Commit Graph

3388 Commits

Author SHA1 Message Date
David Benjamin
74df74b98f Remove ssl_any_ec_cipher_suites_enabled check.
TLS 1.3 also uses this extension and doesn't use any EC-based suites.
Always offering the extension is simpler. Also this gets an
SSL_get_ciphers call out of the way (that function is somewhat messy in
semantics).

Change-Id: I2091cb1046e0aea85caa76e73f50e8416e6ed94c
Reviewed-on: https://boringssl-review.googlesource.com/11980
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2016-11-01 14:47:59 +00:00
Brian Smith
f85d323114 TLS: Choose the max version supported by the client, not first.
This change is based on interpreting TLS 1.3 draft 18.

Change-Id: I727961aff2f7318bcbbc8bf6d62b7d6ad3e62da9
Reviewed-on: https://boringssl-review.googlesource.com/11921
Reviewed-by: David Benjamin <davidben@google.com>
2016-10-31 19:39:20 +00:00
David Benjamin
6f73379114 Add X25519 length constants.
Per request for named constants at
https://codereview.chromium.org/2457153003/diff/40001/net/quic/core/crypto/curve25519_key_exchange.cc#newcode27

The public one is named X25519_PUBLIC_VALUE_LEN rather than
X25519_PUBLIC_KEY_LEN for consistency with the rest of the
documentation. (Apparently we say "X25519 public value" and "Ed25519
public key".)

Change-Id: Idb76a0a9794f0f628c3b784e50a04fdb35bf3ee6
Reviewed-on: https://boringssl-review.googlesource.com/11941
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-10-31 18:49:33 +00:00
Adam Langley
cec45b7e43 Update links to Bazel's site.
Bazel has moved their primary site to bazel.build.

(Thanks to Damien Martin-guillerez for the change.)

Change-Id: Ifb29dbb79f1e1d9611f40992a3e75e0fb5a3722a
Reviewed-on: https://boringssl-review.googlesource.com/11961
Reviewed-by: David Benjamin <davidben@google.com>
2016-10-31 18:16:58 +00:00
David Benjamin
4b0d0e4c5e Validate input iv/mac sizes in SSL_AEAD_CTX_new.
This should never happen, but the SSL_AEAD_CTX_new layer should enforce
key sizes as it's not locally obvious at the call site the caller didn't
get confused. There's still a mess of asserts below, but those should be
fixed by cutting the SSL_CIPHER/SSL_AEAD_CTX boundary differently.

(enc_key_len is validated by virtue of being passed into EVP_AEAD.)

BUG=chromium:659593

Change-Id: I8c91609bcef14ca1509c87aab981bbad6556975f
Reviewed-on: https://boringssl-review.googlesource.com/11940
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-28 21:25:35 +00:00
David Benjamin
ea213d1f0b Add missing include.
Change-Id: I0aab9c94fcfa58b9cd46eaf716d9317f532f79a2
Reviewed-on: https://boringssl-review.googlesource.com/11850
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-10-28 19:56:32 +00:00
David Benjamin
b917909336 Move a few more types out of ssl.h.
These were forward-declared for SSL3_STATE but with that hidden, it's no
longer necessary.

Change-Id: I8c548822f56f6172b4033b2fa89c038adcec2caa
Reviewed-on: https://boringssl-review.googlesource.com/11860
Reviewed-by: Adam Langley <agl@google.com>
2016-10-28 19:46:13 +00:00
David Benjamin
8b176716e9 Test that SNI is accessible from the SNI callback.
Later work is going to cause some turbulence here.

Change-Id: Iba98bcf56e81492ec0dca54a381b38d1c115247a
Reviewed-on: https://boringssl-review.googlesource.com/11843
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-28 19:22:40 +00:00
David Benjamin
d547f55971 Remove superfluous const from CRYPTO_BUFFER_len.
Tagging non-pointer return types const doesn't do anything and makes
some compilers grumpy. Thanks to Daniel Hirche for the report.

Change-Id: I157ddefd8f7e604b4d8317ffa2caddb8f0dd89de
Reviewed-on: https://boringssl-review.googlesource.com/11849
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-10-28 19:11:31 +00:00
Brian Smith
0d211bdc4b Clarify the scope & initialization of |data_len| in |aead_tls_open|.
Neither branch of the |if| statement is expected to touch |data_len|.
Clarify this by moving |data_len| after the |if| statement.

