- 27 Feb, 2017 1 commit
-
-
Adam Langley authored
This change updates AES-GCM-SIV to match revision four of the draft[1]. See [2] for the reasons behind the changes. [1] https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-04 [2] https://www.ietf.org/mail-archive/web/cfrg/current/msg08895.html Change-Id: Icacfefbd2f470186051551ea227c9d6c6dd6e786 Reviewed-on: https://boringssl-review.googlesource.com/13973 Reviewed-by:
Adam Langley <[email protected]> Commit-Queue: Adam Langley <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]>
-
- 25 Feb, 2017 1 commit
-
-
Alessandro Ghedini authored
Update the X509v3 name parsing to allow multiple xn-- international domain name indicators in a name. Previously, only allowed one at the beginning of a name, which was wrong. (Imported from upstream's 31d1d3741f16bd80ec25f72dcdbf6bbdc5664374) Change-Id: I93f1db7a5920305569af23f9f2b30ab5cc226521 Reviewed-on: https://boringssl-review.googlesource.com/13984 Reviewed-by:
Adam Langley <[email protected]> Commit-Queue: Adam Langley <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]>
-
- 23 Feb, 2017 1 commit
-
-
David Benjamin authored
It has no more callers. Change-Id: I587ccb3b63810ed167febf7a65ba85106d17a300 Reviewed-on: https://boringssl-review.googlesource.com/13911 Reviewed-by:
David Benjamin <[email protected]> Commit-Queue: David Benjamin <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]>
-
- 22 Feb, 2017 2 commits
-
-
Michel Lespinasse authored
Change-Id: Icb01cd3ff88eb3fa8a7d7a1e9ead568ba20eb748 Reviewed-on: https://boringssl-review.googlesource.com/13965 Reviewed-by:
-
Matthew Braithwaite authored
The new APIs are SSL_CTX_set_strict_cipher_list() and SSL_set_strict_cipher_list(). They have two motivations: First, typos in cipher lists can go undetected for a long time, and can have surprising consequences when silently ignored. Second, there is a tendency to use superstition in the construction of cipher lists, for example by "turning off" things that do not actually exist. This leads to the corrosive belief that DEFAULT and ALL ought not to be trusted. This belief is false. Change-Id: I42909b69186e0b4cf45457e5c0bc968f6bbf231a Reviewed-on: https://boringssl-review.googlesource.com/13925 Commit-Queue: Matt Braithwaite <[email protected]> Reviewed-by:
Matt Braithwaite <[email protected]>
-
- 18 Feb, 2017 6 commits
-
-
Matthew Braithwaite authored
Change-Id: Ic4bdad4631d603a9944312e13997ec98739a45ab Reviewed-on: https://boringssl-review.googlesource.com/13924 Commit-Queue: Matt Braithwaite <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]> Reviewed-by:
-
David Benjamin authored
These are only used by crypto/asn1 and not externally. Change-Id: I2e6a28828fd81a4e3421eed1e98f0a65197f4b88 Reviewed-on: https://boringssl-review.googlesource.com/13868 Reviewed-by:
-
David Benjamin authored
The two non-trivial changes are: 1. The public API now queries it out of the session. There is a long comment over the old field explaining why the state was separate, but this predates EMS being forbidden from changing across resumption. It is not possible for established_session and the socket to disagree on EMS. 2. Since SSL_HANDSHAKE gets reset on each handshake, the check that EMS does not change on renego looks different. I've reworked that function a bit, but it should have the same effect. Change-Id: If72e5291f79681381cf4d8ceab267f76618b7c3d Reviewed-on: https://boringssl-review.googlesource.com/13910 Commit-Queue: David Benjamin <[email protected]> Commit-Queue: Steven Valdez <[email protected]> Reviewed-by:
Steven Valdez <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]>
-
David Benjamin authored
This lets us trim another two pointers of per-connection state. Change-Id: I2145d529bc25b7e24a921d01e82ee99f2c98867c Reviewed-on: https://boringssl-review.googlesource.com/13804 Reviewed-by:
-
David Benjamin authored
