)]}'
{
  "commit": "2a0831559bc2caedcc3971b3f1a2355f3cebb119",
  "tree": "365be456e3fe5cb1b88fd54f3c8cab713ebbc0d1",
  "parents": [
    "08f1b2ef26b4759a44e131935ad49056e9f11a81"
  ],
  "author": {
    "name": "Piotr Sikora",
    "email": "piotrsikora@google.com",
    "time": "Wed Mar 07 17:32:45 2018 -0800"
  },
  "committer": {
    "name": "Piotr Sikora",
    "email": "piotrsikora@google.com",
    "time": "Tue Mar 20 07:50:43 2018 +0000"
  },
  "message": "Bazel: update BoringSSL to ec55dc1 / 25999bc (master-with-bazel).\n\nThis update includes the following changes:\n\nec55dc15 Update tools.\n929a9d7d Don\u0027t bother retrying in bn_blinding_create_param.\nf8058d41 Add M\u003d8 L\u003d2 AES-128-CCM as well.\n8df8e642 Record whether dummy PQ padding was used.\n8d4f7e54 Remove redundant assertion in fe_mul_121666_impl.\n4702db63 Update dummy PQ extension for round two.\n8041d8c4 third_party: re-format METATADA files\nc0178640 Update link to CMVP certificate.\ne745b25d Remove trailing whitespace from ssl/.\n672f6fc2 Always use adr with __thumb2__.\n36714fc8 Remove redundant length-check in |ec_wNAF_mul|.\n02d696f2 Delete |pthread_key_t| on dlclose.\ned626ec9 Merge NIAP and FIPS test suites.\n085955c5 Actually use the u64 cast.\nf16cd427 Add AES_128_CCM AEAD.\n78a832d7 Document RSAZ slightly better.\nc03ecb93 Remove SSLv3_method and friends.\n1bf2337f Reject compressed ECDH coordinates in TLS.\n67968895 Remove unused strings.h #include from crypto/mem.c\n02cca198 clang-format RSAZ C code.\n10443f5a Adjust comment on potential R^3 optimization.\n862e0d2e Add cpu-aarch64-fuchsia.c\n638a408c Add a tuned variable-time P-256 multiplication function.\n6e4ff114 Merge Intel copyright notice into standard\nf6cf8bbc Sync up AES assembly.\n6dc99426 Sync up some perlasm license headers and easy fixes.\n0f4f6c2e p256-x86_64.pl: add CFI directives.\n02808ddc p256-x86_64-asm.pl: Win64 SEH face-lift.\n05640fd3 p256-x86_64-asm.pl: Add OpenSSL copyright\n8ae929f1 p256-x86_64.pl: update commentary with before-after performance data.\nd25e62e7 Return NULL instead of zero in |bn_resized_from_ctx|.\n38c20fe8 Fix threading issues with RSA freeze_private_key.\n61dedd68 Don\u0027t crash when failing to set affine coordinates when the generator is missing.\n376f3f17 Add BN_count_low_zero_bits.\nd24cb22c Make BN_cmp constant-time.\nac383701 Simplify bn_mul_part_recursive.\n6488f4e2 Fix over-allocated bounds on bn_mul_part_recursive.\n2bf82975 Make bn_mul_part_recursive constant-time.\n6541308f Don\u0027t allocate oversized arrays for bn_mul_recursive.\n34a2c5e4 Make bn_mul_recursive constant-time.\nb01dd1c6 Make bn_sqr_recursive constant-time.\n3b3e12d8 Simplify BN_bn2bin_padded.\nbe837402 Make the rest of RSA CRT constant-time.\n150ad30d Split BN_uadd into a bn_uadd_fixed.\n5b10def1 Compute mont-\u003eRR in constant-time.\n6f564afb Make BN_mod_*_quick constant-time.\neaa80b70 Remove DSA k+q kludge.\n08805fe2 Normalize RSA private component widths.\nc7b6e0a6 Don\u0027t leak widths in bn_mod_mul_montgomery_fallback.\n08d774a4 Remove some easy bn_set_minimal_width calls.\n09633cc3 Rename bn-\u003etop to bn-\u003ewidth.\n23223ebb Tidy BN_bn2hex and BN_print with non-minimal inputs.\ncb4e300f Store EC field and orders in minimal form.\n226b4b51 Make the rest of BIGNUM accept non-minimal values.\n45210dd4 Tidy up |ec_GFp_simple_point2oct| and friend.