)]}'
{
  "commit": "2bb5830cb3512a85909d92f0eba6313a231bb15d",
  "tree": "70675714414b59d568d95b0613e79ca94788ca2d",
  "parents": [
    "0110ca8d63f697bb662a5727e1de42c211a989ac"
  ],
  "author": {
    "name": "Piotr Sikora",
    "email": "piotrsikora@google.com",
    "time": "Thu Jul 08 14:55:11 2021 -0700"
  },
  "committer": {
    "name": "Piotr Sikora",
    "email": "piotrsikora@google.com",
    "time": "Tue Jul 20 00:02:11 2021 +0000"
  },
  "message": "Bazel: update BoringSSL to 995574c / 045bb22 (master-with-bazel).\n\n995574c22 Reland \"Add util/fetch_ech_config_list.go\"\n9a5abe05c Revert \"Add util/fetch_ech_config_list.go\"\n160a8891a Add util/fetch_ech_config_list.go\n9734e4453 More reliably report handshake errors through SSL_write.\ne9c5d72c0 Add an option to permute ClientHello extension order.\n5358cb504 runner: Check the test name against the protocol being tested.\n878795cac Remove outdated comment in primality testing.\n83a49939a Add most of an ECH client implementation.\n24545c541 Add a basic API to make ECHConfigs.\nc890ae519 Make ECH server APIs take EVP_HPKE_KEY.\nc3b373bf4 Rename SSL_ECH_SERVER_CONFIG_LIST to SSL_ECH_KEYS.\n0724e3d55 runner: Self-check tests more accurately and earlier.\ncd8900484 Don\u0027t pad the second ClientHello.\n350fe3bf3 Fix ext_pre_shared_key_clienthello_length calculation.\nb32aa0553 Tidy up the PSK binder logic.\nc89ce97a2 Move the TLS vs DTLS header length adjustment into ssl_add_clienthello_tlsext.\nfb4d2571f Shift some complexity out of ssl_add_clienthello_tlsext.\n9052286da Add a note about extension callback names.\ne9109cb8f Add move support to EVP_MD_CTX.\n5acf9f42c Replace hs-\u003eneeds_psk_binder with an output parameter.\n14e51ad41 Make add_clienthello callbacks const.\n5fd91dba0 Fix documentation typo.\n246c556b6 Compute the ECH GREASE payload outside of the callbacks.\n43ab56c61 Pick up the GREASE ECH config ID from grease_seed.\n33e8c7893 Initialize grease_seed on construction.\n52b3638f0 Remove the extension init hook.\n97ede40d4 Move key_share computation out of ClientHello callbacks.\n6c9758fa9 Release some temporaries outside of ClientHello callbacks.\n4e93cd487 Move the early_data_{offered,reason} logic out of extension callbacks.\n26f186bca Implement a handshake hint for certificate compression.\n7fffa4636 runner: Implement ECH server for testing.\n1f54fd986 runner: Parse the status_request extension more strictly.\n00bccd6ee runner: Make echIsInner a boolean.\n124122878 runner: Revise ECHConfig type in preparation for client implementation\n88df13d73 Fix ECH-Server-RepeatedConfigID test.\n3a036c76e Add SSL_ech_accepted API and ech_is_required alerts.\n5b7ec8329 Reject the ECH extension in TLS 1.2 ServerHello.\nda15f2910 Move ECH-related APIs to encrypted_client_hello.cc.\nbcef51424 Const-correct message creation hooks.\nb5879118a Remove the Channel ID callback.\n8acec00e9 Manage Channel ID handshake state better.\nbc4c91ab4 DTLS-SRTP is only defined for DTLS.\n4848294f4 Remove impossible ssl-\u003es3 null check.\n7a3e80121 fix #415: Perl scripts fail when building from a path with spaces\na1d3bfb64 Cite an RFC over 9000 (draft-ietf-quic-tls is now RFC 9001).\ncf816d082 Add compatibility impl for EVP_PKEY_get0\n597ffef97 Make md32_common.h single-included and use an unsized helper for SHA-256.\n4320bc476 Pull HASH_TRANSFORM out of md32_common.h.\nd4c3f2a59 Ensure name not null in EVP_get_cipherbyname\n92c6fbfc4 Fix array-parameter warnings\n47cefed43 Don\u0027t copy client\u0027s session ID into server\u0027s session.\n3dd9864fe Test ECH server with unique and repeated config IDs.\nd13dbf8e2 Refresh SSL corpora after adding ECH fuzzer mode.\n4749d8fb8 Implement fuzzer mode for ECH server.\nef1d779d7 Don\u0027t try to write empty early data in the tool.\n3675eb3f2 GREASE is now RFC 8701.\naef0a88e5 runner: Reject all zero client and server randoms.\nb778b9c1b Const-correct SSL_get_srtp_profiles.\n49ee62fe1 Update the ECH GREASE size selection.\n5e7229488 fuzz/minimise_corpora.sh: Add shebang and chmod +x\n747229ec7 Add a missing case to SSL_error_description.\nd89ec688f Remove draft tokbind implementation.\naaecb82c6 Make X509_REQ and X509_REQ_INFO opaque.\n\nChange-Id: I3f392ce524d8d15f50d1acd4043141bf525c4c1e\nSigned-off-by: Piotr Sikora \u003cpiotrsikora@google.com\u003e\nReviewed-on: https://nginx-review.googlesource.com/c/nginx/+/3921\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "0521cade6fa71f30124e6a0e627c738cdcf2869e",
      "old_mode": 33188,
      "old_path": "bazel/repositories.bzl",
      "new_id": "283fd007cc5787af9f72ccaee1dbbfd31d057a08",
      "new_mode": 33188,
      "new_path": "bazel/repositories.bzl"
    }
  ]
}