Age | Commit message (Collapse) | Author |
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/66e61c577d39e757bf491468f651461fa79fd5e1..a9670a8b476470e6f874fef3554e8059683e1413
* No-op change to test the bots.
* Remove outdated comment in ECDSA implementation.
* Add missing assert.h include.
* Check tag class and constructed bit in d2i_ASN1_OBJECT.
Update-Note: d2i_ASN1_OBJECT will now notice more incorrect tags. It was
already checking for tag number 6, so it is unlikely anyone was relying
on this as a non-tag-checking parser.
* Don't parse constructed BIT STRINGs in crypto/bytestring
Update-Note: PKCS#7 and PKCS#12 parsers will now reject BER constructed
BIT STRINGs. We were previously misparsing them, as was OpenSSL. Given
how long the incorrect parse has been out there, without anyone noticing
(other parsers handle it correctly), it is unlikely these exist.
* Enforce DER rules for BIT STRING values.
* Remove support for indefinite lengths in crypto/asn1.
Update-Note: Invalid certificates (and the few external structures using
asn1t.h) with BER indefinite lengths will now be rejected.
* Remove support for constructed strings in crypto/asn1.
Update-Note: Invalid certificates (and the few external structures using
asn1t.h) with BER constructed strings will now be rejected.
* Check for trailing data in extensions.
Update-Note: Some previously accepted invalid certicates may be
rejected, either in certificate verification or in X509_get_ext_d2i.
* Update tools.
* Fold x509v3/pcy_int.h into x509v3/internal.h.
* Switch kModuleDigestSize to a macro.
* Switch DEPS actions on bots to Python 3.
* Match OPENSSL_EXPORT in ssl/internal.h friend declarations.
* Add a function to express the desired record version protocol.
* Add CRYPTO_BUFFER_new_from_static_data_unsafe.
* Finish documenting asn1.h.
* Trim some undocumented symbols from asn1.h.
* Add magic tag to BoringSSL binaries.
* Document and const-correct multi-string types.
* Fully unexport X509_VAL.
Update-Note: The last remnants of the now (barely usable) X509_VAL are
no longer exported. It is unlikely anyone was relying on this.
* Document ASN1_OBJECT, i2c, and c2i functions.
* Unexport ASN1_OBJECT_new.
Update-Note: ASN1_OBJECT_new is no longer exported. While this function
does remain in OpenSSL, it is extremely unlikely anyone has found a use
for this function.
* Return 0x80 in all ASN1_get_object error paths.
Update-Note: ASN1_get_object's calling convention is slightly
simplified.
* Document low-level encoding functions in asn1.h.
* Use C preprocessor comments in assembly headers.
* Document and const-correct ASN1_TYPE functions.
* Fix error-handling for i2a_ASN1_OBJECT.
* Document i2a_ASN1_* functions.
* Fold i2a_ASN1_ENUMERATED into i2a_ASN1_INTEGER.
* Fix BIT STRING comparison in ASN1_STRING_cmp.
Update-Note: ASN1_STRING_cmp no longer incorrectly treats BIT STRINGs
with different padding bits as equal.
* Rewrite ASN1_item_pack and ASN1_item_unpack.
Update-Note: ASN1_item_unpack now checks for trailing data.
* Document some more ASN1_ITEM-associated functions.
* Reword ASN1_BOOLEAN exception.
* Move M_ASN1_* to the deprecated section.
* Fix up some doc.go nits in asn1.h.
* Document new/free/d2i/i2d for singly-typed ASN1_STRINGs.
* Document ASN1_NULL.
* Const-correct the low-level ASN1 i2d functions.
Update-Note: The type signature of some i2d functions, such as
i2d_ASN1_OCTET_STRING, is now const-correct.
* Start documenting ASN1_ITEM.
* Tidy up SSLTest.SetVersion.
* Deduplicate d2i and i2d documentation.
* Check tag class and constructed bit in d2i_ASN1_BOOLEAN.
* Use typedefs in i2d and d2i_ASN1_BOOLEAN.
* Forward-declare SSL_CLIENT_HELLO.
* Fix BN_CTX usage in BN_mod_sqrt malloc error paths.
* Make ASN1_NULL an opaque pointer.
Update-Note: Code that was assuming ASN1_NULL was an int typedef will
fail to compile. Given this was never dereferencable, it is hard to
imagine anything relying on this.
* Remove remnants of ASN.1 print function generators.
* Fold x509_vfy.h into x509.h.
* Make ASN1_STRING_TABLE_add thread-safe and document.
Update-Note: ASN1_STRING_TABLE_add no longer allows overwrite existing
entries. In most cases, this would crash or trigger a race condition
anyway.
* Test ASN1_STRING_set_by_NID with custom NIDs.
* Test ASN1_STRING_set_by_NID with built-in NIDs.
* Test that built-in ASN1_STRING_TABLEs are sorted.
* Extract common rotl/rotr functions.
* Remove X509_STORE_set0_additional_untrusted.
* Enable X509_V_FLAG_TRUSTED_FIRST by default.
Update-Note: X509_verify_cert will now build slightly different chains
by default. Hopefully, this fixes more issues than it causes, but there
is a risk of trusted_first breaking other scenarios. Those scenarios
will also break OpenSSL 1.1.x defaults, so hopefully this is fine.
