external/boringssl: Sync to 2070f8ad9151dc8f3a73bffaa146b5e6937a583f.android-n-mr2-preview-2

This includes the following changes:

https://boringssl.googlesource.com/boringssl/+log/8ebeabf0e2e01b331e56d0a491c12539baa55d3d..2070f8ad9151dc8f3a73bffaa146b5e6937a583f

Test: BoringSSL CTS Presubmits
Change-Id: Ia779c6476e45c44e426e09afeca65b2192e783ae

4 files changed, 41 insertions, 51 deletions

diff --git a/src/crypto/bn/asm/rsaz-avx2.pl b/src/crypto/bn/asm/rsaz-avx2.pl
index 5562d691..60c4ca23 100755
--- a/src/crypto/bn/asm/rsaz-avx2.pl
+++ b/src/crypto/bn/asm/rsaz-avx2.pl
@@ -84,8 +84,8 @@ die "can't locate x86_64-xlate.pl";
 # output, so this isn't useful anyway.
 #
 # TODO(davidben): Enable these after testing. $avx goes up to 2 and $addx to 1.
-$avx = 0;
-$addx = 0;
+$avx = 2;
+$addx = 1;
 
 open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
 *STDOUT = *OUT;
diff --git a/src/crypto/bn/montgomery.c b/src/crypto/bn/montgomery.c
index aa5bc424..29e82a4c 100644
--- a/src/crypto/bn/montgomery.c
+++ b/src/crypto/bn/montgomery.c
@@ -125,6 +125,11 @@
 #define OPENSSL_BN_ASM_MONT
 #endif
 
+static int bn_mod_mul_montgomery_fallback(BIGNUM *r, const BIGNUM *a,
+                                          const BIGNUM *b,
+                                          const BN_MONT_CTX *mont, BN_CTX *ctx);
+
+
 BN_MONT_CTX *BN_MONT_CTX_new(void) {
   BN_MONT_CTX *ret = OPENSSL_malloc(sizeof(BN_MONT_CTX));
 
@@ -361,27 +366,43 @@ err:
 
 int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
                           const BN_MONT_CTX *mont, BN_CTX *ctx) {
-  BIGNUM *tmp;
-  int ret = 0;
-
-#if defined(OPENSSL_BN_ASM_MONT)
+#if !defined(OPENSSL_BN_ASM_MONT)
+  return bn_mod_mul_montgomery_fallback(r, a, b, mont, ctx);
+#else
   int num = mont->N.top;
 
-  if (num > 1 && a->top == num && b->top == num) {
-    if (bn_wexpand(r, num) == NULL) {
-      return 0;
-    }
-    if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
-      r->neg = a->neg ^ b->neg;
-      r->top = num;
-      bn_correct_top(r);
-      return 1;
-    }
+  /* |bn_mul_mont| requires at least 128 bits of limbs, at least for x86. */
+  if (num < (128 / BN_BITS2) ||
+      a->top != num ||
+      b->top != num) {
+    return bn_mod_mul_montgomery_fallback(r, a, b, mont, ctx);
+  }
+
+  if (bn_wexpand(r, num) == NULL) {
+    return 0;
   }
+  if (!bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
+    /* The check above ensures this won't happen. */
+    assert(0);
+    OPENSSL_PUT_ERROR(BN, ERR_R_INTERNAL_ERROR);
+    return 0;
+  }
+  r->neg = a->neg ^ b->neg;
+  r->top = num;
+  bn_correct_top(r);
+
+  return 1;
 #endif
+}
+
+static int bn_mod_mul_montgomery_fallback(BIGNUM *r, const BIGNUM *a,
+                                          const BIGNUM *b,
+                                          const BN_MONT_CTX *mont,
+                                          BN_CTX *ctx) {
+  int ret = 0;
 