This effectively reverts b9824e24. This error seems to have mostly just caused confusion in logs and the occasional bug around failing to ERR_clear_error. Consumers tend to blindly call SSL_shutdown when tearing down an SSL (to avoid invalidating sessions). This means handshake failures trigger two errors, which is screwy. Go back to the old behavior where SSL_shutdown while SSL_in_init silently succeeds. Change-Id: I1fcfc92d481b97c840847dc39afe59679cd995f2 Reviewed-on: https://boringssl-review.googlesource.com/13909 Commit-Queue: David Benjamin <[email protected]> Commit-Queue: Steven Valdez <[email protected]> Reviewed-by:
-
David Benjamin authored
Node has since been patched. Change-Id: If25eecabfc83ef9fd36c531c9ca9db2911de010e Reviewed-on: https://boringssl-review.googlesource.com/13908 Commit-Queue: David Benjamin <[email protected]> Commit-Queue: Steven Valdez <[email protected]> Reviewed-by:
-
- 17 Feb, 2017 17 commits
-
-
David Benjamin authored
Noticed this comparing our and upstream's ASN.1 code. Somehow I missed this line in cb852981. This change is a no-op as our only ASN1_EX_COMBINE field is an ASN1_CHOICE which does not read aclass. Change-Id: I011f2f6eadd3939ec5f0b346c4eb7d14e406e3cd Reviewed-on: https://boringssl-review.googlesource.com/13833 Reviewed-by:
-
David Benjamin authored
asn1_template_noexp_d2i call ASN1_item_ex_free(&skfield,...) on error. Reworked error handling in asn1_item_ex_combine_new: - call ASN1_item_ex_free and return the correct error code if ASN1_template_new failed. - dont call ASN1_item_ex_free if ASN1_OP_NEW_PRE failed. Reworked error handing in x509_name_ex_d2i and x509_name_encode. (Imported from upstream's 748cb9a17f4f2b77aad816cf658cd4025dc847ee.) I believe the tasn1_new.c change is a no-op since we have no ASN1_OP_NEW_PRE hooks anymore. I'm not sure what the commit message is referring to with ASN1_template_new. It also seems odd as ASN1_item_ex_free should probably be able to survive *pval being NULL. Whatever. We'd previously tried to fix x509_name_ex_d2i, but I think ours wasn't quite right. (This thing is a mess...) I've aligned that function with upstream. Change-Id: Ie71521cd8a1ec357876caadd13be1ce247110f76 Reviewed-on: https://boringssl-review.googlesource.com/13831 Reviewed-by:
-
David Benjamin authored
(Imported from upstream's 1222d273d36277f56c3603a757240c386d55f318.) We'd fixed half of these, but the other half are probably unreachable from code that ran under malloc tests, so we never noticed. It's puzzling why upstream did both this and 166e365ed84dfabec3274baf8a9ef8aa4e677891. It seems you only need one of them. Change-Id: I08074358134180c6661600b66958ba861e7726fb Reviewed-on: https://boringssl-review.googlesource.com/13832 Reviewed-by:
-
David Benjamin authored
BUG=129 Change-Id: Id7a92285601ff4276f4015eaee290bf77aa22b47 Reviewed-on: https://boringssl-review.googlesource.com/13628 Reviewed-by:
-
David Benjamin authored
If copy fails, we shouldn't call cleanup. Also remove some pointless NULL checks after EVP_PKEY_up_ref. See also upstream's 748cb9a17f4f2b77aad816cf658cd4025dc847ee. Change-Id: I2acb6892cde1ab662ca6a620d87179f9be609cba Reviewed-on: https://boringssl-review.googlesource.com/13830 Reviewed-by:
-
David Benjamin authored
These were added in an attempt to deal with the empty vs. NULL confusion in PKCS#12. Instead, PKCS8_encrypt and PKCS8_decrypt already treated NULL special. Since we're stuck with supporting APIs like those anyway, Chromium has been converted to use that feature. This cuts down on the number of APIs we need to decouple from crypto/asn1. BUG=54 Change-Id: Ie2d4798d326c5171ea5d731da0a2c11278bc0241 Reviewed-on: https://boringssl-review.googlesource.com/13885 Reviewed-by:
-
Adam Langley authored
(Imports upstream's 76e624a003db22db2d99ece04a15e20fe44c1fbe.) Also includes the following fixes: https://github.com/openssl/openssl/pull/2582 https://github.com/openssl/openssl/pull/2655 Change-Id: I6086a87a534d152cdbff104c62ad9dcd9b4e012a Reviewed-on: https://boringssl-review.googlesource.com/13783 Reviewed-by:
-
David Benjamin authored
BUG=129 Change-Id: I603054193a20c2bcc3ac1724f9b29d6384d9f62a Reviewed-on: https://boringssl-review.googlesource.com/13626 Reviewed-by:
-
David Benjamin authored
This is handy when "offset(%reg)" is a perl variable. (Imported from upstream's 1cb35b47db8462f5653803501ed68d33b10c249f.) Change-Id: I2f03907a7741371a71045f98318e0ab9396a8fc7 Reviewed-on: https://boringssl-review.googlesource.com/13906 Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
