File boringssl.changes of Package boringssl

-------------------------------------------------------------------
Mon Mar 31 21:34:00 UTC 2025 - Jeff Kowalczyk <jkowalczyk@suse.com>

- Update to version 0.20210430 tag fips-20210429. This pinned
version of boringssl is expected by go1.22 and go1.23 when
building with GOEXPERIMENT=boringcrypto.
Refs boo#1236000
* Remove non-deterministic bits from ECDSA ACVP test.
* Reference the newer ChaCha20-Poly1305 RFC.
* Use passive entropy collection everywhere.
* Rename X509V*_VERSION constants.
* Const-correct ASN1_OBJECT_create.
* Clarify OBJ_get0_data and OBJ_get_length.
* avcp: SHA-1 for ECDSA _verification_ is still supported by NIST.
* A couple of Aarch64 FIPS delocate fixes.
* Use a placeholder for unknown errors in ERR_*_error_string.
* Include assembly optimizations in Bazel builds on Linux-aarch64.
* Remove some BoringSSL-only X509_CINF functions.
* Document and test X509_ATTRIBUTE creation functions.
* Revert handshaker fd numbers and make StartProcess more flexible.
* Remove support for malformed X509_ATTRIBUTEs.
* Make X509_ATTRIBUTE opaque.
* acvptool: Fix typo hard-coding the HTTP method.
* Document a few more x509.h functions.
* Make X509_PUBKEY opaque.
* Always encode booleans as DER.
* Fix issuerUID and subjectUID parsing in the key usage checker.
* Add experimental handshake hints API.
* Make our Python scripts Python-3-compatible.
* Export ssl_client_hello_init for fuzzers.
* acvp: support GMAC as an algorithm.
* Record a fuzzing corpus for the ClientHelloInner decoder.
* Use a consistent plural for 'corpus'.
* Add util/bot/libFuzzer to .gitignore.
* acvp: support KAS-ECC-SSC staticUnified mode.
* Check for invalid ALPN inputs in SSL_(CTX_)set_alpn_protos.
* Don't duplicate ServerHello construction code.
* Rearrange key share and early data logic.
* Only skip early data with HRR when offered.
* Add ECH server config API to ssl_ctx_api fuzzer
* Fix ppc64le build.
* Simplify the Lucky13 mitigation.
* Add ECH server (draft-ietf-tls-esni-09).
* runner: Remove unused field
* runner: Construct finishedHash earlier.
* Simplify tls_cbc.c slightly.
* Remove remnants of CBC SHA2 cipher suites.
* runner: Test different V2ClientHello challenge lengths.
* runner: Ensure helloBytes is always the same as hello.marshal().
* runner: Fix ECH confirmation calculation with PSKs in tests.
* runner: Fix HPKE parameter order.
* runner: UpdateForHelloRetryRequest cannot fail.
* runner: Don't use the buffer in TLS 1.3.
* runner: Don't maintain two copies of the same transcript hash.
* runner: Remove remnants of SSL 3.0.
* runner: Fix writeClientHash and writeRecord ordering.
* runner: Remove CheckTLS13DowngradeRandom.
* runner: Remove remnants of the separate HelloRetryRequest message.
* runner: Store a cipherSuite in ClientSessionState.
* runner: Move writeHash to the finishedHash struct.
* Fix the spelling of HPKE AEAD constants.
* Don't reset server callback expectations on new handshake.
* Fix MockQuicTransport::Flush error handling.
* Fold ripemd/internal.h into ripemd.c.
* Move load/store helpers to crypto/internal.h.
* Make words in crypto/fipsmodule/modes actually words.
* Handle EINTR more in handshaker.cc.
* Add a few missing SSL_R_BIO_NOT_SET cases.
* Fix some unreachable code in the QUIC handshaker driver.
* Rearrange SSLKeyShare::Serialize.
* Fix ssl/internal.h sectioning.
* Remove some now unnecessary test exclusions from split handshakes.
* Remove tls13-split-handshakes flag.
* Define HANDSHAKER_SUPPORTED in once place.
* Tidy up handshaker tester.
* modulewrapper: add option to print build information.
* FIPS counters for AES-CTR.
* Enforce that pre_shared_key must come with psk_key_exchange_modes.
* Zero out FIPS counters.
* Remove is_resume field on TestState.
* Remove OPENSSL_DANGEROUS_RELEASE_PTHREAD_KEY build flag.
* Add some warnings on how to use OPENSSL_memory_* functions.
* Use an unsized helper for truncated SHA-512 variants.
* Fix mismatch between header and implementation of bn_sqr_comba8.
* Remove GCC 4.8.99 check.
* Bump minimum CMake version.
* Automatically enable C11 atomics when available.
* Make generate_build_files.py python3 compatible.
* Remove X509_REQ_set_extension_nids and document related functions.
* Document a few more functions in x509.h.
* Do not access value.ptr with V_ASN1_BOOLEAN.
* Add X509_PUBKEY_get0_public_key.
* Test empty EVP_CIPHER inputs and fix exact memcpy overlap.
* Revert "Implement rsa_pkcs1_sha256_legacy."
* Fix unnecessarily direction-specific tests in cipher_tests.txt
* Refactor HPKE API to include explicit length parameters.
* Generalize make_errors.go to allow EVP covering multiple directories.
* Add a Windows no-op impl of BORINGSSL_self_test
* Only pass -handshaker-path in split handshakes tests.
* Add RNG support for FreeBSD.
* Move fips.c into a subdirectory.
* Implement rsa_pkcs1_sha256_legacy.
* Better document nullable X.509 getters.
* runner: Remove redundant -enable-all-curves shim flag.
* Initialize nonce in PerAEADTest.ABI.
* Document ASN1_TYPE and related functions.
* fips: add counters.
* Align with OpenSSL on constness of static ASN1_OBJECTs.
* Add -rr-record flag to runner.go.
* Register NAME_CONSTRAINTS with bssl::UniquePtr.
* Register POLICY_MAPPING with bssl::UniquePtr.
* Stub out some more of PKCS7.
* Remove TODO to reverse the output of PKCS12_parse.
* Make the X509_VAL structure opaque.
* Support creating unencrypted PKCS#12 files.
* Move PKCS#12 samples to embed_test_data.
* Remove some remnants of TLS 1.3 downgrade carveouts.
* Remove X509_REQ_to_X509.
* Fix OPENSSL_EC_* constants and add EC_GROUP_get_asn1_flag
* RAND_set_rand_method returns int.
* Check the inner and outer CRL signature algorithms match.
* Remove block_mask from EVP_CIPHER_CTX.
* Document a couple more functions in x509.h.
* Define X509V*_VERSION constants.
* Handle the default X.509 version explicitly.
* Compile for RISC-V.
* Add ECDSA nonce-testing functions.
* Rearrange ECDSA implementation.
* Split the FIPS mode PRNG lock in two.
* Remove legacy vs_toolchain.py environment variable.
* runner: Rename 'masterSecret' on session objects to plain 'secret'.
* Test ECDSA signing is non-deterministic.
* acvp: split ACVP modulewrapper for reuse by Trusty
* No-op CL to trigger some builds.
* Use CIPD Go packages.
* Update CMake on the bots and switch to CIPD where available.
* Future-proof vs_toolchain.py for VS2019.
* Revert "Revert "Disable check that X.509 extensions implies v3.""
* Update Clang and Go on the bots.
* Check for OBJ_nid2obj failures in X509_ATTRIBUTE_create.
* Don't overflow the output length in EVP_CipherUpdate calls.
* Remove X509_issuer_and_serial_hash.
* Fix Bazel build breakage.
* Specify VS toolchain by command-line argument.
* Update Android Bazel build support in BUILD.toplevel.
* Honor SSL_TLSEXT_ERR_ALERT_FATAL in the ALPN callback.
* acvp: detect header element in JSON.
* Align the ARM capability functions.
* Skip runtime NEON checks if __ARM_NEON is defined.
* acvp: don't include CMAC-AES in regcap dump.
* acvp: fix CMAC verify
* Include bn/internal.h for non-bcm.c builds.
* Add various function calls to test_fips.
* Add missing include to self_check.c.
* Revert "Disable check that X.509 extensions implies v3."
* Fix TLS13SessionID-TLS13 test.
* Use ID instead of Id in Go.
* acvp: move CMAC verification into the module wrapper.
* Benchmark BORINGSSL_self_test in FIPS mode.
* Support MOVLPS and MOVHPS in delocate.
* Add FFDH FIPS self-test.
* acvp: update to newer FFDH test.
* Add basic BLAKE2b-256 support.
* acvp: check that the payloadLen of cipher tests is correct.
* acvp: update test expectations in light of 8dcdcb39a7
* Support cross-compiling AArch64 FIPS to Android.
* acvp: drop 3DES fields from output when unused.
* acvp: don't advertise SHA-1 RSA signature generation.
* Fix comments that refer to old draft of HPKE.
* Define TLSEXT_TYPE_quic_transport_parameters to the old code point for now.
* Make BN_clear_free a wrapper around BN_free.
* delocate: support Aarch64
* Add DH_compute_key_padded.
* Fix client 0-RTT handling with ALPS.
* acvp: add XTS support.
* doc: fix SSL_set0_rbio
* Add support for the new QUIC TLS extension codepoint
* delocate: preprocess perlasm output on Aarch64
