commit 22ec57d7945c508d7380554a0b08e754e3d463e3
author Piotr Sikora <piotrsikora@google.com> Tue Jul 11 13:46:05 2017 -0700
committer Piotr Sikora <piotrsikora@google.com> Tue Jul 11 21:42:58 2017 +0000
tree 9f58dfd0e7e3a69de9c13833106c80e08485f3de
parent 4cc41a4aeefa580ca8a86a7fe251838d60bc6ce5

Bazel: update BoringSSL to d977eaa / 59eb3d5 (master-with-bazel).

This update includes the following changes:

d977eaa1 Make AES-GCM AEADs support the optional second input argument to seal_scatter.
74bce299 Change EVP_AEAD_CTX_seal_scatter to support an additional plaintext input.
946dd62a AES-GCM shouldn't keep its own version of the tag length.
3120950b Size TLS read buffers based on the size requested.
5df5be1a Fix record header callback on writes.
5aaaa98f Detect WatchGuard's TLS 1.3 interference failure mode.
bfd94db7 Trim RSA_METHOD and ECDSA_METHOD.
e55b32dd Don't crash when decrypting with public keys.
6fff3864 Support standard RFC cipher suite names alongside OpenSSL ones.
cd60bf0e Fix PPC redirectors.
05d4c972 Simplify SSL_get0_next_proto_negotiated.
44c0772c Remove some unnecessary indirections.
0a9bf669 Clean up some duplicated code.
773ae91d Fix PPC ELF ABI citation.
68161cb8 Stash the computed version range in SSL_HANDSHAKE.
fc08dfc4 Rename {ssl,ctx}->{min,max}_version.
4414874f Simplify ssl_private_key_* state machine points.
babcac1c Document error behavior of AEAD seal/open methods.
9961dff0 Unwind V2ClientHello counters.
0d1730dd Squash together states in the TLS 1.2 server Certificate flight.
b5f55c3a Squash together TLS 1.2 states for server Finished block.
9b6ff440 Use _STL_EXTRA_DISABLED_WARNINGS in VS2017.
d98107b4 Remove the last of the f_err pattern.
8d606e36 Clear out f_err pattern from handshake_client.c.
72b36cfe fuchsia: Use new spelling of NO_ERROR.
0a20f786 Update tools from Chromium.
a75fc710 Update fuzzer mode suppressions.
ca743582 Test SSL_select_next_proto and SSL_get_fd.
289e76b6 EVP_PKEY_cmp does not return a boolean.
0391f166 Fix some malloc failure handling.
e831a815 Adding support for sending early data on the client.
24e5886c Add a test for invalid alert types.
5e578c9d Don't draw entropy during FIPS power-on tests.
8379978b Allow |RSA_FLAG_NO_BLINDING| to be set with |e| set.
0a3663a6 ARMv4 assembly pack: harmonize Thumb-ification of iOS build.
3763cbeb sha/asm/sha512-armv8.pl: adapt for kernel use.
f03cdc3a Sync ARM assembly up to 609b0852e4d50251857dbbac3141ba042e35a9ae.
8da59555 ARMv4 assembly pack: allow Thumb2 even in iOS build, and engage it in most modules.
b9940a64 bn/asm/armv4-mont.pl: boost NEON performance.
ae96383a ARMv4 assembly pack: implement support for Thumb2.
e2ff2ca0 Revert "Use unified ARM assembly."
7f7ef53e Allow ILP32 compilation in AArch64 assembly pack.
43a40924 Add missing #include of assert.h
c07635f8 Remove local __arm__ ifdef on aes-armv4.pl.
0514e3df Remove needless type casting.
b529253b Implement scrypt from RFC 7914.
6af3a3d9 aead_test: Skip calls to EVP_AEAD_CTX_open_gather when not implemented.
19670949 Align EVP_PKEY Ed25519 API with upstream.
ff239452 ppc64le delocate: avoid r0 as a base register.
18d9f28f Add EVP_AEAD_CTX_{seal_scatter,open_gather}.
1845d0db Remove some dead code from crypto/asn1.
2dfa1ba6 Delete some dead code from crypto/x509.
