Commit Graph

1550 Commits

Author SHA1 Message Date
David Benjamin
31a07798a5 Factor SSL_AEAD_CTX into a dedicated type.
tls1_enc is now SSL_AEAD_CTX_{open,seal}. This starts tidying up a bit
of the record-layer logic. This removes rr->input, as encrypting and
decrypting records no longer refers to various globals. It also removes
wrec altogether. SSL3_RECORD is now only used to maintain state about
the current incoming record. Outgoing records go straight to the write
buffer.

This also removes the outgoing alignment memcpy and simply calls
SSL_AEAD_CTX_seal with the parameters as appropriate. From bssl speed
tests, this seems to be faster on non-ARM and a bit of a wash on ARM.

Later it may be worth recasting these open/seal functions to write into
a CBB (tweaked so it can be malloc-averse), but for now they take an
out/out_len/max_out trio like their EVP_AEAD counterparts.

BUG=468889

Change-Id: Ie9266a818cc053f695d35ef611fd74c5d4def6c3
Reviewed-on: https://boringssl-review.googlesource.com/4792
Reviewed-by: Adam Langley <agl@google.com>
2015-05-21 17:59:15 +00:00
Matt Braithwaite
69d07d9cf4 Get version-related functions from crypto.h rather than ssl.h.
(This makes it possible to include opensslv.h when not linking SSL.)

Change-Id: Id88c5ff44a7099d33d8d4672f7ba88986ffd1526
Reviewed-on: https://boringssl-review.googlesource.com/4831
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 22:58:14 +00:00
David Benjamin
b487df6fa9 Pull version, option, and mode APIs into their own sections.
Change-Id: Ic243f09f80b90f3bf816d5491501b40b77018999
Reviewed-on: https://boringssl-review.googlesource.com/4791
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 21:49:06 +00:00
David Benjamin
7270cfc1ca Prune version constants.
SSL3_VERSION_MAJOR is the only MAJOR/MINOR number used internally or
externally.

Change-Id: I3f17175e73fd89887665accf1bfa680581f42dfe
Reviewed-on: https://boringssl-review.googlesource.com/4790
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 21:42:08 +00:00
David Benjamin
7ef9fff53d Remove ssl_ok.
This is never used.

Change-Id: I560f04c0a6f140298ca42b8a0913ce954a2fdf7d
Reviewed-on: https://boringssl-review.googlesource.com/4789
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 21:41:38 +00:00
David Benjamin
afc9ecddb6 Unexport ssl_get_new_session and ssl_update_cache.
Chromium's session cache has since been rewritten and no longer needs to
muck with those functions in tests.

Change-Id: I2defad81513210dca5e105757e04cbb677583251
Reviewed-on: https://boringssl-review.googlesource.com/4788
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 21:41:13 +00:00
David Benjamin
3b7456e031 Fix some documentation typos.
Change-Id: I96302e9afc357573192b5f2a8664a5f744915336
Reviewed-on: https://boringssl-review.googlesource.com/4787
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 21:41:00 +00:00
David Benjamin
b48042820a Also skip #elif lines.
One of these days we may need to get a more aggressive C parser...

Change-Id: I7c6a848fb3b7f41083ac70542aa17e971baf10a4
Reviewed-on: https://boringssl-review.googlesource.com/4786
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 21:38:08 +00:00
David Benjamin
6deacb3895 Parse macros in getNameFromDecl.
Fleshes out the table of contents more.

Change-Id: I8f8f0e43bdf7419f978b4fc66de80922ed1ae425
Reviewed-on: https://boringssl-review.googlesource.com/4785
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 21:33:26 +00:00
David Benjamin
4831c3328c Document some core SSL_CTX and SSL methods.
Current thought is to organize this by:

- Core SSL_CTX APIs (creating, destroying)
- Core SSL APIs (creating destroying, maybe handshake, read, write as
  well)
- APIs to configure SSL_CTX/SSL, roughly grouped by feature. Probably
  options and modes are the first two sections. SSL_TXT_* constants can
  be part of documenting cipher suite configuration.
- APIs to query state from SSL_CTX/SSL, roughly grouped by feature. (Or
  perhaps these should be folded into the configuration sections?)

