| Age | Commit message (Collapse) | Author |
|---|
|
tm-frc-conscrypt-release
Change-Id: I5f94bb9e3c12718bdc8d6799ddea303bc39078e2
|
|
*** Notes for Cherry-Pick to tm-dev:
See b/233873228#comment10 for the reasoning behind this late breaking change.
This change needs to go into tm-dev before FRC to ensure libcrypto in /system is built from the version we certify.
The FRC module train is due to be completely respun next week so it will also go into the FCS modules version of libcrypto. *However* as there are no API, ABI, functional or test expectation changes there is no urgency to getting the change into the Mainline train, so we just need to ensure all modules that bundle libcrypto board a Mainline train before the certification process moves on to NIST evaluation.
*** Original change description follows
Final FIPS changes for 2022.
The upstream branch being merged contains cherry-picks of
changes needed for FIPS certification plus a couple of critical
bug fixes. No API or ABI changes. No functional changes.
Those changes are also in the main upstream branch, so won't
be overwritten by the next routine rollup with do using our
UPDATING script.
Includes the following changes:
* Add an extra reduction step to the end of RSAZ.
* Always end BN_mod_exp_mont_consttime with normal Montgomery
reduction.
* More includes for builds that don't use bcm.c
* Add some more includes.
* Increase ACVP sizes.
* Move digestsign.c into the module.
Bug: 233873228
Test: atest CtsLibcoreTestCases CtsLibcoreOkHttpTestCases
Change-Id: I1d41a5d6f51af818253b55b8b99e0e73ea6e24ba
Merged-In: I1d41a5d6f51af818253b55b8b99e0e73ea6e24ba
(cherry picked from commit abd455b494b016109d2bfd1ca7a29619fb4c35a3)
|
|
tm-frc-conscrypt-release
Change-Id: I1f4664537e872f0ca151e7125ce3b19b24cdfeb6
|
|
Cherry-pick note: Needs to go into tm-dev base OS for FIPS certification
(b/233873228) and into the July module train to prevent breaking ABN Amro banking app in .nl (b/231880827) so cp-ing into tm-dev where it will merge forward into all needed branches.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/c9a7dd687987666df5910f2b35fdc8c3d1e5ed05..1530333b25589ee4d4d52b10e78ee55dd82f6dcd
* Remove X509_CRL_METHOD.
Update-Note: APIs relating to X509_CRL_METHOD are removed.
* Clean up ECDSA EVP_PKEY_CTRL_MD validation.
* Add a service indicator for FIPS 140-3.
* Move cmac into the FIPS module boundary.
* Use CMake's C/C++ version features.
* Update build tools.
* Don't leave stray errors in the error queue in X509_print_ex.
* Switch to the CIPD version of CMake on Windows.
* limit the feature macro stuff to __linux__
* Enforce X.509 version invariants more consistently.
Update-Note: Invalid CRL and CSR versions will no longer be accepted.
X509_set_version, etc., no longer allow invalid versions.
* Remove X509_to_X509_REQ.
Update-Note: Removed seemingly unused public API.
* Declare EVP_AEAD_CTX in base.h, like other typedefs.
* Add missing blank line between functions.
* Remove unions in EC_SCALAR and EC_FELEM.
* Implement SSL_CTX_set_num_tickets.
* Add tests for X509_NAME_print_ex.
* acvp: test CTR-DRBG with reseed in modulewrapper.
* Do pending `go fmt` updates.
* acvp: test SHA-512/256 with HMAC, RSA (PSS), and ECDSA.
* Add PSS to the AVCP regcap.
* Drop ACVP support for 3DES.
* Add function to return the name of the FIPS module.
* Support running tests on non-NEON devices.
* Update delocate tests
* Tidy up how ASN1_STRING_print_ex figures out the type.
* Remove the ASN1_TLC cache. It appears to not help performance.
* Fix build for older CMake versions.
* Remove code added to avoid SHA1 weakness.
* Update comment in light of prior change.
* ChaCha20-Poly1305 for Armv8 (AArch64)
* Replace the last strcasecmp with OPENSSL_strcasecmp.
* [build] Fix build with HEAD clang.
* Make calls to the verify callback consistant by calling ctx->verify_cb directly. This removes some temporary variables that would only be used to hold ctx->verify_cb.
* Try to require C11 (in non-MSVC compilers).
