Commit Graph

2665 Commits

Author SHA1 Message Date
David Benjamin
1fc7564ba7 Add standalone PKCS#8 and SPKI fuzzers.
We already had coverage for our new EVP_PKEY parsers, but it's good to have
some that cover them directly. The initial corpus was generated manually with
der-ascii and should cover most of the insanity around EC key serialization.

BUG=15

Change-Id: I7aaf56876680bfd5a89f5e365c5052eee03ba862
Reviewed-on: https://boringssl-review.googlesource.com/7728
Reviewed-by: Adam Langley <agl@google.com>
2016-04-25 21:57:28 +00:00
David Benjamin
af18cdd733 Add a copyright header to run_android_tests.go.
Change-Id: Ifd60964e4074fa7900e9ebfbb669864bae0821dd
Reviewed-on: https://boringssl-review.googlesource.com/7729
Reviewed-by: Adam Langley <agl@google.com>
2016-04-25 21:55:36 +00:00
David Benjamin
6e96d2be3d Remove stale wpa_supplicant hacks.
aosp-master has been updated past the point that this is necessary. Sadly, all
the other hacks still are. I'll try to get things rolling so we can ditch the
others in time.

Change-Id: If7b3aad271141fb26108a53972d2d3273f956e8d
Reviewed-on: https://boringssl-review.googlesource.com/7751
Reviewed-by: Adam Langley <agl@google.com>
2016-04-25 21:19:12 +00:00
David Benjamin
1be6a7e442 Add another temporary hack for wpa_supplicant.
Due to Android's complex branching scheme, we have to keep building against a
snapshotted version of wpa_supplicant. wpa_supplicant, in preparation for
OpenSSL 1.1.0, added compatibility versions of some accessors that we, in
working towards opaquification, have imported. This causes a conflict (C does
not like having static and non-static functions share a name).

Add a hack in the headers to suppress the conflicting accessors when
BORINGSSL_SUPPRESS_ACCESSORS is defined. Android releases which include an
updated BoringSSL will also locally carry this #define in wpa_supplicant build
files. Once we can be sure releases of BoringSSL will only see a new enough
wpa_supplicant (one which includes a to-be-submitted patch), we can ditch this.

Change-Id: I3e27fde86bac1e59077498ee5cbd916cd880821e
Reviewed-on: https://boringssl-review.googlesource.com/7750
Reviewed-by: Adam Langley <agl@google.com>
2016-04-25 21:18:37 +00:00
Adam Langley
b70cd92c82 Add licenses to fuzz tests.
These source files previously didn't have the ISC license on them.

Change-Id: Ic0a2047d23b28d9d7f0a85b2fedb67574bdcab25
Reviewed-on: https://boringssl-review.googlesource.com/7735
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-25 20:15:27 +00:00
Adam Langley
3d907ed964 Remove RC4_options from rc4-586.pl.
The x86-64 version of this assembly doesn't include this function. It's
in decrepit/rc4 as a compatibility backfill but that means that 32-bit
builds end up with two definitions of this symbol.

Change-Id: Ib6da6b91aded8efc679ebbae6d60c96a78f3dc4e
Reviewed-on: https://boringssl-review.googlesource.com/7734
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-22 21:14:11 +00:00
David Benjamin
38d01c6b95 Improve generate_build_files.py gn support.
Split gn and gyp generators apart. Since we're pre-generating files, there's no
need to make BoringSSL's build depend on the gypi_to_gn.py script. Also emit
the tests and a list of fuzzers so we don't need to manually update BUILD.gn
each time.

The new gn generator is based on the bazel one since they're fairly similar.

BUG=chromium:429246

Change-Id: I5a819a964d6ac6e56e9251bb3fd3de1db08214a4
Reviewed-on: https://boringssl-review.googlesource.com/7726
Reviewed-by: Adam Langley <agl@google.com>
2016-04-22 18:56:55 +00:00
David Benjamin
818aff01fb Add SSL_SESSION_get_master_key.
Opaquifying SSL_SESSION is less important than the other structs, but this will
cause less turbulence in wpa_supplicant if we add this API too. Semantics and
name taken from OpenSSL 1.1.0 to match.

