- 08 Dec, 2017 1 commit
-
-
David Benjamin authored
Credit to OSS-Fuzz for finding this. CVE-2017-3738 (Imported from upstream's 5630661aecbea5fe3c4740f5fea744a1f07a6253 and 77d75993651b63e872244a3256e37967bb3c3e9e.) Confirmed with Intel SDE that the fix makes the test vector pass and that, without the fix, the test vector does not. (Well, we knew the latter already, since it was our test vector.) (cherry-picked from 296a61d6) Change-Id: I167aa3407ddab3b434bacbd18e099c55aa40ac4c Reviewed-on: https://boringssl-review.googlesource.com/23884 Reviewed-by:
Adam Langley <[email protected]> Reviewed-on: https://boringssl-review.googlesource.com/23924
-
- 17 Nov, 2017 1 commit
-
-
Adam Langley authored
Due to a copy-paste error, the call to |left_shift_3| is missing after reducing the password scalar in SPAKE2. This means that three bits of the password leak in Alice's message. (Two in Bob's message as the point N happens to have order 4l, not 8l.) The “correct” fix is to put in the missing call to |left_shift_3|, but that would be a breaking change. In order to fix this in a unilateral way, we add points of small order to the masking point to bring it into prime-order subgroup. BUG=chromium:778101 Change-Id: I440931a3df7f009b324d2a3e3af2d893a101804f Reviewed-on: https://boringssl-review.googlesource.com/22445 Reviewed-by:
David Benjamin <[email protected]> Commit-Queue: Adam Langley <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]>
-
- 12 Oct, 2017 1 commit
-
-
David Benjamin authored
This frees us up to make SSL_CTX a C++ type and avoids a lot of protrusions of otherwise private types into the global namespace. Bug: 6 Change-Id: I8a0624a53a4d26ac4a483fa270c39ecdd07459ee Reviewed-on: https://boringssl-review.googlesource.com/21584 Commit-Queue: Adam Langley <[email protected]> Reviewed-by:
-
- 11 Oct, 2017 3 commits
-
-
Steven Valdez authored
Change-Id: Ib24208e0ebdb1787c629ee29bd0115332ac36e73 Reviewed-on: https://boringssl-review.googlesource.com/21484 Reviewed-by:
-
Bruce Dawson authored
On some Chrome builds on Windows (including the official builds that we ship) there are dynamic initializers for kNamedGroups in chrome.dll and chrome_child.dll. Tagging this array with constexpr is guaranteed to avoid this. Bug: chromium:341941 Change-Id: I0e4ea0665b8ed9640b76b709dd300416be49e59e Reviewed-on: https://boringssl-review.googlesource.com/21564 Reviewed-by:
Bruce Dawson <[email protected]> Reviewed-by:
-
David Benjamin authored
OPENSSL_free always zeros things now. Change-Id: Iaad94f0d7ad51ade05ae89751321314d235d6d67 Reviewed-on: https://boringssl-review.googlesource.com/21384 Commit-Queue: Steven Valdez <[email protected]> Reviewed-by:
Steven Valdez <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]>
-
- 10 Oct, 2017 11 commits
-
-
David Benjamin authored
This doesn't particularly matter but is more consistent with DTLS and avoids the callback being potentially called from two places. Change-Id: I2f57ca94d2d532c56f37a0bac7000c15b3b4b520 Reviewed-on: https://boringssl-review.googlesource.com/21344 Commit-Queue: David Benjamin <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]> Reviewed-by:
-
David Benjamin authored
We usually use read/write rather than recv/send to describe the two sides. Change-Id: Ie3ac8c52c59ea9a5143f56b894f58cecd351dc7d Reviewed-on: https://boringssl-review.googlesource.com/21304 Commit-Queue: David Benjamin <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]> Reviewed-by:
-
David Benjamin authored
Clients need not accept CertificateRequest. We don't, have no intention to, and post-handshake auth now requires an extension. Change-Id: I2160c89e4a6988a7d743052b588d8aa2598ffabf Reviewed-on: https://boringssl-review.googlesource.com/21305 Commit-Queue: David Benjamin <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]> Reviewed-by:
-
David Benjamin authored
Change-Id: I893292b140d033a5aed7e08f928a6c32996bb983 Reviewed-on: https://boringssl-review.googlesource.com/21287 Commit-Queue: Steven Valdez <[email protected]> Reviewed-by:
-
David Benjamin authored
The only difference is whether there's an alert to send back, but we'll need to allow an "error without alert" in several cases anyway: 1. If the server sees an HTTP request or garbage instead of a ClientHello, it shouldn't send an alert. 2. Resurfaced errors. Just make zero signal no alert for now. Later on, I'm thinking we might just want to put the alert into the outgoing buffer and make it further uniform. This also gives us only one error state to keep track of rather than two. Bug: 206 Change-Id: Ia821d9f89abd2ca6010e8851220d4e070bc42fa1 Reviewed-on: https://boringssl-review.googlesource.com/21286 Commit-Queue: David Benjamin <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]> Reviewed-by:
-
David Benjamin authored
This is analogous to the Go stack's handshakeErr field. Since it's quite common for callers to run two I/O operations in parallel[*] like SSL_read and SSL_write (or SSL_read and SSL_do_handshake for client 0-RTT). Accordingly, the new handshake state machine jams itself up on handshake error, but to fully work with such callers, we should also replay the error state. This doesn't yet catch all cases (there are some parts of the read flow which need to be fixed). Those will be resolved in later changes. [*] Not actually in parallel, of course, but logically in parallel on a non-blocking socket. Bug: 206 Change-Id: I5a4d37a258b9e3fc555b732938b0528b839650f8 Reviewed-on: https://boringssl-review.googlesource.com/21285 Commit-Queue: David Benjamin <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]> Reviewed-by:
-
David Benjamin authored
This will be useful for the SSL stack to properly resurface handshake failures. Leave this in a private header and, along the way, hide the various types. (ERR_NUM_ERRORS didn't change in meaning. The old documentation was wrong.) Bug: 206 Change-Id: I4c6ca98d162d11ad5e17e4baf439a18fbe371018 Reviewed-on: https://boringssl-review.googlesource.com/21284 Commit-Queue: David Benjamin <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]> Reviewed-by:
-
David Benjamin authored
This reverts commit 73ffb74b. The CQ versions seem to be broken for some reason. Will debug this later. Change-Id: Ib5e30d612c55e907edf8ecede7f3d5e123d97bfb Reviewed-on: https://boringssl-review.googlesource.com/21464 Reviewed-by:
-
David Benjamin authored
We'll see if this becomes too burdensome. Change-Id: I51546c3f6ee38e70a9397f9ce695035d382acfa0 Reviewed-on: https://boringssl-review.googlesource.com/21424 Reviewed-by:
-
Robert Sloan authored
This change upstreams https://android-review.googlesource.com/#/c/platform/external/boringssl/+/504700 by [email protected], which adds generated makefile options for Eureka targets that depend on the legacy Android.mk build system. Change-Id: I9b98b7e6f245c6c2525357afe246b5002065127d Reviewed-on: https://boringssl-review.googlesource.com/21444 Reviewed-by:
-
Daniel Wagner-Hall authored
It spuriously complains about pointer math on function arguments which are arrays. Change-Id: I23b3494740196d5d46ce525a32dd43782e77f0ce Reviewed-on: https://boringssl-review.googlesource.com/21404 Reviewed-by:
-
- 07 Oct, 2017 2 commits
-
-
Adam Langley authored
Thanks to Dimitar Vlahovski for pointing this out. Change-Id: I417f52ec6c3e950bdab6079962b29976fb75c029 Reviewed-on: https://boringssl-review.googlesource.com/21324 Reviewed-by:
-
David Benjamin authored