5e61d533 Document support status of the legacy ASN.1 code.
c40e1830 Don't define BORINGSSL_SHARED_LIBRARY in generated bzl file.
656aa9a2 Convert p256-x86_64_test to GTest.
f6584e7a Generate iOS assembly in generate_build_files.py.
42adba51 Trim unused declarations in pem.h.
3b33f3eb Set static armcaps based on __ARM_FEATURE_CRYPTO.
619b323a Import Ed25519 tests from upstream to evp_tests.txt.
21882c5c Clarify rand locking comment.
204b8a11 Tag the power-on tests as a constructor function directly.
a09a65ff Be slightly more relaxed about how ppc64le global-entry TOC references look.
16c3f06e Convert evp_test to GTest.
e7d6988c Have run_cavp.go create “resp” directories as needed.
9f579bfe Use unions rather than aliasing when possible.
3d14a15e Run GTest-based tests in parallel.
17ce286e Work around an apparent Linux or glibc bug on ppc64le in FIPS mode.
d91e1efd Convert ECDSA tests to GTest.
54581cc6 Convert x509_test to gtest
8ba6a149 Fix build with VS 2017.
ce9f6937 Convert obj_tests to gtest
a26001b9 Convert remaining pkcs8 tests to gtest
0da939d3 Fix bazel crypto target dependencies.
f6e5b1f2 Revert "Fix platforms that don't define UINT64_MAX."
055375ef Support more complex offset / symbol section interleavings.
b0bb83a5 Bound ssl_ctx_api more aggressively.
e8ee9470 Don't enable ASM when OPENSSL_NO_ASM is set.
cb34f869 Convert thread_test to GTest.
6da9eaee Bound expensive opcodes in ssl_ctx_api.
6758d043 Convert bn_test to GTest.
a51912f7 p256-x86_64-asm.pl: minor sqr_montx cleanup.
2b56981b Move pkcs{7,8}_test over to gtest
e345f9b6 Fix typo in comments.
cd334a54 Handle TOC offsets by giving them to the linker.
733f46e8 Test unaligned input with each AEAD.
c5e9ac1c Move AES-GCM-SIV out from SMALL and handle unaligned keys.
6757fbf8 Convert a number of tests to GTest.
b22e15c3 Fix platforms that don't define UINT64_MAX.
2c84a469 Make test_fips more chatty.
c655cb7b Break hwrand as well as urandom when FIPS_BREAK_TEST=CRNG is set.
b89e025c Clarify the error message for an ECDSA power-on test failure.
0ffc795e Clear PRNG states in FIPS mode.
d79bc9d3 Echo CAVP comments in the output.
563924be Switch CAVP testing for AES-GCM to use external nonces.
592af539 Clarify toc@ha and offsets.
7f07fb2b Fix standalone ppc64le build.
f64a6eea Switch to new delocate tool.
2f3404bb Enforce incrementing counter for TLS 1.2 AES-GCM.
2d04cf08 Test with IPv6 by default, and IPv4 only if that fails.
7c075b99 Change ppc64le AES code for FIPS.
68f84f5c Add missing dependencies on exe_and_shlib_deps
806e18c0 Define OPENSSL_UNUSED for __clang__ as well.
59e1a818 Turn off clang-format in embed_test_data.go output.
e7d3922b Improve Curve25519 cswap x64 assembly
d94682dc Remove ex_data's dup hook.
21cb0744 Add tool for corrupting the FIPS module in a binary.
03c6fa44 AES-GCM is not defined for empty nonces.
e324de00 Convert various tests to GTest.
8c2e8282 Convert ed25519_test to GTest.
3ecd0a5f Convert aes_test to GTest.
8726d8fe Make the Windows build slightly quieter.
1f1eeead Allow FileTest to read from an abstracted line reader.
ef374b86 Remove ECDSA error code hack in evp_test.
dfef2081 Remove FileTest::SetIgnoreUnusedAttributes.
01f8a8c2 Convert stack.h to use inline functions.
894e2003 Add missing #include of delocate.h.
429e85b5 Have a single function for FIPS test failures.
5f107ce4 Prefer RDRAND in FIPS mode.
d55bd797 Fix SSL_COMP_get_compression_methods type signature.
