| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| | |
https://github.com/LineageOS/android_external_boringssl into replicant-6.0
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a more complete fix for CVE-2016-2182. The original commit
message was:
"If an oversize BIGNUM is presented to BN_bn2dec() it can cause
BN_div_word() to fail and not reduce the value of 't' resulting
in OOB writes to the bn_data buffer and eventually crashing.
Fix by checking return value of BN_div_word() and checking writes
don't overflow buffer.
Thanks to Shi Lei for reporting this bug."
BoringSSL's rewrite commit message:
"958aaf1ea1b481e8ef32970d5b0add80504be4b2, imported from upstream, had
an off-by-one error. Reproducing the failure is fairly easy as it can't
even serialize 1. See also upstream's
099e2968ed3c7d256cda048995626664082b1b30.
Rewrite the function completely with CBB and add a basic test.
BUG=chromium:639740"
CVE-2016-2182
Change-Id: I41a91514c4bb9e83854824ed5258ffe4e49d9491
Bug: 32096880
(cherry picked from commit 29b92ab938c1a17d4d1b3b039042a0f499f58b5d)
(cherry picked from commit 54bf62a81586d99d0a951ca3342d569b59e69b80
with adaptations from <sultanxda@gmail.com>)
|
| |/
|
|
|
|
|
| |
build fix backported from newer boringssl on cm-14.1
Change-Id: I9342170ffc123310e83dd221b33059422ee4d7c8
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
| |\
| |
| |
| |
| |
| |
| | |
CYNGNOS-3303
Android 6.0.1 release 74
Change-Id: I74fadbfb9c05b2e1ce69f27809add70a2c89ec15
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Note that while |DES_ede2_cbc_encrypt| exists, I didn't use it: I
think it's easier to see what's happening this way.
(I couldn't find an authoritative source of test data, including in
OpenSSL's source, so I used OpenSSL's implementation to produce the
test ciphertext.)
This benefits globalplatform.
(cherry picked from commit 8c413a2d94fa720fae6a7d9c939e33978f3ed25b)
Bug: 31081987
Change-Id: I7e17ca0b69067d7b3f4bc213b4616eb269882ae0
Reviewed-on: https://boringssl-review.googlesource.com/5724
Reviewed-by: Adam Langley <agl@google.com>
(cherry picked from commit 9f12ca8242e6de532a8c947804d9dcf047c45af8)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(cherry picked from commit 6bfdc63114d7921037f44e7e3145c706b9ffb2e4)
Bug: 31081987
Change-Id: I0f27fa1897d2f0a148203610ccd5c6c7967f9f3d
Reviewed-on: https://boringssl-review.googlesource.com/5510
Reviewed-by: Adam Langley <agl@google.com>
(cherry picked from commit 15706c2705f748c4e70fa8f9204a1e2cdf5181d0)
|
| |\ \
| |/
| |
| |
| |
| | |
Ticket: CYNGNOS-3020
Change-Id: Ie0229820d2b426f83b9e29dc8ccb824ee627579a
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(Imported from upstream's 3661bb4e7934668bd99ca777ea8b30eedfafa871.)
Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as
negative.
Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and Hanno Böck
<hanno@hboeck.de> for reporting this issue.
BUG=590615
(cherry-picked from c4eec0c16b02c97a62a95b6a08656c3a9ddb6baa)
Bug: 28175332
Change-Id: I8959e8ae01510a5924862a3f353be23130eee554
Reviewed-on: https://boringssl-review.googlesource.com/7199
Reviewed-by: David Benjamin <davidben@google.com>
|
| |\ \
| |/
| |
| |
| |
| |
| | |
Ticket: CYNGNOS-2373
Android 6.0.1 release 43 (MOB30J)
Change-Id: I00236550a0fdbf7973138627eed31326c37010f0
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, OpenSSL supported many different DSA PKCS#8 encodings. Only
support the standard format. One of the workaround formats (SEQUENCE of
private key and public key) seems to be a workaround for an old Netscape
bug. From inspection, NSS seems to have fixed this from the first open
source commit.
(cherry-picked from 440f1037716eca16f203edb8f03d4a59c92ae0cc)
Bug: 27449871
Change-Id: I1e097b675145954b4d7a0bed8733e5a25c25fd8e
Reviewed-on: https://boringssl-review.googlesource.com/7074
Reviewed-by: Adam Langley <agl@google.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | | |
https://android.googlesource.com/platform/external/boringssl into cm-13.0
Android 6.0.1 release 22
|
| | |\ \
| | |/
| |/| |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is only needed in the mnc-ub-dev branch to deal with the older
build project.
This reverts commit 08656b61d075740bfb24ddcce65223146259fc02.
