tree 16ded51759d5714fc37cc9eda6b1b7dd23bd3375
parent cbc605f1be7bf0301c86dded98fc878d173906b3
author Piotr Sikora <piotrsikora@google.com> 1656376340 -0700
committer Piotr Sikora <piotrsikora@google.com> 1656434912 +0000

Bazel: update BoringSSL to 227ff6e / 62079f7 (master-with-bazel).

227ff6e64 Remove unions in EC_SCALAR and EC_FELEM.
3f180b822 Implement SSL_CTX_set_num_tickets.
df6311bc6 Add tests for X509_NAME_print_ex.
735a86834 acvp: test CTR-DRBG with reseed in modulewrapper.
25e5b06d4 Do pending `go fmt` updates.
097ffe139 acvp: test SHA-512/256 with HMAC, RSA (PSS), and ECDSA.
1a541d4db Add PSS to the AVCP regcap.
82413455b Drop ACVP support for 3DES.
a56d941c4 Add function to return the name of the FIPS module.
a75bee541 Support running tests on non-NEON devices.
9a836f784 Update delocate tests
8b988b8b8 Tidy up how ASN1_STRING_print_ex figures out the type.
0e0ca82b2 Remove the ASN1_TLC cache. It appears to not help performance.
48f794765 Fix build for older CMake versions.
15302de89 Remove code added to avoid SHA1 weakness.
553e81e47 Update comment in light of prior change.
53a87b7c5 ChaCha20-Poly1305 for Armv8 (AArch64)
59e37765f Replace the last strcasecmp with OPENSSL_strcasecmp.
f299342e3 [build] Fix build with HEAD clang.
6686352e4 Make calls to the verify callback consistant by calling ctx->verify_cb directly. This removes some temporary variables that would only be used to hold ctx->verify_cb.
f961de5c4 Try to require C11 (in non-MSVC compilers).
493d5cbed Try to require C++14.
edbdc240e Reject [UNIVERSAL 0] in DER/BER element parsers.
2fc6d3839 Add CMake install rules.
fa3fbda07 P-256 assembly optimisations for Aarch64.
f7e1a94bd hrss: always normalize.
27ffcc6e1 Use SHA-256 for the FIPS integrity check everywhere.
af34f6460 Remove unused variable
225e8d39b Use X509 certificate alias as friendlyName in PKCS12
c9a7dd687 Retire the Windows BIO_printf workaround.
4984e4a63 Work around another C language bug with empty spans.
f94a7ce59 ASAN replaces malloc and free with its own implementation.
8c8e7a683 Update fiat-crypto.
21440764d Remove VS 2015 support.
b99b98b6e Remove X509_TRUST_set_default.
753435403 Replace internal use sha1 hash with sha256.
8bbefbfee Document that |EC_KEY_generate_fips| works for both cases.
972ab5223 Allow the integrity test to be run on demand.
c6e8f3ed0 Add a function to return a FIPS version.
7f4057ec1 Add a function to tell if an algorithm is FIPS approved.
dcba84922 Add vs2019 to vs_toolchain.py.
6378c47cb Unexport X509_CERT_AUX and remove X509_CERT_AUX.other
d0f14f398 Document and tidy up X509_alias_get0, etc.
c7a3c4657 Don't loop forever in BN_mod_sqrt on invalid inputs.
933f72a0f Make a whitespace commit to trigger a build.
e5abf588c Rust bindings: Use CARGO_MANIFEST_DIR in build.rs
ab69425a9 Remove ASN1_ADB_INTEGER.
6196faba8 Replace an ASN1_INTEGER_get call with ASN1_INTEGER_get_uint64
fdd526036 Correctly handle LONG_MIN in ASN1_INTEGER_get.
de139712b Implement ASN1_INTEGER_set_uint64 with ASN1_STRING_set.
bdc35b636 Rewrite and tighten ASN1_INTEGER encoding and decoding.
366e88662 Deduplicate the rest of ASN1_INTEGER and ASN1_ENUMERATED.
fa2cd1ee8 Fix theoretical overflow in ASN1_INTEGER_cmp.
d258de724 Include rsa/internal.h for |...no_self_test| functions.
66d856322 Limit the pthread_rwlock workaround to glibc.
6e25e54b1 Rewrite ASN1_INTEGER tests.
cc4333d75 Use X509V3_add_value_int in i2v_AUTHORITY_KEYID.
e4b3e6afb Fix x509v3_bytes_to_hex when passed the empty string.
657c69b3c Reimplement ASN1_get_object with CBS.
7fac386a1 Add an explicit indefinite-length output to CBS_get_any_ber_asn1_element.
8a3818418 Use ctype(3) in a more standards-conformant way.
81502beed Linkify RFCs in more places in the docs.
4b55af0fc Make FFDH self tests lazy.
3053b739b Make ECC self tests lazy.
c76da9d46 HPKE is now RFC 9180.
6595ddb35 Include the policy document for the most recent FIPS validation.
4d955d20d Check static CPU capabilities on x86.
