external/boringssl: Sync to 1530333b25589ee4d4d52b10e78ee55dd82f6dcd.
Cherry-pick note: Needs to go into tm-dev base OS for FIPS certification
(b/233873228) and into the July module train to prevent breaking ABN Amro banking app in .nl (b/231880827) so cp-ing into tm-dev where it will merge forward into all needed branches.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/c9a7dd687987666df5910f2b35fdc8c3d1e5ed05..1530333b25589ee4d4d52b10e78ee55dd82f6dcd
* Remove X509_CRL_METHOD.
Update-Note: APIs relating to X509_CRL_METHOD are removed.
* Clean up ECDSA EVP_PKEY_CTRL_MD validation.
* Add a service indicator for FIPS 140-3.
* Move cmac into the FIPS module boundary.
* Use CMake's C/C++ version features.
* Update build tools.
* Don't leave stray errors in the error queue in X509_print_ex.
* Switch to the CIPD version of CMake on Windows.
* limit the feature macro stuff to __linux__
* Enforce X.509 version invariants more consistently.
Update-Note: Invalid CRL and CSR versions will no longer be accepted.
X509_set_version, etc., no longer allow invalid versions.
* Remove X509_to_X509_REQ.
Update-Note: Removed seemingly unused public API.
* Declare EVP_AEAD_CTX in base.h, like other typedefs.
* Add missing blank line between functions.
* Remove unions in EC_SCALAR and EC_FELEM.
* Implement SSL_CTX_set_num_tickets.
* Add tests for X509_NAME_print_ex.
* acvp: test CTR-DRBG with reseed in modulewrapper.
* Do pending `go fmt` updates.
* acvp: test SHA-512/256 with HMAC, RSA (PSS), and ECDSA.
* Add PSS to the AVCP regcap.
* Drop ACVP support for 3DES.
* Add function to return the name of the FIPS module.
* Support running tests on non-NEON devices.
* Update delocate tests
* Tidy up how ASN1_STRING_print_ex figures out the type.
* Remove the ASN1_TLC cache. It appears to not help performance.
* Fix build for older CMake versions.
* Remove code added to avoid SHA1 weakness.
* Update comment in light of prior change.
* ChaCha20-Poly1305 for Armv8 (AArch64)
* Replace the last strcasecmp with OPENSSL_strcasecmp.
* [build] Fix build with HEAD clang.
* Make calls to the verify callback consistant by calling ctx->verify_cb directly. This removes some temporary variables that would only be used to hold ctx->verify_cb.
* Try to require C11 (in non-MSVC compilers).
Update-Note: If the build fails with an error about C11, remove -std=c99
or -std=gnu99 from your build. Refcounting will get faster.
* Try to require C++14.
Update-Note: C++14 is now required to build BoringSSL. If the build
breaks, make sure your compiler is C++14-capable and is not passing
-std=c++11. If this is causing problems for your project, let us know.
* Reject [UNIVERSAL 0] in DER/BER element parsers.
Update-Note: There are two kinds of impacts I might expect from this
change. The first is BER parsers might be relying on the CBS DER/BER
element parser to pick up EOCs, as our ber.c does. This should be caught
by the most basic unit test and can be fixed by detecting EOCs
externally.
* Add CMake install rules.
* P-256 assembly optimisations for Aarch64.
* hrss: always normalize.
* Use SHA-256 for the FIPS integrity check everywhere.
* Remove unused variable
* Use X509 certificate alias as friendlyName in PKCS12
Bug: 231880827
Bug: 233873228
Test: atest CtsLibcoreTestCases CtsLibcoreOkHttpTestCases
Change-Id: I748d8d55ffab4ea4441648307a797e7b709b6def
(cherry picked from commit e6e9a5d015a010d2fab0a13392eca548f7c370cc)
Merged-In: I748d8d55ffab4ea4441648307a797e7b709b6def
173 files changed
