)]}'
{
  "commit": "f49d3904a1b32abea8e4902dcc6e4c8f5efe42ca",
  "tree": "16ded51759d5714fc37cc9eda6b1b7dd23bd3375",
  "parents": [
    "cbc605f1be7bf0301c86dded98fc878d173906b3"
  ],
  "author": {
    "name": "Piotr Sikora",
    "email": "piotrsikora@google.com",
    "time": "Mon Jun 27 17:32:20 2022 -0700"
  },
  "committer": {
    "name": "Piotr Sikora",
    "email": "piotrsikora@google.com",
    "time": "Tue Jun 28 16:48:32 2022 +0000"
  },
  "message": "Bazel: update BoringSSL to 227ff6e / 62079f7 (master-with-bazel).\n\n227ff6e64 Remove unions in EC_SCALAR and EC_FELEM.\n3f180b822 Implement SSL_CTX_set_num_tickets.\ndf6311bc6 Add tests for X509_NAME_print_ex.\n735a86834 acvp: test CTR-DRBG with reseed in modulewrapper.\n25e5b06d4 Do pending `go fmt` updates.\n097ffe139 acvp: test SHA-512/256 with HMAC, RSA (PSS), and ECDSA.\n1a541d4db Add PSS to the AVCP regcap.\n82413455b Drop ACVP support for 3DES.\na56d941c4 Add function to return the name of the FIPS module.\na75bee541 Support running tests on non-NEON devices.\n9a836f784 Update delocate tests\n8b988b8b8 Tidy up how ASN1_STRING_print_ex figures out the type.\n0e0ca82b2 Remove the ASN1_TLC cache. It appears to not help performance.\n48f794765 Fix build for older CMake versions.\n15302de89 Remove code added to avoid SHA1 weakness.\n553e81e47 Update comment in light of prior change.\n53a87b7c5 ChaCha20-Poly1305 for Armv8 (AArch64)\n59e37765f Replace the last strcasecmp with OPENSSL_strcasecmp.\nf299342e3 [build] Fix build with HEAD clang.\n6686352e4 Make calls to the verify callback consistant by calling ctx-\u003everify_cb directly. This removes some temporary variables that would only be used to hold ctx-\u003everify_cb.\nf961de5c4 Try to require C11 (in non-MSVC compilers).\n493d5cbed Try to require C++14.\nedbdc240e Reject [UNIVERSAL 0] in DER/BER element parsers.\n2fc6d3839 Add CMake install rules.\nfa3fbda07 P-256 assembly optimisations for Aarch64.\nf7e1a94bd hrss: always normalize.\n27ffcc6e1 Use SHA-256 for the FIPS integrity check everywhere.\naf34f6460 Remove unused variable\n225e8d39b Use X509 certificate alias as friendlyName in PKCS12\nc9a7dd687 Retire the Windows BIO_printf workaround.\n4984e4a63 Work around another C language bug with empty spans.\nf94a7ce59 ASAN replaces malloc and free with its own implementation.\n8c8e7a683 Update fiat-crypto.\n21440764d Remove VS 2015 support.\nb99b98b6e Remove X509_TRUST_set_default.\n753435403 Replace internal use sha1 hash with sha256.\n8bbefbfee Document that |EC_KEY_generate_fips| works for both cases.\n972ab5223 Allow the integrity test to be run on demand.\nc6e8f3ed0 Add a function to return a FIPS version.\n7f4057ec1 Add a function to tell if an algorithm is FIPS approved.\ndcba84922 Add vs2019 to vs_toolchain.py.\n6378c47cb Unexport X509_CERT_AUX and remove X509_CERT_AUX.other\nd0f14f398 Document and tidy up X509_alias_get0, etc.\nc7a3c4657 Don\u0027t loop forever in BN_mod_sqrt on invalid inputs.\n933f72a0f Make a whitespace commit to trigger a build.\ne5abf588c Rust bindings: Use CARGO_MANIFEST_DIR in build.rs\nab69425a9 Remove ASN1_ADB_INTEGER.\n6196faba8 Replace an ASN1_INTEGER_get call with ASN1_INTEGER_get_uint64\nfdd526036 Correctly handle LONG_MIN in ASN1_INTEGER_get.\nde139712b Implement ASN1_INTEGER_set_uint64 with ASN1_STRING_set.\nbdc35b636 Rewrite and tighten ASN1_INTEGER encoding and decoding.\n366e88662 Deduplicate the rest of ASN1_INTEGER and ASN1_ENUMERATED.\nfa2cd1ee8 Fix theoretical overflow in ASN1_INTEGER_cmp.\nd258de724 Include rsa/internal.h for |...no_self_test| functions.\n66d856322 Limit the pthread_rwlock workaround to glibc.\n6e25e54b1 Rewrite ASN1_INTEGER tests.\ncc4333d75 Use X509V3_add_value_int in i2v_AUTHORITY_KEYID.\ne4b3e6afb Fix x509v3_bytes_to_hex when passed the empty string.\n657c69b3c Reimplement ASN1_get_object with CBS.\n7fac386a1 Add an explicit indefinite-length output to CBS_get_any_ber_asn1_element.\n8a3818418 Use ctype(3) in a more standards-conformant way.\n81502beed Linkify RFCs in more places in the docs.\n4b55af0fc Make FFDH self tests lazy.\n3053b739b Make ECC self tests lazy.\nc76da9d46 HPKE is now RFC 9180.\n6595ddb35 Include the policy document for the most recent FIPS validation.\n4d955d20d Check static CPU capabilities on x86.\n31ece98da Align rsaz_avx2_preferred with x86_64-mont5.pl.