Commit Graph

55 Commits

Author SHA1 Message Date
Adam Langley
2e839244b0 Remove old ChaCha20-Poly1305 AEAD.
Before RFC 7539 we had a ChaCha20-Poly1305 cipher suite that had a 64/64
nonce/counter split (as DJB's original ChaCha20 did). RFC 7539 changed
that to 96/32 and we've supported both for some time.

This change removes the old version and the TLS cipher suites that used
it.

BUG=chromium:682816

Change-Id: I2345d6db83441691fe0c1ab6d7c6da4d24777849
Reviewed-on: https://boringssl-review.googlesource.com/13203
Reviewed-by: Adam Langley <agl@google.com>
2017-01-19 23:27:54 +00:00
Adam Langley
5322010405 Revert "Remove old ChaCha20-Poly1305 AEAD."
This reverts commit def9b46801.

(I should have uploaded a new version before sending to the commit queue.)

Change-Id: Iaead89c8d7fc1f56e6294d869db9238b467f520a
Reviewed-on: https://boringssl-review.googlesource.com/13202
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-01-19 23:07:06 +00:00
Adam Langley
def9b46801 Remove old ChaCha20-Poly1305 AEAD.
Before RFC 7539 we had a ChaCha20-Poly1305 cipher suite that had a 64/64
nonce/counter split (as DJB's original ChaCha20 did). RFC 7539 changed
that to 96/32 and we've supported both for some time.

This change removes the old version and the TLS cipher suites that used
it.

Change-Id: Icd9c2117c657f3aa6df55990c618d562194ef0e8
Reviewed-on: https://boringssl-review.googlesource.com/13201
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
2017-01-19 22:54:50 +00:00
David Benjamin
17cf2cb1d2 Work around language and compiler bug in memcpy, etc.
Most C standard library functions are undefined if passed NULL, even
when the corresponding length is zero. This gives them (and, in turn,
all functions which call them) surprising behavior on empty arrays.
Some compilers will miscompile code due to this rule. See also
https://www.imperialviolet.org/2016/06/26/nonnull.html

Add OPENSSL_memcpy, etc., wrappers which avoid this problem.

BUG=23

Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e
Reviewed-on: https://boringssl-review.googlesource.com/12928
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-12-21 20:34:47 +00:00
Matthew Braithwaite
f440e827f1 Remove New Hope key agreement.
Change-Id: Iaac633616a54ba1ed04c14e4778865c169a68621
Reviewed-on: https://boringssl-review.googlesource.com/12703
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-12-10 01:06:31 +00:00
Adam Langley
df447ba3a9 Add generic AES-GCM-SIV support.
AES-GCM-SIV is an AEAD with nonce-misuse resistance. It can reuse
hardware support for AES-GCM and thus encrypt at ~66% the speed, and
decrypt at 100% the speed, of AES-GCM.

See https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-02

This implementation is generic, not optimised, and reuses existing AES
and GHASH support as much as possible. It is guarded by !OPENSSL_SMALL,
at least for now.

Change-Id: Ia9f77b256ef5dfb8588bb9ecfe6ee0e827626f57
Reviewed-on: https://boringssl-review.googlesource.com/12541
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-12-07 00:13:50 +00:00
David Benjamin
1e5ac5d502 Fix more clang-tidy warnings.
Changes imported from Chih-hung Hsieh's CL at
https://android-review.googlesource.com/c/235696/.

Change-Id: I02f170f0a059c21a8d6f221dcc779f6476f36bbf
Reviewed-on: https://boringssl-review.googlesource.com/12026
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-11-01 20:50:18 +00:00
David Benjamin
0cce863f74 Use scopers in tool/
Change-Id: I4e61dc57d1ec65e892b1933f35663db164f017eb
Reviewed-on: https://boringssl-review.googlesource.com/11681
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-10-24 20:05:42 +00:00
Matthew Braithwaite
8aaa9e12c2 Remove RC4 from TLS for real.
This withdraws support for -DBORINGSSL_ENABLE_RC4_TLS, and removes the
RC4 AEADs.

Change-Id: I1321b76bfe047d180743fa46d1b81c5d70c64e81
Reviewed-on: https://boringssl-review.googlesource.com/10940
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-09-16 03:06:36 +00:00
David Benjamin
2f401ecaac Fix IWYU violation in speed.cc.
We need time.h for clock_gettime on Linux. Previously, scoped_types.h
was pulling in everything and getting it for us, but now it doesn't
exist. We seem to have been pulling it in on accident anyway but
it seems Android's system headers end up not doing so.