The functions themselves aren't reordered or reorganized to match the
eventual header order yet. Though I did do the s -> ssl rename on the
ones I've touched.

Also formally deprecate SSL_clear. It would be a core SSL API
except it's horrible.

Change-Id: Ia7e4fdcb7bad4e9ccdee8cf8c3136dc63aaaa772
Reviewed-on: https://boringssl-review.googlesource.com/4784
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 21:32:42 +00:00
David Benjamin
4dab297953 Don't use struct names in ssl.h.
The type names are perfectly serviceable. Most of them are
forward-declared in base.h.

Change-Id: Id03f5039a2d1bab82c68ade074a0e26cd3ab5ad9
Reviewed-on: https://boringssl-review.googlesource.com/4783
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 21:13:32 +00:00
David Benjamin
760b1ddcdb Tidy up state machine coverage tests.
Rather than duplicate all the various modifiers, which is quite
error-prone, write all the tests to a temporary array and then apply
modifiers afterwards.

Change-Id: I19bfeb83b722ed34e973f17906c5e071471a926a
Reviewed-on: https://boringssl-review.googlesource.com/4782
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 21:12:58 +00:00
David Benjamin
3629c7b016 Add client peer-initiated renego to the state machine tests.
We should be testing asynchronous renego.

BUG=429450

Change-Id: Ib7a5d42f2ac728f9ea0d80158eef63ad77cd77a4
Reviewed-on: https://boringssl-review.googlesource.com/4781
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 21:11:55 +00:00
David Benjamin
cff0b90cbb Add client-side tests for renegotiation_info enforcement.
Since we hope to eventually lose server-side renegotiation support
altogether, get the client-side version of those tests. We should have
had those anyway to test that the default is to allow it.

BUG=429450

Change-Id: I4a18f339b55f3f07d77e22e823141e10a12bc9ff
Reviewed-on: https://boringssl-review.googlesource.com/4780
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 21:10:14 +00:00
Adam Langley
6bff1ca893 Specify argc and argv arguments to refcount_test:main.
(This is to keep MSVC happy.)

Change-Id: I8c410587d8ee0f0df33a5f87c6a6c9b5047f8abb
2015-05-20 13:49:41 -07:00
Adam Langley
12a4768f7d Try to fix MSVC and __STDC_VERSION__ again.
Looks like it was the use in type_check.h that was still causing
problems, not that MSVC doesn't short-circuit #if statements.

Change-Id: I574e8dd463c46b0133a989b221a7bb8861b3eed9
2015-05-20 13:42:12 -07:00
Adam Langley
cb56c2a137 Cast refcounts to _Atomic before use.
GCC doesn't care, but Clang is strict about this.

Change-Id: If34305303a87459985c98423a8283cad704ae984
2015-05-20 13:39:22 -07:00
Adam Langley
0d1d0d5c1f Try again to only test __STDC_VERSION__ when defined.
6e1f6456 tried to do this, but MSVC doesn't short-circuit #if
statements. So this change tries having the test be in a different #if.

Change-Id: Id0074770c166a2b7cd9ba2c8cd06245a68b77af8
2015-05-20 13:30:11 -07:00
Adam Langley
7b348dc1d8 Disable C11 atomics on OS X.
While the compiler on OS X sets the macros as if it supports C11
atomics, stdatomic.h is actually missing.

Change-Id: Ifecaf1c8df6390e6b994663adedc284d9b8130b7
2015-05-20 13:23:06 -07:00
Adam Langley
04edcc8b1b Tag the mutex functions with OPENSSL_EXPORT.
Now that ssl/ code is using them, shared-library builds need this.

