Roll src/third_party/boringssl/src/ to 43bd18f3b2a0b4ae9a807b432631b4cdb8339a46.

$ git log 209b25622..43bd18f3b --date=short --format='%ad %ae %s'
2015-08-04 davidben Don't define typedefs twice.
2015-08-03 brian Fix more warnings about old-style prototypes.
2015-08-03 mab base.h: add typedefs from x509.h, and sort them.
2015-07-31 mab pound-define EVP_R_BAD_DECRYPT CIPHER_R_BAD_DECRYPT.
2015-07-31 mab pound-define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
2015-08-03 mab include base64.h in evp.h
2015-07-30 davidben Fold away EC point format negotiation.
2015-07-31 brian Avoid using |WIN32| and use |OPENSSL_WINDOWS| instead.
2015-07-24 brian Remove redundant declaration of OPENSSL_ia32cap_P from e_aes.c.
2015-07-28 davidben Add tests for bad CertificateVerify signatures.
2015-07-30 davidben RT3774: double-free in DSA
2015-07-30 davidben Run go fmt on runner.
2015-07-30 davidben Remove SSL_get0_ec_point_formats.
2015-07-31 mab Add |DES_set_key_unchecked| as an alias for |DES_set_key|.
2015-07-30 agl Work around MSVC's limitations.
2015-07-24 ngm Add server-side support for asynchronous signing.
2015-07-30 agl Implement custom extensions.
2015-07-30 mab EVP_get_cipherbyname: recognize "des-ede3-cbc", not "3des-cbc".
2015-07-29 mab Fix NID of |EVP_CIPHER des3_cbc|.
2015-07-23 davidben Fix some typos in license headers.
2015-07-21 davidben Convert remaining Latin-1 files to UTF-8.
2015-07-21 davidben Minor simplification to the padding extension logic.
2015-07-21 davidben Remove old 'prepare' extensions functions.
2015-07-21 davidben Add tests for the padding extension.
2015-07-27 agl Note that some files carry in Intel license.
2015-07-23 davidben Fix license on rsaz_exp.h.
2015-07-21 agl Remove most handshake equal functions from runner.
2015-07-22 mab Make methods of |RAND_SSLEay| do reasonable things.
2015-07-21 agl Move the declaration of kSRTPProfiles to ssl/internal.h
2015-07-21 agl Regenerate stack_macros.h
2015-07-20 agl Tidy up extensions stuff and drop fastradio support.
2015-07-20 agl Convert EC curves extension to the new system
2015-07-20 agl Convert EC point formats extension to the new system
2015-07-15 agl Convert the SRTP extension to the new system
2015-07-10 agl Convert the Channel ID extension to the new system.
2015-07-10 agl Convert the ALPN extension to the new system
2015-07-10 agl Convert the SCT extension to the new system