25054231 Convert digest_test to GTest.
118355c6 fipstools: Add a sample binary that exercises methods from the FIPS module.
c49c9e7e Optimize constant-time base64 implementation slightly.
a4f7cc20 Don't call base64_ascii_to_bin twice on each byte.
b3aaffae Add a -no-fax option to run_cavp.
467d3220 Add FIPS-compliant key generation that calls check_fips for RSA and EC.
1ac4f16f tool: don't explicitly disable SSLv3 in the server
208e2393 Move OPENSSL_ASAN to base.h.
4dcc290e Fix GOTPCREL accesses to symbols defined outside the module.
b056ed30 No-op change to kick the bots.
48b6b8f0 Add SSL_CIPHER_has_SHA384_HMAC.
39655ef0 Add AES-GCM-SIV tests for counter wrapping.
2f238d98 Accept vmovq as an alias for movq.
866c2194 crypto/fipsmodule: Allow breaking CRNG self-test.
391cc8c7 Move FIPS build tools to util/fipstools.
583c12ea Remove filename argument to x86 asm_init.
c5388a1c Add sde-linux64 to .gitignore.
44ccadc8 No-op change to kick the bots.
c4dfc6f4 Revert "Add sde-linux64 to .gitignore."
fee85591 Add sde-linux64 to .gitignore.
18ffb16b No-op change to cycle the bots.
ad50a0d7 Fix diff_asm.go and revert another local MASM perlasm change.
82a83ff5 No-op change to cycle the bots.
768e6822 Only fixup CMAKE_ASM_FLAGS -isysroot if CMAKE_OSX_SYSROOT is set.
edafe479 Add hash of SDE tool for the bots.
43e5a26b Fixing assembly coverage reporting.
c5f0c16b Restore ios64_compile to the CQ.
1e5cb820 Add an option to build libFuzzer from DEPS.
799676c9 Add a flag to configure the path to the SDE executable.
ebc4de67 Update tools from Chromium.
63a13ac6 Take ios64_compile out of the CQ.
ce3ec70e Fix cq.cfg formatting.
d4847c6d Add some Android and iOS compile bots to the CQ.
0402f894 crypto/fipsmodule: Make more Known Answer Tests breakable.
74cd5d98 Refresh fuzzer corpus.
08ab59b8 Switch from 8bit-counters to trace-pc-guard.
1d59f6e3 Add a flag to toggle the buggy RSA parser.
8b0515b0 Fix fuzzer build.
f99d2c61 Remove obsolete TODO.
873ebc97 Improve TestConfig flags for initial and resumption connections.
93731d9d Remove old SSL min/max version functions.
20d202bb unrandom: #define _GNU_SOURCE, for syscall().
e838cfb5 Add a way to break one of the KAT tests.
95511e98 generate_build_files: omit tests from fips_fragments.
0d5b886e Switch BN_generate_dsa_nonce's hash back to SHA-512/256.
4d1f4ba0 Timeout the shim on Accept and Wait.
4c7b3bfd Switch integrity hash to SHA-512.
238148a8 Don't indicate FIPS mode when built with ASAN.
c0485d67 Teach delocate.go to handle loading function pointers into XMM registers.
c862c31f perlasm/x86_64-xlate.pl: work around problem with hex constants in masm.
4323e227 Tidy up FIPS module dependencies.
e34eaa64 Remove old masm workaround.
45dd8a04 Add missing #includes of delocate.h.
2e2a226a Move cipher/ into crypto/fipsmodule/
4249481a Add EVP_AEAD_CTX_[new|free] and UniquePtr support.
a90044a4 Bypass building fipsmodule/rand/urandom.c when builing for Trusty
b0521e38 Add AES-GCM-SIV assembly.
bf21849e fipsoracle: Remove fax sample verification baked into test suites. This is covered by run_cavp.go.
96dec443 Move rsa/ to fipsmodule/rsa/
aacb72c1 Move ec/ and ecdsa/ into fipsmodule/
ac52908e Fix RSA KeyGen CAVP test padding.
61ae41f1 Use a minimal totient when generating RSA keys.
a3d9c39c Fix ECDSA KeyPair CAVP test.
02690f75 Run CAVP tests in parallel.
ddfcc6a6 fipsoracle: Combine all test oracles into a single binary.
