Snap for 9550355 from 7cca763839270d06b1dc1726753c0e0eec003b50 to sdk-release
Change-Id: Ie341103aed7f9cdcfedf0b6d3b4afd49dd32a107
diff --git a/Android.bp b/Android.bp
index e94de78..14c58d8 100644
--- a/Android.bp
+++ b/Android.bp
@@ -62,11 +62,7 @@
// Build BoringSSL and its tests against the same STL.
sdk_version: "9",
- target: {
- android: {
- stl: "libc++_static",
- },
- },
+ stl: "libc++_static",
}
// Used by libcrypto + libssl
@@ -107,6 +103,7 @@
},
local_include_dirs: ["src/crypto"],
+ stl: "none",
}
// Boring Crypto Module object file.
@@ -125,6 +122,7 @@
sanitize: {
address: false,
hwaddress: false,
+ memtag_stack: false,
fuzzer: false,
},
target: {
@@ -158,7 +156,7 @@
"com.android.art",
"com.android.art.debug",
"com.android.art.testing",
- "com.android.bluetooth",
+ "com.android.btservices",
"com.android.compos",
"com.android.conscrypt",
"com.android.resolv",
@@ -296,7 +294,7 @@
"com.android.art",
"com.android.art.debug",
"com.android.art.testing",
- "com.android.bluetooth",
+ "com.android.btservices",
"com.android.compos",
"com.android.conscrypt",
"com.android.resolv",
@@ -396,6 +394,25 @@
],
}
+// Static library for use in bare-metal environments
+cc_library_static {
+ name: "libcrypto_baremetal",
+ defaults: [
+ "libcrypto_bcm_sources",
+ "libcrypto_sources",
+ "libcrypto_defaults",
+ "boringssl_defaults",
+ "boringssl_flags",
+ ],
+ cflags: [
+ "-DOPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED",
+ "-DOPENSSL_SMALL",
+ "-DOPENSSL_NO_ASM",
+ ],
+ visibility: ["//packages/modules/Virtualization:__subpackages__"],
+ apex_available: ["com.android.virt"],
+}
+
// Common defaults for lib*_fuzz_unsafe. These are unsafe and deterministic
// libraries for testing and fuzzing only. See src/FUZZING.md.
cc_defaults {
@@ -458,7 +475,7 @@
apex_available: [
"//apex_available:platform",
- "com.android.bluetooth",
+ "com.android.btservices",
"com.android.adbd",
"com.android.conscrypt",
"com.android.resolv",
@@ -582,14 +599,13 @@
shared_libs: [
"libcrypto",
- "libssl",
],
}
// Tests
cc_test {
name: "boringssl_crypto_test",
- test_config: "NativeTests.xml",
+ test_config: "CryptoNativeTests.xml",
host_supported: false,
per_testcase_directory: true,
compile_multilib: "both",
@@ -618,7 +634,7 @@
cc_test {
name: "boringssl_ssl_test",
- test_config: "NativeTests.xml",
+ test_config: "SslNativeTests.xml",
host_supported: false,
per_testcase_directory: true,
compile_multilib: "both",
@@ -753,6 +769,7 @@
visibility: [
"//external/rust/crates/openssl",
"//system/keymint/boringssl",
+ "//system/security/prng_seeder",
],
// Use the modified source with placeholder replaced.
srcs: [":libbssl_sys_src"],
@@ -760,7 +777,7 @@
// Since libbssl_sys_raw is not publically visible, we can't
// accidentally force a double-link by linking statically, so do so.
rlibs: ["libbssl_sys_raw"],
- static_libs: [
+ whole_static_libs: [
"libbssl_rust_support",
],
apex_available: [
@@ -768,3 +785,4 @@
"com.android.virt",
],
}
+
diff --git a/NativeTests.xml b/CryptoNativeTests.xml
similarity index 76%
rename from NativeTests.xml
rename to CryptoNativeTests.xml
index d3eb944..0adc18f 100644
--- a/NativeTests.xml
+++ b/CryptoNativeTests.xml
@@ -14,26 +14,19 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
~
- ~ Re-runs a subset of MtsConscryptTestCases using Conscrypt's file-descriptor based
- ~ implementation to ensure there are no regressions in this implementation before
- ~ it is fully deprecated.
