This removes EVP_PKEY_HMAC and all the support code around it. EVP_MD requires
a lot of extra glue to support HMAC. This lets us prune it all away.
As a bonus, it removes a (minor) dependency from EVP to the legacy ASN.1 stack.
Change-Id: I5a9e3e39f518429828dbf13d14647fb37d9dc35a
Reviewed-on: https://boringssl-review.googlesource.com/5120
Reviewed-by: Adam Langley <agl@google.com>
This change amends generate_build_files.py so that Bazel output includes
rules for the (no-Go) tests.
Change-Id: I0c8dca599d6f828191eb665332af3193c650bc1a
Reviewed-on: https://boringssl-review.googlesource.com/5102
Reviewed-by: Adam Langley <agl@google.com>
This change adds ‘android-standalone’ and ‘bazel’ targets to the
build-file generation script. It also allows multiple build outputs to
be written in one invocation, which saves the cost of Perl to build all
the assembly files multiple times.
Note that this will require changes to the Chromium GYP files when its
rolled out because “boringssl_lib_sources” has been broken into
“boringssl_crypto_sources” and “boringssl_ssl_sources”.
Change-Id: Icfe9678d08fba74fd215cf92521831e9cdc265da
Reviewed-on: https://boringssl-review.googlesource.com/5070
Reviewed-by: Adam Langley <agl@google.com>
win8sdk got renamed to win_sdk. Also minor fixes from upstream, mostly pylint.
Upstream also no longer keeps the toolchain hash in a separate file.
Change-Id: Iefc8bb6a487f0cdb13fcf3131b0fba317ca6548b
Reviewed-on: https://boringssl-review.googlesource.com/4982
Reviewed-by: Adam Langley <agl@google.com>
Currently far from passing and I haven't even tried with a leak checker yet.
Also bn_test is slow.
Change-Id: I4fe2783aa5f7897839ca846062ae7e4a367d2469
Reviewed-on: https://boringssl-review.googlesource.com/4794
Reviewed-by: Adam Langley <agl@google.com>
One of these days we may need to get a more aggressive C parser...
Change-Id: I7c6a848fb3b7f41083ac70542aa17e971baf10a4
Reviewed-on: https://boringssl-review.googlesource.com/4786
Reviewed-by: Adam Langley <agl@google.com>
Fleshes out the table of contents more.
Change-Id: I8f8f0e43bdf7419f978b4fc66de80922ed1ae425
Reviewed-on: https://boringssl-review.googlesource.com/4785
Reviewed-by: Adam Langley <agl@google.com>
OpenSSL has traditionally done reference counting with |int|s and the
|CRYPTO_add| function. Unless a special callback is installed (rare),
this is implemented by doing the reference count operations under a
lock.
This change adds infrastructure for handling reference counts and uses
atomic operations when C11 support is available.
Change-Id: Ia023ce432319efd00f77a7340da27d16ee4b63c3
Reviewed-on: https://boringssl-review.googlesource.com/4771
Reviewed-by: Adam Langley <agl@google.com>
crypto/test contains not tests, but a test support library that should be
linked into each test.
Change-Id: If1c85eda2a3df1717edd38575e1ec792323c400b
Reviewed-on: https://boringssl-review.googlesource.com/4720
Reviewed-by: Adam Langley <agl@google.com>
This imports the EVP_PKEY test data of upstream's evptests.txt, but
modified to fit our test framework and with a new test driver. The
remainder of the test data will be imported separately into aead_test
and cipher_test.
Some minor changes to the test format were made to account for test
framework differences. One test has different results since we don't
support RSA signatures with omitted (rather than NULL) parameters.
Otherwise, the biggest difference in test format is that the ad-hoc
result strings are replaced with checking ERR_peek_error.
Change-Id: I758869abbeb843f5f2ac6c1cbd87333baec08ec3
Reviewed-on: https://boringssl-review.googlesource.com/4703
Reviewed-by: Adam Langley <agl@google.com>
This matches how upstream imported that test. evp_test will be used for
the subset of upstream's evp_test which land in our crypto/evp layer.
(Some of crypto/evp is in crypto/cipher for us, so those tests will be
in a ported cipher_test.)
