android-ndk-openssl.git
3 years agoMerge "Opt-out of STL" master
Colin Cross [Fri, 4 Dec 2015 00:49:03 +0000 (00:49 +0000)]
Merge "Opt-out of STL"

3 years agoOpt-out of STL
Colin Cross [Thu, 3 Dec 2015 23:50:48 +0000 (15:50 -0800)]
Opt-out of STL

libssl and libcrypto don't use STL, set LOCAL_CXX_STL := none for the
host modules.

Change-Id: Ib75e18bb5bea995a287858592809a59a696e32ea

4 years agoMerge "Add BIO_up_ref and EVP_PKEY_up_ref"
Kenny Root [Mon, 15 Jun 2015 22:29:36 +0000 (22:29 +0000)]
Merge "Add BIO_up_ref and EVP_PKEY_up_ref"

4 years agoAdd BIO_up_ref and EVP_PKEY_up_ref
Kenny Root [Mon, 15 Jun 2015 22:05:38 +0000 (15:05 -0700)]
Add BIO_up_ref and EVP_PKEY_up_ref

To have parity with BoringSSL, we add this patch so we can properly
ref-count BIO and EVP_PKEY objects in Conscrypt.

Change-Id: I857663e1aaf81f6e797a0e0f6f5b256940e4859b

4 years agoam f35165a9: Merge "Work-around for bionic sigsetjmp bug"
Kenny Root [Fri, 30 Jan 2015 21:22:20 +0000 (21:22 +0000)]
am f35165a9: Merge "Work-around for bionic sigsetjmp bug"

* commit 'f35165a9fe623290659a755598925a833b284e22':
  Work-around for bionic sigsetjmp bug

4 years agoMerge "Work-around for bionic sigsetjmp bug"
Kenny Root [Fri, 30 Jan 2015 21:06:21 +0000 (21:06 +0000)]
Merge "Work-around for bionic sigsetjmp bug"

4 years agoWork-around for bionic sigsetjmp bug
Kenny Root [Fri, 30 Jan 2015 17:16:43 +0000 (09:16 -0800)]
Work-around for bionic sigsetjmp bug

In versions of bionic libc up to and including Android L, the sigsetjmp
didn't properly restore the signal mask when returning from a nonlocal
goto. Add a small wrapper to make sure we call sigprocmask each time we
call sigsetjmp which ensures the SIGILL is masked.

The symptoms of this problem include receiving a SIGILL with a stack
trace or simply receiving the text "Illegal instruction" when running an
application from the command line.

Bug: 15732256
Change-Id: Ic792583da5ccf601afc10828b1a666d24b903a19

4 years agoam decb19d2: Merge "[MIPS] Add mips64 and mips r6 targets."
Kenny Root [Fri, 16 Jan 2015 19:01:11 +0000 (19:01 +0000)]
am decb19d2: Merge "[MIPS] Add mips64 and mips r6 targets."

* commit 'decb19d2ac2fdad6c7f18e920073467c751b616c':
  [MIPS] Add mips64 and mips r6 targets.

4 years agoam 1b07db7a: Merge "Upgrade to 1.0.1l"
Kenny Root [Fri, 16 Jan 2015 18:57:26 +0000 (18:57 +0000)]
am 1b07db7a: Merge "Upgrade to 1.0.1l"

* commit '1b07db7a00d2c02b3f79f73fad18c5d93df18551':
  Upgrade to 1.0.1l

4 years agoMerge "[MIPS] Add mips64 and mips r6 targets."
Kenny Root [Fri, 16 Jan 2015 18:53:19 +0000 (18:53 +0000)]
Merge "[MIPS] Add mips64 and mips r6 targets."

4 years agoMerge "Upgrade to 1.0.1l"
Kenny Root [Fri, 16 Jan 2015 18:44:35 +0000 (18:44 +0000)]
Merge "Upgrade to 1.0.1l"

4 years agoUpgrade to 1.0.1l
Kenny Root [Thu, 15 Jan 2015 19:28:56 +0000 (11:28 -0800)]
Upgrade to 1.0.1l

Upgraded from archive:
4547a0b4269acf76b1f9e7d188896867d6fc8c18  openssl-1.0.1l.tar.gz

Bug: 19031279
Change-Id: I75a958b366628e5522269201280d32634a820ce0

4 years agoam c60ab392: Merge "Upgrade to 1.0.1k"
Kenny Root [Thu, 15 Jan 2015 17:05:55 +0000 (17:05 +0000)]
am c60ab392: Merge "Upgrade to 1.0.1k"

* commit 'c60ab3920b19844a1be640684206de23c695c60c':
  Upgrade to 1.0.1k

4 years ago[MIPS] Add mips64 and mips r6 targets.
Duane Sand [Tue, 25 Nov 2014 20:23:22 +0000 (12:23 -0800)]
[MIPS] Add mips64 and mips r6 targets.

Skip asm code for mips64 and mips rev6 targets.
Upstream mips64 asm code is broken, never tested.
Existing mips32 asm code uses deprecated lwl/r ops.
Use generic C crypto code for new targets, for now.

Mips32 and mips32r6 arch variants have same target arch
'mips' but need different source filename lists.
Handle by conditional assigns in generated make files.

Manual changes to openssl.config and import_openssl.sh .
Then .mk files regenerated by import_openssl.sh .

