Commit Graph

4506 Commits

Author SHA1 Message Date
David Benjamin
ca9e8f52f1 Tidy up handshake digest logic.
Use SSL_SESSION_get_digest instead of the lower level function where
applicable. Also, remove the failure case (Ivan Maidanski points out in
https://android-review.googlesource.com/c/337852/1/src/ssl/t1_enc.c that
this unreachable codepath is a memory leak) by passing in an SSL_CIPHER
to make it more locally obvious that other values are impossible.

Change-Id: Ie624049d47ab0d24f32b405390d6251c7343d7d6
Reviewed-on: https://boringssl-review.googlesource.com/19024
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-09 19:13:15 +00:00
David Benjamin
74115c93f1 Align the tables in P-256 select w[57] tests.
The AVX2 code has alignment requirements.

Change-Id: Ieb0774f7595a76eef0f3a15aabd63d056bbaa463
Reviewed-on: https://boringssl-review.googlesource.com/18966
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-09 01:04:57 +00:00
David Benjamin
8c44afd2c9 Revert "Enable ADX in x86_64-mont*.pl."
This reverts commit 83d1a3d3c8.

Reason for revert: Our Windows setup can't handle these instructions.
Will investigate tomorrow, possibly by turning ADX off on Windows.

Change-Id: I378fc0906c59b9bac9da17a33ba8280c70fdc995
Reviewed-on: https://boringssl-review.googlesource.com/19004
Reviewed-by: David Benjamin <davidben@google.com>
2017-08-09 00:44:58 +00:00
David Benjamin
83d1a3d3c8 Enable ADX in x86_64-mont*.pl.
We have an SDE bot now and can more easily test things. We also enabled
ADX in rsaz-avx2.pl which does not work without x86_64-mont*.pl enabled.
rsa-avx2.pl's ADX code only turns itself off so that the faster ADX code
can be used... but we disable it.

Verified, after reverting the fix, the test vectors we imported combined
with Intel SDE catches CVE-2016-7055, so we do indeed have test
coverage.

Thanks to Alexey Ivanov for pointing out the discrepancy.

Skylake numbers:

Before:
Did 7296 RSA 2048 signing operations in 10038191us (726.8 ops/sec)
Did 209000 RSA 2048 verify operations in 10030629us (20836.2 ops/sec)
Did 1080 RSA 4096 signing operations in 10072221us (107.2 ops/sec)
Did 60836 RSA 4096 verify operations in 10053929us (6051.0 ops/sec)

ADX consistently off:
Did 9360 RSA 2048 signing operations in 10025823us (933.6 ops/sec)
Did 220000 RSA 2048 verify operations in 10024339us (21946.6 ops/sec)
Did 1048 RSA 4096 signing operations in 10006782us (104.7 ops/sec)
Did 61936 RSA 4096 verify operations in 10088011us (6139.6 ops/sec)

After (ADX consistently on):
Did 10444 RSA 2048 signing operations in 10006781us (1043.7 ops/sec)
Did 323000 RSA 2048 verify operations in 10012192us (32260.7 ops/sec)
Did 1610 RSA 4096 signing operations in 10044930us (160.3 ops/sec)
Did 96000 RSA 4096 verify operations in 10075606us (9528.0 ops/sec)

Change-Id: Icbbd4f06dde60d1a42a691c511b34c47b9a2da5f
Reviewed-on: https://boringssl-review.googlesource.com/18965
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2017-08-09 00:42:51 +00:00
David Benjamin
4a37de076b Test that Finished checks are enforced in 0-RTT.
This is analogous to needing to test that Finished is enforced in False
Start.

Change-Id: I168a72ac51b0f75156aaf6ccc9724ae66ce1e734
Reviewed-on: https://boringssl-review.googlesource.com/18986
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2017-08-09 00:42:34 +00:00
David Benjamin
70dbf042b6 Add SSL_CTX_cipher_in_group.
This allows us to fix another consumer that directly accesses SSL_CTX.
I've made ssl_test use it for test coverage, though we're okay with
ssl_test depending on ssl/internal.h.

Bug: 6
Change-Id: I464325e3faa9f0194bbd357fbb31a996afc0c2e1
Reviewed-on: https://boringssl-review.googlesource.com/18964
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2017-08-09 00:41:56 +00:00
David Benjamin
590b677d48 Use names for the TLS 1.3 variants in bssl client.
Change-Id: I09d6b05675b82ed04a9665c64b632d1a156fa977
Reviewed-on: https://boringssl-review.googlesource.com/18985
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2017-08-09 00:41:32 +00:00
David Benjamin
f6ae9e6c2c Fix more hard-coded TLS 1.3 variant strings.
These should use the shim/runner combined setting.

