Commit Graph

1761 Commits

Author SHA1 Message Date
David Benjamin
daf2c5dc0c Convert ecdsa_test to C++.
Change-Id: I3bcfc9d29fb3b5eed3d578eb4879b815458f20c0
Reviewed-on: https://boringssl-review.googlesource.com/4351
Reviewed-by: Adam Langley <agl@google.com>
2015-04-15 21:11:56 +00:00
David Benjamin
e65855c36f Fix memory leak in ecdsa_test.
This one really needs to get C++'d.

Change-Id: I088f3b77867af0cfc2da8324ba87954ef4cbba74
Reviewed-on: https://boringssl-review.googlesource.com/4350
Reviewed-by: Adam Langley <agl@google.com>
2015-04-15 21:04:52 +00:00
David Benjamin
25f0846316 Revert "Temporarily break a test on purpose."
This reverts commit cbbe020894.
2015-04-15 16:13:49 -04:00
David Benjamin
cbbe020894 Temporarily break a test on purpose.
This is to make sure emails get sent to the right place. This will be reverted
in a minute.

Change-Id: I657e8c32034deb2231b76c1a418bdc5dcf6be8bd
2015-04-15 15:59:07 -04:00
Brian Smith
f86c199f67 Fix Windows newline in err.h from commit 83a8298.
Change-Id: I2caa65b35e80233009e82599838f65aaf2e73cf4
Reviewed-on: https://boringssl-review.googlesource.com/4341
Reviewed-by: Adam Langley <agl@google.com>
2015-04-15 03:07:07 +00:00
Brian Smith
b828cfde3a Fix typos in documentation in rsa.h.
Change-Id: I0fb680d088425df8fca558bf8d4213f251eb0a96
Reviewed-on: https://boringssl-review.googlesource.com/4340
Reviewed-by: Adam Langley <agl@google.com>
2015-04-15 03:06:53 +00:00
Brian Smith
3700778248 Fix Windows build failures caused by 310d4dd.
MSVC doesn't like |const size_t len| in a function definition where the
declaration was just |size_t len| without the |const|. Also, MSVC needs
declarations of parameterless functions to have a |void| parameter list.

Change-Id: I91e01a12aca657b2ee1d653926f09cc52da2faed
Reviewed-on: https://boringssl-review.googlesource.com/4329
Reviewed-by: Adam Langley <agl@google.com>
2015-04-15 03:06:29 +00:00
Adam Langley
c3ef76f327 Compatibility changes for wpa_supplicant and OpenSSH.
OpenSSH, especially, does some terrible things that mean that it needs
the EVP_CIPHER structure to be exposed ☹. Damian is open to a better API
to replace this, but only if OpenSSL agree too. Either way, it won't be
happening soon.

Change-Id: I393b7a6af6694d4d2fe9ebcccd40286eff4029bd
Reviewed-on: https://boringssl-review.googlesource.com/4330
Reviewed-by: Adam Langley <agl@google.com>
2015-04-14 20:18:28 +00:00
Adam Langley
310d4dd6b6 rand: new-style locking and support rdrand.
Pure /dev/urandom, no buffering (previous behaviour):
Did 2320000 RNG (16 bytes) operations in 3000082us (773312.2 ops/sec): 12.4 MB/s
Did 209000 RNG (256 bytes) operations in 3011984us (69389.5 ops/sec): 17.8 MB/s
Did 6851 RNG (8192 bytes) operations in 3052027us (2244.7 ops/sec): 18.4 MB/s

Pure rdrand speed:
Did 34930500 RNG (16 bytes) operations in 3000021us (11643418.5 ops/sec): 186.3 MB/s
Did 2444000 RNG (256 bytes) operations in 3000164us (814622.1 ops/sec): 208.5 MB/s
Did 80000 RNG (8192 bytes) operations in 3020968us (26481.6 ops/sec): 216.9 MB/s

rdrand + ChaCha (as in this change):
Did 19498000 RNG (16 bytes) operations in 3000086us (6499147.0 ops/sec): 104.0 MB/s
Did 1964000 RNG (256 bytes) operations in 3000566us (654543.2 ops/sec): 167.6 MB/s
Did 62000 RNG (8192 bytes) operations in 3034090us (20434.5 ops/sec): 167.4 MB/s

Change-Id: Ie17045650cfe75858e4498ac28dbc4dcf8338376
Reviewed-on: https://boringssl-review.googlesource.com/4328
Reviewed-by: Adam Langley <agl@google.com>
2015-04-14 20:13:42 +00:00
Adam Langley
ba3bef98d8 obj: convert to new-style locks.
Change-Id: Idd7c37b9a0fe56f11909c2bf891bca370ef7f982
Reviewed-on: https://boringssl-review.googlesource.com/4327
Reviewed-by: Adam Langley <agl@google.com>
2015-04-14 20:12:14 +00:00
Adam Langley
90b5840b02 tool: benchmark the RNG.
This change adds a benchmark for the RNG and also allows specific speed
tests to be selected via a command-line argument, since the full speed
suite is getting quite lengthy now and is only going to get longer in
the future.

