Imported Upstream version 5.12.0.220

Former-commit-id: c477e03582759447177c6d4bf412cd2355aad476

external/boringssl/.github/PULL_REQUEST_TEMPLATE

@@ -1,7 +1,3 @@
-Please do not send pull requests to the BoringSSL repository.
+This is mono's fork of the BoringSSL repository.
 
-We do, however, take contributions gladly.
-
-See https://boringssl.googlesource.com/boringssl/+/master/CONTRIBUTING.md
-
-Thanks!
+We accept PRs for build issues, general code changes should go to the upstream repo.

external/boringssl/CMakeLists.txt

@@ -164,6 +164,8 @@ elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "armv7-a")
   set(ARCH "arm")
 elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "aarch64")
   set(ARCH "aarch64")
+elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "s390x")
+  set(ARCH "s390x")
 else()
   message(FATAL_ERROR "Unknown processor:" ${CMAKE_SYSTEM_PROCESSOR})
 endif()

external/boringssl/crypto/ec/p224-64.c

@@ -185,19 +185,33 @@ static const felem g_pre_comp[2][16][3] = {
 
 /* Helper functions to convert field elements to/from internal representation */
 static void bin28_to_felem(felem out, const u8 in[28]) {
-  out[0] = *((const uint64_t *)(in)) & 0x00ffffffffffffff;
-  out[1] = (*((const uint64_t *)(in + 7))) & 0x00ffffffffffffff;
-  out[2] = (*((const uint64_t *)(in + 14))) & 0x00ffffffffffffff;
-  out[3] = (*((const uint64_t *)(in + 20))) >> 8;
+#if defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+   out[0] = (*((const uint64_t *)(in + 20))) << 8 >> 8;
+   out[1] = (*((const uint64_t *)(in + 14))) >> 8;
+   out[2] = (*((const uint64_t *)(in + 7))) >> 8;
+   out[3] = *((const uint64_t *)(in)) >>8;
+#else
+   out[0] = *((const uint64_t *)(in)) & 0x00ffffffffffffff;
+   out[1] = (*((const uint64_t *)(in + 7))) & 0x00ffffffffffffff;
+   out[2] = (*((const uint64_t *)(in + 14))) & 0x00ffffffffffffff;
+   out[3] = (*((const uint64_t *)(in + 20))) >> 8;
+#endif
 }
 
 static void felem_to_bin28(u8 out[28], const felem in) {
   size_t i;
   for (i = 0; i < 7; ++i) {
+#if defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+    out[i] = *((u8 *)&in[3] + i + 1);
+    out[i + 7] = *((u8 *)&in[2] + i + 1);
+    out[i + 14] = *((u8 *)&in[1] + i + 1);
+    out[i + 21] = *((u8 *)&in[0] + i + 1);
+#else
     out[i] = in[0] >> (8 * i);
     out[i + 7] = in[1] >> (8 * i);
     out[i + 14] = in[2] >> (8 * i);
     out[i + 21] = in[3] >> (8 * i);
+#endif
   }
 }
 
@@ -223,16 +237,26 @@ static int BN_to_felem(felem out, const BIGNUM *bn) {
 
   felem_bytearray b_in;
   num_bytes = BN_bn2bin(bn, b_in);
+#if defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+  memcpy(b_out+sizeof(b_out)-num_bytes, b_in, num_bytes);
+  memset(b_out, 0, sizeof(b_out)-num_bytes);
+#else
   flip_endian(b_out, b_in, num_bytes);
+#endif
   bin28_to_felem(out, b_out);
   return 1;
 }
 
 /* From internal representation to OpenSSL BIGNUM */
 static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) {
-  felem_bytearray b_in, b_out;
+  felem_bytearray b_out;
+#if defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+  felem_to_bin28(b_out, in);
+#else
+  felem_bytearray b_in;
   felem_to_bin28(b_in, in);
   flip_endian(b_out, b_in, sizeof(b_out));
+#endif
   return BN_bin2bn(b_out, sizeof(b_out), out);
 }
 

external/boringssl/crypto/ec/p256-64.c

@@ -75,21 +75,35 @@ static const u64 kPrime[4] = {0xfffffffffffffffful, 0xffffffff, 0,
 static const u64 bottom63bits = 0x7ffffffffffffffful;
 
 /* bin32_to_felem takes a little-endian byte array and converts it into felem
- * form. This assumes that the CPU is little-endian. */
+ * form. This assumes no particular CPU endianess. */
 static void bin32_to_felem(felem out, const u8 in[32]) {
+#if defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+  out[0] = *((const u64 *)&in[24]);
+  out[1] = *((const u64 *)&in[16]);
+  out[2] = *((const u64 *)&in[8]);
+  out[3] = *((const u64 *)&in[0]);
+#else
   out[0] = *((const u64 *)&in[0]);
   out[1] = *((const u64 *)&in[8]);
   out[2] = *((const u64 *)&in[16]);
   out[3] = *((const u64 *)&in[24]);
+#endif
 }
 
 /* smallfelem_to_bin32 takes a smallfelem and serialises into a little endian,
- * 32 byte array. This assumes that the CPU is little-endian. */
+ * 32 byte array. This assumes no particular CPU endianess. */
 static void smallfelem_to_bin32(u8 out[32], const smallfelem in) {
+#if defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+  *((u64 *)&out[0]) = in[3];
+  *((u64 *)&out[8]) = in[2];
+  *((u64 *)&out[16]) = in[1];
+  *((u64 *)&out[24]) = in[0];
+#else
   *((u64 *)&out[0]) = in[0];
   *((u64 *)&out[8]) = in[1];
   *((u64 *)&out[16]) = in[2];
   *((u64 *)&out[24]) = in[3];
+#endif
 }
 
 /* To preserve endianness when using BN_bn2bin and BN_bin2bn. */
@@ -118,16 +132,26 @@ static int BN_to_felem(felem out, const BIGNUM *bn) {
 
   felem_bytearray b_in;
   num_bytes = BN_bn2bin(bn, b_in);
+#if defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+  memcpy(b_out+sizeof(b_out)-num_bytes, b_in, num_bytes);
+  memset(b_out, 0, sizeof(b_out)-num_bytes);
+#else
   flip_endian(b_out, b_in, num_bytes);
   bin32_to_felem(out, b_out);
+#endif
   return 1;
 }
 
 /* felem_to_BN converts an felem into an OpenSSL BIGNUM. */
 static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in) {
-  felem_bytearray b_in, b_out;
+  felem_bytearray b_out;
+#if defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+  smallfelem_to_bin32(b_out, in);
+#else
+  felem_bytearray b_in;
   smallfelem_to_bin32(b_in, in);
   flip_endian(b_out, b_in, sizeof(b_out));
+#endif
   return BN_bin2bn(b_out, sizeof(b_out), out);
 }