* Switch x509_test.cc to modify the existing X509_VERIFY_PARAM.
* Add note to HMAC test vectors from NIST
* Add log tag for Trusty.
* Fix CRYPTO_malloc, etc., definitions.
* Keep EVP_CIPHER/EVP_MD lookup and do_all functions in sync
* aarch64: Add missing LR validation in 'vpaes_cbc_encrypt'
Test: atest CtsLibcoreTestCases CtsLibcoreOkHttpTestCases
Change-Id: I0fc8c0f6505d4ee04193404cf02ec776bced8d40
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/7f02881e96e51f1873afcf384d02f782b48967ca..2fb729d4f36beaf263ad85e24a790b571652679c
Test: atest CtsLibcoreTestCases
Change-Id: I46a15a7bae971f16f957b04bcbb771a6936d5c1b
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/4ca15d5dcbe6e8051a4654df7c971ea8307abfe0..a7a75f208caea8a303615724d4cc5f4e8dfb9695
Test: atest CtsLibcoreTestCases
Change-Id: Ie997cc5a7f8f03b271d58b5d89d43f67e4df68b0
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/6e7255c17e1a7348a2377fbc804441dd284806e2..56b6c714c9cae5963681ed9dd9f6cabf294e3f80
Test: atest CtsLibcoreTestCases CtsLibcoreOkHttpTestCases
Change-Id: I9977c8fa204dd39e5b6c71abdb85d055e842bf4e
|
|
Third time's the charm.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/c9827e073f64e353c4891ecc2c73721882543ee0..bc2a2013e03754a89a701739a7b58c422391efa2
Test: atest CtsLibcoreTestCases
Test: atest CtsLibcoreOkHttpTestCases
Change-Id: I7943c83d12237ec6e4dc54fb3d5a9cecb909e6e7
|
|
81080a729af568f7b5fde92b9170cc17065027c9."""
This reverts commit a5c947b7c91bac52eeb5086507b67e52a59ef980.
Reason for revert: Breaks blueline target on qt-dev-plus-aosp and pi-dev-plus-aosp
Change-Id: Ib3f71674ce7f7114e5925043ead7e8e51e9bc31e
|
|
81080a729af568f7b5fde92b9170cc17065027c9.""
This reverts commit 228bd6249d17f351ea66508b3ec3112ed1cbdf30.
Reason for revert: All fixes submitted for modules affected by the ENGINE_free API change.
Change-Id: I30fafafa13ec0a6390f4a9211fbf3122a8b4865f
|
|
This reverts commit f8d8b73da16aa9f2fdda401a46b4f86a83016712.
Reason for revert: Breaks buildsdk_tools_cross_win
Change-Id: I3bac24f78d165dfa7f89b878cc2277281fd8f1ab
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/c9827e073f64e353c4891ecc2c73721882543ee0..81080a729af568f7b5fde92b9170cc17065027c9
Bug: 134581881
Test: atest CtsLibcoreTestCases
Test: atest CtsLibcoreOkHttpTestCases
Change-Id: Id3a510c9724554a28b6514b892bd15dde305855c
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/fa3aadcd40ec4fd27a6e9492ef099b3dcc6eb2af..9113e0996fd445ce187ae9dfeabfc95805b947a2
Test: atest CtsLibcoreTestCases
Change-Id: I31ed8a7c9481e7b42f0454f0ee64c26e17a85d52
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/689019fe40d5ad94df46ffeebcd794ff359a7074..5baee45652d9de70ae957d1aa1e04a2d27101c3b
Test: BoringSSL CTS Presubmits
Change-Id: I6f92d4fa84a3b9d6f35b291cb0da0782219b2b05
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/67e64342c1aa0b31b0b5c11e5ee21c481ce530e8..689019fe40d5ad94df46ffeebcd794ff359a7074
Test: BoringSSL CTS Presubmits
Change-Id: Ib675c5478b0e45270e31248d1dadc5f4841da990
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/58e449904e248f34bdfc2be7a609c58bcb0257b7..5e578c9dba73460c3eb17f771c77fc8e36f7812e
Test: BoringSSL CTS Presubmits
Change-Id: Ic1541b034545fa58a284ca35134b3719303455c7
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/2c45fa0b90f61b27973fa81893e014fc8c8e8999..2c1523733a71166943e52da11ac2eae82b0227b8
Test: Boringssl CTS Presubmits
Change-Id: I3dd86f480a6498f78b7b0cce8278179b7201107c
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/faa539f877432814d0f2de19846eb99f2ea1e207..2c45fa0b90f61b27973fa81893e014fc8c8e8999
Test: BoringSSL CTS Presubmits
Change-Id: Ie6dc40e0c979168ec73fa1165cbc6e6b83793439
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/e34bcc91c07c0bf65ecc53a814d51f5246007150..3cbdc34619daafb9f8527fb9dd27afc8ee7dcf19
This removes android_compat_keywrap.c, as these APIs are now provided
natively by BoringSSL.
Test: cts-tradefed run cts -m CtsLibcoreTestCases -m
CtsLibcoreOkHttpTestCases -a arm64-v8a
Change-Id: I29bce93c45eb5b80fa739667bf6e357e0af03b7f
|