[TF][JNI][UPDATE] BoringSSL from source (master)

(cherry picked from commit 71c5118dede745e259bfee96f5342c968bdac532)
2020-06-10 00:05:18 +02:00 · 2020-06-10 00:05:18 +02:00 · a13d870030
parent 323d6ab5ee
commit a13d870030
7 changed files with 621 additions and 4 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -4,3 +4,6 @@
 [submodule "TMessagesProj/jni/ffmpeg"]
 	path = TMessagesProj/jni/ffmpeg
 	url = https://github.com/FFmpeg/FFmpeg
+[submodule "TMessagesProj/jni/boringssl"]
+	path = TMessagesProj/jni/boringssl
+	url = https://github.com/google/boringssl
--- a/TMessagesProj/jni/Android.mk
+++ b/TMessagesProj/jni/Android.mk
@ -106,13 +106,13 @@ include $(CLEAR_VARS)
 LOCAL_MODULE    := crypto

 ifeq ($(TARGET_ARCH_ABI),armeabi-v7a)
-    LOCAL_SRC_FILES := ./boringssl/lib/libcrypto_armeabi-v7a.a
+    LOCAL_SRC_FILES := ./boringssl/build/armeabi-v7a/crypto/libcrypto.a
 else ifeq ($(TARGET_ARCH_ABI),arm64-v8a)
-    LOCAL_SRC_FILES := ./boringssl/lib/libcrypto_arm64-v8a.a
+    LOCAL_SRC_FILES := ./boringssl/build/arm64-v8a/crypto/libcrypto.a
 else ifeq ($(TARGET_ARCH_ABI),x86)
-    LOCAL_SRC_FILES := ./boringssl/lib/libcrypto_x86.a
+    LOCAL_SRC_FILES := ./boringssl/build/x86/crypto/libcrypto.a
 else ifeq ($(TARGET_ARCH_ABI),x86_64)
-    LOCAL_SRC_FILES := ./boringssl/lib/libcrypto_x86_64.a
+    LOCAL_SRC_FILES := ./boringssl/build/x86_64/crypto/libcrypto.a
 endif

 include $(PREBUILT_STATIC_LIBRARY)
--- a/TMessagesProj/jni/boringssl
+++ b/TMessagesProj/jni/boringssl
@ -0,0 +1 @@
+Subproject commit 251b5169fd44345f455438312ec4e18ae07fd58c
--- a/TMessagesProj/jni/build_boringssl.sh
+++ b/TMessagesProj/jni/build_boringssl.sh
@ -0,0 +1,58 @@
+#!/bin/bash
+
+set -e
+
+function build_one {
+	mkdir ${CPU}
+	cd ${CPU}
+
+	echo "Configuring..."
+	cmake -DANDROID_NATIVE_API_LEVEL=${API} -DANDROID_ABI=${CPU} -DCMAKE_BUILD_TYPE=Release -DANDROID_NDK=${NDK} -DCMAKE_TOOLCHAIN_FILE=$NDK/build/cmake/android.toolchain.cmake -DANDROID_NATIVE_API_LEVEL=16 -GNinja -DCMAKE_MAKE_PROGRAM=${NINJA_PATH} ../..
+	
+	echo "Building..."
+	cmake --build .
+	
+	cd ..
