Commit Graph

2456 Commits

Author SHA1 Message Date
David Benjamin
617eac6a21 Align BIO_get_fd with upstream.
OpenSSL's BIO_get_fd returns the fd or -1, not a boolean.

Change-Id: I12a3429c71bb9c9064f9f91329a88923025f1fb5
Reviewed-on: https://boringssl-review.googlesource.com/6080
Reviewed-by: Adam Langley <agl@google.com>
2015-10-12 22:18:17 +00:00
David Benjamin
c7ce977fb9 Ignore all extensions but renegotiation_info in SSL 3.0.
SSL 3.0 used to have a nice and simple rule around extensions. They don't
exist. And then RFC 5746 came along and made this all extremely confusing.

In an SSL 3.0 server, rather than blocking ServerHello extension
emission when renegotiation_info is missing, ignore all ClientHello
extensions but renegotiation_info. This avoids a mismatch between local
state and the extensions with emit.

Notably if, for some reason, a ClientHello includes the session_ticket
extension, does NOT include renegotiation_info or the SCSV, and yet the
client or server are decrepit enough to negotiate SSL 3.0, the
connection will fail due to unexpected NewSessionTicket message.

See https://crbug.com/425979#c9 for a discussion of something similar
that came up in diagnosing https://poodle.io/'s buggy POODLE check.
This is analogous to upstream's
5a3d8eebb7667b32af0ccc3f12f314df6809d32d.

(Not supporting renego as a server in any form anyway, we may as well
completely ignore extensions, but then our extensions callbacks can't
assume the parse hooks are always called. This way the various NULL
handlers still function.)

Change-Id: Ie689a0e9ffb0369ef7a20ab4231005e87f32d5f8
Reviewed-on: https://boringssl-review.googlesource.com/6180
Reviewed-by: Adam Langley <agl@google.com>
2015-10-11 20:47:19 +00:00
Adam Langley
7bd538d94d Remove an unreachable expression.
The goto always jumps into the loop so the for's initialisation
expression can never be executed. Clang warns about this.

Change-Id: I3c3d4b8430754099e9ca6fd20101868c40165245
2015-10-09 13:04:03 -07:00
Adam Langley
f0258fe956 Add optimised version of P-224.
This imports the Google-authored P-224 implementation by Emilia Käsper
and Bodo Möller that is also in upstream OpenSSL.

Change-Id: I16005c74a2a3e374fb136d36f3f6569dab9d8919
Reviewed-on: https://boringssl-review.googlesource.com/6145
Reviewed-by: Adam Langley <agl@google.com>
2015-10-08 20:29:22 +00:00
Adam Langley
82aa28fa81 Make |BUF_memdup| look for zero length, not NULL.
BUF_memdup tries to avoid mallocing zero bytes (and thus unduly
returning an error for a NULL return value) by testing whether the input
buffer is NULL. This goes back to the original OpenSSL code.

However, when |ext_npn_parse_serverhello| tries to use |BUF_memdup| to
copy an NPN value returned by a callback, some callbacks just set the
output /length/ to zero to indicate an empty value. Thus, when
|BUF_memdup| tests the pointer, it's an uninitialised value and MSan
throws an error.

Since passing a NULL pointer to |BUF_memdup| better imply that the
length is zero, while the reverse empirically isn't true, testing the
length seems safer.

Change-Id: I06626f7dfb761de631fd997bda60057b76b8da94
2015-10-06 18:11:33 -07:00
Chuck Hays
c608d6b02b Updating Bazel outputs to work on other platforms.
Bazel on Mac requires some alterations to the generated build files.
This change updates generate_build_files.py to emit suitable Bazel
files. This will require some tweaks to projects that build with Bazel.

Change-Id: I3d68ec754b8abaa41a348f86c32434477f2c5e1c
Reviewed-on: https://boringssl-review.googlesource.com/6146
Reviewed-by: Adam Langley <agl@google.com>
2015-10-07 00:57:20 +00:00
Eric Roman
1aec2cbad2 Reject iterationCount == 0 when parsing PBKDF2-params.
Previously a value of 0 would be accepted and intepreted as equivalent
to 1. This contradicts RFC 2898 which defines:

     iterationCount INTEGER (1..MAX),

BUG=https://crbug.com/534961

Change-Id: I89623980f99fde3ca3780880d311955d3f6fe0b5
Reviewed-on: https://boringssl-review.googlesource.com/5971
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-10-02 16:19:04 +00:00
David Benjamin
20c0e90d11 Allow NULL inputs in SSL_SESSION_get_time.
Some code relies on OpenSSL's behavior where it allowed for NULL. But this time
add a comment so people don't think this is the convention for new functions.

