chromium/src/crypto.git
37 hours agoWork on Mac GN build. master
brettw@chromium.org [Thu, 17 Apr 2014 20:33:19 +0000 (20:33 +0000)]
Work on Mac GN build.

This fixes a lot of minor mistakes (mostly missing/extra files and flags) for the Mac GN build.

I separated out some clang flags into a config for extra clang warnings. Several of the third party libraries needed to remove this.

Removes the use_nss flag and uses !use_openssl. This is a result of discussion with rsleevi.

Removes extra duplicate net build file from secondary tree.

ui/gesture_events seems to be getting compiled in GN with more strict warnings than in GYP. Rather than fix this, I fixed the warning in the gesture recognizer unit test. It was returning a const copy (the const is pointless when you're copying).

This also removes a bunch of old GYP integration stuff that was left in the GN build.

R=scottmg@chromium.org

Review URL: https://codereview.chromium.org/239543013

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@264626 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

3 days agoImplement net in GN build.
brettw@chromium.org [Tue, 15 Apr 2014 19:26:44 +0000 (19:26 +0000)]
Implement net in GN build.

This does the net target. I started doing some more that are commented out at the bottom, and there are a few more after that do do. The deps of these targets started to build up to an unreasonable level and this should be a good checkpoint.

Fix grit rule.

Fix SSL dependent configs

Add TLD cleanup

Add gconf and gio targets for Linux.

Add sources filtering for ChromeOS, .rc, and .mm files. Remove built-in code that removes .rc and .mm files (this wasn't quite complete so causes problems).

BUG=
R=scottmg@chromium.org

Review URL: https://codereview.chromium.org/236713002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@263967 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 days agoAdd SSL support to the GN build
brettw@chromium.org [Mon, 14 Apr 2014 23:25:13 +0000 (23:25 +0000)]
Add SSL support to the GN build

This moves files from the secondary tree to the main one, and renames the "meta" one to //crypto:ssl. It also adds the crypto unit tests.

R=rsleevi@chromium.org

Review URL: https://codereview.chromium.org/231673006

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@263744 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

8 days agoAllow empty keys in hmac_openssl.cc.
davidben@chromium.org [Thu, 10 Apr 2014 21:16:59 +0000 (21:16 +0000)]
Allow empty keys in hmac_openssl.cc.

PrefHashCalculator uses empty keys in developer builds. This fixes
Chrome startup in debug builds.

BUG=none

Review URL: https://codereview.chromium.org/231603002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@263085 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 weeks agoGet rid of all component builds specific .isolate.
maruel@chromium.org [Fri, 4 Apr 2014 21:06:46 +0000 (21:06 +0000)]
Get rid of all component builds specific .isolate.

The status quo was unmaintainable.  These 'component build specific .isolate
files' are superseeded by tools/isolate_driver.py which packages dynamic
libraries automatically.

The new way is much more sane and dynamic, isolate_driver.py is currently very
crude but 'does the job', the expected way to make it work is to read the .ninja
files to extract all the dynamic libraries marked as a dependency to the main
target being executed.

TBR=csharp@chromium.org
BUG=333473

Review URL: https://codereview.chromium.org/226123004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@261871 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

3 weeks agoIntroduce USE_OPENSSL_CERTS for certificate handling.
haavardm@opera.com [Fri, 28 Mar 2014 16:20:32 +0000 (16:20 +0000)]
Introduce USE_OPENSSL_CERTS for certificate handling.

See discussion at chromium issue 338885.

When USE_OPENSSL_CERTS is defined, X509::OSCertHandle is now
typedef'ed to struct X509*.

When USE_OPENSSL is defined, USE_OPENSSL_CERTS will now be
defined for linux and Android, while being off for Mac and
Windows. This allows OpenSSL to be used while leaving
certificate handling to the OS.

OpenSSL cert verifying code will only be used on Linux.

This patch does not change any default behavior.

Bug=none
Test=none

Review URL: https://codereview.chromium.org/206453002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@260152 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

3 weeks agoRemove prtypes.h and prcpucfg*.h from base/third_party/nspr.
wtc@chromium.org [Tue, 25 Mar 2014 04:28:31 +0000 (04:28 +0000)]
Remove prtypes.h and prcpucfg*.h from base/third_party/nspr.

Copy the type and macro definitions we need to base/third_party/nspr/prtime.h.

Add chromium-prtypes.h to crypto/third_party/nss.

content/common/plugin_list_posix.cc doesn't need to include prcpucfg_linux.h.

R=ananta@chromium.org,mark@chromium.org,rsleevi@chromium.org

Review URL: https://codereview.chromium.org/209343003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@259148 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 weeks agocrypto.gyp: move openssl dependency into use_openssl section. Remove redundant source...
mattm@chromium.org [Sat, 22 Mar 2014 03:01:23 +0000 (03:01 +0000)]
crypto.gyp: move openssl dependency into use_openssl section. Remove redundant source excludes.

BUG=338888

Review URL: https://codereview.chromium.org/205813004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@258749 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 weeks agoHack to allow ec_private_key_openssl loading keys generated with NSS.
mattm@chromium.org [Sat, 22 Mar 2014 02:42:47 +0000 (02:42 +0000)]
Hack to allow ec_private_key_openssl loading keys generated with NSS.

BUG=none

Review URL: https://codereview.chromium.org/205333002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@258739 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 weeks agoRemove unused SymmetricKey::CreateFromKey method.
mattm@chromium.org [Thu, 20 Mar 2014 21:55:32 +0000 (21:55 +0000)]
Remove unused SymmetricKey::CreateFromKey method.

BUG=none

Review URL: https://codereview.chromium.org/205763003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@258427 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 weeks agoMove more file_util functions to base namespace.
brettw@chromium.org [Thu, 13 Mar 2014 17:26:21 +0000 (17:26 +0000)]
Move more file_util functions to base namespace.

TBR=jam

Review URL: https://codereview.chromium.org/189333004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@256863 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 weeks agoBuild src/crypto for PNaCl
sergeyu@chromium.org [Wed, 12 Mar 2014 09:34:10 +0000 (09:34 +0000)]
Build src/crypto for PNaCl

The new crypto_nacl target builds crypto for PNaCl.

BUG=276739

Review URL: https://codereview.chromium.org/185233012

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@256485 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 weeks agoConvert most Chromium presubmit files to use new multiple-tryserver-compatible protocol
phajdan.jr@chromium.org [Tue, 11 Mar 2014 21:45:27 +0000 (21:45 +0000)]
Convert most Chromium presubmit files to use new multiple-tryserver-compatible protocol

BUG=334892
R=maruel@chromium.org

Review URL: https://codereview.chromium.org/194903007

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@256318 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

6 weeks agoAdd use_allocator instead of linux_use_tcmalloc to switch the allocator.
dmikurube@chromium.org [Wed, 5 Mar 2014 20:10:07 +0000 (20:10 +0000)]
Add use_allocator instead of linux_use_tcmalloc to switch the allocator.

This change is to add a new build option 'use_allocator' which will
replace 'linux_use_tcmalloc' in the future. It doesn't change the
behavior immediately. The migration plan is as follows:

1) (this change)
... Add 'use_allocator' and set its default to "see_use_tcmalloc".
... Change allocator conditions to check use_allocator firstly.
... Use linux_use_tcmalloc if use_allocator=="see_use_tcmalloc".
... NO IMPACT without specifying use_allocator explicitly.
2) Change Blink to accept use_allocator. http://crrev.com/177053003/
3) Change gyp to accept use_allocator. http://crrev.com/178643004/
4) PSA the transition period to chromium-dev@.
5) (after the PSA-ed transition period)
... Make 'use_allocator' to "tcmalloc" or "none" (it depends) by default.
... Remove all linux_use_tcmalloc.
... Assert in gyp_chromium to check if linux_use_tcmalloc is not specified.

