Commit Graph

186 Commits

Author SHA1 Message Date
Adam Langley
bed8ce78f0 Add misc functions for easier porting.
Android requested that the wpa_supplicant go upstream. This change adds
some dummy functions and reinstates DSA_dup_DH in order to make the diff
smaller and easier for upstream.

Change-Id: I77ac271b8652bae5a0bbe16afde51d9096f3dfb5
Reviewed-on: https://boringssl-review.googlesource.com/1740
Reviewed-by: Adam Langley <agl@google.com>
2014-09-18 22:38:11 +00:00
David Benjamin
a70c75cfc0 Add a CRYPTO_library_init and static-initializer-less build option.
Chromium does not like static initializers, and the CPU logic uses one to
initialize CPU bits. However, the crypto library lacks an explicit
initialization function, which could complicate (no compile-time errors)
porting existing code which uses crypto/, but not ssl/.

Add an explicit CRYPTO_library_init function, but make it a no-op by default.
It only does anything (and is required) if building with
BORINGSSL_NO_STATIC_INITIALIZER.

Change-Id: I6933bdc3447fb382b1f87c788e5b8142d6f3fe39
Reviewed-on: https://boringssl-review.googlesource.com/1770
Reviewed-by: Adam Langley <agl@google.com>
2014-09-12 00:10:53 +00:00
David Benjamin
1195796045 Ensure x86_64 perlasm output ends with a newline.
Appease the Mac build.

Change-Id: I8b93906d8c7059fd63da9622fd530cc82bd05f7c
Reviewed-on: https://boringssl-review.googlesource.com/1760
Reviewed-by: Adam Langley <agl@google.com>
2014-09-10 23:02:58 +00:00
Adam Langley
60d612fdcf Fix ARM build with OPENSSL_NO_ASM.
Change-Id: Id77fb7c904cbfe8172466dff20b6a715d90b806c
Reviewed-on: https://boringssl-review.googlesource.com/1710
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2014-09-03 19:23:25 +00:00
David Benjamin
8a5825e4c7 Don't export obj_dat.h.
This isn't a header file that makes sense to export; any compilation unit which
includes it will gain a bunch of static arrays.

Change-Id: Ic698b74bdf758506a53d4eba19ab8b0f49a11ef7
Reviewed-on: https://boringssl-review.googlesource.com/1692
Reviewed-by: Adam Langley <agl@google.com>
2014-09-02 22:41:28 +00:00
Adam Langley
b2cb0ece76 Fix minor issues found by Clang's analysis.
Thanks to Denis Denisov for running the analysis.

Change-Id: I80810261e013423e746fd8d8afefb3581cffccc0
Reviewed-on: https://boringssl-review.googlesource.com/1701
Reviewed-by: Adam Langley <agl@google.com>
2014-09-02 22:39:41 +00:00
David Benjamin
9b04d657be Export CBS_get_any_asn1_element.
Useful for parsing things when you don't know what tag to expect (e.g. a
CHOICE). Also allow its operands to be NULL, so that it can be used to skip
arbitrary elements.

Delete CBS_ASN1_ANY which wasn't doing anything.

Change-Id: I56413e68b4f2e13860ea3e55373d5830713d7e5c
Reviewed-on: https://boringssl-review.googlesource.com/1661
Reviewed-by: Adam Langley <agl@google.com>
2014-08-28 00:45:30 +00:00
David Benjamin
457112e197 unifdef a bunch of OPENSSL_NO_* ifdefs.
Get all this stuff out of the way.

- OPENSSL_NO_MD5
- OPENSSL_NO_SHA
- OPENSSL_NO_EC
- OPENSSL_NO_ECDSA
- OPENSSL_NO_ECDH
- OPENSSL_NO_NEXTPROTONEG
- OPENSSL_NO_DH
- OPENSSL_NO_SSL3
- OPENSSL_NO_RC4
- OPENSSL_NO_RSA

Also manually removed a couple instances of OPENSSL_NO_DSA that seemed to be
confused anyway. Did some minor manual cleanup. (Removed a few now-pointless
'if (0)'s.)

