)]}' { "log": [ { "commit": "b924b7d6a4edd0166d385da56485bd7344985a70", "tree": "b4b356d573b362c600c0ff561a2dcb5892f9b379", "parents": [ "d7cae99f5834aaff793331c2c1a47eec3b03a6e4", "6807b8e9b78ec39f4ca5cfa40237430a86de1071" ], "author": { "name": "Sharjeel Khan", "email": "sharjeelkhan@google.com", "time": "Thu Mar 12 22:00:29 2026 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Thu Mar 12 22:00:29 2026 -0700" }, "message": "Remove C++17 pinning for BoringSSL am: 6807b8e9b7\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/38903006\n\nChange-Id: Idd6d50f5a366f607344e0fead744c8861c6bd3cf\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "6807b8e9b78ec39f4ca5cfa40237430a86de1071", "tree": "b4b356d573b362c600c0ff561a2dcb5892f9b379", "parents": [ "9cbccdc1dc5e4759fdcddf52c529481c7ad3bacd" ], "author": { "name": "Sharjeel Khan", "email": "sharjeelkhan@google.com", "time": "Fri Mar 13 00:30:57 2026 +0000" }, "committer": { "name": "Sharjeel Khan", "email": "sharjeelkhan@google.com", "time": "Fri Mar 13 00:33:16 2026 +0000" }, "message": "Remove C++17 pinning for BoringSSL\n\nI removed the C++17 pinning since it seems to build fine with C++23 and\nupstream mentioned it should not have any issues with it.\n\nBug: 344590580\nTest: mma \u0026\u0026 presubmit\nChange-Id: I439135d2e39a798160f7479a7834ac1b6d703283\n" }, { "commit": "d7cae99f5834aaff793331c2c1a47eec3b03a6e4", "tree": "57c05a7c63cb3b91e5e7096e4cbd42f485542347", "parents": [ "935df97f4a623bf7adab3840744cbe4b2c8dc68e", "9cbccdc1dc5e4759fdcddf52c529481c7ad3bacd" ], "author": { "name": "Vikram Gaur", "email": "vikramgaur@google.com", "time": "Tue Mar 10 14:45:31 2026 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Tue Mar 10 14:45:31 2026 -0700" }, "message": "Add hwtrust to boringssl tests. am: 9cbccdc1dc\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/38738507\n\nChange-Id: I990e43b5cf5f2eb408d89914b88f8b8902db0009\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "9cbccdc1dc5e4759fdcddf52c529481c7ad3bacd", "tree": "57c05a7c63cb3b91e5e7096e4cbd42f485542347", "parents": [ "8ada54e70114bdd07853af25d2409ad49da47b3a" ], "author": { "name": "Vikram Gaur", "email": "vikramgaur@google.com", "time": "Wed Mar 04 15:45:40 2026 -0800" }, "committer": { "name": "Vikram Gaur", "email": "vikramgaur@google.com", "time": "Wed Mar 04 15:45:40 2026 -0800" }, "message": "Add hwtrust to boringssl tests.\n\nThe hwtrust module is added to visibility specs for boringssl.\nCorresponding tests for hwtrust\u0027s boringssl usage are added to the\npresubmit tests.\n\nBug: 441541112\nTest: atest --host hwtrust_boringssl_tests\nChange-Id: Ie98a222920c1dfeddf50a205bb955080a68ff2e7" }, { "commit": "935df97f4a623bf7adab3840744cbe4b2c8dc68e", "tree": "412a5150d23314e8130275c279ce611a0519802e", "parents": [ "8d2f4189b4ea81ae282edf47081c4ab20f4c5eb1", "8ada54e70114bdd07853af25d2409ad49da47b3a" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Wed Jan 28 02:24:35 2026 -0800" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Wed Jan 28 02:24:35 2026 -0800" }, "message": "Merge \"external/boringssl: Sync to d32c35e573fc9c8dbe0436805cd557065892de4c.\" into main am: 8ada54e701\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/38102987\n\nChange-Id: I5eb5de0ec3c82e9282a964dd4a94890653b20ebc\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "8ada54e70114bdd07853af25d2409ad49da47b3a", "tree": "412a5150d23314e8130275c279ce611a0519802e", "parents": [ "99a0678eaac2c3ece573d0de2d4264c5f7c5629b", "65717e49016d9ec7b697cfd9c9762d7f261a48a7" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Wed Jan 28 02:02:23 2026 -0800" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Wed Jan 28 02:02:23 2026 -0800" }, "message": "Merge \"external/boringssl: Sync to d32c35e573fc9c8dbe0436805cd557065892de4c.\" into main" }, { "commit": "8d2f4189b4ea81ae282edf47081c4ab20f4c5eb1", "tree": "af719c30930796cf99af9f4a704c0138b52cf05d", "parents": [ "8e58bd23c50f52204576e7a6fbf9a614f5acc5bd", "99a0678eaac2c3ece573d0de2d4264c5f7c5629b" ], "author": { "name": "Jason Ling", "email": "jasonling@google.com", "time": "Tue Jan 27 13:00:23 2026 -0800" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Tue Jan 27 13:00:23 2026 -0800" }, "message": "Merge \"bssl: make available to compos\" into main am: 99a0678eaa\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/37912261\n\nChange-Id: Id344444dbf6e6cf7a4d0147b59a56f069f3a28a4\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "99a0678eaac2c3ece573d0de2d4264c5f7c5629b", "tree": "af719c30930796cf99af9f4a704c0138b52cf05d", "parents": [ "6e18ed67b6c3e62561964256535875feaa45f32d", "6dc2ad67a586d333d78e7797b3e01f945acaae58" ], "author": { "name": "Jason Ling", "email": "jasonling@google.com", "time": "Tue Jan 27 12:32:13 2026 -0800" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Tue Jan 27 12:32:13 2026 -0800" }, "message": "Merge \"bssl: make available to compos\" into main" }, { "commit": "65717e49016d9ec7b697cfd9c9762d7f261a48a7", "tree": "a272f7c045f2c3e3f4d4d4265f25f4bba1834264", "parents": [ "6e18ed67b6c3e62561964256535875feaa45f32d" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Tue Jan 27 15:54:53 2026 +0000" }, "committer": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Tue Jan 27 15:57:32 2026 +0000" }, "message": "external/boringssl: Sync to d32c35e573fc9c8dbe0436805cd557065892de4c.\n\nThis includes the following changes:\n\nhttps://boringssl.googlesource.com/boringssl/+log/f7543e6dbbcf555557fb8d53ef1ff5b9fe393a1d..d32c35e573fc9c8dbe0436805cd557065892de4c\n\n* Integrate the new way of C++ symbol prefixing with CMake.\n* Add ML-DSA support to X.509\n* util/fipstools: ACVP RSA keyFormat\u003dcrt keyGen\n* Add a SECURITY.md pointing to the Chromium process\n* Add a regression test for an OpenSSL SPARC bug\n* rust: add tests and example to pkcs8.rs\n* rust: Unifying PKCS #8 private key parsing\n* rust: Do not check P-Hash output buffer length\n* Update ECDSA comments and logic for FIPS 186-5\nUpdate-Note: Matching FIPS 186-5\u0027s new requirements, callers using the\nlegacy-only custom curves machinery will no longer be able to construct\ncurves less than 224 bits. This has no impact on the supported named\ncurves.\n* Use secp224k1 instead of secp160r1 to test a custom curve edge case\n* Add a couple more references\n* Start a references document\n* Add a reference for Arm CPU features in docs\n* Allow DTLSv1_set_initial_timeout_duration to be called mid-handshake\nUpdate-Note: DTLSv1_set_initial_timeout_duration now also affect ongoing flights. You might need modify your code to check for timeout after calling the function.\n* Add log_id() getter to MTCAnchor class\n* PRESUBMIT.py: Pass -clang flag to pregenerate\n* Fix asm symbol prefixing includes:\n* pregenerate: refactor Tasks to better support skipping.\n* Remove BSAES code entirely if BSAES is not compiled in.\n* Ignore OPENSSL_STATIC_ARMCAP on non-Arm platforms\n* Modernize the Arm cpuinfo parser a bit\n* Run `buildifier` to format BUILD.bazel\n* infra: Regenerate LUCI config files\n* runner: Stop handle interrupts reentrantly in DTLS tests\n* Fix some minor prefixing misses on Linux.\n* Fix namespaces bssl::entropy and bssl::acvp.\n* Let bindgen rename link names\n* Remove ia32cap_P references from the perlasm code.\n\nTest: treehugger\nChange-Id: I911fc74442f36f0a64d8b7e2f9d85c529ccebd1a\n" }, { "commit": "8e58bd23c50f52204576e7a6fbf9a614f5acc5bd", "tree": "d9c44ec4ff0161c618550607887c0462f37e65f8", "parents": [ "c4a78342efe79cedb8525cf91d923e8a8609abed", "6e18ed67b6c3e62561964256535875feaa45f32d" ], "author": { "name": "Mike McTernan", "email": "mikemcternan@google.com", "time": "Mon Jan 26 09:56:35 2026 -0800" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Mon Jan 26 09:56:35 2026 -0800" }, "message": "Merge \"boringssl: Add config option OPENSSL_SMALL in rules.mk\" into main am: 6e18ed67b6\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/38071892\n\nChange-Id: Ib49885891bf92f0f0d03d262594b76230752283e\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "6e18ed67b6c3e62561964256535875feaa45f32d", "tree": "d9c44ec4ff0161c618550607887c0462f37e65f8", "parents": [ "cbde4cd98c990e6b4abf6e4e65f176d72158d830", "de393b918da5dddcad14076de5a8eb6973522431" ], "author": { "name": "Mike McTernan", "email": "mikemcternan@google.com", "time": "Mon Jan 26 09:31:39 2026 -0800" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Mon Jan 26 09:31:39 2026 -0800" }, "message": "Merge \"boringssl: Add config option OPENSSL_SMALL in rules.mk\" into main" }, { "commit": "de393b918da5dddcad14076de5a8eb6973522431", "tree": "cb60c20045eef2bb745adb5e4f62c8c21a19ebf8", "parents": [ "1dff238356928c182a4676d44665f8f3d3b038e6" ], "author": { "name": "Mike McTernan", "email": "mikemcternan@google.com", "time": "Thu Mar 20 22:37:48 2025 +0000" }, "committer": { "name": "Mike McTernan", "email": "mikemcternan@google.com", "time": "Mon Jan 26 01:54:48 2026 -0800" }, "message": "boringssl: Add config option OPENSSL_SMALL in rules.mk\n\nEnable use of a build config to set OPENSSL_SMALL to reduce the code size for some algorithms, at the expense of a little speed.\n\nThis is not enabled by default, so nothing changes until enabled.\n\nBug: 405192375\nTest: build \u0026 boot to home\nChange-Id: I49013261566028fb4494679d7ed12b80511f658a\n" }, { "commit": "c4a78342efe79cedb8525cf91d923e8a8609abed", "tree": "60711648fffa892016fb9e500192cd69c2b390a8", "parents": [ "3b53dee27fd16d0f3cb28d85db9e77498ba21bd4", "cbde4cd98c990e6b4abf6e4e65f176d72158d830" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Thu Jan 22 03:51:53 2026 -0800" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Thu Jan 22 03:51:53 2026 -0800" }, "message": "external/boringssl: Sync to f7543e6dbbcf555557fb8d53ef1ff5b9fe393a1d. am: cbde4cd98c\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/37987803\n\nChange-Id: I6ad598d51b21d0c5f3926289990a4df44dc6ce08\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "cbde4cd98c990e6b4abf6e4e65f176d72158d830", "tree": "60711648fffa892016fb9e500192cd69c2b390a8", "parents": [ "e89b452a31c0605fcdab6a43925b0a8d96809791" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Wed Jan 21 06:14:31 2026 -0800" }, "committer": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Wed Jan 21 06:14:31 2026 -0800" }, "message": "external/boringssl: Sync to f7543e6dbbcf555557fb8d53ef1ff5b9fe393a1d.\n\nThis includes the following changes:\n\nhttps://boringssl.googlesource.com/boringssl/+log/5f4f26f59c364b603c2d10ddab71ce34913284b5..f7543e6dbbcf555557fb8d53ef1ff5b9fe393a1d\n\n* Namespace crypto/internal.h\u0027s internal symbols.\n* Make pregenerate output files `gen/boringssl_prefix_symbols_internal_*.inc`.\n* Make pregenerate output a file `gen/boringssl_prefix_symbols_c.inc`.\n* pregenerate: fix deadlock when filtering out a dependent task.\n* Detect Arm SHA-512 instructions on Windows when available\n* Make keys clone-able\n* Add TLS 1.2 P-hash function binding\n* perlasm scripts: work better if the command interpreter is cmd.exe.\n* Pregenerate: emit all assembly function names\n* extract_identifiers_clang_json: factor out Clang AST logic.\n* Namespace crypto/fipsmodule/sha\u0027s internal symbols.\n* Remove paths.cmake as it is no longer in use.\n* runner: Fix -private-key-delay-ms flag\n* runner: Spanify parts of packeted_bio.cc\n* runner: Tidy up initializing a PacketedBio\n* runner: Make AdvanceClock(0) work and test stopping the timeout early\n* Fix race condition in TLS 1.3 InvalidChannelIDSignature test\n* Unseal EC group method in Rust binding\n* Namespace crypto/x509\u0027s internal symbols.\n* Revert \"Revert \"Namespace crypto/trust_token\u0027s internal symbols.\"\"\n* Mark Prk as Send + Sync\n* Add HMAC on SHA-384 for TLS 1.3 support\n* Narrow EVP_PKEY_cmp and EVP_PKEY_cmp_parameters return values\nUpdate-Note: See above. TGP says no tests notice.\nChange-Id: I925ad0eb9a7737e09a44ed427c50995dc9158fb1\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/87008\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\n* Fix typo in setting up CMAKE_CXX_FLAGS\n* Use proper label type in TLS1.2 P-hash function\n* Pregenerate: add a concept of tasks that can be waited upon.\n* Deflake DTLS12-SendExtraFinished-Reordered\n* The null parameter should be equal to itself\nUpdate-Note: EVP_PKEY_cmp_parameters for parameter-less algorithms now\nreturns 1 instead of -2. TGP suggests nothing breaks. (This API is not\nreally used outside the library.)\n* Stop reaching into TRUST_TOKEN_CLIENT internals in the benchmark\n* Move most DTLS 1.3 TODOs to child bugs\n* Test that DTLS 1.2 rejects renegotiation\n* bssl-sys: Remove unsupported_inline_wrappers\n* Raise the maximum RSA key size back to 16384\nUpdate-Note: Due to b/473446952, the DoS exposure of every application\nthat imports RSA keys had to be increased. Applications that import RSA\nkeys should constrain the size. It is particularly recommended that\napplications *not* allow importing RSA-16384 private keys, as those are\n512x slower than the standard RSA-2048 private keys that applications\nwill typically benchmark against.\n* Also check OPENSSL_RSA_MAX_MODULUS_BITS in RSA keygen\n* Rust: Move TLS1.2 PRF into public interface\n* Spanify a couple helper functions\n* Namespace crypto/asn1\u0027s internal symbols.\n* Namespace crypto/fipsmodule/bcm_interface.h\u0027s internal symbols.\n* Namespace crypto/fipsmodule/bn\u0027s internal symbols.\n* Namespace crypto/fipsmodule/aes\u0027s internal symbols.\n* Namespace crypto/fipsmodule/ec\u0027s internal symbols.\n* Namespace crypto/fipsmodule/service_indicator\u0027s internal symbols.\n* Namespace crypto/bytestring\u0027s internal symbols.\n* Namespace crypto/bcm_support.h\u0027s internal symbols.\n* Namespace crypto/evp\u0027s internal symbols.\n* Namespace crypto/fipsmodule/rsa\u0027s internal symbols.\n* Namespace crypto/fipsmodule/dh\u0027s internal symbols.\n* Namespace crypto/fipsmodule/keccak\u0027s internal symbols.\n* Namespace crypto/fipsmodule/rand\u0027s internal symbols.\n* Namespace crypto/fipsmodule/ecdsa\u0027s internal symbols.\n* Namespace crypto/cipher\u0027s internal symbols.\n* Namespace crypto/ec\u0027s internal symbols.\n* Namespace crypto/dsa\u0027s internal symbols.\n* Namespace crypto/fipsmodule/tls\u0027s internal symbols.\n* Namespace crypto/conf\u0027s internal symbols.\n* Revert \"Revert \"Namespace crypto/pkcs7\u0027s internal symbols.\"\"\n* bssl-crypto: Add support for serializing and deserializing compressed points\n* Fix build with -Wheader-hygiene\n* Revert \"Namespace crypto/pkcs7\u0027s internal symbols.\"\n* Namespace crypto/pkcs7\u0027s internal symbols.\n* Namespace crypto/fipsmodule/slhdsa\u0027s internal symbols.\n* Namespace crypto/pkcs8\u0027s internal symbols.\n* Symbol prefixing: also include symbols that don\u0027t have C linkage.\n* bssl-crypto: fix typo in error string\n* bssl-crypto: run cargo fmt\n* Remove internal STACK_OF(X509V3_EXT_METHOD) symbols\n* Clean up no-op cipher aliases for legacy SHA-2 CBC ciphers\nUpdate-Note: \"SHA256\" and \"SHA384\" are no longer valid aliases in the\ncipher string for cipher suite configuration. They will be rejected\nby SSL{_CTX}_set_strict_cipher_list. They had already been no-ops, i.e.\nnot corresponding to any ciphers, since 2018.\n* Add support for TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256\n* Namespace all lhash internal symbols.