BUG=none

Review URL: https://codereview.chromium.org/1269863003

Cr-Commit-Position: refs/heads/master@{#341924}

4 files changed, 292 insertions, 281 deletions

diff --git a/third_party/boringssl/boringssl.gypi b/third_party/boringssl/boringssl.gypi
index 1aaade4..2c311c2 100644
--- a/third_party/boringssl/boringssl.gypi
+++ b/third_party/boringssl/boringssl.gypi
@@ -7,6 +7,7 @@
 {
   'variables': {
     'boringssl_ssl_sources': [
+      'src/ssl/custom_extensions.c',
       'src/ssl/d1_both.c',
       'src/ssl/d1_clnt.c',
       'src/ssl/d1_lib.c',
diff --git a/third_party/boringssl/err_data.c b/third_party/boringssl/err_data.c
index 43a4c7e..9317cd1 100644
--- a/third_party/boringssl/err_data.c
+++ b/third_party/boringssl/err_data.c
@@ -189,43 +189,43 @@ const uint32_t kOpenSSLReasonValues[] = {
     0x28328b9b,
     0x28330b6c,
     0x28338bae,
-    0x2c322b64,
-    0x2c32ab72,
-    0x2c332b84,
-    0x2c33ab96,
-    0x2c342baa,
-    0x2c34abbc,
-    0x2c352bd7,
-    0x2c35abe9,
-    0x2c362bfc,
+    0x2c322be0,
+    0x2c32abee,
+    0x2c332c00,
+    0x2c33ac12,
+    0x2c342c26,
+    0x2c34ac38,
+    0x2c352c53,
+    0x2c35ac65,
+    0x2c362c78,
     0x2c3682f3,
-    0x2c372c09,
-    0x2c37ac1b,
-    0x2c382c2e,
-    0x2c38ac3c,
-    0x2c392c4c,
-    0x2c39ac5e,
-    0x2c3a2c72,
-    0x2c3aac83,
+    0x2c372c85,
+    0x2c37ac97,
+    0x2c382caa,
+    0x2c38acb8,
+    0x2c392cc8,
+    0x2c39acda,
+    0x2c3a2cee,
+    0x2c3aacff,
     0x2c3b1359,
-    0x2c3bac94,
-    0x2c3c2ca8,
-    0x2c3cacbe,
-    0x2c3d2cd7,
-    0x2c3dad05,
-    0x2c3e2d13,
-    0x2c3ead2b,
-    0x2c3f2d43,
-    0x2c3fad50,
-    0x2c402d73,
-    0x2c40ad92,
+    0x2c3bad10,
+    0x2c3c2d24,
+    0x2c3cad3a,
+    0x2c3d2d53,
+    0x2c3dad81,
+    0x2c3e2d8f,
+    0x2c3eada7,
+    0x2c3f2dbf,
+    0x2c3fadcc,
+    0x2c402def,
+    0x2c40ae0e,
     0x2c4111c3,
-    0x2c41ada3,
-    0x2c422db6,
+    0x2c41ae1f,
+    0x2c422e32,
     0x2c429135,
-    0x2c432dc7,
+    0x2c432e43,
     0x2c4386a2,
-    0x2c442cf4,
+    0x2c442d70,
     0x30320000,
     0x30328015,
     0x3033001f,
@@ -386,179 +386,184 @@ const uint32_t kOpenSSLReasonValues[] = {
     0x40439a7d,
     0x40441a91,
     0x40449aa9,
-    0x40451ab9,
-    0x40459ac7,
-    0x40461ae5,
+    0x40451af4,
+    0x40459b02,
+    0x40461b20,
     0x40468094,
-    0x40471afa,
-    0x40479b0c,
-    0x40481b30,
-    0x40489b50,
-    0x40491b64,
-    0x40499b79,
-    0x404a1b92,
-    0x404a9bcc,
-    0x404b1be6,
-    0x404b9c04,
-    0x404c1c1f,
-    0x404c9c39,
-    0x404d1c50,
-    0x404d9c78,
-    0x404e1c8f,
-    0x404e9cab,
-    0x404f1cc7,
-    0x404f9ce8,
-    0x40501d0a,
-    0x40509d26,
-    0x40511d3a,
-    0x40519d47,
-    0x40521d5e,
-    0x40529d6e,
-    0x40531d7e,
-    0x40539d92,
-    0x40541dad,
-    0x40549dbd,
-    0x40551dd4,
-    0x40559de3,
-    0x40561dfe,
-    0x40569e16,
-    0x40571e32,
-    0x40579e4b,
-    0x40581e5e,
-    0x40589e73,
