diff options
author | David Benjamin <davidben@google.com> | 2022-05-25 12:10:15 -0400 |
---|---|---|
committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-05-26 21:52:12 +0000 |
commit | cf506f17d0fe51a43abcc37aecb63601b70218ef (patch) | |
tree | 60b098734801e676ffc1ffe8b4d50911be77b413 /decrepit | |
parent | 2d4f1b85f270fe6fc15dfd39a40015f52972ea2e (diff) | |
download | boringssl-cf506f17d0fe51a43abcc37aecb63601b70218ef.zip boringssl-cf506f17d0fe51a43abcc37aecb63601b70218ef.tar.gz boringssl-cf506f17d0fe51a43abcc37aecb63601b70218ef.tar.bz2 |
Make EVP_CIPHER opaque.
If we're to have any hope of fixing EVP_CIPHER_CTX's calling convention, we
need to be able to change the shape of its method table.
Looking back, it looks like we exported this in
https://boringssl-review.googlesource.com/4330, for OpenSSH. I don't
remember exactly what OpenSSH was doing, but I see in this commit, they
removed a bunch of custom EVP_CIPHERs which would definitely have
required an exported EVP_CIPHER struct:
https://github.com/openssh/openssh-portable/commit/cdccebdf85204bf7542b7fcc1aa2ea3f36661833
That's been gone for a while now, so hopefully we can hide it again. (If
a project needs a cipher not implemented by OpenSSL, it's not strictly
necessarily to make a custom EVP_CIPHER. It might be convenient to reuse
the abstraction, but you can always just call your own APIs directly.)
Update-Note: EVP_CIPHER is now opaque. Use accessors instead.
Bug: 494
Change-Id: I9344690c3cfe7d19d6ca12fb66484ced57dbe869
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52725
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Diffstat (limited to 'decrepit')
-rw-r--r-- | decrepit/blowfish/blowfish.c | 1 | ||||
-rw-r--r-- | decrepit/cast/cast.c | 1 | ||||
-rw-r--r-- | decrepit/cfb/cfb.c | 1 | ||||
-rw-r--r-- | decrepit/xts/xts.c | 3 |
4 files changed, 5 insertions, 1 deletions
diff --git a/decrepit/blowfish/blowfish.c b/decrepit/blowfish/blowfish.c index aa872bc..7c209da 100644 --- a/decrepit/blowfish/blowfish.c +++ b/decrepit/blowfish/blowfish.c @@ -61,6 +61,7 @@ #include <assert.h> #include <string.h> +#include "../../crypto/fipsmodule/cipher/internal.h" #include "../../crypto/internal.h" #include "../macros.h" diff --git a/decrepit/cast/cast.c b/decrepit/cast/cast.c index dffee5c..314e3da 100644 --- a/decrepit/cast/cast.c +++ b/decrepit/cast/cast.c @@ -64,6 +64,7 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3)) OPENSSL_MSVC_PRAGMA(warning(pop)) #endif +#include "../../crypto/fipsmodule/cipher/internal.h" #include "../../crypto/internal.h" #include "internal.h" #include "../macros.h" diff --git a/decrepit/cfb/cfb.c b/decrepit/cfb/cfb.c index fa1cfd4..d231153 100644 --- a/decrepit/cfb/cfb.c +++ b/decrepit/cfb/cfb.c @@ -19,6 +19,7 @@ #include <openssl/aes.h> #include <openssl/obj.h> +#include "../../crypto/fipsmodule/cipher/internal.h" #include "../../crypto/internal.h" typedef struct { diff --git a/decrepit/xts/xts.c b/decrepit/xts/xts.c index a433c3b..8a66f0f 100644 --- a/decrepit/xts/xts.c +++ b/decrepit/xts/xts.c @@ -53,7 +53,8 @@ #include <openssl/aes.h> #include <openssl/cipher.h> -#include "../crypto/fipsmodule/modes/internal.h" +#include "../../crypto/fipsmodule/cipher/internal.h" +#include "../../crypto/fipsmodule/modes/internal.h" typedef struct xts128_context { |