Change-Id: I0a04495b1462649d77d62018e317c416803ac58d
Reviewed-on: https://boringssl-review.googlesource.com/11000
Reviewed-by: Matt Braithwaite <mab@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-09-09 23:56:01 +00:00
Matt Braithwaite
d17d74d73f Replace Scoped* heap types with bssl::UniquePtr.
Unlike the Scoped* types, bssl::UniquePtr is available to C++ users, and
offered for a large variety of types.  The 'extern "C++"' trick is used
to make the C++ bits digestible to C callers that wrap header files in
'extern "C"'.

Change-Id: Ifbca4c2997d6628e33028c7d7620c72aff0f862e
Reviewed-on: https://boringssl-review.googlesource.com/10521
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-09-01 22:22:54 +00:00
Brian Smith
7bee853d18 Include |BN_MONT_CTX| construction in RSA verification speed test.
Change-Id: I30d6560156bedeac781b12c16a65cfede7891bb7
Reviewed-on: https://boringssl-review.googlesource.com/10522
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-08-23 19:59:15 +00:00
David Benjamin
bcb65b90fe Give bssl speed proper arg parsing and a -timeout flag.
I've found that changing the timeout to 10s rather than 1s gives much
more stable numbers.

BUG=82

Change-Id: Ie026bf808e8bf78b35925add69f84c3ff31c31ab
Reviewed-on: https://boringssl-review.googlesource.com/10349
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-08-16 18:57:31 +00:00
Adam Langley
10f97f3bfc Revert "Move C++ helpers into |bssl| namespace."
This reverts commit 09feb0f3d9.

(In order to make WebRTC happy this also needs to be reverted.)
2016-07-12 08:09:33 -07:00
Adam Langley
d2b5af56cf Revert scoped_types.h change.
This reverts commits:
8d79ed6740
19fdcb5234
8d79ed6740

Because WebRTC (at least) includes our headers in an extern "C" block,
which precludes having any C++ in them.

Change-Id: Ia849f43795a40034cbd45b22ea680b51aab28b2d
2016-07-12 08:05:38 -07:00
Adam Langley
8c3c3135a2 Remove scoped_types.h.
This change scatters the contents of the two scoped_types.h files into
the headers for each of the areas of the code. The types are now in the
|bssl| namespace.

Change-Id: I802b8de68fba4786b6a0ac1bacd11d81d5842423
Reviewed-on: https://boringssl-review.googlesource.com/8731
Reviewed-by: Adam Langley <agl@google.com>
2016-07-11 23:08:27 +00:00
Adam Langley
09feb0f3d9 Move C++ helpers into |bssl| namespace.
We currently have the situation where the |tool| and |bssl_shim| code
includes scoped_types.h from crypto/test and ssl/test. That's weird and
shouldn't happen. Also, our C++ consumers might quite like to have
access to the scoped types.

Thus this change moves some of the template code to base.h and puts it
all in a |bssl| namespace to prepare for scattering these types into
their respective headers. In order that all the existing test code be
able to access these types, it's all moved into the same namespace.

Change-Id: I3207e29474dc5fcc344ace43119df26dae04eabb
Reviewed-on: https://boringssl-review.googlesource.com/8730
Reviewed-by: David Benjamin <davidben@google.com>
2016-07-11 23:04:52 +00:00
David Benjamin
a353cdb671 Wrap MSVC-only warning pragmas in a macro.
There's a __pragma expression which allows this. Android builds us Windows with
MinGW for some reason, so we actually do have to tolerate non-MSVC-compatible
Windows compilers. (Clang for Windows is much more sensible than MinGW and
intentionally mimicks MSVC.)

MinGW doesn't understand MSVC's pragmas and warns a lot. #pragma warning is
safe to suppress, so wrap those to shush them. This also lets us do away with a
few ifdefs.

Change-Id: I1f5a8bec4940d4b2d947c4c1cc9341bc15ec4972
Reviewed-on: https://boringssl-review.googlesource.com/8236
Reviewed-by: Adam Langley <agl@google.com>
2016-06-09 21:29:36 +00:00
Matt Braithwaite
e09e579603 Rename NEWHOPE functions to offer/accept/finish.
This is consistent with the new convention in ssl_ecdh.c.

Along the way, change newhope_test.c to not iterate 1000 times over each
test.