Update-Note: If the build fails with an error about C11, remove -std=c99
or -std=gnu99 from your build. Refcounting will get faster.
* Try to require C++14.
Update-Note: C++14 is now required to build BoringSSL. If the build
breaks, make sure your compiler is C++14-capable and is not passing
-std=c++11. If this is causing problems for your project, let us know.
* Reject [UNIVERSAL 0] in DER/BER element parsers.
Update-Note: There are two kinds of impacts I might expect from this
change. The first is BER parsers might be relying on the CBS DER/BER
element parser to pick up EOCs, as our ber.c does. This should be caught
by the most basic unit test and can be fixed by detecting EOCs
externally.
* Add CMake install rules.
* P-256 assembly optimisations for Aarch64.
* hrss: always normalize.
* Use SHA-256 for the FIPS integrity check everywhere.
* Remove unused variable
* Use X509 certificate alias as friendlyName in PKCS12
Bug: 231880827
Bug: 233873228
Test: atest CtsLibcoreTestCases CtsLibcoreOkHttpTestCases
Change-Id: I748d8d55ffab4ea4441648307a797e7b709b6def
(cherry picked from commit e6e9a5d015a010d2fab0a13392eca548f7c370cc)
Merged-In: I748d8d55ffab4ea4441648307a797e7b709b6def
|
|
tm-frc-conscrypt-release
Change-Id: Ibdf009f73b28db31c401b0274f72fcdfc986c71c
|
|
Maintains pre-Android 13 behaviour by ensuring any crypto
module failures are detected at boot time.
For the libcrypto in /system this may not be needed and
we can change the behaviour later.
For libcrypto in the Conscrypt APEX, this is needed to maintain
current behaviour on older releases.
Bug: 231946889
Test: Flash and boot.
Change-Id: I7dee7f0bf953ea2c5026881d5acc13698de0626d
(cherry picked from commit c90762593f6490df8f6b13020d91e3466892b106)
Merged-In: I7dee7f0bf953ea2c5026881d5acc13698de0626d
|
|
tm-frc-conscrypt-release
Change-Id: Id12b13d68740c45c425d854dbad3a5bcb691ff77
|
|
into tm-dev
* changes:
[automerged blank] [DO NOT MERGE] Don't loop forever in BN_mod_sqrt on invalid inputs. 2p: 43ca36f693
[DO NOT MERGE] Don't loop forever in BN_mod_sqrt on invalid inputs.
|
|
sc-v2-dev-plus-aosp-without-vendor@8433047 am: e24b7a1f5d -s ours am: c79cf04f4d -s ours
am skip reason: Merged-In Iffd9451788b67d3da80cefbcf8d3d0ffb7d682fd with SHA-1 6d77d67fee is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/17805470
Change-Id: I1f2beb67e10ce5121fdf534ebcfc144e077c5876
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
sc-v2-dev-plus-aosp-without-vendor@8433047 am: e24b7a1f5d -s ours
am skip reason: Merged-In Iffd9451788b67d3da80cefbcf8d3d0ffb7d682fd with SHA-1 6d77d67fee is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/17805470
Change-Id: I5d7f0b310d059af0fc4ed387ec570c24eba52334
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Bug: 226662282
Merged-In: Iffd9451788b67d3da80cefbcf8d3d0ffb7d682fd
Change-Id: Ie5c7bf77014b4b85b60c0ef373165936b4e1f566
|
|
invalid inputs. 2p: 43ca36f693
Blank merge reason: commit message contains skip directive
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/17745127
Bug: 224813912
Change-Id: Ib9d36933b408a67b3f1677d06da8b8bb424ccf7c
|
|
Cherry-picked from
https://boringssl-review.googlesource.com/c/boringssl/+/51925
to fix CVE-2022-0778. Should not be merged downstream as
it already exists in a rollup BoringSSL CL there.
Upstream commit message follows:-
BN_mod_sqrt implements the Tonelli–Shanks algorithm, which requires a
prime modulus. It was written such that, given a composite modulus, it
would sometimes loop forever. This change fixes the algorithm to always
terminate. However, callers must still pass a prime modulus for the
function to have a defined output.
In OpenSSL, this loop resulted in a DoS vulnerability, CVE-2022-0778.