Change-Id: Ibbc81e5b0c006882672df18442a6e7987064ca6d
Reviewed-on: https://boringssl-review.googlesource.com/11880
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2016-10-28 16:44:39 +00:00
David Benjamin
305e6fb7f7 Revise ssl_cipher_get_evp_aead.
This is still rather a mess with how it's tied to SSL_AEAD_CTX_new
(probably these should get encapsulated in an SSL_AEAD struct), but this
avoids running the TLS 1.3 nonce logic on fake AEADs. This is impossible
based on cipher version checks, but we shouldn't need to rely on it.

It's also a little tidier since out_mac_secret_len is purely a function
of algorithm_mac.

BUG=chromium:659593

Change-Id: Icc24d43c54a582bcd189d55958e2d232ca2db4dd
Reviewed-on: https://boringssl-review.googlesource.com/11842
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-28 16:43:31 +00:00
Alessandro Ghedini
5e393fedef Test getrandom(2) on Linux if available
This patch changes the urandom PRNG to read one byte from the
getrandom(2) Linux syscall on initialization in order to find any
unexpected behavior.

Change-Id: I8ef676854dc361e4f77527b53d1a14fd14d449a8
Reviewed-on: https://boringssl-review.googlesource.com/8681
Reviewed-by: Adam Langley <alangley@gmail.com>
Commit-Queue: Adam Langley <alangley@gmail.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-27 23:12:10 +00:00
Adam Langley
9ef99d5656 Add CRYPTO_BUFFER and CRYPTO_BUFFER_POOL.
These structures allow for blobs of data (e.g. certificates) to be
deduplicated in memory.

Change-Id: Iebfec90b85d55565848a178b6951562b4ccc083e
Reviewed-on: https://boringssl-review.googlesource.com/11820
Reviewed-by: Adam Langley <alangley@gmail.com>
Commit-Queue: Adam Langley <alangley@gmail.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-27 22:55:55 +00:00
David Benjamin
1b22f85a56 Reject tickets from the future.
This shouldn't happen, but it is good to check to avoid the potential
underflow in ssl_session_is_time_valid.

This required tweaking the mock clock in bssl_shim to stop going back in
time.

Change-Id: Id3ab8755139e989190d0b53d4bf90fe1ac203022
Reviewed-on: https://boringssl-review.googlesource.com/11841
Reviewed-by: David Benjamin <davidben@google.com>
2016-10-27 22:32:19 +00:00
Steven Valdez
b6b6ff3bef Verifying resumption cipher validity with current configuration.
BUG=chromium:659593

Change-Id: I73a4751609b85df7cd40f0f60dc3f3046a490940
Reviewed-on: https://boringssl-review.googlesource.com/11861
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-27 17:43:59 +00:00
David Benjamin
3a322f5e48 Revise signing preferences.
We currently preferentially sign the largest hash available and
advertise such a preference for signatures we accept. We're just as
happy with SHA-256 and, all else equal, a smaller hash would be epsilon
more performant. We also currently claim, in TLS 1.3, we prefer P-384
over P-256 which is off.

Instead order SHA-256 first, next the larger SHA-2 hashes, and leave
SHA-1 at the bottom. Within a hash, order ECDSA > RSA-PSS > RSA-PKCS1.

This has the added consequence that we will preferentially pair P-256
with SHA-256 in signatures we generate instead of larger hashes that get
truncated anyway.

Change-Id: If4aee068ba6829e8c0ef7948f56e67a5213e4c50
Reviewed-on: https://boringssl-review.googlesource.com/11821
Reviewed-by: Adam Langley <agl@google.com>
2016-10-26 17:20:19 +00:00
David Benjamin
9415a14acf Fix SSL_CTX_set1_curves fuzzer.
SSL_CTX_set1_curves was being called with the size of the input data in
bytes rather than in ints.

BUG=chromium:659361

Change-Id: I90da1c6d60e92423c6b7d9efd744ae70ff589172
Reviewed-on: https://boringssl-review.googlesource.com/11840
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-10-26 17:18:42 +00:00
David Benjamin
a1bbacac51 Record kCRLTestRoot's private key in the source.
At some point, we'll forget to look in the commit message.

Change-Id: I3153aab679209f4f11f56cf3f883c4c74a17af1d
Reviewed-on: https://boringssl-review.googlesource.com/11800
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2016-10-25 23:24:21 +00:00
Nico Weber
351af19bb0 Remove a clang-cl workaround that's no longer needed.
clang-cl now supports enough of `#pragma intrinsic` that
it can use SecureZeroMemory() without an explicit intrin.h include.
This reverts https://boringssl-review.googlesource.com/#/c/8320/

BUG=chromium:592745

Change-Id: Ib766133f1713137bddd07654376a3b4888d4b0fb
Reviewed-on: https://boringssl-review.googlesource.com/11780
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-25 21:10:52 +00:00
David Benjamin
c6722cd6e0 Check SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER before touching wpend_buf.
SSL_write has messy semantics around retries. As a sanity-check, it does
pointer and length checks and requires the original and retry SSL_write
pass the same buffer pointer.

