summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Re-add |EVP_des_ede_cbc|.stable/cm-13.0-ZNH0EMatt Braithwaite2016-11-094-2/+34
| | | | | | | | | | | | | | | | | Note that while |DES_ede2_cbc_encrypt| exists, I didn't use it: I think it's easier to see what's happening this way. (I couldn't find an authoritative source of test data, including in OpenSSL's source, so I used OpenSSL's implementation to produce the test ciphertext.) This benefits globalplatform. (cherry picked from commit 8c413a2d94fa720fae6a7d9c939e33978f3ed25b) CYNGNOS-3303 Bug: 31081987 Change-Id: I7e17ca0b69067d7b3f4bc213b4616eb269882ae0
* Fix NID of |EVP_CIPHER des3_cbc|.Matt Braithwaite2016-11-091-1/+1
| | | | | | | | | | (cherry picked from commit 6bfdc63114d7921037f44e7e3145c706b9ffb2e4) CYNGNOS-3303 Bug: 31081987 Change-Id: I0f27fa1897d2f0a148203610ccd5c6c7967f9f3d Reviewed-on: https://boringssl-review.googlesource.com/5510 Reviewed-by: Adam Langley <agl@google.com>
* Fix encoding bug in i2c_ASN1_INTEGERAdam Langley2016-07-071-1/+3
| | | | | | | | | | | | | | | | | | | | (Imported from upstream's 3661bb4e7934668bd99ca777ea8b30eedfafa871.) Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as negative. Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and Hanno Böck <hanno@hboeck.de> for reporting this issue. BUG=590615 Ticket: CYNGNOS-3020 (cherry-picked from c4eec0c16b02c97a62a95b6a08656c3a9ddb6baa) Bug: 28175332 Change-Id: I8959e8ae01510a5924862a3f353be23130eee554 Reviewed-on: https://boringssl-review.googlesource.com/7199 Reviewed-by: David Benjamin <davidben@google.com>
* Remove support for mis-encoded PKCS#8 DSA keys.David Benjamin2016-05-031-53/+7
| | | | | | | | | | | | | | | | | Previously, OpenSSL supported many different DSA PKCS#8 encodings. Only support the standard format. One of the workaround formats (SEQUENCE of private key and public key) seems to be a workaround for an old Netscape bug. From inspection, NSS seems to have fixed this from the first open source commit. (cherry-picked from 440f1037716eca16f203edb8f03d4a59c92ae0cc) Ticket: CYNGNOS-2373 Bug: 27449871 Change-Id: I1e097b675145954b4d7a0bed8733e5a25c25fd8e Reviewed-on: https://boringssl-review.googlesource.com/7074 Reviewed-by: Adam Langley <agl@google.com> (cherry picked from commit c042e7ed31f9ee2d85637320c0cd54b12bbb12fe)
* Merge tag 'android-6.0.0_r26' into cm-13.0Ricardo Cerqueira2015-11-050-0/+0
|\ | | | | | | Android 6.0.0 release 26
| * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-07-060-0/+0
| |\
* | | boringssl: Remove |BIO_f_base64|Rashed Abdel-Tawab2015-10-126-563/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Moved to https://github.com/CyanogenMod/external_sonyxperiadev_boringssl-compat This is a combination of 2 commits. The first commit's message is: Revert "boringssl: Build decrepit source into libcrypto." This reverts commit fd8abe7e013c2d52faa0366dc08d00ab99665a76. This is the 2nd commit message: Revert "Restore |BIO_f_base64| from OpenSSL at b4f0d1a, modulo style fixes." This reverts commit c51c1b8274193691341fe206907412508cbfc14f. Change-Id: Ic711b945d865cf5250cd2637b029b2ef08cb2ae1
* | | boringssl: Build decrepit source into libcrypto.Adnan Begovic2015-10-084-0/+6
| | | | | | | | | | | | Change-Id: Idc563a9e4ab0e677ba4eb6f09feb9e78dc904a6a
* | | Restore |BIO_f_base64| from OpenSSL at b4f0d1a, modulo style fixes.Matt Braithwaite2015-10-084-1/+557
