Namespace crypto/fipsmodule/tls's internal symbols. Down from 867 to 865 unintended exported symbols. Bug: 42220000 Change-Id: Id0e74a5b489bab6fae1b38c36c4bf4a1824244fe Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/86368 Commit-Queue: Rudolf Polzer <rpolzer@google.com> Reviewed-by: Xiangfei Ding <xfding@google.com>
diff --git a/crypto/fipsmodule/self_check/self_check.cc.inc b/crypto/fipsmodule/self_check/self_check.cc.inc index ea249b3..299e17c 100644 --- a/crypto/fipsmodule/self_check/self_check.cc.inc +++ b/crypto/fipsmodule/self_check/self_check.cc.inc
@@ -46,6 +46,8 @@ #include "../tls/internal.h" +using namespace bssl; + static void hexdump(FILE *out, const void *in, size_t len) { const uint8_t *in8 = reinterpret_cast<const uint8_t *>(in); for (size_t i = 0; i < len; i++) { @@ -758,7 +760,7 @@ size_t out_len; uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH]; OPENSSL_memset(nonce, 0, sizeof(nonce)); - bssl::ScopedEVP_AEAD_CTX aead_ctx; + ScopedEVP_AEAD_CTX aead_ctx; if (!EVP_AEAD_CTX_init(aead_ctx.get(), EVP_aead_aes_128_gcm(), kAESKey, sizeof(kAESKey), 0, nullptr)) { fprintf(CRYPTO_get_stderr(), "EVP_AEAD_CTX_init for AES-128-GCM failed.\n");
diff --git a/crypto/fipsmodule/service_indicator/service_indicator_test.cc b/crypto/fipsmodule/service_indicator/service_indicator_test.cc index 8da7d81..31e70b8 100644 --- a/crypto/fipsmodule/service_indicator/service_indicator_test.cc +++ b/crypto/fipsmodule/service_indicator/service_indicator_test.cc
@@ -43,6 +43,7 @@ #include "internal.h" +BSSL_NAMESPACE_BEGIN namespace { // CALL_SERVICE_AND_CHECK_APPROVED runs |func| and sets |approved| to one of the @@ -139,12 +140,12 @@ 0x01, 0x91, 0x17, 0x3f, 0x2a, 0x05, 0x70, 0x18, 0x7e, 0xc4, 0x22, 0xee, 0xb7, 0x0a, 0x15, 0x2f, 0x39, 0x64, 0x58, 0xf3, 0xb8, 0x18, 0x7b, 0xe3, 0x6b, 0xd3, 0x8a, 0x4f, 0xa1}; - bssl::UniquePtr<BIGNUM> priv( + UniquePtr<BIGNUM> priv( BN_bin2bn(kFFDHE2048PrivateKey, sizeof(kFFDHE2048PrivateKey), nullptr)); if (!priv) { return nullptr; } - bssl::UniquePtr<DH> dh(DH_get_rfc7919_2048()); + UniquePtr<DH> dh(DH_get_rfc7919_2048()); if (!dh || !DH_set0_key(dh.get(), nullptr, priv.get())) { return nullptr; } @@ -153,8 +154,7 @@ } static void DoCipherFinal(EVP_CIPHER_CTX *ctx, std::vector<uint8_t> *out, - bssl::Span<const uint8_t> in, - FIPSStatus expect_approved) { + Span<const uint8_t> in, FIPSStatus expect_approved) { FIPSStatus approved = FIPSStatus::NOT_APPROVED; size_t max_out = in.size(); if (EVP_CIPHER_CTX_encrypting(ctx)) { @@ -653,7 +653,7 @@ FIPSStatus approved = FIPSStatus::NOT_APPROVED; - bssl::ScopedEVP_AEAD_CTX aead_ctx; + ScopedEVP_AEAD_CTX aead_ctx; std::vector<uint8_t> nonce(EVP_AEAD_nonce_length(test.aead), 0); std::vector<uint8_t> encrypt_output(256); std::vector<uint8_t> decrypt_output(256); @@ -827,12 +827,12 @@ class EVPServiceIndicatorTest : public TestWithNoErrors<CipherTestVector> {}; static void TestOperation(const EVP_CIPHER *cipher, bool encrypt, - const bssl::Span<const uint8_t> key, - const bssl::Span<const uint8_t> plaintext, - const bssl::Span<const uint8_t> ciphertext, + const