boringssl/ssl/CMakeLists.txt

56 lines
782 B
CMake
Raw Normal View History

include_directories(../include)
add_library(
ssl
bio_ssl.c
custom_extensions.c
handshake_server.c
handshake_client.c
d1_both.c
d1_lib.c
d1_pkt.c
d1_srtp.c
dtls_method.c
Factor out the buffering and low-level record code. This begins decoupling the transport from the SSL state machine. The buffering logic is hidden behind an opaque API. Fields like ssl->packet and ssl->packet_length are gone. ssl3_get_record and dtls1_get_record now call low-level tls_open_record and dtls_open_record functions that unpack a single record independent of who owns the buffer. Both may be called in-place. This removes ssl->rstate which was redundant with the buffer length. Future work will push the buffer up the stack until it is above the handshake. Then we can expose SSL_open and SSL_seal APIs which act like *_open_record but return a slightly larger enum due to other events being possible. Likewise the handshake state machine will be detached from its buffer. The existing SSL_read, SSL_write, etc., APIs will be implemented on top of SSL_open, etc., combined with ssl_read_buffer_* and ssl_write_buffer_*. (Which is why ssl_read_buffer_extend still tries to abstract between TLS's and DTLS's fairly different needs.) The new buffering logic does not support read-ahead (removed previously) since it lacks a memmove on ssl_read_buffer_discard for TLS, but this could be added if desired. The old buffering logic wasn't quite right anyway; it tried to avoid the memmove in some cases and could get stuck too far into the buffer and not accept records. (The only time the memmove is optional is in DTLS or if enough of the record header is available to know that the entire next record would fit in the buffer.) The new logic also now actually decrypts the ciphertext in-place again, rather than almost in-place when there's an explicit nonce/IV. (That accidentally switched in https://boringssl-review.googlesource.com/#/c/4792/; see 3d59e04bce96474099ba76786a2337e99ae14505.) BUG=468889 Change-Id: I403c1626253c46897f47c7ae93aeab1064b767b2 Reviewed-on: https://boringssl-review.googlesource.com/5715 Reviewed-by: Adam Langley <agl@google.com>
2015-07-29 02:34:45 +01:00
dtls_record.c
s3_both.c
s3_enc.c
s3_lib.c
s3_pkt.c
ssl_aead_ctx.c
ssl_asn1.c
Factor out the buffering and low-level record code. This begins decoupling the transport from the SSL state machine. The buffering logic is hidden behind an opaque API. Fields like ssl->packet and ssl->packet_length are gone. ssl3_get_record and dtls1_get_record now call low-level tls_open_record and dtls_open_record functions that unpack a single record independent of who owns the buffer. Both may be called in-place. This removes ssl->rstate which was redundant with the buffer length. Future work will push the buffer up the stack until it is above the handshake. Then we can expose SSL_open and SSL_seal APIs which act like *_open_record but return a slightly larger enum due to other events being possible. Likewise the handshake state machine will be detached from its buffer. The existing SSL_read, SSL_write, etc., APIs will be implemented on top of SSL_open, etc., combined with ssl_read_buffer_* and ssl_write_buffer_*. (Which is why ssl_read_buffer_extend still tries to abstract between TLS's and DTLS's fairly different needs.) The new buffering logic does not support read-ahead (removed previously) since it lacks a memmove on ssl_read_buffer_discard for TLS, but this could be added if desired. The old buffering logic wasn't quite right anyway; it tried to avoid the memmove in some cases and could get stuck too far into the buffer and not accept records. (The only time the memmove is optional is in DTLS or if enough of the record header is available to know that the entire next record would fit in the buffer.) The new logic also now actually decrypts the ciphertext in-place again, rather than almost in-place when there's an explicit nonce/IV. (That accidentally switched in https://boringssl-review.googlesource.com/#/c/4792/; see 3d59e04bce96474099ba76786a2337e99ae14505.) BUG=468889 Change-Id: I403c1626253c46897f47c7ae93aeab1064b767b2 Reviewed-on: https://boringssl-review.googlesource.com/5715 Reviewed-by: Adam Langley <agl@google.com>
2015-07-29 02:34:45 +01:00
ssl_buffer.c
ssl_cert.c
ssl_cipher.c