\n* Namespace crypto/kyber\u0027s internal symbols.\n* Namespace crypto/hrss\u0027s internal symbols.\n* Namespace decrepit/cast\u0027s internal symbols.\n* Namespace crypto/pem\u0027s internal symbols.\n* Namespace crypto/chacha\u0027s internal symbols.\n* Namespace crypto/curve25519\u0027s internal symbols.\n* Namespace crypto/des\u0027s internal symbols.\n* Stop using sqrt(2) in RSA key generation\n* Update RSA-related citations from FIPS 186-4 to FIPS 186-5\n* Use consistent RSA keygen and import limits\nUpdate-Note: Trying to generate RSA key sizes between 256 and 511 bits\nwill still fail earlier. Before it would generate a key and then throw\nit away.\n* Revert \"Namespace crypto/trust_token\u0027s internal symbols.\"\n* Remove the last remnants of iovec in their experimental state\n* Namespace crypto/trust_token\u0027s internal symbols.\n* infra: Move Android FIPS builders to RelWithAsserts\n* infra: Extend timeout for Android devices on CI/CQ\n* Change `(void)` function prototypes to `()` in C++ code.\n* list_unintended_exported_symbols.sh: work fine within jj.\n* modulewrappers: use the correct bssl namespace.\n* list_unintended_exported_symbols: export public symbols list.\n* When listing unexported symbols, disable asm for now.\n* Include \u003copenssl/rand.h\u003e when defining RAND_maybe_seed.\n* runner: Copy testCase objects before mutating them in-place\n* crypto/x509/v3_cpols.cc: do not forward declare ASN.1 items.\n* Restore mac_arm64_bazel\n* delocate: Use adrp/add in loadAarch64Address\n* Compute the FIPS module hash after evaluating relocations\nUpdate-Note: See also cl/846024477\n* inject_hash: Support finding the marker symbols in .symtab or .dynsym\n* Test clearing out-of-bounds bits with ASN1_BIT_STRING_set_bit\n* inject_hash: Convert more Go empty string checks\n* delocate: Add adrp BORINGSSL_bcm_text_start to our tests\n* inject_hash: Switch a bytes.Index to bytes.Contains\n* Add API to configure server\u0027s NamedGroups with equal preference\n* inject_hash: Add an option to hash a different object from what we rewrite\n* Fix namespacing of err_save_state_st.\n* Identifier extractor: fix linkage of constants.\n* Add a script to list unintended symbols in libcrypto.\n* Move `crypto/rsa/internal.h` into the `bssl` namespace.\n* Move `crypto/bio/internal.h` into the `bssl` namespace.\n* Move `crypto/err/internal.h` into the `bssl` namespace.\n* Symbol extractor: handle more cases.\n* Rework test Merkle Tree machinery\n* Empty subtrees are invalid\n* Convert Go string-empty checks to `!\u003d \"\"`.\n* Spanify internal EVP_AEAD APIs.\n* EVP_AEAD AES-GCM: bring back missing buffer size check.\n* Make libssl no longer export the lhash symbols for SSL_SESSION.\n* Bump BORINGSSL_API_VERSION\n* Remove the odd __cplusplus gating of libpki\u0027s include guards\n* Add `RAND_maybe_reseed`\n* Implement TrustStoreCollection::GetTrustedMTCIssuerOf\n* Fix some include spelling in libpki\n* EVP_AEAD: rip out internal remnants of the legacy open/seal API.\n* Add missing include\n* [WIP] Support verifying signatureless MTCs.\n* Put a test function that\u0027s extern \"C\" explicitly not in the anonymous namespace.\n* Use CRYPTO_store_u32_be in tls_cbc.cc\n* Add a missing error check in bench/aead.cc\n* Pass a slightly smaller upper bound to TLS CBC MAC calculation\n* EVP_AEAD: make the iovec APIs mandatory for all AEADs.\n* Add some more value barriers to Lucky 13 mitigation\n* EVP_AEAD: implement sealv/openv for AES-GCM-SIV.\n* Fix up constant-time annotations for TLS CBC ciphers\n* EVP_AEAD: implement sealv/openv for the TLS ciphers.\n* EVP_AEAD: implement sealv/openv for ChaCha20-Poly1305.\n* EVP_AEAD: implement sealv/openv for AES-CCM.\n* EVP_AEAD: implement sealv/openv for AES-EAX.\n* EVP_AEAD: add a helper to process iovecs on a per-block basis.\n* Move `err_data.cc` symbols into the `bssl` namespace.\n* Link to CMVP certificate for 20240407\n* Fix a missing incldue in `aead.cc.inc`.\n* Revert \"Revert the initial seal/openv implementations\"\n* AEAD tests: fix accidental bit overlap.\n* Deduplicate some code to compute test vector paths\n* Skip iovec tests for NIST CAVP vectors\n* Split sealv, openv, and openv_detached into separate tests\n* Recreate the TestIOVecs on every test call\n* When testing AEADs, don\u0027t split both the AAD and the plaintext.\n* Revert the initial seal/openv implementations\n* EVP_AEAD: implement sealv/openv for AES-GCM.\n* EVP_AEAD: implement sealv/openv for AES-CTR-HMAC-SHA256.\n* EVP_AEAD: declare CRYPTO_IOVEC based APIs to support zero copy I/O.\n* infra: Remove seemingly unused win_toolchain cache\n* Check in .bazelversion and MODULE.bazel.lock in util/bazel-example\n* infra: Prefix all of BoringSSL\u0027s caches\n* Make third_party/benchmark\u0027s configure script less noisy\n* Format *.bzl, *.bazel files using buildifier\n* Add a try builder to run boringssl presubmits\n* Fix minor benchmark issues:\n\nTest: treehugger\nChange-Id: Idb59b5b3316610c11220b9e543fdbcd65e3478e5" }, { "commit": "3b53dee27fd16d0f3cb28d85db9e77498ba21bd4", "tree": "971cd64688ab515505fbc90ab7d72b449487869b", "parents": [ "76e295d72577b67a2c711c174699ea4dc4d000ea", "e89b452a31c0605fcdab6a43925b0a8d96809791" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Thu Jan 15 06:38:21 2026 -0800" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Thu Jan 15 06:38:21 2026 -0800" }, "message": "Merge \"Revert^2 \"external/boringssl: Sync to 5f4f26f59c364b603c2d10ddab71ce34913284b5.\"\" into main am: e89b452a31\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/37838375\n\nChange-Id: I123371a0a97e0218c1fd04a4eb37a1fc0da4f053\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "e89b452a31c0605fcdab6a43925b0a8d96809791", "tree": "971cd64688ab515505fbc90ab7d72b449487869b", "parents": [ "b89693b843ad3aa31c28a2e78056c7fb2d4f5ee1", "e1281ca663990cd385d96550aef0cc4949c0904f" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Thu Jan 15 06:22:09 2026 -0800" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Thu Jan 15 06:22:09 2026 -0800" }, "message": "Merge \"Revert^2 \"external/boringssl: Sync to 5f4f26f59c364b603c2d10ddab71ce34913284b5.\"\" into main" }, { "commit": "6dc2ad67a586d333d78e7797b3e01f945acaae58", "tree": "d83c015eb6ab2b524b544bb28d641363c15ef6b2", "parents": [ "b89693b843ad3aa31c28a2e78056c7fb2d4f5ee1" ], "author": { "name": "Jason Ling", "email": "jasonling@google.com", "time": "Wed Jan 14 22:48:38 2026 +0000" }, "committer": { "name": "Jason Ling", "email": "jasonling@google.com", "time": "Wed Jan 14 22:50:02 2026 +0000" }, "message": "bssl: make available to compos\n\nMake boring SSL nostd libraries available to CompOS.\n\nBug: 415853274\nTest: It builds\nChange-Id: I2538b71f493be58f43ad3c7a3d36afe193aff30f\n" }, { "commit": "e1281ca663990cd385d96550aef0cc4949c0904f", "tree": "136a8f41de162b64a62ebabf1c0fd1c6bf8fbf00", "parents": [ "569b28e71f12841fc27dfcc1ef05f35a2ced6b91" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Mon Jan 12 06:16:16 2026 -0800" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Mon Jan 12 06:16:16 2026 -0800" }, "message": "Revert^2 \"external/boringssl: Sync to 5f4f26f59c364b603c2d10ddab71ce34913284b5.\"\n\nThis reverts commit 569b28e71f12841fc27dfcc1ef05f35a2ced6b91.\n\nReason for revert: Fix forward for when HPKEJni tests are fixed.\n\nChange-Id: I8ef84f04cdf967fcd0b9ceb48e179e4134fb2399\n" }, { "commit": "76e295d72577b67a2c711c174699ea4dc4d000ea", "tree": "73f37c4b56aaa3ffcd333d3903345b6ff2f70e41", "parents": [ "98845393d223cd60a3887c90813e9aceb7726b89", "b89693b843ad3aa31c28a2e78056c7fb2d4f5ee1" ], "author": { "name": "Anand Duggal", "email": "anduggal@google.com", "time": "Thu Dec 18 08:13:55 2025 -0800" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Thu Dec 18 08:13:55 2025 -0800" }, "message": "Merge \"Move fs_mgr to a new project\" into main am: b89693b843\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/37492944\n\nChange-Id: Ib1948b42ce22bce540ff0f4ab605db082252104a\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "b89693b843ad3aa31c28a2e78056c7fb2d4f5ee1", "tree": "73f37c4b56aaa3ffcd333d3903345b6ff2f70e41", "parents": [ "5cea05c6ff1bdc6d11d19a0836c61887ba012725", "d2517afabd0ce8231270608655cc34c4b98a20b7" ], "author": { "name": "Anand Duggal", "email": "anduggal@google.com", "time": "Thu Dec 18 07:45:29 2025 -0800" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Thu Dec 18 07:45:29 2025 -0800" }, "message": "Merge \"Move fs_mgr to a new project\" into main" }, { "commit": "98845393d223cd60a3887c90813e9aceb7726b89", "tree": "a4085943eaa1436abe53d4d272e11286e94965fc", "parents": [ "359923d8fa989ddcf0ac1616c123a7b61ca70ba8", "5cea05c6ff1bdc6d11d19a0836c61887ba012725" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Thu Dec 18 02:39:50 2025 -0800" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Thu Dec 18 02:39:50 2025 -0800" }, "message": "Merge \"Revert \"external/boringssl: Sync to 5f4f26f59c364b603c2d10ddab71ce34913284b5.\"\" into main am: 5cea05c6ff\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/37565591\n\nChange-Id: I105a93411c0aab1ddf2765df4f45f634297e2b02\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "5cea05c6ff1bdc6d11d19a0836c61887ba012725", "tree": "a4085943eaa1436abe53d4d272e11286e94965fc", "parents": [ "1dff238356928c182a4676d44665f8f3d3b038e6", "569b28e71f12841fc27dfcc1ef05f35a2ced6b91" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Thu Dec 18 02:23:04 2025 -0800" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Thu Dec 18 02:23:04 2025 -0800" }, "message": "Merge \"Revert \"external/boringssl: Sync to 5f4f26f59c364b603c2d10ddab71ce34913284b5.\"\" into main" }, { "commit": "569b28e71f12841fc27dfcc1ef05f35a2ced6b91", "tree": "0bf3049c4b3462ea24df274bdcb73eee6e182f2d", "parents": [ "31bf092fbd24e864f86c6f94e48bb14002b5a6ff" ], "author": { "name": "Priyanka Advani (xWF)", "email": "padvani@google.com", "time": "Wed Dec 17 10:19:59 2025 -0800" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Wed Dec 17 10:19:59 2025 -0800" }, "message": "Revert \"external/boringssl: Sync to 5f4f26f59c364b603c2d10ddab71ce34913284b5.\"\n\nThis reverts commit 31bf092fbd24e864f86c6f94e48bb14002b5a6ff.\n\nReason for revert: Droidmonitor created revert due to b/467479439. Will be verifying through ABTD before submission.\n\nFix: 467479439\nChange-Id: I03dc3f97728d2401136ea8072e25fb49a200dcba\n" }, { "commit": "d2517afabd0ce8231270608655cc34c4b98a20b7", "tree": "971cd64688ab515505fbc90ab7d72b449487869b", "parents": [ "1dff238356928c182a4676d44665f8f3d3b038e6" ], "author": { "name": "Anand Duggal", "email": "anduggal@google.com", "time": "Sat Dec 13 19:20:30 2025 +0530" }, "committer": { "name": "Anand Duggal", "email": "anduggal@google.com", "time": "Sat Dec 13 19:20:30 2025 +0530" }, "message": "Move fs_mgr to a new project\n\nMoving fs_mgr to a new project inside platform/system/fs/fs_mgr.\n\nBug: 466109331\nTest: build\nChange-Id: Ifb6435e36a716af3a3ad76a3b319dd8f6ceaf581\n" }, { "commit": "359923d8fa989ddcf0ac1616c123a7b61ca70ba8", "tree": "df3756cd070c579a7a4ed5c8b08bc2341ac79f79", "parents": [ "2d73b36caa8e60ab606bd2bacd5a82fe202a1659", "1dff238356928c182a4676d44665f8f3d3b038e6" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Tue Dec 09 07:57:40 2025 -0800" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Tue Dec 09 07:57:40 2025 -0800" }, "message": "Merge \"external/boringssl: Sync to 5f4f26f59c364b603c2d10ddab71ce34913284b5.\" into main am: 1dff238356\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/37387642\n\nChange-Id: I0cc6578740d0beedbbfc5ad5aefdabcc73c3ae92\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "1dff238356928c182a4676d44665f8f3d3b038e6", "tree": "df3756cd070c579a7a4ed5c8b08bc2341ac79f79", "parents": [ "c94c87776ad8693af82956786edb6d48baf2fd16", "31bf092fbd24e864f86c6f94e48bb14002b5a6ff" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Tue Dec 09 07:25:36 2025 -0800" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Tue Dec 09 07:25:36 2025 -0800" }, "message": "Merge \"external/boringssl: Sync to 5f4f26f59c364b603c2d10ddab71ce34913284b5.\" into main" }, { "commit": "31bf092fbd24e864f86c6f94e48bb14002b5a6ff", "tree": "136a8f41de162b64a62ebabf1c0fd1c6bf8fbf00", "parents": [ "b28e2f82fa456bfdb4363a43ea17d4c88ec266aa" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Tue Dec 09 09:53:24 2025 +0000" }, "committer": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Tue Dec 09 09:55:37 2025 +0000" }, "message": "external/boringssl: Sync to 5f4f26f59c364b603c2d10ddab71ce34913284b5.\n\nThis includes the following changes:\n\nhttps://boringssl.googlesource.com/boringssl/+log/4c2a6a5467e4abea270877740b5975cac772802d..5f4f26f59c364b603c2d10ddab71ce34913284b5\n\n* Retire RSA blinding support\n* Benchmark long-lived vs newly-imported RSA keys for both sign and verify\n* Use google/benchmark for performance tracking\n* Make the benchmark timeout a floating point, not integer, flag.\n* Add a utility to extract identifiers from public headers.\n* Remove non-CBC codepaths from e_tls.cc\n* Don\u0027t condition BORINGSSL_self_test on !_MSC_VER\n* Inject the custom libc++ globally\n* Don\u0027t build third-party deps with our warnings\n* infra: Bump android-21 to android-24 on CI\n* infra: Disable mac_arm64_bazel builder again\n* Simply warnings config slightly\n* Stop setting -fmsc-version in our build\n* infra: Retain CMake toolchain defaults in win*_small builders\n* Another attempt to implementation_deps, preserving transitivity\n* Unbreak build on Visual Studio.\n* runner: Revise chain certificate passed to shim\n* runner: Test change cipher spec tests with no CCS message\n* Add a libssl user to util/bazel-example\n* Revert \"util/util.bzl: use implementation_deps to hide internal header\"\n* Don\u0027t detect pre-C++11 in \u003copenssl/base.h\u003e\nUpdate-Note: C++ projects including BoringSSL headers now must be C++17\nor later, matching the requirement for building BoringSSL. C projects\nare unaffected. C++ projects that were previously building at C++98 or\nC++03 will need to update to a language version from sometime in the\nlast couple decades.\n* Retire the STLport workaround\nUpdate-Note: BoringSSL\u0027s public headers will no longer workaround\nnon-compliant C++11 (or higher) build environments that use a non-C++11\nSTLport. If the build environment claims C++11 via __cplusplus \u003e\u003d\n201103L, we will expect it to actually be C++11.\n* Keep STL includes inside extern \"C++\"\n* Add missing include for bssl::Span.\n* Fix copy-paste error in comment\n* runner: Use slices.Clip instead of x[:len(x):len(x)]\n* Fix BoringSSL public includes for Tree-sitter parsability.\n* Fix PRESUBMIT.py\n* bssl speed: better and more consistent pattern matching in `-filter`.\nUpdate-Note: parsing of `bssl speed -filter` changed. When the algorithm\nname is fully specified, nothing changes; however substring matching now\nneeds to be explicitly requested via `bssl speed -filter \u0027*substring*\u0027`.\nAlso, this entire utility is likely soon going to get replaced by\nsomething based on Google Benchmark in\nIc8d4cfd65065e61ae90c58bddb34463a5f398f14; we\u0027re making sure however\nthat all functionality added here will remain somehow possible using\n`--benchmark_filter` expressions (but likely with extra syntax).\n* Revert \"[infra] Temporarily disable mac_arm64_bazel from CQ\"\n* [infra] Temporarily disable mac_arm64_bazel from CQ\n* Fix a bunch of lint errors.