1 /* Copyright (c) 2014, Google Inc. 2 * 3 * Permission to use, copy, modify, and/or distribute this software for any 4 * purpose with or without fee is hereby granted, provided that the above 5 * copyright notice and this permission notice appear in all copies. 6 * 7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 15 #ifndef OPENSSL_HEADER_CRYPTO_H 16 #define OPENSSL_HEADER_CRYPTO_H 17 18 #include <openssl/base.h> 19 #include <openssl/sha.h> 20 21 // Upstream OpenSSL defines |OPENSSL_malloc|, etc., in crypto.h rather than 22 // mem.h. 23 #include <openssl/mem.h> 24 25 // Upstream OpenSSL defines |CRYPTO_LOCK|, etc., in crypto.h rather than 26 // thread.h. 27 #include <openssl/thread.h> 28 29 30 #if defined(__cplusplus) 31 extern "C" { 32 #endif 33 34 35 // crypto.h contains functions for library-wide initialization and properties. 36 37 38 // CRYPTO_is_confidential_build returns one if the linked version of BoringSSL 39 // has been built with the BORINGSSL_CONFIDENTIAL define and zero otherwise. 40 // 41 // This is used by some consumers to identify whether they are using an 42 // internal version of BoringSSL. 43 OPENSSL_EXPORT int CRYPTO_is_confidential_build(void); 44 45 // CRYPTO_has_asm returns one unless BoringSSL was built with OPENSSL_NO_ASM, 46 // in which case it returns zero. 47 OPENSSL_EXPORT int CRYPTO_has_asm(void); 48 49 // BORINGSSL_self_test triggers the FIPS KAT-based self tests. It returns one on 50 // success and zero on error. 51 OPENSSL_EXPORT int BORINGSSL_self_test(void); 52 53 // BORINGSSL_integrity_test triggers the module's integrity test where the code 54 // and data of the module is matched against a hash injected at build time. It 55 // returns one on success or zero if there's a mismatch. This function only 56 // exists if the module was built in FIPS mode without ASAN. 57 OPENSSL_EXPORT int BORINGSSL_integrity_test(void); 58 59 // CRYPTO_pre_sandbox_init initializes the crypto library, pre-acquiring some 60 // unusual resources to aid running in sandboxed environments. It is safe to 61 // call this function multiple times and concurrently from multiple threads. 62 // 63 // For more details on using BoringSSL in a sandboxed environment, see 64 // SANDBOXING.md in the source tree. 65 OPENSSL_EXPORT void CRYPTO_pre_sandbox_init(void); 66 67 #if defined(OPENSSL_ARM) && defined(OPENSSL_LINUX) && \ 68 !defined(OPENSSL_STATIC_ARMCAP) 69 // CRYPTO_needs_hwcap2_workaround returns one if the ARMv8 AArch32 AT_HWCAP2 70 // workaround was needed. See https://crbug.com/boringssl/46. 71 OPENSSL_EXPORT int CRYPTO_needs_hwcap2_workaround(void); 72 #endif // OPENSSL_ARM && OPENSSL_LINUX && !OPENSSL_STATIC_ARMCAP 73 74 75 // FIPS monitoring 76 77 // FIPS_mode returns zero unless BoringSSL is built with BORINGSSL_FIPS, in 78 // which case it returns one. 79 OPENSSL_EXPORT int FIPS_mode(void); 80 81 // fips_counter_t denotes specific APIs/algorithms. A counter is maintained for 82 // each in FIPS mode so that tests can be written to assert that the expected, 83 // FIPS functions are being called by a certain peice of code. 84 enum fips_counter_t { 85 fips_counter_evp_aes_128_gcm = 0, 86 fips_counter_evp_aes_256_gcm = 1, 87 fips_counter_evp_aes_128_ctr = 2, 88 fips_counter_evp_aes_256_ctr = 3, 89 90 fips_counter_max = 3, 91 }; 92 93 // FIPS_read_counter returns a counter of the number of times the specific 94 // function denoted by |counter| has been used. This always returns zero unless 95 // BoringSSL was built with BORINGSSL_FIPS_COUNTERS defined. 96 OPENSSL_EXPORT size_t FIPS_read_counter(enum fips_counter_t counter); 97 98 99 // Deprecated functions. 