GitLab

Sanitization currently makes these libraries reference symbols which
cannot be resolved at runtime without additional magic.

Disable this until we can find a fix. This currently makes signapk
fail with:
libconscrypt_openjdk_jni.so: undefined symbol: __asan_option_detect_stack_use_after_return
	at java.lang.ClassLoader$NativeLibrary.load(Native Method)
	at java.lang.ClassLoader.loadLibrary1(ClassLoader.java:1965)
	at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1890)
	at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1880)
	at java.lang.Runtime.loadLibrary0(Runtime.java:849)
	at java.lang.System.loadLibrary(System.java:1088)
	at org.conscrypt.NativeCryptoJni.init(NativeCryptoJni.java:25)
	at org.conscrypt.NativeCrypto.<clinit>(NativeCrypto.java:54)
	at org.conscrypt.OpenSSLBIOInputStream.<init>(OpenSSLBIOInputStream.java:34)
	at org.conscrypt.OpenSSLX509Certificate.fromX509PemInputStream(OpenSSLX509Certificate.java:119)
	at org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509PemInputStream(OpenSSLX509CertificateFactory.java:220)
	at org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509PemInputStream(OpenSSLX509CertificateFactory.java:216)
	at org.conscrypt.OpenSSLX509CertificateFactory$Parser.generateItem(OpenSSLX509CertificateFactory.java:94)
	at org.conscrypt.OpenSSLX509CertificateFactory.engineGenerateCertificate(OpenSSLX509CertificateFactory.java:272)
	at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
	at com.android.signapk.SignApk.readPublicKey(SignApk.java:161)
	at com.android.signapk.SignApk.main(SignApk.java:933)

Bug: 26160319
Change-Id: I9f8d949bf571eb2511d42d472ecf23a5e8c03758

Now with a proper pthread dependency.

This reverts commit 658a3498.

Change-Id: I98414598c885904cb1988f30b339da7181cda341

We were depending on pthread that was being pulled in via STL, so revert
this until we can fix the dependency correctly.

This reverts commit f88d692d.

Change-Id: Ica803c825db66e52ffa1d41cf709da9313dded1b

libssl and libcrypto don't use STL, set LOCAL_CXX_STL := none for the
host modules.

Change-Id: I22c36e477ec812a38dc1c6463bd398503a1f4b69

BUG=24082170

7104cc9 Update and fix fuzzing instructions.
9a4beb8 Add four, basic fuzz tests.
4ab2540 Add AArch64 Montgomery assembly.
ad38dc7 Enable Montgomery optimisations on ARM.
2e64f1b Check PKCS#8 pkey field is valid before cleansing.
f606f98 bssl pkcs12 shouldn't crash on missing key.
e348ff4 Fix build.
6e80765 Add SSL_get_server_key_exchange_hash.
788be4a Remove the hard-coded SHA-1 exception for sigalgs.
5d5e39f Remove non-ASM version of |bn_mul_mont| in bn/generic.c.
59b0fcc Define BORINGSSL_201510.
e6d1e5a Use typedef names, not struct names.
16285ea Rewrite DTLS handshake message sending logic.
c81ee8b Add missing state to DTLS state machine.
2e24b9b Allow SHA-512 unaligned data access in |OPENSSL_NO_ASM| mode.
e82e6f6 Constify more BN_MONT_CTX parameters.
c7817d8 Add SSL_CIPHER_get_min_version and tidy up SSL_TLSV1_2 logic.
9d94d5e Remove untested, unnecessary big-endian SHA-1/SHA-256 optimizations.
38feb99 Require that EC points are on the curve.
ef793f4 Add various functions for SSL_CIPHER.
f93995b Test that the client doesn't offer TLS 1.2 ciphers when it shouldn't.
5f88999 Fix up several comments and detect problems in the future.
e57a192 Add missing newline in aead.h.
c2d3280 Add SSL_get_ivs.
a97b737 Separate CCS and handshake writing in DTLS.
ac9404c Improve crypto/digest/md32_common.h mechanism.
8fb0f52 Free BN_MONT_CTX in generic code.
bb87535 Fix ASan bot.
d93831d Make it possible for a static linker to discard unused RSA functions.
e8f783a Unwind DH_METHOD and DSA_METHOD.
3fc138e Don't bother sampling __func__.
165248c Fix several MSVC warnings.
8f7ecb8 (Hopefully) fix a warning on Windows.
466b989 Initialise variable before jump.
1895493 Add Intel's P-256
27a0d08 Add ssl_renegotiate_ignore.
fa9eb56 Correct the spelling of "primitive".
f1c1cf8 Revert "Improve crypto/digest/md32_common.h mechanism."
00461cf Improve crypto/digest/md32_common.h mechanism.
ecc2591 Update link to Google style guide.
efb42fb Make BN_mod_exp_mont_consttime take a const context.
eb8be01 Add ciphers option to bssl.
09d68c9 Expand a comment.
2e0901b Don't use ssl3_write_pending in DTLS.
13e81fc Fix DTLS asynchronous write handling.
ebda9b3 Make recordingconn emit more useful things for DTLS.
069bedf Fix documentation typo.
ce51469 Fix a missing initializer that only Clang warns about.
d9e8173 Fix several warnings that arise in Android.
bb85f3d Reorganise |SSL_SESSION| and |SSL| to save a little memory.
dff504d Make the instructions for downloading the ARM compiler easier to copy and paste.

