summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix encoding bug in i2c_ASN1_INTEGERstable/cm-13.0-ZNH2KBAdam Langley2016-07-081-1/+3
| | | | | | | | | | | | | | | | | | | | | (Imported from upstream's 3661bb4e7934668bd99ca777ea8b30eedfafa871.) Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as negative. Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and Hanno Böck <hanno@hboeck.de> for reporting this issue. BUG=590615 Ticket: CYNGNOS-3020 (cherry-picked from c4eec0c16b02c97a62a95b6a08656c3a9ddb6baa) Bug: 28175332 Change-Id: I8959e8ae01510a5924862a3f353be23130eee554 Reviewed-on: https://boringssl-review.googlesource.com/7199 Reviewed-by: David Benjamin <davidben@google.com> (cherry picked from commit 33ce65e3fe4122e5f83e97bae4b110398a024002)
* Remove support for mis-encoded PKCS#8 DSA keys.David Benjamin2016-05-031-53/+7
| | | | | | | | | | | | | | | | | Previously, OpenSSL supported many different DSA PKCS#8 encodings. Only support the standard format. One of the workaround formats (SEQUENCE of private key and public key) seems to be a workaround for an old Netscape bug. From inspection, NSS seems to have fixed this from the first open source commit. (cherry-picked from 440f1037716eca16f203edb8f03d4a59c92ae0cc) Ticket: CYNGNOS-2373 Bug: 27449871 Change-Id: I1e097b675145954b4d7a0bed8733e5a25c25fd8e Reviewed-on: https://boringssl-review.googlesource.com/7074 Reviewed-by: Adam Langley <agl@google.com> (cherry picked from commit c042e7ed31f9ee2d85637320c0cd54b12bbb12fe)
* Merge tag 'android-6.0.1_r22' of ↵staging/cm-13.0+r22Steve Kondik2016-03-100-0/+0
|\ | | | | | | | | | | https://android.googlesource.com/platform/external/boringssl into cm-13.0 Android 6.0.1 release 22
| * keep history after reset to mnc-dr-devBaligh Uddin2016-01-250-0/+0
| |\
| | * DO NOT MERGE ANYWHERE Revert "Whitelist windows modules"Kenny Root2015-10-022-15/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | This is only needed in the mnc-ub-dev branch to deal with the older build project. This reverts commit 08656b61d075740bfb24ddcce65223146259fc02. Change-Id: I7440e3d6371e6d98f1f77705f8bf374e7f37fbe2
| | * Merge mnc-dr-dev-plus-aosp into mnc-ub-devKenny Root2015-10-02455-26593/+23504
| | |\ | | | | | | | | | | | | | | | | | | | | This pulls in the latest version of BoringSSL. Change-Id: I0ab5c73d60f41a696c9a828fac87670aaca10dec
| | | * am 3df15298: am 184bc934: BoringSSL: always build with symbol visibility flags.Adam Langley2015-09-251-6/+6
| | | |\ | | | | | | | | | | | | | | | | | | | | * commit '3df15298f187027066b40757c1c0fe209fe8465e': BoringSSL: always build with symbol visibility flags.
| | | | * am 184bc934: BoringSSL: always build with symbol visibility flags.Adam Langley2015-09-251-6/+6
| | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | * commit '184bc93440dbfefbd499f7164e8a1b22540f5571': BoringSSL: always build with symbol visibility flags.
| | | | | * BoringSSL: always build with symbol visibility flags.Adam Langley2015-09-251-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When building for shared libraries, setting BORINGSSL_SHARED_LIBRARY, BORINGSSL_IMPLEMENTATION and setting the default symbol visibility to “hidden” causes the correct symbol visibility to be set. This change causes symbol visibility always to be set, even for the static builds. The reason is the the static builds are often then included in shared libraries, so they're not really static after all. Setting the symbol visibility in this case can avoid a lot of references via the PLT and GOT for internal symbols. Most importantly, some of the x86 asm code has IP-relative references to data and, unless the visibility of the target symbol is “hidden”, the linker believes that it needs a textrel, which breaks linking that code into shared libraries. Change-Id: I00e8d045bcece7b872d88bdf965c5baf65c2d639
| | | * | | am d947d006: am b8494591: Revert "Revert "external/boringssl: sync with ↵Kenny Root2015-09-25450-26575/+23106
| | | |\ \ \ | | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | upstream."" * commit 'd947d006e7a7ebcfdfe642e686250caf2028c2c1': Revert "Revert "external/boringssl: sync with upstream.""
