Commit Graph

65 Commits

Author SHA1 Message Date
Adam Langley
eb8be01f0c Add ciphers option to bssl.
This simply converts a cipher suite string to the list of cipher suites
that it implies.

Change-Id: Id8b31086715d619ea6601c40a6eb84dc0d8c500d
Reviewed-on: https://boringssl-review.googlesource.com/6370
Reviewed-by: Adam Langley <agl@google.com>
2015-11-03 01:17:02 +00:00
Adam Langley
5dbdad9c33 For now, give the unsuffixed ChaCha20 AEAD name to the old version.
QUIC has a complex relationship with BoringSSL owing to it living both
in Chromium and the Google-internal repository. In order for it to
handle the ChaCha20-Poly1305 AEAD switch more easily this change gives
the unsuffixed name to the old AEAD, for now.

Once QUIC has moved to the “_old” version the unsuffixed name can be
given to the new version.

Change-Id: Id8a77be6e3fe2358d78e022413fe088e5a274dca
Reviewed-on: https://boringssl-review.googlesource.com/6361
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-27 16:39:12 +00:00
Brian Smith
3e23e4cb58 Add the RFC 7539 ChaCha20-Poly1305 AEAD.
Change-Id: I07dfde7cc304d903c2253600905cc3e6257716c5
Reviewed-on: https://boringssl-review.googlesource.com/6101
Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-27 00:46:36 +00:00
Matt Braithwaite
29d8adbdc6 Better handle IPv6.
∙ host:port parsing, where unavoidable, is now IPv6-friendly.
  ∙ |BIO_C_GET_CONNECT| is simply removed.
  ∙ bssl -accept now listens on both IPv6 and IPv4.

Change-Id: I1cbd8a79c0199bab3ced4c4fd79d2cc5240f250c
Reviewed-on: https://boringssl-review.googlesource.com/6214
Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-26 21:06:01 +00:00
David Benjamin
7a1eefd3cd Deprecate SSL_library_init.
It just calls CRYPTO_library_init and doesn't do anything else. If
anything, I'd like to make CRYPTO_library_init completely go away too.
We have CRYPTO_once now, so I think it's safe to assume that, if ssl/
ever grows initialization needs beyond that of crypto/, we can hide it
behind a CRYPTO_once and not burden callers.

Change-Id: I63dc362e0e9e98deec5516f4620d1672151a91b6
Reviewed-on: https://boringssl-review.googlesource.com/6311
Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-26 18:36:23 +00:00
David Benjamin
ed50cee007 Check fread's return value in tool/server.cc.
Some compilers complain and it's worth checking. Maybe the file changed in size
between ftell and fread.

Change-Id: I7898b8517556ec6899bd6e8866ba3d1cd7efd5f4
Reviewed-on: https://boringssl-review.googlesource.com/5763
Reviewed-by: Adam Langley <agl@google.com>
2015-08-28 22:47:26 +00:00
David Benjamin
621f95a3ea Add -session-in and -session-out to bssl client.
This is analogous to openssl s_client's -sess_in and -sess_out. Use PEM to
align with OpenSSL. This is useful for debugging session resumption and also
generating things to test serialization against.

Change-Id: Idc58e8fa3dd4c2385f6a2d647e66ef11427be60d
Reviewed-on: https://boringssl-review.googlesource.com/5761
Reviewed-by: Adam Langley <agl@google.com>
2015-08-28 22:04:30 +00:00
Paul Lietar
aeeff2ceee Server-side OCSP stapling support.
This is a simpler implementation than OpenSSL's, lacking responder IDs
and request extensions support. This mirrors the client implementation
already present.

Change-Id: I54592b60e0a708bfb003d491c9250401403c9e69
Reviewed-on: https://boringssl-review.googlesource.com/5700
Reviewed-by: Adam Langley <agl@google.com>
2015-08-20 17:55:31 +00:00
Adam Langley
49c7af1c42 Convert the Channel ID extension to the new system.
This also removes support for the “old” Channel ID extension.