| | | | | | | | | | | | | | | | | | Change-Id: Ia7f4f4f6d063d882cf3d3ac0f5f33ad8d8cd9875 Reviewed-on: https://boringssl-review.googlesource.com/5151 Reviewed-by: Adam Langley <agl@google.com>
* | | merge in mnc-release history after reset to mnc-devThe Android Automerger2015-07-010-0/+0
|\ \ \ | |/ / |/| / | |/
| * merge in mnc-release history after reset to mnc-devThe Android Automerger2015-06-160-0/+0
| |\
| | * merge in mnc-release history after reset to mnc-devThe Android Automerger2015-06-150-0/+0
| | |\
* | | | Add rules.mk for building Trusty.Adam Langley2015-06-301-0/+70
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (This is a no-op change for the Android build. The Android build system doesn't care about rules.mk.) This is cherry-picked from AOSP. It's needed in mnc-dev so that the t132-mnc branch of Trusty can track this version of BoringSSL rather than the one from AOSP. That's important so we can have reproducible builds of the MNC version of Trusty for Volantis. Bug: 22202624 Change-Id: I19359abd83983efa597047f88295bb4f88bb415b
* | | Add ECDHE-PSK-AES{128,256}-SHA cipher suites.Adam Langley2015-06-155-1/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we're going to have PSK and use standard cipher suites, this might be the best that we can do for the moment. (This is a cherry-pick of BoringSSL's 85bc5601.) (cherry picked from commit 0e6bb1c72014c26289d09f4deea9c25706be5824) Bug: 21522548 Change-Id: Ic94c74a2b3ee2387f640efff510646d1836efbfb
* | | Drop ECDHE-PSK-AES-128-GCM.Adam Langley2015-06-154-23/+0
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | This is the best PSK cipher suite, but it's non-standard and nobody is using it. Trivial to bring back in the future if we have need of it. (Note that this is a no-op in Android because Android had already disabled this cipher suite.) (This is a cherry-pick of BoringSSL's 1feb42a2.) (cherry picked from commit a4be71cee108bfed76ddb37552b7e48945d91b49) Bug: 21522548 Change-Id: I2a051724500341053595f59e755349544da63ce5
* | s/-Wno-unused-parameters/-Wno-unused-parameter/Adam Langley2015-06-121-9/+9
| | | | | | | | | | | | | | | | | | | | | | The former triggers warnings in Clang. Also USE_CLANG_PLATFORM_BUILD=1 doesn't work (the second time this has bitten me—you have to set it to “true”). (cherry picked from commit 86426f7cc9838613249690be03ddbee18efd1a29) Bug: 21804522 Change-Id: Ia59f6667674c1c69bd96287cc576bbfc889c5f77
* | Bump revision of BoringSSL.Adam Langley2015-06-10183-6365/+7246
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This depends on https://android-review.googlesource.com/#/c/153481/ af0e32c Add SSL_get_tls_unique. 691992b Minor typo fix in comment. cc1e3df Make CBS_get_any_asn1_element accept only DER. 0976096 bytestring: Test out_header_len != NULL before writing. ba5934b Tighten up EMS resumption behaviour. b0eef0a runner: minor tidyups. 9f8ef2d Add |EVP_get_digestbyname|. b7326b0 Implement |PEM_def_callback| and call it where appropriate. e26e590 Avoid unused variable warnings with assert. efad697 Sync vs_toolschain.py up with Chromium. 39da317 Empty commit to kick the bots. 1550a84 Allow compilation for armv6 9a4996e Fix compilation of sha256-armv4.S when using -march=armv6 485a50a Match the ifdef check in bsaes-armv7.S e216288 Unexport and prune EVP_MD_CTX flags. af8731f Remove HMAC_CTX_set_flags. bf3208b Add additional HMAC tests. a1c90a5 Further tidy up cipher logic. 