tree 70675714414b59d568d95b0613e79ca94788ca2d
parent 0110ca8d63f697bb662a5727e1de42c211a989ac
author Piotr Sikora <piotrsikora@google.com> 1625781311 -0700
committer Piotr Sikora <piotrsikora@google.com> 1626739331 +0000

Bazel: update BoringSSL to 995574c / 045bb22 (master-with-bazel).

995574c22 Reland "Add util/fetch_ech_config_list.go"
9a5abe05c Revert "Add util/fetch_ech_config_list.go"
160a8891a Add util/fetch_ech_config_list.go
9734e4453 More reliably report handshake errors through SSL_write.
e9c5d72c0 Add an option to permute ClientHello extension order.
5358cb504 runner: Check the test name against the protocol being tested.
878795cac Remove outdated comment in primality testing.
83a49939a Add most of an ECH client implementation.
24545c541 Add a basic API to make ECHConfigs.
c890ae519 Make ECH server APIs take EVP_HPKE_KEY.
c3b373bf4 Rename SSL_ECH_SERVER_CONFIG_LIST to SSL_ECH_KEYS.
0724e3d55 runner: Self-check tests more accurately and earlier.
cd8900484 Don't pad the second ClientHello.
350fe3bf3 Fix ext_pre_shared_key_clienthello_length calculation.
b32aa0553 Tidy up the PSK binder logic.
c89ce97a2 Move the TLS vs DTLS header length adjustment into ssl_add_clienthello_tlsext.
fb4d2571f Shift some complexity out of ssl_add_clienthello_tlsext.
9052286da Add a note about extension callback names.
e9109cb8f Add move support to EVP_MD_CTX.
5acf9f42c Replace hs->needs_psk_binder with an output parameter.
14e51ad41 Make add_clienthello callbacks const.
5fd91dba0 Fix documentation typo.
246c556b6 Compute the ECH GREASE payload outside of the callbacks.
43ab56c61 Pick up the GREASE ECH config ID from grease_seed.
33e8c7893 Initialize grease_seed on construction.
52b3638f0 Remove the extension init hook.
97ede40d4 Move key_share computation out of ClientHello callbacks.
6c9758fa9 Release some temporaries outside of ClientHello callbacks.
4e93cd487 Move the early_data_{offered,reason} logic out of extension callbacks.
26f186bca Implement a handshake hint for certificate compression.
7fffa4636 runner: Implement ECH server for testing.
1f54fd986 runner: Parse the status_request extension more strictly.
00bccd6ee runner: Make echIsInner a boolean.
124122878 runner: Revise ECHConfig type in preparation for client implementation
88df13d73 Fix ECH-Server-RepeatedConfigID test.
3a036c76e Add SSL_ech_accepted API and ech_is_required alerts.
5b7ec8329 Reject the ECH extension in TLS 1.2 ServerHello.
da15f2910 Move ECH-related APIs to encrypted_client_hello.cc.
bcef51424 Const-correct message creation hooks.
b5879118a Remove the Channel ID callback.
8acec00e9 Manage Channel ID handshake state better.
bc4c91ab4 DTLS-SRTP is only defined for DTLS.
4848294f4 Remove impossible ssl->s3 null check.
7a3e80121 fix #415: Perl scripts fail when building from a path with spaces
a1d3bfb64 Cite an RFC over 9000 (draft-ietf-quic-tls is now RFC 9001).
cf816d082 Add compatibility impl for EVP_PKEY_get0
597ffef97 Make md32_common.h single-included and use an unsized helper for SHA-256.
4320bc476 Pull HASH_TRANSFORM out of md32_common.h.
d4c3f2a59 Ensure name not null in EVP_get_cipherbyname
92c6fbfc4 Fix array-parameter warnings
47cefed43 Don't copy client's session ID into server's session.
3dd9864fe Test ECH server with unique and repeated config IDs.
d13dbf8e2 Refresh SSL corpora after adding ECH fuzzer mode.
4749d8fb8 Implement fuzzer mode for ECH server.
ef1d779d7 Don't try to write empty early data in the tool.
3675eb3f2 GREASE is now RFC 8701.
aef0a88e5 runner: Reject all zero client and server randoms.
b778b9c1b Const-correct SSL_get_srtp_profiles.
49ee62fe1 Update the ECH GREASE size selection.
5e7229488 fuzz/minimise_corpora.sh: Add shebang and chmod +x
747229ec7 Add a missing case to SSL_error_description.
d89ec688f Remove draft tokbind implementation.
aaecb82c6 Make X509_REQ and X509_REQ_INFO opaque.

Change-Id: I3f392ce524d8d15f50d1acd4043141bf525c4c1e
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://nginx-review.googlesource.com/c/nginx/+/3921