tree 4977d24c852d1d294685adc6f10b1747c4b9e3d2
parent e471cf9d47cad34f3cc9db41b2dcb7bbda3a280b
author Piotr Sikora <piotrsikora@google.com> 1512771539 -0800
committer Piotr Sikora <piotrsikora@google.com> 1513129217 +0000

Bazel: update BoringSSL to 296a61d / 27ae6ca (master-with-bazel).

This update includes the following changes:

296a61d6 bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.
2bc93706 Add X509_NAME_get0_der from OpenSSL 1.1.0.
d8dbde79 Don't allow negative EC_KEY private keys.
6979c7e8 Disable Clang -Wtautological-constant-compare.
56d5d708 Update tools.
494e4d0e Add an option for False Start without ALPN.
a5462d30 Actually deprecate ERR_remove_thread_state.
d3ec6f1a Add missing errno.h include to bio_test.cc
bc37ad91 Fix alignment-violating cast.
9986f6b0 Fix renegotiation with TLS 1.3 draft 22.
48eaa28a Make EC_POINT_mul work with arbitrary BIGNUMs again.
2fc4f362 Revert "Support high tag numbers in CBS/CBB."
095b6c9b Also add a decoupled OBJ_obj2txt.
1530ef3e Add early data input from file.
fb535892 runner: Rewrite some more parsers.
c5c31abe Enforce compression_method in TLS 1.3 draft 22.
e6cefe41 Update PR 1091 CL to use draft22 version.
fc9c6759 Bound the input to the bn_mod_exp fuzzer.
a7673fac runner: Parse CertificateRequest with byteReader.
28b267b3 runner: Parse Certificate with byteReader.
bd911af5 runner: Parse SH/HRR/EE with byteReader.
7ce23787 runner: Send the right alert for handshake message parsing failures.
47b8f00f Reimplement OBJ_txt2obj and add a lower-level function.
be8c8b4b runner: Add a byteReader type and convert ClientHello parsing.
8c9ceadc Add switch to enable draft 22.
56aaf164 Pretty-print large INTEGERs and ENUMERATEDs in hex.
27bc0f26 Fix CBS tag class docs.
2fce1bed Remove spurious ;
e3b2a5d3 Const-correct X509_ALGOR_get0.
61e92455 Use some of the word-based functions for ECDSA verification.
86c2b854 Don't use BN_nnmod to convert from field element to scalar.
a838f9dc Make ECDSA signing 10% faster and plug some timing leaks.
66801feb Support high tag numbers in CBS/CBB.
02514002 Use dec/jnz instead of loop in bn_add_words and bn_sub_words.
2056d729 Remove DSA_sign_setup too.
42a8cbe3 Remove ECDSA_sign_setup and friends.
8dc226ca Add some missing OpenSSL 1.1.0 accessors.
855d5046 Unwind legacy SSL_PRIVATE_KEY_METHOD hooks.
67623735 Fix memory leak on sk_X509_EXTENSION_push failure.
c367ee54 Add a CFI build flag.
8c565fa8 Include a couple of missing header files.
8793942c Fix fuzzer mode suppressions.
6d218d6d Remove unused function.
0a5f0067 Test that EC_POINT_mul works with the order.
e7c95d91 Run TLS 1.3 tests at all variants and fix bugs.
3bba5ccf Add EndOfEarlyData to per-message tests.
ac4d5346 Add missing error path.
b8d677bf Deduplicate built-in curves and give custom curves an order_mont.
66f82355 Enforce some bounds and invariants on custom curves.
a08bba51 Add bn_mod_exp_mont_small and bn_mod_inverse_prime_mont_small.
40e4ecb7 Add "small" variants of Montgomery logic.
a01aa9aa Split BN_from_montgomery_word into a non-BIGNUM core.
6bc18a3b Add bn_mul_small and bn_sqr_small.
64619dea Const-correct some of the low-level BIGNUM functions.
bd275702 size_t a bunch of bn words bits.
73df153b Make BN_generate_dsa_nonce internally constant-time.
b25140c7 Fix timing leak in BN_from_montgomery_word.
