grpc 1.24.0 → 1.25.0

data/third_party/boringssl/include/openssl/hmac.h

@@ -105,7 +105,7 @@ OPENSSL_EXPORT void HMAC_CTX_free(HMAC_CTX *ctx);
 // function and |key| as the key. For a non-initial call, |md| may be NULL, in
 // which case the previous hash function will be used. If the hash function has
 // not changed and |key| is NULL, |ctx| reuses the previous key. It returns one
-// on success or zero otherwise.
+// on success or zero on allocation failure.
 //
 // WARNING: NULL and empty keys are ambiguous on non-initial calls. Passing NULL
 // |key| but repeating the previous |md| reuses the previous key rather than the
@@ -122,7 +122,7 @@ OPENSSL_EXPORT int HMAC_Update(HMAC_CTX *ctx, const uint8_t *data,
 // |out| and the sets |*out_len| to the length of the result. On entry, |out|
 // must contain at least |HMAC_size| bytes of space. An output size of
 // |EVP_MAX_MD_SIZE| will always be large enough. It returns one on success or
-// zero on error.
+// zero on allocation failure.
 OPENSSL_EXPORT int HMAC_Final(HMAC_CTX *ctx, uint8_t *out,
                               unsigned int *out_len);
 
@@ -169,14 +169,14 @@ struct hmac_ctx_st {
 #if !defined(BORINGSSL_NO_CXX)
 extern "C++" {
 
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
 
 BORINGSSL_MAKE_DELETER(HMAC_CTX, HMAC_CTX_free)
 
 using ScopedHMAC_CTX =
     internal::StackAllocated<HMAC_CTX, void, HMAC_CTX_init, HMAC_CTX_cleanup>;
 
-}  // namespace bssl
+BSSL_NAMESPACE_END
 
 }  // extern C++
 #endif

data/third_party/boringssl/include/openssl/hrss.h

@@ -0,0 +1,100 @@
+/* Copyright (c) 2018, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_HRSS_H
+#define OPENSSL_HEADER_HRSS_H
+
+#include <openssl/base.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+// HRSS
+//
+// HRSS is a structured-lattice-based post-quantum key encapsulation mechanism.
+// The best exposition is https://eprint.iacr.org/2017/667.pdf although this
+// implementation uses a different KEM construction based on
+// https://eprint.iacr.org/2017/1005.pdf.
+
+struct HRSS_private_key {
+  uint8_t opaque[1808];
+};
+
+struct HRSS_public_key {
+  uint8_t opaque[1424];
+};
+
+// HRSS_SAMPLE_BYTES is the number of bytes of entropy needed to generate a
+// short vector. There are 701 coefficients, but the final one is always set to
+// zero when sampling. Otherwise, we need one byte of input per coefficient.
+#define HRSS_SAMPLE_BYTES (701 - 1)
+// HRSS_GENERATE_KEY_BYTES is the number of bytes of entropy needed to generate
+// an HRSS key pair.
+#define HRSS_GENERATE_KEY_BYTES (HRSS_SAMPLE_BYTES + HRSS_SAMPLE_BYTES + 32)
+// HRSS_ENCAP_BYTES is the number of bytes of entropy needed to encapsulate a
+// session key.
+#define HRSS_ENCAP_BYTES (HRSS_SAMPLE_BYTES + HRSS_SAMPLE_BYTES)
+// HRSS_PUBLIC_KEY_BYTES is the number of bytes in a public key.
+#define HRSS_PUBLIC_KEY_BYTES 1138
+// HRSS_CIPHERTEXT_BYTES is the number of bytes in a ciphertext.
+#define HRSS_CIPHERTEXT_BYTES 1138
+// HRSS_KEY_BYTES is the number of bytes in a shared key.
+#define HRSS_KEY_BYTES 32
+// HRSS_POLY3_BYTES is the number of bytes needed to serialise a mod 3
+// polynomial.
+#define HRSS_POLY3_BYTES 140
+#define HRSS_PRIVATE_KEY_BYTES \
+  (HRSS_POLY3_BYTES * 2 + HRSS_PUBLIC_KEY_BYTES + 2 + 32)
+
+// HRSS_generate_key is a deterministic function that outputs a public and
+// private key based on the given entropy.
+OPENSSL_EXPORT void HRSS_generate_key(
+    struct HRSS_public_key *out_pub, struct HRSS_private_key *out_priv,
+    const uint8_t input[HRSS_GENERATE_KEY_BYTES]);
+
+// HRSS_encap is a deterministic function the generates and encrypts a random
+// session key from the given entropy, writing those values to |out_shared_key|
+// and |out_ciphertext|, respectively.
+OPENSSL_EXPORT void HRSS_encap(uint8_t out_ciphertext[HRSS_CIPHERTEXT_BYTES],
+                               uint8_t out_shared_key[HRSS_KEY_BYTES],
+                               const struct HRSS_public_key *in_pub,
+                               const uint8_t in[HRSS_ENCAP_BYTES]);
+
+// HRSS_decap decrypts a session key from |ciphertext_len| bytes of
+// |ciphertext|. If the ciphertext is valid, the decrypted key is written to
+// |out_shared_key|. Otherwise the HMAC of |ciphertext| under a secret key (kept
+// in |in_priv|) is written. If the ciphertext is the wrong length then it will
+// leak which was done via side-channels. Otherwise it should perform either
+// action in constant-time.
+OPENSSL_EXPORT void HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES],
+                               const struct HRSS_private_key *in_priv,
+                               const uint8_t *ciphertext,
+                               size_t ciphertext_len);
+
+// HRSS_marshal_public_key serialises |in_pub| to |out|.
+OPENSSL_EXPORT void HRSS_marshal_public_key(
+    uint8_t out[HRSS_PUBLIC_KEY_BYTES], const struct HRSS_public_key *in_pub);
+
+// HRSS_parse_public_key sets |*out| to the public-key encoded in |in|. It
+// returns true on success and zero on error.
+OPENSSL_EXPORT int HRSS_parse_public_key(
+    struct HRSS_public_key *out, const uint8_t in[HRSS_PUBLIC_KEY_BYTES]);
+
+
+#if defined(__cplusplus)
+}  // extern C
+#endif
+
+#endif  // OPENSSL_HEADER_HRSS_H