In some cases, buffer addresses may change but still include the
original data as a prefix on the retry. Callers then set
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER to skip the pointer check. But, in
that case, the pointer may have been freed so doing a comparison is
undefined behavior.

Short-circuiting the pointer equality check avoids this problem.

Change-Id: I76cb8f7d45533504cd95287bc53897ca636af51d
Reviewed-on: https://boringssl-review.googlesource.com/11760
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2016-10-25 20:15:45 +00:00
David Benjamin
35c8afd314 More macro hygiene improvements.
I missed these in the last round.

Change-Id: I9b47216eef87c662728e454670e9e516de71ca21
Reviewed-on: https://boringssl-review.googlesource.com/11740
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-10-24 20:11:08 +00:00
David Benjamin
193c2fff53 Prune some unused prototypes.
The EVP_PKEY attribute functions in x509.h are unimplemented.

Change-Id: Idcf2d81e58b04d0829d25567a145f87801a980d1
Reviewed-on: https://boringssl-review.googlesource.com/10343
Reviewed-by: Adam Langley <agl@google.com>
2016-10-24 20:10:47 +00:00
David Benjamin
a7f56f0bfb Use scopers a little more.
Change-Id: I51e5a7dac3ceffc41d3a7a57157a11258e65bc42
Reviewed-on: https://boringssl-review.googlesource.com/11721
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-10-24 20:10:18 +00:00
David Benjamin
be941d4659 Correctly find all critical CRL extensions.
Unhandled critical CRL extensions were not detected if they appeared
after the handled ones.  (Upstream GitHub issue 1757).  Thanks to John
Chuah for reporting this.

(Imported from upstream's 3ade92e785bb3777c92332f88e23f6ce906ee260.)

This additionally adds a regression test for this issue, generated with
der-ascii.  The signatures on the CRLs were repaired per notes in
https://github.com/google/der-ascii/blob/master/samples/certificates.md

Change-Id: I74a77f92710e6ef7f46dcde5cb6ae9350084ddcb
Reviewed-on: https://boringssl-review.googlesource.com/11720
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-10-24 20:09:28 +00:00
David Benjamin
0cce863f74 Use scopers in tool/
Change-Id: I4e61dc57d1ec65e892b1933f35663db164f017eb
Reviewed-on: https://boringssl-review.googlesource.com/11681
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-10-24 20:05:42 +00:00
David Benjamin
079b394c49 Always enable GREASE for TLS 1.3 NewSessionTicket.
On the client we'll leave it off by default until the change has made it
through Chrome's release process. For TLS 1.3, there is no existing
breakage risk, so always do it. This saves us the trouble of having to
manually turn it on in servers.

See [0] for a data point of someone getting it wrong.

[0] https://hg.mozilla.org/projects/nss/rev/9dbc21b1c3cc

Change-Id: I74daad9e7efd2040e9d66d72d558b31f145e6c4c
Reviewed-on: https://boringssl-review.googlesource.com/11680
Reviewed-by: Adam Langley <agl@google.com>
2016-10-24 20:04:24 +00:00
Adam Langley
afdbb62de2 Ensure that BIO_[w]pending isn't confused about negative numbers.
It's possible that a BIO implementation could return a negative number
(say -1) for BIO_CTRL_PENDING or BIO_CTRL_WPENDING. Assert that this
doesn't happen and map it to zero if it happens anyway in NDEBUG builds.

Change-Id: Ie01214e80ff19acc1c7681a1125bbbf2038679c3
Reviewed-on: https://boringssl-review.googlesource.com/11700
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-21 21:08:55 +00:00
David Benjamin
fc4467e568 Refresh fuzzer corpus.
Change-Id: Id41cf40b5087c6520c4d3c822d5a955b9fd32853
Reviewed-on: https://boringssl-review.googlesource.com/11684
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Nick Harper <nharper@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2016-10-20 21:49:25 +00:00
David Benjamin
7784c4c4dd Fix fuzzer mode suppressions.
Change-Id: I18cee423675d6a686f83b4ef4b38696cb618392c
Reviewed-on: https://boringssl-review.googlesource.com/11683
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Nick Harper <nharper@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2016-10-20 21:49:13 +00:00
Nick Harper
9559401473 Use SHA256_CTX instead of EVP_MD_CTX when computing Channel ID.
Change-Id: I0bd7fdd276e7461ef08b8055bf3d0387f756739f
Reviewed-on: https://boringssl-review.googlesource.com/11682
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-20 21:22:39 +00:00
Nick Harper
c984611d2d Fix bogo implementation of Channel ID for TLS < 1.2.
BUG=103

