diff options
| author | Android Chromium Automerger <chromium-automerger@android> | 2014-11-06 00:44:40 +0000 |
|---|---|---|
| committer | Android Chromium Automerger <chromium-automerger@android> | 2014-11-06 00:44:40 +0000 |
| commit | 03d1abe83d2d93223668f4de58a32ee4cc484ed5 (patch) | |
| tree | 30766ced8c56a5366f45459127f3c5901c95d367 | |
| parent | ecf09ca1bc8a217d707f2aa2d90ede43404e47d3 (diff) | |
| parent | 817ec3462e246b8301a73e44854e2bb3df90d5e6 (diff) | |
| download | src-03d1abe83d2d93223668f4de58a32ee4cc484ed5.tar.gz | |
Merge third_party/boringssl/src from https://boringssl.googlesource.com/boringssl.git at 817ec3462e246b8301a73e44854e2bb3df90d5e6
This commit was generated by merge_from_chromium.py.
Change-Id: Id13608e8a67ec3ad4e94a0b52adb6c6df089cdf0
41 files changed, 485 insertions, 418 deletions
@@ -25,4 +25,9 @@ BORINGSSL_IMPLEMENTATION. On Windows, where functions need to be tagged with BORINGSSL_SHARED_LIBRARY defined in the code which #includes the BoringSSL headers. +To build on Windows, Yasm[2] is required for assembly. Either ensure yasm.exe +is in %PATH% or configure CMAKE_ASM_NASM_COMPILER appropriately. Note that +full Windows support is still in progress. + [1] http://martine.github.io/ninja/ +[2] http://yasm.tortall.net/ diff --git a/CMakeLists.txt b/CMakeLists.txt index add0c1a..bdfaee4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -8,6 +8,7 @@ if(CMAKE_COMPILER_IS_GNUCXX OR "${CMAKE_CXX_COMPILER_ID}" STREQUAL "Clang") elseif(MSVC) # Disable warnings for implicit integer narrowing. set(CMAKE_C_FLAGS "/wd4267") + set(CMAKE_CXX_FLAGS "/wd4267") endif() add_definitions(-DBORINGSSL_IMPLEMENTATION) diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index f98c7c8..d820e82 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -10,18 +10,16 @@ elseif(UNIX) enable_language(ASM) else() if (CMAKE_CL_64) - message("Using masm") - set(PERLASM_STYLE masm) - enable_language(ASM_MASM) + message("Using nasm") + set(PERLASM_STYLE nasm) else() message("Using win32n") set(PERLASM_STYLE win32n) - - # On 32-bit, upstream supports only NASM, not MASM. We'll use Yasm, specifically. - set(CMAKE_ASM_NASM_COMPILER "yasm") - enable_language(ASM_NASM) endif() + + # On Windows, we use the NASM output, specifically built with Yasm. set(ASM_EXT asm) + enable_language(ASM_NASM) endif() function(perlasm dest src) diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index be119aa..1de0f42 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -56,6 +56,8 @@ * machine. */ + /* TODO(davidben): Get this file working on Windows x64. */ + #undef mul #undef mul_add diff --git a/crypto/bn/generic.c b/crypto/bn/generic.c index c60cfd9..53b5ce1 100644 --- a/crypto/bn/generic.c +++ b/crypto/bn/generic.c @@ -61,8 +61,13 @@ #include "internal.h" +/* Generic implementations of most operations are needed for: + * - Configurations without inline assembly. + * - Architectures other than x86 or x86_64. + * - Windows x84_64; x86_64-gcc.c does not build on MSVC. */ #if defined(OPENSSL_NO_ASM) || \ - (!defined(OPENSSL_X86_64) && !defined(OPENSSL_X86)) + (!defined(OPENSSL_X86_64) && !defined(OPENSSL_X86)) || \ + (defined(OPENSSL_X86_64) && defined(OPENSSL_WINDOWS)) #if defined(OPENSSL_WINDOWS) #define alloca _alloca @@ -817,9 +822,9 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, #endif /* !BN_LLONG */ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) { -#ifdef BN_LLONG +#if defined(BN_LLONG) BN_ULLONG t; -#else +#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH) BN_ULONG bl, bh; #endif BN_ULONG t1, t2; @@ -925,9 +930,9 @@ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) { } void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) { -#ifdef BN_LLONG +#if defined(BN_LLONG) BN_ULLONG t; -#else +#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH) BN_ULONG bl, bh; #endif BN_ULONG t1, t2; @@ -969,9 +974,9 @@ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) { } void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) { -#ifdef BN_LLONG +#if defined(BN_LLONG) BN_ULLONG t, tt; -#else +#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH) BN_ULONG bl, bh; #endif BN_ULONG t1, t2; @@ -1049,9 +1054,9 @@ void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) { } void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) { -#ifdef BN_LLONG +#if defined(BN_LLONG) BN_ULLONG t, tt; -#else +#elif !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH) BN_ULONG bl, bh; #endif BN_ULONG t1, t2; diff --git a/crypto/bn/internal.h b/crypto/bn/internal.h index 88ab547..ab09c6e 100644 --- a/crypto/bn/internal.h +++ b/crypto/bn/internal.h @@ -138,7 +138,6 @@ BIGNUM *bn_expand(BIGNUM *bn, unsigned bits); #if defined(OPENSSL_64_BIT) #define BN_ULLONG unsigned long long -#define BN_LONG long #define BN_BITS 128 #define BN_BYTES 8 #define BN_BITS4 32 @@ -158,7 +157,6 @@ BIGNUM *bn_expand(BIGNUM *bn, unsigned bits); #define BN_ULLONG unsigned long long #define BN_MASK (0xffffffffffffffffLL) -#define BN_LONG int32_t #define BN_BITS 64 #define BN_BYTES 4 #define BN_BITS4 16 diff --git a/crypto/err/err.c b/crypto/err/err.c index 3c5ea99..d0425d8 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -645,7 +645,6 @@ static const char *const kLibraryNames[ERR_NUM_LIBS] = { "PKCS7 routines", /* ERR_LIB_PKCS7 */ "PKCS8 routines", /* ERR_LIB_PKCS8 */ "X509 V3 routines", /* ERR_LIB_X509V3 */ - "PKCS12 routines", /* ERR_LIB_PKCS12 */ "random number generator", /* ERR_LIB_RAND */ "ENGINE routines", /* ERR_LIB_ENGINE */ "OCSP routines", /* ERR_LIB_OCSP */ diff --git a/crypto/evp/CMakeLists.txt b/crypto/evp/CMakeLists.txt index 43e351a..dc1734c 100644 --- a/crypto/evp/CMakeLists.txt +++ b/crypto/evp/CMakeLists.txt @@ -23,9 +23,9 @@ add_library( add_executable( - example_sign + evp_test - example_sign.c + evp_test.c ) -target_link_libraries(example_sign crypto) +target_link_libraries(evp_test crypto) diff --git a/crypto/evp/asn1.c b/crypto/evp/asn1.c index 50bdb06..27ae017 100644 --- a/crypto/evp/asn1.c +++ b/crypto/evp/asn1.c @@ -128,9 +128,6 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp, long len) { } else if (sk_ASN1_TYPE_num(inkey) == 4) { keytype = EVP_PKEY_EC; } else if (sk_ASN1_TYPE_num(inkey) == 3) { - OPENSSL_PUT_ERROR(EVP, d2i_AutoPrivateKey, EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE); - return 0; - /* This seems to be PKCS8, not traditional format */ PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, inp, len); EVP_PKEY *ret; diff --git a/crypto/evp/example_sign.c b/crypto/evp/evp_test.c index 2d4c071..670df37 100644 --- a/crypto/evp/example_sign.c +++ b/crypto/evp/evp_test.c @@ -155,6 +155,80 @@ static const uint8_t kExamplePSSCert[] = { 0x8c, 0x16, }; +/* kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8 + * PrivateKeyInfo. */ +static const uint8_t kExampleRSAKeyPKCS8[] = { + 