grpc 0.12.0 → 0.13.0.pre1.1

data/third_party/boringssl/crypto/ecdsa/ecdsa_asn1.c

@@ -0,0 +1,240 @@
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com). */
+
+#include <openssl/ecdsa.h>
+
+#include <limits.h>
+#include <string.h>
+
+#include <openssl/bn.h>
+#include <openssl/bytestring.h>
+#include <openssl/err.h>
+#include <openssl/ec_key.h>
+#include <openssl/mem.h>
+
+#include "../ec/internal.h"
+
+
+size_t ECDSA_size(const EC_KEY *key) {
+  if (key == NULL) {
+    return 0;
+  }
+
+  size_t group_order_size;
+  if (key->ecdsa_meth && key->ecdsa_meth->group_order_size) {
+    group_order_size = key->ecdsa_meth->group_order_size(key);
+  } else {
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    if (group == NULL) {
+      return 0;
+    }
+
+    group_order_size = BN_num_bytes(EC_GROUP_get0_order(group));
+  }
+
+  return ECDSA_SIG_max_len(group_order_size);
+}
+
+ECDSA_SIG *ECDSA_SIG_new(void) {
+  ECDSA_SIG *sig = OPENSSL_malloc(sizeof(ECDSA_SIG));
+  if (sig == NULL) {
+    return NULL;
+  }
+  sig->r = BN_new();
+  sig->s = BN_new();
+  if (sig->r == NULL || sig->s == NULL) {
+    ECDSA_SIG_free(sig);
+    return NULL;
+  }
+  return sig;
+}
+
+void ECDSA_SIG_free(ECDSA_SIG *sig) {
+  if (sig == NULL) {
+    return;
+  }
+
+  BN_free(sig->r);
+  BN_free(sig->s);
+  OPENSSL_free(sig);
+}
+
+ECDSA_SIG *ECDSA_SIG_parse(CBS *cbs) {
+  ECDSA_SIG *ret = ECDSA_SIG_new();
+  if (ret == NULL) {
+    return NULL;
+  }
+  CBS child;
+  if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||
+      !BN_cbs2unsigned(&child, ret->r) ||
+      !BN_cbs2unsigned(&child, ret->s) ||
+      CBS_len(&child) != 0) {
+    OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);
+    ECDSA_SIG_free(ret);
+    return NULL;
+  }
+  return ret;
+}
+
+ECDSA_SIG *ECDSA_SIG_from_bytes(const uint8_t *in, size_t in_len) {
+  CBS cbs;
+  CBS_init(&cbs, in, in_len);
+  ECDSA_SIG *ret = ECDSA_SIG_parse(&cbs);
+  if (ret == NULL || CBS_len(&cbs) != 0) {
+    OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);
+    ECDSA_SIG_free(ret);
+    return NULL;
+  }
+  return ret;
+}
+
+int ECDSA_SIG_marshal(CBB *cbb, const ECDSA_SIG *sig) {
+  CBB child;
+  if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) ||
+      !BN_bn2cbb(&child, sig->r) ||
+      !BN_bn2cbb(&child, sig->s) ||
+      !CBB_flush(cbb)) {
+    OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR);
+    return 0;
+  }
+  return 1;
+}
+
+int ECDSA_SIG_to_bytes(uint8_t **out_bytes, size_t *out_len,
+                       const ECDSA_SIG *sig) {
+  CBB cbb;
+  CBB_zero(&cbb);
+  if (!CBB_init(&cbb, 0) ||
+      !ECDSA_SIG_marshal(&cbb, sig) ||
+      !CBB_finish(&cbb, out_bytes, out_len)) {
+    OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR);
+    CBB_cleanup(&cbb);
+    return 0;
+  }
+  return 1;
+}
+
+/* der_len_len returns the number of bytes needed to represent a length of |len|
+ * in DER. */
+static size_t der_len_len(size_t len) {
+  if (len < 0x80) {
+    return 1;
+  }
+  size_t ret = 1;
+  while (len > 0) {
+    ret++;
+    len >>= 8;
+  }
+  return ret;
+}
+
+size_t ECDSA_SIG_max_len(size_t order_len) {
+  /* Compute the maximum length of an |order_len| byte integer. Defensively
+   * assume that the leading 0x00 is included. */
+  size_t integer_len = 1 /* tag */ + der_len_len(order_len + 1) + 1 + order_len;
+  if (integer_len < order_len) {
+    return 0;
+  }
+  /* An ECDSA signature is two INTEGERs. */
+  size_t value_len = 2 * integer_len;
+  if (value_len < integer_len) {
+    return 0;
+  }
+  /* Add the header. */
+  size_t ret = 1 /* tag */ + der_len_len(value_len) + value_len;
+  if (ret < value_len) {
+    return 0;
+  }
+  return ret;
+}
+
+ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **out, const uint8_t **inp, long len) {
+  if (len < 0) {
+    return NULL;
+  }
+  CBS cbs;
+  CBS_init(&cbs, *inp, (size_t)len);
