Commit Graph

1840 Commits

Author SHA1 Message Date
David Benjamin
2b2b0f909d Set errno to ENOMEM when simulating a malloc failure.
Per malloc(3):

    The  UNIX  98  standard requires malloc(), calloc(), and realloc() to set
    errno to ENOMEM upon failure.  Glibc assumes that this is done (and the
    glibc versions of these routines do this); if you use a private malloc
    implementation that does not set errno, then certain library routines may
    fail without having a reason in errno.

Notably, thread_test otherwise fails an assertion deep in glibc.

Change-Id: Ia2c0ab306987476e7d6570d4bbf04a2641398925
Reviewed-on: https://boringssl-review.googlesource.com/5111
Reviewed-by: Adam Langley <agl@google.com>
2015-06-15 17:53:08 +00:00
David Benjamin
1c703cb0c1 Check for BN_copy failures.
BN_copy can fail on malloc failure. The case in crypto/rsa was causing the
malloc tests in all_tests.go to infinite loop.

Change-Id: Id5900512013fba9960444d78a8c056aa4314fb2d
Reviewed-on: https://boringssl-review.googlesource.com/5110
Reviewed-by: Adam Langley <agl@google.com>
2015-06-15 17:52:40 +00:00
Kenny Root
3a9e1fba0e Correct various documentation typos
Some of the documentation had the right explanation but the incorrect
function names attached.

Change-Id: I7b479dae6d71a5ac7bc86df5a3890508c3b3d09f
Reviewed-on: https://boringssl-review.googlesource.com/5090
Reviewed-by: Adam Langley <agl@google.com>
2015-06-10 22:06:01 +00:00
Adam Langley
2b23eaa478 Use the correct case for Windows headers.
When cross-compiling for Windows on a Linux system, the filesystem is
case sensitive and so #includes with uppercase characters cause errors.

Change-Id: I6fe6d677887ce84ba8b2c3136cf2c70998d96e81
Reviewed-on: https://boringssl-review.googlesource.com/5060
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-06-09 21:38:04 +00:00
Adam Langley
85bc5601ee Add ECDHE-PSK-AES{128,256}-SHA cipher suites.
If we're going to have PSK and use standard cipher suites, this might be
the best that we can do for the moment.

Change-Id: I35d9831b2991dc5b23c9e24d98cdc0db95919d39
Reviewed-on: https://boringssl-review.googlesource.com/5052
Reviewed-by: Adam Langley <agl@google.com>
2015-06-09 18:10:42 +00:00
Adam Langley
1feb42a2fb Drop ECDHE-PSK-AES-128-GCM.
This is the best PSK cipher suite, but it's non-standard and nobody is
using it. Trivial to bring back in the future if we have need of it.

Change-Id: Ie78790f102027c67d1c9b19994bfb10a2095ba92
Reviewed-on: https://boringssl-review.googlesource.com/5051
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-06-09 18:08:52 +00:00
David Benjamin
d1c1c8e0a1 Remove EVP_PKEY_missing_parameters in ssl3_check_certificate_for_cipher.
This is a remnant of DSA support. It's not possible to parse out an incomplete
public key for the more reasonable X.509 key types.

Change-Id: I4f4c7b9d3795f5f0635f80a4cec9ca4c778e6c69
Reviewed-on: https://boringssl-review.googlesource.com/5050
Reviewed-by: Adam Langley <agl@google.com>
2015-06-08 22:43:36 +00:00
David Benjamin
436bf82ee8 Prune ssl3_check_cert_and_algorithm.
Most of the logic was redundant with checks already made in
ssl3_get_server_certificate. The DHE check was missing an ECDHE half
(and was impossible). The ECDSA check allowed an ECDSA certificate for
RSA. The only non-redundant check was a key usage check which,
strangely, is only done for ECDSA ciphers.

(Although this function called X509_certificate_type and checked sign
bits, those bits in X509_certificate_type are purely a function of the
key type and don't do anything.)

Change-Id: I8df7eccc0ffff49e4cfd778bd91058eb253b13cb
Reviewed-on: https://boringssl-review.googlesource.com/5047
Reviewed-by: Adam Langley <agl@google.com>
2015-06-08 22:27:12 +00:00
David Benjamin
8923c0bc53 Explicitly check for empty certificate list.
The NULL checks later on notice, but failing with
SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS on accident is confusing.
Require that the message be non-empty.

