Commit Graph

1017 Commits

Author SHA1 Message Date
David Benjamin
f7f0f3a74b Remove ccs_header_st.
It doesn't do anything.

Change-Id: I0bba4e22a0b2053aae491d0ad695c892803cafca
Reviewed-on: https://boringssl-review.googlesource.com/3767
Reviewed-by: Adam Langley <agl@google.com>
2015-03-10 01:13:01 +00:00
David Benjamin
ee562b987e Get rid of the RSMBLY macros.
Turn them into static functions that take in an hm_fragment. It's not
immediately obvious that the frag_off/frag_len bounds checks and the msg_len
consistency check are critical to avoiding an out-of-bounds write. Better to
have dtls1_hm_fragment_mark also check internally.

Also rework the bitmask logic to be clearer and avoid a table.

Change-Id: Ica54e98f66295efb323e033cb6c67ab21e7d6cbc
Reviewed-on: https://boringssl-review.googlesource.com/3765
Reviewed-by: Adam Langley <agl@google.com>
2015-03-10 01:11:21 +00:00
David Benjamin
8cb7a7c0d5 Fix types of hm_header_st.
Replace unsigned long with the appropriate sized integer type.

Change-Id: I7b4641d84568f6c11efa25350a9e488a556fc92e
Reviewed-on: https://boringssl-review.googlesource.com/3766
Reviewed-by: Adam Langley <agl@google.com>
2015-03-10 01:10:09 +00:00
David Benjamin
7538122ca6 Rework DTLS handshake message reassembly logic.
Notably, drop all special cases around receiving a message in order and
receiving a full message. It makes things more complicated and was the source
of bugs (the MixCompleteMessageWithFragments tests added in this CL did not
pass before). Instead, every message goes through an hm_fragment, and
dtls1_get_message always checks buffered_messages to see if the next is
complete.

The downside is that we pay one more copy of the message data in the common
case. This is only during connection setup, so I think it's worth the
simplicity. (If we want to optimize later, we could either tighten
ssl3_get_message's interface to allow the handshake data being in the
hm_fragment's backing store rather than s->init_buf or swap out s->init_buf
with the hm_fragment's backing store when a mesasge completes.

This CL does not address ssl_read_bytes being an inappropriate API for DTLS.
Future work will revise the handshake/transport boundary to align better with
DTLS's needs. Also other problems that I've left as TODOs.

Change-Id: Ib4570d45634b5181ecf192894d735e8699b1c86b
Reviewed-on: https://boringssl-review.googlesource.com/3764
Reviewed-by: Adam Langley <agl@google.com>
2015-03-10 00:56:45 +00:00
David Benjamin
d03b5eddb9 Fix some stray tabs that snuck into e_tls.c.
Change-Id: Iee44636a3f80d86f94b0c34bb708d4d723964159
Reviewed-on: https://boringssl-review.googlesource.com/3820
Reviewed-by: Adam Langley <agl@google.com>
2015-03-10 00:55:22 +00:00
Adam Langley
8a4ab4fc1d Don't include .extern and .hidden on OS X.
Change-Id: I582eaa2ff922bbf1baf298a5c6857543524a8d4e
Reviewed-on: https://boringssl-review.googlesource.com/3810
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-03-06 21:44:19 +00:00
Adam Langley
d216b71f90 Include .extern and .hidden in x86-64 asm.
It's unclear why .extern was being suppressed, it's also a little
unclear how the Chromium build was working without this. None the less,
it's causing problems with Android and it's more obviously correct to
make these symbols as hidden.

Change-Id: Id13ec238b80b8bd08d8ae923ac659835450e77f8
Reviewed-on: https://boringssl-review.googlesource.com/3800
Reviewed-by: Adam Langley <agl@google.com>
2015-03-06 19:08:11 +00:00
David Benjamin
d27eda00a4 Generate error data at build time.
This avoids cluttering up the diff and making merge conflicts a pain.  It does,
however, mean we need to generate err_data.c ahead of time in Chromium and
likely other downstream builds. It also adds a build dependency on Go.