148ea89b Two tweaks to CAVP outputs to conform to NIST's expectations.
616c4c26 Fix make_errors.go.
073391f7 Detach encrypt and keygen hooks from RSA_METHOD.
be5c67d4 fipsoracle: Add AES KeyWrap test.
9b7228c5 Adding RSA2 KeyGen CAVP tests.
2d933590 Fix some error path logic in i2v_AUTHORITY_INFO_ACCESS and i2v_GENERAL_NAME
c0ae51df Fix URL links in comment
9afa7bc9 Fix time offset calculation.
e5adaef9 Put spaces between arguments of failed tests.
73eb3a9d Undefine some macros in bn/
6dd055d2 fipsoracle: Add MCT mode for TDES.
5eb75e21 Shush some uninitialized variable warnings.
ca62bee9 Don't emit a redirector for OPENSSL_ia32cap_get.
fa839dca Don't depend on crypto/bytestring for ECDSA self-tests.
09ffa773 Don't depend on crypto/bytestring for RSA self-tests.
83a9a264 Check RSA2 SigVer* files.
8209a7c5 Add RSA-PSS to RSA2 Sig{Gen,Ver} drivers.
2baccac8 Tidy up pkey_rsa_verify_recover.
79d18bc4 Add crypto/rsa-level RSA-PSS functions.
05821b0e Consistently check length in RSA_add_pkcs1_prefix.
8a3a2a99 Move des/ to crypto/fipsmodule/
d1c89cd7 Adding RSA2 PKCS15 CAVP tests.
8ee0d147 Fix comment typo.
2b2676f6 fipsoracle: Add cavp_tdes_test (KAT mode only).
5c38c05b Move bn/ into crypto/fipsmodule/
493b2a4b Add HMAC CAVP tests.
1ac76f7e Fix copy-pasted comment in fipsoracle/cavp_ctr_drbg_test.cc.
eb599890 Add ECDSA2 KeyPair CAVP test driver.
9abf84cc Add tool for ECDSA2 SigGen and SigGenComponent tests.
b387e229 Add CTR-DRBG CAVP test driver.
0fcac4bf Fix cavp_aes_gcm_test.cc line endings.
58e44990 Move crypto/fipsoracle/ to the top-level.
b8a3550f Add SHA CAVP test driver.
61e8d36f fipsoracle: Add MCT test for AES.
0c292edb Add a CAVP tool for ECDSA2 SigVer tests.
7ed2e82e Consistently report an error on ECDSA verification failure.
90801c12 Add a CAVP tool for ECDSA2 PKV tests.
29975899 Unwind DHE support from BoGo.
aaa4045b Add tool to run CAVP tests.
7c125879 Add crypto/fipsoracle.
c1399186 Handle pushing a pointer from the GOT.
c88f2459 Don't print message when waiting for urandom entropy.
def85b40 Revise OPENSSL_ia32cap_P strategy to avoid TEXTRELs.
075875fb Parse instructions more accurately.
91871018 Add an OPENSSL_ia32cap_get() function for C code.
a5237972 Don't test quite so many primes.
a684152a Downgrade BN_kronecker to bn_jacobi and unexport.
0d5bf8d8 Document ERR_error_string_n standalone.
a0cb725b generate_build_files: enforce uniqueness of test names.
fb383f0c delocate: replace "-as src1,src2,..." with "src1 src2 ...".
afd88c27 Allow embedders to replace gtest_main.cc.
d617e01c Fix fuzzer build.
321fcdc4 Convert default version tests in ssl_test.
e11726a9 Properly convert more of ssl_test.
a365138a Factor out the default signature algorithm logic.
01d65c27 Convert spake25519_test to GTest.
7d53128d Convert cmac_test to GTest.
2c152373 Remove test vectors for old ChaCha20-Poly1305 AEAD.
f1313014 delocate: .size BORINGSSL_bcm_text_hash, not OPENSSL_ia32cap_addr.
8da870a9 Fix build on android_aarch64.
02ba1789 Avoid needless C gymnastics.
1997ef22 Tidy up aesni_gcm_crypt logic.