data/third_party/boringssl/include/openssl/lhash.h

@@ -77,7 +77,7 @@ extern "C" {
 //     int bar;
 //   };
 //
-//   DEFINE_LHASH_OF(struct foo);
+//   DEFINE_LHASH_OF(struct foo)
 //
 // Although note that the hash table will contain /pointers/ to |foo|.
 //
@@ -87,23 +87,8 @@ extern "C" {
 
 #define LHASH_OF(type) struct lhash_st_##type
 
-#define DEFINE_LHASH_OF(type) LHASH_OF(type) { int dummy; }
-
 #define DECLARE_LHASH_OF(type) LHASH_OF(type);
 
-// The make_macros.sh script in this directory parses the following lines and
-// generates the lhash_macros.h file that contains macros for the following
-// types of stacks:
-//
-// LHASH_OF:ASN1_OBJECT
-// LHASH_OF:CONF_VALUE
-// LHASH_OF:CRYPTO_BUFFER
-// LHASH_OF:SSL_SESSION
-
-#define IN_LHASH_H
-#include <openssl/lhash_macros.h>
-#undef IN_LHASH_H
-
 
 // lhash_item_st is an element of a hash chain. It points to the opaque data
 // for this element and to the next item in the chain. The linked-list is NULL
@@ -119,11 +104,22 @@ typedef struct lhash_item_st {
 // equal, to zero depending on whether |*a| is equal, or not equal to |*b|,
 // respectively. Note the difference between this and |stack_cmp_func| in that
 // this takes pointers to the objects directly.
+//
+// This function's actual type signature is int (*)(const T*, const T*). The
+// low-level |lh_*| functions will be passed a type-specific wrapper to call it
+// correctly.
 typedef int (*lhash_cmp_func)(const void *a, const void *b);
+typedef int (*lhash_cmp_func_helper)(lhash_cmp_func func, const void *a,
+                                     const void *b);
 
