Bazel: update BoringSSL to ddecaab / 25ba1f4 (master-with-bazel).

ddecaabdc Check hs->early_session, not ssl->session, for the early data limit.
a4646740e Fix some includes.
940475da0 Be clearer which signing inputs are digests.
29507b818 Validate RSA public keys more consistently.
4b066b0e3 Add APIs to manually fill in signatures for CRLs.
71a3b8266 Check for resumption identifiers in SSL_SESSION_is_resumable.
6ff942985 Don't use SHA256(ticket) as the signaling session ID for tickets.
1f6c3dc7d Simplify renego + resumption handling.
962b375bc Move session ID assignment out of ssl_get_new_session.
8349dfc87 Fix the ech_accept comment.
070a6c3e0 Export the HPKE implementation.
1eb7769e1 Refer to EVP_HPKE_CTX by a consistent name.
1d58cd1fd Shift the KEM dependency in HPKE up a step.
f0e5ea2d7 Update ACVP URLs.
9b2cdb769 Add SSL_can_release_private_key.
9f55d9728 Make X509_SIG and X509_CERT_AUX opaque.
9fc617416 acvp: move hash iterations into modulewrapper.
2b2cb7d93 Switch HPKE to a three-parameter output buffer.
f39c81d52 Introduce EVP_HPKE_{AEAD,KDF} types.
1d842c65e Don't mark up the first word in a collective comment.
da4390f4e Revise the deterministic for_test variant of HPKE's SetupBaseS.
198c5f56f Fix a memory leak with d2i_ASN1_OBJECT object reuse.
e4d655648 Remove HPKE PSK mode.
9f70097ef Remove HKDF-SHA384 and HKDF-SHA512 from HPKE.
1264f0ce3 Correctly order PKCS#7 certificates and CRLs.
94a63a5b6 Implement ECH draft 10 and update HPKE to draft 08.
fe049e4d1 Document expected use of BTI and PAC macros.
853ca1ea1 Remove non-deterministic bits from ECDSA ACVP test.
d4f877ea3 Reference the newer ChaCha20-Poly1305 RFC.
1cf78cd29 Use passive entropy collection everywhere.
a96f4dd38 Rename X509V*_VERSION constants.
782d9b6cf Const-correct ASN1_OBJECT_create.
354cd48f5 Clarify OBJ_get0_data and OBJ_get_length.
c5dc2781b avcp: SHA-1 for ECDSA _verification_ is still supported by NIST.
2e54edf32 A couple of Aarch64 FIPS delocate fixes.
eec7f3247 Use a placeholder for unknown errors in ERR_*_error_string.
16c76acc7 Include assembly optimizations in Bazel builds on Linux-aarch64.
fcec391b0 Remove some BoringSSL-only X509_CINF functions.
ab7811ee8 Document and test X509_ATTRIBUTE creation functions.
daf1aca1a Revert handshaker fd numbers and make StartProcess more flexible.
b173d9191 Remove support for malformed X509_ATTRIBUTEs.
575d11285 Make X509_ATTRIBUTE opaque.
68a799af7 acvptool: Fix typo hard-coding the HTTP method.
f0e64904a Document a few more x509.h functions.
e60893c09 Make X509_PUBKEY opaque.
468cde90c Always encode booleans as DER.
2f3958a41 Fix issuerUID and subjectUID parsing in the key usage checker.
b571e7777 Add experimental handshake hints API.
666f2ab65 Make our Python scripts Python-3-compatible.
15961379e Export ssl_client_hello_init for fuzzers.
7a1986c46 acvp: support GMAC as an algorithm.
94b477cea Record a fuzzing corpus for the ClientHelloInner decoder.
5545b61a9 Use a consistent plural for 'corpus'.
43828993b Add util/bot/libFuzzer to .gitignore.
09f71c1bf acvp: support KAS-ECC-SSC staticUnified mode.