0fa4012 Add a test that DTLS does not support RC4. 9a980ab Fold TLS1_PRF_* into SSL_HANDSHAKE_MAC_* 29864b5 Remove SSL_CIPHER_ALGORITHM2_AEAD. 904dc72 Fold away SSL_PROTOCOL_METHOD hooks shared between TLS and DTLS. a602277 Split ssl_read_bytes hook into app_data and close_notify hooks. c933a47 Switch the ssl_write_bytes hook to ssl_write_app_data. 2c36792 EVP_Digest*Update, EVP_DigestFinal, and HMAC_Update can never fail. e2375e1 Low-level hash 'final' functions cannot fail. 049756b Fix integer types in low-level hash functions. 338e067 Reject sessions with the wrong structure version. f297e02 Reject unknown fields in d2i_SSL_SESSION. 8a228f5 Disable the malloc interceptor without glibc. bd15a8e Fix DTLS handling of multiple records in a packet. 15eaafb Fix bn_test's bc output and shut it up a little. efd8eb3 Tidy up overflows in obj_cmp. 05ead68 Readd CRYPTO_{LOCK|UNLOCK|READ|WRITE}. 71106ad Add |BIO_read_asn1| to read a single ASN.1 object. eb930b8 Fix signed/unsigned warning in bn_test.cc. b3a7b51 Fix off-by-one in BN_rand 074cc04 Reject negative shifts for BN_rshift and BN_lshift. 75fb74a aes/asm/bsaes-armv7.pl: fix compilation with Xcode 6.3. ff81e10 Add OPENSSL_PUT_ERROR line to X509V3_parse_list. 1590811 Fix typo in valid_star. e76ccae Release handshake buffer when sending no certificate. 5f04b65 Release the handshake buffer on the client for abbreviated handshakes. 5c1ce29 Decide whether or not to request client certificates early. 4b30b28 Remove server-side renego session resumption check. 5aea93e Deprecate and no-op SSL_VERIFY_CLIENT_ONCE. 34a1635 Remove fake RLE compression OID. 9c0918f Fix typo in objects.txt 91af02a Add some comments and tweak assertions for cbc.c. 74d8bc2 Don't make SSL_MODE_*HELLO_TIME configurable. 7b5aff4 Have consumers supply OPENSSL_C11_ATOMIC. ac63748 Revert "tool: we don't need -lrt." 444dce4 Do-nothing fns |OpenSSL_add_all_ciphers| and |OpenSSL_add_all_digests|. ece089c Deprecate and no-op SSL_set_state. be05c63 Remove compatibility s->version checks. 8ec8810 Remove SSL_in_before and SSL_ST_BEFORE. cd90f3a Remove renegotiation deferral logic. 44d3eed Forbid caller-initiated renegotiations and all renego as a servers. 3d59e04 Fix test used for not-in-place CBC mode. 5f387e3 Remove s->renegotiate check in SSL_clear. 20f6e97 Switch three more renegotiate checks to initial_handshake_complete. d23d5a5 Remove remnants of DTLS renegotiate. 9a41d1b Deprecate SSL_*_read_ahead and enforce DTLS packet boundaries. 76e48c5 Fix Windows mode. 3fa65f0 Fix some malloc test crashs. 0b635c5 Add malloc test support to unit tests. 3e3090d Pass a dtls1_use_epoch enum down to dtls1_seal_record. 31a0779 Factor SSL_AEAD_CTX into a dedicated type. 69d07d9 Get version-related functions from crypto.h rather than ssl.h. b487df6 Pull version, option, and mode APIs into their own sections. 7270cfc Prune version constants. 7ef9fff Remove ssl_ok. afc9ecd Unexport ssl_get_new_session and ssl_update_cache. 3b7456e Fix some documentation typos. b480428 Also skip #elif lines. 6deacb3 Parse macros in getNameFromDecl. 4831c33 Document some core SSL_CTX and SSL methods. 4dab297 Don't use struct names in ssl.h. 760b1dd Tidy up state machine coverage tests. 