RubyGems - grpc - Versions diffs - 1.38.0 → 1.40.0 - Mend

grpc 1.38.0 → 1.40.0

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (340) hide show

data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c CHANGED Viewed

@@ -250,3 +250,34 @@ int i2d_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp)
 {
     return i2d_X509_CRL_INFO(crl->crl, outp);
 }
+int X509_CRL_set1_signature_algo(X509_CRL *crl, const X509_ALGOR *algo)
+{
+    /* TODO(davidben): Const-correct generated ASN.1 dup functions.
+     * Alternatively, when the types are hidden and we can embed required fields
+     * directly in structs, import |X509_ALGOR_copy| from upstream. */
+    X509_ALGOR *copy1 = X509_ALGOR_dup((X509_ALGOR *)algo);
+    X509_ALGOR *copy2 = X509_ALGOR_dup((X509_ALGOR *)algo);
+    if (copy1 == NULL || copy2 == NULL) {
+        X509_ALGOR_free(copy1);
+        X509_ALGOR_free(copy2);
+        return 0;
+    }
+    X509_ALGOR_free(crl->sig_alg);
+    crl->sig_alg = copy1;
+    X509_ALGOR_free(crl->crl->sig_alg);
+    crl->crl->sig_alg = copy2;
+    return 1;
+}
+int X509_CRL_set1_signature_value(X509_CRL *crl, const uint8_t *sig,
+                                  size_t sig_len)
+{
+    if (!ASN1_STRING_set(crl->signature, sig, sig_len)) {
+      return 0;
+    }
+    crl->signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+    crl->signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    return 1;
+}

data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c CHANGED Viewed

@@ -59,6 +59,9 @@
 #include <openssl/obj.h>
 #include <openssl/x509.h>
+#include "internal.h"
 int X509_REQ_set_version(X509_REQ *x, long version)
 {
     if (x == NULL)

data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c CHANGED Viewed

@@ -66,6 +66,9 @@
 #include <openssl/rsa.h>
 #include <openssl/stack.h>
+#include "internal.h"
 int X509_verify(X509 *x509, EVP_PKEY *pkey)
 {
     if (X509_ALGOR_cmp(x509->sig_alg, x509->cert_info->signature)) {

data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c CHANGED Viewed

@@ -60,17 +60,16 @@
 #include <openssl/thread.h>
 #include <openssl/x509.h>
+#include "internal.h"
 /*
  * X509_REQ_INFO is handled in an unusual way to get round invalid encodings.
  * Some broken certificate requests don't encode the attributes field if it
  * is empty. This is in violation of PKCS#10 but we need to tolerate it. We
  * do this by making the attributes field OPTIONAL then using the callback to
  * initialise it to an empty STACK. This means that the field will be
- * correctly encoded unless we NULL out the field. As a result we no longer
- * need the req_kludge field because the information is now contained in the
- * attributes field: 1. If it is NULL then it's the invalid omission. 2. If
- * it is empty it is the correct encoding. 3. If it is not empty then some
- * attributes are present.
+ * correctly encoded unless we NULL out the field.
  */
 static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
@@ -90,9 +89,7 @@ ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
         ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
         ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
         ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
-        /* This isn't really OPTIONAL but it gets round invalid
-         * encodings
-         */
+        /* This isn't really OPTIONAL but it gets around invalid encodings. */
         ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
 } ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)

data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c CHANGED Viewed

@@ -61,6 +61,11 @@
 #include <openssl/x509.h>
+struct X509_sig_st {
+  X509_ALGOR *algor;
+  ASN1_OCTET_STRING *digest;
+} /* X509_SIG */;
 ASN1_SEQUENCE(X509_SIG) = {
         ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
         ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)

data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c CHANGED Viewed

@@ -61,6 +61,9 @@
 #include <openssl/obj.h>
 #include <openssl/x509.h>
+#include "internal.h"
 /*
  * X509_CERT_AUX routines. These are used to encode additional user
  * modifiable data about a certificate. This data is appended to the X509

data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h CHANGED Viewed

@@ -53,6 +53,13 @@ OPENSSL_EXPORT int x509v3_looks_like_dns_name(const unsigned char *in,
 // invalid.
 int x509v3_cache_extensions(X509 *x);
+// x509v3_a2i_ipadd decodes |ipasc| as an IPv4 or IPv6 address. IPv6 addresses
+// use colon-separated syntax while IPv4 addresses use dotted decimal syntax. If
+// it decodes an IPv4 address, it writes the result to the first four bytes of
+// |ipout| and returns four. If it decodes an IPv6 address, it writes the result
+// to all 16 bytes of |ipout| and returns 16. Otherwise, it returns zero.
+int x509v3_a2i_ipadd(unsigned char ipout[16], const char *ipasc);
 #if defined(__cplusplus)
 }  /* extern C */

