Commit Graph

315 Commits

Author SHA1 Message Date
David Benjamin
a9ca90abbb Fix ServerHello EC point format extension check.
Use the newly split out tls1_check_point_format. Also don't condition it on
s->tlsext_ecpointformatlist which is unrelated and made this code never run.

Change-Id: I9d77654c8eaebde07079d989cd60fbcf06025d75
Reviewed-on: https://boringssl-review.googlesource.com/1844
Reviewed-by: Adam Langley <agl@google.com>
2014-09-30 22:58:21 +00:00
David Benjamin
42e9a77c43 Split tls1_check_ec_key.
This avoids the strange optional parameter thing by moving it to the client.
Also document what the functions should do.

Change-Id: I361266acadedfd2bfc4731f0900821fc2c2f954d
Reviewed-on: https://boringssl-review.googlesource.com/1843
Reviewed-by: Adam Langley <agl@google.com>
2014-09-30 22:57:53 +00:00
David Benjamin
00075b80ca Merge IMPLEMENT_tls_meth_func and IMPLEMENT_ssl3_meth_func.
The TLS-specific hooks have been removed. We aim to no longer perform version
negotiation as a pre-processing step, so ensure the only differences to worry
about are the version, get_method hook, and the enc_data.

BUG=chromium:403378

Change-Id: I628ec6f4c50ceed01d7af8f4110b6dc95cfbe023
Reviewed-on: https://boringssl-review.googlesource.com/1841
Reviewed-by: Adam Langley <agl@google.com>
2014-09-30 22:56:47 +00:00
David Benjamin
5491e3fdb7 Clean up ssl_cipher_list_to_bytes a little.
Still need to convert serializing code to CBB, but the current one is kinda
crazy.

Change-Id: I00e12a812c815bf01c53a26ccbb7c6727ea8c8fc
Reviewed-on: https://boringssl-review.googlesource.com/1840
Reviewed-by: Adam Langley <agl@google.com>
2014-09-30 19:17:40 +00:00
Ben Laurie
eba2384e53 Missing includes for FreeBSD.
Change-Id: I4ea02a41ed614047ecda156d0c572b04baa174e6
Reviewed-on: https://boringssl-review.googlesource.com/1852
Reviewed-by: Adam Langley <agl@google.com>
2014-09-30 19:15:15 +00:00
Adam Langley
5d0c163b37 Also clean the last byte of the PSK identity.
Patch by Alex Kljubin.

Change-Id: Ieec830dce11b501aaa82f03c82ff04c3cdde41e1
Reviewed-on: https://boringssl-review.googlesource.com/1831
Reviewed-by: Adam Langley <agl@google.com>
2014-09-26 22:10:53 +00:00
David Benjamin
01fe820ab9 Add tests for client version negotiation and session resumption.
BUG=chromium:417134

Change-Id: If5914be98026d899000fde267b2d329861ca3136
Reviewed-on: https://boringssl-review.googlesource.com/1822
Reviewed-by: Adam Langley <agl@google.com>
2014-09-25 22:09:18 +00:00
David Benjamin
30ddb434bf Handle session resumption in SSLv23_client_method.
This fixes version mismatches on resumption without rewriting the entirety of
OpenSSL's version negotiation logic. (Which still badly needs to happen.)

BUG=chromium:417134

Change-Id: Ifa0c5dd2145e37fcd39eec25dfb3561ddb87c9f0
Reviewed-on: https://boringssl-review.googlesource.com/1823
Reviewed-by: Adam Langley <agl@google.com>
2014-09-25 22:04:20 +00:00
David Benjamin
b0c8db7347 runner: don't resume sessions if SessionTicketsDisabled is true.
Change-Id: I1cf4a11d66871fff71a5fa93e39471ffb40d3132
Reviewed-on: https://boringssl-review.googlesource.com/1821
Reviewed-by: Adam Langley <agl@google.com>
2014-09-24 23:56:03 +00:00
David Benjamin
7f520dbd8d Remove OPENSSL_NO_TLS1_2_CLIENT and OPENSSL_NO_DTLS1.
Get those out of the way.

Change-Id: Ia1be476e383fc90c2373a24a072944fe377da6ef
Reviewed-on: https://boringssl-review.googlesource.com/1820
Reviewed-by: Adam Langley <agl@google.com>
2014-09-24 22:33:37 +00:00
David Benjamin
37d924640a Disallow all special operators once groups are used.
+ and - should also be forbidden. Any operation other than appending will mix
up the in_group bits and give unexpected behavior.