Change-Id: I7a500f45b838eba8f6df96957891aa8e880ba089
Reviewed-on: https://boringssl-review.googlesource.com/8012
Reviewed-by: David Benjamin <davidben@google.com>
2016-05-19 18:17:48 +00:00
Adam Langley
7909aa7c23 Pass array by reference in newhope speed test.
This is another thing that MSVC can't cope with:

..\tool\speed.cc(537) : error C2536: 'SpeedNewHope::<⋯>::SpeedNewHope::<⋯>::clientmsg' : cannot specify explicit initializer for arrays

Change-Id: I6b4cb430895f7794e9cef1b1c12b57ba5d537c64
2016-04-26 16:31:38 -07:00
Matt Braithwaite
045a0ffe35 Import `newhope' (post-quantum key exchange).
This derives from the reference implementation:

Source: https://github.com/tpoeppelmann/newhope/tree/master/ref at bc06c1ac
Paper: https://eprint.iacr.org/2015/1092

However, it does not interoperate, due to the replacement of SHAKE-128
with AES-CTR (for polynomial generation) and the replacement of SHA-3
with SHA-256 (for key whitening).

Change-Id: I6a55507aea85331245e2fbd41bae5cc049fdca3c
Reviewed-on: https://boringssl-review.googlesource.com/7690
Reviewed-by: Adam Langley <agl@google.com>
2016-04-26 22:53:59 +00:00
David Benjamin
981936791e Remove some easy obj.h dependencies.
A lot of consumers of obj.h only want the NID values. Others didn't need
it at all. This also removes some OBJ_nid2sn and OBJ_nid2ln calls in EVP
error paths which isn't worth pulling a large table in for.

BUG=chromium:499653

Change-Id: Id6dff578f993012e35b740a13b8e4f9c2edc0744
Reviewed-on: https://boringssl-review.googlesource.com/7563
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-31 20:50:33 +00:00
Adam Langley
708db16463 Pass |alice_msg| by reference in the SPAKE2 speed test.
This is an attempt to make MSVC happy. Currently it's saying:

..\tool\speed.cc(508) : error C2536: 'SpeedSPAKE2::<lambda_…>::SpeedSPAKE2::<lambda_…>::alice_msg' : cannot specify explicit initializer for arrays

Change-Id: Ifba1df26b5d734f142668a41834645c1549f9f52
Reviewed-on: https://boringssl-review.googlesource.com/7248
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-01 19:50:20 +00:00
Arnar Birgisson
f27459e412 Add SPAKE2 over Ed25519.
SPAKE2 is a password-authenticated key exchange. This implementation is
over the twisted Edwards curve Ed25519, and uses SHA-512 as the hash
primitive.

See https://tools.ietf.org/html/draft-irtf-cfrg-spake2-03

Change-Id: I2cd3c3ebdc3d55ac3aea3a9eb0d06275509597ac
Reviewed-on: https://boringssl-review.googlesource.com/7114
Reviewed-by: Adam Langley <agl@google.com>
2016-03-01 19:34:10 +00:00
Adam Langley
77c3c0b025 Enable Ed25519 when building with OPENSSL_SMALL.
OPENSSL_SMALL will still cause the smaller base-point table to be used
and so won't be as fast at signing as the full version, but Ed25519 will
now work in those builds.

Without OPENSSL_SMALL:

Did 20000 Ed25519 key generation operations in 1008347us (19834.4 ops/sec)
Did 20000 Ed25519 signing operations in 1025594us (19500.9 ops/sec)
Did 6138 Ed25519 verify operations in 1001712us (6127.5 ops/sec)
Did 21000 Curve25519 base-point multiplication operations in 1019237us (20603.6 ops/sec)
Did 7095 Curve25519 arbitrary point multiplication operations in 1065986us (6655.8 ops/sec)

With (on the same machine):

Did 8415 Ed25519 key generation operations in 1020958us (8242.3 ops/sec)
Did 8952 Ed25519 signing operations in 1077635us (8307.1 ops/sec)
Did 6358 Ed25519 verify operations in 1047533us (6069.5 ops/sec)
Did 6620 Curve25519 base-point multiplication operations in 1008922us (6561.5 ops/sec)
Did 7183 Curve25519 arbitrary point multiplication operations in 1096285us (6552.1 ops/sec)

Change-Id: Ib443c0e2bdfd11e044087e66efd55b651a5667e7
Reviewed-on: https://boringssl-review.googlesource.com/6772
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-12-18 23:15:33 +00:00
David Benjamin
df571631cc Add RC4-SHA1 and DES-EDE3-CBC-SHA1 to bssl speed.
For completeness. In so far as we care about legacy ciphers' performance at
all, we should have the others too.