data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c CHANGED Viewed

@@ -440,7 +440,7 @@ int x509v3_cache_extensions(X509 *x)
     if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL))
         x->ex_flags |= EXFLAG_INVALID;
     /* V1 should mean no extensions ... */
-    if (X509_get_version(x) == X509V1_VERSION)
+    if (X509_get_version(x) == X509_VERSION_1)
         x->ex_flags |= EXFLAG_V1;
     /* Handle basic constraints */
     if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &j, NULL))) {

data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c CHANGED Viewed

@@ -1112,7 +1112,7 @@ int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags)
     if (ipasc == NULL)
         return -2;
-    iplen = (size_t)a2i_ipadd(ipout, ipasc);
+    iplen = (size_t)x509v3_a2i_ipadd(ipout, ipasc);
     if (iplen == 0)
         return -2;
     return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL);
@@ -1129,10 +1129,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
     ASN1_OCTET_STRING *ret;
     int iplen;
-    /* If string contains a ':' assume IPv6 */
-    iplen = a2i_ipadd(ipout, ipasc);
+    iplen = x509v3_a2i_ipadd(ipout, ipasc);
     if (!iplen)
         return NULL;
@@ -1161,12 +1158,12 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
     p = iptmp + (p - ipasc);
     *p++ = 0;
-    iplen1 = a2i_ipadd(ipout, iptmp);
+    iplen1 = x509v3_a2i_ipadd(ipout, iptmp);
     if (!iplen1)
         goto err;
-    iplen2 = a2i_ipadd(ipout + iplen1, p);
+    iplen2 = x509v3_a2i_ipadd(ipout + iplen1, p);
     OPENSSL_free(iptmp);
     iptmp = NULL;
@@ -1190,7 +1187,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
     return NULL;
 }
-int a2i_ipadd(unsigned char *ipout, const char *ipasc)
+int x509v3_a2i_ipadd(unsigned char *ipout, const char *ipasc)
 {
     /* If string contains a ':' assume IPv6 */

data/third_party/boringssl-with-bazel/src/include/openssl/aead.h CHANGED Viewed

@@ -122,7 +122,7 @@ OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_192_gcm(void);
 OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm(void);
 // EVP_aead_chacha20_poly1305 is the AEAD built from ChaCha20 and
-// Poly1305 as described in RFC 7539.
+// Poly1305 as described in RFC 8439.
 OPENSSL_EXPORT const EVP_AEAD *EVP_aead_chacha20_poly1305(void);
 // EVP_aead_xchacha20_poly1305 is ChaCha20-Poly1305 with an extended nonce that