BUG=538292

Change-Id: I66566e0e24566fafe17e05369276248be3b05591
Reviewed-on: https://boringssl-review.googlesource.com/6070
Reviewed-by: Adam Langley <agl@google.com>
2015-10-01 20:16:49 +00:00
Brian Smith
20605684e8 Fix |max_tag_len| for TLS CBC AEADs.
Change-Id: Iba21583a4de08039fab78e526c91003fbd327592
Reviewed-on: https://boringssl-review.googlesource.com/6058
Reviewed-by: Adam Langley <agl@google.com>
2015-09-30 23:59:22 +00:00
Brian Smith
d4ebc99122 Remove always-zero |bulk| variables in crypto/cipher/e_aes.c.
Change-Id: I36b2bb0e10c627ae6efa9d133df53b814922e652
Reviewed-on: https://boringssl-review.googlesource.com/6051
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-09-30 23:12:45 +00:00
Brian Smith
bc41cdf327 Add tests from cipher_test.txt to the AEAD test suite.
Change-Id: I819b5473e35e1f71192d3a336252ae4506c4230b
Reviewed-on: https://boringssl-review.googlesource.com/6055
Reviewed-by: Adam Langley <agl@google.com>
2015-09-30 23:11:40 +00:00
Adam Langley
0dd93002dd Revert section changes for ASM.
This change reverts the following commits:
  72d9cba7cb
  5b61b9ebc5
  3f85e04f40
  2ab24a2d40

Change-Id: I669b83f2269cf96aa71a649a346147b9407a811e
Reviewed-on: https://boringssl-review.googlesource.com/6056
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-09-30 22:09:52 +00:00
Adam Langley
f4e554e438 Bitwise-or, not logical-or, when hashing.
This didn't actually break anything, but it does make session lookup
quite slow.

Change-Id: I13615e8ccf6a46683a21774eb7c073318ae8c28c
Reviewed-on: https://boringssl-review.googlesource.com/6054
Reviewed-by: Matt Braithwaite <mab@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2015-09-30 20:50:18 +00:00
Adam Langley
72d9cba7cb Move .align directives next to their labels for ARM.
2ab24a2d40 added sections to ARM assembly
files. However, in cases where .align directives were not next to the
labels that they were intended to apply to, the section directives would
cause them to be ignored.

Change-Id: I32117f6747ff8545b80c70dd3b8effdc6e6f67e0
Reviewed-on: https://boringssl-review.googlesource.com/6050
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-09-30 18:35:29 +00:00
David Benjamin
3b27843b7c Go's darwin filenames have changed.
32-bit is gone (wasn't being used anyway) and the -osx10.8 suffix is gone.
Still looking into why the Linux bots are unhappy.

Change-Id: If3a35d20fb1cc6f1e3f023d792dc78b5c5aac72a
Reviewed-on: https://boringssl-review.googlesource.com/6061
Reviewed-by: Adam Langley <agl@google.com>
2015-09-30 18:32:05 +00:00
David Benjamin
3fc9fe3f4a Move the bots to Go 1.5.1.
Nothing in particular, but probably good to match the version of Go on our
workstations.

Change-Id: I5f4828299d56d25cd8c0dadfa91e9f18212a178d
Reviewed-on: https://boringssl-review.googlesource.com/6060
Reviewed-by: Adam Langley <agl@google.com>
2015-09-30 18:23:19 +00:00
Adam Langley
dc7e9c4043 Make the runner tests a go “test”
This change makes the runner tests (in ssl/test/runner) act like a
normal Go test rather than being a Go binary. This better aligns with
some internal tools.

Thus, from this point onwards, one has to run the runner tests with `go
test` rather than `go run` or `go build && ./runner`.

This will break the bots.