1d134eee Add aes-(128|256)-gcm-fips-testonly mode for FIPS compatibility.
b1ffe0b3 Add primality checking for RSA_check_fips.
7ce349ef Add a compiler test.
8ebc9eaf Update BN_enhanced_miller_rabin_primality_test to enforce preconditions and accept BN_prime_checks.
c86a2300 Allow raw object files to be passed into inject-hash.go.
08c9b844 Don't get confused by comments when recognising symbol definitions.
518ba077 Switch constant-time functions to using |crypto_word_t|.
947417a1 Handle BSS sections.
b0d864ee Be stricter about which sections are allowed in delocate.
c2dce9c1 Have delocate process lines by pulling.
11f11e6f Sort lists of asm files and tests.
7784104d Move much of rand/ into the FIPS module.
f3d3cee4 Avoid messing with dummy functions in delocate.go.
23ebe09e Return int from bn_wexpand, not BIGNUM*.
6c679e1b Tidy up primality code.
fc674c82 Unexport bn_correct_top and bn_wexpand.
778e5ced Make the arguments to FIPS check_test consistent.
3975ecff Add CAVP GCMVS Known Answer tests.
34a8aacb Remove remnants of multiprime RSA parsing.
06481295 Move modes/ into the FIPS module
a54ebffa Fix lower bound in e in FIPS RSA checking.
4b65693c Make runner ignore entropy warnings.
44d40c5e Add NIST CAVP TMOVS Known Answer tests for TDES in CBC and ECB modes.
696b6b50 Fix several issues with prime numbers.
30bcb3bd Save time delocating when not using archive inputs.
1bd689d1 Don't indirect our own BSS accessor functions.
e2a701ea Handle GOTTPOFF relocations in delocate.go
e5be1740 Add DRBG KAT for FIPS.
13a129d3 Add 3DES KAT for FIPS.
777fdd64 Add RSA/ECDSA KAT for FIPS.
378a08aa Add PKCS7_get_raw_certificates.
6fdea2ab Move PKCS#7 functions into their own directory.
de254b4c Enforce max_early_data_size on the server.
5b6151df Add AES and SHA KAT for FIPS.
97104afe generate_build_files: allow tests paths to mismatch test source paths.
fc9f10f8 Implement Enhanced Miller-Rabin primality test for FIPS.
6c7f6bfa Add linux_fips_noasm_asan.
fb83bc32 Fix possible infinite loop in delocate.go.
2c45fa0b Convert bytestring_test to GTest.
76dd1800 Convert base64_test to GTest.
1ddd6e53 Make -loop survive errors.
8c62d9dd Move AES code into the FIPS module.
536036ab Implement base64 in constant-time.
d075706e Allow selecting ECDH curves in bssl tool.
71c21b43 Add SSL_CTX_set_verify_algorithm_prefs.
96bc12a4 Remove includeDHE from runner.go.
783e0957 Recast ECDSA nonce hardening as DRBG additional data.
bc6a76b0 Align BN_rand_range_ex with FIPS 186-4.
90ada2f4 Implement a “continuous RNG test” in FIPS mode.
bc7daec4 In FIPS mode, block at start up until the kernel has sufficient entropy.
92f888e8 Make fork-unsafe buffering act via CTR-DRBG.
88bb8489 Switch to CTR-DRBG
730d69e1 Add CTR-DRBG.
11fa7039 Remove the last remnants of key_exchange_info.
a33e0fc9 Update Miller-Rabin iterations to use FIPS specification.
2c673f15 Emit redirector functions in a fixed order.
61c4e274 Delocate more types of references.
d7bc3353 Detect any reference to OPENSSL_ia32cap_P.
b15143fe Fix check_fips for public keys and synchronize the EC and RSA versions.
400d0b7b Add PWCT for RSA and ECDSA for FIPS 140-2.
89abf7a4 Fix ECDSA signing for FIPS compliance.
a0eb4a81 “Fix” FIPS build under ASAN.
82b2b857 Unwind multiprime RSA support.
fb8b763e Align RSA key generation with FIPS 186-4.
82bad05d Inject FIPS hash without running module.