Change-Id: Ieaebb9ee6393aa36243d0765e45cae667f977ef5
Reviewed-on: https://boringssl-review.googlesource.com/1803
Reviewed-by: Adam Langley <agl@google.com>
2014-09-22 17:22:56 +00:00
David Benjamin
2a5ea98a46 Remove redundant check in cipher rule parsing.
It's redundant with the check at the top of the loop.

Change-Id: If64e5396658ca28cad937411c6fc8671a2abfdcd
Reviewed-on: https://boringssl-review.googlesource.com/1802
Reviewed-by: Adam Langley <agl@google.com>
2014-09-22 17:22:47 +00:00
David Benjamin
bb0a17c5e1 Add a set of tests for cipher string parsing.
Change-Id: I4f9cdfa443bc5916f1899a7fc90aca2bf3c6027c
Reviewed-on: https://boringssl-review.googlesource.com/1801
Reviewed-by: Adam Langley <agl@google.com>
2014-09-22 16:47:44 +00:00
David Benjamin
e113608a1c Switch the reason code check to a compile-time assert.
It's just checking some constants. Also the comment's off now.

Change-Id: I934d32b76c705758ae7c18009d867e9820a4c5a8
Reviewed-on: https://boringssl-review.googlesource.com/1800
Reviewed-by: Adam Langley <agl@google.com>
2014-09-22 16:43:56 +00:00
David Benjamin
d7c5368a0f Add missing errors codes for alerts.
This gives inappropriate_fallback and close_notify sent during the handshake
error strings. It'd also avoid having to write
  case SSL_AD_REASON_OFFSET + SSL_AD_CLOSE_NOTIFY:
in Chromium.

Change-Id: I42123d5452eb7843ead883d112e58b3f087d3067
Reviewed-on: https://boringssl-review.googlesource.com/1780
Reviewed-by: Adam Langley <agl@google.com>
2014-09-17 16:42:14 +00:00
David Benjamin
fc7b086305 Test that ALPN is preferred over NPN.
Change-Id: Ia9d10f672c8a83f507b46f75869b7c00fe1a4fda
Reviewed-on: https://boringssl-review.googlesource.com/1755
Reviewed-by: Adam Langley <agl@google.com>
2014-09-15 21:10:59 +00:00
David Benjamin
ae2888fbdc Add tests for ALPN support.
Both as client and as server. Also tests that ALPN causes False Start to kick
in.

Change-Id: Ib570346f3c511834152cd2df2ef29541946d3ab4
Reviewed-on: https://boringssl-review.googlesource.com/1753
Reviewed-by: Adam Langley <agl@google.com>
2014-09-15 21:10:46 +00:00
David Benjamin
fa055a2b77 Implement ALPN in runner.go.
Imported from upstream's https://codereview.appspot.com/108710046.

Change-Id: I66c879dcc9fd09446ac1a8380f796b1d68c89e4e
Reviewed-on: https://boringssl-review.googlesource.com/1751
Reviewed-by: Adam Langley <agl@google.com>
2014-09-15 21:09:45 +00:00
David Benjamin
812152aa3b Don't deadlock if a resume test fails the first half.
Otherwise the child is busy waiting for its second handshake.

Change-Id: Ic613eeb04c5d6c1ec1e1bbcb13946d3ac31d05f1
Reviewed-on: https://boringssl-review.googlesource.com/1752
Reviewed-by: Adam Langley <agl@google.com>
2014-09-15 21:08:11 +00:00
David Benjamin
e78bfded9f Improve test coverage for server_name extension.
Notably, this would have caught ed8270a55c
(although, apart from staring at code coverage, knowing to set resumeSession on
the server test isn't exactly obvious). Perhaps we should systematically set it
on all extension server tests; ClientHello extension parsing happens after
resumption has been determined and is often sensitive to it.

Change-Id: Ie83f294a26881a6a41969e9dbd102d0a93cb68b5
Reviewed-on: https://boringssl-review.googlesource.com/1750
Reviewed-by: Adam Langley <agl@google.com>
2014-09-15 21:07:57 +00:00
David Benjamin
594a58e078 Remove remnants of export cipher suite selection.
Splitting the strength mask between SSL_EXP_MASK and SSL_STRONG_MASK no longer
does anything. Also remove the SSL_NOT_EXP bit and condense the strength bits.