Change-Id: I1168efb9365c274db6b9d7e32013336e4404ff54
Reviewed-on: https://boringssl-review.googlesource.com/5462
Reviewed-by: Adam Langley <agl@google.com>
2015-07-21 21:44:11 +00:00
Doug Hogan
a5e2915ba1 Fix build on Unix systems without POSIX realtime extensions.
This allows BoringSSL to build on OpenBSD with gcc/g++ 4.9.2.

Change-Id: Icce23de87b0358a581124eb8cd37dc48a1f096c9
Reviewed-on: https://boringssl-review.googlesource.com/5401
Reviewed-by: Adam Langley <agl@google.com>
2015-07-10 01:51:16 +00:00
David Benjamin
74f711083d Parse RSAPrivateKey with CBS.
This removes the version field from RSA and instead handles versioning
as part of parsing. (As a bonus, we now correctly limit multi-prime RSA
to version 1 keys.)

Most consumers are also converted. old_rsa_priv_{de,en}code are left
alone for now. Those hooks are passed in parameters which match the old
d2i/i2d pattern (they're only used in d2i_PrivateKey and
i2d_PrivateKey).

Include a test which, among other things, checks that public keys being
serialized as private keys are handled properly.

BUG=499653

Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08
Reviewed-on: https://boringssl-review.googlesource.com/5273
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 22:50:53 +00:00
Adam Langley
3d960e5ec1 Include base.h in tool/internal.h.
This is attempting to fix a Windows build failure when building args.cc.

Change-Id: I6e0c05303832c446d07e5e0d95a1c5151d275788
2015-06-08 14:52:13 -07:00
David Benjamin
58084affbe Make constants in bssl tool actually const.
Change-Id: Iedf6a1bafbe195b689e1aebd2293332e38c1f4c7
Reviewed-on: https://boringssl-review.googlesource.com/5042
Reviewed-by: Adam Langley <agl@google.com>
2015-06-08 21:43:15 +00:00
Adam Langley
dd45e3b236 Possible Windows build fix.
This just tries to convince MSVC that we're not going to use |nprimes|
without initialising it first:

tool\genrsa.cc(63) : warning C4701: potentially uninitialized local
variable 'nprimes' used

Change-Id: If8a68ad4fe2c2fb7a8073b7ba43d540467ddf8f8
2015-06-05 12:25:51 -07:00
David Benjamin
1a3c23234c Fix build.
Mac wants a stdlib.h. Windows wants a void and doesn't like static const in
array declarations.

Change-Id: If1e8fb141e41200cf8a7348c6918c2f22465f5fe
Reviewed-on: https://boringssl-review.googlesource.com/5030
Reviewed-by: Adam Langley <agl@google.com>
2015-06-05 19:13:31 +00:00
David Benjamin
1043ac0fac Add a flag to bssl client to enable False Start.
One more flag we'd need for bssl client to mimic Chromium.

Change-Id: I66bb43f0d6789c8ab922679747b7e9bc28c1d849
Reviewed-on: https://boringssl-review.googlesource.com/5010
Reviewed-by: Adam Langley <agl@google.com>
2015-06-05 18:40:18 +00:00
Adam Langley
839b881c61 Multi-prime RSA support.
RSA with more than two primes is specified in
https://tools.ietf.org/html/rfc3447, although the idea goes back far
earier than that.

This change ports some of the changes in
http://rt.openssl.org/Ticket/Display.html?id=3477&user=guest&pass=guest
to BoringSSL—specifically those bits that are under an OpenSSL license.

Change-Id: I51e8e345e2148702b8ce12e00518f6ef4683d3e1
Reviewed-on: https://boringssl-review.googlesource.com/4870
Reviewed-by: Adam Langley <agl@google.com>
2015-06-05 18:39:44 +00:00
David Benjamin
ac63748997 Revert "tool: we don't need -lrt."
This reverts commit e60e2a483b. Turns out we do
still use clock_gettime in speed.cc.