BUG=6

Change-Id: Ic39f58d74640fa19a60aafb434dd2c4cb43cdea9
Reviewed-on: https://boringssl-review.googlesource.com/7725
Reviewed-by: Adam Langley <agl@google.com>
2016-04-21 21:14:36 +00:00
David Benjamin
7fadfc6135 Move TLS-specific "AEAD" functions to the bottom of aead.h.
Probably better to keep it out of the way for someone just trying to figure out
how to use the library. Notably, we don't really want people to think they need
to use the directioned init function.

Change-Id: Icacc2061071581abf46e38eb1d7a52e7b1f8361b
Reviewed-on: https://boringssl-review.googlesource.com/7724
Reviewed-by: Adam Langley <agl@google.com>
2016-04-21 20:34:41 +00:00
David Benjamin
325664eec4 Add hkdf.h to doc.config.
It has all of one function in there.

Change-Id: I86f0fbb76d267389c62b63ac01df685acb70535e
Reviewed-on: https://boringssl-review.googlesource.com/7723
Reviewed-by: Adam Langley <agl@google.com>
2016-04-21 20:25:15 +00:00
Brian Smith
f01fb5dc0e Avoid minor waste in |ec_GFp_nistp256_point_get_affine_coordinates|.
Avoid calculating the affine Y coordinate when the caller didn't ask
for it, as occurs, for example, in ECDH.

For symmetry and clarity, avoid calculating the affine X coordinate in
the hypothetical case where the caller only asked for the Y coordinate.

Change-Id: I69f5993fa0dfac8b010c38e695b136cefc277fed
Reviewed-on: https://boringssl-review.googlesource.com/7590
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-20 23:00:27 +00:00
Brian Smith
3f3358ac15 Save one call to |ecp_nistz256_from_mont| in |ecp_nistz256_get_affine|.
Change-Id: I38faa5c4e9101c100614ebadf421bde0a05af360
Reviewed-on: https://boringssl-review.googlesource.com/7589
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-20 22:58:36 +00:00
Brian Smith
a7aa2bb8f8 Avoid a multiplication in |ecp_nistz256_get_affine| when |x| is NULL.
This is purely hypothetical, as in real life nobody cares about the
|y| component without also caring about the |x| component, but it
clarifies the code and makes a future change clearer.

Change-Id: Icaa4de83c87b82a8e68cd2942779a06e5db300c3
Reviewed-on: https://boringssl-review.googlesource.com/7588
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-20 22:53:46 +00:00
Brian Smith
d860b7b1cd Set output coordinates' |neg| field in |ecp_nistz256_get_affine|.
The result would not be correct if, on input, |x->neg != 0| or
|y->neg != 0|.

Change-Id: I645566a78c2e18e42492fbfca1df17baa05240f7
Reviewed-on: https://boringssl-review.googlesource.com/7587
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-20 22:52:45 +00:00
Brian Smith
97770d17d8 Use only Montgomery math in |ec_GFp_mont_point_get_affine_coordinates|.
Use only Montgomery math in |ec_GFp_mont_point_get_affine_coordinates|.
In particular, avoid |BN_mod_sqr| and |BN_mod_mul|.

Change-Id: I05c8f831d2865d1b105cda3871e9ae67083f8399
Reviewed-on: https://boringssl-review.googlesource.com/7586
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-20 22:51:34 +00:00
David Benjamin
f3835839b1 Use nanosleep instead of usleep.
usleep is guarded by feature macro insanity. Use nanosleep which looks to be
less unfriendly.

Change-Id: I75cb2284f26cdedabb19871610761ec7440b6ad3
Reviewed-on: https://boringssl-review.googlesource.com/7710
Reviewed-by: Emily Stark (Dunn) <estark@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-19 21:54:26 +00:00
David Benjamin
9dadc3b6e1 Replace CRYPTO_once_t on Windows with INIT_ONCE.
Now that we no longer support Windows XP, this function is available. In doing
so, remove the odd run_once_arg_t union and pass in a pointer to a function
pointer which is cleaner and still avoids C's silly rule where function
pointers can't be placed in a void*.

