Commit Graph

90 Commits

Author SHA1 Message Date
David Benjamin
72acbecb89 Handle IPv6 literals in bssl client.
With IPv6, splitting a colon-separated host/port becomes more complicated.

Change-Id: I5073a5cbaa0714f2f8b9c837bb0809dd20304a3c
Reviewed-on: https://boringssl-review.googlesource.com/8441
Reviewed-by: Adam Langley <agl@google.com>
2016-06-22 20:23:46 +00:00
David Benjamin
a353cdb671 Wrap MSVC-only warning pragmas in a macro.
There's a __pragma expression which allows this. Android builds us Windows with
MinGW for some reason, so we actually do have to tolerate non-MSVC-compatible
Windows compilers. (Clang for Windows is much more sensible than MinGW and
intentionally mimicks MSVC.)

MinGW doesn't understand MSVC's pragmas and warns a lot. #pragma warning is
safe to suppress, so wrap those to shush them. This also lets us do away with a
few ifdefs.

Change-Id: I1f5a8bec4940d4b2d947c4c1cc9341bc15ec4972
Reviewed-on: https://boringssl-review.googlesource.com/8236
Reviewed-by: Adam Langley <agl@google.com>
2016-06-09 21:29:36 +00:00
David Benjamin
3995a38f3b Print out whether EMS was supported.
Change-Id: I3c5aa418fe767bce883fcdd0a926f922f9f8bbd3
Reviewed-on: https://boringssl-review.googlesource.com/8082
Reviewed-by: Adam Langley <agl@google.com>
2016-05-31 21:11:55 +00:00
nmittler
f0322b2abc Use non-deprecated methods on windows.
Use of strdup, close, lseek, read, and write prevent linking
statically againt libcmt.lib.

Change-Id: I04f7876ec0f03f29f000bbcc6b2ccdec844452d2
Reviewed-on: https://boringssl-review.googlesource.com/8010
Reviewed-by: David Benjamin <davidben@google.com>
2016-05-19 20:30:50 +00:00
Matt Braithwaite
e09e579603 Rename NEWHOPE functions to offer/accept/finish.
This is consistent with the new convention in ssl_ecdh.c.

Along the way, change newhope_test.c to not iterate 1000 times over each
test.

Change-Id: I7a500f45b838eba8f6df96957891aa8e880ba089
Reviewed-on: https://boringssl-review.googlesource.com/8012
Reviewed-by: David Benjamin <davidben@google.com>
2016-05-19 18:17:48 +00:00
Adam Langley
7909aa7c23 Pass array by reference in newhope speed test.
This is another thing that MSVC can't cope with:

..\tool\speed.cc(537) : error C2536: 'SpeedNewHope::<⋯>::SpeedNewHope::<⋯>::clientmsg' : cannot specify explicit initializer for arrays

Change-Id: I6b4cb430895f7794e9cef1b1c12b57ba5d537c64
2016-04-26 16:31:38 -07:00
Matt Braithwaite
045a0ffe35 Import `newhope' (post-quantum key exchange).
This derives from the reference implementation:

Source: https://github.com/tpoeppelmann/newhope/tree/master/ref at bc06c1ac
Paper: https://eprint.iacr.org/2015/1092

However, it does not interoperate, due to the replacement of SHAKE-128
with AES-CTR (for polynomial generation) and the replacement of SHA-3
with SHA-256 (for key whitening).

Change-Id: I6a55507aea85331245e2fbd41bae5cc049fdca3c
Reviewed-on: https://boringssl-review.googlesource.com/7690
Reviewed-by: Adam Langley <agl@google.com>
2016-04-26 22:53:59 +00:00
Gabriel Redner
dcb3383463 Modify 'bssl client' to print the cert subject and issuer
This is the one piece of functionality I miss from the openssl tool -
the ability to see some basic information about the server cert.