Change-Id: I6e0513ed9f50cfb030f7a523ea28519590977104
Reviewed-on: https://boringssl-review.googlesource.com/3790
Reviewed-by: Adam Langley <agl@google.com>
2015-03-06 18:59:25 +00:00
David Benjamin
f46cea8cd8 Fix the derivation of SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD.
It happens to give the same value anyway (64 + 16), but only on accident.

Change-Id: I1415f4015e3de472dbeb9ada0d92607c9d1bcd40
Reviewed-on: https://boringssl-review.googlesource.com/3780
Reviewed-by: Adam Langley <agl@google.com>
2015-03-06 18:56:57 +00:00
David Benjamin
a4e6d48749 runner: Move Finished special-case into dtlsWriteRecord.
We actually don't really care about this special-case since we only test client
full handshakes where the runner sends the second Finished not the shim
(otherwise the overlap logic and retransmitting on every fragment would
probably break us), but it should probably live next to the fragmentation
logic.

Change-Id: I54097d84ad8294bc6c42a84d6f22f496e63eb2a8
Reviewed-on: https://boringssl-review.googlesource.com/3763
Reviewed-by: Adam Langley <agl@google.com>
2015-03-06 18:55:58 +00:00
David Benjamin
7eaab4cd57 Only retransmit on Finished if frag_off == 0.
If the peer fragments Finished into multiple pieces, there is no need to
retransmit multiple times.

Change-Id: Ibf708ad079e1633afd420ff1c9be88a80020cba9
Reviewed-on: https://boringssl-review.googlesource.com/3762
Reviewed-by: Adam Langley <agl@google.com>
2015-03-06 18:55:47 +00:00
David Benjamin
9d102ddbc0 Check public key is not NULL.
CVE-2015-0288
PR#3708

(Imported from upstream's 28a00bcd8e318da18031b2ac8778c64147cd54f9.)

Change-Id: I6d60691da4c6860f87c753c065e93e9d0704aba9
Reviewed-on: https://boringssl-review.googlesource.com/3750
Reviewed-by: Adam Langley <agl@google.com>
2015-03-06 18:55:32 +00:00
Adam Langley
e023ad2d83 Fix SHA-384 and -512 in NO_ASM mode.
This transcription bug comes from the start of BoringSSL and, as you can
imagine, was a complete delight to track down.

Change-Id: I3051934195098a1d3bf893b154389ec7f14d3609
Reviewed-on: https://boringssl-review.googlesource.com/3740
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-03-05 22:44:00 +00:00
Adam Langley
5f5bf6f210 Don't add another error to the queue when RSA_private_transform fails.
Some code, sadly, tests the error and the extra error is breaking it.

Change-Id: I89eabadf5d2c5f7dd761030da33dd4c3f2ac8382
Reviewed-on: https://boringssl-review.googlesource.com/3720
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-03-05 22:43:43 +00:00
David Benjamin
0685b68216 Remove HelloRequest special-case in DTLS message parsing.
We don't support DTLS renego. Removing this separately from the rewrite to call
out intentionally dropping this logic.

Change-Id: Ie4428eea0d2dbbb8b4b8b6474df4821de62558cc
Reviewed-on: https://boringssl-review.googlesource.com/3761
Reviewed-by: Adam Langley <agl@google.com>
2015-03-05 21:26:55 +00:00
David Benjamin
5ca39fb50c Switch SSL_GET_MESSAGE_HASH_MESSAGE to an enum.
Matches the others.

Change-Id: If8a5164ed25f9e0bc495585bd705862a61a39fd6
Reviewed-on: https://boringssl-review.googlesource.com/3760
Reviewed-by: Adam Langley <agl@google.com>
2015-03-05 21:26:28 +00:00
David Benjamin
b34f510b3b Don't delay-initialize legacy AEADs.
Instead, add a separate init_with_direction hook. Normal AEADs ignore the
direction, while legacy AEADs must be initialized with it. This avoids
maintaining extra state to support the delayed initialization.

