Commit Graph

2477 Commits

Author SHA1 Message Date
Piotr Sikora
fdb88ba2e9 Fix build with -Wwrite-strings.
Change-Id: If76154c8d255600e925a408acdc674fc7dad0359
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://boringssl-review.googlesource.com/7526
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-24 03:11:20 +00:00
Matt Mueller
897be6afe3 Add CBS_ASN1_UTF8STRING define.
Change-Id: I34384feb46c15c4f443f506d724ad500a4cf0f36
Reviewed-on: https://boringssl-review.googlesource.com/7525
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-23 19:29:49 +00:00
Steven Valdez
0a0f83d308 Fixing assembly coverage
We failed to correctly parse files that executed from the very start of
the file due to a missing '- line XXX'. We now use the 'Ir' indicator to
recognize the beginning of a file.

Change-Id: I529fae9458ac634bf7bf8af61ef18f080e808535
Reviewed-on: https://boringssl-review.googlesource.com/7542
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-23 18:23:42 +00:00
Brian Smith
afd6d9d61a Use |size_t| and |int| consistently in p{224,256}-64.c.
Use |size_t| for array indexes. Use |int| for boolean flags. Declare
the variables that had their types changed closer to where they are
used.

Previously, some `for` loops depended on `i` being signed, so their
structure had to be changed to work with the unsigned type.

Change-Id: I247e4f04468419466733b6818d81d28666da0ad3
Reviewed-on: https://boringssl-review.googlesource.com/7468
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-22 23:28:08 +00:00
David Benjamin
9539ebbf70 Update FUZZING documentation about max_len.
Maintain the max_len values in foo.options files which ClusterFuzz can process.
Also recompute the recommended client and server lengths as they've since
gotten much more extensive.

Change-Id: Ie87a80d8a4a0c41e215f0537c8ccf82b38c4de09
Reviewed-on: https://boringssl-review.googlesource.com/7509
Reviewed-by: Mike Aizatsky <aizatsky@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-22 18:46:35 +00:00
David Benjamin
78f8aabe44 ssl->ctx cannot be NULL.
Most code already dereferences it directly.

Change-Id: I227fa91ecbf25a19077f7cfba21b0abd2bc2bd1d
Reviewed-on: https://boringssl-review.googlesource.com/7422
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-22 15:24:10 +00:00
Steven Valdez
c087c332f8 Fix potential double free in EVP_DigestInit_ex
There is a potential double free in EVP_DigestInit_ex. This is believed
to be reached only as a result of programmer error - but we should fix it
anyway.

(Imported from upstream's e78dc7e279ed98e1ab9845a70d14dafdfdc88f58)

Change-Id: I1da7be7db7afcbe9f30f168df000d64ed73d7edd
Reviewed-on: https://boringssl-review.googlesource.com/7541
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-22 15:17:32 +00:00
David Benjamin
be12248829 Fix aarch64 build.
We recently gained -Werror=missing-prototypes. (See also, we really need to get
those Android bots...)

Change-Id: I3962d3050bccf5f5a057d029b5cbff1695ca1a03
Reviewed-on: https://boringssl-review.googlesource.com/7540
Reviewed-by: Emily Stark (Dunn) <estark@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-21 22:56:55 +00:00
Brian Smith
95b9769340 Fix error handling in |bn_blinding_update|.
The fields of the |bn_blinding_st| are not updated atomically.
Consequently, one field (|A| or |Ai|) might get updated while the
other field (|Ai| or |A|) doesn't get updated, if an error occurs in
the middle of updating. Deal with this by reseting the counter so that
|A| and |Ai| will both get recreated the next time the blinding is
used.

Fix a separate but related issue by resetting the counter to zero after
calling |bn_blinding_create_param| only if |bn_blinding_create_param|
succeeded. Previously, regardless of whether an error occured in
|bn_blinding_create_param|, |b->counter| would get reset to zero. The
consequence of this was that potentially-bad blinding values would get
used 32 times instead of (32 - |b->counter|) times.