Change-Id: Ic899442794b66350e73a706bb7c77a6ff3d2564b
Reviewed-on: https://boringssl-review.googlesource.com/4702
Reviewed-by: Adam Langley <agl@google.com>
This adds a file-based test framework to crypto/test. It knows how to
parse formats similar to either upstream's evp_test and our aead_test.
hmac_test has been converted to that with tests from upstream's
evp_test. Upstream tests it against the deprecated EVP_PKEY_HMAC API,
which will be tested by running evp_test against the same input file, to
avoid having to duplicate the test vectors. hmac_test runs those same
inputs against the supported HMAC_CTX APIs.
Change-Id: I9d2b6adb9be519760d1db282b9d43efd6f9adffb
Reviewed-on: https://boringssl-review.googlesource.com/4701
Reviewed-by: Adam Langley <agl@google.com>
The interface for this is very similar to upstream, but the code is
quite different.
Support for “resuming” (i.e. calling |CMAC_Final| and then computing the
CMAC for an extension of the message) has been dropped. Also, calling
|CMAC_Init| with magic argument to reset it has been replaced with
|CMAC_Reset|.
Lastly, a one-shot function has been added because it can save an
allocation and that's what most callers actually appear to want to do.
Change-Id: I9345220218bdb16ebe6ca356928d7c6f055d83f6
Reviewed-on: https://boringssl-review.googlesource.com/4630
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
generate_build_files.py is a generalisation of update_gypi_and_asm.py
that works for both Chromium and Android. In the future, these projects
will drop their copies of update_gypi_and_asm.py and will use this
script instead.
Change-Id: Ie32ce629ef44a6c070e329c7bc5e4531205b9709
Reviewed-on: https://boringssl-review.googlesource.com/4631
Reviewed-by: Adam Langley <agl@google.com>
Previously I've been using the Linaro toolchains and just building
static binaries. However, the Linaro toolchains have a broken
pthread_rwlock_wrlock—it does nothing and then unlocking corrupts the
lock.
Building with the Android NDK avoids this.
These build instructions depend on
https://github.com/taka-no-me/android-cmake which people will need to
clone into util/ if they want to use the Android NDK.
Change-Id: Ic64919f9399af2a57e8df4fb4b3400865ddb2427
Reviewed-on: https://boringssl-review.googlesource.com/4600
Reviewed-by: Adam Langley <agl@google.com>
See tools/clang/scripts/update.sh. This'll be used to run ASan on the bots.
BUG=469928
Change-Id: I6b5093c2db21ad4ed742852944e77a6b32e29e29
Reviewed-on: https://boringssl-review.googlesource.com/4402
Reviewed-by: Adam Langley <agl@google.com>
Otherwise we get all these 'defined' symbols everywhere.
Change-Id: I4c21a4df8963146a79af3511a400f06698f1078a
Reviewed-on: https://boringssl-review.googlesource.com/4292
Reviewed-by: Adam Langley <agl@google.com>
There's this giant "Underdocumented functions" section in the middle, but it
doesn't look too silly once the "Deprecated methods" section is merged in with
the other deprecated functions.
Change-Id: Ib97d88b0f915f60e9790264474a9e4aa3e115382
Reviewed-on: https://boringssl-review.googlesource.com/4291
Reviewed-by: Adam Langley <agl@google.com>
skipPast got confused when STACK_OF wasn't in the front of the string (which it
rarely was due to OPENSSL_EXPORT).
It also couldn't parse comments which end with a '*/' on their own.
(Stylistically we don't do this, but ssl_cipher_preference_list_st ends with an
ASCII art diagram which probably shouldn't gain a comment marker in the middle.)
Change-Id: I7687f4fd126003108906b995da0f2cd53f7d693a
Reviewed-on: https://boringssl-review.googlesource.com/4288
Reviewed-by: Adam Langley <agl@google.com>
If the key is missing, it seems the failure is assumed to be expected.
BUG=473924
Change-Id: I62edd9110fa74bee5e6425fd6786badf5398728c
Reviewed-on: https://boringssl-review.googlesource.com/4231
Reviewed-by: Adam Langley <agl@google.com>
Historically, OpenSSL has used callbacks for anything thread related,
but we don't actually have that many threading libraries to worry about:
just pthreads and Windows (I hope).
That suggests that it's quite reasonable to handle threading ourselves,
and eliminate the need for users to remember to install the thread
callbacks.
The first user of this would be ERR, which currently simulates
thread-local storage using a lock around a hash table keyed by the TID.
(Although I suspect that change will need some CMake work in order that
libpthread is automatically included with libcrypto when linking tests
etc, but not on Windows and without lots of ifs.)
