tree d2d4f3533e36af56617b08292b0f68f42eb6f45e
parent b02be0a3b15b8f710a904c8bf3f01d6e5b1c6b8d
author Piotr Sikora <piotrsikora@google.com> 1502225187 -0700
committer Piotr Sikora <piotrsikora@google.com> 1502245146 +0000

Bazel: update BoringSSL to d363247 / 384d71d (master-with-bazel).

This update includes the following changes:

d363247f Fix Bazel build and make it work on Windows.
4d1b57ae Add dummy |RAND_get_rand_method|.
ee910bfe Use new STACK_OF helpers.
abbf365b Make the bssl::SealRecord out_suffix arg fixed length.
182b5733 Don't set timeout in runner when using GDB.
6e9321f9 Add a bssl::PushToStack helper.
61c9838d Add some documentation for CRYPTO_BUFFERs.
e6c58ffa go fmt runner.go
7b6acc5c Make generated Bazel match canonical format.
2916430d Test that nullptr has the obvious memory representation.
4d2e1a8f Add a note on architecture requirements.
af2b1e82 C++ headers should be more aggressively wrapped in extern "C++".
ec783839 Make ranged for loops work with STACK_OF(T).
d4e37951 x86_64 assembly pack: "optimize" for Knights Landing, add AVX-512 results.
edad306d Detect if the kernel preserves %zmm registers.
0121953a Register stack deleters automatically.
9a892502 Don't use std::is_trivially_destructable.
2507d9e7 Add a CMake toggle to allow the C++ runtime.
13fafcd3 Add a warning to |SSL_get_servername|.
ccf80574 Use functions that do not depend on the current locale.
a6b8689d Document our strict behaviour when clients attempt renegotiation.
10e10602 Send correct fatal alert the renegotation extension fails to match.
22df6910 Document the behaviour of non-standard separators in cipher strings.
6d81cf3d Add a tool to check dependencies.
506be38b Add a BORINGSSL_ALLOW_CXX_RUNTIME build flag.
56851c85 Fix bssl sockets on Windows.
e664a534 Return null from SSL_get0_peer_certificates if unauthenticated.
2eee1314 span: work around MSVC warning C4996
d6a8a5a5 Remove obsolete TODOs.
9ad98f7e Add comment conversion tool.
17c3057f Add bssl::SealRecord and bssl::OpenRecord.
c9376997 Avoid a C++ runtime dependency.
c642aca2 Convert SSL_ECDH_CTX to C++.
ebb4a37e Define BORINGSSL_NO_CXX if !__cplusplus.
9f9f4eaa Fix typo.
6dc8bf62 Convert SSL_TRANSCRIPT to C++.
bf1117d1 Sample server GREASE from the server_random.
31b0c9be Add a bunch of scopers.
8f288868 Give SSL_HANDSHAKE a constructor and destructor.
e39ac8fb Switch BORINGSSL_INTERNAL_CXX_TYPES in favor of subclassing games.
1386aad1 Switch various things to scopers.
59392c36 Update FIPS documentation with pointer to the cert and security policy.
cfc11c23 C++-ify SSL_AEAD_CTX.
86e95b85 Move libssl's internals into the bssl namespace.
0e4a448a Add ClientHello no_session_id variant.
6f2cd5d5 Build with -fno-exceptions standalone.
7d536388 Use __NR_getrandom rather than SYS_getrandom.
71dfad4d Add new functions for configuring the client CA list.
3a1dd46e Add async certificate verification callback.
7e9e06a7 Use OPENSSL_UNUSED in OPENSSL_COMPILE_ASSERT.
c5304e4f Use -chip_check_exe_only to work around SDE VDSO issues.
818031ec Build with -Wimplicit-fallthrough in Clang.
11d11d61 Fix and/or annotate all switch fall-throughs.
09ed1192 Test that record-splitting splits records.
14308731 Disable record splitting in fuzzer mode.
a3d76d01 Switch OPENSSL_COMPILE_ASSERT to static_assert in C++ code.
9f2bffbb Add SSL_AEAD_CTX_seal_scatter.
b853f315 Fix handling of ServerHellos with omitted extensions.
c66e3971 Enable extra_in with the ChaCha20-Poly1305 AEAD.
c3864406 Add some timestamps to connect/accept failures.
03fe3697 Refresh TLS fuzzer corpora.