 // lhash_hash_func is a function that maps an object to a uniformly distributed
 // uint32_t.
+//
+// This function's actual type signature is uint32_t (*)(const T*). The
+// low-level |lh_*| functions will be passed a type-specific wrapper to call it
+// correctly.
 typedef uint32_t (*lhash_hash_func)(const void *a);
+typedef uint32_t (*lhash_hash_func_helper)(lhash_hash_func func, const void *a);
 
 typedef struct lhash_st _LHASH;
 
@@ -139,22 +135,33 @@ OPENSSL_EXPORT size_t lh_num_items(const _LHASH *lh);
 
 // lh_retrieve finds an element equal to |data| in the hash table and returns
 // it. If no such element exists, it returns NULL.
-OPENSSL_EXPORT void *lh_retrieve(const _LHASH *lh, const void *data);
+OPENSSL_EXPORT void *lh_retrieve(const _LHASH *lh, const void *data,
+                                 lhash_hash_func_helper call_hash_func,
+                                 lhash_cmp_func_helper call_cmp_func);
+
+// lh_retrieve_key finds an element matching |key|, given the specified hash and
+// comparison function. This differs from |lh_retrieve| in that the key may be a
+// different type than the values stored in |lh|. |key_hash| and |cmp_key| must
+// be compatible with the functions passed into |lh_new|.
+OPENSSL_EXPORT void *lh_retrieve_key(const _LHASH *lh, const void *key,
+                                     uint32_t key_hash,
+                                     int (*cmp_key)(const void *key,
+                                                    const void *value));
 
 // lh_insert inserts |data| into the hash table. If an existing element is
 // equal to |data| (with respect to the comparison function) then |*old_data|
 // will be set to that value and it will be replaced. Otherwise, or in the
 // event of an error, |*old_data| will be set to NULL. It returns one on
 // success or zero in the case of an allocation error.
-OPENSSL_EXPORT int lh_insert(_LHASH *lh, void **old_data, void *data);
+OPENSSL_EXPORT int lh_insert(_LHASH *lh, void **old_data, void *data,
+                             lhash_hash_func_helper call_hash_func,
+                             lhash_cmp_func_helper call_cmp_func);
 
 // lh_delete removes an element equal to |data| from the hash table and returns
 // it. If no such element is found, it returns NULL.
-OPENSSL_EXPORT void *lh_delete(_LHASH *lh, const void *data);
-
-// lh_doall calls |func| on each element of the hash table.
-// TODO(fork): rename this
-OPENSSL_EXPORT void lh_doall(_LHASH *lh, void (*func)(void *));
+OPENSSL_EXPORT void *lh_delete(_LHASH *lh, const void *data,
+                               lhash_hash_func_helper call_hash_func,
+                               lhash_cmp_func_helper call_cmp_func);
 
 // lh_doall_arg calls |func| on each element of the hash table and also passes
 // |arg| as the second argument.
@@ -166,6 +173,107 @@ OPENSSL_EXPORT void lh_doall_arg(_LHASH *lh, void (*func)(void *, void *),
 // strings.
 OPENSSL_EXPORT uint32_t lh_strhash(const char *c);
 
