Bazel: update BoringSSL to f6ef1c5 / 95b3ed1 (master-with-bazel).

f6ef1c560 Check tag class and constructed bit in d2i_ASN1_BOOLEAN.
2f8bf102e Use typedefs in i2d and d2i_ASN1_BOOLEAN.
45c8be91f Forward-declare SSL_CLIENT_HELLO.
052453852 Fix BN_CTX usage in BN_mod_sqrt malloc error paths.
a406ad76a Make ASN1_NULL an opaque pointer.
f5e601275 Remove remnants of ASN.1 print function generators.
c31a8a6f0 Fold x509_vfy.h into x509.h.
f61997b4d Make ASN1_STRING_TABLE_add thread-safe and document.
38890fdef Test ASN1_STRING_set_by_NID with custom NIDs.
db93c2524 Test ASN1_STRING_set_by_NID with built-in NIDs.
a50f24c85 Test that built-in ASN1_STRING_TABLEs are sorted.
fa6ced951 Extract common rotl/rotr functions.
523d6c74c Remove X509_STORE_set0_additional_untrusted.
8f5eb80b8 Enable X509_V_FLAG_TRUSTED_FIRST by default.
2bde9365f Switch x509_test.cc to modify the existing X509_VERIFY_PARAM.
87f316d77 Add note to HMAC test vectors from NIST
cc509bdb7 Add log tag for Trusty.
551ccd7e9 Fix CRYPTO_malloc, etc., definitions.
03cae7a2b Keep EVP_CIPHER/EVP_MD lookup and do_all functions in sync
dedd23e59 aarch64: Add missing LR validation in 'vpaes_cbc_encrypt'
66e61c577 Allow PKCS7_sign to work for signing kernel modules.
f958727f7 Speed up constant-time base64 decoding.
4937f05cc Unwind remnants of ASN1_TFLG_NDEF.
f3e594151 acvptool: add CS3 support.
41adb341b Ignore SIGPIPE in the bssl tool.
1c2473eba Add FIPS counters for AES-GCM in EVP_AEAD.
cd32fd37d Refresh fuzzer corpus for ECH draft-13.
27a3328a3 Fix the TLS fuzzers for ECH draft-13.
62c4f1547 Clarify that TLS sessions are not application sessions.
019cc625b Fix BN_prime_checks_for_validation to align with false-positive rate.
0446b5942 Add maskHash to RSA_PSS_PARAMS for compat
ed5f4e82e Remove ASN1_OP_I2D_* callbacks.
afed9f762 Don't read it->funcs without checking it->itype.
866cccc54 Reject missing required fields in i2d functions.
c9b75aff2 Reject -1 types in ASN1_TYPE and MSTRINGs when encoding.
6e70be0f8 Correctly handle invalid ASN1_OBJECTs when encoding.
248ab8176 Check for invalid CHOICE selectors in i2d functions.
3b6cebb1e Fix x509_name_ex_i2d error-handling.
27b31cfc5 Correctly propagate errors in i2d functions.
25773430c acvptool: add hmacDRBG support
a03c34c6d Check for __TRUSTY__ instead of TRUSTY.
0fa3030e1 Update comment for ECH draft-13.
c0fcb4e24 Silence a GCC false positive warning.
1a668b39d Switch to the new, simpler WHATWG URL formulation.
b49b78ef3 Revert "Guard use of sdallocx with BORINGSSL_SDALLOCX"
19fe7943c Fix calculation of draft-13 ECH confirmation signal.
18b6836b2 Update to draft-ietf-tls-esni-13.
37a3c70c0 Reword SSL_get0_ech_name_override documentation.
07b365f63 Remove SSL_set_verify_result.
dddb60eb9 Make most of crypto/x509 opaque.
59aff62ca Remove V_ASN1_APP_CHOOSE.
6b7525a9f Rewrite ASN1_PRINTABLE_type and add tests.
31f462a1e Include SHA512-256 in EVP_get_digestbyname and EVP_MD_do_all.
96181288c NUL is not printable.
c65543b7a Make RSA_check_key more than 2x as fast.
417010f9b Benchmark RSA private key parsing.
c6d3fd1d0 Work around yet another MSVC 2015 SFINAE bug.