Change-Id: Idab42ef2863345c3d1409b5d33c3e36b41739e1f
Reviewed-on: https://boringssl-review.googlesource.com/4894
Reviewed-by: Adam Langley <agl@google.com>
2015-05-27 19:21:43 +00:00
Adam Langley
e60e2a483b tool: we don't need -lrt.
I think, long ago, I tried to use the monotonic clock in speed.cc, which
needs -lrt. However, the current code doesn't use that and thus doesn't
need -lrt.

Change-Id: Ibcbf90f91ae6b852c0975dff006346125243df54
Reviewed-on: https://boringssl-review.googlesource.com/4622
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-05-05 18:28:26 +00:00
Adam Langley
843ab66e17 Add support for building with the Android NDK.
Previously I've been using the Linaro toolchains and just building
static binaries. However, the Linaro toolchains have a broken
pthread_rwlock_wrlock—it does nothing and then unlocking corrupts the
lock.

Building with the Android NDK avoids this.

These build instructions depend on
https://github.com/taka-no-me/android-cmake which people will need to
clone into util/ if they want to use the Android NDK.

Change-Id: Ic64919f9399af2a57e8df4fb4b3400865ddb2427
Reviewed-on: https://boringssl-review.googlesource.com/4600
Reviewed-by: Adam Langley <agl@google.com>
2015-05-05 00:31:46 +00:00
David Benjamin
f0df86a1f6 Fix standalone build on Mac.
CRYPTO_MUTEX was the wrong size. Fortunately, Apple was kind enough to define
pthread_rwlock_t unconditionally, so we can be spared fighting with feature
macros. Some of the stdlib.h removals were wrong and clang is pick about
multiply-defined typedefs. Apparently that's a C11 thing?

BUG=478598

Change-Id: Ibdcb8de9e5d83ca28e4c55b2979177d1ef0f9721
Reviewed-on: https://boringssl-review.googlesource.com/4404
Reviewed-by: Adam Langley <agl@google.com>
2015-04-20 16:50:18 +00:00
Adam Langley
92b6b02475 tool: include base.h before testing OPENSSL_WINDOWS.
Even though windows.h etc are system headers, conditional includes have
to come after the others.

Change-Id: I839b3b6c32a76c806698e2cdc71e50433fa900b2
2015-04-16 14:02:52 -07:00
Adam Langley
ad6b28e974 Add 64-bit, P-256 implementation.
This is taken from upstream, although it originally came from us. This
will only take effect on 64-bit systems (x86-64 and aarch64).

Before:

Did 1496 ECDH P-256 operations in 1038743us (1440.2 ops/sec)
Did 2783 ECDSA P-256 signing operations in 1081006us (2574.5 ops/sec)
Did 2400 ECDSA P-256 verify operations in 1059508us (2265.2 ops/sec)

After:

Did 4147 ECDH P-256 operations in 1061723us (3905.9 ops/sec)
Did 9372 ECDSA P-256 signing operations in 1040589us (9006.4 ops/sec)
Did 4114 ECDSA P-256 verify operations in 1063478us (3868.4 ops/sec)

Change-Id: I11fabb03239cc3a7c4a97325ed4e4c97421f91a9
2015-04-16 13:53:05 -07:00
Adam Langley
90b5840b02 tool: benchmark the RNG.
This change adds a benchmark for the RNG and also allows specific speed
tests to be selected via a command-line argument, since the full speed
suite is getting quite lengthy now and is only going to get longer in
the future.

Change-Id: If62c69177d58d3eb945d6108524c144ea0044137
Reviewed-on: https://boringssl-review.googlesource.com/4326
Reviewed-by: Adam Langley <agl@google.com>
2015-04-14 20:11:40 +00:00
Adam Langley
f030369717 tool: add rand.
The rand subcommand outputs entropy to stdout.

