external/boringssl: Sync to 538b2a6cf0497cf8bb61ae726a484a3d7a34e54e.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/2a33faebe1827956e7fca8cbb15e2ca79b292d9c..538b2a6cf0497cf8bb61ae726a484a3d7a34e54e
* Restore the X509_EXTENSION ASN1_ITEM too
* Give WARNING paragraphs a splash of color
* Support lists and code blocks in doc.go
* sha: Add SSSE3 check to SHAEXT SHA-256 implementation.
* Give time.h a title and move to low-level infra group
* Restore the X509 ASN1_ITEM
* Add conf.h to the documentation output
* Skip emitting empty <pre> blocks in documentation
* Support medium memory models.
* Change certificate depth limit to match OpenSSL and document
Update-Note: The new semantics increase the limit by 1 compared to the
old ones. Thus this change should only accept more chains than
previously and be relatively safe. It also makes us more
OpenSSL-compatible. Envoy will need a tweak because they unit test the
boundary condition for the depth limit.
* Fix X509_ATTRIBUTE_set1_data with negative attributes
* sha: Move Armv7 dispatching to C
* Disable 32-bit Arm assembly optimizations on iOS
Update-Note: iOS on 32-bit Arm now disables assembly. This is unlikely
to impact anyone. As far as I can tell, 32-bit Arm for iOS thoroughly
does not exist anymore.
* Assume the Arm assembler can handle ADR
Update-Note: If 32-bit Arm assembly no longer builds, let us know and
tell us what your toolchain is.
* Document and fix up name hashing functions
Update-Note: This is source-compatible for C/C++, including with
-Wconversion, but some bindings need a patch in cl/588632028 to be
compatible.
* sha: Remove check for SSSE3 for AVX variants.
* Document functions that export verification internals
* sha: Move AArch64/X86-64 dispatching to C.
* Remove cert_verify_proc_blocklist.inc
* Call CheckPathAfterVerification in deadline/iteration limit case
* Fuzz more extension parsers in the cert parser
* Document GENERAL_NAME-related APIs
Update-Note: In the process, unexport the ASN1_ITEMs, and the d2i/i2d
functions for OTHERNAME and EDIPARTYNAME. These do not appear to be used
and removing them will cut down on the amount of compatibility glue
needed when we rewrite the parsers with a safer calling convention.
* Remove unused Chromium test data
* Remove fillins/log.h
* Unexport some STACK_OF types.
Update-Note: A few obscure STACK_OF(T) types are unexported. This is not
expected to impact anyone.
* Const-correct X509_TRUST and X509_PURPOSE
Update-Note: No one uses these APIs except for rust-openssl.
rust-openssl may need fixes because they seem to not quite handle C
const correctly.
* Remove dynamic X509_TRUST and X509_PURPOSE registration
* Actually remove KU_* from x509.h
* Add distrust by SPKI to TrustStoreInMemory
* Move KU_* back to <openssl/x509v3.h>
* Document or unexport some more of x509.h
* Add missing include
* Consistently call CRYPTO_free_ex_data first
* Fix the names of some X509_STORE_CTX functions
* Simplify and document X509_VERIFY_PARAM inheritance
* Add a debugging log facility to the delegate.
* Unexport X509_VERIFY_PARAM_lookup
Update-Note: Removed unused function.
Change-Id: I118f4a1ebff99f919d0f6ee63175633fe945822b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64487
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
* Fix build with -Wmissing-field-initializers
* Remove X509_VERIFY_PARAM_get0_peername
* Document some key usage accessors
* Simplify and document X509_supported_extension
* Const-correct X509_LOOKUP_METHOD
Update-Note: Making X509_LOOKUP_file and X509_LOOKUP_hash_dir return
const pointers is not quite source-compatible, but code search suggests
nothing cares. If we have to, we can cast const away in those functions,
but let's try the more type-safe option first.
* Fix KYBER_decap declaration
* Replace X509_LOOKUP_ctrl with real functions
* Name the hash functions in the Kyber implementation
* Pull the string-based extensions APIs into their own section
* Always use a 32-byte shared secret for Kyber
Update-Note: The Kyber public APIs have changed slightly, but we do not
believe there are any users of them yet.
* Tidy up x509_lu.c functions a little
* Clean up the by_file_ctrl x509 code to be slightly less obtuse
* Use relative links in markdown files
* Merge <openssl/x509v3.h> into <openssl/x509.h>
* Merge crypto/x509v3 into crypto/x509
* Simplify X509_VERIFY_PARAM_new and X509_VERIFY_PARAM_free
* Remove X509_VERIFY_PARAM names
Update-Note: Removed some unused functions.
