Commit Graph

1705 Commits

Author SHA1 Message Date
David Benjamin
207bb4391f ERR_LIB_USER should be the last error.
Consumers sometimes use ERR_LIB_USER + <favorite number> instead of
ERR_get_next_error_library. To avoid causing them grief, keep ERR_LIB_USER
last.

Change-Id: Id19ae7836c41d5b156044bd20d417daf643bdda2
Reviewed-on: https://boringssl-review.googlesource.com/5290
Reviewed-by: Adam Langley <agl@google.com>
2015-07-16 02:03:03 +00:00
David Benjamin
3570d73bf1 Remove the func parameter to OPENSSL_PUT_ERROR.
Much of this was done automatically with
  find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/'
  find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+,  ([a-zA-Z_0-9]+\);)/\1\2/'

BUG=468039

Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8
Reviewed-on: https://boringssl-review.googlesource.com/5276
Reviewed-by: Adam Langley <agl@google.com>
2015-07-16 02:02:37 +00:00
David Benjamin
34248d4cb7 Get rid of err function codes.
Running make_errors.go every time a function is renamed is incredibly
tedious. Plus we keep getting them wrong.

Instead, sample __func__ (__FUNCTION__ in MSVC) in the OPENSSL_PUT_ERROR macro
and store it alongside file and line number. This doesn't change the format of
ERR_print_errors, however ERR_error_string_n now uses the placeholder
"OPENSSL_internal" rather than an actual function name since that only takes
the uint32_t packed error code as input.

This updates err scripts to not emit the function string table. The
OPENSSL_PUT_ERROR invocations, for now, still include the extra
parameter. That will be removed in a follow-up.

BUG=468039

Change-Id: Iaa2ef56991fb58892fa8a1283b3b8b995fbb308d
Reviewed-on: https://boringssl-review.googlesource.com/5275
Reviewed-by: Adam Langley <agl@google.com>
2015-07-16 02:02:08 +00:00
David Benjamin
7f15ff53d8 Rename crypto/{bn,evp}/asn1.c.
gyp doesn't allow two files to share the same name to avoid bugs in OS X
libtool, so asn1.c's need to all get a prefix.

Change-Id: I3593597912c49dd02655cae329fb253ed4f6f56d
Reviewed-on: https://boringssl-review.googlesource.com/5431
Reviewed-by: Adam Langley <agl@google.com>
2015-07-13 21:18:26 +00:00
David Benjamin
7ca4b42146 Fix Chromium NaCl build.
Chromium's NaCl build has _POSIX_SOURCE already defined, so #undef it first.
The compiler used also dislikes static asserts with the same name.

Change-Id: I0283fbad1a2ccf98cdb0ca2a7965b15441806308
Reviewed-on: https://boringssl-review.googlesource.com/5430
Reviewed-by: Adam Langley <agl@google.com>
2015-07-13 20:49:18 +00:00
David Benjamin
4a59709ca1 Fix Windows build.
MSVC 2013 doesn't implement C++11 alignas. Use __declspec instead.

Change-Id: I48a402d56d734f3f2c434b4bdf2a5bc671c50225
Reviewed-on: https://boringssl-review.googlesource.com/5421
Reviewed-by: Adam Langley <agl@google.com>
2015-07-10 19:07:24 +00:00
David Benjamin
723f3534ff Fix shared library build.
poly1305.h was missing exports. While here, chacha.h should also be exported.

Change-Id: I5da9c953d3e5a5ef76a3e96bc4794192abee3ae6
Reviewed-on: https://boringssl-review.googlesource.com/5420
Reviewed-by: Adam Langley <agl@google.com>
2015-07-10 18:59:49 +00:00
David Benjamin
0851f67480 Add standalone tests for Poly1305.
RFC 7359 includes tests for various edge cases. Also, as
CRYPTO_poly1305_update can be used single-shot and streaming, we should
explicitly stress both.

Change-Id: Ie44c203a77624be10397ad05f06ca98d937db76f
Reviewed-on: https://boringssl-review.googlesource.com/5410
Reviewed-by: Adam Langley <agl@google.com>
2015-07-10 18:44:01 +00:00
Doug Hogan
a5e2915ba1 Fix build on Unix systems without POSIX realtime extensions.
This allows BoringSSL to build on OpenBSD with gcc/g++ 4.9.2.

