Commit Graph

4555 Commits

Author SHA1 Message Date
David Benjamin
6abaa316f0 Remove unnecessary parameter.
Change-Id: Ib6708b9a9f89ab8d548850575762032a36f9ba2f
Reviewed-on: https://boringssl-review.googlesource.com/19884
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-31 14:18:26 +00:00
David Benjamin
0a471910b4 Test empty extensions fields are omitted.
For historical reasons, TLS allows ServerHellos (and ClientHellos)
without extensions to omit the extensions fields entirely.
https://github.com/openssl/openssl/pull/4296 reports this is even
necessary for compatibility with extension-less clients. We continue to
do so, but add a test for it anyway.

Change-Id: I63c2e3a5f298674eb21952fca6914dad07d7c245
Reviewed-on: https://boringssl-review.googlesource.com/19864
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-31 14:17:36 +00:00
David Benjamin
2762b3542d Add X509_PUBKEY to bssl::UniquePtr.
Change-Id: I02d5c8f4a84facc2b120abc3268fb316670b7986
Reviewed-on: https://boringssl-review.googlesource.com/19804
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Matt Braithwaite <mab@google.com>
Reviewed-by: Matt Braithwaite <mab@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-30 17:23:31 +00:00
David Benjamin
3536809644 Update style guide for C++.
Change-Id: Ib8c681e221837407d7ae2578699b8a3f3227c1b7
Reviewed-on: https://boringssl-review.googlesource.com/19785
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-30 14:34:49 +00:00
David Benjamin
c11ea942b7 Convert comments in ssl.
That's the last of it!

Change-Id: I93d1f5ab7e95b2ad105c34b24297a0bf77625263
Reviewed-on: https://boringssl-review.googlesource.com/19784
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-29 21:33:32 +00:00
David Benjamin
66d49b4952 Fix SSL_CTX client_CA list locking.
ctx->cached_x509_client_CA needs to be protected under a lock since
SSL_CTX_get_client_CA_list is a logically const operation. The fallback
in SSL_get_client_CA_list was not using this lock.

Change-Id: I2431218492d1a853cc1a59c0678b0b50cd9beab2
Reviewed-on: https://boringssl-review.googlesource.com/19765
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-29 20:44:42 +00:00
David Benjamin
c79ae7aa8b Test SSL_add_client_CA.
That function actually got a little complicated after the CRYPTO_BUFFER
work.

Change-Id: Ib679a9f2bcc2c974fe059af49805b8200e77bd03
Reviewed-on: https://boringssl-review.googlesource.com/19764
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-29 20:36:02 +00:00
David Benjamin
3969fdf860 Test invalid certificates.
The fuzzer should discover this instantly, but it's a sufficiently
important failure case (don't accidentally drop the certificate on the
floor or anything weird like that) that it's probably worth testing.

Change-Id: I684932c2e8a88fcf9b2318bf46980d312c66f6ef
Reviewed-on: https://boringssl-review.googlesource.com/19744
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-29 20:27:58 +00:00
Steven Valdez
398085ba04 Simplify states with hs_wait_t returns.
Change-Id: Ie0014bf73625144503b649e84b43ca4b03a4df1f
Reviewed-on: https://boringssl-review.googlesource.com/19704
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-29 19:53:42 +00:00
David Benjamin
e2ec654c9a Update to Go 1.9 on the bots.
Change-Id: I692424f05f543c98a994a444f0303ea0bda7c14f
Reviewed-on: https://boringssl-review.googlesource.com/19725
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-29 19:52:02 +00:00
David Benjamin
617b818b49 Add a test for SSL_R_NO_CIPHERS_AVAILABLE.
Easy bit of test coverage.

