diff options
| author | Robert Sloan <varomodt@google.com> | 2018-09-11 11:45:04 -0700 |
|---|---|---|
| committer | Robert Sloan <varomodt@google.com> | 2018-09-11 12:05:43 -0700 |
| commit | 726e9d1f47fd5e4e4d8313670d0c719c52850afb (patch) | |
| tree | 571d8a1a9056bd99aaa694a9167a123294912b11 /src | |
| parent | 1f278ae75520bf67658f222a252fc94dec3c156f (diff) | |
| download | boringssl-726e9d1f47fd5e4e4d8313670d0c719c52850afb.tar.gz | |
external/boringssl: Sync to 689019fe40d5ad94df46ffeebcd794ff359a7074.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/67e64342c1aa0b31b0b5c11e5ee21c481ce530e8..689019fe40d5ad94df46ffeebcd794ff359a7074
Test: BoringSSL CTS Presubmits
Change-Id: Ib675c5478b0e45270e31248d1dadc5f4841da990
Diffstat (limited to 'src')
148 files changed, 2237 insertions, 1771 deletions
diff --git a/src/API-CONVENTIONS.md b/src/API-CONVENTIONS.md index 7b337976..e3222493 100644 --- a/src/API-CONVENTIONS.md +++ b/src/API-CONVENTIONS.md @@ -98,7 +98,10 @@ objects. `bssl::UniquePtr<T>`, like other types, is forward-declared in `openssl/base.h`. Code that needs access to the free functions, such as code which destroys a `bssl::UniquePtr`, must include the corresponding module's header. (This matches `std::unique_ptr`'s relationship with forward -declarations.) +declarations.) Note, despite the name, `bssl::UniquePtr` is also used with +reference-counted types. It owns a single reference to the object. To take an +additional reference, use the `bssl::UpRef` function, which will return a +separate `bssl::UniquePtr`. ### Stack-allocated types @@ -175,6 +178,67 @@ These are usually for low-level cryptographic operations. These types may be used freely without special cleanup conventions. +### Ownership and lifetime + +When working with allocated objects, it is important to think about *ownership* +of each object, or what code is responsible for releasing it. This matches the +corresponding notion in higher-level languages like C++ and Rust. + +Ownership applies to both uniquely-owned types and reference-counted types. For +the latter, ownership means the code is responsible for releasing one +reference. Note a *reference* in BoringSSL refers to an increment (and eventual +decrement) of an object's reference count, not `T&` in C++. Thus, to "take a +reference" means to increment the reference count and take ownership of +decrementing it. + +As BoringSSL's APIs are primarily in C, ownership and lifetime obligations are +not rigorously annotated in the type signatures or checked at compile-time. +Instead, they are described in +[API documentation](https://commondatastorage.googleapis.com/chromium-boringssl-docs/headers.html). +This section describes some conventions. + +Unless otherwise documented, functions do not take ownership of pointer +arguments. The pointer typically must remain valid for the duration of the +function call. The function may internally copy information from the argument or +take a reference, but the caller is free to release its copy or reference at any +point after the call completes. + +A function may instead be documented to *take* or *transfer* ownership of a +pointer. The caller must own the object before the function call and, after +transfer, no longer owns it. As a corollary, the caller may no longer reference +the object without a separate guarantee on the lifetime. The function may even +release the object before returning. Callers that wish to independently retain a +transfered object must therefore take a reference or make a copy before +transferring. Callers should also take note of whether the function is +documented to transfer pointers unconditionally or only on success. Unlike C++ +and Rust, functions in BoringSSL typically only transfer on success. + +Likewise, output pointers may be owning or non-owning. Unless otherwise +documented, functions output non-owning pointers. The caller is not responsible +for releasing the output pointer, but it must not use the pointer beyond its +lifetime. The pointer may be released when the parent object is released or even +sooner on state change in the parent object. + +If documented to output a *newly-allocated* object or a *reference* or *copy* of +one, the caller is responsible for releasing the object when it is done. + +By convention, functions named `get0` return non-owning pointers. Functions +named `new` or `get1` return owning pointers. Functions named `set0` take +ownership of arguments. Functions named `set1` do not. They typically take a +reference or make a copy internally. These names originally referred to the +effect on a reference count, but the convention applies equally to +non-reference-counted types. + +API documentation may also describe more complex obligations. For instance, an +object may borrow a pointer for longer than the duration of a single function +call, in which case the caller must ensure the lifetime extends accordingly. + +Memory errors are one of the most common and dangerous bugs in C and C++, so +callers are encouraged to make use of tools such as +[AddressSanitizer](https://clang.llvm.org/docs/AddressSanitizer.html) and +higher-level languages. + + ## Thread safety BoringSSL is internally aware of the platform threading library and calls into diff --git a/src/BUILDING.md b/src/BUILDING.md index 19dbe015..9bf9cb26 100644 --- a/src/BUILDING.md +++ b/src/BUILDING.md @@ -110,6 +110,28 @@ architecture, matching values used in the `-arch` flag in Apple's toolchain. Passing multiple architectures for a multiple-architecture build is not supported. +### Building with Prefixed Symbols + +BoringSSL's build system has experimental support for adding a custom prefix to +all symbols. This can be useful when linking multiple versions of BoringSSL in +the same project to avoid symbol conflicts. + +In order to build with prefixed symbols, the `BORINGSSL_PREFIX` CMake variable +should specify the prefix to add to all symbols, and the +`BORINGSSL_PREFIX_SYMBOLS` CMake variable should specify the path to a file +which contains a list of symbols which should be prefixed (one per line; +comments are supported with `#`). In other words, `cmake .. +-DBORINGSSL_PREFIX=MY_CUSTOM_PREFIX +-DBORINGSSL_PREFIX_SYMBOLS=/path/to/symbols.txt` will configure the build to add +the prefix `MY_CUSTOM_PREFIX` to all of the symbols listed in +`/path/to/symbols.txt`. + +It is currently the caller's responsibility to create and maintain the list of +symbols to be prefixed. + +This mechanism is under development and may change over time. Please contact the +BoringSSL maintainers if making use of it. + ## Known Limitations on Windows * Versions of CMake since 3.0.2 have a bug in its Ninja generator that causes diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index b9e01017..c614a65a 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -20,6 +20,11 @@ include(sources.cmake) enable_language(C) enable_language(CXX) +# This is a dummy target which all other targets depend on (manually - see other +# CMakeLists.txt files). This gives us a hook to add any targets which need to +# run before all other targets. +add_custom_target(global_target) + if(ANDROID) # Android-NDK CMake files reconfigure the path and so Go and Perl won't be # found. However, ninja will still find them in $PATH if we just name them. @@ -41,10 +46,37 @@ endif() if(USE_CUSTOM_LIBCXX) set(BORINGSSL_ALLOW_CXX_RUNTIME 1) endif() + if(BORINGSSL_ALLOW_CXX_RUNTIME) add_definitions(-DBORINGSSL_ALLOW_CXX_RUNTIME) endif() +if(BORINGSSL_PREFIX AND BORINGSSL_PREFIX_SYMBOLS) + add_definitions(-DBORINGSSL_PREFIX=${BORINGSSL_PREFIX}) + + # Use "symbol_prefix_include" to store generated header files + include_directories(${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include) + add_custom_command( + OUTPUT symbol_prefix_include/boringssl_prefix_symbols.h + symbol_prefix_include/boringssl_prefix_symbols_asm.h + symbol_prefix_include/boringssl_prefix_symbols_nasm.inc + COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include + COMMAND ${GO_EXECUTABLE} run ${CMAKE_CURRENT_SOURCE_DIR}/util/make_prefix_headers.go -out ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include ${BORINGSSL_PREFIX_SYMBOLS} + DEPENDS util/make_prefix_headers.go + ${CMAKE_BINARY_DIR}/${BORINGSSL_PREFIX_SYMBOLS}) + + # add_dependencies needs a target, not a file, so we add an intermediate + # target. + add_custom_target( + boringssl_prefix_symbols + DEPENDS symbol_prefix_include/boringssl_prefix_symbols.h + symbol_prefix_include/boringssl_prefix_symbols_asm.h + symbol_prefix_include/boringssl_prefix_symbols_nasm.inc) + add_dependencies(global_target boringssl_prefix_symbols) +elseif(BORINGSSL_PREFIX OR BORINGSSL_PREFIX_SYMBOLS) + message(FATAL_ERROR "Must specify both or neither of BORINGSSL_PREFIX and BORINGSSL_PREFIX_SYMBOLS") +endif() + if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") set(CLANG 1) endif() @@ -242,7 +274,7 @@ if(MSAN) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer") - set(OPENSSL_NO_ASM "1") + set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer") endif() if(ASAN) @@ -252,7 +284,6 @@ if(ASAN) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize-address-use-after-scope -fno-omit-frame-pointer") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fsanitize-address-use-after-scope -fno-omit-frame-pointer") - set(OPENSSL_NO_ASM "1") endif() if(CFI) @@ -442,7 +473,6 @@ add_custom_command( add_library(crypto_test_data OBJECT crypto_test_data.cc) add_subdirectory(crypto) -add_subdirectory(third_party/fiat) add_subdirectory(ssl) add_subdirectory(ssl/test) add_subdirectory(fipstools) diff --git a/src/crypto/CMakeLists.txt b/src/crypto/CMakeLists.txt index 2684750e..78b835cc 100644 --- a/src/crypto/CMakeLists.txt +++ b/src/crypto/CMakeLists.txt @@ -62,8 +62,14 @@ if(NOT OPENSSL_NO_ASM) endif() function(perlasm dest src) + get_filename_component(dir ${dest} DIRECTORY) + if ("${dir}" STREQUAL "") + set(dir ".") + endif() + add_custom_command( OUTPUT ${dest} + COMMAND ${CMAKE_COMMAND} -E make_directory ${dir} COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/${src} ${PERLASM_STYLE} ${PERLASM_FLAGS} ${ARGN} ${dest} DEPENDS ${src} @@ -78,134 +84,325 @@ function(perlasm dest src) ) endfunction() -# Level 0.1 - depends on nothing outside this set. -add_subdirectory(stack) -add_subdirectory(lhash) -add_subdirectory(err) -add_subdirectory(buf) -add_subdirectory(base64) -add_subdirectory(bytestring) -add_subdirectory(pool) - -# Level 0.2 - depends on nothing but itself -add_subdirectory(rc4) -add_subdirectory(conf) -add_subdirectory(chacha) -add_subdirectory(poly1305) -add_subdirectory(curve25519) - -# Level 1, depends only on 0.* -add_subdirectory(digest_extra) -add_subdirectory(cipher_extra) -add_subdirectory(rand_extra) -add_subdirectory(bio) -add_subdirectory(bn_extra) -add_subdirectory(obj) -add_subdirectory(asn1) - -# Level 2 -add_subdirectory(engine) -add_subdirectory(dh) -add_subdirectory(dsa) -add_subdirectory(rsa_extra) -add_subdirectory(ec_extra) -add_subdirectory(ecdh_extra) -add_subdirectory(ecdsa_extra) - -# Level 3 -add_subdirectory(cmac) -add_subdirectory(evp) -add_subdirectory(hkdf) -add_subdirectory(pem) -add_subdirectory(x509) -add_subdirectory(x509v3) - -# Level 4 -add_subdirectory(pkcs7) -add_subdirectory(pkcs8) - -# Test support code +add_subdirectory(fipsmodule) add_subdirectory(test) -add_subdirectory(fipsmodule) +if(FIPS_DELOCATE) + SET_SOURCE_FILES_PROPERTIES(fipsmodule/bcm.o PROPERTIES EXTERNAL_OBJECT true) + SET_SOURCE_FILES_PROPERTIES(fipsmodule/bcm.o PROPERTIES GENERATED true) -add_library( - crypto_base + set( + CRYPTO_FIPS_OBJECTS + + fipsmodule/bcm.o + ) +endif() + +if(${ARCH} STREQUAL "arm") + set( + CRYPTO_ARCH_SOURCES + + chacha/chacha-armv4.${ASM_EXT} + curve25519/asm/x25519-asm-arm.S + poly1305/poly1305_arm_asm.S + ) +endif() + +if(${ARCH} STREQUAL "aarch64") + set( + CRYPTO_ARCH_SOURCES + + chacha/chacha-armv8.${ASM_EXT} + ) +endif() + +if(${ARCH} STREQUAL "x86") + set( + CRYPTO_ARCH_SOURCES + + chacha/chacha-x86.${ASM_EXT} + ) +endif() - OBJECT +if(${ARCH} STREQUAL "x86_64") + set( + CRYPTO_ARCH_SOURCES + + chacha/chacha-x86_64.${ASM_EXT} + cipher_extra/aes128gcmsiv-x86_64.${ASM_EXT} + cipher_extra/chacha20_poly1305_x86_64.${ASM_EXT} + ) +endif() +perlasm(chacha/chacha-armv4.${ASM_EXT} chacha/asm/chacha-armv4.pl) +perlasm(chacha/chacha-armv8.${ASM_EXT} chacha/asm/chacha-armv8.pl) +perlasm(chacha/chacha-x86.${ASM_EXT} chacha/asm/chacha-x86.pl) +perlasm(chacha/chacha-x86_64.${ASM_EXT} chacha/asm/chacha-x86_64.pl) +perlasm(cipher_extra/aes128gcmsiv-x86_64.${ASM_EXT} cipher_extra/asm/aes128gcmsiv-x86_64.pl) +perlasm(cipher_extra/chacha20_poly1305_x86_64.${ASM_EXT} cipher_extra/asm/chacha20_poly1305_x86_64.pl) + +add_custom_command( + OUTPUT err_data.c + COMMAND ${GO_EXECUTABLE} run err_data_generate.go > ${CMAKE_CURRENT_BINARY_DIR}/err_data.c + DEPENDS + err/err_data_generate.go + err/asn1.errordata + err/bio.errordata + err/bn.errordata + err/cipher.errordata + err/conf.errordata + err/dh.errordata + err/digest.errordata + err/dsa.errordata + err/ecdh.errordata + err/ecdsa.errordata + err/ec.errordata + err/engine.errordata + err/evp.errordata + err/hkdf.errordata + err/obj.errordata + err/pem.errordata + err/pkcs7.errordata + err/pkcs8.errordata + err/rsa.errordata + err/ssl.errordata + err/x509.errordata + err/x509v3.errordata + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/err +) + +add_library( + crypto + + asn1/a_bitstr.c + asn1/a_bool.c + asn1/a_d2i_fp.c + asn1/a_dup.c + asn1/a_enum.c + asn1/a_gentm.c + asn1/a_i2d_fp.c + asn1/a_int.c + asn1/a_mbstr.c + asn1/a_object.c + asn1/a_octet.c + asn1/a_print.c + asn1/a_strnid.c + asn1/a_time.c + asn1/a_type.c + asn1/a_utctm.c + asn1/a_utf8.c + asn1/asn1_lib.c + asn1/asn1_par.c + asn1/asn_pack.c + asn1/f_enum.c + asn1/f_int.c + asn1/f_string.c + asn1/tasn_dec.c + asn1/tasn_enc.c + asn1/tasn_fre.c + asn1/tasn_new.c + asn1/tasn_typ.c + asn1/tasn_utl.c + asn1/time_support.c + base64/base64.c + bio/bio.c + bio/bio_mem.c + bio/connect.c + bio/fd.c + bio/file.c + bio/hexdump.c + bio/pair.c + bio/printf.c + bio/socket.c + bio/socket_helper.c + bn_extra/bn_asn1.c + bn_extra/convert.c + buf/buf.c + bytestring/asn1_compat.c + bytestring/ber.c + bytestring/cbb.c + bytestring/cbs.c + bytestring/unicode.c + chacha/chacha.c + cipher_extra/cipher_extra.c + cipher_extra/derive_key.c + cipher_extra/e_aesccm.c + cipher_extra/e_aesctrhmac.c + cipher_extra/e_aesgcmsiv.c + cipher_extra/e_chacha20poly1305.c + cipher_extra/e_null.c + cipher_extra/e_rc2.c + cipher_extra/e_rc4.c + cipher_extra/e_tls.c + cipher_extra/tls_cbc.c + cmac/cmac.c + conf/conf.c cpu-aarch64-fuchsia.c cpu-aarch64-linux.c - cpu-arm.c cpu-arm-linux.c + cpu-arm.c cpu-intel.c cpu-ppc64le.c crypto.c + curve25519/spake25519.c + dh/dh.c + dh/params.c + dh/check.c + dh/dh_asn1.c + digest_extra/digest_extra.c + dsa/dsa.c + dsa/dsa_asn1.c + ecdh_extra/ecdh_extra.c + ecdsa_extra/ecdsa_asn1.c + ec_extra/ec_asn1.c + err/err.c + err_data.c + engine/engine.c + evp/digestsign.c + evp/evp.c + evp/evp_asn1.c + evp/evp_ctx.c + evp/p_dsa_asn1.c + evp/p_ec.c + evp/p_ec_asn1.c + evp/p_ed25519.c + evp/p_ed25519_asn1.c + evp/p_rsa.c + evp/p_rsa_asn1.c + evp/pbkdf.c + evp/print.c + evp/scrypt.c + evp/sign.c ex_data.c + hkdf/hkdf.c + lhash/lhash.c mem.c + obj/obj.c + obj/obj_xref.c + pem/pem_all.c + pem/pem_info.c + pem/pem_lib.c + pem/pem_oth.c + pem/pem_pk8.c + pem/pem_pkey.c + pem/pem_x509.c + pem/pem_xaux.c + pkcs7/pkcs7.c + pkcs7/pkcs7_x509.c + pkcs8/pkcs8.c + pkcs8/pkcs8_x509.c + pkcs8/p5_pbev2.c + poly1305/poly1305.c + poly1305/poly1305_arm.c + poly1305/poly1305_vec.c + pool/pool.c + rand_extra/deterministic.c + rand_extra/forkunsafe.c + rand_extra/fuchsia.c + rand_extra/rand_extra.c + rand_extra/windows.c + rc4/rc4.c refcount_c11.c refcount_lock.c + rsa_extra/rsa_asn1.c + rsa_extra/rsa_print.c + stack/stack.c thread.c thread_none.c thread_pthread.c thread_win.c -) + x509/a_digest.c + x509/a_sign.c + x509/a_strex.c + x509/a_verify.c + x509/algorithm.c + x509/asn1_gen.c + x509/by_dir.c + x509/by_file.c + x509/i2d_pr.c + x509/rsa_pss.c + x509/t_crl.c + x509/t_req.c + x509/t_x509.c + x509/t_x509a.c + x509/x509.c + x509/x509_att.c + x509/x509_cmp.c + x509/x509_d2.c + x509/x509_def.c + x509/x509_ext.c + x509/x509_lu.c + x509/x509_obj.c + x509/x509_r2x.c + x509/x509_req.c + x509/x509_set.c + x509/x509_trs.c + x509/x509_txt.c + x509/x509_v3.c + x509/x509_vfy.c + x509/x509_vpm.c + x509/x509cset.c + x509/x509name.c + x509/x509rset.c + x509/x509spki.c + x509/x_algor.c + x509/x_all.c + x509/x_attrib.c + x509/x_crl.c + x509/x_exten.c + x509/x_info.c + x509/x_name.c + x509/x_pkey.c + x509/x_pubkey.c + x509/x_req.c + x509/x_sig.c + x509/x_spki.c + x509/x_val.c + x509/x_x509.c + x509/x_x509a.c + x509v3/pcy_cache.c + x509v3/pcy_data.c + x509v3/pcy_lib.c + x509v3/pcy_map.c + x509v3/pcy_node.c + x509v3/pcy_tree.c + x509v3/v3_akey.c + x509v3/v3_akeya.c + x509v3/v3_alt.c + x509v3/v3_bcons.c + x509v3/v3_bitst.c + x509v3/v3_conf.c + x509v3/v3_cpols.c + x509v3/v3_crld.c + x509v3/v3_enum.c + x509v3/v3_extku.c + x509v3/v3_genn.c + x509v3/v3_ia5.c + x509v3/v3_info.c + x509v3/v3_int.c + x509v3/v3_lib.c + x509v3/v3_ncons.c + x509v3/v3_ocsp.c + x509v3/v3_pci.c + x509v3/v3_pcia.c + x509v3/v3_pcons.c + x509v3/v3_pku.c + x509v3/v3_pmaps.c + x509v3/v3_prn.c + x509v3/v3_purp.c + x509v3/v3_skey.c + x509v3/v3_sxnet.c + x509v3/v3_utl.c + ../third_party/fiat/curve25519.c -if(FIPS_DELOCATE) - SET_SOURCE_FILES_PROPERTIES(fipsmodule/bcm.o PROPERTIES EXTERNAL_OBJECT true) - SET_SOURCE_FILES_PROPERTIES(fipsmodule/bcm.o PROPERTIES GENERATED true) - - set( - CRYPTO_FIPS_OBJECTS - - fipsmodule/bcm.o - ) -endif() - -add_library( - crypto - - $<TARGET_OBJECTS:crypto_base> - $<TARGET_OBJECTS:stack> - $<TARGET_OBJECTS:lhash> - $<TARGET_OBJECTS:err> - $<TARGET_OBJECTS:base64> - $<TARGET_OBJECTS:bytestring> - $<TARGET_OBJECTS:pool> $<TARGET_OBJECTS:fipsmodule> - $<TARGET_OBJECTS:digest_extra> - $<TARGET_OBJECTS:cipher_extra> - $<TARGET_OBJECTS:rc4> - $<TARGET_OBJECTS:conf> - $<TARGET_OBJECTS:chacha> - $<TARGET_OBJECTS:poly1305> - $<TARGET_OBJECTS:curve25519> - $<TARGET_OBJECTS:fiat> - $<TARGET_OBJECTS:buf> - $<TARGET_OBJECTS:bn_extra> - $<TARGET_OBJECTS:bio> - $<TARGET_OBJECTS:rand_extra> - $<TARGET_OBJECTS:obj> - $<TARGET_OBJECTS:asn1> - $<TARGET_OBJECTS:engine> - $<TARGET_OBJECTS:dh> - $<TARGET_OBJECTS:dsa> - $<TARGET_OBJECTS:rsa_extra> - $<TARGET_OBJECTS:ec_extra> - $<TARGET_OBJECTS:ecdh_extra> - $<TARGET_OBJECTS:ecdsa_extra> - $<TARGET_OBJECTS:cmac> - $<TARGET_OBJECTS:evp> - $<TARGET_OBJECTS:hkdf> - $<TARGET_OBJECTS:pem> - $<TARGET_OBJECTS:x509> - $<TARGET_OBJECTS:x509v3> - $<TARGET_OBJECTS:pkcs7> - $<TARGET_OBJECTS:pkcs8_lib> + ${CRYPTO_ARCH_SOURCES} ${CRYPTO_FIPS_OBJECTS} ) +add_dependencies(crypto global_target) + if(FIPS_DELOCATE) add_dependencies(crypto bcm_o_target) endif() @@ -222,7 +419,6 @@ if(USE_CUSTOM_LIBCXX) target_link_libraries(crypto libcxx) endif() -# TODO(davidben): Convert the remaining tests to GTest. add_executable( crypto_test @@ -237,6 +433,7 @@ add_executable( cmac/cmac_test.cc compiler_test.cc constant_time_test.cc + cpu-arm-linux_test.cc curve25519/ed25519_test.cc curve25519/spake25519_test.cc curve25519/x25519_test.cc @@ -266,6 +463,7 @@ add_executable( pkcs8/pkcs12_test.cc poly1305/poly1305_test.cc pool/pool_test.cc + rand_extra/rand_test.cc refcount_test.cc rsa_extra/rsa_test.cc self_test.cc @@ -281,6 +479,8 @@ add_executable( $<TARGET_OBJECTS:test_support> ) +add_dependencies(crypto_test global_target) + target_link_libraries(crypto_test crypto boringssl_gtest) if(WIN32) target_link_libraries(crypto_test ws2_32) diff --git a/src/crypto/asn1/CMakeLists.txt b/src/crypto/asn1/CMakeLists.txt deleted file mode 100644 index de5d280e..00000000 --- a/src/crypto/asn1/CMakeLists.txt +++ /dev/null @@ -1,38 +0,0 @@ -include_directories(../../include) - -add_library( - asn1 - - OBJECT - - a_bitstr.c - a_bool.c - a_d2i_fp.c - a_dup.c - a_enum.c - a_gentm.c - a_i2d_fp.c - a_int.c - a_mbstr.c - a_object.c - a_octet.c - a_print.c - a_strnid.c - a_time.c - a_type.c - a_utctm.c - a_utf8.c - asn1_lib.c - asn1_par.c - asn_pack.c - f_enum.c - f_int.c - f_string.c - tasn_dec.c - tasn_enc.c - tasn_fre.c - tasn_new.c - tasn_typ.c - tasn_utl.c - time_support.c -) diff --git a/src/crypto/base64/CMakeLists.txt b/src/crypto/base64/CMakeLists.txt deleted file mode 100644 index 18cf9fe0..00000000 --- a/src/crypto/base64/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - base64 - - OBJECT - - base64.c -) diff --git a/src/crypto/bio/CMakeLists.txt b/src/crypto/bio/CMakeLists.txt deleted file mode 100644 index fccb1522..00000000 --- a/src/crypto/bio/CMakeLists.txt +++ /dev/null @@ -1,18 +0,0 @@ -include_directories(../../include) - -add_library( - bio - - OBJECT - - bio.c - bio_mem.c - connect.c - fd.c - file.c - hexdump.c - pair.c - printf.c - socket.c - socket_helper.c -) diff --git a/src/crypto/bn_extra/CMakeLists.txt b/src/crypto/bn_extra/CMakeLists.txt deleted file mode 100644 index 994b365a..00000000 --- a/src/crypto/bn_extra/CMakeLists.txt +++ /dev/null @@ -1,10 +0,0 @@ -include_directories(../../include) - -add_library( - bn_extra - - OBJECT - - bn_asn1.c - convert.c -) diff --git a/src/crypto/buf/CMakeLists.txt b/src/crypto/buf/CMakeLists.txt deleted file mode 100644 index 63f10255..00000000 --- a/src/crypto/buf/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - buf - - OBJECT - - buf.c -) diff --git a/src/crypto/bytestring/CMakeLists.txt b/src/crypto/bytestring/CMakeLists.txt deleted file mode 100644 index 2bb4c15f..00000000 --- a/src/crypto/bytestring/CMakeLists.txt +++ /dev/null @@ -1,13 +0,0 @@ -include_directories(../../include) - -add_library( - bytestring - - OBJECT - - asn1_compat.c - ber.c - cbs.c - cbb.c - unicode.c -) diff --git a/src/crypto/chacha/CMakeLists.txt b/src/crypto/chacha/CMakeLists.txt deleted file mode 100644 index bf4920ce..00000000 --- a/src/crypto/chacha/CMakeLists.txt +++ /dev/null @@ -1,48 +0,0 @@ -include_directories(../../include) - -if(${ARCH} STREQUAL "arm") - set( - CHACHA_ARCH_SOURCES - - chacha-armv4.${ASM_EXT} - ) -endif() - -if(${ARCH} STREQUAL "aarch64") - set( - CHACHA_ARCH_SOURCES - - chacha-armv8.${ASM_EXT} - ) -endif() - -if(${ARCH} STREQUAL "x86") - set( - CHACHA_ARCH_SOURCES - - chacha-x86.${ASM_EXT} - ) -endif() - -if(${ARCH} STREQUAL "x86_64") - set( - CHACHA_ARCH_SOURCES - - chacha-x86_64.${ASM_EXT} - ) -endif() - -add_library( - chacha - - OBJECT - - chacha.c - - ${CHACHA_ARCH_SOURCES} -) - -perlasm(chacha-armv4.${ASM_EXT} asm/chacha-armv4.pl) -perlasm(chacha-armv8.${ASM_EXT} asm/chacha-armv8.pl) -perlasm(chacha-x86.${ASM_EXT} asm/chacha-x86.pl) -perlasm(chacha-x86_64.${ASM_EXT} asm/chacha-x86_64.pl) diff --git a/src/crypto/cipher_extra/CMakeLists.txt b/src/crypto/cipher_extra/CMakeLists.txt deleted file mode 100644 index 2c55bd6a..00000000 --- a/src/crypto/cipher_extra/CMakeLists.txt +++ /dev/null @@ -1,35 +0,0 @@ -include_directories(../../include) - -if(${ARCH} STREQUAL "x86_64") - set( - CIPHER_ARCH_SOURCES - - aes128gcmsiv-x86_64.${ASM_EXT} - chacha20_poly1305_x86_64.${ASM_EXT} - ) -endif() - -add_library( - cipher_extra - - OBJECT - - cipher_extra.c - derive_key.c - - e_null.c - e_rc2.c - e_rc4.c - e_aesgcmsiv.c - e_aesctrhmac.c - e_aesccm.c - e_chacha20poly1305.c - - tls_cbc.c - e_tls.c - - ${CIPHER_ARCH_SOURCES} -) - -perlasm(aes128gcmsiv-x86_64.${ASM_EXT} asm/aes128gcmsiv-x86_64.pl) -perlasm(chacha20_poly1305_x86_64.