3629c7b Add client peer-initiated renego to the state machine tests. cff0b90 Add client-side tests for renegotiation_info enforcement. 6bff1ca Specify argc and argv arguments to refcount_test:main. 12a4768 Try to fix MSVC and __STDC_VERSION__ again. cb56c2a Cast refcounts to _Atomic before use. 0d1d0d5 Try again to only test __STDC_VERSION__ when defined. 7b348dc Disable C11 atomics on OS X. 04edcc8 Tag the mutex functions with OPENSSL_EXPORT. 6e1f645 Don't test __STDC_VERSION__ unless it's defined. 552df47 Remove leftovers of the old-style locks. 6fb174e Remove last references to named locks. 4bdb6e4 Remove remaining calls to the old lock functions. 03163f3 Remove |CRYPTO_add|. 0b5e390 Convert reference counts in ssl/ 0da323a Convert reference counts in crypto/ 6f2e733 Add infrastructure for reference counts. daaff93 Use C11 _Static_assert where available. dc8c739 Implement |DES_ede2_cbc_encrypt|. a7997f1 Set minimum DH group size to 1024 bits. 4a7b70d Add LICENSE file. b3a262c Fix |SSLeay|. f0320d3 Fix use after free in X509. 3dacff9 Always include x86_64-gcc.c in the standalone build. 9660032 Don't use x86_64-gcc.c with NO_ASM. 81091d5 Don't use uninitialized memory in RAND_bytes. d72e284 Support arbitrary elliptic curve groups. a07c0fc Fix SSL_get_current_cipher. 4b27d9f Never resume sessions on renegotiations. 785e07b Copy ecdsa_meth in EC_KEY_copy. 08dc68d Define no-op options consistently. e6df054 Add s->s3->initial_handshake_complete. 897e5e0 Default renegotiations to off. 4690bb5 Port cipher_test to file_test. 771a138 Add missing #include for abort() de12d6c Mind the end of the buffer in aligned case of generic RC4 implementation. 5694b3a Fix invalid assert in CRYPTO_ctr128_encrypt. 9b68e72 Define compatibility function |ERR_remove_state|. 2607383 Fix generate_build_files.py to account for crypto/test. af3d5bd Add no-op |RAND_load_file| function for compatibility. 58e95fc Remove a spurious semicolon after |DECLARE_LHASH_OF|. 3c65171 Add buffer.h for compatibility. c85373d Use EVP_AEAD_CTX in crypto/cipher/internal.h. (cherry picked from commit f4e427204234da139fd0585def4b4e22502e33f0) cfb958c Fix Windows SDK build again Bug: 21325235 Change-Id: Icb01f6393bedebea332fc62dd92b8f6af7d49d9b
* Disable 0xcafe cipher suite (PSK with AES-GCM).Adam Langley2015-06-021-1/+1
| | | | | | | | | | This is a non-standard cipher suite that's not used in the Android system. (cherry picked from commit 0d4deb2be14e6590f332920f62b84ef04d153ed1) Bug: 21522548 Change-Id: I07a2783965e9e891473327c9039583b4f89e9f27
* Add |BIO_read_asn1| to read a single ASN.1 object.Adam Langley2015-05-223-1/+235
| | | | | | | | | | | | | Android needs to be able to read a PKCS#7 blob from a Java InputStream. This change adds |BIO_read_asn1| which reads a single ASN.1 object from the start of a BIO without overreading. (Taken from upstream's https://boringssl-review.googlesource.com/4800) (cherry picked from commit f5cea4e0c1c842a9de02ce39cd6ff7ae66363b21) Bug: 21396526 Bug: 21209493 Change-Id: Id88f34bedfdff4963c72bcd5c84f2915785d1fcd
* external/boringssl: add -Wno-unused-parameters.Adam Langley2015-05-211-4/+9
| | | | | | | | | | | Clang is throwing errors becaues of unused parameters, but not all parameters are supposed to be used. Also, having errors in Android that aren't enforced upstream invites this problem repeating ever more in the future. Bug: 21304073 Change-Id: I8e81d6d6659896b5b16a1406e8637e489f8059fd (cherry picked from commit 71cbcbedb24dacc402647b2e8b2a52b76cf5cfc2)