\n2044181e Set output point to the generator when not on the curve.\na3123910 cavp_tlskdf_test.cc: include errno.h since errno is referenced.\n091b455f Support running CAVP tests on an Android device.\n472ba2c2 Require that Ed25519 |s| values be \u003c order.\nf4b708cc Add a function which folds BN_MONT_CTX_{new,set} together.\nfeffb871 Make BN_bn2bin_padded work with non-minimal BIGNUMs.\n385e4e9d Handle directive arguments with * in them.\n6c414655 Remove redundant bn-\u003etop computation.\n7979dbed Use bn_resize_words in BN_from_montgomery_word.\n76ce04be Fix up BN_MONT_CTX_set with non-minimal values.\n0758b683 Reject negative numbers in BN_{mod_mul,to,from}_montgomery.\n9a5bfc03 Tidy up BN_mod_mul_montgomery.\n2ccdf584 Factor out BN_to_montgomery(1) optimization.\ndc8b1abb Do RSA sqrt(2) business in BIGNUM.\n43cf27e7 Add bn_copy_words.\nad5cfdf5 Add initial support for non-minimal BIGNUMs.\n884086e0 Remove x86_64 x25519 assembly.\nfa651134 Push an error if custom private keys fail.\n48669209 Fix fuzzer mode suppressions.\nddb57cfb Add tests for split handshakes.\n3fe8fa74 Add initial, experimental support for split handshakes.\n7e5dd25d Remove draft22 and experiment2.\n3c034b2c Add support for QUIC transport params.\na62dbf88 Move OPENSSL_FALLTHROUGH to internal headers.\n5301c10c ssl_verify_peer_cert: implement |SSL_VERIFY_NONE| as advertised.\ne8d2439c Expose ssl_session_serialize to libssl.\n0ab3f0ca Notice earlier if a server echoes the TLS 1.3 compatibility session ID.\n0ab86cf6 Require only that the nonce be strictly monotonic in TLS\u0027s AES-GCM\n449a9e6a Make the gdb window larger.\nab5a947d Reslice TLS AEAD setup.\nc61b5771 Add some more utility functions to bytestring.\n5a869aa3 Documentation typo.\n610cdbb1 Switch some ints to bools and Spans.\n32b59402 Don\u0027t leak the exponent bit width in BN_mod_exp_mont_consttime.\ncb1ad205 Use 51-bit limbs from fiat-crypto in 64-bit.\na1bc1ba4 Fix up CTR_DRBG_update comment.\n8017cdde Make BN_num_bits_word constant-time.\nb9f30bb6 Unwind total_num from wNAF_mul.\nd86c0d28 Pull the malloc out of compute_wNAF.\n6ca09409 Always compute the maximum-length wNAF.\na42d7bee Reorganize curve25519.c slightly.\n0c1eafc6 Add additional constants to make_curve25519_tables.py.\n522ad7e8 Use EC_SCALAR for compute_wNAF.\n338eeb0c Remove r_is_inverted logic.\n2d77d408 Generate curve25519 tables with a script.\n042b49cf Extract curve25519 tables into a separate header.\n5d940871 Remove unnecessary window size cases.\n4111dd2f Don\u0027t compute a per-scalar window size in wNAF code.\n186df3a6 Implement fe_sq2_tt with fe_sq_tt.\na7bc9448 Don\u0027t use the client_random entropy for GREASE.\n44fd6eee Split BORINGSSL_self_test into its own file.\n98e24197 add missing #includes\na4f78775 [ndk] Change ndk deps in src and relocate to third_party/boringssl\ncb15cfda Add draft23 tests.\nf2e7b220 Extract FIPS KAT tests into a function.\n36fcc4ca Implement Token Binding\n8d67f6f0 Update tools.\n017fbf09 Fix sort order.\n05a84344 Support AVX-512 instructions with a writemask in delocate.\nbb1e5cbb Use -gcv8 instead of -g cv8.\n5ab54840 Support |alignof|/|alignas| in GCC 4.7.\nc7ef069a Fix format-string error in delocate.go.\n37c6eb42 Support TLS KDF test for NIAP.\ne80c7c06 Support KAS tests for NIAP.\n92b8ecdd Change from configuring a FAX scanner function to a FAX next-line function.\nafd1cd95 Work around an NDK / Android bug.