Change-Id: Iad6abb4e76f6e5accef446696aa4132073eca06a
Reviewed-on: https://boringssl-review.googlesource.com/18984
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
2017-08-09 00:40:45 +00:00
David Benjamin
016ebe2d0e OPENSSL_cleanse some buffers.
See upstream's 5292833132cc863b66574fe2bbf55e4b2eff7949. Syncing just to
reduce the diff for the time being.

Change-Id: I0992d538b283d7348ef1d993973291f5416edce6
Reviewed-on: https://boringssl-review.googlesource.com/18804
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-09 00:17:52 +00:00
David Benjamin
7934f08b26 Replace init_msg/init_num with a get_message hook.
Rather than init_msg/init_num, there is a get_message function which
either returns success or try again. This function does not advance the
current message (see the previous preparatory change). It only completes
the current one if necessary.

Being idempotent means it may be freely placed at the top of states
which otherwise have other asychronous operations. It also eases
converting the TLS 1.2 state machine. See
https://docs.google.com/a/google.com/document/d/11n7LHsT3GwE34LAJIe3EFs4165TI4UR_3CqiM9LJVpI/edit?usp=sharing
for details.

The read_message hook (later to be replaced by something which doesn't
depend on BIO) intentionally does not finish the handshake, only "makes
progress". A follow-up change will align both TLS and DTLS on consuming
one handshake record and always consuming the entire record (so init_buf
may contain trailing data). In a few places I've gone ahead and
accounted for that case because it was more natural to do so.

This change also removes a couple pointers of redundant state from every
socket.

Bug: 128
Change-Id: I89d8f3622d3b53147d69ee3ac34bb654ed044a71
Reviewed-on: https://boringssl-review.googlesource.com/18806
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-08 21:13:04 +00:00
David Benjamin
8f94c31b19 Replace reuse_message with an explicit next_message call.
This means that ssl_get_message (soon to be replaced with a BIO-less
version) is idempotent which avoids the SSL3_ST_SR_KEY_EXCH_B
contortion. It also eases converting the TLS 1.2 state machine. See
https://docs.google.com/a/google.com/document/d/11n7LHsT3GwE34LAJIe3EFs4165TI4UR_3CqiM9LJVpI/edit?usp=sharing
for details.

Bug: 128
Change-Id: Iddd4f951389e8766da07a9de595b552e75f8acf0
Reviewed-on: https://boringssl-review.googlesource.com/18805
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-08 21:08:59 +00:00
David Benjamin
ba2d3df759 Add DTLS_with_buffers_method.
WebRTC will need this (probably among other things) to lose crypto/x509
at some point.

Bug: chromium:706445
Change-Id: I988e7300c4d913986b6ebbd1fa4130548dde76a4
Reviewed-on: https://boringssl-review.googlesource.com/18904
Reviewed-by: David Benjamin <davidben@google.com>
2017-08-07 21:01:25 +00:00
David Benjamin
e3dee27f9c Remove the free_buffer parameter to release_current_message.
With on_handshake_complete, this can be managed internally by the TLS
code. The next commit will add a ton more calls to this function.

Change-Id: I91575d3e4bfcccbbe492017ae33c74b8cc1d1340
Reviewed-on: https://boringssl-review.googlesource.com/18865
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
2017-08-07 16:31:06 +00:00
David Benjamin
9bbdf5832d Remove expect and received flight hooks.
Instead, the DTLS driver can detect these states implicitly based on
when we write flights and when the handshake completes. When we flush a
new flight, the peer has enough information to send their reply, so we
start a timer. When we begin assembling a new flight, we must have
received the final message in the peer's flight. (If there are
asynchronous events between, we may stop the timer later, but we may
freely stop the timer anytime before we next try to read something.)

The only place this fails is if we were the last to write a flight,
we'll have a stray timer. Clear it in a handshake completion hook.

Change-Id: I973c592ee5721192949a45c259b93192fa309edb
Reviewed-on: https://boringssl-review.googlesource.com/18864
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-07 02:10:03 +00:00
David Benjamin
ef37ab5919 Teach doc.go about // comments.
This is in preparation for changing all the comments.