BUG=37

Change-Id: I44888bb3779dacdb660706debd33888ca389ebd5
Reviewed-on: https://boringssl-review.googlesource.com/7613
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-19 21:34:20 +00:00
David Benjamin
3ed24f0502 Test CRYPTO_once_t collisions.
The existing tests never actually tested this case.

Change-Id: Idb9cf0cbbe32fdf5cd353656a95fbedbaac09376
Reviewed-on: https://boringssl-review.googlesource.com/7612
Reviewed-by: Emily Stark (Dunn) <estark@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-19 21:33:59 +00:00
David Benjamin
582d2847ed Reimplement PKCS#12 key derivation.
This is avoids pulling in BIGNUM for doing a straight-forward addition on a
block-sized value, and avoids a ton of mallocs. It's also -Wconversion-clean,
unlike the old one.

In doing so, this replaces the HMAC_MAX_MD_CBLOCK with EVP_MAX_MD_BLOCK_SIZE.
By having the maximum block size available, most of the temporary values in the
key derivation don't need to be malloc'd.

BUG=22

Change-Id: I940a62bba4ea32bf82b1190098f3bf185d4cc7fe
Reviewed-on: https://boringssl-review.googlesource.com/7688
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-19 18:16:38 +00:00
David Benjamin
0e21f41fe8 Switch all 'num' parameters in crypto/modes to unsigned.
Also switch the EVP_CIPHER copy to cut down on how frequently we need to cast
back and forth.

BUG=22

Change-Id: I9af1e586ca27793a4ee6193bbb348cf2b28a126e
Reviewed-on: https://boringssl-review.googlesource.com/7689
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-19 17:56:25 +00:00
David Benjamin
1a0a8b6760 Make EVP_MD_CTX size functions return size_t.
The EVP_MD versions do, so the types should bubble up.

BUG=22

Change-Id: Ibccbc9ff35bbfd3d164fc28bcdd53ed97c0ab338
Reviewed-on: https://boringssl-review.googlesource.com/7687
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-19 15:12:41 +00:00
Brian Smith
86361a3910 Require the public exponent to be available in RSA blinding.
Require the public exponent to be available unless
|RSA_FLAG_NO_BLINDING| is set on the key. Also, document this.

If the public exponent |e| is not available, then we could compute it
from |p|, |q|, and |d|. However, there's no reasonable situation in
which we'd have |p| or |q| but not |e|; either we have all the CRT
parameters, or we have (e, d, n), or we have only (d, n). The
calculation to compute |e| exposes the private key to risk of side
channel attacks.

Also, it was particularly wasteful to compute |e| for each
|BN_BLINDING| created, instead of just once before the first
|BN_BLINDING| was created.

|BN_BLINDING| now no longer needs to contain a duplicate copy of |e|,
so it is now more space-efficient.

Note that the condition |b->e != NULL| in |bn_blinding_update| was
always true since commit cbf56a5683.

Change-Id: Ic2fd6980e0d359dcd53772a7c31bdd0267e316b4
Reviewed-on: https://boringssl-review.googlesource.com/7594
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-18 23:34:46 +00:00
Brian Smith
d035730ac7 Make return value of |BN_MONT_CTX_set_locked| int.
This reduces the chance of double-frees.

BUG=10

Change-Id: I11a240e2ea5572effeddc05acb94db08c54a2e0b
Reviewed-on: https://boringssl-review.googlesource.com/7583
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-18 23:19:08 +00:00
Brian Smith
51b0d5b1e8 Do not use the CRT when |rsa->e == NULL|.
When |rsa->e == NULL| we cannot verify the result, so using the CRT
would leave the key too vulnerable to fault attacks.

Change-Id: I154622cf6205ba4d5fb219143db6072a787c2d1f
Reviewed-on: https://boringssl-review.googlesource.com/7581
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-18 22:50:24 +00:00
Brian Smith
69f0532c85 Use |memcmp| instead of |CRYPTO_memcmp| in |RSA_verify|.
|CRYPTO_memcmp| isn't necessary because there is no secret data being
acted on here.