-    0x40591e96,
-    0x40599ea4,
-    0x405a1eb1,
-    0x405a9eca,
-    0x405b1ee2,
-    0x405b9ef5,
-    0x405c1f0a,
-    0x405c9f1c,
-    0x405d1f31,
-    0x405d9f41,
-    0x405e1f5a,
-    0x405e9f6e,
-    0x405f1f7e,
-    0x405f9f96,
-    0x40601fa7,
-    0x40609fba,
-    0x40611fcb,
-    0x40619fe9,
-    0x40621ffa,
-    0x4062a007,
-    0x4063201e,
-    0x4063a05f,
-    0x40642076,
-    0x4064a083,
-    0x40652091,
-    0x4065a0b3,
-    0x406620db,
-    0x4066a0f0,
-    0x40672107,
-    0x4067a118,
-    0x40682129,
-    0x4068a13a,
-    0x4069214f,
-    0x4069a166,
-    0x406a2177,
-    0x406aa190,
-    0x406b21ab,
-    0x406ba1c2,
-    0x406c222f,
-    0x406ca250,
-    0x406d2263,
-    0x406da284,
-    0x406e229f,
-    0x406ea2e8,
-    0x406f2309,
-    0x406fa32f,
-    0x4070234f,
-    0x4070a36b,
-    0x407124f8,
-    0x4071a51b,
-    0x40722531,
-    0x4072a550,
-    0x40732568,
-    0x4073a588,
-    0x407427b2,
-    0x4074a7d7,
-    0x407527f2,
-    0x4075a811,
-    0x40762840,
-    0x4076a868,
-    0x40772899,
-    0x4077a8b8,
-    0x407828f2,
-    0x4078a909,
-    0x4079291c,
-    0x4079a939,
+    0x40471b35,
+    0x40479b47,
+    0x40481b6b,
+    0x40489b8b,
+    0x40491b9f,
+    0x40499bb4,
+    0x404a1bcd,
+    0x404a9c07,
+    0x404b1c38,
+    0x404b9c6e,
+    0x404c1c89,
+    0x404c9ca3,
+    0x404d1cba,
+    0x404d9ce2,
+    0x404e1cf9,
+    0x404e9d15,
+    0x404f1d31,
+    0x404f9d52,
+    0x40501d74,
+    0x40509d90,
+    0x40511da4,
+    0x40519db1,
+    0x40521dc8,
+    0x40529dd8,
+    0x40531de8,
+    0x40539dfc,
+    0x40541e17,
+    0x40549e27,
+    0x40551e3e,
+    0x40559e4d,
+    0x40561e7a,
+    0x40569e92,
+    0x40571eae,
+    0x40579ec7,
+    0x40581eda,
+    0x40589eef,
+    0x40591f12,
+    0x40599f20,
+    0x405a1f2d,
+    0x405a9f46,
+    0x405b1f5e,
+    0x405b9f71,
+    0x405c1f86,
+    0x405c9f98,
+    0x405d1fad,
+    0x405d9fbd,
+    0x405e1fd6,
+    0x405e9fea,
+    0x405f1ffa,
+    0x405fa012,
+    0x40602023,
+    0x4060a036,
+    0x40612047,
+    0x4061a065,
+    0x40622076,
+    0x4062a083,
+    0x4063209a,
+    0x4063a0db,
+    0x406420f2,
+    0x4064a0ff,
+    0x4065210d,
+    0x4065a12f,
+    0x40662157,
+    0x4066a16c,
+    0x40672183,
+    0x4067a194,
+    0x406821a5,
+    0x4068a1b6,
+    0x406921cb,
+    0x4069a1e2,
+    0x406a21f3,
+    0x406aa20c,
+    0x406b2227,
+    0x406ba23e,
+    0x406c22ab,
+    0x406ca2cc,
+    0x406d22df,
+    0x406da300,
+    0x406e231b,
+    0x406ea364,
+    0x406f2385,
+    0x406fa3ab,
+    0x407023cb,
+    0x4070a3e7,
+    0x40712574,
+    0x4071a597,
+    0x407225ad,
+    0x4072a5cc,
+    0x407325e4,
+    0x4073a604,
+    0x4074282e,
+    0x4074a853,
+    0x4075286e,
+    0x4075a88d,
+    0x407628bc,
+    0x4076a8e4,
+    0x40772915,
+    0x4077a934,
+    0x4078296e,
+    0x4078a985,
+    0x40792998,
+    0x4079a9b5,
     0x407a0782,
-    0x407aa94b,
-    0x407b295e,
-    0x407ba977,
-    0x407c298f,