Change-Id: I9a49fbaf66af73978ce264d27926f483e1e44766
Reviewed-on: https://boringssl-review.googlesource.com/11620
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-20 20:57:48 +00:00
Nick Harper
60a85cb5e4 Implement ChannelID for TLS 1.3.
Channel ID for TLS 1.3 uses the same digest construction as
CertificateVerify. This message is signed with the Channel ID key and
put in the same handshake message (with the same format) as in TLS 1.2.

BUG=103

Change-Id: Ia5b2dffe5a39c39db0cecb0aa6bdc328e53accc2
Reviewed-on: https://boringssl-review.googlesource.com/11420
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-20 20:57:10 +00:00
Adam Langley
373a6a5a7d Add a no-op |OPENSSL_no_config|.
Nodejs 6.9.0 calls this function.

Change-Id: I375f222cb819ebcb9fdce0a0d63df6817fa2dcae
Reviewed-on: https://boringssl-review.googlesource.com/11625
Commit-Queue: Adam Langley <alangley@gmail.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-19 19:43:35 +00:00
Adam Langley
46dd8ec993 Make the loop bounds in keywrap a little more clear.
This code reportedly upsets VC++'s static analysis. Make it clear that,
yes, we want to count backwards.

Change-Id: I5caba219a2b87750d1a9d69b46d336a98c5824c9
Reviewed-on: https://boringssl-review.googlesource.com/11624
Commit-Queue: Adam Langley <alangley@gmail.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-19 18:28:54 +00:00
David Benjamin
3ef7697ed3 Don't accept {sha1, ecdsa} and {sha512, ecdsa}.
{sha1, ecdsa} is virtually nonexistent. {sha512, ecdsa} is pointless
when we only accept P-256 and P-384. See Chromium Intent thread here:

https://groups.google.com/a/chromium.org/d/msg/blink-dev/kWwLfeIQIBM/9chGZ40TCQAJ

This tweaks the signature algorithm logic slightly so that sign and
verify preferences are separate.

BUG=chromium:655318

Change-Id: I1097332600dcaa38e62e4dffa0194fb734c6df3f
Reviewed-on: https://boringssl-review.googlesource.com/11621
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-18 19:07:36 +00:00
David Benjamin
b1133e9565 Fix up macros.
Macros need a healthy dose of parentheses to avoid expression-level
misparses. Most of this comes from the clang-tidy CL here:
https://android-review.googlesource.com/c/235696/

Also switch most of the macros to use do { ... } while (0) to avoid all
the excessive comma operators and statement-level misparses.

Change-Id: I4c2ee51e347d2aa8c74a2d82de63838b03bbb0f9
Reviewed-on: https://boringssl-review.googlesource.com/11660
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-10-18 18:28:23 +00:00
Adam Langley
840445d406 Include |SSL_CTX_set_signing_algorithm_prefs| in SSL_CTX fuzzer.
I missed this function, which was unfortunate.

Change-Id: I8bcea1738a50aa3297d09a59a86437351ff5f84a
Reviewed-on: https://boringssl-review.googlesource.com/11623
Commit-Queue: Adam Langley <alangley@gmail.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2016-10-18 17:39:47 +00:00
Adam Langley
99dce54031 Fix copy-paste error in SSL_CTX fuzzer.
Change-Id: I167d8ebfa7f2c08ba9f532df96ce5abd432c47c6
Reviewed-on: https://boringssl-review.googlesource.com/11622
Commit-Queue: Adam Langley <alangley@gmail.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2016-10-18 17:23:52 +00:00
Daniel Bathgate
89917a5c60 Fix memory leak in set_signing_algorithm_prefs.
If SSL_CTX_set_signing_algorithm_prefs or
SSL_set_signing_algorithm_prefs are
called multiple times for the same cert, the
previous cert->sigalgs will leak.

Free the existing sigalgs before setting a new one.