d55f450c4 Avoid re-hashing the transcript multiple times.
a75027b04 Make ssl_parse_extensions a little easier to use.
e2cb42376 Deduplicate our three ServerHello parsers.
61f320874 Merge in OpenSSL's X.509 corpus.
6038ac5ce Run X509_print in the certificate fuzzer.
cdfc2595b Fix some error-handling in i2v functions.
4bf0a19ac Fix typo.
5984cfe8e OPENSSL_strndup should not return NULL given {NULL, 0}.
b27438e12 Rewrite name constraints matching with CBS.
04601b026 Add some tests for name constraints.
2d10c18b3 Fix i2v_GENERAL_NAME to not assume NUL terminated strings
4f9a7ba47 Do not rely on ASN1_STRING being NUL-terminated.
954506271 Add a CBB_add_zeros helper.
047ff6428 Linkify RFCs in documentation.
8648c5369 Refer to RFCs consistently.
16c3e3ae0 runner: Test session IDs over 32 bytes.
05ce773ca Process the TLS 1.3 cipher suite in one place.
80df7398c Guard use of sdallocx with BORINGSSL_SDALLOCX
a603c828d Bump minimum GCC version and note impending VS2015 deprecation.
006f20ad7 Add Span::first() and Span::last().
2e68a05c9 Simplify built-in BIOs slightly.
69ec7c8de Fix some error returns from SSL_read and SSL_write.
b9ee7b143 Fix negative ENUMERATED values in multi-strings.
1b2db8c7c Add a test for ASN1_mbstring_copy and clean up.
eb17de499 Remove ASN1_TFLG_SET_ORDER.
b319e3b89 Fix ASN1_STRING_print_ex with negative integers.
e3a365554 Check i2d_ASN1_TYPE's return value in ASN1_STRING_print_ex.
4c993da66 Document ASN.1 printing functions.
07a6628e4 Move some ASN1 printing functions to crypto/asn1.
0dcbc6e14 Move a_strex.c back to asn1, split X509_NAME bits out.
1201c9ad8 Unwind io_ch abstraction in print functions.
7a6066ca6 Implement ASN1_STRING_print_ex_fp, etc., with file BIOs.
b9ec9dee5 Remove OPENSSL_NO_FP_API ifdefs.
28d7252d2 Move X509_ALGOR to x509.h.
8627e9743 Unexport BIT_STRING_BITNAME.
11a24ae02 Unexport ub_* constants.
f8b3961b0 Always use an ASN1_STRING_TABLE global mask of UTF8String.
6d8456980 Document ASN1_mbstring_copy.
47c5f9d2f Update ghashv8-armx.pl from upstream.
549e4e799 Align with upstream on 'close STDOUT' lines.
7e265971c Avoid double-expanding variables in CMake.
ead57c300 Reject years outside 0000-9999 in ASN1_GENERALIZEDTIME_adj.
46e0523ea Add some tests for time_t to ASN1_TIME conversions.
046fc130d Remove ASN1_STRING_FLAG_MSTRING.
116d9250a Document another batch of functions.
e9fae77c0 Clarify BIO_new_mum_buf's lifetime rules.
0768d42c2 generate_ech.cc: include needed headers
f1d153dc3 Don't overread in poly_Rq_mul
5799ebfe5 acvp: recognise another style of JSON.
d422d2c4a Revert "Revert "Revert "Disable check that X.509 extensions implies v3."""
c1571feb5 acvp: add HKDF support.
7a817f48b Add 'generate-ech' command to bssl tool
e38cf79cd Don't enable atomics in NO_THREADS configurations.
17be3872a Check strtoul return for overflow error in GetUnsigned()
897a2ca3f Add convenience functions to malloc EVP_HPKE_CTX and EVP_HPKE_KEY.
6191cc95a Document that SSL_PRIVATE_KEY_METHOD should configure signing prefs.
519c2986c Always have CRYPTO_sysrand_for_seed.
715301301 hrss: use less stack space.