+    0x407aa9c7,
+    0x407b29da,
+    0x407ba9f3,
+    0x407c2a0b,
     0x407c90bd,
-    0x407d29a3,
-    0x407da9bd,
-    0x407e29ce,
-    0x407ea9e2,
-    0x407f29f0,
-    0x407faa0b,
+    0x407d2a1f,
+    0x407daa39,
+    0x407e2a4a,
+    0x407eaa5e,
+    0x407f2a6c,
+    0x407faa87,
     0x40801286,
-    0x4080aa30,
-    0x40812a52,
-    0x4081aa6d,
-    0x40822a82,
-    0x4082aa9a,
-    0x40832ab2,
-    0x4083aac9,
-    0x40842adf,
-    0x4084aaeb,
-    0x40852afe,
-    0x4085ab13,
-    0x40862b25,
-    0x4086ab3a,
-    0x40872b43,
-    0x40879c66,
+    0x4080aaac,
+    0x40812ace,
+    0x4081aae9,
+    0x40822afe,
+    0x4082ab16,
+    0x40832b2e,
+    0x4083ab45,
+    0x40842b5b,
+    0x4084ab67,
+    0x40852b7a,
+    0x4085ab8f,
+    0x40862ba1,
+    0x4086abb6,
+    0x40872bbf,
+    0x40879cd0,
     0x40880083,
-    0x4088a03e,
+    0x4088a0ba,
     0x40890a17,
-    0x4089a1da,
-    0x408a1bb5,
-    0x408aa204,
-    0x408b2881,
-    0x408ba8dd,
-    0x408c22ba,
-    0x41f42423,
-    0x41f924b5,
-    0x41fe23a8,
-    0x41fea5d9,
-    0x41ff26ca,
-    0x4203243c,
-    0x4208245e,
-    0x4208a49a,
-    0x4209238c,
-    0x4209a4d4,
-    0x420a23e3,
-    0x420aa3c3,
-    0x420b2403,
-    0x420ba47c,
-    0x420c26e6,
-    0x420ca5a6,
-    0x420d25c0,
-    0x420da5f7,
-    0x42122611,
-    0x421726ad,
-    0x4217a653,
-    0x421c2675,
-    0x421f2630,
-    0x422126fd,
-    0x42262690,
-    0x422b2796,
-    0x422ba75f,
-    0x422c277e,
-    0x422ca739,
-    0x422d2718,
+    0x4089a256,
+    0x408a1bf0,
+    0x408aa280,
+    0x408b28fd,
+    0x408ba959,
+    0x408c2336,
+    0x408c9c21,
+    0x408d1c56,
+    0x408d9e68,
+    0x408e1ab9,
+    0x408e9add,
+    0x41f4249f,
+    0x41f92531,
+    0x41fe2424,
+    0x41fea655,
+    0x41ff2746,
+    0x420324b8,
+    0x420824da,
+    0x4208a516,
+    0x42092408,
+    0x4209a550,
+    0x420a245f,
+    0x420aa43f,
+    0x420b247f,
+    0x420ba4f8,
+    0x420c2762,
+    0x420ca622,
+    0x420d263c,
+    0x420da673,
+    0x4212268d,
+    0x42172729,
+    0x4217a6cf,
+    0x421c26f1,
+    0x421f26ac,
+    0x42212779,
+    0x4226270c,
+    0x422b2812,
+    0x422ba7db,
+    0x422c27fa,
+    0x422ca7b5,
+    0x422d2794,
     0x443206ad,
     0x443286bc,
     0x443306c8,
@@ -601,69 +606,69 @@ const uint32_t kOpenSSLReasonValues[] = {
     0x4c3d10bd,
     0x4c3d9449,
     0x4c3e1456,
-    0x50322dd9,
-    0x5032ade8,
-    0x50332df3,
-    0x5033ae03,
-    0x50342e1c,
-    0x5034ae36,
-    0x50352e44,
-    0x5035ae5a,
-    0x50362e6c,
-    0x5036ae82,
-    0x50372e9b,
-    0x5037aeae,
-    0x50382ec6,
-    0x5038aed7,
-    0x50392eec,
-    0x5039af00,
-    0x503a2f20,
-    0x503aaf36,
-    0x503b2f4e,
-    0x503baf60,
-    0x503c2f7c,
-    0x503caf93,
-    0x503d2fac,
-    0x503dafc2,
-    0x503e2fcf,
-    0x503eafe5,
-    0x503f2ff7,
+    0x50322e55,
+    0x5032ae64,
+    0x50332e6f,
+    0x5033ae7f,
+    0x50342e98,
+    0x5034aeb2,
+    0x50352ec0,
