tree dfb461477db17ab7f299197ba1b1f6434c17debf
parent 1a5e21ad80234eaf8b174b225b307cad03836e04
author Piotr Sikora <piotrsikora@google.com> 1505336401 -0700
committer Piotr Sikora <piotrsikora@google.com> 1505409943 +0000

Bazel: update BoringSSL to 683ffbb / 5ddc9cd (master-with-bazel).

This update includes the following changes:

683ffbbe Fix fuzzer mode suppressions.
9c2b36ad Refresh fuzzer corpus.
a16e86ce Don't depend on 16-byte alignment from malloc.
c7d4d214 Add experiment without client CCS and fix session ID bug.
aba057a4 Work around a Java client bug when rotating certificates.
1682126f Add Experiment 2
54c259de Clarify RSA_add_pkcs1_prefix must be released with OPENSSL_free.
a9c96bae Remove a DHE remnant from runner.
6881ec04 Add a note to PORTING.md about free/OPENSSL_free mixups.
2978d055 Refresh TLS fuzzer corpus.
2ff44b18 Add DTLS fuzzers.
a196ea15 Share all of fuzz/{client,server}.cc into fuzzer.h.
e51fb0fa Fix empty fragment handling in DTLS message reassembly.
769b386e Fix error handling/cleanup
b86be361 Guard against DoS in name constraints handling.
3c995f30 Fix overflow in c2i_ASN1_BIT_STRING.
d0beda01 Properly report SSL_session_reused after a renegotiation.
3d8f0808 Honor SSL_SESS_CACHE_CLIENT in TLS 1.3.
a861460c Make SNI per-connection, not per-session.
c0e15d1d Zero memory in |OPENSSL_free|.
a23b68f5 ssl/test/runner: Change ecdsa.PublicKey initialization
be90bf76 Clarify ERR_print_errors_* clear the error queue.
28d6979b Print errors better in FileTestGTest.
24e36099 Teach evp_test to verify by round-tripping.
8459d065 Properly size_t EVP_PKEY_CTX_set0_rsa_oaep_label.
ce3773f9 Add a test for OAEP labels and custom digests.
74795b32 More miscellaneous bools.
046bc1fb SSL3_STATE ints to bools.
4cbb9319 Collapse client Finished states together.
fd45ee7d Replace bits in SSL_HANDSHAKE with bool.
d816874c Set SSL_in_init to false before new_session_cb.
1ab133a9 Fix some style guide samples.
6abaa316 Remove unnecessary parameter.
0a471910 Test empty extensions fields are omitted.
2762b354 Add X509_PUBKEY to bssl::UniquePtr.
35368096 Update style guide for C++.
c11ea942 Convert comments in ssl.
66d49b49 Fix SSL_CTX client_CA list locking.
c79ae7aa Test SSL_add_client_CA.
3969fdf8 Test invalid certificates.
398085ba Simplify states with hs_wait_t returns.
e2ec654c Update to Go 1.9 on the bots.
617b818b Add a test for SSL_R_NO_CIPHERS_AVAILABLE.
4d71a9a2 Migrate TLS 1.2 and below state machines to the new style.
8997b2aa Better test cert verification happening only once.
e3bb51cb Remove deprecated cipher property APIs.
f2165070 Cut down on some redundant flags.
5c4271f7 Don't reauthenticate on renegotiation.
5ef40c60 Mark renego-established sessions not resumable.
2c46c106 Fix build when linux-headers are not installed.
302b818d Only enable DTLS post-handshake rexmits if we sent the final Finished.
8fc2dc07 Put SCTs and OCSP responses in CRYPTO_BUFFERs.
e7848220 Use OPENSSL_hash32 in lh_strhash.
7cc3f4fc Use __asm__ instead of asm.
4512b792 Run comment conversion script on include/
808f8329 Run the comment converter on libcrypto.
f60bcfb3 Make SSL_state_string_long work for TLS 1.3.
68a0b1b1 Remove RFC 5114 groups.
e2daba6d Run the comment converter on fuzz/ and tool/
331d2cee Rename mont_data to order_mont.
65b87ce4 Remove internal uses of SSLv23_*.
388dfa18 Use getters in tools/ciphers.cc and add -openssl-name flag.
32524c93 Run the comment conversion script on decrepit/
1a66326f Refactor ssl_test ForEachVersion into a GTest fixture.
e2568c41 Tidy up some Windows compiler assumptions.
6df7667f Add a -renegotiate-freely flag to bssl client.
3e2001c7 Remove BIO_set_callback and friends.
72912d25 Rotate the default ticket encryption key.
e9768874 CQ: bring back Windows builders.
5600c58f CQ config: always run win tryjobs, but don't block on them.
ae9f0616 CQ: make win builder optional as temp workaround.
34bf605c Add default cert store on Fuchsia
874c7380 Revert ADX due to build issues.
02b1d195 Refactor bio_io()
18cdde7c Remove old BORINGSSL_YYYYMM defines.
f4ecc846 Prevent both early data and custom extensions from being accepted.
78f5e757 Enable AVX2 and ADX in p256-x86_64-asm.pl.
488ca0ea Enable ADX in x86_64-mont*.pl.
e1bfd16d Update yasm to 1.3.0 on the bots.
348f0d8d Add OpenSSL 1.1.0's cipher property functions.
bd70845a Add tests for CertificateVerify
ca9e8f52 Tidy up handshake digest logic.
74115c93 Align the tables in P-256 select w[57] tests.
8c44afd2 Revert "Enable ADX in x86_64-mont*.pl."
83d1a3d3 Enable ADX in x86_64-mont*.pl.
4a37de07 Test that Finished checks are enforced in 0-RTT.
70dbf042 Add SSL_CTX_cipher_in_group.
590b677d Use names for the TLS 1.3 variants in bssl client.
f6ae9e6c Fix more hard-coded TLS 1.3 variant strings.
016ebe2d OPENSSL_cleanse some buffers.
7934f08b Replace init_msg/init_num with a get_message hook.
8f94c31b Replace reuse_message with an explicit next_message call.
ba2d3df7 Add DTLS_with_buffers_method.
e3dee27f Remove the free_buffer parameter to release_current_message.
9bbdf583 Remove expect and received flight hooks.
ef37ab59 Teach doc.go about // comments.
d8ea3902 Fix doc.go against Go tip.
26ababbf Fix a bug in bssl::OpenRecord.
c90be3b1 Add a paragraph to PORTING.md about async private keys.
dc110f51 tool: make speed use EVP_AEAD_CTX_seal_scatter
4492a615 More scopers.
78b8b99c Fix a bug in and test the message callback.
bda7b9ad Maintain comment alignment when converting.
211a06af Rephrase documentation on early data reset.
8d200744 Clarify the ChaCha20-Poly1305 assembly functions' final parameters.
b0c761eb Tolerate early ChangeCipherSpec in DTLS.
27e377ec Fix miscellaneous clang-tidy warnings.
6c545470 Fix a bug in convert_comments.go.
921aba3c Don't add spaces after ( in convert_comments.go.
37af90f7 Convert a few more scopers.
d272dea9 Explicitly include <new> for placement new.
9fb6feaa Turn on clang -fcolor-diagnostics.
a4cb62f0 Fix build against LLVM CFI.

Change-Id: I1599201e9da44b84095b0bfaf775e283d0249701
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Reviewed-on: https://nginx-review.googlesource.com/3180
Reviewed-by: Lizan Zhou <zlizan@google.com>