Commit Graph

57 Commits

Author SHA1 Message Date
David Benjamin
7bf0bccd61 Add missing <condition_variable> include.
Change-Id: I07040cabcef191f0ab4a7b0e9bd4d46b37b09169
std::condition_variable has its own header to include.
Reviewed-on: https://boringssl-review.googlesource.com/28904
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-04 15:08:29 +00:00
David Benjamin
65359f0887 Don't keep trying to read from stdin after EOF.
I added the flag but forgot to do anything with it.

Change-Id: I5ad7e1ceed7eca60a3a096c079092ae30b2becbe
Reviewed-on: https://boringssl-review.googlesource.com/28305
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-05-10 19:41:24 +00:00
David Benjamin
1d339558ac Fix clang-cl build.
I missed the return value of operator=.

Change-Id: Ic8d6ec8feb47e922be56f5fba7aff019c322d6fa
Reviewed-on: https://boringssl-review.googlesource.com/28190
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-05-07 19:34:11 +00:00
David Benjamin
26aa7c88d1 Handle blocked writes in bssl client/server.
On Windows, just switching the socket to blocking doesn't work. Instead,
switch the stdin half of the waiter to waiting for either socket write
or stdin read, depending on whether we're in the middle of trying to
write a buffer.

Change-Id: I81414898f0491e78e6ab5b28c12148a3909ec1e0
Reviewed-on: https://boringssl-review.googlesource.com/28167
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-05-07 19:11:35 +00:00
David Benjamin
3d9705d0a4 Fix bssl handling of buffered read data.
If the peer sends us one record that exceeds buffer, the socket will no
longer flag as readable, because data has been consumed, but SSL_read
should still be called to drain data. bssl would instead not notice and
only surface the data later on.

This can (currently) be reproduced by sending "HEAD / HTTP/1.1" to
www.google.com.

Change-Id: I73cdbe104ba6be56fc033429999e630f0eb852d8
Reviewed-on: https://boringssl-review.googlesource.com/28166
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-05-07 19:05:00 +00:00
David Benjamin
28385db6e1 Fix bssl select loop on Windows.
While |WaitForMultipleObjects| works for both sockets and stdin, the
latter is often a line-buffered console. The |HANDLE| is considered
readable if there are any console events available, but reading blocks
until a full line is available. (In POSIX, line buffering is implemented
in the kernel via termios, which is differently concerning, but does
mean |select| works as expected.)

So that |Wait| reflects final stdin read, we spawn a stdin reader thread
that writes to an in-memory buffer and signals a |WSAEVENT| to
coordinate with the socket. This is kind of silly, but it works.

I tried just writing it to a pipe, but it appears
|WaitForMultipleObjects| does not work on pipes!

Change-Id: I2bfa323fa91aad7d2035bb1fe86ee6f54b85d811
Reviewed-on: https://boringssl-review.googlesource.com/28165
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-05-07 19:04:00 +00:00
David Benjamin
3c37d0aba5 Reland "Fix bssl client/server's error-handling."
Rather than printing the SSL_ERROR_* constants, print the actual error.
This should be a bit more understandable. Debugging this also uncovered
some other issues on Windows:

- We were mixing up C runtime and Winsock errors, which are separate in
  Windows.

- The thread local implementation interferes with WSAGetLastError due to
  a quirk of TlsGetValue. This could affect other Windows consumers.
  (Chromium uses a custom BIO, so it isn't affected.)

- SocketSetNonBlocking also interferes with WSAGetLastError.

- Listen for FD_CLOSE along with FD_READ. Connection close does not
  signal FD_READ. (The select loop only barely works on Windows anyway
  due to issues with stdin and line buffering, but if we take stdin out
  of the equation, FD_CLOSE can be tested.)

Change-Id: Ia8d42b5ac39ebb3045d410dd768f83a3bb88b2cb
Reviewed-on: https://boringssl-review.googlesource.com/28186
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-05-07 17:19:59 +00:00
Steven Valdez
0cdbc876a2 Revert "Fix bssl client/server's error-handling."
This reverts commit e7ca8a5d78.