Change-Id: If62c69177d58d3eb945d6108524c144ea0044137
Reviewed-on: https://boringssl-review.googlesource.com/4326
Reviewed-by: Adam Langley <agl@google.com>
2015-04-14 20:11:40 +00:00
Adam Langley
f030369717 tool: add rand.
The rand subcommand outputs entropy to stdout.

Change-Id: I95c2769a1784a8dd4c21efc15009080006d51349
Reviewed-on: https://boringssl-review.googlesource.com/4325
Reviewed-by: Adam Langley <agl@google.com>
2015-04-14 20:11:39 +00:00
Adam Langley
683d7bd20a Convert BN_MONT_CTX to new-style locking.
This introduces a per-RSA/DSA/DH lock. This is good for lock contention,
although pthread locks are depressingly bloated.

Change-Id: I07c4d1606fc35135fc141ebe6ba904a28c8f8a0c
Reviewed-on: https://boringssl-review.googlesource.com/4324
Reviewed-by: Adam Langley <agl@google.com>
2015-04-14 20:10:27 +00:00
Adam Langley
ccdfbd9834 ex_data: convert to new-style locking.
Change-Id: Id81f986f433805837b58a6ddd13ec146ff62c30b
Reviewed-on: https://boringssl-review.googlesource.com/4323
Reviewed-by: Adam Langley <agl@google.com>
2015-04-14 20:09:52 +00:00
Adam Langley
8bdd54208e err: convert over to new-style locking.
Change-Id: I79a156a7baee206f79b103233bf64885bbcc73dc
Reviewed-on: https://boringssl-review.googlesource.com/4322
Reviewed-by: Adam Langley <agl@google.com>
2015-04-14 20:09:46 +00:00
Adam Langley
df1f5e796c crypto: add mutexes.
Prior to this, BoringSSL was using OpenSSL's technique of having users
register a callback for locking operation. This change adds native mutex
support.

Since mutexes often need to be in objects that are exposed via public
headers, the non-static mutexes are defined in thread.h. However, on
Windows we don't want to #include windows.h for CRITICAL_SECTION and, on
Linux, pthread.h doesn't define pthread_rwlock_t unless the feature
flags are set correctly—something that we can't control in general
for public header files. Thus, on both platforms, the mutex is defined
as a uint8_t[] of equal or greater size and we depend on static asserts
to ensure that everything works out ok.

Change-Id: Iafec17ae7e3422325e587878a5384107ec6647ab
Reviewed-on: https://boringssl-review.googlesource.com/4321
Reviewed-by: Adam Langley <agl@google.com>
2015-04-14 20:07:15 +00:00
Adam Langley
9bde6aeb76 bio: remove reference count.
It appears that this reference “count” is set to one at creation and
never touched after that.

Change-Id: I3238a6d3dd702953771b8ec725c1c5712c648fba
Reviewed-on: https://boringssl-review.googlesource.com/4320
Reviewed-by: Adam Langley <agl@google.com>
2015-04-14 20:04:52 +00:00
Adam Langley
1f26ed767a Undo one fragment of 054e6826.
054e6826 got the condition wrong and strcmp saves a bunch of
allocations.

Change-Id: Iac7cbdd0b63747684c2f245868a7911c5f7eba57
2015-04-13 15:59:36 -07:00
David Benjamin
b16346b0ad Add SSL_set_reject_peer_renegotiations.
This causes any unexpected handshake records to be met with a fatal
no_renegotiation alert.

In addition, restore the redundant version sanity-checks in the handshake state
machines. Some code would zero the version field as a hacky way to break the
handshake on renego. Those will be removed when switching to this API.

The spec allows for a non-fatal no_renegotiation alert, but ssl3_read_bytes
makes it difficult to find the end of a ClientHello and skip it entirely. Given
that OpenSSL goes out of its way to map non-fatal no_renegotiation alerts to
fatal ones, this seems probably fine. This avoids needing to account for
another source of the library consuming an unbounded number of bytes without
returning data up.