Change-Id: I9e61acdde008c3ce06bb37f78a72099fc53ed080
Reviewed-on: https://boringssl-review.googlesource.com/1757
Reviewed-by: Adam Langley <agl@google.com>
2014-09-15 21:06:24 +00:00
David Benjamin
d633d6303c Remove indirection in loading ciphers.
Simplify all the cipher gathering logic. The set of supported ciphers is known,
so there is no need to determine if some cipher exists but doesn't work.

Change-Id: Idcaae67e7bfc40a3deb925d85ee1a99a931b67e7
Reviewed-on: https://boringssl-review.googlesource.com/1756
Reviewed-by: Adam Langley <agl@google.com>
2014-09-15 21:06:10 +00:00
David Benjamin
172fc2c427 Fix some OPENSSL_PUT_ERROR calls.
Change-Id: I6a49eb5225208eed160f9bce7cb9af5145ae0df1
Reviewed-on: https://boringssl-review.googlesource.com/1754
Reviewed-by: Adam Langley <agl@google.com>
2014-09-15 19:02:28 +00:00
David Benjamin
a70c75cfc0 Add a CRYPTO_library_init and static-initializer-less build option.
Chromium does not like static initializers, and the CPU logic uses one to
initialize CPU bits. However, the crypto library lacks an explicit
initialization function, which could complicate (no compile-time errors)
porting existing code which uses crypto/, but not ssl/.

Add an explicit CRYPTO_library_init function, but make it a no-op by default.
It only does anything (and is required) if building with
BORINGSSL_NO_STATIC_INITIALIZER.

Change-Id: I6933bdc3447fb382b1f87c788e5b8142d6f3fe39
Reviewed-on: https://boringssl-review.googlesource.com/1770
Reviewed-by: Adam Langley <agl@google.com>
2014-09-12 00:10:53 +00:00
David Benjamin
f7768e43b2 Test SHA-256 and SHA-384 CBC-mode cipher suites.
These were added in TLS 1.2. They are like the standard AES-CBC cipher suites,
but use different HMACs.

Change-Id: Ib89ddebd1aa398b1347f8285f5d827068b1bd181
Reviewed-on: https://boringssl-review.googlesource.com/1730
Reviewed-by: Adam Langley <agl@google.com>
2014-09-06 00:17:08 +00:00
David Benjamin
c92c2d7a07 Prune some dead quirks and document the SSL_OP_ALL ones.
Update SSL_OP_ALL to account for SSL_OP_CRYPTOPRO_TLSEXT_BUG being gone,
and update ssl3_setup_write_buffer to account for SSL_MODE_CBC_RECORD_SPLITTING
rather than the now defunct SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.

Also remove SSL_OP_TLS_BLOCK_PADDING_BUG. This is to allow for a buggy peer
which pads CBC with N bytes of value N rather than N+1 bytes of value N. This
quirk has been broken since CBC padding checks became constant-time, as
demonstrated by this attempt at a test. (Instead of just decrementing
padding_length, it needs to also keep track of a separate padding_value and not
decrement that one.)

https://boringssl-review.googlesource.com/#/c/1690/

(The quirk would also fall over anyway if the buggy client ever did a session
resumption; then the server speaks first rather than the client, and the quirk
triggered on reading the first encrypted record from the peer.)

Change-Id: I19942dc629a47832aead77a46bb50e0b0a9780b3
Reviewed-on: https://boringssl-review.googlesource.com/1694
Reviewed-by: Adam Langley <agl@google.com>
2014-09-03 20:17:45 +00:00
David Benjamin
859ec3cc09 Add SSL_CTX_set_keylog_bio.
Configures the SSL stack to log session information to a BIO. The intent is to
support NSS's SSLKEYLOGFILE environment variable. Add support for the same
environment variable to tool/client.cc.

Tested against Wireshark 1.12.0.

BUG=393477

Change-Id: I4c231f9abebf194eb2df4aaeeafa337516774c95
Reviewed-on: https://boringssl-review.googlesource.com/1699
Reviewed-by: Adam Langley <agl@google.com>
2014-09-03 20:15:55 +00:00
David Benjamin
df90a64483 Remove MD5, SHA-224, and SHA-512 handling from s3_cbc.c.
The only MD5 CBC-mode cipher suites are TLS_KRB5_WITH_DES_CBC_MD5,
TLS_KRB5_WITH_3DES_EDE_CBC_MD5, and TLS_KRB5_WITH_IDEA_CBC_MD5. We do not
support those, and it seems quite safe to assume that list will not grow.