Change-Id: Icf0088b8e52325f179a72708e28c2add8b824259
2015-05-20 13:14:44 -07:00
Adam Langley
6e1f64568b Don't test __STDC_VERSION__ unless it's defined.
(Fixes Windows build.)

Change-Id: If6dd5f6ec1263f9e77b852d33b8e3cf0f6dcd95f
2015-05-20 13:13:02 -07:00
Adam Langley
552df47dc0 Remove leftovers of the old-style locks.
At this point, none of these functions or macros are used so they can
just be deleted.

Change-Id: I8ed1aae7a252e886864bf43e3096eff2228183cd
Reviewed-on: https://boringssl-review.googlesource.com/4777
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 19:18:44 +00:00
Adam Langley
6fb174e564 Remove last references to named locks.
These ASN.1 macros are the last references to the old-style OpenSSL
locks that remain. The ASN.1 reference count handling was changed in a
previous commit to use |CRYPTO_refcount_*| so these lock references were
unused anyway.

Change-Id: I1b27eef140723050a8e6878a1bea11da3409d0eb
Reviewed-on: https://boringssl-review.googlesource.com/4776
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 19:18:30 +00:00
Adam Langley
4bdb6e43fa Remove remaining calls to the old lock functions.
|SSL_CTX| and |X509_STORE| have grown their own locks. Several static
locks have been added to hack around not being able to use a
|CRYPTO_once_t| in public headers. Lastly, support for calling
|SSL_CTX_set_generate_session_id| concurrently with active connections
has been removed. No other property of an |SSL_CTX| works like that.

Change-Id: Iff5fe3ee3fdd6ea9c9daee96f850b107ad8a6bca
Reviewed-on: https://boringssl-review.googlesource.com/4775
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 19:18:13 +00:00
Adam Langley
03163f3a11 Remove |CRYPTO_add|.
It's no longer needed after the conversion to |CRYPTO_refcount_t|.

Change-Id: Ied129c4c247fcd426745fa016350528b7571aaaa
Reviewed-on: https://boringssl-review.googlesource.com/4774
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 19:16:15 +00:00
Adam Langley
0b5e3908cf Convert reference counts in ssl/
Convert reference counts in ssl/ to use |CRYPTO_refcount_t|.

Change-Id: I5d60f641b0c89b1ddfe38bfbd9d7285c60377f4c
Reviewed-on: https://boringssl-review.googlesource.com/4773
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 19:15:47 +00:00
Adam Langley
0da323a8b8 Convert reference counts in crypto/
This change converts the reference counts in crypto/ to use
|CRYPTO_refcount_t|. The reference counts in |X509_PKEY| and |X509_INFO|
were never actually used and so were dropped.

Change-Id: I75d572cdac1f8c1083c482e29c9519282d7fd16c
Reviewed-on: https://boringssl-review.googlesource.com/4772
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 19:15:26 +00:00
Adam Langley
6f2e733bab Add infrastructure for reference counts.
OpenSSL has traditionally done reference counting with |int|s and the
|CRYPTO_add| function. Unless a special callback is installed (rare),
this is implemented by doing the reference count operations under a
lock.

This change adds infrastructure for handling reference counts and uses
atomic operations when C11 support is available.

Change-Id: Ia023ce432319efd00f77a7340da27d16ee4b63c3
Reviewed-on: https://boringssl-review.googlesource.com/4771
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 19:14:59 +00:00
Adam Langley
daaff93464 Use C11 _Static_assert where available.
OPENSSL_COMPILE_ASSERT implements a static assertion, but the error
message is a little weird because it's a hack around the fact that C,
traditionally, doesn't have static assertions.

C11 now does have _Static_assert (a.k.a. static_assert when one includes
assert.h) so we can use that when provided to get cleaner error
messages.