Change-Id: I8de5f3209d3fde2aaa86f5477568cb2adfbd63cf

4 years agoMerge "Upgrade to 1.0.1k"
Kenny Root [Thu, 15 Jan 2015 16:56:17 +0000 (16:56 +0000)]
Merge "Upgrade to 1.0.1k"

4 years agoUpgrade to 1.0.1k
Kenny Root [Fri, 9 Jan 2015 19:26:46 +0000 (11:26 -0800)]
Upgrade to 1.0.1k

Upgraded from archive:
19d818e202558c212a9583fcdaf876995a633ddf  openssl-1.0.1k.tar.gz

Bug: 18902025
Change-Id: I06349628aa81a5a0876d0f665f9a2a681a8d5d67

4 years agoam 4c4295f0: Merge "CleanSpec: adb uses the static libraries"
Kenny Root [Tue, 16 Dec 2014 20:35:33 +0000 (20:35 +0000)]
am 4c4295f0: Merge "CleanSpec: adb uses the static libraries"

* commit '4c4295f0f9eb277604cb1edb1fa4b177c887ede1':
  CleanSpec: adb uses the static libraries

4 years agoMerge "CleanSpec: adb uses the static libraries"
Kenny Root [Tue, 16 Dec 2014 20:14:02 +0000 (20:14 +0000)]
Merge "CleanSpec: adb uses the static libraries"

4 years agoCleanSpec: adb uses the static libraries
Kenny Root [Tue, 16 Dec 2014 19:32:00 +0000 (11:32 -0800)]
CleanSpec: adb uses the static libraries

Change-Id: Ifbe88906d28d34fdfa256f06d70cd750ebd1a691

4 years agoam 8785f77b: Merge "Use default integrated assembler on darwin."
Kenny Root [Tue, 9 Dec 2014 14:41:01 +0000 (14:41 +0000)]
am 8785f77b: Merge "Use default integrated assembler on darwin."

* commit '8785f77bd4f06bbadf8728e2c190465f19589ea7':
  Use default integrated assembler on darwin.

4 years agoam 420f3303: Merge "Add a cleanspec to ensure that the headers get exported."
Elliott Hughes [Tue, 9 Dec 2014 14:41:01 +0000 (14:41 +0000)]
am 420f3303: Merge "Add a cleanspec to ensure that the headers get exported."

* commit '420f33034007d0e0d7366023346565538e626b49':
  Add a cleanspec to ensure that the headers get exported.

4 years agoMerge "Use default integrated assembler on darwin."
Kenny Root [Mon, 8 Dec 2014 23:06:20 +0000 (23:06 +0000)]
Merge "Use default integrated assembler on darwin."

4 years agoUse default integrated assembler on darwin.
Chih-Hung Hsieh [Mon, 8 Dec 2014 22:37:42 +0000 (14:37 -0800)]
Use default integrated assembler on darwin.

Older versions of clang/llvm on mac cannot compile with
integrated assembler, but newer version must use.

BUG: 17820427
BUG: 18612054
Change-Id: I5cfcdb7fa9c09562cbe6ea609d726af171b32090

4 years agoMerge "Add a cleanspec to ensure that the headers get exported."
Elliott Hughes [Mon, 8 Dec 2014 20:29:39 +0000 (20:29 +0000)]
Merge "Add a cleanspec to ensure that the headers get exported."

4 years agoAdd a cleanspec to ensure that the headers get exported.
Elliott Hughes [Mon, 8 Dec 2014 20:03:39 +0000 (12:03 -0800)]
Add a cleanspec to ensure that the headers get exported.

Previously, non-clean builds would fail to build system/core/adb.

Change-Id: Ia8f13ca76e32b27839190782849378519655054b

4 years agoam 4530e04d: Merge "Add LOCAL_EXPORT_C_INCLUDE_DIRS to Crypto and SSL config mk"
Kenny Root [Thu, 4 Dec 2014 09:22:10 +0000 (09:22 +0000)]
am 4530e04d: Merge "Add LOCAL_EXPORT_C_INCLUDE_DIRS to Crypto and SSL config mk"

* commit '4530e04dbfbc9d76d7b7ca537f9a18b9e1c76524':
  Add LOCAL_EXPORT_C_INCLUDE_DIRS to Crypto and SSL config mk

4 years agoMerge "Add LOCAL_EXPORT_C_INCLUDE_DIRS to Crypto and SSL config mk"
Kenny Root [Wed, 3 Dec 2014 20:08:56 +0000 (20:08 +0000)]
Merge "Add LOCAL_EXPORT_C_INCLUDE_DIRS to Crypto and SSL config mk"

4 years agoAdd LOCAL_EXPORT_C_INCLUDE_DIRS to Crypto and SSL config mk
Trevor Drake [Tue, 2 Dec 2014 10:35:43 +0000 (10:35 +0000)]
Add LOCAL_EXPORT_C_INCLUDE_DIRS to Crypto and SSL config mk

This adds external/openssl/include to the export_includes of the
various libcrypto libssl libraries. This appears to be the only path
referenced by projects who depend on either libssl or libcrypto

Note : The mk files have been regenerated using the modified import_openssl.sh

Change-Id: I5ea4fa20d94ab87ee615c10144c02f296790bb22

4 years agoam cab168b4: am 87955877: Add hack to fix RC4_INT problems
Kenny Root [Fri, 21 Nov 2014 17:47:22 +0000 (17:47 +0000)]
am cab168b4: am 87955877: Add hack to fix RC4_INT problems