Change-Id: Ib2f923760dc54400f45e9327b3a45466be1dd6d1
Reviewed-on: https://boringssl-review.googlesource.com/28184
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-05-07 16:53:09 +00:00
David Benjamin
e7ca8a5d78 Fix bssl client/server's error-handling.
Rather than printing the SSL_ERROR_* constants, print the actual error.
This should be a bit more understandable. Debugging this also uncovered
some other issues on Windows:

- We were mixing up C runtime and Winsock errors, which are separate in
  Windows.

- The thread local implementation interferes with WSAGetLastError due to
  a quirk of TlsGetValue. This could affect other Windows consumers.
  (Chromium uses a custom BIO, so it isn't affected.)

- SocketSetNonBlocking also interferes with WSAGetLastError.

- Listen for FD_CLOSE along with FD_READ. Connection close does not
  signal FD_READ. (The select loop only barely works on Windows anyway
  due to issues with stdin and line buffering, but if we take stdin out
  of the equation, FD_CLOSE can be tested.)

Change-Id: If991259915acc96606a314fbe795fe6ea1e295e8
Reviewed-on: https://boringssl-review.googlesource.com/28125
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-05-07 15:44:08 +00:00
David Benjamin
4ddbc7bd0d Fix early data printout in bssl client.
Because the handshake returns early, it should query SSL_in_early_data.

Change-Id: I64d4c0e8de753832207d5c198c50d660f87afac6
Reviewed-on: https://boringssl-review.googlesource.com/22945
Reviewed-by: Steven Valdez <svaldez@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-11-11 06:35:25 +00:00
David Benjamin
6cc352e216 Add helper functions for SSL_SIGN_*.
We end up writing these switch cases everywhere. Let consumers decompose
these a bit. The original thought was folks should write switch-cases so
they handle everything they support, but that's a pain. As long as
algorithm preferences are always configured, we can still add new
dimensions because folks won't be asked to sign algorithms that depend
on dimensions they don't understand.

Change-Id: I3dd7f067f2c55212f0201876546bc70fee032bcf
Reviewed-on: https://boringssl-review.googlesource.com/22524
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
2017-11-03 16:05:11 +00:00
David Benjamin
02afbd338e Build with clang-cl standalone.
Our build logic needed to revised and and clang implements more warnings
than MSVC, so GTest needed more fixes.

Bug: 200
Change-Id: I84c5dd0c51079dd9c990e08dbea7f9022a7d6842
Reviewed-on: https://boringssl-review.googlesource.com/21204
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-10-05 20:42:49 +00:00
Peter Wu
5663b634f4 Write connection info to a BIO instead of stderr.
Make PrintConnectionInfo write to a BIO rather than stderr.
This prepares for writing connection details to the peer.

Change-Id: I88147952712da57f9a2a1e464371075df156741f
Reviewed-on: https://boringssl-review.googlesource.com/20304
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-09-19 19:50:44 +00:00
Steven Valdez
56851c85f3 Fix bssl sockets on Windows.
Change-Id: Icb10530d6140c64595e614450636e461da2447c8
Reviewed-on: https://boringssl-review.googlesource.com/18404
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-07-25 19:03:16 +00:00
David Benjamin
ee7aa02744 Implement basic HTTP tunnel support in bssl client.
For testing purposes.

Change-Id: Ied1b130e805bcf8cc5d1bd30a1ba5049d6f13a6d
Reviewed-on: https://boringssl-review.googlesource.com/17665
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
2017-07-07 20:55:03 +00:00
David Benjamin
2b0444e01d Keep the same listening socket in bssl server -loop.
When testing against a browser, multiple connections will be made in
parallel. Keeping the same listening socket lets the other connections
queue up at least rather than fail with ECONNREFUSED. Of course, this is
still far from a realistic server.

Change-Id: I984fb29da4bf8808eb40938b12782dc1730f2e19
Reviewed-on: https://boringssl-review.googlesource.com/17405
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-29 19:04:29 +00:00
David Benjamin
6fff386492 Support standard RFC cipher suite names alongside OpenSSL ones.
Both Conscrypt and Netty have a lot of logic to map between the two
kinds of names. WebRTC needed an SSL_CIPHER_get_rfc_name for something.
Just have both in the library. Also deprecate SSL_CIPHER_get_rfc_name
in favor of SSL_CIPHER_standard_name, which matches upstream if built
with enable-ssl-trace. And, unlike SSL_CIPHER_get_rfc_name, this does
not require dealing with the malloc.