BoringSSL is mostly unaffected by this. In particular, this case is not
reachable in BoringSSL from certificate and other ASN.1 elliptic curve
parsing code. Any impact in BoringSSL is limited to:
- Callers of EC_GROUP_new_curve_GFp that take untrusted curve parameters
- Callers of BN_mod_sqrt that take untrusted moduli
This CL updates documentation of those functions to clarify that callers
should not pass attacker-controlled values. Even with the infinite loop
fixed, doing so breaks preconditions and will give undefined output.
Bug: 224813912
Test: TH
Change-Id: I64dc1220aaaaafedba02d2ac0e4232a3a0648160
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51925
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
Commit-Queue: Adam Langley <agl@google.com>
|
|
am: 67506730c7 am: 9ff3c15dd7
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/2061407
Change-Id: I015e36bc118c8424ca32a0af184ada2bcf641038
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
am: 67506730c7
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/2061407
Change-Id: Ia2c3f80962d1c77feff883d4f0bf063202054238
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/2061407
Change-Id: I612d2626f43bd76efad81237d9757062ef96f14b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
The tests run from /data/local/tmp and likely to pick up
libraries from the sustem partition (or not in some libssl cases)
rather than the APEX.
Fixes: 228778981
Test: atest boringssl_crypto_tests boringssl_ssl_tests
Change-Id: I0429686a87723447179a6cf32c6f9d4f1a7e7fc1
|
|
c9a7dd687987666df5910f2b35fdc8c3d1e5ed05." am: ea823ff68d -s ours am: 04b0aa0916 -s ours am: 1c4c54db07 -s ours
am skip reason: Merged-In Iffd9451788b67d3da80cefbcf8d3d0ffb7d682fd with SHA-1 6d77d67fee is already in history
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/2046663
Change-Id: I6687811378faace1d6ac6cc47885c7888d9f11c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
c9a7dd687987666df5910f2b35fdc8c3d1e5ed05. am: b439634923 -s ours am: 7ef1fe2744 -s ours am: b49eb35cb9 -s ours
am skip reason: Merged-In Iffd9451788b67d3da80cefbcf8d3d0ffb7d682fd with SHA-1 6d77d67fee is already in history
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/2046663
Change-Id: Ia594a48f0e4737d05be96e17137e88759256aa07
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
c9a7dd687987666df5910f2b35fdc8c3d1e5ed05." am: ea823ff68d -s ours am: 04b0aa0916 -s ours
am skip reason: Merged-In Iffd9451788b67d3da80cefbcf8d3d0ffb7d682fd with SHA-1 6d77d67fee is already in history
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/2046663
Change-Id: I9f47227830de55a9277f1ee91f9c1747b1f84940
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
c9a7dd687987666df5910f2b35fdc8c3d1e5ed05. am: b439634923 -s ours am: 7ef1fe2744 -s ours
am skip reason: Merged-In Iffd9451788b67d3da80cefbcf8d3d0ffb7d682fd with SHA-1 6d77d67fee is already in history
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/2046663
Change-Id: Ia0f2890b9789ac1a8a3e5d1404772b151f419ab6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
c9a7dd687987666df5910f2b35fdc8c3d1e5ed05." am: ea823ff68d -s ours
am skip reason: Merged-In Iffd9451788b67d3da80cefbcf8d3d0ffb7d682fd with SHA-1 6d77d67fee is already in history
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/2046663
Change-Id: Ic3d224bfee238e8ac78fda278c2aa76c5e5491e0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
c9a7dd687987666df5910f2b35fdc8c3d1e5ed05. am: b439634923 -s ours
am skip reason: Merged-In Iffd9451788b67d3da80cefbcf8d3d0ffb7d682fd with SHA-1 6d77d67fee is already in history
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/2046663
Change-Id: I1ee21e2f328a897085028fe4a4394ab9d7fba847
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
|
|
6d77d67fee am: d3915051ff
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/17654895
Change-Id: Id948d1017ae1d0dc90bc3c195585ecede94501e5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
6d77d67fee
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/17654895
Change-Id: I5d2e75dbf9ad258221881ee73a80aad924e0676e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Cherry-picked from https://r.android.com/2046663 to prevent merge conflicts and http://ag/17606941 because the original CP was to the wrong branch.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/81502beeddc5f116d44d0898c6c4a33057198db8..c9a7dd687987666df5910f2b35fdc8c3d1e5ed05
* Retire the Windows BIO_printf workaround.
* Work around another C language bug with empty spans.
* ASAN replaces malloc and free with its own implementation.
* Update fiat-crypto.