* external/boringssl: fix |SSLeay|.Adam Langley2015-05-212-5/+6
| | | | | | | | | | SSLeay is a compatibility function for OpenSSL, but I got it wrong. It doesn't return a string, it returns a number. This doesn't end up making any difference, but it fixes a warning when building OpenSSH. Bug: 21304170 Change-Id: I3e4bb0240b18647cfe2a3ce5869948a4527ff0f0 (cherry picked from commit 12addf8c63e77091bece8ad715f30cfd957a5332)
* Copy ecdsa_meth in EC_KEY_copy.Adam Langley2015-05-151-0/+5
| | | | | | | | This change imports 785e07b23d965e1e984c2ee9f6a0dbe06d3d658e from upstream into Android. Change-Id: I5fb67b5c39d62d6f2a2dd6980cc97569a7686eac (cherry picked from commit 5a0d510b257df371302288e9cc97f01f72b5b19b)
* external/boringssl: disable ChaCha20-Poly1305 cipher suites.Adam Langley2015-05-132-0/+4
| | | | | | | | | | | | | These cipher suites aren't IETF defined (and the IETF will define them slightly differently when it finally does assign real code points to them.) Since an Android system release endures for many years, this change removes support for them so that we don't have to worry about this temporary design for years to come. (cherry picked from commit a070e0505bdc6059effdb77dba24c64f75957604) Bug: 20950559 Change-Id: I97bc7f72b44cf908e8ce74d4b1ab0b3c2970ec3c
* external/boringssl: update #define guards for x86_64-gcc.c.Adam Langley2015-05-131-2/+2
| | | | | | | | | | | | | OS X builds with NO_ASM and was getting both generic.c and x86_64-gcc.c. This change updates the latter so that it's excluded in NO_ASM builds. This is a reland of 53b609c9, which got lost in the last BoringSSL sync because I forgot to send it upstream. (cherry pick of commit 9eb412c41ab99313c5909fba90801c3bff404a10) Bug: 21085331 Change-Id: I825c8903e7b6217bfddc0c3b94f1b2bc00561c73
* MinGW on Linux uses lowercase include files, part 2Kenny Root2015-05-132-2/+2
| | | | | | | | | | | On Windows this doesn't matter since the filesystems are case- insensitive, but building BoringSSL on Linux with MinGW has case-sensitive filesystems. (cherry picked from commit 9385cb180789855cbce47d20173d90999724e428) Bug: 21085331 Change-Id: I1a145ee8dbb74a9f82e23ac40e7b9d23e03ccffc
* Update to latest BoringSSLKenny Root2015-05-130-0/+0
| | | | | Bug: 21085331 Change-Id: Ifc8d5cb8e3e7ad1b55463e814beff12a1b59f3cc
* am 12956e17: Merge "external/boringssl: support arbitrary elliptic curve ↵Kenny Root2015-05-134-501/+555
|\ | | | | | | | | | | | | groups." * commit '12956e176de90a3e64b6960071746276ea01bcb7': external/boringssl: support arbitrary elliptic curve groups.
| * Merge "external/boringssl: support arbitrary elliptic curve groups."Kenny Root2015-05-134-501/+555
| |\
| | * external/boringssl: support arbitrary elliptic curve groups.Adam Langley2015-05-124-501/+555
| | | | | | | | | | | | | | | | | | | | | This change exposes the functions needed to support arbitrary elliptic curve groups for Android. Change-Id: I66a3662d393deadd718e43d91420fecf050502c2
* | | am aae4cd28: external/boringssl: work around Clang\'s lack of adrl.Adam Langley2015-05-131-0/+4
|\ \ \ | |/ / | | | | | | | | | * commit 'aae4cd28e487a1554bc5d290b73fcf9aeeb31370': external/boringssl: work around Clang's lack of adrl.
