Age | Commit message (Collapse) | Author |
|
mainline-tethering-release
Change-Id: Ia8b06f659c78f81fb86c4778f829403dfa4da5e9
|
|
Cherry-picked into mainline-prod from AOSP, see below for
AOSP and upstream notes.
Due to time elapsed since last full BoringSSL merge into
mainline-prod, this CL also includes some extra header file
definitions from upstream. These have no functional impact
but are needed to support the extra tests in this CL.
AOSP Cherry-pick notes:
Cherry-picked into AOSP from
https://boringssl-review.googlesource.com/c/boringssl/+/49745
and
https://boringssl-review.googlesource.com/c/boringssl/+/49746
Cherry-picked outside normal BoringSSL release process to allow
easier cherry-picking to Mainline (see bug for details).
The first cherry-pick is a test-only fix to pick up correct defaults,
the rest of this commit message refers to the second.
The OpenSSL X.509 verifier lacks a proper path builder. When there are
two paths available for a certificate, we pick one without looking at
expiry, etc.
In scenarios like one below, X509_V_FLAG_TRUSTED_FIRST will prefer
Leaf -> Intermediate -> Root1. Otherwise, we will prefer
Leaf -> Intermediate -> Root1Cross -> Root2:
Root2
|
Root1 Root1Cross
\ /
Intermediate
|
Leaf
If Root2 is expired, as with Let's Encrypt, X509_V_FLAG_TRUSTED_FIRST
will find the path we want. Same if Root1Cross is expired. (Meanwhile,
if Root1 is expired, TRUSTED_FIRST will break and leaving it off works.
TRUSTED_FIRST does not actually select chains with validity in mind. It
just changes the semi-arbitrary decision.)
OpenSSL 1.1.x now defaults to X509_V_FLAG_TRUSTED_FIRST by default, so
match them. Hopefully the shorter chain is more likely to be correct.
Update-Note: X509_verify_cert will now build slightly different chains
by default. Hopefully, this fixes more issues than it causes, but there
is a risk of trusted_first breaking other scenarios. Those scenarios
will also break OpenSSL 1.1.x defaults, so hopefully this is fine.
BoringSSL-Bug: 439
Bug: 201667701
Test: atest boringssl_crypto_test
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49746
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
(cherry picked from BoringSSL commit 8f5eb80b810ff63d14ad3535cb16f7cb8271a4f5)
Change-Id: Ib75feb0081ced6520f9547ff381ee7b4dee75010
Merged-In: Ib75feb0081ced6520f9547ff381ee7b4dee75010
(cherry picked from commit 7c27ee0dbbee0eedaa53f0a863ab5d70a3be3327)
|
|
mainline-tethering-release
Change-Id: I47e2c133d16c74da022b944116cde34f2451c2e5
|
|
f695bbb577 am: 8abacefca7 am: 20e4f66935 am: c3027f1f77
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1684347
Change-Id: Ie842946852b60519392f1947bf37067cff4c33ea
|
|
f695bbb577 am: 8abacefca7 am: 20e4f66935
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1684347
Change-Id: I0d64213e8c6a2fa3264bbd839c613e7c0bb84a80
|
|
f695bbb577 am: 8abacefca7
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1684347
Change-Id: I49c1dbb656ffb7dfeb3be11fbfda76bb39bc457e
|
|
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1684347
Change-Id: Icdc55869f8f24db0d89e9defbf0aefa43281f32c
|
|
Bug: 186070162
Test: TH
Change-Id: I3b5131926c0d3eb934bcb5f5d3067bc23bbcfba2
|
|
0dd4a759e5
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1676409
Change-Id: I4a77f912283c83c3a08019c8ef21e4dacfe1f1c5
|
|
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1676409
Change-Id: Id2f310ddab6b7eee1fb0418f894041b24d03ee87
|
|
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1676409
Change-Id: I0aaa5a829874a59bca571c6df39fa6e978361737
|
|
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1676409
Change-Id: Id04c2027bd1816f00a03cd4116b46f79b73d3497
|
|
adb moved from system/core/adb into its own repository.
