Commit Graph

4677 Commits

Author SHA1 Message Date
Alessandro Ghedini
01f26f3f32 Re-add hmac.h include to ssl.h.
Commit 9a4876e193 broke NGINX builds with
BoringSSL due to this missing include (OpenSSL builds work fine):

  src/event/ngx_event_openssl.c: In function ‘ngx_ssl_session_ticket_key_callback’:
  src/event/ngx_event_openssl.c:3065:13: error: implicit declaration of function ‘HMAC_Init_ex’; did you mean ‘SHA1_Init’? [-Werror=implicit-function-declaration]
           if (HMAC_Init_ex(hctx, key[0].hmac_key, size, digest, NULL) != 1) {
               ^~~~~~~~~~~~

Change-Id: Ie7170f05034d5fd8c85d1948b4ab9c9bb8447d13
Reviewed-on: https://boringssl-review.googlesource.com/21664
Reviewed-by: Adam Langley <agl@google.com>
2017-10-12 01:47:26 +00:00
Adam Langley
771df4416a Initialise a variable to zero for GCC 7.2.0.
GCC 7.2.0 (in Release builds) can't figure out that |type| is always
set:

../ssl/tls_record.cc: In function ‘bssl::OpenRecordResult bssl::OpenRecord(SSL*, bssl::Span<unsigned char>*, size_t*, uint8_t*, bssl::Span<unsigned char>)’:
../ssl/tls_record.cc:595:44: error: ‘type’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
       if (type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_ALERT) {
cc1plus: all warnings being treated as errors

Change-Id: I1ca9683a18d89097288018f48b50991bce185da8
Reviewed-on: https://boringssl-review.googlesource.com/21724
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2017-10-12 01:13:21 +00:00
David Benjamin
1f1ac63bff Fix typo in TODO comment.
Thanks to Alex Gaynor for reporting this.

Change-Id: I983ecb33cf017160f82582cc79e71f8ae7b30b99
Reviewed-on: https://boringssl-review.googlesource.com/21744
Reviewed-by: David Benjamin <davidben@google.com>
2017-10-11 23:30:42 +00:00
David Benjamin
666d16e262 Go through SSL_PROTOCOL_METHOD in the handshake.
The handshake should be generic between TLS and DTLS.

Change-Id: I6feb2f013dd5d771f206750653ab9d117d7ea716
Reviewed-on: https://boringssl-review.googlesource.com/21348
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
2017-10-11 22:52:45 +00:00
David Benjamin
31640931e6 Switch all the extension callbacks to bools.
Change-Id: I4d24f7666aa862f2aaac91b6325a452ce2f219eb
Reviewed-on: https://boringssl-review.googlesource.com/21624
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-11 20:27:32 +00:00
David Benjamin
7e58c5ef20 Switch more things to bools.
Change-Id: I11e3cf9be7757fcf1dd50ca8d6d449aa83edf71f
Reviewed-on: https://boringssl-review.googlesource.com/21604
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-11 20:22:43 +00:00
David Benjamin
664e99a648 Make SSL_CTX opaque.
This frees us up to make SSL_CTX a C++ type and avoids a lot of
protrusions of otherwise private types into the global namespace.

Bug: 6
Change-Id: I8a0624a53a4d26ac4a483fa270c39ecdd07459ee
Reviewed-on: https://boringssl-review.googlesource.com/21584
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-11 16:46:20 +00:00
Steven Valdez
be165a2e70 Fix missing TicketMaxEarlyDataInfo in first session ticket.
Change-Id: Ib24208e0ebdb1787c629ee29bd0115332ac36e73
Reviewed-on: https://boringssl-review.googlesource.com/21484
Reviewed-by: David Benjamin <davidben@google.com>
2017-10-10 21:03:10 +00:00
Bruce Dawson
e05b72c257 Use constexpr to avoid kNamedGroups initializer
On some Chrome builds on Windows (including the official builds that we
ship) there are dynamic initializers for kNamedGroups in chrome.dll and
chrome_child.dll. Tagging this array with constexpr is guaranteed to
avoid this.