Change-Id: Idd2d93345f3af8b6ac5772a1cb3c201f84fe3197
Reviewed-on: https://boringssl-review.googlesource.com/6750
Reviewed-by: Adam Langley <agl@google.com>
2015-12-16 23:53:23 +00:00
David Benjamin
8ffab72683 Point EVP_aead_chacha20_poly1305 at the standardized version.
The consumers have all been updated, so we can move EVP_aead_chacha20_poly1305
to its final state. Unfortunately, the _rfc7539-suffixed version will need to
stick around for just a hair longer. Also the tls1.h macros, but the remaining
consumers are okay with that changing underneath them.

Change-Id: Ibbb70ec1860d6ac6a7e1d7b45e70fe692bf5ebe5
Reviewed-on: https://boringssl-review.googlesource.com/6600
Reviewed-by: Adam Langley <agl@google.com>
2015-12-16 21:22:11 +00:00
Adam Langley
3ac32b1eda Fix curve25519 code for MSVC.
MSVC doesn't like unary minus on unsigned types. Also, the speed test
always failed because the inputs were all zeros and thus had small
order.

Change-Id: Ic2d3c2c9bd57dc66295d93891396871cebac1e0b
2015-11-17 15:15:05 -08:00
Adam Langley
4fb0dc4b03 Add X25519 and Ed25519 support.
(Ed25519 support is disabled when |OPENSSL_SMALL| is defined.)

libcrypto.a sizes:

x86-64 -O3 -march=native: +78012 (1584902 → 1662914)
x86-64 -O3 -march=native -DOPENSSL_SMALL: +10596 (1356206 → 1366802)
Android armv7 Thumb -O2 -DOPENSSL_SMALL: +13132 (1258462 → 1271594)

Change-Id: I6a7e64d481e4ce4daa7d5057578081358746cfb9
Reviewed-on: https://boringssl-review.googlesource.com/6497
Reviewed-by: Adam Langley <agl@google.com>
2015-11-17 21:56:12 +00:00
Adam Langley
5dbdad9c33 For now, give the unsuffixed ChaCha20 AEAD name to the old version.
QUIC has a complex relationship with BoringSSL owing to it living both
in Chromium and the Google-internal repository. In order for it to
handle the ChaCha20-Poly1305 AEAD switch more easily this change gives
the unsuffixed name to the old AEAD, for now.

Once QUIC has moved to the “_old” version the unsuffixed name can be
given to the new version.

Change-Id: Id8a77be6e3fe2358d78e022413fe088e5a274dca
Reviewed-on: https://boringssl-review.googlesource.com/6361
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-27 16:39:12 +00:00
Brian Smith
3e23e4cb58 Add the RFC 7539 ChaCha20-Poly1305 AEAD.
Change-Id: I07dfde7cc304d903c2253600905cc3e6257716c5
Reviewed-on: https://boringssl-review.googlesource.com/6101
Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-27 00:46:36 +00:00
David Benjamin
74f711083d Parse RSAPrivateKey with CBS.
This removes the version field from RSA and instead handles versioning
as part of parsing. (As a bonus, we now correctly limit multi-prime RSA
to version 1 keys.)

Most consumers are also converted. old_rsa_priv_{de,en}code are left
alone for now. Those hooks are passed in parameters which match the old
d2i/i2d pattern (they're only used in d2i_PrivateKey and
i2d_PrivateKey).

Include a test which, among other things, checks that public keys being
serialized as private keys are handled properly.

BUG=499653

Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08
Reviewed-on: https://boringssl-review.googlesource.com/5273
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 22:50:53 +00:00
David Benjamin
58084affbe Make constants in bssl tool actually const.
Change-Id: Iedf6a1bafbe195b689e1aebd2293332e38c1f4c7
Reviewed-on: https://boringssl-review.googlesource.com/5042
Reviewed-by: Adam Langley <agl@google.com>
2015-06-08 21:43:15 +00:00
Adam Langley
839b881c61 Multi-prime RSA support.
RSA with more than two primes is specified in
https://tools.ietf.org/html/rfc3447, although the idea goes back far
earier than that.

This change ports some of the changes in
http://rt.openssl.org/Ticket/Display.html?id=3477&user=guest&pass=guest
to BoringSSL—specifically those bits that are under an OpenSSL license.