Bug: http://b/182955465
Test: treehugger
Change-Id: Ia5d9c5fa008553ff33b3723df15dece8c337d598
|
|
ac675a6d20 -s ours am: 17d2f2a96d -s ours am: ab8ea1ecad -s ours
am skip reason: skip tag Change-Id I1fb4105341a73be9d5f978301f7318e16027f37d with SHA-1 17486117ac is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/13918777
Change-Id: Ia5424926d38d8a7efd62754e3ed1027fe5f0de38
|
|
ac675a6d20 -s ours am: 17d2f2a96d -s ours
am skip reason: skip tag Change-Id I1fb4105341a73be9d5f978301f7318e16027f37d with SHA-1 17486117ac is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/13918777
Change-Id: I6482f72b592bf75915906b950c10e9040f43d88f
|
|
ac675a6d20 -s ours
am skip reason: skip tag Change-Id I1fb4105341a73be9d5f978301f7318e16027f37d with SHA-1 17486117ac is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/13918777
Change-Id: Ifea645b6f5465bc35eeb6c364c00ea99a0201245
|
|
Cherry pick note: Fix for rvc-qpr-dev is required (see bug
for details). Note that this branch is code-frozen due to
FIPS certification, but my understanding is that security
fixes trump that, but that's why I've included the minimal
fix from BoringSSL rather than patching the roll-up CL
from master in aosp/1553538.
See also CVE-2020-1971, f960d81215ebf3f65e03d4d5d857fb9b666d6920, and
aa0ad2011d3e7ad8a611da274ef7d9c7706e289b from upstream OpenSSL.
Unlike upstream's version, this CL opts for a simpler edipartyname_cmp.
GENERAL_NAME_cmp is already unsuitable for ordering, just equality,
which means there's no need to preserve return values from
ASN1_STRING_cmp. Additionally, the ASN.1 structure implies most fields
cannot be NULL.
(The change from other to x400Address is a no-op. They're the same type.
Just x400Address is a little clearer. Historical quirks of the
GENERAL_NAME structure.)
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44404
Bug: 175147055
Test: atest boringssl_crypto_test boringssl_ssl_test
Change-Id: Ieffd0cde14d1f93f9ad6a884609ed631b891599b
Merged-In: I1fb4105341a73be9d5f978301f7318e16027f37d
|
|
f262136666 am: cf608f4c1d am: ba7c812658 am: cf5c92d8cf
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1627400
Change-Id: I0429c62397bd5e84834cb11557a6c2b4f1d9c013
|
|
f262136666 am: cf608f4c1d am: ba7c812658
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1627400
Change-Id: I0bc830dd710d21f471dfb4e8b08a01e94c8aac8e
|
|
f262136666 am: cf608f4c1d
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1627400
Change-Id: I9d8dc376a39b5964f93665aae0838ed473cc6c7c
|
|
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1627400
Change-Id: I50d846a9899bd988004879d436318ef30152bacf
|
|
|
|
41b7c73884 am: 4fc5dfb102
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1587598
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I6d34fc425cdf1451f4d94752a4242e0b57e2afef
|
|
41b7c73884
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1587598
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Ia8e8dcd4f11baf7672e3673e73d308b2930a53a9
|
|
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1587598
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I959287abb2c33eba40d494c20b041049c61ff7b4
|
|
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1587598
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I5446b496c4757bc753a0a95b6b22fd557c3d54e7
|
|
We now have an STL available for boringssl, so we can build with C++
support which is needed for ACVP testing. Remove the define suppressing
C++ APIs.
Test: build.py qemu-generic-arm64-test-debug
Change-Id: Ibc5cc5fe3a8461b8f73ad32e96112bd8577c1840
|
|
The Trusty ACVP modulewrapper is vendored code, so we need to explicitly
expose libacvp_modulewrapper for its use.
