Unwind <openssl/bcm_public.h>
This was envisioned as part of a (very long) path to manage some version
skew, but we're no longer planning to support this version skew.
bcm_interface.h is still useful so that the BCM calling convention can
handle FIPS nuisances like the FIPS service indicator, and to keep BCM's
functions from peeking out of the public API. But headers, plain
structs, and constants are okay.
Change-Id: I95f26f587929bbf380281cda8aa63f1557159a1c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/82687
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
diff --git a/build.json b/build.json
index ac6a935..98a5cdc 100644
--- a/build.json
+++ b/build.json
@@ -418,7 +418,6 @@
"include/openssl/asn1t.h",
"include/openssl/base.h",
"include/openssl/base64.h",
- "include/openssl/bcm_public.h",
"include/openssl/bio.h",
"include/openssl/blake2.h",
"include/openssl/blowfish.h",
diff --git a/crypto/fipsmodule/bcm_interface.h b/crypto/fipsmodule/bcm_interface.h
index e60458c..230e273 100644
--- a/crypto/fipsmodule/bcm_interface.h
+++ b/crypto/fipsmodule/bcm_interface.h
@@ -15,9 +15,9 @@
#ifndef OPENSSL_HEADER_CRYPTO_FIPSMODULE_BCM_INTERFACE_H
#define OPENSSL_HEADER_CRYPTO_FIPSMODULE_BCM_INTERFACE_H
-// For the moment, we reach out for AES_KEY.
#include <openssl/aes.h>
-#include <openssl/bcm_public.h>
+#include <openssl/sha.h>
+#include <openssl/sha2.h>
// This header will eventually become the interface between BCM and the
@@ -97,24 +97,20 @@
// SHA-1
-// BCM_SHA_DIGEST_LENGTH is the length of a SHA-1 digest.
-#define BCM_SHA_DIGEST_LENGTH 20
-
// BCM_sha1_init initialises |sha|.
bcm_infallible BCM_sha1_init(SHA_CTX *sha);
-// BCM_SHA1_transform is a low-level function that performs a single, SHA-1
+// SHA1_transform is a low-level function that performs a single, SHA-1
// block transformation using the state from |sha| and |SHA_CBLOCK| bytes from
// |block|.
-bcm_infallible BCM_sha1_transform(SHA_CTX *c,
- const uint8_t data[BCM_SHA_CBLOCK]);
+bcm_infallible BCM_sha1_transform(SHA_CTX *c, const uint8_t data[SHA_CBLOCK]);
// BCM_sha1_update adds |len| bytes from |data| to |sha|.
bcm_infallible BCM_sha1_update(SHA_CTX *c, const void *data, size_t len);
// BCM_sha1_final adds the final padding to |sha| and writes the resulting
// digest to |out|, which must have at least |SHA_DIGEST_LENGTH| bytes of space.
-bcm_infallible BCM_sha1_final(uint8_t out[BCM_SHA_DIGEST_LENGTH], SHA_CTX *c);
+bcm_infallible BCM_sha1_final(uint8_t out[SHA_DIGEST_LENGTH], SHA_CTX *c);
// BCM_fips_186_2_prf derives |out_len| bytes from |xkey| using the PRF
@@ -131,14 +127,11 @@
// in new protocols. It is provided for compatibility with some legacy EAP
// methods.
bcm_infallible BCM_fips_186_2_prf(uint8_t *out, size_t out_len,
- const uint8_t xkey[BCM_SHA_DIGEST_LENGTH]);
+ const uint8_t xkey[SHA_DIGEST_LENGTH]);
// SHA-224
-// SHA224_DIGEST_LENGTH is the length of a SHA-224 digest.
-#define BCM_SHA224_DIGEST_LENGTH 28
-
// BCM_sha224_unit initialises |sha|.
bcm_infallible BCM_sha224_init(SHA256_CTX *sha);
@@ -148,15 +141,12 @@
// BCM_sha224_final adds the final padding to |sha| and writes the resulting
// digest to |out|, which must have at least |SHA224_DIGEST_LENGTH| bytes of
// space. It aborts on programmer error.
