8 files changed, 1006 insertions, 0 deletions
diff --git a/third_party/boringssl/src/crypto/test/CMakeLists.txt b/third_party/boringssl/src/crypto/test/CMakeLists.txt
new file mode 100644
index 0000000000..8c75314339
--- /dev/null
+++ b/third_party/boringssl/src/crypto/test/CMakeLists.txt
@@ -0,0 +1,9 @@
+add_library(
+  test_support
+
+  OBJECT
+
+  file_test.cc
+  malloc.cc
+  test_util.cc
+)
diff --git a/third_party/boringssl/src/crypto/test/file_test.cc b/third_party/boringssl/src/crypto/test/file_test.cc
new file mode 100644
index 0000000000..6723350a5b
--- /dev/null
+++ b/third_party/boringssl/src/crypto/test/file_test.cc
@@ -0,0 +1,328 @@
+/* Copyright (c) 2015, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include "file_test.h"
+
+#include <ctype.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/err.h>
+
+#include "stl_compat.h"
+
+
+FileTest::FileTest(const char *path) {
+  file_ = fopen(path, "r");
+  if (file_ == nullptr) {
+    fprintf(stderr, "Could not open file %s: %s.\n", path, strerror(errno));
+  }
+}
+
+FileTest::~FileTest() {
+  if (file_ != nullptr) {
+    fclose(file_);
+  }
+}
+
+// FindDelimiter returns a pointer to the first '=' or ':' in |str| or nullptr
+// if there is none.
+static const char *FindDelimiter(const char *str) {
+  while (*str) {
+    if (*str == ':' || *str == '=') {
+      return str;
+    }
+    str++;
+  }
+  return nullptr;
+}
+
+// StripSpace returns a string containing up to |len| characters from |str| with
+// leading and trailing whitespace removed.
+static std::string StripSpace(const char *str, size_t len) {
+  // Remove leading space.
+  while (len > 0 && isspace(*str)) {
+    str++;
+    len--;
+  }
+  while (len > 0 && isspace(str[len-1])) {
+    len--;
+  }
+  return std::string(str, len);
+}
+
+FileTest::ReadResult FileTest::ReadNext() {
+  // If the previous test had unused attributes or block, it is an error.
+  if (!unused_attributes_.empty()) {
+    for (const std::string &key : unused_attributes_) {
+      PrintLine("Unused attribute: %s", key.c_str());
+    }
+    return kReadError;
+  }
+  if (!block_.empty() && !used_block_) {
+    PrintLine("Unused block");
+    return kReadError;
+  }
+
+  ClearTest();
+
+  bool in_block = false;
+  while (true) {
+    // Read the next line.
+    char buf[4096];
+    if (fgets(buf, sizeof(buf), file_) == nullptr) {
+      if (feof(file_)) {
+        if (in_block) {
+          fprintf(stderr, "Unterminated block.\n");
+          return kReadError;
+        }
+        // EOF is a valid terminator for a test.
+        return start_line_ > 0 ? kReadSuccess : kReadEOF;
+      }
+      fprintf(stderr, "Error reading from input.\n");
+      return kReadError;
+    }
+
+    line_++;
+    size_t len = strlen(buf);
+    // Check for truncation.
+    if (len > 0 && buf[len - 1] != '\n' && !feof(file_)) {
+      fprintf(stderr, "Line %u too long.\n", line_);
+      return kReadError;
+    }
+
+    bool is_delimiter = strncmp(buf, "---", 3) == 0;
+    if (in_block) {
+      block_ += buf;
+      if (is_delimiter) {
+        // Ending the block completes the test.
+        return kReadSuccess;
+      }
+    } else if (is_delimiter) {
+      if (start_line_ == 0) {
+        fprintf(stderr, "Line %u: Unexpected block.\n", line_);
+        return kReadError;
+      }
+      in_block = true;
+      block_ += buf;
+    } else if (buf[0] == '\n' || buf[0] == '\0') {
+      // Empty lines delimit tests.
+      if (start_line_ > 0) {
+        return kReadSuccess;
+      }
+    } else if (buf[0] != '#') {  // Comment lines are ignored.