23aff6b0 Add AESVS KAT vectors (CBC and ECB only).
d403be92 Ensure consumers set up include paths properly.
b7ded430 Constrain RSA bit sizes.
ddd5ba78 Remove redundant check in RSA_sign.
f004aa55 Add a test when hashes are too large for RSASSA-PKCS1-v1_5.
d0b98821 Add RSA_check_fips to support public key validation checks.
31fa5a44 Run unit tests concurrently by default.
7e06de5d Really remove DHE ciphersuites from TLS.
cb3af3e9 Allow specifying certificate and key in separate files.
a5334497 Add support for 3DES-ECB.
4a2cc28b Unwind RSA_generate_multi_prime_key.
43780cbc Tidy up some repetitive code.
20422539 Split AES-CTR-HMAC and AES-GCM-SIV from e_aes.c.
f55e2e72 Add FIPS builders to CQ.
3cfeb952 Disable SSLv3 by default.
c1966801 Add comment about ensuring no other data follows the hash value in PKCS #1
bbba9394 Acknowledge KeyUpdate messages.
d9e5bc10 Infra: Enable extra checks for who is allowed to use Commit Queue.
ebacdeed Add SendServerHelloAsHelloRetryRequest test.
d3bca049 Remove a batch of f_errs.
adc15a79 Empty change to trigger the bots.
ab0e20a9 Enforce minimum EC group size when generating keys for FIPS compliance.
10f6bc7f Fix Android build.
aff72a38 Add the start of standalone iOS build support.
7182d51f Use BN_get_word in probable_prime.
2065481c Fix CRYPTO_once_t initialization test.
d0a40591 Be less clever about .rel.ro avoidance.
7f26bf84 Partially fix FIPS build under clang.
323f1eb7 Include the correct ar.go.
fd49993c First part of the FIPS module.
0ef8c7bd Add missing files to run_android_test.go.
1d2c02bb SHA1_Init cannot fail.
69522117 Support Ed25519 in TLS.
0aef1686 Comment typo fix: 1024 bits is too small, not too large.
d69d94e7 Teach crypto/x509 how to verify an Ed25519 signature.
4e78e309 Add a basic signing tool.
d768c5d7 Support Ed25519 keys in BoGo.
e1d18a7a Vendor a copy of golang.org/x/crypto/ed25519.
417830d9 Support EVP_PKEY_{sign,verify}_message with Ed25519.
05bb1c50 Implement draft-ietf-curdle-pkix-04's serialization.
cc17c248 Stop pretending RSA and ECDSA sigalgs are configurable.
6114c3c5 Clean up signature algorithm logic.
a232a715 Deprecate SSL_PRIVATE_KEY_METHOD type and max_signature_len.
bf833c34 Rename hs->public_key.
76feb1f9 Convert ssl_privkey.c to message-based signing APIs.
7c83fdaf Add message-based EVP_PKEY APIs.
712f3724 Make the bssl client -resume flag less confusing.
3e0b2ce1 Prune some dead constants.
c8ff30cb Add an option to allow unknown ALPN protocols.
0686c09e Fix CRYPTO_dup_ex_data.
b18cb6a5 Make the POWER hardware capability value a global in crypto.c.
42329a82 Clean up PKCS5_PBKDF2_HMAC.
8b487b73 util/generate_build_files.py: Filter test runner sources from BUILD files.
67bb45f4 Support enabling early data on SSL
faa539f8 Remove static output buffers for hash & HMAC functions.
ebcb5beb Sync vendored copies of Go poly1305 and curve25519.
107d4388 Gate assembly sources on !OPENSSL_NO_ASM.
cbfd3c04 Refresh fuzzer corpora.
0c05c37f Update fuzzer exclusions.
519118f9 Fix FUZZING.md typo.
a5f1b38d Use vec_vsx_ld to performance unaligned load instead of dereferencing a pointer and relying on a compiler to generate code for unaligned access.  Both gcc and llvm currently do that but llvm is going to change to generate code for aligned access.  The change in llvm will break SHA-1 on POWER without this fix.
7e9949c3 Import additional test vectors from RFC 8032.
17eeb982 Unwind the rest of EVP_PKEY_supports_digest.
6bb507bc Add missing tests for the Channel ID / 0-RTT interaction.
e94ec3f8 Use a union in tls_cbc.c.
79bc7a32 Remove unsigned-based constant-time functions.