* commit 'cab168b4f0185c63485203a0abbba6a038dac1db':
  Add hack to fix RC4_INT problems

4 years agoam 87955877: Add hack to fix RC4_INT problems
Kenny Root [Fri, 21 Nov 2014 17:41:14 +0000 (17:41 +0000)]
am 87955877: Add hack to fix RC4_INT problems

* commit '87955877681c4c832ee3df0bdba67d3e2e3d49f2':
  Add hack to fix RC4_INT problems

4 years agoam 62544224: Add hack to fix RC4_INT problems
Kenny Root [Fri, 21 Nov 2014 02:40:16 +0000 (02:40 +0000)]
am 62544224: Add hack to fix RC4_INT problems

* commit '625442248392e82d250cefaa91e70bcbaab3d2df':
  Add hack to fix RC4_INT problems

4 years agoAdd hack to fix RC4_INT problems
Kenny Root [Wed, 19 Nov 2014 19:04:10 +0000 (11:04 -0800)]
Add hack to fix RC4_INT problems

The opensslconf.h for 64-bit has a special case for linux-x86_64 that sets
RC4_INT to "unsigned int" instead of "unsigned char"  Without this hack, any
server that chooses RC4-SHA for the SSL connection will segmentation fault
on x86-64 since the assembly code disagrees with the field size that C believes
it is.

(cherry picked from commit 9eca647003c7969ecb6fce2b5ff3965d3536fa67)

Bug: 18434518
Change-Id: I4eb1395fc122df5185af74500f4155a1095535c5

4 years agoAdd hack to fix RC4_INT problems
Kenny Root [Wed, 19 Nov 2014 19:04:10 +0000 (11:04 -0800)]
Add hack to fix RC4_INT problems

The opensslconf.h for 64-bit has a special case for linux-x86_64 that sets
RC4_INT to "unsigned int" instead of "unsigned char"  Without this hack, any
server that chooses RC4-SHA for the SSL connection will segmentation fault
on x86-64 since the assembly code disagrees with the field size that C believes
it is.

(cherry picked from commit 9eca647003c7969ecb6fce2b5ff3965d3536fa67)

Bug: 18434518
Change-Id: I4eb1395fc122df5185af74500f4155a1095535c5

4 years agoam e0b66eee: Merge "Add hack to fix RC4_INT problems"
Kenny Root [Thu, 20 Nov 2014 17:03:54 +0000 (17:03 +0000)]
am e0b66eee: Merge "Add hack to fix RC4_INT problems"

* commit 'e0b66eee8ef672acbd3605ecf7b0899924ca3a17':
  Add hack to fix RC4_INT problems

4 years agoMerge "Add hack to fix RC4_INT problems"
Kenny Root [Thu, 20 Nov 2014 16:55:25 +0000 (16:55 +0000)]
Merge "Add hack to fix RC4_INT problems"

4 years agoAdd hack to fix RC4_INT problems
Kenny Root [Wed, 19 Nov 2014 19:04:10 +0000 (11:04 -0800)]
Add hack to fix RC4_INT problems

The opensslconf.h for 64-bit has a special case for linux-x86_64 that sets
RC4_INT to "unsigned int" instead of "unsigned char"  Without this hack, any
server that chooses RC4-SHA for the SSL connection will segmentation fault
on x86-64 since the assembly code disagrees with the field size that C believes
it is.

Bug: 18434518
Change-Id: I4eb1395fc122df5185af74500f4155a1095535c5

4 years agoam fc6ed159: Follow-up for 1.0.1j upgrade, part 2
Kenny Root [Mon, 17 Nov 2014 21:05:03 +0000 (21:05 +0000)]
am fc6ed159: Follow-up for 1.0.1j upgrade, part 2

* commit 'fc6ed1594aebe63aafa31af2bd01c41fab36d6cc':
  Follow-up for 1.0.1j upgrade, part 2

4 years agoam 7b2d12e6: Merge "Follow-up for 1.0.1j upgrade, part 2"
Kenny Root [Mon, 17 Nov 2014 20:44:23 +0000 (20:44 +0000)]
am 7b2d12e6: Merge "Follow-up for 1.0.1j upgrade, part 2"

* commit '7b2d12e610bdfd93aa05fc3475726d0f3e25215c':
  Follow-up for 1.0.1j upgrade, part 2

4 years agoMerge "Follow-up for 1.0.1j upgrade, part 2"
Kenny Root [Mon, 17 Nov 2014 20:39:05 +0000 (20:39 +0000)]
Merge "Follow-up for 1.0.1j upgrade, part 2"

4 years agoFollow-up for 1.0.1j upgrade, part 2
Kenny Root [Mon, 17 Nov 2014 20:30:18 +0000 (12:30 -0800)]
Follow-up for 1.0.1j upgrade, part 2

The error messages SSL_R_NO_P256_SUPPORT from an internal patch and
SSL_R_INAPPROPRIATE_FALLBACK from 1.0.1j upgrade conflict resulting in
weird error messages.

