| Age | Commit message (Collapse) | Author |
|---|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/a93bc1124c00b1ac0a68ea5cb14b158d6c8366e1..ee7aa02744a78bf4630913b1c83d0fe36aa45efc
Test: BoringSSL CTS Presubmits.
Change-Id: I5a05899374e616003f841983b6545f5c90e7c71d
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/3120950b1e27635ee9b9d167052ce11ce9c96fd4..a93bc1124c00b1ac0a68ea5cb14b158d6c8366e1
Test: BoringSSL CTS Presubmits.
Change-Id: Ifa05098e38da1872f2fe043a10780e91cbd3315c
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/5e578c9dba73460c3eb17f771c77fc8e36f7812e..3120950b1e27635ee9b9d167052ce11ce9c96fd4
Test: BoringSSL CTS Presubmits.
Change-Id: I54d7540777ffdf1e72c4ff67f3138097cbdbeafb
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/58e449904e248f34bdfc2be7a609c58bcb0257b7..5e578c9dba73460c3eb17f771c77fc8e36f7812e
Test: BoringSSL CTS Presubmits
Change-Id: Ic1541b034545fa58a284ca35134b3719303455c7
|
|
Bypass compiling src/crypto/fipsmodule/rand/urandom.c as it is not
supported.
Remove filtering out now non-exiting files.
Change-Id: If0308aea56ab602a4fb59e9bb55a2ae02683d3c5
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/2c1523733a71166943e52da11ac2eae82b0227b8..58e449904e248f34bdfc2be7a609c58bcb0257b7
Test: BoringSSL CTS Presubmits
Change-Id: I1a825139c8c7076d09b8a3acc5f09a547a7cbe0d
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/2c45fa0b90f61b27973fa81893e014fc8c8e8999..2c1523733a71166943e52da11ac2eae82b0227b8
Test: Boringssl CTS Presubmits
Change-Id: I3dd86f480a6498f78b7b0cce8278179b7201107c
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/faa539f877432814d0f2de19846eb99f2ea1e207..2c45fa0b90f61b27973fa81893e014fc8c8e8999
Test: BoringSSL CTS Presubmits
Change-Id: Ie6dc40e0c979168ec73fa1165cbc6e6b83793439
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/bbfe603519bc54fbc4c8dd87efe1ed385df550b4..faa539f877432814d0f2de19846eb99f2ea1e207
Test: BoringSSL CTS Presubmits
Change-Id: I3ea66c6a16d30b31f9a51e8154fa581a7d386918
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/2d05568a7b7bc62affbd13ea97a81b5829b99794..bbfe603519bc54fbc4c8dd87efe1ed385df550b4
Test: BoringSSL CTS Presubmits.
Change-Id: I78ec99cd34bebca1f864e4daaaedeec6bc1db3f0
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/2070f8ad9151dc8f3a73bffaa146b5e6937a583f..2d05568a7b7bc62affbd13ea97a81b5829b99794
Test: BoringSSL CTS Presubmits
Change-Id: Ib8174676671161667d54513df0f2dce7d70683ab
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/8ebeabf0e2e01b331e56d0a491c12539baa55d3d..2070f8ad9151dc8f3a73bffaa146b5e6937a583f
Test: BoringSSL CTS Presubmits
Change-Id: Ia779c6476e45c44e426e09afeca65b2192e783ae
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/be2ee342d3781ddb954f91f8a7e660c6f59e87e5..8ebeabf0e2e01b331e56d0a491c12539baa55d3d
Test: Libcore CTS presubmits.