| | | | * | am b8494591: Revert "Revert "external/boringssl: sync with upstream.""Kenny Root2015-09-25450-26575/+23106
| | | | |\ \ | | | | | |/ | | | | | | | | | | | | | | | | | | * commit 'b8494591d1b1a143f3b192d845c238bbf3bc629d': Revert "Revert "external/boringssl: sync with upstream.""
| | | | | * Revert "Revert "external/boringssl: sync with upstream.""Kenny Root2015-09-25450-26575/+23106
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit a04d78d392463df4e69a64360c952ffa5abd22f7. Underlying issue was fixed. Change-Id: I49685b653d16e728eb38e79e02b2c33ddeefed88
| | | * | | am 00bc53f6: am a04d78d3: Revert "external/boringssl: sync with upstream."Kenny Root2015-09-25450-23106/+26575
| | | |\ \ \ | | | | |/ / | | | | | | | | | | | | | | | | | | * commit '00bc53f6f4436972b7a8dcf2c1e5fd0ad7515872': Revert "external/boringssl: sync with upstream."
| | | | * | am a04d78d3: Revert "external/boringssl: sync with upstream."Kenny Root2015-09-25450-23106/+26575
| | | | |\ \ | | | | | |/ | | | | | | | | | | | | | | | | | | * commit 'a04d78d392463df4e69a64360c952ffa5abd22f7': Revert "external/boringssl: sync with upstream."
| | | | | * Revert "external/boringssl: sync with upstream."Kenny Root2015-09-25450-23106/+26575
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 1e4884f615b20946411a74e41eb9c6aa65e2d5f3. This breaks some x86 builds. Change-Id: I4d4310663ce52bc0a130e6b9dbc22b868ff4fb25
| | | * | | am 3781a606: am 1e4884f6: external/boringssl: sync with upstream.Adam Langley2015-09-24450-26575/+23106
| | | |\ \ \ | | | | |/ / | | | | | | | | | | | | | | | | | | * commit '3781a60670f92c3c6fca860cb4589495cefa2e56': external/boringssl: sync with upstream.
| | | | * | am 1e4884f6: external/boringssl: sync with upstream.Adam Langley2015-09-24450-26575/+23106
| | | | |\ \ | | | | | |/ | | | | | | | | | | | | | | | | | | * commit '1e4884f615b20946411a74e41eb9c6aa65e2d5f3': external/boringssl: sync with upstream.
| | | | | * external/boringssl: sync with upstream.Adam Langley2015-09-24450-26575/+23106
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change imports the current version of BoringSSL. The only local change now is that |BORINGSSL_201509| is defined in base.h. This allows this change to be made without (hopefully) breaking the build. This change will need https://android-review.googlesource.com/172744 to be landed afterwards to update a test. Change-Id: I6d1f463f7785a2423bd846305af91c973c326104
| | | * | | am 4ca36931: am 08656b61: Whitelist windows modulesDan Willemsen2015-09-032-13/+15
| | | |\ \ \ | | | | |/ / | | | | | | | | | | | | | | | | | | * commit '4ca36931e543512682d75e8e6d923144261dfd4d': Whitelist windows modules
| | | | * | am 08656b61: Whitelist windows modulesDan Willemsen2015-09-032-13/+15
| | | | |\ \ | | | | | |/ | | | | | | | | | | | | | | | | | | * commit '08656b61d075740bfb24ddcce65223146259fc02': Whitelist windows modules
| | | | | * Whitelist windows modulesDan Willemsen2015-08-282-13/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | And stop changing variables based on HOST_OS. Bug: 23566667 Change-Id: I3b3b2f0aef066eb224cb1fa6f2e9f32c32695711
| | | * | | am 929d45bb: (-s ours) am e25abed5: Fix and re-enable clang build.Dan Albert2015-08-270-0/+0
| | | |\ \ \ | | | | |/ / | | | | | | | | | | | | * commit '929d45bbdac9245b6516f033fb7ce4059a9067b8':
| | | | * | am e25abed5: Fix and re-enable clang build.Dan Albert2015-08-151-12/+2
| | | | |\ \ | | | | | |/ | | | | | | | | | | | | | | | | | | * commit 'e25abed5ef1542dc435905e05597fe374382fbec': Fix and re-enable clang build.
| | | * | | am 5100c0f3: (-s ours) am 13204c36: Disable clang build temporarily to fix ↵Dan Albert2015-08-270-0/+0
| | | |\ \ \ | | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | build. * commit '5100c0f3f529f9eba6ea43310abdbbf6bb84ac4d':
| | | | * | am 13204c36: Disable clang build temporarily to fix build.Dan Albert2015-08-151-6/+8
| | | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit '13204c36644625f117cc23bb9f2121b76653555f': Disable clang build temporarily to fix build.