Change-Id: I0362fca926d82869b512e3c40dc53d6dc771dfc8
Reviewed-on: https://boringssl-review.googlesource.com/19724
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-29 19:49:32 +00:00
Steven Valdez
4d71a9a2ca Migrate TLS 1.2 and below state machines to the new style.
Bug: 128
Change-Id: Ief3779b1c43dd34a154a0f1d2f94d0da756bc07a
Reviewed-on: https://boringssl-review.googlesource.com/19144
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-29 19:23:22 +00:00
David Benjamin
8997b2aa57 Better test cert verification happening only once.
OpenSSL's API has a non-fatal "soft fail" mode (can we get rid of
this?), so we should set the flag even if config->verify_fail is true.

Change-Id: I5a2a3290b9bf45c682f3a629a8b6474b1090fc6e
Reviewed-on: https://boringssl-review.googlesource.com/19684
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-29 16:56:52 +00:00
David Benjamin
e3bb51cb23 Remove deprecated cipher property APIs.
Consumers have been switched to the new ones.

Change-Id: I7a8ec6308775a105a490882c97955daed12a2c2c
Reviewed-on: https://boringssl-review.googlesource.com/19605
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-28 17:47:25 +00:00
David Benjamin
f21650709a Cut down on some redundant flags.
We have fancy -on-initial and -on-resume prefixes now that can apply to
every flag.

Change-Id: I6195a97f663ebc94db320ca35889c213c700a976
Reviewed-on: https://boringssl-review.googlesource.com/19666
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-24 16:18:32 +00:00
David Benjamin
5c4271f7cb Don't reauthenticate on renegotiation.
We currently forbid the server certificate from changing on
renegotiation. This means re-verifying the certificate is pointless and
indeed the callback being called again seems to surprise consumers more
than anything else.

Carry over the initial handshake's SCT lists and OCSP responses (don't
enforce they don't change since the server may have, say, picked up new
OCSP responses in the meantime), ignore new ones received on
renegotiation, and don't bother redoing verification.

For our purposes, TLS 1.2 renegotiation is an overcomplicated TLS 1.3
KeyUpdate + post-handshake auth. The server is not allowed to change
identity.

Bug: 126
Change-Id: I0dae85bcf243943b1a5a97fa4f30f100c9e6e41e
Reviewed-on: https://boringssl-review.googlesource.com/19665
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-24 16:14:22 +00:00
David Benjamin
5ef40c60f6 Mark renego-established sessions not resumable.
We do not call the new_session callback on renego, but a consumer using
SSL_get_session may still attempt to resume such a session. Leave the
not_resumable flag unset. Also document this renegotiation restriction.

Change-Id: I5361f522700b02edf5272ba5089c0777e5dafb09
Reviewed-on: https://boringssl-review.googlesource.com/19664
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-24 16:10:54 +00:00
Peter Wu
2c46c10631 Fix build when linux-headers are not installed.
linux/random.h is not really needed if FIPS mode is not enabled. Note
that use of the getrandom syscall is unaffected by this header.

Fixes commit bc7daec4d8

Change-Id: Ia367aeffb3f2802ba97fd1507de0b718d9ac2c55
Reviewed-on: https://boringssl-review.googlesource.com/19644
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-24 00:35:05 +00:00
David Benjamin
302b818d4b Only enable DTLS post-handshake rexmits if we sent the final Finished.
I messed up https://boringssl-review.googlesource.com/8883 and caused
both sides to believe they had sent the final Finished. Use next_message
to detect whether our last flight had a reply.

Change-Id: Ia4d8c8eefa818c9a69acc94d63c9c863293c3cf5
Reviewed-on: https://boringssl-review.googlesource.com/19604
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-23 17:13:42 +00:00
David Benjamin
8fc2dc07d8 Put SCTs and OCSP responses in CRYPTO_BUFFERs.
They both can be moderately large. This should hopefully relieve a little
memory pressure from both connections to hosts which serve SCTs and
TLS 1.3's single-use tickets.

Change-Id: I034bbf057fe5a064015a0f554b3ae9ea7797cd4e
Reviewed-on: https://boringssl-review.googlesource.com/19584
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-23 15:58:52 +00:00
David Benjamin
e7848220a2 Use OPENSSL_hash32 in lh_strhash.
No need to have two of these.