- ~
- ~ Apart from the include filters and SSLSocket implementation this test suite is
- ~ identical to MtsConscryptTestCases.
+ ~ Native test configuration for boringssl_crypto_test.
-->
<configuration description="Configuration for BoringSSL native tests">
<option name="test-suite-tag" value="mts-conscrypt" />
<target_preparer class="com.android.compatibility.common.tradefed.targetprep.FilePusher">
<option name="cleanup" value="true" />
<option name="push" value="boringssl_crypto_test->/data/local/tmp/boringssl_crypto_test" />
- <option name="push" value="boringssl_ssl_test->/data/local/tmp/boringssl_ssl_test" />
<option name="append-bitness" value="true" />
</target_preparer>
<target_preparer class="com.android.tradefed.targetprep.RootTargetPreparer"/>
<test class="com.android.tradefed.testtype.GTest" >
<option name="native-test-device-path" value="/data/local/tmp" />
<option name="module-name" value="boringssl_crypto_test" />
- <option name="module-name" value="boringssl_ssl_test" />
<option name="runtime-hint" value="10m" />
<option name="native-test-timeout" value="600000" />
</test>
diff --git a/NativeTests.xml b/SslNativeTests.xml
similarity index 75%
copy from NativeTests.xml
copy to SslNativeTests.xml
index d3eb944..9257111 100644
--- a/NativeTests.xml
+++ b/SslNativeTests.xml
@@ -14,25 +14,18 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
~
- ~ Re-runs a subset of MtsConscryptTestCases using Conscrypt's file-descriptor based
- ~ implementation to ensure there are no regressions in this implementation before
- ~ it is fully deprecated.
- ~
- ~ Apart from the include filters and SSLSocket implementation this test suite is
- ~ identical to MtsConscryptTestCases.
+ ~ Native test configuration for boringssl_ssl_test.
-->
<configuration description="Configuration for BoringSSL native tests">
<option name="test-suite-tag" value="mts-conscrypt" />
<target_preparer class="com.android.compatibility.common.tradefed.targetprep.FilePusher">
<option name="cleanup" value="true" />
- <option name="push" value="boringssl_crypto_test->/data/local/tmp/boringssl_crypto_test" />
<option name="push" value="boringssl_ssl_test->/data/local/tmp/boringssl_ssl_test" />
<option name="append-bitness" value="true" />
</target_preparer>
<target_preparer class="com.android.tradefed.targetprep.RootTargetPreparer"/>
<test class="com.android.tradefed.testtype.GTest" >
<option name="native-test-device-path" value="/data/local/tmp" />
- <option name="module-name" value="boringssl_crypto_test" />
<option name="module-name" value="boringssl_ssl_test" />
<option name="runtime-hint" value="10m" />
<option name="native-test-timeout" value="600000" />
diff --git a/rules.mk b/rules.mk
index dd53b5c..3a600f3 100644
--- a/rules.mk
+++ b/rules.mk
@@ -37,22 +37,6 @@
MODULE_SRCDEPS += $(LOCAL_DIR)/crypto-sources.mk
include $(LOCAL_DIR)/crypto-sources.mk
-# Some files in BoringSSL use OS functions that aren't supported by Trusty. The
-# easiest way to deal with them is not to include them. As long as no path to
-# the functions defined in these files exists, the linker will be happy. If
-# such a path is created, it'll be a link-time error and something more complex
-# may need to be considered.
-LOCAL_SRC_FILES := $(filter-out src/crypto/bio/connect.c,$(LOCAL_SRC_FILES))
-LOCAL_SRC_FILES := $(filter-out src/crypto/bio/fd.c,$(LOCAL_SRC_FILES))
-LOCAL_SRC_FILES := $(filter-out src/crypto/bio/file.c,$(LOCAL_SRC_FILES))
-LOCAL_SRC_FILES := $(filter-out src/crypto/bio/socket.c,$(LOCAL_SRC_FILES))
-LOCAL_SRC_FILES := $(filter-out src/crypto/bio/socket_helper.c,$(LOCAL_SRC_FILES))
-LOCAL_SRC_FILES := $(filter-out src/crypto/x509/by_dir.c,$(LOCAL_SRC_FILES))
-
-# BoringSSL detects Trusty based on this define and does things like switch to
-# no-op threading functions.
