Commit Graph

5509 Commits

Author SHA1 Message Date
David Benjamin
c1389f2ce8 Give SSL and SSL_CTX dummy constructor and destructor.
This doesn't actually make use of much of C++ yet. (SSL_CTX and
SSL/SSL_CONFIG carry analogous versions of a number of fields. It's
difficult to switch them to UniquePtr separately.)

Change-Id: Ia948f539c5c90e2d8301193f719604a31be17fc4
Reviewed-on: https://boringssl-review.googlesource.com/29589
Reviewed-by: Adam Langley <agl@google.com>
2018-07-06 19:01:56 +00:00
David Benjamin
4979803755 Unsplit SSL and SSL_CTX.
This doesn't give them a destructor yet, just shifts things around. In
doing so, it reveals that we inconsistently allowed internal code, but
not external code, to call functions like bssl::SSL_CTX_set_handoff_mode
without a namespace because of ADL. External code doesn't get to do
this because it doesn't see that ssl_ctx_st has a base class in
namespace bssl.

Change-Id: I2ab3b00fff2d6369e850606eed63017e4f8cf8c4
Reviewed-on: https://boringssl-review.googlesource.com/29588
Reviewed-by: Adam Langley <agl@google.com>
2018-07-06 18:56:03 +00:00
David Benjamin
e7b2b13fd4 Add link to CMake bugfix.
Change-Id: I6d82cbb33a5ac2acf3f4e0993210e0bddba8f1ad
Reviewed-on: https://boringssl-review.googlesource.com/29644
Reviewed-by: Adam Langley <agl@google.com>
2018-07-06 18:54:12 +00:00
Adam Langley
c7db3232c3 Add “bssl::” prefix to |UpRef| and |PushToStack| in fuzzer code.
Change-Id: Ie3ed310869f3068d5be8292448a27679fa91a7a7
Reviewed-on: https://boringssl-review.googlesource.com/29624
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-07-05 14:36:02 +00:00
Adam Langley
859679518d Drop C++ from certificate compression API.
It's 2018, but passing STL objects across the API boundary turns out to
still be more bother than it's worth. Since we're dropping UniquePtr in
the API anyway, go the whole way and make it a plain-C API.

Change-Id: Ic0202012e5d81afe62d71b3fb57e6a27a8f63c65
Update-note: this will need corresponding changes to the internal use of SSL_CTX_add_cert_compression_alg.
Reviewed-on: https://boringssl-review.googlesource.com/29564
Reviewed-by: David Benjamin <davidben@google.com>
2018-07-04 16:39:14 +00:00
Matthew Braithwaite
d2f87a7779 shim: move handshake helper functions into their own file.
To wit, |RetryAsync| and |CheckIdempotentError|.

This helps with creating a separate binary to perform split
handshakes.

Separate handshake utilities

Change-Id: I81d0bc38f58e7e1a92b58bf09407452b345213b4
Reviewed-on: https://boringssl-review.googlesource.com/29346
Commit-Queue: Matt Braithwaite <mab@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2018-07-03 23:30:20 +00:00
Matthew Braithwaite
f2bc5f490a shim: move |TestState| and |TestConfig| to their own files.
This makes |TestState| and |TestConfig| accessible outside
bssl_shim.cc, as well as the functions SetupCtx() and NewSSL(), which
become methods on |TestConfig|.  A whole mess of callbacks move in
order to support this change.

Along the way, some bits of global state are moved (e.g. the global
test clock) and made self-initializing.

This helps with creating a separate binary to perform split
handshakes.

Change-Id: I39b00a1819074882353f5f04ed01312916f3cccb
Reviewed-on: https://boringssl-review.googlesource.com/29345
Commit-Queue: Matt Braithwaite <mab@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2018-07-03 23:14:56 +00:00
David Benjamin
bfdd1a9308 Give SSL_SESSION a destructor.
Previously we'd partially attempted the ssl_st / bssl::SSLConnection
subclassing split, but that gets messy when we actually try to add a
destructor, because CRYPTO_EX_DATA's cleanup function needs an ssl_st*,
not a bssl::SSLConnection*. Downcasting is technically undefined at this
point and will likely offend some CFI-like check.

