Commit Graph

4528 Commits

Author SHA1 Message Date
David Benjamin
b5f55c3afb Squash together TLS 1.2 states for server Finished block.
We can take advantage of our flight-by-flight model.

BUG=128

Change-Id: If27a5b6d88055da71199ef672d9c71969925aca9
Reviewed-on: https://boringssl-review.googlesource.com/17249
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
2017-06-16 20:07:23 +00:00
David Benjamin
9b6ff440ef Use _STL_EXTRA_DISABLED_WARNINGS in VS2017.
Although Microsoft does not support building with /Wall, starting
VS2017, they provide a way to suppress warnings only in STL code. This
lets us keep some warnings active on our code while disabling them in
the STL.
https://blogs.msdn.microsoft.com/vcblog/2017/02/06/stl-fixes-in-vs-2017-rtm/

We currently still support VS2015, so we can't switch most of our
suppressions to this, but anything which applies only to VS2017 and up
will work.

Change-Id: I5f6d621dd1dbc060e09bded776d1714785a63147
Reviewed-on: https://boringssl-review.googlesource.com/17245
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-16 19:37:40 +00:00
David Benjamin
d98107b4e1 Remove the last of the f_err pattern.
BUG=128

Change-Id: I4d7e64b09dbbbaa2d12161672cab532e2e53fe7b
Reviewed-on: https://boringssl-review.googlesource.com/17248
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-16 19:22:09 +00:00
David Benjamin
8d606e361c Clear out f_err pattern from handshake_client.c.
This leaves just handshake_server.c.

BUG=128

Change-Id: I92503404eca0765539c95f107a726fb84c28e8bd
Reviewed-on: https://boringssl-review.googlesource.com/17247
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-16 19:21:08 +00:00
Nico Weber
72b36cfed8 fuchsia: Use new spelling of NO_ERROR.
Bug: chromium:731280
Change-Id: I87161a3400ac5119401ec157df5843249971327a
Reviewed-on: https://boringssl-review.googlesource.com/17246
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Aaron Green <aarongreen@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-16 17:01:32 +00:00
David Benjamin
0a20f7860b Update tools from Chromium.
Change-Id: Ied9713decf536c0fd7b25c9156fd8eb167ee57d1
Reviewed-on: https://boringssl-review.googlesource.com/17244
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-16 16:54:42 +00:00
David Benjamin
a75fc71055 Update fuzzer mode suppressions.
0-RTT rejects don't work in fuzzer mode.

Change-Id: Ib819bff25b7a619268f0d667262ff07ab3e441b9
Reviewed-on: https://boringssl-review.googlesource.com/17207
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-16 16:53:11 +00:00
David Benjamin
ca7435822f Test SSL_select_next_proto and SSL_get_fd.
Free code coverage. Also rename things in SSL_select_next_proto so it
works for NPN and ALPN. (I found some code which uses it for ALPN.)

Change-Id: I8d06b768f9484dc3eda1a20506ec84ec3ddbc883
Reviewed-on: https://boringssl-review.googlesource.com/17206
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-16 13:47:04 +00:00
David Benjamin
289e76b6ff EVP_PKEY_cmp does not return a boolean.
Change-Id: Ic82b093d006cd3c8c5a762d04c86bbcefeee3b24
Reviewed-on: https://boringssl-review.googlesource.com/17205
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-16 13:45:44 +00:00
David Benjamin
0391f16673 Fix some malloc failure handling.
Change-Id: Ice03a4e8378da8ab94f1aa0545615c8aee6982d7
Reviewed-on: https://boringssl-review.googlesource.com/17204
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-15 19:38:59 +00:00
Steven Valdez
e831a81518 Adding support for sending early data on the client.
BUG=76

Change-Id: If58a73da38e46549fd55f84a9104e2dfebfda43f
Reviewed-on: https://boringssl-review.googlesource.com/14164
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-15 19:34:59 +00:00
David Benjamin
24e5886c0e Add a test for invalid alert types.
This doesn't hugely matter, but I noticed it was some missing coverage.