+  ECDSA_SIG *ret = ECDSA_SIG_parse(&cbs);
+  if (ret == NULL) {
+    return NULL;
+  }
+  if (out != NULL) {
+    ECDSA_SIG_free(*out);
+    *out = ret;
+  }
+  *inp += (size_t)len - CBS_len(&cbs);
+  return ret;
+}
+
+int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp) {
+  uint8_t *der;
+  size_t der_len;
+  if (!ECDSA_SIG_to_bytes(&der, &der_len, sig)) {
+    return -1;
+  }
+  if (der_len > INT_MAX) {
+    OPENSSL_PUT_ERROR(ECDSA, ERR_R_OVERFLOW);
+    OPENSSL_free(der);
+    return -1;
+  }
+  if (outp != NULL) {
+    if (*outp == NULL) {
+      *outp = der;
+      der = NULL;
+    } else {
+      memcpy(*outp, der, der_len);
+      *outp += der_len;
+    }
+  }
+  OPENSSL_free(der);
+  return (int)der_len;
+}

data/third_party/boringssl/crypto/engine/engine.c

@@ -0,0 +1,96 @@
+/* Copyright (c) 2014, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <openssl/engine.h>
+
+#include <string.h>
+#include <assert.h>
+
+#include <openssl/ec_key.h>
+#include <openssl/err.h>
+#include <openssl/mem.h>
+#include <openssl/rsa.h>
+#include <openssl/thread.h>
+
+
+struct engine_st {
+  RSA_METHOD *rsa_method;
+  ECDSA_METHOD *ecdsa_method;
+};
+
+ENGINE *ENGINE_new(void) {
+  ENGINE *engine = OPENSSL_malloc(sizeof(ENGINE));
+  if (engine == NULL) {
+    return NULL;
+  }
+
+  memset(engine, 0, sizeof(ENGINE));
+  return engine;
+}
+
+void ENGINE_free(ENGINE *engine) {
+  /* Methods are currently required to be static so are not unref'ed. */
+  OPENSSL_free(engine);
+}
+
+/* set_method takes a pointer to a method and its given size and sets
+ * |*out_member| to point to it. This function might want to be extended in the
+ * future to support making a copy of the method so that a stable ABI for
+ * ENGINEs can be supported. But, for the moment, all *_METHODS must be
+ * static. */
+static int set_method(void **out_member, const void *method, size_t method_size,
+                      size_t compiled_size) {
+  const struct openssl_method_common_st *common = method;
+  if (method_size != compiled_size || !common->is_static) {
+    return 0;
+  }
+
+  *out_member = (void*) method;
+  return 1;
+}
+
+int ENGINE_set_RSA_method(ENGINE *engine, const RSA_METHOD *method,
+                         size_t method_size) {
+  return set_method((void **)&engine->rsa_method, method, method_size,
+                    sizeof(RSA_METHOD));
+}
+
+RSA_METHOD *ENGINE_get_RSA_method(const ENGINE *engine) {
+  return engine->rsa_method;
+}
+
+int ENGINE_set_ECDSA_method(ENGINE *engine, const ECDSA_METHOD *method,
+                            size_t method_size) {
+  return set_method((void **)&engine->ecdsa_method, method, method_size,
+                    sizeof(ECDSA_METHOD));
+}
+
+ECDSA_METHOD *ENGINE_get_ECDSA_method(const ENGINE *engine) {
+  return engine->ecdsa_method;
+}
+
+void METHOD_ref(void *method_in) {
+  assert(((struct openssl_method_common_st*) method_in)->is_static);
+}
+
+void METHOD_unref(void *method_in) {
+  struct openssl_method_common_st *method = method_in;
+
+  if (method == NULL) {
+    return;
+  }
+  assert(method->is_static);
+}
+
+OPENSSL_DECLARE_ERROR_REASON(ENGINE, OPERATION_NOT_SUPPORTED);

data/third_party/boringssl/crypto/err/err.c

@@ -0,0 +1,756 @@
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com). */
+
+#include <openssl/err.h>
+
+#include <assert.h>
+#include <errno.h>
+#include <inttypes.h>
+#include <string.h>
+
+#if defined(OPENSSL_WINDOWS)
+#pragma warning(push, 3)
+#include <windows.h>
+#pragma warning(pop)
+#endif
+
+#include <openssl/mem.h>
+#include <openssl/thread.h>
+
+#include "../internal.h"
+
+
+extern const uint32_t kOpenSSLReasonValues[];
+extern const size_t kOpenSSLReasonValuesLen;
+extern const char kOpenSSLReasonStringData[];
+
+/* err_clear_data frees the optional |data| member of the given error. */
+static void err_clear_data(struct err_error_st *error) {