Tests were added to catch this regression in libcore change
If8896d8f644095c13cbe44dd8ba7d4ef235385cf

(cherry picked from commit b4e20dd70acc0a67c2aa2832b0ffad3a0bcb9bdd)

Bug: 18018599
Change-Id: I62e50f14a41a9f3b53afbbd6382800a6e18e55ec

4 years agoFollow-up for 1.0.1j upgrade, part 2
Kenny Root [Mon, 17 Nov 2014 20:30:18 +0000 (12:30 -0800)]
Follow-up for 1.0.1j upgrade, part 2

The error messages SSL_R_NO_P256_SUPPORT from an internal patch and
SSL_R_INAPPROPRIATE_FALLBACK from 1.0.1j upgrade conflict resulting in
weird error messages.

Tests were added to catch this regression in libcore change
If8896d8f644095c13cbe44dd8ba7d4ef235385cf

Bug: 18018599
Change-Id: I62e50f14a41a9f3b53afbbd6382800a6e18e55ec

4 years agoam b07850b4: Follow-up for 1.0.1j upgrade
Kenny Root [Mon, 17 Nov 2014 19:48:21 +0000 (19:48 +0000)]
am b07850b4: Follow-up for 1.0.1j upgrade

* commit 'b07850b4cc8e8ee333cb877168c371aacf20a7b2':
  Follow-up for 1.0.1j upgrade

4 years agoam eb90b985: Merge "Follow-up for 1.0.1j upgrade"
Kenny Root [Mon, 17 Nov 2014 19:23:58 +0000 (19:23 +0000)]
am eb90b985: Merge "Follow-up for 1.0.1j upgrade"

* commit 'eb90b9851be9363739e46546e8e7955f2ee15fde':
  Follow-up for 1.0.1j upgrade

4 years agoFollow-up for 1.0.1j upgrade
Kenny Root [Mon, 17 Nov 2014 18:06:57 +0000 (10:06 -0800)]
Follow-up for 1.0.1j upgrade

During review the error with sizeof was found, but import_openssl.sh was
not re-run to fix the actual file from the updated patch. This applies
the fix and also fixes a subsequent patch that also had the error as
context lines.

(cherry picked from commit a08928acbd4193673f21a428e1e40f2acf70d379)

Bug: 18018599
Change-Id: Ia852a3f703548dc6488863fb11fd6ce82b1bb06f

4 years agoMerge "Follow-up for 1.0.1j upgrade"
Kenny Root [Mon, 17 Nov 2014 19:15:05 +0000 (19:15 +0000)]
Merge "Follow-up for 1.0.1j upgrade"

4 years agoFollow-up for 1.0.1j upgrade
Kenny Root [Mon, 17 Nov 2014 18:06:57 +0000 (10:06 -0800)]
Follow-up for 1.0.1j upgrade

During review the error with sizeof was found, but import_openssl.sh was
not re-run to fix the actual file from the updated patch. This applies
the fix and also fixes a subsequent patch that also had the error as
context lines.

Bug: 18018599
Change-Id: Ia852a3f703548dc6488863fb11fd6ce82b1bb06f

4 years agoam c64f6fe2: Upgrade to 1.0.1j
Kenny Root [Wed, 12 Nov 2014 00:18:07 +0000 (00:18 +0000)]
am c64f6fe2: Upgrade to 1.0.1j

* commit 'c64f6fe2be99cb3fa8e491b5bede9a217de87a4c':
  Upgrade to 1.0.1j

4 years agoUpgrade to 1.0.1j
Kenny Root [Thu, 6 Nov 2014 18:31:23 +0000 (10:31 -0800)]
Upgrade to 1.0.1j

Upgraded from archive:
cff86857507624f0ad42d922bb6f77c4f1c2b819  openssl-1.0.1j.tar.gz

(cherry picked from commit c642a4957fa6f518a02839abc38de4e1476cdfc6)

Bug: 18018599
Change-Id: I7db55f15e6c5670cc2ced1ffbc736b1b354be740

4 years agoam d0bdb529: Merge "Upgrade to 1.0.1j"
Kenny Root [Mon, 10 Nov 2014 22:19:14 +0000 (22:19 +0000)]
am d0bdb529: Merge "Upgrade to 1.0.1j"

* commit 'd0bdb529ae7092c4e5d1789870299dc84616d5cb':
  Upgrade to 1.0.1j

4 years agoMerge "Upgrade to 1.0.1j"
Kenny Root [Mon, 10 Nov 2014 21:12:58 +0000 (21:12 +0000)]
Merge "Upgrade to 1.0.1j"

4 years agoUpgrade to 1.0.1j
Kenny Root [Thu, 6 Nov 2014 18:31:23 +0000 (10:31 -0800)]
Upgrade to 1.0.1j

Upgraded from archive:
cff86857507624f0ad42d922bb6f77c4f1c2b819  openssl-1.0.1j.tar.gz

Bug: 18018599
Change-Id: I7db55f15e6c5670cc2ced1ffbc736b1b354be740

4 years agoam 5f4a0c68: am 42c1c473: Merge "trusty: openssl: disable couple warnings for Trusty...
Kenny Root [Wed, 5 Nov 2014 02:57:17 +0000 (02:57 +0000)]
am 5f4a0c68: am 42c1c473: Merge "trusty: openssl: disable couple warnings for Trusty build"

* commit '5f4a0c684525e2984b4901eccca8b1b713623c8f':
  trusty: openssl: disable couple warnings for Trusty build