+#define DEFINE_LHASH_OF(type)                                                  \
+  DECLARE_LHASH_OF(type)                                                       \
+                                                                               \
+  typedef int (*lhash_##type##_cmp_func)(const type *, const type *);          \
+  typedef uint32_t (*lhash_##type##_hash_func)(const type *);                  \
+                                                                               \
+  OPENSSL_INLINE int lh_##type##_call_cmp_func(lhash_cmp_func func,            \
+                                               const void *a, const void *b) { \
+    return ((lhash_##type##_cmp_func)func)((const type *)a, (const type *)b);  \
+  }                                                                            \
+                                                                               \
+  OPENSSL_INLINE uint32_t lh_##type##_call_hash_func(lhash_hash_func func,     \
+                                                     const void *a) {          \
+    return ((lhash_##type##_hash_func)func)((const type *)a);                  \
+  }                                                                            \
+                                                                               \
+  OPENSSL_INLINE LHASH_OF(type) *                                              \
+      lh_##type##_new(lhash_##type##_hash_func hash,                           \
+                      lhash_##type##_cmp_func comp) {                          \
+    return (LHASH_OF(type) *)lh_new((lhash_hash_func)hash,                     \
+                                    (lhash_cmp_func)comp);                     \
+  }                                                                            \
+                                                                               \
+  OPENSSL_INLINE void lh_##type##_free(LHASH_OF(type) *lh) {                   \
+    lh_free((_LHASH *)lh);                                                     \
+  }                                                                            \
+                                                                               \
+  OPENSSL_INLINE size_t lh_##type##_num_items(const LHASH_OF(type) *lh) {      \
+    return lh_num_items((const _LHASH *)lh);                                   \
+  }                                                                            \
+                                                                               \
+  OPENSSL_INLINE type *lh_##type##_retrieve(const LHASH_OF(type) *lh,          \
+                                            const type *data) {                \
+    return (type *)lh_retrieve((const _LHASH *)lh, data,                       \
+                               lh_##type##_call_hash_func,                     \
+                               lh_##type##_call_cmp_func);                     \
+  }                                                                            \
+                                                                               \
+  typedef struct {                                                             \
+    int (*cmp_key)(const void *key, const type *value);                        \
+    const void *key;                                                           \
+  } LHASH_CMP_KEY_##type;                                                      \
+                                                                               \
+  OPENSSL_INLINE int lh_##type##_call_cmp_key(const void *key,                 \
+                                              const void *value) {             \
+    const LHASH_CMP_KEY_##type *cb = (const LHASH_CMP_KEY_##type *)key;        \
+    return cb->cmp_key(cb->key, (const type *)value);                          \
+  }                                                                            \
+                                                                               \
+  OPENSSL_INLINE type *lh_##type##_retrieve_key(                               \
+      const LHASH_OF(type) *lh, const void *key, uint32_t key_hash,            \
+      int (*cmp_key)(const void *key, const type *value)) {                    \
+    LHASH_CMP_KEY_##type cb = {cmp_key, key};                                  \
+    return (type *)lh_retrieve_key((const _LHASH *)lh, &cb, key_hash,          \
+                                   lh_##type##_call_cmp_key);                  \
+  }                                                                            \
+                                                                               \
+  OPENSSL_INLINE int lh_##type##_insert(LHASH_OF(type) *lh, type **old_data,   \
+                                        type *data) {                          \
+    void *old_data_void = NULL;                                                \
+    int ret =                                                                  \
+        lh_insert((_LHASH *)lh, &old_data_void, data,                          \
+                  lh_##type##_call_hash_func, lh_##type##_call_cmp_func);      \
+    *old_data = (type *)old_data_void;                                         \
+    return ret;                                                                \
+  }                                                                            \
+                                                                               \
+  OPENSSL_INLINE type *lh_##type##_delete(LHASH_OF(type) *lh,                  \
+                                          const type *data) {                  \
+    return (type *)lh_delete((_LHASH *)lh, data, lh_##type##_call_hash_func,   \
+                             lh_##type##_call_cmp_func);                       \
+  }                                                                            \
+                                                                               \
+  typedef struct {                                                             \
+    void (*doall)(type *);                                                     \
+    void (*doall_arg)(type *, void *);                                         \
+    void *arg;                                                                 \
+  } LHASH_DOALL_##type;                                                        \
+                                                                               \
+  OPENSSL_INLINE void lh_##type##_call_doall(void *value, void *arg) {         \
+    const LHASH_DOALL_##type *cb = (const LHASH_DOALL_##type *)arg;            \
+    cb->doall((type *)value);                                                  \
+  }                                                                            \
+                                                                               \
+  OPENSSL_INLINE void lh_##type##_call_doall_arg(void *value, void *arg) {     \
+    const LHASH_DOALL_##type *cb = (const LHASH_DOALL_##type *)arg;            \
+    cb->doall_arg((type *)value, cb->arg);                                     \
+  }                                                                            \
+                                                                               \
+  OPENSSL_INLINE void lh_##type##_doall(LHASH_OF(type) *lh,                    \
+                                        void (*func)(type *)) {                \
+    LHASH_DOALL_##type cb = {func, NULL, NULL};                                \
+    lh_doall_arg((_LHASH *)lh, lh_##type##_call_doall, &cb);                   \
+  }                                                                            \
+                                                                               \
+  OPENSSL_INLINE void lh_##type##_doall_arg(                                   \
+      LHASH_OF(type) *lh, void (*func)(type *, void *), void *arg) {           \
+    LHASH_DOALL_##type cb = {NULL, func, arg};                                 \
+    lh_doall_arg((_LHASH *)lh, lh_##type##_call_doall_arg, &cb);               \
+  }
+
 