Change-Id: I2fefc3e2bc2bbc3e3083668bd2a56d491520bc24
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/c4796c92e0aced2342ed5687201aea07189c3bc1..be2ee342d3781ddb954f91f8a7e660c6f59e87e5
Test: Libcore CTS Presubmits
Change-Id: Ic76542985c98caa096cdf1c72b00a77a88cae5de
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/040bc4944be97f5d4b44da176f6e801fc804a176..c4796c92e0aced2342ed5687201aea07189c3bc1
Test: CtsLibcoreTestCases Presubmits
Change-Id: If6d911660fbd9c60896527addb277c8225c3d401
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/ab20cec1c1de815de8da6cc74c2503460efd6e1c..040bc4944be97f5d4b44da176f6e801fc804a176
Test: Libcore CTS presubmits
Change-Id: I0667fbfb5c64ab68a3482c226c9ad12788f6806c
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/b2ff2623a88a65fd4db42d3820f3d8c64e8ab180..ab20cec1c1de815de8da6cc74c2503460efd6e1c
Change-Id: I68612cda7addda1a39f13abcee78c39ebb0ee361
Test: Libcore CTS presubmit
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/6d50f475e319de153a43e1dba5a1beca95948c63..b2ff2623a88a65fd4db42d3820f3d8c64e8ab180
Change-Id: I649281e093369d99e863b4882a2ff6a5ad8a64d1
Test: ATP's cts/libcore/gce-net (go/gce-net)
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/0726fb76ebe7f422e3c4fb2e25a0064926975770..6d50f475e319de153a43e1dba5a1beca95948c63
This also updates the build files to add the new GTest-based targets and
work with the C++ file in libssl.
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: I99718d51c901fe2e2e1e0398fc61fe1e76ccdb3f
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/9c33ae85621ef8e00a42309b5101e0bedd02b816..0726fb76ebe7f422e3c4fb2e25a0064926975770
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: I6da679b1bbebffd35568794c7f6e45e2d620287b
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/629db8cd0c84628e37aa81242b5b07fec7602f55..9c33ae85621ef8e00a42309b5101e0bedd02b816
Bug: 33622440
Test: BoringSSL tests
Change-Id: I20da15ad995a620b6b2f08db20c77ebd0f05ca10
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/7c5728649affe20e2952b11a0aeaf0e7b114aad9..629db8cd0c84628e37aa81242b5b07fec7602f55
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: I8f49012c4ae2500400d107f227bb7eb0616b7d2f
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/68f37b7a3f451aa1ca8c93669c024d01f6270ae8..7c5728649affe20e2952b11a0aeaf0e7b114aad9
This also removes sha256-armv4.S from libcrypto_sources_no_clang; clang
can assemble it now. The other files still need to be there though.
Note this pulls in a fix to a wpa_supplicant regression introduced in
c895d6b1c580258e72e1ed3fcc86d38970ded9e1.
Test: make checkbuild
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Change-Id: Ife1d9ea1c87a0b7b1814b8e3590d6f1eaf721629
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/3ef7697ed30f28367395a5aafb57a12a19906d96..68f37b7a3f451aa1ca8c93669c024d01f6270ae8
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: I296d05afab7470335cdda2442414a858df591f6c
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/3cbdc34619daafb9f8527fb9dd27afc8ee7dcf19..3ef7697ed30f28367395a5aafb57a12a19906d96
This also updates the UPDATING script to create the git commit
automatically.
Test: make checkbuild
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: I9e785971e5be19daf29697f010c3ae4e1ca70b04
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/e34bcc91c07c0bf65ecc53a814d51f5246007150..3cbdc34619daafb9f8527fb9dd27afc8ee7dcf19
This removes android_compat_keywrap.c, as these APIs are now provided
natively by BoringSSL.
Test: cts-tradefed run cts -m CtsLibcoreTestCases -m
CtsLibcoreOkHttpTestCases -a arm64-v8a
Change-Id: I29bce93c45eb5b80fa739667bf6e357e0af03b7f
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/0e9138d295cd556e830dc8b3be735e808680f4bd..e34bcc91c07c0bf65ecc53a814d51f5246007150
This also removes BORINGSSL_ENABLE_RC4_TLS and android_compat_hacks.c as
they are no longer needed.