Change-Id: Iddfac6a3ae6e6dc66c3de41d3bb26e133c0c6e1d
Reviewed-on: https://boringssl-review.googlesource.com/5046
Reviewed-by: Adam Langley <agl@google.com>
2015-06-08 22:19:00 +00:00
David Benjamin
24f346d77b Limit the number of warning alerts silently consumed.
Per review comments on
https://boringssl-review.googlesource.com/#/c/4112/.

Change-Id: I82cacf67c6882e64f6637015ac41945522699797
Reviewed-on: https://boringssl-review.googlesource.com/5041
Reviewed-by: Adam Langley <agl@google.com>
2015-06-08 22:16:14 +00:00
David Benjamin
f4958e7678 Slightly simplify ServerKeyExchange handling.
The current logic requires each key exchange extract the key. It also
leaves handling X509_get_pubkey failure to the anonymous cipher suite
case which has an escape hatch where it goes back to check
ssl3_check_cert_and_algorithm.

Instead, get the key iff we know we have a signature to check.

Change-Id: If7154c7156aad3b89489defe4c1d951eeebf0089
Reviewed-on: https://boringssl-review.googlesource.com/5045
Reviewed-by: Adam Langley <agl@google.com>
2015-06-08 22:14:53 +00:00
David Benjamin
b31040d0d8 Get rid of CERT_PKEY slots in SESS_CERT.
This doesn't even change behavior. Unlike local configuration, the peer
can never have multiple certificates anyway. (Even with a renego, the
SESS_CERT is created anew.)

This does lose the implicit certificate type check, but the certificate
type is already checked in ssl3_get_server_certificate and later checked
post-facto in ssl3_check_cert_and_algorithm (except that one seems to
have some bugs like it accepts ECDSA certificates for RSA cipher suites,
to be cleaned up in a follow-up). Either way, we have the certificate
mismatch tests for this.

BUG=486295

Change-Id: I437bb723bb310ad54ee4150eda67c1cfe43377b3
Reviewed-on: https://boringssl-review.googlesource.com/5044
Reviewed-by: Adam Langley <agl@google.com>
2015-06-08 22:13:45 +00:00
David Benjamin
c7a3a14872 Convert rsa_test to C++.
In doing so, check for malloc failures and use scopers as appropriate.
This should clear rsa_test for use with malloc tests. Also replace the
SetKey macro and exploded RSA keys with a DER RSAPrivateKey structure.
Much less tedious.

Change-Id: I3ce092ef67e7ac2af74f509abbdf84b7f2b6d45d
Reviewed-on: https://boringssl-review.googlesource.com/5043
Reviewed-by: Adam Langley <agl@google.com>
2015-06-08 22:11:20 +00:00
Adam Langley
3d960e5ec1 Include base.h in tool/internal.h.
This is attempting to fix a Windows build failure when building args.cc.

Change-Id: I6e0c05303832c446d07e5e0d95a1c5151d275788
2015-06-08 14:52:13 -07:00
David Benjamin
a8ebe2261f Add tests for empty record limit and make it work in the async case.
We shouldn't have protocol constraints that are sensitive to whether
data is returned synchronously or not.

Per https://boringssl-review.googlesource.com/#/c/4112/, the original
limitation was to avoid OpenSSL ABI changes. This is no longer a
concern.

Add tests for the sync and async case. Send the empty records in two
batches to ensure the count is reset correctly.

Change-Id: I3fee839438527e71adb83d437879bb0d49ca5c07
Reviewed-on: https://boringssl-review.googlesource.com/5040
Reviewed-by: Adam Langley <agl@google.com>
2015-06-08 21:45:21 +00:00
David Benjamin
58084affbe Make constants in bssl tool actually const.
Change-Id: Iedf6a1bafbe195b689e1aebd2293332e38c1f4c7
Reviewed-on: https://boringssl-review.googlesource.com/5042
Reviewed-by: Adam Langley <agl@google.com>
2015-06-08 21:43:15 +00:00
Adam Langley
521d4b805a Export |CBS_get_any_ber_asn1_element|.
We have need of it internally.