Change-Id: Id7ff24331a3b9d108402238c63eeeb462c7cd809
Reviewed-on: https://boringssl-review.googlesource.com/18945
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-05 02:31:10 +00:00
David Benjamin
d8ea3902b5 Fix doc.go against Go tip.
Go 1.9 is slated to have some backwards-incompatible changes to
html/template. See https://github.com/golang/go/issues/19952.

If I'm reading this correctly, the issue is that the context-aware auto
escaper had some magic around the 'html' filter, but it would get
confused if this was used in the wrong context.

This does not apply to us because we never used it in an attribute, etc.
Nonetheless, we can be compatible with it and tidy up markupPipeWords'
type signature. It should have had type template.HTML -> template.HTML,
not string -> template.HTML, because it expects the input to be
pre-escaped. (The old 'html' escaper, in turn, probably should have had
type string -> template.HTML, but I guess it didn't because all this
existed for a text/template migration convenience of some sort?)

I considered adding our own escapeHTML with type string -> template.HTML
and fixing markupPipeWords to be template.HTML -> template.HTML, but
markupPipeWords does not correctly handle all possible template.HTML
input. If a | were in an attribute somewhere, it would mangle the text.
Instead, I kept it of type string -> template.HTML and defined it to
perform the HTML escaping itself. This seems to produce the same output
as before in Go 1.8 and tip.

Change-Id: I90618a3c5525ae54f9fe731352fcff5856b9ba60
Reviewed-on: https://boringssl-review.googlesource.com/18944
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-04 23:32:25 +00:00
Martin Kreichgauer
26ababbf65 Fix a bug in bssl::OpenRecord.
Checking the record type returned by the |tls_open_record| call only
makes sense if that call was successful.

Change-Id: Ib4bebd2b1198c7def513d9fba3653524c17a6e68
Reviewed-on: https://boringssl-review.googlesource.com/18884
Reviewed-by: Adam Langley <agl@google.com>
2017-08-04 21:36:13 +00:00
Adam Langley
c90be3b143 Add a paragraph to PORTING.md about async private keys.
Change-Id: I4aae8066292bf9a5dd5d94e8568cbfbca99746dc
Reviewed-on: https://boringssl-review.googlesource.com/18925
Reviewed-by: David Benjamin <davidben@google.com>
2017-08-04 19:34:52 +00:00
Martin Kreichgauer
dc110f5145 tool: make speed use EVP_AEAD_CTX_seal_scatter
Change-Id: I41854e61d87d365b923349a5ec8e71d73a0141bb
Reviewed-on: https://boringssl-review.googlesource.com/18844
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-04 04:22:58 +00:00
David Benjamin
4492a61567 More scopers.
Note the legacy client cert callback case fixes a leak.

Change-Id: I2772167bd03d308676d9e00885c751207002b31e
Reviewed-on: https://boringssl-review.googlesource.com/18824
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-03 19:35:09 +00:00
David Benjamin
78b8b99cf7 Fix a bug in and test the message callback.
reuse_message and V2ClientHellos each caused messages to be
double-reported.

Change-Id: I8722a3761ede272408ac9cf8e1b2ce383911cc6f
Reviewed-on: https://boringssl-review.googlesource.com/18764
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-03 18:52:47 +00:00
David Benjamin
bda7b9adfa Maintain comment alignment when converting.
The following code:

  int closed;    /* valid iff peer != NULL */
  size_t len;    /* valid iff buf != NULL; 0 if peer == NULL */
  size_t offset; /* valid iff buf != NULL; 0 if len == 0 */

should be rewritten as:

  int closed;     // valid iff peer != NULL
  size_t len;     // valid iff buf != NULL; 0 if peer == NULL
  size_t offset;  // valid iff buf != NULL; 0 if len == 0

But the existing code lost the alignment when shifting the third comment
over to follow the two-space rule. Also warn about > 80 character lines
so they may be manually fixed up.

Change-Id: Idd3b4267b972c9b8891ceefd50f6d2a0e67ed51c
Reviewed-on: https://boringssl-review.googlesource.com/18784
Reviewed-by: Adam Langley <agl@google.com>
2017-08-02 22:00:50 +00:00
David Benjamin
211a06afef Rephrase documentation on early data reset.
There was a typo (then => the), but I think this is clearer, albeit
longer.