\n* util/util.bzl: use implementation_deps to hide internal header\n* Bump version for BCR release.\n* `util/analyze_bssl_speed.go`: also parse lines for \"1 byte\".\n* Link to ACVP results for 20251031.\n* `bssl speed`: include all AEAD implementations and directions.\n* Rephrase the bssl-crypto warning a bit\n* Deprecate no-op startup/shutdown ERR functions\n* Fix up `PEM_do_header` to use `size_t`\n* Add AES-CTR-HMAC-SHA256 to `bssl speed`.\n* Add a quick tool to analyze `bssl speed` output.\n* `bssl speed`: add a flag `-cputime`.\n* Add a -request-trust-anchors flag to bssl client\n* Fix typo in style guide\n* Add a helper function to split strings in tool/\n* Clang-format tool/client.cc and tool/server.cc arguments list\n* Add helpers for working with relative OIDs.\n* ML-DSA signature test from seed\n* Standardize the comments on the closing brace of extern \"C\".\n* bssl::Span::subspan: split into two overloads.\nUpdate-Note: `bssl::Span::subspan` no longer allows an explicit second\nargument of `dynamic_extent`. Previous `sp.subspan(pos, len)` can be\nexpressed as `len \u003d\u003d bssl::dynamic_extent ? sp.subspan(pos) :\nsp.subspan(pos, len)` if necessary.\n* Make `bssl::Span::subspan` behave like `std::span::subspan`.\nUpdate-Note: `bssl::Span::subspan` method now fails when second argument\npoints beyond span length. Previous `sp.subspan(pos, len)` can be\nrewritten as `sp.subspan(pos, std::min(len, sp.size() - pos))` if\nnecessary.\n* Remove some non-span methods of der::Input\n* Upgrade linux bots from ubuntu 22.04 to 24.04\n* Support handle poisoning in EVP_Decrypt ops too.\nUpdate-Note: `EVP_CIPHER` decrypt calls now fail if a previous call on\nthe same context failed before, as it would leave the cipher in an\nindeterminate state. Internal tests pass after cl/830352792. Callers\nthat do need to reuse an already failed context can do so by calling\n`EVP_Cipher_InitEx` on it.\n* Spanify EVP_Cipher update and final methods.\n* Implement pure version of SLH-DSA-SHAKE-256f\n* Update NDK on CI to r29\n\nTest: treehugger\nChange-Id: I3ef76888c992c807f47fe34d7cf057f87f9f7e04\n" }, { "commit": "2d73b36caa8e60ab606bd2bacd5a82fe202a1659", "tree": "a4085943eaa1436abe53d4d272e11286e94965fc", "parents": [ "37d13823eaacc958ec53e69d0d9c4f8e48fb82e5", "c94c87776ad8693af82956786edb6d48baf2fd16" ], "author": { "name": "Treehugger Robot", "email": "android-test-infra-autosubmit@system.gserviceaccount.com", "time": "Mon Dec 08 02:59:26 2025 -0800" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Mon Dec 08 02:59:26 2025 -0800" }, "message": "Merge \"allow shipping DnsResolver in tethering apex\" into main am: c94c87776a\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/37322138\n\nChange-Id: Ie3592c753979a4a93f36db3cf1a9122cd503c770\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "c94c87776ad8693af82956786edb6d48baf2fd16", "tree": "a4085943eaa1436abe53d4d272e11286e94965fc", "parents": [ "35399572cfc738b9d1ecd0063cb2d45b94424f34", "851c213669feb04e2146ccb5f2c5a25bb56d81a8" ], "author": { "name": "Treehugger Robot", "email": "android-test-infra-autosubmit@system.gserviceaccount.com", "time": "Mon Dec 08 02:33:09 2025 -0800" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Mon Dec 08 02:33:09 2025 -0800" }, "message": "Merge \"allow shipping DnsResolver in tethering apex\" into main" }, { "commit": "37d13823eaacc958ec53e69d0d9c4f8e48fb82e5", "tree": "d25ebb560ef860fbb4c45d6b6875f4cfbbe5290a", "parents": [ "441b8ce63b79970bd5bdbf21c7676a45e5cd7a92", "35399572cfc738b9d1ecd0063cb2d45b94424f34" ], "author": { "name": "Matthew Maurer", "email": "mmaurer@google.com", "time": "Fri Dec 05 12:00:15 2025 -0800" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Fri Dec 05 12:00:15 2025 -0800" }, "message": "bssl-sys: Make available to aws-lc-rs bindings am: 35399572cf\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/37271705\n\nChange-Id: I9a4938012f53a374e76a3e365b1bdaac20130f67\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "851c213669feb04e2146ccb5f2c5a25bb56d81a8", "tree": "7376f5bc351ae9fe1df3f1e0a25d0b83a67aaac4", "parents": [ "b28e2f82fa456bfdb4363a43ea17d4c88ec266aa" ], "author": { "name": "Maciej Żenczykowski", "email": "maze@google.com", "time": "Tue Dec 02 15:54:28 2025 -0800" }, "committer": { "name": "Maciej Żenczykowski", "email": "maze@google.com", "time": "Thu Dec 04 23:32:51 2025 -0800" }, "message": "allow shipping DnsResolver in tethering apex\n\nBug: 466244272\nTest: TreeHugger\nFlag: EXEMPT PURE_REFACTOR\nSigned-off-by: Maciej Żenczykowski \u003cmaze@google.com\u003e\nChange-Id: I505e2d7c986cce1bca3c3c32f7bf4a0978ee3b7f\n" }, { "commit": "35399572cfc738b9d1ecd0063cb2d45b94424f34", "tree": "d25ebb560ef860fbb4c45d6b6875f4cfbbe5290a", "parents": [ "3fcb8b9577938f595f617bbc752d4a600cc77d07" ], "author": { "name": "Matthew Maurer", "email": "mmaurer@google.com", "time": "Tue Dec 02 20:46:48 2025 +0000" }, "committer": { "name": "Matthew Maurer", "email": "mmaurer@google.com", "time": "Wed Dec 03 22:41:48 2025 +0000" }, "message": "bssl-sys: Make available to aws-lc-rs bindings\n\nOnce BoringSSL produces a `rustls::crypto::CryptoProvider`, or an\nalternate means of using TLS supported by `tonic` and `hyper`, this\npatch can be reverted.\n\nBug: 459897955\nTest: TH\nChange-Id: I04676310c2959f9588863b8362249bbdbb92e8fe\n" }, { "commit": "441b8ce63b79970bd5bdbf21c7676a45e5cd7a92", "tree": "14c6484c9b0bc51f6f6678e96ad815bfebdebfb0", "parents": [ "10b5e524cd9303fff312fac7f932b4789dc88df3", "3fcb8b9577938f595f617bbc752d4a600cc77d07" ], "author": { "name": "Treehugger Robot", "email": "android-test-infra-autosubmit@system.gserviceaccount.com", "time": "Wed Dec 03 13:22:10 2025 -0800" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Wed Dec 03 13:22:10 2025 -0800" }, "message": "Merge \"Add compos to apex available\" into main am: 3fcb8b9577\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/37033505\n\nChange-Id: I3fecf26bd652b2504dd42f46c0c84c1e0bbbb493\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "3fcb8b9577938f595f617bbc752d4a600cc77d07", "tree": "14c6484c9b0bc51f6f6678e96ad815bfebdebfb0", "parents": [ "b28e2f82fa456bfdb4363a43ea17d4c88ec266aa", "58a5e883029c8c66db4c0b246bf4ebe854c8d84a" ], "author": { "name": "Treehugger Robot", "email": "android-test-infra-autosubmit@system.gserviceaccount.com", "time": "Wed Dec 03 12:52:54 2025 -0800" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Wed Dec 03 12:52:54 2025 -0800" }, "message": "Merge \"Add compos to apex available\" into main" }, { "commit": "58a5e883029c8c66db4c0b246bf4ebe854c8d84a", "tree": "da41a9f5987f9c4ea5916385943b36fb16f31fa0", "parents": [ "a9c65a08b4c643e62c0ae9b23ec669cb55bda925" ], "author": { "name": "Jason Ling", "email": "jasonling@google.com", "time": "Mon Nov 17 23:24:12 2025 +0000" }, "committer": { "name": "Jason Ling", "email": "jasonling@google.com", "time": "Thu Nov 20 18:50:28 2025 +0000" }, "message": "Add compos to apex available\n\nAdd compos to apex available.\nCompos needs this in order to get the sha256 digest from fsv_meta\n\nBug: 461567478\nTest: manual, able to compile compos\nChange-Id: Iadc7302c3ec630c97e98fe98de37582df1e50706\n" }, { "commit": "10b5e524cd9303fff312fac7f932b4789dc88df3", "tree": "0bf3049c4b3462ea24df274bdcb73eee6e182f2d", "parents": [ "e78ee02654de9add12ec4576fe008ad6521b4d7a", "b28e2f82fa456bfdb4363a43ea17d4c88ec266aa" ], "author": { "name": "Andrew Scull", "email": "ascull@google.com", "time": "Mon Nov 17 07:47:12 2025 -0800" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Mon Nov 17 07:47:12 2025 -0800" }, "message": "Merge \"Add no_std variant of bssl_crypto\" into main am: b28e2f82fa\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/36643389\n\nChange-Id: Ie1be9c1ec451df1c5173b508056a7f48bf747dce\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "b28e2f82fa456bfdb4363a43ea17d4c88ec266aa", "tree": "0bf3049c4b3462ea24df274bdcb73eee6e182f2d", "parents": [ "54eb244a34195b43858d51c879a91c2d2c71237b", "9019fe147c4fbf4e5b01104f140e0345807cd61a" ], "author": { "name": "Andrew Scull", "email": "ascull@google.com", "time": "Mon Nov 17 07:22:04 2025 -0800" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Mon Nov 17 07:22:04 2025 -0800" }, "message": "Merge \"Add no_std variant of bssl_crypto\" into main" }, { "commit": "9019fe147c4fbf4e5b01104f140e0345807cd61a", "tree": "92b06b97c06ba2b4387bace8f1034d33db388085", "parents": [ "a9c65a08b4c643e62c0ae9b23ec669cb55bda925" ], "author": { "name": "Andrew Scull", "email": "ascull@google.com", "time": "Thu Oct 30 17:01:49 2025 +0000" }, "committer": { "name": "Andrew Scull", "email": "ascull@google.com", "time": "Fri Nov 14 13:14:51 2025 -0800" }, "message": "Add no_std variant of bssl_crypto\n\nTest: TH\nBug: 454887336\nFlag: EXEMPT UNSUPPORTED_LANGUAGE\nChange-Id: I00a1675d5806f860829fa079db0599550fb48305\n" }, { "commit": "e78ee02654de9add12ec4576fe008ad6521b4d7a", "tree": "481fe838dd8ad5c6fded636995a604ff11b67457", "parents": [ "290051c81a2187bcd84ae2ab89dd2b427bddc49c", "54eb244a34195b43858d51c879a91c2d2c71237b" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Thu Nov 13 06:09:59 2025 -0800" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Thu Nov 13 06:09:59 2025 -0800" }, "message": "external/boringssl: Sync to 4c2a6a5467e4abea270877740b5975cac772802d. am: 54eb244a34\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/36927363\n\nChange-Id: Ie4dfbc254dd3d143ae662d9715c3dcbadba0bcb1\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "54eb244a34195b43858d51c879a91c2d2c71237b", "tree": "481fe838dd8ad5c6fded636995a604ff11b67457", "parents": [ "a9c65a08b4c643e62c0ae9b23ec669cb55bda925" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Wed Nov 12 15:48:12 2025 +0000" }, "committer": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Thu Nov 13 10:53:53 2025 +0000" }, "message": "external/boringssl: Sync to 4c2a6a5467e4abea270877740b5975cac772802d.\n\nThis includes the following changes:\n\nhttps://boringssl.googlesource.com/boringssl/+log/eae76e0715de794f4fe0a189fe8c8146cbc9990c..4c2a6a5467e4abea270877740b5975cac772802d\n\n* Use _t and _v versions of type traits\n* Add some documentation for updating ACVP tests.\n* Move all internal calls to the new API with size checking.\n* Unwind wait_for_entropy diagnostic function in getrandom code\n* Add function to evaluate MT inclusion proof\n* Add presubmit check for bzl/bazel file formatting using `buildifier`\n* acvptool: ML-DSA external mu, internal sig. interface\n* Update all the Bazel things\n* Remove workaround for Bazel C/C++ issue\nUpdate-Note: BoringSSL now requires Bazel 7.4.0 or later.\n* Add BCR presubmit testing for Bazel 8.x and rolling\n* Add ML-DSA-87 variants to Rust wrappers\n* EVP_Cipher: fix comments about required buffer sizes.\n* Bump version for BCR\n* acvptool: Fix error reporting if dk or c are empty\n* Fix ACVP tests\n* Add missing #include\n* Add API functions for OpenSSL ciphers with sized output.\n* Format *.bzl, *.bazel files using buildifier\n* Update acvptool for recent server-side changes.\n* Remove ro.boringcrypto.hwrand toggle on Android\n* Fix util/bazel-example under Bazel 9.0.0rc1\n* Implement Merkle Tree operations.\n* Don\u0027t abort in a non-FIPS build.\n* Sync flags from `CMakeLists.txt` to `util/util.bzl`.\n* Update PRNG docs to reflect recent changes\n* Fix constant_time_conditional_memxor on some input lengths\n* Fix potential constant time issue\n* Add an external mu variant of ML-DSA verification\n* Bump android-18 to android-21 on CI\n* Update Android NDK to r27d on CI\n* Spellcheck the codebase\n* Ensuse self tests run for ML-DSA prehash signing\n* Run ML-DSA Wycheproof verify tests through EVP too\n* Set `-fno-strict-aliasing` when building with bazel.\n* runner: Don\u0027t parse zero-length OCSP responses in tests\n* Add basic integration with ML-DSA and EVP\n* EVP_DecryptUpdate: fix comment about required buffer size.\n* Update Wycheproof test vectors\n* Include the public key in ML-DSA private keys\n* Add constants in nid.h for encoded OIDs\n* Make the EVP_PKEY_ASN1_METHOD tables static\n* Fold p_${alg}_asn1.cc into p_${alg}.cc\n* Fix error handling for invalid TLS 1.3 status_request extensions\n* Fix some more NULLs by hand\n* Also modernize-use-nullptr the BCM fragments\n* IWYU fixes\n* Add an /* up to */ comment to all subspan calls that may truncate.\n* Make constant-sized calls to Span::first/last/subspan compile-time sized.\n* Initialize last_sample_ to fix maybe-uninitialized warning.\n* Also fix nullptr in internal header files\n* Apply modernize-use-nullptr fixes in all .cc files\n* Add some more notes to CONTRIBUTING.md\n* Take another pass at CONTRIBUTING.md\n* Remove some easy OPENSSL_EXPORTs\n* Add an assert for a correct buffer size.\n* Elide storage of bssl::Span size if known at compile time.\n* Uprev the CIPD version of infra/3pp/tools/perl/windows-amd64\n* Add a PRESUBMIT.py script to check pregenerated files\n* Fix a bug when BN_mod_sqrt is called on very annoying primes\n* Remove NID_MLKEM1024 alias\n* Document how BN_mod_sqrt handles the `in` parameter\n\nTest: treehugger\nChange-Id: I5693706f8058e5c7972199bcedd490653e7d3de2\n" }, { "commit": "290051c81a2187bcd84ae2ab89dd2b427bddc49c", "tree": "a198cc42da86c8f3f11f753ad0c16ca80b80829f", "parents": [ "47b0107b03e202ff6389d5aa571e19d944481a93", "a9c65a08b4c643e62c0ae9b23ec669cb55bda925" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Wed Oct 15 05:48:33 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Wed Oct 15 05:48:33 2025 -0700" }, "message": "external/boringssl: Sync to eae76e0715de794f4fe0a189fe8c8146cbc9990c. am: a9c65a08b4\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/36299330\n\nChange-Id: Ia1aee7e444152b8fc72fbc118735582cbcf7d960\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "a9c65a08b4c643e62c0ae9b23ec669cb55bda925", "tree": "a198cc42da86c8f3f11f753ad0c16ca80b80829f", "parents": [ "e87032417134d47cdc170dbbf9fc261272a37cb9" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Mon Oct 13 06:18:51 2025 -0700" }, "committer": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Mon Oct 13 06:18:51 2025 -0700" }, "message": "external/boringssl: Sync to eae76e0715de794f4fe0a189fe8c8146cbc9990c.\n\nThis includes the following changes:\n\nhttps://boringssl.googlesource.com/boringssl/+log/40e035a9e5d721b3b7c15c46259d782ffe7d9e96..eae76e0715de794f4fe0a189fe8c8146cbc9990c\n\n* Test bssl::InplaceVector with a move-only type\n* Rust wrappers for external mu variant of ML-DSA\n* Document that ASN1_STRING_set_by_NID enforces the bounds on the string\n* Also accept incorrectly-encoded X509 v1 version fields again\n* Prevent false positive in constant time checks\n* Allow empty extension lists in X.509\n* Use a less verbose pattern to heap-allocate temporaries in ML-DSA\n* Const-correct the internal/external pointer casts\n* Don\u0027t have separate BCM and ML-KEM and ML-DSA types\n* Unwind \u003copenssl/bcm_public.h\u003e\n* Add SSWU_NU encode-to-curve functions from RFC 9380.\n* Unify the HPKE implementation for ML-KEM.\n* Update Go on CI\n* Bump the macOS versions on our CI to macOS 12 or 13\n* Deprecate SSL_CIPHER_get_name\n* Remove some unused constants\nUpdate-Note: These aren\u0027t used within the library, or externally. Let us\nknow if we missed a user.