Update BoringSSL to 04b3213d43492b6c9e0434d8e2a4530a9938f958 (#79)

apple · Mar 10, 2021 · 3bea268 · 3bea268
1 parent 0141f53
commit 3bea268
Show file tree

Hide file tree

Showing 42 changed files with 882 additions and 746 deletions.
diff --git a/Package.swift b/Package.swift
@@ -20,7 +20,7 @@
 // Sources/CCryptoBoringSSL directory. The source repository is at
 // https://boringssl.googlesource.com/boringssl.
 //
-// BoringSSL Commit: bb43a45d6de7375f3310511d37f040d1055f8a10
+// BoringSSL Commit: 04b3213d43492b6c9e0434d8e2a4530a9938f958
 
 import PackageDescription
 

diff --git a/Sources/CCryptoBoringSSL/CMakeLists.txt b/Sources/CCryptoBoringSSL/CMakeLists.txt
@@ -259,7 +259,6 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/x509/x509_ext.c"
   "crypto/x509/x509_lu.c"
   "crypto/x509/x509_obj.c"
-  "crypto/x509/x509_r2x.c"
   "crypto/x509/x509_req.c"
   "crypto/x509/x509_set.c"
   "crypto/x509/x509_trs.c"

diff --git a/Sources/CCryptoBoringSSL/crypto/cpu-arm-linux.c b/Sources/CCryptoBoringSSL/crypto/cpu-arm-linux.c
@@ -175,7 +175,13 @@ void OPENSSL_cpuid_setup(void) {
     hwcap = crypto_get_arm_hwcap_from_cpuinfo(&cpuinfo);
   }
 
-  // Clear NEON support if known broken.
+  // Clear NEON support if known broken. Note, if NEON is available statically,
+  // the non-NEON code is dropped and this workaround is a no-op.
+  //
+  // TODO(davidben): The Android NDK now builds with NEON statically available
+  // by default. Cronet still has some consumers that support NEON-less devices
+  // (b/150371744). Get metrics on whether they still see this CPU and, if not,
+  // remove this check entirely.
   g_has_broken_neon = crypto_cpuinfo_has_broken_neon(&cpuinfo);
   if (g_has_broken_neon) {
     hwcap &= ~HWCAP_NEON;
@@ -186,7 +192,10 @@ void OPENSSL_cpuid_setup(void) {
     OPENSSL_armcap_P |= ARMV7_NEON;
 
     // Some ARMv8 Android devices don't expose AT_HWCAP2. Fall back to
-    // /proc/cpuinfo. See https://crbug.com/596156.
+    // /proc/cpuinfo. See https://crbug.com/boringssl/46. As of February 2021,
+    // this is now rare (see Chrome's Net.NeedsHWCAP2Workaround metric), but AES
+    // and PMULL extensions are very useful, so we still carry the workaround
+    // for now.
     unsigned long hwcap2 = 0;
     if (getauxval != NULL) {
       hwcap2 = getauxval(AT_HWCAP2);

diff --git a/Sources/CCryptoBoringSSL/crypto/cpu-arm.c b/Sources/CCryptoBoringSSL/crypto/cpu-arm.c
@@ -22,15 +22,15 @@
 
 extern uint32_t OPENSSL_armcap_P;
 
-char CRYPTO_is_NEON_capable_at_runtime(void) {
+int CRYPTO_is_NEON_capable_at_runtime(void) {
   return (OPENSSL_armcap_P & ARMV7_NEON) != 0;
 }
 
-int CRYPTO_is_ARMv8_AES_capable(void) {
+int CRYPTO_is_ARMv8_AES_capable_at_runtime(void) {
   return (OPENSSL_armcap_P & ARMV8_AES) != 0;
 }
 
-int CRYPTO_is_ARMv8_PMULL_capable(void) {
+int CRYPTO_is_ARMv8_PMULL_capable_at_runtime(void) {
   return (OPENSSL_armcap_P & ARMV8_PMULL) != 0;
 }