Change-Id: Ia3625dfb2988de11fd95ddba957f118c0d3183ff
Reviewed-on: https://boringssl-review.googlesource.com/4770
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 19:13:23 +00:00
Matt Braithwaite
dc8c739a3b Implement |DES_ede2_cbc_encrypt|.
Change-Id: I0d2a09242e2d5092ee7facab4729e9af36d9d548
Reviewed-on: https://boringssl-review.googlesource.com/4752
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 18:36:01 +00:00
Adam Langley
a7997f12be Set minimum DH group size to 1024 bits.
DH groups less than 1024 bits are clearly not very safe. Ideally servers
would switch to ECDHE because 1024 isn't great either, but this will
serve for the short term.

BUG=490240

Change-Id: Ic9aac714cdcdcbfae319b5eb1410675d3b903a69
Reviewed-on: https://boringssl-review.googlesource.com/4813
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 18:35:31 +00:00
Adam Langley
4a7b70d055 Add LICENSE file.
Change-Id: I1bade6ad22596857b208b2c8ad54b239b648b86e
Reviewed-on: https://boringssl-review.googlesource.com/4812
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 17:44:57 +00:00
Adam Langley
b3a262c9f1 Fix |SSLeay|.
SSLeay is a compatibility function for OpenSSL, but I got it wrong. It
doesn't return a string, it returns a number. This doesn't end up making
any difference, but it fixes a warning when building OpenSSH.

Change-Id: I327ab4f70313c93c18f81d8804ba4acdc3bc1a4a
Reviewed-on: https://boringssl-review.googlesource.com/4811
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-05-20 17:44:44 +00:00
Adam Langley
f0320d3c73 Fix use after free in X509.
This change import's upstream's beeb0fa7 and fixes a UAF in X509.
Thankfully, this shouldn't impact Chromium, which doesn't use OpenSSL
for certificate verification.

BUG=489764

Change-Id: I0ce2ec05083f7c588ba5504bb12151437dec593e
Reviewed-on: https://boringssl-review.googlesource.com/4810
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-05-19 19:16:44 +00:00
David Benjamin
3dacff94dc Always include x86_64-gcc.c in the standalone build.
Unlike the standalone build, builds generated from util/generate_build_files.py
do not exclude x86_64-gcc.c. Match the consumer builds by making the standalone
build unconditionally include it. (This would have noticed the missing
preprocessor checks in the file.)

Change-Id: I8d20f269dea63776320ae636ee1e5339cb85fa30
Reviewed-on: https://boringssl-review.googlesource.com/4761
Reviewed-by: Adam Langley <agl@google.com>
2015-05-15 22:37:49 +00:00
Adam Langley
966003273d Don't use x86_64-gcc.c with NO_ASM.
Android (on OS X) builds with NO_ASM and was getting both generic.c and
x86_64-gcc.c. This change updates the latter so that it's excluded in
NO_ASM builds.

Change-Id: I1f0e1c5e551eed9c575ce632ec3016fce7ec9d2e
Reviewed-on: https://boringssl-review.googlesource.com/4741
Reviewed-by: Adam Langley <agl@google.com>
2015-05-15 22:23:49 +00:00
David Benjamin
81091d55e1 Don't use uninitialized memory in RAND_bytes.
We can't actually catch this with MSan because it requires all code be
instrumented, so it needs a NO_ASM build which no disables that code. valgrind
doesn't notice either, possibly because there's some computation being done on
it. Still, we shouldn't use uninitialized memory.

Also get us closer to being instrumentable by MSan, but the runner tests will
need to build against an instrumented STL and I haven't tried that yet.

Change-Id: I2d65697a3269b5b022899f361730a85c51ecaa12
Reviewed-on: https://boringssl-review.googlesource.com/4760
Reviewed-by: Adam Langley <agl@google.com>
2015-05-15 20:31:27 +00:00
Adam Langley
d72e284271 Support arbitrary elliptic curve groups.
This change exposes the functions needed to support arbitrary elliptic
curve groups. The Java API[1] doesn't allow a provider to only provide
certain elliptic curve groups. So if BoringSSL is an ECC provider on
Android, we probably need to support arbitrary groups because someone
out there is going to be using it for Bitcoin I'm sure.