Change-Id: Ic95368a1bea1feba9d6a00029bbfb5b8ffd260ec
Reviewed-on: https://boringssl-review.googlesource.com/18747
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-02 17:15:36 +00:00
David Benjamin
8d200744b4 Clarify the ChaCha20-Poly1305 assembly functions' final parameters.
The memcpy of a pointer looks like a typo, though it isn't. Instead,
transcribe what the functions expect into a union and let C fill it in.

Change-Id: Iba4c824295e8908c5bda68ac35673040a8cff116
Reviewed-on: https://boringssl-review.googlesource.com/18744
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-01 22:23:08 +00:00
David Benjamin
b0c761eb76 Tolerate early ChangeCipherSpec in DTLS.
This would only come up if the peer didn't pack records together, but
it's free to handle. Notably OpenSSL has a bug where it does not pack
retransmits together.

Change-Id: I0927d768f6b50c62bacdd82bd1c95396ed503cf3
Reviewed-on: https://boringssl-review.googlesource.com/18724
Reviewed-by: David Benjamin <davidben@google.com>
2017-08-01 22:00:52 +00:00
David Benjamin
27e377ec65 Fix miscellaneous clang-tidy warnings.
There are still a ton of them, almost exclusively complaints that
function declaration and definitions have different parameter names. I
just fixed a few randomly.

Change-Id: I1072f3dba8f63372cda92425aa94f4aa9e3911fa
Reviewed-on: https://boringssl-review.googlesource.com/18706
Reviewed-by: Steven Valdez <svaldez@google.com>
2017-08-01 20:39:46 +00:00
David Benjamin
6c5454704c Fix a bug in convert_comments.go.
The following code was misconverted:

  BIO *peer; /* NULL if buf == NULL.
              * If peer != NULL, then peer->ptr is also a bio_bio_st,
              * and its "peer" member points back to us.
              * peer != NULL iff init != 0 in the BIO. */

Per the criteria in the comment, this comment is eligible, which is what
we want. Only continuation lines must be prefixed by spaces. But the
loop treated the first line as immediately ineligible. Moreover, in that
case, it dropped the line on the floor rather than echoing it. Fix this
by dropping that case.

Change-Id: Ic523fe1e6bc8dde37a9897e2a93e815c11feb95a
Reviewed-on: https://boringssl-review.googlesource.com/18746
Reviewed-by: Adam Langley <agl@google.com>
2017-08-01 20:01:39 +00:00
David Benjamin
921aba3c09 Don't add spaces after ( in convert_comments.go.
Code like this:

    if (// Check if the cipher is supported for the current version.
        SSL_CIPHER_get_min_version(c) <= ssl3_protocol_version(ssl) &&
        ssl3_protocol_version(ssl) <= SSL_CIPHER_get_max_version(c) &&
        // Check the cipher is supported for the server configuration.
        (c->algorithm_mkey & mask_k) &&
        (c->algorithm_auth & mask_a) &&
        // Check the cipher is in the |allow| list.
        sk_SSL_CIPHER_find(allow, &cipher_index, c)) {

should not get an extra space.

Change-Id: I772cbcfabf2481dc8e3a8b257d85573b0b5ac1b7
Reviewed-on: https://boringssl-review.googlesource.com/18745
Reviewed-by: David Benjamin <davidben@google.com>
2017-08-01 20:01:32 +00:00
David Benjamin
37af90f721 Convert a few more scopers.
Bug: 132
Change-Id: I75d6ce5a2256a4b464ca6a9378ac6b63a9bd47e2
Reviewed-on: https://boringssl-review.googlesource.com/18644
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-01 19:45:15 +00:00
David Benjamin
d272dea99b Explicitly include <new> for placement new.
placement new requires operator new (size_t, void*) to be defined, which
requires pulling in the <new> header.

Change-Id: Ibaa8f3309b03129958f201d32de8afcfafed70f6
Reviewed-on: https://boringssl-review.googlesource.com/18664
Reviewed-by: David Benjamin <davidben@google.com>
2017-08-01 15:18:54 +00:00
David Benjamin
9fb6feaa84 Turn on clang -fcolor-diagnostics.
I'm not sure why these aren't on by default, but Chromium does this too.
Colors are nice.

Change-Id: I7d7bf006014e9f40ec2f48290ad8fe7a70c1cfce
Reviewed-on: https://boringssl-review.googlesource.com/18704
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2017-07-31 19:03:11 +00:00
David Benjamin
a4cb62f0ae Fix build against LLVM CFI.
The first line of bssl::New is invalid in LLVM CFI as we are casting a
pointer to T before the object is constructed. Instead, we should leave
it as void* and only use it as a T* afterward being constructed.

