From 2fe8b94066f1063ec78b0502052e4558379514a0 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Wed, 15 Mar 2023 07:34:43 -0400
Subject: [PATCH] Enable X/Ed25519 support on BoringSSL

---
 openssl/src/pkey.rs | 36 ++++++++++++++++++++----------------
 openssl/src/sign.rs | 12 ++++++------
 2 files changed, 26 insertions(+), 22 deletions(-)

diff --git a/openssl/src/pkey.rs b/openssl/src/pkey.rs
index 780bd637e5..ca9e08b253 100644
--- a/openssl/src/pkey.rs
+++ b/openssl/src/pkey.rs
@@ -47,7 +47,7 @@ use crate::dh::Dh;
 use crate::dsa::Dsa;
 use crate::ec::EcKey;
 use crate::error::ErrorStack;
-#[cfg(ossl110)]
+#[cfg(any(ossl110, boringssl))]
 use crate::pkey_ctx::PkeyCtx;
 use crate::rsa::Rsa;
 use crate::symm::Cipher;
@@ -89,11 +89,11 @@ impl Id {
     #[cfg(ossl110)]
     pub const HKDF: Id = Id(ffi::EVP_PKEY_HKDF);
 
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     pub const ED25519: Id = Id(ffi::EVP_PKEY_ED25519);
     #[cfg(ossl111)]
     pub const ED448: Id = Id(ffi::EVP_PKEY_ED448);
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     pub const X25519: Id = Id(ffi::EVP_PKEY_X25519);
     #[cfg(ossl111)]
     pub const X448: Id = Id(ffi::EVP_PKEY_X448);
@@ -252,7 +252,7 @@ where
     /// This function only works for algorithms that support raw public keys.
     /// Currently this is: [`Id::X25519`], [`Id::ED25519`], [`Id::X448`] or [`Id::ED448`].
     #[corresponds(EVP_PKEY_get_raw_public_key)]
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     pub fn raw_public_key(&self) -> Result<Vec<u8>, ErrorStack> {
         unsafe {
             let mut len = 0;
@@ -303,7 +303,7 @@ where
     /// This function only works for algorithms that support raw private keys.
     /// Currently this is: [`Id::HMAC`], [`Id::X25519`], [`Id::ED25519`], [`Id::X448`] or [`Id::ED448`].
     #[corresponds(EVP_PKEY_get_raw_private_key)]
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     pub fn raw_private_key(&self) -> Result<Vec<u8>, ErrorStack> {
         unsafe {
             let mut len = 0;
@@ -503,7 +503,7 @@ impl PKey<Private> {
         ctx.keygen()
     }
 
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     fn generate_eddsa(id: Id) -> Result<PKey<Private>, ErrorStack> {
         let mut ctx = PkeyCtx::new_id(id)?;
         ctx.keygen_init()?;
@@ -533,7 +533,7 @@ impl PKey<Private> {
     /// assert_eq!(secret.len(), 32);
     /// # Ok(()) }
     /// ```
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     pub fn generate_x25519() -> Result<PKey<Private>, ErrorStack> {
         PKey::generate_eddsa(Id::X25519)
     }
@@ -587,7 +587,7 @@ impl PKey<Private> {
     /// assert_eq!(signature.len(), 64);
     /// # Ok(()) }
     /// ```
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     pub fn generate_ed25519() -> Result<PKey<Private>, ErrorStack> {
         PKey::generate_eddsa(Id::ED25519)
     }
@@ -737,7 +737,7 @@ impl PKey<Private> {
     ///
     /// Algorithm types that support raw private keys are HMAC, X25519, ED25519, X448 or ED448
     #[corresponds(EVP_PKEY_new_raw_private_key)]
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     pub fn private_key_from_raw_bytes(
         bytes: &[u8],
         key_type: Id,
@@ -778,7 +778,7 @@ impl PKey<Public> {
     ///
     /// Algorithm types that support raw public keys are X25519, ED25519, X448 or ED448
     #[corresponds(EVP_PKEY_new_raw_public_key)]
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     pub fn public_key_from_raw_bytes(
         bytes: &[u8],
         key_type: Id,
@@ -1084,7 +1084,7 @@ mod tests {
         assert_eq!(&g, dh_.generator());
     }
 