Change-Id: I3e425d47fbbeaacd9da2ae883f34e89b4562ec11
Reviewed-on: https://boringssl-review.googlesource.com/17184
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-15 16:18:42 +00:00
Adam Langley
5e578c9dba Don't draw entropy during FIPS power-on tests.
Change-Id: I8512c6bfb62f1a83afc8f763d681bf5db3b4ceae
Reviewed-on: https://boringssl-review.googlesource.com/17144
Commit-Queue: Adam Langley <alangley@gmail.com>
Reviewed-by: David Benjamin <davidben@google.com>
2017-06-13 20:27:48 +00:00
Adam Langley
8379978bc8 Allow |RSA_FLAG_NO_BLINDING| to be set with |e| set.
This change allows blinding to be disabled without also having to remove
|e|, which would disable the CRT and the glitch checks. This is to
support disabling blinding in the FIPS power-on tests.

(Note: the case where |e| isn't set is tested by RSATest.OnlyDGiven.)

Change-Id: I28f18beda33b1687bf145f4cbdfd37ce262dd70f
Reviewed-on: https://boringssl-review.googlesource.com/17146
Commit-Queue: Adam Langley <alangley@gmail.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2017-06-13 20:27:25 +00:00
David Benjamin
0a3663a64f ARMv4 assembly pack: harmonize Thumb-ification of iOS build.
Three modules were left behind in
I59df0b567e8e80befe5c399f817d6410ddafc577.

(Imported from upstream's c93f06c12f10c07cea935abd78a07a037e27f155.)

This actually meant functions defined in those two files were
non-functional. I'm guessing no one noticed upstream because, if you go
strictly by iOS compile-time capabilities, all this code is unreachable
on ios32, only ios64.

Change-Id: I55035edf2aebf96d14bdf66161afa2374643d4ec
Reviewed-on: https://boringssl-review.googlesource.com/17113
Reviewed-by: David Benjamin <davidben@google.com>
2017-06-13 17:49:16 +00:00
David Benjamin
3763cbeb6a sha/asm/sha512-armv8.pl: adapt for kernel use.
(Imported from upstream's 413b6a82594ab45192dda233a77efe5637d656d6.)

This doesn't affect us but is imported to make future imports easier.

Change-Id: I8cc97d658df6cc25da69bff840b96a47e2946ddb
Reviewed-on: https://boringssl-review.googlesource.com/17112
Reviewed-by: Adam Langley <agl@google.com>
2017-06-13 17:47:41 +00:00
David Benjamin
f03cdc3a93 Sync ARM assembly up to 609b0852e4d50251857dbbac3141ba042e35a9ae.
This change was made by copying over the files as of that commit and
then discarding the parts of the diff which corresponding to our own
changes.

Change-Id: I28c5d711f7a8cec30749b8174687434129af5209
Reviewed-on: https://boringssl-review.googlesource.com/17111
Reviewed-by: Adam Langley <agl@google.com>
2017-06-13 17:47:20 +00:00
David Benjamin
8da59555c6 ARMv4 assembly pack: allow Thumb2 even in iOS build, and engage it in most modules.
(Imported from upstream's a285992763f3961f69a8d86bf7dfff020a08cef9.)

Change-Id: I59df0b567e8e80befe5c399f817d6410ddafc577
Reviewed-on: https://boringssl-review.googlesource.com/17110
Reviewed-by: Adam Langley <agl@google.com>
2017-06-13 17:47:10 +00:00
David Benjamin
b9940a649a bn/asm/armv4-mont.pl: boost NEON performance.
Close difference gap on Cortex-A9, which resulted in further improvement
even on other processors.

(Imported from upstream's 8eed3289b21d25583ed44742db43a2d727b79643.)