Bug: chromium:341941
Change-Id: I0e4ea0665b8ed9640b76b709dd300416be49e59e
Reviewed-on: https://boringssl-review.googlesource.com/21564
Reviewed-by: Bruce Dawson <brucedawson@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-10 21:01:59 +00:00
David Benjamin
2450027e59 Fold away clean boolean in BUF_MEM.
OPENSSL_free always zeros things now.

Change-Id: Iaad94f0d7ad51ade05ae89751321314d235d6d67
Reviewed-on: https://boringssl-review.googlesource.com/21384
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-10 18:58:20 +00:00
David Benjamin
03a4b96c12 Move has_message logic to ssl3_get_message.
This doesn't particularly matter but is more consistent with DTLS and
avoids the callback being potentially called from two places.

Change-Id: I2f57ca94d2d532c56f37a0bac7000c15b3b4b520
Reviewed-on: https://boringssl-review.googlesource.com/21344
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
2017-10-10 15:48:57 +00:00
David Benjamin
23c25d5b3a Rename some things for consistency.
We usually use read/write rather than recv/send to describe the two
sides.

Change-Id: Ie3ac8c52c59ea9a5143f56b894f58cecd351dc7d
Reviewed-on: https://boringssl-review.googlesource.com/21304
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
2017-10-10 15:39:07 +00:00
David Benjamin
a84b6f26a9 Fix comment.
Clients need not accept CertificateRequest. We don't, have no intention
to, and post-handshake auth now requires an extension.

Change-Id: I2160c89e4a6988a7d743052b588d8aa2598ffabf
Reviewed-on: https://boringssl-review.googlesource.com/21305
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
2017-10-10 15:33:07 +00:00
David Benjamin
c64d123933 Push Span down a layer.
Change-Id: I893292b140d033a5aed7e08f928a6c32996bb983
Reviewed-on: https://boringssl-review.googlesource.com/21287
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-10 14:27:58 +00:00
David Benjamin
751d1a1c22 Fold ssl_open_record_fatal_alert into ssl_open_record_error.
The only difference is whether there's an alert to send back, but we'll
need to allow an "error without alert" in several cases anyway:

1. If the server sees an HTTP request or garbage instead of a
   ClientHello, it shouldn't send an alert.

2. Resurfaced errors.

Just make zero signal no alert for now. Later on, I'm thinking we might
just want to put the alert into the outgoing buffer and make it further
uniform.

This also gives us only one error state to keep track of rather than
two.

Bug: 206
Change-Id: Ia821d9f89abd2ca6010e8851220d4e070bc42fa1
Reviewed-on: https://boringssl-review.googlesource.com/21286
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
2017-10-10 03:07:57 +00:00
David Benjamin
e52f4c4642 Replay the entire error queue on ssl_hs_error.
This is analogous to the Go stack's handshakeErr field. Since it's quite
common for callers to run two I/O operations in parallel[*] like
SSL_read and SSL_write (or SSL_read and SSL_do_handshake for client
0-RTT). Accordingly, the new handshake state machine jams itself up on
handshake error, but to fully work with such callers, we should also
replay the error state.

This doesn't yet catch all cases (there are some parts of the read flow
which need to be fixed). Those will be resolved in later changes.

[*] Not actually in parallel, of course, but logically in parallel on a
non-blocking socket.

Bug: 206
Change-Id: I5a4d37a258b9e3fc555b732938b0528b839650f8
Reviewed-on: https://boringssl-review.googlesource.com/21285
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
2017-10-09 21:53:33 +00:00
David Benjamin
b25a8999be Add the ability to save and restore the error state.
This will be useful for the SSL stack to properly resurface handshake
failures. Leave this in a private header and, along the way, hide the
various types.