Change-Id: I51e8e345e2148702b8ce12e00518f6ef4683d3e1
Reviewed-on: https://boringssl-review.googlesource.com/4870
Reviewed-by: Adam Langley <agl@google.com>
2015-06-05 18:39:44 +00:00
Adam Langley
92b6b02475 tool: include base.h before testing OPENSSL_WINDOWS.
Even though windows.h etc are system headers, conditional includes have
to come after the others.

Change-Id: I839b3b6c32a76c806698e2cdc71e50433fa900b2
2015-04-16 14:02:52 -07:00
Adam Langley
ad6b28e974 Add 64-bit, P-256 implementation.
This is taken from upstream, although it originally came from us. This
will only take effect on 64-bit systems (x86-64 and aarch64).

Before:

Did 1496 ECDH P-256 operations in 1038743us (1440.2 ops/sec)
Did 2783 ECDSA P-256 signing operations in 1081006us (2574.5 ops/sec)
Did 2400 ECDSA P-256 verify operations in 1059508us (2265.2 ops/sec)

After:

Did 4147 ECDH P-256 operations in 1061723us (3905.9 ops/sec)
Did 9372 ECDSA P-256 signing operations in 1040589us (9006.4 ops/sec)
Did 4114 ECDSA P-256 verify operations in 1063478us (3868.4 ops/sec)

Change-Id: I11fabb03239cc3a7c4a97325ed4e4c97421f91a9
2015-04-16 13:53:05 -07:00
Adam Langley
90b5840b02 tool: benchmark the RNG.
This change adds a benchmark for the RNG and also allows specific speed
tests to be selected via a command-line argument, since the full speed
suite is getting quite lengthy now and is only going to get longer in
the future.

Change-Id: If62c69177d58d3eb945d6108524c144ea0044137
Reviewed-on: https://boringssl-review.googlesource.com/4326
Reviewed-by: Adam Langley <agl@google.com>
2015-04-14 20:11:40 +00:00
Brian Smith
054e682675 Eliminate unnecessary includes from low-level crypto modules.
Beyond generally eliminating unnecessary includes, eliminate as many
includes of headers that declare/define particularly error-prone
functionality like strlen, malloc, and free. crypto/err/internal.h was
added to remove the dependency on openssl/thread.h from the public
openssl/err.h header. The include of <stdlib.h> in openssl/mem.h was
retained since it defines OPENSSL_malloc and friends as macros around
the stdlib.h functions. The public x509.h, x509v3.h, and ssl.h headers
were not changed in order to minimize breakage of source compatibility
with external code.

Change-Id: I0d264b73ad0a720587774430b2ab8f8275960329
Reviewed-on: https://boringssl-review.googlesource.com/4220
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:49:18 +00:00
Brian Smith
83a82981dc Rename BIO_print_errors_fp back to ERR_print_errors_fp & refactor it.
A previous change in BoringSSL renamed ERR_print_errors_fp to
BIO_print_errors_fp as part of refactoring the code to improve the
layering of modules within BoringSSL. Rename it back for better
compatibility with code that was using the function under the original
name. Move its definition back to crypto/err using an implementation
that avoids depending on crypto/bio.

Change-Id: Iee7703bb1eb4a3d640aff6485712bea71d7c1052
Reviewed-on: https://boringssl-review.googlesource.com/4310
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:23:29 +00:00
Adam Langley
3e719319be Lowercase some Windows headers.
MinGW on Linux needs lowercase include files. On Windows this doesn't
matter since the filesystems are case-insensitive, but building
BoringSSL on Linux with MinGW has case-sensitive filesystems.

Change-Id: Id9c120d819071b041341fbb978352812d6d073bc
Reviewed-on: https://boringssl-review.googlesource.com/4090
Reviewed-by: Adam Langley <agl@google.com>
2015-03-31 22:21:42 +00:00
David Benjamin
d434f28ef2 Fix bssl speed.
The TLS AEADs require EVP_AEAD_CTX_init_with_direction now. The speed command
was never updated to account for this.