Change-Id: I564af468728b22245e8eab384ea7018b7e88cc86
Reviewed-on: https://boringssl-review.googlesource.com/5022
Reviewed-by: Matt Braithwaite <mab@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2015-06-05 21:56:42 +00:00
Adam Langley
dd45e3b236 Possible Windows build fix.
This just tries to convince MSVC that we're not going to use |nprimes|
without initialising it first:

tool\genrsa.cc(63) : warning C4701: potentially uninitialized local
variable 'nprimes' used

Change-Id: If8a68ad4fe2c2fb7a8073b7ba43d540467ddf8f8
2015-06-05 12:25:51 -07:00
David Benjamin
1a3c23234c Fix build.
Mac wants a stdlib.h. Windows wants a void and doesn't like static const in
array declarations.

Change-Id: If1e8fb141e41200cf8a7348c6918c2f22465f5fe
Reviewed-on: https://boringssl-review.googlesource.com/5030
Reviewed-by: Adam Langley <agl@google.com>
2015-06-05 19:13:31 +00:00
Adam Langley
e3ed21058d Add #defines for ASN.1 NULL and GENERALIZEDTIME.
Change-Id: Ic82ab5de4e231cdf6230ee7262c3c7539404d4a6
Reviewed-on: https://boringssl-review.googlesource.com/5020
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-06-05 18:59:50 +00:00
Matt Braithwaite
1d0a056180 Explicitly cast |CHECK| result to |void| to avoid compiler complaint.
Change-Id: Ie7b376da1a157d144e9c4651722630dbf9c45436
Reviewed-on: https://boringssl-review.googlesource.com/5021
Reviewed-by: Adam Langley <agl@google.com>
2015-06-05 18:48:02 +00:00
David Benjamin
1043ac0fac Add a flag to bssl client to enable False Start.
One more flag we'd need for bssl client to mimic Chromium.

Change-Id: I66bb43f0d6789c8ab922679747b7e9bc28c1d849
Reviewed-on: https://boringssl-review.googlesource.com/5010
Reviewed-by: Adam Langley <agl@google.com>
2015-06-05 18:40:18 +00:00
Adam Langley
839b881c61 Multi-prime RSA support.
RSA with more than two primes is specified in
https://tools.ietf.org/html/rfc3447, although the idea goes back far
earier than that.

This change ports some of the changes in
http://rt.openssl.org/Ticket/Display.html?id=3477&user=guest&pass=guest
to BoringSSL—specifically those bits that are under an OpenSSL license.

Change-Id: I51e8e345e2148702b8ce12e00518f6ef4683d3e1
Reviewed-on: https://boringssl-review.googlesource.com/4870
Reviewed-by: Adam Langley <agl@google.com>
2015-06-05 18:39:44 +00:00
Adam Langley
af0e32cb84 Add SSL_get_tls_unique.
SSL_get_tls_unique returns the tls-unique channel-binding value as
defined in https://tools.ietf.org/html/rfc5929#section-3.1.

Change-Id: Id9644328a7db8a91cf3ff0deee9dd6ce0d3e00ba
Reviewed-on: https://boringssl-review.googlesource.com/4984
Reviewed-by: Adam Langley <agl@google.com>
2015-06-04 22:10:22 +00:00
Adam Langley
691992b0ea Minor typo fix in comment.
Change-Id: I55dc3d87a9571901abd2bbaf268871a482cf3bc5
Reviewed-on: https://boringssl-review.googlesource.com/4983
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-06-04 21:59:45 +00:00
Adam Langley
cc1e3df75c Make CBS_get_any_asn1_element accept only DER.
This change makes |CBS_get_any_asn1_element| only handle DER elements.
Another function, |CBS_get_any_ber_asn1_element| is exposed internally
for the cases where we need to process BER data.

Change-Id: I544141a1a3d7913986352a8fd9a6d00b9f282652
Reviewed-on: https://boringssl-review.googlesource.com/4994
Reviewed-by: Adam Langley <agl@google.com>
2015-06-03 22:08:16 +00:00
Adam Langley
0976096224 bytestring: Test out_header_len != NULL before writing.
The documentation for |CBS_get_any_asn1_element| says that
|out_header_len| may be NULL, but in the case of an indefinite-length
element it would be written unconditionally.

Thanks to Doug Hogan for noticing this.