(Strangely this decreases bssl's binary size, even though we're carrying
more strings around. It seems the old SSL_CIPHER_get_rfc_name was
somewhat large in comparison. Regardless, a consumer that disliked 30
short strings probably also disliked the OpenSSL names. That would be
better solved by opaquifying SSL_CIPHER and adding a less stringy API
for configuring cipher lists. That's something we can explore later if
needed.)

I also made the command-line tool print out the standard names since
they're more standard. May as well push folks towards those going
forward.

Change-Id: Ieeb3d63e67ef4da87458e68d130166a4c1090596
Reviewed-on: https://boringssl-review.googlesource.com/17324
Reviewed-by: Robert Sloan <varomodt@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-22 02:45:37 +00:00
David Benjamin
69522117a6 Support Ed25519 in TLS.
This only works at TLS 1.2 and above as, before TLS 1.2, there is no way
to advertise support for Ed25519 or negotiate the correct signature
algorithm. Add tests for this accordingly.

For now, this is disabled by default on the verifying side but may be
enabled per SSL_CTX. Notably, projects like Chromium which use an
external verifier may need changes elsewhere before they can enable it.
(On the signing side, we can assume that if the caller gave us an
Ed25519 certificate, they mean for us to use it.)

BUG=187

Change-Id: Id25b0a677dcbe205ddd26d8dbba11c04bb520756
Reviewed-on: https://boringssl-review.googlesource.com/14450
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2017-04-06 15:30:17 +00:00
Alessandro Ghedini
ca307ab6a3 tool: show if early data was accepted
Change-Id: I5e1302d75f863fb2e531d431a4e3ecfd90e0dca1
Reviewed-on: https://boringssl-review.googlesource.com/14376
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-03-26 18:31:07 +00:00
Alessandro Ghedini
f6d64efd19 tool: show if server sent SCT staple
Change-Id: I02e33a89345eaa935c06e3e6d88f7611049f1387
Reviewed-on: https://boringssl-review.googlesource.com/13884
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-02-16 01:20:37 +00:00
David Benjamin
6add9f172c Fix setsockopt call.
Neither Windows nor POSIX uses a char for SO_REUSEADDR. Windows uses
BOOL (which is actually int) and POSIX uses int. Windows also requires a
cast due to using char* instead of void*. Thanks to Daniel Hirche for
reporting.

Change-Id: I01c847c8da285f27f3c3cdf5ff58b53899098b82
Reviewed-on: https://boringssl-review.googlesource.com/13100
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-01-06 21:15:28 +00:00
Steven Valdez
bf5bda37cf Adding socket reuse to bssl server.
This allows a server to be restarted immediately with the same port
without having to wait for socket timeout on crash/failure.

Change-Id: Ifcf58d46067f157dd504946f71b0b99d7fbad10c
Reviewed-on: https://boringssl-review.googlesource.com/13044
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-01-04 14:21:45 +00:00
David Benjamin
17cf2cb1d2 Work around language and compiler bug in memcpy, etc.
Most C standard library functions are undefined if passed NULL, even
when the corresponding length is zero. This gives them (and, in turn,
all functions which call them) surprising behavior on empty arrays.
Some compilers will miscompile code due to this rule. See also
https://www.imperialviolet.org/2016/06/26/nonnull.html

Add OPENSSL_memcpy, etc., wrappers which avoid this problem.

BUG=23

Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e
Reviewed-on: https://boringssl-review.googlesource.com/12928
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-12-21 20:34:47 +00:00
David Benjamin
54881224e8 Remove SSL_get_dhe_group_size.
Nothing calls this anymore. DHE is nearly gone. This unblocks us from
making key_exchange_info only apply to the curve.