+      // Parse the line as an attribute.
+      const char *delimiter = FindDelimiter(buf);
+      if (delimiter == nullptr) {
+        fprintf(stderr, "Line %u: Could not parse attribute.\n", line_);
+        return kReadError;
+      }
+      std::string key = StripSpace(buf, delimiter - buf);
+      std::string value = StripSpace(delimiter + 1,
+                                     buf + len - delimiter - 1);
+
+      unused_attributes_.insert(key);
+      attributes_[key] = value;
+      if (start_line_ == 0) {
+        // This is the start of a test.
+        type_ = key;
+        parameter_ = value;
+        start_line_ = line_;
+      }
+    }
+  }
+}
+
+void FileTest::PrintLine(const char *format, ...) {
+  va_list args;
+  va_start(args, format);
+
+  fprintf(stderr, "Line %u: ", start_line_);
+  vfprintf(stderr, format, args);
+  fprintf(stderr, "\n");
+
+  va_end(args);
+}
+
+const std::string &FileTest::GetType() {
+  OnKeyUsed(type_);
+  return type_;
+}
+
+const std::string &FileTest::GetParameter() {
+  OnKeyUsed(type_);
+  return parameter_;
+}
+
+const std::string &FileTest::GetBlock() {
+  used_block_ = true;
+  return block_;
+}
+
+bool FileTest::HasAttribute(const std::string &key) {
+  OnKeyUsed(key);
+  return attributes_.count(key) > 0;
+}
+
+bool FileTest::GetAttribute(std::string *out_value, const std::string &key) {
+  OnKeyUsed(key);
+  auto iter = attributes_.find(key);
+  if (iter == attributes_.end()) {
+    PrintLine("Missing attribute '%s'.", key.c_str());
+    return false;
+  }
+  *out_value = iter->second;
+  return true;
+}
+
+const std::string &FileTest::GetAttributeOrDie(const std::string &key) {
+  if (!HasAttribute(key)) {
+    abort();
+  }
+  return attributes_[key];
+}
+
+static bool FromHexDigit(uint8_t *out, char c) {
+  if ('0' <= c && c <= '9') {
+    *out = c - '0';
+    return true;
+  }
+  if ('a' <= c && c <= 'f') {
+    *out = c - 'a' + 10;
+    return true;
+  }
+  if ('A' <= c && c <= 'F') {
+    *out = c - 'A' + 10;
+    return true;
+  }
+  return false;
+}
+
+bool FileTest::GetBytes(std::vector<uint8_t> *out, const std::string &key) {
+  std::string value;
+  if (!GetAttribute(&value, key)) {
+    return false;
+  }
+
+  if (value.size() >= 2 && value[0] == '"' && value[value.size() - 1] == '"') {
+    out->assign(value.begin() + 1, value.end() - 1);
+    return true;
+  }
+
+  if (value.size() % 2 != 0) {
+    PrintLine("Error decoding value: %s", value.c_str());
+    return false;
+  }
+  out->reserve(value.size() / 2);
+  for (size_t i = 0; i < value.size(); i += 2) {
+    uint8_t hi, lo;
+    if (!FromHexDigit(&hi, value[i]) || !FromHexDigit(&lo, value[i+1])) {
+      PrintLine("Error decoding value: %s", value.c_str());
+      return false;
+    }
+    out->push_back((hi << 4) | lo);
+  }
+  return true;
+}
+
+static std::string EncodeHex(const uint8_t *in, size_t in_len) {
+  static const char kHexDigits[] = "0123456789abcdef";
+  std::string ret;
+  ret.reserve(in_len * 2);
+  for (size_t i = 0; i < in_len; i++) {
+    ret += kHexDigits[in[i] >> 4];
+    ret += kHexDigits[in[i] & 0xf];
+  }
+  return ret;
+}
+
+bool FileTest::ExpectBytesEqual(const uint8_t *expected, size_t expected_len,
+                                const uint8_t *actual, size_t actual_len) {
+  if (expected_len == actual_len &&
+      memcmp(expected, actual, expected_len) == 0) {
+    return true;
+  }
+
+  std::string expected_hex = EncodeHex(expected, expected_len);
+  std::string actual_hex = EncodeHex(actual, actual_len);
+  PrintLine("Expected: %s", expected_hex.c_str());
+  PrintLine("Actual:   %s", actual_hex.c_str());
+  return false;