| | | * | \ \ am 3b2c6065: (-s ours) am 07f4f423: Merge changes ↵Kenny Root2015-08-270-0/+0
| | | |\ \ \ \ | | | | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Icdc56a50,I63d5dc28,Ia7d0c5d8,I47406533 * commit '3b2c60656d36f47063e972b9aa2c11ef235253a6':
| | | | * | | am 07f4f423: Merge changes Icdc56a50,I63d5dc28,Ia7d0c5d8,I47406533Kenny Root2015-07-2420-433/+802
| | | | |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit '07f4f42347557420f105a72d9a93bc8ee88a3dc5': Handle RDRAND failures. dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key. Fix for CVE-2015-1789. Fixes for CVE-2015-1791.
| | | * | \ \ \ am e25abed5: Fix and re-enable clang build.Dan Albert2015-08-151-12/+2
| | | |\ \ \ \ \ | | | | | |_|_|/ | | | | |/| | | | | | | | | | | | | | | | | | | * commit 'e25abed5ef1542dc435905e05597fe374382fbec': Fix and re-enable clang build.
| | | | * | | | Fix and re-enable clang build.Dan Albert2015-08-141-12/+2
| | | | | |_|/ | | | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TARGET_ARCH will be arm64 even when building the 32-bit code for an aarch64 target. Properly restrict the use of the armv8-a+crypto flag. Change-Id: Ica762d0ee22f35638a052afb2c904d49e2d08653
| | | * | | | am 13204c36: Disable clang build temporarily to fix build.Dan Albert2015-08-151-6/+8
| | | |\ \ \ \ | | | | |/ / / | | | | | | | | | | | | | | | | | | | | | * commit '13204c36644625f117cc23bb9f2121b76653555f': Disable clang build temporarily to fix build.
| | | | * | | Disable clang build temporarily to fix build.Dan Albert2015-08-141-6/+8
| | | | | |/ | | | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new clang doesn't like armv8-a+crypto, and it's not clear why yet. Disabling clang while we investigate. Change-Id: I255af7c7fd503ded43e8aeaf54a07f423f870aaa
| | | * | | am 07f4f423: Merge changes Icdc56a50,I63d5dc28,Ia7d0c5d8,I47406533Kenny Root2015-07-2420-433/+802
| | | |\ \ \ | | | | |/ / | | | | | / | | | | |/ | | | |/| | | | | | | | | | | | | | | | * commit '07f4f42347557420f105a72d9a93bc8ee88a3dc5': Handle RDRAND failures. dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key. Fix for CVE-2015-1789. Fixes for CVE-2015-1791.
| | | | * Merge changes Icdc56a50,I63d5dc28,Ia7d0c5d8,I47406533Kenny Root2015-07-2420-433/+802
| | | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * changes: Handle RDRAND failures. dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key. Fix for CVE-2015-1789. Fixes for CVE-2015-1791.
| | | | | * Handle RDRAND failures.Adam Langley2015-06-237-20/+200
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I mistakenly believed that only RDSEED could fail. However, the Intel manuals state that RDRAND can fail too. This change cherry-picks the following BoringSSL changes: 2cac3506 – Handle RDRAND failures. 248abbd7 – Add missing comma in .type pragma for rdrand code. Change-Id: Icdc56a50ce36e9c525063583882c676a5312d313
| | | | | * dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key.Adam Langley2015-06-231-3/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change cherry-picks BoringSSL's e65886a5. Change-Id: I63d5dc280d420b64b658bfd85f180a01adb8a18b
| | | | | * Fix for CVE-2015-1789.Adam Langley2015-06-231-7/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string. An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. This change cherry-picks the following changes from BoringSSL: d87021d2 – Fix length checks in X509_cmp_time to avoid out-of-bounds reads. Change-Id: Ia7d0c5d889f61a3c4be6ea79a5ab41f67bc3c65c
| | | | | * Fixes for CVE-2015-1791.Adam Langley2015-06-2311-403/+536
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. This change cherry-picks the following BoringSSL changes: b31040d0 – Get rid of CERT_PKEY slots in SESS_CERT. fd67aa8c – Add SSL_SESSION_from_bytes. 95d31825 – Duplicate SSL_SESSIONs when renewing them. d65bb78c – Add SSL_initial_handshake_complete. 680ca961 – Preserve session->sess_cert on ticket renewal. Change-Id: I474065330842e4ab0066b2485c1489a50e4dfd5b
| | | * | | am 71a0705e: Add a build target to build bssl for host.Narayan Kamath2015-07-041-0/+17
| | | |\ \ \ | | | | |/ / | | | | | | | | | | | | | | | | | | * commit '71a0705e8fc5c39ca5b1daa512ef90c37246a76f': Add a build target to build bssl for host.