Change-Id: Icce23de87b0358a581124eb8cd37dc48a1f096c9
Reviewed-on: https://boringssl-review.googlesource.com/5401
Reviewed-by: Adam Langley <agl@google.com>
2015-07-10 01:51:16 +00:00
Doug Hogan
ecdf7f9986 Minor whitespace update after running go fmt with 1.4.2.
Change-Id: I20d0a43942359ac18afec670cf7fd38f56b369b1
Reviewed-on: https://boringssl-review.googlesource.com/5400
Reviewed-by: Adam Langley <agl@google.com>
2015-07-10 01:50:26 +00:00
Adam Langley
97dfcbfc7c Convert the NPN extension to the new system
Change-Id: I92d76aef5a55d5fdef1b9fa24dd7db8047e56df0
Reviewed-on: https://boringssl-review.googlesource.com/5364
Reviewed-by: Adam Langley <agl@google.com>
2015-07-09 23:13:52 +00:00
Adam Langley
bb0bd04d15 Convert the status_request (OCSP stapling) extension to the new system
Change-Id: I31dd9e9f523aee3700bb2f07a1624d124b157d3e
Reviewed-on: https://boringssl-review.googlesource.com/5363
Reviewed-by: Adam Langley <agl@google.com>
2015-07-09 23:13:24 +00:00
Adam Langley
2e857bdad3 Convert the signature algorithms extension to the new system
Change-Id: Ia53b434acd11e9d2b0151b967387d86745ae441f
Reviewed-on: https://boringssl-review.googlesource.com/5362
Reviewed-by: Adam Langley <agl@google.com>
2015-07-09 23:12:51 +00:00
Adam Langley
9b05bc5caf Convert the session ticket extension to the new system.
Change-Id: I3893db92e87c0c041fe4ab489e867706902f1c43
Reviewed-on: https://boringssl-review.googlesource.com/5361
Reviewed-by: Adam Langley <agl@google.com>
2015-07-09 23:06:38 +00:00
Adam Langley
0a05671f76 Switch EMS over to the new extensions system.
Change-Id: I2a368a43bd05a75e37f180048c45c48de140b1eb
Reviewed-on: https://boringssl-review.googlesource.com/5360
Reviewed-by: Adam Langley <agl@google.com>
2015-07-09 23:05:24 +00:00
Adam Langley
efb0e16ee5 Reject empty ALPN protocols.
https://tools.ietf.org/html/rfc7301#section-3.1 specifies that a
ProtocolName may not be empty. This change enforces this in ClientHello
and ServerHello messages.

Thanks to Doug Hogan for reporting this.

Change-Id: Iab879c83145007799b94d2725201ede1a39e4596
Reviewed-on: https://boringssl-review.googlesource.com/5390
Reviewed-by: Adam Langley <agl@google.com>
2015-07-09 22:47:14 +00:00
David Benjamin
d822ed811a Make CBB_len return a length, not remaining.
It switched from CBB_remaining to CBB_len partway through review, but
the semantics are still CBB_remaining. Using CBB_len allows the
len_before/len_after logic to continue working even if, in the future,
handshake messages are built on a non-fixed CBB.

Change-Id: Id466bb341a14dbbafcdb26e4c940a04181f2787d
Reviewed-on: https://boringssl-review.googlesource.com/5371
Reviewed-by: Adam Langley <agl@google.com>
2015-07-09 19:20:09 +00:00
Adam Langley
b558c4c504 Add a test case for renegotation with False Start enabled.
Historically we had a bug around this and this change implements a test
that we were previously carrying internally.

Change-Id: Id181fedf66b2b385b54131ac91d74a31f86f0205
Reviewed-on: https://boringssl-review.googlesource.com/5380
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-07-08 20:30:55 +00:00
David Benjamin
27dc1cd75a Remove RSA_OAEP_PARAMS.
It's never used. (Only used upstream as part of some CMS hooks.)

Change-Id: I7c59badc3e4771d7debbef0c3e0def93dc605e7b
Reviewed-on: https://boringssl-review.googlesource.com/5274
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 22:51:11 +00:00
David Benjamin
74f711083d Parse RSAPrivateKey with CBS.
This removes the version field from RSA and instead handles versioning
as part of parsing. (As a bonus, we now correctly limit multi-prime RSA
to version 1 keys.)

Most consumers are also converted. old_rsa_priv_{de,en}code are left
alone for now. Those hooks are passed in parameters which match the old
d2i/i2d pattern (they're only used in d2i_PrivateKey and
i2d_PrivateKey).