+}
+
+function checkPreRequisites {
+
+    if ! [ -d "boringssl" ] || ! [ "$(ls -A boringssl)" ]; then
+        echo -e "\033[31mFailed! Submodule 'boringssl' not found!\033[0m"
+        echo -e "\033[31mTry to run: 'git submodule init && git submodule update'\033[0m"
+        exit
+    fi
+
+    if [ -z "$NDK" -a "$NDK" == "" ]; then
+        echo -e "\033[31mFailed! NDK is empty. Run 'export NDK=[PATH_TO_NDK]'\033[0m"
+        exit
+    fi
+    
+    if [ -z "$NINJA_PATH" -a "$NINJA_PATH" == "" ]; then
+        echo -e "\033[31mFailed! NINJA_PATH is empty. Run 'export NINJA_PATH=[PATH_TO_NINJA]'\033[0m"
+        exit
+    fi
+}
+
+ANDROID_NDK=$NDK
+checkPreRequisites
+
+cd boringssl
+
+mkdir build
+cd build
+
+API=16
+
+CPU=armeabi-v7a
+build_one
+
+CPU=x86
+build_one
+
+API=21
+CPU=arm64-v8a
+build_one
+
+CPU=x86_64
+build_one
--- a/TMessagesProj/jni/patch_boringssl.sh
+++ b/TMessagesProj/jni/patch_boringssl.sh
@ -0,0 +1,6 @@
+#!/bin/bash
+
+set -e
+
+patch -d boringssl -p1 < patches/boringssl/0001-add-aes-ige-mode.patch
+patch -d boringssl -p1 < patches/boringssl/0001-only-build-what-we-need.patch
--- a/TMessagesProj/jni/patches/boringssl/0001-add-aes-ige-mode.patch
+++ b/TMessagesProj/jni/patches/boringssl/0001-add-aes-ige-mode.patch
@ -0,0 +1,377 @@
+From b3958bdfcc9c753477fdf6e0da799c1c4e4077f1 Mon Sep 17 00:00:00 2001
+From: Marcus Hoffmann <bubu@bubu1.eu>
+Date: Tue, 31 Jul 2018 17:15:39 +0200
+Subject: [PATCH] add aes ige mode
+
+---
+ crypto/fipsmodule/CMakeLists.txt |   2 +
+ crypto/fipsmodule/aes/aes_ige.c  | 323 +++++++++++++++++++++++++++++++
+ include/openssl/aes.h            |   9 +
+ 3 files changed, 334 insertions(+)
+ create mode 100644 crypto/fipsmodule/aes/aes_ige.c
+
+diff --git a/crypto/fipsmodule/CMakeLists.txt b/crypto/fipsmodule/CMakeLists.txt
+index 30823755..b349572c 100644
+--- a/crypto/fipsmodule/CMakeLists.txt
+++ b/crypto/fipsmodule/CMakeLists.txt
+@@ -198,6 +198,8 @@ else()
+     bcm.c
+     is_fips.c
+ 
+    aes/aes_ige.c
+
+     ${BCM_ASM_SOURCES}
+   )
+
+diff --git a/crypto/fipsmodule/aes/aes_ige.c b/crypto/fipsmodule/aes/aes_ige.c
+new file mode 100644
+index 00000000..b425c7d6
+--- /dev/null
+++ b/crypto/fipsmodule/aes/aes_ige.c
+@@ -0,0 +1,323 @@
+/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/aes.h>
+#include <assert.h>
+#include <memory.h>
+#include <string.h>
+
+#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
+typedef struct {
+        unsigned long data[N_WORDS];
+} aes_block_t;
+
+/* XXX: probably some better way to do this */
+#if defined(__i386__) || defined(__x86_64__)
+#define UNALIGNED_MEMOPS_ARE_FAST 1
+#else
+#define UNALIGNED_MEMOPS_ARE_FAST 0
+#endif
+
+#if UNALIGNED_MEMOPS_ARE_FAST
+#define load_block(d, s)        (d) = *(const aes_block_t *)(s)
+#define store_block(d, s)       *(aes_block_t *)(d) = (s)
+#else
+#define load_block(d, s)        memcpy((d).data, (s), AES_BLOCK_SIZE)
+#define store_block(d, s)       memcpy((d), (s).data, AES_BLOCK_SIZE)
+#endif
+
+/* N.B. The IV for this mode is _twice_ the block size */
+
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+					 size_t length, const AES_KEY *key,
+					 unsigned char *ivec, const int enc)
+	{
+	size_t n;
+	size_t len = length;
+
+	assert(in && out && key && ivec);