${ASM_EXT} asm/chacha20_poly1305_x86_64.pl) diff --git a/src/crypto/cmac/CMakeLists.txt b/src/crypto/cmac/CMakeLists.txt deleted file mode 100644 index 44299033..00000000 --- a/src/crypto/cmac/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - cmac - - OBJECT - - cmac.c -) diff --git a/src/crypto/conf/CMakeLists.txt b/src/crypto/conf/CMakeLists.txt deleted file mode 100644 index 0a3c7953..00000000 --- a/src/crypto/conf/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - conf - - OBJECT - - conf.c -) diff --git a/src/crypto/cpu-arm-linux.c b/src/crypto/cpu-arm-linux.c index 839b632b..91078bdf 100644 --- a/src/crypto/cpu-arm-linux.c +++ b/src/crypto/cpu-arm-linux.c @@ -14,150 +14,23 @@ #include <openssl/cpu.h> -#if defined(OPENSSL_ARM) && !defined(OPENSSL_STATIC_ARMCAP) +#include "cpu-arm-linux.h" +#include "internal.h" +#if defined(OPENSSL_ARM) && !defined(OPENSSL_STATIC_ARMCAP) #include <errno.h> #include <fcntl.h> -#include <string.h> #include <sys/types.h> #include <unistd.h> #include <openssl/arm_arch.h> #include <openssl/buf.h> #include <openssl/mem.h> +#endif -#include "internal.h" - - -#define AT_HWCAP 16 -#define AT_HWCAP2 26 - -#define HWCAP_NEON (1 << 12) - -// See /usr/include/asm/hwcap.h on an ARM installation for the source of -// these values. -#define HWCAP2_AES (1 << 0) -#define HWCAP2_PMULL (1 << 1) -#define HWCAP2_SHA1 (1 << 2) -#define HWCAP2_SHA2 (1 << 3) - -// |getauxval| is not available on Android until API level 20. Link it as a weak -// symbol and use other methods as fallback. -unsigned long getauxval(unsigned long type) __attribute__((weak)); - -static int open_eintr(const char *path, int flags) { - int ret; - do { - ret = open(path, flags); - } while (ret < 0 && errno == EINTR); - return ret; -} - -static ssize_t read_eintr(int fd, void *out, size_t len) { - ssize_t ret; - do { - ret = read(fd, out, len); - } while (ret < 0 && errno == EINTR); - return ret; -} - -// read_full reads exactly |len| bytes from |fd| to |out|. On error or end of -// file, it returns zero. -static int read_full(int fd, void *out, size_t len) { - char *outp = out; - while (len > 0) { - ssize_t ret = read_eintr(fd, outp, len); - if (ret <= 0) { - return 0; - } - outp += ret; - len -= ret; - } - return 1; -} - -// read_file opens |path| and reads until end-of-file. On success, it returns -// one and sets |*out_ptr| and |*out_len| to a newly-allocated buffer with the -// contents. Otherwise, it returns zero. -static int read_file(char **out_ptr, size_t *out_len, const char *path) { - int fd = open_eintr(path, O_RDONLY); - if (fd < 0) { - return 0; - } - - static const size_t kReadSize = 1024; - int ret = 0; - size_t cap = kReadSize, len = 0; - char *buf = OPENSSL_malloc(cap); - if (buf == NULL) { - goto err; - } - - for (;;) { - if (cap - len < kReadSize) { - size_t new_cap = cap * 2; - if (new_cap < cap) { - goto err; - } - char *new_buf = OPENSSL_realloc(buf, new_cap); - if (new_buf == NULL) { - goto err; - } - buf = new_buf; - cap = new_cap; - } - - ssize_t bytes_read = read_eintr(fd, buf + len, kReadSize); - if (bytes_read < 0) { - goto err; - } - if (bytes_read == 0) { - break; - } - len += bytes_read; - } - - *out_ptr = buf; - *out_len = len; - ret = 1; - buf = NULL; - -err: - OPENSSL_free(buf); - close(fd); - return ret; -} - -// getauxval_proc behaves like |getauxval| but reads from /proc/self/auxv. -static unsigned long getauxval_proc(unsigned long type) { - int fd = open_eintr("/proc/self/auxv", O_RDONLY); - if (fd < 0) { - return 0; - } - struct { - unsigned long tag; - unsigned long value; - } entry; - - for (;;) { - if (!read_full(fd, &entry, sizeof(entry)) || - (entry.tag == 0 && entry.value == 0)) { - break; - } - if (entry.tag == type) { - close(fd); - return entry.value; - } - } - close(fd); - return 0; -} - -typedef struct { - const char *data; - size_t len; -} STRING_PIECE; +// The following functions are only used in ARM, but they are defined on all +// platforms for testing and fuzzing purposes. static int STRING_PIECE_equals(const STRING_PIECE *a, const char *b) { size_t b_len = strlen(b); @@ -182,6 +55,23 @@ static int STRING_PIECE_split(STRING_PIECE *out_left, STRING_PIECE *out_right, return 1; } +// STRING_PIECE_get_delimited reads a |sep|-delimited entry from |s|, writing it +// to |out| and updating |s| to point beyond it. It returns one on success and +// zero if |s| is empty. If |s| is has no copies of |sep| and is non-empty, it +// reads the entire string to |out|. +static int STRING_PIECE_get_delimited(STRING_PIECE *s, STRING_PIECE *out, char sep) { + if (s->len == 0) { + return 0; + } + if (!STRING_PIECE_split(out, s, s, sep)) { + // |s| had no instances of |sep|. Return the entire string. + *out = *s; + s->data += s->len; + s->len = 0; + } + return 1; +} + // STRING_PIECE_trim removes leading and trailing whitespace from |s|. static void STRING_PIECE_trim(STRING_PIECE *s) { while (s->len != 0 && (s->data[0] == ' ' || s->data[0] == '\t')) { @@ -195,13 +85,13 @@ static void STRING_PIECE_trim(STRING_PIECE *s) { } // extract_cpuinfo_field extracts a /proc/cpuinfo field named |field| from -// |in|. If found, it sets |*out| to the value and returns one. Otherwise, it +// |in|. If found, it sets |*out| to the value and returns one. Otherwise, it // returns zero. static int extract_cpuinfo_field(STRING_PIECE *out, const STRING_PIECE *in, const char *field) { // Process |in| one line at a time. STRING_PIECE remaining = *in, line; - while (STRING_PIECE_split(&line, &remaining, &remaining, '\n')) { + while (STRING_PIECE_get_delimited(&remaining, &line, '\n')) { STRING_PIECE key, value; if (!STRING_PIECE_split(&key, &value, &line, ':')) { continue; @@ -228,7 +118,7 @@ static int cpuinfo_field_equals(const STRING_PIECE *cpuinfo, const char *field, // one if |item| is contained in |list| and zero otherwise. static int has_list_item(const STRING_PIECE *list, const char *item) { STRING_PIECE remaining = *list, feature; - while (STRING_PIECE_split(&feature, &remaining, &remaining, ' ')) { + while (STRING_PIECE_get_delimited(&remaining, &feature, ' ')) { if (STRING_PIECE_equals(&feature, item)) { return 1; } @@ -236,7 +126,7 @@ static int has_list_item(const STRING_PIECE *list, const char *item) { return 0; } -static unsigned long get_hwcap_cpuinfo(const STRING_PIECE *cpuinfo) { +unsigned long crypto_get_arm_hwcap_from_cpuinfo(const STRING_PIECE *cpuinfo) { if (cpuinfo_field_equals(cpuinfo, "CPU architecture", "8")) { // This is a 32-bit ARM binary running on a 64-bit kernel. NEON is always // available on ARMv8. Linux omits required features, so reading the @@ -254,7 +144,7 @@ static unsigned long get_hwcap_cpuinfo(const STRING_PIECE *cpuinfo) { return 0; } -static unsigned long get_hwcap2_cpuinfo(const STRING_PIECE *cpuinfo) { +unsigned long crypto_get_arm_hwcap2_from_cpuinfo(const STRING_PIECE *cpuinfo) { STRING_PIECE features; if (!extract_cpuinfo_field(&features, cpuinfo, "Features")) { return 0; @@ -276,9 +166,7 @@ static unsigned long get_hwcap2_cpuinfo(const STRING_PIECE *cpuinfo) { return ret; } -// has_broken_neon returns one if |in| matches a CPU known to have a broken -// NEON unit. See https://crbug.com/341598. -static int has_broken_neon(const STRING_PIECE *cpuinfo) { +int crypto_cpuinfo_has_broken_neon(const STRING_PIECE *cpuinfo) { return cpuinfo_field_equals(cpuinfo, "CPU implementer", "0x51") && cpuinfo_field_equals(cpuinfo, "CPU architecture", "7") && cpuinfo_field_equals(cpuinfo, "CPU variant", "0x1") && @@ -286,6 +174,124 @@ static int has_broken_neon(const STRING_PIECE *cpuinfo) { cpuinfo_field_equals(cpuinfo, "CPU revision", "0"); } +#if defined(OPENSSL_ARM) && !defined(OPENSSL_STATIC_ARMCAP) + +#define AT_HWCAP 16 +#define AT_HWCAP2 26 + +// |getauxval| is not available on Android until API level 20. Link it as a weak +// symbol and use other methods as fallback. +unsigned long getauxval(unsigned long type) __attribute__((weak)); + +static int open_eintr(const char *path, int flags) { + int ret; + do { + ret = open(path, flags); + } while (ret < 0 && errno == EINTR); + return ret; +} + +static ssize_t read_eintr(int fd, void *out, size_t len) { + ssize_t ret; + do { + ret = read(fd, out, len); + } while (ret < 0 && errno == EINTR); + return ret; +} + +// read_full reads exactly |len| bytes from |fd| to |out|. On error or end of +// file, it returns zero. +static int read_full(int fd, void *out, size_t len) { + char *outp = out; + while (len > 0) { + ssize_t ret = read_eintr(fd, outp, len); + if (ret <= 0) { + return 0; + } + outp += ret; + len -= ret; + } + return 1; +} + +// read_file opens |path| and reads until end-of-file. On success, it returns +// one and sets |*out_ptr| and |*out_len| to a newly-allocated buffer with the +// contents. Otherwise, it returns zero. +static int read_file(char **out_ptr, size_t *out_len, const char *path) { + int fd = open_eintr(path, O_RDONLY); + if (fd < 0) { + return 0; + } + + static const size_t kReadSize = 1024; + int ret = 0; + size_t cap = kReadSize, len = 0; + char *buf = OPENSSL_malloc(cap); + if (buf == NULL) { + goto err; + } + + for (;;) { + if (cap - len < kReadSize) { + size_t new_cap = cap * 2; + if (new_cap < cap) { + goto err; + } + char *new_buf = OPENSSL_realloc(buf, new_cap); + if (new_buf == NULL) { + goto err; + } + buf = new_buf; + cap = new_cap; + } + + ssize_t bytes_read = read_eintr(fd, buf + len, kReadSize); + if (bytes_read < 0) { + goto err; + } + if (bytes_read == 0) { + break; + } + len += bytes_read; + } + + *out_ptr = buf; + *out_len = len; + ret = 1; + buf = NULL; + +err: + OPENSSL_free(buf); + close(fd); + return ret; +} + +// getauxval_proc behaves like |getauxval| but reads from /proc/self/auxv. +static unsigned long getauxval_proc(unsigned long type) { + int fd = open_eintr("/proc/self/auxv", O_RDONLY); + if (fd < 0) { + return 0; + } + + struct { + unsigned long tag; + unsigned long value; + } entry; + + for (;;) { + if (!read_full(fd, &entry, sizeof(entry)) || + (entry.tag == 0 && entry.value == 0)) { + break; + } + if (entry.tag == type) { + close(fd); + return entry.value; + } + } + close(fd); + return 0; +} + extern uint32_t OPENSSL_armcap_P; static int g_has_broken_neon, g_needs_hwcap2_workaround; @@ -315,11 +321,11 @@ void OPENSSL_cpuid_setup(void) { hwcap = getauxval_proc(AT_HWCAP); } if (hwcap == 0) { - hwcap = get_hwcap_cpuinfo(&cpuinfo); + hwcap = crypto_get_arm_hwcap_from_cpuinfo(&cpuinfo); } // Clear NEON support if known broken. - g_has_broken_neon = has_broken_neon(&cpuinfo); + g_has_broken_neon = crypto_cpuinfo_has_broken_neon(&cpuinfo); if (g_has_broken_neon) { hwcap &= ~HWCAP_NEON; } @@ -335,7 +341,7 @@ void OPENSSL_cpuid_setup(void) { hwcap2 = getauxval(AT_HWCAP2); } if (hwcap2 == 0) { - hwcap2 = get_hwcap2_cpuinfo(&cpuinfo); + hwcap2 = crypto_get_arm_hwcap2_from_cpuinfo(&cpuinfo); g_needs_hwcap2_workaround = hwcap2 != 0; } diff --git a/src/crypto/cpu-arm-linux.h b/src/crypto/cpu-arm-linux.h new file mode 100644 index 00000000..eabf4eac --- /dev/null +++ b/src/crypto/cpu-arm-linux.h @@ -0,0 +1,59 @@ +/* Copyright (c) 2018, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_CRYPTO_CPU_ARM_LINUX_H +#define OPENSSL_HEADER_CRYPTO_CPU_ARM_LINUX_H + +#include <openssl/base.h> + +#if defined(__cplusplus) +extern "C" { +#endif + + +// The following symbols are defined on all platforms and exported for testing +// and fuzzing purposes. They are not exported from the shared library so the +// static linker will drop them outside of tests. + +#define HWCAP_NEON (1 << 12) + +// See /usr/include/asm/hwcap.h on an ARM installation for the source of +// these values. +#define HWCAP2_AES (1 << 0) +#define HWCAP2_PMULL (1 << 1) +#define HWCAP2_SHA1 (1 << 2) +#define HWCAP2_SHA2 (1 << 3) + +typedef struct { + const char *data; + size_t len; +} STRING_PIECE; + +// crypto_get_arm_hwcap_from_cpuinfo returns an equivalent ARM |AT_HWCAP| value +// from |cpuinfo|. +unsigned long crypto_get_arm_hwcap_from_cpuinfo(const STRING_PIECE *cpuinfo); + +// crypto_get_arm_hwcap2_from_cpuinfo returns an equivalent ARM |AT_HWCAP2| +// value from |cpuinfo|. +unsigned long crypto_get_arm_hwcap2_from_cpuinfo(const STRING_PIECE *cpuinfo); + +// crypto_cpuinfo_has_broken_neon returns one if |cpuinfo| matches a CPU known +// to have broken NEON unit and zero otherwise. See https://crbug.com/341598. +int crypto_cpuinfo_has_broken_neon(const STRING_PIECE *cpuinfo); + +#if defined(__cplusplus) +} // extern C +#endif + +#endif // OPENSSL_HEADER_CRYPTO_CPU_ARM_LINUX_H diff --git a/src/crypto/cpu-arm-linux_test.cc b/src/crypto/cpu-arm-linux_test.cc new file mode 100644 index 00000000..3ca6e57d --- /dev/null +++ b/src/crypto/cpu-arm-linux_test.cc @@ -0,0 +1,236 @@ +/* Copyright (c) 2018, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include "cpu-arm-linux.h" + +#include <string.h> + +#include <gtest/gtest.h> + + +#if !defined(BORINGSSL_SHARED_LIBRARY) + +TEST(ARMLinuxTest, CPUInfo) { + struct CPUInfoTest { + const char *cpuinfo; + unsigned long hwcap; + unsigned long hwcap2; + bool broken_neon; + } kTests[] = { + // https://crbug.com/341598#c33 + { + "Processor: ARMv7 Processory rev 0 (v71)\n" + "processor: 0\n" + "BogoMIPS: 13.50\n" + "\n" + "Processor: 1\n" + "BogoMIPS: 13.50\n" + "\n" + "Features: swp half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 " + "idiva idivt\n" + "CPU implementer : 0x51\n" + "CPU architecture: 7\n" + "CPU variant: 0x1\n" + "CPU part: 0x04d\n" + "CPU revision: 0\n" + "\n" + "Hardware: SAMSUNG M2\n" + "Revision: 0010\n" + "Serial: 00001e030000354e\n", + HWCAP_NEON, + 0, + true, + }, + // https://crbug.com/341598#c39 + { + "Processor : ARMv7 Processor rev 0 (v7l)\n" + "processor : 0\n" + "BogoMIPS : 13.53\n" + "\n" + "Features : swp half thumb fastmult vfp edsp neon vfpv3 tls " + "vfpv4\n" + "CPU implementer : 0x51\n" + "CPU architecture: 7\n" + "CPU variant : 0x1\n" + "CPU part : 0x04d\n" + "CPU revision : 0\n" + "\n" + "Hardware : SAMSUNG M2_ATT\n" + "Revision : 0010\n" + "Serial : 0000df0c00004d4c\n", + HWCAP_NEON, + 0, + true, + }, + // Nexus 4 from https://crbug.com/341598#c43 + { + "Processor : ARMv7 Processor rev 2 (v7l)\n" + "processor : 0\n" + "BogoMIPS : 13.53\n" + "\n" + "processor : 1\n" + "BogoMIPS : 13.53\n" + "\n" + "processor : 2\n" + "BogoMIPS : 13.53\n" + "\n" + "processor : 3\n" + "BogoMIPS : 13.53\n" + "\n" + "Features : swp half thumb fastmult vfp edsp neon vfpv3 tls " + "vfpv4 \n" + "CPU implementer : 0x51\n" + "CPU architecture: 7\n" + "CPU variant : 0x0\n" + "CPU part : 0x06f\n" + "CPU revision : 2\n" + "\n" + "Hardware : QCT APQ8064 MAKO\n" + "Revision : 000b\n" + "Serial : 0000000000000000\n", + HWCAP_NEON, + 0, + false, + }, + // Razr M from https://crbug.com/341598#c43 + { + "Processor : ARMv7 Processor rev 4 (v7l)\n" + "processor : 0\n" + "BogoMIPS : 13.53\n" + "\n" + "Features : swp half thumb fastmult vfp edsp neon vfpv3 tls " + "vfpv4\n" + "CPU implementer : 0x51\n" + "CPU architecture: 7\n" + "CPU variant : 0x1\n" + "CPU part : 0x04d\n" + "CPU revision : 4\n" + "\n" + "Hardware : msm8960dt\n" + "Revision : 82a0\n" + "Serial : 0001000201fe37a5\n", + HWCAP_NEON, + 0, + false, + }, + // Pixel 2 (truncated slightly) + { + "Processor : AArch64 Processor rev 1 (aarch64)\n" + "processor : 0\n" + "BogoMIPS : 38.00\n" + "Features : fp asimd evtstrm aes pmull sha1 sha2 crc32\n" + "CPU implementer : 0x51\n" + "CPU architecture: 8\n" + "CPU variant : 0xa\n" + "CPU part : 0x801\n" + "CPU revision : 4\n" + "\n" + "processor : 1\n" + "BogoMIPS : 38.00\n" + "Features : fp asimd evtstrm aes pmull sha1 sha2 crc32\n" + "CPU implementer : 0x51\n" + "CPU architecture: 8\n" + "CPU variant : 0xa\n" + "CPU part : 0x801\n" + "CPU revision : 4\n" + "\n" + "processor : 2\n" + "BogoMIPS : 38.00\n" + "Features : fp asimd evtstrm aes pmull sha1 sha2 crc32\n" + "CPU implementer : 0x51\n" + "CPU architecture: 8\n" + "CPU variant : 0xa\n" + "CPU part : 0x801\n" + "CPU revision : 4\n" + "\n" + "processor : 3\n" + "BogoMIPS : 38.00\n" + "Features : fp asimd evtstrm aes pmull sha1 sha2 crc32\n" + "CPU implementer : 0x51\n" + "CPU architecture: 8\n" + "CPU variant : 0xa\n" + "CPU part : 0x801\n" + "CPU revision : 4\n" + // (Extra processors omitted.) + "\n" + "Hardware : Qualcomm Technologies, Inc MSM8998\n", + HWCAP_NEON, // CPU architecture 8 implies NEON. + HWCAP2_AES | HWCAP2_PMULL | HWCAP2_SHA1 | HWCAP2_SHA2, + false, + }, + // Nexus 4 from + // Garbage should be tolerated. + { + "Blah blah blah this is definitely an ARM CPU", + 0, + 0, + false, + }, + // A hypothetical ARMv8 CPU without crc32 (and thus no trailing space + // after the last crypto entry). + { + "Features : aes pmull sha1 sha2\n" + "CPU architecture: 8\n", + HWCAP_NEON, + HWCAP2_AES | HWCAP2_PMULL | HWCAP2_SHA1 | HWCAP2_SHA2, + false, + }, + // Various combinations of ARMv8 flags. + { + "Features : aes sha1 sha2\n" + "CPU architecture: 8\n", + HWCAP_NEON, + HWCAP2_AES | HWCAP2_SHA1 | HWCAP2_SHA2, + false, + }, + { + "Features : pmull sha2\n" + "CPU architecture: 8\n", + HWCAP_NEON, + HWCAP2_PMULL | HWCAP2_SHA2, + false, + }, + { + "Features : aes aes aes not_aes aes aes \n" + "CPU architecture: 8\n", + HWCAP_NEON, + HWCAP2_AES, + false, + }, + { + "Features : \n" + "CPU architecture: 8\n", + HWCAP_NEON, + 0, + false, + }, + { + "Features : nothing\n" + "CPU architecture: 8\n", + HWCAP_NEON, + 0, + false, + }, + }; + + for (const auto &t : kTests) { + SCOPED_TRACE(t.cpuinfo); + STRING_PIECE sp = {t.cpuinfo, strlen(t.cpuinfo)}; + EXPECT_EQ(t.hwcap, crypto_get_arm_hwcap_from_cpuinfo(&sp)); + EXPECT_EQ(t.hwcap2, crypto_get_arm_hwcap2_from_cpuinfo(&sp)); + EXPECT_EQ(t.broken_neon ? 1 : 0, crypto_cpuinfo_has_broken_neon(&sp)); + } +} + +#endif // !BORINGSSL_SHARED_LIBRARY diff --git a/src/crypto/crypto.c b/src/crypto/crypto.c index 93e2f824..783d7d96 100644 --- a/src/crypto/crypto.c +++ b/src/crypto/crypto.c @@ -19,19 +19,6 @@ #include "internal.h" -#if defined(OPENSSL_MSAN) && !defined(OPENSSL_NO_ASM) -// MSan works by instrumenting memory accesses in the compiler. Accesses from -// uninstrumented code, such as assembly, are invisible to it. MSan will -// incorrectly report reads from assembly-initialized memory as uninitialized. -// If building BoringSSL with MSan, exclude assembly files from the build and -// define OPENSSL_NO_ASM. -// -// This is checked here rather than in a header because the consumer might not -// define OPENSSL_NO_ASM. It is only necessary for BoringSSL source files to be -// built with it. -#error "BoringSSL must be built with assembly disabled to use MSan." -#endif - #if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_STATIC_ARMCAP) && \ (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \ defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) || \ diff --git a/src/crypto/curve25519/CMakeLists.txt b/src/crypto/curve25519/CMakeLists.txt deleted file mode 100644 index 0f282186..00000000 --- a/src/crypto/curve25519/CMakeLists.txt +++ /dev/null @@ -1,19 +0,0 @@ -include_directories(../../include) - -if(${ARCH} STREQUAL "arm") - set( - CURVE25519_ARCH_SOURCES - - asm/x25519-asm-arm.S - ) -endif() - -add_library( - curve25519 - - OBJECT - - spake25519.c - - ${CURVE25519_ARCH_SOURCES} -) diff --git a/src/crypto/curve25519/asm/x25519-asm-arm.S b/src/crypto/curve25519/asm/x25519-asm-arm.S index 38ec03b4..905af077 100644 --- a/src/crypto/curve25519/asm/x25519-asm-arm.S +++ b/src/crypto/curve25519/asm/x25519-asm-arm.S @@ -17,8 +17,18 @@ * domain licensed but the standard ISC license is included above to keep * licensing simple. */ +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM +#endif +#endif + #if !defined(OPENSSL_NO_ASM) && defined(__arm__) && !defined(__APPLE__) +#if defined(BORINGSSL_PREFIX) +#include <boringssl_prefix_symbols_asm.h> +#endif + .fpu neon .text .align 4 diff --git a/src/crypto/dh/CMakeLists.txt b/src/crypto/dh/CMakeLists.txt deleted file mode 100644 index 83ae6d43..00000000 --- a/src/crypto/dh/CMakeLists.txt +++ /dev/null @@ -1,12 +0,0 @@ -include_directories(../../include) - -add_library( - dh - - OBJECT - - dh.c - params.c - check.c - dh_asn1.c -) diff --git a/src/crypto/digest_extra/CMakeLists.txt b/src/crypto/digest_extra/CMakeLists.txt deleted file mode 100644 index 2efb832a..00000000 --- a/src/crypto/digest_extra/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - digest_extra - - OBJECT - - digest_extra.c -) diff --git a/src/crypto/dsa/CMakeLists.txt b/src/crypto/dsa/CMakeLists.txt deleted file mode 100644 index d3c12f58..00000000 --- a/src/crypto/dsa/CMakeLists.txt +++ /dev/null @@ -1,10 +0,0 @@ -include_directories(../../include) - -add_library( - dsa - - OBJECT - - dsa.c - dsa_asn1.c -) diff --git a/src/crypto/ec_extra/CMakeLists.txt b/src/crypto/ec_extra/CMakeLists.txt deleted file mode 100644 index 2312b190..00000000 --- a/src/crypto/ec_extra/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - ec_extra - - OBJECT - - ec_asn1.c -) diff --git a/src/crypto/ecdh_extra/CMakeLists.txt b/src/crypto/ecdh_extra/CMakeLists.txt deleted file mode 100644 index 40a53c1d..00000000 --- a/src/crypto/ecdh_extra/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - ecdh_extra - - OBJECT - - ecdh_extra.c -) diff --git a/src/crypto/ecdsa_extra/CMakeLists.txt b/src/crypto/ecdsa_extra/CMakeLists.txt deleted file mode 100644 index a9085808..00000000 --- a/src/crypto/ecdsa_extra/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - ecdsa_extra - - OBJECT - - ecdsa_asn1.c -) diff --git a/src/crypto/engine/CMakeLists.txt b/src/crypto/engine/CMakeLists.txt deleted file mode 100644 index 5667f023..00000000 --- a/src/crypto/engine/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - engine - - OBJECT - - engine.c -) diff --git a/src/crypto/err/CMakeLists.txt b/src/crypto/err/CMakeLists.txt deleted file mode 100644 index 91c6f6eb..00000000 --- a/src/crypto/err/CMakeLists.txt +++ /dev/null @@ -1,40 +0,0 @@ -include_directories(../../include) - -add_custom_command( - OUTPUT err_data.c - COMMAND ${GO_EXECUTABLE} run err_data_generate.go > ${CMAKE_CURRENT_BINARY_DIR}/err_data.c - DEPENDS - err_data_generate.go - asn1.errordata - bio.errordata - bn.errordata - cipher.errordata - conf.errordata - dh.errordata - digest.errordata - dsa.errordata - ecdh.errordata - ecdsa.errordata - ec.errordata - engine.errordata - evp.errordata - hkdf.errordata - obj.errordata - pem.errordata - pkcs7.errordata - pkcs8.errordata - rsa.errordata - ssl.errordata - x509.errordata - x509v3.errordata - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} -) - -add_library( - err - - OBJECT - - err.c - err_data.c -) diff --git a/src/crypto/err/internal.h b/src/crypto/err/internal.h index 3f2397c1..179f756b 100644 --- a/src/crypto/err/internal.h +++ b/src/crypto/err/internal.h @@ -46,11 +46,11 @@ OPENSSL_EXPORT void ERR_restore_state(const ERR_SAVE_STATE *state); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(ERR_SAVE_STATE, ERR_SAVE_STATE_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/src/crypto/evp/CMakeLists.txt b/src/crypto/evp/CMakeLists.txt deleted file mode 100644 index 4b1fe5e8..00000000 --- a/src/crypto/evp/CMakeLists.txt +++ /dev/null @@ -1,23 +0,0 @@ -include_directories(../../include) - -add_library( - evp - - OBJECT - - digestsign.c - evp.c - evp_asn1.c - evp_ctx.c - p_dsa_asn1.c - p_ec.c - p_ec_asn1.c - p_ed25519.c - p_ed25519_asn1.c - p_rsa.c - p_rsa_asn1.c - pbkdf.c - print.c - scrypt.c - sign.c -) diff --git a/src/crypto/fipsmodule/CMakeLists.txt b/src/crypto/fipsmodule/CMakeLists.txt index babda94c..1242aa2f 100644 --- a/src/crypto/fipsmodule/CMakeLists.txt +++ b/src/crypto/fipsmodule/CMakeLists.txt @@ -136,6 +136,8 @@ if(FIPS_DELOCATE) bcm.c ) + add_dependencies(bcm_c_generated_asm global_target) + set_target_properties(bcm_c_generated_asm PROPERTIES COMPILE_OPTIONS "-S") set_target_properties(bcm_c_generated_asm PROPERTIES POSITION_INDEPENDENT_CODE ON) @@ -164,6 +166,8 @@ if(FIPS_DELOCATE) bcm-delocated.S ) + add_dependencies(bcm_hashunset global_target) + set_target_properties(bcm_hashunset PROPERTIES POSITION_INDEPENDENT_CODE ON) set_target_properties(bcm_hashunset PROPERTIES LINKER_LANGUAGE C) @@ -187,6 +191,8 @@ if(FIPS_DELOCATE) is_fips.c ) + add_dependencies(fipsmodule global_target) + set_target_properties(fipsmodule PROPERTIES LINKER_LANGUAGE C) else() add_library( @@ -199,4 +205,6 @@ else() ${BCM_ASM_SOURCES} ) + + add_dependencies(fipsmodule global_target) endif() diff --git a/src/crypto/fipsmodule/bn/bn_test.cc b/src/crypto/fipsmodule/bn/bn_test.cc index a9323061..29b4456e 100644 --- a/src/crypto/fipsmodule/bn/bn_test.cc +++ b/src/crypto/fipsmodule/bn/bn_test.cc @@ -1592,21 +1592,6 @@ TEST_F(BNTest, ExpZeroModOne) { ASSERT_TRUE(BN_mod_exp_mont_consttime(r.get(), zero.get(), zero.get(), BN_value_one(), ctx(), nullptr)); EXPECT_TRUE(BN_is_zero(r.get())); - - // Historically, OpenSSL's modular exponentiation functions tolerated negative - // moduli by ignoring the sign bit. This logic should do the same. - ASSERT_TRUE(BN_mod_exp(r.get(), a.get(), zero.get(), minus_one.get(), ctx())); - EXPECT_TRUE(BN_is_zero(r.get())); - ASSERT_TRUE(BN_mod_exp_mont_word(r.get(), 0, zero.get(), minus_one.get(), - ctx(), nullptr)); - EXPECT_TRUE(BN_is_zero(r.get())); - ASSERT_TRUE(BN_mod_exp_mont(r.get(), zero.get(), zero.get(), minus_one.get(), - ctx(), nullptr)); - EXPECT_TRUE(BN_is_zero(r.get())); - - ASSERT_TRUE(BN_mod_exp_mont_consttime(r.get(), zero.get(), zero.get(), - minus_one.get(), ctx(), nullptr)); - EXPECT_TRUE(BN_is_zero(r.get())); } TEST_F(BNTest, SmallPrime) { diff --git a/src/crypto/fipsmodule/bn/exponentiation.c b/src/crypto/fipsmodule/bn/exponentiation.c index 7035ea7b..41b20571 100644 --- a/src/crypto/fipsmodule/bn/exponentiation.c +++ b/src/crypto/fipsmodule/bn/exponentiation.c @@ -446,21 +446,18 @@ static int BN_window_bits_for_exponent_size(int b) { static int mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx) { - int i, j, bits, ret = 0, wstart, window; + int i, j, ret = 0, wstart, window; int start = 1; BIGNUM *aa; // Table of variables obtained from 'ctx' BIGNUM *val[TABLE_SIZE]; BN_RECP_CTX recp; - bits = BN_num_bits(p); + // This function is only called on even moduli. + assert(!BN_is_odd(m)); + int bits = BN_num_bits(p); if (bits == 0) { - // x**0 mod 1 is still zero. - if (BN_abs_is_word(m, 1)) { - BN_zero(r); - return 1; - } return BN_one(r); } @@ -586,6 +583,10 @@ err: int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx) { + if (m->neg) { + OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER); + return 0; + } if (a->neg || BN_ucmp(a, m) >= 0) { if (!BN_nnmod(r, a, m, ctx)) { return 0; @@ -606,6 +607,10 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, OPENSSL_PUT_ERROR(BN, BN_R_CALLED_WITH_EVEN_MODULUS); return 0; } + if (m->neg) { + OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER); + return 0; + } if (a->neg || BN_ucmp(a, m) >= 0) { OPENSSL_PUT_ERROR(BN, BN_R_INPUT_NOT_REDUCED); return 0; @@ -970,6 +975,10 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, OPENSSL_PUT_ERROR(BN, BN_R_CALLED_WITH_EVEN_MODULUS); return 0; } + if (m->neg) { + OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER); + return 0; + } if (a->neg || BN_ucmp(a, m) >= 0) { OPENSSL_PUT_ERROR(BN, BN_R_INPUT_NOT_REDUCED); return 0; diff --git a/src/crypto/fipsmodule/bn/mul.c b/src/crypto/fipsmodule/bn/mul.c index bd9393ec..a1582a23 100644 --- a/src/crypto/fipsmodule/bn/mul.c +++ b/src/crypto/fipsmodule/bn/mul.c @@ -559,7 +559,7 @@ static int bn_mul_impl(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX_start(ctx); if (r == a || r == b) { rr = BN_CTX_get(ctx); - if (r == NULL) { + if (rr == NULL) { goto err; } } else { diff --git a/src/crypto/fipsmodule/md5/md5.c b/src/crypto/fipsmodule/md5/md5.c index 32429da3..370b42a3 100644 --- a/src/crypto/fipsmodule/md5/md5.c +++ b/src/crypto/fipsmodule/md5/md5.c @@ -85,11 +85,14 @@ int MD5_Init(MD5_CTX *md5) { (defined(OPENSSL_X86_64) || defined(OPENSSL_X86)) #define MD5_ASM #define md5_block_data_order md5_block_asm_data_order +extern void md5_block_data_order(uint32_t *state, const uint8_t *data, + size_t num); +#else +static void md5_block_data_order(uint32_t *state, const uint8_t *data, + size_t num); #endif -void md5_block_data_order(uint32_t *state, const uint8_t *data, size_t num); - #define DATA_ORDER_IS_LITTLE_ENDIAN #define HASH_CTX MD5_CTX @@ -151,11 +154,12 @@ void md5_block_data_order(uint32_t *state, const uint8_t *data, size_t num); (a) += (b); \ } while (0) -#ifndef md5_block_data_order +#ifndef MD5_ASM #ifdef X #undef X #endif -void md5_block_data_order(uint32_t *state, const uint8_t *data, size_t num) { +static void md5_block_data_order(uint32_t *state, const uint8_t *data, + size_t num) { uint32_t A, B, C, D, l; uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; diff --git a/src/crypto/hkdf/CMakeLists.txt b/src/crypto/hkdf/CMakeLists.txt deleted file mode 100644 index 43309eb1..00000000 --- a/src/crypto/hkdf/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - hkdf - - OBJECT - - hkdf.c -) diff --git a/src/crypto/internal.h b/src/crypto/internal.h index c4e2e517..0e8ae3a6 100644 --- a/src/crypto/internal.h +++ b/src/crypto/internal.h @@ -488,7 +488,7 @@ OPENSSL_EXPORT void CRYPTO_STATIC_MUTEX_unlock_write( #if defined(__cplusplus) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN namespace internal { @@ -516,7 +516,7 @@ using MutexWriteLock = using MutexReadLock = internal::MutexLockBase<CRYPTO_MUTEX_lock_read, CRYPTO_MUTEX_unlock_read>; -} // namespace bssl +BSSL_NAMESPACE_END } // extern "C++" #endif // defined(__cplusplus) diff --git a/src/crypto/lhash/CMakeLists.txt b/src/crypto/lhash/CMakeLists.txt deleted file mode 100644 index 7a5f161c..00000000 --- a/src/crypto/lhash/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - lhash - - OBJECT - - lhash.c -) diff --git a/src/crypto/obj/CMakeLists.txt b/src/crypto/obj/CMakeLists.txt deleted file mode 100644 index b8a4ef37..00000000 --- a/src/crypto/obj/CMakeLists.txt +++ /dev/null @@ -1,10 +0,0 @@ -include_directories(../../include) - -add_library( - obj - - OBJECT - - obj.c - obj_xref.c -) diff --git a/src/crypto/pem/CMakeLists.txt b/src/crypto/pem/CMakeLists.txt deleted file mode 100644 index 30dd7c92..00000000 --- a/src/crypto/pem/CMakeLists.txt +++ /dev/null @@ -1,16 +0,0 @@ -include_directories(../../include) - -add_library( - pem - - OBJECT - - pem_all.c - pem_info.c - pem_lib.c - pem_oth.c - pem_pk8.c - pem_pkey.c - pem_x509.c - pem_xaux.c -) diff --git a/src/crypto/perlasm/arm-xlate.pl b/src/crypto/perlasm/arm-xlate.pl index 8e3e9549..29e086dd 100755 --- a/src/crypto/perlasm/arm-xlate.pl +++ b/src/crypto/perlasm/arm-xlate.pl @@ -130,9 +130,23 @@ sub expand_line { return $line; } +print <<___; +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM +#endif +#endif + +#if !defined(OPENSSL_NO_ASM) +___ + print "#if defined(__arm__)\n" if ($flavour eq "linux32"); print "#if defined(__aarch64__)\n" if ($flavour eq "linux64"); +print "#if defined(BORINGSSL_PREFIX)\n"; +print "#include <boringssl_prefix_symbols_asm.h>\n"; +print "#endif\n"; + while(my $line=<>) { if ($line =~ m/^\s*(#|@|\/\/)/) { print $line; next; } @@ -180,5 +194,6 @@ while(my $line=<>) { } print "#endif\n" if ($flavour eq "linux32" || $flavour eq "linux64"); +print "#endif // !OPENSSL_NO_ASM\n"; close STDOUT; diff --git a/src/crypto/perlasm/ppc-xlate.pl b/src/crypto/perlasm/ppc-xlate.pl index de796d73..05595f2c 100644 --- a/src/crypto/perlasm/ppc-xlate.pl +++ b/src/crypto/perlasm/ppc-xlate.pl @@ -255,6 +255,16 @@ my $darn = sub { " .long ".sprintf "0x%X",(31<<26)|($rt<<21)|($l<<16)|(755<<1); }; +print <<___; +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)" +#define OPENSSL_NO_ASM" +#endif +#endif + +#if !defined(OPENSSL_NO_ASM) && defined(__powerpc64__) +___ + while($line=<>) { $line =~ s|[#!;].