\n* Order TLS1_TXT_* and TLS1_CK_* in the same order\n* Remove TLS1_TXT_* constants for unimplemented cipher suites\nUpdate-Note: A bunch of constants for cipher suites that BoringSSL does\nnot implement were removed. Code search says none of these are used. If\nwe missed something and any were used, let us know and we\u0027ll restore the\nnecessary ones.\n* Add OIDs and NIDs for ML-DSA-{44,65,87} and ML-KEM-{768,1024}\n* Restore TLS 1.3 TLS1_CK_* constants\n* Remove TLS1_CK_* constants for unimplemented cipher suites\nUpdate-Note: A bunch of constants for cipher suites that BoringSSL does\nnot implement were removed. Code search says none of these are used. If\nwe missed something and any were used, let us know and we\u0027ll restore the\nnecessary ones.\n* Add additional check, as contract of function\n* Bump BORINGSSL_API_VERSION to 37\n* Add API for caller to hint server\u0027s preferred key shares\n* Update CI dependencies\n* Update Bazel deps and bump version for BCR\n* Add newer HPKE configuration to Rust wrappers.\n* Rework ML-DSA modular operations\n* Add ML-KEM-1024 option for HPKE.\n* entropy_modulewrapper: set batch mode.\n* Add some missing includes\n* Define X-Wing constants as expressions.\n* Add ML-KEM-768 option for HPKE.\n* Put the legacy cipher constants back in tls1.h and ssl3.h\n* Introduce cipher constants without the leading 0x03\n* Update status of FIPS 20250728\n* Tolerate nullptr in i2d_X509_NAME\n* Add some missing includes\n* Fix and test other self-assignment cases in crypto/x509\n* Const-correct all i2d_*_bio functions\n* Add ACVP modulewrapper for the jitter entropy SHA-384 implementation.\n* Document that HMAC_Final can have a nullptr `out_len`.\n* Add a missing note about the hashes in ssl_compliance_policy_fips_202205 docs\n* Fix bugs found by clangsa\n* Make setting an X509_NAME to itself work\n* Make the ASN1_TYPE-level type take precedence over the ASN1_STRING one\n* Use CRYPTO_addc_w in bn_from_montgomery_in_place\n* Use a simpler process to compute n0\n* Forbid setting EC public key to point at infinity\nUpdate-Note: EC_KEY_set_public_key will now return an error if\nconfiguring the point at infinity as a public key. This does not impact\nparsing, which already rejected such a point, and the resulting key\nwould have failed all operations already.\n* Remove stale comment\n* Upgrade the opportunistic CRYPTO_sysrand calls to normal ones\nUpdate-Note: Builds with BORINGSSL_FIPS will no longer attempt to work\naround broken OS entropy with RDRAND. The OS is expected to be\nfunctional.\n* Remove some stale ifdefs from urandom.cc\n* Reject explicit default X.509 versions and empty extension lists\nUpdate-Note: X509 and X509_CRL parsers are now more spec-compliant and\nreject some invalid inputs. After cl/809456844, internal tests have\npassed with this change. The change was also validated with cl/800872048\nand cl/802241042. Let us know if this encounters problems.\n* Bump the minimum CMake version to 3.22\n* Add API for configuring client key shares\n* draft-ietf-lamps-x509-policy-graph is now RFC 9618\n* Test a few more unusual TBS certificates\n* Const-correct a bunch more of \u003copenssl/x509.h\u003e\n* Unwind ASN1_ANY_AS_STRING\n* Embed X509_NAME into X509\n* Don\u0027t create partial X509 and X509_CRL objects to search the X509_STORE\n* Const-correct X509_NAME and test thread-safety\n* Rewrite the X509_NAME parser\n* Parameterize the tag in IMPLEMENT_EXTERN_ASN1_SIMPLE\n* Test a few more cases of null STACK_OF(T)\n* Make more of atomic\u003cT\u003e available to libcrypto\n* Test that X509_NAME_add_entry will not allow invalid entries to be added\n* Make make_unusual_tbs.go test data idempotent\n* Add EVP_pkey_rsa_pss_sha384 and EVP_pkey_rsa_pss_sha512\n* Store the PSS parameters in the RSA object\n* Don\u0027t include every field in every EVP_PKEY_ALG\n* Allow SSL_HANDSHAKE::key_shares to vary in size\n* Always populate supported_group_list\nUpdate-Note: There should not be any behavior change. The documentation\nis updated to clarify what was existing behavior and is still the\nbehavior of providing an empty list when setting supported groups.\n* Require configured groups for key exchange to be unique\nUpdate-Note: The setters for supported groups,\nSSL_{,CTX_}set1_{groups,group_ids,groups_list} will now fail if the\nprovided list of groups contains duplicates.\n* Various IWYU fixes\n* [gtest] Clean up single-arg `testing::Invoke()`s\n* Remove stale static asserts about atomics\n* Add X509_parse_with_algorithms\n* Make X509_verify X509_sign_ctx work with EVP_PKEY_RSA_PSS\n* Rewrite X509\u0027s parser with CBS/CBB\nUpdate-Note: This CL is not expected to change the external behavior of\nthe X.509 parser, but it\u0027s a lot of code that had to get shuffled\naround, so if something funny happens around X.509, this is a likely\nculprit.\n* Rename X509_CINF::signature to X509_CINF::tbs_sig_alg\n* Rewrite X509_PUBKEY\u0027s parsers with CBS/CBB\n* Parse X509\u0027s signature algorithm with the CBS/CBB functions\n* Parse X509_ALGOR without depending on the templates\n* Make ASN1_EXTERN_FUNCS\u0027s parse callback CBS-based\n* Remove the tag parameter to IMPLEMENT_EXTERN_ASN1\n* Add X509_ALGOR_copy\n* Write some templated functions for the d2i/i2d convention\n* Make CBS/CBB-versions of crypto/asn1 types\n* Avoid one malloc indirection in X509\n* Test the implicit cleanup feature of X509_sign_ctx, etc.\n* Add a benchmark for parsing with d2i_X509\n* Systematically test that parsers catch trailing data\n* Test verifying signatures over \"unusual\" TBSCertificates\n* Use std::string_view in x509_test.cc\n\nTest: treehugger\nChange-Id: Ide1ca50f300147f80ed6b66e35a7efe8cdc8a77a\n" }, { "commit": "47b0107b03e202ff6389d5aa571e19d944481a93", "tree": "a9040469ad2e62b644ac12c204d432f603945eb7", "parents": [ "96b7f950c25037d683e863a9592c591c376036fa", "e87032417134d47cdc170dbbf9fc261272a37cb9" ], "author": { "name": "Priyanka Advani (xWF)", "email": "padvani@google.com", "time": "Tue Sep 23 14:51:34 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Tue Sep 23 14:51:34 2025 -0700" }, "message": "Revert \"external/boringssl: Sync to 413704be8c0ee3a29908b80b6645...\" am: e870324171\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/35943571\n\nChange-Id: I2ae21e0640af4d5b15dd1ef7d88782284d7e6379\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "e87032417134d47cdc170dbbf9fc261272a37cb9", "tree": "a9040469ad2e62b644ac12c204d432f603945eb7", "parents": [ "c3ee380fcd76699ab0f1e5bc8d1732726baf9c53" ], "author": { "name": "Priyanka Advani (xWF)", "email": "padvani@google.com", "time": "Tue Sep 23 11:34:14 2025 -0700" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Tue Sep 23 11:34:15 2025 -0700" }, "message": "Revert \"external/boringssl: Sync to 413704be8c0ee3a29908b80b6645...\"\n\nRevert submission 35900100-boringx509changes\n\nReason for revert: Droidmonitor created revert due to b/446923209. Will be verifying through ABTD before submission.\n\nFix: 446923209\n\nReverted changes: /q/submissionid:35900100-boringx509changes\n\nChange-Id: Ia3850e184b09be34f13daf7b22681d8c2090b115\n" }, { "commit": "96b7f950c25037d683e863a9592c591c376036fa", "tree": "a88083f8baae9dbed3d14b3c5b1d2492606d181f", "parents": [ "931b68d859c777e25173f4d6c846a3ff200e3556", "c3ee380fcd76699ab0f1e5bc8d1732726baf9c53" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Tue Sep 23 09:12:40 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Tue Sep 23 09:12:40 2025 -0700" }, "message": "external/boringssl: Sync to 413704be8c0ee3a29908b80b6645587697863d1a. am: c3ee380fcd\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/35735993\n\nChange-Id: I4b7e2ee72f5e9130526cd899c39d31b1b3306ed9\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "c3ee380fcd76699ab0f1e5bc8d1732726baf9c53", "tree": "a88083f8baae9dbed3d14b3c5b1d2492606d181f", "parents": [ "e1682975ac983c1bb49d1a174e83f2558c68b09a" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Tue Sep 16 02:14:43 2025 -0700" }, "committer": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Tue Sep 16 02:14:43 2025 -0700" }, "message": "external/boringssl: Sync to 413704be8c0ee3a29908b80b6645587697863d1a.\n\nThis includes the following changes:\n\nhttps://boringssl.googlesource.com/boringssl/+log/40e035a9e5d721b3b7c15c46259d782ffe7d9e96..413704be8c0ee3a29908b80b6645587697863d1a\n\n* draft-ietf-lamps-x509-policy-graph is now RFC 9618\n* Test a few more unusual TBS certificates\n* Const-correct a bunch more of \u003copenssl/x509.h\u003e\n* Unwind ASN1_ANY_AS_STRING\n* Embed X509_NAME into X509\n* Don\u0027t create partial X509 and X509_CRL objects to search the X509_STORE\n* Const-correct X509_NAME and test thread-safety\n* Rewrite the X509_NAME parser\n* Parameterize the tag in IMPLEMENT_EXTERN_ASN1_SIMPLE\n* Test a few more cases of null STACK_OF(T)\n* Make more of atomic\u003cT\u003e available to libcrypto\n* Test that X509_NAME_add_entry will not allow invalid entries to be added\n* Make make_unusual_tbs.go test data idempotent\n* Add EVP_pkey_rsa_pss_sha384 and EVP_pkey_rsa_pss_sha512\n* Store the PSS parameters in the RSA object\n* Don\u0027t include every field in every EVP_PKEY_ALG\n* Allow SSL_HANDSHAKE::key_shares to vary in size\n* Always populate supported_group_list\nUpdate-Note: There should not be any behavior change. The documentation\nis updated to clarify what was existing behavior and is still the\nbehavior of providing an empty list when setting supported groups.\n* Require configured groups for key exchange to be unique\nUpdate-Note: The setters for supported groups,\nSSL_{,CTX_}set1_{groups,group_ids,groups_list} will now fail if the\nprovided list of groups contains duplicates.\n* Various IWYU fixes\n* [gtest] Clean up single-arg `testing::Invoke()`s\n* Remove stale static asserts about atomics\n* Add X509_parse_with_algorithms\n* Make X509_verify X509_sign_ctx work with EVP_PKEY_RSA_PSS\n* Rewrite X509\u0027s parser with CBS/CBB\nUpdate-Note: This CL is not expected to change the external behavior of\nthe X.509 parser, but it\u0027s a lot of code that had to get shuffled\naround, so if something funny happens around X.509, this is a likely\nculprit.\n* Rename X509_CINF::signature to X509_CINF::tbs_sig_alg\n* Rewrite X509_PUBKEY\u0027s parsers with CBS/CBB\n* Parse X509\u0027s signature algorithm with the CBS/CBB functions\n* Parse X509_ALGOR without depending on the templates\n* Make ASN1_EXTERN_FUNCS\u0027s parse callback CBS-based\n* Remove the tag parameter to IMPLEMENT_EXTERN_ASN1\n* Add X509_ALGOR_copy\n* Write some templated functions for the d2i/i2d convention\n* Make CBS/CBB-versions of crypto/asn1 types\n* Avoid one malloc indirection in X509\n* Test the implicit cleanup feature of X509_sign_ctx, etc.\n* Add a benchmark for parsing with d2i_X509\n* Systematically test that parsers catch trailing data\n* Test verifying signatures over \"unusual\" TBSCertificates\n* Use std::string_view in x509_test.cc\n\nTest: treehugger\nChange-Id: I2700fe29ae0a30fca6b22801d758bc220099d084\n" }, { "commit": "931b68d859c777e25173f4d6c846a3ff200e3556", "tree": "a9040469ad2e62b644ac12c204d432f603945eb7", "parents": [ "5d1c41f27c8ae8212424b7238f806bb0355300e6", "e1682975ac983c1bb49d1a174e83f2558c68b09a" ], "author": { "name": "David Drysdale", "email": "drysdale@google.com", "time": "Thu Sep 11 03:48:30 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Thu Sep 11 03:48:30 2025 -0700" }, "message": "Add target for mlalgs-enabled bssl_crypto am: e1682975ac\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/35590897\n\nChange-Id: Ibc13afea69f740728bdb93703d95409be3c185b0\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "e1682975ac983c1bb49d1a174e83f2558c68b09a", "tree": "a9040469ad2e62b644ac12c204d432f603945eb7", "parents": [ "05780b7c292d2ecacbf17993598d75216b2ea896" ], "author": { "name": "David Drysdale", "email": "drysdale@google.com", "time": "Wed Sep 03 14:34:43 2025 +0100" }, "committer": { "name": "David Drysdale", "email": "drysdale@google.com", "time": "Wed Sep 10 12:16:53 2025 +0100" }, "message": "Add target for mlalgs-enabled bssl_crypto\n\nBug: 395069628\nTest: build\nChange-Id: I21b174f4672e57260880d1775b3a553d0f893d17\n" }, { "commit": "5d1c41f27c8ae8212424b7238f806bb0355300e6", "tree": "35be2ad60f232ddf99b20ba69e9c685b0f7b86c0", "parents": [ "a9c10d8830dd1d84f313ee4a436181a2cbb62635", "05780b7c292d2ecacbf17993598d75216b2ea896" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Thu Sep 04 08:32:48 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Thu Sep 04 08:32:48 2025 -0700" }, "message": "external/boringssl: Sync to 40e035a9e5d721b3b7c15c46259d782ffe7d9e96. am: 05780b7c29\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/35426769\n\nChange-Id: I8797b47a79efd2028f70018d0f059a0660c4b1d8\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "05780b7c292d2ecacbf17993598d75216b2ea896", "tree": "35be2ad60f232ddf99b20ba69e9c685b0f7b86c0", "parents": [ "bc763f8ec0e33e18d25abc6e2e001750423d8283" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Thu Sep 04 02:39:55 2025 -0700" }, "committer": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Thu Sep 04 02:39:55 2025 -0700" }, "message": "external/boringssl: Sync to 40e035a9e5d721b3b7c15c46259d782ffe7d9e96.\n\nThis includes the following changes:\n\nhttps://boringssl.googlesource.com/boringssl/+log/17b60f1f5a39d222112fc0ecc2baf8f72f664e92..40e035a9e5d721b3b7c15c46259d782ffe7d9e96\n\n* Clear the extension list when removing the last extension\n* Refresh basic constraints test certificates\n* Document ASN1_item_sign\u0027s order of operations a bit\n* Add a few more TODOs for functions that should be const but aren\u0027t\n* Use the new SPKI API in d2i_RSA_PUBKEY and friends\n* Unexport a few more ASN1_ITEMs\nUpdate-Note: ASN1_TIME, DIRECTORYSTRING, and DISPLAYTEXT are no longer\nusable in custom macro-based ASN.1 types using \u003copenssl/asn1t.h\u003e. There\ndo not seem to be any external callers that depend on this.\n* Make some test data of unknown ASN.1 types slightly less invalid\n* Test ASN1_TYPE parsing more extensively\n* Add EVP_PKEY_ALG-based raw public/private key importers\n* Use EVP_PKEY_bits in SimplePathBuilderDelegate\n* Update citations from RFC 3447 to RFC 8017\n* Replace OPENSSL_ARRAY_SIZE with std::size\n* Const-correct the kPrintMethods table\n* Add SHA-256-only support for EVP_PKEY_RSA_PSS\n* Write a CBS-based RSA-PSS parameter parser\n* Switch libssl to the new SPKI parsing APIs\n* Switch libpki to the new SPKI-parsing APIs\n* bssl-crypto: Switch to new SPKI/PKCS8 parsing APIs\n* Introduce EVP_PKEY_ALG\n* Add internal EC parsing functions that take lists of allowed groups\n* Test lookup and creation by RSA parameters in evp_test\n* bump fiat-crypto (remove redundant return statements)\n* Make FileTest work with std::string_view\n* Test key import in EVPTest a bit more extensively\n* infra/config: Remove luci.recipes.use_python3 experiment\n* Add an ERR_equals function\n* Add utility for dumping raw jitter samples.\n* Use inline asm to read cntvct_el0 to accommodate GCC\n* bssl-crypto: Fix Ed25519 SPKI parser to check key types\n* Add a jitter entropy source.\n* Set an EVP_PKEY\u0027s algorithm and data together\n* Make some more half-empty EVP_PKEY states impossible\nUpdate-Note: Some half-empty, invalid EVP_PKEY states are now\nimpossible. Running through tests, no callers were tripping this. There\nseems to be no legitimate reason to do this.