David Benjamin authored
.cfi_{start|end}proc and .cfi_def_cfa were not tracked. (Imported from upstream's 88be429f2ed04f0acc71f7fd5456174c274f2f76.) Change-Id: I6abd480255218890349d139b62f62144b34c700d Reviewed-on: https://boringssl-review.googlesource.com/13905 Commit-Queue: David Benjamin <[email protected]> Reviewed-by: -
David Benjamin authored
(Imported from upstream's fa3f83552f53447deced45579865cec9f55a947e.) Change-Id: I659422a604b9d1d61334e09dff0c1de3aedb2d04 Reviewed-on: https://boringssl-review.googlesource.com/13904 Commit-Queue: David Benjamin <[email protected]> Commit-Queue: Steven Valdez <[email protected]> Reviewed-by:
-
Adam Langley authored
(Imports upstream's 384e6de4c7e35e37fb3d6fbeb32ddcb5eb0d3d3f. Changes to P-256 assembly dropped because we're so different there.) - harmonize handlers with guidelines and themselves; - fix some bugs in handlers; Change-Id: Ic0b6a37bed6baedc50448c72fab088327f12898d Reviewed-on: https://boringssl-review.googlesource.com/13782 Commit-Queue: Adam Langley <[email protected]> Commit-Queue: David Benjamin <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]> Reviewed-by:
-
David Benjamin authored
TEST_P didn't work without fixing the suppression, so I went ahead and fixed it across the entire project. BUG=129 Change-Id: I5fe417f720040b627acfb3ed2063afdc85dfa908 Reviewed-on: https://boringssl-review.googlesource.com/13824 Reviewed-by:
-
David Benjamin authored
This reduces us from seven different configuration patterns to six (see comment #2 of linked bug). I do not believe there is any behavior change here as SSL_set_SSL_CTX already manually copied the field. It now gives us a nice invariant: SSL_set_SSL_CTX overrides all and only the dual-SSL/SSL_CTX options hanging off of CERT. BUG=123 Change-Id: I1ae06b791fb869917a6503cee41afb2d9be53d89 Reviewed-on: https://boringssl-review.googlesource.com/13865 Reviewed-by:
-
David Benjamin authored
(Imported from upstream's 7e12cdb52e3f4beff050caeecf3634870bb9a7c4.) Change-Id: I9a6bba72c039e45ae5c0302a8a3dff7148cf1897 Reviewed-on: https://boringssl-review.googlesource.com/13869 Reviewed-by:
-
David Benjamin authored
I'm not sure why the SSL versions of these functions return int while the SSL_CTX version returns void. It looks like this dates to https://boringssl-review.googlesource.com/c/1491/, of which the initial upload was an SSL_ctrl macro. I guess one of the ints got accidentally preserved in conversion. (No existing caller, aside from bssl_shim, checks the result.) Change-Id: Id54309c1aa03462d520b9a45cdfdefdd2cdd1298 Reviewed-on: https://boringssl-review.googlesource.com/13866 Reviewed-by:
-
Steven Valdez authored
0-RTT requires matching the selected ALPN parameters against those in the session. Stash the ALPN value in the session in TLS 1.3, so we can recover it. BUG=76 Change-Id: I8668b287651ae4deb0bf540c0885a02d189adee0 Reviewed-on: https://boringssl-review.googlesource.com/13845 Reviewed-by:
-
- 16 Feb, 2017 2 commits
-
-
Alessandro Ghedini authored
Change-Id: I02e33a89345eaa935c06e3e6d88f7611049f1387 Reviewed-on: https://boringssl-review.googlesource.com/13884 Reviewed-by:
-
David Benjamin authored
BUG=129 Change-Id: Ibbd6d0804a75cb17ff33f64d4cdf9ae80b26e9df Reviewed-on: https://boringssl-review.googlesource.com/13867 Reviewed-by:
-
- 15 Feb, 2017 2 commits
-
-
David Benjamin authored
We've already converted err_test and forgot. Instead, recognize GTest vs. normal tests by their contents. This hack can be removed later once all the tests are converted. BUG=129 Change-Id: Iaa56e0f3c316faaee5458a4bba9b977dc6efb1e8 Reviewed-on: https://boringssl-review.googlesource.com/13844 Reviewed-by:
-
David Benjamin authored