-bcm_infallible BCM_sha224_final(uint8_t out[BCM_SHA224_DIGEST_LENGTH],
+bcm_infallible BCM_sha224_final(uint8_t out[SHA224_DIGEST_LENGTH],
SHA256_CTX *sha);
// SHA-256
-// BCM_SHA256_DIGEST_LENGTH is the length of a SHA-256 digest.
-#define BCM_SHA256_DIGEST_LENGTH 32
-
// BCM_sha256_init initialises |sha|.
bcm_infallible BCM_sha256_init(SHA256_CTX *sha);
@@ -164,20 +154,20 @@
bcm_infallible BCM_sha256_update(SHA256_CTX *sha, const void *data, size_t len);
// BCM_sha256_final adds the final padding to |sha| and writes the resulting
-// digest to |out|, which must have at least |BCM_SHA256_DIGEST_LENGTH| bytes of
+// digest to |out|, which must have at least |SHA256_DIGEST_LENGTH| bytes of
// space. It aborts on programmer error.
-bcm_infallible BCM_sha256_final(uint8_t out[BCM_SHA256_DIGEST_LENGTH],
+bcm_infallible BCM_sha256_final(uint8_t out[SHA256_DIGEST_LENGTH],
SHA256_CTX *sha);
// BCM_sha256_transform is a low-level function that performs a single, SHA-256
-// block transformation using the state from |sha| and |BCM_SHA256_CBLOCK| bytes
+// block transformation using the state from |sha| and |SHA256_CBLOCK| bytes
// from |block|.
bcm_infallible BCM_sha256_transform(SHA256_CTX *sha,
- const uint8_t block[BCM_SHA256_CBLOCK]);
+ const uint8_t block[SHA256_CBLOCK]);
// BCM_sha256_transform_blocks is a low-level function that takes |num_blocks| *
-// |BCM_SHA256_CBLOCK| bytes of data and performs SHA-256 transforms on it to
-// update |state|.
+// |SHA256_CBLOCK| bytes of data and performs SHA-256 transforms on it to update
+// |state|.
bcm_infallible BCM_sha256_transform_blocks(uint32_t state[8],
const uint8_t *data,
size_t num_blocks);
@@ -185,9 +175,6 @@
// SHA-384.
-// BCM_SHA384_DIGEST_LENGTH is the length of a SHA-384 digest.
-#define BCM_SHA384_DIGEST_LENGTH 48
-
// BCM_sha384_init initialises |sha|.
bcm_infallible BCM_sha384_init(SHA512_CTX *sha);
@@ -195,17 +182,14 @@
bcm_infallible BCM_sha384_update(SHA512_CTX *sha, const void *data, size_t len);
// BCM_sha384_final adds the final padding to |sha| and writes the resulting
-// digest to |out|, which must have at least |BCM_sha384_DIGEST_LENGTH| bytes of
+// digest to |out|, which must have at least |SHA384_DIGEST_LENGTH| bytes of
// space. It may abort on programmer error.
-bcm_infallible BCM_sha384_final(uint8_t out[BCM_SHA384_DIGEST_LENGTH],
+bcm_infallible BCM_sha384_final(uint8_t out[SHA384_DIGEST_LENGTH],
SHA512_CTX *sha);
// SHA-512.
-// BCM_SHA512_DIGEST_LENGTH is the length of a SHA-512 digest.
-#define BCM_SHA512_DIGEST_LENGTH 64
-
// BCM_sha512_init initialises |sha|.
bcm_infallible BCM_sha512_init(SHA512_CTX *sha);
@@ -213,24 +197,22 @@
bcm_infallible BCM_sha512_update(SHA512_CTX *sha, const void *data, size_t len);
// BCM_sha512_final adds the final padding to |sha| and writes the resulting
-// digest to |out|, which must have at least |BCM_sha512_DIGEST_LENGTH| bytes of
+// digest to |out|, which must have at least |SHA512_DIGEST_LENGTH| bytes of
// space.