Span<const uint8_t> key, + const Span<const uint8_t> plaintext, + const Span<const uint8_t> ciphertext, FIPSStatus expect_approved) { FIPSStatus approved = FIPSStatus::NOT_APPROVED; - bssl::Span<const uint8_t> in, out; + Span<const uint8_t> in, out; if (encrypt) { in = plaintext; out = ciphertext; @@ -841,7 +841,7 @@ out = plaintext; } - bssl::ScopedEVP_CIPHER_CTX ctx; + ScopedEVP_CIPHER_CTX ctx; // Test running the EVP_Cipher interfaces one by one directly, and check // |EVP_EncryptFinal_ex| and |EVP_DecryptFinal_ex| for approval at the end. ASSERT_TRUE(EVP_CipherInit_ex(ctx.get(), cipher, nullptr, nullptr, nullptr, @@ -857,7 +857,7 @@ EXPECT_EQ(Bytes(out), Bytes(encrypt_result)); // Test using the one-shot |EVP_Cipher| function for approval. - bssl::ScopedEVP_CIPHER_CTX ctx2; + ScopedEVP_CIPHER_CTX ctx2; uint8_t output[256]; ASSERT_TRUE(EVP_CipherInit_ex(ctx2.get(), cipher, nullptr, key.data(), kAESIV, encrypt ? 1 : 0)); @@ -976,7 +976,7 @@ SCOPED_TRACE(test.name); FIPSStatus approved = FIPSStatus::NOT_APPROVED; - bssl::ScopedEVP_MD_CTX ctx; + ScopedEVP_MD_CTX ctx; std::vector<uint8_t> digest(test.length); unsigned digest_len; @@ -1048,7 +1048,7 @@ // should not be approved, because the functions do not indicate that a // service has been fully completed yet. unsigned mac_len; - bssl::ScopedHMAC_CTX ctx; + ScopedHMAC_CTX ctx; ASSERT_TRUE(CALL_SERVICE_AND_CHECK_APPROVED( approved, HMAC_Init_ex(ctx.get(), kHMACKey, sizeof(kHMACKey), digest, nullptr))); @@ -1075,7 +1075,7 @@ // generation for RSA is time consuming. TEST(ServiceIndicatorTest, RSAKeyGen) { FIPSStatus approved = FIPSStatus::NOT_APPROVED; - bssl::UniquePtr<RSA> rsa(RSA_new()); + UniquePtr<RSA> rsa(RSA_new()); ASSERT_TRUE(rsa); // |RSA_generate_key_fips| may only be used for 2048-, 3072-, and 4096-bit @@ -1104,9 +1104,9 @@ // |EVP_PKEY_keygen| for approval at the end. |EVP_PKEY_keygen_init| should // not be approved because it does not indicate an entire service has been // completed. - bssl::UniquePtr<EVP_PKEY_CTX> ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr)); + UniquePtr<EVP_PKEY_CTX> ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr)); EVP_PKEY *raw = nullptr; - bssl::UniquePtr<EVP_PKEY> pkey(raw); + UniquePtr<EVP_PKEY> pkey(raw); ASSERT_TRUE(ctx); if (kEVPKeyGenShouldCallFIPSFunctions) { @@ -1226,7 +1226,7 @@ testing::ValuesIn(kRSATestVectors)); static std::map<unsigned, bssl::UniquePtr<RSA>> &CachedRSAKeys() { - static std::map<unsigned, bssl::UniquePtr<RSA>> keys; + static std::map<unsigned, UniquePtr<RSA>> keys; return keys; } @@ -1236,12 +1236,12 @@ return it->second.get(); } - bssl::UniquePtr<BIGNUM> e(BN_new()); + UniquePtr<BIGNUM> e(BN_new()); if (!e || !BN_set_word(e.get(), RSA_F4)) { abort(); } - bssl::UniquePtr<RSA> key(RSA_new()); + UniquePtr<RSA> key(RSA_new()); if (!key || !RSA_generate_key_ex(key.get(), bits, e.get(), nullptr)) { abort(); } @@ -1256,7 +1256,7 @@ const RSATestVector &test = GetParam(); SCOPED_TRACE(test.key_size); - bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); + UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); ASSERT_TRUE(pkey); RSA *const rsa = GetRSAKey(test.key_size); @@ -1267,7 +1267,7 @@ // |EVP_DigestSignUpdate| should not be approved because they do not indicate // an entire service has been completed. FIPSStatus approved = FIPSStatus::NOT_APPROVED; - bssl::ScopedEVP_MD_CTX md_ctx; + ScopedEVP_MD_CTX md_ctx; EVP_PKEY_CTX *pctx = nullptr; size_t sig_len; ASSERT_TRUE(CALL_SERVICE_AND_CHECK_APPROVED( @@ -1338,7 +1338,7 @@ TEST_P(RSAServiceIndicatorTest, RSASigVer) { const RSATestVector &test = GetParam(); - bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); + UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); RSA *const rsa = GetRSAKey(test.key_size); ASSERT_TRUE(pkey); @@ -1346,7 +1346,7 @@ std::vector<uint8_t> signature; size_t sig_len; - bssl::ScopedEVP_MD_CTX md_ctx; + ScopedEVP_MD_CTX md_ctx; EVP_PKEY_CTX *pctx = nullptr; ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pctx, test.func(), nullptr, pkey.get())); @@ -1494,7 +1494,7 @@ // Test service indicator approval for |EC_KEY_generate_key_fips| and // |EC_KEY_check_fips|. - bssl::UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(test.nid)); + UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(test.nid)); ASSERT_TRUE(CALL_SERVICE_AND_CHECK_APPROVED( approved, EC_KEY_generate_key_fips(key.get()))); EXPECT_EQ(approved, test.key_check_expect_approved); @@ -1504,7 +1504,7 @@ // See if |EC_KEY_check_fips| still returns approval with only the public // component. - bssl::UniquePtr<EC_KEY> key_only_public(EC_KEY_new_by_curve_name(test.nid)); + UniquePtr<EC_KEY> key_only_public(EC_KEY_new_by_curve_name(test.nid)); ASSERT_TRUE(EC_KEY_set_public_key(key_only_public.get(), EC_KEY_get0_public_key(key.get()))); ASSERT_TRUE(CALL_SERVICE_AND_CHECK_APPROVED( @@ -1516,8 +1516,7 @@ // check |EVP_PKEY_keygen| for approval at the end. |EVP_PKEY_keygen_init| // should not be approved because it does not indicate that an entire // service has been completed. - bssl::UniquePtr<EVP_PKEY_CTX> ctx( - EVP_PKEY_CTX_new_id(EVP_PKEY_EC, nullptr)); + UniquePtr<EVP_PKEY_CTX> ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_EC, nullptr)); EVP_PKEY *raw = nullptr; ASSERT_TRUE(ctx); ASSERT_TRUE(EVP_PKEY_keygen_init(ctx.get())); @@ -1539,9 +1538,9 @@ FIPSStatus approved = FIPSStatus::NOT_APPROVED; const EC_GROUP *group = EC_GROUP_new_by_curve_name(test.nid); - bssl::UniquePtr<EC_KEY> eckey(EC_KEY_new()); - bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); - bssl::ScopedEVP_MD_CTX md_ctx; + UniquePtr<EC_KEY> eckey(EC_KEY_new()); + UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); + ScopedEVP_MD_CTX md_ctx; ASSERT_TRUE(eckey); ASSERT_TRUE(EC_KEY_set_group(eckey.get(), group)); @@ -1599,9 +1598,9 @@ FIPSStatus approved = FIPSStatus::NOT_APPROVED; const EC_GROUP *group = EC_GROUP_new_by_curve_name(test.nid); - bssl::UniquePtr<EC_KEY> eckey(EC_KEY_new()); - bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); - bssl::ScopedEVP_MD_CTX md_ctx; + UniquePtr<EC_KEY> eckey(EC_KEY_new()); + UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); + ScopedEVP_MD_CTX