Sample output:
==========
$ bssl client -connect www.google.com
Connecting to [2607:f8b0:4006:80d::1010]:443
Connected.
  Version: TLSv1.2
  Resumed session: no
  Cipher: ECDHE-RSA-AES128-GCM-SHA256
  ECDHE curve: P-256
  Secure renegotiation: yes
  Next protocol negotiated:
  ALPN protocol:
  Cert subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
  Cert issuer: /C=US/O=Google Inc/CN=Google Internet Authority G2
==========

Change-Id: I758682784752a616628138e420f52586d5a1bb31
Reviewed-on: https://boringssl-review.googlesource.com/7620
Reviewed-by: David Benjamin <davidben@google.com>
2016-04-07 03:22:19 +00:00
David Benjamin
981936791e Remove some easy obj.h dependencies.
A lot of consumers of obj.h only want the NID values. Others didn't need
it at all. This also removes some OBJ_nid2sn and OBJ_nid2ln calls in EVP
error paths which isn't worth pulling a large table in for.

BUG=chromium:499653

Change-Id: Id6dff578f993012e35b740a13b8e4f9c2edc0744
Reviewed-on: https://boringssl-review.googlesource.com/7563
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-31 20:50:33 +00:00
Piotr Sikora
f932894c7f Move function declarations to internal header.
Partially fixes build with -Wmissing-declarations.

Change-Id: Ia563063fb077cda79244c21f02fd1c0f550353c2
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://boringssl-review.googlesource.com/7515
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-20 16:56:32 +00:00
Piotr Sikora
c6d3029eda Add missing internal includes.
Partially fixes build with -Wmissing-prototypes -Wmissing-declarations.

Change-Id: I51209c30f532899f57cfdd9a50cff0a8ee3da5b5
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://boringssl-review.googlesource.com/7512
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-20 16:38:54 +00:00
Piotr Sikora
9bb8ba6ba1 Make local functions static.
Partially fixes build with -Wmissing-prototypes -Wmissing-declarations.

Change-Id: I6048f5b7ef31560399b25ed9880156bc7d8abac2
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://boringssl-review.googlesource.com/7511
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-20 16:37:58 +00:00
Adam Langley
708db16463 Pass |alice_msg| by reference in the SPAKE2 speed test.
This is an attempt to make MSVC happy. Currently it's saying:

..\tool\speed.cc(508) : error C2536: 'SpeedSPAKE2::<lambda_…>::SpeedSPAKE2::<lambda_…>::alice_msg' : cannot specify explicit initializer for arrays

Change-Id: Ifba1df26b5d734f142668a41834645c1549f9f52
Reviewed-on: https://boringssl-review.googlesource.com/7248
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-01 19:50:20 +00:00
Arnar Birgisson
f27459e412 Add SPAKE2 over Ed25519.
SPAKE2 is a password-authenticated key exchange. This implementation is
over the twisted Edwards curve Ed25519, and uses SHA-512 as the hash
primitive.

See https://tools.ietf.org/html/draft-irtf-cfrg-spake2-03

Change-Id: I2cd3c3ebdc3d55ac3aea3a9eb0d06275509597ac
Reviewed-on: https://boringssl-review.googlesource.com/7114
Reviewed-by: Adam Langley <agl@google.com>
2016-03-01 19:34:10 +00:00
David Benjamin
e42da0e4b4 Fix bssl rand -hex.
It emits NULs instead of c.

Change-Id: Id7f103eac049129dbf9a3e852454b22134ce3270
Reviewed-on: https://boringssl-review.googlesource.com/7220
Reviewed-by: Adam Langley <agl@google.com>
2016-02-25 19:23:58 +00:00
David Benjamin
4cc36adf5a Make it possible to tell what curve was used on the server.
We don't actually have an API to let you know if the value is legal to
interpret as a curve ID. (This was kind of a poor API. Oh well.) Also add tests
for key_exchange_info. I've intentionally left server-side plain RSA missing
for now because the SSL_PRIVATE_KEY_METHOD abstraction only gives you bytes and
it's probably better to tweak this API instead.

(key_exchange_info also wasn't populated on the server, though due to a
rebasing error, that fix ended up in the parent CL. Oh well.)

Change-Id: I74a322c8ad03f25b02059da7568c9e1a78419069
Reviewed-on: https://boringssl-review.googlesource.com/6783
Reviewed-by: Adam Langley <agl@google.com>
2015-12-22 23:12:25 +00:00
David Benjamin
afe57cb14d Add a tool to generate Ed25519 keys.
Make it slightly easier for people to use.