8db94be1 Add ECDSA tests for custom curves.
74b828f2 Clarify the documentation for |BN_is_bit_set|.
e6f30e4c Add tests for post-handshake CCS in draft "22".
13761f28 Fix TLSInnerPlaintext limit.
ba8f1864 Disable 'draft 22' by default.
4ddbc7bd Fix early data printout in bssl client.
ca8c2c7e Refresh TLS fuzzer corpora.
964b2377 Implement PR 1091 (TLS 1.3 draft '22').
3bcbb375 Fix -early-data documentation.
a00fd08c Use consistent notation in ECDSA_do_verify comments.
d66bbf34 Tidy up BN_mod_exp_mont.
607f9807 Remove BN_TBIT.
bf3f6caa Document some BIGNUM internals.
0a9222b8 Fix comment typo.
238c2740 Capitalization nit.
6aedfc13 Remove unnecessary loop over BN_generate_dsa_nonce.
89633258 Appease UBSan on pointer alignment.
929f8428 Remove custom memcpy and memset from poly1305_vec.
0967853d Add CFI start/end for _aesni_ctr32[_ghash]_6x
ee2c1f3e aesni-gcm-x86_64.pl: sync CFI directives from upstream.
fa60369d Add error handling in ASN1_i2d_bio.
b8e2d632 es/asm/{aes-armv4|bsaes-armv7}.pl: make it work with binutils-2.29.
40e8c921 change URL type in third_party METADATA files to GIT
aa4c3f21 fix a typo in third_party/fiat/METADATA
d5dda9b8 Align |BN_div| with its documentation.
b1cbe197 Say a bit more about BIO_METHOD.
5b90eb98 Add a -require-any-client-cert flag to bssl server
fdd5fed0 Also print name for SSL_SIGN_RSA_PKCS1_MD5_SHA1.
b2c312d6 curve25519: fiat-crypto field arithmetic.
5b280a80 Move curve25519 code to third_party/fiat.
55761e68 Use a higher iteration limit for RSA key generation at e = 3.
431e767c curve25519: adhere to preconditions of fe_*.
6cc352e2 Add helper functions for SSL_SIGN_*.
2eb28897 bn/exp: don't check |copy_to_prebuf|'s retval in |BN_mod_exp_mont_consttime|.
6dda166d Support additional curve names.
a02ed04d Add more compatibility symbols for Node.
f7412cb0 Update tools.
2d07d30c bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal.
cd8470f7 Adding support for draft 21 as a TLS 1.3 variant.
cfc120eb Remove RC4 remnants in runner.
3b903f25 Move the SSL_eNULL special-case into the matching function.
5be3a74c Remove supports_cipher hook.
dca1afb3 Fix up make_errors.go.
f1db1a39 Another scoper conversion.
2637f3c4 Even more fun with Span.
696c13bd Clear bottom three bits of password scalar in SPAKE2.
08e817d3 Fix Python code formatting in comment in SPAKE2.
ba94746e Remove temporary logging.
4281bcd5 Revert assembly changes in "Hide CPU capability symbols in C."
8f06074a Handle malloc failures better in bn_test.cc.
4f94a838 asn1_item_embed_new(): don't free an embedded item
a67b1015 Fix memory leak in GENERAL_NAME_set0_othername.
98ca81da Use unsigned integers for masks.
cb16f17b Check EC_POINT/EC_GROUP compatibility more accurately.
2a768d04 Fix overflow checks when converting ASN.1 integers to long.
f5beb883 Disable macOS architecture hack on CMake 3.0.
af92418b Generate bn_div and bn_mod_exp corpus from bn_tests.txt.
51073ce0 Refcount EC_GROUP.
d24fd47f Fold EC_POINT_clear_free into EC_POINT_free.
ed842911 Revert "Pack encrypted handshake messages together."
b26ab5c7 Clear remaining BORINGSSL_ANDROID_SYSTEM ifdefs.
3f5d1381 Remove EVP_set_buggy_rsa_parser stub.
fed560ff Clear no-op BN_MASK2 masks.
cba79879 Revert "Use uint128_t and __asm__ in clang-cl."
f6942f0d Use uint128_t and __asm__ in clang-cl.
acf2f34d Remove unused constant.