No current cipher suites use SHA-224 or SHA-512 MACs. We can restore those
cases if that ever changes, but hopefully any future cipher suites we care
about will be using the AEAD construction.

Change-Id: I7f2d30238e2156a59b5fed1e48fabe6660fc9b67
Reviewed-on: https://boringssl-review.googlesource.com/1697
Reviewed-by: Adam Langley <agl@google.com>
2014-09-02 23:42:15 +00:00
David Benjamin
39ebf53dd3 Check the server did not use a TLS 1.2 cipher suite pre-TLS 1.2.
This check got refactored in OpenSSL 1.0.2 and broke in the process. Fix this
and add a test. Otherwise things like client auth can get slightly confused; it
will try to sign the MD5/SHA-1 hash, but the TLS 1.2 cipher suite may not use
SSL_HANDSHAKE_MAC_DEFAULT, so those digests won't be available.

Based on upstream's 226751ae4a1f3e00021c43399d7bb51a99c22c17.

Change-Id: I5b864d3a696f3187b849c53b872c24fb7df27924
Reviewed-on: https://boringssl-review.googlesource.com/1696
Reviewed-by: Adam Langley <agl@google.com>
2014-09-02 23:41:34 +00:00
David Benjamin
120a674c00 Fix the return values for most of SRTP.
Switch all of SRTP code to the standard return value convention with two
exceptions. Unfortunately, OpenSSL exposed API with the wrong error code. Keep
the public API flipped and document.

Change-Id: I43ac82513f4f52bb36a0b54aba9b9e0fa285730e
Reviewed-on: https://boringssl-review.googlesource.com/1691
Reviewed-by: Adam Langley <agl@google.com>
2014-09-02 23:41:22 +00:00
David Benjamin
5c24a1d6b6 Add a test for SSL_OP_TLS_D5_BUG.
If this is part of SSL_OP_ALL, we should have a test for it.

Change-Id: Ia72422beb2da6434726e78e174f3416f90f7c897
Reviewed-on: https://boringssl-review.googlesource.com/1695
Reviewed-by: Adam Langley <agl@google.com>
2014-09-02 22:43:54 +00:00
David Benjamin
f0fd37323b Remove remnants of EVP_CIPHER-based AES_GCM cipher.
Those codepaths are never hit.

Change-Id: Ib6908ebe90ab667774785298fdc3f96acc4b50df
Reviewed-on: https://boringssl-review.googlesource.com/1693
Reviewed-by: Adam Langley <agl@google.com>
2014-09-02 22:42:26 +00:00
Adam Langley
b2cb0ece76 Fix minor issues found by Clang's analysis.
Thanks to Denis Denisov for running the analysis.

Change-Id: I80810261e013423e746fd8d8afefb3581cffccc0
Reviewed-on: https://boringssl-review.googlesource.com/1701
Reviewed-by: Adam Langley <agl@google.com>
2014-09-02 22:39:41 +00:00
Adam Langley
ed8270a55c Fix crash as server when resuming with SNI.
Thanks to Denis Denisov for noting that |host_name| could be used while
uninitialised in the resumption case.

While in the area, this change also renames |servername_done| to
something more reasonable and removes a documented value that was never
used. Additionally, the SNI ack was only sent when not resuming so
calculating whether it should be sent when processing ClientHello
extensions (which is after s->hit has been set) is superfluous.

Lastly, since SNI is only acked by servers, there's no need to worry
about the SNI callback returning NOACK in the client case.

Change-Id: Ie4ecfc347bd7afaf93b12526ff9311cc45da4df6
Reviewed-on: https://boringssl-review.googlesource.com/1700
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2014-09-02 21:30:50 +00:00
Alex Chernyakhovsky
04dbb7f1d1 Add tests for pqueue
Reorder the tests in all_tests.sh to be in alphabetical order.

Change-Id: Idc6df6ab4a25709312a6f58635061bb643582c70
Reviewed-on: https://boringssl-review.googlesource.com/1680
Reviewed-by: Adam Langley <agl@google.com>
2014-09-02 20:09:23 +00:00
David Benjamin
6c7aed048c Client-side OCSP stapling support.
Remove the old implementation which was excessively general. This mirrors the
SCT support and adds a single boolean flag to request an OCSP response with no
responder IDs, extensions, or frills. The response, if received, is stored on
the SSL_SESSION so that it is available for (re)validation on session
resumption; Chromium revalidates the saved auth parameters on resume.