Test: Built tree, phone boots. Ran cts-tradefed run cts -m CtsLibcoreTestCases
Change-Id: I86df196e1856c338bbf72c60e2e47dd1b74ae537
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/aa24851515d6280aa1d6a8b1548fe74691df3136..0e9138d295cd556e830dc8b3be735e808680f4bd
This requires some build tweaks:
- trusty's rules.mk builds with BORINGSSL_NO_CXX to suppress the new C++
scopers since they build their version of keymaster without the STL.
- BORINGSSL_ENABLE_RC4_TLS to temporarily keep RC4 in the TLS stack.
Change-Id: Ic688ec5779f649a4912b00fb2b55cba64fb07449
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/171b5403ee767fa0f3aecd377867db6533c3eb8f..aa24851515d6280aa1d6a8b1548fe74691df3136
Bug: 29744850
Change-Id: Id4e4a9e7a19c2f0badbaead2c39a51037ba182ed
|
|
Change-Id: I95dcd3704a2d7b5eeb789d599e74a6b27b83adaf
|
|
Change-Id: I0b04100ace8599c8734bee77f656aab04c06cce9
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/8ca0b4127da11d766067ea6ec4122017ba0edb0e..171b5403ee767fa0f3aecd377867db6533c3eb8f
This also updates the build file to build as C99, so BoringSSL can use
variables in for loops.
Change-Id: I48ae985fd1bed244f7ed327aefc9a13e5b17b185
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/9d908ba519f2cfe5e21561bdee3e224b94d14a89..8ca0b4127da11d766067ea6ec4122017ba0edb0e
Change-Id: I732653bc8fcba70707c615f8731ca75397a08736
|
|
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/d18cb77864dcc4b5c7cb08c2331008c01165f34f..9d908ba519f2cfe5e21561bdee3e224b94d14a89
Change-Id: I24455a28ea316890cd2107a98a5c18d51c6861b7
|
|
This includes the following changes which are far too many to list here:
https://boringssl.googlesource.com/boringssl/+log/7b8b9c17db93ea5287575b437c77fb36eeb81b31..d18cb77864dcc4b5c7cb08c2331008c01165f34f
This also retires one function from android_compat_hacks.c which is no longer
necessary.
Change-Id: Ie00536d7ad815464b2b031f7bcd1b683e12c1623
|
|
|
|
The new version of mingw has moved all of time_s.h into time.h.
This reverts commit 1f6fdd5a306c0a08f5dcf7ef6696c2efe4839882.
Bug: http://b/26523949
Change-Id: I58f05135ac44fa053133e0cfe999054b2694b682
|
|
This includes the following changes from BoringSSL :
7b8b9c1 Include 'asm' in the name of X25519 asm sources.
3202750 Update the fuzz tests for the server.
6544426 Fix a ** 0 mod 1 = 0 for real this time.
fe5f7c7 Only reserve EVP_MAX_MD_SIZE for the Finished, not twice of it.
0d56f88 Switch s to ssl everywhere.
974c7ba Route DHE through the SSL_ECDH abstraction as well.
4cc36ad Make it possible to tell what curve was used on the server.
4298d77 Implement draft-ietf-tls-curve25519-01 in C.
c18ef75 Allocate a NID for X25519.
3a2a480 Remove long-dead comment.
cba2b62 Implement draft-ietf-tls-curve25519-01 in Go.
ab14563 Bundle a copy of golang.org/x/crypto/curve25519 for testing.
a029ebc Switch the bundled poly1305 to relative imports.
64d9250 Completely remove P-224 from the TLS stack.
8c2b3bf Test all supported curves (including those off by default).
fc82512 Convert ssl3_send_cert_verify to CBB.
5fb18c6 Make MSVC happy.
2a0b391 Rewrite ssl3_send_server_key_exchange to use CBB.
d16bf34 Add a -lldb flag to runner.go.
af21bcf Remove other unnecessary BN_CTX allocations.
ae0eaaa Convert ssl3_send_client_key_exchange to CBB.