data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h CHANGED Viewed

@@ -124,7 +124,72 @@
 //   - Armv8.5-A Branch Target Identification
 // features which require emitting a .note.gnu.property section with the
 // appropriate architecture-dependent feature bits set.
-// Read more: "ELF for the Arm® 64-bit Architecture"
+//
+// |AARCH64_SIGN_LINK_REGISTER| and |AARCH64_VALIDATE_LINK_REGISTER| expand to
+// PACIxSP and AUTIxSP, respectively. |AARCH64_SIGN_LINK_REGISTER| should be
+// used immediately before saving the LR register (x30) to the stack.
+// |AARCH64_VALIDATE_LINK_REGISTER| should be used immediately after restoring
+// it. Note |AARCH64_SIGN_LINK_REGISTER|'s modifications to LR must be undone
+// with |AARCH64_VALIDATE_LINK_REGISTER| before RET. The SP register must also
+// have the same value at the two points. For example:
+//
+//   .global f
+//   f:
+//     AARCH64_SIGN_LINK_REGISTER
+//     stp x29, x30, [sp, #-96]!
+//     mov x29, sp
+//     ...
+//     ldp x29, x30, [sp], #96
+//     AARCH64_VALIDATE_LINK_REGISTER
+//     ret
+//
+// |AARCH64_VALID_CALL_TARGET| expands to BTI 'c'. Either it, or
+// |AARCH64_SIGN_LINK_REGISTER|, must be used at every point that may be an
+// indirect call target. In particular, all symbols exported from a file must
+// begin with one of these macros. For example, a leaf function that does not
+// save LR can instead use |AARCH64_VALID_CALL_TARGET|:
+//
+//   .globl return_zero
+//   return_zero:
+//     AARCH64_VALID_CALL_TARGET
+//     mov x0, #0
+//     ret
+//
+// A non-leaf function which does not immediately save LR may need both macros
+// because |AARCH64_SIGN_LINK_REGISTER| appears late. For example, the function
+// may jump to an alternate implementation before setting up the stack:
+//
+//   .globl with_early_jump
+//   with_early_jump:
+//     AARCH64_VALID_CALL_TARGET
+//     cmp x0, #128
+//     b.lt .Lwith_early_jump_128
+//     AARCH64_SIGN_LINK_REGISTER
+//     stp x29, x30, [sp, #-96]!
+//     mov x29, sp
+//     ...
+//     ldp x29, x30, [sp], #96
+//     AARCH64_VALIDATE_LINK_REGISTER
+//     ret
+//
+//  .Lwith_early_jump_128:
+//     ...
+//     ret
+//
+// These annotations are only required with indirect calls. Private symbols that
+// are only the target of direct calls do not require annotations. Also note
+// that |AARCH64_VALID_CALL_TARGET| is only valid for indirect calls (BLR), not
+// indirect jumps (BR). Indirect jumps in assembly are currently not supported
+// and would require a macro for BTI 'j'.
+//
+// Although not necessary, it is safe to use these macros in 32-bit ARM
+// assembly. This may be used to simplify dual 32-bit and 64-bit files.
+//
+// References:
+// - "ELF for the Arm® 64-bit Architecture"
+//   https://github.com/ARM-software/abi-aa/blob/master/aaelf64/aaelf64.rst
+// - "Providing protection for complex software"
+//   https://developer.arm.com/architectures/learn-the-architecture/providing-protection-for-complex-software
 #if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1
 #define GNU_PROPERTY_AARCH64_BTI (1 << 0)   // Has Branch Target Identification

data/third_party/boringssl-with-bazel/src/include/openssl/base.h CHANGED Viewed

@@ -160,10 +160,6 @@ extern "C" {
 #if defined(__ANDROID_API__)
 #define OPENSSL_ANDROID
-#if defined(BORINGSSL_FIPS)
-// The FIPS module on Android passively receives entropy.
-#define BORINGSSL_FIPS_PASSIVE_ENTROPY
-#endif
 #endif
 #if defined(__FreeBSD__)
@@ -199,7 +195,7 @@ extern "C" {
 // A consumer may use this symbol in the preprocessor to temporarily build
 // against multiple revisions of BoringSSL at the same time. It is not
 // recommended to do so for longer than is necessary.
-#define BORINGSSL_API_VERSION 14
+#define BORINGSSL_API_VERSION 16
 #if defined(BORINGSSL_SHARED_LIBRARY)
@@ -376,7 +372,6 @@ typedef struct X509_info_st X509_INFO;
 typedef struct X509_name_entry_st X509_NAME_ENTRY;
 typedef struct X509_name_st X509_NAME;
 typedef struct X509_pubkey_st X509_PUBKEY;
-typedef struct X509_req_info_st X509_REQ_INFO;
 typedef struct X509_req_st X509_REQ;
 typedef struct X509_sig_st X509_SIG;
 typedef struct X509_val_st X509_VAL;
@@ -409,6 +404,11 @@ typedef struct evp_aead_st EVP_AEAD;
 typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
 typedef struct evp_cipher_st EVP_CIPHER;
 typedef struct evp_encode_ctx_st EVP_ENCODE_CTX;
+typedef struct evp_hpke_aead_st EVP_HPKE_AEAD;
+typedef struct evp_hpke_ctx_st EVP_HPKE_CTX;
+typedef struct evp_hpke_kdf_st EVP_HPKE_KDF;
+typedef struct evp_hpke_kem_st EVP_HPKE_KEM;
+typedef struct evp_hpke_key_st EVP_HPKE_KEY;
 typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
 typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
 typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
@@ -431,7 +431,7 @@ typedef struct spake2_ctx_st SPAKE2_CTX;
 typedef struct srtp_protection_profile_st SRTP_PROTECTION_PROFILE;
 typedef struct ssl_cipher_st SSL_CIPHER;
 typedef struct ssl_ctx_st SSL_CTX;
-typedef struct ssl_ech_server_config_list_st SSL_ECH_SERVER_CONFIG_LIST;
+typedef struct ssl_ech_keys_st SSL_ECH_KEYS;
 typedef struct ssl_method_st SSL_METHOD;
 typedef struct ssl_private_key_method_st SSL_PRIVATE_KEY_METHOD;
 typedef struct ssl_quic_method_st SSL_QUIC_METHOD;
@@ -537,8 +537,39 @@ class StackAllocated {
   StackAllocated() { init(&ctx_); }
   ~StackAllocated() { cleanup(&ctx_); }
-  StackAllocated(const StackAllocated<T, CleanupRet, init, cleanup> &) = delete;
-  T& operator=(const StackAllocated<T, CleanupRet, init, cleanup> &) = delete;
+  StackAllocated(const StackAllocated &) = delete;
+  StackAllocated& operator=(const StackAllocated &) = delete;
+  T *get() { return &ctx_; }
+  const T *get() const { return &ctx_; }
+  T *operator->() { return &ctx_; }
+  const T *operator->() const { return &ctx_; }
+  void Reset() {
+    cleanup(&ctx_);
+    init(&ctx_);
+  }
+ private:
+  T ctx_;
+};
+template <typename T, typename CleanupRet, void (*init)(T *),
+          CleanupRet (*cleanup)(T *), void (*move)(T *, T *)>
+class StackAllocatedMovable {
+ public:
+  StackAllocatedMovable() { init(&ctx_); }
+  ~StackAllocatedMovable() { cleanup(&ctx_); }
+  StackAllocatedMovable(StackAllocatedMovable &&other) {
+    init(&ctx_);
+    move(&ctx_, &other.ctx_);
+  }
+  StackAllocatedMovable &operator=(StackAllocatedMovable &&other) {
+    move(&ctx_, &other.ctx_);
+    return *this;
+  }
   T *get() { return &ctx_; }
   const T *get() const { return &ctx_; }