Performance numbers on a Nexus 5X in AArch32 mode:

$ ./bssl.old speed -filter RSA -timeout 5
Did 355 RSA 2048 signing operations in 5009578us (70.9 ops/sec)
Did 20577 RSA 2048 verify operations in 5079000us (4051.4 ops/sec)
Did 66 RSA 4096 signing operations in 5057941us (13.0 ops/sec)
Did 5564 RSA 4096 verify operations in 5086902us (1093.8 ops/sec)

$ ./bssl speed -filter RSA -timeout 5
Did 411 RSA 2048 signing operations in 5010206us (82.0 ops/sec)
Did 27720 RSA 2048 verify operations in 5048114us (5491.2 ops/sec)
Did 86 RSA 4096 signing operations in 5056160us (17.0 ops/sec)
Did 8216 RSA 4096 verify operations in 5048719us (1627.3 ops/sec)

Change-Id: I8c5be9ff9405ec1796dcf4cfe7df8a89e5a50ce5
Reviewed-on: https://boringssl-review.googlesource.com/17109
Reviewed-by: Adam Langley <agl@google.com>
2017-06-13 17:46:41 +00:00
David Benjamin
ae96383af3 ARMv4 assembly pack: implement support for Thumb2.
As some of ARM processors, more specifically Cortex-Mx series, are
Thumb2-only, we need to support Thumb2-only builds even in assembly.

(Imported from upstream's 11208dcfb9105e8afa37233185decefd45e89e17.)

Change-Id: I7cb48ce6a842cf3cfdf553f6e6e6227d52d525c0
Reviewed-on: https://boringssl-review.googlesource.com/17108
Reviewed-by: Adam Langley <agl@google.com>
2017-06-13 17:46:35 +00:00
David Benjamin
e2ff2ca0dc Revert "Use unified ARM assembly."
This reverts commit 2cd63877b5. We've
since imported a change to upstream which adds some #defines that should
do the same thing on clang. (Though if gas accepts unified assembly too,
that does seem a better approach. Ah well. Diverging on these files is
expensive.)

This is to reduce the diff and make applying some subsequent changes
easier.

Change-Id: I3f5eae2a71919b291a8de9415b894d8f0c67e3cf
Reviewed-on: https://boringssl-review.googlesource.com/17107
Reviewed-by: Adam Langley <agl@google.com>
2017-06-13 17:45:51 +00:00
David Benjamin
7f7ef53e68 Allow ILP32 compilation in AArch64 assembly pack.
(Imported from upstream's 5e5ece561d1f7e557c8e0ea202a8c1f3008361ce.)

This doesn't matter but reduces the diff for changes past it.

Change-Id: Ib2e979eedad2a0b89c9d172207f6b7e610bf211f
Reviewed-on: https://boringssl-review.googlesource.com/17106
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-12 23:35:35 +00:00
Matthew Braithwaite
43a4092414 Add missing #include of assert.h
Change-Id: I641284e657ec184f4209392e7c6f86c20400e7b1
Reviewed-on: https://boringssl-review.googlesource.com/17124
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Matt Braithwaite <mab@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-12 23:35:16 +00:00
David Benjamin
c07635f869 Remove local __arm__ ifdef on aes-armv4.pl.
We patch arm-xlate.pl to add the ifdefs, so this isn't needed and
reduces our upstream diff.

(We do still have a diff from upstream here. Will go through them
shortly.)

Change-Id: I5b1e301b9111969815f58d69a98591c973465f42
Reviewed-on: https://boringssl-review.googlesource.com/17105
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-12 21:48:54 +00:00
David Benjamin
0514e3dfdd Remove needless type casting.
(Imported from upstream's 55abd566ea02cd21f7bff60db41f97bddad31496.)

Change-Id: Ic48c3d2f6598cbf92ebda0f99e011647eb33f9f4
Reviewed-on: https://boringssl-review.googlesource.com/17104
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-12 21:39:15 +00:00
David Benjamin
b529253bea Implement scrypt from RFC 7914.
This imports upstream's scrypt implementation, though it's been heavily
revised. I lost track of words vs. blocks vs. bigger blocks too many
times in the original code and introduced a typedef for the fixed-width
Salsa20 blocks. The downside is going from bytes to blocks is a bit
trickier, so I took advantage of our little-endian assumption.