Change-Id: I3099e7222a62441df6e01411767d48166a0729b1
Reviewed-on: https://boringssl-review.googlesource.com/12691
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-12-14 01:06:22 +00:00
Alessandro Ghedini
1149ee1d38 tool: show if server sent OCSP staple
Change-Id: Ib9df4e8f797c9af3362354cc6716171fd65600de
Reviewed-on: https://boringssl-review.googlesource.com/12720
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-12-12 18:10:25 +00:00
Alessandro Ghedini
8d3f130c55 tool: print client's SNI value, if any.
Change-Id: I4fbce046090f0b0e78c9de923643268cfe6f142f
Reviewed-on: https://boringssl-review.googlesource.com/12241
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-11-16 19:32:16 +00:00
Matthew Braithwaite
b348897a02 Correctness fixes for NaCl and other platforms.
Add missing includes of stdio.h, and prefer |IN6ADDR_ANY_INIT| to
|in6addr_any|.

Change-Id: Ia6663ecd6f87008cb82979ef65620a55d8c9405b
Reviewed-on: https://boringssl-review.googlesource.com/11626
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-11-09 19:06:10 +00:00
David Benjamin
0cce863f74 Use scopers in tool/
Change-Id: I4e61dc57d1ec65e892b1933f35663db164f017eb
Reviewed-on: https://boringssl-review.googlesource.com/11681
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-10-24 20:05:42 +00:00
David Benjamin
4fec04b484 Place comment(lib, *) pragmas under OPENSSL_MSVC_PRAGMA.
This clears the last of Android's build warnings from BoringSSL. These
pragmas aren't actually no-ops, but it just means that MinGW consumers
(i.e. just Android) need to explicitly list the dependency (which they
do).

There may be something to be said for removing those and having everyone
list dependencies, but I don't really want to chase down every
consumer's build files. Probably not worth the trouble.

Change-Id: I8fcff954a6d5de9471f456db15c54a1b17cb937a
Reviewed-on: https://boringssl-review.googlesource.com/11573
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-10 19:25:55 +00:00
David Benjamin
31168c9999 Print out the signature algorithm in bssl client.
I keep wishing we had that available and patching this in.

Change-Id: I4ef04fcc6be5b00a9fcbdc2771a7ee7e2313b5c5
Reviewed-on: https://boringssl-review.googlesource.com/10980
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-09-09 21:42:30 +00:00
Adam Langley
505cf39af9 Fix STARTTLS detection.
The previous code was not an impressive demonstration of clear thinking
and could reject cases where STARTTLS was actually supported.

Change-Id: I27ce8b401447a49be93f58c9e4eb5c5d8e7b73d4
Reviewed-on: https://boringssl-review.googlesource.com/10241
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-08-10 16:54:09 +00:00
David Benjamin
225e5ade82 Teach bssl server about -max-version and -min-version.
Change-Id: Ifbfae883638b35bb274f2002bc53fbba77c7aa85
Reviewed-on: https://boringssl-review.googlesource.com/8821
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-07-17 08:18:58 +00:00
David Benjamin
49864a56ec Use new APIs in bssl tool for connection info.
Change-Id: I308b493d930621ae8e241b54db0faad667f01754
Reviewed-on: https://boringssl-review.googlesource.com/8761
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-07-13 20:39:57 +00:00
Adam Langley
10f97f3bfc Revert "Move C++ helpers into |bssl| namespace."
This reverts commit 09feb0f3d9.

(In order to make WebRTC happy this also needs to be reverted.)
2016-07-12 08:09:33 -07:00
Adam Langley
09feb0f3d9 Move C++ helpers into |bssl| namespace.
We currently have the situation where the |tool| and |bssl_shim| code
includes scoped_types.h from crypto/test and ssl/test. That's weird and
shouldn't happen. Also, our C++ consumers might quite like to have
access to the scoped types.

Thus this change moves some of the template code to base.h and puts it
all in a |bssl| namespace to prepare for scattering these types into
their respective headers. In order that all the existing test code be
able to access these types, it's all moved into the same namespace.