Change-Id: I567e95bf1a5c203170a0b9732fd522fcbe5b7bc1
Reviewed-on: https://boringssl-review.googlesource.com/6773
Reviewed-by: Adam Langley <agl@google.com>
2015-12-18 23:34:13 +00:00
Adam Langley
77c3c0b025 Enable Ed25519 when building with OPENSSL_SMALL.
OPENSSL_SMALL will still cause the smaller base-point table to be used
and so won't be as fast at signing as the full version, but Ed25519 will
now work in those builds.

Without OPENSSL_SMALL:

Did 20000 Ed25519 key generation operations in 1008347us (19834.4 ops/sec)
Did 20000 Ed25519 signing operations in 1025594us (19500.9 ops/sec)
Did 6138 Ed25519 verify operations in 1001712us (6127.5 ops/sec)
Did 21000 Curve25519 base-point multiplication operations in 1019237us (20603.6 ops/sec)
Did 7095 Curve25519 arbitrary point multiplication operations in 1065986us (6655.8 ops/sec)

With (on the same machine):

Did 8415 Ed25519 key generation operations in 1020958us (8242.3 ops/sec)
Did 8952 Ed25519 signing operations in 1077635us (8307.1 ops/sec)
Did 6358 Ed25519 verify operations in 1047533us (6069.5 ops/sec)
Did 6620 Curve25519 base-point multiplication operations in 1008922us (6561.5 ops/sec)
Did 7183 Curve25519 arbitrary point multiplication operations in 1096285us (6552.1 ops/sec)

Change-Id: Ib443c0e2bdfd11e044087e66efd55b651a5667e7
Reviewed-on: https://boringssl-review.googlesource.com/6772
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-12-18 23:15:33 +00:00
David Benjamin
df571631cc Add RC4-SHA1 and DES-EDE3-CBC-SHA1 to bssl speed.
For completeness. In so far as we care about legacy ciphers' performance at
all, we should have the others too.

Change-Id: Idd2d93345f3af8b6ac5772a1cb3c201f84fe3197
Reviewed-on: https://boringssl-review.googlesource.com/6750
Reviewed-by: Adam Langley <agl@google.com>
2015-12-16 23:53:23 +00:00
David Benjamin
86e412dc18 Add client cert support to bssl client.
Handy to test servers with misbehaving client auth.

Change-Id: I93f7b77c35e223761edade648bc03d1f97ed82fd
Reviewed-on: https://boringssl-review.googlesource.com/6614
Reviewed-by: Adam Langley <agl@google.com>
2015-12-16 23:15:41 +00:00
David Benjamin
8ffab72683 Point EVP_aead_chacha20_poly1305 at the standardized version.
The consumers have all been updated, so we can move EVP_aead_chacha20_poly1305
to its final state. Unfortunately, the _rfc7539-suffixed version will need to
stick around for just a hair longer. Also the tls1.h macros, but the remaining
consumers are okay with that changing underneath them.

Change-Id: Ibbb70ec1860d6ac6a7e1d7b45e70fe692bf5ebe5
Reviewed-on: https://boringssl-review.googlesource.com/6600
Reviewed-by: Adam Langley <agl@google.com>
2015-12-16 21:22:11 +00:00
David Benjamin
d28f59c27b Switch the keylog BIO to a callback.
The keylog BIO is internally synchronized by the SSL_CTX lock, but an
application may wish to log keys from multiple SSL_CTXs. This is in
preparation for switching Chromium to use a separate SSL_CTX per profile
to more naturally split up the session caches.

It will also be useful for routing up SSLKEYLOGFILE in WebRTC. There,
each log line must be converted to an IPC up from the renderer
processes.

This will require changes in Chromium when we roll BoringSSL.

BUG=458365,webrtc:4417

Change-Id: I2945bdb4def0a9c36e751eab3d5b06c330d66b54
Reviewed-on: https://boringssl-review.googlesource.com/6514
Reviewed-by: Adam Langley <agl@google.com>
2015-11-19 01:23:49 +00:00
Adam Langley
3ac32b1eda Fix curve25519 code for MSVC.
MSVC doesn't like unary minus on unsigned types. Also, the speed test
always failed because the inputs were all zeros and thus had small
order.