Change-Id: I95c2769a1784a8dd4c21efc15009080006d51349
Reviewed-on: https://boringssl-review.googlesource.com/4325
Reviewed-by: Adam Langley <agl@google.com>
2015-04-14 20:11:39 +00:00
Adam Langley
1f26ed767a Undo one fragment of 054e6826.
054e6826 got the condition wrong and strcmp saves a bunch of
allocations.

Change-Id: Iac7cbdd0b63747684c2f245868a7911c5f7eba57
2015-04-13 15:59:36 -07:00
Brian Smith
dd973b2364 Use smart pointers instead of gotos in digest.cc.
Change-Id: Ifa32c5c6e501a394e6947ed1420b6a4852de8b36
Reviewed-on: https://boringssl-review.googlesource.com/4150
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:54:19 +00:00
Brian Smith
054e682675 Eliminate unnecessary includes from low-level crypto modules.
Beyond generally eliminating unnecessary includes, eliminate as many
includes of headers that declare/define particularly error-prone
functionality like strlen, malloc, and free. crypto/err/internal.h was
added to remove the dependency on openssl/thread.h from the public
openssl/err.h header. The include of <stdlib.h> in openssl/mem.h was
retained since it defines OPENSSL_malloc and friends as macros around
the stdlib.h functions. The public x509.h, x509v3.h, and ssl.h headers
were not changed in order to minimize breakage of source compatibility
with external code.

Change-Id: I0d264b73ad0a720587774430b2ab8f8275960329
Reviewed-on: https://boringssl-review.googlesource.com/4220
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:49:18 +00:00
Brian Smith
83a82981dc Rename BIO_print_errors_fp back to ERR_print_errors_fp & refactor it.
A previous change in BoringSSL renamed ERR_print_errors_fp to
BIO_print_errors_fp as part of refactoring the code to improve the
layering of modules within BoringSSL. Rename it back for better
compatibility with code that was using the function under the original
name. Move its definition back to crypto/err using an implementation
that avoids depending on crypto/bio.

Change-Id: Iee7703bb1eb4a3d640aff6485712bea71d7c1052
Reviewed-on: https://boringssl-review.googlesource.com/4310
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:23:29 +00:00
David Benjamin
0e434b9470 Define NOMINMAX across the entire project.
This fixes the standalone build on Windows and matches Chromium.

Change-Id: I194f53e0a610c5ae9cef53c826b22f7bded5f357
Reviewed-on: https://boringssl-review.googlesource.com/4201
Reviewed-by: Adam Langley <agl@google.com>
2015-04-02 18:38:56 +00:00
David Benjamin
45fb1be33e Remove std::unique_ptr dependency on bssl_shim's scoped types.
This is in preparation for using RAII in the unit tests. Those tests are built
in Chromium as well, but Chromium does not have C++11 library support across
all its toolchains. Compiler support is available, so add a partial
reimplementation of std::unique_ptr and std::move under crypto/test/. The
scopers for the crypto/ library are also moved there while the ones for ssl/
stay in ssl/test/.

Change-Id: I38f769acbc16a870db34649928575c7314b6e9f6
Reviewed-on: https://boringssl-review.googlesource.com/4120
Reviewed-by: Adam Langley <agl@google.com>
2015-03-31 23:03:06 +00:00
Adam Langley
3e719319be Lowercase some Windows headers.
MinGW on Linux needs lowercase include files. On Windows this doesn't
matter since the filesystems are case-insensitive, but building
BoringSSL on Linux with MinGW has case-sensitive filesystems.

Change-Id: Id9c120d819071b041341fbb978352812d6d073bc
Reviewed-on: https://boringssl-review.googlesource.com/4090
Reviewed-by: Adam Langley <agl@google.com>
2015-03-31 22:21:42 +00:00
David Benjamin
0570923ed2 Add additional features to bssl client.
This exposes the features needed to mimic Chrome's ClientHello, which is useful
in testing. Also use bssl_shim's scopers for SSL objects.