Bug: chromium:750445
Change-Id: I0ae60c2a7e541b45bc0155dd8f359b662f561dcc
Reviewed-on: https://boringssl-review.googlesource.com/18684
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-07-31 18:04:44 +00:00
Yun Peng
d363247f1e Fix Bazel build and make it work on Windows.
Change-Id: Ie40ce2f7c828e9f639a996e56a4d3a014c05d701
Reviewed-on: https://boringssl-review.googlesource.com/18544
Reviewed-by: Yun Peng <pcloudy@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Yun Peng <pcloudy@google.com>
2017-07-28 23:45:54 +00:00
Adam Langley
4d1b57ae7f Add dummy |RAND_get_rand_method|.
Change-Id: I84b9a7606aaf28e582c79ada47df95b46ff2c2c2
Reviewed-on: https://boringssl-review.googlesource.com/18624
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-07-28 21:50:21 +00:00
David Benjamin
ee910bfe24 Use new STACK_OF helpers.
Bug: 132
Change-Id: Ib9bc3ce5f60d0c5bf7922b3d3ccfcd15ef4972a1
Reviewed-on: https://boringssl-review.googlesource.com/18466
Reviewed-by: David Benjamin <davidben@google.com>
2017-07-28 21:43:13 +00:00
Martin Kreichgauer
abbf365b6d Make the bssl::SealRecord out_suffix arg fixed length.
Similarly, add EVP_AEAD_CTX_tag_len which computes the exact tag length
for required by EVP_AEAD_CTX_seal_scatter.

Change-Id: I069b0ad16fab314fd42f6048a3c1dc45e8376f7f
Reviewed-on: https://boringssl-review.googlesource.com/18324
Reviewed-by: Adam Langley <agl@google.com>
2017-07-28 21:42:25 +00:00
Adam Langley
182b573329 Don't set timeout in runner when using GDB.
I'm not that fast when debugging.

Change-Id: I37a120a77e9a35ac5255ad760513b983f83d9bd7
Reviewed-on: https://boringssl-review.googlesource.com/18605
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-07-28 21:26:42 +00:00
David Benjamin
6e9321f9ae Add a bssl::PushToStack helper.
Pushing entries onto a stack when handling malloc failures is a
nuisance. sk_push only takes ownership on success. PushToStack smooths
that over with a UniquePtr.

Bug: 132
Change-Id: I4f0a9eee86dda7453f128c33d3a71b550beb25e9
Reviewed-on: https://boringssl-review.googlesource.com/18468
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2017-07-28 19:56:36 +00:00
Adam Langley
61c9838d2d Add some documentation for CRYPTO_BUFFERs.
Change-Id: I2b8b6b784e72c6d38ca55158a395fc2619fd47ba
Reviewed-on: https://boringssl-review.googlesource.com/18606
Reviewed-by: David Benjamin <davidben@google.com>
2017-07-28 19:25:38 +00:00
Adam Langley
e6c58ffa70 go fmt runner.go
Change-Id: I3357b733c69ff1fdbf64fd12653261383a310732
Reviewed-on: https://boringssl-review.googlesource.com/18604
Reviewed-by: David Benjamin <davidben@google.com>
2017-07-28 18:19:53 +00:00
Adam Langley
7b6acc5cb5 Make generated Bazel match canonical format.
This should make buildifier[1] happy with the generated files.

[1] https://github.com/bazelbuild/buildtools

Change-Id: Ida6ba5a369d2564fc7b77ad8d8705183167a3615
Reviewed-on: https://boringssl-review.googlesource.com/18525
Reviewed-by: David Benjamin <davidben@google.com>
2017-07-28 18:19:34 +00:00
David Benjamin
2916430ddb Test that nullptr has the obvious memory representation.
Apparently C does not promise this, only that casting zero to a pointer
gives NULL. No compiler will be insane enough to violate this, but it's
an easy assumption to document.

Change-Id: Ie255d42af655a4be07bcaf48ca90584a85c6aefd
Reviewed-on: https://boringssl-review.googlesource.com/18584
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2017-07-28 17:39:28 +00:00
David Benjamin
4d2e1a8fb8 Add a note on architecture requirements.
The s390x patches keep on coming.

