external/boringssl: Sync to 2c1523733a71166943e52da11ac2eae82b0227b8.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/2c45fa0b90f61b27973fa81893e014fc8c8e8999..2c1523733a71166943e52da11ac2eae82b0227b8
Test: Boringssl CTS Presubmits
Change-Id: I3dd86f480a6498f78b7b0cce8278179b7201107c
diff --git a/src/include/openssl/aead.h b/src/include/openssl/aead.h
index bd655d6..521e183 100644
--- a/src/include/openssl/aead.h
+++ b/src/include/openssl/aead.h
@@ -117,6 +117,16 @@
* https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-02 */
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void);
+/* EVP_aead_aes_128_gcm_fips_testonly is AES-128 in Galois Counter Mode with
+ * an internally-generated random nonce. This is unsafe and should not be
+ * used. */
+OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_fips_testonly(void);
+
+/* EVP_aead_aes_256_gcm_fips_testonly is AES-256 in Galois Counter Mode with
+ * an internally-generated random nonce. This is unsafe and should not be
+ * used. */
+OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_fips_testonly(void);
+
/* EVP_has_aes_hardware returns one if we enable hardware support for fast and
* constant-time AES-GCM. */
OPENSSL_EXPORT int EVP_has_aes_hardware(void);
diff --git a/src/include/openssl/bn.h b/src/include/openssl/bn.h
index a57c23a..49d4495 100644
--- a/src/include/openssl/bn.h
+++ b/src/include/openssl/bn.h
@@ -326,22 +326,6 @@
OPENSSL_EXPORT int BN_marshal_asn1(CBB *cbb, const BIGNUM *bn);
-/* Internal functions.
- *
- * These functions are useful for code that is doing low-level manipulations of
- * BIGNUM values. However, be sure that no other function in this file does
- * what you want before turning to these. */
-
-/* bn_correct_top decrements |bn->top| until |bn->d[top-1]| is non-zero or
- * until |top| is zero. If |bn| is zero, |bn->neg| is set to zero. */
-OPENSSL_EXPORT void bn_correct_top(BIGNUM *bn);
-
-/* bn_wexpand ensures that |bn| has at least |words| works of space without
- * altering its value. It returns |bn| on success or NULL on allocation
- * failure. */
-OPENSSL_EXPORT BIGNUM *bn_wexpand(BIGNUM *bn, size_t words);
-
-
/* BIGNUM pools.
*
* Certain BIGNUM operations need to use many temporary variables and
@@ -707,6 +691,28 @@
* Miller-Rabin checks that gives a false positive rate of ~2^{-80}. */
#define BN_prime_checks 0
+/* bn_primality_result_t enumerates the outcomes of primality-testing. */
+enum bn_primality_result_t {
+ bn_probably_prime,
+ bn_composite,
+ bn_non_prime_power_composite,
+};
+
+/* BN_enhanced_miller_rabin_primality_test tests whether |w| is probably a prime
+ * number using the Enhanced Miller-Rabin Test (FIPS 186-4 C.3.2) with
+ * |iterations| iterations and returns the result in |out_result|. Enhanced
+ * Miller-Rabin tests primality for odd integers greater than 3, returning
+ * |bn_probably_prime| if the number is probably prime,
+ * |bn_non_prime_power_composite| if the number is a composite that is not the
+ * power of a single prime, and |bn_composite| otherwise. If |iterations| is
+ * |BN_prime_checks|, then a value that results in a false positive rate lower
+ * than the number-field sieve security level of |w| is used. It returns one on
+ * success and zero on failure. If |cb| is not NULL, then it is called during
+ * each iteration of the primality test. */
+int BN_enhanced_miller_rabin_primality_test(
+ enum bn_primality_result_t *out_result, const BIGNUM *w, int iterations,
+ BN_CTX *ctx, BN_GENCB *cb);
+
/* BN_primality_test sets |*is_probably_prime| to one if |candidate| is
* probably a prime number by the Miller-Rabin test or zero if it's certainly
* not.
@@ -714,9 +720,10 @@
* If |do_trial_division| is non-zero then |candidate| will be tested against a
* list of small primes before Miller-Rabin tests. The probability of this
* function returning a false positive is 2^{2*checks}. If |checks| is
- * |BN_prime_checks| then a value that results in approximately 2^{-80} false
- * positive probability is used. If |cb| is not NULL then it is called during
- * the checking process. See the comment above |BN_GENCB|.