Change-Id: Id540ba97ee22ff2309ab20ceb24c7eabe766d4c4
Reviewed-on: https://boringssl-review.googlesource.com/1662
Reviewed-by: Adam Langley <agl@google.com>
2014-08-28 00:41:34 +00:00
Adam Langley
1f3591d4c7 Export CBS_asn1_ber_to_der.
We don't really want to expose this but the bytestring test calls this
function directly and, when linked against a shared library, thus needs
it to be in the dynamic symbol table.

Change-Id: Ife01da36fe142026a6a3e545cff746512b966ee6
2014-08-27 12:36:59 -07:00
Adam Langley
98ad22ec7a Fix "integer constant is too large for 'long' type" errors.
(Based on Piotr Sikora's change:
https://boringssl-review.googlesource.com/#/c/1361)

Change-Id: I7b62b81f4e4ef3064eee1b39334dc2e50d17f163
Reviewed-on: https://boringssl-review.googlesource.com/1641
Reviewed-by: Adam Langley <agl@google.com>
2014-08-26 22:07:14 +00:00
Adam Langley
58f90951eb Remove hack in parsing PKCS#12.
This change removes the previous OpenSSL/NSS hack in PKCS#12 parsing and
limits the hacks purely to the BER->DER conversion function, where they
belong.

PKCS#7 and #12 switch between implicit and explicit tags in different
places and sometimes only implicitly define that they are using implicit
tags. This change fixes a previous confusion where an implicit tag was
thought to be explicit.

Change-Id: Ib68c78cf2a1bfcbf90a296cb98313ab86ed2a1f3
Reviewed-on: https://boringssl-review.googlesource.com/1640
Reviewed-by: Adam Langley <agl@google.com>
2014-08-26 22:07:02 +00:00
Adam Langley
0eb1aae207 Readd EC_GROUP_get_curve_GFp.
wpa_supplicant needs this in order to get the order of the coordinate
field, apparently so that they can hash to a point.

Change-Id: I92d5df7b37b67ace5f497c25f53f16bbe134aced
Reviewed-on: https://boringssl-review.googlesource.com/1622
Reviewed-by: Adam Langley <agl@google.com>
2014-08-26 21:52:12 +00:00
Adam Langley
539112fd44 Readd EVP_CIPHER_CTX_set_key_length.
This only applies to RC4, but it is still used by some Android code.

Change-Id: I4cf86269ffb7a230576da1bb2bfef7e1d4f234d6
Reviewed-on: https://boringssl-review.googlesource.com/1621
Reviewed-by: Adam Langley <agl@google.com>
2014-08-26 21:52:01 +00:00
Adam Langley
c9eb7eac86 Readd MD4.
Sadly this is needed by wpa_supplicant for NTLM hashes.

Change-Id: I1c362c676a11ee01f301ff6fbd33d0669396ea23
Reviewed-on: https://boringssl-review.googlesource.com/1620
Reviewed-by: Adam Langley <agl@google.com>
2014-08-26 21:51:48 +00:00
David Benjamin
d698f322b5 Introduce EVP_DecodeBase64.
This fixes several of the problems with the old API.
- Padding was completely ignored.
- ='s in the middle of the input were accepted.
- It tries to be helpful and strips leading/trailing whitespace.

Change-Id: I99b9d5e6583f7eaf9bf0b6ee9ca39799811b58dc
Reviewed-on: https://boringssl-review.googlesource.com/1602
Reviewed-by: Adam Langley <agl@google.com>
2014-08-25 23:00:28 +00:00
Adam Langley
8e16b6e658 Add PKCS#12 parser.
This is cleaner than the OpenSSL code was, at least, but it's hardly
beautiful due to the "standard" that it's trying to implement. (See
[1].)

The references from the PKCS#8 code to various ciphers have digests have
been made into function pointer references rather than NIDs so that the
linker will be able to drop RC2 code for binaries that don't call PKCS#8
or #12 functions.

A bug that crashed OpenSSL/BoringSSL when parsing a malformed PKCS#8
structure has been fixed too.

See https://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html

Change-Id: Iaa1039e04ed7877b90792835e8ce3ebc3b29f89e
Reviewed-on: https://boringssl-review.googlesource.com/1592
Reviewed-by: Adam Langley <agl@google.com>
2014-08-25 21:47:02 +00:00
Adam Langley
9c01e00c2e Rework support for ASN.1 BER.
Previously, the ASN.1 functions in bytestring were capable of processing
indefinite length elements when the _ber functions were used. That works
well enough for PKCS#3, but NSS goes a bit crazy with BER encoding and
PKCS#12. Rather than complicate the core bytestring functions further,
the BER support is removed from them and moved to a separate function
that converts from BER to DER (if needed).

