Commit Graph

17 Commits

Author SHA1 Message Date
Aaron Green
862e0d2e1b Add cpu-aarch64-fuchsia.c
Fuchsia/Zircon recently added support for exposing arm64 CPU features;
this CL uses the new system call to set OPENSSL_armcap_P.

Change-Id: I045dc0b58117afe6dae315a82bf9acfd8d99be1a
Reviewed-on: https://boringssl-review.googlesource.com/25865
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-02-13 20:12:47 +00:00
David Benjamin
81f030b106 Switch OPENSSL_VERSION_NUMBER to 1.1.0.
Although we are derived from 1.0.2, we mimic 1.1.0 in some ways around
our FOO_up_ref functions and opaque libssl types. This causes some
difficulties when porting third-party code as any OPENSSL_VERSION_NUMBER
checks for 1.1.0 APIs we have will be wrong.

Moreover, adding accessors without changing OPENSSL_VERSION_NUMBER can
break external projects. It is common to implement a compatibility
version of an accessor under #ifdef as a static function. This then
conflicts with our headers if we, unlike OpenSSL 1.0.2, have this
function.

This change switches OPENSSL_VERSION_NUMBER to 1.1.0 and atomically adds
enough accessors for software with 1.1.0 support already. The hope is
this will unblock hiding SSL_CTX and SSL_SESSION, which will be
especially useful with C++-ficiation. The cost is we will hit some
growing pains as more 1.1.0 consumers enter the ecosystem and we
converge on the right set of APIs to import from upstream.

It does not remove any 1.0.2 APIs, so we will not require that all
projects support 1.1.0. The exception is APIs which changed in 1.1.0 but
did not change the function signature. Those are breaking changes.
Specifically:

- SSL_CTX_sess_set_get_cb is now const-correct.

- X509_get0_signature is now const-correct.

For C++ consumers only, this change temporarily includes an overload
hack for SSL_CTX_sess_set_get_cb that keeps the old callback working.
This is a workaround for Node not yet supporting OpenSSL 1.1.0.

The version number is set at (the as yet unreleased) 1.1.0g to denote
that this change includes https://github.com/openssl/openssl/pull/4384.

Bug: 91
Change-Id: I5eeb27448a6db4c25c244afac37f9604d9608a76
Reviewed-on: https://boringssl-review.googlesource.com/10340
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2017-09-29 04:51:27 +00:00
David Benjamin
6881ec0465 Add a note to PORTING.md about free/OPENSSL_free mixups.
Change-Id: I7cf0e67148c0908e5a4c670251419a8bc15fbea9
Reviewed-on: https://boringssl-review.googlesource.com/20109
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
2017-09-07 23:04:31 +00:00
David Benjamin
5c4271f7cb Don't reauthenticate on renegotiation.
We currently forbid the server certificate from changing on
renegotiation. This means re-verifying the certificate is pointless and
indeed the callback being called again seems to surprise consumers more
than anything else.

Carry over the initial handshake's SCT lists and OCSP responses (don't
enforce they don't change since the server may have, say, picked up new
OCSP responses in the meantime), ignore new ones received on
renegotiation, and don't bother redoing verification.

For our purposes, TLS 1.2 renegotiation is an overcomplicated TLS 1.3
KeyUpdate + post-handshake auth. The server is not allowed to change
identity.

Bug: 126
Change-Id: I0dae85bcf243943b1a5a97fa4f30f100c9e6e41e
Reviewed-on: https://boringssl-review.googlesource.com/19665
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-24 16:14:22 +00:00
David Benjamin
5ef40c60f6 Mark renego-established sessions not resumable.
We do not call the new_session callback on renego, but a consumer using
SSL_get_session may still attempt to resume such a session. Leave the
not_resumable flag unset. Also document this renegotiation restriction.

Change-Id: I5361f522700b02edf5272ba5089c0777e5dafb09
Reviewed-on: https://boringssl-review.googlesource.com/19664
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-24 16:10:54 +00:00
Adam Langley
c90be3b143 Add a paragraph to PORTING.md about async private keys.
Change-Id: I4aae8066292bf9a5dd5d94e8568cbfbca99746dc
Reviewed-on: https://boringssl-review.googlesource.com/18925
Reviewed-by: David Benjamin <davidben@google.com>
2017-08-04 19:34:52 +00:00
Adam Langley
61c9838d2d Add some documentation for CRYPTO_BUFFERs.
Change-Id: I2b8b6b784e72c6d38ca55158a395fc2619fd47ba
Reviewed-on: https://boringssl-review.googlesource.com/18606
Reviewed-by: David Benjamin <davidben@google.com>
2017-07-28 19:25:38 +00:00
Adam Langley
a6b8689dc9 Document our strict behaviour when clients attempt renegotiation.
The TLS standard suggests[1] that no_renegotation should be a warning alert
and that a client be able to decide whether to continue. This change
documents in PORTING.md that BoringSSL responds with a fatal alert
instead.