+	assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+	assert((length%AES_BLOCK_SIZE) == 0);
+
+	len = length / AES_BLOCK_SIZE;
+
+	if (AES_ENCRYPT == enc)
+		{
+		if (in != out &&
+		    (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
+			{
+			aes_block_t *ivp = (aes_block_t *)ivec;
+			aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
+
+			while (len)
+				{
+				aes_block_t *inp = (aes_block_t *)in;
+				aes_block_t *outp = (aes_block_t *)out;
+
+				for(n=0 ; n < N_WORDS; ++n)
+					outp->data[n] = inp->data[n] ^ ivp->data[n];
+				AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key);
+				for(n=0 ; n < N_WORDS; ++n)
+					outp->data[n] ^= iv2p->data[n];
+				ivp = outp;
+				iv2p = inp;
+				--len;
+				in += AES_BLOCK_SIZE;
+				out += AES_BLOCK_SIZE;
+				}
+			memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+			memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+			}
+		else
+			{
+			aes_block_t tmp, tmp2;
+			aes_block_t iv;
+			aes_block_t iv2;
+
+			load_block(iv, ivec);
+			load_block(iv2, ivec + AES_BLOCK_SIZE);
+
+			while (len)
+				{
+				load_block(tmp, in);
+				for(n=0 ; n < N_WORDS; ++n)
+					tmp2.data[n] = tmp.data[n] ^ iv.data[n];
+				AES_encrypt((unsigned char *)tmp2.data, (unsigned char *)tmp2.data, key);
+				for(n=0 ; n < N_WORDS; ++n)
+					tmp2.data[n] ^= iv2.data[n];
+				store_block(out, tmp2);
+				iv = tmp2;
+				iv2 = tmp;
+				--len;
+				in += AES_BLOCK_SIZE;
+				out += AES_BLOCK_SIZE;
+				}
+			memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+			memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
+			}
+		}
+	else
+		{
+		if (in != out &&
+		    (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
+			{
+			aes_block_t *ivp = (aes_block_t *)ivec;
+			aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
+
+			while (len)
+				{
+				aes_block_t tmp;
+				aes_block_t *inp = (aes_block_t *)in;
+				aes_block_t *outp = (aes_block_t *)out;
+
+				for(n=0 ; n < N_WORDS; ++n)
+					tmp.data[n] = inp->data[n] ^ iv2p->data[n];
+				AES_decrypt((unsigned char *)tmp.data, (unsigned char *)outp->data, key);
+				for(n=0 ; n < N_WORDS; ++n)
+					outp->data[n] ^= ivp->data[n];
+				ivp = inp;
+				iv2p = outp;
+				--len;
+				in += AES_BLOCK_SIZE;
+				out += AES_BLOCK_SIZE;
+				}
+			memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+			memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+			}
+		else
+			{
+			aes_block_t tmp, tmp2;
+			aes_block_t iv;
+			aes_block_t iv2;
+
+			load_block(iv, ivec);
+			load_block(iv2, ivec + AES_BLOCK_SIZE);
+
+			while (len)
+				{
+				load_block(tmp, in);
+				tmp2 = tmp;
+				for(n=0 ; n < N_WORDS; ++n)
+					tmp.data[n] ^= iv2.data[n];
+				AES_decrypt((unsigned char *)tmp.data, (unsigned char *)tmp.data, key);
+				for(n=0 ; n < N_WORDS; ++n)
+					tmp.data[n] ^= iv.data[n];
+				store_block(out, tmp);
+				iv = tmp2;
+				iv2 = tmp;
+				--len;
+				in += AES_BLOCK_SIZE;
+				out += AES_BLOCK_SIZE;
+				}
+			memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+			memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
+			}
+		}
+	}
+
+/*
+ * Note that its effectively impossible to do biIGE in anything other
+ * than a single pass, so no provision is made for chaining.