\n* Limit EVP_PKEY_set_type to EVP_PKEY_X25519\nUpdate-Note: EVP_PKEY_set_type will now only succeed for\nEVP_PKEY_X25519. EVP_PKEY_set_type(EVP_PKEY_NONE) will continue to clear\nthe pkey and then fail. Going through code search, there are not\nexpected to be any affected callers.\n* Add a test that arbitrary curves can be wrapped in EVP_PKEY\n* Stop tracking an ENGINE in EVP_PKEY_CTX\n* Rename EVP_PKEY_METHOD to EVP_PKEY_CTX_METHOD\n* Pull the EC_GROUP_new_by_curve_name up into EVP_PKEY_CTX_set_ec_paramgen_curve_nid\n* Split evp_tests.txt into separate files\n* Add a test for SPKI and PKCS8 parsing with unknown algorithms\n* Fix markdown syntax in BUILDING.md\n* Test async BIO_flush and fix a corner case\n* Rename EVP_R_EXPECTING_AN_EC_KEY_KEY to match OpenSSL\nUpdate-Note: Code search finds no references to the BoringSSL name, so\nthis is not expected to impact anything.\n* Document the generators for all the MODP groups\n* Remove an old, impractical TODO\n* Say a bit more in docs about how to use EVP_PKEY_CTX\n* Bump version for BCR\n* Run through more code in PKCS#8 and SPKI parsers\n* Fix typo in comment\n* runner: Remove need for an AllCurves value\n* Remove redundant copy of EVP_PKEY type\n* Remove EVP_PKEY_print_* support for DSA\nUpdate-Note: EVP_PKEY_print_* no longer has code to print a\nhuman-readable debug string for DSA keys.\n* Don\u0027t support parameterless DSA keys in SPKIs\nUpdate-Note: Parameterless DSA keys (a legacy algorithm) in\nSubjectPublicKeyInfo will no longer parse. This does not impact TLS,\nwhere we have never supported DSA.\n* Add a couple more no-op compatibility functions\n* More consistently reset EVP_PKEYs in free_it\n* Unexport the Kyber implementation\nUpdate-Note: \u003copenssl/experimental/kyber.h\u003e is gone. Use\n\u003copenssl/mlkem.h\u003e instead.\n* Deprecate EVP_PKEY_set_type\n* Fix reference to public key in evp.h docs\n* pki: add PEMDecode and PEMDecodeSingle\n* Switch to using a derivation function in CTR-DRBG.\n* pki: allow span\u003cstring_view\u003e for allowed types in PEMTokenizer\n* Style guide: mention placement of \u0026 for reference types\n\nTest: treehugger\nChange-Id: I85e95e3aeab533b955c63ab39ecbffab148e8de0\n" }, { "commit": "a9c10d8830dd1d84f313ee4a436181a2cbb62635", "tree": "0cb9abe0a937af3131c23e19acb17a35e8b31b69", "parents": [ "40aeeba3750eadfbdfd0af228ffeef98aa970c29", "bc763f8ec0e33e18d25abc6e2e001750423d8283" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Mon Sep 01 02:40:56 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Mon Sep 01 02:40:56 2025 -0700" }, "message": "Remove no longer necessary BORINGSSL_NO_STATIC_INITIALIZER define am: bc763f8ec0\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/35408173\n\nChange-Id: I549ad9481585e927a88bf9acf7af1614b4b0c1f6\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "bc763f8ec0e33e18d25abc6e2e001750423d8283", "tree": "0cb9abe0a937af3131c23e19acb17a35e8b31b69", "parents": [ "b72d791a367e0162af1e6dc26617dbc629a6524f" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Mon Sep 01 03:02:41 2025 +0000" }, "committer": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Mon Sep 01 03:03:20 2025 +0000" }, "message": "Remove no longer necessary BORINGSSL_NO_STATIC_INITIALIZER define\n\nBoringSSL doesn\u0027t pay attention to this setting anymore; the library now\ninternally initializes itself as needed.\n\nTest: treehugger\nChange-Id: I5c8a8ceb8d2b1f84a8cc9aadcc6f737586a90de2\n" }, { "commit": "40aeeba3750eadfbdfd0af228ffeef98aa970c29", "tree": "bf78c6d96393ab9e97830d21892574d55733feb7", "parents": [ "a695dfbbfa104b67ff686c67d81e092f32902d3d", "b72d791a367e0162af1e6dc26617dbc629a6524f" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Fri Aug 15 01:43:45 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Fri Aug 15 01:43:45 2025 -0700" }, "message": "external/boringssl: Sync to 17b60f1f5a39d222112fc0ecc2baf8f72f664e92. am: b72d791a36\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/35058649\n\nChange-Id: I112aa59696ba4f9250a41ab4dc35b13bf08f81f4\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "b72d791a367e0162af1e6dc26617dbc629a6524f", "tree": "bf78c6d96393ab9e97830d21892574d55733feb7", "parents": [ "87ef5e058e4cbdce1d55583346b1efe67094c311" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Wed Aug 13 07:00:59 2025 -0700" }, "committer": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Wed Aug 13 07:00:59 2025 -0700" }, "message": "external/boringssl: Sync to 17b60f1f5a39d222112fc0ecc2baf8f72f664e92.\n\nThis includes the following changes:\n\nhttps://boringssl.googlesource.com/boringssl/+log/de186e49bf6492e982fd2b910c75880209528dcd..17b60f1f5a39d222112fc0ecc2baf8f72f664e92\n\n* Update releasing docs slightly\n* Implement MLKEM1024 for TLS\n* delocate: support 4-bit tweak immediates for AArch64.\n* Add a discussion about callbacks to API Conventions\n* Don\u0027t run CTR-DRBG in Kyber tests.\n* Link to ACVP results for 20250728.\n* Bump Bazel deps and version for BCR\n* Expand BCM abbreviation in the FIPS.md documentation\n* Add IWYU export in nid.h file generated by objects.go\n* Fix documentation typo\n* Revert Rust config for 32-bit Linux CI/CQ bots\n* Run Rust recipe steps on Mac CI/CQ builders and 32-bit Linux\n* Run Rust recipe steps on \"win64_rel\" builder\n* Make Windows Rust try builder use a Release build\n* Add a default-off win64_rust try builder for testing\n* Run Rust recipe steps on \"linux\" builder\n* Fix FIPS version number comment.\n* Add AES-CCM to test_fips.cc.\n* Add AES-KW(P) to test_fips.cc\n* Remove DES from test_fips.cc\n* Fix typo in header comments\n* Make checkout_rust in util/bot/DEPS also run hooks for clang\n\nTest: treehugger\nChange-Id: I48404ff6bfab99af9eb8571fc001bc128221ef94\n" }, { "commit": "a695dfbbfa104b67ff686c67d81e092f32902d3d", "tree": "d6a2ff2dbb18012b68bad191fdcb3d8e1635bc3c", "parents": [ "2add0bbb0d78d1246811b208d0490ca1d5170bcb", "87ef5e058e4cbdce1d55583346b1efe67094c311" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Wed Aug 13 03:45:59 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Wed Aug 13 03:45:59 2025 -0700" }, "message": "Revert^2 \"external/boringssl: Sync to de186e49bf6492e982fd2b910c75880209528dcd.\" am: 87ef5e058e\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/35037605\n\nChange-Id: Id58ce23780d4706718328f860cb78e3ea9b9aa7c\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "87ef5e058e4cbdce1d55583346b1efe67094c311", "tree": "d6a2ff2dbb18012b68bad191fdcb3d8e1635bc3c", "parents": [ "de022b8856db01d0799c3375ef602c8fa8cbb601" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Tue Aug 12 08:08:01 2025 -0700" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Tue Aug 12 08:08:01 2025 -0700" }, "message": "Revert^2 \"external/boringssl: Sync to de186e49bf6492e982fd2b910c75880209528dcd.\"\n\nThis reverts commit de022b8856db01d0799c3375ef602c8fa8cbb601.\n\nReason for revert: failing tests were fixed in b/434905469\n\nChange-Id: Iffdd5eb096133c819f47ade033cae884f1081c98\n" }, { "commit": "2add0bbb0d78d1246811b208d0490ca1d5170bcb", "tree": "d61c1aae1ab4ba4769759f073cecd9e6e828a752", "parents": [ "8e640e5996e807a790991ba05010881c75b879a3", "de022b8856db01d0799c3375ef602c8fa8cbb601" ], "author": { "name": "Priyanka Advani (xWF)", "email": "padvani@google.com", "time": "Mon Jul 28 12:40:51 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Mon Jul 28 12:40:51 2025 -0700" }, "message": "Revert \"external/boringssl: Sync to de186e49bf6492e982fd2b910c75880209528dcd.\" am: de022b8856\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/34815605\n\nChange-Id: Ib26e23820e1422ad6e50febe6b70aeae98f05109\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "de022b8856db01d0799c3375ef602c8fa8cbb601", "tree": "d61c1aae1ab4ba4769759f073cecd9e6e828a752", "parents": [ "bfc2aea97a9a5b69eca2ba900706f15a770cac56" ], "author": { "name": "Priyanka Advani (xWF)", "email": "padvani@google.com", "time": "Mon Jul 28 11:18:36 2025 -0700" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Mon Jul 28 11:18:36 2025 -0700" }, "message": "Revert \"external/boringssl: Sync to de186e49bf6492e982fd2b910c75880209528dcd.\"\n\nThis reverts commit bfc2aea97a9a5b69eca2ba900706f15a770cac56.\n\nReason for revert: Droidmonitor created revert due to b/434718345. Will be verifying through ABTD before submission.\n\nFix: 434718345\nChange-Id: I0a569f146122fa9261df6fe2acefb834bd59a09c\n" }, { "commit": "8e640e5996e807a790991ba05010881c75b879a3", "tree": "d6a2ff2dbb18012b68bad191fdcb3d8e1635bc3c", "parents": [ "3c72ea82775f539b27eaa1e0055bfbbe24ec8bd1", "bfc2aea97a9a5b69eca2ba900706f15a770cac56" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Mon Jul 28 07:36:06 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Mon Jul 28 07:36:06 2025 -0700" }, "message": "external/boringssl: Sync to de186e49bf6492e982fd2b910c75880209528dcd. am: bfc2aea97a\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/34810740\n\nChange-Id: I578fc0065541b4f5fccf7bf72fdddf08a3ae20b0\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "bfc2aea97a9a5b69eca2ba900706f15a770cac56", "tree": "d6a2ff2dbb18012b68bad191fdcb3d8e1635bc3c", "parents": [ "13f05808d3292d734e00e6590a5d7ac7d3487da6" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Mon Jul 28 05:24:59 2025 -0700" }, "committer": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Mon Jul 28 05:24:59 2025 -0700" }, "message": "external/boringssl: Sync to de186e49bf6492e982fd2b910c75880209528dcd.\n\nThis includes the following changes:\n\nhttps://boringssl.googlesource.com/boringssl/+log/db421c2d800f6d2e164366af6a28bc52b2dafbf7..de186e49bf6492e982fd2b910c75880209528dcd\n\n* Work around a Rust problem tripped by working around a Rust problem, which in turn was tripped by working around a Rust problem\n* rust: Gate new lint on Rust version\n* Revert \"Add a try builder to run boringssl presubmits\"\n* Add a try builder to run boringssl presubmits\n* Add PRESUBMIT.py for infra/config\n* Specify ACL for CQ new patchset runs\n* rust: add includable CQ builder for testing\n* Add a comment about ct and gcc builtins\n* Pull in Rust toolchain via util/bot/DEPS\n* Add a Rust workspace\n* Add X-Wing KEM option for HPKE.\n* rust: Suppress unnecessary_transmutes warnings in bssl-sys\n* Update .gitignore to check in Cargo.lock files\n* [clang-tidy] First stab at making clang-tidy bot work\n* Fix some tabs in build.json\n* Fix some more IWYU issues\n* Keep SHA-1 in crypto.h\n* Fix Rust build\n* Add sha2.h\n* Add ML-DSA-44\n* Rename bn_mul_mont to bn_mul_mont_words\n* Remove Lw and Hw macros from BN internals\n* bssl-crypto: Test that we don\u0027t accidentally accept RSA-PSS keys\n* Test that libssl rejects id-RSASSA-PSS certificates\n* runner: write a new test certificate library\n* Drop the RSA, DSA, and DH DoS limits to 8,192 bits\nUpdate-Note: This lowers our maximum key sizes:\n- The maximum RSA modulus size is now 8,192 bits, down from 16,384 bits\n- The maximum DSA p is now 8,192 bits, down from 10,000 bits\n- The maximum DH p is now 8,192 bits, down from 10,000 bits\n* Make BN_MONT_CTX opaque\nUpdate-Note: Matching OpenSSL, BN_MONT_CTX\u0027s internals are no longer\npublicly accessible.\n* Shave 8 bytes off BN_MONT_CTX in 64-bit\n* Inline a small single-use variable\n* Supress the run_tests target when we\u0027re a subdirectory\n* Don\u0027t look for libunwind when BUILD_TESTING is off\n* Update tools and prep for 0.20250701.0\n\nTest: treehugger\nChange-Id: Ic199b474386bcdd446fbd369f866a0e1e34a80b1\n" }, { "commit": "3c72ea82775f539b27eaa1e0055bfbbe24ec8bd1", "tree": "d61c1aae1ab4ba4769759f073cecd9e6e828a752", "parents": [ "87c9e83c01caa8e227444e007245006f21e99d35", "13f05808d3292d734e00e6590a5d7ac7d3487da6" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Tue Jul 01 08:34:01 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Tue Jul 01 08:34:01 2025 -0700" }, "message": "external/boringssl: Sync to db421c2d800f6d2e164366af6a28bc52b2dafbf7. am: 13f05808d3\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/34303877\n\nChange-Id: Ia1a4a4785e52802d8c86c313fd633e036f92c43d\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "13f05808d3292d734e00e6590a5d7ac7d3487da6", "tree": "d61c1aae1ab4ba4769759f073cecd9e6e828a752", "parents": [ "5c61bb307b846e59c21331a169fd109b0b4b31bc" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Tue Jul 01 05:59:52 2025 -0700" }, "committer": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Tue Jul 01 05:59:52 2025 -0700" }, "message": "external/boringssl: Sync to db421c2d800f6d2e164366af6a28bc52b2dafbf7.\n\nThis includes the following changes:\n\nhttps://boringssl.googlesource.com/boringssl/+log/5622da92e1e7bacb5d0785ff5650a5a23b143b84..db421c2d800f6d2e164366af6a28bc52b2dafbf7\n\n* More clearly suggest passing NULL for EC and EC_KEY APIs\n* Add EVP_PKEY_get_ec_curve_nid and EVP_PKEY_get_ec_point_conv_form\n* Remove the SHA-1 default for PSS with EVP_PKEY\nUpdate-Note: PSS with the EVP APIs will no longer work without an\nexplicit choice of hash function. Previously the default was SHA-1, a\nbroken hash algorithm. Callers can restore the use of SHA-1 with\nEVP_PKEY_CTX_set_signature_md.\n* Document the default use of SHA-1 with OAEP\n* Change the RSA-PSS salt length default to RSA_PSS_SALTLEN_DIGEST\nUpdate-Note: Signing RSA-PSS with the EVP APIs will now default to a\nsalt length of RSA_PSS_SALTLEN_DIGEST (-1) instead of\nRSA_PSS_SALTLEN_AUTO (-2). Applications that use\nEVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) without calling\nEVP_PKEY_CTX_set_rsa_pss_saltlen will see slightly different behavior.\nCall EVP_PKEY_CTX_set_rsa_pss_saltlen(RSA_PSS_SALTLEN_AUTO) to restore\nthe old behavior.\n* Import Bedrock code for P-256 point double, add\n* Use CRYPTO_load_* and CRYPTO_store_* in ML-DSA\n* runner: Remove Leaf field from Credential\n* Test more EVP_PKEY_CTX_copy cases\n* Use C++ destructors for RSA_PKEY_CTX\n* Remove tbuf from RSA_PKEY_CTX\n* Avoid making assumptions about RSA_PSS_* constants\n* use intrinsics for adc/sbb on MSVC\n* fix p256_64_msvc.h\n* Don\u0027t suppress CMAKE_(C,CXX)_FLAGS in MSVC builds\nUpdate-Note: MSVC builds that pass CMAKE_(C,CXX)_FLAGS will start to\nactually honor those flags. That it didn\u0027t work before was a long,\nlong-standing bug.\n* Document versions undergoing CAVP testing\n* runner: silence some confusing errors when tests fail\n* Test server_name acknowledgement\n* Document that EVP_PKEY_CTX_set_rsa_keygen_pubexp takes ownership\n* Add constants for special PSS salt length values\n* bedrock2 platform, tests, 64-bit p256_coord_sub\n\nTest: treehugger\nChange-Id: Iade56cd4f786f0889accb8ef710f7203a5daa21e\n" }, { "commit": "87c9e83c01caa8e227444e007245006f21e99d35", "tree": "bd8e3a1a96c78e9b8a01403637866b0a62555c68", "parents": [ "d473b23f68a76dfb6d284b7987134d432ec4e121", "ad639f50f609b4ec6f02d7573e2f46fc5a31aae7" ], "author": { "name": "Ram Muthiah", "email": "rammuthiah@google.com", "time": "Mon Jun 30 04:46:10 2025 -0700" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Mon Jun 30 04:46:10 2025 -0700" }, "message": "Merge \"Merge \u0027aosp/android16-release\u0027 into \u0027aosp/main-kernel\u0027\" into main-kernel" }, { "commit": "d473b23f68a76dfb6d284b7987134d432ec4e121", "tree": "bd8e3a1a96c78e9b8a01403637866b0a62555c68", "parents": [ "cea753220185fc7e36e78b5033533039ae639977", "5c61bb307b846e59c21331a169fd109b0b4b31bc" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Mon Jun 30 02:24:34 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Mon Jun 30 02:24:34 2025 -0700" }, "message": "Revert \"Revert \"external/boringssl: Sync to 5622da92e1e7bacb5d07...