Change-Id: I2212b28e99bab9fab8c61f80d2012d3e5a3cc2f0
Reviewed-on: https://boringssl-review.googlesource.com/1591
Reviewed-by: Adam Langley <agl@google.com>
2014-08-25 21:38:08 +00:00
Adam Langley
cc8fcf45bb Add 40-bit RC2 support.
As useless as it might seem, the certificates in PKCS#12 files appear to
always be encrypted with 40-bit RC2. OpenSSL, NSS and Windows are all
the same on this point. Thus, in order to be able to import PKCS#12
files we need RC2 support.

RC2 has deliberately not been added to EVP_get_cipherbynid so that the
linker can drop the RC2 code unless the PKCS#12 functions are actually
called.

Change-Id: I5b2062fdf78cb622a8038c326da01aac8fb58962
Reviewed-on: https://boringssl-review.googlesource.com/1590
Reviewed-by: Adam Langley <agl@google.com>
2014-08-25 21:37:20 +00:00
David Benjamin
c44d2f4cb8 Convert all zero-argument functions to '(void)'
Otherwise, in C, it becomes a K&R function declaration which doesn't actually
type-check the number of arguments.

Change-Id: I0731a9fefca46fb1c266bfb1c33d464cf451a22e
Reviewed-on: https://boringssl-review.googlesource.com/1582
Reviewed-by: Adam Langley <agl@google.com>
2014-08-21 01:06:07 +00:00
David Benjamin
5213df4e9e Prefer AES-GCM when hardware support is available.
BUG=396787

Change-Id: I72ddb0ec3c71dbc70054403163930cbbde4b6009
Reviewed-on: https://boringssl-review.googlesource.com/1581
Reviewed-by: Adam Langley <agl@google.com>
2014-08-20 20:53:31 +00:00
Adam Langley
66c249ce91 Remove some dead code.
This change removes the old ASN.1 functions (ASN1_seq_unpack and
ASN1_seq_pack) which have always been disabled in BoringSSL.

It also removes code enabled by OPENSSL_EXPORT_VAR_AS_FUNCTION, which
we have never used.

Change-Id: I1fe323abf945a8a5828a04cc195c072e100a5095
Reviewed-on: https://boringssl-review.googlesource.com/1556
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2014-08-19 19:00:49 +00:00
Adam Langley
6bc658d2e3 Split off private_transform function in RSA.
This change extracts two, common parts of RSA_decrypt and RSA_sign into
a function called |private_transform|. It also allows this to be
overridden in a method, which is convenient for opaque keys that only
expose the raw RSA transform as it means that the padding code from
BoringSSL can be easily reimplemented.

One significant change here is that short RSA ciphertexts will no longer
be accepted. I think this is correct and OpenSSL has a comment about PGP
mistakenly stripping leading zeros. However, these is the possibility
that it could break something.

Change-Id: I258c5cbbf21314cc9b6e8d2a2b898fd9a440cd40
Reviewed-on: https://boringssl-review.googlesource.com/1554
Reviewed-by: Adam Langley <agl@google.com>
2014-08-19 18:37:28 +00:00
Yoshisato Yanagisawa
b7725cf3ec Include Windows.h in some source files.
https://code.google.com/p/chromium/issues/detail?id=399172#c3

Change-Id: Ie5447f0d6901d802698eabadf3bd5d42d75f588d
2014-08-18 11:39:09 -07:00
David Benjamin
6f2600199c Mark all SSL_CIPHERs as const.
This lets us put the SSL_CIPHER table in the data section. For type-checking,
make STACK_OF(SSL_CIPHER) cast everything to const SSL_CIPHER*.

Note that this will require some changes in consumers which weren't using a
const SSL_CIPHER *.

Change-Id: Iff734ac0e36f9e5c4a0f3c8411c7f727b820469c
Reviewed-on: https://boringssl-review.googlesource.com/1541
Reviewed-by: Adam Langley <agl@google.com>
2014-08-18 17:55:05 +00:00
David Benjamin
c10dde465e Only allow indefinite lengths for constructed types.
Equivalent of e532f823d6 for CBS.