+}
+
+void FileTest::ClearTest() {
+  start_line_ = 0;
+  type_.clear();
+  parameter_.clear();
+  attributes_.clear();
+  block_.clear();
+  unused_attributes_.clear();
+  used_block_ = false;
+}
+
+void FileTest::OnKeyUsed(const std::string &key) {
+  unused_attributes_.erase(key);
+}
+
+int FileTestMain(bool (*run_test)(FileTest *t, void *arg), void *arg,
+                 const char *path) {
+  FileTest t(path);
+  if (!t.is_open()) {
+    return 1;
+  }
+
+  bool failed = false;
+  while (true) {
+    FileTest::ReadResult ret = t.ReadNext();
+    if (ret == FileTest::kReadError) {
+      return 1;
+    } else if (ret == FileTest::kReadEOF) {
+      break;
+    }
+
+    bool result = run_test(&t, arg);
+    if (t.HasAttribute("Error")) {
+      if (result) {
+        t.PrintLine("Operation unexpectedly succeeded.");
+        failed = true;
+        continue;
+      }
+      uint32_t err = ERR_peek_error();
+      if (ERR_reason_error_string(err) != t.GetAttributeOrDie("Error")) {
+        t.PrintLine("Unexpected error; wanted '%s', got '%s'.",
+                     t.GetAttributeOrDie("Error").c_str(),
+                     ERR_reason_error_string(err));
+        failed = true;
+        continue;
+      }
+      ERR_clear_error();
+    } else if (!result) {
+      // In case the test itself doesn't print output, print something so the
+      // line number is reported.
+      t.PrintLine("Test failed");
+      ERR_print_errors_fp(stderr);
+      failed = true;
+      continue;
+    }
+  }
+
+  if (failed) {
+    return 1;
+  }
+
+  printf("PASS\n");
+  return 0;
+}
diff --git a/third_party/boringssl/src/crypto/test/file_test.h b/third_party/boringssl/src/crypto/test/file_test.h
new file mode 100644
index 0000000000..24651ab855
--- /dev/null
+++ b/third_party/boringssl/src/crypto/test/file_test.h
@@ -0,0 +1,174 @@
+/* Copyright (c) 2015, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H
+#define OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H
+
+#include <stdint.h>
+#include <stdio.h>
+
+#if defined(_MSC_VER)
+#pragma warning(push)
+#pragma warning(disable: 4702)
+#endif
+
+#include <string>
+#include <map>
+#include <set>
+#include <vector>
+
+#if defined(_MSC_VER)
+#pragma warning(pop)
+#endif
+
+// File-based test framework.
+//
+// This module provides a file-based test framework. The file format is based on
+// that of OpenSSL upstream's evp_test and BoringSSL's aead_test. Each input
+// file is a sequence of attributes, blocks, and blank lines.
+//
+// Each attribute has the form:
+//
+//   Name = Value
+//
+// Either '=' or ':' may be used to delimit the name from the value. Both the
+// name and value have leading and trailing spaces stripped.
+//
+// Blocks are delimited by lines beginning with three hyphens, "---". One such
+// line begins a block and another ends it. Blocks are intended as a convenient
+// way to embed PEM data and include their delimiters.
+//
+// Outside a block, lines beginning with # are ignored.
+//
+// A test is a sequence of one or more attributes followed by a block or blank
+// line. Blank lines are otherwise ignored. For tests that process multiple
+// kinds of test cases, the first attribute is parsed out as the test's type and
+// parameter. Otherwise, attributes are unordered. The first attribute is also
+// included in the set of attributes, so tests which do not dispatch may ignore
+// this mechanism.
+//
+// Functions in this module freely output to |stderr| on failure. Tests should
+// also do so, and it is recommended they include the corresponding test's line
+// number in any output. |PrintLine| does this automatically.