\" am: 5c61bb307b\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/34088439\n\nChange-Id: I372e0273d58a82d39b800b07aa8f15547c23a319\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "ad639f50f609b4ec6f02d7573e2f46fc5a31aae7", "tree": "e0c3df9ba0d3023b3791bdb6cfd360910835a3d7", "parents": [ "cea753220185fc7e36e78b5033533039ae639977", "ecc1358826150d6a1851c517c325b0e6c0e1b8be" ], "author": { "name": "Giuliano Procida", "email": "gprocida@google.com", "time": "Fri Jun 27 14:22:48 2025 +0100" }, "committer": { "name": "Giuliano Procida", "email": "gprocida@google.com", "time": "Fri Jun 27 14:22:49 2025 +0100" }, "message": "Merge \u0027aosp/android16-release\u0027 into \u0027aosp/main-kernel\u0027\n\n* aosp/android16-release:\n Disable full BoringSSL Self Test at boot.\n\nBug: 425899940\nChange-Id: I507e444240386b73938591daef59e2f8a135455b\nSigned-off-by: Giuliano Procida \u003cgprocida@google.com\u003e\n" }, { "commit": "5c61bb307b846e59c21331a169fd109b0b4b31bc", "tree": "bd8e3a1a96c78e9b8a01403637866b0a62555c68", "parents": [ "b8b0762f5377b86f6f7ddd6b80541666fdfe33f9" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Mon Jun 16 07:01:53 2025 -0700" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Mon Jun 16 07:01:53 2025 -0700" }, "message": "Revert \"Revert \"external/boringssl: Sync to 5622da92e1e7bacb5d07...\"\n\nRevert submission 34015820-revert-33964996-boring 5622da92e1e7bacb5d0785ff5650a5a23b143b84-OSZEVIJMYF\n\nReason for revert: resubmission with fixes\n\nReverted changes: /q/submissionid:34015820-revert-33964996-boring+5622da92e1e7bacb5d0785ff5650a5a23b143b84-OSZEVIJMYF\n\nChange-Id: Iea28eb2e1ae4bb32d989f17110c9c3b2298869d0\n" }, { "commit": "cea753220185fc7e36e78b5033533039ae639977", "tree": "e0c3df9ba0d3023b3791bdb6cfd360910835a3d7", "parents": [ "351f845ff5cf4b38b68e165e9f95e0d599b6b9c5", "b8b0762f5377b86f6f7ddd6b80541666fdfe33f9" ], "author": { "name": "Priyanka Advani (xWF)", "email": "padvani@google.com", "time": "Wed Jun 11 16:18:25 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Wed Jun 11 16:18:25 2025 -0700" }, "message": "Revert \"external/boringssl: Sync to 5622da92e1e7bacb5d0785ff5650...\" am: b8b0762f53\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/34015818\n\nChange-Id: Ic9c274b491ddd1eaea475b0444e8448e9bab83fe\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "b8b0762f5377b86f6f7ddd6b80541666fdfe33f9", "tree": "e0c3df9ba0d3023b3791bdb6cfd360910835a3d7", "parents": [ "8c5519a7cea3cff2b9b58075dee48ea08f35b082" ], "author": { "name": "Priyanka Advani (xWF)", "email": "padvani@google.com", "time": "Wed Jun 11 13:15:45 2025 -0700" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Wed Jun 11 13:15:45 2025 -0700" }, "message": "Revert \"external/boringssl: Sync to 5622da92e1e7bacb5d0785ff5650...\"\n\nRevert submission 33964996-boring 5622da92e1e7bacb5d0785ff5650a5a23b143b84\n\nReason for revert: Droidmonitor created revert due to b/424048730. Will be verifying through ABTD before submission.\n\nFix: 424048730\n\nReverted changes: /q/submissionid:33964996-boring+5622da92e1e7bacb5d0785ff5650a5a23b143b84\n\nChange-Id: I735315b2ad994264e51b134f3e8d7ba95f3631c0\n" }, { "commit": "351f845ff5cf4b38b68e165e9f95e0d599b6b9c5", "tree": "bd8e3a1a96c78e9b8a01403637866b0a62555c68", "parents": [ "b9cc0b2a39459135aefa88649ab87fac3c21ef7d", "8c5519a7cea3cff2b9b58075dee48ea08f35b082" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Tue Jun 10 13:05:13 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Tue Jun 10 13:05:13 2025 -0700" }, "message": "external/boringssl: Sync to 5622da92e1e7bacb5d0785ff5650a5a23b143b84. am: 8c5519a7ce\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/33931218\n\nChange-Id: Ic59bad11c723ce76c5dfb3277faf7602a778116f\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "8c5519a7cea3cff2b9b58075dee48ea08f35b082", "tree": "bd8e3a1a96c78e9b8a01403637866b0a62555c68", "parents": [ "8cc225787a332ca0632bf1a066f45125c4dc93eb" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Mon Jun 09 12:52:33 2025 +0000" }, "committer": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Mon Jun 09 12:52:36 2025 +0000" }, "message": "external/boringssl: Sync to 5622da92e1e7bacb5d0785ff5650a5a23b143b84.\n\nThis includes the following changes:\n\nhttps://boringssl.googlesource.com/boringssl/+log/be17ebd7c19cd9f60ff684a953329a25a531a688..5622da92e1e7bacb5d0785ff5650a5a23b143b84\n\n* Pack SHA-512 and BLAKE2b a little more tightly.\n* Make EVP_MD_CTX hold the hash state inline.\n* Add a stub implementation of SSL_CTX_get_security_level\n* Fix link to FedRAMP policy.\n* Add link to 2023 FIPS certificate\n* Add a couple more missing includes\n* Don\u0027t pass `parent` or `ad` to CRYPTO_EX_free\nUpdate-Note: CRYPTO_EX_free is no longer passed the parent object. We do\nnot expect any callers to be impacted. Callers that were impacted\nprobably had some object lifetime bug already.\n* Address some minor things from the MLDSA mu support.\n* Add an external mu variant of the ML-DSA API (65 and 87 variants).\n* Make CRYPTO_EX_DATA opaque\n* Move CRYPTO_refcount_t into internal headers\n* Remove unused bputs hook\n* Make BIO and BIO_METHOD opaque\nUpdate-Note: Callers should switch to public APIs.\n* Update defaults for PKCS12_create\nUpdate-Note: The defaults for PKCS#12 are changed as above. They match\nupstream OpenSSL, so any systems compatible with OpenSSL will already be\ncompatible with this. The old defaults are still available by passing\nthem explicitly to PKCS12_create.\n* Note a couple of typoed struct names that we\u0027ll leave alone.\n* xwing: tweaks and cleanups.\n* Update references to RFC 2898\n* add a test for -fno-strict-aliasing\n\nTest: treehugger\nChange-Id: Ie03e63f8c51b978c3442db804bedaac2a3ae7261\n" }, { "commit": "b9cc0b2a39459135aefa88649ab87fac3c21ef7d", "tree": "e0c3df9ba0d3023b3791bdb6cfd360910835a3d7", "parents": [ "e55d258ece08fee65442ec0a8a03021d439717b6", "8cc225787a332ca0632bf1a066f45125c4dc93eb" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Thu May 22 02:15:48 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Thu May 22 02:15:48 2025 -0700" }, "message": "external/boringssl: Sync to be17ebd7c19cd9f60ff684a953329a25a531a688. am: 8cc225787a\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/33668588\n\nChange-Id: I4617afbf73b3efea70baf45fc991b8208712c721\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "8cc225787a332ca0632bf1a066f45125c4dc93eb", "tree": "e0c3df9ba0d3023b3791bdb6cfd360910835a3d7", "parents": [ "74a3761afab640301dacd1e414dbe49f458ad654" ], "author": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Wed May 21 15:48:18 2025 +0000" }, "committer": { "name": "Miguel Aranda", "email": "miguelaranda@google.com", "time": "Wed May 21 15:48:27 2025 +0000" }, "message": "external/boringssl: Sync to be17ebd7c19cd9f60ff684a953329a25a531a688.\n\nThis includes the following changes:\n\nhttps://boringssl.googlesource.com/boringssl/+log/85145fdc914b4c01b9bb16a9253067958e327283..be17ebd7c19cd9f60ff684a953329a25a531a688\n\n* Fix some more IWYU issues\n* Replace OPENSSL_ia32cap env test with a unit test\n* Update googletest\n* Remove empty messages in static_assert\n* Remove P-224 from TLS\nUpdate-Note: Attempting to configure P-224 in TLS will now fail. This\ndoes not impact P-224 as a general cryptographic primitive. Note that\nthis was off by default, so unless your project was explicitly enabling\nthis, this will not impact you.\n* Fix OPENSSL_ia32cap parsing.\n* Remove the need for scratch space when squaring\n* Fix some theoretical missing earlyclobber markers in inline assembly\n* Introduce an opaque in-memory object to manage xwing private keys.\n* Implement the X-Wing KEM as drafted in https://datatracker.ietf.org/doc/html/draft-connolly-cfrg-xwing-kem-07.\n* Suppress -Wcast-qual in STACK_OF implementation\n* Unexport \u003copenssl/service_indicator.h\u003e\n* Add missing newlines and section headers to sha.h\n* Update most deps and bump version\n* Increase default salt length from 8 to 16 bytes in PKCS#8 and PKCS#12\nUpdate-Note: PKCS8_encrypt and PKCS8_marshal_encrypted_private_key\nwill now, if no salt length is specified, default to a salt length of\n16 bytes. PKCS12_create will use a salt length of 16 bytes for both\nencryption and the MAC.\n* Tidy up some comments and #defines around salt lengths\n* Expose ML-DSA-87 in the public headers.\n* Fix EVP verify documentation.\n* Send only usable trust anchor IDs in EncryptedExtensions\n* Add CBB_discard\n* Document that \"add1\" is like \"set1\"\n* Remove ext_dat.h\n* Remove v3_ocsp_accresp\n* Don\u0027t stack-allocate incomplete X509/X509_CRL objects\n* Also add BIO_meth_get_write and BIO_meth_get_read\n* Reapply \"Remove Karatsuba multiplication in BIGNUM\"\n* Test non-NEON codepaths with a OPENSSL_NO_STATIC_NEON_FOR_TESTING\n* Simplify the implementation of OPENSSL_STATIC_ARMCAP\n* Use C++ destructors a little more\n* Clean up ssl_file.cc\n* Remove some dead code from SSL_CTX_use_certificate_chain_file\n* Write some tests for ssl_file.cc\n* Remove --no_auth from download_from_google_storage hooks\n* Rewrite crypto_md32_* with templates instead of function pointers\n* Convert EC_KEY_derive_from_secret to scopers\n* Add various missing includes\n* delocate: Support more aarch64 load instructions with :lo12:\n* Remove STACK_OF(CRYPTO_EX_DATA_FUNCS)\n* Remove STACK_OF(BIGNUM) from BN_CTX\nUpdate-Note: With something in libcrypto using crypto/mem_internal.h, we\nnow depend on quite a bit more of an STL in libcrypto. But we already\ndepended on \u003cmemory\u003e for std::unique_ptr before.\n* Don\u0027t define N in hrss/internal.h\n* Add front(), back(), and pop_back() to internal containers\n* Move most of libssl\u0027s C++ utilities to libcrypto\n* Disable CFI in FIPS module\n* Expose P1363-based ECDSA sign/verify functions\n* Use max_cert_list for TLSv1.3 NewSessionTicket\n\nTest: treehugger\nChange-Id: I28b6417740c7ae0c585714daf17b4ab280525497\n" }, { "commit": "e55d258ece08fee65442ec0a8a03021d439717b6", "tree": "2ee2588858701f64eb7a1343ea5a3b1590678f9d", "parents": [ "4a90c139b7c1e36fc5fb7f69efc2630e28a37bd3" ], "author": { "name": "Dmitrii Merkurev", "email": "dimorinny@google.com", "time": "Mon May 19 08:45:39 2025 -0700" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Mon May 19 08:45:39 2025 -0700" }, "message": "Revert^2 \"Rewrite crypto_md32_* with templates instead of function pointers\"\n\nThis reverts commit 4a90c139b7c1e36fc5fb7f69efc2630e28a37bd3.\n\nReason for revert: fixed on GBL side\n\nBug: 417709095\nBug: 417685487\nChange-Id: I9f9f08abd0d8e7f7148cbb3166215a9ee9a19e7d\n" }, { "commit": "4a90c139b7c1e36fc5fb7f69efc2630e28a37bd3", "tree": "4ff7a6269b86735fb906cc07abb9c2017f3ee0a9", "parents": [ "f94a40e8ffa9f3591499d8033c2411813fe61f64" ], "author": { "name": "Ram Muthiah", "email": "rammuthiah@google.com", "time": "Wed May 14 17:17:46 2025 +0100" }, "committer": { "name": "Ram Muthiah", "email": "rammuthiah@google.com", "time": "Wed May 14 09:29:43 2025 -0700" }, "message": "Revert \"Rewrite crypto_md32_* with templates instead of function pointers\"\n\nThis reverts commit 74a3761afab640301dacd1e414dbe49f458ad654.\nThis breaks GBL\u0027s build - reverting.\n\nBug: 417709095\nBug: 417685487\nTest: Treehugger\nChange-Id: Ib8dfd615c86ff43a7164b4a4c1cf1fb5985cecee\n" }, { "commit": "f94a40e8ffa9f3591499d8033c2411813fe61f64", "tree": "2ee2588858701f64eb7a1343ea5a3b1590678f9d", "parents": [ "b1c91de530fd3dea963f6a610db9bd6099d957cd", "74a3761afab640301dacd1e414dbe49f458ad654" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Wed May 14 04:07:08 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Wed May 14 04:07:08 2025 -0700" }, "message": "Rewrite crypto_md32_* with templates instead of function pointers am: 74a3761afa\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/33534774\n\nChange-Id: I79491ab07ef66c22ee0b8289adb47b40be5c5d50\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "74a3761afab640301dacd1e414dbe49f458ad654", "tree": "2ee2588858701f64eb7a1343ea5a3b1590678f9d", "parents": [ "9801a7b9eff1aa191d5fe5418fbc7b43006d1e10" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Wed Apr 30 19:44:56 2025 -0400" }, "committer": { "name": "Sorin Basca", "email": "sorinbasca@google.com", "time": "Wed May 14 09:55:31 2025 +0100" }, "message": "Rewrite crypto_md32_* with templates instead of function pointers\n\nSpeculative improvement for b/413675390, but there is insufficient\ninformation in the bug to really be sure, and benchmarking does not seem\nto give consistent results.\n\nIt seems that crypto_md32_* are not getting inlined when being built\nwith the NDK, which means we\u0027re not specializing by block size and we\u0027re\ncalling the block data functions indirectly. It\u0027s unclear what changed\nhere, as this code has been the same for a while. The root cause might\nhave been a compiler change.\n\nEither way, switching to templates avoids tempting the compiler into\ndoing this, without the mess of macros that we had a while ago.\nInspecting the assembly, this seems to fix the codegen, but benchmarking\nperformance on my test device is very inconsistent.\n\nCherry-picked from https://github.com/google/boringssl/commit/e88e5069694dd6da6398dab7f020d6c271c3022f\n\nBug: 408091685\nTest: Manual run with Antutu-UX-Data Security\nChange-Id: Ib7c1e97d4d7a3e3b82a8cc5f0418b8b1100c330d\n" }, { "commit": "b1c91de530fd3dea963f6a610db9bd6099d957cd", "tree": "4ff7a6269b86735fb906cc07abb9c2017f3ee0a9", "parents": [ "ceeccdd3dd978674cd20af9a6355e824e03199b1", "9801a7b9eff1aa191d5fe5418fbc7b43006d1e10" ], "author": { "name": "Daniel Verkamp", "email": "dverkamp@google.com", "time": "Fri Apr 25 03:11:00 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Fri Apr 25 03:11:00 2025 -0700" }, "message": "external/boringssl: Sync to 85145fdc914b4c01b9bb16a9253067958e327283. am: 9801a7b9ef\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/33215329\n\nChange-Id: I7596092eba03830de040015a9a6eb2fe10b1138a\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "9801a7b9eff1aa191d5fe5418fbc7b43006d1e10", "tree": "4ff7a6269b86735fb906cc07abb9c2017f3ee0a9", "parents": [ "dadf8eee8746ce362e4670b9b8a2959cc3cb1fa6" ], "author": { "name": "Daniel Verkamp", "email": "dverkamp@google.com", "time": "Wed Apr 23 14:40:09 2025 -0700" }, "committer": { "name": "Daniel Verkamp", "email": "dverkamp@google.com", "time": "Wed Apr 23 14:40:09 2025 -0700" }, "message": "external/boringssl: Sync to 85145fdc914b4c01b9bb16a9253067958e327283.\n\nThis includes the following changes:\n\nhttps://boringssl.googlesource.com/boringssl/+log/23018360710de333b3343e63cbb3bd2dceb3287d..85145fdc914b4c01b9bb16a9253067958e327283\n\n* Replace sscanf() with strtoull() in OPENSSL_ia32cap parser\n* Fix urandom_test includes so it is not a no-op\n* Make bssl_shim and fuzzer BIOs use the public APIs\n* Make LHASH a completely internal type\nUpdate-Note: Calling code which references LHASH_OF(T) will no longer\ncompile. We have had no public APIs that allow a caller to usefully\nconstruct an LHASH_OF(T) for some time, so this only ever came up in odd\ncases around bindings APIs.