| * | external/boringssl: work around Clang's lack of adrl.Adam Langley2015-05-131-0/+4
| |/ | | | | | | | | | | | | | | | | | | This change works around Clang's lack of support for the adrl pseudo-instruction by disabling Clang's as for BoringSSL. See https://android-review.googlesource.com/#/c/150503/ for an alternative solution that was discarded. Change-Id: I1587376f8d864b7ea0c1fc953c7ea8a8552146e6
* | am 62d05888: external/boringssl: add P-521 back into the ClientHello.Adam Langley2015-05-131-0/+3
|\ \ | |/ | | | | | | * commit '62d05888d1cf178d900b54e7e035928abea512b1': external/boringssl: add P-521 back into the ClientHello.
| * external/boringssl: add P-521 back into the ClientHello.Adam Langley2015-05-121-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | This change does strange things to servers which take it as clue that nothing to do with P-521 is acceptable just because it's missing from the ClientHello. Hopefully for the next Android release we can remove this and replace it with the support for the CFRG curves. Bug: 20634927 Change-Id: I1d1a65cd82f68ac6d8da5560075cbacaebf539e1
* | am e9ada863: external/boringssl: bump revision.Adam Langley2015-05-13512-36956/+85103
|\ \ | |/ | | | | | | * commit 'e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5': external/boringssl: bump revision.
| * external/boringssl: bump revision.Adam Langley2015-05-12512-36956/+85103
| | | | | | | | | | | | This change bumps the BoringSSL revision to the current tip-of-tree. Change-Id: I91d5bf467e16e8d86cb19a4de873985f524e5faa
* | am b3106a0c: Fix doc reference to EVP_AEAD_max_overheadKenny Root2015-05-121-2/+2
|\ \ | |/ | | | | | | * commit 'b3106a0cc1493bbe0505c0ec0ce3da4ca90a29ae': Fix doc reference to EVP_AEAD_max_overhead
| * Fix doc reference to EVP_AEAD_max_overheadKenny Root2015-05-081-2/+2
| | | | | | | | | | | | The documentation referred to the old name of EVP_AEAD_overhead. Change-Id: Ifaaf1a703686935bba561a70ecace76f0dd0c290
* | am b9b62a03: Rename ECDHE-PSK-WITH-AES-128-GCM-SHA256 to follow the naming ↵Adam Langley2015-04-290-0/+0
|\ \ | | | | | | | | | | | | | | | | | | conventions. * commit 'b9b62a0342679ff456d1e0d95ffe00fa4d988469': Rename ECDHE-PSK-WITH-AES-128-GCM-SHA256 to follow the naming conventions.
| * | Rename ECDHE-PSK-WITH-AES-128-GCM-SHA256 to follow the naming conventions.Adam Langley2015-04-292-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | “ECDHE-PSK-WITH-AES-128-GCM-SHA256” doesn't follow the standard naming for OpenSSL: it was “-WITH-” in it and has a hyphen between “AES” and “128”. This change fixes that. (cherry picked from commit cbe62cb9f697fcdea54dfa6d289c39a0c09007f3) Change-Id: Ie504624857f227fb18835a99cec7c3363beeed96
* | | am cbe62cb9: Rename ECDHE-PSK-WITH-AES-128-GCM-SHA256 to follow the naming ↵Adam Langley2015-04-292-2/+2
|\ \ \ | |/ / |/| / | |/ | | | | | | conventions. * commit 'cbe62cb9f697fcdea54dfa6d289c39a0c09007f3': Rename ECDHE-PSK-WITH-AES-128-GCM-SHA256 to follow the naming conventions.