12a3e7edf Check for invalid ALPN inputs in SSL_(CTX_)set_alpn_protos.
e4c19175a Don't duplicate ServerHello construction code.
3b8c5ec1f Rearrange key share and early data logic.
e2b7bb722 Only skip early data with HRR when offered.
2de33c6b2 Add ECH server config API to ssl_ctx_api fuzzer
3af88549c Fix ppc64le build.
669ffe64a Simplify the Lucky13 mitigation.
00e434d67 Add ECH server (draft-ietf-tls-esni-09).
61d5aabc0 runner: Remove unused field
ca65bff67 runner: Construct finishedHash earlier.
c31fb79cf Simplify tls_cbc.c slightly.
7a0834b91 Remove remnants of CBC SHA2 cipher suites.
bff883436 runner: Test different V2ClientHello challenge lengths.
6810f0e83 runner: Ensure helloBytes is always the same as hello.marshal().
fa2d3d56b runner: Fix ECH confirmation calculation with PSKs in tests.
7d2ddd299 runner: Fix HPKE parameter order.
d791fbd30 runner: UpdateForHelloRetryRequest cannot fail.
4151b9feb runner: Don't use the buffer in TLS 1.3.
4b854a6db runner: Don't maintain two copies of the same transcript hash.
99f6d4bd1 runner: Remove remnants of SSL 3.0.
5f757bc39 runner: Fix writeClientHash and writeRecord ordering.
7a15a702a runner: Remove CheckTLS13DowngradeRandom.
f225516cc runner: Remove remnants of the separate HelloRetryRequest message.
050827189 runner: Store a cipherSuite in ClientSessionState.
26a589e10 runner: Move writeHash to the finishedHash struct.
fd739853a Fix the spelling of HPKE AEAD constants.
dfde04f07 Don't reset server callback expectations on new handshake.
8501579ac Fix MockQuicTransport::Flush error handling.
15e0f6784 Fold ripemd/internal.h into ripemd.c.
ca4598781 Move load/store helpers to crypto/internal.h.
8d4c8fc41 Make words in crypto/fipsmodule/modes actually words.
6b9c012b7 Handle EINTR more in
084064bec Add a few missing SSL_R_BIO_NOT_SET cases.
9bcf307c4 Fix some unreachable code in the QUIC handshaker driver.
0a6c3fc9c Rearrange SSLKeyShare::Serialize.
08b1729f0 Fix ssl/internal.h sectioning.
b62a48f31 Remove some now unnecessary test exclusions from split handshakes.
60a78dcc9 Remove tls13-split-handshakes flag.
953650cc7 Define HANDSHAKER_SUPPORTED in once place.
b9b036340 Tidy up handshaker tester.
1a93f4f82 modulewrapper: add option to print build information.
0da75f35d FIPS counters for AES-CTR.
3af62269d Enforce that pre_shared_key must come with psk_key_exchange_modes.
4aef687fc Zero out FIPS counters.
da890de1b Remove is_resume field on TestState.
20f7bbaac Add some warnings on how to use OPENSSL_memory_* functions.
a24ab549e Use an unsized helper for truncated SHA-512 variants.
139adff9b Fix mismatch between header and implementation of bn_sqr_comba8.

Change-Id: Iabc6ece6bd677c1433eb71714fd4536892bb7711
Signed-off-by: Piotr Sikora <>
diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl
index e1e37ab..0521cad 100644
--- a/bazel/repositories.bzl
+++ b/bazel/repositories.bzl
@@ -48,9 +48,9 @@
     # BoringSSL
         name = "boringssl",
-        commit = "c5f0e58e653d2d9afa8facc090ce09f8aaa3fa0d",  # 2021-03-23
+        commit = "25ba1f46a68aeeffae73d54824a3293c53ea205f",  # 2021-05-14
         remote = "",
-        shallow_since = "1616522438 +0000",
+        shallow_since = "1621026598 +0000",
     # PCRE