Server support is unimplemented for now. This API will also need to be adjusted
in the future if we implement RFC 6961.

Change-Id: I533c029b7f7ea622d814d05f934fdace2da85cb1
Reviewed-on: https://boringssl-review.googlesource.com/1671
Reviewed-by: Adam Langley <agl@google.com>
2014-08-29 00:39:33 +00:00
David Benjamin
e098ec2460 Test client auth under TLS 1.2 hash mismatch and SSL 3.
Maintain a handshake buffer in prf.go to implement TLS 1.2 client auth. Also
use it for SSL 3. This isn't strictly necessary as we know the hash functions,
but Go's hash.Hash interface lacks a Copy method.

Also fix the server-side tests which failed to test every TLS version.

Change-Id: I98492c334fbb9f2f0f89ee9c5c8345cafc025600
Reviewed-on: https://boringssl-review.googlesource.com/1664
Reviewed-by: Adam Langley <agl@google.com>
2014-08-29 00:23:50 +00:00
David Benjamin
041b58a668 Remove session_ctx macro.
Don't pollute the embedder's namespace with a session_ctx macro. It looks like
the difference was that, without TLS extensions, session_ctx was ctx rather
than initial_ctx. Now it's always initial_ctx. Retain the semantics of
switching SSL_CTX's out after the fact, until/unless we decide to replace that
with something less scary-sounding.

Change-Id: Ie5df5138aec25218ca80031cf645671968b8a54a
Reviewed-on: https://boringssl-review.googlesource.com/1663
Reviewed-by: Adam Langley <agl@google.com>
2014-08-28 00:42:20 +00:00
David Benjamin
457112e197 unifdef a bunch of OPENSSL_NO_* ifdefs.
Get all this stuff out of the way.

- OPENSSL_NO_MD5
- OPENSSL_NO_SHA
- OPENSSL_NO_EC
- OPENSSL_NO_ECDSA
- OPENSSL_NO_ECDH
- OPENSSL_NO_NEXTPROTONEG
- OPENSSL_NO_DH
- OPENSSL_NO_SSL3
- OPENSSL_NO_RC4
- OPENSSL_NO_RSA

Also manually removed a couple instances of OPENSSL_NO_DSA that seemed to be
confused anyway. Did some minor manual cleanup. (Removed a few now-pointless
'if (0)'s.)

Change-Id: Id540ba97ee22ff2309ab20ceb24c7eabe766d4c4
Reviewed-on: https://boringssl-review.googlesource.com/1662
Reviewed-by: Adam Langley <agl@google.com>
2014-08-28 00:41:34 +00:00
David Benjamin
854dd654d1 Refactor server-side CertificateVerify handling.
This moves CertificateVerify digest processing to the new
SSL_GET_MESSAGE_DONT_HASH_MESSAGE flag. It also refactors it similarly to
ssl3_send_cert_verify and moves that logic to a common ssl3_cert_verify_hash
function to compute the handshake hash.

This removes a large chunk of duplicate (and divergent!) logic between TLS and
DTLS. It also removes TLS1_FLAGS_KEEP_HANDSHAKE.

Change-Id: Ia63c94f7d76d901bc9c4c33454fbfede411adf63
Reviewed-on: https://boringssl-review.googlesource.com/1633
Reviewed-by: Adam Langley <agl@google.com>
2014-08-27 01:55:27 +00:00
David Benjamin
5b8f104ee8 Revise hash management for reading the Finished message.
Upstream originally sampled the Finished message's hash at ChangeCipherSpec,
but our patches to add messages between the two complicated this. Move DTLS to
this path, but use the new SSL_GET_MESSAGE_DONT_HASH_MESSAGE flag to avoid
special-casing message types in ssl3_get_message.

Change-Id: I9c8ddd9cc500c94dff2ec2f696f89d50ab01b3ad
Reviewed-on: https://boringssl-review.googlesource.com/1632
Reviewed-by: Adam Langley <agl@google.com>
2014-08-27 01:55:17 +00:00
David Benjamin
880b14e98c Compute the Channel ID hash after ssl_get_message.
This avoids needing the save the hash on the SSL* (and use some field for two
purposes). Instead, use the new SSL_GET_MESSAGE_DONT_HASH_MESSAGE flag (which
actually was already used here, but at the time, pointlessly). Also fix a minor
bug where the hash would be recomputed in non-blocking mode because init_num
may stay zero for a few state machine iterations.