Change-Id: Ib678d5d4fc16958aca409a93df139bdff8cb73fb
Reviewed-on: https://boringssl-review.googlesource.com/7465
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-18 20:42:22 +00:00
Brian Smith
2a92031bb4 Clarify |RSA_verify_raw| error handling & cleanup.
Use the common pattern of returning early instead of |goto err;| when
there's no cleanup to do yet. Also, move the error checking of
|BN_CTX_get| failure closer to the the calls to |BN_CTX_get|. Avoid
calling |OPENSSL_cleanse| on public data. Clarify when/why |buf| is not
freed.

Change-Id: I9df833db7eb7041c5af9349c461297372b988f98
Reviewed-on: https://boringssl-review.googlesource.com/7464
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-18 20:42:15 +00:00
Brian Smith
9902262af6 Remove redundant check of |sig_len| in |RSA_verify|.
The same check is already done in |RSA_verify_raw|, so |RSA_verify|
doesn't need to do it.

Also, move the |RSA_verify_raw| check earlier.

Change-Id: I15f7db0aad386c0f764bba53e77dfc46574f7635
Reviewed-on: https://boringssl-review.googlesource.com/7463
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-18 20:40:41 +00:00
Brian Smith
c0b196d4eb Drop support for engines-provided signature verification.
We do not need to support engine-provided verification methods.

Change-Id: Iaad8369d403082b728c831167cc386fdcabfb067
Reviewed-on: https://boringssl-review.googlesource.com/7311
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-18 20:40:17 +00:00
David Benjamin
9b611e28e4 Simplify server_name extension parsing.
Although the server_name extension was intended to be extensible to new name
types, OpenSSL 1.0.x had a bug which meant different name types will cause an
error. Further, RFC 4366 originally defined syntax inextensibly. RFC 6066
corrected this mistake, but adding new name types is no longer feasible.

Act as if the extensibility does not exist to simplify parsing. This also
aligns with OpenSSL 1.1.x's behavior. See upstream's
062178678f5374b09f00d70796f6e692e8775aca and
https://www.ietf.org/mail-archive/web/tls/current/msg19425.html

Change-Id: I5af26516e8f777ddc1dab5581ff552daf2ea59b5
Reviewed-on: https://boringssl-review.googlesource.com/7294
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-18 20:33:35 +00:00
David Benjamin
4c5ddb8047 Set rwstate consistently.
We reset it to SSL_NOTHING at the start of ever SSL_get_error-using operation.
Then we only set it to a non-NOTHING value in the rest of the stack on error
paths.

Currently, ssl->rwstate is set all over the place. Sometimes the pattern is:

  ssl->rwstate = SSL_WRITING;
  if (BIO_write(...) <= 0) {
    goto err;
  }
  ssl->rwstate = SSL_NOTHING;

Sometimes we only set it to the non-NOTHING value on error.

  if (BIO_write(...) <= 0) {
    ssl->rwstate = SSL_WRITING;
  }
  ssl->rwstate = SSL_NOTHING;

Sometimes we just set it to SSL_NOTHING far from any callback in random places.

The third case is arbitrary and clearly should be removed.

But, in the second case, we sometimes forget to undo it afterwards. This is
largely harmless since an error in the error queue overrides rwstate, but we
don't always put something in the error queue (falling back to
SSL_ERROR_SYSCALL for "I'm not sure why it failed. Perhaps it was one of your
callbacks? Check your errno equivalent."), but in that case a stray rwstate
value will cause it to be wrong.

We could fix the cases where we fail to set SSL_NOTHING on success cases, but
this doesn't account for there being multiple SSL_get_error operations. The
consumer may have an SSL_read and an SSL_write running concurrently. Instead,
it seems the best option is to lift the SSL_NOTHING reset to the operations and
set SSL_WRITING and friends as in the second case.

(Someday hopefully we can fix this to just be an enum that is internally
returned. It can convert to something stateful at the API layer.)

Change-Id: I54665ec066a64eb0e48a06e2fcd0d2681a42df7f
Reviewed-on: https://boringssl-review.googlesource.com/7453
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-18 20:30:32 +00:00
David Benjamin
c6972eb1f0 Remove the no_renegotiation special case.
The concern is if the peer denies our renegotiation attempt, but we will never
initiate renegotiation. We only support server-initiated renegotiation when we
are acting as the client.

(Strictly speaking, only the client ever initiates renegotiation. The server
sends a HelloRequest to ask the client to initiate it. But we forbid
application data interleave as soon as we see the HelloRequest, so we treat it
as part of the handshake.)

