From e5b708383649146cbba45373bdf15a2e3c39240a Mon Sep 17 00:00:00 2001 From: Todd Short Date: Fri, 9 Jul 2021 13:29:03 -0400 Subject: [PATCH 36/43] QUIC: Don't muck with FIPS checksums --- apps/info.c | 1 + crypto/info.c | 1 + include/openssl/crypto.h.in | 4 ---- include/openssl/evp.h | 4 ---- include/openssl/quic.h | 19 +++++++++++++++++++ include/openssl/ssl.h.in | 9 +++++++++ include/openssl/types.h | 2 -- 7 files changed, 30 insertions(+), 10 deletions(-) create mode 100644 include/openssl/quic.h --- a/apps/info.c +++ b/apps/info.c @@ -10,6 +10,7 @@ #include #include "apps.h" #include "progs.h" +#include typedef enum OPTION_choice { OPT_COMMON, --- a/crypto/info.c +++ b/crypto/info.c @@ -14,6 +14,7 @@ #include "internal/cryptlib.h" #include "e_os.h" #include "buildinf.h" +#include #if defined(__arm__) || defined(__arm) || defined(__aarch64__) # include "arm_arch.h" --- a/include/openssl/crypto.h.in +++ b/include/openssl/crypto.h.in @@ -176,10 +176,6 @@ const char *OPENSSL_info(int type); # define OPENSSL_INFO_SEED_SOURCE 1007 # define OPENSSL_INFO_CPU_SETTINGS 1008 -# ifndef OPENSSL_NO_QUIC -# define OPENSSL_INFO_QUIC 2000 -# endif - int OPENSSL_issetugid(void); struct crypto_ex_data_st { --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1742,10 +1742,6 @@ int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CT */ # define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 -/* Used by Chromium/QUIC */ -# define X25519_PRIVATE_KEY_LEN 32 -# define X25519_PUBLIC_VALUE_LEN 32 - # ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); OSSL_DEPRECATEDIN_3_0 EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); --- /dev/null +++ b/include/openssl/quic.h @@ -0,0 +1,19 @@ +/* + * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_QUIC_H +# define OPENSSL_QUIC_H +# pragma once +# ifndef OPENSSL_NO_QUIC + +/* moved from crypto.h.in to avoid breaking FIPS checksums */ +# define OPENSSL_INFO_QUIC 2000 + +# endif /* OPENSSL_NO_QUIC */ +#endif /* OPENSSL_QUIC_H */ --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -2528,6 +2528,15 @@ const char *OSSL_default_ciphersuites(vo * ssl_encryption_level_t represents a specific QUIC encryption level used to * transmit handshake messages. BoringSSL has this as an 'enum'. */ +#include + +/* Used by Chromium/QUIC - moved from evp.h to avoid breaking FIPS checksums */ +# define X25519_PRIVATE_KEY_LEN 32 +# define X25519_PUBLIC_VALUE_LEN 32 + +/* moved from types.h to avoid breaking FIPS checksums */ +typedef struct ssl_quic_method_st SSL_QUIC_METHOD; + typedef enum ssl_encryption_level_t { ssl_encryption_initial = 0, ssl_encryption_early_data, --- a/include/openssl/types.h +++ b/include/openssl/types.h @@ -229,8 +229,6 @@ typedef struct ossl_decoder_ctx_st OSSL_ typedef struct ossl_self_test_st OSSL_SELF_TEST; -typedef struct ssl_quic_method_st SSL_QUIC_METHOD; - #ifdef __cplusplus } #endif