)]}'
{
  "commit": "dad49b726659036117c3cb74b91aa3aa4d578112",
  "tree": "86debfcfafd03b8aeedfcd72af0447e9343b8cab",
  "parents": [
    "59204f5912b3d2bce96aeed15f76994b9e1c3cf6"
  ],
  "author": {
    "name": "Piotr Sikora",
    "email": "piotrsikora@google.com",
    "time": "Fri Mar 12 20:38:20 2021 -0800"
  },
  "committer": {
    "name": "Piotr Sikora",
    "email": "piotrsikora@google.com",
    "time": "Thu Apr 08 06:11:03 2021 +0000"
  },
  "message": "Bazel: update BoringSSL to f6bd54e / 8d60b0d (master-with-bazel).\n\nf6bd54efb Check for OBJ_nid2obj failures in X509_ATTRIBUTE_create.\ne7c0c9734 Don\u0027t overflow the output length in EVP_CipherUpdate calls.\nca2162d71 Remove X509_issuer_and_serial_hash.\n238a25831 Fix Bazel build breakage.\n85bda4b24 Specify VS toolchain by command-line argument.\na99308fa9 Update Android Bazel build support in BUILD.toplevel.\nc02c19e0d Honor SSL_TLSEXT_ERR_ALERT_FATAL in the ALPN callback.\n3b7029a54 acvp: detect header element in JSON.\nce9b002eb Align the ARM capability functions.\nf9bd455c8 Skip runtime NEON checks if __ARM_NEON is defined.\nfc2330016 acvp: don\u0027t include CMAC-AES in regcap dump.\n4d3e540cc acvp: fix CMAC verify\na2278d4d2 Include bn/internal.h for non-bcm.c builds.\n48cbd69de Add various function calls to test_fips.\nbb43a45d6 Add missing include to self_check.c.\n4251d0d3f Revert \"Disable check that X.509 extensions implies v3.\"\nc5e4538e3 Fix TLS13SessionID-TLS13 test.\nae2bb6417 Use ID instead of Id in Go.\n4a196ccf9 acvp: move CMAC verification into the module wrapper.\nab5edbe7f Benchmark BORINGSSL_self_test in FIPS mode.\n1c919724d Support MOVLPS and MOVHPS in delocate.\n5cf02188f Add FFDH FIPS self-test.\nd09962d5c acvp: update to newer FFDH test.\ne133345db Add basic BLAKE2b-256 support.\n16c42cc79 acvp: check that the payloadLen of cipher tests is correct.\n1fa6b7ffd acvp: update test expectations in light of 8dcdcb39a7\nb0d71a290 Support cross-compiling AArch64 FIPS to Android.\n8dcdcb39a acvp: drop 3DES fields from output when unused.\n0f0e2bce6 acvp: don\u0027t advertise SHA-1 RSA signature generation.\n39093c1bf Fix comments that refer to old draft of HPKE.\nc47bfce06 Define TLSEXT_TYPE_quic_transport_parameters to the old code point for now.\n2d691ca60 Make BN_clear_free a wrapper around BN_free.\nc5e2cf3c0 delocate: support Aarch64\nc1e156ae1 Add DH_compute_key_padded.\na9319d9b0 Fix client 0-RTT handling with ALPS.\n2f2d27eb5 acvp: add XTS support.\n595cdc29d doc: fix SSL_set0_rbio\n3d8b8c3df Add support for the new QUIC TLS extension codepoint\nf8f35c955 delocate: preprocess perlasm output on Aarch64\nc3ee9c804 Replace MockQUICTransport tags with record types.\ne606f79c5 Run extension tests at all protocols.\n47d1274fd Make QUIC tests work with early data.\n7a55c8027 Make QUIC work with -async tests.\n71ed9d753 Fix ALPS state machine in QUIC servers.\nf4a88296f runner: Allow tokbind without RI/EMS in TLS 1.3.\n41676bfd8 Test that ALPS can be deferred to the ALPN callback.\nc295935a9 Send ECH acceptance signal from backend server.\n5d54832f1 delocate: handle Aarch64 assembly in parser.\nafd5dba75 Add ASM optimizations for Windows on Arm\n571c3e78b Use gai_strerrorA on Windows.\n13da18050 Optimize suffix building in FileTest::ReadNext().\n5dd18d017 A handful more compatibility functions.\n7dfb4721d Update HPKE to draft-irtf-cfrg-hpke-07.\nab6a8f49f acvp: drop subprocess_test.go\n76164b1bc Add some OpenSSL-compatibility aliases\nc42baf84d delocate: eliminate expression from vpaes assembly.\ne4843750e delocate: support alternative comment indicators\n4df05c523 Update third_party/googletest.\n4f75b76ef acvp: add tests\n9422ac61f Fix chacha20_poly1305_x86_64.pl comments.\nbac5544e9 Fix awkward wording in comment.\n92c48be84 Update ECH GREASE to draft-ietf-tls-esni-09\n78f15a6aa Gerrit ignores \u003csup\u003e; use Unicode superscript instead.\ne02dd70f5 acvp: better document the subprocess protocol.\n082cd7860 Add .text.unlikely.