Change-Id: I17609b3465df73d42dd9efd75e783159aa99a59b
Reviewed-on: https://boringssl-review.googlesource.com/4993
Reviewed-by: Adam Langley <agl@google.com>
2015-06-03 22:07:40 +00:00
Adam Langley
ba5934b77f Tighten up EMS resumption behaviour.
The client and server both have to decide on behaviour when resuming a
session where the EMS state of the session doesn't match the EMS state
as exchanged in the handshake.

                        Original handshake
      |  No                                         Yes
------+--------------------------------------------------------------
      |
R     |  Server: ok [1]                     Server: abort [3]
e  No |  Client: ok [2]                     Client: abort [4]
s     |
u     |
m     |
e     |
  Yes |  Server: don't resume                   No problem
      |  Client: abort; server
      |    shouldn't have resumed

[1] Servers want to accept legacy clients. The draft[5] says that
resumptions SHOULD be rejected so that Triple-Handshake can't be done,
but we'll rather enforce that EMS was used when using tls-unique etc.

[2] The draft[5] says that even the initial handshake should be aborted
if the server doesn't support EMS, but we need to be able to talk to the
world.

[3] This is a very weird case where a client has regressed without
flushing the session cache. Hopefully we can be strict and reject these.

[4] This can happen when a server-farm shares a session cache but
frontends are not all updated at once. If Chrome is strict here then
hopefully we can prevent any servers from existing that will try to
resume an EMS session that they don't understand. OpenSSL appears to be
ok here: https://www.ietf.org/mail-archive/web/tls/current/msg16570.html

[5] https://tools.ietf.org/html/draft-ietf-tls-session-hash-05#section-5.2

BUG=492200

Change-Id: Ie1225a3960d49117b05eefa5a36263d8e556e467
Reviewed-on: https://boringssl-review.googlesource.com/4981
Reviewed-by: Adam Langley <agl@google.com>
2015-06-03 22:05:50 +00:00
Adam Langley
b0eef0aee9 runner: minor tidyups.
Add expectResumeRejected to note cases where we expect a resumption
handshake to be rejected. (This was previously done by adding a flag,
which is a little less clear.)

Also, save the result of crypto/tls.Conn.ConnectionState() rather than
repeat that a lot.

Change-Id: I963945eda5ce1f3040b655e2441174b918b216b3
Reviewed-on: https://boringssl-review.googlesource.com/4980
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-06-03 22:03:07 +00:00
Matt Braithwaite
9f8ef2da92 Add |EVP_get_digestbyname|.
Change-Id: If7078ea68f037caf8e26fa0b714e96e64d50dfa9
Reviewed-on: https://boringssl-review.googlesource.com/5000
Reviewed-by: Adam Langley <agl@google.com>
2015-06-03 21:34:07 +00:00
Matt Braithwaite
b7326b0b43 Implement |PEM_def_callback| and call it where appropriate.
This implementation does not prompt for a password.  It's just enough
to ensure that the many functions that take a tuple of
|pem_password_cb| and a |void *| to a password work in a reasonable
way when the latter is non-NULL.

Change-Id: Ic6bfc484630c67b5ede25277e14eb3b00c2024f0
Reviewed-on: https://boringssl-review.googlesource.com/4990
Reviewed-by: Adam Langley <agl@google.com>
2015-06-03 17:58:44 +00:00
Adam Langley
e26e590824 Avoid unused variable warnings with assert.
It would be nice if assert(x) reduced to ((void) x) when NDEBUG was
defined, but it doesn't. Because of this, locally define CHECK, which
does. This avoids warnings with Clang.

Change-Id: I70882741da4984a025bcfaac1969032387f369de
Reviewed-on: https://boringssl-review.googlesource.com/4991
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-06-02 23:05:54 +00:00
David Benjamin
efad697813 Sync vs_toolschain.py up with Chromium.
win8sdk got renamed to win_sdk. Also minor fixes from upstream, mostly pylint.
Upstream also no longer keeps the toolchain hash in a separate file.