Moreover, it appears that even with today's subclassing split,
New<SSL>() emits symbols like:

W ssl_st*& std::forward<ssl_st*&>(std::remove_reference<ssl_st*&>::type&)

The compiler does not bother emitting them in optimized builds, but it
does suggest we can't really avoid claiming the ssl_st type name at the
symbol level, short of doing reinterpret_casts at all API boundaries.
And, of course, we've already long claimed it at the #include level.

So I've just left this defining directly on ssl_session_st. The cost is
we need to write some silly "bssl::" prefixes in the headers, but so it
goes. In the likely event we change our minds again, we can always
revise this.

Change-Id: Ieb429e8eaabe7c2961ef7f8d9234fb71f19a5e2a
Reviewed-on: https://boringssl-review.googlesource.com/29587
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2018-07-03 22:57:56 +00:00
David Benjamin
58150ed59b Add lh_FOO_retrieve_key to avoid stack-allocating SSL_SESSION.
lh_FOO_retrieve is often called with a dummy instance of FOO that has
only a few fields filled in. This works fine for C, but a C++
SSL_SESSION with destructors is a bit more of a nuisance here.

Instead, teach LHASH to allow queries by some external key type. This
avoids stack-allocating SSL_SESSION. Along the way, fix the
make_macros.sh script.

Change-Id: Ie0b482d4ffe1027049d49db63274c7c17f9398fa
Reviewed-on: https://boringssl-review.googlesource.com/29586
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2018-07-03 22:56:46 +00:00
David Benjamin
63c79122e0 Remove the redundant version check in ssl_session_cmp.
This partitions the session ID space of the internal cache by version,
which is nominally something we want, but we must check the version
externally anyway for both tickets and external session cache. That
makes this measure redundant. (Servers generate session IDs and 2^256 is
huge, so there would never accidentally be a collision.)

This cuts down on the "key" in the internal session cache, which will
simplify adding something like an lh_SSL_SESSION_retrieve_key function.
(LHASH is currently lax about keys because it can freely stack-allocate
partially-initialized structs. C++ is a bit more finicky about this.)

Change-Id: I656fd9dbf023dccb163d2e8049eff8f1f9a0e21b
Reviewed-on: https://boringssl-review.googlesource.com/29585
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2018-07-03 22:54:16 +00:00
David Benjamin
53d2c7a84a Remove fail_second_ddos_callback.
We have generic -on-resume prefixes now. This avoids the global counter.

Change-Id: I7596ed3273e826b744d8545f7ed2bdd5e9190958
Reviewed-on: https://boringssl-review.googlesource.com/29594
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Matt Braithwaite <mab@google.com>
2018-07-03 22:52:26 +00:00
David Benjamin
2908dd141f Add bssl::UpRef.
bssl::UniquePtr and FOO_up_ref do not play well together. Add a helper
to simplify this. This allows us to write things like:

   foo->cert = UpRef(bar->cert);

instead of:

   if (bar->cert) {
     X509_up_ref(bar->cert.get());
   }
   foo->cert.reset(bar->cert.get());

This also plays well with PushToStack. To append something to a stack
while taking a reference, it's just:

   PushToStack(certs, UpRef(cert))

Change-Id: I99ae8de22b837588a2d8ffb58f86edc1d03ed46a
Reviewed-on: https://boringssl-review.googlesource.com/29584
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2018-07-03 22:47:36 +00:00
David Benjamin
2e74fdaa4a Don't redefine alignas in C++.
alignas in C++11 is a bit more flexible than
__attribute__((aligned(x))), and we already require C++11 in tests.

Change-Id: If61c35daa5fcaaca5119dcc6808a3e746befc170
Reviewed-on: https://boringssl-review.googlesource.com/29544
Reviewed-by: Adam Langley <agl@google.com>
2018-07-03 22:11:32 +00:00
David Benjamin
aaef833433 Use more accessors in ssl_test.cc
Fewer things we need to update as the internals change.

