GitLab

The BORINGSSL_201509 define was used to make updating BoringSSL in
external/boringssl less painful. It allowed code to compile with either
the old BoringSSL (which didn't define BORINGSSL_201509) or with the new
(which does).

Now that the new version has landed, this change removes that define. It
must be landed after the changes elsewhere in Android that remove
references to this define.

Change-Id: I19e661419f830459d015bf14e7905af2ec41b735

* commit '184bc934':
  BoringSSL: always build with symbol visibility flags.

When building for shared libraries, setting BORINGSSL_SHARED_LIBRARY,
BORINGSSL_IMPLEMENTATION and setting the default symbol visibility to
“hidden” causes the correct symbol visibility to be set.

This change causes symbol visibility always to be set, even for the
static builds. The reason is the the static builds are often then
included in shared libraries, so they're not really static after all.
Setting the symbol visibility in this case can avoid a lot of references
via the PLT and GOT for internal symbols.

Most importantly, some of the x86 asm code has IP-relative references to
data and, unless the visibility of the target symbol is “hidden”, the
linker believes that it needs a textrel, which breaks linking that code
into shared libraries.

Change-Id: I00e8d045bcece7b872d88bdf965c5baf65c2d639

* commit 'b8494591':
  Revert "Revert "external/boringssl: sync with upstream.""

This reverts commit a04d78d3.

Underlying issue was fixed.

Change-Id: I49685b653d16e728eb38e79e02b2c33ddeefed88

* commit 'a04d78d3':
  Revert "external/boringssl: sync with upstream."

This reverts commit 1e4884f6.

This breaks some x86 builds.

Change-Id: I4d4310663ce52bc0a130e6b9dbc22b868ff4fb25

* commit '1e4884f6':
  external/boringssl: sync with upstream.

This change imports the current version of BoringSSL. The only local
change now is that |BORINGSSL_201509| is defined in base.h. This allows
this change to be made without (hopefully) breaking the build.

This change will need https://android-review.googlesource.com/172744 to
be landed afterwards to update a test.

Change-Id: I6d1f463f7785a2423bd846305af91c973c326104

* commit '08656b61':
  Whitelist windows modules

And stop changing variables based on HOST_OS.

Bug: 23566667
Change-Id: I3b3b2f0aef066eb224cb1fa6f2e9f32c32695711

* commit 'e25abed5':
  Fix and re-enable clang build.

* commit '13204c36':
  Disable clang build temporarily to fix build.

TARGET_ARCH will be arm64 even when building the 32-bit code for an
aarch64 target. Properly restrict the use of the armv8-a+crypto flag.

Change-Id: Ica762d0ee22f35638a052afb2c904d49e2d08653

The new clang doesn't like armv8-a+crypto, and it's not clear why yet.
Disabling clang while we investigate.

Change-Id: I255af7c7fd503ded43e8aeaf54a07f423f870aaa

* commit '07f4f423':
  Handle RDRAND failures.
  dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key.
  Fix for CVE-2015-1789.
  Fixes for CVE-2015-1791.

* changes:
  Handle RDRAND failures.
  dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key.
  Fix for CVE-2015-1789.
  Fixes for CVE-2015-1791.

* commit '71a0705e':
  Add a build target to build bssl for host.

* commit '691ef9d0':
  Add rules.mk for building Trusty.

* commit 'f7063c1e':
  Add rules.mk for building Trusty.

(This is a no-op change for the Android build. The Android build system
doesn't care about rules.mk.)

This is cherry-picked from AOSP.  It's needed in mnc-dev so that the
t132-mnc branch of Trusty can track this version of BoringSSL rather
than the one from AOSP.  That's important so we can have reproducible
builds of the MNC version of Trusty for Volantis.

Bug: 22202624
Change-Id: I19359abd83983efa597047f88295bb4f88bb415b

Change-Id: I22c079a2486acc2aa68c4b99f026bbdcbea9d4ff

I mistakenly believed that only RDSEED could fail. However, the Intel
manuals state that RDRAND can fail too.