+    0x5035aed6,
+    0x50362ee8,
+    0x5036aefe,
+    0x50372f17,
+    0x5037af2a,
+    0x50382f42,
+    0x5038af53,
+    0x50392f68,
+    0x5039af7c,
+    0x503a2f9c,
+    0x503aafb2,
+    0x503b2fca,
+    0x503bafdc,
+    0x503c2ff8,
+    0x503cb00f,
+    0x503d3028,
+    0x503db03e,
+    0x503e304b,
+    0x503eb061,
+    0x503f3073,
     0x503f8348,
-    0x5040300a,
-    0x5040b01a,
-    0x50413034,
-    0x5041b043,
-    0x5042305d,
-    0x5042b07a,
-    0x5043308a,
-    0x5043b09a,
-    0x504430a9,
+    0x50403086,
+    0x5040b096,
+    0x504130b0,
+    0x5041b0bf,
+    0x504230d9,
+    0x5042b0f6,
+    0x50433106,
+    0x5043b116,
+    0x50443125,
     0x50448414,
-    0x504530bd,
-    0x5045b0db,
-    0x504630ee,
-    0x5046b104,
-    0x50473116,
-    0x5047b12b,
-    0x50483151,
-    0x5048b15f,
-    0x50493172,
-    0x5049b187,
-    0x504a319d,
-    0x504ab1ad,
-    0x504b31cd,
-    0x504bb1e0,
-    0x504c3203,
-    0x504cb231,
-    0x504d3243,
-    0x504db260,
-    0x504e327b,
-    0x504eb297,
-    0x504f32a9,
-    0x504fb2c0,
-    0x505032cf,
+    0x50453139,
+    0x5045b157,
+    0x5046316a,
+    0x5046b180,
+    0x50473192,
+    0x5047b1a7,
+    0x504831cd,
+    0x5048b1db,
+    0x504931ee,
+    0x5049b203,
+    0x504a3219,
+    0x504ab229,
+    0x504b3249,
+    0x504bb25c,
+    0x504c327f,
+    0x504cb2ad,
+    0x504d32bf,
+    0x504db2dc,
+    0x504e32f7,
+    0x504eb313,
+    0x504f3325,
+    0x504fb33c,
+    0x5050334b,
     0x50508687,
-    0x505132e2,
+    0x5051335e,
     0x58320e1f,
     0x68320de1,
     0x68328b9b,
@@ -1051,6 +1056,8 @@ const char kOpenSSLReasonStringData[] =
     "CONNECTION_REJECTED\0"
     "CONNECTION_TYPE_NOT_SET\0"
     "COOKIE_MISMATCH\0"
+    "CUSTOM_EXTENSION_CONTENTS_TOO_LARGE\0"
+    "CUSTOM_EXTENSION_ERROR\0"
     "D2I_ECDSA_SIG\0"
     "DATA_BETWEEN_CCS_AND_FINISHED\0"
     "DATA_LENGTH_TOO_LONG\0"
@@ -1063,7 +1070,9 @@ const char kOpenSSLReasonStringData[] =
     "EMPTY_SRTP_PROTECTION_PROFILE_LIST\0"
     "EMS_STATE_INCONSISTENT\0"
     "ENCRYPTED_LENGTH_TOO_LONG\0"
+    "ERROR_ADDING_EXTENSION\0"
     "ERROR_IN_RECEIVED_CIPHER_LIST\0"
+    "ERROR_PARSING_EXTENSION\0"
     "EVP_DIGESTSIGNFINAL_FAILED\0"
     "EVP_DIGESTSIGNINIT_FAILED\0"
     "EXCESSIVE_MESSAGE_SIZE\0"
@@ -1086,6 +1095,7 @@ const char kOpenSSLReasonStringData[] =
     "LIBRARY_HAS_NO_CIPHERS\0"
     "MISSING_DH_KEY\0"
     "MISSING_ECDSA_SIGNING_CERT\0"
+    "MISSING_EXTENSION\0"
     "MISSING_RSA_CERTIFICATE\0"
     "MISSING_RSA_ENCRYPTING_CERT\0"
     "MISSING_RSA_SIGNING_CERT\0"
diff --git a/third_party/boringssl/linux-aarch64/crypto/modes/ghashv8-armx64.S b/third_party/boringssl/linux-aarch64/crypto/modes/ghashv8-armx64.S
index a0a9b68..bc9a156 100644
--- a/third_party/boringssl/linux-aarch64/crypto/modes/ghashv8-armx64.S
+++ b/third_party/boringssl/linux-aarch64/crypto/modes/ghashv8-armx64.S
@@ -68,10 +68,10 @@ gcm_gmult_v8:
 #endif
 	ext	v3.16b,v17.16b,v17.16b,#8
 