Change-Id: If615a56557c8acbe08501f091e9fe21e5ff8072c
Reviewed-on: https://boringssl-review.googlesource.com/29525
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-07-03 22:10:46 +00:00
David Benjamin
0363de9a6b Namespace SSL_X509_METHOD.
Change-Id: I19296822354acea9956b9606d2209675151f511d
Reviewed-on: https://boringssl-review.googlesource.com/29524
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-07-03 21:41:36 +00:00
David Benjamin
a3a71e9d33 Flip SSL_SESSION fields to bool.
Change-Id: I0a3648437f78f37a4b710aaea73084a19be607c5
Reviewed-on: https://boringssl-review.googlesource.com/29485
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-07-03 21:26:16 +00:00
Matthew Braithwaite
997ff094af shim: move |SettingsWriter| into its own file.
This helps with creating a separate binary to perform split
handshakes.

Change-Id: Ie4bab40bebf39e79a90d45fabb566b7ce90945bb
Reviewed-on: https://boringssl-review.googlesource.com/29344
Commit-Queue: Matt Braithwaite <mab@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2018-07-02 22:26:28 +00:00
Guillaume Egles
791f2822b2 Fix VS build when assembler is enabled
The whitespace in the _STL_EXTRA_DISABLED_WARNINGS value was creating issues
for the CMake generated assembler build script called by VS.

By narrowing the build scope of this STL (and thus C++ only) variable to only C++
we avoid the problem altogether as it will not be passed to the assembler script.

Change-Id: Id422bdd991492f39acc82d52af2ea6d952deb6c6
Reviewed-on: https://boringssl-review.googlesource.com/29504
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-29 20:38:22 +00:00
David Benjamin
26f8297177 Switch to 64-bit tools on Windows.
It's 2018. I'm not sure why I added the 32-bit ones; even the 32-bit
bots build and run on 64-bit Windows. ninja.exe in depot_tools is also a
64-bit binary. I suspect this is because some of the depot_tools bits
use --platform=win32, but that's just the sys.platform string.

Alas, I stupidly named these "win32" way back. Dealing with the rename
is probably more trouble than worth it right now since the build recipes
refer to the name. Something to deal with later. (Regardless we'll want
"win32" to point to 64-bit binaries so that try jobs can test it.)

Also add the missing nasm-win32.exe to .gitignore.

For some reason the 64-bit Yasm binary does not work on the vs2017 CQ
bots, so I've left it alone. Hopefully it should be replaced by NASM
later anyway.

Change-Id: If65ececddbc6526ceebaafbef56eddea8ece58ba
Reviewed-on: https://boringssl-review.googlesource.com/29384
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-29 18:05:31 +00:00
David Benjamin
0cc51a793e Remove reference to SSL3 in PORTING.md.
We don't support SSL3 at all now. Actually we haven't supported renego
SSL3 in even longer, so this was false even before yesterday.

Change-Id: Ie759477fa84099dd486c4c4604080ecf8ecdf434
Reviewed-on: https://boringssl-review.googlesource.com/29484
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-29 17:46:32 +00:00
Adam Barth
9c3b120b61 [fuchsia] Update to zx_cprng_draw
This change moves to the final version of zx_cprng_draw, which cannot
fail. If the syscall would fail, either the operating system terminates
or the kernel kills the userspace process (depending on where the error
comes from).

Change-Id: Iea9563c9f63ea5802e2cde741879fa58c19028f4
Reviewed-on: https://boringssl-review.googlesource.com/29424
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-28 21:08:18 +00:00
Alessandro Ghedini
a0373182eb Update QUIC transport parameters extension codepoint
This was changed in draft-ietf-quic-tls-13 to use a codepoint from the
reserved range.

Change-Id: Ia3cda249a3f37bc244d5c8a7765ec34a5708c9ae
Reviewed-on: https://boringssl-review.googlesource.com/29464
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-28 17:41:58 +00:00
David Benjamin
9bb15f58f7 Remove SSL 3.0 implementation.
Update-Note: SSL_CTX_set_min_proto_version(SSL3_VERSION) now fails.
   SSL_OP_NO_SSLv3 is now zero. Internal SSL3-specific "AEAD"s are gone.