+//
+// Each attribute in a test must be consumed. When a test completes, if any
+// attributes haven't been processed, the framework reports an error.
+
+
+class FileTest {
+ public:
+  explicit FileTest(const char *path);
+  ~FileTest();
+
+  // is_open returns true if the file was successfully opened.
+  bool is_open() const { return file_ != nullptr; }
+
+  enum ReadResult {
+    kReadSuccess,
+    kReadEOF,
+    kReadError,
+  };
+
+  // ReadNext reads the next test from the file. It returns |kReadSuccess| if
+  // successfully reading a test and |kReadEOF| at the end of the file. On
+  // error or if the previous test had unconsumed attributes, it returns
+  // |kReadError|.
+  ReadResult ReadNext();
+
+  // PrintLine is a variant of printf which prepends the line number and appends
+  // a trailing newline.
+  void PrintLine(const char *format, ...)
+#ifdef __GNUC__
+      __attribute__((__format__(__printf__, 2, 3)))
+#endif
+  ;
+
+  unsigned start_line() const { return start_line_; }
+
+  // GetType returns the name of the first attribute of the current test.
+  const std::string &GetType();
+  // GetParameter returns the value of the first attribute of the current test.
+  const std::string &GetParameter();
+  // GetBlock returns the optional block of the current test, or the empty
+  // if there was no block.
+  const std::string &GetBlock();
+
+  // HasAttribute returns true if the current test has an attribute named |key|.
+  bool HasAttribute(const std::string &key);
+
+  // GetAttribute looks up the attribute with key |key|. It sets |*out_value| to
+  // the value and returns true if it exists and returns false with an error to
+  // |stderr| otherwise.
+  bool GetAttribute(std::string *out_value, const std::string &key);
+
+  // GetAttributeOrDie looks up the attribute with key |key| and aborts if it is
+  // missing. It only be used after a |HasAttribute| call.
+  const std::string &GetAttributeOrDie(const std::string &key);
+
+  // GetBytes looks up the attribute with key |key| and decodes it as a byte
+  // string. On success, it writes the result to |*out| and returns
+  // true. Otherwise it returns false with an error to |stderr|. The value may
+  // be either a hexadecimal string or a quoted ASCII string. It returns true on
+  // success and returns false with an error to |stderr| on failure.
+  bool GetBytes(std::vector<uint8_t> *out, const std::string &key);
+
+  // ExpectBytesEqual returns true if |expected| and |actual| are equal.
+  // Otherwise, it returns false and prints a message to |stderr|.
+  bool ExpectBytesEqual(const uint8_t *expected, size_t expected_len,
+                        const uint8_t *actual, size_t actual_len);
+
+ private:
+  void ClearTest();
+  void OnKeyUsed(const std::string &key);
+
+  FILE *file_ = nullptr;
+  // line_ is the number of lines read.
+  unsigned line_ = 0;
+
+  // start_line_ is the line number of the first attribute of the test.
+  unsigned start_line_ = 0;
+  // type_ is the name of the first attribute of the test.
+  std::string type_;
+  // parameter_ is the value of the first attribute.
+  std::string parameter_;
+  // attributes_ contains all attributes in the test, including the first.
+  std::map<std::string, std::string> attributes_;
+  // block_, if non-empty, is the test's optional trailing block.
+  std::string block_;
+
+  // unused_attributes_ is the set of attributes that have been queried.
+  std::set<std::string> unused_attributes_;
+  // used_block_ is true if the block has been queried.
+  bool used_block_ = false;
+
+  FileTest(const FileTest&) = delete;
+  FileTest &operator=(const FileTest&) = delete;
+};
+
+// FileTestMain runs a file-based test out of |path| and returns an exit code
+// suitable to return out of |main|. |run_test| should return true on pass and
+// false on failure. FileTestMain also implements common handling of the 'Error'
+// attribute. A test with that attribute is expected to fail. The value of the
+// attribute is the reason string of the expected OpenSSL error code.
+//
+// Tests are guaranteed to run serially and may affect global state if need be.
+// It is legal to use "tests" which, for example, import a private key into a
+// list of keys. This may be used to initialize a shared set of keys for many
+// tests. However, if one test fails, the framework will continue to run
+// subsequent tests.