Change-Id: Idd72c31e8e0c2b7ed9939dacd3b801dbd31710dd
Reviewed-on: https://boringssl-review.googlesource.com/6009
Reviewed-by: Matt Braithwaite <mab@google.com>
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-09-30 17:10:45 +00:00
David Benjamin
368ef1aa51 Take thread.h out of the documentation.
There's nothing in there that isn't deprecated, since BoringSSL is thread-safe
by default now.

Change-Id: Idfd9de8bd3a6544b1d4176b2d115eef9eefa63d0
Reviewed-on: https://boringssl-review.googlesource.com/6031
Reviewed-by: Adam Langley <agl@google.com>
2015-09-29 23:38:09 +00:00
David Benjamin
9a798ecc0e Document the hexadecimal casing thing in PORTING.md.
mab@ seems to be dealing with a fair number of these, so it's probably worth
adding to the list.

Change-Id: Ifaea3c96e7b089f28a87c7728ceb8c671786eb27
Reviewed-on: https://boringssl-review.googlesource.com/6030
Reviewed-by: Adam Langley <agl@google.com>
2015-09-29 23:37:50 +00:00
Matt Braithwaite
4d11aff33a Don't record handshake hashes if no Channel ID
Change-Id: Ic0dcde436024e8d11f9b5986998cf6e808ff036b
Reviewed-on: https://boringssl-review.googlesource.com/6007
Reviewed-by: Adam Langley <agl@google.com>
2015-09-29 21:47:05 +00:00
Adam Langley
2492586058 Add |PKCS12_verify_mac|.
This utility function is provided for API-compatibility and simply calls
|PKCS12_parse| internally.

BUG=536939

Change-Id: I86c548e5dfd64b6c473e497b95adfa5947fe9529
Reviewed-on: https://boringssl-review.googlesource.com/6008
Reviewed-by: Adam Langley <agl@google.com>
2015-09-29 20:30:35 +00:00
Adam Langley
5b61b9ebc5 Update ChaCha20 ARM asm with sections.
The ChaCha20 ARM asm is generated from GCC. This change updates the GCC
command line to include -ffunction-sections, which causes GCC to put
each function in its own section so that the linker with --gc-sections
can trim unused functions.

Since the file only has a single function, this is a bit useless, but
it'll now be consistent with the other ARM asm.

Change-Id: If12c675700310ea55af817b5433844eeffc9d029
Reviewed-on: https://boringssl-review.googlesource.com/6006
Reviewed-by: Adam Langley <agl@google.com>
2015-09-29 18:07:54 +00:00
Adam Langley
3f85e04f40 Add sections to Poly1305 ARM asm code.
This code isn't generated by perlasm and so the section directives need
to be added manually.

Change-Id: I46158741743859679decbce99097fe6071bf8012
Reviewed-on: https://boringssl-review.googlesource.com/6005
Reviewed-by: Adam Langley <agl@google.com>
2015-09-29 18:04:14 +00:00
Adam Langley
5f005ccd9d Make dummy functions static.
To avoid too much #if soup, e_aes.c uses a lot of dummy functions that
just call |abort|. This change makes them all static, which they should
have been all along.

Change-Id: I696f8a0560cf99631ed7adb42d1af10003db4a63
Reviewed-on: https://boringssl-review.googlesource.com/6004
Reviewed-by: Adam Langley <agl@google.com>
2015-09-29 18:03:04 +00:00
Adam Langley
2ab24a2d40 Put arm/aarch64 assembly functions in their own section.
This change causes each global arm or aarch64 asm function to be put
into its own section by default. This matches the behaviour of the
-ffunction-sections option to GCC and allows the --gc-sections option to
the linker to discard unused asm functions on a function-by-function
basis.

Sometimes several asm functions will share the same data an, in that
situation, the data is put into the section of one of the functions and
the section of the other function is merged with the added
“.global_with_section” directive.

Change-Id: I12c9b844d48d104d28beb816764358551eac4456
Reviewed-on: https://boringssl-review.googlesource.com/6003
Reviewed-by: Adam Langley <agl@google.com>
2015-09-29 18:02:14 +00:00
David Benjamin
502ca43fc8 Fix up pkcs8.h.
Somehow we ended up with duplicate 'Deprecated functions' sections.
PKCS12_get_key_and_certs ended up in one of them was probably an oversight.