Change-Id: I236cdb6120870ef06cba129ed86619f593cbcf3d
Reviewed-on: https://boringssl-review.googlesource.com/7520
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-21 20:26:21 +00:00
David Benjamin
e11988f511 Tweak FUZZING.md and minimise_corpuses.sh.
Change-Id: If312ce3783bcc39ebd2047470251334aa0897d3d
Reviewed-on: https://boringssl-review.googlesource.com/7508
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-21 20:23:15 +00:00
Brian Smith
fdc955cf14 Fix parameter type of p256-64.c's |select_point|.
Make it match how it is done in p224-64.c. Note in particular that
|size| may be 17, so presumably |pre_comp[16]| is accessed, which one
would not expect when it was declared |precomp[16][3]|.

Change-Id: I54c1555f9e20ccaacbd4cd75a7154b483b4197b7
Reviewed-on: https://boringssl-review.googlesource.com/7467
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-20 17:18:35 +00:00
Brian Smith
df1201e6ee Remove unnecessary |BN_CTX_start|/|BN_CTX_end| in |BN_mod_exp_mont_consttime|.
Since the function doesn't call |BN_CTX_get|, it doesn't need to call
|BN_CTX_start|/|BN_CTX_end|.

Change-Id: I6cb954d3fee2959bdbc81b9b97abc52bb6f7704c
Reviewed-on: https://boringssl-review.googlesource.com/7469
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-20 17:16:27 +00:00
Brian Smith
7cf6085b00 Check for |BN_CTX_new| failure in |mod_exp|.
As far as I can tell, this is the last place within libcrypto where
this type of check is missing.

Change-Id: I3d09676abab8c9f6c4e87214019a382ec2ba90ee
Reviewed-on: https://boringssl-review.googlesource.com/7519
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-20 17:09:51 +00:00
Piotr Sikora
35673b945d Build with -Wmissing-prototypes -Wmissing-declarations.
Change-Id: Ieba81f114483095f3657e87f669c7562ff75b58c
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://boringssl-review.googlesource.com/7516
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-20 17:05:03 +00:00
Piotr Sikora
f932894c7f Move function declarations to internal header.
Partially fixes build with -Wmissing-declarations.

Change-Id: Ia563063fb077cda79244c21f02fd1c0f550353c2
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://boringssl-review.googlesource.com/7515
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-20 16:56:32 +00:00
Piotr Sikora
f188f9dce8 Fix typo in function name.
Partially fixes build with -Wmissing-prototypes.

Change-Id: I828bcfb49b23c5a9ea403038bc3fb76750556ef8
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://boringssl-review.googlesource.com/7514
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-20 16:55:41 +00:00
David Benjamin
cd4cf9a12e Fix Windows build
Change-Id: I66ecb9f89ec13e432e888e3825d01a015b117568
Reviewed-on: https://boringssl-review.googlesource.com/7505
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-20 16:46:10 +00:00
Piotr Sikora
8b0fe8c0ac Add missing prototypes.
Partially fixes build with -Wmissing-prototypes.

Change-Id: If04d8fe7cbf068883485e95bd5ea6cdab6743e46
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://boringssl-review.googlesource.com/7513
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-20 16:43:50 +00:00
Piotr Sikora
c6d3029eda Add missing internal includes.
Partially fixes build with -Wmissing-prototypes -Wmissing-declarations.

Change-Id: I51209c30f532899f57cfdd9a50cff0a8ee3da5b5
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://boringssl-review.googlesource.com/7512
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-20 16:38:54 +00:00
Piotr Sikora
9bb8ba6ba1 Make local functions static.
Partially fixes build with -Wmissing-prototypes -Wmissing-declarations.