Change-Id: I7440e3d6371e6d98f1f77705f8bf374e7f37fbe2
|
| | | |\
| | | |
| | | |
| | | |
| | | |
| | | | |
This pulls in the latest version of BoringSSL.
Change-Id: I0ab5c73d60f41a696c9a828fac87670aaca10dec
|
| | | | |\
| | | | |
| | | | |
| | | | |
| | | | | |
* commit '3df15298f187027066b40757c1c0fe209fe8465e':
BoringSSL: always build with symbol visibility flags.
|
| | | | | |\
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* commit '184bc93440dbfefbd499f7164e8a1b22540f5571':
BoringSSL: always build with symbol visibility flags.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When building for shared libraries, setting BORINGSSL_SHARED_LIBRARY,
BORINGSSL_IMPLEMENTATION and setting the default symbol visibility to
“hidden” causes the correct symbol visibility to be set.
This change causes symbol visibility always to be set, even for the
static builds. The reason is the the static builds are often then
included in shared libraries, so they're not really static after all.
Setting the symbol visibility in this case can avoid a lot of references
via the PLT and GOT for internal symbols.
Most importantly, some of the x86 asm code has IP-relative references to
data and, unless the visibility of the target symbol is “hidden”, the
linker believes that it needs a textrel, which breaks linking that code
into shared libraries.
Change-Id: I00e8d045bcece7b872d88bdf965c5baf65c2d639
|
| | | | |\ \ \
| | | | |/ /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
upstream.""
* commit 'd947d006e7a7ebcfdfe642e686250caf2028c2c1':
Revert "Revert "external/boringssl: sync with upstream.""
|
| | | | | |\ \
| | | | | |/
| | | | | |
| | | | | |
| | | | | | |
* commit 'b8494591d1b1a143f3b192d845c238bbf3bc629d':
Revert "Revert "external/boringssl: sync with upstream.""
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This reverts commit a04d78d392463df4e69a64360c952ffa5abd22f7.
Underlying issue was fixed.
Change-Id: I49685b653d16e728eb38e79e02b2c33ddeefed88
|
| | | | |\ \ \
| | | | |/ /
| | | | | |
| | | | | |
| | | | | | |
* commit '00bc53f6f4436972b7a8dcf2c1e5fd0ad7515872':
Revert "external/boringssl: sync with upstream."
|
| | | | | |\ \
| | | | | |/
| | | | | |
| | | | | |
| | | | | | |
* commit 'a04d78d392463df4e69a64360c952ffa5abd22f7':
Revert "external/boringssl: sync with upstream."
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This reverts commit 1e4884f615b20946411a74e41eb9c6aa65e2d5f3.
This breaks some x86 builds.
Change-Id: I4d4310663ce52bc0a130e6b9dbc22b868ff4fb25
|
| | | | |\ \ \
| | | | |/ /
| | | | | |
| | | | | |
| | | | | | |
* commit '3781a60670f92c3c6fca860cb4589495cefa2e56':
external/boringssl: sync with upstream.
|
| | | | | |\ \
| | | | | |/
| | | | | |
| | | | | |
| | | | | | |
* commit '1e4884f615b20946411a74e41eb9c6aa65e2d5f3':
external/boringssl: sync with upstream.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This change imports the current version of BoringSSL. The only local
change now is that |BORINGSSL_201509| is defined in base.h. This allows
this change to be made without (hopefully) breaking the build.
This change will need https://android-review.googlesource.com/172744 to
be landed afterwards to update a test.
Change-Id: I6d1f463f7785a2423bd846305af91c973c326104
|
| | | | |\ \ \
| | | | |/ /
| | | | | |
| | | | | |
| | | | | | |
* commit '4ca36931e543512682d75e8e6d923144261dfd4d':
Whitelist windows modules
|
| | | | | |\ \
| | | | | |/
| | | | | |
| | | | | |
| | | | | | |
* commit '08656b61d075740bfb24ddcce65223146259fc02':
Whitelist windows modules
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
And stop changing variables based on HOST_OS.
Bug: 23566667
Change-Id: I3b3b2f0aef066eb224cb1fa6f2e9f32c32695711
|
| | | | |\ \ \
| | | | |/ /
| | | | | |
| | | | | | |
* commit '929d45bbdac9245b6516f033fb7ce4059a9067b8':
|
| | | | | |\ \
| | | | | |/
| | | | | |
| | | | | |
| | | | | | |
* commit 'e25abed5ef1542dc435905e05597fe374382fbec':
Fix and re-enable clang build.
|
| | | | |\ \ \
| | | | |/ /
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
build.