This also adds an missing check for N < 2^32. Upstream's code is making
this assumption in Integerify. I'll send that change back upstream. I've
also removed the weird edge case where a NULL out_key parameter means to
validate N/r/p against max_mem and nothing else. That's just in there to
get a different error code out of their PKCS#12 code.

Performance-wise, the cleanup appears to be the same (up to what little
precision I was able to get here), but an optimization to use bitwise
AND rather than modulus makes us measurably faster. Though scrypt isn't
a fast operation to begin with, so hopefully it isn't anyone's
bottleneck.

This CL does not route scrypt up to the PKCS#12 code, though we could
write our own version of that if we need to later.

BUG=chromium:731993

Change-Id: Ib2f43344017ed37b6bafd85a2c2b103d695020b8
Reviewed-on: https://boringssl-review.googlesource.com/17084
Reviewed-by: Adam Langley <agl@google.com>
2017-06-12 20:32:21 +00:00
Martin Kreichgauer
6af3a3d9ed aead_test: Skip calls to EVP_AEAD_CTX_open_gather when not implemented.
Instead of hard coding whether ciphers implement it, just check the
return code.

Change-Id: I4b119119a8f936c94e76b0cb0ef94c9946c65c50
Reviewed-on: https://boringssl-review.googlesource.com/17064
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-12 17:46:22 +00:00
David Benjamin
19670949ca Align EVP_PKEY Ed25519 API with upstream.
Rather than adding a new mode to EVP_PKEY_CTX, upstream chose to tie
single-shot signing to EVP_MD_CTX, adding functions which combine
EVP_Digest*Update and EVP_Digest*Final. This adds a weird vestigial
EVP_MD_CTX and makes the signing digest parameter non-uniform, slightly
complicating things. But it means APIs like X509_sign_ctx can work
without modification.

Align with upstream's APIs. This required a bit of fiddling around
evp_test.cc. For consistency and to avoid baking details of parameter
input order, I made it eagerly read all inputs before calling
SetupContext. Otherwise which attributes are present depend a lot on the
shape of the API we use---notably the NO_DEFAULT_DIGEST tests for RSA
switch to failing before consuming an input, which is odd.

(This only matters because we have some tests which expect the operation
to abort the operation early with parameter errors and match against
Error. Those probably should not use FileTest to begin with, but I'll
tease that apart a later time.)

Upstream also named NID_Ed25519 as NID_ED25519, even though the
algorithm is normally stylized as "Ed25519". Switch it to match.

Change-Id: Id6c8f5715930038e754de50338924d044e908045
Reviewed-on: https://boringssl-review.googlesource.com/17044
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-12 12:04:11 +00:00
Adam Langley
ff2394527f ppc64le delocate: avoid r0 as a base register.
On POWER, r0 is wired to zero in some argument positions of some
instructions. The base register for a load is one of them. Thus, if
rewriting a load to r0, we cannot use r0 to store the base address.

This could be more efficient, but loading to r0 appears to be very rare
so I'm not going to worry about it for now.

Change-Id: I14dac96ba4c0380b166a7667b0cba918f1ae25ec
Reviewed-on: https://boringssl-review.googlesource.com/17065
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-10 00:00:58 +00:00
Martin Kreichgauer
18d9f28f0d Add EVP_AEAD_CTX_{seal_scatter,open_gather}.
These behave like EVP_AEAD_CTX_{seal,open} respectively, but receive
ciphertext and authentication tag as separate arguments, rather than one
contiguous out or in buffer.

Change-Id: Ia4f1b83424bc7067c55dd9e5a68f18061dab4d07
Reviewed-on: https://boringssl-review.googlesource.com/16924
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
2017-06-09 23:10:49 +00:00
David Benjamin
1845d0dbdb Remove some dead code from crypto/asn1.
Change-Id: I36d90356550d8a377af0dd248c6ec72bcdde4351
Reviewed-on: https://boringssl-review.googlesource.com/17027
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-09 19:58:38 +00:00
David Benjamin
2dfa1ba680 Delete some dead code from crypto/x509.
These are never referenced within the library or externally. Some of the
constants have been unused since SSLeay.