\n7c5e1400 Fix reference to nonexistent function.\n94cd196a Add files in third_party/fiat for Chromium to pick up.\nb6317b98 Update googletest.\n11a5726e tool: update selection of draft22 TLS 1.3 variant\n512a289a Add support for dummy PQ padding.\n3c92e80d Revert \"Update tools.\"\n9d1f9660 Update tools.\n53ff70f6 Tidy up some warnings.\ne2b8466f Update CMake on Windows bots to 3.10.1.\n74666da5 Update key share extension number for draft23.\n0c9b7b5d Align various point_get_affine_coordinates implementations.\n9112631c Remove ftmp* comments from P-256 addition code.\n3ab6ad6a Simplify EC_KEY_set_public_key_affine_coordinates.\n99084cdd Fold away ec_point_set_Jprojective_coordinates_GFp.\n1eddb4be Make EC_POINT_set_compressed_coordinates_GFp use BIGNUM directly.\n9770532a Map NOT_YET_VALID errors to |certificate_expired|.\n92e33250 Add a function for encoding SET OF.\n00208b44 Use fiat-crypto\u0027s freeze function for fe_tobytes.\n2f9b47fb Better pack structs in ssl/internal.h\n11850d5f Rename all googletest CMake targets\n915c121b Remove some outdated preconditions and postconditions.\n3144d92a Add some missing array parameter length annotations.\nd9f49974 Support high tag numbers in CBS/CBB.\n5bcaa113 Tighten EC_KEY\u0027s association with its group.\ne1501957 SSL_alert_from_verify_result: expose.\nef16f19e Support delocating vpbroadcastq.\n380bc30f Fix |ASN1_INTEGER_set| when setting zero.\nf8d05579 Add ASN1_INTEGET_set_uint64.\n0a54e998 Add links to proofs of elliptic curve formulas.\n80ede1df Fix early_mac_len computation.\n36fce983 add fiat-crypto code generation readme\n6df65407 Add a draft TLS 1.3 anti-downgrade signal.\n02e6256b Move early_data_accepted to ssl-\u003es3.\na0c87adb Add RSA_flags and RSA_METHOD_FLAG_NO_CHECK.\n0551feb3 Trim some unused RSA flags.\nd90b8033 Clear the error queue in fuzzer-mode Channel ID hooks.\n287ac180 Refresh fuzzer corpora.\n64cc121f Remove deprecated TLS 1.3 variants.\nea52ec98 Perform the RSA CRT reductions with Montgomery reduction.\nf88242d1 SSL_export_keying_material should work in half-RTT.\nebd87230 Bring ERR_ERROR_STRING_BUF_LEN down to 120.\n875095aa Silence ARMv8 deprecated IT instruction warnings.\n9894ee9d Scope CMAKE_ASM_FLAGS workaround to the old NDK toolchain.\n52887796 Document the NDK\u0027s built-in toolchain file.\n4358f104 Remove clang assembler .arch workaround.\na9c5b7b3 Roll back CMake update on Windows bots.\nd870cbdd Update CMake to 3.10.0 on the bots.\n0c9c1aad Fix generate_build_files.py.\nf98b582d Fix tls13_variant check to check max_version.\n6fe960d1 Enable __asm__ and uint128_t code in clang-cl.\n650d8c39 Implement TLS 1.3 early exporters.\n8f53fc0a Fix fuzzer mode suppressions.\n46304abf ec/p256.c: fiat-crypto field arithmetic (64, 32)\n21baf642 Fix CustomExtensions-Server-EarlyDataAccepted test.\neb9232f0 Fully reduce scalars in EC_POINT_mul.\n2b63addf Use uint32_t for unicode code points.\n\nChange-Id: I6c21b13f5a4dd751ca39e635e2e6ef87a9282a1e\nSigned-off-by: Piotr Sikora \u003cpiotrsikora@google.com\u003e\nReviewed-on: https://nginx-review.googlesource.com/3321\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "30e55062bcc19b48e52bcaf9943ba4995d766a7d",
      "old_mode": 33188,
      "old_path": "build.bzl",
      "new_id": "9548c2bf62507df84dd435632f221c8525d5002a",
      "new_mode": 33188,
      "new_path": "build.bzl"
    }
  ]
}