Change-Id: I5ff1ba24757828d8113321cd3262fed3d4defcdb
Reviewed-on: https://boringssl-review.googlesource.com/19525
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-21 21:10:22 +00:00
David Benjamin
7cc3f4fce0 Use __asm__ instead of asm.
One less macro to worry about in bcm.c.

Change-Id: I321084c0d4ed1bec38c541b04f5b3468350c6eaa
Reviewed-on: https://boringssl-review.googlesource.com/19565
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-18 23:43:11 +00:00
David Benjamin
4512b792ba Run comment conversion script on include/
ssl is all that's left. Will do that once that's at a quiet point.

Change-Id: Ia183aed5671e3b2de333def138d7f2c9296fb517
Reviewed-on: https://boringssl-review.googlesource.com/19564
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-18 23:38:51 +00:00
David Benjamin
808f832917 Run the comment converter on libcrypto.
crypto/{asn1,x509,x509v3,pem} were skipped as they are still OpenSSL
style.

Change-Id: I3cd9a60e1cb483a981aca325041f3fbce294247c
Reviewed-on: https://boringssl-review.googlesource.com/19504
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-18 21:49:04 +00:00
David Benjamin
f60bcfb3ef Make SSL_state_string_long work for TLS 1.3.
SSL_state_string_long and SSL_state_string are often used for debugging
purposes. The latter's 6-letter codes are absurd, but
SSL_state_string_long is plausible. So we don't lose this when
converging state machines or switching to TLS 1.3, add this to TLS 1.3.

Bug: 128
Change-Id: Iec6529a4d9eddcf08bc9610137b4ccf9ea2681a6
Reviewed-on: https://boringssl-review.googlesource.com/19524
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-18 19:38:33 +00:00
David Benjamin
68a0b1b112 Remove RFC 5114 groups.
These groups are terrible, we got the function wrong (unused ENGINE
parameter does not match upstream), and the functions are unused. Unwind
them. This change doesn't unwind the X9.42 Diffie-Hellman machinery, so
the checks are still present and tested.

(We can probably get rid of the X9.42 machinery too, but it is reachable
from DSA_dup_DH.  That's only used by wpa_supplicant and, if that code
ever ran, it'd be ignored because we don't support DHE in TLS. I've left
it alone for the time being.)

Bug: 2
Change-Id: I8d9396983c8d40ed46a03ba6947720da7e9b689a
Reviewed-on: https://boringssl-review.googlesource.com/19384
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-18 16:48:11 +00:00
David Benjamin
e2daba6d20 Run the comment converter on fuzz/ and tool/
Change-Id: I5ff73db09cc2871fca9cc18a74ad52636c6e753d
Reviewed-on: https://boringssl-review.googlesource.com/19485
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-18 16:42:13 +00:00
David Benjamin
331d2cee0a Rename mont_data to order_mont.
It's confusing to have both mont and mont_data on EC_GROUP. The
documentation was also wrong.

Change-Id: I4e2e3169ed79307018212fba51d015bbbe5c4227
Reviewed-on: https://boringssl-review.googlesource.com/10348
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-18 00:17:21 +00:00
David Benjamin
65b87ce4f6 Remove internal uses of SSLv23_*.
Change-Id: I69157b5e2527a2f92fc7b4b924a36e3399d043db
Reviewed-on: https://boringssl-review.googlesource.com/19444
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-18 00:15:10 +00:00
David Benjamin
388dfa187f Use getters in tools/ciphers.cc and add -openssl-name flag.
Change-Id: I9e3526dbf496d4c198cb4070a7239114a4ff315e
Reviewed-on: https://boringssl-review.googlesource.com/19424
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-18 00:10:31 +00:00
David Benjamin
32524c93b3 Run the comment conversion script on decrepit/
No one has CLs open there.

