GitLab

* commit '62d05888':
  external/boringssl: add P-521 back into the ClientHello.

* commit 'e9ada863':
  external/boringssl: bump revision.

This change does strange things to servers which take it as clue that
nothing to do with P-521 is acceptable just because it's missing from
the ClientHello.

Hopefully for the next Android release we can remove this and replace it
with the support for the CFRG curves.

Bug: 20634927
Change-Id: I1d1a65cd82f68ac6d8da5560075cbacaebf539e1

This change bumps the BoringSSL revision to the current tip-of-tree.

Change-Id: I91d5bf467e16e8d86cb19a4de873985f524e5faa

* commit 'b3106a0c':
  Fix doc reference to EVP_AEAD_max_overhead

The documentation referred to the old name of EVP_AEAD_overhead.

Change-Id: Ifaaf1a703686935bba561a70ecace76f0dd0c290

* commit 'b9b62a03':
  Rename ECDHE-PSK-WITH-AES-128-GCM-SHA256 to follow the naming conventions.

* commit 'cbe62cb9':
  Rename ECDHE-PSK-WITH-AES-128-GCM-SHA256 to follow the naming conventions.

“ECDHE-PSK-WITH-AES-128-GCM-SHA256” doesn't follow the standard naming
for OpenSSL: it was “-WITH-” in it and has a hyphen between “AES” and
“128”. This change fixes that.

(cherry picked from commit cbe62cb9)

Change-Id: Ie504624857f227fb18835a99cec7c3363beeed96

“ECDHE-PSK-WITH-AES-128-GCM-SHA256” doesn't follow the standard naming
for OpenSSL: it was “-WITH-” in it and has a hyphen between “AES” and
“128”. This change fixes that.

Change-Id: Ie504624857f227fb18835a99cec7c3363beeed96

* commit '7a759c78':
  Fix SSL_get0_chain_certs.

SSL_get0_chain_certs calls a ctrl function with
SSL_CTRL_GET_CHAIN_CERTS. The switch failed to set a positive return
value and so the call always appeared to fail.

(Imported from upstream's
https://boringssl-review.googlesource.com/#/c/4521/)

Change-Id: Ia69c404c528b0cb01c7ff5e56ca8a8415265fa73

* commit 'd8eaa8b9':
  Use SSL_MODE_SEND_FALLBACK_SCSV.

Upstream settled in this API, and it's also the one that we expect
internally and that third_party code will expect.

This is an import of upstream's
5f0efe06e199a1bd96f161eb45f3dd76924cdc2a.

Change-Id: Ib4c7054a382dccdd23919407742bd037b9653a4b

* commit 'd82ab38c':
  Ensure BN_asc2bn, BN_dec2bn, and BN_hex2bn never give -0.

When |BN_dec2bn| and |BN_hex2bn| were merged (way back in the initial
BoringSSL change), the neg flag was set too soon and could be cleared by
|BN_add_word|.

This is an import of upstream's c85573cc. The unittest change isn't
included here because bn_test.c has changed significantly in upstream
and BoringSSL unittests aren't run in the Android environment.

Bug: 20523350
Change-Id: Iaf8efe2fe3419218437f5ebb9a15f73559860a0f

* commit '217eaab3':
  external/boringssl: export EC_GROUP_set_point_conversion_form symbol.

In https://android-review.googlesource.com/#/c/147551/, I missed the
OPENSSL_EXPORT tag thus the .so doesn't expose it as a dynamic symbol.

BUG=20419899

(cherry picked from commit 217eaab3)

Change-Id: Iec03fe771b131c9bc7547bd163c338eb6636a6e7

In https://android-review.googlesource.com/#/c/147551/, I missed the
OPENSSL_EXPORT tag thus the .so doesn't expose it as a dynamic symbol.

BUG=20419899

Change-Id: I849888cf9a3383570b352911867e983b547e6742

* commit '830beae6':
  external/boringssl: add dummy EC_GROUP_set_point_conversion_form.

BoringSSL always uses uncompressed points. This function aborts if
another form is requested or does nothing if uncompressed points are
requested.

Bug: 20419899
Change-Id: Ib5d0707c4e9eaee67e46a0d73d41be70ce0a9353

* commit 'eef60be9':
  external/boringssl: try to fix aarch64+Clang.

It appears that the version of Clang in Android doesn't support the
.arch_extension directive. This change removes the .arch and
.arch_extension lines (because they are triggering errors) and adds a
-march option on the command line instead.

The aarch64+Clang build is still broken with this change, but it's
broken in binder rather than BoringSSL with it.

Change-Id: I32c557bdfde4df66d26794ccdd650356f2bbaf8f

* commit 'dc5ad20a':
  Use a different arch feature indicator for clang

* commit '53b609c9':
  external/boringssl: update #define guards for x86_64-gcc.c.

OS X builds with NO_ASM and was getting both generic.c and x86_64-gcc.c.
This change updates the latter so that it's excluded in NO_ASM builds.

(cherry picked from commit 53b609c9)

Change-Id: Idf801013db636bd4d8f6c4588102c241fdb9fbf6

OS X builds with NO_ASM and was getting both generic.c and x86_64-gcc.c.
This change updates the latter so that it's excluded in NO_ASM builds.

Change-Id: Idf801013db636bd4d8f6c4588102c241fdb9fbf6

Clang doesn't currently understand the ".arch armv8-a+crypto" syntax and
instead requires the specification of ".arch_extension" to enable the
crypto functionality.

Change-Id: Ib7bab562055e7c7925a47030044479ec172d0a34

* commit '49977fa7':
  external/boringssl: fix Clang build.

* commit 'f1868207':
  external/boringssl: avoid unused argument warning.

The immediate in this operation is too large for ARM. GCC will
automatically rewrite it to use bic (where bic does an AND NOT). Clang,
however doesn't, and reasonably throws an error.

This change switches to using bic in the source file, thus making both
happy.

Change-Id: I117083f4f70c199e5d2f933c0a0516a6f4059a92

Clang will warn that the argument to Speed is unused.

Change-Id: Ic3a6a7e2f4638e8ad5435332077791db015d4779

Change-Id: Icaf81a257919285358f4ed12da30cafa5b65ffeb

Keystore has added support for it so these functions are needed again.

Change-Id: Id3bf3dd10e182fe7a9b1c51bd3184ecac4cfde8b

Change-Id: I2fcb67fea859220e7e7bbbdb5dd910fb847c5600

Change-Id: I19ed78acc67bd0ad8b905ce0ac628b39da8bb161

MIPS64 confusingly sets __mips__, but it's not a 32-bit platform. This
change updates the defines in base.h to recognise MIPS64 based on both
__mips__ and __LP64__ being defined.

BUG: 19665578

Change-Id: I6290b6def9f999a01b500c918d1488a22fd57460