+  if ((error->flags & ERR_FLAG_MALLOCED) != 0) {
+    OPENSSL_free(error->data);
+  }
+  error->data = NULL;
+  error->flags &= ~ERR_FLAG_MALLOCED;
+}
+
+/* err_clear clears the given queued error. */
+static void err_clear(struct err_error_st *error) {
+  err_clear_data(error);
+  memset(error, 0, sizeof(struct err_error_st));
+}
+
+/* global_next_library contains the next custom library value to return. */
+static int global_next_library = ERR_NUM_LIBS;
+
+/* global_next_library_mutex protects |global_next_library| from concurrent
+ * updates. */
+static struct CRYPTO_STATIC_MUTEX global_next_library_mutex =
+    CRYPTO_STATIC_MUTEX_INIT;
+
+static void err_state_free(void *statep) {
+  ERR_STATE *state = statep;
+
+  if (state == NULL) {
+    return;
+  }
+
+  unsigned i;
+  for (i = 0; i < ERR_NUM_ERRORS; i++) {
+    err_clear(&state->errors[i]);
+  }
+  OPENSSL_free(state->to_free);
+  OPENSSL_free(state);
+}
+
+/* err_get_state gets the ERR_STATE object for the current thread. */
+static ERR_STATE *err_get_state(void) {
+  ERR_STATE *state = CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_ERR);
+  if (state == NULL) {
+    state = OPENSSL_malloc(sizeof(ERR_STATE));
+    if (state == NULL) {
+      return NULL;
+    }
+    memset(state, 0, sizeof(ERR_STATE));
+    if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_ERR, state,
+                                 err_state_free)) {
+      return NULL;
+    }
+  }
+
+  return state;
+}
+
+static uint32_t get_error_values(int inc, int top, const char **file, int *line,
+                                 const char **data, int *flags) {
+  unsigned i = 0;
+  ERR_STATE *state;
+  struct err_error_st *error;
+  uint32_t ret;
+
+  state = err_get_state();
+  if (state == NULL || state->bottom == state->top) {
+    return 0;
+  }
+
+  if (top) {
+    assert(!inc);
+    /* last error */
+    i = state->top;
+  } else {
+    i = (state->bottom + 1) % ERR_NUM_ERRORS;
+  }
+
+  error = &state->errors[i];
+  ret = error->packed;
+
+  if (file != NULL && line != NULL) {
+    if (error->file == NULL) {
+      *file = "NA";
+      *line = 0;
+    } else {
+      *file = error->file;
+      *line = error->line;
+    }
+  }
+
+  if (data != NULL) {
+    if (error->data == NULL) {
+      *data = "";
+      if (flags != NULL) {
+        *flags = 0;
+      }
+    } else {
+      *data = error->data;
+      if (flags != NULL) {
+        *flags = error->flags & ERR_FLAG_PUBLIC_MASK;
+      }
+      /* If this error is being removed, take ownership of data from
+       * the error. The semantics are such that the caller doesn't
+       * take ownership either. Instead the error system takes
+       * ownership and retains it until the next call that affects the
+       * error queue. */
+      if (inc) {
+        if (error->flags & ERR_FLAG_MALLOCED) {
+          OPENSSL_free(state->to_free);
+          state->to_free = error->data;
+        }
+        error->data = NULL;
+        error->flags = 0;
+      }
+    }
+  }
+
+  if (inc) {
+    assert(!top);
+    err_clear(error);
+    state->bottom = i;
+  }
+
+  return ret;
+}
+
+uint32_t ERR_get_error(void) {
+  return get_error_values(1 /* inc */, 0 /* bottom */, NULL, NULL, NULL, NULL);
+}
+
+uint32_t ERR_get_error_line(const char **file, int *line) {
+  return get_error_values(1 /* inc */, 0 /* bottom */, file, line, NULL, NULL);
+}
+
+uint32_t ERR_get_error_line_data(const char **file, int *line,
+                                 const char **data, int *flags) {
+  return get_error_values(1 /* inc */, 0 /* bottom */, file, line, data, flags);
+}
+
+uint32_t ERR_peek_error(void) {
+  return get_error_values(0 /* peek */, 0 /* bottom */, NULL, NULL, NULL, NULL);
+}
+
+uint32_t ERR_peek_error_line(const char **file, int *line) {
+  return get_error_values(0 /* peek */, 0 /* bottom */, file, line, NULL, NULL);
+}
+