+ */
+
+/* N.B. The IV for this mode is _four times_ the block size */
+
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+						size_t length, const AES_KEY *key,
+						const AES_KEY *key2, const unsigned char *ivec,
+						const int enc)
+	{
+	size_t n;
+	size_t len = length;
+	unsigned char tmp[AES_BLOCK_SIZE];
+	unsigned char tmp2[AES_BLOCK_SIZE];
+	unsigned char tmp3[AES_BLOCK_SIZE];
+	unsigned char prev[AES_BLOCK_SIZE];
+	const unsigned char *iv;
+	const unsigned char *iv2;
+
+	assert(in && out && key && ivec);
+	assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+	assert((length%AES_BLOCK_SIZE) == 0);
+
+	if (AES_ENCRYPT == enc)
+		{
+		/* XXX: Do a separate case for when in != out (strictly should
+		   check for overlap, too) */
+
+		/* First the forward pass */ 
+		iv = ivec;
+		iv2 = ivec + AES_BLOCK_SIZE;
+		while (len >= AES_BLOCK_SIZE)
+			{
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				out[n] = in[n] ^ iv[n];
+			AES_encrypt(out, out, key);
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				out[n] ^= iv2[n];
+			iv = out;
+			memcpy(prev, in, AES_BLOCK_SIZE);
+			iv2 = prev;
+			len -= AES_BLOCK_SIZE;
+			in += AES_BLOCK_SIZE;
+			out += AES_BLOCK_SIZE;
+			}
+
+		/* And now backwards */
+		iv = ivec + AES_BLOCK_SIZE*2;
+		iv2 = ivec + AES_BLOCK_SIZE*3;
+		len = length;
+		while(len >= AES_BLOCK_SIZE)
+			{
+			out -= AES_BLOCK_SIZE;
+			/* XXX: reduce copies by alternating between buffers */
+			memcpy(tmp, out, AES_BLOCK_SIZE);
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				out[n] ^= iv[n];
+			/*			hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
+			AES_encrypt(out, out, key);
+			/*			hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
+			/*			hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				out[n] ^= iv2[n];
+			/*			hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
+			iv = out;
+			memcpy(prev, tmp, AES_BLOCK_SIZE);
+			iv2 = prev;
+			len -= AES_BLOCK_SIZE;
+			}
+		}
+	else
+		{
+		/* First backwards */
+		iv = ivec + AES_BLOCK_SIZE*2;
+		iv2 = ivec + AES_BLOCK_SIZE*3;
+		in += length;
+		out += length;
+		while (len >= AES_BLOCK_SIZE)
+			{
+			in -= AES_BLOCK_SIZE;
+			out -= AES_BLOCK_SIZE;
+			memcpy(tmp, in, AES_BLOCK_SIZE);
+			memcpy(tmp2, in, AES_BLOCK_SIZE);
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				tmp[n] ^= iv2[n];
+			AES_decrypt(tmp, out, key);
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				out[n] ^= iv[n];
+			memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+			iv = tmp3;
+			iv2 = out;
+			len -= AES_BLOCK_SIZE;
+			}
+
+		/* And now forwards */
+		iv = ivec;
+		iv2 = ivec + AES_BLOCK_SIZE;
+		len = length;
+		while (len >= AES_BLOCK_SIZE)
+			{
+			memcpy(tmp, out, AES_BLOCK_SIZE);
+			memcpy(tmp2, out, AES_BLOCK_SIZE);
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				tmp[n] ^= iv2[n];
+			AES_decrypt(tmp, out, key);
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				out[n] ^= iv[n];
+			memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+			iv = tmp3;
+			iv2 = out;
+			len -= AES_BLOCK_SIZE;
+			in += AES_BLOCK_SIZE;
+			out += AES_BLOCK_SIZE;
+			}
+		}
+	}
+diff --git a/include/openssl/aes.h b/include/openssl/aes.h
+index 11565854..0130fec5 100644
+--- a/include/openssl/aes.h
+++ b/include/openssl/aes.h
+@@ -138,6 +138,15 @@ OPENSSL_EXPORT void AES_cfb128_encrypt(const uint8_t *in, uint8_t *out,
+                                        size_t len, const AES_KEY *key,
+                                        uint8_t *ivec, int *num, int enc);
+ 
+/* NB: the IV is _two_ blocks long */
+OPENSSL_EXPORT void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+                                    size_t length, const AES_KEY *key,
+                                    unsigned char *ivec, const int enc);
+/* NB: the IV is _four_ blocks long */
+OPENSSL_EXPORT void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+                                       size_t length, const AES_KEY *key,
+                                       const AES_KEY *key2, const unsigned char *ivec,
+                                       const int enc);
+ 
+ // AES key wrap.
