- 05 Apr, 2017 4 commits
-
-
David Benjamin authored
We received an external request to add an option to undo the check added in 3e51757d. Change-Id: Ifdd4b07705f2fa3d781d775d5cd139ea72d36734 Reviewed-on: https://boringssl-review.googlesource.com/14644 Reviewed-by:
David Benjamin <[email protected]> Commit-Queue: David Benjamin <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]>
-
David Benjamin authored
On malloc error, CRYPTO_set_ex_data may fail. (See upstream's 62f488d31733e5dc77b339f905b44f165550e47d.) It also failed to copy the reserved slots when we revised the app-data machinery, although this is unreachable as EC_KEY is the only thing which uses this function and EC_KEY has no reserved slots. (We probably can/should also take CRYPTO_dup_ex_data out of there, as it's a little bit weird...) Change-Id: I60bbc301f919d4c0ee7fff362f979f6ec18d73b7 Reviewed-on: https://boringssl-review.googlesource.com/14604 Reviewed-by:
Steven Valdez <[email protected]> Reviewed-by:
-
Adam Langley authored
(Thanks to Sam Panzer for the patch.) At least some linkers will drop constructor functions if no symbols from that translation unit are used elsewhere in the program. On POWER, since the cached capability value isn't a global in crypto.o (like other platforms), the constructor function is getting discarded. The C++11 spec says (3.6.2, paragraph 4): It is implementation-defined whether the dynamic initialization of a non-local variable with static storage duration is done before the first statement of main. If the initialization is deferred to some point in time after the first statement of main, it shall occur before the first odr-use (3.2) of any function or variable defined in the same translation unit as the variable to be initialized. Compilers appear to interpret that to mean they are allowed to drop (i.e. indefinitely defer) constructors that occur in translation units that are never used, so they can avoid initializing some part of a library if it's dropped on the floor. This change makes the hardware capability value for POWER a global in crypto.c, which should prevent the constructor function from being ignored. Change-Id: I43ebe492d0ac1491f6f6c2097971a277f923dd3e Reviewed-on: https://boringssl-review.googlesource.com/14664 Commit-Queue: Adam Langley <[email protected]> Commit-Queue: David Benjamin <[email protected]> Reviewed-by: -
David Benjamin authored
This was a mess. HMAC_CTX_copy_ex would avoid having to cleanup and init the HMAC_CTX repeatedly, but even that is unnecessary. hctx_tpl was just to reuse the key. Instead, HMAC_CTX already can be reset with the same key. (Alas, with a slightly odd API, but so it goes.) Do that, and use goto err to cleanup the error-handling. Thanks to upstream's b98530d6e09f4cb34c791b8840e936c1fc1467cf for drawing attention to this. (Though we've diverged significantly from upstream with all the heap-allocated bits, so I didn't use the change itself.) While I'm here, tidy up some variable names and cite the newer RFC. Change-Id: Ic1259f46b7c5a14dc341b8cee385be5508ac4daf Reviewed-on: https://boringssl-review.googlesource.com/14605 Reviewed-by:
-
- 04 Apr, 2017 2 commits
-
-
Martin Kreichgauer authored
Change-Id: I6eb13647843b124b0cfeb7ea592736a80d723836 Reviewed-on: https://boringssl-review.googlesource.com/14624 Reviewed-by:
Adam Langley <[email protected]>
-
Alessandro Ghedini authored
This moves the early data switch to CERT to make this |SSL_set_SSL_CTX|-proof. Change-Id: Icca96e76636d87578deb24b2d507cabee7e46a4a Reviewed-on: https://boringssl-review.googlesource.com/14545 Reviewed-by:
-
- 03 Apr, 2017 1 commit
-
-
Adam Langley authored
These static output buffers are a legacy from a time before processes had threads. This change drops support and callers who were depending on this (of which there are hopefully none) will crash. Change-Id: I7b8eb3440def507f92543e55465f821dfa02c7da Reviewed-on: https://boringssl-review.googlesource.com/14528 Commit-Queue: Adam Langley <[email protected]> Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
- 31 Mar, 2017 16 commits
-
-
David Benjamin authored
Taken from revision 3cb07270c9455e8ad27956a70891c962d121a228 of go-crypto. Some of the changes look like they might fix some of the crashes we've been having on ARM bots? Change-Id: I127fd358db553eae4805e777011a89124f595ff0 Reviewed-on: https://boringssl-review.googlesource.com/14544 Commit-Queue: David Benjamin <[email protected]> Commit-Queue: Adam Langley <[email protected]> Reviewed-by:
-
Adam Langley authored