-bcm_infallible BCM_sha512_final(uint8_t out[BCM_SHA512_DIGEST_LENGTH],
+bcm_infallible BCM_sha512_final(uint8_t out[SHA512_DIGEST_LENGTH],
SHA512_CTX *sha);
// BCM_sha512_transform is a low-level function that performs a single, SHA-512
-// block transformation using the state from |sha| and |BCM_sha512_CBLOCK| bytes
+// block transformation using the state from |sha| and |SHA512_CBLOCK| bytes
// from |block|.
bcm_infallible BCM_sha512_transform(SHA512_CTX *sha,
- const uint8_t block[BCM_SHA512_CBLOCK]);
+ const uint8_t block[SHA512_CBLOCK]);
// SHA-512-256
//
// See https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf section 5.3.6
-#define BCM_SHA512_256_DIGEST_LENGTH 32
-
// BCM_sha512_256_init initialises |sha|.
bcm_infallible BCM_sha512_256_init(SHA512_CTX *sha);
@@ -239,9 +221,9 @@
size_t len);
// BCM_sha512_256_final adds the final padding to |sha| and writes the resulting
-// digest to |out|, which must have at least |BCM_sha512_256_DIGEST_LENGTH|
-// bytes of space. It may abort on programmer error.
-bcm_infallible BCM_sha512_256_final(uint8_t out[BCM_SHA512_256_DIGEST_LENGTH],
+// digest to |out|, which must have at least |SHA512_256_DIGEST_LENGTH| bytes of
+// space. It may abort on programmer error.
+bcm_infallible BCM_sha512_256_final(uint8_t out[SHA512_256_DIGEST_LENGTH],
SHA512_CTX *sha);
diff --git a/crypto/fipsmodule/digest/digests.cc.inc b/crypto/fipsmodule/digest/digests.cc.inc
index 99e3a66..3a3bfd3 100644
--- a/crypto/fipsmodule/digest/digests.cc.inc
+++ b/crypto/fipsmodule/digest/digests.cc.inc
@@ -45,7 +45,7 @@
DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha1) {
out->type = NID_sha1;
- out->md_size = BCM_SHA_DIGEST_LENGTH;
+ out->md_size = SHA_DIGEST_LENGTH;
out->flags = 0;
out->init = sha1_init;
out->update = sha1_update;
@@ -71,7 +71,7 @@
DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha224) {
out->type = NID_sha224;
- out->md_size = BCM_SHA224_DIGEST_LENGTH;
+ out->md_size = SHA224_DIGEST_LENGTH;
out->flags = 0;
out->init = sha224_init;
out->update = sha224_update;
@@ -96,7 +96,7 @@
DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha256) {
out->type = NID_sha256;
- out->md_size = BCM_SHA256_DIGEST_LENGTH;
+ out->md_size = SHA256_DIGEST_LENGTH;
out->flags = 0;
out->init = sha256_init;
out->update = sha256_update;
@@ -120,7 +120,7 @@
DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha384) {
out->type = NID_sha384;
- out->md_size = BCM_SHA384_DIGEST_LENGTH;
+ out->md_size = SHA384_DIGEST_LENGTH;
out->flags = 0;
out->init = sha384_init;
out->update = sha384_update;
@@ -145,7 +145,7 @@
DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha512) {
out->type = NID_sha512;
- out->md_size = BCM_SHA512_DIGEST_LENGTH;
+ out->md_size = SHA512_DIGEST_LENGTH;
out->flags = 0;
out->init = sha512_init;
out->update = sha512_update;
@@ -170,7 +170,7 @@
DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha512_256) {