md_ctx; ASSERT_TRUE(eckey); ASSERT_TRUE(EC_KEY_set_group(eckey.get(), group)); @@ -1660,14 +1659,14 @@ FIPSStatus approved = FIPSStatus::NOT_APPROVED; - bssl::ScopedEVP_MD_CTX ctx; + ScopedEVP_MD_CTX ctx; ASSERT_TRUE(EVP_DigestInit(ctx.get(), test.func())); ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), kPlaintext, sizeof(kPlaintext))); const EC_GROUP *group = EC_GROUP_new_by_curve_name(test.nid); - bssl::UniquePtr<EC_KEY> eckey(EC_KEY_new()); - bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); - bssl::ScopedEVP_MD_CTX md_ctx; + UniquePtr<EC_KEY> eckey(EC_KEY_new()); + UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); + ScopedEVP_MD_CTX md_ctx; ASSERT_TRUE(eckey); ASSERT_TRUE(EC_KEY_set_group(eckey.get(), group)); @@ -1676,7 +1675,7 @@ ASSERT_TRUE(EVP_PKEY_set1_EC_KEY(pkey.get(), eckey.get())); // Manual construction for signing. - bssl::UniquePtr<EVP_PKEY_CTX> pctx(EVP_PKEY_CTX_new(pkey.get(), nullptr)); + UniquePtr<EVP_PKEY_CTX> pctx(EVP_PKEY_CTX_new(pkey.get(), nullptr)); ASSERT_TRUE(EVP_PKEY_sign_init(pctx.get())); ASSERT_TRUE(EVP_PKEY_CTX_set_signature_md(pctx.get(), test.func())); EVP_MD_CTX_set_pkey_ctx(ctx.get(), pctx.get()); @@ -1761,9 +1760,9 @@ FIPSStatus approved = FIPSStatus::NOT_APPROVED; const EC_GROUP *group = EC_GROUP_new_by_curve_name(test.nid); - bssl::UniquePtr<EC_KEY> our_key(EC_KEY_new()); - bssl::UniquePtr<EC_KEY> peer_key(EC_KEY_new()); - bssl::ScopedEVP_MD_CTX md_ctx; + UniquePtr<EC_KEY> our_key(EC_KEY_new()); + UniquePtr<EC_KEY> peer_key(EC_KEY_new()); + ScopedEVP_MD_CTX md_ctx; ASSERT_TRUE(our_key); ASSERT_TRUE(peer_key); @@ -1789,11 +1788,10 @@ // |EVP_PKEY_derive| for approval at the end. |EVP_PKEY_derive_init| and // |EVP_PKEY_derive_set_peer| should not be approved because they do not // indicate an entire service has been done. - bssl::UniquePtr<EVP_PKEY> our_pkey(EVP_PKEY_new()); + UniquePtr<EVP_PKEY> our_pkey(EVP_PKEY_new()); ASSERT_TRUE(EVP_PKEY_set1_EC_KEY(our_pkey.get(), our_key.get())); - bssl::UniquePtr<EVP_PKEY_CTX> our_ctx( - EVP_PKEY_CTX_new(our_pkey.get(), nullptr)); - bssl::UniquePtr<EVP_PKEY> peer_pkey(EVP_PKEY_new()); + UniquePtr<EVP_PKEY_CTX> our_ctx(EVP_PKEY_CTX_new(our_pkey.get(), nullptr)); + UniquePtr<EVP_PKEY> peer_pkey(EVP_PKEY_new()); ASSERT_TRUE(EVP_PKEY_set1_EC_KEY(peer_pkey.get(), peer_key.get())); ASSERT_TRUE(CALL_SERVICE_AND_CHECK_APPROVED( @@ -1871,7 +1869,7 @@ TEST(ServiceIndicatorTest, CMAC) { FIPSStatus approved = FIPSStatus::NOT_APPROVED; - bssl::UniquePtr<CMAC_CTX> ctx(CMAC_CTX_new()); + UniquePtr<CMAC_CTX> ctx(CMAC_CTX_new()); ASSERT_TRUE(ctx); // Test running the CMAC interfaces one by one directly, and check @@ -1904,7 +1902,7 @@ TEST(ServiceIndicatorTest, BasicTest) { FIPSStatus approved = FIPSStatus::NOT_APPROVED; - bssl::ScopedEVP_AEAD_CTX aead_ctx; + ScopedEVP_AEAD_CTX aead_ctx; ASSERT_TRUE(EVP_AEAD_CTX_init(aead_ctx.get(), EVP_aead_aes_128_gcm_randnonce(), kAESKey, sizeof(kAESKey), 0, nullptr)); @@ -2384,7 +2382,7 @@ FIPSStatus approved = FIPSStatus::NOT_APPROVED; // |DH_compute_key_padded| should be a non-approved