| * Rename ECDHE-PSK-WITH-AES-128-GCM-SHA256 to follow the naming conventions.Adam Langley2015-04-292-2/+2
| | | | | | | | | | | | | | | | “ECDHE-PSK-WITH-AES-128-GCM-SHA256” doesn't follow the standard naming for OpenSSL: it was “-WITH-” in it and has a hyphen between “AES” and “128”. This change fixes that. Change-Id: Ie504624857f227fb18835a99cec7c3363beeed96
* | am 7a759c78: Fix SSL_get0_chain_certs.Adam Langley2015-04-241-0/+1
|\ \ | |/ | | | | | | * commit '7a759c7828289d9ba48d980baf1db32372e17e82': Fix SSL_get0_chain_certs.
| * Fix SSL_get0_chain_certs.Adam Langley2015-04-241-0/+1
| | | | | | | | | | | | | | | | | | | | | | SSL_get0_chain_certs calls a ctrl function with SSL_CTRL_GET_CHAIN_CERTS. The switch failed to set a positive return value and so the call always appeared to fail. (Imported from upstream's https://boringssl-review.googlesource.com/#/c/4521/) Change-Id: Ia69c404c528b0cb01c7ff5e56ca8a8415265fa73
* | am d8eaa8b9: Use SSL_MODE_SEND_FALLBACK_SCSV.Adam Langley2015-04-243-15/+14
|\ \ | |/ | | | | | | * commit 'd8eaa8b9e9911a0d3539917fb8134e3b19205a3e': Use SSL_MODE_SEND_FALLBACK_SCSV.
| * Use SSL_MODE_SEND_FALLBACK_SCSV.Adam Langley2015-04-243-15/+14
| | | | | | | | | | | | | | | | | | | | Upstream settled in this API, and it's also the one that we expect internally and that third_party code will expect. This is an import of upstream's 5f0efe06e199a1bd96f161eb45f3dd76924cdc2a. Change-Id: Ib4c7054a382dccdd23919407742bd037b9653a4b
* | am d82ab38c: Ensure BN_asc2bn, BN_dec2bn, and BN_hex2bn never give -0.Adam Langley2015-04-232-10/+11
|\ \ | |/ | | | | | | * commit 'd82ab38ca2b63638a2cb0b5d8a2c76d90c86dd31': Ensure BN_asc2bn, BN_dec2bn, and BN_hex2bn never give -0.
| * Ensure BN_asc2bn, BN_dec2bn, and BN_hex2bn never give -0.Adam Langley2015-04-232-10/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | When |BN_dec2bn| and |BN_hex2bn| were merged (way back in the initial BoringSSL change), the neg flag was set too soon and could be cleared by |BN_add_word|. This is an import of upstream's c85573cc. The unittest change isn't included here because bn_test.c has changed significantly in upstream and BoringSSL unittests aren't run in the Android environment. Bug: 20523350 Change-Id: Iaf8efe2fe3419218437f5ebb9a15f73559860a0f
* | am 217eaab3: external/boringssl: export EC_GROUP_set_point_conversion_form ↵Adam Langley2015-04-210-0/+0
|\ \ | |/ | | | | | | | | | | symbol. * commit '217eaab310220731646f2a1a0159d71e4eb09d4a': external/boringssl: export EC_GROUP_set_point_conversion_form symbol.
| * external/boringssl: export EC_GROUP_set_point_conversion_form symbol.Adam Langley2015-04-211-2/+2
| | | | | | | | | | | | | | | | | | In https://android-review.googlesource.com/#/c/147551/, I missed the OPENSSL_EXPORT tag thus the .so doesn't expose it as a dynamic symbol. BUG=20419899 Change-Id: I849888cf9a3383570b352911867e983b547e6742
* | external/boringssl: export EC_GROUP_set_point_conversion_form symbol.Adam Langley2015-04-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | In https://android-review.googlesource.com/#/c/147551/, I missed the OPENSSL_EXPORT tag thus the .so doesn't expose it as a dynamic symbol. BUG=20419899 (cherry picked from commit 217eaab310220731646f2a1a0159d71e4eb09d4a) Change-Id: Iec03fe771b131c9bc7547bd163c338eb6636a6e7
generated by cgit v1.1 at 2024-05-05 20:27:27 +0000