tree 5073bd01a3783b3efc07f3e8f7850e8aa433421a
parent 5cb55c317a25d4dd7c9d0a98857cfc7727df4486
author Piotr Sikora <piotrsikora@google.com> 1540268567 -0700
committer Piotr Sikora <piotrsikora@google.com> 1540395081 +0000

Bazel: update BoringSSL to 4b96833 / a200d14 (master-with-bazel).

This update includes the following changes:

4b968339 Add a compatibility EVP_CIPH_OCB_MODE value.
0e150027 [util] Mark srtp.h as an SSL header file
8c659c1f [rand] Disable RandTest.Fork on Fuchsia
6650898e Remove -fsanitize-cfi-icall-generalize-pointers.
b68b8322 Fix undefined function pointer casts in LHASH.
1eff9482 Use proper functions for lh_*.
b0189084 Better handle AVX-512 assembly syntax.
80aa6949 Always push errors on BIO_read_asn1 failure.
2d98d49c Add a per-SSL TLS 1.3 downgrade enforcement option and improve tests.
e3418028 Fix div.c to divide BN_ULLONG only if BN_CAN_DIVIDE_ULLONG defined.
28babde1 Include aes.h in mode/internal.h
62a4dcd2 Fix section header capitalization.
e1ee0f5b Fix build in consumers that flag unused parameters.
c1eef7f7 [perlasm] Hide OPENSSL_armcap_P in assembly
ce00828c Test the binary search more aggressively.
fac6fb99 Opaquify CONF.
9e97c022 Bring Mac and iOS builders back to the CQ.
e17e14df Remove LHASH_OF mention in X509V3_EXT_conf_nid.
a943613e Inline functions are apparently really complicated.
7c3ce519 Actually disable RandTest.Fork on iOS.
52483994 Mostly fix undefined casts around STACK_OF's comparator.
fb4e2e0f Fix undefined casts in sk_*_pop_free and sk_*_deep_copy.
cbc3e076 Take iOS builders out of the CQ rotation too.
792c1dc4 Rewrite PEM_X509_INFO_read_bio.
73535ab2 Fix undefined block128_f, etc., casts.
419144ad Fix undefined function pointer casts in {d2i,i2d}_Foo_{bio,fp}
217bfd3c Fix undefined function pointer casts in IMPLEMENT_PEM_*.
3474270a Always print some diagnostic information when POST fails.
13fd6274 Disable RandTest.Fork on iOS.
8d2f4b99 Const-correct sk_find and sk_delete_ptr.
892a31b5 Add a test for STACK_OF(T).
7039f403 Rename inject-hash: Bazel does not like hyphens.
5b33effa Rename OPENSSL_NO_THREADS, part 1.
1764d7a3 Fix ERR_GET_REASON checks.
e7692f55 Add a basic test for PEM_X509_INFO_read_bio.
fb86b888 Replace BIO_new + BIO_set_fp with BIO_new_fp.
c93711b1 Remove Mac try jobs from the CQ.
066b1089 Add util/read_symbols.go
5ede28c8 Tighten up getrandom handling.
49025989 Remove SHA384_Transform from sha.h.
371305f5 Push an error on sigalg mismatch in X509_verify.
ca4971cb Sync bundled bits of golang.org/x/crypto.
5baee456 Use Go modules with delocate.
302ef5ee Keep the GCM bits in one place.
580be2b1 Trim 88 bytes from each AES-GCM EVP_AEAD.
0990a552 Set up Go modules.
b5e4a225 Use sdallocx, if available, when deallocating.
d1673c21 Remove the add_alert hook.
3f18c4c5 Fix doc.go error capitalization.
ff997452 Don't include quotes in heredocs.
5cf05ad2 Add missing bssl::UpRef overloads.
350257db Roll back clang revision.
8b60cde1 Update tools.
689019fe Fix BORINGSSL_NO_CXX.
bef6cc29 Fix check of the pointer returned by BN_CTX_get
695e589b Include newlines at the end of generated asm.
e77c27d7 Automatically disable assembly with MSAN.
967cd821 Mark the C version of md5_block_data_order static.
d6680958 Reorder some extensions to better match Firefox.
19ac2666 Make symbol-prefixing work on ARM.
4b85a945 Document alternative functions to BIO_f_base64.
8525ff31 Another batch of bools.
632d1127 Add some RAND_bytes tests.
8c7c6356 Support symbol prefixes
492c9aa9 Fill in a fake session ID for TLS 1.3.
e84c3753 Create output directories for perlasm.
3a08fbd2 Fix Fiat path.
3faf3db6 Fix GCC (8.2.1) build error.
12f58786 Some more bools.
681ff277 Flatten most of the crypto target.
1fcae84a Flatten assembly files.
d144539d Flatten the decrepit target.
8e09d901 Clarify "reference" and fix typo.
8cd61f71 Fix corner case in cpuinfo parser.
f016f814 Add some about ownership to API-CONVENTIONS.
92812cb7 Tidy up docs for #defines.
53affef4 No negative moduli.