Change-Id: I5ef2238f77f2bcab239919c8c50c3705b4577f09

This reverts commit 03bcf618.

No changes here. trusty build was fixed with the required rules.mk changes.

Change-Id: Ide28171787db4e481b0b05b4107e58071d8c0fee

* changes:
  trusty: Build boringssl as a .a instead of .o
  trusty: Remove lib/libc-trusty from dependency list.
  Fix trusty build warnings about duplicate files

This reverts commit fdeb488e.

This breaks trusty since it doesn't have setjmp.h

Change-Id: I960e25aa0bb2eef1237743b1567f7cb7f6d40497

See the following URL for a list of the changes included in this sync:

https://boringssl.googlesource.com/boringssl/+log/d98dc1311e20193ac188e359e91aeaaf5cc3a7e2..51a01a5cd44b3bdfab5220847000f13fc85f000b

Change-Id: I36535827f652536dfd687c1646bbea1535fc8e44

am: 6e19d4dc

* commit '6e19d4dc':
  external/boringssl: remove BORINGSSL_201509 support.

* commit 'b58f8d1f':
  DO NOT MERGE ANYWHERE Revert "Whitelist windows modules"

This is only needed in the mnc-ub-dev branch to deal with the older
build project.

This reverts commit 08656b61.

Change-Id: I7440e3d6371e6d98f1f77705f8bf374e7f37fbe2

This pulls in the latest version of BoringSSL.

Change-Id: I0ab5c73d60f41a696c9a828fac87670aaca10dec

The default partially linked lk module .o files does not allow
unreferenced assembly files to be dropped.

Change-Id: I49931c6e1a17fa6552fa444c8e5e20ca7fca5cf1

This allows linking into the kernel.

Change-Id: Ia906bc8eff1f85a78aa8afb72f7fd0d26d5529ee

The BORINGSSL_201509 define was used to make updating BoringSSL in
external/boringssl less painful. It allowed code to compile with either
the old BoringSSL (which didn't define BORINGSSL_201509) or with the new
(which does).

Now that the new version has landed, this change removes that define. It
must be landed after the changes elsewhere in Android that remove
references to this define.

Change-Id: I19e661419f830459d015bf14e7905af2ec41b735

Change-Id: I6a663f0039eb1557269696b1af9034cda5dbb983

* commit '3df15298':
  BoringSSL: always build with symbol visibility flags.

* commit '184bc934':
  BoringSSL: always build with symbol visibility flags.

When building for shared libraries, setting BORINGSSL_SHARED_LIBRARY,
BORINGSSL_IMPLEMENTATION and setting the default symbol visibility to
“hidden” causes the correct symbol visibility to be set.

This change causes symbol visibility always to be set, even for the
static builds. The reason is the the static builds are often then
included in shared libraries, so they're not really static after all.
Setting the symbol visibility in this case can avoid a lot of references
via the PLT and GOT for internal symbols.

Most importantly, some of the x86 asm code has IP-relative references to
data and, unless the visibility of the target symbol is “hidden”, the
linker believes that it needs a textrel, which breaks linking that code
into shared libraries.

Change-Id: I00e8d045bcece7b872d88bdf965c5baf65c2d639

* commit 'd947d006':
  Revert "Revert "external/boringssl: sync with upstream.""

* commit 'b8494591':
  Revert "Revert "external/boringssl: sync with upstream.""

This reverts commit a04d78d3.

Underlying issue was fixed.

Change-Id: I49685b653d16e728eb38e79e02b2c33ddeefed88

* commit '00bc53f6':
  Revert "external/boringssl: sync with upstream."

* commit 'a04d78d3':
  Revert "external/boringssl: sync with upstream."

This reverts commit 1e4884f6.

This breaks some x86 builds.

Change-Id: I4d4310663ce52bc0a130e6b9dbc22b868ff4fb25

* commit '3781a606':
  external/boringssl: sync with upstream.

* commit '1e4884f6':
  external/boringssl: sync with upstream.

This change imports the current version of BoringSSL. The only local
change now is that |BORINGSSL_201509| is defined in base.h. This allows
this change to be made without (hopefully) breaking the build.

This change will need https://android-review.googlesource.com/172744 to
be landed afterwards to update a test.

Change-Id: I6d1f463f7785a2423bd846305af91c973c326104

* commit '4ca36931':
  Whitelist windows modules

* commit '08656b61':
  Whitelist windows modules

And stop changing variables based on HOST_OS.

Bug: 23566667
Change-Id: I3b3b2f0aef066eb224cb1fa6f2e9f32c32695711

* commit '929d45bb':

* commit '5100c0f3':

* commit '3b2c6065':

* commit 'e25abed5':
  Fix and re-enable clang build.