Without this, it was using the headers from /usr/include, and on my
machine it failed with the following:
```
$ cmake .. -DRUST_BINDINGS=$(gcc -dumpmachine) && make
/boringssl/rust/rust_wrapper.c: In function
‘ERR_GET_FUNC_RUST’:
/usr/local/google/home/yukl/boringssl/rust/rust_wrapper.c:27:10: error:
implicit declaration of function ‘ERR_GET_FUNC’; did you mean
‘ERR_GET_LIB’? [-Werror=implicit-function-declaration]
27 | return ERR_GET_FUNC(packed_error);
| ^~~~~~~~~~~~
| ERR_GET_LIB
```
Change-Id: Ia34830c939f32a8807e1c8be03d962c21dfc1635
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55932
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Matthew Maurer <mmaurer@google.com>
Reviewed-by: Adam Langley <agl@google.com>
I did this because I was tired of explaining Grover's algorithm and
circuit depth, but it never large amounts of sense and it conflates any
measurements of post-quantum impact. If you want to configure a server
with a preference for 256-bit ciphers, that's still completely possible.
Change-Id: I3dc951ec724a713bb4da75c204d1105c62de8d74
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55929
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Nothing external ever defines X509V3_CONF_METHOD. Removing this allows
us to remove X509V3_section_free altogether because the returned
sections are always owned by the CONF object anyway.
For ease of review, I've split out some of the const-correctness to a
follow-up CL.
Update-Note: X509V3_CONF_METHOD is removed. Code search says no one uses
this.
Change-Id: I66ed6e978b85d40c6849e9f4f45e1bcbf9a0f6a9
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/56026
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
These are used inside the various extension implementations and aren't
used outside the library. In doing so, delete a bunch of functions that
aren't used anyway.
Change-Id: I7e4d049682155d20b8ae9bd7c239be96c1261d98
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/56025
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
This is currently called "aesni", but a following change will add
support on Aarch64. This change thus makes the naming more generic.
Change-Id: I6acb135a91e61570ea250f2f4133b47f11cd51ad
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55865
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
(Unclear if we'll get the security policy in docx format this time but
it's always on NIST's site in PDF form.)
Change-Id: I831738b36873c7adafcc74d02748f69c1e94f501
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55931
Auto-Submit: Adam Langley <agl@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Upstream clang has changed how it handles passing -stdlib=libc++ on
Apple platfoms. The rationale is that libc++ is the default standard
library, and stdlibc++ is no longer supported.
A much more detailed rational can be found at
https://reviews.llvm.org/D139938.
Change-Id: I90f5fe8b63075b20e1632275c2751b6aa8a64800
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55928
Commit-Queue: Adam Langley <agl@google.com>
Auto-Submit: Paul Kirth <paulkirth@google.com>
Reviewed-by: Adam Langley <agl@google.com>
anyPolicy causes crypto/x509 to synthesize policy nodes in places. Add
some test coverage for this.
Change-Id: I1b1dcba35088d6cabce6b40e36e478ec4756effa
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55753
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
If a certificate has policy constraints, but the certificate policies
extension is either missing or unsuitable (in a way not caught by the
parser), the policy constraints object is leaked.
As part of this, add some basic tests for policy constraints.
Change-Id: I4a2c618019d1f92b0f3b9ad4cf6e29d4926e3095
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55752
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
X509 objects do some deferred parsing. Make sure we cover that code with
fuzzers.
Change-Id: I618e90aaf4d8decbc3af59f36910feb9949a8cd2
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55751
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
X509_policy_check returns -1 if some certificate had an unparseable
extension, in which case it sets EXFLAG_INVALID_POLICY on it. The
calling code then iterates over the certificates to find the offending
one, so the callback has a chance to undo it. But it skips i = 0, the
leaf, and instead just silentely returns success.
We really should cut down on the callback's ability to mess things up
here but, in the meantime, fix this. Also add a test covering this case.
While I'm here, I've updated make_invalid_extensions.go, which I pulled
some code from, to rename fooOrPanic to mustFoo. That seems to be the
convention in the Go standard library. (regexp.MustCompile, etc.)
Change-Id: Ib07c9f4175e66483bd7c0f7d49aea931bf36e53f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55748
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
I inadvertently removed it, but set_string(NULL, str) would validate str
without writing an object. OpenSSL's habit of dual-use functions isn't
great (this behavior masked a bug in another project), but I apparently
even documented it in the header, so restore the behavior.
Change-Id: I8b4dbe5a2b21eb59cb20e4c845b17761329b34a1
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55785
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
That loop is just sk_ASN1_OBJECT_deep_copy.
Change-Id: Idc9db7f8e0ac28c853415813f49b1441b646c246
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55746
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
X509 verification currently lazily fills in some fields on a lock. Test
that it works correctly. Confirmed that TSan can catch data races
intentionally patched into v3_purp.c.