*$||; # get rid of asm-style comments... @@ -296,4 +306,6 @@ while($line=<>) { print "\n"; } +print "#endif // !OPENSSL_NO_ASM && __powerpc64__\n"; + close STDOUT; diff --git a/src/crypto/perlasm/x86_64-xlate.pl b/src/crypto/perlasm/x86_64-xlate.pl index e2ea0d27..3ec9b6c6 100755 --- a/src/crypto/perlasm/x86_64-xlate.pl +++ b/src/crypto/perlasm/x86_64-xlate.pl @@ -1129,13 +1129,31 @@ default rel %define XMMWORD %define YMMWORD %define ZMMWORD + +%ifdef BORINGSSL_PREFIX +%include "boringssl_prefix_symbols_nasm.inc" +%endif ___ } elsif ($masm) { print <<___; OPTION DOTNAME ___ } -print STDOUT "#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM)\n" if ($gas); + +if ($gas) { + print <<___; +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM +#endif +#endif + +#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#if defined(BORINGSSL_PREFIX) +#include <boringssl_prefix_symbols_asm.h> +#endif +___ +} while(defined(my $line=<>)) { diff --git a/src/crypto/pkcs7/CMakeLists.txt b/src/crypto/pkcs7/CMakeLists.txt deleted file mode 100644 index 65c65662..00000000 --- a/src/crypto/pkcs7/CMakeLists.txt +++ /dev/null @@ -1,10 +0,0 @@ -include_directories(../../include) - -add_library( - pkcs7 - - OBJECT - - pkcs7.c - pkcs7_x509.c -) diff --git a/src/crypto/pkcs8/CMakeLists.txt b/src/crypto/pkcs8/CMakeLists.txt deleted file mode 100644 index 417dce3f..00000000 --- a/src/crypto/pkcs8/CMakeLists.txt +++ /dev/null @@ -1,11 +0,0 @@ -include_directories(../../include) - -add_library( - pkcs8_lib - - OBJECT - - pkcs8.c - pkcs8_x509.c - p5_pbev2.c -) diff --git a/src/crypto/poly1305/CMakeLists.txt b/src/crypto/poly1305/CMakeLists.txt deleted file mode 100644 index 5dc1b193..00000000 --- a/src/crypto/poly1305/CMakeLists.txt +++ /dev/null @@ -1,21 +0,0 @@ -include_directories(../../include) - -if(${ARCH} STREQUAL "arm") - set( - POLY1305_ARCH_SOURCES - - poly1305_arm_asm.S - ) -endif() - -add_library( - poly1305 - - OBJECT - - poly1305.c - poly1305_arm.c - poly1305_vec.c - - ${POLY1305_ARCH_SOURCES} -) diff --git a/src/crypto/poly1305/poly1305_arm_asm.S b/src/crypto/poly1305/poly1305_arm_asm.S index b75c8c4b..04f7c4cd 100644 --- a/src/crypto/poly1305/poly1305_arm_asm.S +++ b/src/crypto/poly1305/poly1305_arm_asm.S @@ -1,5 +1,15 @@ +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM +#endif +#endif + #if defined(__arm__) && !defined(OPENSSL_NO_ASM) && !defined(__APPLE__) +#if defined(BORINGSSL_PREFIX) +#include <boringssl_prefix_symbols_asm.h> +#endif + # This implementation was taken from the public domain, neon2 version in # SUPERCOP by D. J. Bernstein and Peter Schwabe. diff --git a/src/crypto/pool/CMakeLists.txt b/src/crypto/pool/CMakeLists.txt deleted file mode 100644 index 6f2c7842..00000000 --- a/src/crypto/pool/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - pool - - OBJECT - - pool.c -) diff --git a/src/crypto/rand_extra/CMakeLists.txt b/src/crypto/rand_extra/CMakeLists.txt deleted file mode 100644 index cdd7aa8b..00000000 --- a/src/crypto/rand_extra/CMakeLists.txt +++ /dev/null @@ -1,13 +0,0 @@ -include_directories(../../include) - -add_library( - rand_extra - - OBJECT - - deterministic.c - forkunsafe.c - fuchsia.c - rand_extra.c - windows.c -) diff --git a/src/crypto/rand_extra/rand_test.cc b/src/crypto/rand_extra/rand_test.cc new file mode 100644 index 00000000..bd2eb188 --- /dev/null +++ b/src/crypto/rand_extra/rand_test.cc @@ -0,0 +1,184 @@ +/* Copyright (c) 2018, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <openssl/rand.h> + +#include <gtest/gtest.h> + +#include <openssl/span.h> + +#include "../test/test_util.h" + +#if !defined(OPENSSL_NO_THREADS) +#include <array> +#include <thread> +#include <vector> +#endif + +#if !defined(OPENSSL_WINDOWS) +#include <errno.h> +#include <stdio.h> +#include <sys/types.h> +#include <sys/wait.h> +#include <unistd.h> +#endif + + +// These tests are, strictly speaking, flaky, but we use large enough buffers +// that the probability of failing when we should pass is negligible. + +TEST(RandTest, NotObviouslyBroken) { + static const uint8_t kZeros[256] = {0}; + + uint8_t buf1[256], buf2[256]; + RAND_bytes(buf1, sizeof(buf1)); + RAND_bytes(buf2, sizeof(buf2)); + + EXPECT_NE(Bytes(buf1), Bytes(buf2)); + EXPECT_NE(Bytes(buf1), Bytes(kZeros)); + EXPECT_NE(Bytes(buf2), Bytes(kZeros)); +} + +#if !defined(OPENSSL_WINDOWS) && !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) +static bool ForkAndRand(bssl::Span<uint8_t> out) { + int pipefds[2]; + if (pipe(pipefds) < 0) { + perror("pipe"); + return false; + } + + // This is a multi-threaded process, but GTest does not run tests concurrently + // and there currently are no threads, so this should be safe. + pid_t child = fork(); + if (child < 0) { + perror("fork"); + close(pipefds[0]); + close(pipefds[1]); + return false; + } + + if (child == 0) { + // This is the child. Generate entropy and write it to the parent. + close(pipefds[0]); + RAND_bytes(out.data(), out.size()); + while (!out.empty()) { + ssize_t ret = write(pipefds[1], out.data(), out.size()); + if (ret < 0) { + if (errno == EINTR) { + continue; + } + perror("write"); + _exit(1); + } + out = out.subspan(static_cast<size_t>(ret)); + } + _exit(0); + } + + // This is the parent. Read the entropy from the child. + close(pipefds[1]); + while (!out.empty()) { + ssize_t ret = read(pipefds[0], out.data(), out.size()); + if (ret <= 0) { + if (ret == 0) { + fprintf(stderr, "Unexpected EOF from child.\n"); + } else { + if (errno == EINTR) { + continue; + } + perror("read"); + } + close(pipefds[0]); + return false; + } + out = out.subspan(static_cast<size_t>(ret)); + } + close(pipefds[0]); + + // Wait for the child to exit. + int status; + if (waitpid(child, &status, 0) < 0) { + perror("waitpid"); + return false; + } + if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { + fprintf(stderr, "Child did not exit cleanly.\n"); + return false; + } + + return true; +} + +TEST(RandTest, Fork) { + static const uint8_t kZeros[16] = {0}; + + // Draw a little entropy to initialize any internal PRNG buffering. + uint8_t byte; + RAND_bytes(&byte, 1); + + // Draw entropy in two child processes and the parent process. This test + // intentionally uses smaller buffers than the others, to minimize the chance + // of sneaking by with a large enough buffer that we've since reseeded from + // the OS. + uint8_t buf1[16], buf2[16], buf3[16]; + ASSERT_TRUE(ForkAndRand(buf1)); + ASSERT_TRUE(ForkAndRand(buf2)); + RAND_bytes(buf3, sizeof(buf3)); + + // All should be different. + EXPECT_NE(Bytes(buf1), Bytes(buf2)); + EXPECT_NE(Bytes(buf2), Bytes(buf3)); + EXPECT_NE(Bytes(buf1), Bytes(buf3)); + EXPECT_NE(Bytes(buf1), Bytes(kZeros)); + EXPECT_NE(Bytes(buf2), Bytes(kZeros)); + EXPECT_NE(Bytes(buf3), Bytes(kZeros)); +} +#endif // !OPENSSL_WINDOWS && !BORINGSSL_UNSAFE_DETERMINISTIC_MODE + +#if !defined(OPENSSL_NO_THREADS) +static void RunConcurrentRands(size_t num_threads) { + static const uint8_t kZeros[256] = {0}; + + std::vector<std::array<uint8_t, 256>> bufs(num_threads); + std::vector<std::thread> threads(num_threads); + + for (size_t i = 0; i < num_threads; i++) { + threads[i] = + std::thread([i, &bufs] { RAND_bytes(bufs[i].data(), bufs[i].size()); }); + } + for (size_t i = 0; i < num_threads; i++) { + threads[i].join(); + } + + for (size_t i = 0; i < num_threads; i++) { + EXPECT_NE(Bytes(bufs[i]), Bytes(kZeros)); + for (size_t j = i + 1; j < num_threads; j++) { + EXPECT_NE(Bytes(bufs[i]), Bytes(bufs[j])); + } + } +} + +// Test that threads may concurrently draw entropy without tripping TSan. +TEST(RandTest, Threads) { + constexpr size_t kFewerThreads = 10; + constexpr size_t kMoreThreads = 20; + + // Draw entropy in parallel. + RunConcurrentRands(kFewerThreads); + // Draw entropy in parallel with higher concurrency than the previous maximum. + RunConcurrentRands(kMoreThreads); + // Draw entropy in parallel with lower concurrency than the previous maximum. + RunConcurrentRands(kFewerThreads); +} +#endif diff --git a/src/crypto/rc4/CMakeLists.txt b/src/crypto/rc4/CMakeLists.txt deleted file mode 100644 index a008fe53..00000000 --- a/src/crypto/rc4/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - rc4 - - OBJECT - - rc4.c -) diff --git a/src/crypto/rsa_extra/CMakeLists.txt b/src/crypto/rsa_extra/CMakeLists.txt deleted file mode 100644 index b705f168..00000000 --- a/src/crypto/rsa_extra/CMakeLists.txt +++ /dev/null @@ -1,10 +0,0 @@ -include_directories(../../include) - -add_library( - rsa_extra - - OBJECT - - rsa_asn1.c - rsa_print.c -) diff --git a/src/crypto/stack/CMakeLists.txt b/src/crypto/stack/CMakeLists.txt deleted file mode 100644 index dcd8ef49..00000000 --- a/src/crypto/stack/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - stack - - OBJECT - - stack.c -) diff --git a/src/crypto/test/CMakeLists.txt b/src/crypto/test/CMakeLists.txt index 90707dd3..3e02c3c7 100644 --- a/src/crypto/test/CMakeLists.txt +++ b/src/crypto/test/CMakeLists.txt @@ -9,6 +9,8 @@ add_library( wycheproof_util.cc ) +add_dependencies(test_support global_target) + add_library( boringssl_gtest_main @@ -16,3 +18,5 @@ add_library( gtest_main.cc ) + +add_dependencies(boringssl_gtest_main global_target) diff --git a/src/crypto/test/gtest_main.cc b/src/crypto/test/gtest_main.cc index 4071040a..5dc8b232 100644 --- a/src/crypto/test/gtest_main.cc +++ b/src/crypto/test/gtest_main.cc @@ -12,13 +12,26 @@ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include <string.h> + #include <gtest/gtest.h> +#include <openssl/rand.h> + #include "gtest_main.h" int main(int argc, char **argv) { testing::InitGoogleTest(&argc, argv); bssl::SetupGoogleTest(); + +#if !defined(OPENSSL_WINDOWS) + for (int i = 1; i < argc; i++) { + if (strcmp(argv[i], "--fork_unsafe_buffering") == 0) { + RAND_enable_fork_unsafe_buffering(-1); + } + } +#endif + return RUN_ALL_TESTS(); } diff --git a/src/crypto/test/gtest_main.h b/src/crypto/test/gtest_main.h index d21af102..20ccf214 100644 --- a/src/crypto/test/gtest_main.h +++ b/src/crypto/test/gtest_main.h @@ -27,10 +27,12 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3)) #include <winsock2.h> OPENSSL_MSVC_PRAGMA(warning(pop)) +#else +#include <signal.h> #endif -namespace bssl { +BSSL_NAMESPACE_BEGIN class ErrorTestEventListener : public testing::EmptyTestEventListener { public: @@ -67,13 +69,17 @@ inline void SetupGoogleTest() { fprintf(stderr, "Didn't get expected version: %x\n", wsa_data.wVersion); exit(1); } +#else + // Some tests create pipes. We check return values, so avoid being killed by + // |SIGPIPE|. + signal(SIGPIPE, SIG_IGN); #endif testing::UnitTest::GetInstance()->listeners().Append( new ErrorTestEventListener); } -} // namespace bssl +BSSL_NAMESPACE_END #endif // OPENSSL_HEADER_CRYPTO_TEST_GTEST_MAIN_H diff --git a/src/crypto/x509/CMakeLists.txt b/src/crypto/x509/CMakeLists.txt deleted file mode 100644 index 74001e7e..00000000 --- a/src/crypto/x509/CMakeLists.txt +++ /dev/null @@ -1,57 +0,0 @@ -include_directories(../../include) - -add_library( - x509 - - OBJECT - - a_digest.c - a_sign.c - a_strex.c - a_verify.c - algorithm.c - asn1_gen.c - by_dir.c - by_file.c - i2d_pr.c - rsa_pss.c - t_crl.c - t_req.c - t_x509.c - t_x509a.c - x509.c - x509_att.c - x509_cmp.c - x509_d2.c - x509_def.c - x509_ext.c - x509_lu.c - x509_obj.c - x509_r2x.c - x509_req.c - x509_set.c - x509_trs.c - x509_txt.c - x509_v3.c - x509_vfy.c - x509_vpm.c - x509cset.c - x509name.c - x509rset.c - x509spki.c - x_algor.c - x_all.c - x_attrib.c - x_crl.c - x_exten.c - x_info.c - x_name.c - x_pkey.c - x_pubkey.c - x_req.c - x_sig.c - x_spki.c - x_val.c - x_x509.c - x_x509a.c -) diff --git a/src/crypto/x509v3/CMakeLists.txt b/src/crypto/x509v3/CMakeLists.txt deleted file mode 100644 index 61196399..00000000 --- a/src/crypto/x509v3/CMakeLists.txt +++ /dev/null @@ -1,45 +0,0 @@ -include_directories(../../include) - -add_library( - x509v3 - - OBJECT - - # v3_addr.c - disabled by upstream by default. - # v3_asid.c - disabled by upstream by default. - # v3_ocsp.c - missing OCSP for now. - - pcy_cache.c - pcy_data.c - pcy_lib.c - pcy_map.c - pcy_node.c - pcy_tree.c - v3_akey.c - v3_akeya.c - v3_alt.c - v3_bcons.c - v3_bitst.c - v3_conf.c - v3_cpols.c - v3_crld.c - v3_enum.c - v3_extku.c - v3_genn.c - v3_ia5.c - v3_info.c - v3_int.c - v3_lib.c - v3_ncons.c - v3_ocsp.c - v3_pci.c - v3_pcia.c - v3_pcons.c - v3_pku.c - v3_pmaps.c - v3_prn.c - v3_purp.c - v3_skey.c - v3_sxnet.c - v3_utl.c -) diff --git a/src/decrepit/CMakeLists.txt b/src/decrepit/CMakeLists.txt index bebc624c..1cb5e11f 100644 --- a/src/decrepit/CMakeLists.txt +++ b/src/decrepit/CMakeLists.txt @@ -1,41 +1,29 @@ include_directories(../include) -add_subdirectory(bio) -add_subdirectory(blowfish) -add_subdirectory(cast) -add_subdirectory(cfb) -add_subdirectory(des) -add_subdirectory(dh) -add_subdirectory(dsa) -add_subdirectory(evp) -add_subdirectory(obj) -add_subdirectory(rc4) -add_subdirectory(ripemd) -add_subdirectory(rsa) -add_subdirectory(ssl) -add_subdirectory(x509) -add_subdirectory(xts) - add_library( decrepit - $<TARGET_OBJECTS:bio_decrepit> - $<TARGET_OBJECTS:blowfish> - $<TARGET_OBJECTS:cast> - $<TARGET_OBJECTS:cfb> - $<TARGET_OBJECTS:des_decrepit> - $<TARGET_OBJECTS:dh_decrepit> - $<TARGET_OBJECTS:dsa_decrepit> - $<TARGET_OBJECTS:evp_decrepit> - $<TARGET_OBJECTS:obj_decrepit> - $<TARGET_OBJECTS:rc4_decrepit> - $<TARGET_OBJECTS:ripemd_decrepit> - $<TARGET_OBJECTS:rsa_decrepit> - $<TARGET_OBJECTS:ssl_decrepit> - $<TARGET_OBJECTS:x509_decrepit> - $<TARGET_OBJECTS:xts> + bio/base64_bio.c + blowfish/blowfish.c + cast/cast.c + cast/cast_tables.c + cfb/cfb.c + des/cfb64ede.c + dh/dh_decrepit.c + dsa/dsa_decrepit.c + evp/dss1.c + evp/evp_do_all.c + obj/obj_decrepit.c + rc4/rc4_decrepit.c + ripemd/ripemd.c + rsa/rsa_decrepit.c + ssl/ssl_decrepit.c + x509/x509_decrepit.c + xts/xts.c ) +add_dependencies(decrepit global_target) + target_link_libraries(decrepit crypto ssl) add_executable( @@ -48,6 +36,8 @@ add_executable( $<TARGET_OBJECTS:test_support> ) +add_dependencies(decrepit_test global_target) + target_link_libraries(decrepit_test crypto decrepit boringssl_gtest) if(WIN32) target_link_libraries(decrepit_test ws2_32) diff --git a/src/decrepit/bio/CMakeLists.txt b/src/decrepit/bio/CMakeLists.txt deleted file mode 100644 index 95d92311..00000000 --- a/src/decrepit/bio/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - bio_decrepit - - OBJECT - - base64_bio.c -) diff --git a/src/decrepit/blowfish/CMakeLists.txt b/src/decrepit/blowfish/CMakeLists.txt deleted file mode 100644 index 29729c49..00000000 --- a/src/decrepit/blowfish/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - blowfish - - OBJECT - - blowfish.c -) diff --git a/src/decrepit/cast/CMakeLists.txt b/src/decrepit/cast/CMakeLists.txt deleted file mode 100644 index 2830381a..00000000 --- a/src/decrepit/cast/CMakeLists.txt +++ /dev/null @@ -1,10 +0,0 @@ -include_directories(../../include) - -add_library( - cast - - OBJECT - - cast.c - cast_tables.c -) diff --git a/src/decrepit/cfb/CMakeLists.txt b/src/decrepit/cfb/CMakeLists.txt deleted file mode 100644 index 63a0ca54..00000000 --- a/src/decrepit/cfb/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - cfb - - OBJECT - - cfb.c -) diff --git a/src/decrepit/des/CMakeLists.txt b/src/decrepit/des/CMakeLists.txt deleted file mode 100644 index 0ee5c2e3..00000000 --- a/src/decrepit/des/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - des_decrepit - - OBJECT - - cfb64ede.c -) diff --git a/src/decrepit/dh/CMakeLists.txt b/src/decrepit/dh/CMakeLists.txt deleted file mode 100644 index fb862b51..00000000 --- a/src/decrepit/dh/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - dh_decrepit - - OBJECT - - dh_decrepit.c -) diff --git a/src/decrepit/dsa/CMakeLists.txt b/src/decrepit/dsa/CMakeLists.txt deleted file mode 100644 index cc64b604..00000000 --- a/src/decrepit/dsa/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - dsa_decrepit - - OBJECT - - dsa_decrepit.c -) diff --git a/src/decrepit/evp/CMakeLists.txt b/src/decrepit/evp/CMakeLists.txt deleted file mode 100644 index e631a9a9..00000000 --- a/src/decrepit/evp/CMakeLists.txt +++ /dev/null @@ -1,10 +0,0 @@ -include_directories(../../include) - -add_library( - evp_decrepit - - OBJECT - - dss1.c - evp_do_all.c -) diff --git a/src/decrepit/obj/CMakeLists.txt b/src/decrepit/obj/CMakeLists.txt deleted file mode 100644 index caaecd32..00000000 --- a/src/decrepit/obj/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - obj_decrepit - - OBJECT - - obj_decrepit.c -) diff --git a/src/decrepit/rc4/CMakeLists.txt b/src/decrepit/rc4/CMakeLists.txt deleted file mode 100644 index 459b24e2..00000000 --- a/src/decrepit/rc4/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - rc4_decrepit - - OBJECT - - rc4_decrepit.c -) diff --git a/src/decrepit/ripemd/CMakeLists.txt b/src/decrepit/ripemd/CMakeLists.txt deleted file mode 100644 index d3dd2842..00000000 --- a/src/decrepit/ripemd/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - ripemd_decrepit - - OBJECT - - ripemd.c -) diff --git a/src/decrepit/rsa/CMakeLists.txt b/src/decrepit/rsa/CMakeLists.txt deleted file mode 100644 index 66d836b1..00000000 --- a/src/decrepit/rsa/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - rsa_decrepit - - OBJECT - - rsa_decrepit.c -) diff --git a/src/decrepit/ssl/CMakeLists.txt b/src/decrepit/ssl/CMakeLists.txt deleted file mode 100644 index fba0234d..00000000 --- a/src/decrepit/ssl/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - ssl_decrepit - - OBJECT - - ssl_decrepit.c -) diff --git a/src/decrepit/x509/CMakeLists.txt b/src/decrepit/x509/CMakeLists.txt deleted file mode 100644 index 930912d1..00000000 --- a/src/decrepit/x509/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - x509_decrepit - - OBJECT - - x509_decrepit.c -) diff --git a/src/decrepit/xts/CMakeLists.txt b/src/decrepit/xts/CMakeLists.txt deleted file mode 100644 index 7dccde03..00000000 --- a/src/decrepit/xts/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - xts - - OBJECT - - xts.c -) diff --git a/src/fipstools/CMakeLists.txt b/src/fipstools/CMakeLists.txt index f0f7b2cb..779fcd1a 100644 --- a/src/fipstools/CMakeLists.txt +++ b/src/fipstools/CMakeLists.txt @@ -29,6 +29,8 @@ if(FIPS) $<TARGET_OBJECTS:test_support> ) + add_dependencies(cavp global_target) + add_executable( test_fips @@ -36,6 +38,8 @@ if(FIPS) $<TARGET_OBJECTS:test_support> ) + add_dependencies(test_fips global_target) + target_link_libraries(cavp crypto) target_link_libraries(test_fips crypto) endif() diff --git a/src/include/openssl/aead.h b/src/include/openssl/aead.h index af315548..f19344e4 100644 --- a/src/include/openssl/aead.h +++ b/src/include/openssl/aead.h @@ -425,7 +425,7 @@ OPENSSL_EXPORT int EVP_AEAD_CTX_tag_len(const EVP_AEAD_CTX *ctx, #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN using ScopedEVP_AEAD_CTX = internal::StackAllocated<EVP_AEAD_CTX, void, EVP_AEAD_CTX_zero, @@ -433,7 +433,7 @@ using ScopedEVP_AEAD_CTX = BORINGSSL_MAKE_DELETER(EVP_AEAD_CTX, EVP_AEAD_CTX_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/src/include/openssl/asn1.h b/src/include/openssl/asn1.h index f7b6b861..46e5f537 100644 --- a/src/include/openssl/asn1.h +++ b/src/include/openssl/asn1.h @@ -875,13 +875,13 @@ OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(ASN1_OBJECT, ASN1_OBJECT_free) BORINGSSL_MAKE_DELETER(ASN1_STRING, ASN1_STRING_free) BORINGSSL_MAKE_DELETER(ASN1_TYPE, ASN1_TYPE_free) -} // namespace bssl +BSSL_NAMESPACE_END } /* extern C++ */ diff --git a/src/include/openssl/base.h b/src/include/openssl/base.h index aa1be1f7..d1349934 100644 --- a/src/include/openssl/base.h +++ b/src/include/openssl/base.h @@ -71,6 +71,10 @@ #include <openssl/is_boringssl.h> #include <openssl/opensslconf.h> +#if defined(BORINGSSL_PREFIX) +#include <boringssl_prefix_symbols.h> +#endif + #if defined(__cplusplus) extern "C" { #endif @@ -227,9 +231,17 @@ extern "C" { #endif #if __has_feature(memory_sanitizer) #define OPENSSL_MSAN +#define OPENSSL_ASM_INCOMPATIBLE #endif #endif +#if defined(OPENSSL_ASM_INCOMPATIBLE) +#undef OPENSSL_ASM_INCOMPATIBLE +#if !