* Add a value barrier in p224_select_point
* Add CRYPTO_{addc,subc}_* functions to crypto/internal.h
* Implement the old FIPS 186-2 PRF
* Document some X509_VERIFY_PARAM and X509_STORE functions
* Remove a pile of unused X509_STORE callbacks
Update-Note: Removed a bunch of unused X509_STORE callback functions.
We can restore them if someone was using them.
* add checkout command to BUILDING.md
* Move X509_INFO back into x509.h and document
* Give BIO an ex_data
* Remove fillins/openssl_util
* Remove unused fields in X509_LOOKUP and X509_LOOKUP_METHOD
* Fix some docs.go nits
* Unexport various unused X509_OBJECT and X509_LOOKUP functions.
* Add X509_OBJECT_new and X509_OBJECT_free
* Fix leak if X509_STORE_CTX_init is called on a previously initialized context
* Remove fillins/path_service
* Remove fillins/fillins_base64
* Remove fillins/file_util
* Remove fillins/fillins_string_util.[cc|h]
* Remove X509_STORE_CTX_zero
* Update README.md
* Remove IMPORT and related importing tools
* Use InsertBraces - and reformat pki as such
* Clang-format all of pki.
* Trim X509_INFO and move to crypto/pem
* Document ASN1_ITEM-based signing, etc. APIs
* Unexport some ASN1_ITEMs that aren't used externally
Update-Note: Fewer types can be parsed generically through the ASN1_ITEM
system now. If someone was relying on a removed ASN1_ITEM, it will
appear as a compile error and we can restore it.
* Document X509_NAME comparison functions
* Document PKCS8_PRIV_KEY_INFO and X509_SIG
* Document X509_PUBKEY functions
* Remove pki/fillins/net_errors.h
* Remove the _BORINGSSL_LIBPKI_ defines
Update-Note: _BORINGSSL_LIBPKI_ in build files can be removed.
* Remove no longer reachable CRL path validation code
* Remove support for the certificateIssuer CRL entry extension
* Use the ASN1_BOOLEAN typedef in ISSUING_DIST_POINT
* Unexport the idp_flags constants
* Remove some remnants of indirect CRLs in CRL matching
Update-Note: This also makes a corresponding distribution point change
to ignore distribution points with a CRLissuer field. Before, we would
check for it to match the CRL issuer, but this field is only meant to be
used with indirect CRLs (RFC 5280, section 6.3.3, step b.1). The old
code didn't include this, so I think it isn't *quite* a no-op on some
invalid DP/CRL pairs, but it matches the new verifier from Chromium.
* Remove the delta CRL special case on expiry
* Remove the now no-op CRL reasons loop
* Don't process DistributionPoints with a reasons field
Update-Note: See above.
* Remove the redundant idp_reasons field
* Remove removedFromCRL handling
* Remove dcrl output parameter in CRL lookup logic
* Don't parse delta CRL and CRL number extensions
Update-Note: While this is broadly a no-op, this may change behavior
slightly at the edges. Invalid CRL number extensions will now be ignored
instead of treated as a parse error. A delta CRL that incorrectly marks
its delta CRL extension as non-critical will be interpreted as a normal
CRL. (This is the expected behavior for an implementation which does not
implement delta CRLs. Extensions like this are supposed to be marked
critical.)
* Remove EXFLAG_FRESHEST
Update-Note: Though exported, this was an internal flag to the delta CRL
implementation. Remove it.
* Remove delta and extended CRL support
Update-Note: The X509_V_FLAG_EXTENDED_CRL_SUPPORT and
X509_V_FLAG_USE_DELTAS flags now cause verification to fail. They
weren't enabled by any caller.
* Manually unroll pi and rho steps in Keccak
* Don't prematurely run keccak_f in squeeze
* Remove X509_CRL_diff
Update-Note: Removed an unused function. This has no callers and is only
useful to create delta CRLs, which are similarly unused and being
removed.
* Expand and document RSA_PSS_PARAMS functions
* Document X509_REVOKED-related functions
* Const-correct and document trust/reject object APIs
* Limit the SHA_CTX workaround to C
* Simplify AES-GCM counter increment
* Remove unnecessary length check before OPENSSL_memcpy
* Test EVP_CTRL_AEAD_SET_IV_FIXED and friends
* Tighten the limit in ASN1_STRING_set further
* Fix delocate build rules with make
* Add basic C implementation of SPHINCS+-SHA2-128s.
* Update Go dependencies
Test: treehugger
Change-Id: I7261f06f8b3b77bb70e934d9aa1733ebf1a72b54
179 files changed