+ * |BN_prime_checks| then a value that results in a false positive rate lower
+ * than the number-field sieve security level of |candidate| is used. If |cb| is
+ * not NULL then it is called during the checking process. See the comment above
+ * |BN_GENCB|.
*
* The function returns one on success and zero on error.
*
@@ -732,9 +739,10 @@
* If |do_trial_division| is non-zero then |candidate| will be tested against a
* list of small primes before Miller-Rabin tests. The probability of this
* function returning one when |candidate| is composite is 2^{2*checks}. If
- * |checks| is |BN_prime_checks| then a value that results in approximately
- * 2^{-80} false positive probability is used. If |cb| is not NULL then it is
- * called during the checking process. See the comment above |BN_GENCB|.
+ * |checks| is |BN_prime_checks| then a value that results in a false positive
+ * rate lower than the number-field sieve security level of |candidate| is used.
+ * If |cb| is not NULL then it is called during the checking process. See the
+ * comment above |BN_GENCB|.
*
* WARNING: deprecated. Use |BN_primality_test|. */
OPENSSL_EXPORT int BN_is_prime_fasttest_ex(const BIGNUM *candidate, int checks,
@@ -967,5 +975,6 @@
#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 116
#define BN_R_BAD_ENCODING 117
#define BN_R_ENCODE_ERROR 118
+#define BN_R_INVALID_INPUT 119
#endif /* OPENSSL_HEADER_BN_H */
diff --git a/src/include/openssl/pkcs7.h b/src/include/openssl/pkcs7.h
index 6e5e433..eaba29e 100644
--- a/src/include/openssl/pkcs7.h
+++ b/src/include/openssl/pkcs7.h
@@ -12,5 +12,71 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-/* This header is provided in order to make compiling against code that expects
- OpenSSL easier. */
+#ifndef OPENSSL_HEADER_PKCS7_H
+#define OPENSSL_HEADER_PKCS7_H
+
+#include <openssl/base.h>
+
+#include <openssl/stack.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+/* PKCS#7.
+ *
+ * This library contains functions for extracting information from PKCS#7
+ * structures (RFC 2315). */
+
+DECLARE_STACK_OF(CRYPTO_BUFFER)
+DECLARE_STACK_OF(X509)
+DECLARE_STACK_OF(X509_CRL)
+
+/* PKCS7_get_raw_certificates parses a PKCS#7, SignedData structure from |cbs|
+ * and appends the included certificates to |out_certs|. It returns one on
+ * success and zero on error. */
+OPENSSL_EXPORT int PKCS7_get_raw_certificates(
+ STACK_OF(CRYPTO_BUFFER) *out_certs, CBS *cbs, CRYPTO_BUFFER_POOL *pool);
+
+/* PKCS7_get_certificates behaves like |PKCS7_get_raw_certificates| but parses
+ * them into |X509| objects. */
+OPENSSL_EXPORT int PKCS7_get_certificates(STACK_OF(X509) *out_certs, CBS *cbs);
+
+/* PKCS7_bundle_certificates appends a PKCS#7, SignedData structure containing
+ * |certs| to |out|. It returns one on success and zero on error. */
+OPENSSL_EXPORT int PKCS7_bundle_certificates(
+ CBB *out, const STACK_OF(X509) *certs);
+
+/* PKCS7_get_CRLs parses a PKCS#7, SignedData structure from |cbs| and appends
+ * the included CRLs to |out_crls|. It returns one on success and zero on
+ * error. */
+OPENSSL_EXPORT int PKCS7_get_CRLs(STACK_OF(X509_CRL) *out_crls, CBS *cbs);
+
+/* PKCS7_bundle_CRLs appends a PKCS#7, SignedData structure containing
+ * |crls| to |out|. It returns one on success and zero on error. */
+OPENSSL_EXPORT int PKCS7_bundle_CRLs(CBB *out, const STACK_OF(X509_CRL) *crls);