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM +#endif +#endif // OPENSSL_ASM_INCOMPATIBLE + // CRYPTO_THREADID is a dummy value. typedef int CRYPTO_THREADID; @@ -358,6 +370,18 @@ typedef void *OPENSSL_BLOCK; #define BORINGSSL_NO_CXX #endif +#if defined(BORINGSSL_PREFIX) +#define BSSL_NAMESPACE_BEGIN \ + namespace bssl { \ + inline namespace BORINGSSL_PREFIX { +#define BSSL_NAMESPACE_END \ + } \ + } +#else +#define BSSL_NAMESPACE_BEGIN namespace bssl { +#define BSSL_NAMESPACE_END } +#endif + // MSVC doesn't set __cplusplus to 201103 to indicate C++11 support (see // https://connect.microsoft.com/VisualStudio/feedback/details/763051/a-value-of-predefined-macro-cplusplus-is-still-199711l) // so MSVC is just assumed to support C++11. @@ -366,6 +390,7 @@ typedef void *OPENSSL_BLOCK; #endif #if !defined(BORINGSSL_NO_CXX) + extern "C++" { #include <memory> @@ -387,7 +412,7 @@ extern "C++" { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN namespace internal { @@ -464,7 +489,7 @@ using UniquePtr = std::unique_ptr<T, internal::Deleter<T>>; return UpRef(ptr.get()); \ } -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/base64.h b/src/include/openssl/base64.h index ef760886..c88546d7 100644 --- a/src/include/openssl/base64.h +++ b/src/include/openssl/base64.h @@ -67,7 +67,10 @@ extern "C" { // base64 functions. // // For historical reasons, these functions have the EVP_ prefix but just do -// base64 encoding and decoding. +// base64 encoding and decoding. Note that BoringSSL is a cryptography library, +// so these functions are implemented with side channel protections, at a +// performance cost. For other base64 uses, use a general-purpose base64 +// implementation. // Encoding diff --git a/src/include/openssl/bio.h b/src/include/openssl/bio.h index adb641b2..70c2fbf7 100644 --- a/src/include/openssl/bio.h +++ b/src/include/openssl/bio.h @@ -677,26 +677,49 @@ OPENSSL_EXPORT void BIO_set_init(BIO *bio, int init); OPENSSL_EXPORT int BIO_get_init(BIO *bio); // These are values of the |cmd| argument to |BIO_ctrl|. -#define BIO_CTRL_RESET 1 // opt - rewind/zero etc -#define BIO_CTRL_EOF 2 // opt - are we at the eof -#define BIO_CTRL_INFO 3 // opt - extra tit-bits -#define BIO_CTRL_SET 4 // man - set the 'IO' type -#define BIO_CTRL_GET 5 // man - get the 'IO' type -#define BIO_CTRL_PUSH 6 -#define BIO_CTRL_POP 7 -#define BIO_CTRL_GET_CLOSE 8 // man - set the 'close' on free -#define BIO_CTRL_SET_CLOSE 9 // man - set the 'close' on free -#define BIO_CTRL_PENDING 10 // opt - is their more data buffered -#define BIO_CTRL_FLUSH 11 // opt - 'flush' buffered output -#define BIO_CTRL_WPENDING 13 // opt - number of bytes still to write -// callback is int cb(BIO *bio,state,ret); -#define BIO_CTRL_SET_CALLBACK 14 // opt - set callback function -#define BIO_CTRL_GET_CALLBACK 15 // opt - set callback function -#define BIO_CTRL_SET_FILENAME 30 // BIO_s_file special - -// BIO_CTRL_DUP is never used, but exists to allow code to compile more -// easily. -#define BIO_CTRL_DUP 12 + +// BIO_CTRL_RESET implements |BIO_reset|. The arguments are unused. +#define BIO_CTRL_RESET 1 + +// BIO_CTRL_EOF implements |BIO_eof|. The arguments are unused. +#define BIO_CTRL_EOF 2 + +// BIO_CTRL_INFO is a legacy command that returns information specific to the +// type of |BIO|. It is not safe to call generically and should not be +// implemented in new |BIO| types. +#define BIO_CTRL_INFO 3 + +// BIO_CTRL_GET_CLOSE returns the close flag set by |BIO_CTRL_SET_CLOSE|. The +// arguments are unused. +#define BIO_CTRL_GET_CLOSE 8 + +// BIO_CTRL_SET_CLOSE implements |BIO_set_close|. The |larg| argument is the +// close flag. +#define BIO_CTRL_SET_CLOSE 9 + +// BIO_CTRL_PENDING implements |BIO_pending|. The arguments are unused. +#define BIO_CTRL_PENDING 10 + +// BIO_CTRL_FLUSH implements |BIO_flush|. The arguments are unused. +#define BIO_CTRL_FLUSH 11 + +// BIO_CTRL_WPENDING implements |BIO_wpending|. The arguments are unused. +#define BIO_CTRL_WPENDING 13 + +// BIO_CTRL_SET_CALLBACK sets an informational callback of type +// int cb(BIO *bio, int state, int ret) +#define BIO_CTRL_SET_CALLBACK 14 + +// BIO_CTRL_GET_CALLBACK returns the callback set by |BIO_CTRL_SET_CALLBACK|. +#define BIO_CTRL_GET_CALLBACK 15 + +// The following are never used, but are defined to aid porting existing code. +#define BIO_CTRL_SET 4 +#define BIO_CTRL_GET 5 +#define BIO_CTRL_PUSH 6 +#define BIO_CTRL_POP 7 +#define BIO_CTRL_DUP 12 +#define BIO_CTRL_SET_FILENAME 30 // Deprecated functions. @@ -706,6 +729,8 @@ OPENSSL_EXPORT int BIO_get_init(BIO *bio); // |BIO_flush| when done writing, to signal that no more data are to be // encoded. The flag |BIO_FLAGS_BASE64_NO_NL| may be set to encode all the data // on one line. +// +// Use |EVP_EncodeBlock| and |EVP_DecodeBase64| instead. OPENSSL_EXPORT const BIO_METHOD *BIO_f_base64(void); OPENSSL_EXPORT void BIO_set_retry_special(BIO *bio); @@ -733,8 +758,8 @@ OPENSSL_EXPORT int BIO_meth_set_puts(BIO_METHOD *method, #define BIO_FLAGS_RWS (BIO_FLAGS_READ | BIO_FLAGS_WRITE | BIO_FLAGS_IO_SPECIAL) #define BIO_FLAGS_SHOULD_RETRY 0x08 #define BIO_FLAGS_BASE64_NO_NL 0x100 -// This is used with memory BIOs: it means we shouldn't free up or change the -// data in any way. +// BIO_FLAGS_MEM_RDONLY is used with memory BIOs. It means we shouldn't free up +// or change the data in any way. #define BIO_FLAGS_MEM_RDONLY 0x200 // These are the 'types' of BIOs @@ -762,7 +787,7 @@ OPENSSL_EXPORT int BIO_meth_set_puts(BIO_METHOD *method, #define BIO_TYPE_ASN1 (22 | 0x0200) // filter #define BIO_TYPE_COMP (23 | 0x0200) // filter -// |BIO_TYPE_DESCRIPTOR| denotes that the |BIO| responds to the |BIO_C_SET_FD| +// BIO_TYPE_DESCRIPTOR denotes that the |BIO| responds to the |BIO_C_SET_FD| // (|BIO_set_fd|) and |BIO_C_GET_FD| (|BIO_get_fd|) control hooks. #define BIO_TYPE_DESCRIPTOR 0x0100 // socket, fd, connect or accept #define BIO_TYPE_FILTER 0x0200 @@ -809,61 +834,61 @@ struct bio_st { size_t num_read, num_write; }; -#define BIO_C_SET_CONNECT 100 -#define BIO_C_DO_STATE_MACHINE 101 -#define BIO_C_SET_NBIO 102 -#define BIO_C_SET_PROXY_PARAM 103 -#define BIO_C_SET_FD 104 -#define BIO_C_GET_FD 105 -#define BIO_C_SET_FILE_PTR 106 -#define BIO_C_GET_FILE_PTR 107 -#define BIO_C_SET_FILENAME 108 -#define BIO_C_SET_SSL 109 -#define BIO_C_GET_SSL 110 -#define BIO_C_SET_MD 111 -#define BIO_C_GET_MD 112 -#define BIO_C_GET_CIPHER_STATUS 113 -#define BIO_C_SET_BUF_MEM 114 -#define BIO_C_GET_BUF_MEM_PTR 115 -#define BIO_C_GET_BUFF_NUM_LINES 116 -#define BIO_C_SET_BUFF_SIZE 117 -#define BIO_C_SET_ACCEPT 118 -#define BIO_C_SSL_MODE 119 -#define BIO_C_GET_MD_CTX 120 -#define BIO_C_GET_PROXY_PARAM 121 -#define BIO_C_SET_BUFF_READ_DATA 122 // data to read first -#define BIO_C_GET_ACCEPT 124 -#define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 -#define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 -#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 -#define BIO_C_FILE_SEEK 128 -#define BIO_C_GET_CIPHER_CTX 129 -#define BIO_C_SET_BUF_MEM_EOF_RETURN 130 //return end of input value -#define BIO_C_SET_BIND_MODE 131 -#define BIO_C_GET_BIND_MODE 132 -#define BIO_C_FILE_TELL 133 -#define BIO_C_GET_SOCKS 134 -#define BIO_C_SET_SOCKS 135 - -#define BIO_C_SET_WRITE_BUF_SIZE 136 // for BIO_s_bio -#define BIO_C_GET_WRITE_BUF_SIZE 137 -#define BIO_C_GET_WRITE_GUARANTEE 140 -#define BIO_C_GET_READ_REQUEST 141 -#define BIO_C_SHUTDOWN_WR 142 -#define BIO_C_NREAD0 143 -#define BIO_C_NREAD 144 -#define BIO_C_NWRITE0 145 -#define BIO_C_NWRITE 146 -#define BIO_C_RESET_READ_REQUEST 147 -#define BIO_C_SET_MD_CTX 148 - -#define BIO_C_SET_PREFIX 149 -#define BIO_C_GET_PREFIX 150 -#define BIO_C_SET_SUFFIX 151 -#define BIO_C_GET_SUFFIX 152 - -#define BIO_C_SET_EX_ARG 153 -#define BIO_C_GET_EX_ARG 154 +#define BIO_C_SET_CONNECT 100 +#define BIO_C_DO_STATE_MACHINE 101 +#define BIO_C_SET_NBIO 102 +#define BIO_C_SET_PROXY_PARAM 103 +#define BIO_C_SET_FD 104 +#define BIO_C_GET_FD 105 +#define BIO_C_SET_FILE_PTR 106 +#define BIO_C_GET_FILE_PTR 107 +#define BIO_C_SET_FILENAME 108 +#define BIO_C_SET_SSL 109 +#define BIO_C_GET_SSL 110 +#define BIO_C_SET_MD 111 +#define BIO_C_GET_MD 112 +#define BIO_C_GET_CIPHER_STATUS 113 +#define BIO_C_SET_BUF_MEM 114 +#define BIO_C_GET_BUF_MEM_PTR 115 +#define BIO_C_GET_BUFF_NUM_LINES 116 +#define BIO_C_SET_BUFF_SIZE 117 +#define BIO_C_SET_ACCEPT 118 +#define BIO_C_SSL_MODE 119 +#define BIO_C_GET_MD_CTX 120 +#define BIO_C_GET_PROXY_PARAM 121 +#define BIO_C_SET_BUFF_READ_DATA 122 // data to read first +#define BIO_C_GET_ACCEPT 124 +#define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 +#define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 +#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 +#define BIO_C_FILE_SEEK 128 +#define BIO_C_GET_CIPHER_CTX 129 +#define BIO_C_SET_BUF_MEM_EOF_RETURN 130 // return end of input value +#define BIO_C_SET_BIND_MODE 131 +#define BIO_C_GET_BIND_MODE 132 +#define BIO_C_FILE_TELL 133 +#define BIO_C_GET_SOCKS 134 +#define BIO_C_SET_SOCKS 135 + +#define BIO_C_SET_WRITE_BUF_SIZE 136 // for BIO_s_bio +#define BIO_C_GET_WRITE_BUF_SIZE 137 +#define BIO_C_GET_WRITE_GUARANTEE 140 +#define BIO_C_GET_READ_REQUEST 141 +#define BIO_C_SHUTDOWN_WR 142 +#define BIO_C_NREAD0 143 +#define BIO_C_NREAD 144 +#define BIO_C_NWRITE0 145 +#define BIO_C_NWRITE 146 +#define BIO_C_RESET_READ_REQUEST 147 +#define BIO_C_SET_MD_CTX 148 + +#define BIO_C_SET_PREFIX 149 +#define BIO_C_GET_PREFIX 150 +#define BIO_C_SET_SUFFIX 151 +#define BIO_C_GET_SUFFIX 152 + +#define BIO_C_SET_EX_ARG 153 +#define BIO_C_GET_EX_ARG 154 #if defined(__cplusplus) @@ -871,12 +896,12 @@ struct bio_st { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(BIO, BIO_free) BORINGSSL_MAKE_UP_REF(BIO, BIO_up_ref) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/bn.h b/src/include/openssl/bn.h index e8cc70a8..251c717c 100644 --- a/src/include/openssl/bn.h +++ b/src/include/openssl/bn.h @@ -630,9 +630,12 @@ OPENSSL_EXPORT int BN_rand_range_ex(BIGNUM *r, BN_ULONG min_inclusive, // BN_pseudo_rand_range is an alias for BN_rand_range. OPENSSL_EXPORT int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); -// BN_GENCB holds a callback function that is used by generation functions that -// can take a very long time to complete. Use |BN_GENCB_set| to initialise a -// |BN_GENCB| structure. +#define BN_GENCB_GENERATED 0 +#define BN_GENCB_PRIME_TEST 1 + +// bn_gencb_st, or |BN_GENCB|, holds a callback function that is used by +// generation functions that can take a very long time to complete. Use +// |BN_GENCB_set| to initialise a |BN_GENCB| structure. // // The callback receives the address of that |BN_GENCB| structure as its last // argument and the user is free to put an arbitrary pointer in |arg|. The other @@ -648,9 +651,6 @@ OPENSSL_EXPORT int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); // // When other code needs to call a BN generation function it will often take a // BN_GENCB argument and may call the function with other argument values. -#define BN_GENCB_GENERATED 0 -#define BN_GENCB_PRIME_TEST 1 - struct bn_gencb_st { void *arg; // callback-specific data int (*callback)(int event, int n, struct bn_gencb_st *); @@ -987,7 +987,7 @@ OPENSSL_EXPORT unsigned BN_num_bits_word(BN_ULONG l); #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(BIGNUM, BN_free) BORINGSSL_MAKE_DELETER(BN_CTX, BN_CTX_free) @@ -1005,7 +1005,7 @@ class BN_CTXScope { BN_CTXScope &operator=(BN_CTXScope &) = delete; }; -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/src/include/openssl/buf.h b/src/include/openssl/buf.h index 3f961b87..10a555f4 100644 --- a/src/include/openssl/buf.h +++ b/src/include/openssl/buf.h @@ -124,11 +124,11 @@ OPENSSL_EXPORT size_t BUF_strlcat(char *dst, const char *src, size_t dst_size); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(BUF_MEM, BUF_MEM_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/bytestring.h b/src/include/openssl/bytestring.h index 30576042..1400f2ed 100644 --- a/src/include/openssl/bytestring.h +++ b/src/include/openssl/bytestring.h @@ -491,11 +491,11 @@ OPENSSL_EXPORT int CBB_flush_asn1_set_of(CBB *cbb); #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN using ScopedCBB = internal::StackAllocated<CBB, void, CBB_zero, CBB_cleanup>; -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/src/include/openssl/cipher.h b/src/include/openssl/cipher.h index 727d7a7f..59634138 100644 --- a/src/include/openssl/cipher.h +++ b/src/include/openssl/cipher.h @@ -438,7 +438,7 @@ OPENSSL_EXPORT void EVP_CIPHER_CTX_set_flags(const EVP_CIPHER_CTX *ctx, // EVP_CIPH_NO_PADDING disables padding in block ciphers. #define EVP_CIPH_NO_PADDING 0x800 -// EVP_CIPHER_CTX_ctrl commands. +// The following are |EVP_CIPHER_CTX_ctrl| commands. #define EVP_CTRL_INIT 0x0 #define EVP_CTRL_SET_KEY_LENGTH 0x1 #define EVP_CTRL_GET_RC2_KEY_BITS 0x2 @@ -454,15 +454,12 @@ OPENSSL_EXPORT void EVP_CIPHER_CTX_set_flags(const EVP_CIPHER_CTX *ctx, #define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 #define EVP_CTRL_GCM_IV_GEN 0x13 #define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 -// Set the GCM invocation field, decrypt only +// EVP_CTRL_GCM_SET_IV_INV sets the GCM invocation field, decrypt only #define EVP_CTRL_GCM_SET_IV_INV 0x18 -// GCM TLS constants -// Length of fixed part of IV derived from PRF +// The following constants are unused. #define EVP_GCM_TLS_FIXED_IV_LEN 4 -// Length of explicit part of IV part of TLS records #define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 -// Length of tag for TLS #define EVP_GCM_TLS_TAG_LEN 16 // The following are legacy aliases for AEAD |EVP_CIPHER_CTX_ctrl| values. @@ -574,7 +571,7 @@ struct evp_cipher_st { #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(EVP_CIPHER_CTX, EVP_CIPHER_CTX_free) @@ -582,7 +579,7 @@ using ScopedEVP_CIPHER_CTX = internal::StackAllocated<EVP_CIPHER_CTX, int, EVP_CIPHER_CTX_init, EVP_CIPHER_CTX_cleanup>; -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/src/include/openssl/cmac.h b/src/include/openssl/cmac.h index 5e9f3d03..3e8cf929 100644 --- a/src/include/openssl/cmac.h +++ b/src/include/openssl/cmac.h @@ -78,11 +78,11 @@ OPENSSL_EXPORT int CMAC_Final(CMAC_CTX *ctx, uint8_t *out, size_t *out_len); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(CMAC_CTX, CMAC_CTX_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/conf.h b/src/include/openssl/conf.h index 4ffce378..07e34eec 100644 --- a/src/include/openssl/conf.h +++ b/src/include/openssl/conf.h @@ -162,11 +162,11 @@ OPENSSL_EXPORT void OPENSSL_no_config(void); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(CONF, NCONF_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/curve25519.h b/src/include/openssl/curve25519.h index 332215be..a455389c 100644 --- a/src/include/openssl/curve25519.h +++ b/src/include/openssl/curve25519.h @@ -188,11 +188,11 @@ OPENSSL_EXPORT int SPAKE2_process_msg(SPAKE2_CTX *ctx, uint8_t *out_key, extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(SPAKE2_CTX, SPAKE2_CTX_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/dh.h b/src/include/openssl/dh.h index ae24c25d..7188790a 100644 --- a/src/include/openssl/dh.h +++ b/src/include/openssl/dh.h @@ -278,11 +278,11 @@ struct dh_st { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(DH, DH_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/digest.h b/src/include/openssl/digest.h index 4a2b710f..1a1ca297 100644 --- a/src/include/openssl/digest.h +++ b/src/include/openssl/digest.h @@ -295,7 +295,7 @@ struct env_md_ctx_st { #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(EVP_MD_CTX, EVP_MD_CTX_free) @@ -303,7 +303,7 @@ using ScopedEVP_MD_CTX = internal::StackAllocated<EVP_MD_CTX, int, EVP_MD_CTX_init, EVP_MD_CTX_cleanup>; -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/src/include/openssl/dsa.h b/src/include/openssl/dsa.h index a5fa7678..70cde7bb 100644 --- a/src/include/openssl/dsa.h +++ b/src/include/openssl/dsa.h @@ -417,12 +417,12 @@ struct dsa_st { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(DSA, DSA_free) BORINGSSL_MAKE_DELETER(DSA_SIG, DSA_SIG_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/ec.h b/src/include/openssl/ec.h index dbb72abc..41a9c34c 100644 --- a/src/include/openssl/ec.h +++ b/src/include/openssl/ec.h @@ -357,12 +357,12 @@ OPENSSL_EXPORT void EC_POINT_clear_free(EC_POINT *point); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(EC_POINT, EC_POINT_free) BORINGSSL_MAKE_DELETER(EC_GROUP, EC_GROUP_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/ec_key.h b/src/include/openssl/ec_key.h index 69440498..7e9e4e8f 100644 --- a/src/include/openssl/ec_key.h +++ b/src/include/openssl/ec_key.h @@ -336,11 +336,11 @@ OPENSSL_EXPORT int i2o_ECPublicKey(const EC_KEY *key, unsigned char **outp); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(EC_KEY, EC_KEY_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/ecdsa.h b/src/include/openssl/ecdsa.h index ff326ab9..d4d353e0 100644 --- a/src/include/openssl/ecdsa.h +++ b/src/include/openssl/ecdsa.h @@ -179,11 +179,11 @@ OPENSSL_EXPORT int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(ECDSA_SIG, ECDSA_SIG_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/engine.h b/src/include/openssl/engine.h index 595e53c0..9d459527 100644 --- a/src/include/openssl/engine.h +++ b/src/include/openssl/engine.h @@ -94,11 +94,11 @@ struct openssl_method_common_st { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(ENGINE, ENGINE_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/evp.h b/src/include/openssl/evp.h index 9b00a070..1d7192da 100644 --- a/src/include/openssl/evp.h +++ b/src/include/openssl/evp.h @@ -839,8 +839,12 @@ OPENSSL_EXPORT DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey); // constants to 'ctrl' functions. To avoid breaking #ifdefs in consumers, this // section defines a number of legacy macros. +// |BORINGSSL_PREFIX| already makes each of these symbols into macros, so there +// is no need to define conflicting macros. +#if !defined(BORINGSSL_PREFIX) #define EVP_PKEY_CTX_set_rsa_oaep_md EVP_PKEY_CTX_set_rsa_oaep_md #define EVP_PKEY_CTX_set0_rsa_oaep_label EVP_PKEY_CTX_set0_rsa_oaep_label +#endif // Private structures. @@ -870,13 +874,13 @@ struct evp_pkey_st { } // extern C extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(EVP_PKEY, EVP_PKEY_free) BORINGSSL_MAKE_UP_REF(EVP_PKEY, EVP_PKEY_up_ref) BORINGSSL_MAKE_DELETER(EVP_PKEY_CTX, EVP_PKEY_CTX_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/hmac.h b/src/include/openssl/hmac.h index 977dea67..b5d1e420 100644 --- a/src/include/openssl/hmac.h +++ b/src/include/openssl/hmac.h @@ -169,14 +169,14 @@ struct hmac_ctx_st { #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(HMAC_CTX, HMAC_CTX_free) using ScopedHMAC_CTX = internal::StackAllocated<HMAC_CTX, void, HMAC_CTX_init, HMAC_CTX_cleanup>; -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/src/include/openssl/mem.h b/src/include/openssl/mem.h index 7d7087e6..9f9c00dd 100644 --- a/src/include/openssl/mem.h +++ b/src/include/openssl/mem.h @@ -142,12 +142,12 @@ OPENSSL_EXPORT int BIO_vsnprintf(char *buf, size_t n, const char *format, extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(char, OPENSSL_free) BORINGSSL_MAKE_DELETER(uint8_t, OPENSSL_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/pkcs7.h b/src/include/openssl/pkcs7.h index 52b649c2..cb6155ff 100644 --- a/src/include/openssl/pkcs7.h +++ b/src/include/openssl/pkcs7.h @@ -199,11 +199,11 @@ OPENSSL_EXPORT PKCS7 *PKCS7_sign(X509 *sign_cert, EVP_PKEY *pkey, } // extern C extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(PKCS7, PKCS7_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ #endif diff --git a/src/include/openssl/pkcs8.h b/src/include/openssl/pkcs8.h index 9a66dd02..ee48f194 100644 --- a/src/include/openssl/pkcs8.h +++ b/src/include/openssl/pkcs8.h @@ -215,12 +215,12 @@ OPENSSL_EXPORT void PKCS12_free(PKCS12 *p12); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(PKCS12, PKCS12_free) BORINGSSL_MAKE_DELETER(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/pool.h b/src/include/openssl/pool.h index 1259f4a5..0e4bdd5c 100644 --- a/src/include/openssl/pool.h +++ b/src/include/openssl/pool.h @@ -87,13 +87,13 @@ OPENSSL_EXPORT void CRYPTO_BUFFER_init_CBS(const CRYPTO_BUFFER *buf, CBS *out); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER_POOL, CRYPTO_BUFFER_POOL_free) BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER, CRYPTO_BUFFER_free) BORINGSSL_MAKE_UP_REF(CRYPTO_BUFFER, CRYPTO_BUFFER_up_ref) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/rsa.h b/src/include/openssl/rsa.h index 98bb31c3..8098c482 100644 --- a/src/include/openssl/rsa.h +++ b/src/include/openssl/rsa.h @@ -175,11 +175,19 @@ OPENSSL_EXPORT int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb); // These functions are considered non-mutating for thread-safety purposes and // may be used concurrently. -// Padding types for encryption. +// RSA_PKCS1_PADDING denotes PKCS#1 v1.5 padding. When used with encryption, +// this is RSAES-PKCS1-v1_5. When used with signing, this is RSASSA-PKCS1-v1_5. #define RSA_PKCS1_PADDING 1 + +// RSA_NO_PADDING denotes a raw RSA operation. #define RSA_NO_PADDING 3 + +// RSA_PKCS1_OAEP_PADDING denotes the RSAES-OAEP encryption scheme. #define RSA_PKCS1_OAEP_PADDING 4 -// RSA_PKCS1_PSS_PADDING can only be used via the EVP interface. + +// RSA_PKCS1_PSS_PADDING denotes the RSASSA-PSS signature scheme. This value may +// not be passed into |RSA_sign_raw|, only |EVP_PKEY_CTX_set_rsa_padding|. See +// also |RSA_sign_pss_mgf1| and |RSA_verify_pss_mgf1|. #define RSA_PKCS1_PSS_PADDING 6 // RSA_encrypt encrypts |in_len| bytes from |in| to the public key from |rsa| @@ -285,7 +293,8 @@ OPENSSL_EXPORT int RSA_sign_pss_mgf1(RSA *rsa, size_t *out_len, uint8_t *out, // // The |padding| argument must be one of the |RSA_*_PADDING| values. If in // doubt, |RSA_PKCS1_PADDING| is the most common but |RSA_PKCS1_PSS_PADDING| -// (via the |EVP_PKEY| interface) is preferred for new protocols. +// (via |RSA_sign_pss_mgf1| or the |EVP_PKEY| interface) is preferred for new +// protocols. OPENSSL_EXPORT int RSA_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, const uint8_t *in, size_t in_len, int padding); @@ -330,7 +339,8 @@ OPENSSL_EXPORT int RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *msg, // // The |padding| argument must be one of the |RSA_*_PADDING| values. If in // doubt, |RSA_PKCS1_PADDING| is the most common but |RSA_PKCS1_PSS_PADDING| -// (via the |EVP_PKEY| interface) is preferred for new protocols. +// (via |RSA_verify_pss_mgf1| or the |EVP_PKEY| interface) is preferred for new +// protocols. OPENSSL_EXPORT int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, const uint8_t *in, size_t in_len, int padding); @@ -713,11 +723,11 @@ struct rsa_st { extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(RSA, RSA_free) -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/span.h b/src/include/openssl/span.h index 5ed96b7b..298a7222 100644 --- a/src/include/openssl/span.h +++ b/src/include/openssl/span.h @@ -25,7 +25,7 @@ extern "C++" { #include <cstdlib> #include <type_traits> -namespace bssl { +BSSL_NAMESPACE_BEGIN template <typename T> class Span; @@ -190,7 +190,7 @@ auto MakeConstSpan(const C &c) -> decltype(MakeConstSpan(c.data(), c.size())) { return MakeConstSpan(c.data(), c.size()); } -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h index daa58b05..0d5a444d 100644 --- a/src/include/openssl/ssl.h +++ b/src/include/openssl/ssl.h @@ -4314,6 +4314,7 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); // // These defines exist for node.js, with the hope that we can eliminate the // need for them over time. + #define SSLerr(function, reason) \ ERR_put_error(ERR_LIB_SSL, 0, reason, __FILE__, __LINE__) @@ -4382,6 +4383,10 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); #define SSL_CTRL_SET_TMP_RSA doesnt_exist #define SSL_CTRL_SET_TMP_RSA_CB doesnt_exist +// |BORINGSSL_PREFIX| already makes each of these symbols into macros, so there +// is no need to define conflicting macros. +#if !defined(BORINGSSL_PREFIX) + #define DTLSv1_get_timeout DTLSv1_get_timeout #define DTLSv1_handle_timeout DTLSv1_handle_timeout #define SSL_CTX_add0_chain_cert SSL_CTX_add0_chain_cert @@ -4451,6 +4456,8 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); #define SSL_set_tmp_rsa SSL_set_tmp_rsa #define SSL_total_renegotiations SSL_total_renegotiations +#endif // !defined(BORINGSSL_PREFIX) + #if defined(__cplusplus) } // extern C @@ -4459,7 +4466,7 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(SSL, SSL_free) BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free) @@ -4571,7 +4578,7 @@ OPENSSL_EXPORT bool SSL_apply_handoff(SSL *ssl, Span<const uint8_t> handoff); OPENSSL_EXPORT bool SSL_serialize_handback(const SSL *ssl, CBB *out); OPENSSL_EXPORT bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback); -} // namespace bssl +BSSL_NAMESPACE_END } // extern C++ diff --git a/src/include/openssl/stack.h b/src/include/openssl/stack.h index a1cca59c..15b6adf7 100644 --- a/src/include/openssl/stack.h +++ b/src/include/openssl/stack.h @@ -219,17 +219,17 @@ OPENSSL_EXPORT _STACK *sk_deep_copy(const _STACK *sk, #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN namespace internal { template <typename T> struct StackTraits {}; } -} +BSSL_NAMESPACE_END } #define BORINGSSL_DEFINE_STACK_TRAITS(name, type, is_const) \ extern "C++" { \ - namespace bssl { \ + BSSL_NAMESPACE_BEGIN \ namespace internal { \ template <> \ struct StackTraits<STACK_OF(name)> { \ @@ -238,7 +238,7 @@ struct StackTraits {}; static constexpr bool kIsConst = is_const; \ }; \ } \ - } \ + BSSL_NAMESPACE_END \ } #else @@ -393,7 +393,7 @@ extern "C++" { #include <type_traits> -namespace bssl { +BSSL_NAMESPACE_BEGIN namespace internal { @@ -474,7 +474,7 @@ static inline return true; } -} // namespace bssl +BSSL_NAMESPACE_END // Define begin() and end() for stack types so C++ range for loops work. template <typename Stack> diff --git a/src/include/openssl/x509.h b/src/include/openssl/x509.h index eeab5ec5..72f7314b 100644 --- a/src/include/openssl/x509.h +++ b/src/include/openssl/x509.h @@ -1129,7 +1129,7 @@ DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) #if !defined(BORINGSSL_NO_CXX) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(NETSCAPE_SPKI, NETSCAPE_SPKI_free) BORINGSSL_MAKE_DELETER(RSA_PSS_PARAMS, RSA_PSS_PARAMS_free) @@ -1158,7 +1158,7 @@ using ScopedX509_STORE_CTX = internal::StackAllocated<X509_STORE_CTX, void, X509_STORE_CTX_zero, X509_STORE_CTX_cleanup>; -} // namespace bssl +BSSL_NAMESPACE_END } /* extern C++ */ #endif /* !BORINGSSL_NO_CXX */ diff --git a/src/include/openssl/x509v3.h b/src/include/openssl/x509v3.h index 1af439d7..53e20a07 100644 --- a/src/include/openssl/x509v3.h +++ b/src/include/openssl/x509v3.h @@ -751,7 +751,7 @@ DEFINE_STACK_OF(X509_POLICY_NODE) extern "C++" { -namespace bssl { +BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(ACCESS_DESCRIPTION, ACCESS_DESCRIPTION_free) BORINGSSL_MAKE_DELETER(AUTHORITY_KEYID, AUTHORITY_KEYID_free) @@ -760,7 +760,7 @@ BORINGSSL_MAKE_DELETER(DIST_POINT, DIST_POINT_free) BORINGSSL_MAKE_DELETER(GENERAL_NAME, GENERAL_NAME_free) BORINGSSL_MAKE_DELETER(POLICYINFO, POLICYINFO_free) -} // namespace bssl +BSSL_NAMESPACE_END } /* extern C++ */ #endif diff --git a/src/ssl/CMakeLists.txt b/src/ssl/CMakeLists.txt index 6881089f..d6c1294f 100644 --- a/src/ssl/CMakeLists.txt +++ b/src/ssl/CMakeLists.txt @@ -41,6 +41,8 @@ add_library( tls13_server.cc ) +add_dependencies(ssl global_target) + target_link_libraries(ssl crypto) add_executable( @@ -53,6 +55,8 @@ add_executable( $<TARGET_OBJECTS:test_support> ) +add_dependencies(ssl_test global_target) + target_link_libraries(ssl_test ssl crypto boringssl_gtest) if(WIN32) target_link_libraries(ssl_test ws2_32) diff --git a/src/ssl/d1_both.cc b/src/ssl/d1_both.cc index f22a4981..3f7739ed 100644 --- a/src/ssl/d1_both.cc +++ b/src/ssl/d1_both.cc @@ -127,7 +127,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // TODO(davidben): 28 comes from the size of IP + UDP header. Is this reasonable // for these values? Notably, why is kMinMTU a function of the transport @@ -848,4 +848,4 @@ unsigned int dtls1_min_mtu(void) { return kMinMTU; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/src/ssl/d1_lib.cc b/src/ssl/d1_lib.cc index d73e5382..0e0b211b 100644 --- a/src/ssl/d1_lib.cc +++ b/src/ssl/d1_lib.cc @@ -68,7 +68,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // DTLS1_MTU_TIMEOUTS is the maximum number of timeouts to expire // before starting to decrease the MTU. @@ -187,7 +187,7 @@ bool dtls1_check_timeout_num(SSL *ssl) { return true; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/src/ssl/d1_pkt.cc b/src/ssl/d1_pkt.cc index a694c5f3..be595b07 100644 --- a/src/ssl/d1_pkt.cc +++ b/src/ssl/d1_pkt.cc @@ -126,7 +126,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN ssl_open_record_t dtls1_open_app_data(SSL *ssl, Span<uint8_t> *out, size_t *out_consumed, uint8_t *out_alert, @@ -271,4 +271,4 @@ int dtls1_dispatch_alert(SSL *ssl) { return 1; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/src/ssl/dtls_record.cc b/src/ssl/dtls_record.cc index d3486015..992fb526 100644 --- a/src/ssl/dtls_record.cc +++ b/src/ssl/dtls_record.cc @@ -121,7 +121,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // to_u64_be treats |in| as a 8-byte big-endian integer and returns the value as // a |uint64_t|. @@ -137,13 +137,13 @@ static uint64_t to_u64_be(const uint8_t in[8]) { // dtls1_bitmap_should_discard returns one if |seq_num| has been seen in // |bitmap| or is stale. Otherwise it returns zero. -static int dtls1_bitmap_should_discard(DTLS1_BITMAP *bitmap, - const uint8_t seq_num[8]) { +static bool dtls1_bitmap_should_discard(DTLS1_BITMAP *bitmap, + const uint8_t seq_num[8]) { const unsigned kWindowSize = sizeof(bitmap->map) * 8; uint64_t seq_num_u = to_u64_be(seq_num); if (seq_num_u > bitmap->max_seq_num) { - return 0; + return false; } uint64_t idx = bitmap->max_seq_num - seq_num_u; return idx >= kWindowSize || (bitmap->map & (((uint64_t)1) << idx)); @@ -291,14 +291,14 @@ size_t