Change-Id: I25271f0e56ee2783a2fd4d4026434154d58dc0a8
Reviewed-on: https://boringssl-review.googlesource.com/3731
Reviewed-by: Adam Langley <agl@google.com>
2015-03-05 21:25:05 +00:00
David Benjamin
fb68d6c901 No-op commit to trigger a build on the bots.
The bot should be on trusty now.

Change-Id: I35776831004152ba280757b531ac24cbdec25cbf
2015-03-03 14:09:04 -08:00
David Benjamin
23721e3705 Forbid reusing HMAC key without reusing the hash function.
There's no good reason to do this, and it doesn't work; HMAC checks the length
of the key and runs it through the hash function if too long. The reuse occurs
after this check.

This allows us to shave 132 bytes off HMAC_CTX as this was the only reason it
ever stored the original key. It also slightly simplifies HMAC_Init_ex's
logic.

Change-Id: Ib56aabc3630b7178f1ee7c38ef6370c9638efbab
Reviewed-on: https://boringssl-review.googlesource.com/3733
Reviewed-by: Adam Langley <agl@google.com>
2015-03-02 23:16:12 +00:00
David Benjamin
cc239d3903 Use HMAC_Init_ex, not HMAC_Init, in HMAC.
We've already initialized the context, HMAC_Init has questionable behavior
around NULL keys, and this avoids a size_t truncation.

Change-Id: Iab6bfc24fe22d46ca4c01be6129efe0630d553e6
Reviewed-on: https://boringssl-review.googlesource.com/3732
Reviewed-by: Adam Langley <agl@google.com>
2015-03-02 23:15:20 +00:00
David Benjamin
0d5e080ab9 Drop in prebuilt versions of Windows files.
These are upstream's prebuilt binaries of:
e9493171de0edd8879755aa7229a701010a19561  cmake-3.1.3-win32-x86.zip
ab6e7aee6a915c4d820b86f5227094763b649fce  strawberry-perl-5.20.2.1-32bit-portable.zip
4c4d1951181a610923523cb10d83d9ae9952fbf3  yasm-1.2.0-win32.exe

This is intentionally using yasm 1.2.0 rather than the latest 1.3.0 to match
Chromium's current bundled version. Chromium has additional patches, but they
all seem to be either in 1.2.0 or not relevant for us.

Also update extract.py a little to account for these.

BUG=430237

Change-Id: Iad6687e493900b25390d99882c7ceea62fff8b9b
Reviewed-on: https://boringssl-review.googlesource.com/3710
Reviewed-by: Adam Langley <agl@google.com>
2015-03-02 23:03:38 +00:00
David Benjamin
b826c0d670 Bump the -Wshadow cutoff to 4.8 rather than 4.6.
Per https://gcc.gnu.org/gcc-4.8/changes.html, -Wshadow was made less
trigger-happy starting 4.8.

Change-Id: I023919dea3497e2dd27679a6f0c4a114c0b30337
Reviewed-on: https://boringssl-review.googlesource.com/3730
Reviewed-by: Adam Langley <agl@google.com>
2015-02-28 15:15:01 +00:00
David Benjamin
b3323704bc No-op change to trigger the bot building things.
Let's see if this works.

Change-Id: I9e652baaf91c94a5f2c97b256ffb91cbd36c556e
2015-02-27 23:41:36 -05:00
Adam Langley
4e581b5378 Add support for reading PKCS#7 data from PEM files.
(There are times when I actually miss C++ templates.)