* Replace MockQUICTransport tags with record types.
* Run extension tests at all protocols.
* Make QUIC tests work with early data.
* Make QUIC work with -async tests.
* Fix ALPS state machine in QUIC servers.
* runner: Allow tokbind without RI/EMS in TLS 1.3.
* Test that ALPS can be deferred to the ALPN callback.
* Send ECH acceptance signal from backend server.
* delocate: handle Aarch64 assembly in parser.
* Add ASM optimizations for Windows on Arm
* Use gai_strerrorA on Windows.
* Optimize suffix building in FileTest::ReadNext().
* A handful more compatibility functions.
* Update HPKE to draft-irtf-cfrg-hpke-07.
* acvp: drop subprocess_test.go
* Add some OpenSSL-compatibility aliases
* delocate: eliminate expression from vpaes assembly.
* delocate: support alternative comment indicators
* Update third_party/googletest.
* acvp: add tests
* Fix chacha20_poly1305_x86_64.pl comments.
* Fix awkward wording in comment.
* Update ECH GREASE to draft-ietf-tls-esni-09
* Gerrit ignores <sup>; use Unicode superscript instead.
* acvp: better document the subprocess protocol.
* Add .text.unlikely.* pattern to fips_shared.lds.
* acvp: fix silly errors.
* acvp: load config later.
* Allow some non-minimal lengths in BER.
* Export tool_sources to GN.
* Use more efficient std::string::find overload.
* Revert "Add support for the new QUIC TLS extension codepoint"
* Move DH parameter generation out of the FIPS module.
* Add support for the new QUIC TLS extension codepoint
* Use stdlib.h instead of cstdlib in span.h.
* Check for trailing data in X509Test.GeneralName.
* Fix ChaCha20-Poly1305 x86-64 asm on Windows
* Include bn.h from bn/internal.h
* acvp: add support for finite-field Diffie–Hellman.
* Move DH code into the FIPS module.
* Remove unused Netware codepaths in x86 perlasm.
* Finish switching to NASM.
* Switch to passive entropy collection for Android FIPS.
* Skip ASN.1 template tests in Windows shared library builds.
* Add TLS_KDF to documented break tests.
* acvp: add support for KAS
* Align armv8.pl references to OPENSSL_armcap_P.
* Reject bad ASN.1 templates with implicitly-tagged CHOICEs.
* Implement GREASE for ECH (draft-ietf-tls-esni-08).
* acvp: add TLS KDF support
* acvp: tweak config
* acvp: fix subprocess_test.go
* Const-correct GENERAL_NAME_cmp.
* Fix EDIPartyName parsing and GENERAL_NAME_cmp.
* PWCT failures should clear the generated key.
* Get closer to Ed25519 boundary conditions.
* draft-ietf-tls-certificate-compression is now RFC 8879.
* Update FIPS.md to include latest FIPS certificate.
* Only accept little-endian ARM and MIPS variants in base.h.
* aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode
* Improve sk_dup.
* Poly1305: Use |size_t|; assert |poly1305_state| is large enough.
* util/fipstools/acvp/acvptool: buffer signal channel to avoid losing signal
* Add digest.h to self_check.c
* Document ASN1_STRING.
* acvp: add SHA-512/256 support.
* Add FIPS self test for the TLS KDF.
* Rename the master_key field in SSL_SESSION to secret.
* Always check the TLS 1.3 downgrade signal.
* Fix NETSCAPE_SPKI_get_pubkey documentation.
* Const-correct and document more X509 functions.
* Add APIs for checking ASN.1 INTEGERs.
* Remove some unnecessary pointer casts.
* Document the basic ASN1_STRING functions.
* Document some defaults for the EVP RSA interface.
* Rearrange ASN1_STRING_copy slightly.
* Remove the legacy MSTRING M_ASN1 macros.
* Switch M_ASN1_TIME macros within the library.
* Unwind M_ASN1_* macros for primitive types.
* Reformat and convert comments in asn1.h.
* aarch64: Fix name of gnu property note section
* Re-reformat x509.h.
* Document X509V3_add1_i2d and friends.
* Remove ASN1_STRING_FLAG_NDEF.
* Unexport internal crypto/asn1 functions.
* Unwind some old ASN.1 ifdefs.
* Unwind ASN1_PRIMITIVE_FUNCS.
* Remove some unused types from asn1t.h.
* Unwind ASN1_TFLG_NDEF.
* Unwind ASN1_ITYPE_COMPAT.
* Unwind ASN1_AFLG_BROKEN.
* Const-correct various X509 string parameters.
* Document the next few functions in x509.h
* Remove sk_new_null call.
* acvp: move inner MCT loops into subprocess.
* Fix x509_rsa_ctx_to_pss when saltlen is md_size.
* Document the X509V3_get_d2i family of functions.
* runner: explicitly signal error from handshaker.
* runner: add -skip
* Add functions for manipulating X.509 TBS structures.
* Remove ASN1_STRING_length_set prototype.
* Update Go on the bots.
* Rework vs_toolchain.py and vs_env.py.
* Add ECDSA verify KAT to FIPS self-tests.
* Add AES-GCM AEADs with internal nonce generation.
* Define a constant for the standard GCM nonce length.
* Add test for X25519-containing certificate.
* Add SSL_early_data_reason_string.
* Add raw redeem API.
* aarch64: Remove some flavour conditionals
* Have fewer opaque booleans in aead_test.cc
* acvp: RSA signature verification tests.
* acvp: RSA signature generation tests.
* acvp: support RSA key generation tests.
* Support 4096-bit keys in FIPS mode.
* Reland "Check AlgorithmIdentifier parameters for RSA and ECDSA signatures.""
* acvp: add 3DES-CBC support
* acvp: add 3DES-ECB support
* Clear some reported gcc -Wshadow warnings.
* Const-correct X509V3_extensions_print.
* clang-format and convert comments in x509v3.h.
* aarch64: Improve conditional compilation
* Silence some linter checks.
* acvp: update subprocess_test.go
* Update clang.
* Implement draft-vvv-tls-alps-01.
* Simplify 0-RTT tests.
* Fix crash when flushing an SSL BIO.
* Document low-level PEM read/write functions.
* clang-format pem.h and convert comments.
* Add PSK variants of HPKE setup functions to BoGo.
* acvp: abstract out MCT iteration functions.
* Add Go implementation of HPKE draft 05 to runner.
* runner: Implement a more complete ClientHello consistency check.
* Update TrustTokenV2 to use VOPRFs and assemble RR.
* acvp: add AES-CCM support.
* acvp: highlight that the TOTP secret goes in the config file.
* acvp: handle more private key formats.
* runner: Refactor BoGo clientHelloMsg extension marshalling.
* Include rodata subsections in FIPS-shared build.
* Switch x509_test.cc to use C++ raw string literals.
* Fix some malloc error handling.
* acvp: add AES-KWP support.
* acvp: add AES-KW support.
* acvp: support saving vectors.
* Fix handling of quic_early_data_context.
* Add a warning to des.h.
* Move Trusty workaround to the OPENSSL_LINUX define.
* acvp: add AES-GCM support.
* Disable fork detection on Trusty.
* acvp: add AES-CTR support.
* Tell clang-format that STACK_OF and LHASH_OF are types.
* modulewrapper: fix unknown functions.
* Print SSL_get_error in bssl_shim.
* modulewrapper: fix sending empty spans.
* Allow specifying different initial and resumption expectations.
* Add a few more OPENSSL_NO_* constants.
* Test SSL_get0_alpn_selected on both client and server.
* runner: Rewrite sessionState parsing with byteReader.
* Switch ssl_parse_extensions to bool and Span.
* Disable check that X.509 extensions implies v3.
* Silence some clang warnings on macOS and iOS CQ bots.
* Mirror dsa.h's deprecation notice in dh.h.
* Const-correct X509_get0_extensions.
- Packaging improvements:
* _service change disabled to manual per osc deprecation warning:
WARNING: Command 'disabledrun/dr' is obsolete, please convert
your _service to use 'manual' and then 'manualrun/mr' instead.
* Vendor Go build-time utility dependences in go.mod, not yet
using OBS Service Go Modules.
* Add BuildRequires: golang(API) >= 1.22 to enable Go related
utilities used in CMake build steps related to FIPS
mode. Upstream minimum version per go.mod is go1.13.
* _service add go_modules to vendor pinned dependences in go.mod
* Use autosetup -a 1 to unpack source and vendored dependencies
* Rebase 0001-Compile-for-RISC-V.patch
* Rebase 0002-crypto-Fix-aead_test-build-on-aarch64.patch
* Rebase 0003-enable-s390x-builds.patch
* Rebase 0004-fix-alignment-for-ppc64le.patch
* Rebase 0005-fix-alignment-for-arm.patch
* Rebase 0006-gcc-disable-werror.patch
* Rebase 0007-fix-go-vendor-embed_test_data.patch
* Rebase 0008-fix-go-vendor-err_data_generate.patch
* Rebase 0009-soname-sover.patch (was soname-sover.patch)
* rpmlint fix version-control-internal-file error
* rpmlint fix script-without-shebang error
* rpmlint fix non-executable-script error
* rpmlint fix binary-or-shlib-defines-rpath error use CMAKE_SKIP_RPATH