Change-Id: Ie5050d9c9350c29cfe32d03a3c991bdc1da9e0e4
Reviewed-on: https://boringssl-review.googlesource.com/4300
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 22:38:58 +00:00
David Benjamin
8f64778a39 Add some missing headers to doc.config.
Change-Id: I9d9c055c6cd2c51183f704d61aea6ccbfc218629
Reviewed-on: https://boringssl-review.googlesource.com/4294
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 22:07:47 +00:00
David Benjamin
2bf1a79654 Prune some unused constants from ssl/internal.h.
Change-Id: Iae9e064261cf7cb2968520812e2f242d7f643ecc
Reviewed-on: https://boringssl-review.googlesource.com/4293
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 22:07:38 +00:00
David Benjamin
71485af5e8 Skip #if lines in getNameFromDecl.
Otherwise we get all these 'defined' symbols everywhere.

Change-Id: I4c21a4df8963146a79af3511a400f06698f1078a
Reviewed-on: https://boringssl-review.googlesource.com/4292
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 22:07:28 +00:00
David Benjamin
0d8a758938 Start generating documentation for ssl.h.
There's this giant "Underdocumented functions" section in the middle, but it
doesn't look too silly once the "Deprecated methods" section is merged in with
the other deprecated functions.

Change-Id: Ib97d88b0f915f60e9790264474a9e4aa3e115382
Reviewed-on: https://boringssl-review.googlesource.com/4291
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 22:07:09 +00:00
David Benjamin
71f0794d34 Document everything in ssl_ciph.c, now ssl_cipher.c.
Just about everything depends on SSL_CIPHER. Move it to the top as the first
section in ssl.h. Match the header order and the source file order and document
everything. Also make a couple of minor style guide tweaks.

Change-Id: I6a810dbe79238278ac480e5ced1447055715a79f
Reviewed-on: https://boringssl-review.googlesource.com/4290
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 22:06:55 +00:00
David Benjamin
087e4fa478 Fix minor stylistic issues with ssl.h.
Mostly stuff that doc.go was grumpy about. The main change is to move the
version-specific headers to the bottom. Injecting them in the middle makes it
seem as if the definitions above the #include and those below are somehow
different, but it compiles fine with them at the bottom. (They have to be at
the bottom because those headers depend on ssl.h.)

Change-Id: Iaa4139d2f157c7a3fd0ea609b78ff11d2edfc7b0
Reviewed-on: https://boringssl-review.googlesource.com/4289
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 22:06:19 +00:00
David Benjamin
5c366d62e8 Remove dead code.
That block is slightly unreachable.

Change-Id: I1b4b2d8b1cd4bb7137ce0aac4b65079545cd9264
Reviewed-on: https://boringssl-review.googlesource.com/4286
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 22:06:00 +00:00
David Benjamin
6b38086341 Remove SSL_CIPHER::valid.
It's no longer needed to distinguish ciphers from fake ciphers.

Change-Id: I1ad4990ba936b1059eb48f3d2f309eb832dd1cb5
Reviewed-on: https://boringssl-review.googlesource.com/4285
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 22:05:41 +00:00
David Benjamin
0344dafb71 Tidy cipher rule processing.
Rather than shoehorn real ciphers and cipher aliases into the same type (that's
what cipher->valid is used for), treat them separately. Make
ssl_cipher_apply_rule match ciphers by cipher_id (the parameter was ignored and
we assumed that masks uniquely identify a cipher) and remove the special cases
around zero for all the masks. This requires us to remember which fields
default to 0 and which default to ~0u, but the logic is much clearer.

Finally, now that ciphers and cipher aliases are different, don't process rules
which sum together an actual cipher with cipher aliases. This would AND
together the masks for the alias with the values in the cipher and do something
weird around alg_ssl. (alg_ssl is just weird in general, as everyone trying to
disable SSLv3 in OpenSSL recently discovered.)

With all that, we can finally remove cipher->valid which was always one.

Change-Id: Iefcfe159bd6c22dbaea3a5f1517bd82f756dcfe1
Reviewed-on: https://boringssl-review.googlesource.com/4284
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 22:05:10 +00:00
Brian Smith
c82a00d818 Replace MD5 in examples with SHA-256.
Avoiding superflous references to MD5 makes it easier to audit the code
to find unsafe uses of it. It also avoids subtly encouraging users to
choose MD5 instead of a better alternative.