out->type = NID_sha512_256;
- out->md_size = BCM_SHA512_256_DIGEST_LENGTH;
+ out->md_size = SHA512_256_DIGEST_LENGTH;
out->flags = 0;
out->init = sha512_256_init;
out->update = sha512_256_update;
diff --git a/crypto/fipsmodule/ec/ec_key.cc.inc b/crypto/fipsmodule/ec/ec_key.cc.inc
index 754998a..cf9b1f6 100644
--- a/crypto/fipsmodule/ec/ec_key.cc.inc
+++ b/crypto/fipsmodule/ec/ec_key.cc.inc
@@ -291,7 +291,7 @@
}
if (key->priv_key) {
- uint8_t digest[BCM_SHA256_DIGEST_LENGTH] = {0};
+ uint8_t digest[SHA256_DIGEST_LENGTH] = {0};
uint8_t sig[ECDSA_MAX_FIXED_LEN];
size_t sig_len;
if (!ecdsa_sign_fixed(digest, sizeof(digest), sig, &sig_len, sizeof(sig),
diff --git a/crypto/fipsmodule/ecdsa/ecdsa.cc.inc b/crypto/fipsmodule/ecdsa/ecdsa.cc.inc
index 24b8f49..d2dcc38 100644
--- a/crypto/fipsmodule/ecdsa/ecdsa.cc.inc
+++ b/crypto/fipsmodule/ecdsa/ecdsa.cc.inc
@@ -22,6 +22,7 @@
#include <openssl/mem.h>
#include "../../internal.h"
+#include "../bcm_interface.h"
#include "../bn/internal.h"
#include "../ec/internal.h"
#include "../service_indicator/internal.h"
@@ -229,13 +230,13 @@
// Pass a SHA512 hash of the private key and digest as additional data
// into the RBG. This is a hardening measure against entropy failure.
- static_assert(BCM_SHA512_DIGEST_LENGTH >= 32,
+ static_assert(SHA512_DIGEST_LENGTH >= 32,
"additional_data is too large for SHA-512");
FIPS_service_indicator_lock_state();
SHA512_CTX sha;
- uint8_t additional_data[BCM_SHA512_DIGEST_LENGTH];
+ uint8_t additional_data[SHA512_DIGEST_LENGTH];
BCM_sha512_init(&sha);
BCM_sha512_update(&sha, priv_key->words, order->width * sizeof(BN_ULONG));
BCM_sha512_update(&sha, digest, digest_len);
diff --git a/crypto/fipsmodule/rsa/rsa.cc.inc b/crypto/fipsmodule/rsa/rsa.cc.inc
index 2341f51..11162ae 100644
--- a/crypto/fipsmodule/rsa/rsa.cc.inc
+++ b/crypto/fipsmodule/rsa/rsa.cc.inc
@@ -421,35 +421,35 @@
},
{
NID_sha1,
- BCM_SHA_DIGEST_LENGTH,
+ SHA_DIGEST_LENGTH,
15,
{0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
0x00, 0x04, 0x14},
},
{
NID_sha224,
- BCM_SHA224_DIGEST_LENGTH,
+ SHA224_DIGEST_LENGTH,
19,
{0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c},
},
{
NID_sha256,
- BCM_SHA256_DIGEST_LENGTH,
+ SHA256_DIGEST_LENGTH,
19,
{0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20},
},
{
NID_sha384,
- BCM_SHA384_DIGEST_LENGTH,
+ SHA384_DIGEST_LENGTH,
19,
{0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30},
},
{
NID_sha512,
- BCM_SHA512_DIGEST_LENGTH,
+ SHA512_DIGEST_LENGTH,
19,
{0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40},
diff --git a/crypto/fipsmodule/sha/sha1.cc.inc b/crypto/fipsmodule/sha/sha1.cc.inc
index 530ab93..16d4f99 100644
--- a/crypto/fipsmodule/sha/sha1.cc.inc
+++ b/crypto/fipsmodule/sha/sha1.cc.inc
@@ -47,7 +47,7 @@
namespace {
struct SHA1Traits {
using HashContext = SHA_CTX;
- static constexpr size_t kBlockSize = BCM_SHA_CBLOCK;