Change-Id: I3207e29474dc5fcc344ace43119df26dae04eabb
Reviewed-on: https://boringssl-review.googlesource.com/8730
Reviewed-by: David Benjamin <davidben@google.com>
2016-07-11 23:04:52 +00:00
Adam Langley
61367eedfe Set variables to avoid false-positive compiler warnings.
../tool/transport_common.cc:429:14: error: ‘code_250’ may be used uninitialized in this function [-Werror=maybe-uninitialized]

(I don't believe it can actually happen though.)

Change-Id: I78d19ad42ed4c05404f1d8d3e8f254ede3244b8d
2016-07-11 12:24:55 -07:00
Adam Langley
403c52aa94 Support “-starttls smtp” in bssl client
This change adds support for doing an SMTP STARTTLS dance before a TLS
handshake when using the tool. This is useful for poking at SMTP
servers.

Change-Id: I04cd60d02d3377cce83e412d62e3257235a19116
Reviewed-on: https://boringssl-review.googlesource.com/8662
Reviewed-by: David Benjamin <davidben@google.com>
2016-07-11 18:45:01 +00:00
David Benjamin
72acbecb89 Handle IPv6 literals in bssl client.
With IPv6, splitting a colon-separated host/port becomes more complicated.

Change-Id: I5073a5cbaa0714f2f8b9c837bb0809dd20304a3c
Reviewed-on: https://boringssl-review.googlesource.com/8441
Reviewed-by: Adam Langley <agl@google.com>
2016-06-22 20:23:46 +00:00
David Benjamin
a353cdb671 Wrap MSVC-only warning pragmas in a macro.
There's a __pragma expression which allows this. Android builds us Windows with
MinGW for some reason, so we actually do have to tolerate non-MSVC-compatible
Windows compilers. (Clang for Windows is much more sensible than MinGW and
intentionally mimicks MSVC.)

MinGW doesn't understand MSVC's pragmas and warns a lot. #pragma warning is
safe to suppress, so wrap those to shush them. This also lets us do away with a
few ifdefs.

Change-Id: I1f5a8bec4940d4b2d947c4c1cc9341bc15ec4972
Reviewed-on: https://boringssl-review.googlesource.com/8236
Reviewed-by: Adam Langley <agl@google.com>
2016-06-09 21:29:36 +00:00
David Benjamin
3995a38f3b Print out whether EMS was supported.
Change-Id: I3c5aa418fe767bce883fcdd0a926f922f9f8bbd3
Reviewed-on: https://boringssl-review.googlesource.com/8082
Reviewed-by: Adam Langley <agl@google.com>
2016-05-31 21:11:55 +00:00
nmittler
f0322b2abc Use non-deprecated methods on windows.
Use of strdup, close, lseek, read, and write prevent linking
statically againt libcmt.lib.

Change-Id: I04f7876ec0f03f29f000bbcc6b2ccdec844452d2
Reviewed-on: https://boringssl-review.googlesource.com/8010
Reviewed-by: David Benjamin <davidben@google.com>
2016-05-19 20:30:50 +00:00
Gabriel Redner
dcb3383463 Modify 'bssl client' to print the cert subject and issuer
This is the one piece of functionality I miss from the openssl tool -
the ability to see some basic information about the server cert.

Sample output:
==========
$ bssl client -connect www.google.com
Connecting to [2607:f8b0:4006:80d::1010]:443
Connected.
  Version: TLSv1.2
  Resumed session: no
  Cipher: ECDHE-RSA-AES128-GCM-SHA256
  ECDHE curve: P-256
  Secure renegotiation: yes
  Next protocol negotiated:
  ALPN protocol:
  Cert subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
  Cert issuer: /C=US/O=Google Inc/CN=Google Internet Authority G2
==========

Change-Id: I758682784752a616628138e420f52586d5a1bb31
Reviewed-on: https://boringssl-review.googlesource.com/7620
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-07 03:22:19 +00:00
Piotr Sikora
c6d3029eda Add missing internal includes.
Partially fixes build with -Wmissing-prototypes -Wmissing-declarations.