At the point of this change (1), linux_use_tcmalloc is still used by default
because 'use_allocator%': "see_use_tcmalloc".

As written in http://crbug.com/345554, linux_use_tcmalloc would
be confusing to have more options about allocators. We plan to:
A) enable gperftools' heap-profiler with non-tcmalloc allocator,
B) add a new memory allocator instead of tcmalloc.

BUG=345554, 339604, 341349
R=agl@chromium.org, brettw@chromium.org, dgarrett@chromium.org, jam@chromium.org, jamesr@chromium.org, joi@chromium.org, miket@chromium.org, nick@chromium.org, rsleevi@chromium.org, scherkus@chromium.org, sergeyu@chromium.org, shess@chromium.org, sievers@chromium.org, sky@chromium.org, vitalybuka@chromium.org, willchan@chromium.org

Review URL: https://codereview.chromium.org/177353002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@255129 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

7 weeks agochromeos: Load chaps module and lookup TPM slots on the worker pool.
mattm@chromium.org [Thu, 27 Feb 2014 22:27:21 +0000 (22:27 +0000)]
chromeos: Load chaps module and lookup TPM slots on the worker pool.

BUG=345713

Review URL: https://codereview.chromium.org/181053002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@253942 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

7 weeks agoConvert scoped_ptr_malloc -> scoped_ptr, part 2.
viettrungluu@chromium.org [Wed, 26 Feb 2014 20:29:57 +0000 (20:29 +0000)]
Convert scoped_ptr_malloc -> scoped_ptr, part 2.

scoped_ptr_malloc is deprecated; let's get rid of it.

BUG=344245
R=brettw@chromium.org
TBR=rsleevi@chromium.org,miket@chromium.org,ryanmyers@chromium.org,dalecurtis@chromium.org, cpu@chromium.org

Review URL: https://codereview.chromium.org/169193002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@253582 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 months agoMake net_unittests_run work with component=shared_library.
maruel@chromium.org [Wed, 5 Feb 2014 23:33:48 +0000 (23:33 +0000)]
Make net_unittests_run work with component=shared_library.

Specifically, this adds support to run net_unittests isolated via 'isolate.py
run' when built with component build.

R=vadimsh@chromium.org,brettw@chromium.org,rsleevi@chromium.org
BUG=336439

Review URL: https://codereview.chromium.org/134003004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@249150 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 months agoUse file_util::GetFileSystemType() in crypto/nss_util.cc.
thestig@chromium.org [Wed, 5 Feb 2014 08:37:48 +0000 (08:37 +0000)]
Use file_util::GetFileSystemType() in crypto/nss_util.cc.

Review URL: https://codereview.chromium.org/147933003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@248923 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 months agoDisable noisy printf in nss_util.cc
danakj@chromium.org [Fri, 31 Jan 2014 22:29:02 +0000 (22:29 +0000)]
Disable noisy printf in nss_util.cc

This is printed in every browser test, and just adds noise. Switch it
to VLOG(1) so it's available when wanted.

R=rsleevi@chromium.org
BUG=339891

Review URL: https://codereview.chromium.org/148483008

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@248290 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

3 months agoChromeOS: Fix crash if login profile triggers client auth.
mattm@chromium.org [Tue, 14 Jan 2014 14:00:46 +0000 (14:00 +0000)]
ChromeOS: Fix crash if login profile triggers client auth.

The login profile (which is identified with an empty username_hash) does not have an entry in the chromeos_user_map_, which would cause a crash (or DCHECK) when GetPrivateSlotForChromeOSUser was called. GetPrivateSlotForChromeOSUser is changed to return a NULL slot handle for this case.

Updates NSSProfileFilterChromeOS to allow NULL slot handles, which it will now receive due to the above change.

BUG=331945,302125

Review URL: https://codereview.chromium.org/123633002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@244690 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

3 months agoAllow Win64 build of base library even in a Win32 build.
petewil@chromium.org [Thu, 9 Jan 2014 18:48:05 +0000 (18:48 +0000)]
Allow Win64 build of base library even in a Win32 build.

Some components of a 32 bit build of chrome for Windows need to be built
as Win64 Dlls.  To allow those components to use base, we make a Win64
build of the base library even when building chrome 32 bit.

This is needed by the Chrome Desk Band code. crbug.com/327435.
https://codereview.chromium.org/79173004/

BUG=327435

Review URL: https://codereview.chromium.org/103333004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@243936 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

3 months agocrypto: fix typo in unittest found by thakis's new compiler warning.
agl@chromium.org [Sat, 21 Dec 2013 12:34:45 +0000 (12:34 +0000)]
crypto: fix typo in unittest found by thakis's new compiler warning.

(Note: landing unreviewed because it's trivial, the weekend before Xmas
and I'll forget about it if I leave it until after the vacation.)

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@242277 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoAdd ClientCertStoreChromeOS which only returns the certs for a given user.
mattm@chromium.org [Tue, 17 Dec 2013 00:09:00 +0000 (00:09 +0000)]
Add ClientCertStoreChromeOS which only returns the certs for a given user.

BUG=302125

Review URL: https://codereview.chromium.org/112533002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@241080 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoUpdate keygen to use correct NSS slot on ChromeOS multiprofile.
mattm@chromium.org [Mon, 16 Dec 2013 13:05:27 +0000 (13:05 +0000)]
Update keygen to use correct NSS slot on ChromeOS multiprofile.

BUG=302126

Review URL: https://codereview.chromium.org/61643007

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@240868 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoFix location of NSS library on armhf linux.
sbc@chromium.org [Wed, 11 Dec 2013 04:53:35 +0000 (04:53 +0000)]
Fix location of NSS library on armhf linux.

BUG=327453
TEST=arm linux trybot

Review URL: https://codereview.chromium.org/111713006

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@240018 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoInitialize per-ChromeOS-user NSS slots and provide the functions to access them.
mattm@google.com [Fri, 6 Dec 2013 22:24:07 +0000 (22:24 +0000)]
Initialize per-ChromeOS-user NSS slots and provide the functions to access them.

BUG=302124
R=mmenke@chromium.org, rsleevi@chromium.org, xiyuan@chromium.org

Review URL: https://codereview.chromium.org/53763003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@239266 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoMove directory creation functions to base namespace.
brettw@chromium.org [Tue, 3 Dec 2013 20:08:54 +0000 (20:08 +0000)]
Move directory creation functions to base namespace.

BUG=

Review URL: https://codereview.chromium.org/100573002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@238446 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoMove some more file utils to the base namespace.
brettw@chromium.org [Mon, 2 Dec 2013 18:55:49 +0000 (18:55 +0000)]
Move some more file utils to the base namespace.

This also swaps the order of the parameters to GetShmemTempDir so the out
parameter is last, and enhances some documentation.

Review URL: https://codereview.chromium.org/93263002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@238144 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoRemove crypto::GetTPMTokenInfo which is no longer necessary.
mattm@chromium.org [Mon, 25 Nov 2013 21:45:04 +0000 (21:45 +0000)]
Remove crypto::GetTPMTokenInfo which is no longer necessary.