data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h CHANGED Viewed

@@ -51,6 +51,7 @@ struct cbs_st {
   // Defining any constructors requires we explicitly default the others.
   cbs_st() = default;
   cbs_st(const cbs_st &) = default;
+  cbs_st &operator=(const cbs_st &) = default;
 #endif
 };

data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h CHANGED Viewed

@@ -23,7 +23,7 @@ extern "C" {
 // ChaCha20.
 //
-// ChaCha20 is a stream cipher. See https://tools.ietf.org/html/rfc7539.
+// ChaCha20 is a stream cipher. See https://tools.ietf.org/html/rfc8439.
 // CRYPTO_chacha_20 encrypts |in_len| bytes from |in| with the given key and

data/third_party/boringssl-with-bazel/src/include/openssl/digest.h CHANGED Viewed

@@ -124,6 +124,10 @@ OPENSSL_EXPORT void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
 // copy of |in|. It returns one on success and zero on allocation failure.
 OPENSSL_EXPORT int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+// EVP_MD_CTX_move sets |out|, which must already be initialised, to the hash
+// state in |in|. |in| is mutated and left in an empty state.
+OPENSSL_EXPORT void EVP_MD_CTX_move(EVP_MD_CTX *out, EVP_MD_CTX *in);
 // EVP_MD_CTX_reset calls |EVP_MD_CTX_cleanup| followed by |EVP_MD_CTX_init|. It
 // returns one.
 OPENSSL_EXPORT int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
@@ -324,8 +328,8 @@ BSSL_NAMESPACE_BEGIN
 BORINGSSL_MAKE_DELETER(EVP_MD_CTX, EVP_MD_CTX_free)
 using ScopedEVP_MD_CTX =
-    internal::StackAllocated<EVP_MD_CTX, int, EVP_MD_CTX_init,
-                             EVP_MD_CTX_cleanup>;
+    internal::StackAllocatedMovable<EVP_MD_CTX, int, EVP_MD_CTX_init,
+                                    EVP_MD_CTX_cleanup, EVP_MD_CTX_move>;
 BSSL_NAMESPACE_END