Change-Id: I34edb160be40a5eea3e2e0fdea562c6e2adda229
Reviewed-on: https://boringssl-review.googlesource.com/29444
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2018-06-28 16:54:58 +00:00
David Benjamin
fec83fc78d Order draft-28 over draft-23.
This doesn't particularly matter since most clients don't typically
advertise both versions, but we should presumably prefer the newer one.

Change-Id: If636e446c6af2049fc5743eb5fef04b780b29af9
Reviewed-on: https://boringssl-review.googlesource.com/29445
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-27 21:06:09 +00:00
David Benjamin
3815720cf3 Add a bunch of compatibility functions for PKCS#7.
The full library is a bit much, but this is enough to appease most of
cryptography.io.

Change-Id: I1bb0d83744c4550d5fe23c5c98cfd7e36b17fcc9
Reviewed-on: https://boringssl-review.googlesource.com/29365
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-26 18:42:49 +00:00
David Benjamin
eaf0a17db8 Add a copy of NASM to util/bot/ in BoringSSL.
This is to transition BoringSSL's Windows build from Yasm to NASM. This
change itself is a no-op for now, but a later change to the BoringSSL
recipes will add a pair of standalone builders here. Then I'll get the
change I have lying around for Chromium moving.

Bug: chromium:766721
Change-Id: I4dca1c299f93bc5c01695983fe0478490c472deb
Reviewed-on: https://boringssl-review.googlesource.com/29324
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-26 15:47:29 +00:00
David Benjamin
79c97bf37c Allow empty return values from PKCS7_get_*.
Right now we're inconsistent about it. If the OPTIONAL container is
missing, we report an error, but if the container is empty, we happily
return nothing. The latter behavior is more convenient for emulating
OpenSSL's PKCS#7 functions.

These are our own functions, so we have some leeway here. Looking
through callers, they appear to handle this fine.

Update-Note: This is a behavior change.
Change-Id: I1321025a64df3054d380003c90e57d9eb95e610f
Reviewed-on: https://boringssl-review.googlesource.com/29364
Reviewed-by: Adam Langley <agl@google.com>
2018-06-26 07:24:51 +00:00
David Benjamin
8803c0589d Properly advance the CBS when parsing BER structures.
CBS_asn1_ber_to_der was a little cumbersome to use. While it, in theory,
allowed callers to consistently advance past the element, no caller
actually did so consistently. Instead they would advance if conversion
happened, and not if it was already DER. For the PKCS7_* functions, this
was even caller-exposed.

Change-Id: I658d265df899bace9ba6616cb465f19c9e6c3534
Reviewed-on: https://boringssl-review.googlesource.com/29304
Reviewed-by: Adam Langley <agl@google.com>
2018-06-26 07:23:10 +00:00
Jesse Selover
b4810de60f Make X509 time validation stricter.
Copy of OpenSSL change
80770da39e.

This additionally fixes some bugs which causes time validation to
fail when the current time and certificate timestamp are near the
2050 UTCTime/GeneralizedTime cut-off.

Update-Note: Some invalid X.509 timestamps will be newly rejected.

Change-Id: Ie131c61b6840c85bed974101f0a3188e7649059b
Reviewed-on: https://boringssl-review.googlesource.com/29125
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-25 17:54:33 +00:00
Adam Langley
03de6813d8 Write error messages in the FIPS module to stderr.
Previously, delocate.go couldn't handle GOT references and so |stderr|
was a problematic symbol. We can cope with them now, so write FIPS
power-on test and urandom errors to stderr rather than stdout.

Change-Id: If6d7c19ee5f22dcbd74fb01c231500c2e130e6f7
Update-note: resolves internal bug 110102292.
Reviewed-on: https://boringssl-review.googlesource.com/29244
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-25 10:30:42 +00:00
Adam Langley
bcfb49914b Add special AES-GCM AEAD for TLS 1.3.
This change adds an AES-GCM AEAD that enforces nonce uniqueness inside
the FIPS module, like we have for TLS 1.2. While TLS 1.3 has not yet
been mentioned in the FIPS 140 IG, we expect it to be in the next ~12
months and so are preparing for that.

Change-Id: I65a7d8196b08dc0033bdde5c844a73059da13d9e
Reviewed-on: https://boringssl-review.googlesource.com/29224
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2018-06-25 10:23:22 +00:00
David Benjamin
954eefae58 Actually add AES-192-OFB.
I forgot about this file.

