Commit Graph

5402 Commits

Author SHA1 Message Date
David Benjamin
23849f09af Fix TLS 1.3 downgrade tests.
The client downgrade detection tests were not asserting on the error (would
have caught the missing error string). Additionally, Downgrade-FalseStart-Draft
isn't testing what it's supposed to; it doesn't actually configure a draft
version or anything. Fix that and have it use ALPN rather than NPN, to match
the test above.

Change-Id: I0b759385641aa00994a912303a6f5bd65522b4bb
Reviewed-on: https://boringssl-review.googlesource.com/31204
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-22 15:47:11 +00:00
David Benjamin
1c2532ffe6 Fix error strings for SSL_R_TLS13_DOWNGRADE.
make_errors.go didn't seem to get run.

Change-Id: I12739fbab75b9f4898f73f206e404d101642b9c0
Reviewed-on: https://boringssl-review.googlesource.com/31184
Reviewed-by: Adam Langley <agl@google.com>
2018-08-22 01:26:47 +00:00
Steven Valdez
4ac9405eba Remove unused BORINGSSL_PREFIX.
Change-Id: Ifd7239106471bb59057b0a65c6e91837379c78bf
Reviewed-on: https://boringssl-review.googlesource.com/31164
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-21 14:53:16 +00:00
Joshua Liebow-Feeser
21558f43ce Document error behavior of PKCS5_PBKDF2_HMAC and EVP_PBE_scrypt
Change-Id: I5ce176538a53136aff3eea4af04b762ac9a5a994
Reviewed-on: https://boringssl-review.googlesource.com/31044
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-21 01:08:24 +00:00
Adam Langley
1c2779e819 Don't let a NULL mean the initial SSL_CTX in SSL_set_SSL_CTX.
We broke this a while back and nothing noticed. (Note dereference just
above.) Therefore I guess we don't need to support it.

Change-Id: I501d43825e89acb5f7f13998541dc8ff59452a99
Reviewed-on: https://boringssl-review.googlesource.com/31144
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-16 20:59:45 +00:00
Tom Bridgwater
929fd44f92 Update URL for GN quick start guide.
Bug: None
Change-Id: I01ea2bb0508b018e219ecc94108e6a4fbe247984
Reviewed-on: https://boringssl-review.googlesource.com/31124
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-16 20:18:41 +00:00
David Benjamin
a130ce0b71 Update TLS 1.3 citations for the final RFC.
Change-Id: I2d1671a4f21a602191fd0c9b932244a376ac5713
Reviewed-on: https://boringssl-review.googlesource.com/31104
Reviewed-by: David Benjamin <davidben@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-16 18:37:50 +00:00
David Benjamin
c4131a4a23 Support the allocating case of i2d_ASN1_{BOOLEAN,OBJECT}.
Imported from upstream's 0971432f6f6d8b40d797133621809bd31eb7bf4e and
7d4c97add12cfa5d4589880b09d6139c3203e2f4, but with missing tests added. Along
the way, make Bytes work with any Span<const uint8_t>-convertable type.

Change-Id: If365f981fe8a8274e12000309ffd99b1bb719842
Reviewed-on: https://boringssl-review.googlesource.com/31086
Reviewed-by: Adam Langley <agl@google.com>
2018-08-16 15:59:11 +00:00
David Benjamin
378cca8016 Handle a modulus of -1 correctly.
Historically, OpenSSL's modular exponentiation functions tolerated negative
moduli by ignoring the sign bit. The special case for a modulus of 1 should do
the same. That said, this is ridiculous and the only reason I'm importing this
is BN_abs_is_word(1) is marginally more efficient than BN_is_one() and we
haven't gotten around to enforcing positive moduli yet.

Thanks to Guido Vranken and OSSFuzz for finding this issue and reporting to
OpenSSL.

(Imported from upstream's 235119f015e46a74040b78b10fd6e954f7f07774.)

