Commit Graph

157 Commits

Author SHA1 Message Date
David Benjamin
83f182c6c5 Revert "Temporary introduce a memory leak in ssl_test"
This reverts commit 88d0f91952.
2015-04-21 06:32:24 -04:00
David Benjamin
88d0f91952 Temporary introduce a memory leak in ssl_test
Making sure the ASan bot notices. This will be reverted in a minute.

Change-Id: Ib8acf21948e3638d54ab09f3df4c339c4ea3d649
2015-04-21 06:30:59 -04:00
David Benjamin
0344dafb71 Tidy cipher rule processing.
Rather than shoehorn real ciphers and cipher aliases into the same type (that's
what cipher->valid is used for), treat them separately. Make
ssl_cipher_apply_rule match ciphers by cipher_id (the parameter was ignored and
we assumed that masks uniquely identify a cipher) and remove the special cases
around zero for all the masks. This requires us to remember which fields
default to 0 and which default to ~0u, but the logic is much clearer.

Finally, now that ciphers and cipher aliases are different, don't process rules
which sum together an actual cipher with cipher aliases. This would AND
together the masks for the alias with the values in the cipher and do something
weird around alg_ssl. (alg_ssl is just weird in general, as everyone trying to
disable SSLv3 in OpenSSL recently discovered.)

With all that, we can finally remove cipher->valid which was always one.

Change-Id: Iefcfe159bd6c22dbaea3a5f1517bd82f756dcfe1
Reviewed-on: https://boringssl-review.googlesource.com/4284
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 22:05:10 +00:00
Brian Smith
83a82981dc Rename BIO_print_errors_fp back to ERR_print_errors_fp & refactor it.
A previous change in BoringSSL renamed ERR_print_errors_fp to
BIO_print_errors_fp as part of refactoring the code to improve the
layering of modules within BoringSSL. Rename it back for better
compatibility with code that was using the function under the original
name. Move its definition back to crypto/err using an implementation
that avoids depending on crypto/bio.

Change-Id: Iee7703bb1eb4a3d640aff6485712bea71d7c1052
Reviewed-on: https://boringssl-review.googlesource.com/4310
Reviewed-by: Adam Langley <agl@google.com>
2015-04-13 20:23:29 +00:00
David Benjamin
32fbdf2025 Remove anonymous cipher suites.
These are the remaining untested cipher suites. Rather than add support in
runner.go, just remove them altogether. Grepping for this is a little tricky,
but nothing enables aNULL (all occurrences disable it), and all occurrences of
["ALL:] seem to be either unused or explicitly disable anonymous ciphers.

Change-Id: I4fd4b8dc6a273d6c04a26e93839641ddf738343f
Reviewed-on: https://boringssl-review.googlesource.com/4258
Reviewed-by: Adam Langley <agl@google.com>
2015-04-08 23:29:07 +00:00
David Benjamin
e12c4378e9 Fix leak in ssl_test.
SSL_CIPHER_get_rfc_name still returns an allocated string.

Change-Id: Ie2f14626c1ff22d0ea613b22439b7de5c04c9062
Reviewed-on: https://boringssl-review.googlesource.com/4190
Reviewed-by: Adam Langley <agl@google.com>
2015-04-01 18:22:23 +00:00
David Benjamin
1d77e56b29 Convert ssl_test to C++.
Change-Id: Ic8f3cd5c6a89e07bbae43b1599a01fedf119b081
Reviewed-on: https://boringssl-review.googlesource.com/4121
Reviewed-by: Adam Langley <agl@google.com>
2015-03-31 23:03:54 +00:00