Change-Id: Ia0e8d81bb6ba4b9ade1a47edcb48404902f4ae8c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55745
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
We already tell people not to use these APIs, but some do anyway. Those
that do should be warned about the streaming implications.
Change-Id: I67a9e1bb94aec2217b7c53849ec676b1c3dddb3c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55392
Reviewed-by: Bob Beck <bbe@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
See the update to ACVP.md for documentation but this now allows running
a test to be broken down into separate commands for each step: fetching,
processing, and uploading.
Change-Id: Id86d1cd0b07fcc9bdc6c665072b511da0832bdde
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55608
Reviewed-by: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
The public API already expects them to be uint32_t. Fix the internals to
match.
Bug: 516
Change-Id: Ia683cc2fac559ebe0b3c7045e4db551224677c28
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55706
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
First, rename to x509v3_conf_name_matches and flip the result value. We
don't need to preserve the positive vs negative return of strncmp here.
The rename is because "name" can mean so many things in the context of
X.509. Here, it's specifically the name of a CONF_VALUE.
Finally, fix it to be size_t-clean.
Bug: 516
Change-Id: I1c3039d9c6ce70cde669e07f943ad1e25fb49dc1
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55705
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
The buffer length is int, so the output also fits in int.
Bug: 516
Change-Id: I8e59a2109f38c81ac58f1a8f1e7d739c8b0d1c7c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55707
Reviewed-by: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Change-Id: I7fdc63786654f488b2502d6e9c3fb535a2766574
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55605
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
X509_NAME_add_entry_by_txt and friends all use int for MBSTRING_*
constants. X509V3_NAME_from_section was the odd one out in using
unsigned long.
Bug: 516
Change-Id: Ib0bca46a080a791d2fba0b515a47b047c0777260
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55456
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
They're the only two half-finished ports left, so we may as well finish
that up and trim them down a little.
Change-Id: Ic058124a44086161ab5d2d6fa24448492c3ba219
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55506
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Plan is:
1. This CL
2. Update the CI/CQ recipe to be able to run this
3. Update the CI/CQ config to enable this on ELF platforms
4. Do not land, but patch out the .note.GNU-stack annotations and
-Wa,--noexecstack and confirm CI/CQ fails. Based on manual testing
and https://crbug.com/boringssl/292#c4, I anticipate we'll only have
coverage on x86 and x86_64 Linux. Currently, our only Arm Linux
builders are Android, which use the LLVM linker. The LLVM linker
doesn't have this design flaw, so it doesn't need .note.GNU-stack in
the first place. It also sounds like GNU ld will make this moot in a
future release.
5. Remove -Wa,--noexecstack from crypto/CMakeLists.txt and confirm CI/CQ
still passes.
Other than generally wanting to test things, the immediate motivation is
https://boringssl-review.googlesource.com/c/boringssl/+/55626/1/crypto/perlasm/arm-xlate.pl#b246
Bug: 292
Change-Id: Id1c049bfc2b4e8b7e2c8c32ea6456733a588dfe1
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55645
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Disable blinding for boringssl_self_test_rsa() to avoid an entropy draw like
the 'k' value for ECDSA is fixed to avoid an entropy draw in boringssl_self_test_ecc().
The boringssl_self_test_rsa() use entropy to generate the blinding factor and
the inverse of blinding factor. Running boringssl_self_test_rsa() from init stage of OS
on some devices as the kernel's entropy pool is not yet initialized, causing the process
to block for seconds.
Bug: None
Change-Id: I4c1119c9950553eec030bedf36ec22ab41088f20
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55545
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
For the C files, rather than force the caller to juggle
crypto_linux_sources, etc., we just wrap the whole file in ifdefs and
ask the callers to link everything together.
Assembly is typically built by a different tool, so we have less room
here. However, there are really only two families of tools we care
about: gas (which runs the C preprocessor) and nasm (which has its own
preprocessor). Callers should be able to limit themselves to
special-casing Windows x86(_64) for NASM and then pass all the remaining
assembly files to their gas-like tool. File-wide ifdefs can take care of
the rest.
We're almost set up to allow this, except the files condition on
architecture, but not OS. Add __ELF__, __APPLE__, and _WIN32 conditions
as appropriate.
One subtlety: the semantics of .note.GNU-stack are that *any* unmarked
object file makes the stack executable. (In current GNU ld. lld doesn't
have this issue, and GNU ld claims they'll remove it in a later
release.) Empirically, this doesn't seem to apply to empty object files
but, to be safe, we should ensure all object files have the marking.
That leads to a second subtlety: on targets where @ is a comment,
@progbits is spelled %progbits, per [0]. If we want all .S files to work
in all targets, that includes these markers. Fortunately, %progbits
appears to work universally (see [1], [2], [3], [4]), so I've just
switched us to that spelling.
I've also tightened up the __arm__ and __aarch64__ checks to __ARMEL__
and __AARCH64EL__. We don't support big-endian Arm (or any other
platform) and, even if we did, the conditions in the assembly files
should match the conditions in the C files that pull them in.
