From 3e513cc61947cb8bc39f3e40880c96bb6f878446 Mon Sep 17 00:00:00 2001
From: Alessandro Ghedini <alessandro@cloudflare.com>
Date: Tue, 9 Feb 2021 17:27:27 +0000
Subject: [PATCH] Update boringssl submodule pointer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* 2020-11-09 Document X509V3_add1_i2d and friends.
* 2020-11-09 Re-reformat x509.h.
* 2020-11-11 aarch64: Fix name of gnu property note section
* 2020-11-10 Reformat and convert comments in asn1.h.
* 2020-11-10 Unwind M_ASN1_* macros for primitive types.
* 2020-11-10 Switch M_ASN1_TIME macros within the library.
* 2020-11-11 Remove the legacy MSTRING M_ASN1 macros.
* 2020-11-10 Rearrange ASN1_STRING_copy slightly.
* 2020-11-09 Document some defaults for the EVP RSA interface.
* 2020-11-10 Document the basic ASN1_STRING functions.
* 2020-11-10 Remove some unnecessary pointer casts.
* 2020-09-04 Add APIs for checking ASN.1 INTEGERs.
* 2020-11-11 Const-correct and document more X509 functions.
* 2020-11-13 Fix NETSCAPE_SPKI_get_pubkey documentation.
* 2020-11-18 Always check the TLS 1.3 downgrade signal.
* 2020-11-19 Rename the master_key field in SSL_SESSION to secret.
* 2020-11-19 Add FIPS self test for the TLS KDF.
* 2020-11-19 acvp: add SHA-512/256 support.
* 2020-11-19 Document ASN1_STRING.
* 2020-11-30 Add digest.h to self_check.c
* 2020-11-30 util/fipstools/acvp/acvptool: buffer signal channel to avoid losing signal
* 2020-11-30 Poly1305: Use |size_t|; assert |poly1305_state| is large enough.
* 2020-11-25 Improve sk_dup.
* 2020-12-01 aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode
* 2020-12-01 Only accept little-endian ARM and MIPS variants in base.h.
* 2020-12-02 Update FIPS.md to include latest FIPS certificate.
* 2020-12-02 draft-ietf-tls-certificate-compression is now RFC 8879.
* 2020-12-02 Get closer to Ed25519 boundary conditions.
* 2020-12-01 PWCT failures should clear the generated key.
* 2020-10-29 Fix EDIPartyName parsing and GENERAL_NAME_cmp.
* 2020-12-08 Const-correct GENERAL_NAME_cmp.
* 2020-12-07 acvp: fix subprocess_test.go
* 2020-12-07 acvp: tweak config
* 2020-12-07 acvp: add TLS KDF support
* 2020-03-11 Implement GREASE for ECH (draft-ietf-tls-esni-08).
* 2020-12-08 Reject bad ASN.1 templates with implicitly-tagged CHOICEs.
* 2020-12-08 Align armv8.pl references to OPENSSL_armcap_P.
* 2020-12-08 acvp: add support for KAS
* 2020-12-10 Add TLS_KDF to documented break tests.
* 2020-12-09 Skip ASN.1 template tests in Windows shared library builds.
* 2020-12-01 Switch to passive entropy collection for Android FIPS.
* 2020-12-11 Finish switching to NASM.
* 2020-12-11 Remove unused Netware codepaths in x86 perlasm.
* 2020-12-10 Move DH code into the FIPS module.
* 2020-12-10 acvp: add support for finite-field Diffie–Hellman.
* 2020-12-14 Include bn.h from bn/internal.h
* 2020-12-02 Fix ChaCha20-Poly1305 x86-64 asm on Windows
* 2020-12-15 Check for trailing data in X509Test.GeneralName.
* 2020-12-15 Use stdlib.h instead of cstdlib in span.h.
* 2020-12-14 Add support for the new QUIC TLS extension codepoint
* 2020-12-14 Move DH parameter generation out of the FIPS module.
* 2020-12-16 Revert "Add support for the new QUIC TLS extension codepoint"
* 2020-12-16 Use more efficient std::string::find overload.
* 2020-12-17 Export tool_sources to GN.
* 2020-12-16 Allow some non-minimal lengths in BER.
* 2020-12-17 acvp: load config later.
* 2020-12-17 acvp: fix silly errors.
* 2020-12-22 Add .text.unlikely.* pattern to fips_shared.lds.
* 2020-12-23 acvp: better document the subprocess protocol.
* 2020-12-23 Gerrit ignores <sup>; use Unicode superscript instead.
* 2020-12-21 Update ECH GREASE to draft-ietf-tls-esni-09
* 2020-12-21 Fix awkward wording in comment.
* 2021-01-05 Fix chacha20_poly1305_x86_64.pl comments.
* 2020-12-17 acvp: add tests
* 2021-01-06 Update third_party/googletest.