BUG=none

Review URL: https://codereview.chromium.org/83833003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@237150 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agocrypto: disable NSS AES-NI support when AVX is disabled by OS.
agl@chromium.org [Fri, 22 Nov 2013 18:35:03 +0000 (18:35 +0000)]
crypto: disable NSS AES-NI support when AVX is disabled by OS.

When running under Xen, or with certain kernel configurations, it's possible
for the CPU to support AVX but for the operating system not to have configured
it. In this case, CPUID indicates that AVX support exists and NSS will try to
use it for AES-GCM. However, the first AVX instruction will cause an illegal
instruction exception.

This change works around the problem by disabling AES-NI support when AVX
support exists but is not supported by the OS. Sadly this also means that plain
AES instructions are also disabled in this case, but that's better than
crashing.

https://bugzilla.mozilla.org/show_bug.cgi?id=940794

BUG=320524

Review URL: https://codereview.chromium.org/79283002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@236794 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoRemove ChromeOS TPM slot unlock hacks that are unnecessary with chaps.
mattm@chromium.org [Thu, 21 Nov 2013 06:36:09 +0000 (06:36 +0000)]
Remove ChromeOS TPM slot unlock hacks that are unnecessary with chaps.

BUG=125848

Review URL: https://codereview.chromium.org/76693005

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@236418 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agocrypto: enable NEON optimisations when supported by the platform.
agl@chromium.org [Wed, 20 Nov 2013 04:25:51 +0000 (04:25 +0000)]
crypto: enable NEON optimisations when supported by the platform.

BUG=310768

Review URL: https://codereview.chromium.org/65413008

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@236143 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 months agoNSS: {EC,RSA}PrivateKey shouldn't call crypto::GetPublicNSSKeySlot or GetPrivateNSSKe...
mattm@chromium.org [Wed, 13 Nov 2013 03:29:22 +0000 (03:29 +0000)]
NSS: {EC,RSA}PrivateKey shouldn't call crypto::GetPublicNSSKeySlot or GetPrivateNSSKeySlot.

Make ECPrivateKey use PK11_GetInternalKeySlot for temporary keys.
Make ECPrivateKey and RSAPrivateKey "sensitive" functions take slot as parameter.

This avoids calling non-thread-safe functions in nss_util on arbitrary threads.

Also removes the ANNOTATE_SCOPED_MEMORY_LEAK from RSAPrivateKey which should no longer be necessary.

BUG=125848,34742

Review URL: https://codereview.chromium.org/66213002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@234726 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 months agoStart adding threading checks to nss_util.
mattm@chromium.org [Tue, 12 Nov 2013 02:56:31 +0000 (02:56 +0000)]
Start adding threading checks to nss_util.

BUG=125848

Review URL: https://codereview.chromium.org/64723006

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@234388 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 months agocrypto/nss_util: Get TPM slot id, do lookup by id instead of by name.
mattm@chromium.org [Fri, 25 Oct 2013 22:03:26 +0000 (22:03 +0000)]
crypto/nss_util: Get TPM slot id, do lookup by id instead of by name.

chromeos/cert_loader: store slot id as int.

BUG=302124

Review URL: https://codereview.chromium.org/36593002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@231126 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 months agocrypto: Implement ECSignatureCreatorImpl for OpenSSL
digit@chromium.org [Fri, 25 Oct 2013 17:26:08 +0000 (17:26 +0000)]
crypto: Implement ECSignatureCreatorImpl for OpenSSL

BUG=306176
TEST=crypto_unittests --gtest_filter=ECSignatureCreatorTest.*
R=rsleevi@chromium.org,agl@chromium.org,wtc@chromium.org

Review URL: https://codereview.chromium.org/43663005

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@231048 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 months agoAdd ScopedPK11SlotList to scoped_nss_types.h
mattm@chromium.org [Wed, 23 Oct 2013 22:22:53 +0000 (22:22 +0000)]
Add ScopedPK11SlotList to scoped_nss_types.h

BUG=none

Review URL: https://codereview.chromium.org/33003004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@230524 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 months agoAdd missing include of algorithm for std::min
scottmg@chromium.org [Tue, 22 Oct 2013 03:43:59 +0000 (03:43 +0000)]
Add missing include of algorithm for std::min

Required to compile on VS2013.

TBR=rsleevi@chromium.org
BUG=288948

Review URL: https://codereview.chromium.org/33583004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@230036 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

6 months agoopenssl: Implement crypto::ECPrivateKey.
digit@chromium.org [Thu, 17 Oct 2013 16:09:24 +0000 (16:09 +0000)]
openssl: Implement crypto::ECPrivateKey.

BUG=306176
R=rsleevi@chromium.org, wtc@chromium.org, agl@chromium.org

Review URL: https://codereview.chromium.org/27195002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@229153 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

6 months agoUpdate the NSS bug number for the invalid read when AES-CBC decrypting.
wtc@chromium.org [Wed, 2 Oct 2013 19:42:52 +0000 (19:42 +0000)]
Update the NSS bug number for the invalid read when AES-CBC decrypting.

R=eroman@chromium.org
BUG=300681
TEST=none

Review URL: https://codereview.chromium.org/25637004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@226530 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

6 months agoPrevent invalid memory read when AES-CBC decrypting.
eroman@chromium.org [Tue, 1 Oct 2013 10:34:27 +0000 (10:34 +0000)]
Prevent invalid memory read when AES-CBC decrypting.

The issue happens when the ciphertext is not a multiple of the block size.

BUG=300681

Review URL: https://codereview.chromium.org/25164002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@226199 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

6 months agoRename "decypted" to "decrypted".
eroman@chromium.org [Mon, 30 Sep 2013 09:08:47 +0000 (09:08 +0000)]
Rename "decypted" to "decrypted".

I presume this was a typo that got replicated throughout encryptor_unittest.cc

BUG=NONE

Review URL: https://codereview.chromium.org/25163002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@225951 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

7 months agoadd missing #include of <algorithm>, needed on VS2013 for std::min
scottmg@chromium.org [Thu, 12 Sep 2013 22:51:37 +0000 (22:51 +0000)]
add missing #include of <algorithm>, needed on VS2013 for std::min

R=rsleevi@chromium.org
BUG=288948

Review URL: https://chromiumcodereview.appspot.com/23684060

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@222895 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

7 months agocrypto: Don't try to init NSS with nonexistent DB.
derat@chromium.org [Thu, 12 Sep 2013 20:32:22 +0000 (20:32 +0000)]
crypto: Don't try to init NSS with nonexistent DB.

This makes non-test Chrome OS images avoid trying to
initialize /etc/fake_root_ca/nssdb to avoid an "Error
initializing NSS with a persistent database
(sql:/etc/fake_root_ca/nssdb): NSS error code: -8174"
message that gets logged multiple times at startup.

BUG=none

Review URL: https://chromiumcodereview.appspot.com/23654019

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@222856 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

7 months agoConvert most run_all_unittests.cc files to use new unit test launcher.
phajdan.jr@chromium.org [Thu, 5 Sep 2013 18:20:36 +0000 (18:20 +0000)]
Convert most run_all_unittests.cc files to use new unit test launcher.

Note that the new code is still behind a runtime flag
(--brave-new-test-launcher), but compiling tests with support for it
will make further testing possible.