(ERR_NUM_ERRORS didn't change in meaning. The old documentation was
wrong.)

Bug: 206
Change-Id: I4c6ca98d162d11ad5e17e4baf439a18fbe371018
Reviewed-on: https://boringssl-review.googlesource.com/21284
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
2017-10-09 21:43:13 +00:00
David Benjamin
89bd372a02 Revert "Add new bots to the CQ."
This reverts commit 73ffb74b9e. The CQ
versions seem to be broken for some reason. Will debug this later.

Change-Id: Ib5e30d612c55e907edf8ecede7f3d5e123d97bfb
Reviewed-on: https://boringssl-review.googlesource.com/21464
Reviewed-by: David Benjamin <davidben@google.com>
2017-10-09 21:38:10 +00:00
David Benjamin
73ffb74b9e Add new bots to the CQ.
We'll see if this becomes too burdensome.

Change-Id: I51546c3f6ee38e70a9397f9ce695035d382acfa0
Reviewed-on: https://boringssl-review.googlesource.com/21424
Reviewed-by: Steven Valdez <svaldez@google.com>
2017-10-09 20:52:23 +00:00
Robert Sloan
e091af4f37 Special-case Eureka in generate_build_targets.py.
This change upstreams
https://android-review.googlesource.com/#/c/platform/external/boringssl/+/504700
by bcf@, which adds generated makefile options for Eureka targets that
depend on the legacy Android.mk build system.

Change-Id: I9b98b7e6f245c6c2525357afe246b5002065127d
Reviewed-on: https://boringssl-review.googlesource.com/21444
Reviewed-by: David Benjamin <davidben@google.com>
2017-10-09 20:44:15 +00:00
Daniel Wagner-Hall
10154320fd Set -Wno-array-bounds on gcc<4.8
It spuriously complains about pointer math on function arguments which
are arrays.

Change-Id: I23b3494740196d5d46ce525a32dd43782e77f0ce
Reviewed-on: https://boringssl-review.googlesource.com/21404
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-09 20:43:39 +00:00
Adam Langley
2e9bb4eb96 Fix comment about EarlyCCS.
Thanks to Dimitar Vlahovski for pointing this out.

Change-Id: I417f52ec6c3e950bdab6079962b29976fb75c029
Reviewed-on: https://boringssl-review.googlesource.com/21324
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-06 22:46:57 +00:00
David Benjamin
861f28a624 Clear one more timeout when using gdb.
https://boringssl-review.googlesource.com/18605 got the other ones.

Change-Id: If00487a4dd8508496a31a0a565c965559e12879c
Reviewed-on: https://boringssl-review.googlesource.com/21264
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-06 17:23:07 +00:00
David Benjamin
4519a5a063 Pass -fmsc-version=1900 to clang-cl.
This matches the Chromium build. There are some build errors when using
the newer toolchain's headers. This might resolve it? clang-cl
apparently claims VS2013 by default and Microsoft's headers are
sensitive to this.

Change-Id: Ib849e33d8a28649d981ea73972f568fd81e534a1
Reviewed-on: https://boringssl-review.googlesource.com/21244
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-06 15:41:27 +00:00
David Benjamin
3b5b87f579 Teach vs_toolchain.py to load both MSVC 2015 and 2017.
The default is still 2015, but I'll use this to spin up some 2017 bots
as well.

Change-Id: Id189791c5c50ae5403f7d6db1cd486f8a3f43dfa
Reviewed-on: https://boringssl-review.googlesource.com/21165
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-06 14:47:50 +00:00
David Benjamin
75d36eacf8 No-op change to kick the bots
Change-Id: I6cd6a7eb670ad20dfdfc1895940fb023d18d37b3
2017-10-05 20:24:42 -04:00
David Benjamin
02afbd338e Build with clang-cl standalone.
Our build logic needed to revised and and clang implements more warnings
than MSVC, so GTest needed more fixes.