Change-Id: I6048f5b7ef31560399b25ed9880156bc7d8abac2
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://boringssl-review.googlesource.com/7511
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-20 16:37:58 +00:00
Piotr Sikora
537cfc37b8 Use UINT64_C instead of unsigned long long integer constant.
Change-Id: I44aa9be26ad9aea6771cb46a886a721b4bc28fde
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://boringssl-review.googlesource.com/7510
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-18 23:04:48 +00:00
David Benjamin
594e7d2b77 Add a test that declining ALPN works.
Inspired by https://mta.openssl.org/pipermail/openssl-dev/2016-March/006150.html

Change-Id: I973b3baf054ed1051002f7bb9941cb1deeb36d78
Reviewed-on: https://boringssl-review.googlesource.com/7504
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-18 19:47:46 +00:00
David Benjamin
f277add6c2 Run ripemd_test as part of all_tests.go.
Change-Id: I9c5e66c34d0f1b735c69d033daee5d312e3c2fe7
Reviewed-on: https://boringssl-review.googlesource.com/7410
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-17 21:37:14 +00:00
David Benjamin
110fcc9607 poly1305/asm/poly1305-x86_64.pl: make it work with linux-x32.
(Imported from upstream's 2460c7f13389d766dd65fa4e14b69b6fbe3e4e3b.)

This is a no-op for us, but avoid a diff with upstream.

Change-Id: I6e875704a38dcd9339371393a4dd523647aeef44
Reviewed-on: https://boringssl-review.googlesource.com/7491
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-17 18:33:18 +00:00
David Benjamin
eebfd896fe Don't shift serial number into sign bit
(Imported from upstream's 01c32b5e448f6d42a23ff16bdc6bb0605287fa6f.)

Change-Id: Ib52278dbbac1ed1ad5c80f0ad69e34584d411cec
Reviewed-on: https://boringssl-review.googlesource.com/7461
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-17 18:23:49 +00:00
David Benjamin
8d5717b019 perlasm/x86_64-xlate.pl: handle binary constants early.
Not all assemblers of "gas" flavour handle binary constants, e.g.
seasoned MacOS Xcode doesn't, so give them a hand.

(Imported from upstream's ba26fa14556ba49466d51e4d9e6be32afee9c465.)

Change-Id: I35096dc8035e06d2fbef2363b869128da206ff9d
Reviewed-on: https://boringssl-review.googlesource.com/7459
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-17 18:23:40 +00:00
David Benjamin
51545ceac6 Remove a number of unnecessary stdio.h includes.
Change-Id: I6267c9bfb66940d0b6fe5368514210a058ebd3cc
Reviewed-on: https://boringssl-review.googlesource.com/7494
Reviewed-by: Emily Stark (Dunn) <estark@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-17 18:22:28 +00:00
David Benjamin
b371f1b9dd Include time.h in time_support.h.
For time_t and struct tm.

BUG=595118

Change-Id: I6c7f05998887ed2bd3fb56c83ac543894ef27fe6
Reviewed-on: https://boringssl-review.googlesource.com/7462
Reviewed-by: Emily Stark (Dunn) <estark@google.com>
Reviewed-by: Nico Weber <thakis@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-17 17:27:27 +00:00
Brian Smith
9aa1562843 Remove unnecessary type casts in crypto/rsa.
Change-Id: I0b5c661674fbcaf6b4d5b0ce7944459cd45606b1
Reviewed-on: https://boringssl-review.googlesource.com/7466
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-15 23:06:01 +00:00
David Benjamin
6f7374b0ed Restore EC_GROUP_new_by_curve_name and EC_GROUP_set_generator.
Having a different API for this case than upstream is more trouble than is
worth it. This is sad since the new API avoids incomplete EC_GROUPs at least,
but I don't believe supporting this pair of functions will be significantly
more complex than supporting EC_GROUP_new_arbitrary even when we have static
EC_GROUPs.

For now, keep both sets of APIs around, but we'll be able to remove the scar
tissue once Conscrypt's complex dependencies are resolved.