643b77e6 Convert tls_cbc.c to size_t.
053a8f72 Bound EVP_tls_cbc_digest_record at runtime.
8d979e54 Push variable declarations in EVP_tls_cbc_digest_record.
b0ad3d74 Convert more RSA padding check functions to size_t.
43ea204d Convert RSA_padding_check_PKCS1_type_1 to size_t.
d1c0de6f Add size_t variants of constant-time functions.
f368c738 Fix fuzzer excludes.
fef78b03 Use an actual SCT for fuzzing.
a507617e Adding server fuzzer for early data.
764ab980 Support and test P-224 certificates.
a0ba400c Add cipher asserts for read/write app data.
ccbb165d Tidy up ssl3_choose_cipher.
8c26d750 Test the behavior of running SSL_do_handshake twice in a row.
7a60ca09 Synchronize bsaes-armv7.pl with upstream.
0f5d7d3f Just allocate what's needed for SSL write buffers.
95321e15 Fix diff_asm.go.
bbfe6035 Clean up end_of_early_data processing.
fc2d78dd Document server 0-RTT behavior.
681eb6ac Adding support for receiving early data on the server.
32c89271 Add a test for missing end_of_early_data.
81a191dc Convert constant_time_test to GTest.
94cf5d03 Remove some unnecessary NULL checks.
e0004409 Detach pkcs7.c from the OID table.
ca307ab6 tool: show if early data was accepted
065d733c Test ticket age skew when resuming a resumed session.
2a070721 Prevent Channel ID and Custom Extensions on 0-RTT.
246eeee6 Make RI on TLS 1.3 alert with ILLEGAL_PARAMETER.
794cc59e Send half-RTT tickets when negotiating 0-RTT.
02084ea3 Decouple PKCS8_encrypt and PKCS8_decrypt's core from crypto/asn1.
3cb12467 Remove session_tickets_sent.
7ce10d5d Partially split out crypto/pkcs8's legacy ASN.1 dependencies.
4784b99b Use set_{accept,connect}_state + do_handshake in bssl_shim.
7d2dbc37 Add a comment around the set_{min,max}_version logic.
e3843d41 Run all state machine coverage tests on implicit handshake.
f466cdb5 size_t the RSA padding add functions.
bbf42465 Add a test that ALPN is rejected on renegotiation.
8cd7bbf5 Push password encoding back into pkcs12_key_gen.
3cb047e5 Decouple PKCS#12 hash lookup from the OID table.
2d85062c Add Data-less Zero-RTT support.
f35e8384 Fix parsing of PBKDF2 parameters.
7179e53e Remove TODO.
1d4fa785 Decouple PBE lookup from the OID table.
cfb9d147 Update pkcs8 error data.
c90ed190 Tidy up error-handling around computing the hash in PSS.
96e744c1 Decouple PKCS#5 cipher lookup from OID table.
9292632c Add some PSS test vectors with non-zero salt length.
5e2d0c92 Add some more RSA-PSS verification tests.
57e81e66 Name |select_certificate_cb| return values
cedc6f18 Remove DHE ciphersuites from TLS.
d8518422 Reduce crypto/pkcs8 dependency on OID table.
aea20c15 Fix potential memory leak in ASN1_TIME_to_generalizedtime()
5c127789 Convert bio_test to GTest.
2d05568a Fix out-of-memory condition in conf.
fd67f61b Fix bounds check in RSA_verify_PKCS1_PSS_mgf1 when sLen is -2.
5916207d Improve RSA-PSS test coverage around length bounds.
8c646797 Remove BIGNUM and CBIGNUM crypto/asn1 types.
eb302884 Remove crypto/asn1 LONG and ZLONG.
2ddc461a Add additional RSA-PSS and RSA-OAEP tests.
6a53b99f Fix generate-coverage.sh.
076c6a33 Fix a memory leak in X509_STORE_add_cert/crl error handling.
aefc6b27 Fix a crash in print_notice.
b2285411 Convert asn1_test to GTest.

Change-Id: I7c8c631de864cb98006ff0884f39ae639711c78f
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://nginx-review.googlesource.com/3081
Reviewed-by: Lizan Zhou <zlizan@google.com>