Bug: 200
Change-Id: I84c5dd0c51079dd9c990e08dbea7f9022a7d6842
Reviewed-on: https://boringssl-review.googlesource.com/21204
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-05 20:42:49 +00:00
David Benjamin
392cedd0a2 Fx DH_set0_pqg.
Typo.

Change-Id: Iab3e04339bb868fd6d247c6696f33f5b7150408d
Reviewed-on: https://boringssl-review.googlesource.com/21184
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Martin Kreichgauer <martinkr@google.com>
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-05 18:50:48 +00:00
David Benjamin
12fdd08a40 Remove C4245 suppression.
Chromium builds with this warning on. This lets us notice problems (of
which there were only one) sooner. I'll try to align the other warnings
in a follow-up.

Change-Id: Id0960b782733b799e1c3e82f89c2aaba0bdd6833
Reviewed-on: https://boringssl-review.googlesource.com/21164
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-05 17:34:58 +00:00
Daniel Wagner-Hall
1de690b992 Ignore unused value
Right now, compiling with the stock gcc on debian, cmake is compiling
with -Wall which gives an error because -Wunused-value.

The gcc version is gcc (Debian 4.7.2-5) 4.7.2.

Change-Id: Iafd4cc14a22fe788d4c7bdb05202fd856f0c6395
Reviewed-on: https://boringssl-review.googlesource.com/21144
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-05 15:20:48 +00:00
David Benjamin
6c1f2b77de Test that we tolerate server-sent supported groups.
I should have added this test in
https://boringssl-review.googlesource.com/10320. This is necessary in
TLS 1.3 and spec compliance and TLS 1.2 to tolerate some broken servers.

Change-Id: Ibb52eaa1e370062f83e84856ef7f1c2c79d6a5d3
Reviewed-on: https://boringssl-review.googlesource.com/21124
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-05 15:14:29 +00:00
David Benjamin
a65c252f78 Further simplify error queue flags.
ERR_FLAGS_STRING is meaningless and we can use a bitfield for the mark
bit.

Change-Id: I6f677b55b11316147512171629196c651cb33ca9
Reviewed-on: https://boringssl-review.googlesource.com/21084
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-04 16:02:16 +00:00
David Benjamin
1c58471cc9 Add TLS 1.3 EXPORTER_SECRET to SSLKEYLOGFILE.
Per discussion in https://bugzilla.mozilla.org/show_bug.cgi?id=1287711.
Otherwise this feature won't work for QUIC.

Change-Id: Ia799bfd1e29c01161c4298fb3124c96f62ada9c5
Reviewed-on: https://boringssl-review.googlesource.com/21104
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-04 15:24:58 +00:00
David Benjamin
e7136a978f Fix sha1.c's preprocessor checks.
sha1-altivec.c is not sensitive to OPENSSL_NO_ASM, so sha1.c needs to
disable the generic implementation accordingly.

Bug: 204
Change-Id: Ic655f8b76907f07da33afa863d1b24d62d42e23a
Reviewed-on: https://boringssl-review.googlesource.com/21064
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-03 22:24:34 +00:00
David Benjamin
a4bafd33b3 Add SSL_SESSION_{get,set}_protocol_version.
SSL_SESSION_set_protocol_version is useful when unit-testing a session
cache.

Change-Id: I4b04e31d61ce40739323248e3e5fdae498c4645e
Reviewed-on: https://boringssl-review.googlesource.com/21044
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-03 19:52:34 +00:00
Steven Valdez
4c7f5fa023 Remove old TLS 1.3 variants (NoSessionID and RecordType).
Change-Id: I2428321218d0b5dce242e3843d39ca269e1eb686
Reviewed-on: https://boringssl-review.googlesource.com/20984
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2017-10-03 18:12:23 +00:00
David Benjamin
51776b0aeb Document more of err.h.
A lot of the private functions are public APIs.