+uint32_t ERR_peek_error_line_data(const char **file, int *line,
+                                  const char **data, int *flags) {
+  return get_error_values(0 /* peek */, 0 /* bottom */, file, line, data,
+                          flags);
+}
+
+uint32_t ERR_peek_last_error(void) {
+  return get_error_values(0 /* peek */, 1 /* top */, NULL, NULL, NULL, NULL);
+}
+
+uint32_t ERR_peek_last_error_line(const char **file, int *line) {
+  return get_error_values(0 /* peek */, 1 /* top */, file, line, NULL, NULL);
+}
+
+uint32_t ERR_peek_last_error_line_data(const char **file, int *line,
+                                       const char **data, int *flags) {
+  return get_error_values(0 /* peek */, 1 /* top */, file, line, data, flags);
+}
+
+void ERR_clear_error(void) {
+  ERR_STATE *const state = err_get_state();
+  unsigned i;
+
+  if (state == NULL) {
+    return;
+  }
+
+  for (i = 0; i < ERR_NUM_ERRORS; i++) {
+    err_clear(&state->errors[i]);
+  }
+  OPENSSL_free(state->to_free);
+  state->to_free = NULL;
+
+  state->top = state->bottom = 0;
+}
+
+void ERR_remove_thread_state(const CRYPTO_THREADID *tid) {
+  if (tid != NULL) {
+    assert(0);
+    return;
+  }
+
+  ERR_clear_error();
+}
+
+int ERR_get_next_error_library(void) {
+  int ret;
+
+  CRYPTO_STATIC_MUTEX_lock_write(&global_next_library_mutex);
+  ret = global_next_library++;
+  CRYPTO_STATIC_MUTEX_unlock(&global_next_library_mutex);
+
+  return ret;
+}
+
+void ERR_remove_state(unsigned long pid) {
+  ERR_clear_error();
+}
+
+void ERR_clear_system_error(void) {
+  errno = 0;
+}
+
+char *ERR_error_string(uint32_t packed_error, char *ret) {
+  static char buf[ERR_ERROR_STRING_BUF_LEN];
+
+  if (ret == NULL) {
+    /* TODO(fork): remove this. */
+    ret = buf;
+  }
+
+#if !defined(NDEBUG)
+  /* This is aimed to help catch callers who don't provide
+   * |ERR_ERROR_STRING_BUF_LEN| bytes of space. */
+  memset(ret, 0, ERR_ERROR_STRING_BUF_LEN);
+#endif
+
+  ERR_error_string_n(packed_error, ret, ERR_ERROR_STRING_BUF_LEN);
+
+  return ret;
+}
+
+void ERR_error_string_n(uint32_t packed_error, char *buf, size_t len) {
+  char lib_buf[64], reason_buf[64];
+  const char *lib_str, *reason_str;
+  unsigned lib, reason;
+
+  if (len == 0) {
+    return;
+  }
+
+  lib = ERR_GET_LIB(packed_error);
+  reason = ERR_GET_REASON(packed_error);
+
+  lib_str = ERR_lib_error_string(packed_error);
+  reason_str = ERR_reason_error_string(packed_error);
+
+  if (lib_str == NULL) {
+    BIO_snprintf(lib_buf, sizeof(lib_buf), "lib(%u)", lib);
+    lib_str = lib_buf;
+  }
+
+ if (reason_str == NULL) {
+    BIO_snprintf(reason_buf, sizeof(reason_buf), "reason(%u)", reason);
+    reason_str = reason_buf;
+  }
+
+  BIO_snprintf(buf, len, "error:%08" PRIx32 ":%s:OPENSSL_internal:%s",
+               packed_error, lib_str, reason_str);
+
+  if (strlen(buf) == len - 1) {
+    /* output may be truncated; make sure we always have 5 colon-separated
+     * fields, i.e. 4 colons. */
+    static const unsigned num_colons = 4;
+    unsigned i;
+    char *s = buf;
+
+    if (len <= num_colons) {
+      /* In this situation it's not possible to ensure that the correct number
+       * of colons are included in the output. */
+      return;
+    }
+
+    for (i = 0; i < num_colons; i++) {
+      char *colon = strchr(s, ':');
+      char *last_pos = &buf[len - 1] - num_colons + i;
+
+      if (colon == NULL || colon > last_pos) {
+        /* set colon |i| at last possible position (buf[len-1] is the
+         * terminating 0). If we're setting this colon, then all whole of the
+         * rest of the string must be colons in order to have the correct
+         * number. */
+        memset(last_pos, ':', num_colons - i);
+        break;
+      }
+
+      s = colon + 1;
+    }
+  }
+}
+
+// err_string_cmp is a compare function for searching error values with
+// |bsearch| in |err_string_lookup|.