Change-Id: I3db56e4946ae4fb919105fa33e2cfce3c7542d37
Reviewed-on: https://boringssl-review.googlesource.com/3700
Reviewed-by: Adam Langley <agl@google.com>
2015-02-27 21:02:38 +00:00
Adam Langley
50073e8c5e Add functions to parse and generate PKCS#7 files with CRLs.
Change-Id: I7b6acc9004beb7b7090de1837814ccdff2e9930e
Reviewed-on: https://boringssl-review.googlesource.com/3680
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-02-27 19:48:19 +00:00
David Benjamin
5ae21bc02b Remove pointless free, and use preferred way of calling d2i_* functions
(Imported from upstream's 535bc8faf69dc4ff39e2ee99195b268cf99b9569)

Change-Id: Ia5abf4dce9dc8cdf5a9b77a3e360a40b5f815adf
Reviewed-on: https://boringssl-review.googlesource.com/3672
Reviewed-by: Adam Langley <agl@google.com>
2015-02-27 19:47:36 +00:00
David Benjamin
29b50eab6c Align d2i_ECPrivateKey error-handling with upstream.
Upstream decided to make the caller free the scratch space rather than the
callee. May as well match. (Existing code is pretty inconsistent. This API
pattern needs to go.)

See upstream's 9e442d485008046933cdc7da65080f436a4af089.

Change-Id: I7c9fcae5778a74d6ae8e9f546e03fb2cf6e48426
Reviewed-on: https://boringssl-review.googlesource.com/3671
Reviewed-by: Adam Langley <agl@google.com>
2015-02-27 19:45:42 +00:00
David Benjamin
114ddebbf6 Unexport EC_GROUP_copy.
EC_GROUP_copy is an rather unfriendly function; it doesn't work if the groups
have different[*] underlying EC_METHODs, but this notion is not exposed through
the API. I found no callers of EC_GROUP_copy in external code.

This leaves the precompute_mult functions as the remaining mutable API exposed
through EC_GROUP.

[*] Though, of the two EC_METHODs right now, simple.c is entirely unused.

Change-Id: Iabb52518005250fb970e12b3b0ea78b4f6eff4a0
Reviewed-on: https://boringssl-review.googlesource.com/3631
Reviewed-by: Adam Langley <agl@google.com>
2015-02-27 19:43:02 +00:00
David Benjamin
9a7233cda8 Add a prebuilt CMake for OS X for the bots.
Built from:
45f4d3fa8a2f61cc092ae461aac4cac1bab4ac6706f98274ea7f314dd315c6d0  cmake-3.1.3.tar.gz

We're still waiting on infra before the buildbot master is up, but let's get
this ready for when we do; it should be fairly easy.

BUG=430237

Change-Id: I3a414743d44052e1aa48759fa5f125db4d4913b5
Reviewed-on: https://boringssl-review.googlesource.com/3670
Reviewed-by: Adam Langley <agl@google.com>
2015-02-26 23:49:03 +00:00
David Benjamin
a3e894921e Test that we reject RSA ServerKeyExchange more thoroughly.
The old test just sent an empty ServerKeyExchange which is sufficient as we
reject the message early. But be more thorough and implement the actual
ephemeral key logic in the test server.

Change-Id: I016658762e4502c928c051e14d69eea67b5a495f
Reviewed-on: https://boringssl-review.googlesource.com/3650
Reviewed-by: Adam Langley <agl@google.com>
2015-02-26 21:26:37 +00:00
David Benjamin
03741f61d9 Use EC_GROUP_dup and EC_POINT_dup in EC_KEY_copy.
They do the same thing. This removes all callers of EC_GROUP_copy outside
EC_GROUP_dup.

Change-Id: I65433ee36040de79e56483dfece774e01e2e2743
Reviewed-on: https://boringssl-review.googlesource.com/3630
Reviewed-by: Adam Langley <agl@google.com>
2015-02-25 21:44:24 +00:00
David Benjamin
09bdb2a2c3 Remove explicit .hiddens from x86_64 perlasm files.
This reverts the non-ARM portions of 97999919bb.
x86_64 perlasm already makes .globl imply .hidden. (Confusingly, ARM does not.)
Since we don't need it, revert those to minimize divergence with upstream.