Change-Id: I387c1f04cc9ee7bf794bdc390d498e3f80b21091
Reviewed-on: https://boringssl-review.googlesource.com/19484
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-18 00:05:52 +00:00
Martin Kreichgauer
1a66326f09 Refactor ssl_test ForEachVersion into a GTest fixture.
Change-Id: I2fe57cd500e8408ae15164070afe4b081a5daab0
Reviewed-on: https://boringssl-review.googlesource.com/19404
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-17 23:18:00 +00:00
David Benjamin
e2568c41cb Tidy up some Windows compiler assumptions.
Someone tried to build us with Ubuntu's MinGW. This is too old to be
supported (the tests rather badly fail to build), but some of the fixes
will likely be useful for eventually building Clang for Windows
standalone too.

Change-Id: I6d279a0da1346b4e0813de51df3373b7412de33a
Reviewed-on: https://boringssl-review.googlesource.com/19364
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-16 19:57:06 +00:00
David Benjamin
6df7667f94 Add a -renegotiate-freely flag to bssl client.
I needed to toy with a server that renegotiated recently and this was
useful.

Change-Id: Id4e2adaaa2ecfc1c434a3bae199efb2fdacc41bf
Reviewed-on: https://boringssl-review.googlesource.com/19344
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-16 18:39:35 +00:00
David Benjamin
3e2001c767 Remove BIO_set_callback and friends.
This is never used.

Change-Id: I20498cab5b59ec141944d4a5e907a1164d0ae559
Reviewed-on: https://boringssl-review.googlesource.com/19184
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-16 18:19:54 +00:00
Martin Kreichgauer
72912d2500 Rotate the default ticket encryption key.
The ticket encryption key is rotated automatically once every 24 hours,
unless a key has been configured manually (i.e. using
|SSL_CTX_set_tlsext_ticket_keys|) or one of the custom ticket encryption
methods is used.

Change-Id: I0dfff28b33e58e96b3bbf7f94dcd6d2642f37aec
Reviewed-on: https://boringssl-review.googlesource.com/18924
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-16 18:18:54 +00:00
Andrii Shyshkalov
e976887412 CQ: bring back Windows builders.
TBR=davidben@google.com

Bug: 740633
Change-Id: I6359ef8ae5141231498259b92597319418cfdb1e
Reviewed-on: https://boringssl-review.googlesource.com/19327
Reviewed-by: Andrii Shyshkalov <tandrii@google.com>
2017-08-16 06:57:35 +00:00
Andrii Shyshkalov
5600c58f82 CQ config: always run win tryjobs, but don't block on them.
TBR=davidben@google.com

Bug: 740633
Change-Id: I7e2b53fc020509b7e46176ff4fed9133ba2b864a
Reviewed-on: https://boringssl-review.googlesource.com/19325
Reviewed-by: Andrii Shyshkalov <tandrii@google.com>
2017-08-16 06:46:21 +00:00
Andrii Shyshkalov
ae9f0616c5 CQ: make win builder optional as temp workaround.
Currently, win builders are hanging all the time,
making the whole CQ useless. This CL will make CQ usable,
while actual solution is found for win bots.

R=davidben@chromium.org, vadimsh@chromium.org

No-Try: True
No-Presubmit: True
Bug: 740633
Change-Id: I2a21949d1ed50b82f23b0de1ae8824143277d8f6
Reviewed-on: https://boringssl-review.googlesource.com/19284
Reviewed-by: David Benjamin <davidben@google.com>
2017-08-15 20:05:41 +00:00
Aaron Green
34bf605c19 Add default cert store on Fuchsia
Fuchsia isn't POSIX and doesn't have /etc.  This CL adds the
location for the system certificate store on Fuchsia.