-MODULE_CFLAGS += -DTRUSTY
-
# The AOSP stdatomic.h clang header does not build against musl. Disable C11
# atomics.
MODULE_CFLAGS += -D__STDC_NO_ATOMICS__
diff --git a/src/crypto/x509/x509_test.cc b/src/crypto/x509/x509_test.cc
index ce70ae3..379f26b 100644
--- a/src/crypto/x509/x509_test.cc
+++ b/src/crypto/x509/x509_test.cc
@@ -1470,6 +1470,23 @@
Verify(leaf.get(), {root.get()}, {root.get()},
{algorithm_mismatch_crl2.get()}, X509_V_FLAG_CRL_CHECK));
+ // The CRL is valid for a month.
+ EXPECT_EQ(X509_V_ERR_CRL_HAS_EXPIRED,
+ Verify(leaf.get(), {root.get()}, {root.get()}, {basic_crl.get()},
+ X509_V_FLAG_CRL_CHECK, [](X509_VERIFY_PARAM *param) {
+ X509_VERIFY_PARAM_set_time(
+ param, kReferenceTime + 2 * 30 * 24 * 3600);
+ }));
+
+ // X509_V_FLAG_NO_CHECK_TIME suppresses the validity check.
+ EXPECT_EQ(X509_V_OK,
+ Verify(leaf.get(), {root.get()}, {root.get()}, {basic_crl.get()},
+ X509_V_FLAG_CRL_CHECK | X509_V_FLAG_NO_CHECK_TIME,
+ [](X509_VERIFY_PARAM *param) {
+ X509_VERIFY_PARAM_set_time(
+ param, kReferenceTime + 2 * 30 * 24 * 3600);
+ }));
+
// Parsing kBadExtensionCRL should fail.
EXPECT_FALSE(CRLFromPEM(kBadExtensionCRL));
}
@@ -3551,6 +3568,95 @@
}));
}
+// Test that notBefore and notAfter checks work correctly.
+TEST(X509Test, Expiry) {
+ bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
+ ASSERT_TRUE(key);
+
+ // The following are measured in seconds relative to kReferenceTime. The
+ // validity periods are staggered so we can independently test both leaf and
+ // root time checks.
+ const time_t kSecondsInDay = 24 * 3600;
+ const time_t kRootStart = -30 * kSecondsInDay;
+ const time_t kIntermediateStart = -20 * kSecondsInDay;
+ const time_t kLeafStart = -10 * kSecondsInDay;
+ const time_t kIntermediateEnd = 10 * kSecondsInDay;
+ const time_t kLeafEnd = 20 * kSecondsInDay;
+ const time_t kRootEnd = 30 * kSecondsInDay;
+
+ bssl::UniquePtr<X509> root =
+ MakeTestCert("Root", "Root", key.get(), /*is_ca=*/true);
+ ASSERT_TRUE(root);
+ ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notBefore(root.get()), kReferenceTime,
+ /*offset_day=*/0,
+ /*offset_sec=*/kRootStart));
+ ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notAfter(root.get()), kReferenceTime,
+ /*offset_day=*/0,
+ /*offset_sec=*/kRootEnd));
+ ASSERT_TRUE(X509_sign(root.get(), key.get(), EVP_sha256()));
+
+ bssl::UniquePtr<X509> intermediate =
+ MakeTestCert("Root", "Intermediate", key.get(), /*is_ca=*/true);
+ ASSERT_TRUE(intermediate);
+ ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notBefore(intermediate.get()),
+ kReferenceTime,
+ /*offset_day=*/0,
+ /*offset_sec=*/kIntermediateStart));
+ ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notAfter(intermediate.get()),
+ kReferenceTime,
+ /*offset_day=*/0,
+ /*offset_sec=*/kIntermediateEnd));
+ ASSERT_TRUE(X509_sign(intermediate.get(), key.get(), EVP_sha256()));
+
+ bssl::UniquePtr<X509> leaf =
+ MakeTestCert("Intermediate", "Leaf", key.get(), /*is_ca=*/false);
+ ASSERT_TRUE(leaf);
+ ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notBefore(leaf.get()), kReferenceTime,
+ /*offset_day=*/0,
+ /*offset_sec=*/kLeafStart));
+ ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notAfter(leaf.get()), kReferenceTime,
+ /*offset_day=*/0,
+ /*offset_sec=*/kLeafEnd));
+ ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
+
+ struct VerifyAt {
+ time_t time;
+ void operator()(X509_VERIFY_PARAM *param) const {