 #if defined(__cplusplus)
 }  // extern C

data/third_party/boringssl/include/openssl/md4.h

@@ -79,17 +79,19 @@ OPENSSL_EXPORT int MD4_Init(MD4_CTX *md4);
 OPENSSL_EXPORT int MD4_Update(MD4_CTX *md4, const void *data, size_t len);
 
 // MD4_Final adds the final padding to |md4| and writes the resulting digest to
-// |md|, which must have at least |MD4_DIGEST_LENGTH| bytes of space. It
+// |out|, which must have at least |MD4_DIGEST_LENGTH| bytes of space. It
 // returns one.
-OPENSSL_EXPORT int MD4_Final(uint8_t *md, MD4_CTX *md4);
+OPENSSL_EXPORT int MD4_Final(uint8_t out[MD4_DIGEST_LENGTH], MD4_CTX *md4);
 
 // MD4 writes the digest of |len| bytes from |data| to |out| and returns |out|.
 // There must be at least |MD4_DIGEST_LENGTH| bytes of space in |out|.
-OPENSSL_EXPORT uint8_t *MD4(const uint8_t *data, size_t len, uint8_t *out);
+OPENSSL_EXPORT uint8_t *MD4(const uint8_t *data, size_t len,
+                            uint8_t out[MD4_DIGEST_LENGTH]);
 
 // MD4_Transform is a low-level function that performs a single, MD4 block
 // transformation using the state from |md4| and 64 bytes from |block|.
-OPENSSL_EXPORT void MD4_Transform(MD4_CTX *md4, const uint8_t *block);
+OPENSSL_EXPORT void MD4_Transform(MD4_CTX *md4,
+                                  const uint8_t block[MD4_CBLOCK]);
 
 struct md4_state_st {
   uint32_t h[4];

data/third_party/boringssl/include/openssl/md5.h

@@ -80,17 +80,19 @@ OPENSSL_EXPORT int MD5_Init(MD5_CTX *md5);
 OPENSSL_EXPORT int MD5_Update(MD5_CTX *md5, const void *data, size_t len);
 
 // MD5_Final adds the final padding to |md5| and writes the resulting digest to
-// |md|, which must have at least |MD5_DIGEST_LENGTH| bytes of space. It
+// |out|, which must have at least |MD5_DIGEST_LENGTH| bytes of space. It
 // returns one.
-OPENSSL_EXPORT int MD5_Final(uint8_t *md, MD5_CTX *md5);
+OPENSSL_EXPORT int MD5_Final(uint8_t out[MD5_DIGEST_LENGTH], MD5_CTX *md5);
 
 // MD5 writes the digest of |len| bytes from |data| to |out| and returns |out|.
 // There must be at least |MD5_DIGEST_LENGTH| bytes of space in |out|.
-OPENSSL_EXPORT uint8_t *MD5(const uint8_t *data, size_t len, uint8_t *out);
+OPENSSL_EXPORT uint8_t *MD5(const uint8_t *data, size_t len,
+                            uint8_t out[MD5_DIGEST_LENGTH]);
 
 // MD5_Transform is a low-level function that performs a single, MD5 block
 // transformation using the state from |md5| and 64 bytes from |block|.
-OPENSSL_EXPORT void MD5_Transform(MD5_CTX *md5, const uint8_t *block);
+OPENSSL_EXPORT void MD5_Transform(MD5_CTX *md5,
+                                  const uint8_t block[MD5_CBLOCK]);
 
 struct md5_state_st {
   uint32_t h[4];

data/third_party/boringssl/include/openssl/mem.h

@@ -136,18 +136,22 @@ OPENSSL_EXPORT int BIO_vsnprintf(char *buf, size_t n, const char *format,
 #define CRYPTO_realloc OPENSSL_realloc
 #define CRYPTO_free OPENSSL_free
 
+// OPENSSL_clear_free calls |OPENSSL_free|. BoringSSL automatically clears all
+// allocations on free, but we define |OPENSSL_clear_free| for compatibility.
+OPENSSL_EXPORT void OPENSSL_clear_free(void *ptr, size_t len);
+
 