Change-Id: I2b48e0e13525a32fa5e2c5c48b8db41d76c26872
Reviewed-on: https://boringssl-review.googlesource.com/19224
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
2017-08-15 18:58:58 +00:00
David Benjamin
874c73804a Revert ADX due to build issues.
Using ADX instructions requires relatively new assemblers. Conscrypt are
currently using Yasm 1.2.0. Revert these for the time being to unbreak
their build.

Change-Id: Iaba5761ccedcafaffb5ca79a8eaf7fa565583c32
Reviewed-on: https://boringssl-review.googlesource.com/19244
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2017-08-15 18:56:09 +00:00
Vlad Tsyrklevich
02b1d1953a Refactor bio_io()
Refactor bio_io() to use a switch/case statement to call the correct BIO
method. This is cleaner and eliminates calling a function pointer cast
to an incompatible type signature, which conflicts with LLVMs
implementation of control flow integrity for indirect calls.

Change-Id: I5456635e1c9857cdce810758ba0000577cc94b01
Reviewed-on: https://boringssl-review.googlesource.com/19084
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2017-08-14 23:14:57 +00:00
David Benjamin
18cdde7cc9 Remove old BORINGSSL_YYYYMM defines.
They haven't been needed for a while now.

Change-Id: I4c24799f6692aa8fe8ea8f09795d4e7973baf7d7
Reviewed-on: https://boringssl-review.googlesource.com/19145
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-14 21:51:53 +00:00
Steven Valdez
f4ecc84644 Prevent both early data and custom extensions from being accepted.
This loosens the earlier restriction to match Channel ID. Both may be
configured and offered, but the server is obligated to select only one
of them. This aligns with the current tokbind + 0-RTT draft where the
combination is signaled by a separate extension.

Bug: 183
Change-Id: I786102a679999705d399f0091f76da236be091c2
Reviewed-on: https://boringssl-review.googlesource.com/19124
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
2017-08-14 20:15:54 +00:00
David Benjamin
78f5e75739 Enable AVX2 and ADX in p256-x86_64-asm.pl.
We can test these with Intel SDE now. The AVX2 code just affects the two
select functions while the ADX code is a separate implementation.

Haswell numbers:

Before:
Did 84630 ECDH P-256 operations in 10031494us (8436.4 ops/sec)
Did 206000 ECDSA P-256 signing operations in 10015055us (20569.0 ops/sec)
Did 77256 ECDSA P-256 verify operations in 10064556us (7676.0 ops/sec)

After:
Did 86112 ECDH P-256 operations in 10015008us (8598.3 ops/sec)
Did 211000 ECDSA P-256 signing operations in 10025104us (21047.2 ops/sec)
Did 79344 ECDSA P-256 verify operations in 10017076us (7920.9 ops/sec)

Skylake numbers:

Before:
Did 75684 ECDH P-256 operations in 10016019us (7556.3 ops/sec)
Did 185000 ECDSA P-256 signing operations in 10012090us (18477.7 ops/sec)
Did 72885 ECDSA P-256 verify operations in 10027154us (7268.8 ops/sec)

After:
Did 89598 ECDH P-256 operations in 10032162us (8931.1 ops/sec)
Did 203000 ECDSA P-256 signing operations in 10019739us (20260.0 ops/sec)
Did 87040 ECDSA P-256 verify operations in 10000441us (8703.6 ops/sec)

The code was slightly patched for delocate.go compatibility.

Change-Id: Ic44ced4eca65c656bbe07d5a7fee91ec6925eb59
Reviewed-on: https://boringssl-review.googlesource.com/18967
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2017-08-14 19:51:48 +00:00
David Benjamin
488ca0eace Enable ADX in x86_64-mont*.pl.
This is a reland of https://boringssl-review.googlesource.com/18965
which was reverted due to Windows toolchain problems that have since
been fixed.

We have an SDE bot now and can more easily test things. We also enabled
ADX in rsaz-avx2.pl which does not work without x86_64-mont*.pl enabled.
rsa-avx2.pl's ADX code only turns itself off so that the faster ADX code
can be used... but we disable it.