100 101 // OPENSSL_VERSION_TEXT contains a string the identifies the version of 102 // “OpenSSL”. node.js requires a version number in this text. 103 #define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1 (compatible; BoringSSL)" 104 105 #define OPENSSL_VERSION 0 106 #define OPENSSL_CFLAGS 1 107 #define OPENSSL_BUILT_ON 2 108 #define OPENSSL_PLATFORM 3 109 #define OPENSSL_DIR 4 110 111 // OpenSSL_version is a compatibility function that returns the string 112 // "BoringSSL" if |which| is |OPENSSL_VERSION| and placeholder strings 113 // otherwise. 114 OPENSSL_EXPORT const char *OpenSSL_version(int which); 115 116 #define SSLEAY_VERSION OPENSSL_VERSION 117 #define SSLEAY_CFLAGS OPENSSL_CFLAGS 118 #define SSLEAY_BUILT_ON OPENSSL_BUILT_ON 119 #define SSLEAY_PLATFORM OPENSSL_PLATFORM 120 #define SSLEAY_DIR OPENSSL_DIR 121 122 // SSLeay_version calls |OpenSSL_version|. 123 OPENSSL_EXPORT const char *SSLeay_version(int which); 124 125 // SSLeay is a compatibility function that returns OPENSSL_VERSION_NUMBER from 126 // base.h. 127 OPENSSL_EXPORT unsigned long SSLeay(void); 128 129 // OpenSSL_version_num is a compatibility function that returns 130 // OPENSSL_VERSION_NUMBER from base.h. 131 OPENSSL_EXPORT unsigned long OpenSSL_version_num(void); 132 133 // CRYPTO_malloc_init returns one. 134 OPENSSL_EXPORT int CRYPTO_malloc_init(void); 135 136 // OPENSSL_malloc_init returns one. 137 OPENSSL_EXPORT int OPENSSL_malloc_init(void); 138 139 // ENGINE_load_builtin_engines does nothing. 140 OPENSSL_EXPORT void ENGINE_load_builtin_engines(void); 141 142 // ENGINE_register_all_complete returns one. 143 OPENSSL_EXPORT int ENGINE_register_all_complete(void); 144 145 // OPENSSL_load_builtin_modules does nothing. 146 OPENSSL_EXPORT void OPENSSL_load_builtin_modules(void); 147 148 #define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0 149 #define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0 150 #define OPENSSL_INIT_ADD_ALL_CIPHERS 0 151 #define OPENSSL_INIT_ADD_ALL_DIGESTS 0 152 #define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0 153 #define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0 154 #define OPENSSL_INIT_LOAD_CONFIG 0 155 #define OPENSSL_INIT_NO_LOAD_CONFIG 0 156 #define OPENSSL_INIT_NO_ATEXIT 0 157 158 // OPENSSL_init_crypto returns one. 159 OPENSSL_EXPORT int OPENSSL_init_crypto(uint64_t opts, 160 const OPENSSL_INIT_SETTINGS *settings); 161 162 // OPENSSL_cleanup does nothing. 163 OPENSSL_EXPORT void OPENSSL_cleanup(void); 164 165 // FIPS_mode_set returns one if |on| matches whether BoringSSL was built with 166 // |BORINGSSL_FIPS| and zero otherwise. 167 OPENSSL_EXPORT int FIPS_mode_set(int on); 168 169 // FIPS_module_name returns the name of the FIPS module. 170 OPENSSL_EXPORT const char *FIPS_module_name(void); 171 172 // FIPS_module_hash returns the 32-byte hash of the FIPS module. 173 OPENSSL_EXPORT const uint8_t* FIPS_module_hash(void); 174 175 // FIPS_version returns the version of the FIPS module, or zero if the build 176 // isn't exactly at a verified version. The version, expressed in base 10, will 177 // be a date in the form yyyymmddXX where XX is often "00", but can be 178 // incremented if multiple versions are defined on a single day. 179 // 180 // (This format exceeds a |uint32_t| in the year 4294.) 181 OPENSSL_EXPORT uint32_t FIPS_version(void); 182 183 // FIPS_query_algorithm_status returns one if |algorithm| is FIPS validated in 184 // the current BoringSSL and zero otherwise. 185 OPENSSL_EXPORT int FIPS_query_algorithm_status(const char *algorithm); 186 187 #if defined(OPENSSL_ARM) && defined(OPENSSL_LINUX) && \ 188 !defined(OPENSSL_STATIC_ARMCAP) 189 // CRYPTO_has_broken_NEON returns zero. 190 OPENSSL_EXPORT int CRYPTO_has_broken_NEON(void); 191 #endif 192 193 // CRYPTO_library_init does nothing. Historically, it was needed in some build 194 // configurations to initialization the library. This is no longer necessary. 195 OPENSSL_EXPORT void CRYPTO_library_init(void); 196 197 198 #if defined(__cplusplus) 199 } // extern C 200 #endif 201 202 #endif // OPENSSL_HEADER_CRYPTO_H 203