BUG=236893, 79359
R=akalin@chromium.org, enne@chromium.org, erikwright@chromium.org, joi@chromium.org, keybuk@chromium.org, sky@chromium.org, thestig@chromium.org, tommi@chromium.org, wtc@chromium.org, xhwang@chromium.org, yzshen@chromium.org

Review URL: https://codereview.chromium.org/23442019

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@221464 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

8 months agoMake CryptohomeClientImplStub and ScopedTestNSSDB use the same TokenName.
pneubeck@chromium.org [Mon, 12 Aug 2013 14:09:19 +0000 (14:09 +0000)]
Make CryptohomeClientImplStub and ScopedTestNSSDB use the same TokenName.

This allows for tests which rely on CertLoader::IsHardwareBacked returning true.

BUG=NONE
R=agl@chromium.org, stevenjb@chromium.org

Review URL: https://codereview.chromium.org/22407013

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@216991 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

8 months agoReland http://crrev.com/209278
rsleevi@chromium.org [Wed, 7 Aug 2013 22:57:00 +0000 (22:57 +0000)]
Reland http://crrev.com/209278

Update dependency to NSS >= 3.14.3 and NSPR >= 4.9.2

Technically NSS 3.14.3 depends on NSPR 4.9.5, but Debian stable still
ships 4.9.2 on stable, so this is the lower bound.

3.14.3 contains a number of important security fixes, and support for
older systems is no longer desirable.

BUG=245370
TBR=thestig@chromium.org, wtc@chromium.org

Review URL: https://chromiumcodereview.appspot.com/20615002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@216296 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

8 months ago[MIPS] Add additional directory for NSS libraries
petarj@mips.com [Thu, 1 Aug 2013 02:46:46 +0000 (02:46 +0000)]
[MIPS] Add additional directory for NSS libraries

Add correct path for NSS libraries on MIPS.
Tested on Debian Wheezy.

BUG=130022
TEST=build and run Chromium

Review URL: https://chromiumcodereview.appspot.com/21029006

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@214931 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

8 months agoFix a bug where packing an extension with bad private key causes crash.
DHNishi@gmail.com [Wed, 31 Jul 2013 07:49:16 +0000 (07:49 +0000)]
Fix a bug where packing an extension with bad private key causes crash.
BUG=263968
TEST=PackExtensionTest.ExtensionWithInvalidKey

Review URL: https://chromiumcodereview.appspot.com/20794003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@214622 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agonet: fix buffer overflow in GHASH.
agl@chromium.org [Wed, 17 Jul 2013 18:10:23 +0000 (18:10 +0000)]
net: fix buffer overflow in GHASH.

Thanks to Joel Sing for noticing.

BUG=none
R=rtenneti@chromium.org

Review URL: https://codereview.chromium.org/19619003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@212090 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoIntroduce RSAPrivateKey::SignDigest
pfeldman@chromium.org [Tue, 9 Jul 2013 08:32:40 +0000 (08:32 +0000)]
Introduce RSAPrivateKey::SignDigest

BUG=258017
R=rsleevi@chromium.org

Review URL: https://codereview.chromium.org/18697003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@210524 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoOpenSSL/NSS implementation of ProofVerfifier.
rtenneti@chromium.org [Wed, 3 Jul 2013 10:27:46 +0000 (10:27 +0000)]
OpenSSL/NSS implementation of ProofVerfifier.

Changes to make ProofVerifier asynchronous. Each QuicSession's ProofVerifier is used to verify the signature and cert chain.

Implemented generation counter in QuicCryptoClientConfig's CachedState in case certs change when we are verifying the Proof.

Review URL: https://chromiumcodereview.appspot.com/17385010

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@209946 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoRevert 209515 "Reland http://crrev.com/209278"
rsleevi@chromium.org [Mon, 1 Jul 2013 23:23:37 +0000 (23:23 +0000)]
Revert 209515 "Reland http://crrev.com/209278"

> Reland http://crrev.com/209278
>
> Update dependency to NSS >= 3.14.3 and NSPR >= 4.9.2
>
> Technically NSS 3.14.3 depends on NSPR 4.9.5, but Debian stable still
> ships 4.9.2 on stable, so this is the lower bound.
>
> 3.14.3 contains a number of important security fixes, and support for
> older systems is no longer desirable.
>
> BUG=245370
> TBR=thestig@chromium.org, wtc@chromium.org
>
> Review URL: https://chromiumcodereview.appspot.com/18332012

TBR=rsleevi@chromium.org

Review URL: https://codereview.chromium.org/18414004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@209534 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoReland http://crrev.com/209278
rsleevi@chromium.org [Mon, 1 Jul 2013 22:06:48 +0000 (22:06 +0000)]
Reland http://crrev.com/209278

Update dependency to NSS >= 3.14.3 and NSPR >= 4.9.2

Technically NSS 3.14.3 depends on NSPR 4.9.5, but Debian stable still
ships 4.9.2 on stable, so this is the lower bound.

3.14.3 contains a number of important security fixes, and support for
older systems is no longer desirable.

BUG=245370
TBR=thestig@chromium.org, wtc@chromium.org

Review URL: https://chromiumcodereview.appspot.com/18332012

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@209515 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoUse the HASH_ResultLenContext and HASH_GetType functions, now that they
wtc@chromium.org [Mon, 1 Jul 2013 07:40:09 +0000 (07:40 +0000)]
Use the HASH_ResultLenContext and HASH_GetType functions, now that they
are exported.

R=rsleevi@chromium.org
BUG=none
TEST=none

Review URL: https://chromiumcodereview.appspot.com/18181018

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@209388 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoActually close the test NSS DB when ScopedTestNSSDB is destroyed
rsleevi@chromium.org [Sat, 29 Jun 2013 21:18:16 +0000 (21:18 +0000)]
Actually close the test NSS DB when ScopedTestNSSDB is destroyed

NSS 3.15.1 fixes all known errors with SECMOD_CloseUserDB, so it can
now be safely used again while testing

BUG=156433
R=mattm

Review URL: https://chromiumcodereview.appspot.com/18238002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@209351 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoRevert 209278 "Update dependency to NSS >= 3.14.3 and NSPR >= 4.9.2"
joaodasilva@chromium.org [Sat, 29 Jun 2013 13:00:01 +0000 (13:00 +0000)]
Revert 209278 "Update dependency to NSS >= 3.14.3 and NSPR >= 4.9.2"

> Update dependency to NSS >= 3.14.3 and NSPR >= 4.9.2
>
> Technically NSS 3.14.3 depends on NSPR 4.9.5, but Debian stable still
> ships 4.9.2 on stable, so this is the lower bound.
>
> 3.14.3 contains a number of important security fixes, and support for
> older systems is no longer desirable.
>
> BUG=245370
> R=thestig@chromium.org, wtc@chromium.org
>
> Review URL: https://chromiumcodereview.appspot.com/18063013

TBR=rsleevi@chromium.org

Review URL: https://codereview.chromium.org/18181019

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@209282 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoUpdate dependency to NSS >= 3.14.3 and NSPR >= 4.9.2
rsleevi@chromium.org [Sat, 29 Jun 2013 10:53:05 +0000 (10:53 +0000)]
Update dependency to NSS >= 3.14.3 and NSPR >= 4.9.2

Technically NSS 3.14.3 depends on NSPR 4.9.5, but Debian stable still
ships 4.9.2 on stable, so this is the lower bound.

3.14.3 contains a number of important security fixes, and support for
older systems is no longer desirable.