+int FileTestMain(bool (*run_test)(FileTest *t, void *arg), void *arg,
+                 const char *path);
+
+
+#endif /* OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H */
diff --git a/third_party/boringssl/src/crypto/test/malloc.cc b/third_party/boringssl/src/crypto/test/malloc.cc
new file mode 100644
index 0000000000..898f2a7c95
--- /dev/null
+++ b/third_party/boringssl/src/crypto/test/malloc.cc
@@ -0,0 +1,150 @@
+/* Copyright (c) 2014, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <openssl/base.h>
+
+#if defined(__has_feature)
+#if __has_feature(address_sanitizer) || __has_feature(memory_sanitizer)
+#define OPENSSL_ASAN
+#endif
+#endif
+
+#if defined(__GLIBC__) && !defined(__UCLIBC__)
+#define OPENSSL_GLIBC
+#endif
+
+// This file isn't built on ARM or Aarch64 because we link statically in those
+// builds and trying to override malloc in a static link doesn't work. It also
+// requires glibc. It's also disabled on ASan builds as this interferes with
+// ASan's malloc interceptor.
+//
+// TODO(davidben): See if this and ASan's and MSan's interceptors can be made to
+// coexist.
+#if defined(__linux__) && defined(OPENSSL_GLIBC) && !defined(OPENSSL_ARM) && \
+    !defined(OPENSSL_AARCH64) && !defined(OPENSSL_ASAN)
+
+#include <errno.h>
+#include <signal.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <new>
+
+
+/* This file defines overrides for the standard allocation functions that allow
+ * a given allocation to be made to fail for testing. If the program is run
+ * with MALLOC_NUMBER_TO_FAIL set to a base-10 number then that allocation will
+ * return NULL. If MALLOC_BREAK_ON_FAIL is also defined then the allocation
+ * will signal SIGTRAP rather than return NULL.
+ *
+ * This code is not thread safe. */
+
+static uint64_t current_malloc_count = 0;
+static uint64_t malloc_number_to_fail = 0;
+static char failure_enabled = 0, break_on_fail = 0;
+static int in_call = 0;
+
+extern "C" {
+/* These are other names for the standard allocation functions. */
+extern void *__libc_malloc(size_t size);
+extern void *__libc_calloc(size_t num_elems, size_t size);
+extern void *__libc_realloc(void *ptr, size_t size);
+}
+
+static void exit_handler(void) {
+  if (failure_enabled && current_malloc_count > malloc_number_to_fail) {
+    _exit(88);
+  }
+}
+
+static void cpp_new_handler() {
+  // Return to try again. It won't fail a second time.
+  return;
+}
+
+/* should_fail_allocation returns true if the current allocation should fail. */
+static int should_fail_allocation() {
+  static int init = 0;
+  char should_fail;
+
+  if (in_call) {
+    return 0;
+  }
+
+  in_call = 1;
+
+  if (!init) {
+    const char *env = getenv("MALLOC_NUMBER_TO_FAIL");
+    if (env != NULL && env[0] != 0) {
+      char *endptr;
+      malloc_number_to_fail = strtoull(env, &endptr, 10);
+      if (*endptr == 0) {
+        failure_enabled = 1;
+        atexit(exit_handler);
+        std::set_new_handler(cpp_new_handler);
+      }
+    }
+    break_on_fail = (NULL != getenv("MALLOC_BREAK_ON_FAIL"));
+    init = 1;
+  }
+
+  in_call = 0;
+
+  if (!failure_enabled) {
+    return 0;
+  }
+
+  should_fail = (current_malloc_count == malloc_number_to_fail);
+  current_malloc_count++;
+