Change-Id: I1a625130de32a7227e4471f2f889255aba962ce4
Reviewed-on: https://boringssl-review.googlesource.com/7452
Reviewed-by: Emily Stark (Dunn) <estark@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-18 20:29:30 +00:00
David Benjamin
0d3a8c6ac0 Don't allow alert records with multiple alerts.
This is just kind of a silly thing to do. NSS doesn't allow them either. Fatal
alerts would kill the connection regardless and warning alerts are useless. We
previously stopped accepting fragmented alerts but still allowed them doubled
up.

This is in preparation for pulling the shared alert processing code between TLS
and DTLS out of read_bytes into some common place.

Change-Id: Idbef04e39ad135f9601f5686d41f54531981e0cf
Reviewed-on: https://boringssl-review.googlesource.com/7451
Reviewed-by: Emily Stark (Dunn) <estark@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-18 20:29:02 +00:00
David Benjamin
56703d91bf Make err_data_generator.go silent by default.
I don't think I ever look at that output. This way our builds are nice and
silent.

Change-Id: Idb215e3702f530a8b8661622c726093530885c91
Reviewed-on: https://boringssl-review.googlesource.com/7700
Reviewed-by: Adam Langley <agl@google.com>
2016-04-18 19:42:15 +00:00
David Benjamin
26993ad55e Only use recv/send for socket BIOs on Windows.
In OpenSSL, socket BIOs only used recv/send on Windows and read/write on POSIX.
Align our socket BIOs with that behavior. This should be a no-op, but avoids
frustrating consumers overly sensitive to the syscalls used now that SSL_set_fd
has switched to socket BIOs to align with OpenSSL. b/28138582.

Change-Id: Id4870ef8e668e587d6ef51c5b5f21e03af66a288
Reviewed-on: https://boringssl-review.googlesource.com/7686
Reviewed-by: Adam Langley <agl@google.com>
2016-04-15 20:31:05 +00:00
David Benjamin
919610b4c4 Fix memory leak on invalid ecPublicKey parameters.
One of the codepaths didn't free the group. Found by libFuzzer.

BUG=chromium:603893

Change-Id: Icb81f2f89a8c1a52e29069321498986b193a0e56
Reviewed-on: https://boringssl-review.googlesource.com/7685
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-04-15 19:43:26 +00:00
Daniel Bathgate
4365c3f522 Send an error rather than assert when decrypt_len != rsa_size.
With SSL_PRIVATE_KEY_METHOD, decryption can happen outside of BoringSSL. Rather than crash the process, it would be nicer if BoringSSL handled the error gracefully.

Change-Id: I3f24d066f7a329d41420b208a7e13c82ec966710
Reviewed-on: https://boringssl-review.googlesource.com/7683
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-14 22:19:40 +00:00
David Benjamin
0fe4d8bef5 chacha/asm/chacha-armv8.pl: fix intermittent build failures.
(Imported from b9077d85b0042d3d5d877d5cf7f06a8a8c035673.)

Change-Id: I6df3b3d0913b001712a78671c69b9468e059047f
Reviewed-on: https://boringssl-review.googlesource.com/7682
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-14 20:50:36 +00:00
Steven Valdez
9980ce1dcd Add BORINGSSL_PREFIX for prefixing symbols
This currently doesn't prefix assembly symbols since they don't pull in
openssl/base.h

BUG=5

Change-Id: Ie0fdc79ae73099f84ecbf3f17604a1e615569b3b
Reviewed-on: https://boringssl-review.googlesource.com/7681
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-14 20:49:31 +00:00
David Benjamin
a82e8dd9d2 Tweak X25519 documentation.
Both the header-level and section-level documentation define curve25519 which
is a little odd.

Change-Id: I81aa2b74e8028d3cfd5635e1d3cfda402ba1ae38
Reviewed-on: https://boringssl-review.googlesource.com/7680
Reviewed-by: Adam Langley <agl@google.com>
2016-04-14 14:20:56 +00:00
Adam Langley
aaccbfec04 Export RSA_padding_add_PKCS1_OAEP[_mgf1]
This is needed by trousers. As with the PSS function, the version that
assumes SHA-1 is put into decrepit.