-------------------------------------------------------------------
Sun Oct 27 20:24:10 UTC 2024 - Fridrich Strba <fstrba@suse.com>

- Change version of the sources to 0.%%cd to avoid problems when
upgrading if the versioning changes.
- Added patch:
* soname-sover.patch
+ Replace patchelf run with patch that makes cmake produce the
shared libraries with the right SONAME and SOVER.
- Remove unnecessary dependencies on go, patchelf, ninja and
libunwind, since they are only needed for tests we are not
running

-------------------------------------------------------------------
Fri Feb 9 08:08:42 UTC 2024 - Otto Hollmann <otto.hollmann@suse.com>

- Replace python with python3 (bsc#1219308)

-------------------------------------------------------------------
Wed May 4 10:55:00 UTC 2022 - Andreas Schwab <schwab@suse.de>

- 0001-Compile-for-RISC-V.patch: add support for RISC-V
- enable build on riscv64

-------------------------------------------------------------------
Mon May 17 09:56:04 UTC 2021 - mrostecki@suse.com

- Update to version 20200921 (fixes bsc#1183836, bsc#1181866):
* Add SSL_CIPHER_get_protocol_id.
* Add TrustTokenV2.
* Add X509_get_pathlen and X509_REVOKED_get0_extensions.
* Add some accommodations for FreeRDP
* Require non-NULL store in X509_STORE_CTX_init.
* Const-correct X509V3_CONF_METHOD.
* Avoid unions in X509_NAME logic.
* Bump OPENSSL_VERSION_NUMBER to 1.1.1.
* Document more of x509.h.
* Fix potential leak in bssl::Array::Shrink.
* Remove ASN1_STRING_length_set.
* Revert "Check AlgorithmIdentifier parameters for RSA and ECDSA signatures."
* Implement PSK variants of HPKE setup functions.
* acvp: support working with files.
* Document a few more functions in x509.h.
* Add subject key ID and authority key ID accessors.
* Remove sxnet and pkey_usage_period extensions.
* Const-correct various X509 functions.
* Make X509_set_not{Before,After} functions rather than macros.
* Add X509_get0_uids from OpenSSL 1.1.0.
* Bound RSA and DSA key sizes better.
* Add set1 versions of X509 timestamp setters.
* Consistently sort generated build files.
* delocate: use 64-bit GOT offsets in the large memory model.
* Update HPKE implementation and test vectors to draft-irtf-cfrg-hpke-05.
* Handle NULL arguments in some i2d_* functions.
* aarch64: support BTI and pointer authentication in assembly
* Support delegated credentials verison 06
* delocation: large memory model support.
* Enforce presence of ALPN when QUIC is in use.
* Fix the naming of alert error codes.
* Use golang.org/x/crypto in runner.
* Disable ClientHello padding for QUIC.
* Add X509_SIG_get0 and X509_SIG_getm.
* Implement HPKE.
* Disallow TLS 1.3 compatibility mode in QUIC.
* Switch clang-format IncludeBlocks to Preserve.
* Fix unterminated clang-format off.
* Add line number to doc.go error messages.
* Kick the bots.
* Add a JSON output to generate_build_files.py.
* Add details of 20190808 FIPS certification.
* Link to ws2_32 more consistently.
* Allow explicitly-encoded X.509v1 versions for now.
* Opaquify PKCS8_PRIV_KEY_INFO.
* Implement i2d_PUBKEY and friends without crypto/asn1.
* Remove TRUST_TOKEN_experiment_v0.
* Clarify in-place rules for low-level AES mode functions.
* acvp: add CMAC-AES support.
* acvp: add SP800-108 KDF support.
* Remove x509->name.
* Maybe build for AArch64 Windows.
* sha1-x86_64: fix CFI.
* Use |crypto_word_t| and |size_t| more consistently in ECC scalar recoding.
* Enable shaext path for sha1.
* Avoid relying on SSL_get_session's behavior during the handshake.
* Add a -wait-for-debugger flag to runner.
* Add missing OPENSSL_EXPORT to X509_get_X509_PUBKEY.
* Const-correct various functions in crypto/asn1.
* Remove uneeded switch statement.
* Convert X.509 accessor macros to proper functions.
* Remove X509_CINF_get_issuer and X509_CINF_get_extensions.
* Remove X509_get_signature_type.
* clang-format x509.h and run comment converter.
* Check AlgorithmIdentifier parameters for RSA and ECDSA signatures.
* Remove some unimplemented prototypes.
* Check the X.509 version when parsing.
* Fix x509v3_cache_extensions error-handling.
* Work around Windows command-line limits in embed_test_data.go.
* Move crypto/x509 test data into its own directory.
* Test resumability of same, different, and default ticket keys.
* Fixes warning when redefining PATH_MAX when building with MINGW.
* Abstract fd operations better in tool.
* Use CMAKE_SIZEOF_VOID_P instead of CMAKE_CL_64
* Enforce the keyUsage extension in TLS 1.2 client certs.
* Reword some comments.
* Add “Z Computation” KAT.
* acvptool: handle negative sizeConstraint.
* Let memory hooks override the size prefix.
* acvptool: go fmt
* Assert md_size > 0.
* Remove -enable-ed25519 compat hack.
* Add a |SSL_process_tls13_new_session_ticket|.
* Use ctr32 optimizations for AES_ctr128_encrypt.
* Test AES mode wrappers.
* Bump minimum CMake version.
* Modify how QUIC 0-RTT go/no-go decision is made.
* Remove RAND_set_urandom_fd.
* Document that getrandom support must be consistent.
* Fix docs link for SSL_CTX_load_verify_locations
* Fix TRUST_TOKEN experiment_v1 SRR map.
* Add CRYPTO_pre_sandbox_init.
* Still query getauxval if reading /proc/cpuinfo fails.
* Add missing header to ec/wnaf.c
* Fix OPENSSL_TSAN typo.
* Fix p256-x86_64-table.h indentation.
* Enable avx2 implementation of sha1.
* Trim Z coordinates from the OPENSSL_SMALL P-256 tables.
* Use public multi-scalar mults in Trust Tokens where applicable.
* Use batched DLEQ proofs for Trust Token.
* Restrict when 0-RTT will be accepted in QUIC.
* Disable TLS 1.3 compatibility mode for QUIC.
* Use a 5-bit comb for some Trust Tokens multiplications.