* 2020-12-22 delocate: support alternative comment indicators
* 2020-12-22 delocate: eliminate expression from vpaes assembly.
* 2021-01-06 Add some OpenSSL-compatibility aliases
* 2020-12-17 acvp: drop subprocess_test.go
* 2021-01-06 Update HPKE to draft-irtf-cfrg-hpke-07.
* 2021-01-07 A handful more compatibility functions.
* 2021-01-06 Optimize suffix building in FileTest::ReadNext().
* 2021-01-08 Use gai_strerrorA on Windows.
* 2020-10-19 Add ASM optimizations for Windows on Arm
* 2020-12-22 delocate: handle Aarch64 assembly in parser.
* 2020-10-29 Send ECH acceptance signal from backend server.
* 2021-01-12 Test that ALPS can be deferred to the ALPN callback.
* 2021-01-12 runner: Allow tokbind without RI/EMS in TLS 1.3.
* 2021-01-12 Fix ALPS state machine in QUIC servers.
* 2021-01-12 Make QUIC work with -async tests.
* 2021-01-12 Make QUIC tests work with early data.
* 2021-01-12 Run extension tests at all protocols.
* 2021-01-12 Replace MockQUICTransport tags with record types.
* 2020-12-22 delocate: preprocess perlasm output on Aarch64
* 2021-01-14 Add support for the new QUIC TLS extension codepoint
* 2021-01-15 doc: fix SSL_set0_rbio
* 2021-01-18 acvp: add XTS support.
* 2021-01-19 Fix client 0-RTT handling with ALPS.
* 2021-01-08 Add DH_compute_key_padded.
* 2020-12-22 delocate: support Aarch64
* 2021-01-19 Make BN_clear_free a wrapper around BN_free.
* 2021-01-20 Define TLSEXT_TYPE_quic_transport_parameters to the old code point for now.
* 2021-01-21 Fix comments that refer to old draft of HPKE.
* 2021-01-21 acvp: don't advertise SHA-1 RSA signature generation.
* 2021-01-21 acvp: drop 3DES fields from output when unused.
* 2021-01-17 Support cross-compiling AArch64 FIPS to Android.
* 2021-01-22 acvp: update test expectations in light of 8dcdcb39a7
* 2021-01-22 acvp: check that the payloadLen of cipher tests is correct.
* 2021-01-21 Add basic BLAKE2b-256 support.
* 2021-01-25 acvp: update to newer FFDH test.
* 2021-01-19 Add FFDH FIPS self-test.
* 2021-01-27 Support MOVLPS and MOVHPS in delocate.
* 2021-01-27 Benchmark BORINGSSL_self_test in FIPS mode.
* 2021-01-27 acvp: move CMAC verification into the module wrapper.
* 2021-01-28 Use ID instead of Id in Go.
* 2021-01-29 Fix TLS13SessionID-TLS13 test.
* 2021-01-29 Revert "Disable check that X.509 extensions implies v3."
* 2021-02-02 Add missing include to self_check.c.
* 2021-02-02 Add various function calls to test_fips.
* 2021-02-04 Include bn/internal.h for non-bcm.c builds.
---
 boring-sys/deps/boringssl | 2 +-
 boring-sys/src/x509.rs    | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/boring-sys/deps/boringssl b/boring-sys/deps/boringssl
index 30c88d66..067cfd92 160000
--- a/boring-sys/deps/boringssl
+++ b/boring-sys/deps/boringssl
@@ -1 +1 @@
-Subproject commit 30c88d6607b09df5d8bf2a143fbb74e383af85e9
+Subproject commit 067cfd92f4d7da0edfa073b096d090b98a83b860
diff --git a/boring-sys/src/x509.rs b/boring-sys/src/x509.rs
index 2d177b0a..e9ec093e 100644
--- a/boring-sys/src/x509.rs
+++ b/boring-sys/src/x509.rs
@@ -203,8 +203,11 @@ extern "C" {
     pub fn X509_REVOKED_get0_revocationDate(req: *const X509_REVOKED) -> *const ASN1_TIME;
     pub fn X509_REVOKED_get0_extensions(r: *const X509_REVOKED) -> *const stack_st_X509_EXTENSION;
 
-    pub fn X509_REVOKED_set_serialNumber(r: *mut X509_REVOKED, serial: *mut ASN1_INTEGER) -> c_int;
-    pub fn X509_REVOKED_set_revocationDate(r: *mut X509_REVOKED, tm: *mut ASN1_TIME) -> c_int;
+    pub fn X509_REVOKED_set_serialNumber(
+        r: *mut X509_REVOKED,
+        serial: *const ASN1_INTEGER,
+    ) -> c_int;
+    pub fn X509_REVOKED_set_revocationDate(r: *mut X509_REVOKED, tm: *const ASN1_TIME) -> c_int;
 
     pub fn X509_CRL_sign(x: *mut X509_CRL, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int;
     pub fn X509_CRL_digest(