4 years agoam 42c1c473: Merge "trusty: openssl: disable couple warnings for Trusty build"
Kenny Root [Wed, 5 Nov 2014 02:27:38 +0000 (02:27 +0000)]
am 42c1c473: Merge "trusty: openssl: disable couple warnings for Trusty build"

* commit '42c1c4733ebe5e42a0ac327858f8f5f326664e65':
  trusty: openssl: disable couple warnings for Trusty build

4 years agoMerge "trusty: openssl: disable couple warnings for Trusty build"
Kenny Root [Wed, 5 Nov 2014 01:15:26 +0000 (01:15 +0000)]
Merge "trusty: openssl: disable couple warnings for Trusty build"

4 years agotrusty: openssl: disable couple warnings for Trusty build
Michael Ryleev [Wed, 10 Sep 2014 19:51:01 +0000 (12:51 -0700)]
trusty: openssl: disable couple warnings for Trusty build

Change-Id: I7c532c87a0cbf8c98d303ebe7db343cc26a4138c

4 years agoam f8195e11: Fix ECDHE-PSK premaster secret derivation.
David Benjamin [Sat, 1 Nov 2014 00:32:35 +0000 (00:32 +0000)]
am f8195e11: Fix ECDHE-PSK premaster secret derivation.

* commit 'f8195e11d1b3ab7252f1a54dbf727cfa660b6450':
  Fix ECDHE-PSK premaster secret derivation.

4 years agoFix ECDHE-PSK premaster secret derivation.
David Benjamin [Thu, 30 Oct 2014 21:31:46 +0000 (14:31 -0700)]
Fix ECDHE-PSK premaster secret derivation.

The original implementation used the wrong premaster secret; it uses
psk || other_secret rather than other_secret || psk. Fix the
implementation to get it in the right order.

See BoringSSL change https://boringssl-review.googlesource.com/#/c/2052/

Bug: 18147456

(cherry picked from commit d267f08e9ba3894f091344b2a4e3e55ad2498c24)

Change-Id: Ia6576c4c0e28722e66422e24ed0373a86d00efce

4 years agoam 45b7635d: am ed6913e2: Merge "Fix ECDHE-PSK premaster secret derivation."
Alex Klyubin [Fri, 31 Oct 2014 18:41:09 +0000 (18:41 +0000)]
am 45b7635d: am ed6913e2: Merge "Fix ECDHE-PSK premaster secret derivation."

* commit '45b7635dfb4a9ac311937c63451ef2344556e9f5':
  Fix ECDHE-PSK premaster secret derivation.

4 years agoam ed6913e2: Merge "Fix ECDHE-PSK premaster secret derivation."
Alex Klyubin [Fri, 31 Oct 2014 18:36:39 +0000 (18:36 +0000)]
am ed6913e2: Merge "Fix ECDHE-PSK premaster secret derivation."

* commit 'ed6913e2f69e46626c31231b79d9017c157660f6':
  Fix ECDHE-PSK premaster secret derivation.

4 years agoMerge "Fix ECDHE-PSK premaster secret derivation."
Alex Klyubin [Fri, 31 Oct 2014 18:32:06 +0000 (18:32 +0000)]
Merge "Fix ECDHE-PSK premaster secret derivation."

4 years agoam b6fcc559: am c1e586dc: Merge "Follow-up to -no-integrated-as change"
Kenny Root [Fri, 31 Oct 2014 16:33:41 +0000 (16:33 +0000)]
am b6fcc559: am c1e586dc: Merge "Follow-up to -no-integrated-as change"

* commit 'b6fcc55995e843d5cbe0add4ccd013fd77db9196':
  Follow-up to -no-integrated-as change

4 years agoam c1e586dc: Merge "Follow-up to -no-integrated-as change"
Kenny Root [Fri, 31 Oct 2014 16:30:18 +0000 (16:30 +0000)]
am c1e586dc: Merge "Follow-up to -no-integrated-as change"

* commit 'c1e586dcee698f6f750617eedf1802452a17f38c':
  Follow-up to -no-integrated-as change

4 years agoMerge "Follow-up to -no-integrated-as change"
Kenny Root [Fri, 31 Oct 2014 16:06:11 +0000 (16:06 +0000)]
Merge "Follow-up to -no-integrated-as change"

4 years agoFollow-up to -no-integrated-as change
Kenny Root [Thu, 30 Oct 2014 23:54:13 +0000 (16:54 -0700)]
Follow-up to -no-integrated-as change

The original change didn't follow the README. This must be added to the
makefile generation script.

Bug: 17820427
Change-Id: I25853ccbfe6cf87580bf5601b5d8834ea7b154c9

4 years agoFix ECDHE-PSK premaster secret derivation.
David Benjamin [Thu, 30 Oct 2014 21:31:46 +0000 (14:31 -0700)]
Fix ECDHE-PSK premaster secret derivation.

The original implementation used the wrong premaster secret; it uses
psk || other_secret rather than other_secret || psk. Fix the
implementation to get it in the right order.