This change cherry-picks the following BoringSSL changes:

2cac3506 – Handle RDRAND failures.
248abbd7 – Add missing comma in .type pragma for rdrand code.

Change-Id: Icdc56a50ce36e9c525063583882c676a5312d313

This change cherry-picks BoringSSL's e65886a5.

Change-Id: I63d5dc280d420b64b658bfd85f180a01adb8a18b

X509_cmp_time does not properly check the length of the ASN1_TIME string
and can read a few bytes out of bounds. In addition, X509_cmp_time
accepts an arbitrary number of fractional seconds in the time string.

An attacker can use this to craft malformed certificates and CRLs of
various sizes and potentially cause a segmentation fault, resulting in a
DoS on applications that verify certificates or CRLs. TLS clients that
verify CRLs are affected. TLS clients and servers with client
authentication enabled may be affected if they use custom verification
callbacks.

This change cherry-picks the following changes from BoringSSL:

d87021d2 – Fix length checks in X509_cmp_time to avoid out-of-bounds reads.

Change-Id: Ia7d0c5d889f61a3c4be6ea79a5ab41f67bc3c65c

If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.

This change cherry-picks the following BoringSSL changes:

b31040d0 – Get rid of CERT_PKEY slots in SESS_CERT.
fd67aa8c – Add SSL_SESSION_from_bytes.
95d31825 – Duplicate SSL_SESSIONs when renewing them.
d65bb78c – Add SSL_initial_handshake_complete.
680ca961 – Preserve session->sess_cert on ticket renewal.

Change-Id: I474065330842e4ab0066b2485c1489a50e4dfd5b

* commit 'f7fe69bb':
  Add ECDHE-PSK-AES{128,256}-SHA cipher suites.

* commit '0e6bb1c7':
  Add ECDHE-PSK-AES{128,256}-SHA cipher suites.

* commit 'a4be71ce':
  Drop ECDHE-PSK-AES-128-GCM.

* commit 'dfb3ba68':
  Add ECDHE-PSK-AES{128,256}-SHA cipher suites.

* commit '4bae3aba':
  Drop ECDHE-PSK-AES-128-GCM.

If we're going to have PSK and use standard cipher suites, this might be
the best that we can do for the moment.

(This is a cherry-pick of BoringSSL's 85bc5601.)

(cherry picked from commit 0e6bb1c7)

Bug: 21522548
Change-Id: Ic94c74a2b3ee2387f640efff510646d1836efbfb

This is the best PSK cipher suite, but it's non-standard and nobody is
using it. Trivial to bring back in the future if we have need of it.

(Note that this is a no-op in Android because Android had already
disabled this cipher suite.)

(This is a cherry-pick of BoringSSL's 1feb42a2.)

(cherry picked from commit a4be71ce)

Bug: 21522548
Change-Id: I2a051724500341053595f59e755349544da63ce5

If we're going to have PSK and use standard cipher suites, this might be
the best that we can do for the moment.

(This is a cherry-pick of BoringSSL's 85bc5601.)

Bug: 21522548
Change-Id: Ic94c74a2b3ee2387f640efff510646d1836efbfb

This is the best PSK cipher suite, but it's non-standard and nobody is
using it. Trivial to bring back in the future if we have need of it.

(Note that this is a no-op in Android because Android had already
disabled this cipher suite.)

(This is a cherry-pick of BoringSSL's 1feb42a2.)

Bug: 21522548
Change-Id: I2a051724500341053595f59e755349544da63ce5

* commit '1f76c138':
  s/-Wno-unused-parameters/-Wno-unused-parameter/

* commit 'dbfa1800':
  s/-Wno-unused-parameters/-Wno-unused-parameter/

The former triggers warnings in Clang. Also USE_CLANG_PLATFORM_BUILD=1
doesn't work (the second time this has bitten me—you have to set it to
“true”).

(cherry picked from commit 86426f7c)

Bug: 21804522
Change-Id: Ia59f6667674c1c69bd96287cc576bbfc889c5f77