Change-Id: Iefc8bb6a487f0cdb13fcf3131b0fba317ca6548b
Reviewed-on: https://boringssl-review.googlesource.com/4982
Reviewed-by: Adam Langley <agl@google.com>
2015-06-02 21:04:30 +00:00
David Benjamin
39da3172e4 Empty commit to kick the bots.
depot_tools' win_toolchain was briefly broken:
https://codereview.chromium.org/1159433006/

Change-Id: Iba5347f0ddc03c34a007ad83e196f51201a8d03e
2015-06-02 15:15:03 -04:00
Joel Klinghed
1550a84784 Allow compilation for armv6
Use when giving -DANDROID_ABI="armeabi-v6 with VFP" to android-cmake

Change-Id: Ifb053bcf4788e34fb54e20c27d4e519416ca9a11
Reviewed-on: https://boringssl-review.googlesource.com/4945
Reviewed-by: Adam Langley <agl@google.com>
2015-06-02 18:16:13 +00:00
Joel Klinghed
9a4996e359 Fix compilation of sha256-armv4.S when using -march=armv6
sha256-armv4.S:1884: Error: invalid constant (ffffffffffffef90) after fixup

BUG=495695

Change-Id: I5b7423c2f7a10657c92c7b1ccae970f33c569455
Reviewed-on: https://boringssl-review.googlesource.com/4944
Reviewed-by: Adam Langley <agl@google.com>
2015-06-02 18:15:37 +00:00
Joel Klinghed
485a50ae15 Match the ifdef check in bsaes-armv7.S
bsaes-armv7.S implements bsaes_cbc_encrypt if #if __ARM_MAX_ARCH__ >= 7
but e_aes.c instead used #if __ARM_ARCH >= 7 causing duplicate symbols
for linkers that care about that

Change-Id: I10ad8e24be75fdc03b0670869a53078b0477950b
Reviewed-on: https://boringssl-review.googlesource.com/4943
Reviewed-by: Adam Langley <agl@google.com>
2015-06-02 18:14:41 +00:00
David Benjamin
e216288109 Unexport and prune EVP_MD_CTX flags.
The only flag is EVP_MD_CTX_FLAG_NO_INIT and no good can possibly come of
anyone outside EVP_PKEY_HMAC calling it. (And indeed no one calls it.
EVP_MD_CTX_set_flags has a caller in wpa_supplicant, but it uses
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW which we don't define. The call is guarded by a
pair of ifdefs for some FIPS mode wpa_supplicant.)

Change-Id: I70ab8ffa646f3f75dfa4d37c96b9e82448ff1e40
Reviewed-on: https://boringssl-review.googlesource.com/4971
Reviewed-by: Adam Langley <agl@google.com>
2015-06-02 01:08:10 +00:00
David Benjamin
af8731f7a5 Remove HMAC_CTX_set_flags.
It's never called externally and for good reason; the only flag to set is
EVP_MD_CTX_FLAG_NO_INIT which is an implementation detail of EVP_PKEY_HMAC
(hopefully to be removed eventually). Indeed, only EVP_PKEY_HMAC ever calls
this function. Except there's no need to because the HMAC_CTX has already been
initialized at that point. (And were it not initialized, that call would not
bode well for the poor HMAC_CTX.)

The legacy EVP_PKEY_HMAC API has test coverage and still works after this
change.

Change-Id: I2fb0bede3c24ad1519f9433f957606de15ba86c7
Reviewed-on: https://boringssl-review.googlesource.com/4970
Reviewed-by: Adam Langley <agl@google.com>
2015-06-02 01:07:07 +00:00
David Benjamin
bf3208b849 Add additional HMAC tests.
Not terribly important given that we already have NIST vectors, but may as
well. These tests come from upstream's
2cfbdd71dde0c3ddf4597eb20cc3e3fb8485fc15.

Change-Id: I4f8dadc7d5d1599d0b75ecdef06f2fc6a5cd8003
Reviewed-on: https://boringssl-review.googlesource.com/4962
Reviewed-by: Adam Langley <agl@google.com>
2015-06-01 22:51:00 +00:00
David Benjamin
a1c90a5ce1 Further tidy up cipher logic.
With SSL2 gone, there's no need for this split between the abstract
cipher framework and ciphers. Put the cipher suite table in ssl_cipher.c
and move other SSL_CIPHER logic there. With that gone, prune the
cipher-related hooks in SSL_PROTOCOL_METHOD.

BUG=468889

Change-Id: I48579de8bc4c0ea52781ba1b7b57bc5b4919d21c
Reviewed-on: https://boringssl-review.googlesource.com/4961
Reviewed-by: Adam Langley <agl@google.com>
2015-06-01 22:48:30 +00:00
David Benjamin
0fa4012331 Add a test that DTLS does not support RC4.
Make sure we don't break that on accident.