* Remove VS 2015 support.
Update-Note: BoringSSL may no longer build with VS 2015. Consumers
should upgrade to the latest Visual Studio release. VS 2017 or later is
required.
* Remove X509_TRUST_set_default.
* Replace internal use sha1 hash with sha256.
* Document that |EC_KEY_generate_fips| works for both cases.
* Allow the integrity test to be run on demand.
* Add a function to return a FIPS version.
* Add a function to tell if an algorithm is FIPS approved.
* Add vs2019 to vs_toolchain.py.
* Unexport X509_CERT_AUX and remove X509_CERT_AUX.other
* Document and tidy up X509_alias_get0, etc.
* Don't loop forever in BN_mod_sqrt on invalid inputs.
* Make a whitespace commit to trigger a build.
* Rust bindings: Use CARGO_MANIFEST_DIR in build.rs
* Remove ASN1_ADB_INTEGER.
* Replace an ASN1_INTEGER_get call with ASN1_INTEGER_get_uint64
* Correctly handle LONG_MIN in ASN1_INTEGER_get.
* Implement ASN1_INTEGER_set_uint64 with ASN1_STRING_set.
* Rewrite and tighten ASN1_INTEGER encoding and decoding.
Update-Note: Invalid INTEGERs will no longer parse, but they already
would not have parsed in OpenSSL. Additionally, zero is now internally
represented as "" rather than "\0".
* Deduplicate the rest of ASN1_INTEGER and ASN1_ENUMERATED.
Update-Note: ASN1_INTEGER_to_BN and ASN1_ENUMERATED_to_BN will now fail
when called on an ASN1_STRING/ASN1_INTEGER/ASN1_ENUMERATED (they're all
the same type) with the wrong runtime type value. Previously, callers
that mixed them up would get the right answer on positive values and
silently misinterpret the input on negative values. This change matches
OpenSSL's 1.1.0's behavior.
* Fix theoretical overflow in ASN1_INTEGER_cmp.
* Include rsa/internal.h for |...no_self_test| functions.
* Limit the pthread_rwlock workaround to glibc.
Update-Note: If there are non-glibc libcs with similarly problematic
headers, this may break the build. Let us know if it does.
* Rewrite ASN1_INTEGER tests.
* Use X509V3_add_value_int in i2v_AUTHORITY_KEYID.
* Fix x509v3_bytes_to_hex when passed the empty string.
* Reimplement ASN1_get_object with CBS.
Update-Note: Invalid certificates (and the few external structures using
asn1t.h) with incorrectly-encoded tags will now be rejected.
* Add an explicit indefinite-length output to CBS_get_any_ber_asn1_element.
Update-Note: This is a breaking change to CBS_get_any_ber_asn1_element.
There is only one external caller of this function, and it should be
possible to fix them atomically with this change, so I haven't bothered
introducing another name, etc. (See cl/429632075 for the fix.)
* Use ctype(3) in a more standards-conformant way.
Bug: 160351635
Test: atest CtsLibcoreTestCases CtsLibcoreOkHttpTestCases
Change-Id: Iffd9451788b67d3da80cefbcf8d3d0ffb7d682fd
(cherry picked from commit 1ffe10415b506d2f2336a3249368c7b5f6b788e9)
|
|
am: 0c926c75f2
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1749846
Change-Id: I50a559f417648f9b76d2d2b8c66f81a3acf31f9d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1749846
Change-Id: Ife14eb824f142fd1d7d017c421ee75a625eb1d27
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1749846
Change-Id: I2d27efae84eb87374874bddbf5c2b3507ab19889
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/81502beeddc5f116d44d0898c6c4a33057198db8..c9a7dd687987666df5910f2b35fdc8c3d1e5ed05
* Retire the Windows BIO_printf workaround.
* Work around another C language bug with empty spans.
* ASAN replaces malloc and free with its own implementation.
* Update fiat-crypto.
* Remove VS 2015 support.
Update-Note: BoringSSL may no longer build with VS 2015. Consumers
should upgrade to the latest Visual Studio release. VS 2017 or later is
required.
* Remove X509_TRUST_set_default.
* Replace internal use sha1 hash with sha256.
* Document that |EC_KEY_generate_fips| works for both cases.
* Allow the integrity test to be run on demand.
* Add a function to return a FIPS version.
* Add a function to tell if an algorithm is FIPS approved.