* Use a (mostly) constant-time multi-scalar mult for Trust Tokens.
* Batch inversions in Trust Tokens.
* Rearrange the DLEQ logic slightly.
* Use token hash to encode private metadata for Trust Token Experiment V1.
* Introduce an EC_AFFINE abstraction.
* Make the fuzzer PRNG thread-safe.
* Disable fork-detect tests under TSAN.
* Introduce TRUST_TOKENS_experiment_v1.
* Route PMBToken calls through TRUST_TOKEN_METHOD.
* Introduce a TRUST_TOKEN_METHOD hook to select TRUST_TOKEN variations.
* fork_detect: be robust to qemu.
* Move serialization of points inside pmbtoken.c.
* Introduce PMBTOKENS key abstractions.
* Fix the types used in token counts.
* Remove unused code from ghash-x86_64.pl.
* Switch the P-384 hash-to-curve to draft-07.
* Add hash-to-curve code for P384.
* Write down the expressions for all the NIST primes.
* Move fork_detect files into rand/
* Harden against fork via MADV_WIPEONFORK.
* Fix typo in comment.
* Use faster addition chains for P-256 field inversion.
* Tidy up third_party/fiat.
* Prefix g_pre_comp in p256.c as well.
* Add missing curve check to ec_hash_to_scalar_p521_xmd_sha512.
* Add a tool to compare the output of bssl speed.
* Benchmark ECDH slightly more accurately.
* Align remaining Intel copyright notice.
* Don't retain T in PMBTOKEN_PRETOKEN.
* Check for trailing data in TRUST_TOKEN_CLIENT_finish_issuance.
* Properly namespace everything in third_party/fiat/p256.c.
* Update fiat-crypto.
* Add missing ERR_LIB_TRUST_TOKEN constants.
* Add bssl speed support for hashtocurve and trusttoken.
* Implement DLEQ checks for Trust Token.
* Fix error-handling in EVP_BytesToKey.
* Fix Trust Token CBOR.
* Match parameter names between header and source.
* Trust Token Implementation.
* Include mem.h for |CRYPTO_memcmp|
* acvptool: add subprocess tests.
* Add SHA-512-256.
* Make ec_GFp_simple_cmp constant-time.
* Tidy up CRYPTO_sysrand variants.
* Do a better job testing EC_POINT_cmp.
* Follow-up comments to hash_to_scalar.
* Add a hash_to_scalar variation of P-521's hash_to_field.
* Add SSL_SESSION_copy_without_early_data.
* Double-check secret EC point multiplications.
* Make ec_felem_equal constant-time.
* Fix hash-to-curve comment.
* Make ec_GFp_simple_is_on_curve constant-time.
* Implement draft-irtf-cfrg-hash-to-curve-06.
* Update list of tested SDE configurations.
* Only draw from RDRAND for additional_data if it's fast.
* Generalize bn_from_montgomery_small.
* Remove BIGNUM from uncompressed coordinate parsing.
* Add EC_RAW_POINT serialization function.
* Base EC_FELEM conversions on bytes rather than BIGNUMs.
* runner: Replace supportsVersions calls with allVersions.
* Enable QUIC for some perMessageTest runner tests
* Move BN_nnmod calls out of low-level group_set_curve.
* Clean up various EC inversion functions.
* Start to organize ec/internal.h a little.
* Fix CFI for AVX2 ChaCha20-Poly1305.
* Remove unused function prototype.
* Enable more runner tests for QUIC
* Require QUIC method with Transport Parameters and vice versa
* acvptool: support non-interactive mode.
* Add is_quic bit to SSL_SESSION
* Update SDE.
* Update tools.
* Add simpler getters for DH and DSA.
* Don't define default implementations for weak symbols.
* Don't automatically run all tests for ABI testing.
* Fix test build with recent Clang.
* Remove LCM dependency from RSA_check_key.
* Simplify bn_sub_part_words.
* No-op commit to test Windows SDE bots.
* ABI-test each AEAD.
* Add memory tracking and sanitization hooks
* Add X509_STORE_CTX_get0_chain.
* Add DH_set_length.
* Static assert that CRYPTO_MUTEX is sufficiently aligned.
* [bazel] Format toplevel BUILD file with buildifier
* Add |SSL_CTX_get0_chain|.
* Configure QUIC secrets inside set_{read,write}_state.
* Allow setting QUIC transport parameters after parsing the client's
* Fix comment for |BORINGSSL_self_test|.
* Trust Token Key Generation.
* Revise QUIC encryption secret APIs.
* Fix ec_point_mul_scalar_public's documentation.
* Don't infinite loop when QUIC tests fail.
* Tidy up transitions out of 0-RTT keys on the client.
* Remove bn_sub_part_words assembly.
* Keep the encryption state and encryption level in sync.
* Add ECDSA_SIG_get0_r and ECDSA_SIG_get0_s.
* Fix a couple of comment typos.
* Const-correct various X509_NAME APIs.
* Ignore old -enable-ed25519 flag.
* Provide __NR_getrandom fillins in urandom test too.
* Skip RSATest.DISABLED_BlindingCacheConcurrency in SDE.
* Fix client handling of 0-RTT rejects with cipher mismatch.
* runner: Tidy up 0-RTT support.
* Add X509_getm_notBefore and X509_getm_notAfter.
* Clean up TLS 1.3 handback logic.
* Require handshake flights end at record boundaries.
* Delete unreachable DTLS check.
* Rename TLS-specific functions to tls_foo from ssl3_foo.
* Rename ssl3_choose_cipher.
* SSL_apply_handback: don't choke on trailing data.
* ssl_test: test early data with split handshakes.
* Check for overflow in massive mallocs.
* Add more convenient RSA getters.
* Remove SSL_CTX_set_ed25519_enabled.
* Improve signature algorithm tests.
* bazel: explicitly load C++ rules
* Check enum values in handoff.
* Restore fuzz/cert_corpus.
* Add a -sigalgs option to bssl client.
* Add SSL_set_verify_algorithm_prefs.
* Switch verify sigalg pref functions to SSL_HANDSHAKE.
* Add SSL_AD_NO_APPLICATION_PROTOCOL
* Refresh corpora due to TLS 1.3 changes in handoff serialization.
* handoff: set |enable_early_data| as part of handback.
* Add 109 and 120 to SSL_alert_desc_string_long
* runner: enable split handshake tests for TLS 1.3.
* Make TLS 1.3 split handshakes work with early data.
* Split half-RTT tickets out into a separate TLS 1.3 state.
* Use BCryptGenRandom when building as Windows UWP app.