+  if (should_fail && break_on_fail) {
+    raise(SIGTRAP);
+  }
+  return should_fail;
+}
+
+extern "C" {
+
+void *malloc(size_t size) {
+  if (should_fail_allocation()) {
+    errno = ENOMEM;
+    return NULL;
+  }
+
+  return __libc_malloc(size);
+}
+
+void *calloc(size_t num_elems, size_t size) {
+  if (should_fail_allocation()) {
+    errno = ENOMEM;
+    return NULL;
+  }
+
+  return __libc_calloc(num_elems, size);
+}
+
+void *realloc(void *ptr, size_t size) {
+  if (should_fail_allocation()) {
+    errno = ENOMEM;
+    return NULL;
+  }
+
+  return __libc_realloc(ptr, size);
+}
+
+}  // extern "C"
+
+#endif  /* defined(linux) && GLIBC && !ARM && !AARCH64 && !ASAN */
diff --git a/third_party/boringssl/src/crypto/test/scoped_types.h b/third_party/boringssl/src/crypto/test/scoped_types.h
new file mode 100644
index 0000000000..e44c6ed906
--- /dev/null
+++ b/third_party/boringssl/src/crypto/test/scoped_types.h
@@ -0,0 +1,136 @@
+/* Copyright (c) 2015, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_CRYPTO_TEST_SCOPED_TYPES_H
+#define OPENSSL_HEADER_CRYPTO_TEST_SCOPED_TYPES_H
+
+#include <stdint.h>
+#include <stdio.h>
+
+#include <openssl/aead.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/cmac.h>
+#include <openssl/dh.h>
+#include <openssl/ec.h>
+#include <openssl/ec_key.h>
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/mem.h>
+#include <openssl/pkcs8.h>
+#include <openssl/rsa.h>
+#include <openssl/stack.h>
+#include <openssl/x509.h>
+
+#include "stl_compat.h"
+
+
+template<typename T, void (*func)(T*)>
+struct OpenSSLDeleter {
+  void operator()(T *obj) {
+    func(obj);
+  }
+};
+
+template<typename StackType, typename T, void (*func)(T*)>
+struct OpenSSLStackDeleter {
+  void operator()(StackType *obj) {
+    sk_pop_free(reinterpret_cast<_STACK*>(obj),
+                reinterpret_cast<void (*)(void *)>(func));
+  }
+};
+
+template<typename T>
+struct OpenSSLFree {
+  void operator()(T *buf) {
+    OPENSSL_free(buf);
+  }
+};
+
+struct FileCloser {
+  void operator()(FILE *file) {
+    fclose(file);
+  }
+};
+
+template<typename T, void (*func)(T*)>
+using ScopedOpenSSLType = bssl::unique_ptr<T, OpenSSLDeleter<T, func>>;
+
+template<typename StackType, typename T, void (*func)(T*)>
+using ScopedOpenSSLStack =
+    bssl::unique_ptr<StackType, OpenSSLStackDeleter<StackType, T, func>>;
+
+template<typename T, typename CleanupRet, void (*init_func)(T*),
+         CleanupRet (*cleanup_func)(T*)>
+class ScopedOpenSSLContext {
+ public:
+  ScopedOpenSSLContext() {
+    init_func(&ctx_);
+  }
+  ~ScopedOpenSSLContext() {
+    cleanup_func(&ctx_);
+  }
+
+  T *get() { return &ctx_; }
+  const T *get() const { return &ctx_; }
+
+  void Reset() {
+    cleanup_func(&ctx_);
+    init_func(&ctx_);
+  }
+
+ private:
+  T ctx_;
+};
+
+using ScopedBIO = ScopedOpenSSLType<BIO, BIO_vfree>;
+using ScopedBIGNUM = ScopedOpenSSLType<BIGNUM, BN_free>;
+using ScopedBN_CTX = ScopedOpenSSLType<BN_CTX, BN_CTX_free>;
+using ScopedBN_MONT_CTX = ScopedOpenSSLType<BN_MONT_CTX, BN_MONT_CTX_free>;
+using ScopedCMAC_CTX = ScopedOpenSSLType<CMAC_CTX, CMAC_CTX_free>;
+using ScopedDH = ScopedOpenSSLType<DH, DH_free>;
+using ScopedECDSA_SIG = ScopedOpenSSLType<ECDSA_SIG, ECDSA_SIG_free>;