Perhaps in time we can remove this support, but not yet.

[1] https://docs.oracle.com/javase/7/docs/api/java/security/spec/ECParameterSpec.html

Change-Id: Ic1d76de96f913c9ca33c46b451cddc08c5b93d80
Reviewed-on: https://boringssl-review.googlesource.com/4740
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-05-15 00:59:37 +00:00
David Benjamin
a07c0fc8f2 Fix SSL_get_current_cipher.
SSL_get_current_cipher is documented by upstream to return the cipher actually
being used. However, because it reads s->session, it returns information
pertaining to the session to be offered if queried before ServerHello or early
in an abbreviated handshake.

Logic around s->session needs more comprehensive cleanup but for just this
function, defining it to be the current outgoing cipher is close to the current
semantics but for fixing the initial state (s->session->cipher is populated
when sending CCS). Store it in the SSL_AEAD_CTX which seems a natural place to
associate state pertaining to a connection half.

BUG=484744

Change-Id: Ife8db27a16615d0dbb2aec65359537243e08af7c
Reviewed-on: https://boringssl-review.googlesource.com/4733
Reviewed-by: Adam Langley <agl@google.com>
2015-05-14 23:02:16 +00:00
David Benjamin
4b27d9f8bd Never resume sessions on renegotiations.
This cuts down on one config knob as well as one case in the renego
combinatorial explosion. Since the only case we care about with renego
is the client auth hack, there's no reason to ever do resumption.
Especially since, no matter what's in the session cache:

- OpenSSL will only ever offer the session it just established,
  whether or not a newer one with client auth was since established.

- Chrome will never cache sessions created on a renegotiation, so
  such a session would never make it to the session cache.

- The new_session + SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
  logic had a bug where it would unconditionally never offer tickets
  (but would advertise support) on renego, so any server doing renego
  resumption against an OpenSSL-derived client must not support
  session tickets.

This also gets rid of s->new_session which is now pointless.

BUG=429450

Change-Id: I884bdcdc80bff45935b2c429b4bbc9c16b2288f8
Reviewed-on: https://boringssl-review.googlesource.com/4732
Reviewed-by: Adam Langley <agl@google.com>
2015-05-14 22:53:21 +00:00
Shawn Willden
785e07b23d Copy ecdsa_meth in EC_KEY_copy.
Change-Id: Ia97e76d6e5a5dc216a05741864c3d59b50d855bd
Reviewed-on: https://boringssl-review.googlesource.com/4750
Reviewed-by: Adam Langley <agl@google.com>
2015-05-14 20:37:21 +00:00
David Benjamin
08dc68d510 Define no-op options consistently.
We have a lot of options that don't do anything.

Change-Id: I1681fd07d1272547d4face87917ce41029bbf0de
Reviewed-on: https://boringssl-review.googlesource.com/4731
Reviewed-by: Adam Langley <agl@google.com>
2015-05-13 17:11:52 +00:00
David Benjamin
e6df054a75 Add s->s3->initial_handshake_complete.
There's multiple different versions of this check, between
s->s3->have_version (only works at some points), s->new_session (really
weird and not actually right), s->renegotiate (fails on the server
because it's always 2 after ClientHello), and s->s3->tmp.finish_md_len
(super confusing). Add an explicit bit with clear meaning. We'll prune
some of the others later; notably s->renegotiate can go away when
initiating renegotiation is removed.

This also tidies up the extensions to be consistent about whether
they're allowed during renego:

- ALPN failed to condition when accepting from the server, so even
  if the client didn't advertise, the server could.

- SCTs now *are* allowed during renego. I think forbidding it was a
  stray copy-paste. It wasn't consistently enforced in both ClientHello
  and ServerHello, so the server could still supply it. Moreover, SCTs
  are part of the certificate, so we should accept it wherever we accept
  certificates, otherwise that session's state becomes incomplete. This
  matches OCSP stapling. (NB: Chrome will never insert a session created
  on renego into the session cache and won't accept a certificate
  change, so this is moot anyway.)