Change-Id: I73cdb366a8f47d8cc0baae986fd0aa80b60300e2
Reviewed-on: https://boringssl-review.googlesource.com/11640
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-18 14:13:53 +00:00
David Benjamin
e228bd299d Hide SSL3_STATE.
BUG=6

Change-Id: I463f5daa0bbf0f65269c52da25fa235ee2aa6ffb
Reviewed-on: https://boringssl-review.googlesource.com/11240
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-10-18 01:13:13 +00:00
Steven Valdez
2c62fe9c58 Run TestSequenceNumber at all versions.
There were some logic errors that were revealed by testing at TLS 1.3.
Also explicitly test GetClientHelloLen at TLS 1.2 (rather than relying
on the default) since the TLS 1.3 ClientHello is too large.

Change-Id: I907cb6ac04b40f845e99593bad06739132ca56b2
Reviewed-on: https://boringssl-review.googlesource.com/11605
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-18 00:53:14 +00:00
David Benjamin
ac9a7f6384 Fix the run_tests target in fuzzer mode.
We run with a few more arguments, we may as well pass them in.

Change-Id: Icd7196fc50983f77d500b96e0cc4f9bc583671bf
Reviewed-on: https://boringssl-review.googlesource.com/11603
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-14 16:01:47 +00:00
David Benjamin
cef36f0cf6 C++ crypto/test/malloc.cc more.
We have bool here. Also the comments were a mix of two styles.

Change-Id: I7eb6814b206efa960ae7e6e1abc14d64be6d61cf
Reviewed-on: https://boringssl-review.googlesource.com/11602
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-14 16:01:26 +00:00
David Benjamin
52db0eb46c Revert "Get the malloc tests working under ASan."
This reverts commit 7b9bbd9639. This seems
to cause some problem linking with gold in Chromium:

../../third_party/binutils/Linux_x64/Release/bin/ld.gold: warning: Cannot export local symbol 'free'
../../third_party/binutils/Linux_x64/Release/bin/ld.gold: warning: Cannot export local symbol 'malloc'
../../third_party/binutils/Linux_x64/Release/bin/ld.gold: warning: Cannot export local symbol 'realloc'
../../third_party/binutils/Linux_x64/Release/bin/ld.gold: error: treating warnings as errors

The same error in https://crbug.com/368351 implies we're actually
causing the compiler to make some assumptions it shouldn't make. The
obvious fix of marking things as visible causes crashes when built with
ASan (ASan's malloc interceptors and ours are conflicting somehow).
Revert this for now. We should study how ASan's interceptors work and
figure out how to make these two coexist.

BUG=655938

Change-Id: Iaad245d1028c442bd924d46519b20115d37a57c4
Reviewed-on: https://boringssl-review.googlesource.com/11604
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-10-14 15:56:13 +00:00
David Benjamin
4c0e6c64b6 ERR_clear_error at the end of each fuzzer.
Data allocated in one fuzzer iteration and then freed in the next
complicates the leak checker. Avoid this by dropping hidden global state
at the end of each run.

Change-Id: Ice79704f2754a6b1f40e288df9b97ddd5b3b97d5
Reviewed-on: https://boringssl-review.googlesource.com/11600
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-10-13 23:20:40 +00:00
David Benjamin
1991af6900 Refresh TLS fuzzer corpora for draft 16.
Change-Id: I3476d3ba7cf90e023f6ad2ff9264a31c59a74e6a
Reviewed-on: https://boringssl-review.googlesource.com/11584
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-10-13 19:12:50 +00:00
David Benjamin
ab6306bcb6 Fix fuzzer mode suppressions.
Some new tests needed to be suppressed.

Change-Id: I4474d752c338a18440efb213e0795ae81ad754fb
Reviewed-on: https://boringssl-review.googlesource.com/11583
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-10-13 19:12:44 +00:00
David Benjamin
a128a55e0b Update the TLS 1.3 draft version to draft 16.
This should land in the same group of revisions as the two parent
commits.

Change-Id: Id9d769b890b3308ea70b705e7241c73cb1930ede
Reviewed-on: https://boringssl-review.googlesource.com/11581
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-10-13 19:12:36 +00:00
David Benjamin
3baa6e153b Implement draft 16 HelloRetryRequest and cookie.
We'll never send cookies, but we'll echo them on request. Implement it
in runner as well and test.

BUG=98

Change-Id: Idd3799f1eaccd52ac42f5e2e5ae07c209318c270
Reviewed-on: https://boringssl-review.googlesource.com/11565
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-10-13 19:12:30 +00:00
Steven Valdez
c4aa727e73 Updating Key Schedule and KeyUpdate to draft 16.
This doesn't currently honor the required KeyUpdate response. That will
be done in a follow-up.

BUG=74

Change-Id: I750fc41278736cb24230303815e839c6f6967b6a
Reviewed-on: https://boringssl-review.googlesource.com/11412
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-10-13 19:12:23 +00:00