Include a test which, among other things, checks that public keys being
serialized as private keys are handled properly.

BUG=499653

Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08
Reviewed-on: https://boringssl-review.googlesource.com/5273
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 22:50:53 +00:00
David Benjamin
c0e245a546 Parse RSAPublicKey with CBS.
BUG=499653

Change-Id: If5d98ed23e65a84f9f0e303024f91cce078f3d18
Reviewed-on: https://boringssl-review.googlesource.com/5272
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 22:39:28 +00:00
Adam Langley
7ed35fb9fd Fix my screwup in review.
I could have sworn that I did this in Gerrit's edit, but it apparently
didn't take.

Change-Id: I73049000d832709d88768754f8dec5ef32dc4a73
2015-07-06 19:35:44 -07:00
David Benjamin
2e40091dd4 PKCS8_pkey_set0 doesn't take ownership on error.
It carefully NULLs all references to the buffer, so the failure cases
still need to call OPENSSL_free.

Change-Id: Ia14341ecea81296f94e467325ab6eff1362e987e
Reviewed-on: https://boringssl-review.googlesource.com/5271
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 02:30:37 +00:00
David Benjamin
183eba4dc9 Convert ecdsa_test to the new ECDSA_SIG API.
BUG=499653

Change-Id: Idc50c79ad597f74226ae41f9c0839ac96a8950ae
Reviewed-on: https://boringssl-review.googlesource.com/5270
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 02:29:14 +00:00
David Benjamin
87897a8cea Implement ECDSA_SIG_{parse,marshal} with crypto/bytestring.
This is the first structure to be implemented with the new BIGNUM ASN.1
routines. Object reuse in the legacy d2i/i2d functions is implemented by
releasing whatever was in *out before and setting it to the
newly-allocated object. As with the new d2i_SSL_SESSION, this is a
weaker form of object reuse, but should suffice for reasonable callers.

As ECDSA_SIG is more likely to be parsed alone than as part of another
structure (and using CBB is slightly tedious), add convenient functions
which take byte arrays. For consistency with SSL_SESSION, they are named
to/from_bytes. from_bytes, unlike the CBS variant, rejects trailing
data.

Note this changes some test expectations: BER signatures now push an
error code. That they didn't do this was probably a mistake.

BUG=499653

Change-Id: I9ec74db53e70d9a989412cc9e2b599be0454caec
Reviewed-on: https://boringssl-review.googlesource.com/5269
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 02:28:42 +00:00
Adam Langley
6df1ac9092 Fix Windows build.
Now that 11c0f8e54c has landed, none of
the cases of the switch in |ssl3_ctrl| ever break and so the “return 1”
at the end of the function is unreachable. MSVC is unhappy about that.

Change-Id: I001dc63831ba60d93b622ac095297e2febc5f078
2015-07-06 19:01:48 -07:00
David Benjamin
f3cdc5030e Remove some unused constants.
This is certainly far from exhaustive, but get rid of these.

Change-Id: Ie96925bcd452873ed8399b68e1e71d63e5a0929b
Reviewed-on: https://boringssl-review.googlesource.com/5357
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 01:56:38 +00:00
David Benjamin
71d2e54099 Clear key_method in ssl_cert_clear_certs.
Since it resets leaf, private key, and chain, it makes sense to also
clear custom key method tables.

Change-Id: If511b8f15a44674c31d068d36984e9189c5a9071
Reviewed-on: https://boringssl-review.googlesource.com/5356
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 01:56:11 +00:00
David Benjamin
11c0f8e54c Promote certificate-related ctrl macros to functions.
Also document them in the process. Almost done!

BUG=404754

Change-Id: I3333c7e9ea6b4a4844f1cfd02bff8b5161b16143
Reviewed-on: https://boringssl-review.googlesource.com/5355
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 01:55:39 +00:00
David Benjamin
7481d39bf7 Document APIs relating to configuring certificates and private keys.
The APIs that are CTRL macros will be documented (and converted to
functions) in a follow-up.

Change-Id: I7d086db1768aa3c16e8d7775b0c818b72918f4c2
Reviewed-on: https://boringssl-review.googlesource.com/5354
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 01:52:39 +00:00
David Benjamin
b2a9d6ab78 Remove SSL_build_cert_chain.
This is unused. It seems to be distinct from the automatic chain
building and was added in 1.0.2. Seems to be an awful lot of machinery
that consumers ought to configure anyway.

