Roll src/third_party/boringssl/src cece32610..8e75ae488

https://boringssl.googlesource.com/boringssl/+log/cece32610b89549386b42b2032dd5d8a423af6c8..8e75ae488047c519f14f2c08b02a55bf7712fa1d BUG=none Change-Id: I36edb8ad89f019bddea940ca7b6433ea3d8ef86e Reviewed-on: https://chromium-review.googlesource.com/1040588 Commit-Queue: Steven Valdez <svaldez@chromium.org> Reviewed-by: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/master@{#555812}

Roll src/third_party/boringssl/src cece32610..8e75ae488
https://boringssl.googlesource.com/boringssl/+log/cece32610b89549386b42b2032dd5d8a423af6c8..8e75ae488047c519f14f2c08b02a55bf7712fa1d BUG=none Change-Id: I36edb8ad89f019bddea940ca7b6433ea3d8ef86e Reviewed-on: https://chromium-review.googlesource.com/1040588 Commit-Queue: Steven Valdez <svaldez@chromium.org> Reviewed-by: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/master@{#555812}
99a85a60 · Steven Valdez · Commit Bot · 0dcdf8c2 · 99a85a60 · 99a85a60
Commit 99a85a60 authored May 03, 2018 by Steven Valdez Committed by Commit Bot May 03, 2018
5 changed files
--- a/DEPS
+++ b/DEPS
@@ -128,7 +128,7 @@ vars = {
  # Three lines of non-changing comments so that
  # the commit queue can handle CLs rolling BoringSSL
  # and whatever else without interference from each other.
-  'boringssl_revision': 'cece32610b89549386b42b2032dd5d8a423af6c8',
+  'boringssl_revision': '8e75ae488047c519f14f2c08b02a55bf7712fa1d',
  # Three lines of non-changing comments so that
  # the commit queue can handle CLs rolling google-toolbox-for-mac
  # and whatever else without interference from each other.

--- a/net/socket/ssl_client_socket_impl.cc
+++ b/net/socket/ssl_client_socket_impl.cc
@@ -914,11 +914,9 @@ int SSLClientSocketImpl::Init() {
  SSL_set_mode(ssl_.get(), mode.set_mask);
  SSL_clear_mode(ssl_.get(), mode.clear_mask);

-  // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers
-  // (note that SHA256 and SHA384 only select legacy CBC ciphers).
-  // Additionally disable HMAC-SHA1 ciphers in ECDSA. These are the remaining
-  // CBC-mode ECDSA ciphers.
-  std::string command("ALL:!SHA256:!SHA384:!aPSK:!ECDSA+SHA1");
+  // Use BoringSSL defaults, but disable HMAC-SHA1 ciphers in ECDSA. These are
+  // the remaining CBC-mode ECDSA ciphers.
+  std::string command("ALL::!aPSK:!ECDSA+SHA1");

  if (ssl_config_.require_ecdhe)
    command.append(":!kRSA");

--- a/net/socket/ssl_server_socket_impl.cc
+++ b/net/socket/ssl_server_socket_impl.cc
@@ -885,7 +885,7 @@ void SSLServerContextImpl::Init() {
  // disabled by default. Note that !SHA256 and !SHA384 only remove HMAC-SHA256
  // and HMAC-SHA384 cipher suites, not GCM cipher suites with SHA256 or SHA384
  // as the handshake hash.
-  std::string command("DEFAULT:!SHA256:!SHA384:!AESGCM+AES256:!aPSK");
+  std::string command("DEFAULT:!AESGCM+AES256:!aPSK");

  // SSLPrivateKey only supports ECDHE-based ciphers because it lacks decrypt.
  if (ssl_server_config_.require_ecdhe || (!key_ && private_key_))

--- a/third_party/boringssl/BUILD.generated_tests.gni
+++ b/third_party/boringssl/BUILD.generated_tests.gni
@@ -11,6 +11,8 @@ test_support_sources = [
  "src/crypto/test/malloc.cc",
  "src/crypto/test/test_util.cc",
  "src/crypto/test/test_util.h",
+  "src/crypto/test/wycheproof_util.cc",
+  "src/crypto/test/wycheproof_util.h",
  "src/ssl/test/async_bio.h",
  "src/ssl/test/fuzzer.h",
  "src/ssl/test/fuzzer_tags.h",

--- a/third_party/boringssl/crypto_test_data.cc
+++ b/third_party/boringssl/crypto_test_data.cc