+ //
+-- 
+2.17.1
+
--- a/TMessagesProj/jni/patches/boringssl/0001-only-build-what-we-need.patch
+++ b/TMessagesProj/jni/patches/boringssl/0001-only-build-what-we-need.patch
@ -0,0 +1,172 @@
+From 02952ace408e331237a1ccd724f072b3e67ceb20 Mon Sep 17 00:00:00 2001
+From: thermatk <thermatk@thermatk.com>
+Date: Wed, 23 Jan 2019 22:16:34 +0100
+Subject: [PATCH] only build what we need
+
+---
+ CMakeLists.txt        | 36 ---------------------
+ crypto/CMakeLists.txt | 74 -------------------------------------------
+ 2 files changed, 110 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index fd3532664..7fcfb1627 100644
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
+@@ -542,33 +542,7 @@ if(USE_CUSTOM_LIBCXX)
+   target_link_libraries(libcxx libcxxabi)
+ endif()
+ 
+-# Add minimal googletest targets. The provided one has many side-effects, and
+-# googletest has a very straightforward build.
+-add_library(boringssl_gtest third_party/googletest/src/gtest-all.cc)
+-target_include_directories(boringssl_gtest PRIVATE third_party/googletest)
+-
+-include_directories(third_party/googletest/include)
+-
+-# Declare a dummy target to build all unit tests. Test targets should inject
+-# themselves as dependencies next to the target definition.
+-add_custom_target(all_tests)
+-
+-add_custom_command(
+-  OUTPUT crypto_test_data.cc
+-  COMMAND ${GO_EXECUTABLE} run util/embed_test_data.go ${CRYPTO_TEST_DATA} >
+-  ${CMAKE_CURRENT_BINARY_DIR}/crypto_test_data.cc
+-  DEPENDS util/embed_test_data.go ${CRYPTO_TEST_DATA}
+-  WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
+-
+-add_library(crypto_test_data OBJECT crypto_test_data.cc)
+-
+ add_subdirectory(crypto)
+-add_subdirectory(ssl)
+-add_subdirectory(ssl/test)
+-add_subdirectory(tool)
+-add_subdirectory(util/fipstools/cavp)
+-add_subdirectory(util/fipstools/acvp/modulewrapper)
+-add_subdirectory(decrepit)
+ 
+ if(FUZZ)
+   if(LIBFUZZER_FROM_DEPS)
+@@ -589,14 +564,3 @@ endif()
+ if(UNIX AND NOT APPLE AND NOT ANDROID)
+   set(HANDSHAKER_ARGS "-handshaker-path" $<TARGET_FILE:handshaker>)
+ endif()
+-
+-add_custom_target(
+-    run_tests
+-    COMMAND ${GO_EXECUTABLE} run util/all_tests.go -build-dir
+-            ${CMAKE_BINARY_DIR}
+-    COMMAND cd ssl/test/runner &&
+-            ${GO_EXECUTABLE} test -shim-path $<TARGET_FILE:bssl_shim>
+-              ${HANDSHAKER_ARGS} ${RUNNER_ARGS}
+-    WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+-    DEPENDS all_tests bssl_shim handshaker
+-    USES_TERMINAL)
+diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
+index e940f7d5f..f5221d70d 100644
+--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
+@@ -85,7 +85,6 @@ function(perlasm dest src)
+ endfunction()
+ 
+ add_subdirectory(fipsmodule)
+-add_subdirectory(test)
+ 
+ if(FIPS_DELOCATE)
+   SET_SOURCE_FILES_PROPERTIES(fipsmodule/bcm.o PROPERTIES EXTERNAL_OBJECT true)
+@@ -461,93 +461,3 @@ endif()
+ if(USE_CUSTOM_LIBCXX)
+   target_link_libraries(crypto libcxx)
+ endif()
+-
+-# urandom_test is a separate binary because it needs to be able to observe the
+-# PRNG initialisation, which means that it can't have other tests running before
+-# it does.