+ static constexpr size_t kBlockSize = SHA_CBLOCK;
static constexpr bool kLengthIsBigEndian = true;
static void HashBlocks(uint32_t *state, const uint8_t *data,
size_t num_blocks) {
diff --git a/crypto/fipsmodule/sha/sha256.cc.inc b/crypto/fipsmodule/sha/sha256.cc.inc
index a1a22a9..cba39c7 100644
--- a/crypto/fipsmodule/sha/sha256.cc.inc
+++ b/crypto/fipsmodule/sha/sha256.cc.inc
@@ -34,7 +34,7 @@
sha->h[5] = 0x68581511UL;
sha->h[6] = 0x64f98fa7UL;
sha->h[7] = 0xbefa4fa4UL;
- sha->md_len = BCM_SHA224_DIGEST_LENGTH;
+ sha->md_len = SHA224_DIGEST_LENGTH;
return bcm_infallible::approved;
}
@@ -48,7 +48,7 @@
sha->h[5] = 0x9b05688cUL;
sha->h[6] = 0x1f83d9abUL;
sha->h[7] = 0x5be0cd19UL;
- sha->md_len = BCM_SHA256_DIGEST_LENGTH;
+ sha->md_len = SHA256_DIGEST_LENGTH;
return bcm_infallible::approved;
}
@@ -58,7 +58,7 @@
#endif
bcm_infallible BCM_sha256_transform(SHA256_CTX *c,
- const uint8_t data[BCM_SHA256_CBLOCK]) {
+ const uint8_t data[SHA256_CBLOCK]) {
sha256_block_data_order(c->h, data, 1);
return bcm_infallible::approved;
}
@@ -66,7 +66,7 @@
namespace {
struct SHA256Traits {
using HashContext = SHA256_CTX;
- static constexpr size_t kBlockSize = BCM_SHA256_CBLOCK;
+ static constexpr size_t kBlockSize = SHA256_CBLOCK;
static constexpr bool kLengthIsBigEndian = true;
static void HashBlocks(uint32_t *state, const uint8_t *data,
size_t num_blocks) {
@@ -89,7 +89,7 @@
static void sha256_final_impl(uint8_t *out, size_t md_len, SHA256_CTX *c) {
bssl::crypto_md32_final<SHA256Traits>(c);
- BSSL_CHECK(md_len <= BCM_SHA256_DIGEST_LENGTH);
+ BSSL_CHECK(md_len <= SHA256_DIGEST_LENGTH);
assert(md_len % 4 == 0);
const size_t out_words = md_len / 4;
@@ -101,23 +101,23 @@
FIPS_service_indicator_update_state();
}
-bcm_infallible BCM_sha256_final(uint8_t out[BCM_SHA256_DIGEST_LENGTH],
+bcm_infallible BCM_sha256_final(uint8_t out[SHA256_DIGEST_LENGTH],
SHA256_CTX *c) {
- // Ideally we would assert |sha->md_len| is |BCM_SHA256_DIGEST_LENGTH| to
- // match the size hint, but calling code often pairs |SHA224_Init| with
- // |SHA256_Final| and expects |sha->md_len| to carry the size over.
+ // Ideally we would assert |sha->md_len| is |SHA256_DIGEST_LENGTH| tomatch the
+ // size hint, but calling code often pairs |SHA224_Init| with |SHA256_Final|
+ // and expects |sha->md_len| to carry the size over.
//
// TODO(davidben): Add an assert and fix code to match them up.
sha256_final_impl(out, c->md_len, c);
return bcm_infallible::approved;
}
-bcm_infallible BCM_sha224_final(uint8_t out[BCM_SHA224_DIGEST_LENGTH],
+bcm_infallible BCM_sha224_final(uint8_t out[SHA224_DIGEST_LENGTH],
SHA256_CTX *ctx) {
// This function must be paired with |SHA224_Init|, which sets |ctx->md_len|
- // to |BCM_SHA224_DIGEST_LENGTH|.
- assert(ctx->md_len == BCM_SHA224_DIGEST_LENGTH);
- sha256_final_impl(out, BCM_SHA224_DIGEST_LENGTH, ctx);
+ // to |SHA224_DIGEST_LENGTH|.