31ece98da Align rsaz_avx2_preferred with x86_64-mont5.pl.
17c8c8110 Enable SHA-NI optimizations for SHA-256.
ec85d0ddb Update Intel SDE.
08970b312 Include the EKU extension in bssl server's self-signed certs.
0da6b4805 Don't call a non-test file *test.h.
1c2e61efe Make RSA self-test lazy.
263f48997 Add link to new Android FIPS certificate.
b9c6d67c2 delocate: handle a new output form in Clang 13.
8f7cb2f7c Drop, now unused, KAT value.
ea9fb94c3 Drop CAVP code.
d04c32a3d Break FIPS tests differently.
f8235e499 Don't forget hmac.h in self_check.h.
9cad13eea Perform SHA-$x and HMAC KAT before integrity check.
b0ed28e25 Add a couple of spaces to `check_test`.
15565a898 Split FIPS KATs into fast and slow groups.
a91953977 Move DES out of the FIPS module.
44a141fa1 acvp: don't send the Authorization header when renewing tokens
5112b45ce Support Bazel's test-sharding protocol.
68addd2f7 Simply CMake assembly source selection.
351b2f8ce Rename generated assembly from 'mac' or 'ios' to 'apple'
0f1417ce0 Build aarch64 assembly for macOS in the bazel build.
ac3f4fb8e Fix OPENSSL_NO_ASM definition in bazel.
c5179c693 Use @platforms in Bazel rules.
123eaaef2 Record ClientHelloInner values in msg_callback.
44425ddc7 Fold ssl_decode_client_hello_inner into ssl_client_hello_decrypt.
7198d1132 Explicitly reject self-referential ech_outer_extensions.
0fc57bef1 Simpler square-root computation for Ed25519
0f4454c07 Condition split handshake tests on Linux in CMake.
b90261a38 Implement PEM_read_bio_DHparams with the macro.
387f82054 Limit _XOPEN_SOURCE to Linux.
c03e99a59 Fix Unicode strings for C++20
345c86b1c Switch CRYPTO_BUFFER_POOL to SipHash-2-4.
50e7ea5f0 LSC: Apply clang-tidy's modernize-use-bool-literals to boringssl
960ddfee4 Fix mac_arm64 builder.
ea46caf26 Put Rust binding generation behind an explicit flag and only build bindings for the targeted Arch
be04c566c Add ARMV8_SHA512 detection for Fuchsia.
8d8d8f3ea Generates "low-level" bindings for Rust using bindgen
36a41bf0b Add note about Gerrit account creation
d1593f54c Make EVP_AEAD_CTX_free accept NULL.
ec476ef04 Zero out the values from the integrity check.
f79757032 Ignore duplicates in |X509_STORE_add_*|
0354b79d7 Don't #include "internal.h" twice.
24e97fb69 Version bump: 2 -> 3.
d80f17d5c Simplify __ARM_ARCH__ definition.
a94c26778 Don't use __ARMEL__/__ARMEB__ in aarch64 assembly
846a22700 Switch __ARM_FEATURE_CRYPTO to __ARM_FEATURE_{AES,SHA2}.
661266ea0 Move CPU detection symbols to crypto/internal.h.
37faa936b Move public APIs from cpu.h to crypto.h.
295b31324 Rename CPU feature files with underscores.
1e15682f1 Enable SHA-512 ARM acceleration when available.
af561c221 Sync sha512-armv8.pl up to 753316232243ccbf86b96c1c51ffcb41651d9ad5.
e90cf82ac Import sha512-armv8.pl transforms from upstream NEON code.
9bcc12d54 Import a few test vectors from OpenSSL.
d7936c23c Use uint16_t in TestConfig and enable -Wformat-signedness.
203b92b70 Reorder flags to match TestConfig struct.
8ed06e0fd Rewrite bssl_shim command-line parser.
066469055 Fix X509_CRL_print error-handling.
94089a8b5 Silence -Wformat-signedness when printing X.509 versions.
866b88dfe Don't print small, negative serial numbers in decimal.
4f1fae304 Fix the easy -Wformat-signedness errors.
e21f272a6 Add BIO_tell and BIO_seek wrappers.
9631bc104 Remove non-standard wildcard input DNS names.
405c7888a Rewrite X.509 name-matching tests.
c3c540b9a Remove non-standard X.509 DNS wildcard matching.
2042972e8 Make X509_REVOKED opaque.
7e2a95788 Document |SSL_set1_host| return values.
7e7e6b693 Add |SSL_set1_host| and |SSL_set_hostflags|.
731d6cbef Add ERR_set_error_data for compatibility.
cd0b76749 Add BN_GENCB_new, BN_GENCB_free, and RSA_test_flags.
d703d95b8 Remove X509_REVOKED.sequence.

Change-Id: Iba486e98187a96377a5613994e8dbda60a0bfb9c
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://nginx-review.googlesource.com/c/nginx/+/4002
Reviewed-by: Patryk Lesiewicz <patryk@google.com>