\n* Put BIO_clear_flags with the other flags functions\n* Add BIO_meth_set_callback_ctrl\n* Implement BIO_meth_get_*\n* Align bio_info_cb with upstream OpenSSL\n* Fix BIO_eof for BIO pairs\n* Tidy up the BIO_ctrl implementations\n* Add missing asserts to SSL_get_(min|max)_proto_version\n* Add CBB_add_asn1_element convenience function\n* Some more IWYU fixes\n* Fix rust build breakge, unable to find cmake artifacts\n* Avoid redefining constants introduced in glibc 2.41.\n* IWYU in cms_test.cc\n* Fix v2i_AUTHORITY_INFO_ACCESS\n* Remove dependencies in the library on der::Input(std::string_view)\n* Switch a bit more of libcrypto to scopers\n* [acvptool] Fetch and upload arbitrary algortihms\n* Flatten a few more inner CMake files\n* Honor the BUILD_TESTING option\n* Stop copying targets into subdirectory in the CMake build\nUpdate-Note: BoringSSL\u0027s build no longer places an extra copy of\nlibcrypto.a in crypto/libcrypto.a, etc. Outputs should be picked up from\nthe build root directly.\n* Update ACVP tests in light of 99bd1df99b\n* I have been laid off from Google.\n* Convert more things to scopers\n* Pull BN_mod_pow2 and BN_nnmod_pow2 out of BCM\n* Pull BN_sqrt out of BCM\n* Convert most of BN to scopers\n* Bump version for BCR\n\nTest: treehugger\nChange-Id: I5d3d52fed494e5de5f184c1c35ca788e1a60b829\n" }, { "commit": "ceeccdd3dd978674cd20af9a6355e824e03199b1", "tree": "aef83c4728bb2c6b872f9f9a3e03959ff0792d8c", "parents": [ "d854a887a27c524c92eb5c1f99d6456d2a993bdc", "dadf8eee8746ce362e4670b9b8a2959cc3cb1fa6" ], "author": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Wed Apr 16 05:30:35 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Wed Apr 16 05:30:35 2025 -0700" }, "message": "external/boringssl: Sync to 23018360710de333b3343e63cbb3bd2dceb3287d. am: dadf8eee87\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/33094180\n\nChange-Id: I7a3f2cfee18fdaffafb94f9c0be1dc1f9c2549b8\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "d854a887a27c524c92eb5c1f99d6456d2a993bdc", "tree": "432f59eeb0cf0515c9d2255798c9a92026a41249", "parents": [ "43de85bd01ac5e7c5078fdd7eadb064d4367bd72", "42225cb8c534920e791d038aa1f67e345d7e4987" ], "author": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Wed Apr 16 04:42:49 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Wed Apr 16 04:42:49 2025 -0700" }, "message": "Rename UPDATING script. am: 42225cb8c5\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/33094179\n\nChange-Id: Icd3fbb80b737e3753b48f5b2ea8effcb57a1d552\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "dadf8eee8746ce362e4670b9b8a2959cc3cb1fa6", "tree": "aef83c4728bb2c6b872f9f9a3e03959ff0792d8c", "parents": [ "42225cb8c534920e791d038aa1f67e345d7e4987" ], "author": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Wed Apr 16 10:38:17 2025 +0100" }, "committer": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Wed Apr 16 03:04:27 2025 -0700" }, "message": "external/boringssl: Sync to 23018360710de333b3343e63cbb3bd2dceb3287d.\n\nThis includes the following changes:\n\nhttps://boringssl.googlesource.com/boringssl/+log/ef839bf397fb4ecdb66ef2679a08ac7b3563c50b..23018360710de333b3343e63cbb3bd2dceb3287d\n\n* Tidy TLS 1.2 cipher selection.\n* Put all VS runtime dirs in PATH\n* Update tools, etc\n* Switch to the CIPD Windows SDK package\n* Implement functions to generate CMS external signatures\n* Move most PKCS #7 test data to files\n* Add CBB_flush_asn1_set_of calls to pkcs7_add_signed_data\n* Add EVP_marshal_digest_algorithm_no_params\n* Add some CBB-based functions for crypto/x509 and crypto/asn1 types\n* Shave 8 bytes off EVP_AEAD_CTX\n* Fix backward check in crl_crldp_check\n* Remove OPENSSL_CAN_USE_ATTR_FALLTHROUGH\n* Remove EVP_MD_FLAG_PKEY_DIGEST\nUpdate-Note: This flag is never set in BoringSSL, never checked by\nexternal code, and hasn\u0027t even been defined in OpenSSL since 2015.\n* Remove MAC truncation from FIPS interface.\n* Remove B_ASN1_UNKNOWN\nUpdate-Note: B_ASN1_UNKNOWN is removed. Code search says nothing\nexternal was using it, which makes sense because there was nothing\nuseful callers could do with it.\n* Support ANY attribute values in X509_NAME\nUpdate-Note: X.509 name attributes may now be any ASN.1 type, matching\nthe spec.\n* Remove ASN1_PRINTABLE\nUpdate-Note: This removes the rather broken ASN1_PRINTABLE type. Note\nthis has no connection to PrintableString ASN.1 types. Those remain\nsupported. Code search suggests nothing uses ASN1_PRINTABLE.\n\nBug: 316589225\nTest: treehugger\nChange-Id: Idd3eacf72a2c3f5fcf64ed8d11402903593cd749\n" }, { "commit": "42225cb8c534920e791d038aa1f67e345d7e4987", "tree": "432f59eeb0cf0515c9d2255798c9a92026a41249", "parents": [ "323ad3a034c497297ceda83dee8917aa4da61b40" ], "author": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Wed Apr 16 03:04:18 2025 -0700" }, "committer": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Wed Apr 16 03:04:18 2025 -0700" }, "message": "Rename UPDATING script.\n\nThis has been bugging me for years. Historically UPDATING\nwas the instructions for updating a package, not a script\nto do the work.\n\nSo rename the script to a more intuitive update-upstream.sh\nand add an UPDATING.md with instructions.\n\nTest: N/A\nChange-Id: Ibf97018f06e891ea04205de2647dc60d122d90a7\n" }, { "commit": "43de85bd01ac5e7c5078fdd7eadb064d4367bd72", "tree": "27374a70f9ce08ca5a44bbee023ecde87255f8dc", "parents": [ "24bbde9770bc76db76591077f1adbccf52246d83", "323ad3a034c497297ceda83dee8917aa4da61b40" ], "author": { "name": "David Drysdale", "email": "drysdale@google.com", "time": "Fri Apr 11 01:29:18 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Fri Apr 11 01:29:18 2025 -0700" }, "message": "Merge \"Allow Gatekeeper to access bssl-sys\" into main am: 323ad3a034\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/32453981\n\nChange-Id: Iff270ae2ba425d0334ace1775957fe3a411dbcab\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "323ad3a034c497297ceda83dee8917aa4da61b40", "tree": "27374a70f9ce08ca5a44bbee023ecde87255f8dc", "parents": [ "d19541d3c7245521440543a3f8a041962fd973d1", "56ea26d9de9ce1a5b47aacd6a57875b47d7784a3" ], "author": { "name": "David Drysdale", "email": "drysdale@google.com", "time": "Fri Apr 11 01:11:25 2025 -0700" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Fri Apr 11 01:11:25 2025 -0700" }, "message": "Merge \"Allow Gatekeeper to access bssl-sys\" into main" }, { "commit": "24bbde9770bc76db76591077f1adbccf52246d83", "tree": "c45afd6af6f413c3af25354a97201e976363b53a", "parents": [ "56ee55bf05a406bb57e17eccaf9ed530c00aca43", "d19541d3c7245521440543a3f8a041962fd973d1" ], "author": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Tue Apr 08 11:19:43 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Tue Apr 08 11:19:43 2025 -0700" }, "message": "external/boringssl: Sync to ef839bf397fb4ecdb66ef2679a08ac7b3563c50b. am: d19541d3c7\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/32943738\n\nChange-Id: I38ad388326b17f8addd94b2a535bcf5eb73227b5\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "d19541d3c7245521440543a3f8a041962fd973d1", "tree": "c45afd6af6f413c3af25354a97201e976363b53a", "parents": [ "4a756c751f98ad787fdfee93f1f9b63916699f3a" ], "author": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Tue Apr 08 09:32:11 2025 +0100" }, "committer": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Tue Apr 08 09:08:46 2025 -0700" }, "message": "external/boringssl: Sync to ef839bf397fb4ecdb66ef2679a08ac7b3563c50b.\n\nThis includes the following changes:\n\nhttps://boringssl.googlesource.com/boringssl/+log/f0ab91129d1a234dc127335765b794d62dc9ed4d..ef839bf397fb4ecdb66ef2679a08ac7b3563c50b\n\n* Support OCTET STRING attribute values in X509_NAME\nUpdate-Note: X.509 name attributes now may be OCTET STRINGs.\n* Optimize computation of H^2 from H^1 in AES-GCM\n* Do not include asn1_mac.h from rust\n* Default to no target prefix when generating Android build files.\n\nBug: 409165331\nTest: treehugger\nChange-Id: I082a6767d8513fbf0d255e31f5c8313733eef241\n" }, { "commit": "56ee55bf05a406bb57e17eccaf9ed530c00aca43", "tree": "395cd8698e3d851256885cfe8be404bfa84fccd4", "parents": [ "2d3afe05b10d06e57eb7564c9881d8958f51bd89", "4a756c751f98ad787fdfee93f1f9b63916699f3a" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Apr 08 06:06:44 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Tue Apr 08 06:06:44 2025 -0700" }, "message": "Support OCTET STRING attribute values in X509_NAME am: 4a756c751f\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/32944239\n\nChange-Id: I6fc70e8bbc8f68ff41df11982b9c1063e9afeb71\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "4a756c751f98ad787fdfee93f1f9b63916699f3a", "tree": "395cd8698e3d851256885cfe8be404bfa84fccd4", "parents": [ "a7edf2c342729ca75cd4d8ac31222ed36ee43582" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Mon Apr 07 14:27:41 2025 -0400" }, "committer": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Tue Apr 08 11:59:48 2025 +0100" }, "message": "Support OCTET STRING attribute values in X509_NAME\n\nCherry-pick from\nhttps://boringssl-review.googlesource.com/c/boringssl/+/78327/4\nand will be superceded as part of the next BoringSSL rollup\nin http://ag/32943738 but CP-ing separately in order to enable\nfurther cherry-picking to P25 branches.\n\nThis is part of a broader issue with OpenSSL\u0027s goofy ASN1_PRINTABLE type\n(which seems to have no connection to any standard), but this is a\nminimal fix intended for easy cherry-picking.\n\nThis now leaves ASN1_PRINTABLE unused, but for now I\u0027ve forked it into\nan ASN1_ANY_AS_STRING type. It is still very far from an actual ANY, but\nthe intent is to capture AttributeValue\u0027s status as an ANY type, but\nwhich OpenSSL\u0027s API forces us to represent as an ASN1_STRING. (Later\nchanges will make it actually match the name.)\n\nUpdate-Note: X.509 name attributes now may be OCTET STRINGs.\n\nBug: 42290275\nBug: 409165331\nTest: TH\nChange-Id: I1389533595a972bd0b4aa3c1840dc0f15c0fa645\n" }, { "commit": "2d3afe05b10d06e57eb7564c9881d8958f51bd89", "tree": "a6220a9c4c9d70f5faaaebf34eba0227c5bf1388", "parents": [ "ea03886e7d8932bda0d3532dcb2763923db52acd", "a7edf2c342729ca75cd4d8ac31222ed36ee43582" ], "author": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Fri Apr 04 10:09:36 2025 -0700" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Fri Apr 04 10:09:36 2025 -0700" }, "message": "external/boringssl: Sync to f0ab91129d1a234dc127335765b794d62dc9ed4d. am: a7edf2c342\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/external/boringssl/+/32868200\n\nChange-Id: I05e4979df68e0dae8b5033ab43a45a7a54b73126\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" }, { "commit": "a7edf2c342729ca75cd4d8ac31222ed36ee43582", "tree": "a6220a9c4c9d70f5faaaebf34eba0227c5bf1388", "parents": [ "ea03886e7d8932bda0d3532dcb2763923db52acd" ], "author": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Thu Apr 03 14:16:31 2025 +0100" }, "committer": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Fri Apr 04 14:07:50 2025 +0100" }, "message": "external/boringssl: Sync to f0ab91129d1a234dc127335765b794d62dc9ed4d.\n\nUpdate Note: Also brings in the pki/ library code that historically\nwe skipped on Android.\n\nThis includes the following changes:\n\nhttps://boringssl.googlesource.com/boringssl/+log/a0cb538b0d0d08371d3bd5712bbc8d474d28090a..f0ab91129d1a234dc127335765b794d62dc9ed4d\n\n* Mention the license notice for new files in CONTRIBUTING\n* Spell Apache 2.0 correctly in fiat/README.chromium\n* Use Montgomery reduction in DSA verify\n* Use std::sort instead of qsort in libssl\n* Fix comment on bn_div_rem_words and use MSVC instrinsic\n* Change to use ALPS new codepoint as default\n* upprev boringssl/util/bot/perl-win32 dep\n* Make Golint happy\n* Revert \"Remove Karatsuba multiplication in BIGNUM\"\n* Add `hpke::Kem::get_public_key`\n* Add support for C2PA validation modes\n* Add a missing ifdef to CRYPTO_set_fuzzer_mode call\n* Fix comment for SSL_get_write_sequence.\n* Pull SLH-DSA test out of BORINGSSL_self_check()\n* Add APIs to access DTLS record layer state\nUpdate-Note: Callers that need DTLS record layer state should migrate to\nthe new APIs. For now, the old APIs continue to work for DTLS 1.2, but\nonce caller have migrated, we\u0027ll make them TLS-only.\n* draft-kwiatkowski-tls-ecdhe-mlkem-01 is now draft-ietf-tls-ecdhe-mlkem-00\n* Remove MSVC C4702 suppressions in code\n* Remove MSVC warning suppressions around Windows system headers\n* Fix fuzzer build on Windows\n* Refresh fuzzer corpus\n* Simplfy fuzzer build\nUpdate-Note: Downstream fuzzer builds can now be simplified. If the\nfuzzing infrastructure already builds with\nFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, the separate boringssl_fuzz\n(or whatever) target can be removed.\n* Make bcm use internal AES functions\n* Don\u0027t override the clock in BORINGSSL_UNSAFE_DETERMINISTIC_MODE\n* Fix the link order of various dependencies\n* Fix some duplicate #defines\n* Rewrite header guards\n* Remove the avx10_256 entry from BORINGSSL_function_hit\n* Clean up aes-gcm-avx512-x86_64.pl to assume 512-bit vectors\n* Rename avx10 and avx10_512 to avx512\n* delocate: Preserve AVX-512 tokens when rewriting labels\n* Tolerate RCS-MLS custom critical extensions\n* Accept only digital signature key usage for RCS-MLS\n* correct old license on aes.cc\n* Move gcm_gmult_vpclmulqdq_avx10 and add comment\n* Move polyval into asegcmsiv\n* Start extracting AES\n* Make MODULE.bazel and BUILD.bazel buildifier-clean\n* Mark some transitive includes as IWYU export.\n* Remove bn_div_words from bn-586.pl\n* Remove Karatsuba multiplication in BIGNUM\n* Decrease BN_MONTGOMERY_MAX_WORDS to 16384 bits\nUpdate-Note: BN_MONT_CTX now only works for 16834-bit moduli or lower.\nThis has no impact on cryptographic primitives supported by BoringSSL,\nwhich were already capped at that size.\n* Convert a few more things to scopers\n* bn: Change return type of `bn_mul_mont_*` internals to `void`.\n* Correct an incorrect license that was committed recently\n* [fuzz] Replace is_pod\n* Handle nullptr arguments to FIPS key generation functions\n* Move some exponentation functions out of the FIPS module\n* Remove optimized even modulus mod-exp implementation\n* Warn in SSL_export_keying_material API docs that lengths must match\n* Add mode for MLS client auth, with EKU checking\n* Const-correct SSL_export_keying_material\n* Remove unused \"endbranch\" x86-64 encoder\n* Add AES-EAX EVP_AEAD cipher\n* Stop manually encoding a bunch of x86-64 instructions\n* Migrate remaining uses of io/ioutil\n* go mod tidy\n* acvptool: Disable GCS support by default\n* Update deps and tag a version for BCR\n* Replace an old README.chromium file with a plain README.md\n* Implement draft-ietf-tls-cross-sni-resumption\n* Fix missing vzeroupper in poly_Rq_mul()\n* Use vmovdqa to save/restore xmm registers in AES-GCM code on Windows\n* Fix missing vzeroupper in gcm_ghash_vpclmulqdq_avx2() for len\u003d16\n* aes-gcm-avx10-x86_64.pl: use strict mode and sync with avx2 code\n* Update PQ ACVP to reflect NIST\u0027s breaking changes.\n* aes-gcm-avx10-x86_64.pl: fold _ghash_mul_step into _ghash_mul\n* runner: Test export keying material across all protocols\n* runner: Restore error output in the \"unexpected failure\" case\n* Split runner.go into a bunch of different files\n* Fix CBS_get_any_asn1 to match the documentation.