+static int err_string_cmp(const void *a, const void *b) {
+  const uint32_t a_key = *((const uint32_t*) a) >> 15;
+  const uint32_t b_key = *((const uint32_t*) b) >> 15;
+
+  if (a_key < b_key) {
+    return -1;
+  } else if (a_key > b_key) {
+    return 1;
+  } else {
+    return 0;
+  }
+}
+
+/* err_string_lookup looks up the string associated with |lib| and |key| in
+ * |values| and |string_data|. It returns the string or NULL if not found. */
+static const char *err_string_lookup(uint32_t lib, uint32_t key,
+                                     const uint32_t *values,
+                                     size_t num_values,
+                                     const char *string_data) {
+  /* |values| points to data in err_data.h, which is generated by
+   * err_data_generate.go. It's an array of uint32_t values. Each value has the
+   * following structure:
+   *   | lib  |    key    |    offset     |
+   *   |6 bits|  11 bits  |    15 bits    |
+   *
+   * The |lib| value is a library identifier: one of the |ERR_LIB_*| values.
+   * The |key| is a reason code, depending on the context.
+   * The |offset| is the number of bytes from the start of |string_data| where
+   * the (NUL terminated) string for this value can be found.
+   *
+   * Values are sorted based on treating the |lib| and |key| part as an
+   * unsigned integer. */
+  if (lib >= (1 << 6) || key >= (1 << 11)) {
+    return NULL;
+  }
+  uint32_t search_key = lib << 26 | key << 15;
+  const uint32_t *result = bsearch(&search_key, values, num_values,
+                                   sizeof(uint32_t), err_string_cmp);
+  if (result == NULL) {
+    return NULL;
+  }
+
+  return &string_data[(*result) & 0x7fff];
+}
+
+static const char *const kLibraryNames[ERR_NUM_LIBS] = {
+    "invalid library (0)",
+    "unknown library",                            /* ERR_LIB_NONE */
+    "system library",                             /* ERR_LIB_SYS */
+    "bignum routines",                            /* ERR_LIB_BN */
+    "RSA routines",                               /* ERR_LIB_RSA */
+    "Diffie-Hellman routines",                    /* ERR_LIB_DH */
+    "public key routines",                        /* ERR_LIB_EVP */
+    "memory buffer routines",                     /* ERR_LIB_BUF */
+    "object identifier routines",                 /* ERR_LIB_OBJ */
+    "PEM routines",                               /* ERR_LIB_PEM */
+    "DSA routines",                               /* ERR_LIB_DSA */
+    "X.509 certificate routines",                 /* ERR_LIB_X509 */
+    "ASN.1 encoding routines",                    /* ERR_LIB_ASN1 */
+    "configuration file routines",                /* ERR_LIB_CONF */
+    "common libcrypto routines",                  /* ERR_LIB_CRYPTO */
+    "elliptic curve routines",                    /* ERR_LIB_EC */
+    "SSL routines",                               /* ERR_LIB_SSL */
+    "BIO routines",                               /* ERR_LIB_BIO */
+    "PKCS7 routines",                             /* ERR_LIB_PKCS7 */
+    "PKCS8 routines",                             /* ERR_LIB_PKCS8 */
+    "X509 V3 routines",                           /* ERR_LIB_X509V3 */
+    "random number generator",                    /* ERR_LIB_RAND */
+    "ENGINE routines",                            /* ERR_LIB_ENGINE */
+    "OCSP routines",                              /* ERR_LIB_OCSP */
+    "UI routines",                                /* ERR_LIB_UI */