https://boringssl-review.googlesource.com/18605 got the other ones. Change-Id: If00487a4dd8508496a31a0a565c965559e12879c Reviewed-on: https://boringssl-review.googlesource.com/21264 Commit-Queue: David Benjamin <[email protected]> Commit-Queue: Adam Langley <[email protected]> Reviewed-by:
-
- 06 Oct, 2017 6 commits
-
-
David Benjamin authored
This matches the Chromium build. There are some build errors when using the newer toolchain's headers. This might resolve it? clang-cl apparently claims VS2013 by default and Microsoft's headers are sensitive to this. Change-Id: Ib849e33d8a28649d981ea73972f568fd81e534a1 Reviewed-on: https://boringssl-review.googlesource.com/21244 Reviewed-by:
-
David Benjamin authored
The default is still 2015, but I'll use this to spin up some 2017 bots as well. Change-Id: Id189791c5c50ae5403f7d6db1cd486f8a3f43dfa Reviewed-on: https://boringssl-review.googlesource.com/21165 Commit-Queue: Steven Valdez <[email protected]> Reviewed-by:
-
David Benjamin authored
Change-Id: I6cd6a7eb670ad20dfdfc1895940fb023d18d37b3
-
David Benjamin authored
Our build logic needed to revised and and clang implements more warnings than MSVC, so GTest needed more fixes. Bug: 200 Change-Id: I84c5dd0c51079dd9c990e08dbea7f9022a7d6842 Reviewed-on: https://boringssl-review.googlesource.com/21204 Commit-Queue: Steven Valdez <[email protected]> Reviewed-by:
-
David Benjamin authored
Typo. Change-Id: Iab3e04339bb868fd6d247c6696f33f5b7150408d Reviewed-on: https://boringssl-review.googlesource.com/21184 Commit-Queue: David Benjamin <[email protected]> Commit-Queue: Martin Kreichgauer <[email protected]> Reviewed-by:
Martin Kreichgauer <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]>
-
David Benjamin authored
Chromium builds with this warning on. This lets us notice problems (of which there were only one) sooner. I'll try to align the other warnings in a follow-up. Change-Id: Id0960b782733b799e1c3e82f89c2aaba0bdd6833 Reviewed-on: https://boringssl-review.googlesource.com/21164 Commit-Queue: David Benjamin <[email protected]> Commit-Queue: Steven Valdez <[email protected]> Reviewed-by:
-
- 05 Oct, 2017 3 commits
-
-
Daniel Wagner-Hall authored
Right now, compiling with the stock gcc on debian, cmake is compiling with -Wall which gives an error because -Wunused-value. The gcc version is gcc (Debian 4.7.2-5) 4.7.2. Change-Id: Iafd4cc14a22fe788d4c7bdb05202fd856f0c6395 Reviewed-on: https://boringssl-review.googlesource.com/21144 Reviewed-by:
-
David Benjamin authored
I should have added this test in https://boringssl-review.googlesource.com/10320. This is necessary in TLS 1.3 and spec compliance and TLS 1.2 to tolerate some broken servers. Change-Id: Ibb52eaa1e370062f83e84856ef7f1c2c79d6a5d3 Reviewed-on: https://boringssl-review.googlesource.com/21124 Commit-Queue: Steven Valdez <[email protected]> Reviewed-by:
-
David Benjamin authored
ERR_FLAGS_STRING is meaningless and we can use a bitfield for the mark bit. Change-Id: I6f677b55b11316147512171629196c651cb33ca9 Reviewed-on: https://boringssl-review.googlesource.com/21084 Commit-Queue: Steven Valdez <[email protected]> Reviewed-by:
-
- 04 Oct, 2017 4 commits
-
-
David Benjamin authored
Per discussion in https://bugzilla.mozilla.org/show_bug.cgi?id=1287711. Otherwise this feature won't work for QUIC. Change-Id: Ia799bfd1e29c01161c4298fb3124c96f62ada9c5 Reviewed-on: https://boringssl-review.googlesource.com/21104 Commit-Queue: Steven Valdez <[email protected]> Reviewed-by:
-
David Benjamin authored
sha1-altivec.c is not sensitive to OPENSSL_NO_ASM, so sha1.c needs to disable the generic implementation accordingly. Bug: 204 Change-Id: Ic655f8b76907f07da33afa863d1b24d62d42e23a Reviewed-on: https://boringssl-review.googlesource.com/21064 Commit-Queue: Adam Langley <[email protected]> Reviewed-by:
-
David Benjamin authored
SSL_SESSION_set_protocol_version is useful when unit-testing a session cache. Change-Id: I4b04e31d61ce40739323248e3e5fdae498c4645e Reviewed-on: https://boringssl-review.googlesource.com/21044 Commit-Queue: Steven Valdez <[email protected]> Reviewed-by:
-
Steven Valdez authored
Change-Id: I2428321218d0b5dce242e3843d39ca269e1eb686 Reviewed-on: https://boringssl-review.googlesource.com/20984 Commit-Queue: Steven Valdez <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]> Reviewed-by:
-
- 03 Oct, 2017 7 commits
-
-
David Benjamin authored
A lot of the private functions are public APIs. Change-Id: Icb5b6691088f27e16fb1d5f9fb8422e7cf2bab3e Reviewed-on: https://boringssl-review.googlesource.com/21005 Commit-Queue: David Benjamin <[email protected]> Commit-Queue: Steven Valdez <[email protected]> Reviewed-by:
-
David Benjamin authored
Cut down on the number of cases we need to worry about here. In particular, it would be useful for the handshake to be able to replay an error. Change-Id: I2345faaff5503ede1324a5599e680de83f4b106e Reviewed-on: https://boringssl-review.googlesource.com/21004 Commit-Queue: David Benjamin <[email protected]> Commit-Queue: Steven Valdez <[email protected]> Reviewed-by:
-
David Benjamin authored
Change-Id: I815f9fa77e08f72b0130ea9ef0dda751bf2ed7a6 Reviewed-on: https://boringssl-review.googlesource.com/20826 Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
David Benjamin authored
Bug: 132 Change-Id: I1d6cd1dd7470a3f64ec91b954042ed3f8c6b561e Reviewed-on: https://boringssl-review.googlesource.com/20825 Commit-Queue: David Benjamin <[email protected]> Reviewed-by:
-
David Benjamin authored
crypto/bio/bio_test.cc - I'm not sure where this was added for, but none of the functions used there appear to have feature macros documented. crypto/bio/printf.c - -std=c99 provides (v)snprintf. crypto/lhash/lhash_test.cc - we no longer call rand_r. crypto/mem.c - we no longer call strdup and -std=c99 provides (v)snprintf. Apple messed up their headers and, if _POSIX_C_SOURCE is defined but _DARWIN_C_SOURCE isn't, pthread.h no longer defines mach_port_t. They then shipped a version of libc++ headers that is missing this fix, so the build breaks: https://github.com/llvm-mirror/libcxx/commit/bcc92d75df0274b9593ebd097fcae60494e3bffc If one uses XCode, they've hacked their pthread.h to provide mach_port_t if defined(__cplusplus), but the standalone tools appear to be old and missing this. We can work around this by also defining _DARWIN_C_SOURCE in C++ files that need _POSIX_C_SOURCE, but it appears none of these files actually need it. Change-Id: I5df9453730696100eb22b809febeb65053701322 Reviewed-on: https://boringssl-review.googlesource.com/20964 Reviewed-by:
-
David Benjamin authored
This roughly aligns with absl::Span<T>::subspan. Bug: 132 Change-Id: Iaf29418c1b10e2d357763dec90b6cb1371b86c3b Reviewed-on: https://boringssl-review.googlesource.com/20824 Commit-Queue: David Benjamin <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]> Reviewed-by:
-
David Benjamin authored
In case the XCode install is at, say "/Applications/Xcode 9.app". This won't work if the path contains quotes, but it doesn't appear CMake itself makes any effort to handle that right. Change-Id: Ifecf6147d44ffdae8c2692b2d6c94bfafd8d7714 Reviewed-on: https://boringssl-review.googlesource.com/20944 Reviewed-by:
-
- 30 Sep, 2017 1 commit
-
-
David Benjamin authored
The exponent is secret, so we should be using the consttime variant. See also upstream's f9cbf470180841966338db1f4c28d99ec4debec4. Change-Id: I233d4223ded5b80711d7c8f906e3579c36b24cd0 Reviewed-on: https://boringssl-review.googlesource.com/20924 Reviewed-by:
-