dtls_seal_prefix_len(const SSL *ssl, enum dtls1_use_epoch_t use_epoch) { get_write_aead(ssl, use_epoch)->ExplicitNonceLen(); } -int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, - uint8_t type, const uint8_t *in, size_t in_len, - enum dtls1_use_epoch_t use_epoch) { +bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, + uint8_t type, const uint8_t *in, size_t in_len, + enum dtls1_use_epoch_t use_epoch) { const size_t prefix = dtls_seal_prefix_len(ssl, use_epoch); if (buffers_alias(in, in_len, out, max_out) && (max_out < prefix || out + prefix != in)) { OPENSSL_PUT_ERROR(SSL, SSL_R_OUTPUT_ALIASES_INPUT); - return 0; + return false; } // Determine the parameters for the current epoch. @@ -314,7 +314,7 @@ int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, if (max_out < DTLS1_RT_HEADER_LENGTH) { OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL); - return 0; + return false; } out[0] = type; @@ -330,7 +330,7 @@ int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, size_t ciphertext_len; if (!aead->CiphertextLen(&ciphertext_len, in_len, 0)) { OPENSSL_PUT_ERROR(SSL, SSL_R_RECORD_TOO_LARGE); - return 0; + return false; } out[11] = ciphertext_len >> 8; out[12] = ciphertext_len & 0xff; @@ -341,13 +341,13 @@ int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, max_out - DTLS1_RT_HEADER_LENGTH, type, record_version, &out[3] /* seq */, header, in, in_len) || !ssl_record_sequence_update(&seq[2], 6)) { - return 0; + return false; } assert(ciphertext_len == len_copy); *out_len = DTLS1_RT_HEADER_LENGTH + ciphertext_len; ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HEADER, header); - return 1; + return true; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/src/ssl/handoff.cc b/src/ssl/handoff.cc index 68cac5b1..a47b7c15 100644 --- a/src/ssl/handoff.cc +++ b/src/ssl/handoff.cc @@ -19,7 +19,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN constexpr int kHandoffVersion = 0; constexpr int kHandbackVersion = 0; @@ -359,4 +359,4 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) { return CBS_len(&seq) == 0; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/src/ssl/handshake.cc b/src/ssl/handshake.cc index 8e5c62c3..963038f5 100644 --- a/src/ssl/handshake.cc +++ b/src/ssl/handshake.cc @@ -122,7 +122,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg) : ssl(ssl_arg), @@ -667,4 +667,4 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) { } } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/src/ssl/handshake_client.cc b/src/ssl/handshake_client.cc index 9f9e4833..ae96bcf2 100644 --- a/src/ssl/handshake_client.cc +++ b/src/ssl/handshake_client.cc @@ -166,12 +166,13 @@ #include <openssl/md5.h> #include <openssl/mem.h> #include <openssl/rand.h> +#include <openssl/sha.h> #include "../crypto/internal.h" #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN enum ssl_client_hs_state_t { state_start_connect = 0, @@ -212,20 +213,20 @@ static void ssl_get_client_disabled(SSL_HANDSHAKE *hs, uint32_t *out_mask_a, } } -static int ssl_write_client_cipher_list(SSL_HANDSHAKE *hs, CBB *out) { +static bool ssl_write_client_cipher_list(SSL_HANDSHAKE *hs, CBB *out) { SSL *const ssl = hs->ssl; uint32_t mask_a, mask_k; ssl_get_client_disabled(hs, &mask_a, &mask_k); CBB child; if (!CBB_add_u16_length_prefixed(out, &child)) { - return 0; + return false; } // Add a fake cipher suite. See draft-davidben-tls-grease-01. if (ssl->ctx->grease_enabled && !CBB_add_u16(&child, ssl_get_grease_value(hs, ssl_grease_cipher))) { - return 0; + return false; } // Add TLS 1.3 ciphers. Order ChaCha20-Poly1305 relative to AES-GCM based on @@ -233,20 +234,20 @@ static int ssl_write_client_cipher_list(SSL_HANDSHAKE *hs, CBB *out) { if (hs->max_version >= TLS1_3_VERSION) { if (!EVP_has_aes_hardware() && !CBB_add_u16(&child, TLS1_CK_CHACHA20_POLY1305_SHA256 & 0xffff)) { - return 0; + return false; } if (!CBB_add_u16(&child, TLS1_CK_AES_128_GCM_SHA256 & 0xffff) || !CBB_add_u16(&child, TLS1_CK_AES_256_GCM_SHA384 & 0xffff)) { - return 0; + return false; } if (EVP_has_aes_hardware() && !CBB_add_u16(&child, TLS1_CK_CHACHA20_POLY1305_SHA256 & 0xffff)) { - return 0; + return false; } } if (hs->min_version < TLS1_3_VERSION) { - int any_enabled = 0; + bool any_enabled = false; for (const SSL_CIPHER *cipher : SSL_get_ciphers(ssl)) { // Skip disabled ciphers if ((cipher->algorithm_mkey & mask_k) || @@ -257,53 +258,53 @@ static int ssl_write_client_cipher_list(SSL_HANDSHAKE *hs, CBB *out) { SSL_CIPHER_get_max_version(cipher) < hs->min_version) { continue; } - any_enabled = 1; + any_enabled = true; if (!CBB_add_u16(&child, ssl_cipher_get_value(cipher))) { - return 0; + return false; } } // If all ciphers were disabled, return the error to the caller. if (!any_enabled && hs->max_version < TLS1_3_VERSION) { OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHERS_AVAILABLE); - return 0; + return false; } } if (ssl->mode & SSL_MODE_SEND_FALLBACK_SCSV) { if (!CBB_add_u16(&child, SSL3_CK_FALLBACK_SCSV & 0xffff)) { - return 0; + return false; } } return CBB_flush(out); } -int ssl_write_client_hello(SSL_HANDSHAKE *hs) { +bool ssl_write_client_hello(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; ScopedCBB cbb; CBB body; if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CLIENT_HELLO)) { - return 0; + return false; } CBB child; if (!CBB_add_u16(&body, hs->client_version) || !CBB_add_bytes(&body, ssl->s3->client_random, SSL3_RANDOM_SIZE) || !CBB_add_u8_length_prefixed(&body, &child)) { - return 0; + return false; } // Do not send a session ID on renegotiation. if (!ssl->s3->initial_handshake_complete && !CBB_add_bytes(&child, hs->session_id, hs->session_id_len)) { - return 0; + return false; } if (SSL_is_dtls(ssl)) { if (!CBB_add_u8_length_prefixed(&body, &child) || !CBB_add_bytes(&child, ssl->d1->cookie, ssl->d1->cookie_len)) { - return 0; + return false; } } @@ -313,19 +314,19 @@ int ssl_write_client_hello(SSL_HANDSHAKE *hs) { !CBB_add_u8(&body, 1 /* one compression method */) || !CBB_add_u8(&body, 0 /* null compression */) || !ssl_add_clienthello_tlsext(hs, &body, header_len + CBB_len(&body))) { - return 0; + return false; } Array<uint8_t> msg; if (!ssl->method->finish_message(ssl, cbb.get(), &msg)) { - return 0; + return false; } // Now that the length prefixes have been computed, fill in the placeholder // PSK binder. if (hs->needs_psk_binder && !tls13_write_psk_binder(hs, msg.data(), msg.size())) { - return 0; + return false; } return ssl->method->add_message(ssl, std::move(msg)); @@ -607,7 +608,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) { } } - if (!ssl->s3->initial_handshake_complete && ssl->session != NULL && + if (!ssl->s3->initial_handshake_complete && ssl->session != nullptr && ssl->session->session_id_length != 0 && CBS_mem_equal(&session_id, ssl->session->session_id, ssl->session->session_id_length)) { @@ -1606,14 +1607,11 @@ static enum ssl_hs_wait_t do_read_session_ticket(SSL_HANDSHAKE *hs) { } session->ticket_lifetime_hint = ticket_lifetime_hint; - // Generate a session ID for this session based on the session ticket. We use - // the session ID mechanism for detecting ticket resumption. This also fits in - // with assumptions elsewhere in OpenSSL. - if (!EVP_Digest(CBS_data(&ticket), CBS_len(&ticket), - session->session_id, &session->session_id_length, - EVP_sha256(), NULL)) { - return ssl_hs_error; - } + // Generate a session ID for this session. Some callers expect all sessions to + // have a session ID. Additionally, it acts as the session ID to signal + // resumption. + SHA256(CBS_data(&ticket), CBS_len(&ticket), session->session_id); + session->session_id_length = SHA256_DIGEST_LENGTH; if (renewed_session) { session->not_resumable = false; @@ -1822,4 +1820,4 @@ const char *ssl_client_handshake_state(SSL_HANDSHAKE *hs) { return "TLS client unknown"; } -} +BSSL_NAMESPACE_END diff --git a/src/ssl/handshake_server.cc b/src/ssl/handshake_server.cc index f0ed0d89..c5460886 100644 --- a/src/ssl/handshake_server.cc +++ b/src/ssl/handshake_server.cc @@ -170,7 +170,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN bool ssl_client_cipher_list_contains_cipher( const SSL_CLIENT_HELLO *client_hello, uint16_t id) { @@ -1626,4 +1626,4 @@ const char *ssl_server_handshake_state(SSL_HANDSHAKE *hs) { return "TLS server unknown"; } -} +BSSL_NAMESPACE_END diff --git a/src/ssl/internal.h b/src/ssl/internal.h index 087f5fbd..7ba23ef4 100644 --- a/src/ssl/internal.h +++ b/src/ssl/internal.h @@ -173,7 +173,7 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) #endif -namespace bssl { +BSSL_NAMESPACE_BEGIN struct SSL_CONFIG; struct SSL_HANDSHAKE; @@ -414,7 +414,7 @@ bool ssl_is_draft28(uint16_t version); // Cipher suites. -} // namespace bssl +BSSL_NAMESPACE_END struct ssl_cipher_st { // name is the OpenSSL name for the cipher. @@ -432,7 +432,7 @@ struct ssl_cipher_st { uint32_t algorithm_prf; }; -namespace bssl { +BSSL_NAMESPACE_BEGIN // Bits for |algorithm_mkey| (key exchange algorithm). #define SSL_kRSA 0x00000001u @@ -522,7 +522,7 @@ struct SSLCipherPreferenceList { bool ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead, size_t *out_mac_secret_len, size_t *out_fixed_iv_len, const SSL_CIPHER *cipher, - uint16_t version, int is_dtls); + uint16_t version, bool is_dtls); // ssl_get_handshake_digest returns the |EVP_MD| corresponding to |version| and // |cipher|. @@ -659,7 +659,7 @@ class SSLAEADContext { // resulting object, depending on |direction|. |version| is the normalized // protocol version, so DTLS 1.0 is represented as 0x0301, not 0xffef. static UniquePtr<SSLAEADContext> Create(enum evp_aead_direction_t direction, - uint16_t version, int is_dtls, + uint16_t version, bool is_dtls, const SSL_CIPHER *cipher, Span<const uint8_t> enc_key, Span<const uint8_t> mac_key, @@ -797,8 +797,8 @@ struct DTLS1_BITMAP { // Record layer. // ssl_record_sequence_update increments the sequence number in |seq|. It -// returns one on success and zero on wraparound. -int ssl_record_sequence_update(uint8_t *seq, size_t seq_len); +// returns true on success and false on wraparound. +bool ssl_record_sequence_update(uint8_t *seq, size_t seq_len); // ssl_record_prefix_len returns the length of the prefix before the ciphertext // of a record for |ssl|. @@ -863,9 +863,9 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type, size_t ssl_seal_align_prefix_len(const SSL *ssl); // tls_seal_record seals a new record of type |type| and body |in| and writes it -// to |out|. At most |max_out| bytes will be written. It returns one on success -// and zero on error. If enabled, |tls_seal_record| implements TLS 1.0 CBC 1/n-1 -// record splitting and may write two records concatenated. +// to |out|. At most |max_out| bytes will be written. It returns true on success +// and false on error. If enabled, |tls_seal_record| implements TLS 1.0 CBC +// 1/n-1 record splitting and may write two records concatenated. // // For a large record, the bulk of the ciphertext will begin // |ssl_seal_align_prefix_len| bytes into out. Aligning |out| appropriately may @@ -873,8 +873,8 @@ size_t ssl_seal_align_prefix_len(const SSL *ssl); // bytes to |out|. // // |in| and |out| may not alias. -int tls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, - uint8_t type, const uint8_t *in, size_t in_len); +bool tls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, + uint8_t type, const uint8_t *in, size_t in_len); enum dtls1_use_epoch_t { dtls1_use_previous_epoch, @@ -893,9 +893,9 @@ size_t dtls_seal_prefix_len(const SSL *ssl, enum dtls1_use_epoch_t use_epoch); // which epoch's cipher state to use. Unlike |tls_seal_record|, |in| and |out| // may alias but, if they do, |in| must be exactly |dtls_seal_prefix_len| bytes // ahead of |out|. -int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, - uint8_t type, const uint8_t *in, size_t in_len, - enum dtls1_use_epoch_t use_epoch); +bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, + uint8_t type, const uint8_t *in, size_t in_len, + enum dtls1_use_epoch_t use_epoch); // ssl_process_alert processes |in| as an alert and updates |ssl|'s shutdown // state. It returns one of |ssl_open_record_discard|, |ssl_open_record_error|, @@ -907,9 +907,8 @@ enum ssl_open_record_t ssl_process_alert(SSL *ssl, uint8_t *out_alert, // Private key operations. -// ssl_has_private_key returns one if |cfg| has a private key configured and -// zero otherwise. -int ssl_has_private_key(const SSL_CONFIG *cfg); +// ssl_has_private_key returns whether |cfg| has a private key configured. +bool ssl_has_private_key(const SSL_CONFIG *cfg); // ssl_private_key_* perform the corresponding operation on // |SSL_PRIVATE_KEY_METHOD|. If there is a custom private key configured, they @@ -990,14 +989,14 @@ class SSLKeyShare { }; // ssl_nid_to_group_id looks up the group corresponding to |nid|. On success, it -// sets |*out_group_id| to the group ID and returns one. Otherwise, it returns -// zero. -int ssl_nid_to_group_id(uint16_t *out_group_id, int nid); +// sets |*out_group_id| to the group ID and returns true. Otherwise, it returns +// false. +bool ssl_nid_to_group_id(uint16_t *out_group_id, int nid); -// ssl_name_to_group_id looks up the group corresponding to the |name| string -// of length |len|. On success, it sets |*out_group_id| to the group ID and -// returns one. Otherwise, it returns zero. -int ssl_name_to_group_id(uint16_t *out_group_id, const char *name, size_t len); +// ssl_name_to_group_id looks up the group corresponding to the |name| string of +// length |len|. On success, it sets |*out_group_id| to the group ID and returns +// true. Otherwise, it returns false. +bool ssl_name_to_group_id(uint16_t *out_group_id, const char *name, size_t len); // Handshake messages. @@ -1146,9 +1145,9 @@ int ssl_write_buffer_flush(SSL *ssl); // Certificate functions. -// ssl_has_certificate returns one if a certificate and private key are -// configured and zero otherwise. -int ssl_has_certificate(const SSL_CONFIG *cfg); +// ssl_has_certificate returns whether a certificate and private key are +// configured. +bool ssl_has_certificate(const SSL_CONFIG *cfg); // ssl_parse_cert_chain parses a certificate list from |cbs| in the format used // by a TLS Certificate message. On success, it advances |cbs| and returns @@ -1169,14 +1168,14 @@ bool ssl_parse_cert_chain(uint8_t *out_alert, // ssl_add_cert_chain adds |hs->ssl|'s certificate chain to |cbb| in the format // used by a TLS Certificate message. If there is no certificate chain, it emits -// an empty certificate list. It returns one on success and zero on error. -int ssl_add_cert_chain(SSL_HANDSHAKE *hs, CBB *cbb); +// an empty certificate list. It returns true on success and false on error. +bool ssl_add_cert_chain(SSL_HANDSHAKE *hs, CBB *cbb); // ssl_cert_check_digital_signature_key_usage parses the DER-encoded, X.509 -// certificate in |in| and returns one if doesn't specify a key usage or, if it -// does, if it includes digitalSignature. Otherwise it pushes to the error -// queue and returns zero. -int ssl_cert_check_digital_signature_key_usage(const CBS *in); +// certificate in |in| and returns true if doesn't specify a key usage or, if it +// does, if it includes digitalSignature. Otherwise it pushes to the error queue +// and returns false. +bool ssl_cert_check_digital_signature_key_usage(const CBS *in); // ssl_cert_parse_pubkey extracts the public key from the DER-encoded, X.509 // certificate in |in|. It returns an allocated |EVP_PKEY| or else returns @@ -1195,80 +1194,80 @@ UniquePtr<STACK_OF(CRYPTO_BUFFER)> ssl_parse_client_CA_list(SSL *ssl, bool ssl_has_client_CAs(const SSL_CONFIG *cfg); // ssl_add_client_CA_list adds the configured CA list to |cbb| in the format -// used by a TLS CertificateRequest message. It returns one on success and zero -// on error. -int ssl_add_client_CA_list(SSL_HANDSHAKE *hs, CBB *cbb); +// used by a TLS CertificateRequest message. It returns true on success and +// false on error. +bool ssl_add_client_CA_list(SSL_HANDSHAKE *hs, CBB *cbb); // ssl_check_leaf_certificate returns one if |pkey| and |leaf| are suitable as // a server's leaf certificate for |hs|. Otherwise, it returns zero and pushes // an error on the error queue. -int ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey, +bool ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey, const CRYPTO_BUFFER *leaf); // ssl_on_certificate_selected is called once the certificate has been selected. // It finalizes the certificate and initializes |hs->local_pubkey|. It returns -// one on success and zero on error. -int ssl_on_certificate_selected(SSL_HANDSHAKE *hs); +// true on success and false on error. +bool ssl_on_certificate_selected(SSL_HANDSHAKE *hs); // TLS 1.3 key derivation. // tls13_init_key_schedule initializes the handshake hash and key derivation // state, and incorporates the PSK. The cipher suite and PRF hash must have been -// selected at this point. It returns one on success and zero on error. -int tls13_init_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk, - size_t psk_len); +// selected at this point. It returns true on success and false on error. +bool tls13_init_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk, + size_t psk_len); // tls13_init_early_key_schedule initializes the handshake hash and key // derivation state from the resumption secret and incorporates the PSK to // derive the early secrets. It returns one on success and zero on error. -int tls13_init_early_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk, - size_t psk_len); +bool tls13_init_early_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk, + size_t psk_len); // tls13_advance_key_schedule incorporates |in| into the key schedule with -// HKDF-Extract. It returns one on success and zero on error. -int tls13_advance_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *in, +// HKDF-Extract. It returns true on success and false on error. +bool tls13_advance_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *in, size_t len); // tls13_set_traffic_key sets the read or write traffic keys to -// |traffic_secret|. It returns one on success and zero on error. -int tls13_set_traffic_key(SSL *ssl, enum evp_aead_direction_t direction, - const uint8_t *traffic_secret, - size_t traffic_secret_len); +// |traffic_secret|. It returns true on success and false on error. +bool tls13_set_traffic_key(SSL *ssl, enum evp_aead_direction_t direction, + const uint8_t *traffic_secret, + size_t traffic_secret_len); -// tls13_derive_early_secrets derives the early traffic secret. It returns one -// on success and zero on error. -int tls13_derive_early_secrets(SSL_HANDSHAKE *hs); +// tls13_derive_early_secrets derives the early traffic secret. It returns true +// on success and false on error. +bool tls13_derive_early_secrets(SSL_HANDSHAKE *hs); // tls13_derive_handshake_secrets derives the handshake traffic secret. It -// returns one on success and zero on error. -int tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs); +// returns true on success and false on error. +bool tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs); // tls13_rotate_traffic_key derives the next read or write traffic secret. It -// returns one on success and zero on error. -int tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction); +// returns true on success and false on error. +bool tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction); // tls13_derive_application_secrets derives the initial application data traffic // and exporter secrets based on the handshake transcripts and |master_secret|. -// It returns one on success and zero on error. -int tls13_derive_application_secrets(SSL_HANDSHAKE *hs); +// It returns true on success and false on error. +bool tls13_derive_application_secrets(SSL_HANDSHAKE *hs); // tls13_derive_resumption_secret derives the |resumption_secret|. -int tls13_derive_resumption_secret(SSL_HANDSHAKE *hs); +bool tls13_derive_resumption_secret(SSL_HANDSHAKE *hs); // tls13_export_keying_material provides an exporter interface to use the // |exporter_secret|. -int tls13_export_keying_material(SSL *ssl, Span<uint8_t> out, - Span<const uint8_t> secret, - Span<const char> label, - Span<const uint8_t> context); +bool tls13_export_keying_material(SSL *ssl, Span<uint8_t> out, + Span<const uint8_t> secret, + Span<const char> label, + Span<const uint8_t> context); // tls13_finished_mac calculates the MAC of the handshake transcript to verify // the integrity of the Finished message, and stores the result in |out| and -// length in |out_len|. |is_server| is 1 if this is for the Server Finished and -// 0 for the Client Finished. -int tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len, - int is_server); +// length in |out_len|. |is_server| is true if this is for the Server Finished +// and false for the Client Finished. +bool tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len, + bool is_server); // tls13_derive_session_psk calculates the PSK for this session based on the // resumption master secret and |nonce|. It returns true on success, and false @@ -1276,15 +1275,15 @@ int tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len, bool tls13_derive_session_psk(SSL_SESSION *session, Span<const uint8_t> nonce); // tls13_write_psk_binder calculates the PSK binder value and replaces the last -// bytes of |msg| with the resulting value. It returns 1 on success, and 0 on -// failure. -int tls13_write_psk_binder(SSL_HANDSHAKE *hs, uint8_t *msg, size_t len); +// bytes of |msg| with the resulting value. It returns true on success, and +// false on failure. +bool tls13_write_psk_binder(SSL_HANDSHAKE *hs, uint8_t *msg, size_t len); -// tls13_verify_psk_binder verifies that the handshake transcript, truncated -// up to the binders has a valid signature using the value of |session|'s -// resumption secret. It returns 1 on success, and 0 on failure. -int tls13_verify_psk_binder(SSL_HANDSHAKE *hs, SSL_SESSION *session, - const SSLMessage &msg, CBS *binders); +// tls13_verify_psk_binder verifies that the handshake transcript, truncated up +// to the binders has a valid signature using the value of |session|'s +// resumption secret. It returns true on success, and false on failure. +bool tls13_verify_psk_binder(SSL_HANDSHAKE *hs, SSL_SESSION *session, + const SSLMessage &msg, CBS *binders); // Handshake functions. @@ -1616,29 +1615,29 @@ const char *ssl_server_handshake_state(SSL_HANDSHAKE *hs); const char *tls13_client_handshake_state(SSL_HANDSHAKE *hs); const char *tls13_server_handshake_state(SSL_HANDSHAKE *hs); -// tls13_post_handshake processes a post-handshake message. It returns one on -// success and zero on failure. -int tls13_post_handshake(SSL *ssl, const SSLMessage &msg); +// tls13_post_handshake processes a post-handshake message. It returns true on +// success and false on failure. +bool tls13_post_handshake(SSL *ssl, const SSLMessage &msg); -int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, - int allow_anonymous); -int tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg); +bool tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, + bool allow_anonymous); +bool tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg); // tls13_process_finished processes |msg| as a Finished message from the -// peer. If |use_saved_value| is one, the verify_data is compared against +// peer. If |use_saved_value| is true, the verify_data is compared against // |hs->expected_client_finished| rather than computed fresh. -int tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg, - int use_saved_value); +bool tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg, + bool use_saved_value); -int tls13_add_certificate(SSL_HANDSHAKE *hs); +bool tls13_add_certificate(SSL_HANDSHAKE *hs); // tls13_add_certificate_verify adds a TLS 1.3 CertificateVerify message to the // handshake. If it returns |ssl_private_key_retry|, it should be called again // to retry when the signing operation is completed. enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs); -int tls13_add_finished(SSL_HANDSHAKE *hs); -int tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg); +bool tls13_add_finished(SSL_HANDSHAKE *hs); +bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg); bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs, Array<uint8_t> *out_secret, @@ -1660,7 +1659,7 @@ bool ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out); // returns whether it's valid. bool ssl_is_sct_list_valid(const CBS *contents); -int ssl_write_client_hello(SSL_HANDSHAKE *hs); +bool ssl_write_client_hello(SSL_HANDSHAKE *hs); enum ssl_cert_verify_context_t { ssl_cert_verify_server, @@ -2015,13 +2014,13 @@ struct CertCompressionAlg { uint16_t alg_id = 0; }; -} // namespace bssl +BSSL_NAMESPACE_END DECLARE_LHASH_OF(SSL_SESSION) DEFINE_NAMED_STACK_OF(CertCompressionAlg, bssl::CertCompressionAlg); -namespace bssl { +BSSL_NAMESPACE_BEGIN // An ssl_shutdown_t describes the shutdown state of one end of the connection, // whether it is alive or has been shutdown via close_notify or fatal alert. @@ -2476,14 +2475,14 @@ static const size_t kMaxEarlyDataAccepted = 14336; UniquePtr<CERT> ssl_cert_dup(CERT *cert); void ssl_cert_clear_certs(CERT *cert); -int ssl_set_cert(CERT *cert, UniquePtr<CRYPTO_BUFFER> buffer); -int ssl_is_key_type_supported(int key_type); -// ssl_compare_public_and_private_key returns one if |pubkey| is the public -// counterpart to |privkey|. Otherwise it returns zero and pushes a helpful +bool ssl_set_cert(CERT *cert, UniquePtr<CRYPTO_BUFFER> buffer); +bool ssl_is_key_type_supported(int key_type); +// ssl_compare_public_and_private_key returns true if |pubkey| is the public +// counterpart to |privkey|. Otherwise it returns false and pushes a helpful // message on the error queue. -int ssl_compare_public_and_private_key(const EVP_PKEY *pubkey, +bool ssl_compare_public_and_private_key(const EVP_PKEY *pubkey, const EVP_PKEY *privkey); -int ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey); +bool ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey); int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server); int ssl_encrypt_ticket(SSL_HANDSHAKE *hs, CBB *out, const SSL_SESSION *session); int ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx); @@ -2749,7 +2748,7 @@ void ssl_reset_error_state(SSL *ssl); // current state of the error queue. void ssl_set_read_error(SSL *ssl); -} // namespace bssl +BSSL_NAMESPACE_END // Opaque C types. diff --git a/src/ssl/s3_both.cc b/src/ssl/s3_both.cc index 98896a3d..c1d4b652 100644 --- a/src/ssl/s3_both.cc +++ b/src/ssl/s3_both.cc @@ -130,7 +130,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN static bool add_record_to_flight(SSL *ssl, uint8_t type, Span<const uint8_t> in) { @@ -636,4 +636,4 @@ void ssl3_next_message(SSL *ssl) { } } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/src/ssl/s3_lib.cc b/src/ssl/s3_lib.cc index 0b24f941..0e0770c1 100644 --- a/src/ssl/s3_lib.cc +++ b/src/ssl/s3_lib.cc @@ -162,7 +162,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN SSL3_STATE::SSL3_STATE() : skip_early_data(false), @@ -215,4 +215,4 @@ void ssl3_free(SSL *ssl) { ssl->s3 = NULL; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/src/ssl/s3_pkt.cc b/src/ssl/s3_pkt.cc index 50e709b9..1ccbf9f1 100644 --- a/src/ssl/s3_pkt.cc +++ b/src/ssl/s3_pkt.cc @@ -122,7 +122,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN static int do_ssl3_write(SSL *ssl, int type, const uint8_t *in, unsigned len); @@ -425,4 +425,4 @@ int ssl3_dispatch_alert(SSL *ssl) { return 1; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/src/ssl/span_test.cc b/src/ssl/span_test.cc index 0aa7f3de..7db3d708 100644 --- a/src/ssl/span_test.cc +++ b/src/ssl/span_test.cc @@ -19,7 +19,7 @@ #include <openssl/ssl.h> -namespace bssl { +BSSL_NAMESPACE_BEGIN namespace { static void TestCtor(Span<int> s, const int *ptr, size_t size) { @@ -87,4 +87,4 @@ TEST(SpanTest, Accessor) { } } // namespace -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/src/ssl/ssl_aead_ctx.cc b/src/ssl/ssl_aead_ctx.cc index 322b1b57..335f6f48 100644 --- a/src/ssl/ssl_aead_ctx.cc +++ b/src/ssl/ssl_aead_ctx.cc @@ -31,7 +31,7 @@ #define FUZZER_MODE false #endif -namespace bssl { +BSSL_NAMESPACE_BEGIN SSLAEADContext::SSLAEADContext(uint16_t version_arg, bool is_dtls_arg, const SSL_CIPHER *cipher_arg) @@ -55,7 +55,7 @@ UniquePtr<SSLAEADContext> SSLAEADContext::CreateNullCipher(bool is_dtls) { } UniquePtr<SSLAEADContext> SSLAEADContext::Create( - enum evp_aead_direction_t direction, uint16_t version, int is_dtls, + enum evp_aead_direction_t direction, uint16_t version, bool is_dtls, const SSL_CIPHER *cipher, Span<const uint8_t> enc_key, Span<const uint8_t> mac_key, Span<const uint8_t> fixed_iv) { const EVP_AEAD *aead; @@ -433,4 +433,4 @@ bool SSLAEADContext::GetIV(const uint8_t **out_iv, size_t *out_iv_len) const { EVP_AEAD_CTX_get_iv(ctx_.get(), out_iv, out_iv_len); } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/src/ssl/ssl_asn1.cc b/src/ssl/ssl_asn1.cc index 5dfacb22..caccef4d 100644 --- a/src/ssl/ssl_asn1.cc +++ b/src/ssl/ssl_asn1.cc @@ -104,7 +104,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // An SSL_SESSION is serialized as the following ASN.1 structure: // @@ -751,7 +751,7 @@ int ssl_session_serialize(const SSL_SESSION *in, CBB *cbb) { return SSL_SESSION_to_bytes_full(in, cbb, 0); } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/src/ssl/ssl_buffer.cc b/src/ssl/ssl_buffer.cc index 72647a4c..b94f0811 100644 --- a/src/ssl/ssl_buffer.cc +++ b/src/ssl/ssl_buffer.cc @@ -27,7 +27,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // BIO uses int instead of size_t. No lengths will exceed uint16_t, so this will // not overflow. @@ -284,4 +284,4 @@ int ssl_write_buffer_flush(SSL *ssl) { } } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/src/ssl/ssl_cert.cc b/src/ssl/ssl_cert.cc index 4842974c..37d65018 100644 --- a/src/ssl/ssl_cert.cc +++ b/src/ssl/ssl_cert.cc @@ -133,7 +133,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN CERT::CERT(const SSL_X509_METHOD *x509_method_arg) : x509_method(x509_method_arg) {} @@ -289,10 +289,10 @@ static int cert_set_chain_and_key( return 1; } -int ssl_set_cert(CERT *cert, UniquePtr<CRYPTO_BUFFER> buffer) { +bool ssl_set_cert(CERT *cert, UniquePtr<CRYPTO_BUFFER> buffer) { switch (check_leaf_cert_and_privkey(buffer.get(), cert->privatekey.get())) { case leaf_cert_and_privkey_error: - return 0; + return false; case leaf_cert_and_privkey_mismatch: // don't fail for a cert/key mismatch, just free current private key // (when switching to a different cert & key, first this function should @@ -308,23 +308,23 @@ int ssl_set_cert(CERT *cert, UniquePtr<CRYPTO_BUFFER> buffer) { if (cert->chain != nullptr) { CRYPTO_BUFFER_free(sk_CRYPTO_BUFFER_value(cert->chain.get(), 0)); sk_CRYPTO_BUFFER_set(cert->chain.get(), 0, buffer.release()); - return 1; + return true; } cert->chain.reset(sk_CRYPTO_BUFFER_new_null()); if (cert->chain == nullptr) { - return 0; + return false; } if (!PushToStack(cert->chain.get(), std::move(buffer))) { cert->chain.reset(); - return 0; + return false; } - return 1; + return true; } -int ssl_has_certificate(const SSL_CONFIG *cfg) { +bool ssl_has_certificate(const SSL_CONFIG *cfg) { return cfg->cert->chain != nullptr && sk_CRYPTO_BUFFER_value(cfg->cert->chain.get(), 0) != nullptr && ssl_has_private_key(cfg); @@ -394,7 +394,7 @@ bool ssl_parse_cert_chain(uint8_t *out_alert, return true; } -int ssl_add_cert_chain(SSL_HANDSHAKE *hs, CBB *cbb) { +bool ssl_add_cert_chain(SSL_HANDSHAKE *hs, CBB *cbb) { if (!ssl_has_certificate(hs->config)) { return CBB_add_u24(cbb, 0); } @@ -402,7 +402,7 @@ int ssl_add_cert_chain(SSL_HANDSHAKE *hs, CBB *cbb) { CBB certs; if (!CBB_add_u24_length_prefixed(cbb, &certs)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); - return 0; + return false; } STACK_OF(CRYPTO_BUFFER) *chain = hs->config->cert->chain.get(); @@ -414,7 +414,7 @@ int ssl_add_cert_chain(SSL_HANDSHAKE *hs, CBB *cbb) { CRYPTO_BUFFER_len(buffer)) || !CBB_flush(&certs)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); - return 0; + return false; } } @@ -424,7 +424,7 @@ int ssl_add_cert_chain(SSL_HANDSHAKE *hs, CBB *cbb) { // ssl_cert_skip_to_spki parses a DER-encoded, X.509 certificate from |in| and // positions |*out_tbs_cert| to cover the TBSCertificate, starting at the // subjectPublicKeyInfo. -static int ssl_cert_skip_to_spki(const CBS *in, CBS *out_tbs_cert) { +static bool ssl_cert_skip_to_spki(const CBS *in, CBS *out_tbs_cert) { /* From RFC 5280, section 4.1 * Certificate ::= SEQUENCE { * tbsCertificate TBSCertificate, @@ -460,10 +460,10 @@ static int ssl_cert_skip_to_spki(const CBS *in, CBS *out_tbs_cert) { !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE) || // subject !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE)) { - return 0; + return false; } - return 1; + return true; } UniquePtr<EVP_PKEY> ssl_cert_parse_pubkey(const CBS *in) { @@ -476,47 +476,42 @@ UniquePtr<EVP_PKEY> ssl_cert_parse_pubkey(const CBS *in) { return UniquePtr<EVP_PKEY>(EVP_parse_public_key(&tbs_cert)); } -int ssl_compare_public_and_private_key(const EVP_PKEY *pubkey, - const EVP_PKEY *privkey) { +bool ssl_compare_public_and_private_key(const EVP_PKEY *pubkey, + const EVP_PKEY *privkey) { if (EVP_PKEY_is_opaque(privkey)) { // We cannot check an opaque private key and have to trust that it // matches. - return 1; + return true; } - int ret = 0; - switch (EVP_PKEY_cmp(pubkey, privkey)) { case 1: - ret = 1; - break; + return true; case 0: OPENSSL_PUT_ERROR(X509, X509_R_KEY_VALUES_MISMATCH); - break; + return false; case -1: OPENSSL_PUT_ERROR(X509, X509_R_KEY_TYPE_MISMATCH); - break; + return false; case -2: OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE); - break; - default: - assert(0); - break; + return false; } - return ret; + assert(0); + return false; } -int ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey) { +bool ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey) { if (privkey == nullptr) { OPENSSL_PUT_ERROR(SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED); - return 0; + return false; } if (cert->chain == nullptr || sk_CRYPTO_BUFFER_value(cert->chain.get(), 0) == nullptr) { OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_ASSIGNED); - return 0; + return false; } CBS cert_cbs; @@ -525,13 +520,13 @@ int ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey) { UniquePtr<EVP_PKEY> pubkey = ssl_cert_parse_pubkey(&cert_cbs); if (!pubkey) { OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE); - return 0; + return false; } return ssl_compare_public_and_private_key(pubkey.get(), privkey); } -int ssl_cert_check_digital_signature_key_usage(const CBS *in) { +bool ssl_cert_check_digital_signature_key_usage(const CBS *in) { CBS buf = *in; CBS tbs_cert, outer_extensions; @@ -551,17 +546,17 @@ int ssl_cert_check_digital_signature_key_usage(const CBS *in) { &tbs_cert, &outer_extensions, &has_extensions, CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 3)) { OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT); - return 0; + return false; } if (!has_extensions) { - return 1; + return true; } CBS extensions; if (!CBS_get_asn1(&outer_extensions, &extensions, CBS_ASN1_SEQUENCE)) { OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT); - return 0; + return false; } while (CBS_len(&extensions) > 0) { @@ -573,7 +568,7 @@ int ssl_cert_check_digital_signature_key_usage(const CBS *in) { !CBS_get_asn1(&extension, &contents, CBS_ASN1_OCTETSTRING) || CBS_len(&extension) != 0) { OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT); - return 0; + return false; } static const uint8_t kKeyUsageOID[3] = {0x55, 0x1d, 0x0f}; @@ -587,26 +582,26 @@ int ssl_cert_check_digital_signature_key_usage(const CBS *in) { if (!CBS_get_asn1(&contents, &bit_string, CBS_ASN1_BITSTRING) || CBS_len(&contents) != 0) { OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT); - return 0; + return false; } // This is the KeyUsage extension. See // https://tools.ietf.org/html/rfc5280#section-4.2.1.3 if (!CBS_is_valid_asn1_bitstring(&bit_string)) { OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT); - return 0; + return false; } if (!CBS_asn1_bitstring_has_bit(&bit_string, 0)) { OPENSSL_PUT_ERROR(SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING); - return 0; + return false; } - return 1; + return true; } // No KeyUsage extension found. - return 1; + return true; } UniquePtr<STACK_OF(CRYPTO_BUFFER)> ssl_parse_client_CA_list(SSL *ssl, @@ -666,10 +661,10 @@ bool ssl_has_client_CAs(const SSL_CONFIG *cfg) { return sk_CRYPTO_BUFFER_num(names) > 0; } -int ssl_add_client_CA_list(SSL_HANDSHAKE *hs, CBB *cbb) { +bool ssl_add_client_CA_list(SSL_HANDSHAKE *hs, CBB *cbb) { CBB child, name_cbb; if (!CBB_add_u16_length_prefixed(cbb, &child)) { - return 0; + return false; } const STACK_OF(CRYPTO_BUFFER) *names = hs->config->client_CA.get(); @@ -684,21 +679,21 @@ int ssl_add_client_CA_list(SSL_HANDSHAKE *hs, CBB *cbb) { if (!CBB_add_u16_length_prefixed(&child, &name_cbb) || !CBB_add_bytes(&name_cbb, CRYPTO_BUFFER_data(name), CRYPTO_BUFFER_len(name))) { - return 0; + return false; } } return CBB_flush(cbb); } -int ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey, - const CRYPTO_BUFFER *leaf) { +bool ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey, + const CRYPTO_BUFFER *leaf) { assert(ssl_protocol_version(hs->ssl) < TLS1_3_VERSION); // Check the certificate's type matches the cipher. if (!(hs->new_cipher->algorithm_auth & ssl_cipher_auth_mask_for_key(pkey))) { OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CERTIFICATE_TYPE); - return 0; + return false; } // Check key usages for all key types but RSA. This is needed to distinguish @@ -711,7 +706,7 @@ int ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey, CBS leaf_cbs; CBS_init(&leaf_cbs, CRYPTO_BUFFER_data(leaf), CRYPTO_BUFFER_len(leaf)); if (!ssl_cert_check_digital_signature_key_usage(&leaf_cbs)) { - return 0; + return false; } } @@ -724,22 +719,22 @@ int ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey, !tls1_check_group_id(hs, group_id) || EC_KEY_get_conv_form(ec_key) != POINT_CONVERSION_UNCOMPRESSED) { OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECC_CERT); - return 0; + return false; } } - return 1; + return true; } -int ssl_on_certificate_selected(SSL_HANDSHAKE *hs) { +bool ssl_on_certificate_selected(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; if (!ssl_has_certificate(hs->config)) { // Nothing to do. - return 1; + return true; } if (!ssl->ctx->x509_method->ssl_auto_chain_if_needed(hs)) { - return 0; + return false; } CBS leaf; @@ -750,7 +745,7 @@ int ssl_on_certificate_selected(SSL_HANDSHAKE *hs) { return hs->local_pubkey != NULL; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/src/ssl/ssl_cipher.cc b/src/ssl/ssl_cipher.cc index 58995003..0ed91d60 100644 --- a/src/ssl/ssl_cipher.cc +++ b/src/ssl/ssl_cipher.cc @@ -154,7 +154,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // kCiphers is an array of all supported ciphers, sorted by id. static constexpr SSL_CIPHER kCiphers[] = { @@ -559,13 +559,13 @@ static const size_t kCipherAliasesLen = OPENSSL_ARRAY_SIZE(kCipherAliases); bool ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead, size_t *out_mac_secret_len, size_t *out_fixed_iv_len, const SSL_CIPHER *cipher, - uint16_t version, int is_dtls) { + uint16_t version, bool is_dtls) { *out_aead = NULL; *out_mac_secret_len = 0; *out_fixed_iv_len = 0; - const int is_tls12 = version == TLS1_2_VERSION && !is_dtls; - const int is_tls13 = version == TLS1_3_VERSION && !is_dtls; + const bool is_tls12 = version == TLS1_2_VERSION && !is_dtls; + const bool is_tls13 = version == TLS1_3_VERSION && !is_dtls; if (cipher->algorithm_mac == SSL_AEAD) { if (cipher->algorithm_enc == SSL_AES128GCM) { @@ -649,7 +649,7 @@ const EVP_MD *ssl_get_handshake_digest(uint16_t version, } } -static bool is_cipher_list_separator(char c, int is_strict) { +static bool is_cipher_list_separator(char c, bool is_strict) { if (c == ':') { return true; } @@ -1306,7 +1306,7 @@ size_t ssl_cipher_get_record_split_len(const SSL_CIPHER *cipher) { return ret; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/src/ssl/ssl_key_share.cc b/src/ssl/ssl_key_share.cc index c7f6f88f..8466eabb 100644 --- a/src/ssl/ssl_key_share.cc +++ b/src/ssl/ssl_key_share.cc @@ -31,7 +31,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN namespace { @@ -266,33 +266,33 @@ bool SSLKeyShare::Accept(CBB *out_public_key, Array<uint8_t> *out_secret, Finish(out_secret, out_alert, peer_key); } -int ssl_nid_to_group_id(uint16_t *out_group_id, int nid) { +bool ssl_nid_to_group_id(uint16_t *out_group_id, int nid) { for (const auto &group : kNamedGroups) { if (group.nid == nid) { *out_group_id = group.group_id; - return 1; + return true; } } - return 0; + return false; } -int ssl_name_to_group_id(uint16_t *out_group_id, const char *name, size_t len) { +bool ssl_name_to_group_id(uint16_t *out_group_id, const char *name, size_t len) { for (const auto &group : kNamedGroups) { if (len == strlen(group.name) && !strncmp(group.name, name, len)) { *out_group_id = group.group_id; - return 1; + return true; } if (len == strlen(group.alias) && !strncmp(group.alias, name, len)) { *out_group_id = group.group_id; - return 1; + return true; } } - return 0; + return false; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/src/ssl/ssl_lib.cc b/src/ssl/ssl_lib.cc index 120c2760..13b9cacc 100644 --- a/src/ssl/ssl_lib.cc +++ b/src/ssl/ssl_lib.cc @@ -162,7 +162,7 @@ #endif -namespace bssl { +BSSL_NAMESPACE_BEGIN // |SSL_R_UNKNOWN_PROTOCOL| is no longer emitted, but continue to define it // to avoid downstream churn. @@ -506,7 +506,7 @@ void SSL_set_handoff_mode(SSL *ssl, bool on) { ssl->config->handoff = on; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/src/ssl/ssl_privkey.cc b/src/ssl/ssl_privkey.cc index fecac39e..e716c9af 100644 --- a/src/ssl/ssl_privkey.cc +++ b/src/ssl/ssl_privkey.cc @@ -69,28 +69,28 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN -int ssl_is_key_type_supported(int key_type) { +bool ssl_is_key_type_supported(int key_type) { return key_type == EVP_PKEY_RSA || key_type == EVP_PKEY_EC || key_type == EVP_PKEY_ED25519; } -static int ssl_set_pkey(CERT *cert, EVP_PKEY *pkey) { +static bool ssl_set_pkey(CERT *cert, EVP_PKEY *pkey) { if (!ssl_is_key_type_supported(pkey->type)) { OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE); - return 0; + return false; } if (cert->chain != nullptr && sk_CRYPTO_BUFFER_value(cert->chain.get(), 0) != nullptr && // Sanity-check that the private key and the certificate match. !ssl_cert_check_private_key(cert, pkey)) { - return 0; + return false; } cert->privatekey = UpRef(pkey); - return 1; + return true; } typedef struct { @@ -98,29 +98,30 @@ typedef struct { int pkey_type; int curve; const EVP_MD *(*digest_func)(void); - char is_rsa_pss; + bool is_rsa_pss; } SSL_SIGNATURE_ALGORITHM; static const SSL_SIGNATURE_ALGORITHM kSignatureAlgorithms[] = { - {SSL_SIGN_RSA_PKCS1_MD5_SHA1, EVP_PKEY_RSA, NID_undef, &EVP_md5_sha1, 0}, - {SSL_SIGN_RSA_PKCS1_SHA1, EVP_PKEY_RSA, NID_undef, &EVP_sha1, 0}, - {SSL_SIGN_RSA_PKCS1_SHA256, EVP_PKEY_RSA, NID_undef, &EVP_sha256, 0}, - {SSL_SIGN_RSA_PKCS1_SHA384, EVP_PKEY_RSA, NID_undef, &EVP_sha384, 0}, - {SSL_SIGN_RSA_PKCS1_SHA512, EVP_PKEY_RSA, NID_undef, &EVP_sha512, 0}, - - {SSL_SIGN_RSA_PSS_RSAE_SHA256, EVP_PKEY_RSA, NID_undef, &EVP_sha256, 1}, - {SSL_SIGN_RSA_PSS_RSAE_SHA384, EVP_PKEY_RSA, NID_undef, &EVP_sha384, 1}, - {SSL_SIGN_RSA_PSS_RSAE_SHA512, EVP_PKEY_RSA, NID_undef, &EVP_sha512, 1}, - - {SSL_SIGN_ECDSA_SHA1, EVP_PKEY_EC, NID_undef, &EVP_sha1, 0}, + {SSL_SIGN_RSA_PKCS1_MD5_SHA1, EVP_PKEY_RSA, NID_undef, &EVP_md5_sha1, + false}, + {SSL_SIGN_RSA_PKCS1_SHA1, EVP_PKEY_RSA, NID_undef, &EVP_sha1, false}, + {SSL_SIGN_RSA_PKCS1_SHA256, EVP_PKEY_RSA, NID_undef, &EVP_sha256, false}, + {SSL_SIGN_RSA_PKCS1_SHA384, EVP_PKEY_RSA, NID_undef, &EVP_sha384, false}, + {SSL_SIGN_RSA_PKCS1_SHA512, EVP_PKEY_RSA, NID_undef, &EVP_sha512, false}, + + {SSL_SIGN_RSA_PSS_RSAE_SHA256, EVP_PKEY_RSA, NID_undef, &EVP_sha256, true}, + {SSL_SIGN_RSA_PSS_RSAE_SHA384, EVP_PKEY_RSA, NID_undef, &EVP_sha384, true}, + {SSL_SIGN_RSA_PSS_RSAE_SHA512, EVP_PKEY_RSA, NID_undef, &EVP_sha512, true}, + + {SSL_SIGN_ECDSA_SHA1, EVP_PKEY_EC, NID_undef, &EVP_sha1, false}, {SSL_SIGN_ECDSA_SECP256R1_SHA256, EVP_PKEY_EC, NID_X9_62_prime256v1, - &EVP_sha256, 0}, + &EVP_sha256, false}, {SSL_SIGN_ECDSA_SECP384R1_SHA384, EVP_PKEY_EC, NID_secp384r1, &EVP_sha384, - 0}, + false}, {SSL_SIGN_ECDSA_SECP521R1_SHA512, EVP_PKEY_EC, NID_secp521r1, &EVP_sha512, - 0}, + false}, - {SSL_SIGN_ED25519, EVP_PKEY_ED25519, NID_undef, NULL, 0}, + {SSL_SIGN_ED25519, EVP_PKEY_ED25519, NID_undef, nullptr, false}, }; static const SSL_SIGNATURE_ALGORITHM *get_signature_algorithm(uint16_t sigalg) { @@ -132,22 +133,22 @@ static const SSL_SIGNATURE_ALGORITHM *get_signature_algorithm(uint16_t sigalg) { return NULL; } -int ssl_has_private_key(const SSL_CONFIG *cfg) { +bool ssl_has_private_key(const SSL_CONFIG *cfg) { return cfg->cert->privatekey != nullptr || cfg->cert->key_method != nullptr; } -static int pkey_supports_algorithm(const SSL *ssl, EVP_PKEY *pkey, - uint16_t sigalg) { +static bool pkey_supports_algorithm(const SSL *ssl, EVP_PKEY *pkey, + uint16_t sigalg) { const SSL_SIGNATURE_ALGORITHM *alg = get_signature_algorithm(sigalg); if (alg == NULL || EVP_PKEY_id(pkey) != alg->pkey_type) { - return 0; + return false; } if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) { // RSA keys may only be used with RSA-PSS. if (alg->pkey_type == EVP_PKEY_RSA && !alg->is_rsa_pss) { - return 0; + return false; } // EC keys have a curve requirement. @@ -155,18 +156,18 @@ static int pkey_supports_algorithm(const SSL *ssl, EVP_PKEY *pkey, (alg->curve == NID_undef || EC_GROUP_get_curve_name( EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey))) != alg->curve)) { - return 0; + return false; } } - return 1; + return true; } -static int setup_ctx(SSL *ssl, EVP_MD_CTX *ctx, EVP_PKEY *pkey, uint16_t sigalg, - int is_verify) { +static bool setup_ctx(SSL *ssl, EVP_MD_CTX *ctx, EVP_PKEY *pkey, + uint16_t sigalg, bool is_verify) { if (!pkey_supports_algorithm(ssl, pkey, sigalg)) { OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE); - return 0; + return false; } const SSL_SIGNATURE_ALGORITHM *alg = get_signature_algorithm(sigalg); @@ -174,20 +175,20 @@ static int setup_ctx(SSL *ssl, EVP_MD_CTX *ctx, EVP_PKEY *pkey, uint16_t sigalg, EVP_PKEY_CTX *pctx; if (is_verify) { if (!EVP_DigestVerifyInit(ctx, &pctx, digest, NULL, pkey)) { - return 0; + return false; } } else if (!EVP_DigestSignInit(ctx, &pctx, digest, NULL, pkey)) { - return 0; + return false; } if (alg->is_rsa_pss) { if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1 /* salt len = hash len */)) { - return 0; + return false; } } - return 1; + return true; } enum ssl_private_key_result_t ssl_private_key_sign( @@ -212,7 +213,7 @@ enum ssl_private_key_result_t ssl_private_key_sign( *out_len = max_out; ScopedEVP_MD_CTX ctx; if (!setup_ctx(ssl, ctx.get(), hs->config->cert->privatekey.get(), sigalg, - 0 /* sign */) || + false /* sign */) || !EVP_DigestSign(ctx.get(), out, out_len, in.data(), in.size())) { return ssl_private_key_failure; } @@ -223,7 +224,7 @@ bool ssl_public_key_verify(SSL *ssl, Span<const uint8_t> signature, uint16_t sigalg, EVP_PKEY *pkey, Span<const uint8_t> in) { ScopedEVP_MD_CTX ctx; - return setup_ctx(ssl, ctx.get(), pkey, sigalg, 1 /* verify */) && + return setup_ctx(ssl, ctx.get(), pkey, sigalg, true /* verify */) && EVP_DigestVerify(ctx.get(), signature.data(), signature.size(), in.data(), in.size()); } @@ -287,7 +288,7 @@ bool ssl_private_key_supports_signature_algorithm(SSL_HANDSHAKE *hs, return true; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/src/ssl/ssl_session.cc b/src/ssl/ssl_session.cc index 1b0b68a4..927dd1ba 100644 --- a/src/ssl/ssl_session.cc +++ b/src/ssl/ssl_session.cc @@ -151,7 +151,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // The address of this is a magic value, a pointer to which is returned by // SSL_magic_pending_session_ptr(). It allows a session callback to indicate @@ -838,7 +838,7 @@ static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *session) { } } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/src/ssl/ssl_test.cc b/src/ssl/ssl_test.cc index 74c4e9eb..894bb14e 100644 --- a/src/ssl/ssl_test.cc +++ b/src/ssl/ssl_test.cc @@ -53,7 +53,7 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) #endif -namespace bssl { +BSSL_NAMESPACE_BEGIN namespace { @@ -1966,18 +1966,18 @@ TEST(SSLTest, ClientHello) { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, - 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00, - 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, - 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18}}, + 0x01, 0x00, 0x00, 0x1f, 0x00, 0x17, 0x00, 0x00, 0xff, 0x01, 0x00, 0x01, + 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, + 0x18, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00}}, {TLS1_1_VERSION, {0x16, 0x03, 0x01, 0x00, 0x5a, 0x01, 0x00, 0x00, 0x56, 0x03, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, - 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00, - 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, - 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18}}, + 0x01, 0x00, 0x00, 0x1f, 0x00, 0x17, 0x00, 0x00, 0xff, 0x01, 0x00, 0x01, + 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, + 0x18, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00}}, {TLS1_2_VERSION, {0x16, 0x03, 0x01, 0x00, 0x82, 0x01, 0x00, 0x00, 0x7e, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1985,12 +1985,12 @@ TEST(SSLTest, ClientHello) { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1e, 0xcc, 0xa9, 0xcc, 0xa8, 0xc0, 0x2b, 0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x0a, 0xc0, 0x14, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, - 0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37, 0xff, 0x01, 0x00, 0x01, - 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, - 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, - 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00, - 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, - 0x17, 0x00, 0x18}}, + 0x00, 0x35, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x37, 0x00, 0x17, 0x00, 0x00, + 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, + 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, + 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x04, 0x03, 0x08, + 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, + 0x01, 0x02, 0x01}}, // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our // implementation has settled enough that it won't change. }; @@ -2033,7 +2033,7 @@ TEST(SSLTest, ClientHello) { } } if (i + 12 >= client_hello.size()) { - printf("}}"); + printf("}},"); } printf("\n"); } @@ -4281,6 +4281,21 @@ TEST_P(SSLVersionTest, VerifyBeforeCertRequest) { server_ctx_.get())); } +// Test that ticket-based sessions on the client get fake session IDs. +TEST_P(SSLVersionTest, FakeIDsForTickets) { + SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH); + SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH); + + bssl::UniquePtr<SSL_SESSION> session = + CreateClientSession(client_ctx_.get(), server_ctx_.get()); + ASSERT_TRUE(session); + + EXPECT_TRUE(SSL_SESSION_has_ticket(session.get())); + unsigned session_id_length; + SSL_SESSION_get_id(session.get(), &session_id_length); + EXPECT_NE(session_id_length, 0u); +} + // These tests test multi-threaded behavior. They are intended to run with // ThreadSanitizer. #if !defined(OPENSSL_NO_THREADS) @@ -4428,4 +4443,4 @@ TEST(SSLTest, AllTests) { } } // namespace -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/src/ssl/ssl_transcript.cc b/src/ssl/ssl_transcript.cc index 24b86bf5..8bb513da 100644 --- a/src/ssl/ssl_transcript.cc +++ b/src/ssl/ssl_transcript.cc @@ -141,7 +141,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN SSLTranscript::SSLTranscript() {} @@ -261,4 +261,4 @@ bool SSLTranscript::GetFinishedMAC(uint8_t *out, size_t *out_len, return true; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/src/ssl/ssl_versions.cc b/src/ssl/ssl_versions.cc index 212c3ac9..911fb7e5 100644 --- a/src/ssl/ssl_versions.cc +++ b/src/ssl/ssl_versions.cc @@ -23,7 +23,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) { switch (version) { @@ -360,7 +360,7 @@ bool ssl_is_draft28(uint16_t version) { return version == TLS1_3_DRAFT28_VERSION || version == TLS1_3_VERSION; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/src/ssl/ssl_x509.cc b/src/ssl/ssl_x509.cc index ef095898..9fa800ff 100644 --- a/src/ssl/ssl_x509.cc +++ b/src/ssl/ssl_x509.cc @@ -155,7 +155,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // check_ssl_x509_method asserts that |ssl| has the X509-based method // installed. Calling an X509-based method on an |ssl| with a different method @@ -506,7 +506,7 @@ const SSL_X509_METHOD ssl_crypto_x509_method = { ssl_crypto_x509_ssl_ctx_flush_cached_client_CA, }; -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/src/ssl/t1_enc.cc b/src/ssl/t1_enc.cc index 93170b96..c6b2844d 100644 --- a/src/ssl/t1_enc.cc +++ b/src/ssl/t1_enc.cc @@ -153,7 +153,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN bool tls1_prf(const EVP_MD *digest, Span<uint8_t> out, Span<const uint8_t> secret, Span<const char> label, @@ -277,7 +277,7 @@ int tls1_generate_master_secret(SSL_HANDSHAKE *hs, uint8_t *out, return SSL3_MASTER_SECRET_SIZE; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/src/ssl/t1_lib.cc b/src/ssl/t1_lib.cc index 32ea2d40..678e4a3b 100644 --- a/src/ssl/t1_lib.cc +++ b/src/ssl/t1_lib.cc @@ -129,7 +129,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs); @@ -2775,14 +2775,6 @@ static bool cert_compression_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { // kExtensions contains all the supported extensions. static const struct tls_extension kExtensions[] = { { - TLSEXT_TYPE_renegotiate, - NULL, - ext_ri_add_clienthello, - ext_ri_parse_serverhello, - ext_ri_parse_clienthello, - ext_ri_add_serverhello, - }, - { TLSEXT_TYPE_server_name, NULL, ext_sni_add_clienthello, @@ -2799,6 +2791,30 @@ static const struct tls_extension kExtensions[] = { ext_ems_add_serverhello, }, { + TLSEXT_TYPE_renegotiate, + NULL, + ext_ri_add_clienthello, + ext_ri_parse_serverhello, + ext_ri_parse_clienthello, + ext_ri_add_serverhello, + }, + { + TLSEXT_TYPE_supported_groups, + NULL, + ext_supported_groups_add_clienthello, + ext_supported_groups_parse_serverhello, + ext_supported_groups_parse_clienthello, + dont_add_serverhello, + }, + { + TLSEXT_TYPE_ec_point_formats, + NULL, + ext_ec_point_add_clienthello, + ext_ec_point_parse_serverhello, + ext_ec_point_parse_clienthello, + ext_ec_point_add_serverhello, + }, + { TLSEXT_TYPE_session_ticket, NULL, ext_ticket_add_clienthello, @@ -2808,6 +2824,23 @@ static const struct tls_extension kExtensions[] = { ext_ticket_add_serverhello, }, { + TLSEXT_TYPE_application_layer_protocol_negotiation, + NULL, + ext_alpn_add_clienthello, + ext_alpn_parse_serverhello, + // ALPN is negotiated late in |ssl_negotiate_alpn|. + ignore_parse_clienthello, + ext_alpn_add_serverhello, + }, + { + TLSEXT_TYPE_status_request, + NULL, + ext_ocsp_add_clienthello, + ext_ocsp_parse_serverhello, + ext_ocsp_parse_clienthello, + ext_ocsp_add_serverhello, + }, + { TLSEXT_TYPE_signature_algorithms, NULL, ext_sigalgs_add_clienthello, @@ -2824,14 +2857,6 @@ static const struct tls_extension kExtensions[] = { dont_add_serverhello, }, { - TLSEXT_TYPE_status_request, - NULL, - ext_ocsp_add_clienthello, - ext_ocsp_parse_serverhello, - ext_ocsp_parse_clienthello, - ext_ocsp_add_serverhello, - }, - { TLSEXT_TYPE_next_proto_neg, NULL, ext_npn_add_clienthello, @@ -2848,15 +2873,6 @@ static const struct tls_extension kExtensions[] = { ext_sct_add_serverhello, }, { - TLSEXT_TYPE_application_layer_protocol_negotiation, - NULL, - ext_alpn_add_clienthello, - ext_alpn_parse_serverhello, - // ALPN is negotiated late in |ssl_negotiate_alpn|. - ignore_parse_clienthello, - ext_alpn_add_serverhello, - }, - { TLSEXT_TYPE_channel_id, ext_channel_id_init, ext_channel_id_add_clienthello, @@ -2873,14 +2889,6 @@ static const struct tls_extension kExtensions[] = { ext_srtp_add_serverhello, }, { - TLSEXT_TYPE_ec_point_formats, - NULL, - ext_ec_point_add_clienthello, - ext_ec_point_parse_serverhello, - ext_ec_point_parse_clienthello, - ext_ec_point_add_serverhello, - }, - { TLSEXT_TYPE_key_share, NULL, ext_key_share_add_clienthello, @@ -2929,14 +2937,6 @@ static const struct tls_extension kExtensions[] = { ext_quic_transport_params_add_serverhello, }, { - TLSEXT_TYPE_supported_groups, - NULL, - ext_supported_groups_add_clienthello, - ext_supported_groups_parse_serverhello, - ext_supported_groups_parse_clienthello, - dont_add_serverhello, - }, - { TLSEXT_TYPE_token_binding, NULL, ext_token_binding_add_clienthello, @@ -3836,7 +3836,7 @@ bool ssl_is_sct_list_valid(const CBS *contents) { return true; } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/src/ssl/test/CMakeLists.txt b/src/ssl/test/CMakeLists.txt index 425b43b6..d86464c4 100644 --- a/src/ssl/test/CMakeLists.txt +++ b/src/ssl/test/CMakeLists.txt @@ -14,6 +14,8 @@ add_executable( $<TARGET_OBJECTS:test_support> ) +add_dependencies(bssl_shim global_target) + target_link_libraries(bssl_shim ssl crypto) if(UNIX AND NOT APPLE AND NOT ANDROID) @@ -31,6 +33,8 @@ if(UNIX AND NOT APPLE AND NOT ANDROID) $<TARGET_OBJECTS:test_support> ) + add_dependencies(handshaker global_target) + target_link_libraries(handshaker ssl crypto) else() # Declare a dummy target for run_tests to depend on. diff --git a/src/ssl/test/runner/runner.go b/src/ssl/test/runner/runner.go index 6bbaecf4..4bcf6037 100644 --- a/src/ssl/test/runner/runner.go +++ b/src/ssl/test/runner/runner.go @@ -7625,17 +7625,6 @@ func addResumptionVersionTests() { }, }) } else { - error := ":OLD_SESSION_VERSION_NOT_RETURNED:" - // Clients offering TLS 1.3 will send a fake session ID - // unrelated to the session being offer. This session ID is - // invalid for the server to echo, so the handshake fails at - // a different point. It's not syntactically possible for a - // server to convince our client that it's accepted a TLS - // 1.3 session at an older version. - if resumeVers.version < VersionTLS13 && sessionVers.version >= VersionTLS13 { - error = ":SERVER_ECHOED_INVALID_SESSION_ID:" - } - testCases = append(testCases, testCase{ protocol: protocol, name: "Resume-Client-Mismatch" + suffix, @@ -7654,7 +7643,7 @@ func addResumptionVersionTests() { }, expectedResumeVersion: resumeVers.version, shouldFail: true, - expectedError: error, + expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:", flags: []string{ "-on-initial-tls13-variant", strconv.Itoa(sessionVers.tls13Variant), "-on-resume-tls13-variant", strconv.Itoa(resumeVers.tls13Variant), diff --git a/src/ssl/tls13_both.cc b/src/ssl/tls13_both.cc index a1793da0..a02d35d7 100644 --- a/src/ssl/tls13_both.cc +++ b/src/ssl/tls13_both.cc @@ -30,7 +30,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // kMaxKeyUpdates is the number of consecutive KeyUpdates that will be // processed. Without this limit an attacker could force unbounded processing @@ -101,8 +101,8 @@ bool tls13_get_cert_verify_signature_input( return true; } -int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, - int allow_anonymous) { +bool tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, + bool allow_anonymous) { SSL *const ssl = hs->ssl; CBS body = msg.body; bssl::UniquePtr<CRYPTO_BUFFER> decompressed; @@ -118,7 +118,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, CBS_len(&body) != 0) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); - return 0; + return false; } if (uncompressed_len > ssl->max_cert_list) { @@ -126,7 +126,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, OPENSSL_PUT_ERROR(SSL, SSL_R_UNCOMPRESSED_CERT_TOO_LARGE); ERR_add_error_dataf("requested=%u", static_cast<unsigned>(uncompressed_len)); - return 0; + return false; } ssl_cert_decompression_func_t decompress = nullptr; @@ -141,7 +141,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERT_COMPRESSION_ALG); ERR_add_error_dataf("alg=%d", static_cast<int>(alg_id)); - return 0; + return false; } CRYPTO_BUFFER *decompressed_ptr = nullptr; @@ -150,7 +150,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_DECOMPRESSION_FAILED); ERR_add_error_dataf("alg=%d", static_cast<int>(alg_id)); - return 0; + return false; } decompressed.reset(decompressed_ptr); @@ -161,7 +161,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, "alg=%d got=%u expected=%u", static_cast<int>(alg_id), static_cast<unsigned>(CRYPTO_BUFFER_len(decompressed_ptr)), static_cast<unsigned>(uncompressed_len)); - return 0; + return false; } CBS_init(&body, CRYPTO_BUFFER_data(decompressed_ptr), @@ -177,14 +177,14 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, CBS_len(&body) != 0) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); - return 0; + return false; } UniquePtr<STACK_OF(CRYPTO_BUFFER)> certs(sk_CRYPTO_BUFFER_new_null()); if (!certs) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); - return 0; + return false; } const bool retain_sha256 = @@ -197,7 +197,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, CBS_len(&certificate) == 0) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_LENGTH_MISMATCH); - return 0; + return false; } if (sk_CRYPTO_BUFFER_num(certs.get()) == 0) { @@ -205,13 +205,13 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, if (!pkey) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); - return 0; + return false; } // TLS 1.3 always uses certificate keys for signing thus the correct // keyUsage is enforced. if (!ssl_cert_check_digital_signature_key_usage(&certificate)) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); - return 0; + return false; } if (retain_sha256) { @@ -227,7 +227,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, !PushToStack(certs.get(), std::move(buf))) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); - return 0; + return false; } // Parse out the extensions. @@ -243,7 +243,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, OPENSSL_ARRAY_SIZE(ext_types), 0 /* reject unknown */)) { ssl_send_alert(ssl, SSL3_AL_FATAL, alert); - return 0; + return false; } // All Certificate extensions are parsed, but only the leaf extensions are @@ -252,7 +252,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, if (ssl->server || !hs->config->ocsp_stapling_enabled) { OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION); ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION); - return 0; + return false; } uint8_t status_type; @@ -263,7 +263,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, CBS_len(&ocsp_response) == 0 || CBS_len(&status_request) != 0) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - return 0; + return false; } if (sk_CRYPTO_BUFFER_num(certs.get()) == 1) { @@ -271,7 +271,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, CRYPTO_BUFFER_new_from_CBS(&ocsp_response, ssl->ctx->pool)); if (hs->new_session->ocsp_response == nullptr) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - return 0; + return false; } } } @@ -280,13 +280,13 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, if (ssl->server || !hs->config->signed_cert_timestamps_enabled) { OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION); ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION); - return 0; + return false; } if (!ssl_is_sct_list_valid(&sct)) { OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION); ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - return 0; + return false; } if (sk_CRYPTO_BUFFER_num(certs.get()) == 1) { @@ -294,7 +294,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, CRYPTO_BUFFER_new_from_CBS(&sct, ssl->ctx->pool)); if (hs->new_session->signed_cert_timestamp_list == nullptr) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - return 0; + return false; } } } @@ -312,14 +312,14 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, if (!ssl->ctx->x509_method->session_cache_objects(hs->new_session.get())) { OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - return 0; + return false; } if (sk_CRYPTO_BUFFER_num(hs->new_session->certs.get()) == 0) { if (!allow_anonymous) { OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_CERTIFICATE_REQUIRED); - return 0; + return false; } // OpenSSL returns X509_V_OK when no certificates are requested. This is @@ -327,18 +327,18 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg, hs->new_session->verify_result = X509_V_OK; // No certificate, so nothing more to do. - return 1; + return true; } hs->new_session->peer_sha256_valid = retain_sha256; - return 1; + return true; } -int tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg) { +bool tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg) { SSL *const ssl = hs->ssl; if (hs->peer_pubkey == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); - return 0; + return false; } CBS body = msg.body, signature; @@ -348,13 +348,13 @@ int tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg) { CBS_len(&body) != 0) { OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - return 0; + return false; } uint8_t alert = SSL_AD_DECODE_ERROR; if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) { ssl_send_alert(ssl, SSL3_AL_FATAL, alert); - return 0; + return false; } hs->new_session->peer_signature_algorithm = signature_algorithm; @@ -363,7 +363,7 @@ int tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg) { hs, &input, ssl->server ? ssl_cert_verify_client : ssl_cert_verify_server)) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - return 0; + return false; } bool sig_ok = ssl_public_key_verify(ssl, signature, signature_algorithm, @@ -375,14 +375,14 @@ int tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg) { if (!sig_ok) { OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE); ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR); - return 0; + return false; } - return 1; + return true; } -int tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg, - int use_saved_value) { +bool tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg, + bool use_saved_value) { SSL *const ssl = hs->ssl; uint8_t verify_data_buf[EVP_MAX_MD_SIZE]; const uint8_t *verify_data; @@ -394,25 +394,25 @@ int tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg, } else { if (!tls13_finished_mac(hs, verify_data_buf, &verify_data_len, !ssl->server)) { - return 0; + return false; } verify_data = verify_data_buf; } - int finished_ok = CBS_mem_equal(&msg.body, verify_data, verify_data_len); + bool finished_ok = CBS_mem_equal(&msg.body, verify_data, verify_data_len); #if defined(BORINGSSL_UNSAFE_FUZZER_MODE) - finished_ok = 1; + finished_ok = true; #endif if (!finished_ok) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED); - return 0; + return false; } - return 1; + return true; } -int tls13_add_certificate(SSL_HANDSHAKE *hs) { +bool tls13_add_certificate(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; CERT *const cert = hs->config->cert.get(); @@ -435,7 +435,7 @@ int tls13_add_certificate(SSL_HANDSHAKE *hs) { !CBB_add_u8(body, 0) || !CBB_add_u24_length_prefixed(body, &certificate_list)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); - return 0; + return false; } if (!ssl_has_certificate(hs->config)) { @@ -449,7 +449,7 @@ int tls13_add_certificate(SSL_HANDSHAKE *hs) { CRYPTO_BUFFER_len(leaf_buf)) || !CBB_add_u16_length_prefixed(&certificate_list, &extensions)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); - return 0; + return false; } if (hs->scts_requested && cert->signed_cert_timestamp_list != nullptr) { @@ -462,7 +462,7 @@ int tls13_add_certificate(SSL_HANDSHAKE *hs) { CRYPTO_BUFFER_len(cert->signed_cert_timestamp_list.get())) || !CBB_flush(&extensions)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); - return 0; + return false; } } @@ -477,7 +477,7 @@ int tls13_add_certificate(SSL_HANDSHAKE *hs) { CRYPTO_BUFFER_len(cert->ocsp_response.get())) || !CBB_flush(&extensions)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); - return 0; + return false; } } @@ -489,7 +489,7 @@ int tls13_add_certificate(SSL_HANDSHAKE *hs) { CRYPTO_BUFFER_len(cert_buf)) || !CBB_add_u16(&certificate_list, 0 /* no extensions */)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); - return 0; + return false; } } @@ -500,7 +500,7 @@ int tls13_add_certificate(SSL_HANDSHAKE *hs) { Array<uint8_t> msg; if (!CBBFinishArray(cbb.get(), &msg)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); - return 0; + return false; } const CertCompressionAlg *alg = nullptr; @@ -513,7 +513,7 @@ int tls13_add_certificate(SSL_HANDSHAKE *hs) { if (alg == nullptr || alg->compress == nullptr) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); - return 0; + return false; } CBB compressed; @@ -526,10 +526,10 @@ int tls13_add_certificate(SSL_HANDSHAKE *hs) { !alg->compress(ssl, &compressed, msg.data(), msg.size()) || !ssl_add_message_cbb(ssl, cbb.get())) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); - return 0; + return false; } - return 1; + return true; } enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs) { @@ -582,7 +582,7 @@ enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs) { return ssl_private_key_success; } -int tls13_add_finished(SSL_HANDSHAKE *hs) { +bool tls13_add_finished(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; size_t verify_data_len; uint8_t verify_data[EVP_MAX_MD_SIZE]; @@ -590,7 +590,7 @@ int tls13_add_finished(SSL_HANDSHAKE *hs) { if (!tls13_finished_mac(hs, verify_data, &verify_data_len, ssl->server)) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED); - return 0; + return false; } ScopedCBB cbb; @@ -598,13 +598,13 @@ int tls13_add_finished(SSL_HANDSHAKE *hs) { if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_FINISHED) || !CBB_add_bytes(&body, verify_data, verify_data_len) || !ssl_add_message_cbb(ssl, cbb.get())) { - return 0; + return false; } - return 1; + return true; } -static int tls13_receive_key_update(SSL *ssl, const SSLMessage &msg) { +static bool tls13_receive_key_update(SSL *ssl, const SSLMessage &msg) { CBS body = msg.body; uint8_t key_update_request; if (!CBS_get_u8(&body, &key_update_request) || @@ -613,11 +613,11 @@ static int tls13_receive_key_update(SSL *ssl, const SSLMessage &msg) { key_update_request != SSL_KEY_UPDATE_REQUESTED)) { OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - return 0; + return false; } if (!tls13_rotate_traffic_key(ssl, evp_aead_open)) { - return 0; + return false; } // Acknowledge the KeyUpdate @@ -630,7 +630,7 @@ static int tls13_receive_key_update(SSL *ssl, const SSLMessage &msg) { !CBB_add_u8(&body_cbb, SSL_KEY_UPDATE_NOT_REQUESTED) || !ssl_add_message_cbb(ssl, cbb.get()) || !tls13_rotate_traffic_key(ssl, evp_aead_seal)) { - return 0; + return false; } // Suppress KeyUpdate acknowledgments until this change is written to the @@ -639,16 +639,16 @@ static int tls13_receive_key_update(SSL *ssl, const SSLMessage &msg) { ssl->s3->key_update_pending = true; } - return 1; + return true; } -int tls13_post_handshake(SSL *ssl, const SSLMessage &msg) { +bool tls13_post_handshake(SSL *ssl, const SSLMessage &msg) { if (msg.type == SSL3_MT_KEY_UPDATE) { ssl->s3->key_update_count++; if (ssl->s3->key_update_count > kMaxKeyUpdates) { OPENSSL_PUT_ERROR(SSL, SSL_R_TOO_MANY_KEY_UPDATES); ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - return 0; + return false; } return tls13_receive_key_update(ssl, msg); @@ -662,7 +662,7 @@ int tls13_post_handshake(SSL *ssl, const SSLMessage &msg) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE); - return 0; + return false; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/src/ssl/tls13_client.cc b/src/ssl/tls13_client.cc index cf204037..26f5fb99 100644 --- a/src/ssl/tls13_client.cc +++ b/src/ssl/tls13_client.cc @@ -24,13 +24,14 @@ #include <openssl/digest.h> #include <openssl/err.h> #include <openssl/mem.h> +#include <openssl/sha.h> #include <openssl/stack.h> #include "../crypto/internal.h" #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN enum client_hs_state_t { state_read_hello_retry_request = 0, @@ -552,7 +553,7 @@ static enum ssl_hs_wait_t do_read_server_certificate(SSL_HANDSHAKE *hs) { return ssl_hs_error; } - if (!tls13_process_certificate(hs, msg, 0 /* certificate required */) || + if (!tls13_process_certificate(hs, msg, false /* certificate required */) || !ssl_hash_message(hs, msg)) { return ssl_hs_error; } @@ -612,7 +613,7 @@ static enum ssl_hs_wait_t do_read_server_finished(SSL_HANDSHAKE *hs) { return ssl_hs_read_message; } if (!ssl_check_message_type(ssl, msg, SSL3_MT_FINISHED) || - !tls13_process_finished(hs, msg, 0 /* don't use saved value */) || + !tls13_process_finished(hs, msg, false /* don't use saved value */) || !ssl_hash_message(hs, msg) || // Update the secret to the master secret and derive traffic keys. !tls13_advance_key_schedule(hs, kZeroes, hs->hash_len) || @@ -846,18 +847,18 @@ const char *tls13_client_handshake_state(SSL_HANDSHAKE *hs) { return "TLS 1.3 client unknown"; } -int tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) { +bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) { if (ssl->s3->write_shutdown != ssl_shutdown_none) { // Ignore tickets on shutdown. Callers tend to indiscriminately call // |SSL_shutdown| before destroying an |SSL|, at which point calling the new // session callback may be confusing. - return 1; + return true; } UniquePtr<SSL_SESSION> session = SSL_SESSION_dup( ssl->s3->established_session.get(), SSL_SESSION_INCLUDE_NONAUTH); if (!session) { - return 0; + return false; } ssl_session_rebase_time(ssl, session.get()); @@ -873,7 +874,7 @@ int tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) { CBS_len(&body) != 0) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); - return 0; + return false; } // Cap the renewable lifetime by the server advertised value. This avoids @@ -883,7 +884,7 @@ int tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) { } if (!tls13_derive_session_psk(session.get(), ticket_nonce)) { - return 0; + return false; } // Parse out the extensions. @@ -898,7 +899,7 @@ int tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) { OPENSSL_ARRAY_SIZE(ext_types), 1 /* ignore unknown */)) { ssl_send_alert(ssl, SSL3_AL_FATAL, alert); - return 0; + return false; } if (have_early_data_info && ssl->enable_early_data) { @@ -906,10 +907,15 @@ int tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) { CBS_len(&early_data_info) != 0) { ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); - return 0; + return false; } } + // Generate a session ID for this session. Some callers expect all sessions to + // have a session ID. + SHA256(CBS_data(&ticket), CBS_len(&ticket), session->session_id); + session->session_id_length = SHA256_DIGEST_LENGTH; + session->ticket_age_add_valid = true; session->not_resumable = false; @@ -920,7 +926,7 @@ int tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) { session.release(); } - return 1; + return true; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/src/ssl/tls13_enc.cc b/src/ssl/tls13_enc.cc index 84bc5d22..5e1f19a3 100644 --- a/src/ssl/tls13_enc.cc +++ b/src/ssl/tls13_enc.cc @@ -30,12 +30,12 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN -static int init_key_schedule(SSL_HANDSHAKE *hs, uint16_t version, +static bool init_key_schedule(SSL_HANDSHAKE *hs, uint16_t version, const SSL_CIPHER *cipher) { if (!hs->transcript.InitHash(version, cipher)) { - return 0; + return false; } hs->hash_len = hs->transcript.DigestLen(); @@ -43,13 +43,13 @@ static int init_key_schedule(SSL_HANDSHAKE *hs, uint16_t version, // Initialize the secret to the zero key. OPENSSL_memset(hs->secret, 0, hs->hash_len); - return 1; + return true; } -int tls13_init_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk, - size_t psk_len) { +bool tls13_init_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk, + size_t psk_len) { if (!init_key_schedule(hs, ssl_protocol_version(hs->ssl), hs->new_cipher)) { - return 0; + return false; } hs->transcript.FreeBuffer(); @@ -57,8 +57,8 @@ int tls13_init_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk, psk_len, hs->secret, hs->hash_len); } -int tls13_init_early_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk, - size_t psk_len) { +bool tls13_init_early_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk, + size_t psk_len) { SSL *const ssl = hs->ssl; return init_key_schedule(hs, ssl_session_protocol_version(ssl->session.get()), ssl->session->cipher) && @@ -66,10 +66,11 @@ int tls13_init_early_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *psk, psk_len, hs->secret, hs->hash_len); } -static int hkdf_expand_label(uint8_t *out, const EVP_MD *digest, - const uint8_t *secret, size_t secret_len, - const char *label, size_t label_len, - const uint8_t *hash, size_t hash_len, size_t len) { +static bool hkdf_expand_label(uint8_t *out, const EVP_MD *digest, + const uint8_t *secret, size_t secret_len, + const char *label, size_t label_len, + const uint8_t *hash, size_t hash_len, + size_t len) { static const char kTLS13LabelVersion[] = "tls13 "; ScopedCBB cbb; @@ -85,7 +86,7 @@ static int hkdf_expand_label(uint8_t *out, const EVP_MD *digest, !CBB_add_u8_length_prefixed(cbb.get(), &child) || !CBB_add_bytes(&child, hash, hash_len) || !CBBFinishArray(cbb.get(), &hkdf_label)) { - return 0; + return false; } return HKDF_expand(out, len, digest, secret, secret_len, hkdf_label.data(), @@ -94,20 +95,20 @@ static int hkdf_expand_label(uint8_t *out, const EVP_MD *digest, static const char kTLS13LabelDerived[] = "derived"; -int tls13_advance_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *in, - size_t len) { +bool tls13_advance_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *in, + size_t len) { uint8_t derive_context[EVP_MAX_MD_SIZE]; unsigned derive_context_len; if (!EVP_Digest(nullptr, 0, derive_context, &derive_context_len, hs->transcript.Digest(), nullptr)) { - return 0; + return false; } if (!hkdf_expand_label(hs->secret, hs->transcript.Digest(), hs->secret, hs->hash_len, kTLS13LabelDerived, strlen(kTLS13LabelDerived), derive_context, derive_context_len, hs->hash_len)) { - return 0; + return false; } return HKDF_extract(hs->secret, &hs->hash_len, hs->transcript.Digest(), in, @@ -116,13 +117,13 @@ int tls13_advance_key_schedule(SSL_HANDSHAKE *hs, const uint8_t *in, // derive_secret derives a secret of length |len| and writes the result in |out| // with the given label and the current base secret and most recently-saved -// handshake context. It returns one on success and zero on error. -static int derive_secret(SSL_HANDSHAKE *hs, uint8_t *out, size_t len, - const char *label, size_t label_len) { +// handshake context. It returns true on success and false on error. +static bool derive_secret(SSL_HANDSHAKE *hs, uint8_t *out, size_t len, + const char *label, size_t label_len) { uint8_t context_hash[EVP_MAX_MD_SIZE]; size_t