.3, page 41) -bcm_status BCM_slhdsa_sha2_128s_verify( +bcm_status bssl::BCM_slhdsa_sha2_128s_verify( const uint8_t *signature, size_t signature_len, const uint8_t public_key[BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES], const uint8_t *msg, size_t msg_len, const uint8_t *context, @@ -595,7 +595,7 @@ context_len, msg, msg_len); } -bcm_status BCM_slhdsa_shake_256f_verify( +bcm_status bssl::BCM_slhdsa_shake_256f_verify( const uint8_t *signature, size_t signature_len, const uint8_t public_key[BCM_SLHDSA_SHAKE_256F_PUBLIC_KEY_BYTES], const uint8_t *msg, size_t msg_len, const uint8_t *context, @@ -613,7 +613,7 @@ context_len, msg, msg_len); } -bcm_status BCM_slhdsa_sha2_128s_prehash_verify( +bcm_status bssl::BCM_slhdsa_sha2_128s_prehash_verify( const uint8_t *signature, size_t signature_len, const uint8_t public_key[BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES], const uint8_t *hashed_msg, size_t hashed_msg_len, int hash_nid, @@ -639,7 +639,7 @@ context_and_oid_len, hashed_msg, hashed_msg_len); } -bcm_status BCM_slhdsa_shake_256f_prehash_verify( +bcm_status bssl::BCM_slhdsa_shake_256f_prehash_verify( const uint8_t *signature, size_t signature_len, const uint8_t public_key[BCM_SLHDSA_SHAKE_256F_PUBLIC_KEY_BYTES], const uint8_t *hashed_msg, size_t hashed_msg_len, int hash_nid, @@ -665,7 +665,7 @@ context_and_oid_len, hashed_msg, hashed_msg_len); } -bcm_status BCM_slhdsa_sha2_128s_verify_internal( +bcm_status bssl::BCM_slhdsa_sha2_128s_verify_internal( const uint8_t *signature, size_t signature_len, const uint8_t public_key[BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES], const uint8_t header[BCM_SLHDSA_M_PRIME_HEADER_LEN], const uint8_t *context, @@ -676,7 +676,7 @@ msg_len); } -bcm_status BCM_slhdsa_shake_256f_verify_internal( +bcm_status bssl::BCM_slhdsa_shake_256f_verify_internal( const uint8_t *signature, size_t signature_len, const uint8_t public_key[BCM_SLHDSA_SHAKE_256F_PUBLIC_KEY_BYTES], const uint8_t header[BCM_SLHDSA_M_PRIME_HEADER_LEN], const uint8_t *context,
diff --git a/crypto/mldsa/mldsa.cc b/crypto/mldsa/mldsa.cc index 7b7c605..f17ab88 100644 --- a/crypto/mldsa/mldsa.cc +++ b/crypto/mldsa/mldsa.cc
@@ -16,6 +16,9 @@ #include "../fipsmodule/bcm_interface.h" + +using namespace bssl; + int MLDSA65_generate_key( uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES], uint8_t out_seed[MLDSA_SEED_BYTES],
diff --git a/crypto/mldsa/mldsa_test.cc b/crypto/mldsa/mldsa_test.cc index 53587a5..f774153 100644 --- a/crypto/mldsa/mldsa_test.cc +++ b/crypto/mldsa/mldsa_test.cc
@@ -32,12 +32,13 @@ #include "../test/wycheproof_util.h" +BSSL_NAMESPACE_BEGIN namespace { template <typename T> std::vector<uint8_t> Marshal(bcm_status (*marshal_func)(CBB *, const T *), const T *t) { - bssl::ScopedCBB cbb; + ScopedCBB cbb; uint8_t *encoded; size_t encoded_len; if (!CBB_init(cbb.get(), 1) || // @@ -311,13 +312,12 @@ MLDSA65_generate_key(encoded_public_key.data(), seed, priv.get())); // Public key is 1 byte too short. - CBS cbs = - CBS(bssl::Span(encoded_public_key).first(MLDSA65_PUBLIC_KEY_BYTES - 1)); + CBS cbs = CBS(Span(encoded_public_key).first(MLDSA65_PUBLIC_KEY_BYTES - 1)); auto parsed_pub = std::make_unique<MLDSA65_public_key>(); EXPECT_FALSE(MLDSA65_parse_public_key(parsed_pub.get(), &cbs)); // Public key has the correct length. - cbs = CBS(bssl::Span(encoded_public_key).first(MLDSA65_PUBLIC_KEY_BYTES)); + cbs = CBS(Span(encoded_public_key).first(MLDSA65_PUBLIC_KEY_BYTES)); EXPECT_TRUE(MLDSA65_parse_public_key(parsed_pub.get(), &cbs)); // Public key is 1 byte too long. @@ -711,3 +711,4 @@ } } // namespace +BSSL_NAMESPACE_END
diff --git a/crypto/mlkem/mlkem.cc b/crypto/mlkem/mlkem.cc index 505414b..5728be6 100644 --- a/crypto/mlkem/mlkem.cc +++ b/crypto/mlkem/mlkem.cc
@@ -17,6 +17,8 @@ #include "../fipsmodule/bcm_interface.h" +using namespace bssl; + void MLKEM768_generate_key( uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES], uint8_t optional_out_seed[MLKEM_SEED_BYTES],
diff --git a/crypto/sha/sha1.cc b/crypto/sha/sha1.cc index c2c9494..6b06961 100644 --- a/crypto/sha/sha1.cc +++ b/crypto/sha/sha1.cc
@@ -18,6 +18,9 @@ #include "../fipsmodule/bcm_interface.h" + +using namespace bssl; + int SHA1_Init(SHA_CTX *sha) { BCM_sha1_init(sha); return 1;
diff --git a/crypto/sha/sha256.cc b/crypto/sha/sha256.cc index b3f40ce..3ef66bc 100644 --- a/crypto/sha/sha256.cc +++ b/crypto/sha/sha256.cc
@@ -19,6 +19,8 @@ #include "../fipsmodule/bcm_interface.h" +using namespace bssl; + int SHA224_Init(SHA256_CTX *sha) { BCM_sha224_init(sha); return 1;
diff --git a/crypto/sha/sha512.cc b/crypto/sha/sha512.cc index 5ea8442..afb5516 100644 --- a/crypto/sha/sha512.cc +++ b/crypto/sha/sha512.cc
@@ -19,6 +19,8 @@ #include "../fipsmodule/bcm_interface.h" +using namespace bssl; + int SHA384_Init(SHA512_CTX *sha) { BCM_sha384_init(sha); return 1;
diff --git a/crypto/slhdsa/slhdsa.cc b/crypto/slhdsa/slhdsa.cc index a593e81..ff47073 100644 --- a/crypto/slhdsa/slhdsa.cc +++ b/crypto/slhdsa/slhdsa.cc
@@ -19,6 +19,8 @@ #include "../fipsmodule/bcm_interface.h" +using namespace bssl; + static_assert(SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES == BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES); static_assert(SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES ==
diff --git a/crypto/slhdsa/slhdsa_test.cc b/crypto/slhdsa/slhdsa_test.cc index 2013381..6acf5a8 100644 --- a/crypto/slhdsa/slhdsa_test.cc +++ b/crypto/slhdsa/slhdsa_test.cc
@@ -26,6 +26,7 @@ #include "../test/file_test.h" #include "../test/test_util.h" +BSSL_NAMESPACE_BEGIN namespace { TEST(SLHDSATest, KeyGenerationSHA2) { @@ -342,3 +343,4 @@ } } // namespace +BSSL_NAMESPACE_END