+ assert(ctx->md_len == SHA224_DIGEST_LENGTH);
+ sha256_final_impl(out, SHA224_DIGEST_LENGTH, ctx);
return bcm_infallible::approved;
}
diff --git a/crypto/fipsmodule/sha/sha512.cc.inc b/crypto/fipsmodule/sha/sha512.cc.inc
index 0c46df1..5cfbb90 100644
--- a/crypto/fipsmodule/sha/sha512.cc.inc
+++ b/crypto/fipsmodule/sha/sha512.cc.inc
@@ -43,7 +43,7 @@
sha->bytes_so_far_low = 0;
sha->bytes_so_far_high = 0;
sha->num = 0;
- sha->md_len = BCM_SHA384_DIGEST_LENGTH;
+ sha->md_len = SHA384_DIGEST_LENGTH;
return bcm_infallible::approved;
}
@@ -61,7 +61,7 @@
sha->bytes_so_far_low = 0;
sha->bytes_so_far_high = 0;
sha->num = 0;
- sha->md_len = BCM_SHA512_DIGEST_LENGTH;
+ sha->md_len = SHA512_DIGEST_LENGTH;
return bcm_infallible::approved;
}
@@ -78,7 +78,7 @@
sha->bytes_so_far_low = 0;
sha->bytes_so_far_high = 0;
sha->num = 0;
- sha->md_len = BCM_SHA512_256_DIGEST_LENGTH;
+ sha->md_len = SHA512_256_DIGEST_LENGTH;
return bcm_infallible::approved;
}
@@ -88,12 +88,12 @@
#endif
-bcm_infallible BCM_sha384_final(uint8_t out[BCM_SHA384_DIGEST_LENGTH],
+bcm_infallible BCM_sha384_final(uint8_t out[SHA384_DIGEST_LENGTH],
SHA512_CTX *sha) {
// This function must be paired with |BCM_sha384_init|, which sets
- // |sha->md_len| to |BCM_SHA384_DIGEST_LENGTH|.
- assert(sha->md_len == BCM_SHA384_DIGEST_LENGTH);
- sha512_final_impl(out, BCM_SHA384_DIGEST_LENGTH, sha);
+ // |sha->md_len| to |SHA384_DIGEST_LENGTH|.
+ assert(sha->md_len == SHA384_DIGEST_LENGTH);
+ sha512_final_impl(out, SHA384_DIGEST_LENGTH, sha);
return bcm_infallible::approved;
}
@@ -107,12 +107,12 @@
return BCM_sha512_update(sha, data, len);
}
-bcm_infallible BCM_sha512_256_final(uint8_t out[BCM_SHA512_256_DIGEST_LENGTH],
+bcm_infallible BCM_sha512_256_final(uint8_t out[SHA512_256_DIGEST_LENGTH],
SHA512_CTX *sha) {
// This function must be paired with |BCM_sha512_256_init|, which sets
- // |sha->md_len| to |BCM_SHA512_256_DIGEST_LENGTH|.
- assert(sha->md_len == BCM_SHA512_256_DIGEST_LENGTH);
- sha512_final_impl(out, BCM_SHA512_256_DIGEST_LENGTH, sha);
+ // |sha->md_len| to |SHA512_256_DIGEST_LENGTH|.
+ assert(sha->md_len == SHA512_256_DIGEST_LENGTH);
+ sha512_final_impl(out, SHA512_256_DIGEST_LENGTH, sha);
return bcm_infallible::approved;
}
@@ -166,10 +166,10 @@
return bcm_infallible::approved;
}
-bcm_infallible BCM_sha512_final(uint8_t out[BCM_SHA512_DIGEST_LENGTH],
+bcm_infallible BCM_sha512_final(uint8_t out[SHA512_DIGEST_LENGTH],
SHA512_CTX *sha) {
- // Ideally we would assert |sha->md_len| is |BCM_SHA512_DIGEST_LENGTH| to
- // match the size hint, but calling code often pairs |BCM_sha384_init| with
+ // Ideally we would assert |sha->md_len| is |SHA512_DIGEST_LENGTH| to match
+ // the size hint, but calling code often pairs |BCM_sha384_init| with
// |BCM_sha512_final| and expects |sha->md_len| to carry the size over.