Change-Id: I526889dfbe2356753aa1e6ecfd3aa3dc3a8cd2b8
Reviewed-on: https://boringssl-review.googlesource.com/31085
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2018-08-16 15:57:10 +00:00
David Benjamin
01e8e625ad Don't allow RC4 in PEM.
This fixes uninitialized memory read reported by Nick Mathewson in
https://github.com/openssl/openssl/issues/6347.

It imports the memset from upstream's 2c739f72e5236a8e0c351c00047c77083dcdb77f,
but I believe that fix is incorrect and instead RC4 shouldn't be allowed in
this context. See
https://github.com/openssl/openssl/pull/6603#issuecomment-413066462 for
details.

Update-Note: Decoding a password-protected PEM block with RC4 will, rather than
derive garbage from uninitialized memory, simply fail. Trying to encode a
password-protect PEM block with an unsupported cipher will also fail, rather
than output garbage (e.g. tag-less AES-GCM).

Change-Id: Ib7e23dbf5514f0a523730926daad3c0bdb989417
Reviewed-on: https://boringssl-review.googlesource.com/31084
Reviewed-by: Adam Langley <agl@google.com>
2018-08-16 15:33:43 +00:00
Steven Valdez
f1af129fb4 Implement TLS 1.3 anti-downgrade signal.
Change-Id: Ib4739350948ec339457d993daef582748ed8f100
Reviewed-on: https://boringssl-review.googlesource.com/30924
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2018-08-15 15:23:43 +00:00
Adam Langley
ae3223957f Remove dummy PQ padding extension.
Results written up at https://www.imperialviolet.org/2018/04/11/pqconftls.html

Change-Id: I4614fbda555323c67a7ee4683441b59b995f97fb
Reviewed-on: https://boringssl-review.googlesource.com/31064
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-15 00:28:52 +00:00
Adam Langley
cac346eddb Update Miller–Rabin check numbers.
This imports upstream's be4e1f79f631e49c76d02fe4644b52f907c374b2.

Change-Id: If0c4f066ba0ce540beaddd6a3e2540165d949dd2
Reviewed-on: https://boringssl-review.googlesource.com/31024
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-14 23:10:53 +00:00
Joshua Liebow-Feeser
978169951f Document error behavior of various functions
- Document error behavior of:
  - EVP_PKEY_assign_XXX
  - EVP_PKEY_set1_XXX
  - EVP_PKEY_assign
  - EVP_PKEY_set_type
  - EC_GROUP_new_by_curve_name
  - EC_KEY_set_group
  - ECDSA_size
  - HMAC_Final
- Document that EVP_parse_public_key sets the curve for EC keys

Change-Id: I498ae19a8729680216fee518f97bd0cbaab94c40
Reviewed-on: https://boringssl-review.googlesource.com/30985
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-14 20:42:21 +00:00
Joshua Liebow-Feeser
dea6d90de2 Document failure conditions of some EVP, HMAC, and CBB functions
- Document failure conditions of EVP_MD_CTX_copy_ex,
  EVP_DigestInit_ex, HMAC_Init_ex, and CBB_init

Change-Id: I643d1b92e88e7f690fa555f7d908317a23e5cd95
Reviewed-on: https://boringssl-review.googlesource.com/30964
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-14 19:31:43 +00:00
David Benjamin
2865567748 Use Span/Array for ticket decryption.
This isn't actually shorter, but there is a bunch of slicing up of the ticket,
which Span makes a little easier to follow.

Change-Id: I7ea4dfe025641a3b88e2c9b8e34246fefc23412f
Reviewed-on: https://boringssl-review.googlesource.com/29865
Reviewed-by: Adam Langley <agl@google.com>
2018-08-14 19:00:34 +00:00
Jesse Selover
6b0d82229b Format ssl/internal.h with clang-format.
Fixed up the comment about ssl_version. There's one line which I
manually edited:
int (*check_client_CA_list)(STACK_OF(CRYPTO_BUFFER) *names);
where clang-format puts spaces on both sides of the second *.