 #if defined(__cplusplus)
 }  // extern C
 
 extern "C++" {
 
-namespace bssl {
+BSSL_NAMESPACE_BEGIN
 
 BORINGSSL_MAKE_DELETER(char, OPENSSL_free)
 BORINGSSL_MAKE_DELETER(uint8_t, OPENSSL_free)
 
-}  // namespace bssl
+BSSL_NAMESPACE_END
 
 }  // extern C++
 

data/third_party/boringssl/include/openssl/nid.h

@@ -4234,6 +4234,9 @@ extern "C" {
 #define LN_auth_any "auth-any"
 #define NID_auth_any 958
 
+#define SN_CECPQ2 "CECPQ2"
+#define NID_CECPQ2 959
+
 
 #if defined(__cplusplus)
 } /* extern C */

data/third_party/boringssl/include/openssl/obj.h

@@ -222,6 +222,9 @@ OPENSSL_EXPORT void OBJ_NAME_do_all(int type, void (*callback)(const OBJ_NAME *,
                                                                void *arg),
                                     void *arg);
 
+// OBJ_cleanup does nothing.
+OPENSSL_EXPORT void OBJ_cleanup(void);
+
 
 #if defined(__cplusplus)
 }  // extern C

data/third_party/boringssl/include/openssl/pem.h

@@ -63,6 +63,7 @@
 #include <openssl/digest.h>
 #include <openssl/evp.h>
 #include <openssl/stack.h>
+#include <openssl/pkcs7.h>
 #include <openssl/x509.h>
 
 /* For compatibility with open-iscsi, which assumes that it can get
@@ -122,73 +123,109 @@ extern "C" {
 
 #else
 
-#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
-OPENSSL_EXPORT type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
-{ \
-return (type *)PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
-} 
-
-#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
-OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x) \
-{ \
-return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \
-}
-
-#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
-OPENSSL_EXPORT int PEM_write_##name(FILE *fp, const type *x) \
-{ \
-return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \
-}
-
-#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
-OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
-	     unsigned char *kstr, int klen, pem_password_cb *cb, \
-		  void *u) \
-	{ \
-	return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
-	}
-
-#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
-OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
-	     unsigned char *kstr, int klen, pem_password_cb *cb, \
-		  void *u) \
-	{ \
-	return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
-	}
+#define IMPLEMENT_PEM_read_fp(name, type, str, asn1)                         \
+  static void *pem_read_##name##_d2i(void **x, const unsigned char **inp,    \
+                                     long len) {                             \
+    return d2i_##asn1((type **)x, inp, len);                                 \
+  }                                                                          \
+  OPENSSL_EXPORT type *PEM_read_##name(FILE *fp, type **x,                   \
+                                       pem_password_cb *cb, void *u) {       \
+    return (type *)PEM_ASN1_read(pem_read_##name##_d2i, str, fp, (void **)x, \
+                                 cb, u);                                     \
+  }
+
+#define IMPLEMENT_PEM_write_fp(name, type, str, asn1)                        \
+  static int pem_write_##name##_i2d(const void *x, unsigned char **outp) {   \
+    return i2d_##asn1((type *)x, outp);                                      \
+  }                                                                          \
+  OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x) {                   \
+    return PEM_ASN1_write(pem_write_##name##_i2d, str, fp, x, NULL, NULL, 0, \
+                          NULL, NULL);                                       \
+  }
+
+#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)                 \
+  static int pem_write_##name##_i2d(const void *x, unsigned char **outp) {  \
+    return i2d_##asn1((const type *)x, outp);                               \
+  }                                                                         \
+  OPENSSL_EXPORT int PEM_write_##name(FILE *fp, const type *x) {            \
+    return PEM_ASN1_write(pem_write_##name##_i2d, str, fp, (void *)x, NULL, \
+                          NULL, 0, NULL, NULL);                             \
+  }
+
+#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)                       \
+  static int pem_write_##name##_i2d(const void *x, unsigned char **outp) {     \
+    return i2d_##asn1((type *)x, outp);                                        \
+  }                                                                            \
+  OPENSSL_EXPORT int PEM_write_##name(                                         \
+      FILE *fp, type *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, \
+      pem_password_cb *cb, void *u) {                                          \
+    return PEM_ASN1_write(pem_write_##name##_i2d, str, fp, x, enc, kstr, klen, \
+                          cb, u);                                              \
+  }
+
+#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)                 \
+  static int pem_write_##name##_i2d(const void *x, unsigned char **outp) {     \
+    return i2d_##asn1((const type *)x, outp);                                  \
+  }                                                                            \
+  OPENSSL_EXPORT int PEM_write_##name(                                         \
+      FILE *fp, type *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, \
+      pem_password_cb *cb, void *u) {                                          \
+    return PEM_ASN1_write(pem_write_##name##_i2d, str, fp, x, enc, kstr, klen, \
+                          cb, u);                                              \
+  }
 