//
// TODO(davidben): Add an assert and fix code to match them up.
diff --git a/gen/sources.bzl b/gen/sources.bzl
index 7f77cf0..f96c087 100644
--- a/gen/sources.bzl
+++ b/gen/sources.bzl
@@ -519,7 +519,6 @@
"include/openssl/asn1t.h",
"include/openssl/base.h",
"include/openssl/base64.h",
- "include/openssl/bcm_public.h",
"include/openssl/bio.h",
"include/openssl/blake2.h",
"include/openssl/blowfish.h",
diff --git a/gen/sources.cmake b/gen/sources.cmake
index 32895a8..d149c36 100644
--- a/gen/sources.cmake
+++ b/gen/sources.cmake
@@ -535,7 +535,6 @@
include/openssl/asn1t.h
include/openssl/base.h
include/openssl/base64.h
- include/openssl/bcm_public.h
include/openssl/bio.h
include/openssl/blake2.h
include/openssl/blowfish.h
diff --git a/gen/sources.gni b/gen/sources.gni
index 93f0e69..b14ee29 100644
--- a/gen/sources.gni
+++ b/gen/sources.gni
@@ -519,7 +519,6 @@
"include/openssl/asn1t.h",
"include/openssl/base.h",
"include/openssl/base64.h",
- "include/openssl/bcm_public.h",
"include/openssl/bio.h",
"include/openssl/blake2.h",
"include/openssl/blowfish.h",
diff --git a/gen/sources.json b/gen/sources.json
index 7336522..39141a5 100644
--- a/gen/sources.json
+++ b/gen/sources.json
@@ -502,7 +502,6 @@
"include/openssl/asn1t.h",
"include/openssl/base.h",
"include/openssl/base64.h",
- "include/openssl/bcm_public.h",
"include/openssl/bio.h",
"include/openssl/blake2.h",
"include/openssl/blowfish.h",
diff --git a/gen/sources.mk b/gen/sources.mk
index 5feb9ce..f6d7f79 100644
--- a/gen/sources.mk
+++ b/gen/sources.mk
@@ -512,7 +512,6 @@
include/openssl/asn1t.h \
include/openssl/base.h \
include/openssl/base64.h \
- include/openssl/bcm_public.h \
include/openssl/bio.h \
include/openssl/blake2.h \
include/openssl/blowfish.h \
diff --git a/include/openssl/bcm_public.h b/include/openssl/bcm_public.h
deleted file mode 100644
index e2c0a93..0000000
--- a/include/openssl/bcm_public.h
+++ /dev/null
@@ -1,83 +0,0 @@
-// Copyright 2024 The BoringSSL Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// https://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef OPENSSL_HEADER_BCM_PUBLIC_H_
-#define OPENSSL_HEADER_BCM_PUBLIC_H_
-
-#include <openssl/base.h> // IWYU pragma: export
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-// Public types referenced by BoringCrypto
-//
-// This header contains public types referenced by BCM. Such types are difficult
-// to hide from the libcrypto interface, so we treat them as part of BCM.
-
-// BCM_SHA_CBLOCK is the block size of SHA-1.
-#define BCM_SHA_CBLOCK 64
-
-// SHA_CTX
-struct sha_state_st {
-#if defined(__cplusplus) || defined(OPENSSL_WINDOWS)
- uint32_t h[5];
-#else
- // wpa_supplicant accesses |h0|..|h4| so we must support those names for
- // compatibility with it until it can be updated. Anonymous unions are only
- // standard in C11, so disable this workaround in C++.
- union {
- uint32_t h[5];
- struct {
- uint32_t h0;
- uint32_t h1;
- uint32_t h2;
- uint32_t h3;
- uint32_t h4;
- };
- };
-#endif
- uint32_t Nl, Nh;
- uint8_t data[BCM_SHA_CBLOCK];
- unsigned num;
-};
-
-// SHA256_CBLOCK is the block size of SHA-256.
