external/boringssl: Sync to c9a7dd687987666df5910f2b35fdc8c3d1e5ed05.
Cherry-picked from https://r.android.com/2046663 to prevent merge conflicts and http://ag/17606941 because the original CP was to the wrong branch.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/81502beeddc5f116d44d0898c6c4a33057198db8..c9a7dd687987666df5910f2b35fdc8c3d1e5ed05
* Retire the Windows BIO_printf workaround.
* Work around another C language bug with empty spans.
* ASAN replaces malloc and free with its own implementation.
* Update fiat-crypto.
* Remove VS 2015 support.
Update-Note: BoringSSL may no longer build with VS 2015. Consumers
should upgrade to the latest Visual Studio release. VS 2017 or later is
required.
* Remove X509_TRUST_set_default.
* Replace internal use sha1 hash with sha256.
* Document that |EC_KEY_generate_fips| works for both cases.
* Allow the integrity test to be run on demand.
* Add a function to return a FIPS version.
* Add a function to tell if an algorithm is FIPS approved.
* Add vs2019 to vs_toolchain.py.
* Unexport X509_CERT_AUX and remove X509_CERT_AUX.other
* Document and tidy up X509_alias_get0, etc.
* Don't loop forever in BN_mod_sqrt on invalid inputs.
* Make a whitespace commit to trigger a build.
* Rust bindings: Use CARGO_MANIFEST_DIR in build.rs
* Remove ASN1_ADB_INTEGER.
* Replace an ASN1_INTEGER_get call with ASN1_INTEGER_get_uint64
* Correctly handle LONG_MIN in ASN1_INTEGER_get.
* Implement ASN1_INTEGER_set_uint64 with ASN1_STRING_set.
* Rewrite and tighten ASN1_INTEGER encoding and decoding.
Update-Note: Invalid INTEGERs will no longer parse, but they already
would not have parsed in OpenSSL. Additionally, zero is now internally
represented as "" rather than "\0".
* Deduplicate the rest of ASN1_INTEGER and ASN1_ENUMERATED.
Update-Note: ASN1_INTEGER_to_BN and ASN1_ENUMERATED_to_BN will now fail
when called on an ASN1_STRING/ASN1_INTEGER/ASN1_ENUMERATED (they're all
the same type) with the wrong runtime type value. Previously, callers
that mixed them up would get the right answer on positive values and
silently misinterpret the input on negative values. This change matches
OpenSSL's 1.1.0's behavior.
* Fix theoretical overflow in ASN1_INTEGER_cmp.
* Include rsa/internal.h for |...no_self_test| functions.
* Limit the pthread_rwlock workaround to glibc.
Update-Note: If there are non-glibc libcs with similarly problematic
headers, this may break the build. Let us know if it does.
* Rewrite ASN1_INTEGER tests.
* Use X509V3_add_value_int in i2v_AUTHORITY_KEYID.
* Fix x509v3_bytes_to_hex when passed the empty string.
* Reimplement ASN1_get_object with CBS.
Update-Note: Invalid certificates (and the few external structures using
asn1t.h) with incorrectly-encoded tags will now be rejected.
* Add an explicit indefinite-length output to CBS_get_any_ber_asn1_element.
Update-Note: This is a breaking change to CBS_get_any_ber_asn1_element.
There is only one external caller of this function, and it should be
possible to fix them atomically with this change, so I haven't bothered
introducing another name, etc. (See cl/429632075 for the fix.)
* Use ctype(3) in a more standards-conformant way.
Bug: 160351635
Test: atest CtsLibcoreTestCases CtsLibcoreOkHttpTestCases
Change-Id: Iffd9451788b67d3da80cefbcf8d3d0ffb7d682fd
(cherry picked from commit 1ffe10415b506d2f2336a3249368c7b5f6b788e9)
69 files changed