version of boringssl is expected by go1.22 and go1.23 when
building with GOEXPERIMENT=boringcrypto.
Refs boo#1236000
- Packaging improvements:
* _service change disabled to manual per osc deprecation warning:
WARNING: Command 'disabledrun/dr' is obsolete, please convert
your _service to use 'manual' and then 'manualrun/mr' instead.
* Vendor Go build-time utility dependences in go.mod, not yet
using OBS Service Go Modules.
* Add BuildRequires: golang(API) >= 1.22 to enable Go related
utilities used in CMake build steps related to FIPS
mode. Upstream minimum version per go.mod is go1.13.
* _service add go_modules to vendor pinned dependences in go.mod
* Use autosetup -a 1 to unpack source and vendored dependencies
* Rebase 0001-Compile-for-RISC-V.patch
* Rebase 0002-crypto-Fix-aead_test-build-on-aarch64.patch
* Rebase 0003-enable-s390x-builds.patch
* Rebase 0004-fix-alignment-for-ppc64le.patch
* Rebase 0005-fix-alignment-for-arm.patch
* Rebase 0006-gcc-disable-werror.patch
* Rebase 0007-fix-go-vendor-embed_test_data.patch
* Rebase 0008-fix-go-vendor-err_data_generate.patch
* Rebase 0009-soname-sover.patch (was soname-sover.patch)
* rpmlint fix version-control-internal-file error
* rpmlint fix script-without-shebang error
* rpmlint fix non-executable-script error
* rpmlint fix binary-or-shlib-defines-rpath error use CMAKE_SKIP_RPATH
OBS-URL: https://build.opensuse.org/package/show/security:tls/boringssl?expand=0&rev=41
- Update to version 20200921 (fixes bsc#1183836, bsc#1181866):
* Add SSL_CIPHER_get_protocol_id.
* Add TrustTokenV2.
* Add X509_get_pathlen and X509_REVOKED_get0_extensions.
* Add some accommodations for FreeRDP
* Require non-NULL store in X509_STORE_CTX_init.
* Const-correct X509V3_CONF_METHOD.
* Avoid unions in X509_NAME logic.
* Bump OPENSSL_VERSION_NUMBER to 1.1.1.
* Document more of x509.h.
* Fix potential leak in bssl::Array::Shrink.
* Remove ASN1_STRING_length_set.
* Revert "Check AlgorithmIdentifier parameters for RSA and ECDSA signatures."
* Implement PSK variants of HPKE setup functions.
* acvp: support working with files.
* Document a few more functions in x509.h.
* Add subject key ID and authority key ID accessors.
* Remove sxnet and pkey_usage_period extensions.
* Const-correct various X509 functions.
* Make X509_set_not{Before,After} functions rather than macros.
* Add X509_get0_uids from OpenSSL 1.1.0.
* Bound RSA and DSA key sizes better.
* Add set1 versions of X509 timestamp setters.
* Consistently sort generated build files.
* delocate: use 64-bit GOT offsets in the large memory model.
* Update HPKE implementation and test vectors to draft-irtf-cfrg-hpke-05.
* Handle NULL arguments in some i2d_* functions.
* aarch64: support BTI and pointer authentication in assembly
* Support delegated credentials verison 06
* delocation: large memory model support.
OBS-URL: https://build.opensuse.org/request/show/893861
OBS-URL: https://build.opensuse.org/package/show/security:tls/boringssl?expand=0&rev=33
- Remove patch for enabling shared linking - it was enabled
upstream.
* 0001-add-soversion-option.patch
- Add boringssl-source subpackage.
- Update to version 20200122:
* Define EVP compatibility constants for X448 and Ed448.
* Allow shared libraries in the external CMake build.
* Add a few little-endian functions to CBS/CBB.
* Move iOS asm tricks up in external CMake build.
* Try again to deal with expensive tests.
* Restore ARM CPU variation tests on builders.
* Remove SSL_CTX_set_rsa_pss_rsae_certs_enabled.
* Work around another NULL/0 C language bug.
* Use the MAYBE/DISABLED pattern in RSATest.BlindingCacheConcurrency.
* Switch an #if-0-gated test to DISABLED_Foo.
* Proxy: send whole SSL records through the handshaker.
* Disable Wycheproof primality test cases on non-x86 (too slow)
* test_state.cc: serialize the test clock.
* Output after every Wycheproof primality test.
* Maybe fix generated-CMake build on Android and iOS.
* Detect the NDK path from CMAKE_TOOLCHAIN_FILE.
* Tell Go to build for GOOS=android when running on Android.
* Reland bitsliced aes_nohw implementation.
* Add bssl client option to load a hashed directory of cacerts.
* No-op change to run the new NO_SSE2 builders.
* Clarify that we perform the point-on-curve check.
* Reduce size of BlindingCacheConcurrency test under TSAN.
* Compare vpaes/bsaes conversions against a reference implementation.
* Enable the SSE2 Poly1305 implementation on clang-cl.
OBS-URL: https://build.opensuse.org/request/show/809901
OBS-URL: https://build.opensuse.org/package/show/security:tls/boringssl?expand=0&rev=30
* Revert "Fix VS build when assembler is enabled"
* Only bypass the signature verification itself in fuzzer mode.
* Move the PQ-experiment signal to SSL_CTX.
* Name cipher suite tests in runner by IETF names.