Change-Id: I5c31f589db119115c78da3f0d592d71254836f89
Reviewed-on: https://boringssl-review.googlesource.com/1508
Reviewed-by: Adam Langley <agl@google.com>
2014-08-14 16:54:56 +00:00
Adam Langley
b8b5478248 Expose two, rather internal, BIGNUM functions.
Android uses these for some conversions from Java formats. The code is
sufficiently bespoke that putting the conversion functions into
BoringSSL doesn't make a lot of sense, but the alternative is to expose
these ones.

Change-Id: If1362bc4a5c44cba4023c909e2ba6488ae019ddb
2014-08-14 09:42:45 -07:00
Adam Langley
660140206e Add EVP_EncodedLength.
Several callers of EVP_EncodeBlock are doing ad-hoc versions of this
function without any overflow checks.

Change-Id: I4d0cad2347ea8c44b42465e8b14b2783db69ee8f
Reviewed-on: https://boringssl-review.googlesource.com/1511
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2014-08-14 16:37:22 +00:00
Adam Langley
e2c4d26214 Recover BIO_number_{read|written}.
Android needs it. These functions were removed in the move to BoringSSL.

Change-Id: Ice24a0a1c390930cf07dbd00f72a3e12e6c241f9
Reviewed-on: https://boringssl-review.googlesource.com/1510
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2014-08-14 16:37:05 +00:00
David Benjamin
98e882ead1 Clean up s23_srvr.c.
ssl23_get_client_hello has lots of remnants of SSLv2 support and remnants of an
even older SSL_OP_NON_EXPORT_FIRST option (see upstream's
d92f0bb6e9ed94ac0c3aa0c939f2565f2ed95935) which complicates the logic.

Split it into three states and move V2ClientHello parsing into its own
function. Port it to CBS and CBB to give bounds checks on the V2ClientHello
parse.

This fixes a minor bug where, if the SSL_accept call in ssl23_get_client_hello
failed, cb would not be NULL'd and SSL_CB_ACCEPT_LOOP would get reported an
extra time.

It also unbreaks the invariant between s->packet, s->packet_length,
s->s3->rbuf.buf, and s->s3->rbuf.offset at the point the switch, although this
was of no consequence because the first ssl3_read_n call passes extend = 0
which resets s->packet and s->packet_length.

It also makes us tolerant to major version bumps in the ClientHello. Add tests
for TLS tolerance of both minor and major version bumps as well as the HTTP
request error codes.

Change-Id: I948337f4dc483f4ebe1742d3eba53b045b260257
Reviewed-on: https://boringssl-review.googlesource.com/1455
Reviewed-by: Adam Langley <agl@google.com>
2014-08-12 21:10:56 +00:00
Adam Langley
f476d30deb Fix err_test.
I forgot to commit before landing the last change and still had this
outstanding in my client.

Change-Id: Ie1f533e671be130f738d562b129b5151b7be9c1e
2014-08-11 16:58:33 -07:00
Adam Langley
03d31ed3e4 Add ERR_remove_thread_state (for Android).
Change-Id: I908d207ccd3d529ec09c687effc2aeb4631127d9
Reviewed-on: https://boringssl-review.googlesource.com/1470
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2014-08-11 23:55:44 +00:00
Adam Langley
ded93581f1 Windows build fixes.
Windows doesn't have ssize_t, sadly. There's SSIZE_T, but defining an
OPENSSL_SSIZE_T seems worse than just using an int.

Change-Id: I09bb5aa03f96da78b619e551f92ed52ce24d9f3f
Reviewed-on: https://boringssl-review.googlesource.com/1352
Reviewed-by: Adam Langley <agl@google.com>
2014-08-11 22:10:02 +00:00
Adam Langley
2cd63877b5 Use unified ARM assembly.
Clang's integrated as accepts unified ARM syntax only. This change
updates the GHASH ARM asm to use that syntax and thus be compatible.