Change-Id: Id1c0bd02f664df14b1e5bbd8abaf2687fb9179db
Reviewed-on: https://boringssl-review.googlesource.com/31004
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-14 17:50:40 +00:00
David Benjamin
bc3286bb8c Add a pile of compatibility functions.
Change-Id: I75c8783139c717be34a9159a2291d2ae55ee71d5
Reviewed-on: https://boringssl-review.googlesource.com/30984
Reviewed-by: Adam Langley <agl@google.com>
2018-08-13 23:13:26 +00:00
Adam Langley
5e3c8a61ab Bound two other cases of PKCS#12 iteration counts.
The fuzzer found another place where it could cause a timeout by
providing a huge PBKDF2 iteration count. This change bounds another two
places where we parse out iteration counts and that's hopefully all of
them.

BUG=oss-fuzz:9853

Change-Id: I037fa09d2bee79e7435a9d40cbd89c07b4a9d443
Reviewed-on: https://boringssl-review.googlesource.com/30944
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-13 21:42:06 +00:00
Steven Valdez
d451453067 Implement final TLS 1.3 RFC!!!
The anti-downgrade signal is being implemented in a follow-up change.

Change-Id: I5ea3ff429ed1389a3577026588fef3660d2d0615
Reviewed-on: https://boringssl-review.googlesource.com/30904
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2018-08-13 20:34:23 +00:00
Jesse Selover
1c337e566d Option to reverify certs on resumption.
Works in the 1.3 and 1.2 client handshakes, not implemented on the
server for now.
Creates an SSL_CTX option to reverify the server certificate on session
resumption. Reverification only runs the client's certificate verify callback.
Adds new states to the client handshakes: state_reverify_server_certificate in
TLS 1.2, and state_server_certificate_reverify in TLS 1.3.
Adds a negative test to make sure that by default we don't verify the
certificate on resumption, and positive tests that make sure we do when the
new option is set.

Change-Id: I3a47ff3eacb3099df4db4c5bc57f7c801ceea8f1
Bug: chromium:347402
Reviewed-on: https://boringssl-review.googlesource.com/29984
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-10 20:06:22 +00:00
David Benjamin
bdc409801f Add new curve/hash ECDSA combinations from Wycheproof.
Change-Id: I7bb36c4e4108a2b7d9481ab2cafc245ea31927c0
Reviewed-on: https://boringssl-review.googlesource.com/30847
Reviewed-by: Adam Langley <agl@google.com>
2018-08-10 18:26:06 +00:00
David Benjamin
af37f84840 Add RSA-PSS tests from Wycheproof.
Along the way, split up the EVPTest Wycheproof tests into separate tests (they
shard better when running in parallel).

Change-Id: I5ee919f7ec7c35a7f2e0cc2af4142991a808a9db
Reviewed-on: https://boringssl-review.googlesource.com/30846
Reviewed-by: Adam Langley <agl@google.com>
2018-08-10 18:26:00 +00:00
David Benjamin
f84c0dad7a Use newly-sharded ECDH tests.
Also remove some transition step for a recent format change. Together, this
removes the curve hacks in the converter, which can now be purely syntactic.
The RSA ones are still a bit all over the place in terms of sharded vs
combined, so leaving that alone for now.

Change-Id: I721d6b0de388a53a39543725e366dc5b52e83561
Reviewed-on: https://boringssl-review.googlesource.com/30845
Reviewed-by: Adam Langley <agl@google.com>
2018-08-10 18:25:51 +00:00
David Benjamin
367115b056 Fix SSL_CTX_set1_sigalgs fuzzer and make them all more type-safe.
The size of an int is 4, not 2. To avoid worrying about this, add a GetVector
counterpart to GetString that handles all this. Apply this uniformly to avoid
all the pointer casts. This is less important for vector<uint8_t>, but even
then we'll now notice a 1-byte OOB read since std::string is NUL-terminated.
Also it's shorter.