Change-Id: I2d205cfb1183e65d4f18a62bde187d206b1a96de
Reviewed-on: https://boringssl-review.googlesource.com/3610
Reviewed-by: Adam Langley <agl@google.com>
2015-02-25 21:26:16 +00:00
David Benjamin
bcb2d91e10 Actually check that the message has the expected type in DTLS.
That might be a reasonable check to make, maybe.

DTLS handshake message reading has a ton of other bugs and needs a complete
rewrite. But let's fix this and get a test in now.

Change-Id: I4981fc302feb9125908bb6161ed1a18288c39e2b
Reviewed-on: https://boringssl-review.googlesource.com/3600
Reviewed-by: Adam Langley <agl@google.com>
2015-02-25 21:23:48 +00:00
David Benjamin
6f5c0f4471 Add tests for installing the certificate on the early callback.
Test both asynchronous and synchronous versions. This callback is somewhat
different from others. It's NOT called a second time when the handshake is
resumed. This appears to be intentional and not a mismerge from the internal
patch. The caller is expected to set up any state before resuming the handshake
state machine.

Also test the early callback returning an error.

Change-Id: If5e6eddd7007ea5cdd7533b4238e456106b95cbd
Reviewed-on: https://boringssl-review.googlesource.com/3590
Reviewed-by: Adam Langley <agl@google.com>
2015-02-25 21:22:35 +00:00
Adam Langley
7c21925a10 EC_GROUP_cmp should return zero if the groups match.
(I got this wrong when reading the OpenSSL code.)

Change-Id: Ib289ef41d0ab5a3157ad8b9454d2de96d1f86c22
Reviewed-on: https://boringssl-review.googlesource.com/3620
Reviewed-by: Adam Langley <agl@google.com>
2015-02-25 21:13:02 +00:00
David Benjamin
3ce3c369cb Find perl using the CMake's standard FindPerl module.
This gives a standard PERL_EXECUTABLE configuration knob which is useful for
specifying a perl to use without having it in PATH.

Change-Id: I4b196b77e0b4666081a3f291fee3654c47925844
Reviewed-on: https://boringssl-review.googlesource.com/3570
Reviewed-by: Adam Langley <agl@google.com>
2015-02-23 19:59:48 +00:00
David Benjamin
87c8a643e1 Use TCP sockets rather than socketpairs in the SSL tests.
This involves more synchronization with child exits as the kernel no longer
closes the pre-created pipes for free, but it works on Windows. As long as
TCP_NODELAY is set, the performance seems comparable. Though it does involve
dealing with graceful socket shutdown. I couldn't get that to work on Windows
without draining the socket; not even SO_LINGER worked. Current (untested)
theory is that Windows refuses to gracefully shutdown a socket if the peer
sends data after we've stopped reading.

cmd.ExtraFiles doesn't work on Windows; it doesn't use fds natively, so you
can't pass fds 4 and 5. (stdin/stdout/stderr are special slots in
CreateProcess.) We can instead use the syscall module directly and mark handles
as inheritable (and then pass the numerical values out-of-band), but that
requires synchronizing all of our shim.Start() calls and assuming no other
thread is spawning a process.

PROC_THREAD_ATTRIBUTE_HANDLE_LIST fixes threading problems, but requires
wrapping more syscalls.  exec.Cmd also doesn't let us launch the process
ourselves. Plus it still requires every handle in the list be marked
inheritable, so it doesn't help if some other thread is launching a process
with bInheritHandles TRUE but NOT using PROC_THREAD_ATTRIBUTE_HANDLE_LIST.
(Like Go, though we can take syscall.ForkLock there.)

http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx

The more natively Windows option seems to be named pipes, but that too requires
wrapping more system calls. (To be fair, that isn't too painful.) They also
involve a listening server, so we'd still have to synchronize with shim.Wait()
a la net.TCPListener.

Then there's DuplicateHandle, but then we need an out-of-band signal.

