GitLab

* commit '4f05b238':
  Add |BIO_read_asn1| to read a single ASN.1 object.

Android needs to be able to read a PKCS#7 blob from a Java InputStream.
This change adds |BIO_read_asn1| which reads a single ASN.1 object from
the start of a BIO without overreading.

(Taken from upstream's https://boringssl-review.googlesource.com/4800)
(cherry picked from commit f5cea4e0)

Bug: 21396526
Bug: 21209493
Change-Id: Id88f34bedfdff4963c72bcd5c84f2915785d1fcd

* commit '3f3c43ff':
  external/boringssl: add -Wno-unused-parameters.

* commit '58dc65d0':
  external/boringssl: fix |SSLeay|.

Clang is throwing errors becaues of unused parameters, but not all
parameters are supposed to be used. Also, having errors in Android that
aren't enforced upstream invites this problem repeating ever more in the
future.

Bug: 21304073
Change-Id: I8e81d6d6659896b5b16a1406e8637e489f8059fd
(cherry picked from commit 71cbcbed)

SSLeay is a compatibility function for OpenSSL, but I got it wrong.
It doesn't return a string, it returns a number. This doesn't end up
making any difference, but it fixes a warning when building OpenSSH.

Bug: 21304170
Change-Id: I3e4bb0240b18647cfe2a3ce5869948a4527ff0f0
(cherry picked from commit 12addf8c)

* commit '21c70997':
  Copy ecdsa_meth in EC_KEY_copy.

This change imports 785e07b23d965e1e984c2ee9f6a0dbe06d3d658e from
upstream into Android.

Change-Id: I5fb67b5c39d62d6f2a2dd6980cc97569a7686eac
(cherry picked from commit 5a0d510b)

* commit 'fc104df4':
  external/boringssl: disable ChaCha20-Poly1305 cipher suites.

These cipher suites aren't IETF defined (and the IETF will define them
slightly differently when it finally does assign real code points to
them.) Since an Android system release endures for many years, this
change removes support for them so that we don't have to worry about
this temporary design for years to come.

(cherry picked from commit a070e050)

Bug: 20950559
Change-Id: I97bc7f72b44cf908e8ce74d4b1ab0b3c2970ec3c

* commit '22b306fd':
  external/boringssl: update #define guards for x86_64-gcc.c.

OS X builds with NO_ASM and was getting both generic.c and x86_64-gcc.c.
This change updates the latter so that it's excluded in NO_ASM builds.

This is a reland of 53b609c9, which got lost in the last BoringSSL sync
because I forgot to send it upstream.

(cherry pick of commit 9eb412c4)

Bug: 21085331
Change-Id: I825c8903e7b6217bfddc0c3b94f1b2bc00561c73

* commit '57e5591b':
  MinGW on Linux uses lowercase include files, part 2

* commit 'ac86f526':
  Update to latest BoringSSL

* commit '1db36bfd':
  external/boringssl: support arbitrary elliptic curve groups.

* commit 'db3f2575':
  external/boringssl: work around Clang's lack of adrl.

* commit '256aa0e4':
  external/boringssl: add P-521 back into the ClientHello.

* commit '02d138cf':
  external/boringssl: bump revision.

* commit 'fb1d49c2':
  Fix doc reference to EVP_AEAD_max_overhead

am 9861ddca: am b9b62a03: Rename ECDHE-PSK-WITH-AES-128-GCM-SHA256 to follow the naming conventions.

* commit '9861ddca':

am a524abe3: am cbe62cb9: Rename ECDHE-PSK-WITH-AES-128-GCM-SHA256 to follow the naming conventions.

* commit 'a524abe3':
  Rename ECDHE-PSK-WITH-AES-128-GCM-SHA256 to follow the naming conventions.

On Windows this doesn't matter since the filesystems are case-
insensitive, but building BoringSSL on Linux with MinGW has
case-sensitive filesystems.

(cherry picked from commit 9385cb18)

Bug: 21085331
Change-Id: I1a145ee8dbb74a9f82e23ac40e7b9d23e03ccffc

Bug: 21085331
Change-Id: Ifc8d5cb8e3e7ad1b55463e814beff12a1b59f3cc

* commit '12956e17':
  external/boringssl: support arbitrary elliptic curve groups.

* commit 'aae4cd28':
  external/boringssl: work around Clang's lack of adrl.

* commit '62d05888':
  external/boringssl: add P-521 back into the ClientHello.

* commit 'e9ada863':
  external/boringssl: bump revision.

This change works around Clang's lack of support for the adrl
pseudo-instruction by disabling Clang's as for BoringSSL.

See https://android-review.googlesource.com/#/c/150503/ for an
alternative solution that was discarded.

Change-Id: I1587376f8d864b7ea0c1fc953c7ea8a8552146e6

This change exposes the functions needed to support arbitrary elliptic
curve groups for Android.

Change-Id: I66a3662d393deadd718e43d91420fecf050502c2

This change does strange things to servers which take it as clue that
nothing to do with P-521 is acceptable just because it's missing from
the ClientHello.

Hopefully for the next Android release we can remove this and replace it
with the support for the CFRG curves.

Bug: 20634927
Change-Id: I1d1a65cd82f68ac6d8da5560075cbacaebf539e1

This change bumps the BoringSSL revision to the current tip-of-tree.

Change-Id: I91d5bf467e16e8d86cb19a4de873985f524e5faa

* commit 'b3106a0c':
  Fix doc reference to EVP_AEAD_max_overhead

The documentation referred to the old name of EVP_AEAD_overhead.

Change-Id: Ifaaf1a703686935bba561a70ecace76f0dd0c290

* commit 'b9b62a03':
  Rename ECDHE-PSK-WITH-AES-128-GCM-SHA256 to follow the naming conventions.

* commit 'cbe62cb9':
  Rename ECDHE-PSK-WITH-AES-128-GCM-SHA256 to follow the naming conventions.

“ECDHE-PSK-WITH-AES-128-GCM-SHA256” doesn't follow the standard naming
for OpenSSL: it was “-WITH-” in it and has a hyphen between “AES” and
“128”. This change fixes that.

(cherry picked from commit cbe62cb9)

Change-Id: Ie504624857f227fb18835a99cec7c3363beeed96

“ECDHE-PSK-WITH-AES-128-GCM-SHA256” doesn't follow the standard naming
for OpenSSL: it was “-WITH-” in it and has a hyphen between “AES” and
“128”. This change fixes that.

Change-Id: Ie504624857f227fb18835a99cec7c3363beeed96

* commit '7a759c78':
  Fix SSL_get0_chain_certs.

SSL_get0_chain_certs calls a ctrl function with
SSL_CTRL_GET_CHAIN_CERTS. The switch failed to set a positive return
value and so the call always appeared to fail.

(Imported from upstream's
https://boringssl-review.googlesource.com/#/c/4521/)

Change-Id: Ia69c404c528b0cb01c7ff5e56ca8a8415265fa73