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, + 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, + 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, + 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, + 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, + 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, + 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, + 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, + 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, + 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, + 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, + 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, + 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, + 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, + 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, + 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, + 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, + 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, + 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, + 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, + 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, + 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, + 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, + 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, + 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, + 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, + 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, + 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, + 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, + 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, + 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, + 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, + 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, + 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, + 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, + 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, + 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, + 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, + 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, + 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, + 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, + 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, + 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, + 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, + 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, + 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, + 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, + 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, + 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, + 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, + 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, +}; + +/* kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey + * structure. */ +static const uint8_t kExampleECKeyDER[] = { + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, + 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, + 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, + 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, + 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, + 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, + 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, + 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, + 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, + 0xc1, +}; + static EVP_PKEY *load_example_rsa_key(void) { EVP_PKEY *ret = NULL; const uint8_t *derp = kExampleRSAKeyDER; @@ -184,7 +258,7 @@ out: return ret; } -static int example_EVP_DigestSignInit(void) { +static int test_EVP_DigestSignInit(void) { int ret = 0; EVP_PKEY *pkey = NULL; uint8_t *sig = NULL; @@ -241,7 +315,7 @@ out: return ret; } -static int example_EVP_DigestVerifyInit(void) { +static int test_EVP_DigestVerifyInit(void) { int ret = 0; EVP_PKEY *pkey = NULL; EVP_MD_CTX md_ctx; @@ -375,7 +449,7 @@ out: return ret; } -static int example_EVP_DigestVerifyInitFromAlgorithm(void) { +static int test_EVP_DigestVerifyInitFromAlgorithm(void) { int ret = 0; CBS cert, cert_body, tbs_cert, algorithm, signature; uint8_t padding; @@ -434,16 +508,47 @@ out: return ret; } +static int test_d2i_AutoPrivateKey(const uint8_t *input, size_t input_len, + int expected_id) { + int ret = 0; + const uint8_t *p; + EVP_PKEY *pkey = NULL; + + p = input; + pkey = d2i_AutoPrivateKey(NULL, &p, input_len); + if (pkey == NULL || p != input + input_len) { + fprintf(stderr, "d2i_AutoPrivateKey failed\n"); + goto done; + } + + if (EVP_PKEY_id(pkey) != expected_id) { + fprintf(stderr, "Did not decode expected type\n"); + goto done; + } + + ret = 1; + +done: + if (!ret) { + BIO_print_errors_fp(stderr); + } + + if (pkey != NULL) { + EVP_PKEY_free(pkey); + } + return ret; +} + int main(void) { CRYPTO_library_init(); ERR_load_crypto_strings(); - if (!example_EVP_DigestSignInit()) { + if (!test_EVP_DigestSignInit()) { fprintf(stderr, "EVP_DigestSignInit failed\n"); return 1; } - if (!example_EVP_DigestVerifyInit()) { + if (!test_EVP_DigestVerifyInit()) { fprintf(stderr, "EVP_DigestVerifyInit failed\n"); return 1; } @@ -453,11 +558,29 @@ int main(void) { return 1; } - if (!example_EVP_DigestVerifyInitFromAlgorithm()) { + if (!test_EVP_DigestVerifyInitFromAlgorithm()) { fprintf(stderr, "EVP_DigestVerifyInitFromAlgorithm failed\n"); return 1; } + if (!test_d2i_AutoPrivateKey(kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), + EVP_PKEY_RSA)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyDER) failed\n"); + return 1; + } + + if (!test_d2i_AutoPrivateKey(kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), + EVP_PKEY_RSA)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyPKCS8) failed\n"); + return 1; + } + + if (!test_d2i_AutoPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER), + EVP_PKEY_EC)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleECKeyDER) failed\n"); + return 1; + } + printf("PASS\n"); return 0; } diff --git a/crypto/evp/internal.h b/crypto/evp/internal.h index d92c9e5..0e9dfb2 100644 --- a/crypto/evp/internal.h +++ b/crypto/evp/internal.h @@ -65,13 +65,11 @@ extern "C" { /* These values are flags for EVP_PKEY_ASN1_METHOD.flags. */ -#define ASN1_PKEY_ALIAS 0x1 -#define ASN1_PKEY_DYNAMIC 0x2 /* ASN1_PKEY_SIGPARAM_NULL controls whether the default behavior of * EVP_DigestSignAlgorithm writes an explicit NULL parameter in the * AlgorithmIdentifier. */ -#define ASN1_PKEY_SIGPARAM_NULL 0x4 +#define ASN1_PKEY_SIGPARAM_NULL 0x1 /* evp_digest_sign_algorithm_result_t is the return value of the * digest_sign_algorithm function in EVP_PKEY_ASN1_METHOD. */ diff --git a/crypto/evp/p_rsa_asn1.c b/crypto/evp/p_rsa_asn1.c index 40012b3..179d96b 100644 --- a/crypto/evp/p_rsa_asn1.c +++ b/crypto/evp/p_rsa_asn1.c @@ -717,9 +717,3 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meth = { rsa_digest_verify_init_from_algorithm, rsa_digest_sign_algorithm, }; - -const EVP_PKEY_ASN1_METHOD rsa_asn1_meth_2 = { - EVP_PKEY_RSA2, - EVP_PKEY_RSA, - ASN1_PKEY_ALIAS, -}; diff --git a/crypto/evp/sign.c b/crypto/evp/sign.c index c32e5ce..1faf7c6 100644 --- a/crypto/evp/sign.c +++ b/crypto/evp/sign.c @@ -91,12 +91,6 @@ int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig, } EVP_MD_CTX_cleanup(&tmp_ctx); -/* TODO(fork): this used to be used only with SHA-family hashes. Now we've - * removed the flag completely. Why was it added for just those hashes? */ -#if 0 - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { -#endif - pkctx = EVP_PKEY_CTX_new(pkey, NULL); if (!pkctx || EVP_PKEY_sign_init(pkctx) <= 0 || EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0 || @@ -142,11 +136,6 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig, size_t sig_len, } EVP_MD_CTX_cleanup(&tmp_ctx); -/* TODO(fork): this used to be used only with SHA-family hashes. Now we've - * removed the flag completely. Why was it added for just those hashes? */ -#if 0 - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { -#endif pkctx = EVP_PKEY_CTX_new(pkey, NULL); if (!pkctx || EVP_PKEY_verify_init(pkctx) <= 0 || diff --git a/crypto/rand/windows.c b/crypto/rand/windows.c index 967dd9b..ed6e5e9 100644 --- a/crypto/rand/windows.c +++ b/crypto/rand/windows.c @@ -14,57 +14,36 @@ #include <openssl/rand.h> -#include <openssl/thread.h> - - #if defined(OPENSSL_WINDOWS) +#include <limits.h> #include <stdlib.h> #include <Windows.h> -#include <Wincrypt.h> -static char global_provider_init; -static HCRYPTPROV global_provider; +/* #define needed to link in RtlGenRandom(), a.k.a. SystemFunction036. See the + * "Community Additions" comment on MSDN here: + * http://msdn.microsoft.com/en-us/library/windows/desktop/aa387694.aspx */ +#define SystemFunction036 NTAPI SystemFunction036 +#include <NTSecAPI.h> +#undef SystemFunction036 + void RAND_cleanup(void) { - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - CryptReleaseContext(global_provider, 0); - global_provider_init = 0; - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); } int RAND_bytes(uint8_t *out, size_t requested) { - HCRYPTPROV provider = 0; - int ok; - - CRYPTO_r_lock(CRYPTO_LOCK_RAND); - if (!global_provider_init) { - CRYPTO_r_unlock(CRYPTO_LOCK_RAND); - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - if (!global_provider_init) { - if (CryptAcquireContext(&global_provider, NULL, NULL, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { - global_provider_init = 1; - } + while (requested > 0) { + ULONG output_bytes_this_pass = ULONG_MAX; + if (requested < output_bytes_this_pass) { + output_bytes_this_pass = requested; } - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - CRYPTO_r_lock(CRYPTO_LOCK_RAND); - } - - ok = global_provider_init; - provider = global_provider; - CRYPTO_r_unlock(CRYPTO_LOCK_RAND); - - if (!ok) { - abort(); - return ok; - } - - if (TRUE != CryptGenRandom(provider, requested, out)) { - abort(); - return 0; + if (RtlGenRandom(out, output_bytes_this_pass) == FALSE) { + abort(); + return 0; + } + requested -= output_bytes_this_pass; + out += output_bytes_this_pass; } - return 1; } diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h index 5aef0c4..a9e3ada 100644 --- a/include/openssl/dtls1.h +++ b/include/openssl/dtls1.h @@ -72,11 +72,6 @@ extern "C" { /* Special value for method supporting multiple versions */ #define DTLS_ANY_VERSION 0x1FFFF -#if 0 -/* this alert description is not specified anywhere... */ -#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 -#endif - /* lengths of messages */ #define DTLS1_COOKIE_LENGTH 256 @@ -89,11 +84,7 @@ extern "C" { #define DTLS1_CCS_HEADER_LENGTH 1 -#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE -#define DTLS1_AL_HEADER_LENGTH 7 -#else #define DTLS1_AL_HEADER_LENGTH 2 -#endif #ifndef OPENSSL_NO_SSL_INTERN diff --git a/include/openssl/err.h b/include/openssl/err.h index a7f30c7..b9c48c3 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -392,7 +392,6 @@ enum { ERR_LIB_PKCS7, ERR_LIB_PKCS8, ERR_LIB_X509V3, - ERR_LIB_PKCS12, ERR_LIB_RAND, ERR_LIB_ENGINE, ERR_LIB_OCSP, @@ -426,7 +425,6 @@ enum { #define ERR_R_PKCS7_LIB ERR_LIB_PKCS7 #define ERR_R_PKCS8_LIB ERR_LIB_PKCS8 #define ERR_R_X509V3_LIB ERR_LIB_X509V3 -#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12 #define ERR_R_RAND_LIB ERR_LIB_RAND #define ERR_R_DSO_LIB ERR_LIB_DSO #define ERR_R_ENGINE_LIB ERR_LIB_ENGINE diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 37521bd..31ff5db 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -508,9 +508,6 @@ struct ssl_session_st * the misconception that non-blocking SSL_write() behaves like * non-blocking write(): */ #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L -/* Never bother the application with retries if the transport - * is blocking: */ -#define SSL_MODE_AUTO_RETRY 0x00000004L /* Don't attempt to automatically build certificate chain */ #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L /* Save RAM by releasing read and write buffers when they're empty. (SSL3 and @@ -518,6 +515,10 @@ struct ssl_session_st * just freed (depending on the context's setting for freelist_max_len). */ #define SSL_MODE_RELEASE_BUFFERS 0x00000010L +/* The following flags do nothing and are included only to make it easier to + * compile code with BoringSSL. */ +#define SSL_MODE_AUTO_RETRY 0 + /* Send the current time in the Random fields of the ClientHello and * ServerHello records for compatibility with hypothetical implementations * that require it. diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 8b225e5..82d4a86 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -992,21 +992,6 @@ int dtls1_read_failed(SSL *s, int code) return code; } -#if 0 /* for now, each alert contains only one record number */ - item = pqueue_peek(state->rcvd_records); - if ( item ) - { - /* send an alert immediately for all the missing records */ - } - else -#endif - -#if 0 /* no more alert sending, just retransmit the last set of messages */ - if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT) - ssl3_send_alert(s,SSL3_AL_WARNING, - DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); -#endif - return dtls1_handle_timeout(s); } diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c index dec0ea5..11d06cb 100644 --- a/ssl/d1_enc.c +++ b/ssl/d1_enc.c @@ -179,10 +179,6 @@ int dtls1_enc(SSL *s, int send) enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); } -#ifdef KSSL_DEBUG - printf("dtls1_enc(%d)\n", send); -#endif /* KSSL_DEBUG */ - if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { @@ -208,24 +204,6 @@ int dtls1_enc(SSL *s, int send) rec->length+=i; } -#ifdef KSSL_DEBUG - { - unsigned long ui; - printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", - ds,rec->data,rec->input,l); - printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", - ds->buf_len, ds->cipher->key_len, - DES_KEY_SZ, DES_SCHEDULE_SZ, - ds->cipher->iv_len); - printf("\t\tIV: "); - for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); - printf("\n"); - printf("\trec->input="); - for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); - printf("\n"); - } -#endif /* KSSL_DEBUG */ - if (!send) { if (l == 0 || l%bs != 0) @@ -234,15 +212,6 @@ int dtls1_enc(SSL *s, int send) EVP_Cipher(ds,rec->data,rec->input,l); -#ifdef KSSL_DEBUG - { - unsigned long i; - printf("\trec->data="); - for (i=0; i<l; i++) - printf(" %02x", rec->data[i]); printf("\n"); - } -#endif /* KSSL_DEBUG */ - if ((bs != 1) && !send) return tls1_cbc_remove_padding(s, rec, bs, mac_size); } diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index e2855b8..0ecbb2e 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -918,14 +918,6 @@ start: * may be fragmented--don't always expect dest_maxlen bytes */ if ( rr->length < dest_maxlen) { -#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE - /* - * for normal alerts rr->length is 2, while - * dest_maxlen is 7 if we were to handle this - * non-existing alert... - */ - FIX ME -#endif s->rstate=SSL_ST_READ_HEADER; rr->length = 0; goto start; @@ -984,23 +976,6 @@ start: OPENSSL_PUT_ERROR(SSL, dtls1_read_bytes, SSL_R_SSL_HANDSHAKE_FAILURE); return(-1); } - - if (!(s->mode & SSL_MODE_AUTO_RETRY)) - { - if (s->s3->rbuf.left == 0) /* no read-ahead left? */ - { - BIO *bio; - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return(-1); - } - } } } /* we either finished a handshake or ignored the request, @@ -1038,31 +1013,6 @@ start: s->shutdown |= SSL_RECEIVED_SHUTDOWN; return(0); } -#if 0 - /* XXX: this is a possible improvement in the future */ - /* now check if it's a missing record */ - if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) - { - unsigned short seq; - unsigned int frag_off; - unsigned char *p = &(s->d1->alert_fragment[2]); - - n2s(p, seq); - n2l3(p, frag_off); - - dtls1_retransmit_message(s, - dtls1_get_queue_priority(frag->msg_header.seq, 0), - frag_off, &found); - if ( ! found && SSL_in_init(s)) - { - /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */ - /* requested a message not yet sent, - send an alert ourselves */ - ssl3_send_alert(s,SSL3_AL_WARNING, - DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); - } - } -#endif } else if (alert_level == 2) /* fatal */ { @@ -1188,22 +1138,6 @@ start: return(-1); } - if (!(s->mode & SSL_MODE_AUTO_RETRY)) - { - if (s->s3->rbuf.left == 0) /* no read-ahead left? */ - { - BIO *bio; - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return(-1); - } - } goto start; } @@ -1577,24 +1511,6 @@ int dtls1_dispatch_alert(SSL *s) *ptr++ = s->s3->send_alert[0]; *ptr++ = s->s3->send_alert[1]; -#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE - if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) - { - s2n(s->d1->handshake_read_seq, ptr); -#if 0 - if ( s->d1->r_msg_hdr.frag_off == 0) /* waiting for a new msg */ - - else - s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */ -#endif - -#if 0 - fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",s->d1->handshake_read_seq,s->d1->r_msg_hdr.seq); -#endif - l2n3(s->d1->r_msg_hdr.frag_off, ptr); - } -#endif - i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf)); if (i <= 0) { @@ -1603,11 +1519,7 @@ int dtls1_dispatch_alert(SSL *s) } else { - if (s->s3->send_alert[0] == SSL3_AL_FATAL -#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE - || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE -#endif - ) + if (s->s3->send_alert[0] == SSL3_AL_FATAL) (void)BIO_flush(s->wbio); if (s->msg_callback) diff --git a/ssl/s3_both.c b/ssl/s3_both.c index bbdeadb..65eb3ba 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -419,18 +419,6 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int hash_messa OPENSSL_PUT_ERROR(SSL, ssl3_get_message, SSL_R_UNEXPECTED_MESSAGE); goto f_err; } - if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) && - (st1 == SSL3_ST_SR_CERT_A) && - (stn == SSL3_ST_SR_CERT_B)) - { - /* At this point we have got an MS SGC second client - * hello (maybe we should always allow the client to - * start a new handshake?). We need to restart the mac. - * Don't increment {num,total}_renegotiations because - * we have not completed the handshake. */ - ssl3_init_finished_mac(s); - } - s->s3->tmp.message_type= *(p++); n2l3(p,l); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 355cb0e..64bccfa 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1550,11 +1550,11 @@ int ssl3_get_server_key_exchange(SSL *s) } else { - EVP_VerifyInit_ex(&md_ctx, md, NULL); - EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); - EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); - EVP_VerifyUpdate(&md_ctx, CBS_data(¶meter), CBS_len(¶meter)); - if (EVP_VerifyFinal(&md_ctx, CBS_data(&signature), CBS_len(&signature), pkey) <= 0) + if (!EVP_DigestVerifyInit(&md_ctx, NULL, md, NULL, pkey) || + !EVP_DigestVerifyUpdate(&md_ctx, s->s3->client_random, SSL3_RANDOM_SIZE) || + !EVP_DigestVerifyUpdate(&md_ctx, s->s3->server_random, SSL3_RANDOM_SIZE) || + !EVP_DigestVerifyUpdate(&md_ctx, CBS_data(¶meter), CBS_len(¶meter)) || + !EVP_DigestVerifyFinal(&md_ctx, CBS_data(&signature), CBS_len(&signature))) { /* bad signature */ al=SSL_AD_DECRYPT_ERROR; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 7721dec..3060684 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1856,10 +1856,6 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, ssl_set_cert_masks(cert,c); mask_k = cert->mask_k; mask_a = cert->mask_a; - -#ifdef KSSL_DEBUG -/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ -#endif /* KSSL_DEBUG */ alg_k=c->algorithm_mkey; alg_a=c->algorithm_auth; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 0df6a3c..d0e1856 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1151,23 +1151,6 @@ start: OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_SSL_HANDSHAKE_FAILURE); return(-1); } - - if (!(s->mode & SSL_MODE_AUTO_RETRY)) - { - if (s->s3->rbuf.left == 0) /* no read-ahead left? */ - { - BIO *bio; - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return(-1); - } - } } } /* we either finished a handshake or ignored the request, @@ -1237,10 +1220,6 @@ start: OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_NO_RENEGOTIATION); goto f_err; } -#ifdef SSL_AD_MISSING_SRP_USERNAME - else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) - return(0); -#endif } else if (alert_level == 2) /* fatal */ { @@ -1339,22 +1318,6 @@ start: return(-1); } - if (!