Patch from Nico Weber.

https://code.google.com/p/chromium/issues/detail?id=124610

Change-Id: Ie6f3de4e37286f0af39196fad33905f7dee7402e
2014-08-08 16:52:36 -07:00
Emilia Kasper
0dccfbc6c7 Fix OID handling.
- Upon parsing, reject OIDs with invalid base-128 encoding.
- Always NUL-terminate the destination buffer in OBJ_obj2txt printing
  function.

CVE-2014-3508

(Imported from upstream's c01618dd822cc724c05eeb52455874ad068ec6a5)

Change-Id: I12bdeeaa700183195e4c2f474f964f8ae7a04549
Reviewed-on: https://boringssl-review.googlesource.com/1440
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2014-08-07 21:09:47 +00:00
Adam Langley
eeb9f491e8 Add PKCS7_bundle_certificates.
This function serialises a PKCS#7 structure containing a number of
certificates.

Change-Id: Iaf15887e1060d5d201d5a3dd3dca8d51105ee6d6
Reviewed-on: https://boringssl-review.googlesource.com/1431
Reviewed-by: Adam Langley <agl@google.com>
2014-08-07 18:12:25 +00:00
Adam Langley
8e89e64554 bytestring: fix ASN.1 data longer than 127 bytes.
When shifting data because extra ASN.1 length bytes were needed, the
data was moved from the start of the ASN.1 length, not the start of the
ASN.1 data.

Change-Id: Ib13d5e4e878774df2af0505c0297eff6cf781728
Reviewed-on: https://boringssl-review.googlesource.com/1430
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2014-08-07 18:09:01 +00:00
David Benjamin
150c617cfc Add X509_up_ref and use it internally.
Avoid needing to manually increment the reference count and using the right
lock, both here and in Chromium.

Change-Id: If116ebc224cfb1c4711f7e2c06f1fd2c97af21dd
Reviewed-on: https://boringssl-review.googlesource.com/1415
Reviewed-by: Adam Langley <agl@google.com>
2014-08-07 00:06:34 +00:00
David Benjamin
e6e15fc3a1 Use EVP_PKEY_dup instead of manually incrementing the refcount.
Reference counting should be internal to the type, otherwise callers need to
know which lock to use.

Change-Id: If4d805876a321ef6dece115c805e605584ff311e
Reviewed-on: https://boringssl-review.googlesource.com/1414
Reviewed-by: Adam Langley <agl@google.com>
2014-08-07 00:03:56 +00:00
David Benjamin
bf681a40d6 Fix out-of-bounds read in BN_mod_exp_mont_consttime.
bn_get_bits5 always reads two bytes, even when it doesn't need to. For some
sizes of |p|, this can result in reading just past the edge of the array.
Unroll the first iteration of the loop and avoid reading out of bounds.

Replace bn_get_bits5 altogether in C as it's not doing anything interesting.

Change-Id: Ibcc8cea7d9c644a2639445396455da47fe869a5c
Reviewed-on: https://boringssl-review.googlesource.com/1393
Reviewed-by: Adam Langley <agl@google.com>
2014-08-06 00:11:47 +00:00
Adam Langley
993fde5162 Simplify ec_GFp_simple_points_make_affine.
Replace the tree-like structure by a linear approach, with fewer special
cases to handle value 0.

(Imported from upstream's d5213519c0ed87c71136084e7e843a4125ecc024.)

Change-Id: Icdd4815066bdbab0d2c0020db6a8cacc49b3d82a
Reviewed-on: https://boringssl-review.googlesource.com/1400
Reviewed-by: Adam Langley <agl@google.com>
2014-08-05 21:22:38 +00:00
David Benjamin
dd1c246f7f Fix C99-ism in bio_test.c.
Change-Id: I7cd91d79f3a014de367976318c860914dd4c2f49
Reviewed-on: https://boringssl-review.googlesource.com/1392
Reviewed-by: Adam Langley <agl@google.com>
2014-08-04 22:34:50 +00:00
David Benjamin
aa4efe7669 Fix BIO_printf crash on Mac.
A single va_list may not be used twice. Nothing calls BIO_vprintf and it just
(v)snprintfs into a buffer anyway, so remove it. If it's actually needed, we
can fiddle with va_copy and the lack of it in C89 later, but anything that
actually cares can just assemble the output externally.

Add a test in bio_test.c.