3ac4b3a Remove NO_ASM define that I accidently included in the previous commit.
e6c5402 Don't build X25519 asm code when NO_ASM is set.
77a173e Add x86-64 assembly for X25519.
c75c0ae Add #defines for ED25519 key and signature lengths.
48cce66 Tidy up ssl3_get_server_key_exchange slightly.
c1cc858 Check for EC_KEY_set_public_key error.
4cc671c Add CBB_reserve and CBB_did_write.
e13263d Resolve a few old TODOs.
841934f Remove stack macros for nonexistent types.
70ab223 Remove ASN1_R_MALLOC_FAILURE.
b965c63 Reject calls to X509_verify_cert that have not been reinitialised
3f5b43d Simplify RSA key exchange padding check.
3ef6085 Refuse to parse RSA pubkeys with invalid exponents.
afe57cb Add a tool to generate Ed25519 keys.
77c3c0b Enable Ed25519 when building with OPENSSL_SMALL.
9f897b2 Remove the stitched RC4-MD5 code and use the generic one.
1741a9d Save some mallocs in computing the MAC for e_tls.c.
df57163 Add RC4-SHA1 and DES-EDE3-CBC-SHA1 to bssl speed.
13414b3 Implement draft-ietf-tls-chacha20-poly1305-04.
3748990 Implement draft-ietf-tls-chacha20-poly1305-04 in Go.
2089fdd Implement RFC 7539 in Go.
86e412d Add client cert support to bssl client.
23a681b Fix build.
e320392 Rename the Go ChaCha20-Poly1305 implementation.
8ffab72 Point EVP_aead_chacha20_poly1305 at the standardized version.
fef6fb5 Fix ChaCha20-Poly1305 tests.
60a08ac Remove unreachable code to duplicate DH keys.
4ec0cce Slightly tweak some array allocations.
2936170 Fix memory leak in DSA redo case.
a01deee Make CBB_len relative to its argument.
77385bb Mark platform-specific HOST_[c2l|l2c] as (void).
6969971 Remove a dead prototype.
1b36716 Remove crypto/header_removed.h.
017231a Remove asm __asm__ define.
793c21e Make HOST_l2c return void.
0aff3ff Store the partial block as uint8_t, not uint32_t.
5a19d7d Use the straight-forward ROTATE macro.
78fefbf Reformat md32_common.h, part 2.
fea1137 Reformat md32_common.h, part 1.
871fff0 *_Update of length zero is legal.
d9f0671 Remove |need_record_splitting| from |SSL3_STATE|.
cd48038 Remove unused fields from SSL3_STATE.
7fc0100 Slightly simplify SSL3_RECORD.
ece5ba2 Reset ssl error codes.
a41280d Pull ChangeCipherSpec into the handshake state machine.
8fd5c23 Simplify fragmented HelloRequest state.
ef5dfd2 Add tests for malformed HelloRequests.
8411b24 Add tests for bad ChangeCipherSpecs.
502a843 Switch unrolled loop in BN_usub with memcpy.
c3ae38b Remove DH EVP_PKEY hooks.
7100ee9 Chromium's update.sh is dead, long live update.py
f28dd64 Fix flaky BadRSAClientKeyExchange-1 test.
4234885 Remove unused functions.
45dab25 Skip free callbacks on empty CRYPTO_EX_DATAs.
8a58933 Remove the CRYPTO_EX_new callback.
0abd6f2 Get struct timeval from sys/time.h.
1246670 Use UINT64_C in sha512.c table.
5ddffbb Make SSL_(CTX_)?set_tmp_ecdh call SSL_(CTX_)?set1_curves.
53e5c2c Remove SSL_(CTX_)?set_ecdh_callback.
756ad17 Initialize |one_index| in OAEP padding check.
1634a33 Convert rsa/padding.c to constant-time helpers.
b36a395 Add slightly better RSA key exchange tests.