   BN_CTX_start(ctx);
-  tmp = BN_CTX_get(ctx);
+  BIGNUM *tmp = BN_CTX_get(ctx);
   if (tmp == NULL) {
     goto err;
   }
diff --git a/src/crypto/err/ssl.errordata b/src/crypto/err/ssl.errordata
index 106c4c43..7fddc983 100644
--- a/src/crypto/err/ssl.errordata
+++ b/src/crypto/err/ssl.errordata
@@ -22,10 +22,12 @@ SSL,261,BLOCK_CIPHER_PAD_IS_WRONG
 SSL,120,BN_LIB
 SSL,255,BUFFERED_MESSAGES_ON_CIPHER_CHANGE
 SSL,121,BUFFER_TOO_SMALL
+SSL,275,CANNOT_HAVE_BOTH_PRIVKEY_AND_METHOD
 SSL,272,CANNOT_PARSE_LEAF_CERT
 SSL,122,CA_DN_LENGTH_MISMATCH
 SSL,123,CA_DN_TOO_LONG
 SSL,124,CCS_RECEIVED_EARLY
+SSL,274,CERTIFICATE_AND_PRIVATE_KEY_MISMATCH
 SSL,125,CERTIFICATE_VERIFY_FAILED
 SSL,126,CERT_CB_ERROR
 SSL,127,CERT_LENGTH_MISMATCH
@@ -71,7 +73,6 @@ SSL,269,INVALID_SCT_LIST
 SSL,160,INVALID_SSL_SESSION
 SSL,161,INVALID_TICKET_KEYS_LENGTH
 SSL,162,LENGTH_MISMATCH
-SSL,163,LIBRARY_HAS_NO_CIPHERS
 SSL,164,MISSING_EXTENSION
 SSL,258,MISSING_KEY_SHARE
 SSL,165,MISSING_RSA_CERTIFICATE
@@ -148,6 +149,7 @@ SSL,1043,SSLV3_ALERT_UNSUPPORTED_CERTIFICATE
 SSL,214,SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION
 SSL,215,SSL_HANDSHAKE_FAILURE
 SSL,216,SSL_SESSION_ID_CONTEXT_TOO_LONG
+SSL,276,TICKET_ENCRYPTION_FAILED
 SSL,1049,TLSV1_ALERT_ACCESS_DENIED
 SSL,1050,TLSV1_ALERT_DECODE_ERROR
 SSL,1021,TLSV1_ALERT_DECRYPTION_FAILED
diff --git a/src/crypto/x509v3/v3_pci.c b/src/crypto/x509v3/v3_pci.c
index 68dca5e7..4352abee 100644
--- a/src/crypto/x509v3/v3_pci.c
+++ b/src/crypto/x509v3/v3_pci.c
@@ -35,7 +35,6 @@
  * SUCH DAMAGE.
  */
 
-#include <stdio.h>
 #include <string.h>
 
 #include <openssl/conf.h>
@@ -153,38 +152,6 @@ static int process_pci_value(CONF_VALUE *val,
                 goto err;
             }
             OPENSSL_free(tmp_data2);
-        } else if (strncmp(val->value, "file:", 5) == 0) {
-            unsigned char buf[2048];
-            int n;
-            BIO *b = BIO_new_file(val->value + 5, "r");
-            if (!b) {
-                OPENSSL_PUT_ERROR(X509V3, ERR_R_BIO_LIB);
-                X509V3_conf_err(val);
-                goto err;
-            }
-            while ((n = BIO_read(b, buf, sizeof(buf))) > 0
-                   || (n == 0 && BIO_should_retry(b))) {
-                if (!n)
-                    continue;
-
-                tmp_data = OPENSSL_realloc((*policy)->data,
-                                           (*policy)->length + n + 1);
-
-                if (!tmp_data)
-                    break;
-
-                (*policy)->data = tmp_data;
-                OPENSSL_memcpy(&(*policy)->data[(*policy)->length], buf, n);
-                (*policy)->length += n;
-                (*policy)->data[(*policy)->length] = '\0';
-            }
-            BIO_free_all(b);
-
-            if (n < 0) {
-                OPENSSL_PUT_ERROR(X509V3, ERR_R_BIO_LIB);
-                X509V3_conf_err(val);
-                goto err;
-            }
         } else if (strncmp(val->value, "text:", 5) == 0) {
             val_len = strlen(val->value + 5);
             tmp_data = OPENSSL_realloc((*policy)->data,