Change-Id: I22d58d35170d43375622fe61e4a588d1d626a054
Reviewed-on: https://boringssl-review.googlesource.com/4960
Reviewed-by: Adam Langley <agl@google.com>
2015-06-01 22:43:34 +00:00
David Benjamin
9a980abaee Fold TLS1_PRF_* into SSL_HANDSHAKE_MAC_*
They're redundant with each other.

Change-Id: I17e7ff8c4e0b1486986dd866fd99673fa2aaa494
Reviewed-on: https://boringssl-review.googlesource.com/4959
Reviewed-by: Adam Langley <agl@google.com>
2015-06-01 22:43:06 +00:00
David Benjamin
29864b5bb8 Remove SSL_CIPHER_ALGORITHM2_AEAD.
All ciphers are implemented by an EVP_AEAD.

Change-Id: Ifa754599a34e16bf97e1a4b84a271c6d45462c7c
Reviewed-on: https://boringssl-review.googlesource.com/4958
Reviewed-by: Adam Langley <agl@google.com>
2015-06-01 22:30:00 +00:00
David Benjamin
904dc72b32 Fold away SSL_PROTOCOL_METHOD hooks shared between TLS and DTLS.
The ctrl hooks are left alone since they should just go away.
Simplifying the cipher story will happen in the next CL.

BUG=468889

Change-Id: I979971c90f59c55cd5d17554f1253158b114f18b
Reviewed-on: https://boringssl-review.googlesource.com/4957
Reviewed-by: Adam Langley <agl@google.com>
2015-06-01 22:29:46 +00:00
David Benjamin
a6022771b3 Split ssl_read_bytes hook into app_data and close_notify hooks.
This still needs significant work, especially the close_notify half, but
clarify the interface and get *_read_bytes out of SSL_PROTOCOL_METHOD.
read_bytes is an implementation detail of those two and get_message
rather than both an implementation detail of get_message for handshake
and a (wholly inappropriate) exposed interface for the other two.

BUG=468889

Change-Id: I7dd23869e0b7c3532ceb2e9dd31ca25ea31128e7
Reviewed-on: https://boringssl-review.googlesource.com/4956
Reviewed-by: Adam Langley <agl@google.com>
2015-06-01 22:27:55 +00:00
David Benjamin
c933a47e6f Switch the ssl_write_bytes hook to ssl_write_app_data.
The SSL_PROTOCOL_METHOD table needs work, but this makes it clearer
exactly what the shared interface between the upper later and TLS/DTLS
is.

BUG=468889

Change-Id: I38931c484aa4ab3f77964d708d38bfd349fac293
Reviewed-on: https://boringssl-review.googlesource.com/4955
Reviewed-by: Adam Langley <agl@google.com>
2015-06-01 22:18:06 +00:00
David Benjamin
2c3679210e EVP_Digest*Update, EVP_DigestFinal, and HMAC_Update can never fail.
Enough code fails to check their return codes anyway. We ought to make
it official.

Change-Id: Ie646360fd7073ea943036f5e21bed13df7e1b77a
Reviewed-on: https://boringssl-review.googlesource.com/4954
Reviewed-by: Adam Langley <agl@google.com>
2015-06-01 22:17:10 +00:00
David Benjamin
e2375e139e Low-level hash 'final' functions cannot fail.
The SHA-2 family has some exceptions, but they're all programmer errors
and should be documented as such. (Are the failure cases even
necessary?)

Change-Id: I00bd0a9450cff78d8caac479817fbd8d3de872b8
Reviewed-on: https://boringssl-review.googlesource.com/4953
Reviewed-by: Adam Langley <agl@google.com>
2015-06-01 22:14:01 +00:00
David Benjamin
049756be46 Fix integer types in low-level hash functions.
Use sized integer types rather than unsigned char/int/long. The latter
two are especially a mess as they're both used in lieu of uint32_t.
Sometimes the code just blindly uses unsigned long and sometimes it uses
unsigned int when an LP64 architecture would notice.

Change-Id: I4c5c6aaf82cfe9fe523435588d286726a7c43056
Reviewed-on: https://boringssl-review.googlesource.com/4952
Reviewed-by: Adam Langley <agl@google.com>
2015-06-01 22:12:21 +00:00