+    "COMP routines",                              /* ERR_LIB_COMP */
+    "ECDSA routines",                             /* ERR_LIB_ECDSA */
+    "ECDH routines",                              /* ERR_LIB_ECDH */
+    "HMAC routines",                              /* ERR_LIB_HMAC */
+    "Digest functions",                           /* ERR_LIB_DIGEST */
+    "Cipher functions",                           /* ERR_LIB_CIPHER */
+    "HKDF functions",                             /* ERR_LIB_HKDF */
+    "User defined functions",                     /* ERR_LIB_USER */
+};
+
+const char *ERR_lib_error_string(uint32_t packed_error) {
+  const uint32_t lib = ERR_GET_LIB(packed_error);
+
+  if (lib >= ERR_NUM_LIBS) {
+    return NULL;
+  }
+  return kLibraryNames[lib];
+}
+
+const char *ERR_func_error_string(uint32_t packed_error) {
+  return "OPENSSL_internal";
+}
+
+const char *ERR_reason_error_string(uint32_t packed_error) {
+  const uint32_t lib = ERR_GET_LIB(packed_error);
+  const uint32_t reason = ERR_GET_REASON(packed_error);
+
+  if (lib == ERR_LIB_SYS) {
+    if (reason < 127) {
+      return strerror(reason);
+    }
+    return NULL;
+  }
+
+  if (reason < ERR_NUM_LIBS) {
+    return kLibraryNames[reason];
+  }
+
+  if (reason < 100) {
+    switch (reason) {
+      case ERR_R_MALLOC_FAILURE:
+        return "malloc failure";
+      case ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED:
+        return "function should not have been called";
+      case ERR_R_PASSED_NULL_PARAMETER:
+        return "passed a null parameter";
+      case ERR_R_INTERNAL_ERROR:
+        return "internal error";
+      case ERR_R_OVERFLOW:
+        return "overflow";
+      default:
+        return NULL;
+    }
+  }
+
+  return err_string_lookup(lib, reason, kOpenSSLReasonValues,
+                           kOpenSSLReasonValuesLen, kOpenSSLReasonStringData);
+}
+
+void ERR_print_errors_cb(ERR_print_errors_callback_t callback, void *ctx) {
+  char buf[ERR_ERROR_STRING_BUF_LEN];
+  char buf2[1024];
+  const char *file, *data;
+  int line, flags;
+  uint32_t packed_error;
+
+  /* thread_hash is the least-significant bits of the |ERR_STATE| pointer value
+   * for this thread. */
+  const unsigned long thread_hash = (uintptr_t) err_get_state();
+
+  for (;;) {
+    packed_error = ERR_get_error_line_data(&file, &line, &data, &flags);
+    if (packed_error == 0) {
+      break;
+    }
+
+    ERR_error_string_n(packed_error, buf, sizeof(buf));
+    BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", thread_hash, buf,
+                 file, line, (flags & ERR_FLAG_STRING) ? data : "");
+    if (callback(buf2, strlen(buf2), ctx) <= 0) {
+      break;
+    }
+  }
+}
+
+static int print_errors_to_file(const char* msg, size_t msg_len, void* ctx) {
+  assert(msg[msg_len] == '\0');
+  FILE* fp = ctx;
+  int res = fputs(msg, fp);
+  return res < 0 ? 0 : 1;
+}
+
+void ERR_print_errors_fp(FILE *file) {
+  ERR_print_errors_cb(print_errors_to_file, file);
+}
+
+/* err_set_error_data sets the data on the most recent error. The |flags|
+ * argument is a combination of the |ERR_FLAG_*| values. */
+static void err_set_error_data(char *data, int flags) {
+  ERR_STATE *const state = err_get_state();
+  struct err_error_st *error;
+
+  if (state == NULL || state->top == state->bottom) {
+    if (flags & ERR_FLAG_MALLOCED) {
+      OPENSSL_free(data);
+    }
+    return;
+  }
+
+  error = &state->errors[state->top];
+
+  err_clear_data(error);