0bd71eb Remove weird ret negation logic.
e9cddb8 Remove SSL_OP_LEGACY_SERVER_CONNECT.
3e052de Tighten SSL_OP_LEGACY_SERVER_CONNECT to align with RFC 5746.
03f0005 Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER.
ef5e515 Remove SSL_OP_TLS_D5_BUG.
c100ef4 Limit depth of ASN1 parse printing.
2205093 Add a comment in SetTestState from bssl_shim.
6ae67df Don't leak Android hacks to other build platforms.
a0ef7b0 Enforce that |EC_KEY| private key is in [0, group->order).
533a273 Add |EC_METHOD| method for verifying public key order.
a3d9de0 Add |EC_GROUP_get0_order| to replace |EC_GROUP_get_order|.
8847856 Include <sys/time.h> in packeted_bio.h for 'timeval'
dca63cf Don't abort in |init_once| if |fcntl| returns ENOSYS
afd565f Add defines for SRTP profiles using GCM ciphers from RFC 7714.
902870e Gate SHA_CTX compatibility on !WINDOWS.
34aa55c Support the SHA_CTX hack without ANDROID.
6d9e5a7 Re-apply 75b833cc819a9d189adb0fdd56327bee600ff9e9
28243c0 Add PSS parameter check.
e701f16 bn/asm/x86_64-mont5.pl: fix carry propagating bug (CVE-2015-3193).
cb85298 Fix leak with ASN.1 combine.
c4f25ce Work around yaSSL bug.
c5eb467 Remove dead code in p256-x86_64.
758d127 Add get0 getters for EVP_PKEY.
fde89b4 avoid clashes with libc's 'open' in e_chacha20poly1305.c
60a45aa Remove reference to removed |RSA_FLAG_NO_CONSTTIME| flag.
81edc9b Do away with BN_LLONG in favor of BN_ULLONG.
e8fe07f Fix AES XTS mode key size.
93a5b44 Make CRYPTO_library_init use a CRYPTO_once_t.
bf76218 Remove the |ri| field of |BN_MONT_CTX|.
596ab10 s/BN_BITS/BN_BITS2/ in |BN_mod_inverse_ex|; remove |BN_BITS| & |BN_MASK|.
7af36e1 Share common definitions of |TOBN| and |BIGNUM_STATIC|.
ff2df33 Reformat the cipher suite table.
9f2e277 Remove strength_bits.
d6e9eec Remove algo_strength.
dcb6ef0 Remove algorithm_ssl.
d28f59c Switch the keylog BIO to a callback.
fba735c Register the *25519 tests as dependencies of all_tests.
f3376ac Remove |EC_POINTs_mul| & simplify p256-x86_64.
301efc8 Fix error handling in |p256-x86_64|.
e2136d9 Remove |EC_GROUP_precompute_mult| and |EC_KEY_precompute_mult|.
9b26297 Make |EC_GROUP_precompute_mult|/|EC_KEY_precompute_mult| no-ops.
5058d79 Remove p224-64 and p256-64 dead code for non-default generators.
b1b6229 Add NEON implementation of curve25519.
9e65d48 Allow |CRYPTO_is_NEON_capable| to be known at compile time, if possible.
3ac32b1 Fix curve25519 code for MSVC.
4fb0dc4 Add X25519 and Ed25519 support.
c324f17 Make sure pthread_once() succeeds.
9361243 Don't include <alloca.h>, it's no longer needed.
b00061c Add SSL_CIPHER_is_AES[128|256]CBC.
3a59611 size_t SSL*_use_*_ASN1.
b324159 Fix ssl3_send_server_key_exchange error path.
f584a5a Reset epoch state in one place.
2077cf9 Use UINT64_C instead of OPENSSL_U64.
af07365 Check for overflow when parsing a CBS with d2i_*.
780cd92 modes/asm/ghash-armv4.pl: extend Apple fix to all clang cases.
f9c77de Drop CBB allocation failure test.
a33915d Have |CBB_init| zero the |CBB| before any possible failures.
c5c85de Make RAND_seed read a byte of random data.
d9e2702 Don't encode or decode ∞.
e7806fd Remove point-on-curve check from |ec_GFp_simple_oct2point|.
