Roll src/third_party/boringssl/src 23824fa0f..4fe29ebc7
https://boringssl.googlesource.com/boringssl/+log/23824fa0fed94f4660ffafb15aaea8b317f2c8a6..4fe29ebc759e482891e96fc4170eb3db26c0bc13
The following commits have Chromium bugs associated:
9a4e1095c Remove redundant bssl_sys import
The following commits have update notes:
90f0f05cc Integrate TLS 1.2 sigalg and cipher suite selection
da3b3725a Don't report libpki headers as part of libcrypto
This required a couple fixes to tests:
First, SSLPolicyTest.InsecureHashPolicy forgot to disable non-ECDHE
ciphers, which meant the server could have chosen to fallback to a
non-signing cipher. It just happened not to, but 90f0f05cc fixed this.
Second, 90f0f05cc slightly tweaks the error reporting for signature
algorithm mismatch. Previously, we would select a cipher suite and only
notice the failure condition at ServerKeyExchange. This means the client
sees ServerHello, Certificate, handshake_failure. Now we notice the
errro condition early and don't waste our time sending ServerHello and
Certificate. The peer simply sees handshake_failure. It's the same
alert, but Chrome maps this earlier handshake_failure to a different
error. (This mapping is more accurate because there wasn't a protocol
mistake. We just didn't have common parameters.)
Bug: 326247202
Change-Id: I5bfe0973a67ee8a224386ce74738e99312a94ff5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5318335
Commit-Queue: Anqing Zhao <anqing@chromium.org>
Auto-Submit: David Benjamin <davidben@chromium.org>
Reviewed-by: Anqing Zhao <anqing@chromium.org>
Reviewed-by: Adam Langley <agl@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1264520}
NOKEYCHECK=True
GitOrigin-RevId: 3821fd990434bd281f7ab69fc248c87b3a34d7c8
11 files changed