Change-Id: Ia6d6a44132cb2730ee1f92a6bbcfa8ce168e7d08
Reviewed-on: https://boringssl-review.googlesource.com/6020
Reviewed-by: Adam Langley <agl@google.com>
2015-09-28 23:17:01 +00:00
David Benjamin
43a58ad436 Fix SSL_set_session documentation comment.
I put an extra space in there. Also document ownership and return value.

Change-Id: I0635423be7774a7db54dbf638cc548d291121529
Reviewed-on: https://boringssl-review.googlesource.com/6010
Reviewed-by: Adam Langley <agl@google.com>
2015-09-28 22:40:30 +00:00
David Benjamin
dbb0321014 Clarify that only top-level CBBs get CBB_cleanup.
Also add an assert to that effect.

Change-Id: I1bd0571e3889f1cba968fd99041121ac42ee9e89
Reviewed-on: https://boringssl-review.googlesource.com/5990
Reviewed-by: Adam Langley <agl@google.com>
2015-09-28 22:40:01 +00:00
David Benjamin
df6a3f8b95 Move SSL_CIPHER section just above cipher suite configuration.
Putting it at the top was probably a mistake? Even though SSL_CIPHER
(like SSL_SESSION) doesn't depend on SSL, if you're reading through the
header, SSL_CTX and SSL are the most important types. You could even use
the library without touch cipher suite configs if you don't care since
the default is decently reasonable, though it does include a lot of
ciphers. (Hard to change that if we wanted to because DEFAULT is often
used somewhat like ALL and then people subtract from it.)

Change-Id: Ic9ddfc921858f7a4c141972fe0d1e465ca196b9d
Reviewed-on: https://boringssl-review.googlesource.com/5963
Reviewed-by: Adam Langley <agl@google.com>
2015-09-28 22:39:39 +00:00
David Benjamin
32876b3dbb Document cipher suite configuration.
The cipher suite rules could also be anchored on SSL_TXT_* if desired. I
currently documented them in prose largely because SSL_TXT_* also
defines protocol version strings and those are weird; SSL_TXT_TLSV1_1
isn't even a cipher rule. (And, in fact, those are the only SSL_TXT_*
macros that we can't blindly remove. I found some code that #ifdef's the
version SSL_TXT_* macros to decide if version-locked SSL_METHODs are
available.)

Also they clutter the header. I was thinking maybe we should dump a lot
of the random constants into a separate undocumented header or perhaps
just unexport them.

I'm slightly torn on this though and could easily be convinced in the
other direction. (Playing devil's advocate, anchoring on SSL_TXT_* means
we're less likely to forget to document one so long as adding a
SSL_TXT_* macro is the convention.)

Change-Id: Ide2ae44db9d6d8f29c24943090c210da0108dc37
Reviewed-on: https://boringssl-review.googlesource.com/5962
Reviewed-by: Adam Langley <agl@google.com>
2015-09-28 22:36:22 +00:00
David Benjamin
d3a53c8fd9 OCSP stapling and SCT extensions go under certificate verification.
This mirrors how the server halves fall under configuring certificates.

Change-Id: I9bde85eecfaff6487eeb887c88cb8bb0c36b83d8
Reviewed-on: https://boringssl-review.googlesource.com/5961
Reviewed-by: Adam Langley <agl@google.com>
2015-09-28 22:27:01 +00:00
David Benjamin
0cfea3411a Move a few more functions to the catch-all 'obscure' bucket.
Change-Id: I493f26561db2bc8510963a0da5032a758bb1f3ef
Reviewed-on: https://boringssl-review.googlesource.com/5960
Reviewed-by: Adam Langley <agl@google.com>
2015-09-28 22:19:04 +00:00
David Benjamin
1cee7da07e Documentation typo.
Change-Id: I2dc4253a2456625057c8188c6cb9b0b7300d6c79
Reviewed-on: https://boringssl-review.googlesource.com/5951
Reviewed-by: Adam Langley <agl@google.com>
2015-09-28 22:18:40 +00:00
David Benjamin
93d8cf557f Add various tests for d2i_PrivateKey.
Change-Id: I030022c240d17df08cf6f59eede0e94373152c40
Reviewed-on: https://boringssl-review.googlesource.com/5950
Reviewed-by: Adam Langley <agl@google.com>
2015-09-28 22:18:23 +00:00
David Benjamin
382bc29251 Defensively avoid assuming d2i functions don't advance on error.
Although the previous commit should ensure this doesn't happen, the
uint8_t** pattern is very error-prone and we're trying to avoid doing
much to the legacy ASN.1 stack. To that end, maintaining the strong
exception guarantee w.r.t. the input pointer-pointer is best effort and
we won't rely on it, so we needn't spend our time chasing down problems.