* Align TLS 1.3 cipher suite names with OpenSSL.
* Prefix all the SIKE symbols.
* Rename SIKE's params.c.
* Add post-quantum experiment signal extension.
* Fix shim error message endings.
* Add initial draft of ACVP tool.
* Implements SIKE/p434
* Add SipHash-2-4.
* Remove android_tools checkout
* Support key wrap with padding in CAVP.
* Add android_sdk checkout
* Move fipstools/ to util/fipstools/cavp
* Factor out TLS cipher selection to ssl_choose_tls_cipher.
* Emit empty signerInfos in PKCS#7 bundles.
* Clarify language about default SSL_CTX session ticket key behavior.
* Add an API to record use of delegated credential
* Fix runner tests with Go 1.13.
* Add a value barrier to constant-time selects.
* Avoid leaking intermediate states in point doubling special case.
* Split p224-64.c multiplication functions in three.
* Add AES-KWP
* Discuss the doubling case in windowed Booth representation.
* Update build tools.
* Set a minimum CMake version of 3.0.
* Replace addc64,subc64,mul64 in SIKE Go code with functions from math/bits
OBS-URL: https://build.opensuse.org/package/show/security:tls/boringssl?expand=0&rev=22
* Disable RDRAND on AMD chips before Zen.
* Always store early data tickets.
* Align PKCS12_parse closer to OpenSSL.
* Support PKCS#12 KeyBags.
* Support PKCS#8 blobs using PBES2 with HMAC-SHA256.
* Make EVP_PKEY_keygen work for Ed25519.
* Sync aesp8-ppc.pl with upstream.
* Update generate_build_files.py for SIKE.
* Fix the last casts in third_party/sike.
* Remove no-op casts around tt1.
* Define p503 with crypto_word_t, not uint64_t.
* Add support for SIKE/p503 post-quantum KEM
* tool: fix speed tests.
* Add an option to skip crypto_test_data.cc in GN too.
* Save and restore errors when ignoring ssl_send_alert result.
* Reject obviously invalid DSA parameters during signing.
* Make expect/expected flag and variable names match.
* clang-format Flag arrays in test_config.cc.
* Rename remnants of ticket_early_data_info.
* Enforce the ticket_age parameter for 0-RTT.
* Add SSL_get_early_data_reason.
* Remove implicit -on-resume for -expect-early-data-accept.
* Use weak symbols only on supported platforms
* Fix spelling in comments.
* Add functions for "raw" EVP_PKEY serializations.
* Remove stray underscores.
* Add a compatibility EVP_DigestFinalXOF function.
* Fix up EVP_DigestSign implementation for Ed25519.
* Check for errors when setting up X509_STORE_CTX.
OBS-URL: https://build.opensuse.org/package/show/security:tls/boringssl?expand=0&rev=16
- Update to version 20181228:
* Use thread-local storage for PRNG states if fork-unsafe buffering is enabled.
* Add Win64 SEH unwind codes for the ABI test trampoline.
* Translate .L directives inside .byte too.
* Add an ABI testing framework.
* Use same HKDF label as TLS 1.3 for QUIC as per draft-ietf-quic-tls-17
* Add |SSL_key_update|.
* HRSS: omit reconstruction of ciphertext.
* Add start of infrastructure for checking constant-time properties.
* Don't enable intrinsics on x86 without ABI support.
* HRSS: be strict about unused bits being zero.
* Disable AES-GCM-SIV assembly on Windows.
* Fix typo in AES-GCM-SIV comments.
* Fix HRSS build error on ARM
* Fix thread-safety bug in SSL_get_peer_cert_chain.
* Remove HRSS confirmation hash.
* Drop NEON assembly for HRSS.
* Add |SSL_export_traffic_secrets|.
* Patch out the XTS implementation in bsaes.
* Remove .file and .loc directives from HRSS ARM asm.
* Do not allow AES_128_GCM_SHA256 with CECPQ2.
* Always 16-byte align |poly| elements.
* Fix bug in HRSS tests.
* Add initial HRSS support.
* Forbid empty CertificateRequestsupported_signature_algorithms in TLS 1.2.
* Eliminate |OPENSSL_ia32cap_P| in C code in the FIPS module.
* Fix d2i_*_bio on partial reads.
* Fix |BN_HEX_FMT2|.
* Remove XOP code from sha512-x86_64.pl.
* Pretend AMD XOP was never a thing.
OBS-URL: https://build.opensuse.org/request/show/697843
OBS-URL: https://build.opensuse.org/package/show/security:tls/boringssl?expand=0&rev=10
- Update to version 20181106:
* Make SSL_get_current_cipher valid during QUIC callbacks.
* Devirtualize ec_simple_{add,dbl}.
* Refresh fuzzer corpora for changes to split-handshake serialization.
* Serialize SSL curve list in handoff and check it on application.
* Revert "Speed up ECDSA verify on x86-64."
* Route the tuned add/dbl implementations out of EC_METHOD.
* Speed up ECDSA verify on x86-64.
* Include details about latest FIPS certification.
* Serialize SSL configuration in handoff and check it on application.
* Don't overflow state->calls on 16TiB RAND_bytes calls.
- Use tar_scm service for fetching sources and versioning.
OBS-URL: https://build.opensuse.org/request/show/647027
OBS-URL: https://build.opensuse.org/package/show/security:tls/boringssl?expand=0&rev=2