20c3731 Become partially -Wmissing-variable-declarations-clean.
7308aaa Remove `EC_GFp_simple_method` (dead code).
f872951 Fix null pointer dereference when using "simple" EC.
8bde5d2 Remove the unused |Ni| member of |BN_MONT_CTX|.
ce7ae6f Enable AVX code for SHA-*.
9f1f04f Remove nistz256 dead code for non-default generators.
d7421eb Remove condition which always evaluates to true (size_t >= 0).
d386394 Test for underflow before subtraction.
ef14b2d Remove stl_compat.h.
cd24a39 Limit DHE groups to 4096-bit.
99fdfb9 Move curve check out of tls12_check_peer_sigalg.
Change-Id: Id2d7110569d250b1bae8f8ce7d4421a92f581a31
|
|
BUG=24082170
7104cc9 Update and fix fuzzing instructions.
9a4beb8 Add four, basic fuzz tests.
4ab2540 Add AArch64 Montgomery assembly.
ad38dc7 Enable Montgomery optimisations on ARM.
2e64f1b Check PKCS#8 pkey field is valid before cleansing.
f606f98 bssl pkcs12 shouldn't crash on missing key.
e348ff4 Fix build.
6e80765 Add SSL_get_server_key_exchange_hash.
788be4a Remove the hard-coded SHA-1 exception for sigalgs.
5d5e39f Remove non-ASM version of |bn_mul_mont| in bn/generic.c.
59b0fcc Define BORINGSSL_201510.
e6d1e5a Use typedef names, not struct names.
16285ea Rewrite DTLS handshake message sending logic.
c81ee8b Add missing state to DTLS state machine.
2e24b9b Allow SHA-512 unaligned data access in |OPENSSL_NO_ASM| mode.
e82e6f6 Constify more BN_MONT_CTX parameters.
c7817d8 Add SSL_CIPHER_get_min_version and tidy up SSL_TLSV1_2 logic.
9d94d5e Remove untested, unnecessary big-endian SHA-1/SHA-256 optimizations.
38feb99 Require that EC points are on the curve.
ef793f4 Add various functions for SSL_CIPHER.
f93995b Test that the client doesn't offer TLS 1.2 ciphers when it shouldn't.
5f88999 Fix up several comments and detect problems in the future.
e57a192 Add missing newline in aead.h.
c2d3280 Add SSL_get_ivs.
a97b737 Separate CCS and handshake writing in DTLS.
ac9404c Improve crypto/digest/md32_common.h mechanism.
8fb0f52 Free BN_MONT_CTX in generic code.
bb87535 Fix ASan bot.
d93831d Make it possible for a static linker to discard unused RSA functions.
e8f783a Unwind DH_METHOD and DSA_METHOD.
3fc138e Don't bother sampling __func__.
165248c Fix several MSVC warnings.
8f7ecb8 (Hopefully) fix a warning on Windows.
466b989 Initialise variable before jump.
1895493 Add Intel's P-256
27a0d08 Add ssl_renegotiate_ignore.
fa9eb56 Correct the spelling of "primitive".
f1c1cf8 Revert "Improve crypto/digest/md32_common.h mechanism."
00461cf Improve crypto/digest/md32_common.h mechanism.
ecc2591 Update link to Google style guide.
efb42fb Make BN_mod_exp_mont_consttime take a const context.
eb8be01 Add ciphers option to bssl.
09d68c9 Expand a comment.
2e0901b Don't use ssl3_write_pending in DTLS.
13e81fc Fix DTLS asynchronous write handling.
ebda9b3 Make recordingconn emit more useful things for DTLS.