* commit '5100c0f3f529f9eba6ea43310abdbbf6bb84ac4d':
|
| | | | | |\ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* commit '13204c36644625f117cc23bb9f2121b76653555f':
Disable clang build temporarily to fix build.
|
| | | | |\ \ \ \
| | | | |/ / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Icdc56a50,I63d5dc28,Ia7d0c5d8,I47406533
* commit '3b2c60656d36f47063e972b9aa2c11ef235253a6':
|
| | | | | |\ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* commit '07f4f42347557420f105a72d9a93bc8ee88a3dc5':
Handle RDRAND failures.
dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key.
Fix for CVE-2015-1789.
Fixes for CVE-2015-1791.
|
| | | | |\ \ \ \ \
| | | | | |_|_|/
| | | | |/| | |
| | | | | | | |
| | | | | | | | |
* commit 'e25abed5ef1542dc435905e05597fe374382fbec':
Fix and re-enable clang build.
|
| | | | | | |_|/
| | | | |/| |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
TARGET_ARCH will be arm64 even when building the 32-bit code for an
aarch64 target. Properly restrict the use of the armv8-a+crypto flag.
Change-Id: Ica762d0ee22f35638a052afb2c904d49e2d08653
|
| | | | |\ \ \ \
| | | | |/ / /
| | | | | | |
| | | | | | |
| | | | | | | |
* commit '13204c36644625f117cc23bb9f2121b76653555f':
Disable clang build temporarily to fix build.
|
| | | | | | |/
| | | | |/|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The new clang doesn't like armv8-a+crypto, and it's not clear why yet.
Disabling clang while we investigate.
Change-Id: I255af7c7fd503ded43e8aeaf54a07f423f870aaa
|
| | | | |\ \ \
| | | | |/ /
| | | | | /
| | | | |/
| | | |/|
| | | | |
| | | | |
| | | | | |
* commit '07f4f42347557420f105a72d9a93bc8ee88a3dc5':
Handle RDRAND failures.
dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key.
Fix for CVE-2015-1789.
Fixes for CVE-2015-1791.
|
| | | | | |\
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* changes:
Handle RDRAND failures.
dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key.
Fix for CVE-2015-1789.
Fixes for CVE-2015-1791.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
I mistakenly believed that only RDSEED could fail. However, the Intel
manuals state that RDRAND can fail too.
This change cherry-picks the following BoringSSL changes:
2cac3506 – Handle RDRAND failures.
248abbd7 – Add missing comma in .type pragma for rdrand code.
Change-Id: Icdc56a50ce36e9c525063583882c676a5312d313
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This change cherry-picks BoringSSL's e65886a5.
Change-Id: I63d5dc280d420b64b658bfd85f180a01adb8a18b
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
X509_cmp_time does not properly check the length of the ASN1_TIME string
and can read a few bytes out of bounds. In addition, X509_cmp_time
accepts an arbitrary number of fractional seconds in the time string.
An attacker can use this to craft malformed certificates and CRLs of
various sizes and potentially cause a segmentation fault, resulting in a
DoS on applications that verify certificates or CRLs. TLS clients that
verify CRLs are affected. TLS clients and servers with client
authentication enabled may be affected if they use custom verification
callbacks.
This change cherry-picks the following changes from BoringSSL:
d87021d2 – Fix length checks in X509_cmp_time to avoid out-of-bounds reads.
Change-Id: Ia7d0c5d889f61a3c4be6ea79a5ab41f67bc3c65c
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.
This change cherry-picks the following BoringSSL changes:
b31040d0 – Get rid of CERT_PKEY slots in SESS_CERT.
fd67aa8c – Add SSL_SESSION_from_bytes.
95d31825 – Duplicate SSL_SESSIONs when renewing them.
d65bb78c – Add SSL_initial_handshake_complete.
680ca961 – Preserve session->sess_cert on ticket renewal.
Change-Id: I474065330842e4ab0066b2485c1489a50e4dfd5b
|
| | | | |\ \ \
| | | | |/ /
| | | | | |
| | | | | |
| | | | | | |
* commit '71a0705e8fc5c39ca5b1daa512ef90c37246a76f':
Add a build target to build bssl for host.
|
| | | | | |/
| | | | |
| | | | |
| | | | | |
Change-Id: I22c079a2486acc2aa68c4b99f026bbdcbea9d4ff
|
| | | | |\ \
| | | |/ /
| | |/| |
| | | | |
| | | | | |
* commit '691ef9d0ff0ece39ffd6a58960a7cd195ef584ae':
Add rules.mk for building Trusty.
|
| | | |\ \ \
| | |/ / /
| |/| | |
| | | | |
| | | | | |
* commit 'f7063c1e913edebd3402a2c2467c1bdb3d4b79a9':
Add rules.mk for building Trusty.
|
| | | | |\ \
| | | |/ /
| | |/| |
| | | | |
| | | | | |
* commit 'f7fe69bb92ec196fc97ab65f678de993e00e41b7':
Add ECDHE-PSK-AES{128,256}-SHA cipher suites.
|