Change-Id: Ie96591cb8d8d52742f5fd30d70b6af0511109585
Reviewed-on: https://boringssl-review.googlesource.com/30864
Reviewed-by: Adam Langley <agl@google.com>
2018-08-10 18:24:36 +00:00
David Benjamin
a711b53e0b Update Wycheproof test vectors.
This only updates the repository. We'll catch up with the new tests in a
subsequent commit.

Change-Id: I074a041479159ce1141af3241e7158599b648365
Reviewed-on: https://boringssl-review.googlesource.com/30844
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2018-08-10 17:56:29 +00:00
David Benjamin
ad040c593f "Update" clang.
Chromium ended up reverting their most recent roll, so match that.

Change-Id: I54b6351591d9169651f450ec3e800c7c9c28735c
Reviewed-on: https://boringssl-review.googlesource.com/30806
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-10 16:39:23 +00:00
David Benjamin
e6fd125d31 Align on a single CMake style.
We currently write a mix of "if (FOO)" and "if(FOO)". While the former looks
more like a usual language, CMake believes everything, even "if" and "else", is
just a really really funny function call (a "command").

We should pick something for consistency. Upstream CMake writes "if(FOO)", so
go with that one.

Change-Id: I67e0eb650a52670110b417312a362c9f161c8721
Reviewed-on: https://boringssl-review.googlesource.com/30807
Reviewed-by: Adam Langley <agl@google.com>
2018-08-10 16:22:31 +00:00
David Benjamin
ddedf6d455 Fix SSL_CTX_set1_sigalgs_list fuzzer.
SSL_CTX_set1_sigalgs_list wants a NUL-terminated string, so we need to use
GetString to give it one.

Bug: oss-fuzz:9808
Change-Id: Id7f676aa514c36de9dea900763db3cbbf5c79a4c
Reviewed-on: https://boringssl-review.googlesource.com/30804
Reviewed-by: Adam Langley <agl@google.com>
2018-08-10 14:44:43 +00:00
David Benjamin
17dc94e874 Add -handshaker-path to run_test.
Otherwise ninja run_tests doesn't work right build directories named something
other than "build" on Linux.

Change-Id: I4d7ff319aed338870f5ac071e875fda549bbbd06
Reviewed-on: https://boringssl-review.googlesource.com/30824
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
2018-08-10 14:31:47 +00:00
David Benjamin
678c841cbe Use -flto=thin in the CFI bot.
The CFI bot is currently failing on a mysterious error message, coming from the
recent clang roll.

  Called function is not the same type as the call!
    call void @EVP_MD_CTX_init(%struct.env_md_ctx_st* %8), !dbg !72123
  LLVM ERROR: Broken function found, compilation aborted!

Chromium actually passes -flto=thin, which seems to avoid the error, testing
locally. Why it does, I haven't the slightest clue. The offending calls to
EVP_MD_CTX_init (and EVP_MD_CTX_cleanup) are those buried in
bssl::ScopedEVP_MD_CTX. However, not all calls are problematic, only the one in
test_config.cc. What's more, if I add a call in async_bio.cc, linked into all
the same targets, the copy in test_config.cc is suddenly fine!?

Maybe there's just a bug in the LTO logic that ThinLTO avoids...

Change-Id: I5266eec75edea2a38dee8ad5591db8d65d3bdede
Reviewed-on: https://boringssl-review.googlesource.com/30805
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-10 14:18:28 +00:00
David Benjamin
4e446f27d0 Update citations to RFC 8410.
Confirmed the section numbers and sample key still match.

Change-Id: I6901154a54972a18e8a582a25d902c4fe760a0fc
Reviewed-on: https://boringssl-review.googlesource.com/30464
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-10 14:14:38 +00:00
David Benjamin
8625ec4b43 No-op commit to kick the bots.
Let's see if the TSan bot is working now.