BUG=486295

Change-Id: If3d4a2761f61c5b2252b37d4692089112fc0ec21
Reviewed-on: https://boringssl-review.googlesource.com/5353
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 01:23:18 +00:00
David Benjamin
4462809623 Remove SSL_CTX_select_current_cert.
Without certificate slots this function doesn't do anything. It's new in
1.02 and thus unused, so get rid of it rather than maintain a
compatibility stub.

BUG=486295

Change-Id: I798fce7e4307724756ad4e14046f1abac74f53ed
Reviewed-on: https://boringssl-review.googlesource.com/5352
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 01:22:32 +00:00
David Benjamin
d1d8078025 Fold away certificate slots mechanism.
This allows us to remove the confusing EVP_PKEY argument to the
SSL_PRIVATE_KEY_METHOD wrapper functions. It also simplifies some of the
book-keeping around the CERT structure, as well as the API for
configuring certificates themselves. The current one is a little odd as
some functions automatically route to the slot while others affect the
most recently touched slot. Others still (extra_certs) apply to all
slots, making them not terribly useful.

Consumers with complex needs should use cert_cb or the early callback
(select_certificate_cb) to configure whatever they like based on the
ClientHello.

BUG=486295

Change-Id: Ice29ffeb867fa4959898b70dfc50fc00137f01f3
Reviewed-on: https://boringssl-review.googlesource.com/5351
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 01:22:13 +00:00
David Benjamin
570364800c Remove SSL_CTX_get_extra_chain_certs_only.
This is in preparation for folding away certificate slots. extra_certs
and the slot-specific certificate chain will be the same.
SSL_CTX_get_extra_chain_certs already falls back to the slot-specific
chain if missing. SSL_CTX_get_extra_chain_certs_only is similar but
never falls back. This isn't very useful and is confusing with them
merged, so remove it.

BUG=486295

Change-Id: Ic708105bcf453dfe4e1969353d7eb7547ed2981b
Reviewed-on: https://boringssl-review.googlesource.com/5350
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 01:16:20 +00:00
David Benjamin
bb20f52383 Merge the RSA_ENC and RSA_SIGN certificate slots.
The distinction was not well-enforced in the code. In fact, it wasn't
even possible to use the RSA_SIGN slot because ssl_set_pkey and
ssl_set_cert would always use the RSA_ENC slot.

A follow-up will fold away the mechanism altogether, but this is an easy
initial simplfication.

BUG=486295

Change-Id: I66b5bf3e6dc243dac7c75924c1c1983538e49060
Reviewed-on: https://boringssl-review.googlesource.com/5349
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 01:15:41 +00:00
David Benjamin
0fc431a0d7 Prune NIDs from TLS_SIGALGS.
There's no need to store more than the TLS values.

Change-Id: I1a93c7c6aa3254caf7cc09969da52713e6f8acf4
Reviewed-on: https://boringssl-review.googlesource.com/5348
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 01:14:40 +00:00
David Benjamin
ba16a1e405 Remove SSL_get_(shared_)sigalgs.
These are new as of 1.0.2, not terribly useful of APIs, and are the only
reason we have to retain so many NIDs in the TLS_SIGALGS structure.

Change-Id: I7237becca09acc2ec2be441ca17364f062253893
Reviewed-on: https://boringssl-review.googlesource.com/5347
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 01:12:24 +00:00
David Benjamin
a31c5bf2cc Make pem_str const-correct.
They're always constant literals.

Change-Id: I8acaaf2a8c95b02bc8b9b13740ce40044a483394
Reviewed-on: https://boringssl-review.googlesource.com/5346
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 01:11:58 +00:00
David Benjamin
42ae3adcf6 Remove info field on EVP_PKEY_ASN1_METHOD.
Nothing ever reads it.

Change-Id: Id375c461aa2feb6877a14e19eb2daefec7a03f89
Reviewed-on: https://boringssl-review.googlesource.com/5345
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 01:11:46 +00:00
David Benjamin
1504304147 Remove dead SRP SSL_CTRL values.
Change-Id: Id2d3a2a0a3826566376bac2efeefbb54fc55d227
Reviewed-on: https://boringssl-review.googlesource.com/5344
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 01:11:30 +00:00
David Benjamin
7d97fd3a91 Remove SSL_get_server_tmp_key.
It's never used and is partially broken right now; EVP_PKEY_DH doesn't
work.