069bedf Fix documentation typo.
ce51469 Fix a missing initializer that only Clang warns about.
d9e8173 Fix several warnings that arise in Android.
bb85f3d Reorganise |SSL_SESSION| and |SSL| to save a little memory.
dff504d Make the instructions for downloading the ARM compiler easier to copy and paste.
Change-Id: I5ef2238f77f2bcab239919c8c50c3705b4577f09
|
|
This reverts commit 03bcf618b7ed811b305845461fbb5497dfe55ac3.
No changes here. trusty build was fixed with the required rules.mk changes.
|
|
This reverts commit fdeb488e6332a17729db5a04236e48a46a019272.
This breaks trusty since it doesn't have setjmp.h
Change-Id: I960e25aa0bb2eef1237743b1567f7cb7f6d40497
|
|
See the following URL for a list of the changes included in this sync:
https://boringssl.googlesource.com/boringssl/+log/d98dc1311e20193ac188e359e91aeaaf5cc3a7e2..51a01a5cd44b3bdfab5220847000f13fc85f000b
Change-Id: I36535827f652536dfd687c1646bbea1535fc8e44
|
|
The BORINGSSL_201509 define was used to make updating BoringSSL in
external/boringssl less painful. It allowed code to compile with either
the old BoringSSL (which didn't define BORINGSSL_201509) or with the new
(which does).
Now that the new version has landed, this change removes that define. It
must be landed after the changes elsewhere in Android that remove
references to this define.
Change-Id: I19e661419f830459d015bf14e7905af2ec41b735
|
|
This reverts commit a04d78d392463df4e69a64360c952ffa5abd22f7.
Underlying issue was fixed.
Change-Id: I49685b653d16e728eb38e79e02b2c33ddeefed88
|
|
This reverts commit 1e4884f615b20946411a74e41eb9c6aa65e2d5f3.
This breaks some x86 builds.
Change-Id: I4d4310663ce52bc0a130e6b9dbc22b868ff4fb25
|
|
This change imports the current version of BoringSSL. The only local
change now is that |BORINGSSL_201509| is defined in base.h. This allows
this change to be made without (hopefully) breaking the build.
This change will need https://android-review.googlesource.com/172744 to
be landed afterwards to update a test.
Change-Id: I6d1f463f7785a2423bd846305af91c973c326104
|
|
I mistakenly believed that only RDSEED could fail. However, the Intel
manuals state that RDRAND can fail too.
This change cherry-picks the following BoringSSL changes:
2cac3506 – Handle RDRAND failures.
248abbd7 – Add missing comma in .type pragma for rdrand code.
Change-Id: Icdc56a50ce36e9c525063583882c676a5312d313
|
|
This change cherry-picks BoringSSL's e65886a5.
Change-Id: I63d5dc280d420b64b658bfd85f180a01adb8a18b
|
|
X509_cmp_time does not properly check the length of the ASN1_TIME string
and can read a few bytes out of bounds. In addition, X509_cmp_time
accepts an arbitrary number of fractional seconds in the time string.
An attacker can use this to craft malformed certificates and CRLs of
various sizes and potentially cause a segmentation fault, resulting in a
DoS on applications that verify certificates or CRLs. TLS clients that
verify CRLs are affected. TLS clients and servers with client
authentication enabled may be affected if they use custom verification
callbacks.
This change cherry-picks the following changes from BoringSSL:
d87021d2 – Fix length checks in X509_cmp_time to avoid out-of-bounds reads.
Change-Id: Ia7d0c5d889f61a3c4be6ea79a5ab41f67bc3c65c
|
|
If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.
This change cherry-picks the following BoringSSL changes:
b31040d0 – Get rid of CERT_PKEY slots in SESS_CERT.
fd67aa8c – Add SSL_SESSION_from_bytes.
95d31825 – Duplicate SSL_SESSIONs when renewing them.
d65bb78c – Add SSL_initial_handshake_complete.
680ca961 – Preserve session->sess_cert on ticket renewal.
Change-Id: I474065330842e4ab0066b2485c1489a50e4dfd5b
|