Change-Id: I51209c30f532899f57cfdd9a50cff0a8ee3da5b5
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://boringssl-review.googlesource.com/7512
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-20 16:38:54 +00:00
David Benjamin
4cc36adf5a Make it possible to tell what curve was used on the server.
We don't actually have an API to let you know if the value is legal to
interpret as a curve ID. (This was kind of a poor API. Oh well.) Also add tests
for key_exchange_info. I've intentionally left server-side plain RSA missing
for now because the SSL_PRIVATE_KEY_METHOD abstraction only gives you bytes and
it's probably better to tweak this API instead.

(key_exchange_info also wasn't populated on the server, though due to a
rebasing error, that fix ended up in the parent CL. Oh well.)

Change-Id: I74a322c8ad03f25b02059da7568c9e1a78419069
Reviewed-on: https://boringssl-review.googlesource.com/6783
Reviewed-by: Adam Langley <agl@google.com>
2015-12-22 23:12:25 +00:00
Matt Braithwaite
29d8adbdc6 Better handle IPv6.
∙ host:port parsing, where unavoidable, is now IPv6-friendly.
  ∙ |BIO_C_GET_CONNECT| is simply removed.
  ∙ bssl -accept now listens on both IPv6 and IPv4.

Change-Id: I1cbd8a79c0199bab3ced4c4fd79d2cc5240f250c
Reviewed-on: https://boringssl-review.googlesource.com/6214
Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-26 21:06:01 +00:00
David Benjamin
621f95a3ea Add -session-in and -session-out to bssl client.
This is analogous to openssl s_client's -sess_in and -sess_out. Use PEM to
align with OpenSSL. This is useful for debugging session resumption and also
generating things to test serialization against.

Change-Id: Idc58e8fa3dd4c2385f6a2d647e66ef11427be60d
Reviewed-on: https://boringssl-review.googlesource.com/5761
Reviewed-by: Adam Langley <agl@google.com>
2015-08-28 22:04:30 +00:00
David Benjamin
f0df86a1f6 Fix standalone build on Mac.
CRYPTO_MUTEX was the wrong size. Fortunately, Apple was kind enough to define
pthread_rwlock_t unconditionally, so we can be spared fighting with feature
macros. Some of the stdlib.h removals were wrong and clang is pick about
multiply-defined typedefs. Apparently that's a C11 thing?

BUG=478598

Change-Id: Ibdcb8de9e5d83ca28e4c55b2979177d1ef0f9721
Reviewed-on: https://boringssl-review.googlesource.com/4404
Reviewed-by: Adam Langley <agl@google.com>
2015-04-20 16:50:18 +00:00
Brian Smith
054e682675 Eliminate unnecessary includes from low-level crypto modules.
Beyond generally eliminating unnecessary includes, eliminate as many
includes of headers that declare/define particularly error-prone
functionality like strlen, malloc, and free. crypto/err/internal.h was
added to remove the dependency on openssl/thread.h from the public
openssl/err.h header. The include of <stdlib.h> in openssl/mem.h was
retained since it defines OPENSSL_malloc and friends as macros around
the stdlib.h functions. The public x509.h, x509v3.h, and ssl.h headers
were not changed in order to minimize breakage of source compatibility
with external code.

Change-Id: I0d264b73ad0a720587774430b2ab8f8275960329
Reviewed-on: https://boringssl-review.googlesource.com/4220
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:49:18 +00:00
David Benjamin
0e434b9470 Define NOMINMAX across the entire project.
This fixes the standalone build on Windows and matches Chromium.

Change-Id: I194f53e0a610c5ae9cef53c826b22f7bded5f357
Reviewed-on: https://boringssl-review.googlesource.com/4201
Reviewed-by: Adam Langley <agl@google.com>
2015-04-02 18:38:56 +00:00
Adam Langley
3e719319be Lowercase some Windows headers.
MinGW on Linux needs lowercase include files. On Windows this doesn't
matter since the filesystems are case-insensitive, but building
BoringSSL on Linux with MinGW has case-sensitive filesystems.

Change-Id: Id9c120d819071b041341fbb978352812d6d073bc
Reviewed-on: https://boringssl-review.googlesource.com/4090
Reviewed-by: Adam Langley <agl@google.com>
2015-03-31 22:21:42 +00:00