context_hash_len; if (!hs->transcript.GetHash(context_hash, &context_hash_len)) { - return 0; + return false; } return hkdf_expand_label(out, hs->transcript.Digest(), hs->secret, @@ -130,15 +131,15 @@ static int derive_secret(SSL_HANDSHAKE *hs, uint8_t *out, size_t len, context_hash_len, len); } -int tls13_set_traffic_key(SSL *ssl, enum evp_aead_direction_t direction, - const uint8_t *traffic_secret, - size_t traffic_secret_len) { +bool tls13_set_traffic_key(SSL *ssl, enum evp_aead_direction_t direction, + const uint8_t *traffic_secret, + size_t traffic_secret_len) { const SSL_SESSION *session = SSL_get_session(ssl); uint16_t version = ssl_session_protocol_version(session); if (traffic_secret_len > 0xff) { OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW); - return 0; + return false; } // Look up cipher suite properties. @@ -146,7 +147,7 @@ int tls13_set_traffic_key(SSL *ssl, enum evp_aead_direction_t direction, size_t discard; if (!ssl_cipher_get_evp_aead(&aead, &discard, &discard, session->cipher, version, SSL_is_dtls(ssl))) { - return 0; + return false; } const EVP_MD *digest = ssl_session_get_digest(session); @@ -156,7 +157,7 @@ int tls13_set_traffic_key(SSL *ssl, enum evp_aead_direction_t direction, uint8_t key[EVP_AEAD_MAX_KEY_LENGTH]; if (!hkdf_expand_label(key, digest, traffic_secret, traffic_secret_len, "key", 3, NULL, 0, key_len)) { - return 0; + return false; } // Derive the IV. @@ -164,7 +165,7 @@ int tls13_set_traffic_key(SSL *ssl, enum evp_aead_direction_t direction, uint8_t iv[EVP_AEAD_MAX_NONCE_LENGTH]; if (!hkdf_expand_label(iv, digest, traffic_secret, traffic_secret_len, "iv", 2, NULL, 0, iv_len)) { - return 0; + return false; } UniquePtr<SSLAEADContext> traffic_aead = @@ -172,16 +173,16 @@ int tls13_set_traffic_key(SSL *ssl, enum evp_aead_direction_t direction, session->cipher, MakeConstSpan(key, key_len), Span<const uint8_t>(), MakeConstSpan(iv, iv_len)); if (!traffic_aead) { - return 0; + return false; } if (direction == evp_aead_open) { if (!ssl->method->set_read_state(ssl, std::move(traffic_aead))) { - return 0; + return false; } } else { if (!ssl->method->set_write_state(ssl, std::move(traffic_aead))) { - return 0; + return false; } } @@ -196,7 +197,7 @@ int tls13_set_traffic_key(SSL *ssl, enum evp_aead_direction_t direction, ssl->s3->write_traffic_secret_len = traffic_secret_len; } - return 1; + return true; } @@ -209,7 +210,7 @@ static const char kTLS13LabelServerHandshakeTraffic[] = "s hs traffic"; static const char kTLS13LabelClientApplicationTraffic[] = "c ap traffic"; static const char kTLS13LabelServerApplicationTraffic[] = "s ap traffic"; -int tls13_derive_early_secrets(SSL_HANDSHAKE *hs) { +bool tls13_derive_early_secrets(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; if (!derive_secret(hs, hs->early_traffic_secret, hs->hash_len, kTLS13LabelClientEarlyTraffic, @@ -219,13 +220,13 @@ int tls13_derive_early_secrets(SSL_HANDSHAKE *hs) { !derive_secret(hs, ssl->s3->early_exporter_secret, hs->hash_len, kTLS13LabelEarlyExporter, strlen(kTLS13LabelEarlyExporter))) { - return 0; + return false; } ssl->s3->early_exporter_secret_len = hs->hash_len; - return 1; + return true; } -int tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs) { +bool tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; return derive_secret(hs, hs->client_handshake_secret, hs->hash_len, kTLS13LabelClientHandshakeTraffic, @@ -239,7 +240,7 @@ int tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs) { hs->server_handshake_secret, hs->hash_len); } -int tls13_derive_application_secrets(SSL_HANDSHAKE *hs) { +bool tls13_derive_application_secrets(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; ssl->s3->exporter_secret_len = hs->hash_len; return derive_secret(hs, hs->client_traffic_secret_0, hs->hash_len, @@ -260,7 +261,7 @@ int tls13_derive_application_secrets(SSL_HANDSHAKE *hs) { static const char kTLS13LabelApplicationTraffic[] = "traffic upd"; -int tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction) { +bool tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction) { uint8_t *secret; size_t secret_len; if (direction == evp_aead_open) { @@ -275,7 +276,7 @@ int tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction) { if (!hkdf_expand_label( secret, digest, secret, secret_len, kTLS13LabelApplicationTraffic, strlen(kTLS13LabelApplicationTraffic), NULL, 0, secret_len)) { - return 0; + return false; } return tls13_set_traffic_key(ssl, direction, secret, secret_len); @@ -283,10 +284,10 @@ int tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction) { static const char kTLS13LabelResumption[] = "res master"; -int tls13_derive_resumption_secret(SSL_HANDSHAKE *hs) { +bool tls13_derive_resumption_secret(SSL_HANDSHAKE *hs) { if (hs->hash_len > SSL_MAX_MASTER_KEY_LENGTH) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); - return 0; + return false; } hs->new_session->master_key_length = hs->hash_len; return derive_secret(hs, hs->new_session->master_key, @@ -298,23 +299,23 @@ static const char kTLS13LabelFinished[] = "finished"; // tls13_verify_data sets |out| to be the HMAC of |context| using a derived // Finished key for both Finished messages and the PSK binder. -static int tls13_verify_data(const EVP_MD *digest, uint16_t version, - uint8_t *out, size_t *out_len, - const uint8_t *secret, size_t hash_len, - uint8_t *context, size_t context_len) { +static bool tls13_verify_data(const EVP_MD *digest, uint16_t version, + uint8_t *out, size_t *out_len, + const uint8_t *secret, size_t hash_len, + uint8_t *context, size_t context_len) { uint8_t key[EVP_MAX_MD_SIZE]; unsigned len; if (!hkdf_expand_label(key, digest, secret, hash_len, kTLS13LabelFinished, strlen(kTLS13LabelFinished), NULL, 0, hash_len) || HMAC(digest, key, hash_len, context, context_len, out, &len) == NULL) { - return 0; + return false; } *out_len = len; - return 1; + return true; } -int tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len, - int is_server) { +bool tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len, + bool is_server) { const uint8_t *traffic_secret; if (is_server) { traffic_secret = hs->server_handshake_secret; @@ -345,14 +346,14 @@ bool tls13_derive_session_psk(SSL_SESSION *session, Span<const uint8_t> nonce) { static const char kTLS13LabelExportKeying[] = "exporter"; -int tls13_export_keying_material(SSL *ssl, Span<uint8_t> out, - Span<const uint8_t> secret, - Span<const char> label, - Span<const uint8_t> context) { +bool tls13_export_keying_material(SSL *ssl, Span<uint8_t> out, + Span<const uint8_t> secret, + Span<const char> label, + Span<const uint8_t> context) { if (secret.empty()) { assert(0); OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); - return 0; + return false; } const EVP_MD *digest = ssl_session_get_digest(SSL_get_session(ssl)); @@ -378,21 +379,21 @@ int tls13_export_keying_material(SSL *ssl, Span<uint8_t> out, static const char kTLS13LabelPSKBinder[] = "res binder"; -static int tls13_psk_binder(uint8_t *out, uint16_t version, - const EVP_MD *digest, uint8_t *psk, size_t psk_len, - uint8_t *context, size_t context_len, - size_t hash_len) { +static bool tls13_psk_binder(uint8_t *out, uint16_t version, + const EVP_MD *digest, uint8_t *psk, size_t psk_len, + uint8_t *context, size_t context_len, + size_t hash_len) { uint8_t binder_context[EVP_MAX_MD_SIZE]; unsigned binder_context_len; if (!EVP_Digest(NULL, 0, binder_context, &binder_context_len, digest, NULL)) { - return 0; + return false; } uint8_t early_secret[EVP_MAX_MD_SIZE] = {0}; size_t early_secret_len; if (!HKDF_extract(early_secret, &early_secret_len, digest, psk, hash_len, NULL, 0)) { - return 0; + return false; } uint8_t binder_key[EVP_MAX_MD_SIZE] = {0}; @@ -402,20 +403,20 @@ static int tls13_psk_binder(uint8_t *out, uint16_t version, binder_context, binder_context_len, hash_len) || !tls13_verify_data(digest, version, out, &len, binder_key, hash_len, context, context_len)) { - return 0; + return false; } - return 1; + return true; } -int tls13_write_psk_binder(SSL_HANDSHAKE *hs, uint8_t *msg, size_t len) { +bool tls13_write_psk_binder(SSL_HANDSHAKE *hs, uint8_t *msg, size_t len) { SSL *const ssl = hs->ssl; const EVP_MD *digest = ssl_session_get_digest(ssl->session.get()); size_t hash_len = EVP_MD_size(digest); if (len < hash_len + 3) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); - return 0; + return false; } ScopedEVP_MD_CTX ctx; @@ -427,7 +428,7 @@ int tls13_write_psk_binder(SSL_HANDSHAKE *hs, uint8_t *msg, size_t len) { hs->transcript.buffer().size()) || !EVP_DigestUpdate(ctx.get(), msg, len - hash_len - 3) || !EVP_DigestFinal_ex(ctx.get(), context, &context_len)) { - return 0; + return false; } uint8_t verify_data[EVP_MAX_MD_SIZE] = {0}; @@ -435,21 +436,21 @@ int tls13_write_psk_binder(SSL_HANDSHAKE *hs, uint8_t *msg, size_t len) { ssl->session->master_key, ssl->session->master_key_length, context, context_len, hash_len)) { - return 0; + return false; } OPENSSL_memcpy(msg + len - hash_len, verify_data, hash_len); - return 1; + return true; } -int tls13_verify_psk_binder(SSL_HANDSHAKE *hs, SSL_SESSION *session, - const SSLMessage &msg, CBS *binders) { +bool tls13_verify_psk_binder(SSL_HANDSHAKE *hs, SSL_SESSION *session, + const SSLMessage &msg, CBS *binders) { size_t hash_len = hs->transcript.DigestLen(); // The message must be large enough to exclude the binders. if (CBS_len(&msg.raw) < CBS_len(binders) + 2) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); - return 0; + return false; } // Hash a ClientHello prefix up to the binders. This includes the header. For @@ -459,7 +460,7 @@ int tls13_verify_psk_binder(SSL_HANDSHAKE *hs, SSL_SESSION *session, unsigned context_len; if (!EVP_Digest(CBS_data(&msg.raw), CBS_len(&msg.raw) - CBS_len(binders) - 2, context, &context_len, hs->transcript.Digest(), NULL)) { - return 0; + return false; } uint8_t verify_data[EVP_MAX_MD_SIZE] = {0}; @@ -470,21 +471,21 @@ int tls13_verify_psk_binder(SSL_HANDSHAKE *hs, SSL_SESSION *session, // We only consider the first PSK, so compare against the first binder. !CBS_get_u8_length_prefixed(binders, &binder)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); - return 0; + return false; } - int binder_ok = + bool binder_ok = CBS_len(&binder) == hash_len && CRYPTO_memcmp(CBS_data(&binder), verify_data, hash_len) == 0; #if defined(BORINGSSL_UNSAFE_FUZZER_MODE) - binder_ok = 1; + binder_ok = true; #endif if (!binder_ok) { OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED); - return 0; + return false; } - return 1; + return true; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/src/ssl/tls13_server.cc b/src/ssl/tls13_server.cc index aba7fc0b..0d82d68b 100644 --- a/src/ssl/tls13_server.cc +++ b/src/ssl/tls13_server.cc @@ -36,7 +36,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN enum server_hs_state_t { state_select_parameters = 0, @@ -716,7 +716,7 @@ static enum ssl_hs_wait_t do_send_server_finished(SSL_HANDSHAKE *hs) { size_t finished_len; if (!tls13_finished_mac(hs, hs->expected_client_finished, &finished_len, - 0 /* client */)) { + false /* client */)) { return ssl_hs_error; } @@ -807,7 +807,7 @@ static enum ssl_hs_wait_t do_read_client_certificate(SSL_HANDSHAKE *hs) { return ssl_hs_ok; } - const int allow_anonymous = + const bool allow_anonymous = (hs->config->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) == 0; SSLMessage msg; if (!ssl->method->get_message(ssl, &msg)) { @@ -1028,4 +1028,4 @@ const char *tls13_server_handshake_state(SSL_HANDSHAKE *hs) { return "TLS 1.3 server unknown"; } -} // namespace bssl +BSSL_NAMESPACE_END diff --git a/src/ssl/tls_method.cc b/src/ssl/tls_method.cc index 2af51719..116f0270 100644 --- a/src/ssl/tls_method.cc +++ b/src/ssl/tls_method.cc @@ -65,7 +65,7 @@ #include "internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN static void ssl3_on_handshake_complete(SSL *ssl) { // The handshake should have released its final message. @@ -182,7 +182,7 @@ const SSL_X509_METHOD ssl_noop_x509_method = { ssl_noop_x509_ssl_ctx_flush_cached_client_CA, }; -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/src/ssl/tls_record.cc b/src/ssl/tls_record.cc index a2e4a20f..c1f9e7f8 100644 --- a/src/ssl/tls_record.cc +++ b/src/ssl/tls_record.cc @@ -119,7 +119,7 @@ #include "../crypto/internal.h" -namespace bssl { +BSSL_NAMESPACE_BEGIN // kMaxEmptyRecords is the number of consecutive, empty records that will be // processed. Without this limit an attacker could send empty records at a @@ -140,26 +140,26 @@ static const uint8_t kMaxWarningAlerts = 4; // ssl_needs_record_splitting returns one if |ssl|'s current outgoing cipher // state needs record-splitting and zero otherwise. -static int ssl_needs_record_splitting(const SSL *ssl) { +static bool ssl_needs_record_splitting(const SSL *ssl) { #if !defined(BORINGSSL_UNSAFE_FUZZER_MODE) return !ssl->s3->aead_write_ctx->is_null_cipher() && ssl->s3->aead_write_ctx->ProtocolVersion() < TLS1_1_VERSION && (ssl->mode & SSL_MODE_CBC_RECORD_SPLITTING) != 0 && SSL_CIPHER_is_block_cipher(ssl->s3->aead_write_ctx->cipher()); #else - return 0; + return false; #endif } -int ssl_record_sequence_update(uint8_t *seq, size_t seq_len) { +bool ssl_record_sequence_update(uint8_t *seq, size_t seq_len) { for (size_t i = seq_len - 1; i < seq_len; i--) { ++seq[i]; if (seq[i] != 0) { - return 1; + return true; } } OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW); - return 0; + return false; } size_t ssl_record_prefix_len(const SSL *ssl) { @@ -373,9 +373,9 @@ ssl_open_record_t tls_open_record(SSL *ssl, uint8_t *out_type, return ssl_open_record_success; } -static int do_seal_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out, - uint8_t *out_suffix, uint8_t type, const uint8_t *in, - const size_t in_len) { +static bool do_seal_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out, + uint8_t *out_suffix, uint8_t type, const uint8_t *in, + const size_t in_len) { SSLAEADContext *aead = ssl->s3->aead_write_ctx.get(); uint8_t *extra_in = NULL; size_t extra_in_len = 0; @@ -390,7 +390,7 @@ static int do_seal_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out, if (!aead->SuffixLen(&suffix_len, in_len, extra_in_len) || !aead->CiphertextLen(&ciphertext_len, in_len, extra_in_len)) { OPENSSL_PUT_ERROR(SSL, SSL_R_RECORD_TOO_LARGE); - return 0; + return false; } assert(in == out || !buffers_alias(in, in_len, out, in_len)); @@ -415,11 +415,11 @@ static int do_seal_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out, out_prefix[0], record_version, ssl->s3->write_sequence, header, in, in_len, extra_in, extra_in_len) || !ssl_record_sequence_update(ssl->s3->write_sequence, 8)) { - return 0; + return false; } ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HEADER, header); - return 1; + return true; } static size_t tls_seal_scatter_prefix_len(const SSL *ssl, uint8_t type, @@ -464,7 +464,7 @@ static bool tls_seal_scatter_suffix_len(const SSL *ssl, size_t *out_suffix_len, // returns one on success and zero on error. If enabled, // |tls_seal_scatter_record| implements TLS 1.0 CBC 1/n-1 record splitting and // may write two records concatenated. -static int tls_seal_scatter_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out, +static bool tls_seal_scatter_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out, uint8_t *out_suffix, uint8_t type, const uint8_t *in, size_t in_len) { if (type == SSL3_RT_APPLICATION_DATA && in_len > 1 && @@ -478,13 +478,13 @@ static int tls_seal_scatter_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out, if (!do_seal_record(ssl, out_prefix, split_body, split_suffix, type, in, 1)) { - return 0; + return false; } size_t split_record_suffix_len; if (!ssl->s3->aead_write_ctx->SuffixLen(&split_record_suffix_len, 1, 0)) { assert(false); - return 0; + return false; } const size_t split_record_len = prefix_len + 1 + split_record_suffix_len; assert(SSL3_RT_HEADER_LENGTH + ssl_cipher_get_record_split_len( @@ -496,24 +496,25 @@ static int tls_seal_scatter_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out, uint8_t tmp_prefix[SSL3_RT_HEADER_LENGTH]; if (!do_seal_record(ssl, tmp_prefix, out + 1, out_suffix, type, in + 1, in_len - 1)) { - return 0; + return false; } assert(tls_seal_scatter_prefix_len(ssl, type, in_len) == split_record_len + SSL3_RT_HEADER_LENGTH - 1); OPENSSL_memcpy(out_prefix + split_record_len, tmp_prefix, SSL3_RT_HEADER_LENGTH - 1); OPENSSL_memcpy(out, tmp_prefix + SSL3_RT_HEADER_LENGTH - 1, 1); - return 1; + return true; } return do_seal_record(ssl, out_prefix, out, out_suffix, type, in, in_len); } -int tls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out_len, - uint8_t type, const uint8_t *in, size_t in_len) { +bool tls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, + size_t max_out_len, uint8_t type, const uint8_t *in, + size_t in_len) { if (buffers_alias(in, in_len, out, max_out_len)) { OPENSSL_PUT_ERROR(SSL, SSL_R_OUTPUT_ALIASES_INPUT); - return 0; + return false; } const size_t prefix_len = tls_seal_scatter_prefix_len(ssl, type, in_len); @@ -524,22 +525,22 @@ int tls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out_len, if (in_len + prefix_len < in_len || prefix_len + in_len + suffix_len < prefix_len + in_len) { OPENSSL_PUT_ERROR(SSL, SSL_R_RECORD_TOO_LARGE); - return 0; + return false; } if (max_out_len < in_len + prefix_len + suffix_len) { OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL); - return 0; + return false; } uint8_t *prefix = out; uint8_t *body = out + prefix_len; uint8_t *suffix = body + in_len; if (!tls_seal_scatter_record(ssl, prefix, body, suffix, type, in, in_len)) { - return 0; + return false; } *out_len = prefix_len + in_len + suffix_len; - return 1; + return true; } enum ssl_open_record_t ssl_process_alert(SSL *ssl, uint8_t *out_alert, @@ -674,7 +675,7 @@ bool SealRecord(SSL *ssl, const Span<uint8_t> out_prefix, in.data(), in.size()); } -} // namespace bssl +BSSL_NAMESPACE_END using namespace bssl; diff --git a/src/third_party/fiat/CMakeLists.txt b/src/third_party/fiat/CMakeLists.txt deleted file mode 100644 index fcc77d52..00000000 --- a/src/third_party/fiat/CMakeLists.txt +++ /dev/null @@ -1,9 +0,0 @@ -include_directories(../../include) - -add_library( - fiat - - OBJECT - - curve25519.c -) diff --git a/src/tool/CMakeLists.txt b/src/tool/CMakeLists.txt index 87efb09f..7f340171 100644 --- a/src/tool/CMakeLists.txt +++ b/src/tool/CMakeLists.txt @@ -20,6 +20,8 @@ add_executable( transport_common.cc ) +add_dependencies(bssl global_target) + if(APPLE OR WIN32 OR ANDROID) target_link_libraries(bssl ssl crypto) else() diff --git a/src/util/all_tests.json b/src/util/all_tests.json index 01d6fd06..7152ec1d 100644 --- a/src/util/all_tests.json +++ b/src/util/all_tests.json @@ -1,5 +1,6 @@ [ ["crypto/crypto_test"], + ["crypto/crypto_test", "--fork_unsafe_buffering", "--gtest_filter=RandTest.*:-RandTest.Fork"], ["decrepit/decrepit_test"], ["ssl/ssl_test"] ] diff --git a/src/util/doc.go b/src/util/doc.go index 040ac790..ab21547f 100644 --- a/src/util/doc.go +++ b/src/util/doc.go @@ -82,6 +82,19 @@ func isComment(line string) bool { return strings.HasPrefix(line, commentStart) || strings.HasPrefix(line, lineComment) } +func commentSubject(line string) string { + if strings.HasPrefix(line, "A ") { + line = line[len("A "):] + } else if strings.HasPrefix(line, "An ") { + line = line[len("An "):] + } + idx := strings.IndexAny(line, " ,") + if idx < 0 { + return line + } + return line[:idx] +} + func extractComment(lines []string, lineNo int) (comment []string, rest []string, restLineNo int, err error) { if len(lines) == 0 { return nil, lines, lineNo, nil @@ -426,17 +439,22 @@ func (config *Config) parseHeader(path string) (*HeaderFile, error) { // As a matter of style, comments should start // with the name of the thing that they are // commenting on. We make an exception here for - // #defines (because we often have blocks of - // them) and collective comments, which are - // detected by starting with “The” or “These”. + // collective comments, which are detected by + // starting with “The” or “These”. if len(comment) > 0 && - !strings.HasPrefix(comment[0], name) && - !strings.HasPrefix(comment[0], "A "+name) && - !strings.HasPrefix(comment[0], "An "+name) && - !strings.HasPrefix(decl, "#define ") && + len(name) > 0 && !strings.HasPrefix(comment[0], "The ") && !strings.HasPrefix(comment[0], "These ") { - return nil, fmt.Errorf("Comment for %q doesn't seem to match line %s:%d\n", name, path, declLineNo) + subject := commentSubject(comment[0]) + ok := subject == name + if l := len(subject); l > 0 && subject[l-1] == '*' { + // Groups of names, notably #defines, are often + // denoted with a wildcard. + ok = strings.HasPrefix(name, subject[:l-1]) + } + if !ok { + return nil, fmt.Errorf("Comment for %q doesn't seem to match line %s:%d\n", name, path, declLineNo) + } } anchor := sanitizeAnchor(name) // TODO(davidben): Enforce uniqueness. This is diff --git a/src/util/make_prefix_headers.go b/src/util/make_prefix_headers.go new file mode 100644 index 00000000..a5e5441f --- /dev/null +++ b/src/util/make_prefix_headers.go @@ -0,0 +1,216 @@ +// Copyright (c) 2018, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +// This program takes a file containing newline-separated symbols, and generates +// boringssl_prefix_symbols.h, boringssl_prefix_symbols_asm.h, and +// boringssl_prefix_symbols_nasm.inc. These header files can be used to build +// BoringSSL with a prefix for all symbols in order to avoid symbol name +// conflicts when linking a project with multiple copies of BoringSSL; see +// BUILDING.md for more details. + +// TODO(joshlf): For platforms which support it, use '#pragma redefine_extname' +// instead of a custom macro. This avoids the need for a custom macro, but also +// ensures that our renaming won't conflict with symbols defined and used by our +// consumers (the "HMAC" problem). An example of this approach can be seen in +// IllumOS' fork of OpenSSL: +// https://github.com/joyent/illumos-extra/blob/master/openssl1x/sunw_prefix.h + +package main + +import ( + "bufio" + "flag" + "fmt" + "os" + "path/filepath" + "strings" +) + +var out = flag.String("out", ".", "Path to a directory where the outputs will be written") + +// Read newline-separated symbols from a file, ignoring any comments started +// with '#'. +func readSymbols(path string) ([]string, error) { + f, err := os.Open(path) + if err != nil { + return nil, err + } + defer f.Close() + scanner := bufio.NewScanner(f) + var ret []string + for scanner.Scan() { + line := scanner.Text() + if idx := strings.IndexByte(line, '#'); idx >= 0 { + line = line[:idx] + } + line = strings.TrimSpace(line) + if len(line) == 0 { + continue + } + ret = append(ret, line) + } + if err := scanner.Err(); err != nil { + return nil, err + } + return ret, nil +} + +func writeCHeader(symbols []string, path string) error { + f, err := os.Create(path) + if err != nil { + return err + } + defer f.Close() + + if _, err := f.WriteString(`// Copyright (c) 2018, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +// BORINGSSL_ADD_PREFIX pastes two identifiers into one. It performs one +// iteration of macro expansion on its arguments before pasting. +#define BORINGSSL_ADD_PREFIX(a, b) BORINGSSL_ADD_PREFIX_INNER(a, b) +#define BORINGSSL_ADD_PREFIX_INNER(a, b) a ## _ ## b + +`); err != nil { + return err + } + + for _, symbol := range symbols { + if _, err := fmt.Fprintf(f, "#define %s BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, %s)\n", symbol, symbol); err != nil { + return err + } + } + + return nil +} + +func writeASMHeader(symbols []string, path string) error { + f, err := os.Create(path) + if err != nil { + return err + } + defer f.Close() + + if _, err := f.WriteString(`// Copyright (c) 2018, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +#if !defined(__APPLE__) +#include <boringssl_prefix_symbols.h> +#else +// On iOS and macOS, we need to treat assembly symbols differently from other +// symbols. The linker expects symbols to be prefixed with an underscore. +// Perlasm thus generates symbol with this underscore applied. Our macros must, +// in turn, incorporate it. +#define BORINGSSL_ADD_PREFIX_MAC_ASM(a, b) BORINGSSL_ADD_PREFIX_INNER_MAC_ASM(a, b) +#define BORINGSSL_ADD_PREFIX_INNER_MAC_ASM(a, b) _ ## a ## _ ## b + +`); err != nil { + return err + } + + for _, symbol := range symbols { + if _, err := fmt.Fprintf(f, "#define _%s BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, %s)\n", symbol, symbol); err != nil { + return err + } + } + + _, err = fmt.Fprintf(f, "#endif\n") + return nil +} + +func writeNASMHeader(symbols []string, path string) error { + f, err := os.Create(path) + if err != nil { + return err + } + defer f.Close() + + // NASM uses a different syntax from the C preprocessor. + if _, err := f.WriteString(`; Copyright (c) 2018, Google Inc. +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +; WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +; MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +; SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +; WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +; OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +; CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +`); err != nil { + return err + } + + for _, symbol := range symbols { + if _, err := fmt.Fprintf(f, "%%define %s BORINGSSL_PREFIX %%+ %s\n", symbol, symbol); err != nil { + return err + } + } + + return nil +} + +func main() { + flag.Parse() + if flag.NArg() != 1 { + fmt.Fprintf(os.Stderr, "Usage: %s [-out OUT] SYMBOLS\n", os.Args[0]) + os.Exit(1) + } + + symbols, err := readSymbols(flag.Arg(0)) + if err != nil { + fmt.Fprintf(os.Stderr, "Error reading symbols: %s\n", err) + os.Exit(1) + } + + if err := writeCHeader(symbols, filepath.Join(*out, "boringssl_prefix_symbols.h")); err != nil { + fmt.Fprintf(os.Stderr, "Error writing boringssl_prefix_symbols.h: %s\n", err) + os.Exit(1) + } + + if err := writeASMHeader(symbols, filepath.Join(*out, "boringssl_prefix_symbols_asm.h")); err != nil { + fmt.Fprintf(os.Stderr, "Error writing boringssl_prefix_symbols_asm.h: %s\n", err) + os.Exit(1) + } + + if err := writeNASMHeader(symbols, filepath.Join(*out, "boringssl_prefix_symbols_nasm.inc")); err != nil { + fmt.Fprintf(os.Stderr, "Error writing boringssl_prefix_symbols_nasm.inc: %s\n", err) + os.Exit(1) + } + +} |