This is because we do not want to have any messages that are absorbed
without limit in the TLS layer because they may bypass limits
implemented at a higher level. We could limit the number of ClientHello
messages in the same way that we limit empty records, but we have had
this fatal behaviour for a long time without issue and it's simple.

(Technically this violates the RFC because the RFC says that
no_renegotation is always a warning.)

[1] https://tools.ietf.org/html/rfc5246#section-7.2.2

Change-Id: I4d4a696114f7e2b85f39e3fcb7b2c914cef661f2
Reviewed-on: https://boringssl-review.googlesource.com/18409
Reviewed-by: David Benjamin <davidben@google.com>
2017-07-25 21:41:25 +00:00
David Benjamin
48e1d180a4 Restore SSL_CTX_set_ecdh_auto compatibility hook.
This was inadvertently dropped in
59015c365b. Python otherwise configures
P-256 if it assumes our OpenSSL predate's 1.0.2's multi-curve support.
This disables X25519, our preferred curve.

Change-Id: Ibf758583ea53e68c56667f16ee7096656bac719b
Reviewed-on: https://boringssl-review.googlesource.com/14208
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-03-14 14:54:45 +00:00
David Benjamin
707720ca22 Add a note in PORTING to ask us before adding ifdefs.
People seem to like adding ifdefs for us for random initialization
functions that are cheap enough to add no-ops stubs for.

Change-Id: I7fb4e978e035329cd81d9bf33ab0d64fde6cc05f
Reviewed-on: https://boringssl-review.googlesource.com/10280
Reviewed-by: Adam Langley <agl@google.com>
2016-08-11 15:48:14 +00:00
David Benjamin
d8ba86d84f Add a table for porting SSL_CTX_ctrl code.
It was pointed out that the equivalent values may sometimes be hard to
find.

Change-Id: I02a1790e026047b3dc2034c2f9ad75abc9e59eb7
Reviewed-on: https://boringssl-review.googlesource.com/8800
Reviewed-by: Adam Langley <agl@google.com>
2016-07-15 22:41:06 +00:00
David Benjamin
4aafe6a3af Document the d2i object reuse changes in PORTING.md.
Change-Id: I1875c5246c7da19af13683ca36c737c188a97d18
Reviewed-on: https://boringssl-review.googlesource.com/6984
Reviewed-by: Adam Langley <agl@google.com>
2016-02-02 16:21:20 +00:00
David Benjamin
471abb1f21 Update PORTING.md for the new renego API.
SSL_set_renegotiate_mode to avoid my original double-negative confusion.

Change-Id: I23537aeac53c4969fd81307a676f33d6768da55f
Reviewed-on: https://boringssl-review.googlesource.com/6322
Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-26 19:27:56 +00:00
David Benjamin
7a1eefd3cd Deprecate SSL_library_init.
It just calls CRYPTO_library_init and doesn't do anything else. If
anything, I'd like to make CRYPTO_library_init completely go away too.
We have CRYPTO_once now, so I think it's safe to assume that, if ssl/
ever grows initialization needs beyond that of crypto/, we can hide it
behind a CRYPTO_once and not burden callers.

Change-Id: I63dc362e0e9e98deec5516f4620d1672151a91b6
Reviewed-on: https://boringssl-review.googlesource.com/6311
Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-26 18:36:23 +00:00
David Benjamin
9a798ecc0e Document the hexadecimal casing thing in PORTING.md.
mab@ seems to be dealing with a fair number of these, so it's probably worth
adding to the list.

Change-Id: Ifaea3c96e7b089f28a87c7728ceb8c671786eb27
Reviewed-on: https://boringssl-review.googlesource.com/6030
Reviewed-by: Adam Langley <agl@google.com>
2015-09-29 23:37:50 +00:00
David Benjamin
809829ee9f Fix a typo in PORTING.md and mention one more renego restriction.
Change-Id: I59b30882178222000dd90b051856bb2816eeb9fd
Reviewed-on: https://boringssl-review.googlesource.com/5789
Reviewed-by: Adam Langley <agl@google.com>
2015-09-03 18:37:14 +00:00
David Benjamin
65703b45c4 Add a PORTING document which describes some major API differences.
There are a few things that differ in ways that are not source-compatible, so
it's probably worth documenting them.

Change-Id: I4ef26173a9347d9fd517c1b5215e08ced660b79d
Reviewed-on: https://boringssl-review.googlesource.com/5788
Reviewed-by: Adam Langley <agl@google.com>
2015-09-02 21:58:35 +00:00