Verified, after reverting the fix, the test vectors we imported combined
with Intel SDE catches CVE-2016-7055, so we do indeed have test
coverage. Also verified on the Windows version of Intel SDE.

Thanks to Alexey Ivanov for pointing out the discrepancy.

Skylake numbers:

Before:
Did 7296 RSA 2048 signing operations in 10038191us (726.8 ops/sec)
Did 209000 RSA 2048 verify operations in 10030629us (20836.2 ops/sec)
Did 1080 RSA 4096 signing operations in 10072221us (107.2 ops/sec)
Did 60836 RSA 4096 verify operations in 10053929us (6051.0 ops/sec)

ADX consistently off:
Did 9360 RSA 2048 signing operations in 10025823us (933.6 ops/sec)
Did 220000 RSA 2048 verify operations in 10024339us (21946.6 ops/sec)
Did 1048 RSA 4096 signing operations in 10006782us (104.7 ops/sec)
Did 61936 RSA 4096 verify operations in 10088011us (6139.6 ops/sec)

After (ADX consistently on):
Did 10444 RSA 2048 signing operations in 10006781us (1043.7 ops/sec)
Did 323000 RSA 2048 verify operations in 10012192us (32260.7 ops/sec)
Did 1610 RSA 4096 signing operations in 10044930us (160.3 ops/sec)
Did 96000 RSA 4096 verify operations in 10075606us (9528.0 ops/sec)

Change-Id: I2502ce80e9cfcdea40907512682e3a6663000faa
Reviewed-on: https://boringssl-review.googlesource.com/19105
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2017-08-14 19:16:25 +00:00
David Benjamin
e1bfd16dd7 Update yasm to 1.3.0 on the bots.
As of https://chromium-review.googlesource.com/#/c/608869/, Chromium is
now using yasm 1.3.0, which means we can rely on it.

This is upstream's yasm-1.3.0-win32.exe which has a SHA-512 hash of:
850b26be5bbbdaeaf45ac39dd27f69f1a85e600c35afbd16b9f621396b3c7a19863ea3ff316b025b578fce0a8280eef2203306a2b3e46ee1389abb65313fb720

(I'm using such a humungous hash because if one searches for it on
Google, there is evidence that someone else in the world downloaded the
same hash.)

Change-Id: I4674080dd07d3e07f399a67e767a00fc67d4aa63
Reviewed-on: https://boringssl-review.googlesource.com/19104
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
2017-08-14 18:55:28 +00:00
David Benjamin
348f0d8db9 Add OpenSSL 1.1.0's cipher property functions.
Other projects are starting to use them. Having two APIs for the same
thing is silly, so deprecate all our old ones.

Change-Id: Iaf6b6995bc9e4b624140d5c645000fbf2cb08162
Reviewed-on: https://boringssl-review.googlesource.com/19064
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-11 02:08:58 +00:00
Dimitar Vlahovski
bd70845a80 Add tests for CertificateVerify
CertificateVerify must be sent after a non-empty Certificate msg for:
1) TLS1.2 client
2) TLS1.3 client and server

This CL adds tests for those use cases.

Change-Id: I696e9dd74dcd523c6f8868a4fb9ada28fd67746d
Reviewed-on: https://boringssl-review.googlesource.com/19044
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-10 18:44:57 +00:00
David Benjamin
ca9e8f52f1 Tidy up handshake digest logic.
Use SSL_SESSION_get_digest instead of the lower level function where
applicable. Also, remove the failure case (Ivan Maidanski points out in
https://android-review.googlesource.com/c/337852/1/src/ssl/t1_enc.c that
this unreachable codepath is a memory leak) by passing in an SSL_CIPHER
to make it more locally obvious that other values are impossible.

Change-Id: Ie624049d47ab0d24f32b405390d6251c7343d7d6
Reviewed-on: https://boringssl-review.googlesource.com/19024
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-09 19:13:15 +00:00