Make the restored EC_GROUP_set_generator somewhat simpler than before by
removing the ability to call it multiple times and with some parameters set to
NULL. Keep the test.

Change-Id: I64e3f6a742678411904cb15c0ad15d56cdae4a73
Reviewed-on: https://boringssl-review.googlesource.com/7432
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-15 18:53:12 +00:00
Emily Stark
5c05648b8d Tiny documentation fix for EC_POINT_set_affine_coordinates_GFp
Change-Id: Icfd9986272f6e1adba54aa7521c28901fa02dfb7
Reviewed-on: https://boringssl-review.googlesource.com/7470
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-15 18:42:08 +00:00
David Benjamin
a2f2bc3a40 Align with upstream's error strings, take two.
I messed up a few of these.

ASN1_R_UNSUPPORTED_ALGORITHM doesn't exist. X509_R_UNSUPPORTED_ALGORITHM does
exist as part of X509_PUBKEY_set, but the SPKI parser doesn't emit this. (I
don't mind the legacy code having really weird errors, but since EVP is now
limited to things we like, let's try to keep that clean.) To avoid churn in
Conscrypt, we'll keep defining X509_R_UNSUPPORTED_ALGORITHM, but not actually
do anything with it anymore.  Conscrypt was already aware of
EVP_R_UNSUPPORTED_ALGORITHM, so this should be fine. (I don't expect
EVP_R_UNSUPPORTED_ALGORITHM to go away. The SPKI parsers we like live in EVP
now.)

A few other ASN1_R_* values didn't quite match upstream, so make those match
again. Finally, I got some of the rsa_pss.c values wrong. Each of those
corresponds to an (overly specific) RSA_R_* value in upstream. However, those
were gone in BoringSSL since even the initial commit. We placed the RSA <-> EVP
glue in crypto/evp (so crypto/rsa wouldn't depend on crypto/evp) while upstream
placed them in crypto/rsa.

Since no one seemed to notice the loss of RSA_R_INVALID_SALT_LENGTH, let's undo
all the cross-module errors inserted in crypto/rsa. Instead, since that kind of
specificity is not useful, funnel it all into X509_R_INVALID_PSS_PARAMETERS
(formerly EVP_R_INVALID_PSS_PARAMETERS, formerly RSA_R_INVALID_PSS_PARAMETERS).

Reset the error codes for all affected modules.

(That our error code story means error codes are not stable across this kind of
refactoring is kind of a problem. Hopefully this will be the last of it.)

Change-Id: Ibfb3a0ac340bfc777bc7de6980ef3ddf0a8c84bc
Reviewed-on: https://boringssl-review.googlesource.com/7458
Reviewed-by: Emily Stark (Dunn) <estark@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-15 16:02:12 +00:00
David Benjamin
a5177cb319 Use a less tedious pattern for X509_NAME.
Also fix a long/unsigned-long cast. (ssl_get_message returns long. It really
shouldn't, but ssl_get_message needs much more work than just a long -> size_t
change, so leave it as long for now.)

Change-Id: Ice8741f62a138c0f35ca735eedb541440f57e114
Reviewed-on: https://boringssl-review.googlesource.com/7457
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-14 23:12:35 +00:00
David Benjamin
6b6e0b2089 Fix a memory leak in ssl3_get_certificate_request.
Found by libFuzzer.

Change-Id: Ifa343a184cc65f71fb6591d290b2d47d24a2be80
Reviewed-on: https://boringssl-review.googlesource.com/7456
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-14 23:12:22 +00:00
David Benjamin
15c1488b61 Clear the error queue on entry to core SSL operations.
OpenSSL historically made some poor API decisions. Rather than returning a
status enum in SSL_read, etc., these functions must be paired with
SSL_get_error which determines the cause of the last error's failure. This
requires SSL_read communicate with SSL_get_error with some stateful flag,
rwstate.