Change-Id: I3d8331cf3134c5f9a3eda9e988bba5bcebe40933
Reviewed-on: https://boringssl-review.googlesource.com/1631
Reviewed-by: Adam Langley <agl@google.com>
2014-08-27 01:55:06 +00:00
David Benjamin
590cbe970c Introduce a hash_message parameter to ssl_get_message.
This replaces the special-case in ssl3_get_message for Channel ID. Also add
ssl3_hash_current_message to hash the current message, taking TLS vs DTLS
handshake header size into account.

One subtlety with this flag is that a message intended to be processed with
SSL_GET_MESSAGE_DONT_HASH_MESSAGE cannot follow an optional message
(reprocessed with reuse_message, etc.).  There is an assertion to that effect.
If need be, we can loosen it to requiring that the preceeding optional message
also pass SSL_GET_MESSAGE_DONT_HASH_MESSAGE and then maintain some state to
perform the more accurate assertion, but this is sufficient for now.

Change-Id: If8c87342b291ac041a35885b9b5ee961aee86eab
Reviewed-on: https://boringssl-review.googlesource.com/1630
Reviewed-by: Adam Langley <agl@google.com>
2014-08-27 01:54:50 +00:00
Adam Langley
3cb50e0699 Move a variable declaration to function start.
(Fixes the Windows build.)

Change-Id: Ibc7e3fe7cee275c8bc24198e996e4f92100ea9fc
Reviewed-on: https://boringssl-review.googlesource.com/1642
Reviewed-by: Adam Langley <agl@google.com>
2014-08-26 22:07:33 +00:00
David Benjamin
8da990677b Rename some message functions for consistency.
Make the get/send functions match.

ssl3_client_hello -> ssl3_send_client_hello.
ssl3_send_newsession_ticket -> ssl3_send_new_session_ticket.
ssl3_send_client_verify -> ssl3_send_cert_verify

Change-Id: Iea5579479b8a8f392167b8fb3b7e9fe961d0f007
Reviewed-on: https://boringssl-review.googlesource.com/1613
Reviewed-by: Adam Langley <agl@google.com>
2014-08-26 21:09:40 +00:00
David Benjamin
e58c4f5321 Add a test to ensure False Start occurs.
This adds the missing test coverage for
7e3305eebd.

Change-Id: I8c9f1dc998afa9bb1f6fb2a7872a651037bb4844
Reviewed-on: https://boringssl-review.googlesource.com/1610
Reviewed-by: Adam Langley <agl@google.com>
2014-08-26 17:41:53 +00:00
David Benjamin
ef86550537 Remove logic for non-signing client certificates.
Now that only RSA and ECDSA certificates are supported, the server should just
reject non-signing ones outright, rather than allowing them to skip
CertificateVerify.

Change-Id: I7fe5ed3adde14481016ee841ed241faba18c26f0
Reviewed-on: https://boringssl-review.googlesource.com/1609
Reviewed-by: Adam Langley <agl@google.com>
2014-08-26 17:41:08 +00:00
David Benjamin
a08e49d17a Add basic TLS Channel ID tests.
Change-Id: I7ccf2b8282dfa8f3985775e8b67edcf3c2949752
Reviewed-on: https://boringssl-review.googlesource.com/1606
Reviewed-by: Adam Langley <agl@google.com>
2014-08-26 17:40:36 +00:00
David Benjamin
4e99c52bf6 Fix FalseStart-SessionTicketsDisabled tests.
They weren't inheriting async settings.

Change-Id: I5e9c04914926910dce63f93462cce4024627fb26
Reviewed-on: https://boringssl-review.googlesource.com/1605
Reviewed-by: Adam Langley <agl@google.com>
2014-08-25 23:00:59 +00:00
David Benjamin
2561dc335a Introduce a mechanism for base64 options.
We may wish to pass data to the runner that contains NULs.

Change-Id: Id78dad0ad0b5b6d0537481c818e3febdf1740cc9
Reviewed-on: https://boringssl-review.googlesource.com/1603
Reviewed-by: Adam Langley <agl@google.com>
2014-08-25 23:00:44 +00:00