BUG=467762

Change-Id: I8c7d4566b51d54d91d17318b8f4813ad8f19c777
Reviewed-on: https://boringssl-review.googlesource.com/3971
Reviewed-by: Adam Langley <agl@google.com>
2015-03-17 23:57:02 +00:00
Brian Smith
1d1562d9b5 Free new[]'d array using delete[] instead of free in speed.cc.
Change-Id: Ic3d5e8de0b6800c0852c2057427836302c1f1aaa
Reviewed-on: https://boringssl-review.googlesource.com/3962
Reviewed-by: Adam Langley <agl@google.com>
2015-03-17 21:04:15 +00:00
Brian Smith
d53b2c3c88 Fix out-of-bounds memory write in speed.cc.
Windows x64 uses the IL32P64 data model, which means that unsigned int
is 32 bits and size_t is 64 bits. Previously, the expression
|~(alignment - 1)| resulted in the 32-bit value 0xFFFFFFF0, which was
then extended to the 64-bit value 0x00000000FFFFFFF0 when promoted to
size_t. When the input pointer was masked with this value, the result
was a pointer that was usually way outside the boundaries of the array.

The new code casts |alignment| to size_t first prior to the bitwise
negation, resulting in the correct mask value of 0xFFFFFFFFFFFFFFF0.

Change-Id: I04754aa9e1ce7a615c2b4c74051cfcca38dbb52f
Reviewed-on: https://boringssl-review.googlesource.com/3961
Reviewed-by: Adam Langley <agl@google.com>
2015-03-17 19:12:54 +00:00
Adam Langley
2b2d66d409 Remove string.h from base.h.
Including string.h in base.h causes any file that includes a BoringSSL
header to include string.h. Generally this wouldn't be a problem,
although string.h might slow down the compile if it wasn't otherwise
needed. However, it also causes problems for ipsec-tools in Android
because OpenSSL didn't have this behaviour.

This change removes string.h from base.h and, instead, adds it to each
.c file that requires it.

Change-Id: I5968e50b0e230fd3adf9b72dd2836e6f52d6fb37
Reviewed-on: https://boringssl-review.googlesource.com/3200
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-02-02 19:14:15 +00:00
Brian Smith
efed2210e8 Enable more warnings & treat warnings as errors on Windows.
Change-Id: I2bf0144aaa8b670ff00b8e8dfe36bd4d237b9a8a
Reviewed-on: https://boringssl-review.googlesource.com/3140
Reviewed-by: Adam Langley <agl@google.com>
2015-01-31 00:18:55 +00:00
Adam Langley
267253470a Align pointers by hand.
This avoids having Windows be different and is also easier for testing
because it's a simple matter to unalign the pointer if needed.

Change-Id: I32cfa5834e3fe4f16304a25092b9c71946d4744d
Reviewed-on: https://boringssl-review.googlesource.com/3131
Reviewed-by: Adam Langley <agl@google.com>
2015-01-29 20:06:34 +00:00
Brian Smith
a87de9b39b Define WIN32_LEAN_AND_MEAN in the build system, not in the code.
This avoids a conflict with the Chromium build system, which
defines WIN32_LEAN_AND_MEAN with a different value.

BUG=crbug.com/453196

Change-Id: Ia15ec7c20325c1961af4f32e5208266e5f846f35
Reviewed-on: https://boringssl-review.googlesource.com/3150
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-01-29 18:48:57 +00:00
Brian Smith
dc94b54708 Clean up use of Windows Platform SDK headers.
Define WIN32_LEAN_AND_MEAN before including Windows Platform SDK
headers to preempt naming conflicts and to make the build faster. Avoid
including those headers in BoringSSL headers. Document that Platform
SDK 8.1 or later is required on Windows.

Change-Id: I907ada21dc722527ea37e839c71c5157455a7003
Reviewed-on: https://boringssl-review.googlesource.com/3100
Reviewed-by: Adam Langley <agl@google.com>
2015-01-28 20:36:49 +00:00
David Benjamin
384673ceb7 Fix tool build on Windows.
C++ doesn't allow implicit void* casts.

Change-Id: I50a2ab3fce6a38470b4e8216bd461ba2cd2c2215
Reviewed-on: https://boringssl-review.googlesource.com/2971
Reviewed-by: Adam Langley <agl@google.com>
2015-01-22 19:22:39 +00:00
Adam Langley
e7624340ee Also test AES-CBC modes in the speed tool.
This change adds the AES-128-CBC-SHA and AES-256-CBC-SHA AEADs to the
speed test. These AEADs need an 11 byte additional data so the test is
extended to be able to provide that.

Change-Id: I9a57c2321a979a68ab0df9faf1bb26b44a3009c4
Reviewed-on: https://boringssl-review.googlesource.com/2922
Reviewed-by: Adam Langley <agl@google.com>
2015-01-16 19:04:44 +00:00