Change-Id: I597511208dab1ab3816e5f730fcadaea9a733dff
Reviewed-on: https://boringssl-review.googlesource.com/17025
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2017-06-09 19:58:08 +00:00
David Benjamin
5e61d533c9 Document support status of the legacy ASN.1 code.
Change-Id: Ie0565b8b819b9fd837caf723d035866facc9543c
Reviewed-on: https://boringssl-review.googlesource.com/17026
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
2017-06-09 19:27:33 +00:00
David Benjamin
c40e1830ac Don't define BORINGSSL_SHARED_LIBRARY in generated bzl file.
https://boringssl-review.googlesource.com/c/12360/ made us define
BORINGSSL_SHARED_LIBRARY when building tests via Bazel. The test has now
been moved to crypto_test, where the flags are more easily under the
control of the consumer.

Change-Id: If237efca219a1f03d64dc801cc1d585556bf2d1d
Reviewed-on: https://boringssl-review.googlesource.com/16987
Reviewed-by: David Benjamin <davidben@google.com>
2017-06-09 18:51:21 +00:00
David Benjamin
656aa9a262 Convert p256-x86_64_test to GTest.
BUG=129

Change-Id: Ieda2c2cc08f83ae24a2dfdb243dc17b4c15ed5b2
Reviewed-on: https://boringssl-review.googlesource.com/16993
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-09 18:50:56 +00:00
David Benjamin
f6584e7a52 Generate iOS assembly in generate_build_files.py.
We've been compile-testing it for some time, and now we have a path (by
way of GTest and Chromium) to get them test coverage.

Change-Id: Ic33be8fce4bbef10cd586428e74972f230525792
Reviewed-on: https://boringssl-review.googlesource.com/16990
Reviewed-by: Kári Helgason <kthelgason@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2017-06-09 16:40:29 +00:00
David Benjamin
42adba5173 Trim unused declarations in pem.h.
None of these declarations are ever defined or constants used.

Change-Id: Id71ed5f02f9972d375845eacd9ce290a64b1c525
Reviewed-on: https://boringssl-review.googlesource.com/17024
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-09 15:32:59 +00:00
David Benjamin
3b33f3eb2d Set static armcaps based on __ARM_FEATURE_CRYPTO.
Originally we had some confusion around whether the features could be
toggled individually or not. Per the ARM C Language Extensions doc[1],
__ARM_FEATURE_CRYPTO implies the "crypto extension" which encompasses
all of them. The runtime CPUID equivalent can report the features
individually, but it seems no one separates them in practice, for now.
(If they ever do, probably there'll be a new set of #defines.)

[1] http://infocenter.arm.com/help/topic/com.arm.doc.ihi0053c/IHI0053C_acle_2_0.pdf

Change-Id: I12915dfc308f58fb005286db75e50d8328eeb3ea
Reviewed-on: https://boringssl-review.googlesource.com/16991
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-09 00:29:10 +00:00
David Benjamin
619b323a5e Import Ed25519 tests from upstream to evp_tests.txt.
These are, in turn, just taken from RFC 8032 and are all in
ed25519_tests.txt. But it's probably good to test non-empty inputs at
the EVP_PKEY layer too.

Change-Id: I21871a6efaad5c88b828d2e90d757c325a550b2a
Reviewed-on: https://boringssl-review.googlesource.com/16989
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-08 23:53:06 +00:00
David Benjamin
21882c5c75 Clarify rand locking comment.
This was specific to some old software on the test machine. Shrinking
the critical section to not cover getrandom is probably worthwhile
anyway though, so keep it around but make the comment less scary.

Change-Id: I8c17b6688ae93f6aef5d89c252900985d9e7bb52
Reviewed-on: https://boringssl-review.googlesource.com/16992
Reviewed-by: Adam Langley <agl@google.com>
2017-06-08 22:26:40 +00:00
Adam Langley
204b8a115d Tag the power-on tests as a constructor function directly.
This matches the example code in IG 9.10.