Change-Id: Ib78974eb94377fe0b0b379f57d9695dc81f344bb
Reviewed-on: https://boringssl-review.googlesource.com/5949
Reviewed-by: Adam Langley <agl@google.com>
2015-09-28 22:15:42 +00:00
David Benjamin
15e4deb165 d2i: don't update input pointer on failure
(Imported from upstream's 728bcd59d3d41e152aead0d15acc51a8958536d3.)

Actually this one was reported by us, but the commit message doesn't
mention this.

This is slightly modified from upstream's version to fix some problems
noticed in import. Specifically one of d2i_X509_AUX's success paths is
bust and d2i_PrivateKey still updates on one error path. Resolve the
latter by changing both it and d2i_AutoPrivateKey to explicitly hit the
error path on ret == NULL. This lets us remove the NULL check in
d2i_AutoPrivateKey.

We'll want to report the problems back upstream.

Change-Id: Ifcfc965ca6d5ec0a08ac154854bd351cafbaba25
Reviewed-on: https://boringssl-review.googlesource.com/5948
Reviewed-by: Adam Langley <agl@google.com>
2015-09-28 22:15:17 +00:00
David Benjamin
97a33939a3 Deprecate basically the entire base64 implementation.
The IUF functions were added for PEM and internally are very lenient to
whitespace and include other PEM-specific behaviors (notably they treat
hyphens as EOF). They also decode a ton of invalid input (see upstream's
RT #3757).

Upstream has a rewrite with tests that resolves the latter issue which
we should review and import. But this is still a very PEM-specific
interface. As this code has basically no callers outside the PEM code
(and any such callers likely don't want a PEM-specific API), it's
probably not worth the trouble to massage this and PEM into a strict IUF
base64 API with PEM whitespace and hyphen bits outside. Just deprecate
it all and leave it in a corner.

Change-Id: I5b98111e87436e287547829daa65e9c1efc95119
Reviewed-on: https://boringssl-review.googlesource.com/5952
Reviewed-by: Adam Langley <agl@google.com>
2015-09-28 21:53:39 +00:00
Adam Langley
6daa8268a6 Move the ARM-AES functions inside an #if block.
This fixes an issue with Clang, which doesn't like static functions that
aren't used (to its eyes).

Change-Id: I7cb055aa9f0ab3934352c105abe45f9c30990250
2015-09-25 15:21:34 -07:00
Arve Hjønnevåg
7f64706e37 Use armv8 functions for of AES_[en|de]crypt and AES_set_[en|de]crypt_key, if available.
This change causes ARM and Aarch64 to use the ARMv8 AES instructions, if
provided by the current CPU.

Change-Id: I50cb36270139fcf4ce42e5ebb8afe24ffcab22e3
Reviewed-on: https://boringssl-review.googlesource.com/6002
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-09-25 22:08:29 +00:00
Adam Langley
d75545600d Merge hwrand.c into rand.c.
By doing this the compiler can notice that much of the code is unused in
the case that we know that we can't have a hardware RNG (i.e. ARM).

Change-Id: I72d364a30080364d700f855640e0164c2c62f0de
Reviewed-on: https://boringssl-review.googlesource.com/6001
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-09-25 22:07:42 +00:00
Adam Langley
c8e664b70a Fix several minor points noticed by Kenny.
∙ Some comments had the wrong function name at the beginning.
  ∙ Some ARM asm ended up with two #if defined(__arm__) lines – one from
    the .pl file and one inserted by the translation script.