-------------------------------------------------------------------
Thu May 28 11:48:37 UTC 2020 - Jan Engelhardt <jengelh@inai.de>

- Rectify groups.

-------------------------------------------------------------------
Wed May 27 18:40:47 UTC 2020 - Michał Rostecki <mrostecki@suse.com>

- Remove patch for enabling shared linking - it was enabled
upstream.
* 0001-add-soversion-option.patch
- Add boringssl-source subpackage.

-------------------------------------------------------------------
Wed May 27 14:18:19 UTC 2020 - mrostecki@suse.com

- Update to version 20200122:
* Define EVP compatibility constants for X448 and Ed448.
* Allow shared libraries in the external CMake build.
* Add a few little-endian functions to CBS/CBB.
* Move iOS asm tricks up in external CMake build.
* Try again to deal with expensive tests.
* Restore ARM CPU variation tests on builders.
* Remove SSL_CTX_set_rsa_pss_rsae_certs_enabled.
* Work around another NULL/0 C language bug.
* Use the MAYBE/DISABLED pattern in RSATest.BlindingCacheConcurrency.
* Switch an #if-0-gated test to DISABLED_Foo.
* Proxy: send whole SSL records through the handshaker.
* Disable Wycheproof primality test cases on non-x86 (too slow)
* test_state.cc: serialize the test clock.
* Output after every Wycheproof primality test.
* Maybe fix generated-CMake build on Android and iOS.
* Detect the NDK path from CMAKE_TOOLCHAIN_FILE.
* Tell Go to build for GOOS=android when running on Android.
* Reland bitsliced aes_nohw implementation.
* Add bssl client option to load a hashed directory of cacerts.
* No-op change to run the new NO_SSE2 builders.
* Clarify that we perform the point-on-curve check.
* Reduce size of BlindingCacheConcurrency test under TSAN.
* Compare vpaes/bsaes conversions against a reference implementation.
* Enable the SSE2 Poly1305 implementation on clang-cl.
* Remove alignment requirement on CRYPTO_poly1305_finish.
* Fix double-free under load.
* Add some XTS tests.
* Add EncodeHex and DecodeHex functions to test_util.h.
* Revert "Replace aes_nohw with a bitsliced implementation."
* Replace aes_nohw with a bitsliced implementation.
* Switch HRSS inversion algorithm.
* Run EVP_CIPHER tests in-place.
* Add an option to disable SSE2 intrinsics for testing.
* Dummy change to trigger master-with-bazel builder.
* Drop use of alignas(64) in aead_test.cc
* Add standalone CMake build to generate_build_files.py
* TLS 1.3 split handshake initial support.
* Import Wycheproof primality tests.
* Split BN_prime_checks into two constants for generation and validation.
* Add some Miller-Rabin tests from Wycheproof.
* Import Wycheproof PKCS#1 decrypt tests.
* Import Wycheproof OAEP tests.
* Import Wycheproof PKCS#1 signing tests.
* Skip JWK keys when converting Wycheproof tests.
* Import Wycheproof's size-specific RSA PKCS#1 verifying tests.
* Handle "acceptable" Wycheproof inputs unambiguously.
* Import Wycheproof XChaCha20-Poly1305 tests.
* Import Wycheproof HMAC tests.
* Import Wycheproof HKDF tests.
* bytestring: add methods for int64.
* Update Wycheproof test vectors.
* Add mock QUIC transport to runner
* Add test vectors for CVE-2019-1551 (not affected).
* Fix check_bn_tests.go.
* Fix MSan error in SSLTest.Handoff test.
* SSLTest.Handoff: extend to include a session resumption.
* inject_hash preserves filemode
* Move TLS 1.3 state machine constants to internal.h.
* Add a ppc64le ABI tester.
* Allocate small TLS read buffers inline.
* Remove unused labels from ARM ABI test assembly.
* Update AAPCS and AAPCS64 links.
* Fix EVP_has_aes_hardware on ppc64le.
* Remove remnants of end_of_early_data alert from tests.
* Add a test for ERR_error_string_n.
* Remove post-quantum experiment signal extension.
* Give ERR_error_string_n a return value for convenience.
* Defer early keys to QUIC clients to after certificate reverification.
* Defer releasing early secrets to QUIC servers.
* Halve the size of the kNIDsIn* constants
* modulewrapper: manage buffer with |unique_ptr|.
* Add missing boringssl_prefix_symbols_asm.h include.
* acvptool: add support for ECDSA
* Inline gcm_init_4bit into gcm_init_ssse3.
* Vectorize gcm_mul32_nohw and replace gcm_gmult_4bit_mmx.
* Add a constant-time fallback GHASH implementation.
* Conditionally define PTRACE_O_EXITKILL in urandom_test.cc
* Fix build warning if _SCL_SECURE_NO_WARNINGS is defined globally
* modulewrapper: use a raw string.
* acvptool: add license headers.
* Enable TLS 1.3 by default.
* acvptool: Add support for DRBG
* Discard user_canceled alerts in TLS 1.3.
* Work around more C language bugs with empty spans.
* No-op commit to test the new builder.
* acvptool: Add support for HMAC
* Add stub functions for RSA-PSS keygen parameters.
* HelloRetryRequest getter
* Add break-tests-android.sh script.
* Add compatibility functions for sigalgs
* Run AES-192-GCM in CAVP tests.
* Rename a number of BUF_* functions to OPENSSL_*.
* List bn_div fuzzer in documentation.
* Reenable bn_div fuzzer.
* Drop CECPQ2b code.
* Add urandom_test to all_tests.json
* Fix the standalone Android FIPS build.
* Add sanity checks to FIPS module construction.
* Correct relative path.
* Add test for urandom.c
* break-hash.go: Search ELF dynamic symbols if symbols not found.
* Fix $OPENSSL_ia32cap handling.
* Switch probable_prime to rejection sampling.
* Rename the last remnants of the early_data_info extension.
* Fix up BN_GENCB_call calls.
* Do fewer trial divisions for larger RSA keygens.
* Fix GRND_NONBLOCK flag when calling getrandom.
* Simplify bn_miller_rabin_iteration slightly.
* Add some notes on RSA key generation performance.
* Break early on composites in the primality test.
* Extract and test the deterministic part of Miller-Rabin.
* Fix the FIPS + fuzzing build.
* FIPS.md: document some recent Android changes.
* Add a function to derive an EC key from some input secret.
* Fix run_android_tests.go with shared library builds.
* No-op change to test new builders.
* Move no-exec-stack sections outside of #ifs.
* Add |SSL_get_min_proto_version| and |SSL_get_max_proto_version|
* Make FIPS build work for Android cross-compile.
* Enable optional GRND_RANDOM flag to be passed to getrandom on Android.
* Switch cert_compression_algs to GrowableArray.
* Add GrowableArray<T> to ssl/internal.h.
* Fixed quic_method lookup in TLS 1.3 server side handshake.
* Add .note.GNU-stack at the source level.
* -Wno-vla -> -Wvla
* Add an option for explicit renegotiations.
* tool: add -json flag to |speed|
* Set -Wno-vla.
* Use a pointer to module_hash in boringssl_fips_self_test() args.
* Use a smaller hex digest in FIPS flag files when SHA-256 used.
* Switch to using SHA-256 for FIPS integrity check on Android.
* Use getentropy on macOS 10.12 and later.
* Move #include of "internal.h", which defines |OPENSSL_URANDOM|.
* Style nit.
* Assert that BN_CTX_end is actually called.
* Test some known large primes.
* Test some Euler pseudoprimes.
* Be consistent about Miller-Rabin vs Rabin-Miller.
* fix build with armv6 Error: .size expression for _vpaes_decrypt_consts does not evaluate to a constant
* Mark ssl_early_data_reason_t values stable.
* Make the dispatch tests opt-in.
* Bound the number of API calls in ssl_ctx_api.cc.
* Only attempt to mprotect FIPS module for AArch64.
* Opportunistically read entropy from the OS in FIPS mode.
* Update INSTANTIATE_TEST_SUITE_P calls missing first argument.
* Ignore build32 and build64 subdirectories.
* Add page protection logic to BCM self test.
* Disable unwind tests in FIPS mode.
* Disable RDRAND on AMD family 0x17, models 0x70–0x7f.
* Don't allow SGC EKUs for server certificates.
* Add |SSL_CIPHER_get_value| to get the IANA number of a cipher suite.
* Add XOF compilation compatibility flags
* Replace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print
* Trigger a build on the ARM mode builder.
* Fix vpaes-armv7.pl in ARM mode.
* Add AES-192-GCM support to EVP_AEAD.
* Add AES-256 CFB to libdecrepit.
* Parse explicit EC curves more strictly.
* Use the Go 1.13 standard library ed25519.
* Update build tools.
* Use ScopedEVP_AEAD_CTX in ImplDispatchTest.AEAD_AES_GCM.
* Use a mix of bsaes and vpaes for CTR on NEON.
* Use vpaes + conversion to setup CBC decrypt on NEON.
* Add NEON vpaes-to-bsaes key converters.
* Add vpaes-armv7.pl and replace non-parallel modes.
* Correct comments for x86_64 _vpaes_encrypt_core_2x.
* Add benchmarks for AES block operations.
* Only write self test flag files if an environment variable is set.
* Const-correct EC_KEY_set_public_key_affine_coordinates.
* Revert "Fix VS build when assembler is enabled"
* Support compilation via emscripten
* Fix cross-compile of Android on Windows.
* Move the config->async check into RetryAsync.
* Clear *out in ReadHandshakeData's empty case.
* Add initial support for 0-RTT with QUIC.
* Have some more fun with spans.
* Add OPENSSL_FALLTHROUGH to a few files.
* Limit __attribute__ ((fallthrough)) to Clang >= 5.
* Make |EVP_CIPHER_CTX_reset| return one.
* Add Fallthru support for clang 10.
* Add self-test suppression flag file for Android FIPS builds.
* Align 0-RTT and resumption state machines slightly
* Require getrandom in Android FIPS builds.
* acvp: allow passing custom subprocess I/O.
* Add a function to convert SSL_ERROR_* values to strings.
* Fold SSL_want constants into SSL_get_error constants.
* Use spans for the various TLS 1.3 secrets.
* Switch another low-level function to spans.
* Switch tls13_enc.cc to spans.
* Check the second ClientHello's PSK binder on resumption.
* Introduce libcrypto_bcm_sources for Android.
* Remove stale TODO.
* Add an android-cmake option to generate_build_files.py
* Add a QUIC test for HelloRetryRequest.
* Add missing ".text" to Windows code for dummy_chacha20_poly1305_asm
* Update TODO to note that Clang git doesn't have the POWER bug.
* Fix paths in break-tests.sh.
* Fix POWER build with OPENSSL_NO_ASM.
* Workaround Clang bug on POWER.
* Add assembly support for -fsanitize=hwaddress tagged globals.
* Fix typo in valgrind constant-time annotations.
* acvp: add support for AES-ECB and AES-CBC.
* Fix misspelled TODO.
* Move CCM fragments out of the FIPS module.
* Add EVP_PKEY_base_id.
* Add some project links to README.md.
* Make alert_dispatch into a bool.
* Trim some more per-connection memory.
* Remove SSL_export_early_keying_material.
* Add EVP_PKEY support for X25519.
* Make EVP_PKEY_bits return 253 for Ed25519.
* Make SSL_get_servername work in the early callback.