* Add vs2019 to vs_toolchain.py.
* Unexport X509_CERT_AUX and remove X509_CERT_AUX.other
* Document and tidy up X509_alias_get0, etc.
* Don't loop forever in BN_mod_sqrt on invalid inputs.
* Make a whitespace commit to trigger a build.
* Rust bindings: Use CARGO_MANIFEST_DIR in build.rs
* Remove ASN1_ADB_INTEGER.
* Replace an ASN1_INTEGER_get call with ASN1_INTEGER_get_uint64
* Correctly handle LONG_MIN in ASN1_INTEGER_get.
* Implement ASN1_INTEGER_set_uint64 with ASN1_STRING_set.
* Rewrite and tighten ASN1_INTEGER encoding and decoding.
Update-Note: Invalid INTEGERs will no longer parse, but they already
would not have parsed in OpenSSL. Additionally, zero is now internally
represented as "" rather than "\0".
* Deduplicate the rest of ASN1_INTEGER and ASN1_ENUMERATED.
Update-Note: ASN1_INTEGER_to_BN and ASN1_ENUMERATED_to_BN will now fail
when called on an ASN1_STRING/ASN1_INTEGER/ASN1_ENUMERATED (they're all
the same type) with the wrong runtime type value. Previously, callers
that mixed them up would get the right answer on positive values and
silently misinterpret the input on negative values. This change matches
OpenSSL's 1.1.0's behavior.
* Fix theoretical overflow in ASN1_INTEGER_cmp.
* Include rsa/internal.h for |...no_self_test| functions.
* Limit the pthread_rwlock workaround to glibc.
Update-Note: If there are non-glibc libcs with similarly problematic
headers, this may break the build. Let us know if it does.
* Rewrite ASN1_INTEGER tests.
* Use X509V3_add_value_int in i2v_AUTHORITY_KEYID.
* Fix x509v3_bytes_to_hex when passed the empty string.
* Reimplement ASN1_get_object with CBS.
Update-Note: Invalid certificates (and the few external structures using
asn1t.h) with incorrectly-encoded tags will now be rejected.
* Add an explicit indefinite-length output to CBS_get_any_ber_asn1_element.
Update-Note: This is a breaking change to CBS_get_any_ber_asn1_element.
There is only one external caller of this function, and it should be
possible to fix them atomically with this change, so I haven't bothered
introducing another name, etc. (See cl/429632075 for the fix.)
* Use ctype(3) in a more standards-conformant way.
Bug: 160351635
Test: atest CtsLibcoreTestCases CtsLibcoreOkHttpTestCases
Change-Id: Iffd9451788b67d3da80cefbcf8d3d0ffb7d682fd
Merged-In: Iffd9451788b67d3da80cefbcf8d3d0ffb7d682fd
|
|
Bug: 187236336
Bug: 192368160
Test: mts-tradefed run mts-conscrypt
Change-Id: I8b0dd685ad0db477e41dab395489fe42e70a4fe1
|
|
am: c3df2ddaeb -s ours
am skip reason: Merged-In Ic67ad4214f6feb67a9e95410b16cf3e096cc0627 with SHA-1 1159a80f83 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/17545244
Change-Id: Id19cef4cd35f54b698623d38c79602c896972e5d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
am skip reason: Merged-In Ic67ad4214f6feb67a9e95410b16cf3e096cc0627 with SHA-1 1159a80f83 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/17545244
Change-Id: I723ea76c972a9bfaa6b4a7a30c9e30d6ef741e12
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Bug: 226662282
Merged-In: Ic67ad4214f6feb67a9e95410b16cf3e096cc0627
Change-Id: I1ee06676dc15d76f044b3129c4cb73877e9b1187
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/17343103
Change-Id: I25a76de8a1845c9a56a3f5057b8468a4b8a6417b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/17342543
Bug: 226230302
Change-Id: Ic67ad4214f6feb67a9e95410b16cf3e096cc0627
|
|
This change imports upstream's
https://github.com/openssl/openssl/commit/c0452248ea1a59a41023a4765ef7d9825e80a62b
Bug: 226230302
Test: treehugger
Change-Id: Ib50ff9eb8c48d9580aa2ffcae92d3990cc987e30
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50905
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
|
|
1f65662f46 am: ebeca38b4e am: e9b77e9827
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1965301
Change-Id: Ib9207b4da5a965cd29d4ba798bd90bf9c9dd72f9
|
|
1f65662f46 am: ebeca38b4e
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1965301
Change-Id: I6167579e636014f553019f78321dd7eae54c2b5e
|
|
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1965301
Change-Id: I62502c00b29080727d2e15e2ccdfb6141a8f66be
|
|
|
|
83b8e97230 am: 20125fb45b am: c0e68f06a3
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/2002831
Change-Id: I199378a89a3a7755badcc88987d67c42abc29058
|
|
83b8e97230 am: 20125fb45b
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/2002831
Change-Id: Ifda0776f51567c5bb3fc45576c4ab5bdc547282d
|
|
83b8e97230
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/2002831
Change-Id: I6018ba62bb26523c7a82285ad0ba6b6eaf9151c1
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/345c86b1cfcc478a71a9a71f0206893fd16ae912..81502beeddc5f116d44d0898c6c4a33057198db8
* Linkify RFCs in more places in the docs.