67e64342 Document that ED25519_sign only fails on allocation failure
2556f8ba Clarify thread-safety of key objects.
e768212e shim: don't clear environment when invoking handshaker.
6855e0a4 Switch the default TLS 1.3 variant to tls13_rfc.
9c969bf4 Switch to Clang 6.0's fuzzer support.
7f4f41fa Don't depend on extension ordering to avoid an empty final extension.
23849f09 Fix TLS 1.3 downgrade tests.
1c2532ff Fix error strings for SSL_R_TLS13_DOWNGRADE.
4ac9405e Remove unused BORINGSSL_PREFIX.
21558f43 Document error behavior of PKCS5_PBKDF2_HMAC and EVP_PBE_scrypt
1c2779e8 Don't let a NULL mean the initial SSL_CTX in SSL_set_SSL_CTX.
929fd44f Update URL for GN quick start guide.
a130ce0b Update TLS 1.3 citations for the final RFC.
c4131a4a Support the allocating case of i2d_ASN1_{BOOLEAN,OBJECT}.
378cca80 Handle a modulus of -1 correctly.
01e8e625 Don't allow RC4 in PEM.
f1af129f Implement TLS 1.3 anti-downgrade signal.
ae322395 Remove dummy PQ padding extension.
cac346ed Update Miller–Rabin check numbers.
97816995 Document error behavior of various functions
dea6d90d Document failure conditions of some EVP, HMAC, and CBB functions
28655677 Use Span/Array for ticket decryption.
6b0d8222 Format ssl/internal.h with clang-format.
bc3286bb Add a pile of compatibility functions.
5e3c8a61 Bound two other cases of PKCS#12 iteration counts.
d4514530 Implement final TLS 1.3 RFC!!!
1c337e56 Option to reverify certs on resumption.
bdc40980 Add new curve/hash ECDSA combinations from Wycheproof.
af37f848 Add RSA-PSS tests from Wycheproof.
f84c0dad Use newly-sharded ECDH tests.
367115b0 Fix SSL_CTX_set1_sigalgs fuzzer and make them all more type-safe.
a711b53e Update Wycheproof test vectors.
ad040c59 "Update" clang.
e6fd125d Align on a single CMake style.
ddedf6d4 Fix SSL_CTX_set1_sigalgs_list fuzzer.
17dc94e8 Add -handshaker-path to run_test.
678c841c Use -flto=thin in the CFI bot.
4e446f27 Update citations to RFC 8410.
8625ec4b No-op commit to kick the bots.
69e91902 Work around missing MSan interceptor for posix_spawn.
e9ae99bb Add an option to statically link a custom libc++.
1f0d54b8 Don't assert on uninitialized memory in tests.
1beddac9 Update tools.
7c1f21a1 Add XChaCha20-Poly1305 AEAD.
a3202d7b Add EVP_CTRL_AEAD_* constants.
826ce150 Support OpenSSL APIs SSL[_CTX]_set1_sigalgs[_list].
e3ffaae0 Remove apparently unused cq_name field.
ad8e29b0 Add linux_fuzz to the CQ.
3314d157 Escape backslashes in crypto test data.
04e149f8 Set the fuzzer PBKDF2 limit to 2048.
c81965a8 Set PBKDF2 limit in PKCS#12 to 100M.
2bcb3151 Limit the number of PBKDF2 iterations when fuzzing.
6410e18e Update several assembly files from upstream.
e2779394 Don't accept “SSL client” as a substitute for S/MIME in the Netscape cert type extension.
e833a6df handshaker: kick PRNG when resuming in UNSAFE_DETERMINISTIC_MODE.
74bfa0c0 Fix header include for handshake.
e5388e09 Add handshaker as run_tests dependency.
8bd1d075 Require basicConstraints cA flag in intermediate certs.
0224a329 Add X509_V_FLAG_REQUIRE_CA_BASIC_CONSTRAINTS.
e7b78770 Ask shim whether it supports split handshakes.
548c2764 shim: perform split handshakes in a separate binary.
c448f175 Fix the build with FIPS + NO_ASM.
fadd8b42 Add script for showing FIPS self-test failures.
4732c544 Add ECDH_compute_key_fips inside the module.
c4f3b8a2 Add a compile time verification ciphers are sorted for bsearch()
23e9aec9 Support Wycheproof vectors with the curve given in the group.
f3bfab00 Comment change in codereview.settings
ed09f2d5 Move the MSan sanity check to a source file.
9af1edbe Don't build test/malloc.cc with TSAN.
22ac2d9b Fail the build if MSan is built with assembly.
fc04cb21 Add some TSan coverage of CRYPTO_BUFFER.
6c04bd11 Add some basic SSL_CTX threading tests.
c5f680ec Add a thread test for RSA.
5852cfcc Add a basic TSan test for ref-counts.
20b6a4e2 Clear r->neg in bn_mod_{add,sub}_consttime.
d154c7cc shim: call SSL_CTX_set_tlsext_ticket_keys() only once.
6d597a34 shim: rewrite MoveTestState() to use a serialized representation.
0cbb1af4 Don't mint TLS 1.3 tickets if SSL_OP_NO_TICKETS is set.
