external/boringssl: Sync to branch fips-20230428.
Cherry-pick note: Needed for FIPS certification.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/32b51305debe43e38e7bf2c2b13c4ebf3b474e80..15655052e8701f908937204785eaa8cd4363099f
* Set FIPS version for validation.
* Support WPA 3.1 "enterprise" mode.
* runner: Remove an unnecessary use of AllCurves
* Move the old SPKAC types to their own section
* Remove unimplemented SSL BIO_ctrl values
Update-Note: I found no code using those symbols (that we build). If
anything was, they most likely were broken. Now they'll fail to build
and the brokenness will be more obvious. (If we find something needs it,
we can always go back and implement them.)
* Don't copy all of bssl-sys into the CMake build directory
* Remove go:build ignore from convert_wycheproof
* X509_sign, etc., should return the length of the signature on success
* Add some missing includes
* Specify the TLS cipher order more straightforwardly
* Squeeze a block at a time when computing the matrix in Kyber
* Align TRUST_TOKEN_pst_v1_voprf with draft-21 of VOPRF
* Re-add go:build ignore lines
* Move convert_wycheproof into its own package
* Allow passing extra flags to BoGo shim
* Remove TLS_RSA_WITH_NULL_SHA
Update-Note: TLS_RSA_WITH_NULL_SHA is no longer available. Nothing
should be enabling it anymore. Callers using
SSL_CTX_set_strict_cipher_list instead of SSL_CTX_set_cipher_list will
notice if they're affected very quickly, because the functino will
fail if this cipher is referenced. As a deprecated cipher suite, this
cipher was already unavailable unless explicitly named, so if your
configuration doesn't say "TLS_RSA_WITH_NULL_SHA" or "NULL-SHA", you
were not using this cipher.
* Only rerun bindgen when its dependencies change
* Add mechanism for deprecated declarations.
Update-Note: We are starting to mark some functions in
boringssl as deprecated declarations which will cause the
compiler to emit warnings if they are used. The intention
is both to prevent accidental use in new code, and to to call
attention to call sites in existing code so that the documentation
for the deprecated function can be revisted and appropriate action
taken.
* Spell includes in wrapper.h like the rest of the project
* Replace sort.Sort with sort.Slice
* Fix allowlist regex in bindgen invocation
* Update docs to recommend a much more convenient CMake invocation
* Trim some unused XN_FLAG_* values
Update-Note: Some seemingly unused XN_FLAG_* values were removed. If
some project fails to build, we can put them back but one shouldn't be
using this function in the first place.
* Remove --size_t-is-usize from bindgen call
* Clarify in ssl.h documentation not to use the verify callback
* Move the X509 time functions under "Convenience functions"
* Remove the X509at_* functions
* Organize X509_ATTRIBUTE functions into sections.
* Document a pile of X509 print functions
* Generate 64-bit Curve25519 and P256 code for MSVC
Bug: 280428514
Test: atest CtsLibcoreTestCases CtsLibcoreOkHttpTestCases boringssl_crypto_test boringssl_ssl_test
Change-Id: Ica0562d53b1f2b711145c88054349934f037f15e
Merged-In: Ica0562d53b1f2b711145c88054349934f037f15e
(cherry picked from commit e943a2289a1394dbe1dd5b49b8aac8757fafde54)
88 files changed