* pattern to fips_shared.lds.\n4ab14ea27 acvp: fix silly errors.\n86854828e acvp: load config later.\ne56dfcf9f Allow some non-minimal lengths in BER.\nbb0cb95e6 Export tool_sources to GN.\n62634262d Use more efficient std::string::find overload.\nca058c064 Revert \"Add support for the new QUIC TLS extension codepoint\"\ndf75139be Move DH parameter generation out of the FIPS module.\n7ba96a675 Add support for the new QUIC TLS extension codepoint\n061a7f559 Use stdlib.h instead of cstdlib in span.h.\n60926d353 Check for trailing data in X509Test.GeneralName.\nf2adafe73 Fix ChaCha20-Poly1305 x86-64 asm on Windows\ncd204d8e1 Include bn.h from bn/internal.h\n28cab640d acvp: add support for finite-field Diffie–Hellman.\nce7f08827 Move DH code into the FIPS module.\n49587b2c1 Remove unused Netware codepaths in x86 perlasm.\na929e3274 Finish switching to NASM.\na3a98944f Switch to passive entropy collection for Android FIPS.\n4ae71a4c7 Skip ASN.1 template tests in Windows shared library builds.\n66feb2c55 Add TLS_KDF to documented break tests.\n0898b077a acvp: add support for KAS\na6b6b804a Align armv8.pl references to OPENSSL_armcap_P.\n92de0b53a Reject bad ASN.1 templates with implicitly-tagged CHOICEs.\n1920c6f2c Implement GREASE for ECH (draft-ietf-tls-esni-08).\nf0400014b acvp: add TLS KDF support\n9ac743e0b acvp: tweak config\n329c0cbb2 acvp: fix subprocess_test.go\n225961dc4 Const-correct GENERAL_NAME_cmp.\naa4ecb492 Fix EDIPartyName parsing and GENERAL_NAME_cmp.\n455b78d5f PWCT failures should clear the generated key.\n3094902fc Get closer to Ed25519 boundary conditions.\n41a14304d draft-ietf-tls-certificate-compression is now RFC 8879.\n576389988 Update FIPS.md to include latest FIPS certificate.\nc3f4612d8 Only accept little-endian ARM and MIPS variants in base.h.\neb57cc1e8 aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode\nf8047e2d4 Improve sk_dup.\n1bec25297 Poly1305: Use |size_t|; assert |poly1305_state| is large enough.\nbb6f9c44b util/fipstools/acvp/acvptool: buffer signal channel to avoid losing signal\n9dae0ac4f Add digest.h to self_check.c\n4a265be4d Document ASN1_STRING.\n806c505b7 acvp: add SHA-512/256 support.\n884653374 Add FIPS self test for the TLS KDF.\n5351c8bf3 Rename the master_key field in SSL_SESSION to secret.\n0a6bfa36c Always check the TLS 1.3 downgrade signal.\n5656fec51 Fix NETSCAPE_SPKI_get_pubkey documentation.\n53bbb1803 Const-correct and document more X509 functions.\n354e1e998 Add APIs for checking ASN.1 INTEGERs.\n43f375699 Remove some unnecessary pointer casts.\n236167767 Document the basic ASN1_STRING functions.\nb16bd3313 Document some defaults for the EVP RSA interface.\n2e5f38a1d Rearrange ASN1_STRING_copy slightly.\na4954e5ac Remove the legacy MSTRING M_ASN1 macros.\nc509ee3fa Switch M_ASN1_TIME macros within the library.\nc6ffcde8c Unwind M_ASN1_* macros for primitive types.\n7a26f97c9 Reformat and convert comments in asn1.h.\n25f9d7a9f aarch64: Fix name of gnu property note section\n7be158d18 Re-reformat x509.h.\ndf00df603 Document X509V3_add1_i2d and friends.\n9bdec296a Remove ASN1_STRING_FLAG_NDEF.\ne4da107b6 Unexport internal crypto/asn1 functions.\n9e282c9a7 Unwind some old ASN.1 ifdefs.\n3de5949ba Unwind ASN1_PRIMITIVE_FUNCS.\n2c8445c5f Remove some unused types from asn1t.h.\n45858ae2a Unwind ASN1_TFLG_NDEF.\n75a05d159 Unwind ASN1_ITYPE_COMPAT.\ncf1c925dd Unwind ASN1_AFLG_BROKEN.\na93545c2e Const-correct various X509 string parameters.\n5eb8c877c Document the next few functions in x509.h\n352351b5c Remove sk_new_null call.\n\nChange-Id: Ia4601a90f8fa1d80e80bf55a369df527e6f4b5c7\nSigned-off-by: Piotr Sikora \u003cpiotrsikora@google.com\u003e\nReviewed-on: https://nginx-review.googlesource.com/c/nginx/+/3820\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "76b3e06399ff56bb2546680e576fbc4826be9e95",
      "old_mode": 33188,
      "old_path": "build.bzl",
      "new_id": "96189825c47a03c496d2144e4fe39accb0d196c5",
      "new_mode": 33188,
      "new_path": "build.bzl"
    }
  ]
}