Change-Id: Ic2d3c2c9bd57dc66295d93891396871cebac1e0b
2015-11-17 15:15:05 -08:00
Adam Langley
4fb0dc4b03 Add X25519 and Ed25519 support.
(Ed25519 support is disabled when |OPENSSL_SMALL| is defined.)

libcrypto.a sizes:

x86-64 -O3 -march=native: +78012 (1584902 → 1662914)
x86-64 -O3 -march=native -DOPENSSL_SMALL: +10596 (1356206 → 1366802)
Android armv7 Thumb -O2 -DOPENSSL_SMALL: +13132 (1258462 → 1271594)

Change-Id: I6a7e64d481e4ce4daa7d5057578081358746cfb9
Reviewed-on: https://boringssl-review.googlesource.com/6497
Reviewed-by: Adam Langley <agl@google.com>
2015-11-17 21:56:12 +00:00
David Benjamin
f606f9831b bssl pkcs12 shouldn't crash on missing key.
PKCS#12 files may not necessarily include keys.

Change-Id: Ibb43b609783b02aa9cbb192fea377081169666ff
Reviewed-on: https://boringssl-review.googlesource.com/6456
Reviewed-by: Adam Langley <agl@google.com>
2015-11-09 23:05:20 +00:00
Adam Langley
eb8be01f0c Add ciphers option to bssl.
This simply converts a cipher suite string to the list of cipher suites
that it implies.

Change-Id: Id8b31086715d619ea6601c40a6eb84dc0d8c500d
Reviewed-on: https://boringssl-review.googlesource.com/6370
Reviewed-by: Adam Langley <agl@google.com>
2015-11-03 01:17:02 +00:00
Adam Langley
5dbdad9c33 For now, give the unsuffixed ChaCha20 AEAD name to the old version.
QUIC has a complex relationship with BoringSSL owing to it living both
in Chromium and the Google-internal repository. In order for it to
handle the ChaCha20-Poly1305 AEAD switch more easily this change gives
the unsuffixed name to the old AEAD, for now.

Once QUIC has moved to the “_old” version the unsuffixed name can be
given to the new version.

Change-Id: Id8a77be6e3fe2358d78e022413fe088e5a274dca
Reviewed-on: https://boringssl-review.googlesource.com/6361
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-27 16:39:12 +00:00
Brian Smith
3e23e4cb58 Add the RFC 7539 ChaCha20-Poly1305 AEAD.
Change-Id: I07dfde7cc304d903c2253600905cc3e6257716c5
Reviewed-on: https://boringssl-review.googlesource.com/6101
Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-27 00:46:36 +00:00
Matt Braithwaite
29d8adbdc6 Better handle IPv6.
∙ host:port parsing, where unavoidable, is now IPv6-friendly.
  ∙ |BIO_C_GET_CONNECT| is simply removed.
  ∙ bssl -accept now listens on both IPv6 and IPv4.

Change-Id: I1cbd8a79c0199bab3ced4c4fd79d2cc5240f250c
Reviewed-on: https://boringssl-review.googlesource.com/6214
Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-26 21:06:01 +00:00
David Benjamin
7a1eefd3cd Deprecate SSL_library_init.
It just calls CRYPTO_library_init and doesn't do anything else. If
anything, I'd like to make CRYPTO_library_init completely go away too.
We have CRYPTO_once now, so I think it's safe to assume that, if ssl/
ever grows initialization needs beyond that of crypto/, we can hide it
behind a CRYPTO_once and not burden callers.

Change-Id: I63dc362e0e9e98deec5516f4620d1672151a91b6
Reviewed-on: https://boringssl-review.googlesource.com/6311
Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-26 18:36:23 +00:00
David Benjamin
ed50cee007 Check fread's return value in tool/server.cc.
Some compilers complain and it's worth checking. Maybe the file changed in size
between ftell and fread.

Change-Id: I7898b8517556ec6899bd6e8866ba3d1cd7efd5f4
Reviewed-on: https://boringssl-review.googlesource.com/5763
Reviewed-by: Adam Langley <agl@google.com>
2015-08-28 22:47:26 +00:00
David Benjamin
621f95a3ea Add -session-in and -session-out to bssl client.
This is analogous to openssl s_client's -sess_in and -sess_out. Use PEM to
align with OpenSSL. This is useful for debugging session resumption and also
generating things to test serialization against.

Change-Id: Idc58e8fa3dd4c2385f6a2d647e66ef11427be60d
Reviewed-on: https://boringssl-review.googlesource.com/5761
Reviewed-by: Adam Langley <agl@google.com>
2015-08-28 22:04:30 +00:00
Paul Lietar
aeeff2ceee Server-side OCSP stapling support.
This is a simpler implementation than OpenSSL's, lacking responder IDs
and request extensions support. This mirrors the client implementation
already present.