Change-Id: Id86532f4cd2c4e216a0389c5030448afd707fdb7
Reviewed-on: https://boringssl-review.googlesource.com/30764
Reviewed-by: David Benjamin <davidben@google.com>
2018-08-09 23:09:23 +00:00
David Benjamin
69e91902f7 Work around missing MSan interceptor for posix_spawn.
Change-Id: I910dbfd0f6b0b4ef5a0c5155ee45a1658e1f4e70
Reviewed-on: https://boringssl-review.googlesource.com/30704
Reviewed-by: Adam Langley <agl@google.com>
2018-08-09 22:09:48 +00:00
David Benjamin
e9ae99bba2 Add an option to statically link a custom libc++.
MSan and TSan both require instrumenting everything. Add some machinery so we
can do this on the bots.

Change-Id: I7d2106bc852ee976455d18787d3a20a35373a9e7
Reviewed-on: https://boringssl-review.googlesource.com/30644
Reviewed-by: Adam Langley <agl@google.com>
2018-08-09 21:37:04 +00:00
David Benjamin
1f0d54b8a1 Don't assert on uninitialized memory in tests.
ExpectTicketKeyChanged treats its input as an in/out parameter, but the first
time around there isn't a previous key. We could just call
SSL_CTX_get_tlsext_ticket_keys directly, but running it with the "previous"
keys as all zeros seems prudent; the ticket key rotation logic lazily
initializes keys and, were we to accidentally forget to initialize a key, the
zero key seems the most likely culprit.

Change-Id: I7167bef78e0bfcdb178195230ad84597f26d825c
Reviewed-on: https://boringssl-review.googlesource.com/30684
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2018-08-09 21:36:50 +00:00
David Benjamin
1beddac9ce Update tools.
Change-Id: Idb6818ad9b6af2b1cb604e71d936aaca7210aa57
Reviewed-on: https://boringssl-review.googlesource.com/30624
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-09 19:31:22 +00:00
Adam Langley
7c1f21a1d1 Add XChaCha20-Poly1305 AEAD.
This is a version of ChaCha20-Poly1305 that takes a 24-byte nonce,
making the nonce suitable for random generation. It's compatible with
the AEAD of the same name in libsodium.

Change-Id: Ie8b20ba551e5a290b390d362e487f06377166f4c
Reviewed-on: https://boringssl-review.googlesource.com/30384
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2018-08-09 18:49:09 +00:00
David Benjamin
a3202d7bc1 Add EVP_CTRL_AEAD_* constants.
Upstream generalized most of the EVP_CTRL_GCM_* constants to be their general
AEAD API in 1.1.0. Define them for better compatibility with code that targets
OpenSSL 1.1.0.

Change-Id: Ieaed8379eebde3718e3048f6290c21cdeac01efd
Reviewed-on: https://boringssl-review.googlesource.com/30604
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-09 17:08:15 +00:00
Adam Langley
826ce15092 Support OpenSSL APIs SSL[_CTX]_set1_sigalgs[_list].
These functions can be used to configure the signature algorithms. One
of them is a string mini-languaging parsing function, which we generally
dislike because it defeats static analysis. However, some dependent
projects (in this case TensorFlow) need it and we also dislike making
people patch.

Change-Id: I13f990c896a7f7332d78b1c351357d418ade8d11
Reviewed-on: https://boringssl-review.googlesource.com/30304
Reviewed-by: Steven Valdez <svaldez@google.com>
2018-08-09 16:57:09 +00:00
David Benjamin
e3ffaae0a3 Remove apparently unused cq_name field.
I got an automated email from the previous config update to remove this.

Change-Id: I45586d3bda3241a513bf2f6a8ec3b2a87fc4f2f9
Reviewed-on: https://boringssl-review.googlesource.com/30584
Reviewed-by: Ryan Tseng <hinoka@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-08 20:55:50 +00:00
David Benjamin
ad8e29b00d Add linux_fuzz to the CQ.
We keep tripping it due to weird quirks in fuzzer mode.