+
+/* PKCS7_get_PEM_certificates reads a PEM-encoded, PKCS#7, SignedData structure
+ * from |pem_bio| and appends the included certificates to |out_certs|. It
+ * returns one on success and zero on error. */
+OPENSSL_EXPORT int PKCS7_get_PEM_certificates(STACK_OF(X509) *out_certs,
+ BIO *pem_bio);
+
+/* PKCS7_get_PEM_CRLs reads a PEM-encoded, PKCS#7, SignedData structure from
+ * |pem_bio| and appends the included CRLs to |out_crls|. It returns one on
+ * success and zero on error. */
+OPENSSL_EXPORT int PKCS7_get_PEM_CRLs(STACK_OF(X509_CRL) *out_crls,
+ BIO *pem_bio);
+
+
+#if defined(__cplusplus)
+} /* extern C */
+#endif
+
+#define PKCS7_R_BAD_PKCS7_VERSION 100
+#define PKCS7_R_NOT_PKCS7_SIGNED_DATA 101
+#define PKCS7_R_NO_CERTIFICATES_INCLUDED 102
+#define PKCS7_R_NO_CRLS_INCLUDED 103
+
+#endif /* OPENSSL_HEADER_PKCS7_H */
diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h
index b52d80c..1ee7e5c 100644
--- a/src/include/openssl/ssl.h
+++ b/src/include/openssl/ssl.h
@@ -4664,5 +4664,6 @@
#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
#define SSL_R_TLSV1_UNKNOWN_PSK_IDENTITY 1115
#define SSL_R_TLSV1_CERTIFICATE_REQUIRED 1116
+#define SSL_R_TOO_MUCH_READ_EARLY_DATA 1117
#endif /* OPENSSL_HEADER_SSL_H */
diff --git a/src/include/openssl/x509.h b/src/include/openssl/x509.h
index 44b3b7b..914b275 100644
--- a/src/include/openssl/x509.h
+++ b/src/include/openssl/x509.h
@@ -77,6 +77,7 @@
#include <openssl/ec.h>
#include <openssl/evp.h>
#include <openssl/obj.h>
+#include <openssl/pkcs7.h>
#include <openssl/pool.h>
#include <openssl/rsa.h>
#include <openssl/sha.h>
@@ -1115,37 +1116,6 @@
DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
-/* PKCS7_get_certificates parses a PKCS#7, SignedData structure from |cbs| and
- * appends the included certificates to |out_certs|. It returns one on success
- * and zero on error. */
-OPENSSL_EXPORT int PKCS7_get_certificates(STACK_OF(X509) *out_certs, CBS *cbs);
-
-/* PKCS7_bundle_certificates appends a PKCS#7, SignedData structure containing
- * |certs| to |out|. It returns one on success and zero on error. */
-OPENSSL_EXPORT int PKCS7_bundle_certificates(
- CBB *out, const STACK_OF(X509) *certs);
-
-/* PKCS7_get_CRLs parses a PKCS#7, SignedData structure from |cbs| and appends
- * the included CRLs to |out_crls|. It returns one on success and zero on
- * error. */
-OPENSSL_EXPORT int PKCS7_get_CRLs(STACK_OF(X509_CRL) *out_crls, CBS *cbs);
-
-/* PKCS7_bundle_CRLs appends a PKCS#7, SignedData structure containing
- * |crls| to |out|. It returns one on success and zero on error. */
-OPENSSL_EXPORT int PKCS7_bundle_CRLs(CBB *out, const STACK_OF(X509_CRL) *crls);
-
-/* PKCS7_get_PEM_certificates reads a PEM-encoded, PKCS#7, SignedData structure
- * from |pem_bio| and appends the included certificates to |out_certs|. It
- * returns one on success and zero on error. */
-OPENSSL_EXPORT int PKCS7_get_PEM_certificates(STACK_OF(X509) *out_certs,
- BIO *pem_bio);
-
-/* PKCS7_get_PEM_CRLs reads a PEM-encoded, PKCS#7, SignedData structure from
- * |pem_bio| and appends the included CRLs to |out_crls|. It returns one on
- * success and zero on error. */
-OPENSSL_EXPORT int PKCS7_get_PEM_CRLs(STACK_OF(X509_CRL) *out_crls,
- BIO *pem_bio);
-
/* EVP_PK values indicate the algorithm of the public key in a certificate. */
#define EVP_PK_RSA 0x0001