Change-Id: I54592b60e0a708bfb003d491c9250401403c9e69
Reviewed-on: https://boringssl-review.googlesource.com/5700
Reviewed-by: Adam Langley <agl@google.com>
2015-08-20 17:55:31 +00:00
Adam Langley
49c7af1c42 Convert the Channel ID extension to the new system.
This also removes support for the “old” Channel ID extension.

Change-Id: I1168efb9365c274db6b9d7e32013336e4404ff54
Reviewed-on: https://boringssl-review.googlesource.com/5462
Reviewed-by: Adam Langley <agl@google.com>
2015-07-21 21:44:11 +00:00
Doug Hogan
a5e2915ba1 Fix build on Unix systems without POSIX realtime extensions.
This allows BoringSSL to build on OpenBSD with gcc/g++ 4.9.2.

Change-Id: Icce23de87b0358a581124eb8cd37dc48a1f096c9
Reviewed-on: https://boringssl-review.googlesource.com/5401
Reviewed-by: Adam Langley <agl@google.com>
2015-07-10 01:51:16 +00:00
David Benjamin
74f711083d Parse RSAPrivateKey with CBS.
This removes the version field from RSA and instead handles versioning
as part of parsing. (As a bonus, we now correctly limit multi-prime RSA
to version 1 keys.)

Most consumers are also converted. old_rsa_priv_{de,en}code are left
alone for now. Those hooks are passed in parameters which match the old
d2i/i2d pattern (they're only used in d2i_PrivateKey and
i2d_PrivateKey).

Include a test which, among other things, checks that public keys being
serialized as private keys are handled properly.

BUG=499653

Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08
Reviewed-on: https://boringssl-review.googlesource.com/5273
Reviewed-by: Adam Langley <agl@google.com>
2015-07-07 22:50:53 +00:00
Adam Langley
3d960e5ec1 Include base.h in tool/internal.h.
This is attempting to fix a Windows build failure when building args.cc.

Change-Id: I6e0c05303832c446d07e5e0d95a1c5151d275788
2015-06-08 14:52:13 -07:00
David Benjamin
58084affbe Make constants in bssl tool actually const.
Change-Id: Iedf6a1bafbe195b689e1aebd2293332e38c1f4c7
Reviewed-on: https://boringssl-review.googlesource.com/5042
Reviewed-by: Adam Langley <agl@google.com>
2015-06-08 21:43:15 +00:00
Adam Langley
dd45e3b236 Possible Windows build fix.
This just tries to convince MSVC that we're not going to use |nprimes|
without initialising it first:

tool\genrsa.cc(63) : warning C4701: potentially uninitialized local
variable 'nprimes' used

Change-Id: If8a68ad4fe2c2fb7a8073b7ba43d540467ddf8f8
2015-06-05 12:25:51 -07:00
David Benjamin
1a3c23234c Fix build.
Mac wants a stdlib.h. Windows wants a void and doesn't like static const in
array declarations.

Change-Id: If1e8fb141e41200cf8a7348c6918c2f22465f5fe
Reviewed-on: https://boringssl-review.googlesource.com/5030
Reviewed-by: Adam Langley <agl@google.com>
2015-06-05 19:13:31 +00:00
David Benjamin
1043ac0fac Add a flag to bssl client to enable False Start.
One more flag we'd need for bssl client to mimic Chromium.

Change-Id: I66bb43f0d6789c8ab922679747b7e9bc28c1d849
Reviewed-on: https://boringssl-review.googlesource.com/5010
Reviewed-by: Adam Langley <agl@google.com>
2015-06-05 18:40:18 +00:00
Adam Langley
839b881c61 Multi-prime RSA support.
RSA with more than two primes is specified in
https://tools.ietf.org/html/rfc3447, although the idea goes back far
earier than that.

This change ports some of the changes in
http://rt.openssl.org/Ticket/Display.html?id=3477&user=guest&pass=guest
to BoringSSL—specifically those bits that are under an OpenSSL license.