\n17c8c8110 Enable SHA-NI optimizations for SHA-256.\nec85d0ddb Update Intel SDE.\n08970b312 Include the EKU extension in bssl server\u0027s self-signed certs.\n0da6b4805 Don\u0027t call a non-test file *test.h.\n1c2e61efe Make RSA self-test lazy.\n263f48997 Add link to new Android FIPS certificate.\nb9c6d67c2 delocate: handle a new output form in Clang 13.\n8f7cb2f7c Drop, now unused, KAT value.\nea9fb94c3 Drop CAVP code.\nd04c32a3d Break FIPS tests differently.\nf8235e499 Don\u0027t forget hmac.h in self_check.h.\n9cad13eea Perform SHA-$x and HMAC KAT before integrity check.\nb0ed28e25 Add a couple of spaces to `check_test`.\n15565a898 Split FIPS KATs into fast and slow groups.\na91953977 Move DES out of the FIPS module.\n44a141fa1 acvp: don\u0027t send the Authorization header when renewing tokens\n5112b45ce Support Bazel\u0027s test-sharding protocol.\n68addd2f7 Simply CMake assembly source selection.\n351b2f8ce Rename generated assembly from \u0027mac\u0027 or \u0027ios\u0027 to \u0027apple\u0027\n0f1417ce0 Build aarch64 assembly for macOS in the bazel build.\nac3f4fb8e Fix OPENSSL_NO_ASM definition in bazel.\nc5179c693 Use @platforms in Bazel rules.\n123eaaef2 Record ClientHelloInner values in msg_callback.\n44425ddc7 Fold ssl_decode_client_hello_inner into ssl_client_hello_decrypt.\n7198d1132 Explicitly reject self-referential ech_outer_extensions.\n0fc57bef1 Simpler square-root computation for Ed25519\n0f4454c07 Condition split handshake tests on Linux in CMake.\nb90261a38 Implement PEM_read_bio_DHparams with the macro.\n387f82054 Limit _XOPEN_SOURCE to Linux.\nc03e99a59 Fix Unicode strings for C++20\n345c86b1c Switch CRYPTO_BUFFER_POOL to SipHash-2-4.\n50e7ea5f0 LSC: Apply clang-tidy\u0027s modernize-use-bool-literals to boringssl\n960ddfee4 Fix mac_arm64 builder.\nea46caf26 Put Rust binding generation behind an explicit flag and only build bindings for the targeted Arch\nbe04c566c Add ARMV8_SHA512 detection for Fuchsia.\n8d8d8f3ea Generates \"low-level\" bindings for Rust using bindgen\n36a41bf0b Add note about Gerrit account creation\nd1593f54c Make EVP_AEAD_CTX_free accept NULL.\nec476ef04 Zero out the values from the integrity check.\nf79757032 Ignore duplicates in |X509_STORE_add_*|\n0354b79d7 Don\u0027t #include \"internal.h\" twice.\n24e97fb69 Version bump: 2 -\u003e 3.\nd80f17d5c Simplify __ARM_ARCH__ definition.\na94c26778 Don\u0027t use __ARMEL__/__ARMEB__ in aarch64 assembly\n846a22700 Switch __ARM_FEATURE_CRYPTO to __ARM_FEATURE_{AES,SHA2}.\n661266ea0 Move CPU detection symbols to crypto/internal.h.\n37faa936b Move public APIs from cpu.h to crypto.h.\n295b31324 Rename CPU feature files with underscores.\n1e15682f1 Enable SHA-512 ARM acceleration when available.\naf561c221 Sync sha512-armv8.pl up to 753316232243ccbf86b96c1c51ffcb41651d9ad5.\ne90cf82ac Import sha512-armv8.pl transforms from upstream NEON code.\n9bcc12d54 Import a few test vectors from OpenSSL.\nd7936c23c Use uint16_t in TestConfig and enable -Wformat-signedness.\n203b92b70 Reorder flags to match TestConfig struct.\n8ed06e0fd Rewrite bssl_shim command-line parser.\n066469055 Fix X509_CRL_print error-handling.\n94089a8b5 Silence -Wformat-signedness when printing X.509 versions.\n866b88dfe Don\u0027t print small, negative serial numbers in decimal.\n4f1fae304 Fix the easy -Wformat-signedness errors.\ne21f272a6 Add BIO_tell and BIO_seek wrappers.\n9631bc104 Remove non-standard wildcard input DNS names.\n405c7888a Rewrite X.509 name-matching tests.\nc3c540b9a Remove non-standard X.509 DNS wildcard matching.\n2042972e8 Make X509_REVOKED opaque.\n7e2a95788 Document |SSL_set1_host| return values.\n7e7e6b693 Add |SSL_set1_host| and |SSL_set_hostflags|.\n731d6cbef Add ERR_set_error_data for compatibility.\ncd0b76749 Add BN_GENCB_new, BN_GENCB_free, and RSA_test_flags.\nd703d95b8 Remove X509_REVOKED.sequence.\n\nChange-Id: Iba486e98187a96377a5613994e8dbda60a0bfb9c\nSigned-off-by: Piotr Sikora \u003cpiotrsikora@google.com\u003e\nReviewed-on: https://nginx-review.googlesource.com/c/nginx/+/4002\nReviewed-by: Patryk Lesiewicz \u003cpatryk@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "16176d05bba47cd0e058064ca71aceacb02807b7",
      "old_mode": 33188,
      "old_path": "bazel/repositories.bzl",
      "new_id": "9b4df8bfe5a5ce0a27c2fd9d30d7ff3f2c53d92d",
      "new_mode": 33188,
      "new_path": "bazel/repositories.bzl"
    }
  ]
}