All in all, one cross-platform implementation with a TCP sockets seems
simplest.

Change-Id: I38233e309a0fa6814baf61e806732138902347c0
Reviewed-on: https://boringssl-review.googlesource.com/3563
Reviewed-by: Adam Langley <agl@google.com>
2015-02-23 19:59:06 +00:00
David Benjamin
6204eba91e perlasm/x86masm.pl: make it work.
Though this doesn't mean that masm becomes supported, the script is
still provided on don't-ask-in-case-of-doubt-use-nasm basis.
See RT#3650 for background.

(Imported from upstream's 2f8d82d6418c4de8330e2870c1ca6386dc9e1b34)

The data_word changes were already fixed with our
3e700bb3e8, but best to avoid diverging there.

Change-Id: Iab5455534e8bd632fb2b247ff792d411b105f17a
Reviewed-on: https://boringssl-review.googlesource.com/3581
Reviewed-by: Adam Langley <agl@google.com>
2015-02-23 19:45:30 +00:00
David Benjamin
2b48d6b7dd sha/asm/sha1-586.pl: fix typo.
The typo doesn't affect supported configuration, only unsupported masm.

(Imported from upstream's 3372c4fffa0556a688f8f1f550b095051398f596)

Change-Id: Ib6a2f1d9f6fc244a33da1e079188acdf69d5e2f3
Reviewed-on: https://boringssl-review.googlesource.com/3580
Reviewed-by: Adam Langley <agl@google.com>
2015-02-23 19:44:50 +00:00
David Benjamin
3f5917f320 EVP_CIPHER_CTX_cleanup cannot fail.
There is exactly one implementation and it doesn't fail. Plus a cleanup
function that can fail is very bad manners; the caller has no choice but to
leak at that point.

Change-Id: I5b524617ef37bc7d92273472fa742416ea7dfd43
Reviewed-on: https://boringssl-review.googlesource.com/3564
Reviewed-by: Adam Langley <agl@google.com>
2015-02-23 19:44:02 +00:00
David Benjamin
86058a256b Tidy up the alert-parsing code.
Align the DTLS and TLS implementations more. s3_pkt.c's version still has
remnants of fragmentable alerts and only one side marks some variables as
const. Also use warning/fatal constants rather than the numbers with comments.

Change-Id: Ie62d3af1747b6fe4336496c047dfccc9d71fde3f
Reviewed-on: https://boringssl-review.googlesource.com/3562
Reviewed-by: Adam Langley <agl@google.com>
2015-02-23 19:34:52 +00:00
David Benjamin
2bdb35ccbb Use SSL_get_cipher_by_value in cipher_get_rfc_name tests.
Saves making a temporary SSL_CTX and looking at its insides.

Change-Id: Ia351b9b91aec8b813ad7b6e373773396f0975f9a
Reviewed-on: https://boringssl-review.googlesource.com/3561
Reviewed-by: Adam Langley <agl@google.com>
2015-02-23 19:33:02 +00:00
David Benjamin
ce9f0177f8 Remove BIO_should_retry checks in DTLS state machines.
These were added in upstream's 7e159e0133d28bec9148446e8f4dd86c0216d819 for
SCTP. As far as I can tell, they were a no-op there too. The corresponding RT
ticket makes no mention of them.

SSL_get_error checks the retry flags of the BIO already. Specifically it checks
BIO_should_read and BIO_should_write, but those two automatically set
BIO_should_retry.

(Minor, but I noticed them idly. One less thing to think about when the state
machines finally unify.)

Change-Id: I17a956a51895fba383063dee574e0fbe3209f9b0
Reviewed-on: https://boringssl-review.googlesource.com/3560
Reviewed-by: Adam Langley <agl@google.com>
2015-02-23 19:32:27 +00:00
Adam Langley
04c36b5062 Never set RC4_CHAR.
RC4_CHAR is a bit in the x86(-64) CPUID information that switches the
RC4 asm code from using an array of 256 uint32_t's to 256 uint8_t's. It
was originally written for the P4, where the uint8_t style was faster.