Change-Id: I153e8ea0150e48061b978384b600a7b990d21d03
Reviewed-on: https://boringssl-review.googlesource.com/7670
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-13 21:15:20 +00:00
Max Moroz
188487faad Remove .options files for libFuzzers and update FUZZING.md documentation.
Due to https://codereview.chromium.org/1867833002/ replacing .options files.

Change-Id: I17f0d5b8b1784fdcf163791e72f6b58b29657e95
Reviewed-on: https://boringssl-review.googlesource.com/7640
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-12 14:56:57 +00:00
David Benjamin
e4c678adda Revert "Banish SSL_add_dir_cert_subjects_to_stack and OPENSSL_DIR_CTX to decrepit."
This reverts commit 112c4dd1ff. Accidentally used
the wrong push line.
2016-04-11 18:04:18 -04:00
David Benjamin
112c4dd1ff Banish SSL_add_dir_cert_subjects_to_stack and OPENSSL_DIR_CTX to decrepit.
There was only one function that required BoringSSL to know how to read
directories. Unfortunately, it does have some callers and it's not immediately
obvious whether the code is unreachable. Rather than worry about that, just
toss it all into decrepit.

In doing so, do away with the Windows and PNaCl codepaths. Only implement
OPENSSL_DIR_CTX on Linux.

Change-Id: I3eb55b098e3aa042b422bb7da115c0812685553e
2016-04-11 18:01:54 -04:00
David Benjamin
2a187a4316 No-op change to test bugdroid.
Making sure the BUG= line works correctly.

BUG=41

Change-Id: Icedf5f1ec8211696c74d9e9f9d322483c43444fc
2016-04-11 17:26:50 -04:00
David Benjamin
14420e91e0 Remove EVP_aead_chacha20_poly1305_rfc7539 alias.
This slipped through, but all the callers are now using
EVP_aead_chacha20_poly1305, so we can remove this version.

Change-Id: I76eb3a4481aae4d18487ca96ebe3776e60d6abe8
Reviewed-on: https://boringssl-review.googlesource.com/7650
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-11 19:32:55 +00:00
Piotr Sikora
a13ad73cee Use UINT64_C instead of unsigned long long integer constant.
Change-Id: Id181957956ccaacc6c29b641a1f1144886d442c0
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://boringssl-review.googlesource.com/7630
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-11 16:08:14 +00:00
Gabriel Redner
dcb3383463 Modify 'bssl client' to print the cert subject and issuer
This is the one piece of functionality I miss from the openssl tool -
the ability to see some basic information about the server cert.

Sample output:
==========
$ bssl client -connect www.google.com
Connecting to [2607:f8b0:4006:80d::1010]:443
Connected.
  Version: TLSv1.2
  Resumed session: no
  Cipher: ECDHE-RSA-AES128-GCM-SHA256
  ECDHE curve: P-256
  Secure renegotiation: yes
  Next protocol negotiated:
  ALPN protocol:
  Cert subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
  Cert issuer: /C=US/O=Google Inc/CN=Google Internet Authority G2
==========

Change-Id: I758682784752a616628138e420f52586d5a1bb31
Reviewed-on: https://boringssl-review.googlesource.com/7620
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-07 03:22:19 +00:00
David Benjamin
d44a943111 Fix docs typo.
Change-Id: Idb786ee2ca6354dcf2f665e9229aef4a43e05dd4
Reviewed-on: https://boringssl-review.googlesource.com/7614
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-31 22:15:51 +00:00
David Benjamin
046b27815e Decouple crypto/evp from the OID table.
BUG=chromium:499653

Change-Id: I4e8d4af3129dbf61d4a8846ec9db685e83999d5e
Reviewed-on: https://boringssl-review.googlesource.com/7565
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-31 22:12:46 +00:00
David Benjamin
0d76c402b8 Decouple crypto/ec from the OID table.
Instead, embed the (very short) encoding of the OID into built_in_curve.

BUG=chromium:499653

Change-Id: I0db36f83c71fbd3321831f54fa5022f8304b30cd
Reviewed-on: https://boringssl-review.googlesource.com/7564
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-31 22:12:09 +00:00