Change-Id: Ie010d135d6c30acb9248b689302b0a27d65bc4f7
Reviewed-on: https://boringssl-review.googlesource.com/17006
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2017-06-08 22:17:59 +00:00
Adam Langley
a09a65ffdb Be slightly more relaxed about how ppc64le global-entry TOC references look.
Clang 4.0 on ppc64le generated symbols called “.LCE0” and so on.

Change-Id: I6bacf24365aa547d0ca9e5f338e4bb966df31708
Reviewed-on: https://boringssl-review.googlesource.com/17005
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2017-06-08 21:33:29 +00:00
David Benjamin
16c3f06eb0 Convert evp_test to GTest.
This is a fairly shallow conversion because of the somewhat screwy Error
lines in the test which may target random functions like
EVP_PKEY_CTX_set_signature_md. We probably should revise this, perhaps
moving those to normal tests and leaving error codes to the core
operation itself.

BUG=129

Change-Id: I27dcc945058911b2de40cd48466d4e0366813a12
Reviewed-on: https://boringssl-review.googlesource.com/16988
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-08 20:28:12 +00:00
Adam Langley
e7d6988c25 Have run_cavp.go create “resp” directories as needed.
Change-Id: Icb3003d71e3d61eb98fb8835bd567e383f22affc
Reviewed-on: https://boringssl-review.googlesource.com/17004
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-08 19:13:01 +00:00
David Benjamin
9f579bfe6c Use unions rather than aliasing when possible.
This is less likely to make the compiler grumpy and generates the same
code. (Although this file has worse casts here which I'm still trying to
get the compiler to cooperate on.)

Change-Id: If7ac04c899d2cba2df34eac51d932a82d0c502d9
Reviewed-on: https://boringssl-review.googlesource.com/16986
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-08 00:21:18 +00:00
David Benjamin
3d14a15eef Run GTest-based tests in parallel.
We lost some parallelism by putting the tests into one binary and have
enough giant test vector files now that this takes some time. Shard them
back up again.

BUG=129

Change-Id: I1d196bd8c4851bf975d6b4f2f0403ae65feac884
Reviewed-on: https://boringssl-review.googlesource.com/16984
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-08 00:15:10 +00:00
David Benjamin
17ce286e07 Work around an apparent Linux or glibc bug on ppc64le in FIPS mode.
POWER8 has hardware transactional memory, which glibc uses to implement
locks. In some cases, taking a lock begins a transaction, wrapping
arbitrary user code (!) until the lock is released. If the transaction
is aborted, everything rewinds and glibc tries again with some other
implementation.

The kernel will abort the transaction in a variety of cases. Notably, on
a syscall, the transaction aborts and the syscall *does not happen*.
https://www.kernel.org/doc/Documentation/powerpc/transactional_memory.txt

Yet, for some reason, although the relevant change does appear to be in
the kernel, the transaction is being rewound with getrandom happening
anyway. This does not work very well.

Instead, only guard the DRBG access with the lock, not CRYPTO_sysrand.
This lock is only used to protect the DRBG from the destructor that
zeros everything.

Change-Id: Ied8350f1e808a09300651de4200c7b0d07b3a158
Reviewed-on: https://boringssl-review.googlesource.com/16985
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-07 19:59:24 +00:00
David Benjamin
d91e1efd83 Convert ECDSA tests to GTest.
BUG=129

Change-Id: Ia8b0639489fea817be4bb24f0457629f0fd6a815
Reviewed-on: https://boringssl-review.googlesource.com/16947
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-07 19:22:23 +00:00
Kári Tristan Helgason
54581cc60f Convert x509_test to gtest
Change-Id: I4e0da85857e820f8151e2fb50d699f14fedee97b
Reviewed-on: https://boringssl-review.googlesource.com/16966
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-07 19:02:13 +00:00
David Benjamin
8ba6a1496b Fix build with VS 2017.
Lots more warnings to disable...

Change-Id: Ic240dd74d9abab8fe6d696c15267138b857d0dc1
Reviewed-on: https://boringssl-review.googlesource.com/16745
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-07 18:56:06 +00:00