Change-Id: I4dd088e3794506747f875c1f3e92b9bc6700fad2
Reviewed-on: https://boringssl-review.googlesource.com/4010
Reviewed-by: Adam Langley <agl@google.com>
- Pull in a trimmed down version of vs_toolchain.py from Chromium.
- Drop in toolchain_vs2013.hash from Chromium to use Chromium's
current toolchain.
- Add a very hacky vs_env.py to pull in Visual Studio. This is
loosely based off a handful of lines of Chromium's
tools/clang/scripts/update.py. This (and vs_toolchain.py) depends
on gyp which is now pulled in via DEPS.
BUG=430237
Change-Id: Ic29cbb15e19a99616cfe778d0778b9a71c45338a
Reviewed-on: https://boringssl-review.googlesource.com/3900
Reviewed-by: Adam Langley <agl@google.com>
This avoids cluttering up the diff and making merge conflicts a pain. It does,
however, mean we need to generate err_data.c ahead of time in Chromium and
likely other downstream builds. It also adds a build dependency on Go.
Change-Id: I6e0513ed9f50cfb030f7a523ea28519590977104
Reviewed-on: https://boringssl-review.googlesource.com/3790
Reviewed-by: Adam Langley <agl@google.com>
These are upstream's prebuilt binaries of:
e9493171de0edd8879755aa7229a701010a19561 cmake-3.1.3-win32-x86.zip
ab6e7aee6a915c4d820b86f5227094763b649fce strawberry-perl-5.20.2.1-32bit-portable.zip
4c4d1951181a610923523cb10d83d9ae9952fbf3 yasm-1.2.0-win32.exe
This is intentionally using yasm 1.2.0 rather than the latest 1.3.0 to match
Chromium's current bundled version. Chromium has additional patches, but they
all seem to be either in 1.2.0 or not relevant for us.
Also update extract.py a little to account for these.
BUG=430237
Change-Id: Iad6687e493900b25390d99882c7ceea62fff8b9b
Reviewed-on: https://boringssl-review.googlesource.com/3710
Reviewed-by: Adam Langley <agl@google.com>
Built from:
45f4d3fa8a2f61cc092ae461aac4cac1bab4ac6706f98274ea7f314dd315c6d0 cmake-3.1.3.tar.gz
We're still waiting on infra before the buildbot master is up, but let's get
this ready for when we do; it should be fairly easy.
BUG=430237
Change-Id: I3a414743d44052e1aa48759fa5f125db4d4913b5
Reviewed-on: https://boringssl-review.googlesource.com/3670
Reviewed-by: Adam Langley <agl@google.com>
Also adds a flag to runner.go to make it more suitable for printing to a pipe.
Change-Id: I26fae21f3e4910028f6b8bfc4821c8c595525504
Reviewed-on: https://boringssl-review.googlesource.com/3490
Reviewed-by: Adam Langley <agl@google.com>
Built from:
45f4d3fa8a2f61cc092ae461aac4cac1bab4ac6706f98274ea7f314dd315c6d0 cmake-3.1.3.tar.gz
Also drop in an extraction script.
Change-Id: I3487e9d432290a7dbabf854b927412c58c35d12b
Reviewed-on: https://boringssl-review.googlesource.com/3492
Reviewed-by: Adam Langley <agl@google.com>
Severely trimmed version of Chrome infra's scripts.
Change-Id: I378b68be670b74fe0518de5d66e0aa8b2d709f26
Reviewed-on: https://boringssl-review.googlesource.com/3491
Reviewed-by: Adam Langley <agl@google.com>
This supports -valgrind as with runner.go. It also works on Windows and
provides a place for implementing Chrome infra's JSON test output format in the
future, as well as whatever magic may be needed for Android.
Change-Id: I26eb68053f95e825561a142dbcdc4fbd84e3687d
Reviewed-on: https://boringssl-review.googlesource.com/3411
Reviewed-by: Adam Langley <agl@google.com>
Some files in crypto/x509 were moved from crypto/asn1, so they emit errors from
another module. Fix make_errors.go to account for this: cross module errors
must use the foreign module as the first argument to OPENSSL_PUT_ERROR. Both
the function code and the error code should be declared in the foreign module.
Update make_errors.go to ignore cross-module error lines when deciding which
function tokens to emit.
Change-Id: Ic38377ddd56e22d033ef91318c30510762f6445d
Reviewed-on: https://boringssl-review.googlesource.com/3383
Reviewed-by: Adam Langley <agl@google.com>
Previously, error strings were kept in arrays for each subdirectory and
err.c would iterate over them all and insert them at init time to a hash
table.