-	pmull	v0.1q,v20.1d,v3.1d		//H.lo·Xi.lo
+	pmull	v0.1q,v20.1d,v3.1d		//H.lo·Xi.lo
 	eor	v17.16b,v17.16b,v3.16b		//Karatsuba pre-processing
-	pmull2	v2.1q,v20.2d,v3.2d		//H.hi·Xi.hi
-	pmull	v1.1q,v21.1d,v17.1d		//(H.lo+H.hi)·(Xi.lo+Xi.hi)
+	pmull2	v2.1q,v20.2d,v3.2d		//H.hi·Xi.hi
+	pmull	v1.1q,v21.1d,v17.1d		//(H.lo+H.hi)·(Xi.lo+Xi.hi)
 
 	ext	v17.16b,v0.16b,v2.16b,#8		//Karatsuba post-processing
 	eor	v18.16b,v0.16b,v2.16b
@@ -135,7 +135,7 @@ gcm_ghash_v8:
 #endif
 	ext	v7.16b,v17.16b,v17.16b,#8
 	eor	v3.16b,v3.16b,v0.16b		//I[i]^=Xi
-	pmull	v4.1q,v20.1d,v7.1d		//H·Ii+1
+	pmull	v4.1q,v20.1d,v7.1d		//H·Ii+1
 	eor	v17.16b,v17.16b,v7.16b		//Karatsuba pre-processing
 	pmull2	v6.1q,v20.2d,v7.2d
 	b	.Loop_mod2x_v8
@@ -144,14 +144,14 @@ gcm_ghash_v8:
 .Loop_mod2x_v8:
 	ext	v18.16b,v3.16b,v3.16b,#8
 	subs	x3,x3,#32		//is there more data?
-	pmull	v0.1q,v22.1d,v3.1d		//H^2.lo·Xi.lo
+	pmull	v0.1q,v22.1d,v3.1d		//H^2.lo·Xi.lo
 	csel	x12,xzr,x12,lo			//is it time to zero x12?
 