Change-Id: I32b37306265e89afca568f20bfba2e04559c4f0b Reviewed-on: https://boringssl-review.googlesource.com/14527 Commit-Queue: Adam Langley <[email protected]> Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
David Benjamin authored
Change-Id: I04babe31dcea8198a88c8affd5f9f9e24e449e4a Reviewed-on: https://boringssl-review.googlesource.com/14526 Reviewed-by:
-
David Benjamin authored
We've got to get a bot for this... Change-Id: I6af0c466c10ec52bf2e67f1e6fa2513411aeb3c0 Reviewed-on: https://boringssl-review.googlesource.com/14524 Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
David Benjamin authored
Change-Id: Ie43ffabfdf5b10fbb0c8adcc2626a2913152e5e1 Reviewed-on: https://boringssl-review.googlesource.com/14525 Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
Doug Kwan authored
and relying on a compiler to generate code for unaligned access. Both gcc and llvm currently do that but llvm is going to change to generate code for aligned access. The change in llvm will break SHA-1 on POWER without this fix. Change-Id: If9393968288cf94b684ad340e3ea295e03174aa9 Reviewed-on: https://boringssl-review.googlesource.com/14378 Reviewed-by:
-
David Benjamin authored
There are a few test vectors which were not imported from djb's. Mirror those. Also as RFC 8032 uses a slightly different private key representation, document this in curve25519.h. BUG=187 Change-Id: I119381168ba1af9b332365fd8f974fba41759d57 Reviewed-on: https://boringssl-review.googlesource.com/14445 Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
David Benjamin authored
This is a remnant of a previous iteration of the SSL client certificate bridging logic in Chromium. Change-Id: Ifa8e15cc970395f179e2f6db65c97a342af5498d Reviewed-on: https://boringssl-review.googlesource.com/14444 Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
David Benjamin authored
Clients or servers enabling both should not stop functioning. Change-Id: I5cca09f8adfc8ff56b8943123847bbdaf8885cf4 Reviewed-on: https://boringssl-review.googlesource.com/14485 Reviewed-by:
-
David Benjamin authored
This is slightly tidier than casting through function pointers. (Also more defined? But we cast T* => void* within a function pointer all over the place, so that's probably a lost cause.) Change-Id: I8f435906f3066d1377eababf940e3db34c626acd Reviewed-on: https://boringssl-review.googlesource.com/14313 Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
David Benjamin authored
We only need the size_t ones now. BUG=22 Change-Id: Ie6935656bbc4bd2b602b8fad78effc401c493416 Reviewed-on: https://boringssl-review.googlesource.com/14312 Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
David Benjamin authored
Not that this is remotely necessary since the code bounds to 1MB, the caller bounds to INT_MAX (due to EVP_CIPHER) and the grandcaller bounds to 16k (due to TLS). BUG=22 Change-Id: Ia75990a30bac26ca617532630340ff94a88e4e20 Reviewed-on: https://boringssl-review.googlesource.com/14311 Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
David Benjamin authored
This is redundant because these "AEAD"s are not meant to be used outside of TLS, but since we've moved them into their own layer, they should check internally. Change-Id: Ieb3541b2e494902527c2bb56a816cef620cb237b Reviewed-on: https://boringssl-review.googlesource.com/14310 Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
David Benjamin authored
This makes it a bit easier to see what is what. Change-Id: I0f73f6ffa84bd30de3efcbf2bd34e1d3a889d1ee Reviewed-on: https://boringssl-review.googlesource.com/14309 Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
David Benjamin authored
BUG=22 Change-Id: I9f392eef44e83efb4b13931acb2a3c642cbf1f29 Reviewed-on: https://boringssl-review.googlesource.com/14308 Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
David Benjamin authored
BUG=22 Change-Id: I5bfa543c261623d125e7a25cea905e3b90b0c014 Reviewed-on: https://boringssl-review.googlesource.com/14307 Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
- 30 Mar, 2017 5 commits
-
-
David Benjamin authored
These will be used in follow-up commits. The _s names are taken from upstream, to ease importing code. I've also promoted the CONSTTIME_* macros from the test. None of them are really necessary except ~0u cannot substitute for CONSTTIME_TRUE_S on 64-bit platforms, so having the macros seems safer. Once everything is converted, I expect the unsigned versions can be removed, so I've made the _8 and _int functions act on size_t rather than unsigned. The users of these functions basically only believe that array indices and bytes exist. BUG=22 Change-Id: I987bfb0c708dc726a6f2afcb05b6619bbd600564 Reviewed-on: https://boringssl-review.googlesource.com/14306 Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