 #endif
 
-#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
-OPENSSL_EXPORT type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
-{ \
-return (type *)PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \
-}
-
-#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
-OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x) \
-{ \
-return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \
-}
-
-#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
-OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, const type *x) \
-{ \
-return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \
-}
-
-#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
-OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
-	{ \
-	return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \
-	}
-
-#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
-OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
-	{ \
-	return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \
-	}
+#define IMPLEMENT_PEM_read_bio(name, type, str, asn1)                         \
+  static void *pem_read_bio_##name##_d2i(void **x, const unsigned char **inp, \
+                                         long len) {                          \
+    return d2i_##asn1((type **)x, inp, len);                                  \
+  }                                                                           \
+  OPENSSL_EXPORT type *PEM_read_bio_##name(BIO *bp, type **x,                 \
+                                           pem_password_cb *cb, void *u) {    \
+    return (type *)PEM_ASN1_read_bio(pem_read_bio_##name##_d2i, str, bp,      \
+                                     (void **)x, cb, u);                      \
+  }
+
+#define IMPLEMENT_PEM_write_bio(name, type, str, asn1)                         \
+  static int pem_write_bio_##name##_i2d(const void *x, unsigned char **outp) { \
+    return i2d_##asn1((type *)x, outp);                                        \
+  }                                                                            \
+  OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x) {                  \
+    return PEM_ASN1_write_bio(pem_write_bio_##name##_i2d, str, bp, x, NULL,    \
+                              NULL, 0, NULL, NULL);                            \
+  }
+
+#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1)                   \
+  static int pem_write_bio_##name##_i2d(const void *x, unsigned char **outp) { \
+    return i2d_##asn1((const type *)x, outp);                                  \
+  }                                                                            \
+  OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, const type *x) {            \
+    return PEM_ASN1_write_bio(pem_write_bio_##name##_i2d, str, bp, (void *)x,  \
+                              NULL, NULL, 0, NULL, NULL);                      \
+  }
+
+#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1)                      \
+  static int pem_write_bio_##name##_i2d(const void *x, unsigned char **outp) { \
+    return i2d_##asn1((type *)x, outp);                                        \
+  }                                                                            \
+  OPENSSL_EXPORT int PEM_write_bio_##name(                                     \
+      BIO *bp, type *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen,  \
+      pem_password_cb *cb, void *u) {                                          \
+    return PEM_ASN1_write_bio(pem_write_bio_##name##_i2d, str, bp, x, enc,     \
+                              kstr, klen, cb, u);                              \
+  }
+
+#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1)                \
+  static int pem_write_bio_##name##_i2d(const void *x, unsigned char **outp) { \
+    return i2d_##asn1((const type *)x, outp);                                  \
+  }                                                                            \
+  OPENSSL_EXPORT int PEM_write_bio_##name(                                     \
+      BIO *bp, type *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen,  \
+      pem_password_cb *cb, void *u) {                                          \
+    return PEM_ASN1_write_bio(pem_write_bio_##name##_i2d, str, bp, (void *)x,  \
+                              enc, kstr, klen, cb, u);                         \
+  }
 
 #define IMPLEMENT_PEM_write(name, type, str, asn1) \
 	IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
@@ -329,6 +366,7 @@ DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
 
 DECLARE_PEM_rw(X509_CRL, X509_CRL)
 
+DECLARE_PEM_rw(PKCS7, PKCS7)
 DECLARE_PEM_rw(PKCS8, X509_SIG)
 
 DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)