Change-Id: Icb98ffe3ed682a80d7a809a4585a5537fed0ba1c
Reviewed-on: https://boringssl-review.googlesource.com/29284
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-21 22:03:34 +00:00
Adam Langley
0080d83b9f Implement the client side of certificate compression.
Change-Id: I0aced480af98276ebfe0970b4afb9aa957ee07cb
Reviewed-on: https://boringssl-review.googlesource.com/29024
Reviewed-by: Adam Langley <agl@google.com>
2018-06-18 22:16:11 +00:00
David Benjamin
f6e5d0d5a1 Add AES-192-OFB.
cryptography.io gets offended if the library supports some OFB sizes but
not others.

Change-Id: I7fc7b12e7820547a82aae84d9418457389a482fe
Reviewed-on: https://boringssl-review.googlesource.com/29204
Reviewed-by: Adam Langley <agl@google.com>
2018-06-18 21:58:46 +00:00
David Benjamin
7139f755b6 Fix some timing leaks in the DSA code.
The DSA code is deprecated and will, hopefully, be removed in the future.
Nonetheless, this is easy enough to fix. It's the analog of the work we'd
already done for ECDSA.

- Document more clearly that we don't care about the DSA code.

- Use the existing constant-time modular addition function rather than
  the ad-hoc code.

- Reduce the digest to satisfy modular operations' invariants. (The
  underlying algorithms could accept looser bounds, but we reduce for
  simplicity.) There's no particular reason to do this in constant time,
  but we have the code for it, so we may as well.

- This additionally adds a missing check that num_bits(q) is a multiple
  of 8. We otherwise don't compute the right answer. Verification
  already rejected all 160-, 224-, and 256-bit keys, and we only
  generate DSA parameters where the length of q matches some hash
  function's length, so this is unlikely to cause anyone trouble.

- Use Montgomery reduction to perform the modular multiplication. This
  could be optimized to save a couple Montgomery reductions as in ECDSA,
  but DSA is deprecated, so I haven't bothered optimizing this.

- The reduction from g^k (mod p) to r = g^k (mod p) (mod q) is left
  in variable time, but reversing it would require a discrete log
  anyway. (The corresponding ECDSA operation is much easier to make
  constant-time due to Hasse's theorem, though that's actually still a
  TODO. I need to finish lifting EC_FELEM up the stack.)

Thanks to Keegan Ryan from NCC Group for reporting the modular addition issue
(CVE-2018-0495). The remainder is stuff I noticed along the way.

Update-Note: See the num_bits(q) change.

Change-Id: I4f032b041e2aeb09f9737a39f178c24e6a7fa1cb
Reviewed-on: https://boringssl-review.googlesource.com/29145
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-15 02:37:45 +00:00
David Benjamin
9f9c938af0 Revert "Reland "Revert "Add other Windows configurations to the CQ."""
This reverts commit 43eb0af5f1.

Reason for revert: Hopefully this is resolved by https://boringssl.googlesource.com/boringssl/+/7c8e725e55a72c914eb3a33af6cc65b4188102c6 ?

Original change's description:
> Reland "Revert "Add other Windows configurations to the CQ.""
> 
> This reverts commit 23e92d5d16.
> 
> Reason for revert: Nope. Still doesn't work. Back to poking infra
> about it...
> 
> Original change's description:
> > Revert "Revert "Add other Windows configurations to the CQ.""
> > 
> > This reverts commit 98831738f2.
> > 
> > Let's try this again. tandrii@ says this should be resolved as of
> > https://crbug.com/840505. (That was a while ago. I'd forgotten about
> > it.)
> > 
> > Change-Id: Ib49a629198a33d44ff1c3aa13af5825def1a5c4d
> > Reviewed-on: https://boringssl-review.googlesource.com/28924
> > Reviewed-by: Steven Valdez <svaldez@google.com>
> > Commit-Queue: Steven Valdez <svaldez@google.com>
> > CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
> 
> TBR=davidben@google.com,svaldez@google.com
> 
> Change-Id: Iecd0710075f1fedc4dea69283d018042fb1a2490
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://boringssl-review.googlesource.com/29104
> Commit-Queue: David Benjamin <davidben@google.com>
> Reviewed-by: David Benjamin <davidben@google.com>
> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