Change-Id: Icb5b6691088f27e16fb1d5f9fb8422e7cf2bab3e
Reviewed-on: https://boringssl-review.googlesource.com/21005
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-02 21:26:58 +00:00
David Benjamin
e1c3dad959 Error data is always a NUL-terminated malloced string.
Cut down on the number of cases we need to worry about here. In
particular, it would be useful for the handshake to be able to replay an
error.

Change-Id: I2345faaff5503ede1324a5599e680de83f4b106e
Reviewed-on: https://boringssl-review.googlesource.com/21004
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-02 21:24:08 +00:00
David Benjamin
f496249405 Switch int to bool in ssl_cipher.cc.
Change-Id: I815f9fa77e08f72b0130ea9ef0dda751bf2ed7a6
Reviewed-on: https://boringssl-review.googlesource.com/20826
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
2017-10-02 20:41:20 +00:00
David Benjamin
ed9aed1ac6 int to bool in ssl_versions.cc.
Bug: 132
Change-Id: I1d6cd1dd7470a3f64ec91b954042ed3f8c6b561e
Reviewed-on: https://boringssl-review.googlesource.com/20825
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
2017-10-02 20:41:08 +00:00
David Benjamin
63a0797ff2 Remove now unnecessary _POSIX_C_SOURCE bits to work around macOS bug.
crypto/bio/bio_test.cc - I'm not sure where this was added for, but none
   of the functions used there appear to have feature macros documented.
crypto/bio/printf.c - -std=c99 provides (v)snprintf.
crypto/lhash/lhash_test.cc - we no longer call rand_r.
crypto/mem.c - we no longer call strdup and -std=c99 provides (v)snprintf.

Apple messed up their headers and, if _POSIX_C_SOURCE is defined but
_DARWIN_C_SOURCE isn't, pthread.h no longer defines mach_port_t. They
then shipped a version of libc++ headers that is missing this fix, so
the build breaks:
bcc92d75df

If one uses XCode, they've hacked their pthread.h to provide mach_port_t
if defined(__cplusplus), but the standalone tools appear to be old and
missing this.

We can work around this by also defining _DARWIN_C_SOURCE in C++ files
that need _POSIX_C_SOURCE, but it appears none of these files actually
need it.

Change-Id: I5df9453730696100eb22b809febeb65053701322
Reviewed-on: https://boringssl-review.googlesource.com/20964
Reviewed-by: Adam Langley <agl@google.com>
2017-10-02 20:02:22 +00:00
David Benjamin
b949355132 Add bssl::Span<T>::subspan and use it.
This roughly aligns with absl::Span<T>::subspan.

Bug: 132
Change-Id: Iaf29418c1b10e2d357763dec90b6cb1371b86c3b
Reviewed-on: https://boringssl-review.googlesource.com/20824
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
2017-10-02 19:33:28 +00:00
David Benjamin
312e1e4f66 Quote CMAKE_OSX_SYSROOT.
In case the XCode install is at, say "/Applications/Xcode 9.app". This
won't work if the path contains quotes, but it doesn't appear CMake
itself makes any effort to handle that right.

Change-Id: Ifecf6147d44ffdae8c2692b2d6c94bfafd8d7714
Reviewed-on: https://boringssl-review.googlesource.com/20944
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-02 19:22:17 +00:00
David Benjamin
575334657f Use BN_mod_exp_mont_consttime in dsa_priv_decode.
The exponent is secret, so we should be using the consttime variant. See
also upstream's f9cbf470180841966338db1f4c28d99ec4debec4.

Change-Id: I233d4223ded5b80711d7c8f906e3579c36b24cd0
Reviewed-on: https://boringssl-review.googlesource.com/20924
Reviewed-by: Adam Langley <agl@google.com>
2017-09-29 23:19:22 +00:00
David Benjamin
81f030b106 Switch OPENSSL_VERSION_NUMBER to 1.1.0.
Although we are derived from 1.0.2, we mimic 1.1.0 in some ways around
our FOO_up_ref functions and opaque libssl types. This causes some
difficulties when porting third-party code as any OPENSSL_VERSION_NUMBER
checks for 1.1.0 APIs we have will be wrong.