Change-Id: Ic78eb5dfbf44aac39e4e4eb29050e3337c4445cc
Reviewed-on: https://boringssl-review.googlesource.com/3926
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:55:48 +00:00
Brian Smith
8983a1da7b Remove gotos from HMAC code.
Change-Id: Ic17257e65207ada658f781f4b35ec0cf75bb5474
Reviewed-on: https://boringssl-review.googlesource.com/4151
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:54:26 +00:00
Brian Smith
dd973b2364 Use smart pointers instead of gotos in digest.cc.
Change-Id: Ifa32c5c6e501a394e6947ed1420b6a4852de8b36
Reviewed-on: https://boringssl-review.googlesource.com/4150
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:54:19 +00:00
Brian Smith
0acef5ec27 Simplify ec_group_st on the assumption it is used for GF(p) only.
Change-Id: I90e8f9ce7b996471daed129794eb1b0fa80a27cc
Reviewed-on: https://boringssl-review.googlesource.com/4272
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:53:20 +00:00
Brian Smith
054e682675 Eliminate unnecessary includes from low-level crypto modules.
Beyond generally eliminating unnecessary includes, eliminate as many
includes of headers that declare/define particularly error-prone
functionality like strlen, malloc, and free. crypto/err/internal.h was
added to remove the dependency on openssl/thread.h from the public
openssl/err.h header. The include of <stdlib.h> in openssl/mem.h was
retained since it defines OPENSSL_malloc and friends as macros around
the stdlib.h functions. The public x509.h, x509v3.h, and ssl.h headers
were not changed in order to minimize breakage of source compatibility
with external code.

Change-Id: I0d264b73ad0a720587774430b2ab8f8275960329
Reviewed-on: https://boringssl-review.googlesource.com/4220
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:49:18 +00:00
Adam Langley
ef24ac396a Remove mistaken typedef from 83a82981dc.
(This broke the Windows build at least.)

Change-Id: I09f088258dc4949554b30c822f8c6cdfa7cd84ff
2015-04-13 13:34:52 -07:00
Brian Smith
a039d70270 Enable MSVC warning C4701, use of potentially uninitialized variable.
C4701 is "potentially uninitialized local variable 'buf' used". It
sometimes results in false positives, which can now be suppressed
using the macro OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS.

Change-Id: I15068b5a48e1c704702e7752982b9ead855e7633
Reviewed-on: https://boringssl-review.googlesource.com/3160
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:32:26 +00:00
Brian Smith
1a9bc44127 Fix standalone Windows release-mode builds.
`cmake -GNinja .. -DCMAKE_BUILD_TYPE=Release` fails without this
patch, when building using MSVC 2013.

MSVC will detect (in release builds only, it seems) that functions that
call abort will never return, and then warn that any code after a call
to one of them is unreachable. Since we treat warnings as errors when
building, this breaks the build. While this is usually desirable, it
isn't desirable in this case.

Change-Id: Ie5f24b1beb60fd2b33582a2ceef4c378ad0678fb
Reviewed-on: https://boringssl-review.googlesource.com/3960
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:29:05 +00:00
Brian Smith
655764a22a Test ECDSA_do_sign/ECDSA_do_verify like ECDSA_sign/ECDSA_verify.
Change-Id: I6f2b685f9a2c7a921bc0705e0b9ff3dba38fdeab
Reviewed-on: https://boringssl-review.googlesource.com/3935
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:26:51 +00:00
Brian Smith
1f0d2ef3c4 Refactor ecdsa_test to make it easier to extend.
Change-Id: Ic69078e746ec87c233fbc18591b628c5e249e19f
Reviewed-on: https://boringssl-review.googlesource.com/3934
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:26:09 +00:00
Brian Smith
6e8fbfecd0 Remove crypto/obj dependencies from low-level crypto tests.
The only dependency the low-level crypto modules have on code in
crypto/obj is their use of OBJ_nid2sn, which is trivial to avoid.
This facilitates future simplification of crypto/obj, including
possibly the removal of functions like OBJ_nid2sn and the complex
build infrastructure that supports them.

This change also removes EVP_CIPHER_name and EVP_MD_name.

Change-Id: I34ce7dc7e58d5c08b52f95d25eba3963590cf2f7
Reviewed-on: https://boringssl-review.googlesource.com/3932
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:25:45 +00:00
Brian Smith
9da82c1ccc Remove superfluous crypto/bio dependencies from tests.
Limiting uses of crypto/bio to code that really need to it by avoiding
the use of BIO just to write to stdout/stderr.