-------------------------------------------------------------------
Tue Mar 10 20:00:43 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>

- Fix arm build:
* 0005-fix-alignment-for-arm.patch

-------------------------------------------------------------------
Wed Dec 4 07:55:10 UTC 2019 - Klaus Kämpf <kkaempf@suse.com>

- fix s390x and ppc64le build
* 0003-enable-s390x-builds.patch
* 0004-fix-alignment-for-ppc64le.patch

- rename add-soversion-option.patch
to 0001-add-soversion-option.patch

- rename 0001-crypto-Fix-aead_test-build-on-aarch64.patch
to 0002-crypto-Fix-aead_test-build-on-aarch64.patch

-------------------------------------------------------------------
Thu Oct 17 14:54:13 UTC 2019 - Richard Brown <rbrown@suse.com>

- Remove obsolete Groups tag (fate#326485)

-------------------------------------------------------------------
Mon Oct 14 10:40:13 UTC 2019 - Martin Pluskal <mpluskal@suse.com>

- Update to version 20190916:
* Revert "Fix VS build when assembler is enabled"
* Only bypass the signature verification itself in fuzzer mode.
* Move the PQ-experiment signal to SSL_CTX.
* Name cipher suite tests in runner by IETF names.
* Align TLS 1.3 cipher suite names with OpenSSL.
* Prefix all the SIKE symbols.
* Rename SIKE's params.c.
* Add post-quantum experiment signal extension.
* Fix shim error message endings.
* Add initial draft of ACVP tool.
* Implements SIKE/p434
* Add SipHash-2-4.
* Remove android_tools checkout
* Support key wrap with padding in CAVP.
* Add android_sdk checkout
* Move fipstools/ to util/fipstools/cavp
* Factor out TLS cipher selection to ssl_choose_tls_cipher.
* Emit empty signerInfos in PKCS#7 bundles.
* Clarify language about default SSL_CTX session ticket key behavior.
* Add an API to record use of delegated credential
* Fix runner tests with Go 1.13.
* Add a value barrier to constant-time selects.
* Avoid leaking intermediate states in point doubling special case.
* Split p224-64.c multiplication functions in three.
* Add AES-KWP
* Discuss the doubling case in windowed Booth representation.
* Update build tools.
* Set a minimum CMake version of 3.0.
* Replace addc64,subc64,mul64 in SIKE Go code with functions from math/bits
* Eliminate some superfluous conditions in SIKE Go code.
* Fix various typos.
* Fix name clash in test structures
* bcm: don't forget to cleanup HMAC_CTX.
* Handle fips_shared_support.c getting built in other builds.
* Fix various mistakes in ec_GFp_nistp_recode_scalar_bits comment.
* Fix filename in comment.
* Split EC_METHOD.mul into two operations.
* Split ec_point_mul_scalar into two operations.
* Add FIPS shared mode.
* delocate: add test for .file handling.
* delocate: translate uleb128 and sleb128 directives
* Integrate SIKE with TLS key exchange.
* Convert ecdsa_p224_key.pem to PKCS#8.

-------------------------------------------------------------------
Wed Sep 4 12:15:46 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>

- Re-enable build on aarch64

-------------------------------------------------------------------
Tue Sep 3 07:15:48 UTC 2019 - Martin Pluskal <mpluskal@suse.com>

- Update to version 20190523:
* Disable RDRAND on AMD chips before Zen.
* Always store early data tickets.
* Align PKCS12_parse closer to OpenSSL.
* Support PKCS#12 KeyBags.
* Support PKCS#8 blobs using PBES2 with HMAC-SHA256.
* Make EVP_PKEY_keygen work for Ed25519.
* Sync aesp8-ppc.pl with upstream.
* Update generate_build_files.py for SIKE.
* Fix the last casts in third_party/sike.
* Remove no-op casts around tt1.
* Define p503 with crypto_word_t, not uint64_t.
* Add support for SIKE/p503 post-quantum KEM
* tool: fix speed tests.
* Add an option to skip crypto_test_data.cc in GN too.
* Save and restore errors when ignoring ssl_send_alert result.
* Reject obviously invalid DSA parameters during signing.
* Make expect/expected flag and variable names match.
* clang-format Flag arrays in test_config.cc.
* Rename remnants of ticket_early_data_info.
* Enforce the ticket_age parameter for 0-RTT.
* Add SSL_get_early_data_reason.
* Remove implicit -on-resume for -expect-early-data-accept.
* Use weak symbols only on supported platforms
* Fix spelling in comments.
* Add functions for "raw" EVP_PKEY serializations.
* Remove stray underscores.
* Add a compatibility EVP_DigestFinalXOF function.
* Fix up EVP_DigestSign implementation for Ed25519.
* Check for errors when setting up X509_STORE_CTX.
* Convert a few more things from int to bool.
* Compute the delegated credentials length prefix with CBB.
* Convert the rest of ssl_test to GTest.
* Check for x18 usage in aarch64 assembly.
* Handle errors from close in perlasm scripts.
* Hold off flushing NewSessionTicket until write.
* Predeclare enums in base.h
* Require certificates under name constraints use SANs.
* Make X509_verify_cert_error_string thread-safe.
* Disable the common name fallback on *any* SAN list.
* Silently ignore X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT.
* Add X509_CHECK_FLAG_NEVER_CHECK_SUBJECT.
* Give ENGINE_free a return value.
* Output a ClientHello during handoff.
* Fix and test EVP_PKEY_CTX copying.
* Test copying an EVP_MD_CTX.
* Fix EVP_CIPHER_CTX_copy for AES-GCM.
* Check key sizes in AES_set_*_key.
* Add missing nonce_len check to aead_aes_gcm_siv_asm_open.
* Test AES-GCM-SIV with OPENSSL_SMALL.
* Handle CBB_cleanup on child CBBs more gracefully.
* Update third_party/googletest.
* Rename 'md' output parameter to 'out' and add bounds.
* Update other build tools.
* Update SDE to 8.35.0-2019-03-11.
* nit: Update references to draft-ietf-tls-subcerts.
* Support get versions with get_{min,max}_proto_version for context
* Update ImplDispatchTest for bsaes-x86_64 removal.
* Unwind the large_inputs hint in aes_ctr_set_key.
* Add an optimized x86_64 vpaes ctr128_f and remove bsaes.
* Add 16384 to the default bssl speed sizes.
* Rewrite BN_CTX.