TBR=davidben@google.com,svaldez@google.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: I583641be42e6e6e93eb30adbe56ae20812608103
Reviewed-on: https://boringssl-review.googlesource.com/29184
Reviewed-by: David Benjamin <davidben@google.com>
2018-06-14 20:06:36 +00:00
David Benjamin
23aa4d228a Update tools.
Change-Id: I4cc9b9fc13a20080d78f9b9bca1e24571f46f117
Reviewed-on: https://boringssl-review.googlesource.com/29146
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-14 13:58:05 +00:00
David Benjamin
dd935202c9 Zero-initialize tmp in ec_GFp_simple_mul_single.
Although the original value of tmp does not matter, the selects
ultimately do bit operations on the uninitialized values and thus depend
on them behaving like *some* consistent concrete value. The C spec
appears to allow uninitialized values to resolve to trap
representations, which means this isn't quite valid..

(If I'm reading it wrong and the compiler must behave as if there were a
consistent value in there, it's probably fine, but there's no sense in
risking compiler bugs on a subtle corner of things.)

Change-Id: Id4547b0ec702414b387e906c4de55595e6214ddb
Reviewed-on: https://boringssl-review.googlesource.com/29124
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-13 19:58:24 +00:00
Adam Barth
6ff2ba80b7 [fuchsia] Update to zx_cprng_draw_new
This version doesn't have short reads. We'll eventually rename the
syscall back to zx_cprng_draw once all the clients have migrated to the
new semantics.

Change-Id: I7a7f6751e4d85dcc9b0a03a533dd93f3cbee277f
Reviewed-on: https://boringssl-review.googlesource.com/29084
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-12 14:58:43 +00:00
David Benjamin
43eb0af5f1 Reland "Revert "Add other Windows configurations to the CQ.""
This reverts commit 23e92d5d16.

Reason for revert: Nope. Still doesn't work. Back to poking infra
about it...

Original change's description:
> Revert "Revert "Add other Windows configurations to the CQ.""
> 
> This reverts commit 98831738f2.
> 
> Let's try this again. tandrii@ says this should be resolved as of
> https://crbug.com/840505. (That was a while ago. I'd forgotten about
> it.)
> 
> Change-Id: Ib49a629198a33d44ff1c3aa13af5825def1a5c4d
> Reviewed-on: https://boringssl-review.googlesource.com/28924
> Reviewed-by: Steven Valdez <svaldez@google.com>
> Commit-Queue: Steven Valdez <svaldez@google.com>
> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

TBR=davidben@google.com,svaldez@google.com

Change-Id: Iecd0710075f1fedc4dea69283d018042fb1a2490
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://boringssl-review.googlesource.com/29104
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-12 13:23:55 +00:00
David Benjamin
23e92d5d16 Revert "Revert "Add other Windows configurations to the CQ.""
This reverts commit 98831738f2.

Let's try this again. tandrii@ says this should be resolved as of
https://crbug.com/840505. (That was a while ago. I'd forgotten about
it.)

Change-Id: Ib49a629198a33d44ff1c3aa13af5825def1a5c4d
Reviewed-on: https://boringssl-review.googlesource.com/28924
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-11 20:01:42 +00:00
David Benjamin
4665da6e91 Add OFB ciphers to EVP_get_cipherbyname.
This is so they're exposed out of cryptography.io.

Change-Id: I225a35605ae8f3da091e95241ce072eeeabcd855
Reviewed-on: https://boringssl-review.googlesource.com/29044
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-11 19:46:43 +00:00
David Benjamin
3b2ff028c4 Add SSL_SESSION_get0_id_context.
This matches OpenSSL 1.1.0. Someone requested it.

Change-Id: I230bb9ec646cd32e71413a68e93058818c8f2aad
Reviewed-on: https://boringssl-review.googlesource.com/29004
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-11 14:25:23 +00:00
Loo Rong Jie
b570fd9fd6 Link advapi32.lib when linking crypto.
This is needed for RtlGenRandom [0] in crypto/rand_extra/windows.c [1].