This CL doesn't change our build to take advantage of this (though I'll
give it a go later), just makes it possible for builds to do it.
[0] https://sourceware.org/binutils/docs/as/Section.html
[1] https://patchwork.kernel.org/project/linux-crypto/patch/20170119212805.18049-1-dvlasenk@redhat.com/#20050285
[2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92820#c11
[3] https://sourceware.org/legacy-ml/gdb-patches/2016-01/msg00319.html
[4] de990b270d
Bug: 542
Change-Id: I0a8ded24423087c0da13bd0335cbd757d4eee65a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55626
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
When BoringSSL is imported elsewhere, it would be nice for the links to
be relative, but I'm not sure if that'll work on Gerrit. This change
will try it and can be reverted if
https://boringssl.googlesource.com/boringssl breaks.
Change-Id: I17e056331677923b76fb8852ce8c00e2a4674af4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55685
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
This function reports when security-critical checks on the X.509 key
usage extension would have failed, but were skipped due to the temporary
exception in SSL_set_enforce_rsa_key_usage. This function is meant to
aid deployments as they work through enabling this.
Change-Id: Ice0359879c0a6cbe55bf0cb81a63685506883123
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55465
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Bug: 542
Change-Id: I5b19405598127a957dd3645c74b9616687c2616b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55447
Commit-Queue: Adam Langley <agl@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Bug: 516
Change-Id: Ifd381d1a2ed30aed6ffe84eb83d8fb4d93ec02ba
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55451
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
For unknown reasons, ACVP now tests HKDF differently. This change
updates to reflect what the demo server is currently doing.
Bug: None
Change-Id: I64eec2279765b63ab1296ab6b441d2f7c669c616
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55525
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
That test cert expires in 2099, which is a ways off but if this code is
somehow still around by then, let's save the future some pain. With this
fixed, our test all pass at least through the year 3000, so we're
hopefully clear of timebombs.
Change-Id: Ie9dcbc4f4db70c6bcc1ae9717c6e1ee89eb4195c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55625
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Less code, and internally handles overflows. (Although this one cannot
overflow.)
Bug: 516
Change-Id: I3c2718075689d2815a43534a578a323c52787223
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55452
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Bug: b:261632678, chromium:1396479
Change-Id: I82f7ce05ece8b5c145d4394dc0d4173e357ce176
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55585
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
- Adds the full set of architectures for Linux for which there are
assembly sources listed.
- Adds Android, mostly parallel to Linux.
- Adds the other Apple OSs, parallel to macOS.
Bug: 531
Change-Id: I8bb609d3563b2d151a404f8468b4c6b22c2692f9
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55485
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
BIO_ctrl is one of OpenSSL's ioctl-style patterns, where they jam many
different function signatures into one type. BIO_ctrl returns long for
the sake of other operations, but many of them are only allowed to
return int.
Bug: 516
Change-Id: Ieffad1da89c60a538f142b12bdebdb950efd5c6a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55454
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
We were mixing uint64_t and unsigned, which flagged -Wshorten-64-to-32.
While I'm here, switch the iteration count to uint64_t to cut down on
uses of 'unsigned'. While we have no real risk of overflow a u32 here,
counting the number of times we perform some operation in a loop would
probably best be u64.
(I'm guessing we originally used unsigned mostly so that %u worked. But
PRIu64 exists, though it's wordy.)
Bug: 516
Change-Id: I6abc24ecb029c2c223bb940c903d497868bab9fc
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55455
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Along the way, this fixes some size_t truncations.
Bug: 516
Change-Id: Iff0cf6ced0b7deb4c48c268e051a4da433088056
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55453
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Some of them were flagging -Wshorten-64-to-32 warnings. None of these
values are long, so just remove them. (I suspect this assumes unsigned
int is at least 32-bit, but we already assume this rather than wrap all
32-bit constants in UINT32_C(x).)
Ideally the c2l and l2c macros could be replaced with the load/store
functions but, like with the ciphers in decrepit, this is probably not
worth the effort for DES.
Bug: 516
Change-Id: I19e8cd4a321c20b9a22e4c007d943185c10755bb
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55450
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
tag and utype are always accessed as int, so make the structs match.
Boolean ASN1_ITEMs put an ASN1_BOOLEAN in it->size, so add a cast. Also
fix the time set_string functions to call the underlying CBS parser
directly, so they don't need to put a strlen into an int.
Bug: 516
Change-Id: Ie10e7eaf58ec0b0dec59813a0ddcb0197fce1fd1
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55449
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
We currently shift between unsigned long and int.
Bug: 516
Change-Id: I9e3fcc9393e24a352a2c08b9df0650a508d7a60b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55448
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Maurice Lam
Adam Langley
David Benjamin
Adam Langley
Paul Kirth
Ilya Tokar
Adam Langley
hehe.li
Adam Langley
Bob Beck
Christopher Peterson Sauer