BUG=399546

Change-Id: Ia40a68b31cb5984d817e9c55351f49d9d6c964c1
Reviewed-on: https://boringssl-review.googlesource.com/1391
Reviewed-by: Adam Langley <agl@google.com>
2014-08-04 21:11:21 +00:00
Alex Chernyakhovsky
a59fbb0edd Correct endif comment in md32_common.h
PEDANTIC was not closed, but rather the compiler being used.

Change-Id: I743118f1481adddcd163406be72926fff6c87338
Reviewed-on: https://boringssl-review.googlesource.com/1388
Reviewed-by: Adam Langley <agl@google.com>
2014-08-04 20:28:25 +00:00
Alex Chernyakhovsky
cbd056cd55 Remove OPENSSL_NO_CHAIN_VERIFY
Change-Id: Iaff2a1b4c394aa0d3d5a33cb75cf4f165d3c2abc
Reviewed-on: https://boringssl-review.googlesource.com/1387
Reviewed-by: Adam Langley <agl@google.com>
2014-08-04 19:22:26 +00:00
Alex Chernyakhovsky
dd11a10e30 Remove remnants of OPENSSL_FIPS
OPENSSL_FIPS was removed in 64f4c91b89,
but these definitions in crypto/pem remained.

Change-Id: Ia85dd3fd7161f0b33b471b17643767b2b33fdda6
Reviewed-on: https://boringssl-review.googlesource.com/1381
Reviewed-by: Adam Langley <agl@google.com>
2014-08-04 19:20:04 +00:00
David Benjamin
8cc0b24cdd Spell Bleichenbacher's name right.
Change-Id: I2096f760165f7aaa9b5d922a2e6d4d755365087b
Reviewed-on: https://boringssl-review.googlesource.com/1372
Reviewed-by: Adam Langley <agl@google.com>
2014-08-04 18:53:41 +00:00
David Benjamin
e216d6bb9f Add PKCS8_{decrypt,encrypt}_pbe.
The original functions do an ascii_to_ucs2 transformation on the password.
Deprecate them in favor of making that encoding the caller's problem.
ascii_to_ucs2 doesn't handle, say, UTF-8 anyway. And with the original OpenSSL
function, some ciphers would do the transformation, and some wouldn't making
the text-string/bytes-string confusion even messier.

BUG=399121

Change-Id: I7d1cea20a260f21eec2e8ffb7cd6be239fe92873
Reviewed-on: https://boringssl-review.googlesource.com/1347
Reviewed-by: Adam Langley <agl@google.com>
2014-08-01 17:17:36 +00:00
Adam Langley
cf052cf732 Fix build for PNaCl.
PNaCl builds BoringSSL with OPENSSL_NO_ASM, but the new OPENSSL_cleanse
was using inline assembly anyway. It appears that even though the inline
asm was empty, it still breaks the PNaCl build:

disallowed: inline assembly: call void asm sideeffect "", "r,~{memory}"(i8* %.asptr319), !dbg !96986

With this change, we don't have any compiler scarecrows for
OPENSSL_cleanse any longer when using OPENSSL_NO_ASM :( Maybe, one day,
we'll get memset_s in our base platform.

Change-Id: Ia359f6bcc2000be18a6f15de10fc683452151741
Reviewed-on: https://boringssl-review.googlesource.com/1353
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2014-08-01 17:17:21 +00:00
Adam Langley
581a17f5c8 Fix typo from eb7d2ed1.
The RC4_set_key was calling itself rather than the asm function that it
should be calling.

Change-Id: Idfc730c8a651540961e05bc8c8f663a44713f680
2014-07-31 19:24:57 -07:00
Adam Langley
31ebde9e5e Add a control to disable the Poly1305 NEON code.
Some phones have a buggy NEON unit and the Poly1305 NEON code fails on
them, even though other NEON code appears to work fine.

This change:

1) Fixes a bug where NEON was assumed even when the code wasn't compiled
   in NEON mode.

2) Adds a second NEON control bit that can be disabled in order to run
   NEON code, but not the Poly1305 NEON code.

https://code.google.com/p/chromium/issues/detail?id=341598

Change-Id: Icb121bf8dba47c7a46c7667f676ff7a4bc973625
Reviewed-on: https://boringssl-review.googlesource.com/1351
Reviewed-by: Adam Langley <agl@google.com>
2014-07-31 22:42:15 +00:00