Recent changes added SSL-level setters to these APIs. Unfortunately, this has the side effect of breaking SSL_set_SSL_CTX, which is how SNI is typically handled. SSL_set_SSL_CTX is kind of a weird function in that it's very sensitive to which of the hodge-podge of config styles is in use. I previously listed out all the config styles here, but it was long and unhelpful. (I counted up to 7.) Of the various SSL_set_SSL_CTX-visible config styles, the sanest seems to be to move it to CERT. In this case, it's actually quite reasonable since they're very certificate-related. Later we may wish to think about whether we can cut down all 7 kinds of config styles because this is kinda nuts. I'm wondering we should do CERT => SSL_CONFIG, move everything there, and make that be the same structure that is dropped post-handshake (supposing the caller has disavowed SSL_clear and renego). Fruit for later thought. (Note though that comes with a behavior change for all the existing config.) Change-Id: I9aa47d8bd37bf2847869e0b577739d4d579ee4ae Reviewed-on: https://boringssl-review.googlesource.com/13864 Reviewed-by:
Martin Kreichgauer <[email protected]> Reviewed-by:
-
- 14 Feb, 2017 8 commits
-
-
Adam Langley authored
(Imports upstream's 3c274a6e2016b6724fbfe3ff1487efa2a536ece4.) Change-Id: I2f0c0abff04decd347d4770e6d1d190f1e08afa0 Reviewed-on: https://boringssl-review.googlesource.com/13781 Commit-Queue: Adam Langley <[email protected]> Reviewed-by:
-
Adam Langley authored
(Imports upstream's a30b0522cb937be54e172c68b0e9f5fa6ec30bf3.) Change-Id: I6b9e67f97de935ecaaa9524943c6bdbe3540c0d0 Reviewed-on: https://boringssl-review.googlesource.com/13780 Commit-Queue: Adam Langley <[email protected]> Reviewed-by:
-
Adam Langley authored
(Imports upstream's abb8c44fbaf6b88f4f4879b89b32e423aa75617b.) Note that the AVX512 code is disabled for now. This just reduces the diff with upstream. Change-Id: I61da414e53747ecc869f27883e6ab12c1f8513ff Reviewed-on: https://boringssl-review.googlesource.com/13779 Commit-Queue: Adam Langley <[email protected]> Reviewed-by:
-
Adam Langley authored
(Imports upstream's d89773d659129368a341df746476da445d47ad31.) In order to minimize dependency on assembler version a number of post-SSE2 instructions are encoded manually. But in order to simplify the procedure only register operands are considered. Non-register operands are passed down to assembler. Module in question uses pshufb with memory operands, and old [GNU] assembler can't handle it. Fortunately in this case it's possible skip just the problematic segment without skipping SSSE3 support altogether. Change-Id: Ic3ba1eef14170f9922c2cc69e0d57315e99a788b Reviewed-on: https://boringssl-review.googlesource.com/13778 Commit-Queue: Adam Langley <[email protected]> Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
Adam Langley authored
We do pass -DOPENSSL_IA32_SSE2 on the command line, so this just had the effect of setting both values to 1 anyway. Change-Id: Ia34714bb2fe51cc79d51ef9ee3ffe0354049ed0c Reviewed-on: https://boringssl-review.googlesource.com/13777 Commit-Queue: Adam Langley <[email protected]> Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
Adam Langley authored
This reverts commit 75b833cc. Sadly this needs to be redone because upstream never took this change. Perhaps, once redone, we can try upstreaming it again. Change-Id: Ic8aaa0728a43936cde1628ca031ff3821f0fbf5b Reviewed-on: https://boringssl-review.googlesource.com/13776 Commit-Queue: Adam Langley <[email protected]> Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
Adam Langley authored
(Imports upstream's 3ba1ef829cf3dd36eaa5e819258d90291c6a1027.) Original strategy for page-walking was adjust stack pointer and then touch pages in order. This kind of asks for double-fault, because if touch fails, then signal will be delivered to frame above adjusted stack pointer. But touching pages prior adjusting stack pointer would upset valgrind. As compromise let's adjust stack pointer in pages, touching top of the stack. This still asks for double-fault, but at least prevents corruption of neighbour stack if allocation is to overstep the guard page. Also omit predict-non-taken hints as they reportedly trigger illegal instructions in some VM setups. Change-Id: Ife42935319de79c6c76f8df60a76204c546fd1e0 Reviewed-on: https://boringssl-review.googlesource.com/13775 Commit-Queue: Adam Langley <[email protected]> Reviewed-by:
-
Adam Langley authored
(Imports upstream's ace05265d2d599e350cf84ed60955b7f2b173bc9.) Change-Id: I151a03d662f7effe87f22fd9db7e0265368798b8 Reviewed-on: https://boringssl-review.googlesource.com/13774 Commit-Queue: Adam Langley <[email protected]> Reviewed-by:
-