+using ScopedEC_GROUP = ScopedOpenSSLType<EC_GROUP, EC_GROUP_free>;
+using ScopedEC_KEY = ScopedOpenSSLType<EC_KEY, EC_KEY_free>;
+using ScopedEC_POINT = ScopedOpenSSLType<EC_POINT, EC_POINT_free>;
+using ScopedEVP_PKEY = ScopedOpenSSLType<EVP_PKEY, EVP_PKEY_free>;
+using ScopedEVP_PKEY_CTX = ScopedOpenSSLType<EVP_PKEY_CTX, EVP_PKEY_CTX_free>;
+using ScopedPKCS8_PRIV_KEY_INFO = ScopedOpenSSLType<PKCS8_PRIV_KEY_INFO,
+                                                    PKCS8_PRIV_KEY_INFO_free>;
+using ScopedPKCS12 = ScopedOpenSSLType<PKCS12, PKCS12_free>;
+using ScopedRSA = ScopedOpenSSLType<RSA, RSA_free>;
+using ScopedX509 = ScopedOpenSSLType<X509, X509_free>;
+using ScopedX509_ALGOR = ScopedOpenSSLType<X509_ALGOR, X509_ALGOR_free>;
+using ScopedX509_SIG = ScopedOpenSSLType<X509_SIG, X509_SIG_free>;
+
+using ScopedX509Stack = ScopedOpenSSLStack<STACK_OF(X509), X509, X509_free>;
+
+using ScopedEVP_AEAD_CTX = ScopedOpenSSLContext<EVP_AEAD_CTX, void,
+                                                EVP_AEAD_CTX_zero,
+                                                EVP_AEAD_CTX_cleanup>;
+using ScopedEVP_CIPHER_CTX = ScopedOpenSSLContext<EVP_CIPHER_CTX, int,
+                                                  EVP_CIPHER_CTX_init,
+                                                  EVP_CIPHER_CTX_cleanup>;
+using ScopedEVP_MD_CTX = ScopedOpenSSLContext<EVP_MD_CTX, int, EVP_MD_CTX_init,
+                                              EVP_MD_CTX_cleanup>;
+using ScopedHMAC_CTX = ScopedOpenSSLContext<HMAC_CTX, void, HMAC_CTX_init,
+                                            HMAC_CTX_cleanup>;
+
+using ScopedOpenSSLBytes = bssl::unique_ptr<uint8_t, OpenSSLFree<uint8_t>>;
+using ScopedOpenSSLString = bssl::unique_ptr<char, OpenSSLFree<char>>;
+
+using ScopedFILE = bssl::unique_ptr<FILE, FileCloser>;
+
+#endif  // OPENSSL_HEADER_CRYPTO_TEST_SCOPED_TYPES_H
diff --git a/third_party/boringssl/src/crypto/test/stl_compat.h b/third_party/boringssl/src/crypto/test/stl_compat.h
new file mode 100644
index 0000000000..1997a45cc3
--- /dev/null
+++ b/third_party/boringssl/src/crypto/test/stl_compat.h
@@ -0,0 +1,144 @@
+/* Copyright (c) 2015, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_CRYPTO_TEST_STL_COMPAT_H
+#define OPENSSL_HEADER_CRYPTO_TEST_STL_COMPAT_H
+
+#include <assert.h>
+
+#include <vector>
+
+
+// This header contains re-implementations of library functions from C++11. They
+// will be replaced with their standard counterparts once Chromium has C++11
+// library support in its toolchain.
+
+namespace bssl {
+
+// vector_data is a reimplementation of |std::vector::data| from C++11.
+template <class T>
+static T *vector_data(std::vector<T> *out) {
+  return out->empty() ? nullptr : &(*out)[0];
+}
+
+template <class T>
+static const T *vector_data(const std::vector<T> *out) {
+  return out->empty() ? nullptr : &(*out)[0];
+}
+
+// remove_reference is a reimplementation of |std::remove_reference| from C++11.
+template <class T>
+struct remove_reference {
+  using type = T;
+};
+
+template <class T>
+struct remove_reference<T&> {
+  using type = T;
+};
+
+template <class T>
+struct remove_reference<T&&> {
+  using type = T;
+};
+
+// move is a reimplementation of |std::move| from C++11.