BUG=245370
R=thestig@chromium.org, wtc@chromium.org

Review URL: https://chromiumcodereview.appspot.com/18063013

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@209278 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoAdd SignatureVerifier::VerifyInitRSAPSS for verifying RSA-PSS signatures.
wtc@chromium.org [Fri, 28 Jun 2013 17:46:53 +0000 (17:46 +0000)]
Add SignatureVerifier::VerifyInitRSAPSS for verifying RSA-PSS signatures.

Change the OpenSSL-based SignatureVerifier to use EVP_DigestVerifyInit
instead of EVP_VerifyInit_ex.

Copy the PSS padding verification code from NSS to the NSS-based
SignatureVerifier because the RSA-PSS code in the NSS softoken isn't
exposed via the NSS PK11_ or VFY_ functions yet.

R=agl@chromium.org,rsleevi@chromium.org
BUG=none
TEST=to be added to net_unittests via testing net::quic::ProofVerifier.

Review URL: https://chromiumcodereview.appspot.com/17776003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@209178 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoUse a direct include of time headers in courgette/, crypto/, dbus/, device/, google_a...
avi@chromium.org [Fri, 28 Jun 2013 15:20:02 +0000 (15:20 +0000)]
Use a direct include of time headers in courgette/, crypto/, dbus/, device/, google_apis/, gpu/, ipc/, jingle/.

BUG=254986
TEST=none
TBR=ben@chromium.org

Review URL: https://codereview.chromium.org/18156002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@209149 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoRemove platform-specific implementations of RSAPrivateKey and SignatureCreator
rsleevi@chromium.org [Thu, 27 Jun 2013 09:18:43 +0000 (09:18 +0000)]
Remove platform-specific implementations of RSAPrivateKey and SignatureCreator

Use NSS/OpenSSL on all platforms, rather than deferring to the underlying OS routines.

Because X509Certificate::CreateSelfSigned no longer relies on platform-native types for RSA keys or certificates, it has been moved to x509_util and simply returns a DER-encoded certificate as a string.

BUG=none
R=wtc

Review URL: https://chromiumcodereview.appspot.com/17265013

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@208870 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agomac: Update clients of scoped_nsobject.h.
thakis@chromium.org [Mon, 24 Jun 2013 22:51:46 +0000 (22:51 +0000)]
mac: Update clients of scoped_nsobject.h.

1.) The header is now in base/mac instead of base/memory
2.) The class is now in namespace base.

This CL was created programmatically by running:

1.)
    git grep -l memory/scoped_nsobject.h | xargs sed -i -e 's/memory\/scoped_nsobject.h/mac\/scoped_nsobject.h/g'
    for f in $(git diff --name-only origin); do tools/sort-headers.py $f -f; done
    git commit -a -m headers
    # manually undo changes to gypi file
    git cl upload # patch set 1
2.)
    git grep -l 'scoped_nsobject<' | xargs sed -i -e 's/scoped_nsobject</base::scoped_nsobject</g'
    # manually undo comment changes in scoped_nsobject.h, tracking_area.h
    git commit -a -m format
    git cl upload # patch set 2
    # Manually audit all files, file bugs and clean up bad clang-format decisions
    git cl upload # patch set 3
BUG=251957
TBR=mark@chromium.org

Review URL: https://codereview.chromium.org/17593006

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@208283 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agomac: Replace base::mac::ScopedCFTypeRef with base::ScopedCFTypeRef.
thakis@chromium.org [Mon, 24 Jun 2013 18:49:05 +0000 (18:49 +0000)]
mac: Replace base::mac::ScopedCFTypeRef with base::ScopedCFTypeRef.

This CL was created fully mechanically by running

  git grep -l base::mac::ScopedCFTypeRef | xargs sed -i -e 's/base::mac::ScopedCFTypeRef/base::ScopedCFTypeRef/g'
  git commit -a -m.
  git clang-format HEAD^ --style=Chromium
  git commit -a -m.
  git cl upload -t $TITLE

BUG=251957
TBR=mark@chromium.org

Review URL: https://codereview.chromium.org/16917011

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@208245 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

9 months agoOn NSS, treat non-permanent RSA private keys as ephemeral
rsleevi@chromium.org [Fri, 21 Jun 2013 16:29:43 +0000 (16:29 +0000)]
On NSS, treat non-permanent RSA private keys as ephemeral

When generating/using a crypto::RSAPrivateKey with NSS,
prefer the internal software slot over other modules (such as
any TPMs [ChromeOS] or smart cards [Linux]) if the key being
generated is not marked as a permanent key.

BUG=none
R=wtc

Review URL: https://chromiumcodereview.appspot.com/17447009

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@207853 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

10 months agoSupport CTR-AES in encryptor_openssl.
xhwang@chromium.org [Thu, 13 Jun 2013 19:48:01 +0000 (19:48 +0000)]
Support CTR-AES in encryptor_openssl.

BUG=163552
TEST=Added unittest to cover CTR-AES encryption/decryption. Also tested
AesDecryptorTest in media_unittests.

Review URL: https://chromiumcodereview.appspot.com/16654005

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@206141 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

10 months agoUse a direct include of strings headers in crypto/, dbus/, device/.
avi@chromium.org [Tue, 11 Jun 2013 07:27:01 +0000 (07:27 +0000)]
Use a direct include of strings headers in crypto/, dbus/, device/.

BUG=247723
TEST=none
TBR=ben@chromium.org

Review URL: https://chromiumcodereview.appspot.com/16123026

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@205457 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

10 months agoRemove unused crypto::GetSupplementalUserKey() method.
davidroche@chromium.org [Tue, 11 Jun 2013 00:53:52 +0000 (00:53 +0000)]
Remove unused crypto::GetSupplementalUserKey() method.

BUG=

Review URL: https://chromiumcodereview.appspot.com/16163008

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@205374 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

10 months agoRevert 202305 "Destroy all Singletons and LazyInstances between ..."
rsesek@chromium.org [Sat, 25 May 2013 19:04:49 +0000 (19:04 +0000)]
Revert 202305 "Destroy all Singletons and LazyInstances between ..."

> Destroy all Singletons and LazyInstances between each test.
>
> This modifies base::TestSuite to add a test listener that runs the AtExitManager
> between each test.
>
> BUG=110594, 156433, 238654
> TEST=*unit*tests
> R=apatrick@chromium.org, gspencer@chromium.org, phajdan.jr@chromium.org, pneubeck@chromium.org, rsleevi@chromium.org
>
> Review URL: https://codereview.chromium.org/8947021

TBR=rsesek@chromium.org

Review URL: https://codereview.chromium.org/16063002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@202312 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

10 months agoDestroy all Singletons and LazyInstances between each test.
rsesek@chromium.org [Sat, 25 May 2013 17:42:23 +0000 (17:42 +0000)]
Destroy all Singletons and LazyInstances between each test.

This modifies base::TestSuite to add a test listener that runs the AtExitManager
between each test.