* Make FFDH self tests lazy.
* Make ECC self tests lazy.
* HPKE is now RFC 9180.
* Include the policy document for the most recent FIPS validation.
* Check static CPU capabilities on x86.
Update-Note: This CL may break build environments that incorrectly mark
some instruction as statically available. This is unlikely to happen
with vector instructions like AVX, where the compiler could freely emit
them anyway. However, instructions like AES-NI might be set incorrectly.
* Align rsaz_avx2_preferred with x86_64-mont5.pl.
* Enable SHA-NI optimizations for SHA-256.
* Update Intel SDE.
* Include the EKU extension in bssl server's self-signed certs.
* Don't call a non-test file *test.h.
* Make RSA self-test lazy.
* Add link to new Android FIPS certificate.
* delocate: handle a new output form in Clang 13.
* Drop, now unused, KAT value.
* Drop CAVP code.
* Break FIPS tests differently.
* Don't forget hmac.h in self_check.h.
* Perform SHA-$x and HMAC KAT before integrity check.
* Add a couple of spaces to `check_test`.
* Split FIPS KATs into fast and slow groups.
* Move DES out of the FIPS module.
* acvp: don't send the Authorization header when renewing tokens
* Support Bazel's test-sharding protocol.
* Simply CMake assembly source selection.
* Rename generated assembly from 'mac' or 'ios' to 'apple'
Update-Note: References to 'mac' or 'ios' source lists in downstream
builds should be renamed to 'apple'.
* Build aarch64 assembly for macOS in the bazel build.
* Fix OPENSSL_NO_ASM definition in bazel.
* Use @platforms in Bazel rules.
* Record ClientHelloInner values in msg_callback.
* Fold ssl_decode_client_hello_inner into ssl_client_hello_decrypt.
* Explicitly reject self-referential ech_outer_extensions.
* Simpler square-root computation for Ed25519
* Condition split handshake tests on Linux in CMake.
* Implement PEM_read_bio_DHparams with the macro.
* Limit _XOPEN_SOURCE to Linux.
Update-Note: It's possible this will break yet another obscure UNIX.
Hopefully we can eventually find a combination that works?
* Fix Unicode strings for C++20
Test: atest CtsLibcoreTestCases CtsLibcoreOkHttpTestCases
Change-Id: I177c2a06d3d85ea4912e4f657caa370363966c33
|
|
sc-v2-dev-plus-aosp-without-vendor@8084891 am: a766470bef -s ours am: 3774f2e205 -s ours
am skip reason: Merged-In Ice857923c41eeb8321e62c08a28d4f8d7649d96a with SHA-1 49791bd8f4 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/16843644
Change-Id: I63e790dc88e5fd0630d54eb8e77c3c8ec3243e8d
|
|
sc-v2-dev-plus-aosp-without-vendor@8084891 am: a766470bef -s ours
am skip reason: Merged-In Ice857923c41eeb8321e62c08a28d4f8d7649d96a with SHA-1 49791bd8f4 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/16843644
Change-Id: Ic10b651a7f6f4008f954e65246b0353196e4c8dc
|
|
Bug: 214455710
Merged-In: Ice857923c41eeb8321e62c08a28d4f8d7649d96a
Change-Id: Idf7c27dbbf10e96660920897d3516dde1f269ad2
|
|
724206b5af am: cababaf0f6
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/1931930
Change-Id: I62c0ace1f82ba202eec1e11bbf844577317159c1
|