Implement draft-ietf-tls-curve25519-01 in C. The new curve is not enabled by default. As EC_GROUP/EC_POINT is a bit too complex for X25519, this introduces an SSL_ECDH_METHOD abstraction which wraps just the raw ECDH operation. It also tidies up some of the curve code which kept converting back and force between NIDs and curve IDs. Now everything transits as curve IDs except for API entry points (SSL_set1_curves) which take NIDs. Those convert immediately and act on curve IDs from then on. Note that, like the Go implementation, this slightly tweaks the order of operations. The client sees the server public key before sending its own. To keep the abstraction simple, SSL_ECDH_METHOD expects to generate a keypair before consuming the peer's public key. Instead, the client handshake stashes the serialized peer public value and defers parsing it until it comes time to send ClientKeyExchange. (This is analogous to what it was doing before where it stashed the parsed peer public value instead.) It still uses TLS 1.2 terminology everywhere, but this abstraction should also be compatible with TLS 1.3 which unifies (EC)DH-style key exchanges. (Accordingly, this abstraction intentionally does not handle parsing the ClientKeyExchange/ServerKeyExchange framing or attempt to handle asynchronous plain RSA or the authentication bits.) BUG=571231 Change-Id: Iba09dddee5bcdfeb2b70185308e8ab0632717932 Reviewed-on: https://boringssl-review.googlesource.com/6780 Reviewed-by: Adam Langley <agl@google.com>
2015-12-19 05:18:25 +00:00
ssl_ecdh.c
ssl_file.c
ssl_lib.c
ssl_rsa.c
ssl_rsa_cc.cc
ssl_session.c
ssl_stat.c
ssl_x509.c
t1_enc.c
t1_lib.c
tls_method.c
Factor out the buffering and low-level record code. This begins decoupling the transport from the SSL state machine. The buffering logic is hidden behind an opaque API. Fields like ssl->packet and ssl->packet_length are gone. ssl3_get_record and dtls1_get_record now call low-level tls_open_record and dtls_open_record functions that unpack a single record independent of who owns the buffer. Both may be called in-place. This removes ssl->rstate which was redundant with the buffer length. Future work will push the buffer up the stack until it is above the handshake. Then we can expose SSL_open and SSL_seal APIs which act like *_open_record but return a slightly larger enum due to other events being possible. Likewise the handshake state machine will be detached from its buffer. The existing SSL_read, SSL_write, etc., APIs will be implemented on top of SSL_open, etc., combined with ssl_read_buffer_* and ssl_write_buffer_*. (Which is why ssl_read_buffer_extend still tries to abstract between TLS's and DTLS's fairly different needs.) The new buffering logic does not support read-ahead (removed previously) since it lacks a memmove on ssl_read_buffer_discard for TLS, but this could be added if desired. The old buffering logic wasn't quite right anyway; it tried to avoid the memmove in some cases and could get stuck too far into the buffer and not accept records. (The only time the memmove is optional is in DTLS or if enough of the record header is available to know that the entire next record would fit in the buffer.) The new logic also now actually decrypts the ciphertext in-place again, rather than almost in-place when there's an explicit nonce/IV. (That accidentally switched in https://boringssl-review.googlesource.com/#/c/4792/; see 3d59e04bce96474099ba76786a2337e99ae14505.) BUG=468889 Change-Id: I403c1626253c46897f47c7ae93aeab1064b767b2 Reviewed-on: https://boringssl-review.googlesource.com/5715 Reviewed-by: Adam Langley <agl@google.com>
2015-07-29 02:34:45 +01:00
tls_record.c
tls13_both.c
tls13_client.c
tls13_enc.c
tls13_server.c
)
target_link_libraries(ssl crypto)
add_executable(
ssl_test
ssl_test.cc
Do a cursory conversion of a few tests to GTest. For now, this is the laziest conversion possible. The intent is to just get the build setup ready so that we can get everything working in our consumers. The intended end state is: - The standalone build produces three test targets, one per library: {crypto,ssl,decrepit}_tests. - Each FOO_test is made up of: FOO/**/*_test.cc crypto/test/gtest_main.cc test_support - generate_build_files.py emits variables crypto_test_sources and ssl_test_sources. These variables are populated with FindCFiles, looking for *_test.cc. - The consuming file assembles those variables into the two test targets (plus decrepit) from there. This avoids