BUG=110594, 156433, 238654
TEST=*unit*tests
R=apatrick@chromium.org, gspencer@chromium.org, phajdan.jr@chromium.org, pneubeck@chromium.org, rsleevi@chromium.org

Review URL: https://codereview.chromium.org/8947021

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@202305 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

11 months agoFix crypto target on linux-redux when using clang
rsleevi@chromium.org [Thu, 9 May 2013 21:29:42 +0000 (21:29 +0000)]
Fix crypto target on linux-redux when using clang

BUG=none
R=wtc

Review URL: https://chromiumcodereview.appspot.com/14598019

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@199272 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

11 months agoAdd RSAPrivateKey::CreateFromKeypair()
cmasone@chromium.org [Wed, 8 May 2013 20:35:21 +0000 (20:35 +0000)]
Add RSAPrivateKey::CreateFromKeypair()

Add a static method to create an RSAPrivateKey object from an NSS public/private
keypair.  Only declared and implemented when USE_NSS is defined.

BUG=235179

Review URL: https://chromiumcodereview.appspot.com/14941007

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@198985 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

11 months agoFix client certificate authentication on Mac and Linux introduced in r178732
rsleevi@chromium.org [Thu, 25 Apr 2013 23:25:48 +0000 (23:25 +0000)]
Fix client certificate authentication on Mac and Linux introduced in r178732

When requesting client authentication, the SSL server may send a list of
acceptable CAs. When discovering matching client certificates, the Mac and
Linux implementations were not fully considering all intermediate certificates
when attempting to discover client certificates.

For example, if the client certficate chain was CC -> Intermediate -> Root, and
the server sent a list of acceptable CAs as Root, then on Mac and Linux, CC
would not be considered, whereas on Windows it would. Further, if the server
listed Intermediate as an acceptable CA, then it would work on all platforms.

BUG=224280, 224897
TEST=See https://docs.google.com/a/chromium.org/document/d/19V5_PBSm7OaFLXzTXdiCdSpt1r1yFYJhuH9X41O2oOs/edit?usp=sharing
R=wtc@chromium.org

Review URL: https://chromiumcodereview.appspot.com/13866049

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@196535 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

12 months agoUpdate the remaining include paths of base/string_piece.h to its new location.
tfarina@chromium.org [Wed, 17 Apr 2013 21:42:40 +0000 (21:42 +0000)]
Update the remaining include paths of base/string_piece.h to its new location.

string_piece.h was moved into base/strings/ in r191206 -
https://chromiumcodereview.appspot.com/12982018/

TBR=brettw@chromium.org

Review URL: https://codereview.chromium.org/14272007

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@194693 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

12 months agoRewrite scoped_array<T> to scoped_ptr<T[]> in crypto.
dcheng@chromium.org [Thu, 11 Apr 2013 16:46:51 +0000 (16:46 +0000)]
Rewrite scoped_array<T> to scoped_ptr<T[]> in crypto.

This is a manual cleanup pass using sed for files which are not built on
Linux.

BUG=171111

Review URL: https://chromiumcodereview.appspot.com/13831003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@193667 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

12 months agoFinish scoped_array<T> to scoped_ptr<T[]> conversion on Linux.
dcheng@chromium.org [Tue, 9 Apr 2013 17:35:42 +0000 (17:35 +0000)]
Finish scoped_array<T> to scoped_ptr<T[]> conversion on Linux.

There are only a few instances left in the Linux build, so lumping
them all into one patch.

BUG=171111

Review URL: https://codereview.chromium.org/13916003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@193134 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

12 months agoRewrite std::string("") to std::string(), Linux edition.
dcheng@chromium.org [Tue, 9 Apr 2013 08:46:45 +0000 (08:46 +0000)]
Rewrite std::string("") to std::string(), Linux edition.

This patch was generated by running the empty_string clang tool
across the Chromium Linux compilation database. Implicitly or
explicitly constructing std::string() with a "" argument is
inefficient as the caller needs to emit extra instructions to
pass an argument, and the constructor needlessly copies a byte
into internal storage. Rewriting these instances to simply call
the default constructor appears to save ~14-18 kilobytes on an
optimized release build.

BUG=none

Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=193020

Review URL: https://codereview.chromium.org/13145003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@193040 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

12 months agoRevert "Rewrite std::string("") to std::string(), Linux edition."
dcheng@chromium.org [Tue, 9 Apr 2013 06:41:12 +0000 (06:41 +0000)]
Revert "Rewrite std::string("") to std::string(), Linux edition."

This reverts commit e59558b78e8c6a1b0bd916a724724b638c3c91b6.

Revert "Fix build after r193020."

This reverts commit 558a35897f6b3ffbcaefde927c1f150b815d140a.

Revert "Really fix build after r193020."

This reverts commit e3748a79b523a8d365d4a33ef986eebb4186fa78.

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@193030 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

12 months agoRewrite std::string("") to std::string(), Linux edition.
dcheng@chromium.org [Tue, 9 Apr 2013 05:45:17 +0000 (05:45 +0000)]
Rewrite std::string("") to std::string(), Linux edition.

This patch was generated by running the empty_string clang tool
across the Chromium Linux compilation database. Implicitly or
explicitly constructing std::string() with a "" argument is
inefficient as the caller needs to emit extra instructions to
pass an argument, and the constructor needlessly copies a byte
into internal storage. Rewriting these instances to simply call
the default constructor appears to save ~14-18 kilobytes on an
optimized release build.

BUG=none

Review URL: https://codereview.chromium.org/13145003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@193020 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

12 months agoAdd support for P-256 key exchange in crypto handshake.
rtenneti@chromium.org [Sun, 31 Mar 2013 02:49:11 +0000 (02:49 +0000)]
Add support for P-256 key exchange in crypto handshake.

Merge internal change: 44173744

Add default return to avoid crashing when we get an unknown
error code from the peer.

Merge internal change: 44160057

Fix incorrect DCHECK while serializing version negotiation
packet.

Merge internal change: 44156166

Reorder the addends in GetPacketHeaderSize to match the order
of the public header fields.

Merge internal change: 44153020

Changing retransmission and retransmittable data boolean flags
to enums.

Merge internal change: 44071662

Remove methods from QuicTime for converting to/from
microseconds and milliseconds since the epoch for QuicTime is
unspecified.  (It wraps TimeTicks in Chromium).

Merge internal change: 44069965

Change InterArrival feedback message to traffic in delta since
the "start" of the connection instead of a delta since the epoch.

One step closer to being able to remove QuicTime::To/FromMicroseconds
since those methods don't "do the right thing".

Merge internal change: 44037996

Changing kForce into an enum.

Merge internal change: 44024887

Cleanups from landing P-256 key exchange in Chromium.

Merge internal change: 44023801

Fix for std::vector in QuicPacketPublicHeader's memory
corruption by memset.

Merge internal change: 44022862

Merging cleanup changes from chromium.

Merge internal change: 44009665

Plug in the new decrypter and encrypter after the new keys have
been derived.

This is a first cut, as some details on changing the encryption
keys still need to be worked out.  Our interim solution is
permissive trial decryption, which allows the peer to encrypt
with the wrong key, either using the new key too early or using
the null key for too long.  The latter will leak confidential
information, so we err on the side of using the new key too early.

WARNING: the interim solution protects against eavesdroppers, but
is vulberable to active attackers.

Merge internal change: 44006658

Start tracking server and client stream resets and export them
via varz.

Merge internal change: 43971847

Pull out RstStreamFrame error code from QuicErrorCode so that
they don't appear in the tracked ConnectionClose error map.

This will also help in tracking RstStream error codes separately.

Merge internal change: 43968620

Adding Client/Server logging to all LOGS/DLOGs Not bothering
with VLOGs/DVLOGS unless it's requested.

Merge internal change: 43948596

crypto: step 5.