+  error->data = data;
+  error->flags = flags;
+}
+
+void ERR_put_error(int library, int unused, int reason, const char *file,
+                   unsigned line) {
+  ERR_STATE *const state = err_get_state();
+  struct err_error_st *error;
+
+  if (state == NULL) {
+    return;
+  }
+
+  if (library == ERR_LIB_SYS && reason == 0) {
+#if defined(OPENSSL_WINDOWS)
+    reason = GetLastError();
+#else
+    reason = errno;
+#endif
+  }
+
+  state->top = (state->top + 1) % ERR_NUM_ERRORS;
+  if (state->top == state->bottom) {
+    state->bottom = (state->bottom + 1) % ERR_NUM_ERRORS;
+  }
+
+  error = &state->errors[state->top];
+  err_clear(error);
+  error->file = file;
+  error->line = line;
+  error->packed = ERR_PACK(library, reason);
+}
+
+/* ERR_add_error_data_vdata takes a variable number of const char* pointers,
+ * concatenates them and sets the result as the data on the most recent
+ * error. */
+static void err_add_error_vdata(unsigned num, va_list args) {
+  size_t alloced, new_len, len = 0, substr_len;
+  char *buf;
+  const char *substr;
+  unsigned i;
+
+  alloced = 80;
+  buf = OPENSSL_malloc(alloced + 1);
+  if (buf == NULL) {
+    return;
+  }
+
+  for (i = 0; i < num; i++) {
+    substr = va_arg(args, const char *);
+    if (substr == NULL) {
+      continue;
+    }
+
+    substr_len = strlen(substr);
+    new_len = len + substr_len;
+    if (new_len > alloced) {
+      char *new_buf;
+
+      if (alloced + 20 + 1 < alloced) {
+        /* overflow. */
+        OPENSSL_free(buf);
+        return;
+      }
+
+      alloced = new_len + 20;
+      new_buf = OPENSSL_realloc(buf, alloced + 1);
+      if (new_buf == NULL) {
+        OPENSSL_free(buf);
+        return;
+      }
+      buf = new_buf;
+    }
+
+    memcpy(buf + len, substr, substr_len);
+    len = new_len;
+  }
+
+  buf[len] = 0;
+  err_set_error_data(buf, ERR_FLAG_MALLOCED | ERR_FLAG_STRING);
+}
+
+void ERR_add_error_data(unsigned count, ...) {
+  va_list args;
+  va_start(args, count);
+  err_add_error_vdata(count, args);
+  va_end(args);
+}
+
+void ERR_add_error_dataf(const char *format, ...) {
+  va_list ap;
+  char *buf;
+  static const unsigned buf_len = 256;
+
+  /* A fixed-size buffer is used because va_copy (which would be needed in
+   * order to call vsnprintf twice and measure the buffer) wasn't defined until
+   * C99. */
+  buf = OPENSSL_malloc(buf_len + 1);
+  if (buf == NULL) {
+    return;
+  }
+
+  va_start(ap, format);
+  BIO_vsnprintf(buf, buf_len, format, ap);
+  buf[buf_len] = 0;
+  va_end(ap);
+
+  err_set_error_data(buf, ERR_FLAG_MALLOCED | ERR_FLAG_STRING);
+}
+
+int ERR_set_mark(void) {
+  ERR_STATE *const state = err_get_state();
+
+  if (state == NULL || state->bottom == state->top) {
+    return 0;
+  }
+  state->errors[state->top].flags |= ERR_FLAG_MARK;
+  return 1;
+}
+
+int ERR_pop_to_mark(void) {
+  ERR_STATE *const state = err_get_state();
+
+  if (state == NULL) {
+    return 0;
+  }
+
+  while (state->bottom != state->top) {
+    struct err_error_st *error = &state->errors[state->top];
+
+    if ((error->flags & ERR_FLAG_MARK) != 0) {
+      error->flags &= ~ERR_FLAG_MARK;
+      return 1;
+    }
+
+    err_clear(error);
+    if (state->top == 0) {
+      state->top = ERR_NUM_ERRORS - 1;
+    } else {
+      state->top--;
+    }
+  }
+
+  return 0;
+}
+
+void ERR_load_crypto_strings(void) {}
+
+void ERR_free_strings(void) {}
+
+void ERR_load_BIO_strings(void) {}
+
+void ERR_load_ERR_strings(void) {}