Change-Id: I6d7f79e5ee7c8fcfe6b2e8e549b18ee686b4392b
Reviewed-on: https://boringssl-review.googlesource.com/18564
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-07-28 16:03:40 +00:00
David Benjamin
af2b1e8210 C++ headers should be more aggressively wrapped in extern "C++".
This is kind of a mess. Some projects will wrap our public headers in
extern "C", so we use extern "C++" around our C++ APIs. However this
needs to be done when including C++ standard library headers too since
they don't always, themselves, guard against being wrapped in extern
"C".

Change-Id: Ib7dd4a6f69ca81dd525ecaa1418b3b7ba85b6579
Reviewed-on: https://boringssl-review.googlesource.com/18504
Reviewed-by: Adam Langley <agl@google.com>
2017-07-27 20:12:53 +00:00
David Benjamin
ec783839be Make ranged for loops work with STACK_OF(T).
My original plan here was to make STACK_OF(T) expand to a template so
the inner type were extractable. Unfortunately, we cannot sanely make
STACK_OF(T) expand to a different type in C and C++ even across
compilation units because UBSan sometimes explodes. This is nuts, but so
it goes.

Instead, use StackTraits to extract the STACK_OF(T) parameters and
define an iterator type.

Bug: 189
Change-Id: I64f5173b34b723ec471f7a355ff46b04f161386a
Reviewed-on: https://boringssl-review.googlesource.com/18467
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2017-07-26 22:02:00 +00:00
David Benjamin
d4e37951b4 x86_64 assembly pack: "optimize" for Knights Landing, add AVX-512 results.
The changes to the assembly files are synced from upstream's
64d92d74985ebb3d0be58a9718f9e080a14a8e7f. cpu-intel.c is translated to C
from that commit and d84df594404ebbd71d21fec5526178d935e4d88d.

Change-Id: I02c8f83aa4780df301c21f011ef2d8d8300e2f2a
Reviewed-on: https://boringssl-review.googlesource.com/18411
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2017-07-26 22:01:37 +00:00
David Benjamin
edad306de9 Detect if the kernel preserves %zmm registers.
Also clear AVX512 bits if %xmm and %ymm registers are not preserved. See
also upstream's 66bee01c822c5dd26679cad076c52b3d81199668.

Change-Id: I1bcaf4cf355e3ca0adb5d207ae6185f9b49c0245
Reviewed-on: https://boringssl-review.googlesource.com/18410
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-07-26 21:08:03 +00:00
David Benjamin
0121953a10 Register stack deleters automatically.
Rather than manually register the stack deleters separately, instantiate
them automatically from DEFINE_STACK_OF and BORINGSSL_MAKE_DELETER. The
StackTraits bridge in DEFINE_STACK_OF will additionally be used for
other C++ STACK_OF conveniences.

Bug: 132
Change-Id: I95d6c15b2219b34c7a8ce06dd8012d073dc19c27
Reviewed-on: https://boringssl-review.googlesource.com/18465
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-07-26 21:03:11 +00:00
David Benjamin
9a89250285 Don't use std::is_trivially_destructable.
It returns false for incomplete types (or is undefined prior to C++14),
so other instantiations can get confused. Instead, require an explicit
kAllowUniquePtr toggle.

I tried using sizeof(T) to SFINAE-detect an incomplete type but ran into
MSVC issues, I think
https://connect.microsoft.com/VisualStudio/feedback/details/820390/vc-sizeof-doesnt-work-as-expected-in-sfinae-context
Though it seems this also may cause ODR violations if different
compilation units disagree on whether a type is complete. This is all a
mess, so just do the boring thing.

Bug: 132
Change-Id: I6f2d47499f16e75f62629c76f43a5329e91c6daf
Reviewed-on: https://boringssl-review.googlesource.com/18464
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
2017-07-26 20:55:37 +00:00
David Benjamin
2507d9e709 Add a CMake toggle to allow the C++ runtime.
In particular, this removes -fno-rtti, which allows the OSS-Fuzz folks
to run with -fsanitize=vptr. See
https://github.com/google/oss-fuzz/issues/741.

(-fsanitize=vptr isn't especially useful right now as we're just
starting with C++ support, but perhaps it'll be more useful in the
future.)

Change-Id: Ie8944a3e637ebc8dc28c03d331923a7528d7d328
Reviewed-on: https://boringssl-review.googlesource.com/18484
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-07-26 15:51:43 +00:00