data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h CHANGED Viewed

@@ -73,6 +73,9 @@ extern "C" {
 // space. On successful exit, |*sig_len| is set to the actual number of bytes
 // written. The |type| argument should be zero. It returns one on success and
 // zero otherwise.
+//
+// WARNING: |digest| must be the output of some hash function on the data to be
+// signed. Passing unhashed inputs will not result in a secure signature scheme.
 OPENSSL_EXPORT int ECDSA_sign(int type, const uint8_t *digest,
                               size_t digest_len, uint8_t *sig,
                               unsigned int *sig_len, const EC_KEY *key);
@@ -81,6 +84,10 @@ OPENSSL_EXPORT int ECDSA_sign(int type, const uint8_t *digest,
 // signature by |key| of |digest|. (The |type| argument should be zero.) It
 // returns one on success or zero if the signature is invalid or an error
 // occurred.
+//
+// WARNING: |digest| must be the output of some hash function on the data to be
+// verified. Passing unhashed inputs will not result in a secure signature
+// scheme.
 OPENSSL_EXPORT int ECDSA_verify(int type, const uint8_t *digest,
                                 size_t digest_len, const uint8_t *sig,
                                 size_t sig_len, const EC_KEY *key);
@@ -124,12 +131,19 @@ OPENSSL_EXPORT int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
 // ECDSA_do_sign signs |digest_len| bytes from |digest| with |key| and returns
 // the resulting signature structure, or NULL on error.
+//
+// WARNING: |digest| must be the output of some hash function on the data to be
+// signed. Passing unhashed inputs will not result in a secure signature scheme.
 OPENSSL_EXPORT ECDSA_SIG *ECDSA_do_sign(const uint8_t *digest,
                                         size_t digest_len, const EC_KEY *key);
 // ECDSA_do_verify verifies that |sig| constitutes a valid signature by |key|
 // of |digest|. It returns one on success or zero if the signature is invalid
 // or on error.
+//
+// WARNING: |digest| must be the output of some hash function on the data to be
+// verified. Passing unhashed inputs will not result in a secure signature
+// scheme.
 OPENSSL_EXPORT int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
                                    const ECDSA_SIG *sig, const EC_KEY *key);

data/third_party/boringssl-with-bazel/src/include/openssl/evp.h CHANGED Viewed

@@ -545,14 +545,15 @@ OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
 OPENSSL_EXPORT int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
 // EVP_PKEY_sign signs |digest_len| bytes from |digest| using |ctx|. If |sig| is
-// NULL, the maximum size of the signature is written to
-// |out_sig_len|. Otherwise, |*sig_len| must contain the number of bytes of
-// space available at |sig|. If sufficient, the signature will be written to
-// |sig| and |*sig_len| updated with the true length.
+// NULL, the maximum size of the signature is written to |out_sig_len|.
+// Otherwise, |*sig_len| must contain the number of bytes of space available at
+// |sig|. If sufficient, the signature will be written to |sig| and |*sig_len|
+// updated with the true length. This function will fail for signature
+// algorithms like Ed25519 that do not support signing pre-hashed inputs.
 //
-// This function expects a pre-hashed input and will fail for signature
-// algorithms which do not support this. Use |EVP_DigestSignInit| to sign an
-// unhashed input.
+// WARNING: |digest| must be the output of some hash function on the data to be
+// signed. Passing unhashed inputs will not result in a secure signature scheme.
+// Use |EVP_DigestSignInit| to sign an unhashed input.
 //
 // WARNING: Setting |sig| to NULL only gives the maximum size of the
 // signature. The actual signature may be smaller.
@@ -570,11 +571,13 @@ OPENSSL_EXPORT int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, uint8_t *sig,
 OPENSSL_EXPORT int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
 // EVP_PKEY_verify verifies that |sig_len| bytes from |sig| are a valid
-// signature for |digest|.
+// signature for |digest|. This function will fail for signature
+// algorithms like Ed25519 that do not support signing pre-hashed inputs.
 //
-// This function expects a pre-hashed input and will fail for signature
-// algorithms which do not support this. Use |EVP_DigestVerifyInit| to verify a
-// signature given the unhashed input.
+// WARNING: |digest| must be the output of some hash function on the data to be
+// verified. Passing unhashed inputs will not result in a secure signature
+// scheme. Use |EVP_DigestVerifyInit| to verify a signature given the unhashed
+// input.
 //
 // It returns one on success or zero on error.
 OPENSSL_EXPORT int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig,
@@ -833,6 +836,11 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx,
 // Ed448 and attempts to create keys will fail.
 #define EVP_PKEY_ED448 NID_ED448
+// EVP_PKEY_get0 returns NULL. This function is provided for compatibility with
+// OpenSSL but does not return anything. Use the typed |EVP_PKEY_get0_*|
+// functions instead.
+OPENSSL_EXPORT void *EVP_PKEY_get0(const EVP_PKEY *pkey);
 // OpenSSL_add_all_algorithms does nothing.
 OPENSSL_EXPORT void OpenSSL_add_all_algorithms(void);