Change-Id: Ie09113d42b24070b1749d38f56253bb7d9147f3f
Reviewed-on: https://boringssl-review.googlesource.com/30564
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-08 20:28:14 +00:00
Adam Langley
3314d1570c Escape backslashes in crypto test data.
embed_test_data.go assumes that it's working with 8KB chunks. However,
if the input file contains a '\' then the Go code thinks that it counts
as a byte, but the C compiler will probably merge it with the following
char and thus that string will be slightly too short. ASAN will detect
the out-of-bounds read when 8192 bytes are copied from the string.

Change-Id: If40ccfd39ea013bd6935fcc313cfe188fe985f67
Reviewed-on: https://boringssl-review.googlesource.com/30444
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-08 18:36:11 +00:00
Adam Langley
04e149f840 Set the fuzzer PBKDF2 limit to 2048.
Our test data uses values to up 2048 so the 1024 limit was causing tests
to fail in fuzzing mode.

Change-Id: I71b97be26376a04c13d1f438e5e36a5ffff1c1a4
Reviewed-on: https://boringssl-review.googlesource.com/30484
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-08 18:33:00 +00:00
Adam Langley
c81965a8ad Set PBKDF2 limit in PKCS#12 to 100M.
The previous limit was |UINT_MAX|. Windows limits to 600K, but that's
already causing issues. This seems like a balance between being
completely crazy and still large enough not to have to worry for a long
time. It's still probably too large for backend systems wanting to
process arbitrary PKCS#12, but I don't think any fixed value will
satisfy all desires.

Change-Id: I01a3f78d5f2df086f8dbc0e8bacfb95153738f55
Reviewed-on: https://boringssl-review.googlesource.com/30424
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-08 17:09:36 +00:00
Adam Langley
2bcb315138 Limit the number of PBKDF2 iterations when fuzzing.
(Otherwise the fuzzer will discover that it can trigger extremely large
amounts of computation and start timing out.)

BUG=oss-fuzz:9767

Change-Id: Ibc1da5a90da169c7caf522f792530d1020f8cb54
Reviewed-on: https://boringssl-review.googlesource.com/30404
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-08 16:12:50 +00:00
Adam Langley
6410e18e91 Update several assembly files from upstream.
This change syncs several assembly files from upstream. The only meanful
additions are more CFI directives.

Change-Id: I6aec50b6fddbea297b79bae22cfd68d5c115220f
Reviewed-on: https://boringssl-review.googlesource.com/30364
Reviewed-by: Adam Langley <agl@google.com>
2018-08-07 18:57:17 +00:00
Adam Langley
e27793940e Don't accept “SSL client” as a substitute for S/MIME in the Netscape cert type extension.
I believe that case was the only way that X509_check_purpose could
return anything other than zero or one. Thus eliminate the last use of
X509_V_FLAG_X509_STRICT.

Change-Id: If2f071dfa934b924491db2b615ec17390564e7de
Reviewed-on: https://boringssl-review.googlesource.com/30344
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Matt Braithwaite <mab@google.com>
2018-08-06 21:52:28 +00:00
Matthew Braithwaite
e833a6dfa2 handshaker: kick PRNG when resuming in UNSAFE_DETERMINISTIC_MODE.
In fuzzing builds, session resumptions fail if the PRNG behaves the
same as in the initial session.  Not sure of the reason, but a kick to
the PRNG fixes the problem and doesn't compromise determinism, so
... *shrug*?

Change-Id: I8181d98fdff16ae82255e9cda33ce5c4c40b5399
Reviewed-on: https://boringssl-review.googlesource.com/30284
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2018-08-03 23:11:46 +00:00
Steven Valdez
74bfa0c082 Fix header include for handshake.
This should hopefully fix a build failure on the fuzzers.

Change-Id: If8db8dee768a83538cf37a65ec23c3f68f2be6a2
Reviewed-on: https://boringssl-review.googlesource.com/30264
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-08-02 13:55:01 +00:00