See BoringSSL change https://boringssl-review.googlesource.com/#/c/2052/

Bug: 18147456
Change-Id: Id35e5af11e4b0167edfe2e78053c012ade0f2178

4 years agoam 12f2cb24: am 54efc188: Merge "Add support for TLS_FALLBACK_SCSV"
Neil Fuller [Wed, 29 Oct 2014 17:11:25 +0000 (17:11 +0000)]
am 12f2cb24: am 54efc188: Merge "Add support for TLS_FALLBACK_SCSV"

* commit '12f2cb249d9f500e8e173ae304bc7c6a0847f1ad':
  Add support for TLS_FALLBACK_SCSV

4 years agoam 080035f3: am c9f5845a: am 75b7f959: am 2b5a3d1f: am 0f2dac0f: resolved conflicts...
Neil Fuller [Sun, 26 Oct 2014 22:48:22 +0000 (22:48 +0000)]
am 080035f3: am c9f5845a: am 75b7f959: am 2b5a3d1f: am 0f2dac0f: resolved conflicts for merge of 69c63910 to jb-mr2-dev-plus-aosp

* commit '080035f3d1ae8b18efe93254b392e309fbb42b31':

4 years agoam 393dad22: am cee54034: am aad21bb5: (-s ours) resolved conflicts for merge of...
Neil Fuller [Sun, 26 Oct 2014 22:48:22 +0000 (22:48 +0000)]
am 393dad22: am cee54034: am aad21bb5: (-s ours) resolved conflicts for merge of 4068658b to klp-modular-dev

* commit '393dad2200477ac5f3f0cb7d4be5de80aa5d6548':

4 years agoam 7f20405f: am 8389210d: Merge "Add -no-integrated-as at local level."
Chih-Hung Hsieh [Sun, 26 Oct 2014 22:48:21 +0000 (22:48 +0000)]
am 7f20405f: am 8389210d: Merge "Add -no-integrated-as at local level."

* commit '7f20405f97ba52e97e365ff61fe8778b09472080':

4 years agoam 97520c86: am 9a68a8fb: Add support for TLS_FALLBACK_SCSV
Bodo Moeller [Sun, 26 Oct 2014 22:48:21 +0000 (22:48 +0000)]
am 97520c86: am 9a68a8fb: Add support for TLS_FALLBACK_SCSV

* commit '97520c866a93a0bb0c51e6d0b0dbadf94e14da86':

4 years agoam b76660f8: am fe7f7eab: Merge "Add flavor.mk to indicate that this is OpenSSL."
Kenny Root [Sun, 26 Oct 2014 22:48:20 +0000 (22:48 +0000)]
am b76660f8: am fe7f7eab: Merge "Add flavor.mk to indicate that this is OpenSSL."

* commit 'b76660f8bc3af465ccdd08e432212efb480a015c':

4 years agoam 54efc188: Merge "Add support for TLS_FALLBACK_SCSV"
Neil Fuller [Fri, 24 Oct 2014 20:18:18 +0000 (20:18 +0000)]
am 54efc188: Merge "Add support for TLS_FALLBACK_SCSV"

* commit '54efc1885c3a4fd0f436518431577e8e7760b18c':
  Add support for TLS_FALLBACK_SCSV

4 years agoMerge "Add support for TLS_FALLBACK_SCSV"
Neil Fuller [Thu, 23 Oct 2014 09:36:02 +0000 (09:36 +0000)]
Merge "Add support for TLS_FALLBACK_SCSV"

4 years agoAdd support for TLS_FALLBACK_SCSV
Bodo Moeller [Fri, 3 Oct 2014 10:12:15 +0000 (03:12 -0700)]
Add support for TLS_FALLBACK_SCSV

(cherry picked from commit 9a68a8fb86e7440763286e3ea8578099abd598e7)

Bug: 17750026
Change-Id: I82310cea0372cf3061532fbb84ed9edd0060684d

4 years agoam c9f5845a: am 75b7f959: am 2b5a3d1f: am 0f2dac0f: resolved conflicts for merge...
Neil Fuller [Fri, 10 Oct 2014 17:15:49 +0000 (17:15 +0000)]
am c9f5845a: am 75b7f959: am 2b5a3d1f: am 0f2dac0f: resolved conflicts for merge of 69c63910 to jb-mr2-dev-plus-aosp

* commit 'c9f5845a2a425e568812cb29d94652b5ee058394':
  Add support for TLS_FALLBACK_SCSV

4 years agoam cee54034: am aad21bb5: (-s ours) resolved conflicts for merge of 4068658b to klp...
Neil Fuller [Fri, 10 Oct 2014 17:00:12 +0000 (17:00 +0000)]
am cee54034: am aad21bb5: (-s ours) resolved conflicts for merge of 4068658b to klp-modular-dev

* commit 'cee54034353c4f03db9ee975a50be05c0496e1b2':
  Add support for TLS_FALLBACK_SCSV

4 years agoam c9f5845a: am 75b7f959: am 2b5a3d1f: am 0f2dac0f: resolved conflicts for merge...
Neil Fuller [Fri, 10 Oct 2014 14:35:26 +0000 (14:35 +0000)]
am c9f5845a: am 75b7f959: am 2b5a3d1f: am 0f2dac0f: resolved conflicts for merge of 69c63910 to jb-mr2-dev-plus-aosp

* commit 'c9f5845a2a425e568812cb29d94652b5ee058394':
  Add support for TLS_FALLBACK_SCSV