2abda63a Fix TLS 1.3 variant fuzzers.
3ba4fb47 Build the fuzzers with -Wno-missing-prototypes.
dbe01585 Implement ContentType TLS 1.3 variant.
6fb16cc9 Fix linux_fuzz bot.
8a5dcbca Print the socket error when connect fails.
4a8d1f35 Make missing prototypes warning work in clang/C++.
c6d4af00 Remove ssl_{c,cc}_sources from generate_build_files.py.
d304a2f1 Switch tls13_client and tls13_server to C++.
81678aab Switch t1_lib, tls_record, and tls13_both to C++.
0238d8f4 Switch more files to C++.
b609c228 Switch ssl_privkey to C++.
f5260811 Switch ssl_aead_ctx, ssl_file, and ssl_lib to C++.
81a5df4d Switch ssl_ecdh to C++.
e64d2c74 Convert ssl_buffer, ssl_cert, and ssl_cipher to C++.
d781fc42 Switch handshake_client and handshake_server to C++.
e8703a37 Switch a number of files to C++.
a93a68d3 Fix comment for SSL_ERROR_PENDING_CERTIFICATE.
52586f95 Adding TLS 1.3 variant to SSL*.
812b197a Refresh TLS fuzzer corpus.
1ffb4a42 Route the TLS 1.3 experiment into the fuzzer.
a5022394 Actually test the TLS 1.3 experimental variant.
038da9b9 Move the version to an extension in the experimental TLS 1.3 encoding.
9d4e06e6 Switch some pointer casts to memcpy.
b0651775 Reduce the alignment tag on aead_aes_gcm_siv_asm_ctx.
08fea48a Fix fuzzer mode test suppressions.
96ee4a81 Remove non-GTest build generation bits.
0b80f7f2 Convert example_mul to GTest.
8d43674b Convert the tests in x509v3 to GTest.
520e1220 Implement experimental alternate encoding of TLS 1.3.
a818134b Simplify ChangeCipherSpec code in runner.
be483dbe Revise SSL_CTX_sess_set_new_cb documentation.
ee7aa027 Implement basic HTTP tunnel support in bssl client.
d9cbb535 Fix SSL_version on 0-RTT.
2ec3b315 Unify RSA errors somewhat.
35dd4c8f Avoid possible memleak in X509_policy_check()
13f1f17b Fix typo in FUZZING.md.
d68618b2 <sup> doesn't work in Markdown, use Unicode instead.
fed35d32 Update the FIPS documentation.
d2e872fa Test that overflowing AEAD ciphertext length is handled.
00019f21 Add text about build logic to the style guide.
a1ce8569 Test record splitting at all ciphers.
bf5f1923 Add some addition tests for the cipher parsing code and tidy.
634f4752 Test the Channel IDs are not requested without ECDHE.
99a93d43 Remove some unnecessary error codes.
c3648faa Add tests for SSL_VERIFY_PEER_IF_NO_OBC and fix TLS 1.3.
364af784 Add some cipher negotiation tests.
eb083b0d Remove some dead code.
413e79e9 Test the client rejects invalid compression methods from the server.
7d7ed9f5 Refresh TLS fuzzer corpora.
cd4d981b Update the existing corpora for the format change.
09114ae2 Restore SSLv3 fuzzer coverage.
9343b0b8 Don't check renegotiation_info in fuzzer mode.
0fde2eb0 Update TLS fuzzer format with prepended settings.
04017c17 Overhaul session resumption documentation.
e59703c7 Sync asn1_gen.c with upstream 1.0.2.
a6bae93b Never set not_resumable on an immutable session.
c94998ae Revise version negotiation on the Go half.
353577cd Fix SSL_set_{min,max}_proto_version APIs in invalid versions.
8f36c51f Revise version negotiation logic on the C side.
06a6ed01 Clarify use of |SSL_VERIFY_FAIL_IF_NO_PEER_CERT| flag.
a93bc112 Update other bot tools.
97ca762b Update to the latest Intel SDE.
2b0444e0 Keep the same listening socket in bssl server -loop.
0cf201e9 Empty commit to kick the bots.
3c972921 Fix chacha-armv4.pl with clang -fno-integrated-as.

Change-Id: Ib52afdbf39147cbbcbd23d81f55d81098555976d
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://nginx-review.googlesource.com/3121
Reviewed-by: Lizan Zhou <zlizan@google.com>