service. - bssl::UniquePtr<DH> dh(GetDH()); + UniquePtr<DH> dh(GetDH()); uint8_t dh_out[sizeof(kDHOutput)]; ASSERT_EQ(DH_size(dh.get()), static_cast<int>(sizeof(dh_out))); ASSERT_EQ(CALL_SERVICE_AND_CHECK_APPROVED( @@ -2444,7 +2442,7 @@ ASSERT_EQ(before, (uint64_t)0); // Call an approved service. - bssl::ScopedEVP_AEAD_CTX aead_ctx; + ScopedEVP_AEAD_CTX aead_ctx; uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH] = {0}; uint8_t output[256]; size_t out_len; @@ -2472,3 +2470,4 @@ #endif // BORINGSSL_FIPS } // namespace +BSSL_NAMESPACE_END
diff --git a/crypto/fipsmodule/tls/internal.h b/crypto/fipsmodule/tls/internal.h index 99b2a01..2ddf21d 100644 --- a/crypto/fipsmodule/tls/internal.h +++ b/crypto/fipsmodule/tls/internal.h
@@ -17,10 +17,8 @@ #include <openssl/base.h> -#if defined(__cplusplus) -extern "C" { -#endif +BSSL_NAMESPACE_BEGIN // tls1_prf calculates |out_len| bytes of the TLS PDF, using |digest|, and // writes them to |out|. It returns one on success and zero on error. @@ -39,9 +37,6 @@ const uint8_t *label, size_t label_len, // const uint8_t *hash, size_t hash_len); - -#if defined(__cplusplus) -} // extern C -#endif +BSSL_NAMESPACE_END #endif // OPENSSL_HEADER_CRYPTO_FIPSMODULE_TLS_INTERNAL_H
diff --git a/crypto/fipsmodule/tls/kdf.cc.inc b/crypto/fipsmodule/tls/kdf.cc.inc index f83ace4..8002cc1 100644 --- a/crypto/fipsmodule/tls/kdf.cc.inc +++ b/crypto/fipsmodule/tls/kdf.cc.inc
@@ -25,6 +25,8 @@ #include "../service_indicator/internal.h" +using namespace bssl; + // tls1_P_hash computes the TLS P_<hash> function as described in RFC 5246, // section 5. It XORs |out_len| bytes to |out|, using |md| as the hash and // |secret| as the secret. |label|, |seed1|, and |seed2| are concatenated to @@ -100,12 +102,11 @@ return ret; } -int CRYPTO_tls1_prf(const EVP_MD *digest, - uint8_t *out, size_t out_len, - const uint8_t *secret, size_t secret_len, - const char *label, size_t label_len, - const uint8_t *seed1, size_t seed1_len, - const uint8_t *seed2, size_t seed2_len) { +int bssl::CRYPTO_tls1_prf(const EVP_MD *digest, uint8_t *out, size_t out_len, + const uint8_t *secret, size_t secret_len, + const char *label, size_t label_len, + const uint8_t *seed1, size_t seed1_len, + const uint8_t *seed2, size_t seed2_len) { if (out_len == 0) { return 1; } @@ -141,11 +142,12 @@ return ret; } -int CRYPTO_tls13_hkdf_expand_label(uint8_t *out, size_t out_len, - const EVP_MD *digest, // - const uint8_t *secret, size_t secret_len, - const uint8_t *label, size_t label_len, - const uint8_t *hash, size_t hash_len) { +int bssl::CRYPTO_tls13_hkdf_expand_label(uint8_t *out, size_t out_len, + const EVP_MD *digest, // + const uint8_t *secret, + size_t secret_len, + const uint8_t *label, size_t label_len, + const uint8_t *hash, size_t hash_len) { static const uint8_t kProtocolLabel[] = "tls13 "; CBB cbb, child; uint8_t *hkdf_label = nullptr; @@ -177,4 +179,3 @@ } return ret; } -
diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index 80c6297..7ed3cdc 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@@ -873,7 +873,7 @@ ] } ])"; - return write_reply({bssl::StringAsBytes(kConfig)}); + return write_reply({StringAsBytes(kConfig)}); } static bool Flush(const Span<const uint8_t> args[], ReplyCallback write_reply) { @@ -1169,7 +1169,7 @@ Span<const uint8_t> nonce = args[3]; Span<const uint8_t> ad = args[4]; - bssl::ScopedEVP_AEAD_CTX ctx; + ScopedEVP_AEAD_CTX ctx; if (!SetupFunc(ctx.get(), tag_len_span, key)) { return false; } @@ -1200,7 +1200,7 @@ Span<const uint8_t> nonce = args[3]; Span<const uint8_t> ad = args[4]; - bssl::ScopedEVP_AEAD_CTX ctx; + ScopedEVP_AEAD_CTX ctx; if (!SetupFunc(ctx.get(), tag_len_span, key)) { return false; } @@ -1351,7 +1351,7 @@ static_cast<unsigned>(args[0].size())); return false; } - bssl::ScopedEVP_CIPHER_CTX ctx; + ScopedEVP_CIPHER_CTX ctx; if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, args[0].data(), nullptr, Encrypt ? 1 : 0) || !EVP_CIPHER_CTX_set_padding(ctx.get(), 0)) { @@ -1416,7 +1416,7 @@ std::vector<uint8_t> result(input.size()); std::vector<uint8_t> prev_result, prev_prev_result; - bssl::ScopedEVP_CIPHER_CTX ctx; + ScopedEVP_CIPHER_CTX ctx; if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, args[0].data(), iv.data(), Encrypt ? 1 : 0) || !EVP_CIPHER_CTX_set_padding(ctx.get(), 0)) { @@ -1608,7 +1608,7 @@ return nullptr; } - return bssl::UniquePtr<EC_KEY>(EC_KEY_new_by_curve_name(nid)); + return UniquePtr<EC_KEY>(EC_KEY_new_by_curve_name(nid)); } static std::vector<uint8_t> BIGNUMBytes(const BIGNUM *bn) { @@ -1620,8 +1620,8 @@ static std::pair<std::vector<uint8_t>, std::vector<uint8_t>> GetPublicKeyBytes( const EC_KEY *key) { - bssl::UniquePtr<BIGNUM> x(BN_new()); - bssl::UniquePtr<BIGNUM> y(BN_new()); + UniquePtr<BIGNUM> x(BN_new()); + UniquePtr<BIGNUM> y(BN_new()); if (!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(key), EC_KEY_get0_public_key(key), x.get(), y.get(), /*ctx=*/nullptr)) { @@ -1636,7 +1636,7 @@ static bool ECDSAKeyGen(const Span<const uint8_t> args[], ReplyCallback write_reply) { - bssl::UniquePtr<EC_KEY> key = ECKeyFromName(args[0]); + UniquePtr<EC_KEY> key = ECKeyFromName(args[0]); if (!key || !EC_KEY_generate_key_fips(key.get())) { return false; } @@ -1658,13 +1658,13 @@ static bool ECDSAKeyVer(const Span<const uint8_t> args[], ReplyCallback write_reply) { - bssl::UniquePtr<EC_KEY> key = ECKeyFromName(args[0]); + UniquePtr<EC_KEY> key = ECKeyFromName(args[0]); if (!key) { return false; } - bssl::UniquePtr<BIGNUM> x(BytesToBIGNUM(args[1])); - bssl::UniquePtr<BIGNUM> y(BytesToBIGNUM(args[2])); + UniquePtr<BIGNUM> x(BytesToBIGNUM(args[1])); + UniquePtr<BIGNUM> y(BytesToBIGNUM(args[2])); uint8_t reply[1]; if (!EC_KEY_set_public_key_affine_coordinates(key.get(), x.get(), y.get()) || @@ -1697,8 +1697,8 @@ static bool ECDSASigGen(const Span<const uint8_t> args[], ReplyCallback write_reply) { - bssl::UniquePtr<EC_KEY> key = ECKeyFromName(args[0]); - bssl::UniquePtr<BIGNUM> d = BytesToBIGNUM(args[1]); + UniquePtr<EC_KEY> key = ECKeyFromName(args[0]); + UniquePtr<BIGNUM> d = BytesToBIGNUM(args[1]); const EVP_MD *hash = HashFromName(args[2]); uint8_t digest[EVP_MAX_MD_SIZE]; unsigned