Test: m trusty_acvp_modulewrapper
Bug: 173805789
Change-Id: I9abb6b82242aaddea88aa22eb1865f7913177939
|
|
bc0a4f1f0f7a2d56f944058da74b9c776ba38002" am: ff86bdb9ab am: 2de7559e47 am: 78beba34dc am: cef320e871
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1607475
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Ie05db85fc0987574f6313f9d0ff7c6fd0782c5da
|
|
bc0a4f1f0f7a2d56f944058da74b9c776ba38002" am: ff86bdb9ab am: 2de7559e47 am: 78beba34dc
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1607475
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I7a3668213c2af17f4f4f1ba95b7130bb143d3e06
|
|
bc0a4f1f0f7a2d56f944058da74b9c776ba38002" am: ff86bdb9ab am: 2de7559e47
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1607475
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Iff12817ebe7790ff1e35c9bac2919ca0e47d0017
|
|
bc0a4f1f0f7a2d56f944058da74b9c776ba38002" am: ff86bdb9ab
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1607475
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I9cddd09be819ecfc47538842254ca88f82922e77
|
|
|
|
This includes the following change:
https://boringssl.googlesource.com/boringssl/+/bc0a4f1f0f7a2d56f944058da74b9c776ba38002
* acvp: split ACVP modulewrapper for reuse by Trusty
Trusty requires its own trusted app to implement the ACVP modulewrapper
functionality for validation. Separate the frontend from the generic
functions that implement each algorithm.
Also includes the necessary Android build system changes for the new
file structure.
Bug: 173805789
Test: atest CtsLibcoreTestCases CtsLibcoreOkHttpTestCases
Change-Id: I9711c39c94dcae0929b5198970747e7e9c12c536
|
|
ours am: c36ce56fa4 -s ours am: d70c268fe8 -s ours
am skip reason: Change-Id Ia6f0b71fd4822d67d88ff6dd585992585c2b9263 with SHA-1 bc2f2a9b13 is in history
Original change: undetermined
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Id96d61b7398414853b1d2630e0ee91552678ed04
|
|
ours am: c36ce56fa4 -s ours
am skip reason: Change-Id Ia6f0b71fd4822d67d88ff6dd585992585c2b9263 with SHA-1 bc2f2a9b13 is in history
Original change: undetermined
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I5302b21ee27b5292949cf898ea53e46d21047dcf
|
|
am skip reason: Change-Id Ia6f0b71fd4822d67d88ff6dd585992585c2b9263 with SHA-1 bc2f2a9b13 is in history
Original change: undetermined
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I1d16879790a3bda50f2f571103c471768aaca386
|
|
Bug: 180401296
Merged-In: Ia6f0b71fd4822d67d88ff6dd585992585c2b9263
Change-Id: If8328f8978c332aaec0fefdf52935498075dbb43
|
|
749e091869 am: 0483175244 am: 817e7745c0
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1588701
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Ifd4d1ee663779f5a0dab7c673650234166825ea9
|
|
749e091869 am: 0483175244
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1588701
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I18143cf85c6cfea8a4e3c4669b5ee6645c025f16
|
|
749e091869
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1588701
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I6c4989b201d9b4ef858277a1c68a8544f151c26a
|
|
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1588701
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Ia0348c0804c293ba0e6b897cf0bf07af8447273f
|
|
Added SPDX-license-identifier-Apache-2.0 to:
selftest/Android.bp
Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-BSD
SPDX-license-identifier-ISC SPDX-license-identifier-MIT
SPDX-license-identifier-OpenSSL legacy_unencumbered
to:
Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Exempt-From-Owner-Approval: janitorial work
Change-Id: I9c8c213ac3fe7e969d3f6662fe8b20126ecc63d2
|
|
22396f9b5d am: 18941b6fd5
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1565968
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Iba3dd32c8e9de334583b458753ccc02ffe889c82
|
|
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1565968
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I5d8890fbbc108ca1fb06b1e9da34ac75dab20a75
|
|
dcdc7bbc6e am: 7e180c59de am: 694194418f am: 7e1480d106
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1563774
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Ia48d7e63e76a3353c933b0410a33cf27d9423496
|
|
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1565968
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Ia176cc3e2105e1830e9c83c8a09782c8aaf204dc
|
|
dcdc7bbc6e am: 7e180c59de am: 694194418f
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1563774
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I914840c437ee46c17a5b9169b4430c0c54888eb1
|
|
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1565968
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Icf0ba3f9ec5681289ffb511de585fc1f11dbd860
|
|
dcdc7bbc6e am: 7e180c59de
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1563774
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I913636e45f6d5eea7e55360e94fc6a62bfb19696
|