Further, probably as workarounds for bugs elsewhere, SSL_get_error does not
trust rwstate. Among other quirks, if the error queue is non-empty,
SSL_get_error overrides rwstate and returns a value based on that. This
requires that SSL_read, etc., be called with an empty error queue. (Or we hit
one of the spurious ERR_clear_error calls in the handshake state machine,
likely added as further self-workarounds.)

Since requiring callers consistently clear the error queue everywhere is
unreasonable (crbug.com/567501), clear ERR_clear_error *once* at the entry
point. Until/unless[*] we make SSL_get_error sane, this is the most reasonable
way to get to the point that clearing the error queue on error is optional.

With those in place, the calls in the handshake state machine are no longer
needed. (I suspect all the ERR_clear_system_error calls can also go, but I'll
investigate and think about that separately.)

[*] I'm not even sure it's possible anymore, thanks to the possibility of
BIO_write pushing to the error queue.

BUG=567501,593963

Change-Id: I564ace199e5a4a74b2554ad3335e99cd17120741
Reviewed-on: https://boringssl-review.googlesource.com/7455
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-14 19:05:05 +00:00
David Benjamin
cfa9de85a3 Revert "Revert "Reduce maximum RSA public exponent size to 33 bits.""
This reverts commit ba70118d8e. Reverting this
did not resolve the regression and the cause is now known.

BUG=593963

Change-Id: Ic5e24b74e8f16b01d9fdd80f267a07ef026c82cf
Reviewed-on: https://boringssl-review.googlesource.com/7454
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-14 19:04:17 +00:00
David Benjamin
fb8e678897 Match upstream's error codes for the old sigalg code.
People seem to condition on these a lot. Since this code has now been moved
twice, just make them all cross-module errors rather than leave a trail of
renamed error codes in our wake.

Change-Id: Iea18ab3d320f03cf29a64a27acca119768c4115c
Reviewed-on: https://boringssl-review.googlesource.com/7431
Reviewed-by: Emily Stark (Dunn) <estark@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-11 21:15:47 +00:00
Brian Smith
3f1904bee1 Set |bn->neg| to zero in |bn_set_words|.
If the values of any of the coordinates in the output point |r| were
negative during nistz256 multiplication, then the calls to
|bn_set_word| would result in the wrong coordinates being returned
(the negatives of the correct coordinates would be returned instead).
Fix that.

Change-Id: I6048e62f76dca18f625650d11ef5a051c9e672a4
Reviewed-on: https://boringssl-review.googlesource.com/7442
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-11 19:21:11 +00:00
Brian Smith
6603b76f76 Remove reduction in |ec_GFp_simple_set_Jprojective_coordinates_GFp|.
The (internal) constant-time callers of this function already do a
constant-time reduction before calling. And, nobody should be calling
this function with out-of-range coordinates anyway. So, just require
valid coordinates as input.

Further, this function is rarely called, so don't bother with the
optimization to avoid encoding Montgomery encoding of 1 for the Z
coordinate.

Change-Id: I637ffaf4d39135ca17214915b9a8582ea052eea8
Reviewed-on: https://boringssl-review.googlesource.com/7441
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-11 19:20:43 +00:00
Brian Smith
8542daa22d Require compressed x EC coordinate to be a field element.
Don't try to fix a bad |x| coordinate by reducing it. Instead, just
fail. This also makes the code clearer; in particular, it was confusing
why |x_| was used for some calculations when it seems like |x| was just
as good or better.

Change-Id: I9a6911f0d2bd72852a26b46f3828eb5ba3ef924f
Reviewed-on: https://boringssl-review.googlesource.com/7440
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-11 19:13:20 +00:00
David Benjamin
df28c3acf1 Tidy up the client Certificate message skipping slightly.
Align all unexpected messages on SSL_R_UNEXPECTED_MESSAGE. Make the SSL 3.0
case the exceptional case. In doing so, make sure the SSL 3.0
SSL_VERIFY_FAIL_IF_NO_PEER_CERT case has its own test as that's a different
handshake shape.