(s->mode & SSL_MODE_AUTO_RETRY)) - { - if (s->s3->rbuf.left == 0) /* no read-ahead left? */ - { - BIO *bio; - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return(-1); - } - } goto start; } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index a212efe..29448db 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1609,6 +1609,8 @@ int ssl3_send_server_key_exchange(SSL *s) else if (md) { + size_t sig_len = EVP_PKEY_size(pkey); + /* send signature algorithm */ if (SSL_USE_SIGALGS(s)) { @@ -1621,24 +1623,19 @@ int ssl3_send_server_key_exchange(SSL *s) } p+=2; } -#ifdef SSL_DEBUG - fprintf(stderr, "Using hash %s\n", - EVP_MD_name(md)); -#endif - EVP_SignInit_ex(&md_ctx, md, NULL); - EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx,d,n); - if (!EVP_SignFinal(&md_ctx,&(p[2]), - (unsigned int *)&i,pkey)) + if (!EVP_DigestSignInit(&md_ctx, NULL, md, NULL, pkey) || + !EVP_DigestSignUpdate(&md_ctx, s->s3->client_random, SSL3_RANDOM_SIZE) || + !EVP_DigestSignUpdate(&md_ctx, s->s3->server_random, SSL3_RANDOM_SIZE) || + !EVP_DigestSignUpdate(&md_ctx, d, n) || + !EVP_DigestSignFinal(&md_ctx, &p[2], &sig_len)) { OPENSSL_PUT_ERROR(SSL, ssl3_send_server_key_exchange, ERR_LIB_EVP); goto err; } - s2n(i,p); - n+=i+2; + s2n(sig_len, p); + n += sig_len + 2; if (SSL_USE_SIGALGS(s)) - n+= 2; + n += 2; } else { diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 040a2db..97169f2 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -447,12 +447,6 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, co_list[co_list_num].active = 0; co_list[co_list_num].in_group = 0; co_list_num++; -#ifdef KSSL_DEBUG - printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth); -#endif /* KSSL_DEBUG */ - /* - if (!sk_push(ca_list,(char *)c)) goto err; - */ } } @@ -1023,9 +1017,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, * it is used for allocation. */ num_of_ciphers = ssl_method->num_ciphers(); -#ifdef KSSL_DEBUG - printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); -#endif /* KSSL_DEBUG */ co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); if (co_list == NULL) { @@ -1209,11 +1200,7 @@ const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) const char *ver; const char *kx,*au,*enc,*mac; unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl; -#ifdef KSSL_DEBUG - static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s AL=%lx/%lx/%lx/%lx/%lx\n"; -#else static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n"; -#endif /* KSSL_DEBUG */ alg_mkey = cipher->algorithm_mkey; alg_auth = cipher->algorithm_auth; @@ -1324,11 +1311,7 @@ const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) else if (len < 128) return("Buffer too small"); -#ifdef KSSL_DEBUG - BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl); -#else BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac); -#endif /* KSSL_DEBUG */ return(buf); } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 0a4e088..6803e9b 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -288,17 +288,6 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, s->s3->client_random,SSL3_RANDOM_SIZE, s->session->master_key,s->session->master_key_length, km,tmp,num); -#ifdef KSSL_DEBUG - printf("tls1_generate_key_block() ==> %d byte master_key =\n\t", - s->session->master_key_length); - { - int i; - for (i=0; i < s->session->master_key_length; i++) - { - printf("%02X", s->session->master_key[i]); - } - printf("\n"); } -#endif /* KSSL_DEBUG */ return ret; } @@ -612,9 +601,6 @@ int tls1_setup_key_block(SSL *s) int ret=0; unsigned key_len, iv_len; -#ifdef KSSL_DEBUG - printf ("tls1_setup_key_block()\n"); -#endif /* KSSL_DEBUG */ if (s->s3->tmp.key_block_length != 0) return(1); @@ -913,10 +899,6 @@ int tls1_enc(SSL *s, int send) enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); } -#ifdef KSSL_DEBUG - printf("tls1_enc(%d)\n", send); -#endif /* KSSL_DEBUG */ - if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { memmove(rec->data,rec->input,rec->length); @@ -942,24 +924,6 @@ int tls1_enc(SSL *s, int send) rec->length+=i; } -#ifdef KSSL_DEBUG - { - unsigned long ui; - printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", - ds,rec->data,rec->input,l); - printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", - ds->buf_len, ds->cipher->key_len, - DES_KEY_SZ, DES_SCHEDULE_SZ, - ds->cipher->iv_len); - printf("\t\tIV: "); - for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); - printf("\n"); - printf("\trec->input="); - for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); - printf("\n"); - } -#endif /* KSSL_DEBUG */ - if (!send) { if (l == 0 || l%bs != 0) @@ -972,15 +936,6 @@ int tls1_enc(SSL *s, int send) :(i==0)) return -1; /* AEAD can fail to verify MAC */ -#ifdef KSSL_DEBUG - { - unsigned long i; - printf("\trec->data="); - for (i=0; i<l; i++) - printf(" %02x", rec->data[i]); printf("\n"); - } -#endif /* KSSL_DEBUG */ - ret = 1; if (EVP_MD_CTX_md(s->read_hash) != NULL) mac_size = EVP_MD_CTX_size(s->read_hash); @@ -1200,10 +1155,6 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, { unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; -#ifdef KSSL_DEBUG - printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len); -#endif /* KSSL_DEBUG */ - if (s->s3->tmp.extended_master_secret) { uint8_t digests[2*EVP_MAX_MD_SIZE]; @@ -1279,9 +1230,6 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, } #endif -#ifdef KSSL_DEBUG - printf ("tls1_generate_master_secret() complete\n"); -#endif /* KSSL_DEBUG */ return(SSL3_MASTER_SECRET_SIZE); } @@ -1294,10 +1242,6 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, size_t vallen, currentvalpos; int rv; -#ifdef KSSL_DEBUG - printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, p, plen); -#endif /* KSSL_DEBUG */ - buff = OPENSSL_malloc(olen); if (buff == NULL) goto err2; @@ -1355,9 +1299,6 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, s->session->master_key,s->session->master_key_length, out,buff,olen); -#ifdef KSSL_DEBUG - printf ("tls1_export_keying_material() complete\n"); -#endif /* KSSL_DEBUG */ goto ret; err1: OPENSSL_PUT_ERROR(SSL, tls1_export_keying_material, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); @@ -1407,10 +1348,6 @@ int tls1_alert_code(int code) case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); case SSL_AD_INAPPROPRIATE_FALLBACK:return(SSL3_AD_INAPPROPRIATE_FALLBACK); -#if 0 /* not appropriate for TLS, not used for DTLS */ - case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return - (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); -#endif default: return(-1); } } diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index 1cf81a7..ce2a3da 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc @@ -542,6 +542,30 @@ static int do_exchange(SSL_SESSION **out_session, } } + if (config->renegotiate) { + if (config->async) { + fprintf(stderr, "--renegotiate is not supported with --async.