(On modern chips, setting RC4_CHAR took RC4-MD5 from 458 to 304 MB/s.
Although I wonder whether, on a server with many connections, using less
cache wouldn't be better.)

However, I'm not too worried about a slowdown of RC4 on P4 systems these
days (the last new P4 chip was released nine years ago) and I want the
code to be simplier.

Also, RC4_CHAR was set when the CPUID family was 15, but Intel actually
lists 15 as a special code meaning "also check the extended family
bits", which the asm didn't do.

The RC4_CHAR support remains in the RC4 asm code to avoid drift with
upstream.

Change-Id: If3febc925a83a76f453b9e9f8de5ee43759927c6
Reviewed-on: https://boringssl-review.googlesource.com/3550
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-02-20 23:59:59 +00:00
Adam Langley
3f309aef45 Tidy up RC4 a little.
RC4_CHUNK is always defined, RC4_INT is always uint32_t and the
"register" keyword is an anachronism.

Change-Id: Ia752af30ba6bac0ee6216ce189fcf3888de73c6e
Reviewed-on: https://boringssl-review.googlesource.com/3544
Reviewed-by: Adam Langley <agl@google.com>
2015-02-20 23:44:33 +00:00
Adam Langley
44972944fd Add SSL_get_cipher_by_value.
(Which is just an exported wrapper around ssl3_get_cipher_by_value.)

Change-Id: Ibba166015ce59e337ff50963ba20237ac4949aaf
Reviewed-on: https://boringssl-review.googlesource.com/3543
Reviewed-by: Adam Langley <agl@google.com>
2015-02-20 23:44:17 +00:00
Adam Langley
5f0efe06e1 Use SSL_MODE_SEND_FALLBACK_SCSV.
Upstream settled in this API, and it's also the one that we expect
internally and that third_party code will expect.

Change-Id: Id7af68cf0af1f2e4d9defd37bda2218d70e2aa7b
Reviewed-on: https://boringssl-review.googlesource.com/3542
Reviewed-by: Adam Langley <agl@google.com>
2015-02-20 23:44:09 +00:00
Adam Langley
93531bd70f Add the CTX parameter back to EC_GROUP_cmp.
It was a mistake to remove this in the first place.

Change-Id: Icd97b4db01e49151daa41dd892f9da573ddc2842
Reviewed-on: https://boringssl-review.googlesource.com/3541
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-02-20 23:33:55 +00:00
Adam Langley
d3a73360fa Rename safe_stack.h to safestack.h.
This empty header file exists only to make older code compile. But I
named it incorrectly! Upstream doesn't have the underscore in the name.

Change-Id: I96654b7e17d84a5f2810e6eb20fe7bfb22f855fd
Reviewed-on: https://boringssl-review.googlesource.com/3540
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-02-20 23:33:48 +00:00
Adam Langley
97999919bb Hide all asm symbols.
We are leaking asm symbols in Android builds because the asm code isn't
affected by -fvisibility=hidden. This change hides all asm symbols.

This assumes that no asm symbols are public API and that should be true.
Some points to note:

In crypto/rc4/asm/rc4-md5-x86_64.pl there are |RC4_set_key| and
|RC4_options| functions which aren't getting marked as hidden. That's
because those functions aren't actually ever generated. (I'm just trying
to minimise drift with upstream here.)

In crypto/rc4/asm/rc4-x86_64.pl there's |RC4_options| which is "public"
API, except that we've never had it in the header files. So I've just
deleted it. Since we have an internal caller, we'll probably have to put
it back in the future, but it can just be done in rc4.c to save
problems.

BUG=448386

Change-Id: I3846617a0e3d73ec9e5ec3638a53364adbbc6260
Reviewed-on: https://boringssl-review.googlesource.com/3520
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-02-20 21:24:01 +00:00