This change implements source-address tokens at the server and has the client
echo them. Source address tokens are opaque (to the client) bytestrings that
prove ownership of an IP address. In order to prevent amplification attacks,
the server demands that the client have a valid source address token for the IP
address that it's claiming to come from and that the token is reasonably
recent.

Since we already have it implemented, this code uses AES-GCM to encrypt and
authenticate the tokens with a fixed, dummy secret (for now). In the future,
the secret will be derived from the primary, private key in the same way that
SessionTicket keys used to be.

The QuicEncrypter/Decrypter code was written to be quite specific to the task
of encrypting and decrypting packets and, as part of this, it exposed only 64
bits of the AEAD nonce.

Since all GFEs will share the same token secret, and they'll all create tokens
with random nonces, that runs an unacceptably high risk of an attacker
obtaining two tokens with the same nonce.

Thus this change also reworks the QuicEncrypter/Decrypter so that the full
nonce is exposed and thus we can use 96-bit nonces. That's still not completely
wonderful but, at 10Mpps an attacker would still take a year to obtain a pair
of nonces, so it's good enough for a while at least.

Merge internal change: 43893806

R=rch@chromium.org

Review URL: https://chromiumcodereview.appspot.com/13282004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@191569 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

12 months agoUpdate the remaining references to sys_string_conversions.h to its new location.
tfarina@chromium.org [Sat, 30 Mar 2013 00:27:00 +0000 (00:27 +0000)]
Update the remaining references to sys_string_conversions.h to its new location.

BUG=196305
TBR=isherman@chromium.org,rsleevi@chromium.org,keybuk@chromium.org,fischman@chromium.org,
thestig@chromium.org,alexeypa@chromium.org,rogerta@chromium.org,cpu@chromium.org,
akalin@chromium.org,ben@chromium.org,tony@chromium.org

Review URL: https://chromiumcodereview.appspot.com/13322003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@191479 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

13 months ago[Cleanup] Remove StringPrintf from global namespace
groby@chromium.org [Mon, 18 Mar 2013 22:33:04 +0000 (22:33 +0000)]
[Cleanup] Remove StringPrintf from global namespace

use of StringPrintf now requires prefixing with base:: or a per-scope using directive

TBR'd:
abodenha: chrome/service
brettw: content, third_party, webkit
darin: base, chrome/browser, chrome/renderer
dgarret: courgette
enne: cc
fischmann: media
gbillock: sql
joi: google_apis,components
rsleevi: net, crypto
sky: chrome/test
thestig: printing, chrome/common,
tsepez: ipc
wez: remoting
yfriedman: testing/android

NOTRY=true
R=brettw@chromium.org
TBR=joi@chromium.org, rsleevi@chromium.org, enne@chromium.org, thestig@chromium.org, darin@chromium.org, abodenha@chromium.org, sky@chromium.org, dgarret@chromium.org, tsepez@chromium.org, fishman@chromium.org, wez@chromium.org, gbillock@chromium.org, yfriedman@chromium.org
BUG=

Review URL: https://codereview.chromium.org/12767006

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@188857 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

13 months agoInvoke the iOS hook from TestSuite so each run_all_unittests.cc file does not
lliabraa@chromium.org [Fri, 15 Mar 2013 13:14:02 +0000 (13:14 +0000)]
Invoke the iOS hook from TestSuite so each run_all_unittests.cc file does not
have to remember to install MainHook.

BUG=None

Review URL: https://chromiumcodereview.appspot.com/12321117

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@188376 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

13 months agoLand Recent QUIC Changes
rtenneti@chromium.org [Thu, 14 Mar 2013 16:25:33 +0000 (16:25 +0000)]
Land Recent QUIC Changes

Handle versioning by closing the connection on version mismatch for now.

Merge internal change: 43606997

Number of cleanups from landing recent crypto changes.

Merge internal change: 43606111

Added delta_time_largest_observed to ReceivedPacketInfo to calculate accurate RTT.

Merge internal change: 43582099

Implement server-side QUIC key expansion. The derived keys are still not being used yet.

TODO: Code is in crypto_test_utils needs to be enabled.

Merge internal change: 43570937

Added AbandoningPacket to congestion control to avoid issue with FEC.

Merge internal change: 43570099

Wait infinite (aka wait for next ack) is not handled correctly.

Merge internal change: 43558636

Enable faster stats for QUIC.

Merge internal change: 43557310

Implement QUIC key expansion on the client side.  The keys are not being used yet.

Merge internal change: 43515237

Add missing quic_stats files.

Track some connection stats.

Merge internal change: 43506869

Fix bug in WriteQueuedPackets

Merge internal change: 43499600

Small comment change in crypto_handshake's ProcessServerHello method.

Merge internal change: 43448804

R=rch@chromium.org
BUG=

Review URL: https://chromiumcodereview.appspot.com/12806002

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@188096 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

13 months agoAdded Curve25519-donna changes.
rtenneti@chromium.org [Fri, 8 Mar 2013 23:40:42 +0000 (23:40 +0000)]
Added Curve25519-donna changes.

Added a wrapper class that implements the following API calls which for
Curve25519.
+ ScalarMult to compute the shared key.
+ ScalarBaseMult to get public key.
+ ConvertToPrivateKey returns a private key from random bytes.

Per agl/wtc, grabbed the rev 234205ff from the git repo
(https://github.com/agl/curve25519-donna/tree/234205ff1ecaf6b3c1dc76798a462c4293f31fdb)
and checked it in to crypto/ because that version has pure Google copyright.

R=wtc@chromium.org,agl@chromium.org,rsleevi@chromium.org
TEST=crypto unit tests

Review URL: https://chromiumcodereview.appspot.com/12457004

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@187074 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

13 months agoCRYPTO - Resolved comments from wtc. Used scoped_ptr<char[]> and
rtenneti@chromium.org [Wed, 27 Feb 2013 02:13:13 +0000 (02:13 +0000)]
CRYPTO - Resolved comments from wtc. Used scoped_ptr<char[]> and
deletion of virtual and removed and'ing with 0xFF.

R=wtc@chromium.org
TEST=crypt unittests

Review URL: https://chromiumcodereview.appspot.com/12330157

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@184832 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

13 months agoMove file_path.h to base/files.
brettw@chromium.org [Sun, 24 Feb 2013 05:40:52 +0000 (05:40 +0000)]
Move file_path.h to base/files.

TBR=sky

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@184344 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

13 months agoRelanding Porting of HKDF changes from server.
rtenneti@chromium.org [Sat, 23 Feb 2013 06:47:22 +0000 (06:47 +0000)]
Relanding Porting of HKDF changes from server.

Added a2b_hex function to move common code in hkdf_unittest.cc
and to make it similar to CL - 40300624.

Merge internal CL: 40300624

Original approved CL: https://chromiumcodereview.appspot.com/12326029/

R=agl@chromium.org, rsleevi@chromium.org

Review URL: https://chromiumcodereview.appspot.com/12335045

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@184306 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

13 months agoRevert 184133
vandebo@chromium.org [Fri, 22 Feb 2013 19:27:46 +0000 (19:27 +0000)]
Revert 184133

It failed in this way:

[ RUN      ] HKDFTest.HKDFConstruct
c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\include\vector(932) : Assertion failed: vector subscript out of range
c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\include\vector(933) : Assertion failed: "Standard C++ Libraries Out of Range" && 0

http://build.chromium.org/p/chromium.win/builders/XP%20Tests%20%28dbg%29%281%29/builds/33019/steps/crypto_unittests/logs/stdio

> Porting of HKDF changes from server.
>
> Merge internal CL: 40300624
>
>
> Review URL: https://chromiumcodereview.appspot.com/12326029

TBR=rtenneti@chromium.org
Review URL: https://codereview.chromium.org/12330079

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@184146 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

13 months agoPorting of HKDF changes from server.
rtenneti@chromium.org [Fri, 22 Feb 2013 18:28:14 +0000 (18:28 +0000)]
Porting of HKDF changes from server.