 	pmull	v5.1q,v21.1d,v17.1d
 	eor	v18.16b,v18.16b,v3.16b		//Karatsuba pre-processing
-	pmull2	v2.1q,v22.2d,v3.2d		//H^2.hi·Xi.hi
+	pmull2	v2.1q,v22.2d,v3.2d		//H^2.hi·Xi.hi
 	eor	v0.16b,v0.16b,v4.16b		//accumulate
-	pmull2	v1.1q,v21.2d,v18.2d		//(H^2.lo+H^2.hi)·(Xi.lo+Xi.hi)
+	pmull2	v1.1q,v21.2d,v18.2d		//(H^2.lo+H^2.hi)·(Xi.lo+Xi.hi)
 	ld1	{v16.2d},[x2],x12	//load [rotated] I[i+2]
 
 	eor	v2.16b,v2.16b,v6.16b
@@ -176,7 +176,7 @@ gcm_ghash_v8:
 	ext	v7.16b,v17.16b,v17.16b,#8
 	ext	v3.16b,v16.16b,v16.16b,#8
 	eor	v0.16b,v1.16b,v18.16b
-	pmull	v4.1q,v20.1d,v7.1d		//H·Ii+1
+	pmull	v4.1q,v20.1d,v7.1d		//H·Ii+1
 	eor	v3.16b,v3.16b,v2.16b		//accumulate v3.16b early
 
 	ext	v18.16b,v0.16b,v0.16b,#8		//2nd phase of reduction
@@ -197,10 +197,10 @@ gcm_ghash_v8:
 	eor	v3.16b,v3.16b,v0.16b		//inp^=Xi
 	eor	v17.16b,v16.16b,v18.16b		//v17.16b is rotated inp^Xi
 
-	pmull	v0.1q,v20.1d,v3.1d		//H.lo·Xi.lo
+	pmull	v0.1q,v20.1d,v3.1d		//H.lo·Xi.lo
 	eor	v17.16b,v17.16b,v3.16b		//Karatsuba pre-processing
-	pmull2	v2.1q,v20.2d,v3.2d		//H.hi·Xi.hi
-	pmull	v1.1q,v21.1d,v17.1d		//(H.lo+H.hi)·(Xi.lo+Xi.hi)
+	pmull2	v2.1q,v20.2d,v3.2d		//H.hi·Xi.hi
+	pmull	v1.1q,v21.1d,v17.1d		//(H.lo+H.hi)·(Xi.lo+Xi.hi)
 
 	ext	v17.16b,v0.16b,v2.16b,#8		//Karatsuba post-processing
 	eor	v18.16b,v0.16b,v2.16b
diff --git a/third_party/boringssl/linux-arm/crypto/modes/ghashv8-armx32.S b/third_party/boringssl/linux-arm/crypto/modes/ghashv8-armx32.S
index bdbbae9..ea177b6 100644
--- a/third_party/boringssl/linux-arm/crypto/modes/ghashv8-armx32.S
+++ b/third_party/boringssl/linux-arm/crypto/modes/ghashv8-armx32.S
@@ -67,10 +67,10 @@ gcm_gmult_v8:
 #endif
 	vext.8	q3,q9,q9,#8
 
-.byte	0x86,0x0e,0xa8,0xf2	@ pmull q0,q12,q3		@ H.lo·Xi.lo
+.byte	0x86,0x0e,0xa8,0xf2	@ pmull q0,q12,q3		@ H.lo·Xi.lo
 	veor	q9,q9,q3		@ Karatsuba pre-processing
-.byte	0x87,0x4e,0xa9,0xf2	@ pmull2 q2,q12,q3		@ H.hi·Xi.hi
-.byte	0xa2,0x2e,0xaa,0xf2	@ pmull q1,q13,q9		@ (H.lo+H.hi)·(Xi.lo+Xi.hi)
+.byte	0x87,0x4e,0xa9,0xf2	@ pmull2 q2,q12,q3		@ H.hi·Xi.hi
+.byte	0xa2,0x2e,0xaa,0xf2	@ pmull q1,q13,q9		@ (H.lo+H.hi)·(Xi.lo+Xi.hi)
 
