Update to upstream 5511fa8

[christianpaquin]

Update to upstream commit 5511fa8.

[christianpaquin]

CI tests are failing because the go version is too old. This newer version requires go 1.13. Will fix...

[christianpaquin]

The evp_pkey_asn1_method_st struct (defined in crypto/internal.h) now has an EVP_PKEY_METHOD* field which was set in NULL in our previous PR attempts, this PR sets it correctly and prevents workaround includes that led to errors.

[christianpaquin]

Working on upgrading this fork to a more recent boringssl version; CI fails due to Go build errors. Google upgraded to a more version of Go. The go.mod file claims it needs v1.13, but it actually needs v1.16 (when os.ReadFile) was added to the os package). Our Docker images use v1.14, so it seems that the simplest fix is to update these (using this download link: https://go.dev/dl/go1.19.3.linux-amd64.tar.gz). Do you agree, @xvzcf, @baentsch?

[baentsch]

Do you agree, @xvzcf, @baentsch?

Sounds reasonable. Will update the image and trigger CI again when done.

[christianpaquin]

Sounds reasonable. Will update the image and trigger CI again when done.

Great, thanks. Looks like we only use the openquantumsafe/ci-ubuntu-focal-x86_64 image; not sure if you should (eventually) update the other ones in case we need to build on these platforms as well.

[baentsch]

not sure if you should (eventually) update the other ones in case we need to build on these platforms as well.

Let's cross those bridges if someone sees water flow under them -- if you know what I mean. Or are you aware of anyone needing those other platforms right now? But then they should be moved to active (CI) use.

[christianpaquin]

Well the tests pass -- anything else I'm not really the right person to judge. What might be good as an additional check is an interop test with oqs-OpenSSL111. There seems to be a script for that but the tests don't seem to use it (?). But then again, we're not really supporting boringssl, so interop probably never was an interest.

Thanks @baentsch. Interop with our test server works; e.g.: ./tool/bssl client -curves p384_kyber768 -connect test.openquantumsafe.org:6042 succeeds. (This is the purpose of the oqs_scripts/test_with_interop_server.py script, but it doesn't work for me; I'd however rather address that in a different issue/PR.)

@xvzcf; I'll let you take a look before merging, if you'd like.

[baentsch]

I'd however rather address that in a different issue/PR

ACK. Let me know if you'd want me to look into integrating this script to CI (if we all agree we want to keep maintaining boringssl: Do we?) PR moved to review-readiness for @xvzcf

[xvzcf]

Have you tried testing this with the current Chromium tag we use @christianpaquin? Or a more recent one?

[christianpaquin]

Have you tried testing this with the current Chromium tag we use @christianpaquin? Or a more recent one?

Just tested with our documented Chromium tag; works.