Merge internal CL: 40300624

Review URL: https://chromiumcodereview.appspot.com/12326029

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@184133 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

14 months agoDo a giant svn propset svn:eol-style LF on .cc and .h files that
jln@chromium.org [Thu, 14 Feb 2013 02:06:52 +0000 (02:06 +0000)]
Do a giant svn propset svn:eol-style LF on .cc and .h files that
lack this property.

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@182368 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

14 months agoThis patch adds some Android-support code to allow the network
digit@chromium.org [Mon, 11 Feb 2013 20:13:45 +0000 (20:13 +0000)]
This patch adds some Android-support code to allow the network
stack to use platform-specific private key objects to perform
signing in the context of SSL handshakes which require a client
certificate.

More specifically:

- Add net/android/keystore.h, which provides native
  functions to operate on JNI references pointing to
  java.security.PrivateKey objects provided by the
  platform. I.e.:

    net::android::GetPrivateKeyType()
    net::android::SignWithPrivateKey()

  Also provide a function that can get the system's own
  EVP_PKEY* handle corresponding to a given PrivateKey
  object. This uses reflection and should *only* be used
  for RSA private keys when running on Android 4.0 and
  4.1, in order to route around a platform bug that was
  only fixed in 4.2.

    net::android::GetOpenSSLSytstemHandleForPrivateKey()

  See the comments in this source file for mode details:

    net/android/java/org/chromium/net/AndroidKeyStore.java

- Add net/android/keystore_openssl.h, which provides
  a function that can wrap an existing PrivateKey
  JNI reference around an OpenSSL EVP_PKEY object
  which uses custom DSA/RSA/ECDSA methods to perform
  signing as expected to handle client certificates.

   net::android::GetOpenSSLPrivateKeyWrapper()

- Add relevant unit tests for the new functions.
  Note that the unit test comes with its own Java helper
  function, which is used to create a platform PrivateKey
  object from encoded PKCS#8 private key data.

  This is called from the native unit test, but does not
  constitute a new Java test (AndroidKeyStoreTestUtil.java).

- Add corresponding new test key files under
  net/data/ssl/certificates/, and their generation
  script in net/data/ssl/scripts/.

- Add net/android/private_key_type_list.h which is
  used both from C++ and Java to define the list of
  supported private key types used by this code.

- Minor improvements: Add a "release()" method to
  crypto::ScopedOpenSSL, add missing BASE_EXPORT
  to one base/android/jni_array.h function declaration.

BUG=166642

Review URL: https://chromiumcodereview.appspot.com/11571059

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@181741 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

14 months agoMore FilePath -> base::FilePath replacement.
brettw@chromium.org [Sun, 10 Feb 2013 19:20:14 +0000 (19:20 +0000)]
More FilePath -> base::FilePath replacement.

Review URL: https://codereview.chromium.org/12225112

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@181655 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

14 months agoAdd FilePath to base namespace.
brettw@chromium.org [Sat, 2 Feb 2013 05:12:33 +0000 (05:12 +0000)]
Add FilePath to base namespace.

This updates headers that forward-declare it and a few random places to use the namespace explicitly. There us a using declaration in file_path.h that makes the rest compile, which we can do in future passes.
Review URL: https://codereview.chromium.org/12163003

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@180245 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

14 months agoTime NSS Initialization for slow startups.
jeremy@chromium.org [Tue, 22 Jan 2013 16:39:34 +0000 (16:39 +0000)]
Time NSS Initialization for slow startups.

Since the code for doing this is outside chrome/ , we can't use the ScopedSlowStartupUMA class, but instead record a regular histogram.  If we're experiencing a slow startup, we look up the histogram and set the UMA bit on it.

BUG=160927

Review URL: https://chromiumcodereview.appspot.com/12018019

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@178018 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

14 months agoDisabling nacl_win64 targets when building in target_arch!=ia32 mode.
bradnelson@google.com [Mon, 21 Jan 2013 23:23:57 +0000 (23:23 +0000)]
Disabling nacl_win64 targets when building in target_arch!=ia32 mode.

When building on windows with target_arch=x64, we no longer need win32 targets
forced to be 64-bit. This gates out these targets when target_arch!=ia32.
(Prior CL dropped the minimal set to break the dependency between these targets
and the rest of the build. This eliminates them completely.)

BUG=None
TEST=None
R=jschuh@chromium.org,thestig@chromium.org
TBR=darin@chromium.org,abodenha@chromium.org,apatrick@chromium.org,sra@chromium.org,wtc@chromium.org

Review URL: https://chromiumcodereview.appspot.com/11929039

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@177959 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

15 months agoMake crypto build on Win64
jschuh@chromium.org [Thu, 10 Jan 2013 00:55:22 +0000 (00:55 +0000)]
Make crypto build on Win64

BUG=166496
BUG=167187
TBR=rsleevi

Review URL: https://chromiumcodereview.appspot.com/11833014

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@175954 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

16 months agoAdd the QuicRandom interface with a default implementation that is
wtc@chromium.org [Sat, 8 Dec 2012 04:08:28 +0000 (04:08 +0000)]
Add the QuicRandom interface with a default implementation that is
both cryptographically secure and thread-safe. The default QuicRandom
is a singleton.

crypto/random.h can include the smaller <stddef.h> for size_t.

Add missing header files to net/net.gyp.

R=rch@chromium.org
BUG=none
TEST=new unit tests

Review URL: https://chromiumcodereview.appspot.com/11476031

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@171931 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

16 months agoUse size_t as the type of the key_length and digest_length arguments
wtc@chromium.org [Tue, 4 Dec 2012 00:50:35 +0000 (00:50 +0000)]
Use size_t as the type of the key_length and digest_length arguments
of HMAC::Init() and HMAC::Sign().

R=agl@chromium.org,bradnelson@chromium.org,thakis@chromium.org
BUG=none
TEST=none

Review URL: https://chromiumcodereview.appspot.com/11419270

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@170852 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

16 months agoFix nits in SecureHash.
wtc@chromium.org [Fri, 30 Nov 2012 00:36:58 +0000 (00:36 +0000)]
Fix nits in SecureHash.

R=agl@chromium.org,rsleevi@chromium.org
BUG=none
TEST=none

Review URL: https://chromiumcodereview.appspot.com/11299235

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@170308 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

16 months agoFix nits in crypto::InitNSSSafely().
jorgelo@chromium.org [Thu, 29 Nov 2012 04:46:41 +0000 (04:46 +0000)]
Fix nits in crypto::InitNSSSafely().

Some comments in https://chromiumcodereview.appspot.com/11411013/
were not addressed before the CL landed, so do that now.

BUG=None
TEST=content_browsertests
NOTRY=true

Review URL: https://chromiumcodereview.appspot.com/11418212

git-svn-id: http://src.chromium.org/svn/trunk/src/crypto@170129 4ff67af0-8c30-449e-8e8b-ad334ec8d88c