- 13 Jul, 2016 24 commits
-
-
David Benjamin authored
Tested by having client and server talk to each other. This adds the certificate_extensions field to CertificateRequest which I'd previously missed. (We completely ignore the field, with the expectation that the C code won't have anything useful to do with it either.) Change-Id: I74f96acd36747d4b6a6f533535e36ea8e94d2be8 Reviewed-on: https://boringssl-review.googlesource.com/8710 Reviewed-by:
David Benjamin <[email protected]>
-
David Benjamin authored
Change-Id: Iee1ff6032ea4188440e191f98f07d84fed7ac36d Reviewed-on: https://boringssl-review.googlesource.com/8630 Reviewed-by:
-
Nick Harper authored
[Originally written by nharper, revised by davidben.] Change-Id: If1d45c33994476f4bc9cd69831b6bbed40f792d0 Reviewed-on: https://boringssl-review.googlesource.com/8599 Reviewed-by:
-
David Benjamin authored
For now, skip the 1.2 -> 1.1 signal since that will affect shipping code. We may as well enable it too, but wait until things have settled down. This implements the version in draft-14 since draft-13's isn't backwards-compatible. Change-Id: I46be43e6f4c5203eb4ae006d1c6a2fe7d7a949ec Reviewed-on: https://boringssl-review.googlesource.com/8724 Reviewed-by:
-
David Benjamin authored
Now that the odd client/server split (a remnant from the original crypto/tls code not handling signing-hash/PRF mismatches) is gone, it can just be pulled from the config. Change-Id: Idb46c026d6529a2afc2b43d4afedc0aa950614db Reviewed-on: https://boringssl-review.googlesource.com/8723 Reviewed-by:
-
David Benjamin authored
Saves worrying about forgetting it. (And indeed I forgot it in the TLS 1.3 code.) Change-Id: Ibb55a83eddba675da64b7cf2c45eac6348c97784 Reviewed-on: https://boringssl-review.googlesource.com/8722 Reviewed-by:
-
David Benjamin authored
This way we can test failing client auth without having to worry about first getting through server auth. Change-Id: Iaf996d87ac3df702a17e76c26006ca9b2a5bdd1f Reviewed-on: https://boringssl-review.googlesource.com/8721 Reviewed-by:
-
Steven Valdez authored
[Rebased and tests added by davidben.] In doing so, regenerate the test RSA certificate to be 2048-bit RSA. RSA-PSS with SHA-512 is actually too large for 1024-bit RSA. Also make the sigalg test loop test versions that do and don't work which subsumes the ecdsa_sha1 TLS 1.3 test. For now, RSA-PKCS1 is still allowed because NSS has yet to implement RSA-PSS and we'd like to avoid complicated interop testing. Change-Id: I686b003ef7042ff757bdaab8d5838b7a4d6edd87 Reviewed-on: https://boringssl-review.googlesource.com/8613 Reviewed-by:
-
David Benjamin authored
Change-Id: I6741f374dc69e8d4dd3977f607c3c5688eeabfd7 Reviewed-on: https://boringssl-review.googlesource.com/8744 Reviewed-by:
Steven Valdez <[email protected]> Reviewed-by:
-
David Benjamin authored
(Of course, it's still signing ServerKeyExchange messages since the handshake's the old one.) Change-Id: I35844a329d983f61ed0b5be20b333487406fe7e4 Reviewed-on: https://boringssl-review.googlesource.com/8614 Reviewed-by:
-
David Benjamin authored
Implement in both C and Go. To test this, route config into all the sign.go functions so we can expose bugs to skip the check. Unfortunately, custom private keys are going to be a little weird since we can't check their curve type. We may need to muse on what to do here. Perhaps the key type bit should return an enum that includes the curve? It's weird because, going forward, hopefully all new key types have exactly one kind of signature so key type == sig alg == sig alg prefs. Change-Id: I1f487ec143512ead931e3392e8be2a3172abe3d2 Reviewed-on: https://boringssl-review.googlesource.com/8701 Reviewed-by:
-
David Benjamin authored
That instead happens via signature algorithms, which will be done in a follow-up commit. Change-Id: I97bc4646319dddbff62552244b0dd7e9bb2650ef Reviewed-on: https://boringssl-review.googlesource.com/8700 Reviewed-by:
-
David Benjamin authored
This is in preparation for TLS 1.3 enforcing curve matches in signature algorithms. Change-Id: I82c3a1862703a15e4e36ceb7ec40e27235b620c3 Reviewed-on: https://boringssl-review.googlesource.com/8699 Reviewed-by:
-
David Benjamin authored
ssl_verify_* already ought to be checking this, so there's only a need to check against the configured preferences. Change-Id: I79bc771969c57f953278e622084641e6e20108e3 Reviewed-on: https://boringssl-review.googlesource.com/8698 Reviewed-by:
-
David Benjamin authored
{sha256,ecdsa} should not be silently accepted for an RSA key. Change-Id: I0c0eea5071f7a59f2707ca0ea023a16cc4126d6a Reviewed-on: https://boringssl-review.googlesource.com/8697 Reviewed-by: -
David Benjamin authored
TLS 1.3 also forbids signing SHA-1 digests, but this will be done as a consequence of forbidding PKCS#1 in 1.3 altogether (rsa_sign_sha1) and requiring a curve match in ECDSA (ecdsa_sha1). Change-Id: I665971139ccef9e270fd5796c5e6a814a8f663b1 Reviewed-on: https://boringssl-review.googlesource.com/8696 Reviewed-by:
-
David Benjamin authored
This is a lot more verbose and looks the same between RSA and ECDSA for now, but it gives us room to implement the various algorithm-specific checks. ECDSA algorithms must match the curve, PKCS#1 is forbidden in TLS 1.3, etc. Change-Id: I348cfae664d7b08195a2ab1190820b410e74c5e9 Reviewed-on: https://boringssl-review.googlesource.com/8694 Reviewed-by:
-
Steven Valdez authored
This allows us to specify client-only and unused callbacks without needing to include empty wrappers, and allows us to continue using the default ext_*_parse_clienthello function for early parsing. Change-Id: I4104e22a0a6dd6b02f9a5605e9866f6b3de6a097 Reviewed-on: https://boringssl-review.googlesource.com/8743 Reviewed-by:
-
Adam Langley authored
Upstream have added |EVP_PKEY_up_ref|, but their version returns an int. Having this function with a different signature like that is dangerous so this change aligns BoringSSL with upstream. Users of this function in Chromium and internally should already have been updated. Change-Id: I0a7aeaf1a1ca3b0f0c635e2ee3826aa100b18157 Reviewed-on: https://boringssl-review.googlesource.com/8736 Reviewed-by:
-
Adam Langley authored
libssh2 expects this function. Change-Id: Ie2d6ceb25d1b633e1363e82f8a6c187b75a4319f Reviewed-on: https://boringssl-review.googlesource.com/8735 Reviewed-by:
-
David Benjamin authored
Rather than blindly select SHA-1 if we can't find a matching one, act as if the peer advertised rsa_pkcs1_sha1 and ecdsa_sha1. This means that we will fail the handshake if no common algorithm may be found. This is done in preparation for removing the SHA-1 default in TLS 1.3. Change-Id: I3584947909d3d6988b940f9404044cace265b20d Reviewed-on: https://boringssl-review.googlesource.com/8695 Reviewed-by:
-
David Benjamin authored
Instead, in SSL_set_private_key_digest_prefs, convert the NID list to a sigalgs list. We'll need to add a new API later when custom key callers are ready to start advertising RSA-PSS. This removes all callers of tls12_get_hash except inside the signing and verifying functions. Change-Id: Ie534f3b736c6ac6ebeb0d7770d489f72e3321865 Reviewed-on: https://boringssl-review.googlesource.com/8693 Reviewed-by:
-
David Benjamin authored
Instead have ssl3_cert_verify_hash output the hash, since it already knows it. Also add a missing EVP_PKEY_CTX_set_signature_md call on the client half. (Although, the call isn't actually necessary.) Also remove now unnecessary static assert. Since EVP_md5_sha1 is an EVP_MD itself, EVP_MAX_MD_SIZE is required to fit it already. Change-Id: Ief74fdbdf08e9f124679475bafba2f6f1d8fc687 Reviewed-on: https://boringssl-review.googlesource.com/8692 Reviewed-by:
-
Adam Langley authored
Bazel sees BUILD files are markers for different packages. So by having a file named “BUILD” in the source tree, Bazel thinks that there are several packages involved. This change renames it to BUILD.toplevel to avoid this. Change-Id: Ia76167334cd52f72ff25ecb08533c30e5e423ab8
-
- 12 Jul, 2016 16 commits
-
-
Adam Langley authored
This reverts commit 09feb0f3. (In order to make WebRTC happy this also needs to be reverted.)