digest_len; @@ -1709,7 +1709,7 @@ return false; } - bssl::UniquePtr<ECDSA_SIG> sig(ECDSA_do_sign(digest, digest_len, key.get())); + UniquePtr<ECDSA_SIG> sig(ECDSA_do_sign(digest, digest_len, key.get())); if (!sig) { return false; } @@ -1723,13 +1723,13 @@ static bool ECDSASigVer(const Span<const uint8_t> args[], ReplyCallback write_reply) { - bssl::UniquePtr<EC_KEY> key = ECKeyFromName(args[0]); + UniquePtr<EC_KEY> key = ECKeyFromName(args[0]); const EVP_MD *hash = HashFromName(args[1]); auto msg = args[2]; - bssl::UniquePtr<BIGNUM> x(BytesToBIGNUM(args[3])); - bssl::UniquePtr<BIGNUM> y(BytesToBIGNUM(args[4])); - bssl::UniquePtr<BIGNUM> r(BytesToBIGNUM(args[5])); - bssl::UniquePtr<BIGNUM> s(BytesToBIGNUM(args[6])); + UniquePtr<BIGNUM> x(BytesToBIGNUM(args[3])); + UniquePtr<BIGNUM> y(BytesToBIGNUM(args[4])); + UniquePtr<BIGNUM> r(BytesToBIGNUM(args[5])); + UniquePtr<BIGNUM> s(BytesToBIGNUM(args[6])); ECDSA_SIG sig; sig.r = r.get(); sig.s = s.get(); @@ -1800,7 +1800,7 @@ return it->second.get(); } - bssl::UniquePtr<RSA> key(RSA_new()); + UniquePtr<RSA> key(RSA_new()); if (!RSA_generate_key_fips(key.get(), bits, nullptr)) { abort(); } @@ -1819,7 +1819,7 @@ } memcpy(&bits, args[0].data(), sizeof(bits)); - bssl::UniquePtr<RSA> key(RSA_new()); + UniquePtr<RSA> key(RSA_new()); if (!RSA_generate_key_fips(key.get(), bits, nullptr)) { LOG_ERROR("RSA_generate_key_fips failed for modulus length %u.\n", bits); return false; @@ -1888,7 +1888,7 @@ BIGNUM *n = BN_new(); BIGNUM *e = BN_new(); - bssl::UniquePtr<RSA> key(RSA_new()); + UniquePtr<RSA> key(RSA_new()); if (!BN_bin2bn(n_bytes.data(), n_bytes.size(), n) || !BN_bin2bn(e_bytes.data(), e_bytes.size(), e) || !RSA_set0_key(key.get(), n, e, /*d=*/nullptr)) { @@ -1920,7 +1920,7 @@ ReplyCallback write_reply) { const Span<const uint8_t> out_len_bytes = args[0]; const Span<const uint8_t> secret = args[1]; - const std::string_view label = bssl::BytesAsStringView(args[2]); + const std::string_view label = BytesAsStringView(args[2]); const Span<const uint8_t> seed1 = args[3]; const Span<const uint8_t> seed2 = args[4]; const EVP_MD *md = MDFunc(); @@ -1943,15 +1943,15 @@ template <int Nid> static bool ECDH(const Span<const uint8_t> args[], ReplyCallback write_reply) { - bssl::UniquePtr<BIGNUM> their_x(BytesToBIGNUM(args[0])); - bssl::UniquePtr<BIGNUM> their_y(BytesToBIGNUM(args[1])); + UniquePtr<BIGNUM> their_x(BytesToBIGNUM(args[0])); + UniquePtr<BIGNUM> their_y(BytesToBIGNUM(args[1])); const Span<const uint8_t> private_key = args[2]; - bssl::UniquePtr<EC_KEY> ec_key(EC_KEY_new_by_curve_name(Nid)); - bssl::UniquePtr<BN_CTX> ctx(BN_CTX_new()); + UniquePtr<EC_KEY> ec_key(EC_KEY_new_by_curve_name(Nid)); + UniquePtr<BN_CTX> ctx(BN_CTX_new()); const EC_GROUP *const group = EC_KEY_get0_group(ec_key.get()); - bssl::UniquePtr<EC_POINT> their_point(EC_POINT_new(group)); + UniquePtr<EC_POINT> their_point(EC_POINT_new(group)); if (!EC_POINT_set_affine_coordinates_GFp( group, their_point.get(), their_x.get(), their_y.get(), ctx.get())) { LOG_ERROR("Invalid peer point for ECDH.