+template <class T>
+typename remove_reference<T>::type &&move(T &&t) {
+  return static_cast<typename remove_reference<T>::type&&>(t);
+}
+
+// default_delete is a partial reimplementation of |std::default_delete| from
+// C++11.
+template <class T>
+struct default_delete {
+  void operator()(T *t) const {
+    enum { type_must_be_complete = sizeof(T) };
+    delete t;
+  }
+};
+
+// nullptr_t is |std::nullptr_t| from C++11.
+using nullptr_t = decltype(nullptr);
+
+// unique_ptr is a partial reimplementation of |std::unique_ptr| from C++11. It
+// intentionally does not support stateful deleters to avoid having to bother
+// with the empty member optimization.
+template <class T, class Deleter = default_delete<T>>
+class unique_ptr {
+ public:
+  unique_ptr() : ptr_(nullptr) {}
+  unique_ptr(nullptr_t) : ptr_(nullptr) {}
+  unique_ptr(T *ptr) : ptr_(ptr) {}
+  unique_ptr(const unique_ptr &u) = delete;
+
+  unique_ptr(unique_ptr &&u) : ptr_(nullptr) {
+    reset(u.release());
+  }
+
+  ~unique_ptr() {
+    reset();
+  }
+
+  unique_ptr &operator=(nullptr_t) {
+    reset();
+    return *this;
+  }
+
+  unique_ptr &operator=(unique_ptr &&u) {
+    reset(u.release());
+    return *this;
+  }
+
+  unique_ptr& operator=(const unique_ptr &u) = delete;
+
+  explicit operator bool() const {
+    return ptr_ != nullptr;
+  }
+
+  T &operator*() const {
+    assert(ptr_ != nullptr);
+    return *ptr_;
+  }
+
+  T *operator->() const {
+    assert(ptr_ != nullptr);
+    return ptr_;
+  }
+
+  T *get() const {
+    return ptr_;
+  }
+
+  T *release() {
+    T *ptr = ptr_;
+    ptr_ = nullptr;
+    return ptr;
+  }
+
+  void reset(T *ptr = nullptr) {
+    if (ptr_ != nullptr) {
+      Deleter()(ptr_);
+    }
+    ptr_ = ptr;
+  }
+
+ private:
+  T *ptr_;
+};
+
+}  // namespace bssl
+
+
+#endif  // OPENSSL_HEADER_CRYPTO_TEST_STL_COMPAT_H
diff --git a/third_party/boringssl/src/crypto/test/test_util.cc b/third_party/boringssl/src/crypto/test/test_util.cc
new file mode 100644
index 0000000000..8021aaa864
--- /dev/null
+++ b/third_party/boringssl/src/crypto/test/test_util.cc
@@ -0,0 +1,30 @@
+/* Copyright (c) 2015, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <stdint.h>
+#include <stdio.h>
+
+#include "test_util.h"
+
+
+void hexdump(FILE *fp, const char *msg, const void *in, size_t len) {
+  const uint8_t *data = reinterpret_cast<const uint8_t*>(in);
+  size_t i;
+
+  fputs(msg, fp);
+  for (i = 0; i < len; i++) {
+    fprintf(fp, "%02x", data[i]);
+  }
+  fputs("\n", fp);
+}
diff --git a/third_party/boringssl/src/crypto/test/test_util.h b/third_party/boringssl/src/crypto/test/test_util.h
new file mode 100644
index 0000000000..972e206517
--- /dev/null
+++ b/third_party/boringssl/src/crypto/test/test_util.h
@@ -0,0 +1,35 @@
+/* Copyright (c) 2015, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_CRYPTO_TEST_TEST_UTIL_H
+#define OPENSSL_HEADER_CRYPTO_TEST_TEST_UTIL_H
+
+#include <stddef.h>
+#include <stdio.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+/* hexdump writes |msg| to |fp| followed by the hex encoding of |len| bytes
+ * from |in|. */
+void hexdump(FILE *fp, const char *msg, const void *in, size_t len);
+
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* OPENSSL_HEADER_CRYPTO_TEST_TEST_UTIL_H */