Moreover, adding accessors without changing OPENSSL_VERSION_NUMBER can
break external projects. It is common to implement a compatibility
version of an accessor under #ifdef as a static function. This then
conflicts with our headers if we, unlike OpenSSL 1.0.2, have this
function.

This change switches OPENSSL_VERSION_NUMBER to 1.1.0 and atomically adds
enough accessors for software with 1.1.0 support already. The hope is
this will unblock hiding SSL_CTX and SSL_SESSION, which will be
especially useful with C++-ficiation. The cost is we will hit some
growing pains as more 1.1.0 consumers enter the ecosystem and we
converge on the right set of APIs to import from upstream.

It does not remove any 1.0.2 APIs, so we will not require that all
projects support 1.1.0. The exception is APIs which changed in 1.1.0 but
did not change the function signature. Those are breaking changes.
Specifically:

- SSL_CTX_sess_set_get_cb is now const-correct.

- X509_get0_signature is now const-correct.

For C++ consumers only, this change temporarily includes an overload
hack for SSL_CTX_sess_set_get_cb that keeps the old callback working.
This is a workaround for Node not yet supporting OpenSSL 1.1.0.

The version number is set at (the as yet unreleased) 1.1.0g to denote
that this change includes https://github.com/openssl/openssl/pull/4384.

Bug: 91
Change-Id: I5eeb27448a6db4c25c244afac37f9604d9608a76
Reviewed-on: https://boringssl-review.googlesource.com/10340
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2017-09-29 04:51:27 +00:00
David Benjamin
ced6e76661 Make all_tests.go output cleaner.
It's a little hard to read with all those command-lines flying by. Only
print out full commands for failing tests.

Change-Id: I35f2febf7686dbc1ab428fe5d06afee2afa8bcaf
Reviewed-on: https://boringssl-review.googlesource.com/20905
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-09-28 21:28:50 +00:00
David Benjamin
737d2dffdf Convert ClientHello tests to GTest.
I was just passing by.

Change-Id: I0212b4a1a3fd2ad24d7157181cd55a92263a3727
Reviewed-on: https://boringssl-review.googlesource.com/20904
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-09-28 19:28:47 +00:00
David Benjamin
e9c7b1c8ae Add SSL_SESSION_is_single_use.
Querying versions is a bit of a mess between DTLS and TLS and variants
and friends. Add SSL_SESSION_is_single_use which informs the caller
whether the session should be single-use.

Bug: chromium:631988
Change-Id: I745d8a5dd5dc52008fe99930d81fed7651b92e4e
Reviewed-on: https://boringssl-review.googlesource.com/20844
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-09-28 18:38:17 +00:00
David Benjamin
21fa684236 Have fun with lock scopers.
Change-Id: I2697349024769545c2c37173e6ed68640b7d3b78
Reviewed-on: https://boringssl-review.googlesource.com/20805
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-09-28 17:49:37 +00:00
David Benjamin
9eaa3bd55d Remove SSL_CTX_sessions and properly lock SSL_CTX_sess_number.
SSL_CTX_sessions is the only think making us expose LHASH as public API
and nothing uses it. Nothing can use it anyway as it's not thread-safe.
I haven't actually removed it yet since SSL_CTX is public, but once the
types are opaque, we could trim the number of symbols ssl.h pulls in
with some work.

Relatedly, fix thread safety of SSL_CTX_sess_number.

Change-Id: I75a6c93509d462cd5ed3ce76c587f0d1e7cd0797
Reviewed-on: https://boringssl-review.googlesource.com/20804
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-09-27 21:58:05 +00:00