This means that, even if you have a shared library and lots of processes
using that, each process has ~30KB of private memory from building that
hash table.
This this change, all the error strings are built into a sorted list and
are thus static data. This means that processes can share the error
information and it actually saves binary space because of all the
pointer overhead in the old scheme. Also it saves the time taken
building the hash table at startup.
This removes support for externally-supplied error string data.
Change-Id: Ifca04f335c673a048e1a3e76ff2b69c7264635be
This reverts commit cd5c892a87. We'd rather get
rid of crypto/conf altogether, and these tests will require that we
OPENSSL_EXPORT conf.h's functions.
Change-Id: I271511ba321201e60de94e5c79c4b565ce31728f
Reviewed-on: https://boringssl-review.googlesource.com/3120
Reviewed-by: Adam Langley <agl@google.com>
This is an initial cut at aarch64 support. I have only qemu to test it
however—hopefully hardware will be coming soon.
This also affects 32-bit ARM in that aarch64 chips can run 32-bit code
and we would like to be able to take advantage of the crypto operations
even in 32-bit mode. AES and GHASH should Just Work in this case: the
-armx.pl files can be built for either 32- or 64-bit mode based on the
flavour argument given to the Perl script.
SHA-1 and SHA-256 don't work like this however because they've never
support for multiple implementations, thus BoringSSL built for 32-bit
won't use the SHA instructions on an aarch64 chip.
No dedicated ChaCha20 or Poly1305 support yet.
Change-Id: Ib275bc4894a365c8ec7c42f4e91af6dba3bd686c
Reviewed-on: https://boringssl-review.googlesource.com/2801
Reviewed-by: Adam Langley <agl@google.com>
Add some missing headers and ensure each header has a short description. doc.go
gets confused at declarations that break before the first (, so avoid doing
that. Also skip a/an/deprecated: in markupFirstWord and process pipe words in
the table of contents.
Change-Id: Ia08ec5ae8e496dd617e377e154eeea74f4abf435
Reviewed-on: https://boringssl-review.googlesource.com/2839
Reviewed-by: Adam Langley <agl@google.com>
This introduces another knob into SSL_AEAD_CTX to omit the version from the ad
parameter. It also allows us to fold a few more SSL3_ENC_METHOD hooks together.
Change-Id: I6540d410d4722f734093554fb434dab6e5217d4f
Reviewed-on: https://boringssl-review.googlesource.com/2698
Reviewed-by: Adam Langley <agl@google.com>
The EVP_CIPHER codepath should no longer be used with TLS. It still exists for
DTLS and SSLv3. The AEAD construction in TLS does not allow for
variable-overhead AEADs, so stateful AEADs do not include the length in the ad
parameter. Rather the AEADs internally append the unpadded length once it is
known. EVP_aead_rc4_md5_tls is modified to account for this.
Tests are added (and RC4-MD5's regenerated) for each of the new AEADs. The
cipher tests are all moved into crypto/cipher/test because there's now a lot of
them and they clutter the directory listing.
In ssl/, the stateful AEAD logic is also modified to account for stateful AEADs
with a fixed IV component, and for AEADs which use a random nonce (for the
explicit-IV CBC mode ciphers).
The new implementation fixes a bug/quirk in stateless CBC mode ciphers where
the fixed IV portion of the keyblock was generated regardless. This is at the
end, so it's only relevant for EAP-TLS which generates a MSK from the end of
the key block.
Change-Id: I2d8b8aa11deb43bde2fd733f4f90b5d5b8cb1334
Reviewed-on: https://boringssl-review.googlesource.com/2692
Reviewed-by: Adam Langley <agl@google.com>
When d2i_ECPrivateKey reads a private key with a missing (optional)
public key, generate one automatically from the group and private key.
(Imported from upstream's 2083f7c465d07867dd9867b8742bb71c03d1f203)
Change-Id: I9e5090de87cf846ab92e4be5b6bf64e6091d02e4
Remove the existing md5_test and sha1_test. They now are all covered by
digest_test. For good measure, test the one-shot functions too.
Change-Id: I8e144cc563fb8817144e26cbd2e10c15642464ba
Reviewed-on: https://boringssl-review.googlesource.com/2211
Reviewed-by: Adam Langley <agl@google.com>
This stopped being a sample program a bit ago.
Change-Id: I23301fd71a373f995847dcfd64346bd262811f39
Reviewed-on: https://boringssl-review.googlesource.com/2131
Reviewed-by: Adam Langley <agl@google.com>