Linker error actually shows "SystemFunction036" instead of "RtlGenRandom".

[0]: https://msdn.microsoft.com/en-us/library/windows/desktop/aa387694(v=vs.85).aspx
[1]: f21650709a/crypto/rand_extra/windows.c (L44)

Change-Id: Ie52e0a1d507e3598ba3ae3c449d0088981c06d8a
Reviewed-on: https://boringssl-review.googlesource.com/28884
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-07 19:05:59 +00:00
Adam Langley
070151c96f Update ECDH and EVP tests to accept latest Wycheproof vectors.
(This upstreams a change that was landed internally.)

Change-Id: Ic32793f8b1ae2d03e8ccbb0a9ac5f62add4c295b
Reviewed-on: https://boringssl-review.googlesource.com/28984
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-07 16:54:30 +00:00
David Benjamin
1c68fa2350 Hide SSL_SESSION.
The last libssl struct is now opaque! (Promote the SSL_MAX_* constants
as folks use them pretty frequently.)

Update-Note: SSL_SESSION is now opaque. I believe everything handles
this now.

Bug: 6
Change-Id: I8cd29d16173e4370f3341c0e6f0a56e00ea188e9
Reviewed-on: https://boringssl-review.googlesource.com/28964
Reviewed-by: Adam Langley <agl@google.com>
2018-06-07 02:58:27 +00:00
Matthew Braithwaite
3e2b3ee25f Hand back in-progress handshakes after a session resumption.
And since there are now 3 different points in the state machine where
a handback can occur, introduce an enum to describe them.

Change-Id: I41866214c39d27d1bbd965d28eb122c0e1f9902a
Reviewed-on: https://boringssl-review.googlesource.com/28344
Commit-Queue: Matt Braithwaite <mab@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2018-06-06 21:17:36 +00:00
David Benjamin
5267ef7b4a Reject unexpected application data in bidirectional shutdown.
Update-Note: This tweaks the SSL_shutdown behavior. OpenSSL's original
SSL_shutdown behavior was an incoherent mix of discarding the record and
rejecting it (it would return SSL_ERROR_SYSCALL but retrying the
operation would discard it). SSLeay appears to have intended to discard
it, so we previously "fixed" it actually discard.

However, this behavior is somewhat bizarre and means we skip over
unbounded data, which we typically try to avoid. If you are trying to
cleanly shutdown the TLS portion of your protocol, surely it is at a
point where additional data is a syntax error. I suspect I originally
did not realize that, because the discarded record did not properly
continue the loop, SSL_shutdown would appear as if it rejected the data,
and so it's unlikely anyone was relying on that behavior.

Discussion in https://github.com/openssl/openssl/pull/6340 suggests
(some of) upstream also prefers rejecting.

Change-Id: Icde419049306ed17eb06ce1a7e1ff587901166f3
Reviewed-on: https://boringssl-review.googlesource.com/28864
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
2018-06-04 21:39:58 +00:00
Adam Langley
a307cb7d58 Preliminary support for compressed certificates.
This change adds server-side support for compressed certificates.

(Although some definitions for client-side support are included in the
headers, there's no code behind them yet.)

Change-Id: I0f98abf0b782b7337ddd014c58e19e6b8cc5a3c2
Reviewed-on: https://boringssl-review.googlesource.com/27964
Reviewed-by: David Benjamin <davidben@google.com>
2018-06-04 21:24:20 +00:00
David Benjamin
c1e4f338b1 Use std::thread in thread_test.cc.
The STL already came up with a threading abstraction for us. If this
sticks, that also means we can more easily write tests elsewhere that
use threads. (A test that makes a bunch of TLS connections on a shared
SSL_CTX run under TSan would be nice. Likewise with some of the messy
RSA locking.)

Update-Note: This adds a dependency from crypto_test to C++11 threads.
Hopefully it doesn't cause issues.

Change-Id: I26f89f6b3b79240e516017877d06fd9a815fc315
Reviewed-on: https://boringssl-review.googlesource.com/28865
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-04 17:32:48 +00:00