Upstream Android-specific things under |BORINGSSL_ANDROID_SYSTEM|
The Android system BoringSSL has a couple of changes:
∙ ChaCha20-Poly1305 is disabled because it's not an offical
cipher suite.
∙ P-521 is offered in the ClientHello.
These changes were carried in the Android BoringSSL repo directly. This
change upstreams them when BORINGSSL_ANDROID_SYSTEM is defined.
Change-Id: If3e787c6694655b56e7701118aca661e97a5f26c
diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c
index 0754da0..b23d775 100644
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c
@@ -448,6 +448,7 @@
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
},
+#if !defined(BORINGSSL_ANDROID_SYSTEM)
/* ChaCha20-Poly1305 cipher suites. */
{
@@ -465,6 +466,7 @@
SSL_HANDSHAKE_MAC_SHA256,
256, 256,
},
+#endif
};
static const size_t kCiphersLen = sizeof(kCiphers) / sizeof(kCiphers[0]);
@@ -609,10 +611,12 @@
*out_fixed_iv_len = 4;
return 1;
+#if !defined(BORINGSSL_ANDROID_SYSTEM)
case SSL_CHACHA20POLY1305:
*out_aead = EVP_aead_chacha20_poly1305();
*out_fixed_iv_len = 0;
return 1;
+#endif
case SSL_RC4:
switch (cipher->algorithm_mac) {
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index caa0cc4..f30e8eb 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -352,6 +352,9 @@
static const uint16_t eccurves_default[] = {
23, /* X9_62_prime256v1 */
24, /* secp384r1 */
+#if defined(BORINGSSL_ANDROID_SYSTEM)
+ 25, /* secp521r1 */
+#endif
};
int tls1_ec_curve_id2nid(uint16_t curve_id) {