* Save a temporary in BN_mod_exp_mont's w=1 case.
* Reject long inputs in c2i_ASN1_INTEGER.
* Harden the lower level parts of crypto/asn1 against overflows.
* Remove d2i_ASN1_UINTEGER.
* Drop some unused bsaes to aes_nohw dependencies.
* Adapt gcm_*_neon to aarch64.
* Patch out the aes_nohw fallback in bsaes_cbc_encrypt.
* Patch out the aes_nohw fallback in bsaes_ctr32_encrypt_blocks.
* Implement sk_find manually.
* Make vpaes-armv8.pl compatible with XOM.
* Support three-argument instructions on x86-64.
* Correct outdated comments
* Remove SSL_get_structure_sizes.
* Prefer vpaes over bsaes in AES-GCM-SIV and AES-CCM.
* Tell ASan about the OPENSSL_malloc prefix.
* modes/asm/ghash-armv4.pl: address "infixes are deprecated" warnings.
* Enable vpaes for aarch64, with CTR optimizations.
* Check in vpaes-armv8.pl from OpenSSL unused and unmodified.
* silence unused variable warnings when using OPENSSL_clear_free
* Handle NULL public key in |EC_KEY_set_public_key|.
* Add a 32-bit SSSE3 GHASH implementation.
* Also include abi_test.cc in ssl_test_files.
* Don't pull abi_test.cc into non-GTest targets.
* Update *_set_cert_cb documentation regarding resumption
* Add a reference for Linux ARM ABI.
* Remove __ARM_ARCH__ guard on gcm_*_v8.
* Fix bsaes-armv7.pl getting disabled by accident.
* Add an option to configure bssl speed chunk size.
* Appease GCC's uninitialized value warning.
* Set VPAES flags in x86-64 code.
* Enable vpaes for AES_* functions.
* Avoid double-dispatch with AES_* vs aes_nohw_*.
* Add uint64_t support in CBS and CBB.
* Clear out a bunch of -Wextra-semi warnings.
* Add compiled python files to .gitignore.
* Fix x86_64-xlate.pl comment regex.
* Add go 1.11 to go.mod.
* Remove STRICT_ALIGNMENT code from modes.
* Remove non-STRICT_ALIGNMENT code from xts.c.
* Patch XTS out of ARMv7 bsaes too.
* Remove stray prototype.
* Always define GHASH.
* Update delegated credentials to draft-03
* Use Windows symbol APIs in the unwind tester.
* Unwind RDRAND functions correctly on Windows.
* Patch out unused aesni-x86_64 functions.
* Add ABI tests for aesni-gcm-x86_64.pl.
* Add ABI tests for x86_64-mont5.pl.
* sync EVP_get_cipherbyname with EVP_do_all_sorted
* Hyperlink DOI to preferred resolver
* Remove stray semicolons.
* Remove separate default group list for servers.
* Enable all curves (inc CECPQ2) during fuzzing.
* Implement ABI testing for aarch64.
* Fix ABI error in bn_mul_mont on aarch64.
* Implement ABI testing for ARM.
* Fix the order of Windows unwind codes.
* Implement unwind testing for Windows.
* Tolerate spaces when parsing .type directives.
* runner: Don't generate an RSA key on startup.
* Don't use bsaes over vpaes for CTR-DRBG.
* perlasm/x86_64-xlate.pl: refine symbol recognition in .xdata.
* Add instructions for debugging on Android with gdb.
* Enforce key usage for RSA keys in TLS 1.2.
* Remove infra/config folder in master branch.
* Avoid SCT/OCSP extensions in SH on {Omit|Empty}Extensions
* Test and fix an ABI issue with small parameters.
* Add RSAZ ABI tests.
* Better document RSAZ and tidy up types.
* Add ABI testing for 32-bit x86.
* Add a very roundabout EC keygen API.
* Add some Node compatibility functions.
* Implement server support for delegated credentials.
* Add a constant-time pshufb-based GHASH implementation.
* Tweak some slightly fragile tests.
* Make 256-bit ciphers a preference for CECPQ2, not a requirement.
* Update comments around JDK11 workaround.
* Add a RelWithAsserts build configuration.
* Remove union from |SHA512_CTX|.
* Avoid unwind tests on libc functions.
* Don't pass NULL,0 to qsort.
* Fix signed left-shifts in curve25519.c.
* Add an option to build with UBSan.
* Fix undefined pointer casts in SHA-512 code.
* HRSS: flatten sample distribution.
* Add test of assembly code dispatch.
* Simplify HRSS mod3 circuits.
* Add SSL_OP_NO_RENEGOTIATION
* Rename Fiat include files to end in .h
* Switch to new fiat pipeline.
* Don't look for libunwind if cross-compiling.
* Mark some unmarked array sizes in curve25519.c.
* Revert "Fix protos_len size in SSL_set_alpn_protos and SSL_CTX_set_alpn_protos"
* Add ABI tests for GCM.
* Fix SSL_R_TOO_MUCH_READ_EARLY_DATA.
* Test CRYPTO_gcm128_tag in gcm_test.cc.
* Remove pointer cast in P-256 table.
* Ignore new fields in forthcoming Wycheproof tests.
* Fix RSAZ's OPENSSL_cleanse.
* Allow configuring QUIC method per-connection
* Fix header file for _byteswap_ulong and _byteswap_uint64 from MSVC CRT
* Add ABI tests for HRSS assembly.
* Add AES ABI tests.
* Move aes_nohw, bsaes, and vpaes prototypes to aes/internal.h.
* Add direction flag checking to CHECK_ABI.
* Add ABI tests for ChaCha20_ctr32.
* Add ABI tests for MD5.
* Refresh fuzzer corpus.
* Delete the variants/draft code.
* Update tools.
* Fix protos_len size in SSL_set_alpn_protos and SSL_CTX_set_alpn_protos
* Use handshake parameters to decide if cert/key are available
* Add ABI tests for bn_mul_mont.
* Add ABI tests for SHA*.
* Make pkg-config optional.
* Add DEPS rules to checkout Windows SDE.
* Add ABI tests for rdrand.
* Set NIDs for Blowfish and CAST.
* Add a CFI tester to CHECK_ABI.
* Fix some size_t to long casts.
* Add EVP_CIPHER support for Blowfish and CAST to decrepit.
* Be less clever with CHECK_ABI.
* Update SDE and add the Windows version.
* Remove pooling of PRNG state.
* Add EC_KEY_key2buf for OpenSSL compatibility
* Remove bundled copy of android-cmake.
* Clarify build requirements.
* Add EC_GROUP_order_bits for OpenSSL compatibility
* Annotate leaf functions with .cfi_{startproc,endproc}
* Fix beeu_mod_inverse_vartime CFI annotations and preamble.
* Fix CFI annotations in p256-x86_64-asm.pl.
* Add a comment about ecp_nistz256_point_add_affine's limitations.
* Refresh p256-x86_64_tests.txt.
* Fix some indentation nits.
- Build using ninja
- Update dependencies
- Bump soversion
- Limit building only to supported architectures