Change-Id: Icb88bb00c0a05c27610134d618f466a24f7f757a
Reviewed-on: https://boringssl-review.googlesource.com/4113
Reviewed-by: Adam Langley <agl@google.com>
2015-03-23 23:16:30 +00:00
David Benjamin
d434f28ef2 Fix bssl speed.
The TLS AEADs require EVP_AEAD_CTX_init_with_direction now. The speed command
was never updated to account for this.

BUG=467762

Change-Id: I8c7d4566b51d54d91d17318b8f4813ad8f19c777
Reviewed-on: https://boringssl-review.googlesource.com/3971
Reviewed-by: Adam Langley <agl@google.com>
2015-03-17 23:57:02 +00:00
Brian Smith
1d1562d9b5 Free new[]'d array using delete[] instead of free in speed.cc.
Change-Id: Ic3d5e8de0b6800c0852c2057427836302c1f1aaa
Reviewed-on: https://boringssl-review.googlesource.com/3962
Reviewed-by: Adam Langley <agl@google.com>
2015-03-17 21:04:15 +00:00
Brian Smith
d53b2c3c88 Fix out-of-bounds memory write in speed.cc.
Windows x64 uses the IL32P64 data model, which means that unsigned int
is 32 bits and size_t is 64 bits. Previously, the expression
|~(alignment - 1)| resulted in the 32-bit value 0xFFFFFFF0, which was
then extended to the 64-bit value 0x00000000FFFFFFF0 when promoted to
size_t. When the input pointer was masked with this value, the result
was a pointer that was usually way outside the boundaries of the array.

The new code casts |alignment| to size_t first prior to the bitwise
negation, resulting in the correct mask value of 0xFFFFFFFFFFFFFFF0.

Change-Id: I04754aa9e1ce7a615c2b4c74051cfcca38dbb52f
Reviewed-on: https://boringssl-review.googlesource.com/3961
Reviewed-by: Adam Langley <agl@google.com>
2015-03-17 19:12:54 +00:00
Adam Langley
2b2d66d409 Remove string.h from base.h.
Including string.h in base.h causes any file that includes a BoringSSL
header to include string.h. Generally this wouldn't be a problem,
although string.h might slow down the compile if it wasn't otherwise
needed. However, it also causes problems for ipsec-tools in Android
because OpenSSL didn't have this behaviour.

This change removes string.h from base.h and, instead, adds it to each
.c file that requires it.

Change-Id: I5968e50b0e230fd3adf9b72dd2836e6f52d6fb37
Reviewed-on: https://boringssl-review.googlesource.com/3200
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-02-02 19:14:15 +00:00
Brian Smith
efed2210e8 Enable more warnings & treat warnings as errors on Windows.
Change-Id: I2bf0144aaa8b670ff00b8e8dfe36bd4d237b9a8a
Reviewed-on: https://boringssl-review.googlesource.com/3140
Reviewed-by: Adam Langley <agl@google.com>
2015-01-31 00:18:55 +00:00
Adam Langley
267253470a Align pointers by hand.
This avoids having Windows be different and is also easier for testing
because it's a simple matter to unalign the pointer if needed.

Change-Id: I32cfa5834e3fe4f16304a25092b9c71946d4744d
Reviewed-on: https://boringssl-review.googlesource.com/3131
Reviewed-by: Adam Langley <agl@google.com>
2015-01-29 20:06:34 +00:00
Brian Smith
a87de9b39b Define WIN32_LEAN_AND_MEAN in the build system, not in the code.
This avoids a conflict with the Chromium build system, which
defines WIN32_LEAN_AND_MEAN with a different value.