having generate_build_files.py emit actual build rules. - Our standalone builders, Chromium, and Android just run the top-level test targets using whatever GTest-based reporting story they have. In transition, we start by converting one of two tests in each library to populate the three test targets. Those are added to all_tests.json and all_tests.go hacked to handle them transparently. This keeps our standalone builder working. generate_build_files.py, to start with, populates the new source lists manually and subtracts them out of the old machinery. We emit both for the time being. When this change rolls in, we'll write all the build glue needed to build the GTest-based tests and add it to consumers' continuous builders. Next, we'll subsume a file-based test and get the consumers working with that. (I.e. make sure the GTest targets can depend on a data file.) Once that's all done, we'll be sure all this will work. At that point, we start subsuming the remaining tests into the GTest targets and, asynchronously, rewriting tests to use GTest properly rather than cursory conversion here. When all non-GTest tests are gone, the old generate_build_files.py hooks will be removed, consumers updated to not depend on them, and standalone builders converted to not rely on all_tests.go, which can then be removed. (Unless bits end up being needed as a malloc test driver. I'm thinking we'll want to do something with --gtest_filter.) As part of this CL, I've bumped the CMake requirements (for target_include_directories) and added a few suppressions for warnings that GTest doesn't pass. BUG=129 Change-Id: I881b26b07a8739cc0b52dbb51a30956908e1b71a Reviewed-on: https://boringssl-review.googlesource.com/13232 Reviewed-by: Adam Langley <agl@google.com>
2017-01-20 00:05:47 +00:00
$<TARGET_OBJECTS:gtest_main>
$<TARGET_OBJECTS:test_support>
)
Do a cursory conversion of a few tests to GTest. For now, this is the laziest conversion possible. The intent is to just get the build setup ready so that we can get everything working in our consumers. The intended end state is: - The standalone build produces three test targets, one per library: {crypto,ssl,decrepit}_tests. - Each FOO_test is made up of: FOO/**/*_test.cc crypto/test/gtest_main.cc test_support - generate_build_files.py emits variables crypto_test_sources and ssl_test_sources. These variables are populated with FindCFiles, looking for *_test.cc. - The consuming file assembles those variables into the two test targets (plus decrepit) from there. This avoids having generate_build_files.py emit actual build rules. - Our standalone builders, Chromium, and Android just run the top-level test targets using whatever GTest-based reporting story they have. In transition, we start by converting one of two tests in each library to populate the three test targets. Those are added to all_tests.json and all_tests.go hacked to handle them transparently. This keeps our standalone builder working. generate_build_files.py, to start with, populates the new source lists manually and subtracts them out of the old machinery. We emit both for the time being. When this change rolls in, we'll write all the build glue needed to build the GTest-based tests and add it to consumers' continuous builders. Next, we'll subsume a file-based test and get the consumers working with that. (I.e. make sure the GTest targets can depend on a data file.) Once that's all done, we'll be sure all this will work. At that point, we start subsuming the remaining tests into the GTest targets and, asynchronously, rewriting tests to use GTest properly rather than cursory conversion here. When all non-GTest tests are gone, the old generate_build_files.py hooks will be removed, consumers updated to not depend on them, and standalone builders converted to not rely on all_tests.go, which can then be removed. (Unless bits end up being needed as a malloc test driver. I'm thinking we'll want to do something with --gtest_filter.) As part of this CL, I've bumped the CMake requirements (for target_include_directories) and added a few suppressions for warnings that GTest doesn't pass. BUG=129 Change-Id: I881b26b07a8739cc0b52dbb51a30956908e1b71a Reviewed-on: https://boringssl-review.googlesource.com/13232 Reviewed-by: Adam Langley <agl@google.com>
2017-01-20 00:05:47 +00:00
target_link_libraries(ssl_test ssl crypto gtest)
add_dependencies(all_tests ssl_test)