-------------------------------------------------------------------
Fri Aug 30 06:52:55 UTC 2019 - Martin Pluskal <mpluskal@suse.com>

- Disable lto to fix build failure

-------------------------------------------------------------------
Thu Apr 25 14:50:41 UTC 2019 - Michał Rostecki <mrostecki@opensuse.org>

- Add patch which fixes build on aarch64.
* 0001-crypto-Fix-aead_test-build-on-aarch64.patch

-------------------------------------------------------------------
Thu Apr 25 12:41:41 UTC 2019 - dmueller@suse.com

- Update to version 20181228:
* Use thread-local storage for PRNG states if fork-unsafe buffering is enabled.
* Add Win64 SEH unwind codes for the ABI test trampoline.
* Translate .L directives inside .byte too.
* Add an ABI testing framework.
* Use same HKDF label as TLS 1.3 for QUIC as per draft-ietf-quic-tls-17
* Add |SSL_key_update|.
* HRSS: omit reconstruction of ciphertext.
* Add start of infrastructure for checking constant-time properties.
* Don't enable intrinsics on x86 without ABI support.
* HRSS: be strict about unused bits being zero.
* Disable AES-GCM-SIV assembly on Windows.
* Fix typo in AES-GCM-SIV comments.
* Fix HRSS build error on ARM
* Fix thread-safety bug in SSL_get_peer_cert_chain.
* Remove HRSS confirmation hash.
* Drop NEON assembly for HRSS.
* Add |SSL_export_traffic_secrets|.
* Patch out the XTS implementation in bsaes.
* Remove .file and .loc directives from HRSS ARM asm.
* Do not allow AES_128_GCM_SHA256 with CECPQ2.
* Always 16-byte align |poly| elements.
* Fix bug in HRSS tests.
* Add initial HRSS support.
* Forbid empty CertificateRequestsupported_signature_algorithms in TLS 1.2.
* Eliminate |OPENSSL_ia32cap_P| in C code in the FIPS module.
* Fix d2i_*_bio on partial reads.
* Fix |BN_HEX_FMT2|.
* Remove XOP code from sha512-x86_64.pl.
* Pretend AMD XOP was never a thing.
* Drop some explicit SSLKeyShare destructors.
* Assume hyper-threading-like vulnerabilities are always present.
* Replace the last CRITICAL_SECTION with SRWLOCK.
* Validate ClientHellos in tests some more.
* Re-enable AES-NI on 32-bit x86 too.
* Make symbol-prefixing work on 32-bit x86.
* Make Windows symbol-prefixing work.
* Support Windows-style ar files.
* Move __.SYMDEF handling to ar.go.
* Fix stack_test.cc in the prefixed build.
* Don't double-mangle C++ symbols on macOS.
* Make read_symbols.go a bit more idiomatic.
* Unexport and rename hex_to_string, string_to_hex, and name_cmp.
* Satisfy golint.
* Add a note that generated files are generated.
* Work around a JDK 11 TLS 1.3 bug.
* Move ARM cpuinfo functions to the header.
* Regenerate obj_dat.h
* go fmt
* Support execute-only memory for AArch64 assembly.
* Remove cacheline striping in copy_from_prebuf.
* Tidy up type signature of BN_mod_exp_mont_consttime table.
* No longer set CQ-Verified label on CQ success/failure.
* Print a message when simulating CPUs.
* Move JSON test results code into a common module.
* In 0RTT mode, reverify the server certificate before sending early data.
* Support assembly building for arm64e architecture.
* Simulate other ARM CPUs when running tests.
* Merge P-224 contract into serialisation.
* Contract P-224 elements before returning them.
* Add post-handshake support for the QUIC API.
* Speculatively remove __STDC_*_MACROS.
* Modernize OPENSSL_COMPILE_ASSERT, part 2.
* Switch docs to recommending NASM.
* Mark the |e| argument to |RSA_generate_key_ex| as const.
* Clean up EC_POINT to byte conversions.
* Need cpu.h for |OPENSSL_ia32cap_P|.
* Rename EC_MAX_SCALAR_*.
* Use EC_RAW_POINT in ECDSA.
* Optimize EC_GFp_mont_method's cmp_x_coordinate.
* Optimize EC_GFp_nistp256_method's cmp_x_coordinate.
* Remove unreachable code.
* Also accept __ARM_NEON
* Remove some easy BN_CTXs.
* Push BIGNUM out of the cmp_x_coordinate interface.
* Push BIGNUM out of EC_METHOD's affine coordinates hook.
* Fix r = p-n+epsilon ECDSA tests.
* Don't include openssl/ec_key.h under extern "C".
* Abstract hs_buf a little.
* Inline ec_GFp_simple_group_get_degree.
* Better test boundary cases of ec_cmp_x_coordinate.
* Fix build when bcm.c is split up.
* Revert "Revert "Speed up ECDSA verify on x86-64.""
* Make SSL_get_current_cipher valid during QUIC callbacks.
* Devirtualize ec_simple_{add,dbl}.
* Refresh fuzzer corpora for changes to split-handshake serialization.
* Serialize SSL curve list in handoff and check it on application.
* Revert "Speed up ECDSA verify on x86-64."
* Route the tuned add/dbl implementations out of EC_METHOD.
* Speed up ECDSA verify on x86-64.
* Include details about latest FIPS certification.
* Serialize SSL configuration in handoff and check it on application.
* Don't overflow state->calls on 16TiB RAND_bytes calls.
* Buffer up QUIC data within a level internally.
* Add an interface for QUIC integration.
* Remove OPENSSL_NO_THREADS.
* Minor fixes to bytestring.h header.
* Test CBC padding more aggressively.
* Restore CHECKED_CAST.
* Fix EVP_tls_cbc_digest_record is slow using SHA-384 and short messages
* Tidy up dsa_sign_setup.
* Fix the build on glibc 2.15.
* Modernize OPENSSL_COMPILE_ASSERT.
* Fix redefinition of AEAD asserts in e_aes.c.
* Guard sys/auxv.h include on !BORINGSSL_ANDROID.
* Flatten EVP_AEAD_CTX
* Implement SSL_get_tlsext_status_type
* Fix documentation sectioning.
* Remove support for GCC 4.7.
* Print the name of the binary when blocking in getrandom.
* Undo recent changes to |X509V3_EXT_conf_nid|.
* Add a compatibility EVP_CIPH_OCB_MODE value.
* [util] Mark srtp.h as an SSL header file
* [rand] Disable RandTest.Fork on Fuchsia
* Remove -fsanitize-cfi-icall-generalize-pointers.
* Fix undefined function pointer casts in LHASH.
* Use proper functions for lh_*.
* Better handle AVX-512 assembly syntax.
* Always push errors on BIO_read_asn1 failure.
* Add a per-SSL TLS 1.3 downgrade enforcement option and improve tests.
* Fix div.c to divide BN_ULLONG only if BN_CAN_DIVIDE_ULLONG defined.
* Include aes.h in mode/internal.h
* Fix section header capitalization.
* Fix build in consumers that flag unused parameters.
* [perlasm] Hide OPENSSL_armcap_P in assembly
* Test the binary search more aggressively.
* Opaquify CONF.
* Bring Mac and iOS builders back to the CQ.
* Remove LHASH_OF mention in X509V3_EXT_conf_nid.
* Inline functions are apparently really complicated.
* Actually disable RandTest.Fork on iOS.
* Mostly fix undefined casts around STACK_OF's comparator.
* Fix undefined casts in sk_*_pop_free and sk_*_deep_copy.
* Take iOS builders out of the CQ rotation too.
* Rewrite PEM_X509_INFO_read_bio.
* Fix undefined block128_f, etc., casts.
* Fix undefined function pointer casts in {d2i,i2d}_Foo_{bio,fp}
* Fix undefined function pointer casts in IMPLEMENT_PEM_*.
* Always print some diagnostic information when POST fails.
* Disable RandTest.Fork on iOS.
* Const-correct sk_find and sk_delete_ptr.
* Add a test for STACK_OF(T).
* Rename inject-hash: Bazel does not like hyphens.
* Rename OPENSSL_NO_THREADS, part 1.
* Fix ERR_GET_REASON checks.
* Add a basic test for PEM_X509_INFO_read_bio.
* Replace BIO_new + BIO_set_fp with BIO_new_fp.
* Remove Mac try jobs from the CQ.
* Add util/read_symbols.go
* Tighten up getrandom handling.
* Remove SHA384_Transform from sha.h.
* Push an error on sigalg mismatch in X509_verify.
* Sync bundled bits of golang.org/x/crypto.
* Use Go modules with delocate.
* Keep the GCM bits in one place.
* Trim 88 bytes from each AES-GCM EVP_AEAD.
* Set up Go modules.
* Use sdallocx, if available, when deallocating.
* Remove the add_alert hook.
* Fix doc.go error capitalization.
* Don't include quotes in heredocs.
* Add missing bssl::UpRef overloads.
* Roll back clang revision.
* Update tools.
* Fix BORINGSSL_NO_CXX.
* Fix check of the pointer returned by BN_CTX_get
* Include newlines at the end of generated asm.
* Automatically disable assembly with MSAN.
* Mark the C version of md5_block_data_order static.
* Reorder some extensions to better match Firefox.
* Make symbol-prefixing work on ARM.
* Document alternative functions to BIO_f_base64.
* Another batch of bools.
* Add some RAND_bytes tests.
* Support symbol prefixes
* Fill in a fake session ID for TLS 1.3.
* Create output directories for perlasm.
* Fix Fiat path.
* Fix GCC (8.2.1) build error.
* Some more bools.
* Flatten most of the crypto target.
* Flatten assembly files.
* Flatten the decrepit target.
* Clarify "reference" and fix typo.
* Fix corner case in cpuinfo parser.
* Add some about ownership to API-CONVENTIONS.
* Tidy up docs for #defines.
* No negative moduli.
* Document that ED25519_sign only fails on allocation failure
* Clarify thread-safety of key objects.
* shim: don't clear environment when invoking handshaker.
* Switch the default TLS 1.3 variant to tls13_rfc.
* Switch to Clang 6.0's fuzzer support.

-------------------------------------------------------------------
Tue Dec 11 14:33:09 UTC 2018 - Jan Engelhardt <jengelh@inai.de>

- Trim redundant wording. Use multi-file find -exec invocation.

-------------------------------------------------------------------
Fri Nov 16 11:09:39 UTC 2018 - Michał Rostecki <mrostecki@suse.de>

- To avoid conflicts with openssl development files, change all
includes from openssl to boringssl.

-------------------------------------------------------------------
Fri Nov 9 14:16:22 UTC 2018 - Martin Pluskal <mpluskal@suse.com>

- Use optflags when building
- Do not create empty package

-------------------------------------------------------------------
Thu Nov 08 13:27:36 UTC 2018 - Michał Rostecki <mrostecki@suse.de>

- Update to version 20181026:
* Automatically disable assembly with MSAN.
* Switch the default TLS 1.3 variant to tls13_rfc.

-------------------------------------------------------------------
Wed Nov 07 13:54:49 UTC 2018 - Michał Rostecki <mrostecki@suse.de>

- Update to version 20181106:
* Make SSL_get_current_cipher valid during QUIC callbacks.
* Devirtualize ec_simple_{add,dbl}.
* Refresh fuzzer corpora for changes to split-handshake serialization.
* Serialize SSL curve list in handoff and check it on application.
* Revert "Speed up ECDSA verify on x86-64."
* Route the tuned add/dbl implementations out of EC_METHOD.
* Speed up ECDSA verify on x86-64.
* Include details about latest FIPS certification.
* Serialize SSL configuration in handoff and check it on application.
* Don't overflow state->calls on 16TiB RAND_bytes calls.
- Use tar_scm service for fetching sources and versioning.

-------------------------------------------------------------------
Wed Nov 7 09:45:31 UTC 2018 - Michał Rostecki <mrostecki@suse.de>

- Initial release - 0.0.0+git7499.6ec9e4
- Add add-soversion-option.patch - required to build libraries with
soversion

Places

File boringssl.changes of Package boringssl

Places