Change-Id: Id6262cd868153ef731e3f4d679b2ca308cfb12a3
Reviewed-on: https://boringssl-review.googlesource.com/5343
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 01:11:10 +00:00
David Benjamin
396a441421 ssl3_cert_verify_hash should take the EVP_PKEY type.
After the custom key method support, the EVP_PKEY parameter is somewhat
confusing (to be resolved with the certificate slots removal) as it must
always refer to a private key. ssl3_cert_verify_hash is sometimes used
with the peer's public key. If custom keys were supported on the server,
this would break.

Fix this by passing a pkey_type parameter and letting the caller decide
whether this uses SSL_PRIVATE_KEY_METHOD or not.

Change-Id: I673b92579a84b4561f28026ec0b1c78a6bfee440
Reviewed-on: https://boringssl-review.googlesource.com/5341
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 01:10:35 +00:00
David Benjamin
67dc83851b Fix ssl3_send_client_certificate state machine.
If ssl_do_write takes more than one iteration, ssl3_output_cert_chain
would be called an extra time. This is very unlikely in practice because
of the buffer BIO.

Change-Id: Ic1ae9752a8837bb404429fc60306c659208c6185
Reviewed-on: https://boringssl-review.googlesource.com/5340
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 01:09:45 +00:00
David Benjamin
b9c579db6d Add crypto/bytestring-based BIGNUM DER functions.
RSA and ECDSA will both require being able to convert ASN.1 INTEGERs to
and from DER. Don't bother handling negative BIGNUMs for now. It doesn't
seem necessary and saves bothering with two's-complement vs
sign-and-magnitude.

BUG=499653

Change-Id: I1e80052067ed528809493af73b04f82539d564ff
Reviewed-on: https://boringssl-review.googlesource.com/5268
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 00:47:39 +00:00
Khem Raj
241364c6f4 Demand for newer POSIX macro
Reason for change: Define _POSIX_C_SOURCE such that it demands correct
posix interfaces, netdb.h declares interfaces such as
getaddrinfo if __USE_POSIX, i.e. POSIX.1:1990 or later.
However, these interfaces were new in the 2001 edition of POSIX
therefore ask for Extension from POSIX.1:2001 since we use addrinfo
structure here.

Change-Id: Icb1c92745d1a0ca958108ae80c270c630628729e
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Reviewed-on: https://boringssl-review.googlesource.com/5253
Reviewed-by: Adam Langley <agl@google.com>
2015-07-06 22:41:16 +00:00
David Benjamin
dfa4069a16 Fix MSVC build some more.
Missed that there were two of them.

Change-Id: Ibab169ef1f75be9c5ad1ffa0f232629e76a4512d
Reviewed-on: https://boringssl-review.googlesource.com/5332
Reviewed-by: Adam Langley <agl@google.com>
2015-07-02 00:02:27 +00:00
David Benjamin
3e536334be Fix Windows build.
It (incorrectly) thinks some variables are uninitialized. It also gets confused
about some const parameters.

Change-Id: Ie2b3a5336692e7293cf03d6a4cd5345d30b628b3
Reviewed-on: https://boringssl-review.googlesource.com/5330
Reviewed-by: Adam Langley <agl@google.com>
2015-07-01 23:01:05 +00:00
Matt Braithwaite
6a1275b627 typedef |COMP_METHOD| to void, for compatibility.
Change-Id: I2965c0d698e25f4eb08ddd9fc000b0e4adf6f2c0
Reviewed-on: https://boringssl-review.googlesource.com/5240
Reviewed-by: Adam Langley <agl@google.com>
2015-07-01 21:49:06 +00:00
David Benjamin
fd5603666c Call ERR_clear_error after functions that are expected to fail.
Otherwise we leave stuff in the error queue for the next test.

Change-Id: I167b7420b9d3fada69d1d35ac8132dd21a04797c
Reviewed-on: https://boringssl-review.googlesource.com/5310
Reviewed-by: Adam Langley <agl@google.com>
2015-07-01 21:47:44 +00:00
Håvard Molland
047d6f0f4d Remove ssl2.h and ssl23.h.
The SSL23_ST_foo macros are only used in ssl_stat.c.
However, these states are never set and can be removed.

Move the two remaining SSLv2 client hello record macros to ssl3.h

Change-Id: I76055405a9050cf873b4d1cbc689e54dd3490b8a
Reviewed-on: https://boringssl-review.googlesource.com/4160
Reviewed-by: Adam Langley <agl@google.com>
2015-07-01 21:47:01 +00:00