\n"); + return 2; + } + + SSL_renegotiate(ssl); + + ret = SSL_do_handshake(ssl); + if (ret != 1) { + SSL_free(ssl); + BIO_print_errors_fp(stdout); + return 2; + } + + SSL_set_state(ssl, SSL_ST_ACCEPT); + ret = SSL_do_handshake(ssl); + if (ret != 1) { + SSL_free(ssl); + BIO_print_errors_fp(stdout); + return 2; + } + } + if (config->write_different_record_sizes) { if (config->is_dtls) { fprintf(stderr, "write_different_record_sizes not supported for DTLS\n"); diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go index 4aa21bb..6f146af 100644 --- a/ssl/test/runner/common.go +++ b/ssl/test/runner/common.go @@ -48,6 +48,7 @@ const ( // TLS handshake message types. const ( + typeHelloRequest uint8 = 0 typeClientHello uint8 = 1 typeServerHello uint8 = 2 typeHelloVerifyRequest uint8 = 3 @@ -490,6 +491,14 @@ type ProtocolBugs struct { // NoExtendedMasterSecret causes the client and server to behave is if // they didn't support an extended master secret. NoExtendedMasterSecret bool + + // EmptyRenegotiationInfo causes the renegotiation extension to be + // empty in a renegotiation handshake. + EmptyRenegotiationInfo bool + + // BadRenegotiationInfo causes the renegotiation extension value in a + // renegotiation handshake to be incorrect. + BadRenegotiationInfo bool } func (c *Config) serverInit() { diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go index 3ce6c76..e76f9d1 100644 --- a/ssl/test/runner/conn.go +++ b/ssl/test/runner/conn.go @@ -50,6 +50,10 @@ type Conn struct { clientProtocolFallback bool usedALPN bool + // verify_data values for the renegotiation extension. + clientVerify []byte + serverVerify []byte + channelID *ecdsa.PublicKey // input/output @@ -129,9 +133,10 @@ func (hc *halfConn) setErrorLocked(err error) error { } func (hc *halfConn) error() error { - hc.Lock() + // This should be locked, but I've removed it for the renegotiation + // tests since we don't concurrently read and write the same tls.Conn + // in any case during testing. err := hc.err - hc.Unlock() return err } @@ -651,7 +656,7 @@ func (c *Conn) doReadRecord(want recordType) (recordType, *block, error) { func (c *Conn) readRecord(want recordType) error { // Caller must be in sync with connection: // handshake data if handshake not yet completed, - // else application data. (We don't support renegotiation.) + // else application data. switch want { default: c.sendAlert(alertInternalError) @@ -725,7 +730,12 @@ Again: case recordTypeHandshake: // TODO(rsc): Should at least pick off connection close. if typ != want { - return c.in.setErrorLocked(c.sendAlert(alertNoRenegotiation)) + // A client might need to process a HelloRequest from + // the server, thus receiving a handshake message when + // application data is expected is ok. + if !c.isClient { + return c.in.setErrorLocked(c.sendAlert(alertNoRenegotiation)) + } } c.hand.Write(data) } @@ -908,6 +918,8 @@ func (c *Conn) readHandshake() (interface{}, error) { var m handshakeMessage switch data[0] { + case typeHelloRequest: + m = new(helloRequestMsg) case typeClientHello: m = &clientHelloMsg{ isDTLS: c.isDTLS, @@ -1000,6 +1012,35 @@ func (c *Conn) Write(b []byte) (int, error) { return n + m, c.out.setErrorLocked(err) } +func (c *Conn) handleRenegotiation() error { + c.handshakeComplete = false + if !c.isClient { + panic("renegotiation should only happen for a client") + } + + msg, err := c.readHandshake() + if err != nil { + return err + } + _, ok := msg.(*helloRequestMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return alertUnexpectedMessage + } + + return c.Handshake() +} + +func (c *Conn) Renegotiate() error { + if !c.isClient { + helloReq := new(helloRequestMsg) + c.writeRecord(recordTypeHandshake, helloReq.marshal()) + } + + c.handshakeComplete = false + return c.Handshake() +} + // Read can be made to time out and return a net.Error with Timeout() == true // after a fixed time limit; see SetDeadline and SetReadDeadline. func (c *Conn) Read(b []byte) (n int, err error) { @@ -1019,6 +1060,14 @@ func (c *Conn) Read(b []byte) (n int, err error) { // Soft error, like EAGAIN return 0, err } + if c.hand.Len() > 0 { + // We received handshake bytes, indicating the + // start of a renegotiation. + if err := c.handleRenegotiation(); err != nil { + return 0, err + } + continue + } } if err := c.in.err; err != nil { return 0, err diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go index 11a1ed3..0c5192f 100644 --- a/ssl/test/runner/handshake_client.go +++ b/ssl/test/runner/handshake_client.go @@ -65,7 +65,7 @@ func (c *Conn) clientHandshake() error { supportedCurves: c.config.curvePreferences(), supportedPoints: []uint8{pointFormatUncompressed}, nextProtoNeg: len(c.config.NextProtos) > 0, - secureRenegotiation: true, + secureRenegotiation: []byte{}, alpnProtocols: c.config.NextProtos, duplicateExtension: c.config.Bugs.DuplicateExtension, channelIDSupported: c.config.ChannelID != nil, @@ -81,6 +81,15 @@ func (c *Conn) clientHandshake() error { hello.extendedMasterSecret = false } + if len(c.clientVerify) > 0 && !c.config.Bugs.EmptyRenegotiationInfo { + if c.config.Bugs.BadRenegotiationInfo { + hello.secureRenegotiation = append(hello.secureRenegotiation, c.clientVerify...) + hello.secureRenegotiation[0] ^= 0x80 + } else { + hello.secureRenegotiation = c.clientVerify + } + } + possibleCipherSuites := c.config.cipherSuites() hello.cipherSuites = make([]uint16, 0, len(possibleCipherSuites)) @@ -240,6 +249,16 @@ NextCipherSuite: return fmt.Errorf("tls: server selected an unsupported cipher suite") } + if len(c.clientVerify) > 0 { + var expectedRenegInfo []byte + expectedRenegInfo = append(expectedRenegInfo, c.clientVerify...) + expectedRenegInfo = append(expectedRenegInfo, c.serverVerify...) + if !bytes.Equal(serverHello.secureRenegotiation, expectedRenegInfo) { + c.sendAlert(alertHandshakeFailure) + return fmt.Errorf("tls: renegotiation mismatch") + } + } + hs := &clientHandshakeState{ c: c, serverHello: serverHello, @@ -680,6 +699,7 @@ func (hs *clientHandshakeState) readFinished() error { return errors.New("tls: server's Finished message was incorrect") } } + c.serverVerify = append(c.serverVerify[:0], serverFinished.verifyData...) hs.writeServerHash(serverFinished.marshal()) return nil } @@ -766,6 +786,7 @@ func (hs *clientHandshakeState) sendFinished(isResume bool) error { } else { finished.verifyData = hs.finishedHash.clientSum(hs.masterSecret) } + c.clientVerify = append(c.clientVerify[:0], finished.verifyData...) finishedBytes := finished.marshal() hs.writeHash(finishedBytes, seqno) postCCSBytes = append(postCCSBytes, finishedBytes...) diff --git a/ssl/test/runner/handshake_messages.go b/ssl/test/runner/handshake_messages.go index 1114a6f..12a9f3d 100644 --- a/ssl/test/runner/handshake_messages.go +++ b/ssl/test/runner/handshake_messages.go @@ -23,7 +23,7 @@ type clientHelloMsg struct { ticketSupported bool sessionTicket []uint8 signatureAndHashes []signatureAndHash - secureRenegotiation bool + secureRenegotiation []byte alpnProtocols []string duplicateExtension bool channelIDSupported bool @@ -53,7 +53,8 @@ func (m *clientHelloMsg) equal(i interface{}) bool { m.ticketSupported == m1.ticketSupported && bytes.Equal(m.sessionTicket, m1.sessionTicket) && eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes) && - m.secureRenegotiation == m1.secureRenegotiation && + bytes.Equal(m.secureRenegotiation, m1.secureRenegotiation) && + (m.secureRenegotiation == nil) == (m1.secureRenegotiation == nil) && eqStrings(m.alpnProtocols, m1.alpnProtocols) && m.duplicateExtension == m1.duplicateExtension && m.channelIDSupported == m1.channelIDSupported && @@ -99,8 +100,8 @@ func (m *clientHelloMsg) marshal() []byte { extensionsLength += 2 + 2*len(m.signatureAndHashes) numExtensions++ } - if m.secureRenegotiation { - extensionsLength += 1 + if m.secureRenegotiation != nil { + extensionsLength += 1 + len(m.secureRenegotiation) numExtensions++ } if m.duplicateExtension { @@ -279,12 +280,15 @@ func (m *clientHelloMsg) marshal() []byte { z = z[2:] } } - if m.secureRenegotiation { + if m.secureRenegotiation != nil { z[0] = byte(extensionRenegotiationInfo >> 8) z[1] = byte(extensionRenegotiationInfo & 0xff) z[2] = 0 - z[3] = 1 + z[3] = byte(1 + len(m.secureRenegotiation)) + z[4] = byte(len(m.secureRenegotiation)) z = z[5:] + copy(z, m.secureRenegotiation) + z = z[len(m.secureRenegotiation):] } if len(m.alpnProtocols) > 0 { z[0] = byte(extensionALPN >> 8) @@ -374,7 +378,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool { for i := 0; i < numCipherSuites; i++ { m.cipherSuites[i] = uint16(data[2+2*i])<<8 | uint16(data[3+2*i]) if m.cipherSuites[i] == scsvRenegotiation { - m.secureRenegotiation = true + m.secureRenegotiation = []byte{} } } data = data[2+cipherSuiteLen:] @@ -501,11 +505,11 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool { m.signatureAndHashes[i].signature = d[1] d = d[2:] } - case extensionRenegotiationInfo + 1: - if length != 1 || data[0] != 0 { + case extensionRenegotiationInfo: + if length < 1 || length != int(data[0])+1 { return false } - m.secureRenegotiation = true + m.secureRenegotiation = data[1:length] case extensionALPN: if length < 2 { return false @@ -553,7 +557,7 @@ type serverHelloMsg struct { nextProtos []string ocspStapling bool ticketSupported bool - secureRenegotiation bool + secureRenegotiation []byte alpnProtocol string duplicateExtension bool channelIDRequested bool @@ -577,7 +581,8 @@ func (m *serverHelloMsg) equal(i interface{}) bool { eqStrings(m.nextProtos, m1.nextProtos) && m.ocspStapling == m1.ocspStapling && m.ticketSupported == m1.ticketSupported && - m.secureRenegotiation == m1.secureRenegotiation && + bytes.Equal(m.secureRenegotiation, m1.secureRenegotiation) && + (m.secureRenegotiation == nil) == (m1.secureRenegotiation == nil) && m.alpnProtocol == m1.alpnProtocol && m.duplicateExtension == m1.duplicateExtension && m.channelIDRequested == m1.channelIDRequested && @@ -608,8 +613,8 @@ func (m *serverHelloMsg) marshal() []byte { if m.ticketSupported { numExtensions++ } - if m.secureRenegotiation { - extensionsLength += 1 + if m.secureRenegotiation != nil { + extensionsLength += 1 + len(m.secureRenegotiation) numExtensions++ } if m.duplicateExtension { @@ -689,12 +694,15 @@ func (m *serverHelloMsg) marshal() []byte { z[1] = byte(extensionSessionTicket) z = z[4:] } - if m.secureRenegotiation { + if m.secureRenegotiation != nil { z[0] = byte(extensionRenegotiationInfo >> 8) z[1] = byte(extensionRenegotiationInfo & 0xff) z[2] = 0 - z[3] = 1 + z[3] = byte(1 + len(m.secureRenegotiation)) + z[4] = byte(len(m.secureRenegotiation)) z = z[5:] + copy(z, m.secureRenegotiation) + z = z[len(m.secureRenegotiation):] } if alpnLen := len(m.alpnProtocol); alpnLen > 0 { z[0] = byte(extensionALPN >> 8) @@ -808,10 +816,10 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool { } m.ticketSupported = true case extensionRenegotiationInfo: - if length != 1 || data[0] != 0 { + if length < 1 || length != int(data[0])+1 { return false } - m.secureRenegotiation = true + m.secureRenegotiation = data[1:length] case extensionALPN: d := data[:length] if len(d) < 3 { @@ -1667,6 +1675,17 @@ func (m *encryptedExtensionsMsg) unmarshal(data []byte) bool { return true } +type helloRequestMsg struct { +} + +func (*helloRequestMsg) marshal() []byte { + return []byte{typeHelloRequest, 0, 0, 0} +} + +func (*helloRequestMsg) unmarshal(data []byte) bool { + return len(data) == 4 +} + func eqUint16s(x, y []uint16) bool { if len(x) != len(y) { return false diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go index 4bf8f1c..41d588a 100644 --- a/ssl/test/runner/handshake_server.go +++ b/ssl/test/runner/handshake_server.go @@ -214,7 +214,22 @@ Curves: c.sendAlert(alertInternalError) return false, err } - hs.hello.secureRenegotiation = hs.clientHello.secureRenegotiation + + if !bytes.Equal(c.clientVerify, hs.clientHello.secureRenegotiation) { + c.sendAlert(alertHandshakeFailure) + return false, errors.New("tls: renegotiation mismatch") + } + + if len(c.clientVerify) > 0 && !c.config.Bugs.EmptyRenegotiationInfo { + hs.hello.secureRenegotiation = append(hs.hello.secureRenegotiation, c.clientVerify...) + hs.hello.secureRenegotiation = append(hs.hello.secureRenegotiation, c.serverVerify...) + if c.config.Bugs.BadRenegotiationInfo { + hs.hello.secureRenegotiation[0] ^= 0x80 + } + } else { + hs.hello.secureRenegotiation = hs.clientHello.secureRenegotiation + } + hs.hello.compressionMethod = compressionNone hs.hello.duplicateExtension = c.config.Bugs.DuplicateExtension if len(hs.clientHello.serverName) > 0 { @@ -693,6 +708,7 @@ func (hs *serverHandshakeState) readFinished(isResume bool) error { c.sendAlert(alertHandshakeFailure) return errors.New("tls: client's Finished message is incorrect") } + c.clientVerify = append(c.clientVerify[:0], clientFinished.verifyData...) hs.writeClientHash(clientFinished.marshal()) return nil @@ -730,6 +746,7 @@ func (hs *serverHandshakeState) sendFinished() error { finished := new(finishedMsg) finished.verifyData = hs.finishedHash.serverSum(hs.masterSecret) + c.serverVerify = append(c.serverVerify[:0], finished.verifyData...) postCCSBytes := finished.marshal() hs.writeServerHash(postCCSBytes) diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 1b461e2..4b43481 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -150,6 +150,12 @@ type testCase struct { // shimWritesFirst controls whether the shim sends an initial "hello" // message before doing a roundtrip with the runner. shimWritesFirst bool + // renegotiate indicates the the connection should be renegotiated + // during the exchange. + renegotiate bool + // renegotiateCiphers is a list of ciphersuite ids that will be + // switched in just before renegotiation. + renegotiateCiphers []uint16 // flags, if not empty, contains a list of command-line flags that will // be passed to the shim program. flags []string @@ -565,6 +571,17 @@ func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, i } } + if test.renegotiate { + if test.renegotiateCiphers != nil { + config.CipherSuites = test.renegotiateCiphers + } + if err := tlsConn.Renegotiate(); err != nil { + return err + } + } else if test.renegotiateCiphers != nil { + panic("renegotiateCiphers without renegotiate") + } + if messageLen < 0 { if test.protocol == dtls { return fmt.Errorf("messageLen < 0 not supported for DTLS tests") @@ -1759,6 +1776,84 @@ func addResumptionVersionTests() { } } +func addRenegotiationTests() { + testCases = append(testCases, testCase{ + testType: serverTest, + name: "Renegotiate-Server", + flags: []string{"-renegotiate"}, + shimWritesFirst: true, + }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "Renegotiate-Server-EmptyExt", + config: Config{ + Bugs: ProtocolBugs{ + EmptyRenegotiationInfo: true, + }, + }, + flags: []string{"-renegotiate"}, + shimWritesFirst: true, + shouldFail: true, + expectedError: ":RENEGOTIATION_MISMATCH:", + }) + testCases = append(testCases, testCase{ + testType: serverTest, + name: "Renegotiate-Server-BadExt", + config: Config{ + Bugs: ProtocolBugs{ + BadRenegotiationInfo: true, + }, + }, + flags: []string{"-renegotiate"}, + shimWritesFirst: true, + shouldFail: true, + expectedError: ":RENEGOTIATION_MISMATCH:", + }) + // TODO(agl): test the renegotiation info SCSV. + testCases = append(testCases, testCase{ + name: "Renegotiate-Client", + renegotiate: true, + }) + testCases = append(testCases, testCase{ + name: "Renegotiate-Client-EmptyExt", + renegotiate: true, + config: Config{ + Bugs: ProtocolBugs{ + EmptyRenegotiationInfo: true, + }, + }, + shouldFail: true, + expectedError: ":RENEGOTIATION_MISMATCH:", + }) + testCases = append(testCases, testCase{ + name: "Renegotiate-Client-BadExt", + renegotiate: true, + config: Config{ + Bugs: ProtocolBugs{ + BadRenegotiationInfo: true, + }, + }, + shouldFail: true, + expectedError: ":RENEGOTIATION_MISMATCH:", + }) + testCases = append(testCases, testCase{ + name: "Renegotiate-Client-SwitchCiphers", + renegotiate: true, + config: Config{ + CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + }, + renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + }) + testCases = append(testCases, testCase{ + name: "Renegotiate-Client-SwitchCiphers2", + renegotiate: true, + config: Config{ + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + }, + renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + }) +} + func worker(statusChan chan statusMsg, c chan *testCase, buildDir string, wg *sync.WaitGroup) { defer wg.Done() @@ -1815,6 +1910,7 @@ func main() { addExtensionTests() addResumptionVersionTests() addExtendedMasterSecretTests() + addRenegotiationTests() for _, async := range []bool{false, true} { for _, splitHandshake := range []bool{false, true} { for _, protocol := range []protocol{tls, dtls} { diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc index c50d9de..b717bd3 100644 --- a/ssl/test/test_config.cc +++ b/ssl/test/test_config.cc @@ -59,6 +59,7 @@ const BoolFlag kBoolFlags[] = { { "-expect-session-miss", &TestConfig::expect_session_miss }, { "-expect-extended-master-secret", &TestConfig::expect_extended_master_secret }, + { "-renegotiate", &TestConfig::renegotiate }, }; const size_t kNumBoolFlags = sizeof(kBoolFlags) / sizeof(kBoolFlags[0]); @@ -110,7 +111,8 @@ TestConfig::TestConfig() shim_writes_first(false), tls_d5_bug(false), expect_session_miss(false), - expect_extended_master_secret(false) { + expect_extended_master_secret(false), + renegotiate(false) { } bool ParseConfig(int argc, char **argv, TestConfig *out_config) { diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h index e5ff8ad..2dc4dc1 100644 --- a/ssl/test/test_config.h +++ b/ssl/test/test_config.h @@ -56,6 +56,7 @@ struct TestConfig { bool expect_extended_master_secret; std::string psk; std::string psk_identity; + bool renegotiate; }; bool ParseConfig(int argc, char **argv, TestConfig *out_config); diff --git a/tool/CMakeLists.txt b/tool/CMakeLists.txt index e513c8b..e504838 100644 --- a/tool/CMakeLists.txt +++ b/tool/CMakeLists.txt @@ -11,7 +11,7 @@ add_executable( tool.cc ) -if (APPLE) +if (APPLE OR WIN32) target_link_libraries(bssl ssl crypto) else() target_link_libraries(bssl ssl crypto -lrt) diff --git a/tool/client.cc b/tool/client.cc index 6cc93d6..21ea8ba 100644 --- a/tool/client.cc +++ b/tool/client.cc @@ -14,6 +14,9 @@ #include <openssl/base.h> +// TODO(davidben): bssl client does not work on Windows. +#if !defined(OPENSSL_WINDOWS) + #include <string> #include <vector> @@ -299,3 +302,5 @@ bool Client(const std::vector<std::string> &args) { SSL_CTX_free(ctx); return ok; } + +#endif // !OPENSSL_WINDOWS
\ No newline at end of file diff --git a/tool/pkcs12.cc b/tool/pkcs12.cc index d35ba0b..fca8bb2 100644 --- a/tool/pkcs12.cc +++ b/tool/pkcs12.cc @@ -12,6 +12,8 @@ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include <openssl/base.h> + #include <memory> #include <string> #include <vector> @@ -21,7 +23,11 @@ #include <stdint.h> #include <sys/stat.h> #include <sys/types.h> +#if defined(OPENSSL_WINDOWS) +#include <io.h> +#else #include <unistd.h> +#endif #include <openssl/bytestring.h> #include <openssl/pem.h> @@ -31,6 +37,12 @@ #include "internal.h" +#if defined(OPENSSL_WINDOWS) +typedef int read_result_t; +#else +typedef ssize_t read_result_t; +#endif + static const struct argument kArguments[] = { { "-dump", false, "Dump the key and contents of the given file to stdout", @@ -64,7 +76,7 @@ bool DoPKCS12(const std::vector<std::string> &args) { const size_t size = st.st_size; std::unique_ptr<uint8_t[]> contents(new uint8_t[size]); - ssize_t n; + read_result_t n; size_t off = 0; do { n = read(fd, &contents[off], size - off); diff --git a/tool/tool.cc b/tool/tool.cc index a0866d7..f35cc7c 100644 --- a/tool/tool.cc +++ b/tool/tool.cc @@ -19,7 +19,9 @@ #include <openssl/ssl.h> +#if !defined(OPENSSL_WINDOWS) bool Client(const std::vector<std::string> &args); +#endif bool DoPKCS12(const std::vector<std::string> &args); bool Speed(const std::vector<std::string> &args); @@ -42,8 +44,10 @@ int main(int argc, char **argv) { if (tool == "speed") { return !Speed(args); +#if !defined(OPENSSL_WINDOWS) } else if (tool == "s_client" || tool == "client") { return !Client(args); +#endif } else if (tool == "pkcs12") { return !DoPKCS12(args); } else { diff --git a/util/all_tests.sh b/util/all_tests.sh index de6800f..f6188d1 100644 --- a/util/all_tests.sh +++ b/util/all_tests.sh @@ -36,7 +36,7 @@ TESTS=" ./crypto/ec/example_mul ./crypto/ecdsa/ecdsa_test ./crypto/err/err_test -./crypto/evp/example_sign +./crypto/evp/evp_test ./crypto/hmac/hmac_test ./crypto/lhash/lhash_test ./crypto/md5/md5_test |