4 years agoam 75b7f959: am 2b5a3d1f: am 0f2dac0f: resolved conflicts for merge of 69c63910 to...
Neil Fuller [Fri, 10 Oct 2014 09:57:39 +0000 (09:57 +0000)]
am 75b7f959: am 2b5a3d1f: am 0f2dac0f: resolved conflicts for merge of 69c63910 to jb-mr2-dev-plus-aosp

* commit '75b7f959caa48362bbc4d6f3592e66d312380d1b':
  Add support for TLS_FALLBACK_SCSV

4 years agoam 2b5a3d1f: am 0f2dac0f: resolved conflicts for merge of 69c63910 to jb-mr2-dev...
Neil Fuller [Fri, 10 Oct 2014 09:51:39 +0000 (09:51 +0000)]
am 2b5a3d1f: am 0f2dac0f: resolved conflicts for merge of 69c63910 to jb-mr2-dev-plus-aosp

* commit '2b5a3d1f368ebada581192f8aca1a48335987620':
  Add support for TLS_FALLBACK_SCSV

4 years agoam 0f2dac0f: resolved conflicts for merge of 69c63910 to jb-mr2-dev-plus-aosp
Neil Fuller [Fri, 10 Oct 2014 09:42:07 +0000 (09:42 +0000)]
am 0f2dac0f: resolved conflicts for merge of 69c63910 to jb-mr2-dev-plus-aosp

* commit '0f2dac0f8178b0229370bbde7fa5d5fd55325dbb':
  Add support for TLS_FALLBACK_SCSV

4 years agoresolved conflicts for merge of 69c63910 to jb-mr2-dev-plus-aosp
Neil Fuller [Fri, 10 Oct 2014 09:36:41 +0000 (10:36 +0100)]
resolved conflicts for merge of 69c63910 to jb-mr2-dev-plus-aosp

Change-Id: I0981e506ba6c525e019b805b8db8d5af22e05e94

4 years agoam cee54034: am aad21bb5: (-s ours) resolved conflicts for merge of 4068658b to klp...
Neil Fuller [Thu, 9 Oct 2014 16:22:17 +0000 (16:22 +0000)]
am cee54034: am aad21bb5: (-s ours) resolved conflicts for merge of 4068658b to klp-modular-dev

* commit 'cee54034353c4f03db9ee975a50be05c0496e1b2':
  Add support for TLS_FALLBACK_SCSV

4 years agoam aad21bb5: (-s ours) resolved conflicts for merge of 4068658b to klp-modular-dev
Neil Fuller [Thu, 9 Oct 2014 16:17:03 +0000 (16:17 +0000)]
am aad21bb5: (-s ours) resolved conflicts for merge of 4068658b to klp-modular-dev

* commit 'aad21bb5750deae5bdff03023a5b0fce64596253':
  Add support for TLS_FALLBACK_SCSV

4 years agoresolved conflicts for merge of 4068658b to klp-modular-dev
Neil Fuller [Thu, 9 Oct 2014 14:51:12 +0000 (15:51 +0100)]
resolved conflicts for merge of 4068658b to klp-modular-dev

Change-Id: If300548a6e9b8f01eabedbf49eac52698e838af6

4 years agoAdd support for TLS_FALLBACK_SCSV
Bodo Moeller [Fri, 3 Oct 2014 10:12:15 +0000 (03:12 -0700)]
Add support for TLS_FALLBACK_SCSV

Includes changes to openssl.config not present in the original
commit.

Bug: 17750026
(cherry-picked from commit 9a68a8fb86e7440763286e3ea8578099abd598e7)

Change-Id: I89ed89b87b4f4eeeddb6de0c6ad1d48cb6d0ee7b

4 years agoam 8389210d: Merge "Add -no-integrated-as at local level."
Chih-Hung Hsieh [Wed, 8 Oct 2014 17:16:18 +0000 (17:16 +0000)]
am 8389210d: Merge "Add -no-integrated-as at local level."

* commit '8389210d541da26b553439ea3efecfd50f9b2310':
  Add -no-integrated-as at local level.

4 years agoam 8389210d: Merge "Add -no-integrated-as at local level."
Chih-Hung Hsieh [Wed, 8 Oct 2014 17:15:31 +0000 (17:15 +0000)]
am 8389210d: Merge "Add -no-integrated-as at local level."

* commit '8389210d541da26b553439ea3efecfd50f9b2310':
  Add -no-integrated-as at local level.

4 years agoMerge "Add -no-integrated-as at local level."
Chih-Hung Hsieh [Wed, 8 Oct 2014 17:09:50 +0000 (17:09 +0000)]
Merge "Add -no-integrated-as at local level."

4 years agoAdd support for TLS_FALLBACK_SCSV
Bodo Moeller [Fri, 3 Oct 2014 10:12:15 +0000 (03:12 -0700)]
Add support for TLS_FALLBACK_SCSV

Includes changes to openssl.config not present in the original
commit.

Bug: 17750026
(cherry-picked from commit 9a68a8fb86e7440763286e3ea8578099abd598e7)

Change-Id: I41789367e1d4c24f26838132c1a38ad5ad33c8e4

4 years agoAdd -no-integrated-as at local level.
Chih-Hung Hsieh [Fri, 3 Oct 2014 16:33:35 +0000 (09:33 -0700)]
Add -no-integrated-as at local level.

Later we will enable integrated-as as default at the global level.