\n* runner: add one-to-many error mapping for canonical error checking in BoGo tests\n* delocate: Recognize msl as an ARMConstantTweak\n* Fix a pair of words that swapped were in ssl.h documentation\n* Add a pregenerated sources.mk\n* Gate CLMUL AES-GCM on SSSE3\n* Stop checking the FXSR bit\n* Use scopers in crypto/fipsmodule/ec\n* Add local targets to .set directives in delocate\n* Add Trust Anchors extension\n* Use FIPS functions in modulewrapper where possible.\n* Restore FIPS version check.\n* Add SLH-DSA self tests\n* Compress the CA extension\n* Add ML-DSA self tests.\n* Add ML-KEM self-tests.\n* delocate: remove the need to demangle local variables\n* Add IWYU pragma to obj_mac.h.\n* Retitle the certificate authorities section in ssl.h\n* Iterate on SSL_CREDENTIAL_set_must_match_issuer a bit\n* runner: Simplify certificate_authorities testing\n* Accept either | or ` in doc.go\n* Remove SSL_VERIFY_PEER_IF_NO_OBC\nUpdate-Note: SSL_VERIFY_PEER_IF_NO_OBC is removed. This was used as the\ntransition plan between the long-deprecated TLS Channel ID, and its\neven-longer-deprecated precessor, Origin-Bound Certificates. Callers\nshould have no more reason to use this feature. (See also cl/728350196.)\n* Remove OPENSSL_ia32cap_P and OPENSSL_armcap handling in delocate\n* Add some newlines between distinct setup steps\n* Add --gcs option for uploading test results from GCS\n* Update googletest\n* Add from/to SubjectPublicKeyInfo conversion to ed25519.\n* Clarify bssl-sys build instructions.\n* Support PBES2 schemes in PKCS12_create\n* Fix legacy_version in DTLS 1.3 HelloRetryRequest\n* Remove dependencies between bssl_shim and ssl/internal.h\n* Add a way to prefix Android targets names\n* Shave an easy 16 bytes off SSL_SESSION\n* Avoid running the X.509 auto-chaining logic twice in TLS clients\n* Remove now unnecessary \u003copenssl/arm_arch.h\u003e includes from assembly\n* Revert \"runner: Switch back to filippo.io/mlkem768 for now\"\n* runner: Switch back to filippo.io/mlkem768 for now\n* runner: Include the name of the message we failed to parse\n* runnner: Switch to Go\u0027s crypto/ecdh module\n* Switch to Go standard library functions where available\n* Fix include spelling in spake2plus.cc\n* Revert \"Speed up sha512 on x86\" and update comments\n* Add \".git\" hint to Go module name\n* Bump version for BCR\n* Clarify that sigalg configuration does not impact TLS 1.0/1.1\n* Update dependencies\n* Remove ocsp_revocation_status.h and ocsp_verify_result.h\n* Fix up ClientHello parser errors\nUpdate-Note: The error when the server cannot parse the ClientHello is\nnow a bit more specific. This might be visible to server-specific\nlogging, but will not change what is sent over the wire.\n* Add SSL_parse_client_hello\n* use public header instead of internal for ocsp\n* Make CheckOCSP public api\n* Remove SSL_set_check_client_certificate_type and SSL_set_check_ecdsa_curve\nUpdate-Note: Removed some unused APIs.\nChange-Id: I5fe34e0ebcb30f81281e413017d5a6a968a96a97\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/76127\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Bob Beck \u003cbbe@google.com\u003e\nCommit-Queue: Bob Beck \u003cbbe@google.com\u003e\n* HPKE DHKEM-P256 BoringSSL Rust\n* FIPS.md: update wording to align with FRR7.\n* FIPS.md: add build instructions for the update stream.\n* util/fipstools: KDA OneStepNoCounter mode support\n* util/fipstools: generalize hkdf KDA subprocess\n* Add a missing word to documentation on the upstream stream\n* Add a section on the latest FedRAMP policy to FIPS.md.\n* Add CBS APIs for fetching an implicitly tagged int64/uint64 fields.\n* Delete some unnecessary implicit conversions in pkcs12_test.cc\n* Remove now unnecessary ia32cap_P customizations\n* Restore the __SHA__ compile-time check for Intel SHA Extensions\nUpdate-Note: If SHA starts crashing on illegal instruction, check if you\nare building in a configuration that assumes Intel SHA extensions (e.g.\n-march\u003dgoldmont) and then running on a machine that lacks them. (If\nusing QEMU, update to QEMU 8.2 or later to be able to correctly emulate\na processor with SHA extensions.) If so, let us know, though if you can\nsimply fix your build, that\u0027s simplest.\n* Clean up license-related scripts\n* Switch the license to Apache 2.0, matching OpenSSL upstream\n* Add a tool to switch the license to Apache 2.0, matching OpenSSL\n* Move copyright lines to the top of the file\n* Remove other references to additional licenses\n* License: change any non-boilerplate comment referring to \"OpenSSL license\"\n* Rename chacha20_poly1305_*_nohw to chacha20_poly1305_*_sse41\n* Implement SPAKE2+ and its integration in TLS 1.3\n* Collapse the modes directory into aes\n* util/fipstools: cSHAKE ACVP algorithm support\n* Fix link to Mozilla wiki in comment\n* Add missing error with credential/issuer matching\n* runner: Only require a curve match in TLS 1.3 when doing key shares\n* Test that we reject Certificate or CertificateRequest in resumption\n* runner: implement SecondHelloRetryRequest more straightforwardly\n* runner: Make -expect-selected-credential\u0027s default more convenient\n* Use std::vector\u003cuint8_t\u003e to store base64-decode byte arrays\n* Document EVP_BytesToKey a bit better\n* Bump API version to 34\n* infra: Use main branch exclusively\n* util/fipstools: basic support for KTS-IFC\n* Only the KTS-OAEP-basic scheme is supported.\n* Only the rsakpg1-basic keygen mode is supported.\n* Only the AFT test type is supported (no partialVal function support).\n* Reword the SSL_export_keying_material docs slightly\n* Update references in the repo to use the main branch\n* infra: Support both master and main branches\n* Sync presubmit.yml with what landed in BCR\n* Include the extension in the error in ssl_parse_extensions\n* Remove ASN1_UTCTIME_cmp_time_t\nUpdate-Note: Removed an unused function.\nChange-Id: I23c9f0b41d210f3a44122165331389b30d6ecab0\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75408\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: Bob Beck \u003cbbe@google.com\u003e\nReviewed-by: Bob Beck \u003cbbe@google.com\u003e\n* util/fipstools: update RSA sigGen cmd args docs\n* util/fipstools: support feedback KDF w/ empty IVs\n* Add a function for Conscrypt to use\n* Fix unwrap comment for CBB_init_fixed\n* Document and test PEM_X509_INFO_read_bio\u0027s odd decryption behavior\n* Test some obscure modes of EVP sign/verify with RSA keys\n* Remove some dead code in bssl_shim\n* clang-format bssl_shim.cc\n* Rename foo_extra to foo\n* Add explicit prefetching to the new AES-GCM code\n* Add SPAKE2+.\n* Add ability to upload a directory of vector test results.\n* Bump MODULE.bazel for another snapshot\n* Unfork Chromium\u0027s Clang update script\n* Remove embed_test_data.go\n* Mark fallible container operations as `nodiscard`\n* Start using bssl::UniquePtr in libcrypto\n* Move RSA_blinding_on out of BCM\n* Switch some tests to std::string_view\n* Initialize iqmp during keygen directly\n* Remove a redundant call to freeze_private_key\n* Add tests for TIME functions that accept offsets\n* Use more span patterns for strings vs bytes\n* Remove calls to now unnecessary MakeSpan/MakeConstSpan\n* Remove now unused size hooks from ECDSA_METHOD and RSA_METHOD\n* Remove some RSA_is_opaque and EC_KEY_is_opaque special cases\nUpdate-Note: The filled in parts of keys backed by RSA_METHOD and\nECDSA_METHOD will now participate in RSA_check_key and EC_KEY_check_key.\n* Use std::string_view for label strings\n* Update CMAKE_CXX_STANDARD in generate_build_files.py\n* Revert \"Stop playing with time strings with strlcat\"\n* util/fipstools: document AES-gcm-randnonce cmds\n* util/fipstools: add SSH KDF ACVP support\n* Add something to the error queue when Proc-Type version is wrong\n* Gate Rust support for ML-{KEM,DSA} on a crate feature.\n* Stop playing with time strings with strlcat\n* Revert \"Always try and enable the new_uninit feature.\"\n* replace some more allocate + strlcat with asprintf\n* Remove out directories in pki test data\n* replace manual alloction math and srlcats with asprintf\n* use asprintf instead of magic manual allocation\n\nFixes: 407992978\nTest: treehugger\nChange-Id: Ib5b1014c157271ca3bf68afe3b133addca37620f\n" }, { "commit": "ecc1358826150d6a1851c517c325b0e6c0e1b8be", "tree": "cb920d76df247d1b99c7a80d9cef2540cfe1eabf", "parents": [ "e8584eb15abdee848de2cc411c581522d306aa5b", "f7ed953364f1050af8ac368ae29d18a06f54f2cb" ], "author": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Tue Apr 01 20:54:17 2025 -0700" }, "committer": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Tue Apr 01 20:54:17 2025 -0700" }, "message": "Merge cherrypicks of [\u0027googleplex-android-review.googlesource.com/32628841\u0027] into 25Q2-release.\n\nChange-Id: I81dbd06b87c497a56b0ad967a36847613ef09851\n" }, { "commit": "f7ed953364f1050af8ac368ae29d18a06f54f2cb", "tree": "cb920d76df247d1b99c7a80d9cef2540cfe1eabf", "parents": [ "e8584eb15abdee848de2cc411c581522d306aa5b" ], "author": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Mon Mar 24 11:34:23 2025 -0700" }, "committer": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Tue Apr 01 20:39:38 2025 -0700" }, "message": "Disable full BoringSSL Self Test at boot.\n\nNo longer required for certification and causes boot time regression due to new PQC self tests.\n\nNote that all algorithms are still tested before first use in all processes (either at start-up or on-demand) so this doesn\u0027t change anything from a FIPS point of view.\n\nFixes: 405098034\nTest: TH\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:330549410f8a94c9f61877abd683968fc0585067)\nMerged-In: I4b851188f5b7cc7ec13bc33b55a2ac7fb57dcc04\nChange-Id: I4b851188f5b7cc7ec13bc33b55a2ac7fb57dcc04\n" }, { "commit": "56ea26d9de9ce1a5b47aacd6a57875b47d7784a3", "tree": "c5002e96fb1fbf56bc80e596005a877ba971d57c", "parents": [ "ea03886e7d8932bda0d3532dcb2763923db52acd" ], "author": { "name": "David Drysdale", "email": "drysdale@google.com", "time": "Fri Jan 31 12:16:01 2025 +0000" }, "committer": { "name": "David Drysdale", "email": "drysdale@google.com", "time": "Mon Mar 31 18:32:41 2025 +0100" }, "message": "Allow Gatekeeper to access bssl-sys\n\nGatekeeper\u0027s `ISharedSecret` support requires CKDF functionality based\non AES-256-CMAC, but there are currently no wrappers for CMAC in\n`bssl-crypto`.\n\nBug: 395084113\nTest: build\nChange-Id: I42a08205193ba5afb6ca3b0f46f54f9fb8cbca65\n" }, { "commit": "ea03886e7d8932bda0d3532dcb2763923db52acd", "tree": "be9c115262a5f92e2399a42c1e0430c752675646", "parents": [ "330549410f8a94c9f61877abd683968fc0585067", "4f7cdd4f409348ce1737baf73c397215659408be" ], "author": { "name": "Bill Yang", "email": "yangbill@google.com", "time": "Wed Mar 26 18:27:53 2025 -0700" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Wed Mar 26 18:27:53 2025 -0700" }, "message": "Merge \"Add visibility of boringssl test for platform_testing\" into main" }, { "commit": "330549410f8a94c9f61877abd683968fc0585067", "tree": "cb920d76df247d1b99c7a80d9cef2540cfe1eabf", "parents": [ "e03ff3c9d9631e74398f59fe958b79f6c62a9d83" ], "author": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Mon Mar 24 11:34:23 2025 -0700" }, "committer": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Mon Mar 24 12:02:06 2025 -0700" }, "message": "Disable full BoringSSL Self Test at boot.\n\nNo longer required for certification and causes boot time regression due to new PQC self tests.\n\nNote that all algorithms are still tested before first use in all processes (either at start-up or on-demand) so this doesn\u0027t change anything from a FIPS point of view.\n\nFixes: 405098034\nTest: TH\nChange-Id: I4b851188f5b7cc7ec13bc33b55a2ac7fb57dcc04\n" }, { "commit": "e8584eb15abdee848de2cc411c581522d306aa5b", "tree": "df06ecd060cdb9219e7ef1bb90da83aa37b40a8e", "parents": [ "b40f66892d94c95c7483b8b675dff875a54b7ae2", "e03ff3c9d9631e74398f59fe958b79f6c62a9d83" ], "author": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Wed Mar 19 16:32:23 2025 -0700" }, "committer": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Wed Mar 19 16:32:23 2025 -0700" }, "message": "Snap for 13241370 from e03ff3c9d9631e74398f59fe958b79f6c62a9d83 to 25Q2-release\n\nChange-Id: I580a6ad18fd378e95639b0192599b6c859816635\n" }, { "commit": "e03ff3c9d9631e74398f59fe958b79f6c62a9d83", "tree": "df06ecd060cdb9219e7ef1bb90da83aa37b40a8e", "parents": [ "0e8cb072046020f3b8c1b81dc905f6116572236e" ], "author": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Wed Mar 19 17:27:16 2025 +0000" }, "committer": { "name": "Pete Bentley", "email": "prb@google.com", "time": "Wed Mar 19 17:30:47 2025 +0000" }, "message": "external/boringssl: Sync to branch fips-20250107.\n\nThis includes the following changes:\n\nhttps://boringssl.googlesource.com/boringssl/+log/a0cb538b0d0d08371d3bd5712bbc8d474d28090a..1d256be42d1bb697c86372d12decf64138d82abe\n\n* Merge to fips-20250107: Update PQ ACVP to reflect NIST\u0027s breaking changes.\n* Merge to fips-20250107: delocate: Recognize msl as an ARMConstantTweak\n* Merge to fips-20250107: Use FIPS functions in modulewrapper where possible.\n* Merge to fips-20250107: Add SLH-DSA self tests\n* Merge to fips-20250107: Add ML-DSA self tests.\n* Merge to fips-20250107: Add ML-KEM self-tests.\n* Merge to fips-20250107: delocate: remove the need to demangle local variables\n\nTest: treehugger\nChange-Id: I3e26a49a7e0cfafcd102b682739857be12a8e5e3\n" }, { "commit": "4f7cdd4f409348ce1737baf73c397215659408be", "tree": "d43f39f0f75fca5d956f9b9ad505b1abb46663bf", "parents": [ "0e8cb072046020f3b8c1b81dc905f6116572236e" ], "author": { "name": "Bill Yang", "email": "yangbill@google.com", "time": "Tue Mar 11 10:24:37 2025 +0000" }, "committer": { "name": "Bill Yang", "email": "yangbill@google.com", "time": "Tue Mar 11 10:24:37 2025 +0000" }, "message": "Add visibility of boringssl test for platform_testing\n\nBug: 399246722\nTest: m continuous_native_tests\nChange-Id: Idd27725dc38d5828500ac3756a2f5c4973feaa60\n" }, { "commit": "b40f66892d94c95c7483b8b675dff875a54b7ae2", "tree": "3cc75472b51be369737423be368b7e3109e8786e", "parents": [ "9a3cc19b6c8c846cf49e1c4cc48ab120b4b754e9", "0e8cb072046020f3b8c1b81dc905f6116572236e" ], "author": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Fri Mar 07 18:07:13 2025 -0800" }, "committer": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Fri Mar 07 18:07:13 2025 -0800" }, "message": "Snap for 13182071 from 0e8cb072046020f3b8c1b81dc905f6116572236e to 25Q2-release\n\nChange-Id: I49077c52e0c0a530f0d9c129c2f66ee335af4ef5\n" }, { "commit": "0e8cb072046020f3b8c1b81dc905f6116572236e", "tree": "3cc75472b51be369737423be368b7e3109e8786e", "parents": [ "bd0eae1a3d85047763f1899818ae4a58ef8b6c23", "ff82e866658b678df9ae4aac825828ce45b50209" ], "author": { "name": "Yi Kong", "email": "yikong@google.com", "time": "Fri Mar 07 13:03:57 2025 -0800" }, "committer": { "name": "Automerger Merge Worker", "email": "android-build-automerger-merge-worker@system.gserviceaccount.com", "time": "Fri Mar 07 13:03:57 2025 -0800" }, "message": "Workaround build breakage due to C++/Rust LTO Interop am: 7931e7a1a2 am: ff82e86665\n\nOriginal change: https://android-review.googlesource.com/c/platform/external/boringssl/+/3531672\n\nChange-Id: I113a5635f65a8036b1e225a615ceddf667b81d9a\nSigned-off-by: Automerger Merge Worker \u003candroid-build-automerger-merge-worker@system.gserviceaccount.com\u003e\n" } ], "next": "ff82e866658b678df9ae4aac825828ce45b50209" }