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     fn test_raw_public_key(gen: fn() -> Result<PKey<Private>, ErrorStack>, key_type: Id) {
         // Generate a new key
         let key = gen().unwrap();
@@ -1100,7 +1100,7 @@ mod tests {
         );
     }
 
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     fn test_raw_private_key(gen: fn() -> Result<PKey<Private>, ErrorStack>, key_type: Id) {
         // Generate a new key
         let key = gen().unwrap();
@@ -1111,26 +1111,30 @@ mod tests {
 
         // Compare the der encoding of the original and raw / restored public key
         assert_eq!(
-            key.private_key_to_der().unwrap(),
-            from_raw.private_key_to_der().unwrap()
+            key.private_key_to_pkcs8().unwrap(),
+            from_raw.private_key_to_pkcs8().unwrap()
         );
     }
 
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     #[test]
     fn test_raw_public_key_bytes() {
         test_raw_public_key(PKey::generate_x25519, Id::X25519);
         test_raw_public_key(PKey::generate_ed25519, Id::ED25519);
+        #[cfg(not(boringssl))]
         test_raw_public_key(PKey::generate_x448, Id::X448);
+        #[cfg(not(boringssl))]
         test_raw_public_key(PKey::generate_ed448, Id::ED448);
     }
 
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     #[test]
     fn test_raw_private_key_bytes() {
         test_raw_private_key(PKey::generate_x25519, Id::X25519);
         test_raw_private_key(PKey::generate_ed25519, Id::ED25519);
+        #[cfg(not(boringssl))]
         test_raw_private_key(PKey::generate_x448, Id::X448);
+        #[cfg(not(boringssl))]
         test_raw_private_key(PKey::generate_ed448, Id::ED448);
     }
 
diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs
index 51738651c6..1c13a625b3 100644
--- a/openssl/src/sign.rs
+++ b/openssl/src/sign.rs
@@ -290,7 +290,7 @@ impl<'a> Signer<'a> {
         self.len_intern()
     }
 
-    #[cfg(not(ossl111))]
+    #[cfg(all(not(ossl111), not(boringssl)))]
     fn len_intern(&self) -> Result<usize, ErrorStack> {
         unsafe {
             let mut len = 0;
@@ -303,7 +303,7 @@ impl<'a> Signer<'a> {
         }
     }
 
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     fn len_intern(&self) -> Result<usize, ErrorStack> {
         unsafe {
             let mut len = 0;
@@ -360,7 +360,7 @@ impl<'a> Signer<'a> {
     /// OpenSSL documentation at [`EVP_DigestSign`].
     ///
     /// [`EVP_DigestSign`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestSign.html
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     pub fn sign_oneshot(
         &mut self,
         sig_buf: &mut [u8],
@@ -382,7 +382,7 @@ impl<'a> Signer<'a> {
     /// Returns the signature.
     ///
     /// This is a simple convenience wrapper over `len` and `sign_oneshot`.
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     pub fn sign_oneshot_to_vec(&mut self, data_buf: &[u8]) -> Result<Vec<u8>, ErrorStack> {
         let mut sig_buf = vec![0; self.len()?];
         let len = self.sign_oneshot(&mut sig_buf, data_buf)?;
@@ -596,7 +596,7 @@ impl<'a> Verifier<'a> {
     /// OpenSSL documentation at [`EVP_DigestVerify`].
     ///
     /// [`EVP_DigestVerify`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestVerify.html
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     pub fn verify_oneshot(&mut self, signature: &[u8], buf: &[u8]) -> Result<bool, ErrorStack> {
         unsafe {
             let r = ffi::EVP_DigestVerify(
@@ -846,7 +846,7 @@ mod test {
     }
 
     #[test]
-    #[cfg(ossl111)]
+    #[cfg(any(ossl111, boringssl))]
     fn eddsa() {
         let key = PKey::generate_ed25519().unwrap();