Change-Id: I51e8e345e2148702b8ce12e00518f6ef4683d3e1
Reviewed-on: https://boringssl-review.googlesource.com/4870
Reviewed-by: Adam Langley <agl@google.com>
2015-06-05 18:39:44 +00:00
David Benjamin
ac63748997 Revert "tool: we don't need -lrt."
This reverts commit e60e2a483b. Turns out we do
still use clock_gettime in speed.cc.

Change-Id: Idab42ef2863345c3d1409b5d33c3e36b41739e1f
Reviewed-on: https://boringssl-review.googlesource.com/4894
Reviewed-by: Adam Langley <agl@google.com>
2015-05-27 19:21:43 +00:00
Adam Langley
e60e2a483b tool: we don't need -lrt.
I think, long ago, I tried to use the monotonic clock in speed.cc, which
needs -lrt. However, the current code doesn't use that and thus doesn't
need -lrt.

Change-Id: Ibcbf90f91ae6b852c0975dff006346125243df54
Reviewed-on: https://boringssl-review.googlesource.com/4622
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-05-05 18:28:26 +00:00
Adam Langley
843ab66e17 Add support for building with the Android NDK.
Previously I've been using the Linaro toolchains and just building
static binaries. However, the Linaro toolchains have a broken
pthread_rwlock_wrlock—it does nothing and then unlocking corrupts the
lock.

Building with the Android NDK avoids this.

These build instructions depend on
https://github.com/taka-no-me/android-cmake which people will need to
clone into util/ if they want to use the Android NDK.

Change-Id: Ic64919f9399af2a57e8df4fb4b3400865ddb2427
Reviewed-on: https://boringssl-review.googlesource.com/4600
Reviewed-by: Adam Langley <agl@google.com>
2015-05-05 00:31:46 +00:00
David Benjamin
f0df86a1f6 Fix standalone build on Mac.
CRYPTO_MUTEX was the wrong size. Fortunately, Apple was kind enough to define
pthread_rwlock_t unconditionally, so we can be spared fighting with feature
macros. Some of the stdlib.h removals were wrong and clang is pick about
multiply-defined typedefs. Apparently that's a C11 thing?

BUG=478598

Change-Id: Ibdcb8de9e5d83ca28e4c55b2979177d1ef0f9721
Reviewed-on: https://boringssl-review.googlesource.com/4404
Reviewed-by: Adam Langley <agl@google.com>
2015-04-20 16:50:18 +00:00
Adam Langley
92b6b02475 tool: include base.h before testing OPENSSL_WINDOWS.
Even though windows.h etc are system headers, conditional includes have
to come after the others.

Change-Id: I839b3b6c32a76c806698e2cdc71e50433fa900b2
2015-04-16 14:02:52 -07:00
Adam Langley
ad6b28e974 Add 64-bit, P-256 implementation.
This is taken from upstream, although it originally came from us. This
will only take effect on 64-bit systems (x86-64 and aarch64).

Before:

Did 1496 ECDH P-256 operations in 1038743us (1440.2 ops/sec)
Did 2783 ECDSA P-256 signing operations in 1081006us (2574.5 ops/sec)
Did 2400 ECDSA P-256 verify operations in 1059508us (2265.2 ops/sec)

After:

Did 4147 ECDH P-256 operations in 1061723us (3905.9 ops/sec)
Did 9372 ECDSA P-256 signing operations in 1040589us (9006.4 ops/sec)
Did 4114 ECDSA P-256 verify operations in 1063478us (3868.4 ops/sec)

Change-Id: I11fabb03239cc3a7c4a97325ed4e4c97421f91a9
2015-04-16 13:53:05 -07:00
Adam Langley
90b5840b02 tool: benchmark the RNG.
This change adds a benchmark for the RNG and also allows specific speed
tests to be selected via a command-line argument, since the full speed
suite is getting quite lengthy now and is only going to get longer in
the future.

Change-Id: If62c69177d58d3eb945d6108524c144ea0044137
Reviewed-on: https://boringssl-review.googlesource.com/4326
Reviewed-by: Adam Langley <agl@google.com>
2015-04-14 20:11:40 +00:00
Adam Langley
f030369717 tool: add rand.
The rand subcommand outputs entropy to stdout.

Change-Id: I95c2769a1784a8dd4c21efc15009080006d51349
Reviewed-on: https://boringssl-review.googlesource.com/4325
Reviewed-by: Adam Langley <agl@google.com>
2015-04-14 20:11:39 +00:00