Change-Id: I34e0f773161aeec073691e439ac353fb7b1785f3
Reviewed-on: https://boringssl-review.googlesource.com/3930
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:24:18 +00:00
Brian Smith
83a82981dc Rename BIO_print_errors_fp back to ERR_print_errors_fp & refactor it.
A previous change in BoringSSL renamed ERR_print_errors_fp to
BIO_print_errors_fp as part of refactoring the code to improve the
layering of modules within BoringSSL. Rename it back for better
compatibility with code that was using the function under the original
name. Move its definition back to crypto/err using an implementation
that avoids depending on crypto/bio.

Change-Id: Iee7703bb1eb4a3d640aff6485712bea71d7c1052
Reviewed-on: https://boringssl-review.googlesource.com/4310
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:23:29 +00:00
Brian Smith
7d897a1bf2 Replace RC4 in examples with AES-128-GCM.
Avoiding superflous references to RC4 makes it easier to audit the code
to find unsafe uses of it. It also avoids subtly encouraging users to
choose RC4 instead of a better alternative.

Change-Id: Ia27d7f4cd465e143d30a28b36c7871f7c30411ea
Reviewed-on: https://boringssl-review.googlesource.com/3990
Reviewed-by: Adam Langley <agl@google.com>
2015-04-10 22:39:23 +00:00
David Benjamin
48b3150c08 Fix some parsing bugs in doc.go.
skipPast got confused when STACK_OF wasn't in the front of the string (which it
rarely was due to OPENSSL_EXPORT).

It also couldn't parse comments which end with a '*/' on their own.
(Stylistically we don't do this, but ssl_cipher_preference_list_st ends with an
ASCII art diagram which probably shouldn't gain a comment marker in the middle.)

Change-Id: I7687f4fd126003108906b995da0f2cd53f7d693a
Reviewed-on: https://boringssl-review.googlesource.com/4288
Reviewed-by: Adam Langley <agl@google.com>
2015-04-10 22:27:10 +00:00
David Benjamin
e00fc887e4 Fix typo.
Change-Id: I4303abae61a7526e039ccb9a321b7b18e0ba35b7
Reviewed-on: https://boringssl-review.googlesource.com/4287
Reviewed-by: Adam Langley <agl@google.com>
2015-04-10 22:25:59 +00:00
David Benjamin
107db58047 Switch cipher masks to uint32_t.
These are all masks of some sort (except id which is a combined version and
cipher), so they should use fixed-size unsigned integers.

Change-Id: I058dd8ad231ee747df4b4fb17d9c1e2cbee21918
Reviewed-on: https://boringssl-review.googlesource.com/4283
Reviewed-by: Adam Langley <agl@google.com>
2015-04-10 22:16:05 +00:00
David Benjamin
2e749e8f61 Move the sys/time.h #include out of extern C.
We shouldn't be wrapping system headers.

Change-Id: I77498f4ec869797050b276eb764d892f73782f9f
Reviewed-on: https://boringssl-review.googlesource.com/4282
Reviewed-by: Adam Langley <agl@google.com>
2015-04-10 22:15:19 +00:00
David Benjamin
f0ae170021 Include-what-you-use ssl/internal.h.
The rest of ssl/ still includes things everywhere, but this at least fixes the
includes that were implicit from ssl/internal.h.

Change-Id: I7ed22590aca0fe78af84fd99a3e557f4b05f6782
Reviewed-on: https://boringssl-review.googlesource.com/4281
Reviewed-by: Adam Langley <agl@google.com>
2015-04-10 22:15:02 +00:00
David Benjamin
2ee94aabf5 Rename ssl_locl.h to internal.h
Match the other internal headers.

Change-Id: Iff7e2dd06a1a7bf993053d0464cc15638ace3aaa
Reviewed-on: https://boringssl-review.googlesource.com/4280
Reviewed-by: Adam Langley <agl@google.com>
2015-04-10 22:14:09 +00:00
Adam Langley
0fd5639701 Fix up whitespace in headers for doc.go.
Also, set sensible defaults for the command-line arguments to doc.go.

Change-Id: Iefd2ade4c9095489efa0ae1059007593fc84923a
2015-04-08 17:32:55 -07:00
Brian Smith
d6405beb2c Avoid calling BN_CTX_end without BN_CTX_start in ec_wNAF_precompute_mult.
Prior to this change, when EC_GROUP_get0_generator fails, BN_CTX_end
would get called even though BN_CTX_start hadn't been called yet, in
the case where the caller-supplied |ctx| is not NULL.

Change-Id: I6f728e74f0167193891cdb6f122b20b0770283dc
Reviewed-on: https://boringssl-review.googlesource.com/4271
Reviewed-by: Adam Langley <agl@google.com>
2015-04-09 00:29:14 +00:00