BUG=crbug.com/453196

Change-Id: Ia15ec7c20325c1961af4f32e5208266e5f846f35
Reviewed-on: https://boringssl-review.googlesource.com/3150
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-01-29 18:48:57 +00:00
Adam Langley
4a0f0c4910 Change CMakeLists.txt to two-space indent.
find -name CMakeLists.txt -type f | xargs sed -e 's/\t/  /g' -i

Change-Id: I01636b1849c00ba918f48828252492d99b0403ac
2015-01-28 16:37:10 -08:00
Brian Smith
dc94b54708 Clean up use of Windows Platform SDK headers.
Define WIN32_LEAN_AND_MEAN before including Windows Platform SDK
headers to preempt naming conflicts and to make the build faster. Avoid
including those headers in BoringSSL headers. Document that Platform
SDK 8.1 or later is required on Windows.

Change-Id: I907ada21dc722527ea37e839c71c5157455a7003
Reviewed-on: https://boringssl-review.googlesource.com/3100
Reviewed-by: Adam Langley <agl@google.com>
2015-01-28 20:36:49 +00:00
Brian Smith
33970e6ce0 Enable bssl client/s_client and server/s_server on Windows.
Change-Id: Iea9bd25176724b56ebb21bded6925f5d30176548
Reviewed-on: https://boringssl-review.googlesource.com/3071
Reviewed-by: Adam Langley <agl@google.com>
2015-01-28 20:24:09 +00:00
Brian Smith
afdaeee7ed Enable bssl (md5sum, sha256sum, etc.) on Windows.
We deal with the difference between binary and text modes on Windows by
doing all I/O in binary mode (including, in particular,
stdin/stdout/stderr) and by treating text mode as equivalent to binary
mode (i.e. we use Unix line ending semantics).

Change-Id: I76a46d8d02cd7efe1931c8272d8f2c311aef3acb
Reviewed-on: https://boringssl-review.googlesource.com/3070
Reviewed-by: Adam Langley <agl@google.com>
2015-01-28 20:07:39 +00:00
Adam Langley
bed8f7307e Fix build after mistake addressing comments in cca4d599.
My screwup—I didn't rebuild before submitting :(

Change-Id: If3e1a5cc5bdf6cacb94bc23896619796b22bd9d2
2015-01-26 16:34:37 -08:00
Adam Langley
cca4d5991f Add digest sum handling to the tool.
Android might want to replace the system *sum (i.e. md5sum, sha256sum
etc) binaries with a symlink to the BoringSSL tool binary.

This change also allows the tool to figure out what to do based on
argv[0] if it matches one of the known commands.

Change-Id: Ia4fc3cff45ce2ae623dae6786eea5d7ad127d44b
Reviewed-on: https://boringssl-review.googlesource.com/2940
Reviewed-by: Adam Langley <agl@google.com>
2015-01-26 21:27:18 +00:00
David Benjamin
384673ceb7 Fix tool build on Windows.
C++ doesn't allow implicit void* casts.

Change-Id: I50a2ab3fce6a38470b4e8216bd461ba2cd2c2215
Reviewed-on: https://boringssl-review.googlesource.com/2971
Reviewed-by: Adam Langley <agl@google.com>
2015-01-22 19:22:39 +00:00
Adam Langley
e7624340ee Also test AES-CBC modes in the speed tool.
This change adds the AES-128-CBC-SHA and AES-256-CBC-SHA AEADs to the
speed test. These AEADs need an 11 byte additional data so the test is
extended to be able to provide that.

Change-Id: I9a57c2321a979a68ab0df9faf1bb26b44a3009c4
Reviewed-on: https://boringssl-review.googlesource.com/2922
Reviewed-by: Adam Langley <agl@google.com>
2015-01-16 19:04:44 +00:00
Adam Langley
543d00692a Benchmark AEADs with aligned buffers.
This eliminates a source of variability from the benchmarks.

Change-Id: I8ce07bd68e7591f8c5545040b02b96d21609a0e5
Reviewed-on: https://boringssl-review.googlesource.com/2920
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-01-16 19:00:17 +00:00
Dave Tapuska
b8a824d70d Add the ability to run a server from the command line tool.
Change-Id: Ia8588aeaad8b44a6a306d7d5bfecc895adde1910
2014-12-11 10:47:21 -08:00