-
Adam Langley authored
This reverts commits: 8d79ed67 19fdcb52 8d79ed67 Because WebRTC (at least) includes our headers in an extern "C" block, which precludes having any C++ in them. Change-Id: Ia849f43795a40034cbd45b22ea680b51aab28b2d
-
Andrii Shyshkalov authored
Bug: chromium:618641 Change-Id: I4471f28ad8a0bebbcbd415e35bf98546799047b0 Reviewed-on: https://boringssl-review.googlesource.com/8410 Reviewed-by:
Matt Braithwaite <[email protected]>
-
Adam Langley authored
MSVC doesn't define __cplusplus as 201103 to indicate C++11 support, so just assume that the compiler supports C++11 if _MSC_VER is defined. Change-Id: I27f6eeefe6e8dc522470f36fab76ab36d85eebac Reviewed-on: https://boringssl-review.googlesource.com/8734 Reviewed-by:
-
Adam Langley authored
Now that we have template code in them, that doesn't work. Change-Id: I9ead5d202b0d8c9b848cf25a1f247f824394a168 Reviewed-on: https://boringssl-review.googlesource.com/8733 Reviewed-by:
-
David Benjamin authored
Last month's canary for loop did not die in the coal mine of decrepit toolchains. Make a note of this in STYLE.md so we know to start breeding more of them. We can indeed declare index variables like it's 1999. I haven't bothered to convert all of our for loops because that will be tedious, but we can do it as we touch the code. Or if someone feels really really bored. BUG=47 Change-Id: Ib76c0767c1b509e825eac66f8c2e3ee2134e2493 Reviewed-on: https://boringssl-review.googlesource.com/8740 Reviewed-by:
Adam Langley <[email protected]>
-
David Benjamin authored
For when the PackHandshakeFlight tests get enabled. Change-Id: Iee20fd27d88ed58f59af3b7e2dd92235d35af9ce Reviewed-on: https://boringssl-review.googlesource.com/8663 Reviewed-by:
-
Adam Langley authored
This change scatters the contents of the two scoped_types.h files into the headers for each of the areas of the code. The types are now in the |bssl| namespace. Change-Id: I802b8de68fba4786b6a0ac1bacd11d81d5842423 Reviewed-on: https://boringssl-review.googlesource.com/8731 Reviewed-by:
-
Adam Langley authored
We currently have the situation where the |tool| and |bssl_shim| code includes scoped_types.h from crypto/test and ssl/test. That's weird and shouldn't happen. Also, our C++ consumers might quite like to have access to the scoped types. Thus this change moves some of the template code to base.h and puts it all in a |bssl| namespace to prepare for scattering these types into their respective headers. In order that all the existing test code be able to access these types, it's all moved into the same namespace. Change-Id: I3207e29474dc5fcc344ace43119df26dae04eabb Reviewed-on: https://boringssl-review.googlesource.com/8730 Reviewed-by:
-
David Benjamin authored
It still places the current message all over the place, but remove the bizarre init_num/error/ok split. Now callers get the message length out of init_num, which mirrors init_msg. Also fix some signedness. Change-Id: Ic2e97b6b99e234926504ff217b8aedae85ba6596 Reviewed-on: https://boringssl-review.googlesource.com/8690 Reviewed-by:
-
David Benjamin authored
This machinery is so different between TLS and DTLS that there is no sense in having them share structures. This switches us to maintaining the full reassembled message in hm_fragment and get_message just lets the caller read out of that when ready. This removes the last direct handshake dependency on init_buf, ssl3_hash_message. Change-Id: I4eccfb6e6021116255daead5359a0aa3f4d5be7b Reviewed-on: https://boringssl-review.googlesource.com/8667 Reviewed-by:
-
Adam Langley authored
Since they include an ECDHE exchange in them, they are equally-well suited to False Start. Change-Id: I75d31493a614a78ccbf337574c359271831d654d Reviewed-on: https://boringssl-review.googlesource.com/8732 Reviewed-by:
-
David Benjamin authored
We usually put main at the end. There's now nothing interesting in the function, so avoid having to declare every test at the top. Change-Id: Iac469f41f0fb7d1f58d12dfbf651bf0d39f073d0 Reviewed-on: https://boringssl-review.googlesource.com/8712 Reviewed-by:
-
David Benjamin authored
That removes the last of the bc stuff. BUG=31 Change-Id: If64c974b75c36daf14c46f07b0d9355b7cd0adcb Reviewed-on: https://boringssl-review.googlesource.com/8711 Reviewed-by:
-
Adam Langley authored
../tool/transport_common.cc:429:14: error: ‘code_250’ may be used uninitialized in this function [-Werror=maybe-uninitialized] (I don't believe it can actually happen though.) Change-Id: I78d19ad42ed4c05404f1d8d3e8f254ede3244b8d
-
Adam Langley authored
This change adds support for doing an SMTP STARTTLS dance before a TLS handshake when using the tool. This is useful for poking at SMTP servers. Change-Id: I04cd60d02d3377cce83e412d62e3257235a19116 Reviewed-on: https://boringssl-review.googlesource.com/8662 Reviewed-by:
-