Change-Id: Ic9bd1ebe2a2dbe75930ed0213bf3c8ed8170e251
Reviewed-on: https://boringssl-review.googlesource.com/4730
Reviewed-by: Adam Langley <agl@google.com>
2015-05-13 17:11:31 +00:00
David Benjamin
897e5e0013 Default renegotiations to off.
As of crbug.com/484543, Chromium's SSLClientSocket is not sensitive to whether
renegotiation is enabled or not. Disable it by default and require consumers to
opt into enabling this protocol mistake.

BUG=429450

Change-Id: I2329068284dbb851da010ff1fd398df3d663bcc3
Reviewed-on: https://boringssl-review.googlesource.com/4723
Reviewed-by: Adam Langley <agl@google.com>
2015-05-13 17:02:14 +00:00
David Benjamin
4690bb5fc3 Port cipher_test to file_test.
Derived from upstream's new evp_test. The tests were taken from upstream
but tweaked so the diff from the old cipher_test.txt is more obvious.

Change-Id: Ic82593a8bb6aaee9b69fdc42a8b75516b03c1c5a
Reviewed-on: https://boringssl-review.googlesource.com/4707
Reviewed-by: Adam Langley <agl@google.com>
2015-05-13 17:00:55 +00:00
David Benjamin
771a138f26 Add missing #include for abort()
http://build.chromium.org/p/chromium.linux/builders/Android%20Arm64%20Builder%20%28dbg%29/builds/17339

Change-Id: I1cf015bb188282363aa5ddbf4e8ef88932370b62
Reviewed-on: https://boringssl-review.googlesource.com/4714
Reviewed-by: Adam Langley <agl@google.com>
2015-05-12 22:04:32 +00:00
David Benjamin
de12d6cd7a Mind the end of the buffer in aligned case of generic RC4 implementation.
The generic RC4 implementation may read and write just past the end of the
buffer; when input and output are aligned, it always reads an RC4_CHUNK at a
time. It appropriately masks off and preserves the excess bytes off the end, so
this can only have practical effects if it crosses a page boundary. There's an
alignment check, so that can't happen; page boundaries are always aligned. But
it makes ASan unhappy and strictly speaking is a memory error.

Instead, fall through to the generic codepath which just reads it byte by byte.
This should fix the other bot failure.

Change-Id: I3cbd3bfc6cb0537e87f3252dea12d40ffa78d590
Reviewed-on: https://boringssl-review.googlesource.com/4722
Reviewed-by: Adam Langley <agl@google.com>
2015-05-12 19:31:09 +00:00
David Benjamin
5694b3a84b Fix invalid assert in CRYPTO_ctr128_encrypt.
As with CRYPTO_ctr128_encrypt_ctr32, NULL in and out are legal in the
degenerate case when len is 0. This fixes one of the two failures on the bots.

Change-Id: If6016dfc3963d9c06c849fc8eba9908556f66666
Reviewed-on: https://boringssl-review.googlesource.com/4721
Reviewed-by: Adam Langley <agl@google.com>
2015-05-12 19:26:53 +00:00
Matt Braithwaite
9b68e72d18 Define compatibility function |ERR_remove_state|.
(It was already declared.)

Change-Id: Ifcda07fe85a6d5d9e2d3b5c387793413f5048515
Reviewed-on: https://boringssl-review.googlesource.com/4713
Reviewed-by: Adam Langley <agl@google.com>
2015-05-12 19:06:18 +00:00
David Benjamin
2607383e72 Fix generate_build_files.py to account for crypto/test.
crypto/test contains not tests, but a test support library that should be
linked into each test.

Change-Id: If1c85eda2a3df1717edd38575e1ec792323c400b
Reviewed-on: https://boringssl-review.googlesource.com/4720
Reviewed-by: Adam Langley <agl@google.com>
2015-05-12 01:06:32 +00:00