+-add_executable(
+-  urandom_test
+-
+-  fipsmodule/rand/urandom_test.cc
+-)
+-
+-target_link_libraries(urandom_test test_support_lib boringssl_gtest crypto)
+-
+-add_dependencies(urandom_test global_target)
+-add_dependencies(all_tests urandom_test)
+-
+-add_executable(
+-  crypto_test
+-
+-  abi_self_test.cc
+-  asn1/asn1_test.cc
+-  base64/base64_test.cc
+-  buf/buf_test.cc
+-  bio/bio_test.cc
+-  bytestring/bytestring_test.cc
+-  chacha/chacha_test.cc
+-  cipher_extra/aead_test.cc
+-  cipher_extra/cipher_test.cc
+-  cmac/cmac_test.cc
+-  compiler_test.cc
+-  constant_time_test.cc
+-  cpu-arm-linux_test.cc
+-  curve25519/ed25519_test.cc
+-  curve25519/spake25519_test.cc
+-  curve25519/x25519_test.cc
+-  ecdh_extra/ecdh_test.cc
+-  dh/dh_test.cc
+-  digest_extra/digest_test.cc
+-  dsa/dsa_test.cc
+-  err/err_test.cc
+-  evp/evp_extra_test.cc
+-  evp/evp_test.cc
+-  evp/pbkdf_test.cc
+-  evp/scrypt_test.cc
+-  fipsmodule/aes/aes_test.cc
+-  fipsmodule/bn/bn_test.cc
+-  fipsmodule/ec/ec_test.cc
+-  fipsmodule/ec/p256-x86_64_test.cc
+-  fipsmodule/ecdsa/ecdsa_test.cc
+-  fipsmodule/md5/md5_test.cc
+-  fipsmodule/modes/gcm_test.cc
+-  fipsmodule/rand/ctrdrbg_test.cc
+-  fipsmodule/rand/fork_detect_test.cc
+-  fipsmodule/sha/sha_test.cc
+-  hkdf/hkdf_test.cc
+-  hmac_extra/hmac_test.cc
+-  hrss/hrss_test.cc
+-  impl_dispatch_test.cc
+-  lhash/lhash_test.cc
+-  obj/obj_test.cc
+-  pem/pem_test.cc
+-  pkcs7/pkcs7_test.cc
+-  pkcs8/pkcs8_test.cc
+-  pkcs8/pkcs12_test.cc
+-  poly1305/poly1305_test.cc
+-  pool/pool_test.cc
+-  rand_extra/rand_test.cc
+-  refcount_test.cc
+-  rsa_extra/rsa_test.cc
+-  self_test.cc
+-  stack/stack_test.cc
+-  siphash/siphash_test.cc
+-  test/file_test_gtest.cc
+-  thread_test.cc
+-  trust_token/trust_token_test.cc
+-  x509/x509_test.cc
+-  x509/x509_time_test.cc
+-  x509v3/tab_test.cc
+-  x509v3/v3name_test.cc
+-
+-  $<TARGET_OBJECTS:crypto_test_data>
+-  $<TARGET_OBJECTS:boringssl_gtest_main>
+-)
+-
+-add_dependencies(crypto_test global_target)
+-
+-target_link_libraries(crypto_test test_support_lib boringssl_gtest crypto)
+-if(WIN32)
+-  target_link_libraries(crypto_test ws2_32)
+-endif()
+-add_dependencies(all_tests crypto_test)
+-- 
+2.20.1
+
				`@ -0,0 +1 @@`
				`Subproject commit 251b5169fd44345f455438312ec4e18ae07fd58c`