Change-Id: Ia8032cd09f06a899bf205feebc2d535a5078b521
Reviewed-on: https://boringssl-review.googlesource.com/6000
Reviewed-by: Adam Langley <agl@google.com>
2015-09-24 22:08:50 +00:00
Eric Roman
8c9b8783e2 Change some "int" variables to "size_t" in ssl3_handshake_mac().
BUG=https://crbug.com/535039

Change-Id: I94d35ae5acee510b1e6874c37f35eddda9906e71
Reviewed-on: https://boringssl-review.googlesource.com/5974
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-09-24 00:04:59 +00:00
Eric Roman
f0e8d537de Update comments in digest.h to consistently mention that digest size and block size are measured in bytes.
Change-Id: Ie75c68132fd501549b2ad5203663f6e99867eed6
Reviewed-on: https://boringssl-review.googlesource.com/5970
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-09-24 00:04:12 +00:00
David Benjamin
b50c91b5df Cleaner handling of "cnid" in do_x509_check
Avoid using cnid = 0, use NID_undef instead, and return early instead of
trying to find an instance of that in the subject DN.

(Imported from upstrea's 40d5689458593aeca0d1a7f3591f7ccb48e459ac.)

Change-Id: I1bdf6bf7a4b1f4774a8dbec7e5df421b3a27c7e4
Reviewed-on: https://boringssl-review.googlesource.com/5947
Reviewed-by: Adam Langley <agl@google.com>
2015-09-23 23:59:43 +00:00
David Benjamin
5e4158fe12 Fix the comment for POINT_CONVERSION_UNCOMPRESSED
The |z| value should be 0x04 not 0x02

RT#3838

(Imported from upstream's 41fe7d2380617da515581503490f1467ee75a521.)

Change-Id: I35745cd2a5a32bd726cb4d3c0613cef2bcbef35b
Reviewed-on: https://boringssl-review.googlesource.com/5946
Reviewed-by: Adam Langley <agl@google.com>
2015-09-23 23:57:01 +00:00
David Benjamin
b86b0f2824 RT 3493: fix RSA test
- Pass in the right ciphertext length to ensure we're indeed testing
  ciphertext corruption (and not truncation).
- Only test one mutation per byte to not make the test too slow.
- Add a separate test for truncated ciphertexts.

(Imported from upstream's 5f623eb61655688501cb1817a7ad0592299d894a.)

Change-Id: I425a77668beac9d391387e3afad8d15ae387468f
Reviewed-on: https://boringssl-review.googlesource.com/5945
Reviewed-by: Adam Langley <agl@google.com>
2015-09-23 23:56:40 +00:00
David Benjamin
79c59a30b5 size_t RSA_private_decrypt's input.
Change-Id: If05761052e235b38d9798b2fe4d8ba44293af891
Reviewed-on: https://boringssl-review.googlesource.com/5944
Reviewed-by: Adam Langley <agl@google.com>
2015-09-23 23:55:18 +00:00
Adam Langley
d98dc1311e Upstream Android-specific things under |BORINGSSL_ANDROID_SYSTEM|
The Android system BoringSSL has a couple of changes:
  ∙ ChaCha20-Poly1305 is disabled because it's not an offical
    cipher suite.
  ∙ P-521 is offered in the ClientHello.

These changes were carried in the Android BoringSSL repo directly. This
change upstreams them when BORINGSSL_ANDROID_SYSTEM is defined.

Change-Id: If3e787c6694655b56e7701118aca661e97a5f26c
2015-09-23 16:41:33 -07:00
David Benjamin
907bd30dcd Banish more deprecated flags to the bottom.
Change-Id: I7959fc65afae8860804ab9f038e3b5a9c2c8ec7b
Reviewed-on: https://boringssl-review.googlesource.com/5943
Reviewed-by: Adam Langley <agl@google.com>
2015-09-23 23:33:02 +00:00
David Benjamin
59937045ec Document certificate verification functions in SSL.
Or at least group them together and make a passing attempt to document
them. The legacy X.509 stack itself remains largely untouched and most
of the parameters have to do with it.

Change-Id: I9e11e2ad1bbeef53478c787344398c0d8d1b3876
Reviewed-on: https://boringssl-review.googlesource.com/5942
Reviewed-by: Adam Langley <agl@google.com>
2015-09-23 23:31:18 +00:00