-#define BCM_SHA256_CBLOCK 64
-
-// SHA256_CTX
-struct sha256_state_st {
- uint32_t h[8];
- uint32_t Nl, Nh;
- uint8_t data[BCM_SHA256_CBLOCK];
- unsigned num, md_len;
-};
-
-// BCM_SHA512_CBLOCK is the block size of SHA-512.
-#define BCM_SHA512_CBLOCK 128
-
-struct sha512_state_st {
- uint64_t h[8];
- uint16_t num, md_len;
- uint32_t bytes_so_far_high;
- uint64_t bytes_so_far_low;
- uint8_t p[BCM_SHA512_CBLOCK];
-};
-
-
-#if defined(__cplusplus)
-} // extern C
-#endif
-
-#endif // OPENSSL_HEADER_BCM_PUBLIC_H_
diff --git a/include/openssl/sha.h b/include/openssl/sha.h
index 4ac28eb..ba17bfa 100644
--- a/include/openssl/sha.h
+++ b/include/openssl/sha.h
@@ -15,8 +15,7 @@
#ifndef OPENSSL_HEADER_SHA_H
#define OPENSSL_HEADER_SHA_H
-#include <openssl/base.h> // IWYU pragma: export
-#include <openssl/bcm_public.h> // IWYU pragma: export
+#include <openssl/base.h> // IWYU pragma: export
// `sha.h` historically included SHA-1 and SHA-2 hash functions. So, for
// backward compatibility `sha2.h` is included here. New uses of this header
@@ -62,6 +61,29 @@
OPENSSL_EXPORT void SHA1_Transform(SHA_CTX *sha,
const uint8_t block[SHA_CBLOCK]);
+struct sha_state_st {
+#if defined(__cplusplus) || defined(OPENSSL_WINDOWS)
+ uint32_t h[5];
+#else
+ // wpa_supplicant accesses |h0|..|h4| so we must support those names for
+ // compatibility with it until it can be updated. Anonymous unions are only
+ // standard in C11, so disable this workaround in C++.
+ union {
+ uint32_t h[5];
+ struct {
+ uint32_t h0;
+ uint32_t h1;
+ uint32_t h2;
+ uint32_t h3;
+ uint32_t h4;
+ };
+ };
+#endif
+ uint32_t Nl, Nh;
+ uint8_t data[SHA_CBLOCK];
+ unsigned num;
+} /* SHA_CTX */;
+
// CRYPTO_fips_186_2_prf derives |out_len| bytes from |xkey| using the PRF
// defined in FIPS 186-2, Appendix 3.1, with change notice 1 applied. The b
// parameter is 160 and seed, XKEY, is also 160 bits. The optional XSEED user
diff --git a/include/openssl/sha2.h b/include/openssl/sha2.h
index 286c416..5fe9f53 100644
--- a/include/openssl/sha2.h
+++ b/include/openssl/sha2.h
@@ -15,8 +15,7 @@
#ifndef OPENSSL_HEADER_SHA2_H
#define OPENSSL_HEADER_SHA2_H
-#include <openssl/base.h> // IWYU pragma: export
-#include <openssl/bcm_public.h> // IWYU pragma: export
+#include <openssl/base.h> // IWYU pragma: export
#if defined(__cplusplus)
extern "C" {
@@ -90,6 +89,13 @@
const uint8_t *data,
size_t num_blocks);
+struct sha256_state_st {
+ uint32_t h[8];
+ uint32_t Nl, Nh;
+ uint8_t data[SHA256_CBLOCK];
+ unsigned num, md_len;
+} /* SHA256_CTX */;
+
// SHA-384.
@@ -150,6 +156,14 @@
OPENSSL_EXPORT void SHA512_Transform(SHA512_CTX *sha,
const uint8_t block[SHA512_CBLOCK]);
+struct sha512_state_st {
+ uint64_t h[8];
+ uint16_t num, md_len;
+ uint32_t bytes_so_far_high;
+ uint64_t bytes_so_far_low;
+ uint8_t p[SHA512_CBLOCK];
+} /* SHA512_CTX */;
+
// SHA-512-256
//