Steven Valdez authored
Change-Id: I013cf58528463ccca9e087c1c5d544beec3db24a Reviewed-on: https://boringssl-review.googlesource.com/14466 Reviewed-by:
-
David Benjamin authored
SSL_CTX_set_signed_cert_timestamp_list fails now if its input is not well-formed. Change-Id: I84a4034f66868da11f98bf33e5b7f5c9fc958933 Reviewed-on: https://boringssl-review.googlesource.com/14484 Reviewed-by:
-
Steven Valdez authored
Since any ALPN mismatch and other cause for early data rejection will cause the server to revert to the non-early data path, this is safe to flip on for all the fuzzers. BUG=76 Change-Id: I573740ef8f455915820943d82247fb6bfc37ae41 Reviewed-on: https://boringssl-review.googlesource.com/14465 Reviewed-by:
-
Adam Langley authored
Previously we only needed to be able to serve P-224 certificates, but now we anticipate a need to be able to connect and validate them also. Since this requires advertising support for P-224 in the handshake, we need to support P-224 ECDHE too. P-224 support is disabled by default and so clients need to both set the enabled curves explicitly and set a maximum version of TLS 1.2. Change-Id: Idc69580f47334e0912eb431a0db0e78ee2eb5bbe Reviewed-on: https://boringssl-review.googlesource.com/14225 Reviewed-by:
Adam Langley <[email protected]> Commit-Queue: Adam Langley <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]>
-
- 29 Mar, 2017 1 commit
-
-
Steven Valdez authored
Allow the fuzzers to treat this situation, if they ever discover it, as a bug. Change-Id: Ie6f1562e9b185d49463cf1a6db28d28780169b11 Reviewed-on: https://boringssl-review.googlesource.com/14424 Reviewed-by:
-
- 28 Mar, 2017 4 commits
-
-
David Benjamin authored
Change-Id: Ied6b73fde61eb133c9871b42a56aa5a64131b67b Reviewed-on: https://boringssl-review.googlesource.com/14328 Reviewed-by:
-
David Benjamin authored
BUG=185 Change-Id: I4ce6735ca78cd687538a8c0fdbd78ee97b93585c Reviewed-on: https://boringssl-review.googlesource.com/14382 Reviewed-by:
-
David Benjamin authored
This pulls in upstream's 0822d41b6d54132df96c02cc6f6fa9b179378351 and a portion of a285992763f3961f69a8d86bf7dfff020a08cef9. The former, in particular, fixes a crash on iOS. Change-Id: I3c083975d8d11e58b5a2919fcabbf83628f36340 Reviewed-on: https://boringssl-review.googlesource.com/14383 Reviewed-by:
Steven Valdez <[email protected]> Reviewed-by:
-
David Benjamin authored
When we refactored all the buffering logic, we retained upstream OpenSSL's allocation patterns. In particular, we always allocated fixed size write buffer, even though, unlike when reading, we trivially know a tighter bound (namely however much we happen to be writing right now). Since the cutoff for when Windows' malloc starts having a hard time is just below the TLS maximum record size, do the more natural thing of allocating what we need to hold outgoing ciphertext. (This only does anything to the write half. Read half is a bit more involved.) BUG=chromium:524258 Change-Id: I0165f9ce822b9cc413f3c77e269e6154160537a7 Reviewed-on: https://boringssl-review.googlesource.com/14405 Reviewed-by:
-
- 27 Mar, 2017 7 commits
-
-
David Benjamin authored
We now have another non-OpenSSL perlasm file. Change-Id: Id5ab606089f22a4cb4c7d29f2cf7d140b66861f7 Reviewed-on: https://boringssl-review.googlesource.com/14404 Reviewed-by:
-
David Benjamin authored
Remove another remnant of the SSL3_PROTOCOL_METHOD hook. Change-Id: If6bf055e2ee318420e4c5c40b8eb5356eadda68c Reviewed-on: https://boringssl-review.googlesource.com/14381 Commit-Queue: David Benjamin <[email protected]> Commit-Queue: Steven Valdez <[email protected]> Reviewed-by:
-
David Benjamin authored
BUG=76 Change-Id: I68bc1dce13af9155b385a7b589480aacf02ec0db Reviewed-on: https://boringssl-review.googlesource.com/14380 Commit-Queue: David Benjamin <[email protected]> Commit-Queue: Steven Valdez <[email protected]> Reviewed-by:
-
Steven Valdez authored
BUG=76 Change-Id: Ie894ea5d327f88e66b234767de437dbe5c67c41d Reviewed-on: https://boringssl-review.googlesource.com/12960 Reviewed-by:
-
David Benjamin authored
BUG=76 Change-Id: I43672ee82a50f8fe706a5d607ef774a6e96db252 Reviewed-on: https://boringssl-review.googlesource.com/14379 Reviewed-by:
-
David Benjamin authored
This ends up under half the size of the original file. BUG=129 Change-Id: Idec69d9517bd57cee6b3b83bc0cce05396565b70 Reviewed-on: https://boringssl-review.googlesource.com/14305 Reviewed-by:
-
David Benjamin authored
OPENSSL_free will handle NULL. Change-Id: I18593a015cd4a081c2eeebf0cd738a024d02a97d Reviewed-on: https://boringssl-review.googlesource.com/14373 Reviewed-by:
-