| | | | * | Add a build target to build bssl for host.Narayan Kamath2015-06-241-0/+17
| | | | |/ | | | | | | | | | | | | | | | Change-Id: I22c079a2486acc2aa68c4b99f026bbdcbea9d4ff
| | | * | am 691ef9d0: am f7063c1e: Add rules.mk for building Trusty.Adam Langley2015-06-300-0/+0
| | | |\ \ | | | |/ / | | |/| | | | | | | | | | | | * commit '691ef9d0ff0ece39ffd6a58960a7cd195ef584ae': Add rules.mk for building Trusty.
| | * | | am f7063c1e: Add rules.mk for building Trusty.Adam Langley2015-06-301-0/+70
| | |\ \ \ | | |/ / / | |/| | | | | | | | | | | | | * commit 'f7063c1e913edebd3402a2c2467c1bdb3d4b79a9': Add rules.mk for building Trusty.
| | | * | am f7fe69bb: am dfb3ba68: Add ECDHE-PSK-AES{128,256}-SHA cipher suites.Adam Langley2015-06-150-0/+0
| | | |\ \ | | | |/ / | | |/| | | | | | | | | | | | * commit 'f7fe69bb92ec196fc97ab65f678de993e00e41b7': Add ECDHE-PSK-AES{128,256}-SHA cipher suites.
| | * | | am dfb3ba68: Add ECDHE-PSK-AES{128,256}-SHA cipher suites.Adam Langley2015-06-155-1/+38
| | |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | * commit 'dfb3ba68fd0011cba7d8e4c1a46295099fef85bf': Add ECDHE-PSK-AES{128,256}-SHA cipher suites.
| | | | * \ resolved conflicts for merge of 6d66cf82 to mnc-dev-plus-aospKenny Root2015-06-150-0/+0
| | | | |\ \ | | | |_|/ / | | |/| | |
| | * | | | am 4bae3aba: Drop ECDHE-PSK-AES-128-GCM.Adam Langley2015-06-154-23/+0
| | |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit '4bae3aba0494da7c4e3c1b28ff978eb38e6323e6': Drop ECDHE-PSK-AES-128-GCM.
| | | | | * \ am 0e6bb1c7: Add ECDHE-PSK-AES{128,256}-SHA cipher suites.Adam Langley2015-06-155-1/+38
| | | | | |\ \ | | | | | | |/ | | | | | | | | | | | | | | | | | | | | | * commit '0e6bb1c72014c26289d09f4deea9c25706be5824': Add ECDHE-PSK-AES{128,256}-SHA cipher suites.
| | | | | | * Add ECDHE-PSK-AES{128,256}-SHA cipher suites.Adam Langley2015-06-155-1/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we're going to have PSK and use standard cipher suites, this might be the best that we can do for the moment. (This is a cherry-pick of BoringSSL's 85bc5601.) Bug: 21522548 Change-Id: Ic94c74a2b3ee2387f640efff510646d1836efbfb
| | | | | * | am a4be71ce: Drop ECDHE-PSK-AES-128-GCM.Adam Langley2015-06-154-23/+0
| | | | | |\ \ | | | | | | |/ | | | | | | | | | | | | | | | | | | | | | * commit 'a4be71cee108bfed76ddb37552b7e48945d91b49': Drop ECDHE-PSK-AES-128-GCM.
| | | | | | * Drop ECDHE-PSK-AES-128-GCM.Adam Langley2015-06-154-23/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the best PSK cipher suite, but it's non-standard and nobody is using it. Trivial to bring back in the future if we have need of it. (Note that this is a no-op in Android because Android had already disabled this cipher suite.) (This is a cherry-pick of BoringSSL's 1feb42a2.) Bug: 21522548 Change-Id: I2a051724500341053595f59e755349544da63ce5
| | | | | * | am 1f76c138: am dbfa1800: s/-Wno-unused-parameters/-Wno-unused-parameter/Adam Langley2015-06-120-0/+0
| | | | | |\ \ | | | |_|_|/ / | | |/| | | | | | | | | | | | | | | | | | * commit '1f76c1381df635b46e93b4a592b1024a4418be24': s/-Wno-unused-parameters/-Wno-unused-parameter/
generated by cgit v1.1 at 2024-04-29 07:09:32 +0000