Change-Id: I1a539165093fbdf33e2c1b25142f058aa1a71d83
Reviewed-on: https://boringssl-review.googlesource.com/7421
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-11 19:10:55 +00:00
David Benjamin
11d50f94d8 Include colons in expectedError matches.
If we're doing substring matching, we should at least include the delimiter.

Change-Id: I98bee568140d0304bbb6a2788333dbfca044114c
Reviewed-on: https://boringssl-review.googlesource.com/7420
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-11 19:10:32 +00:00
David Benjamin
454aa4c25e Rewrite ssl3_send_client_certificate.
The old logic was quite messy and grew a number of no-ops over the
years. It was also unreasonably fond of the variable name |i|.

The current logic wasn't even correct. It's overly fond of sending no
certificate, even when it pushes errors on the error queue for a fatal
error.

Change-Id: Ie5b2b38dd309f535af1d17fa261da7dc23185866
Reviewed-on: https://boringssl-review.googlesource.com/7418
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-11 19:10:19 +00:00
David Benjamin
0b7ca7dc00 Add tests for doing client auth with no certificates.
In TLS, you never skip the Certificate message. It may be empty, but its
presence is determined by CertificateRequest. (This is sensible.)

In SSL 3.0, the client omits the Certificate message. This means you need to
probe and may receive either Certificate or ClientKeyExchange (thankfully,
ClientKeyExchange is not optional, or we'd have to probe at ChangeCipherSpec).

We didn't have test coverage for this, despite some of this logic being a
little subtle asynchronously. Fix this.

Change-Id: I149490ae5506f02fa0136cb41f8fea381637bf45
Reviewed-on: https://boringssl-review.googlesource.com/7419
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-11 19:09:59 +00:00
David Benjamin
f41bb59703 Remove unused functions.
We never heap-allocate a GCM128_CONTEXT.

Change-Id: I7e89419ce4d81c1598a4b3a214c44dbbcd709651
Reviewed-on: https://boringssl-review.googlesource.com/7430
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-11 15:25:53 +00:00
David Benjamin
acb6dccf12 Add tests for the old client cert callback.
Also add no-certificate cases to the state machine coverage tests.

Change-Id: I88a80df6f3ea69aabc978dd356abcb9e309e156f
Reviewed-on: https://boringssl-review.googlesource.com/7417
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-10 20:53:13 +00:00
David Benjamin
a857159dd6 Clean up some silly variable names.
Change-Id: I5b38e2938811520f52ece6055245248c80308b4d
Reviewed-on: https://boringssl-review.googlesource.com/7416
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-10 19:21:20 +00:00
David Benjamin
08791e6756 Appease sanitizers in x25519_ge_scalarmult.
Although exactly one iteration of cmov_cached will always initialize selected,
it ends up messing with uninitialized memory. Initialize |selected| before the
loop.

BUG=593540

Change-Id: I5921843f68c6dd1dc7f752538825bc43ba75df4a
Reviewed-on: https://boringssl-review.googlesource.com/7415
Reviewed-by: Arnar Birgisson <arnarb@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-10 19:08:42 +00:00
Adam Langley
97c80512af Add |DH_generate_parameters| to decrepit.
This makes building OpenLDAP easier.

Change-Id: Id64699f95477fb8fb98957027c97070ebf41f4b1
Reviewed-on: https://boringssl-review.googlesource.com/7407
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-10 17:44:59 +00:00
Adam Langley
b8b28a64ff Add CRYPTO_[malloc|free|realloc] as aliases for the OPENSSL_𝑥 names.
This makes building OpenLDAP easier.

Change-Id: Ic1c5bcb2ec35c61c048e780ebc56db033d8382d8
Reviewed-on: https://boringssl-review.googlesource.com/7406
Reviewed-by: David Benjamin <davidben@google.com>
2016-03-10 17:44:23 +00:00