+ X509_VERIFY_PARAM_set_time(param, time);
+ }
+ };
+
+ for (bool check_time : {true, false}) {
+ SCOPED_TRACE(check_time);
+ unsigned long flags = check_time ? 0 : X509_V_FLAG_NO_CHECK_TIME;
+ int not_yet_valid = check_time ? X509_V_ERR_CERT_NOT_YET_VALID : X509_V_OK;
+ int has_expired = check_time ? X509_V_ERR_CERT_HAS_EXPIRED : X509_V_OK;
+
+ EXPECT_EQ(not_yet_valid,
+ Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
+ VerifyAt{kReferenceTime + kRootStart - 1}));
+ EXPECT_EQ(not_yet_valid,
+ Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
+ VerifyAt{kReferenceTime + kIntermediateStart - 1}));
+ EXPECT_EQ(not_yet_valid,
+ Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
+ VerifyAt{kReferenceTime + kLeafStart - 1}));
+
+ EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {intermediate.get()},
+ {}, flags, VerifyAt{kReferenceTime}));
+
+ EXPECT_EQ(has_expired,
+ Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
+ VerifyAt{kReferenceTime + kRootEnd + 1}));
+ EXPECT_EQ(has_expired,
+ Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
+ VerifyAt{kReferenceTime + kIntermediateEnd + 1}));
+ EXPECT_EQ(has_expired,
+ Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
+ VerifyAt{kReferenceTime + kLeafEnd + 1}));
+ }
+}
+
// kConstructedBitString is an X.509 certificate where the signature is encoded
// as a BER constructed BIT STRING. Note that, while OpenSSL's parser accepts
// this input, it interprets the value incorrectly.
diff --git a/src/crypto/x509/x509_vfy.c b/src/crypto/x509/x509_vfy.c
index f41ae6e..7dcac26 100644
--- a/src/crypto/x509/x509_vfy.c
+++ b/src/crypto/x509/x509_vfy.c
@@ -1000,6 +1000,9 @@
{
time_t *ptime;
int i;
+ if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) {
+ return 1;
+ }
if (notify)
ctx->current_crl = crl;
if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
@@ -1743,6 +1746,9 @@
time_t *ptime;
int i;
+ if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) {
+ return 1;
+ }
if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
ptime = &ctx->param->check_time;
else
diff --git a/src/include/openssl/x509.h b/src/include/openssl/x509.h
index 4d312c7..608c670 100644
--- a/src/include/openssl/x509.h
+++ b/src/include/openssl/x509.h
@@ -2071,6 +2071,10 @@
// will force the behaviour to match that of previous versions.
#define X509_V_FLAG_NO_ALT_CHAINS 0x100000
+// X509_V_FLAG_NO_CHECK_TIME disables all time checks in certificate
+// verification.
+#define X509_V_FLAG_NO_CHECK_TIME 0x200000
+
#define X509_VP_FLAG_DEFAULT 0x1
#define X509_VP_FLAG_OVERWRITE 0x2
#define X509_VP_FLAG_RESET_FLAGS 0x4
diff --git a/src/rust/wrapper.h b/src/rust/wrapper.h
index aa5aeed..ff46642 100644
--- a/src/rust/wrapper.h
+++ b/src/rust/wrapper.h
@@ -18,6 +18,7 @@
#include "../include/openssl/conf.h"
#include "../include/openssl/cpu.h"
#include "../include/openssl/crypto.h"
+#include "../include/openssl/ctrdrbg.h"
#include "../include/openssl/curve25519.h"
#include "../include/openssl/des.h"
#include "../include/openssl/dh.h"
diff --git a/src/ssl/ssl_test.cc b/src/ssl/ssl_test.cc
index e2db5a4..f07196c 100644
--- a/src/ssl/ssl_test.cc
+++ b/src/ssl/ssl_test.cc
@@ -8064,6 +8064,8 @@
SSL_CTX_set_verify(client_ctx.get(),
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
nullptr);
+ X509_VERIFY_PARAM_set_flags(SSL_CTX_get0_param(client_ctx.get()),
+ X509_V_FLAG_NO_CHECK_TIME);
struct TestCase {
X509 *cert;