5869eb39 Test cert_cb and certificate verify ordering.
c59b9aac Remove more remnants of SSLv3.
8d1203d6 Fix some malloc error handling.
861abccb Switch a bunch of ints to bools.
3218c1db Add support for building ppc64le with bazel
35b4a125 Namespace CertCompressionAlg and use more scopers.
89b9ecf0 Add more scopers.
bc118ee6 Add SSL_get0_peer_verify_algorithms.
0a3e07ac Remove custom extensions support.
42ea84b3 Update Wycheproof test vectors.
ce777626 shim: extract a |DoSplitHandshake| helper function.
79f1a49c Update delocate to handle new compiler output.
a4e9f8d3 Simplify SSLTranscript.
e0afc857 Send an alert if we fail to pick a signature algorithm.
428fb3ad Make |BORINGSSL_MAKE_UP_REF| a no-op when C++ is disabled.
c312fd02 Remove MoveTestConfig().
82639e6f Use a pool of |rand_state| objects.
4685376b Remove other unnecessary tlsext_ prefixes.
7bb0fbf7 C++ the ticket keys a bit.
0ce090ac A bunch more scopers.
50596f8f Switch some easy SSL fields to UniquePtr.
c1389f2c Give SSL and SSL_CTX dummy constructor and destructor.
49798037 Unsplit SSL and SSL_CTX.
e7b2b13f Add link to CMake bugfix.
c7db3232 Add “bssl::” prefix to |UpRef| and |PushToStack| in fuzzer code.
85967951 Drop C++ from certificate compression API.
d2f87a77 shim: move handshake helper functions into their own file.
f2bc5f49 shim: move |TestState| and |TestConfig| to their own files.
bfdd1a93 Give SSL_SESSION a destructor.
58150ed5 Add lh_FOO_retrieve_key to avoid stack-allocating SSL_SESSION.
63c79122 Remove the redundant version check in ssl_session_cmp.
53d2c7a8 Remove fail_second_ddos_callback.
2908dd14 Add bssl::UpRef.
2e74fdaa Don't redefine alignas in C++.
aaef8334 Use more accessors in ssl_test.cc
0363de9a Namespace SSL_X509_METHOD.
a3a71e9d Flip SSL_SESSION fields to bool.
997ff094 shim: move |SettingsWriter| into its own file.
791f2822 Fix VS build when assembler is enabled
26f82971 Switch to 64-bit tools on Windows.
0cc51a79 Remove reference to SSL3 in PORTING.md.
9c3b120b [fuchsia] Update to zx_cprng_draw
a0373182 Update QUIC transport parameters extension codepoint
9bb15f58 Remove SSL 3.0 implementation.
fec83fc7 Order draft-28 over draft-23.
3815720c Add a bunch of compatibility functions for PKCS#7.
eaf0a17d Add a copy of NASM to util/bot/ in BoringSSL.
79c97bf3 Allow empty return values from PKCS7_get_*.
8803c058 Properly advance the CBS when parsing BER structures.
b4810de6 Make X509 time validation stricter.
03de6813 Write error messages in the FIPS module to stderr.
bcfb4991 Add special AES-GCM AEAD for TLS 1.3.
954eefae Actually add AES-192-OFB.
0080d83b Implement the client side of certificate compression.
f6e5d0d5 Add AES-192-OFB.
7139f755 Fix some timing leaks in the DSA code.
9f9c938a Revert "Reland "Revert "Add other Windows configurations to the CQ."""
23aa4d22 Update tools.
dd935202 Zero-initialize tmp in ec_GFp_simple_mul_single.
6ff2ba80 [fuchsia] Update to zx_cprng_draw_new
43eb0af5 Reland "Revert "Add other Windows configurations to the CQ.""
23e92d5d Revert "Revert "Add other Windows configurations to the CQ.""
4665da6e Add OFB ciphers to EVP_get_cipherbyname.
3b2ff028 Add SSL_SESSION_get0_id_context.
b570fd9f Link advapi32.lib when linking crypto.
070151c9 Update ECDH and EVP tests to accept latest Wycheproof vectors.
1c68fa23 Hide SSL_SESSION.
3e2b3ee2 Hand back in-progress handshakes after a session resumption.
5267ef7b Reject unexpected application data in bidirectional shutdown.
a307cb7d Preliminary support for compressed certificates.
c1e4f338 Use std::thread in thread_test.cc.
1627871d Include bn/internal.h for RSAZ code.
7bf0bccd Add missing <condition_variable> include.
caf8ddd0 Add SSL_SESSION_set1_id.
81a6f6d8 Add a tool to check for filename collisions.
fe7a1744 Fix typo.
a827d180 Match OpenSSL's EVP_MD_CTX_reset return value.
9229b4fb Fix typo in build flags.
700631bd Pack encrypted handshake messages together.
81d4a03b Update tools.
f86693df Document the correct nonce length for AES-GCM.

Change-Id: Ifafe3719b9e1c923806868c414c2a2878d3df6e6
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://nginx-review.googlesource.com/c/3505