\n"); @@ -1959,13 +1959,13 @@ } if (!private_key.empty()) { - bssl::UniquePtr<BIGNUM> our_k(BytesToBIGNUM(private_key)); + UniquePtr<BIGNUM> our_k(BytesToBIGNUM(private_key)); if (!EC_KEY_set_private_key(ec_key.get(), our_k.get())) { LOG_ERROR("EC_KEY_set_private_key failed.\n"); return false; } - bssl::UniquePtr<EC_POINT> our_pub(EC_POINT_new(group)); + UniquePtr<EC_POINT> our_pub(EC_POINT_new(group)); if (!EC_POINT_mul(group, our_pub.get(), our_k.get(), nullptr, nullptr, ctx.get()) || !EC_KEY_set_public_key(ec_key.get(), our_pub.get())) { @@ -1993,8 +1993,8 @@ output.resize(static_cast<size_t>(out_len)); const EC_POINT *pub = EC_KEY_get0_public_key(ec_key.get()); - bssl::UniquePtr<BIGNUM> x(BN_new()); - bssl::UniquePtr<BIGNUM> y(BN_new()); + UniquePtr<BIGNUM> x(BN_new()); + UniquePtr<BIGNUM> y(BN_new()); if (!EC_POINT_get_affine_coordinates_GFp(group, pub, x.get(), y.get(), ctx.get())) { LOG_ERROR("EC_POINT_get_affine_coordinates_GFp failed.\n"); @@ -2005,14 +2005,14 @@ } static bool FFDH(const Span<const uint8_t> args[], ReplyCallback write_reply) { - bssl::UniquePtr<BIGNUM> p(BytesToBIGNUM(args[0])); - bssl::UniquePtr<BIGNUM> q(BytesToBIGNUM(args[1])); - bssl::UniquePtr<BIGNUM> g(BytesToBIGNUM(args[2])); - bssl::UniquePtr<BIGNUM> their_pub(BytesToBIGNUM(args[3])); + UniquePtr<BIGNUM> p(BytesToBIGNUM(args[0])); + UniquePtr<BIGNUM> q(BytesToBIGNUM(args[1])); + UniquePtr<BIGNUM> g(BytesToBIGNUM(args[2])); + UniquePtr<BIGNUM> their_pub(BytesToBIGNUM(args[3])); const Span<const uint8_t> private_key_span = args[4]; const Span<const uint8_t> public_key_span = args[5]; - bssl::UniquePtr<DH> dh(DH_new()); + UniquePtr<DH> dh(DH_new()); if (!DH_set0_pqg(dh.get(), p.get(), q.get(), g.get())) { LOG_ERROR("DH_set0_pqg failed.\n"); return 0; @@ -2024,8 +2024,8 @@ g.release(); if (!private_key_span.empty()) { - bssl::UniquePtr<BIGNUM> private_key(BytesToBIGNUM(private_key_span)); - bssl::UniquePtr<BIGNUM> public_key(BytesToBIGNUM(public_key_span)); + UniquePtr<BIGNUM> private_key(BytesToBIGNUM(private_key_span)); + UniquePtr<BIGNUM> public_key(BytesToBIGNUM(public_key_span)); if (!DH_set0_key(dh.get(), public_key.get(), private_key.get())) { LOG_ERROR("DH_set0_key failed.\n"); @@ -2522,7 +2522,7 @@ }; Handler FindHandler(Span<const Span<const uint8_t>> args) { - auto algorithm = bssl::BytesAsStringView(args[0]); + auto algorithm = BytesAsStringView(args[0]); for (const auto &func : kFunctions) { if (algorithm == func.name) { if (args.size() - 1 != func.num_expected_args) {
diff --git a/util/fipstools/test_fips.cc b/util/fipstools/test_fips.cc index 6391fbe..2ed9e80 100644 --- a/util/fipstools/test_fips.cc +++ b/util/fipstools/test_fips.cc
@@ -38,6 +38,10 @@ #include "../../crypto/fipsmodule/tls/internal.h" #include "../../crypto/internal.h" + +BSSL_NAMESPACE_BEGIN +namespace { + OPENSSL_MSVC_PRAGMA(warning(disable : 4295)) #if defined(BORINGSSL_FIPS) @@ -544,8 +548,11 @@ #endif // !defined(BORINGSSL_FIPS) } +} // namespace +BSSL_NAMESPACE_END + int main(int argc, char **argv) { - if (!run_test()) { + if (!bssl::run_test()) { printf("FAIL\n"); fflush(stdout); abort();