BUG: 17820427

Change-Id: I543492dabbdbe77ba1c9346880e5907314669e1a

4 years agoam 9a68a8fb: Add support for TLS_FALLBACK_SCSV
Bodo Moeller [Tue, 7 Oct 2014 00:19:15 +0000 (00:19 +0000)]
am 9a68a8fb: Add support for TLS_FALLBACK_SCSV

* commit '9a68a8fb86e7440763286e3ea8578099abd598e7':
  Add support for TLS_FALLBACK_SCSV

4 years agoam 9a68a8fb: Add support for TLS_FALLBACK_SCSV
Bodo Moeller [Mon, 6 Oct 2014 22:34:48 +0000 (22:34 +0000)]
am 9a68a8fb: Add support for TLS_FALLBACK_SCSV

* commit '9a68a8fb86e7440763286e3ea8578099abd598e7':
  Add support for TLS_FALLBACK_SCSV

4 years agoAdd support for TLS_FALLBACK_SCSV
Bodo Moeller [Fri, 3 Oct 2014 10:12:15 +0000 (03:12 -0700)]
Add support for TLS_FALLBACK_SCSV

Bug: 17750026
Change-Id: I4b5ba1a6edbdac57c29e1e3b9425b9f69275784f

4 years agoam fe7f7eab: Merge "Add flavor.mk to indicate that this is OpenSSL."
Kenny Root [Fri, 26 Sep 2014 20:14:19 +0000 (20:14 +0000)]
am fe7f7eab: Merge "Add flavor.mk to indicate that this is OpenSSL."

* commit 'fe7f7eab7bce195c868c1973683e741a657cc2ef':
  Add flavor.mk to indicate that this is OpenSSL.

4 years agoam fe7f7eab: Merge "Add flavor.mk to indicate that this is OpenSSL."
Kenny Root [Fri, 26 Sep 2014 20:14:15 +0000 (20:14 +0000)]
am fe7f7eab: Merge "Add flavor.mk to indicate that this is OpenSSL."

* commit 'fe7f7eab7bce195c868c1973683e741a657cc2ef':
  Add flavor.mk to indicate that this is OpenSSL.

4 years agoMerge "Add flavor.mk to indicate that this is OpenSSL."
Kenny Root [Fri, 26 Sep 2014 20:00:02 +0000 (20:00 +0000)]
Merge "Add flavor.mk to indicate that this is OpenSSL."

4 years agoAdd flavor.mk to indicate that this is OpenSSL.
Adam Langley [Wed, 24 Sep 2014 00:57:28 +0000 (17:57 -0700)]
Add flavor.mk to indicate that this is OpenSSL.

This makefile can be included from makefiles in other directories in
order to handle the transition to BoringSSL.

Change-Id: Iec4725ccd9bded8fcadee25474a29bdc8005fb41

5 years agoam 8e8ec665: Retry sending record split fragment when SSL write fails
Kenny Root [Wed, 6 Aug 2014 01:29:40 +0000 (01:29 +0000)]
am 8e8ec665: Retry sending record split fragment when SSL write fails

* commit '8e8ec665ac4a328d173417afae1ee58d0e7ea1b4':
  Retry sending record split fragment when SSL write fails

5 years agoam fec16120: Merge "Retry sending record split fragment when SSL write fails"
Kenny Root [Wed, 6 Aug 2014 01:18:37 +0000 (01:18 +0000)]
am fec16120: Merge "Retry sending record split fragment when SSL write fails"

* commit 'fec161200bd965269f524ab6364dc530976e4f61':
  Retry sending record split fragment when SSL write fails

5 years agoRetry sending record split fragment when SSL write fails
Kenny Root [Tue, 5 Aug 2014 22:56:43 +0000 (15:56 -0700)]
Retry sending record split fragment when SSL write fails

When the write size was exactly SSL3_RT_MAX_PLAIN_LENGTH+1 and record
splitting is needed, an extra byte would be added to the max size of the
message to be written. This would cause the requested size to not exceed
the max. If the SSL_WANT_WRITE error were returned, the next packet
would not get the extra byte added to the max packet size since
record_split_done is set. Since a different set of arguments
(SSL3_RT_MAX_PLAIN_LENGTH+1 vs SSL3_RT_MAX_PLAIN_LENGTH) would be passed
to do_ssl3_write, it would get an "SSL3_WRITE_PENDING:bad write retry"
error.

To avoid a failure in the opposite direction, the max variable increment
is removed as well. This can happen when SSL_MODE_ENABLE_PARTIAL_WRITE
is not enabled, the call to ssl3_write_bytes contains, e.g., buffer of
2*SSL3_RT_MAX_PLAIN_LENGTH where the first call into do_ssl3_write
succeeds writing the first SSL3_RT_MAX_PLAIN_LENGTH bytes, but the
writing the second SSL3_RT_MAX_PLAIN_LENGTH bytes fails. This means the
first time the the second section of SSL3_RT_MAX_PLAIN_LENGTH bytes has
called do_ssl3_write with "max" bytes, but next call to ssl3_write_bytes
in turn calls into do_ssl3_write with "max+1" bytes.

(cherry picked from commit 455e02af15d07aa8f8b22b5f6558c23f041c6b2a)

Bug: 16482963
Change-Id: I28a515a970d535a7fbba9c0ba325c9aed633d1cc