 	vext.8	q9,q0,q2,#8		@ Karatsuba post-processing
 	veor	q10,q0,q2
@@ -135,7 +135,7 @@ gcm_ghash_v8:
 #endif
 	vext.8	q7,q9,q9,#8
 	veor	q3,q3,q0		@ I[i]^=Xi
-.byte	0x8e,0x8e,0xa8,0xf2	@ pmull q4,q12,q7		@ H·Ii+1
+.byte	0x8e,0x8e,0xa8,0xf2	@ pmull q4,q12,q7		@ H·Ii+1
 	veor	q9,q9,q7		@ Karatsuba pre-processing
 .byte	0x8f,0xce,0xa9,0xf2	@ pmull2 q6,q12,q7
 	b	.Loop_mod2x_v8
@@ -144,14 +144,14 @@ gcm_ghash_v8:
 .Loop_mod2x_v8:
 	vext.8	q10,q3,q3,#8
 	subs	r3,r3,#32		@ is there more data?
-.byte	0x86,0x0e,0xac,0xf2	@ pmull q0,q14,q3		@ H^2.lo·Xi.lo
+.byte	0x86,0x0e,0xac,0xf2	@ pmull q0,q14,q3		@ H^2.lo·Xi.lo
 	movlo	r12,#0			@ is it time to zero r12?
 
 .byte	0xa2,0xae,0xaa,0xf2	@ pmull q5,q13,q9
 	veor	q10,q10,q3		@ Karatsuba pre-processing
-.byte	0x87,0x4e,0xad,0xf2	@ pmull2 q2,q14,q3		@ H^2.hi·Xi.hi
+.byte	0x87,0x4e,0xad,0xf2	@ pmull2 q2,q14,q3		@ H^2.hi·Xi.hi
 	veor	q0,q0,q4		@ accumulate
-.byte	0xa5,0x2e,0xab,0xf2	@ pmull2 q1,q13,q10		@ (H^2.lo+H^2.hi)·(Xi.lo+Xi.hi)
+.byte	0xa5,0x2e,0xab,0xf2	@ pmull2 q1,q13,q10		@ (H^2.lo+H^2.hi)·(Xi.lo+Xi.hi)
 	vld1.64	{q8},[r2],r12	@ load [rotated] I[i+2]
 
 	veor	q2,q2,q6
@@ -176,7 +176,7 @@ gcm_ghash_v8:
 	vext.8	q7,q9,q9,#8
 	vext.8	q3,q8,q8,#8
 	veor	q0,q1,q10
-.byte	0x8e,0x8e,0xa8,0xf2	@ pmull q4,q12,q7		@ H·Ii+1
+.byte	0x8e,0x8e,0xa8,0xf2	@ pmull q4,q12,q7		@ H·Ii+1
 	veor	q3,q3,q2		@ accumulate q3 early
 
 	vext.8	q10,q0,q0,#8		@ 2nd phase of reduction
@@ -197,10 +197,10 @@ gcm_ghash_v8:
 	veor	q3,q3,q0		@ inp^=Xi
 	veor	q9,q8,q10		@ q9 is rotated inp^Xi
 
-.byte	0x86,0x0e,0xa8,0xf2	@ pmull q0,q12,q3		@ H.lo·Xi.lo
+.byte	0x86,0x0e,0xa8,0xf2	@ pmull q0,q12,q3		@ H.lo·Xi.lo
 	veor	q9,q9,q3		@ Karatsuba pre-processing
-.byte	0x87,0x4e,0xa9,0xf2	@ pmull2 q2,q12,q3		@ H.hi·Xi.hi
-.byte	0xa2,0x2e,0xaa,0xf2	@ pmull q1,q13,q9		@ (H.lo+H.hi)·(Xi.lo+Xi.hi)
+.byte	0x87,0x4e,0xa9,0xf2	@ pmull2 q2,q12,q3		@ H.hi·Xi.hi
+.byte	0xa2,0x2e,0xaa,0xf2	@ pmull q1,q13,q9		@ (H.lo+H.hi)·(Xi.lo+Xi.hi)
 
 	vext.8	q9,q0,q2,#8		@ Karatsuba post-processing
 	veor	q10,q0,q2