6675cfdd Unexport more of lhash.
4455e599 Clear some _CRT_SECURE_NO_WARNINGS warnings.
883b5461 runner: Check c.hand before changing ciphers.
75d43b57 Pack encrypted handshake messages together.
dd6c2e88 Check early ALPN before offering 0-RTT.
800046fe Give DTLS1_STATE a destructor.
fadc975b For Android there is no need to expicitly link pthread lib.
049fdfc7 Give hm_fragment and DTLS_OUTGOING_MESSAGE destructors.
71ea6b12 Clear the last of ssl->s3->tmp.
32ce0ac0 Move init_buf and rwstate into SSL3_STATE.
8e7bbbab Use more scopers.
94172578 Give SSL3_STATE a constructor and destructor.
a37f286f Remove the buggy RSA parser.
ea712e31 Make SSL3_BUFFER a proper C++ class.
38636aba Hide CPU capability symbols in C.
3b358b25 Specify -stdlib=libc++ if APPLE
7f8c553d Add BN fuzzer.
f6632dae Make all read errors idempotent.
a031b612 Replace open_close_notify with open_app_data.
e8d0746b Prevent writing when write_shutdown is set.
d9229f98 Lift BIO above SSL_PROTOCOL_METHOD.
33febf60 Don't call ssl3_read_message from ssl3_read_app_data.
97250f4d Switch a bunch of things from int to bool.
31aad2dc Make low-level record errors idempotent.
f8de2af7 Push read_shutdown logic down a layer.
a05d427b Align dtls_open_record and tls_open_record more closely.
3b777adb Remove remnants of blocking DTLS timeouts.
40e94701 Always process handshake records in full.
f66e8822 Fix documentation for |ssl_ticket_aead_method_st|.
2eb4bc5e Android.bp: Use target.linux for all linux kernel based targets
619c8cec Fix uninitialized warning.
e1068b76 Test RSA premaster unpad better.
168fb2e9 Fix DEPS defaults.
11ac519d Test DTLS record/packet packing more aggressively.
fdb7a358 Add a test for SSL_pending.
24f5b18f Update copies of tools.
75a1f236 Have a bit more fun with Span.
dbf12fc2 Use new DEPS conditionals.
5dde6236 Fix location of Clang stamp file.
00f48c82 Rename and move a few more ssl3_ functions around.
d1e3ce1f Rename ssl3_send_alert and ssl3_protocol_version.
64950cb0 Don't rely on x509.h for SSL_FILETYPE_*.
4e840357 Fully hide LHASH_OF(SSL_SESSION).
b15aa0aa Add chacha.h to the list of documented headers.
01f26f3f Re-add hmac.h include to ssl.h.
771df441 Initialise a variable to zero for GCC 7.2.0.
1f1ac63b Fix typo in TODO comment.
666d16e2 Go through SSL_PROTOCOL_METHOD in the handshake.
31640931 Switch all the extension callbacks to bools.
7e58c5ef Switch more things to bools.
664e99a6 Make SSL_CTX opaque.
be165a2e Fix missing TicketMaxEarlyDataInfo in first session ticket.
e05b72c2 Use constexpr to avoid kNamedGroups initializer
2450027e Fold away clean boolean in BUF_MEM.
03a4b96c Move has_message logic to ssl3_get_message.
23c25d5b Rename some things for consistency.
a84b6f26 Fix comment.
c64d1239 Push Span down a layer.
751d1a1c Fold ssl_open_record_fatal_alert into ssl_open_record_error.
e52f4c46 Replay the entire error queue on ssl_hs_error.
b25a8999 Add the ability to save and restore the error state.
89bd372a Revert "Add new bots to the CQ."
73ffb74b Add new bots to the CQ.
e091af4f Special-case Eureka in generate_build_targets.py.
10154320 Set -Wno-array-bounds on gcc<4.8

Change-Id: Ia9364c516175b402aeff5780a423275b7bb2aed6
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://nginx-review.googlesource.com/3281
Reviewed-by: Lizan Zhou <zlizan@google.com>