94a608a1f Make X509_EXTENSION opaque.
a5a9b54d8 Make X509_CRL opaque.
b86dcfefe Switch another malloc to bssl::Array.
ecc301ca0 Add a pointer alignment helper function.
268a4a6ff Remove unused field in X509_NAME_ENTRY.
61a21e7ec Fix sign bit in BN_div if numerator and quotient alias.
ad5db9658 Handle the server case in SSL_get0_ech_name_override.
62d6ed60d Remove -2 return value from X509*_get_*_by_NID.
2cf7a2cde Remove X509at_get0_data_by_OBJ.
957f23d2c Document a batch of extension-related functions in x509.h.
7ada84669 conf: fix getting keys from the default section.
919a97393 conf: don't crash when parsing.
ae7c17868 Add some OpenSSL compatibility aliases.
170045f49 Make ASN1_OBJECT opaque.
e3a7bd0a8 Rename asn1_locl.h to internal.h.
5514476c4 Update hpke_test.go.
c220b5fa6 Decorate x509v3_a2i_ipadd declaration as its definition.
25d501c77 SHA-256 is used on AArch64, even if NO_ASM.
b90cdddcd swtb is another AArch64 magic tweak.
ba423c9a1 Implement ClientHelloOuter handshakes.
ca7ef8c85 runner: Add a convenience function for base64 flags.
a10017c54 Reduce bouncing on the cache lock in ssl_update_cache.
10a76acb0 Only clear not_resumable after the handshake.
afa867be8 runner: Test that clients actually use renewed tickets.
5d224a559 runner: Clean up test logic.
c41a3a937 runner: Fix process exit timeout.
479adf98d Remove old ASN.1 SET macros.
b147c99dd Document some ASN1_INTEGER and ASN1_ENUMERATED functions.
87be65922 Document ASN1_STRING_to_UTF8.
5f8c681d7 Const-correct ASN1_item_verify a bit more.
520678284 Compute ASN.1 BIT STRING sizes more consistently.
cafb99211 Remove lh_FOO_doall.
ec8c67dfb Prefix internal LHASH functions.
7f85116be Unexport almost all of LHASH.
ec552cab8 Rename t1_lib.cc to extensions.cc.
f25ada3a7 Prefix and unexport a2i_ipadd.
f315a86df Fix a -Wdeprecated-copy warning.
9cbe737ec Validate ECH public names.
869bf9f3a Fold X509_VERIFY_PARAM_ID into X509_VERIFY_PARAM.
58abd2e6f Make X509_VERIFY_PARAM opaque.
36ea4d113 Move crypto/x509/vpm_int.h into internal.h.
6d3d0690f Reformat x509_vfy.h and convert comments.

Change-Id: I77e07130a3c3fdd777579f2789b8506cc2e0c275
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://nginx-review.googlesource.com/c/nginx/+/3943
Reviewed-by: Wayne Zhang <qiwzhang@google.com>
1 file changed
tree: bed4dec86ba9c36288f14db6d34eef0dcd29790f
  1. auto/
  2. bazel/
  3. conf/
  4. contrib/
  5. docs/
  6. misc/
  7. src/
  8. .bazelrc
  9. .bazelversion
  10. .gitignore
  11. .hgtags
  12. BUILD
  13. LICENSE
  14. README.md
  15. WORKSPACE
README.md

About

NGINX + BoringSSL + Brotli.

Building

To build nginx binary with Bazel:

$ bazel build :nginx

To build Debian package:

$ bazel build :nginx-google.deb

Contributing

This repository is currently maintained by Google developers.

Any code changes should be submitted to upstream NGINX.

License

Copyright (C) 2002-2021 Igor Sysoev
Copyright (C) 2011-2021 Nginx, Inc.
Copyright (C) 2015-2021 Google Inc.
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.

Disclaimer

This is not an official Google product.