)]}' { "log": [ { "commit": "0370de714758de8b25d025c6011e17829227b912", "tree": "bd3bac01cd56b167edd8eddf9cf07615e80778d3", "parents": [ "13b950692e7d0c43a1d770742f9955df99276b6e" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Fri Apr 03 12:07:14 2026 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Apr 03 09:45:29 2026 -0700" }, "message": "draft-ietf-tls-esni is now RFC 9849\n\nThere weren\u0027t too many changes so all the section numbers, except\nAppendix B -\u003e A, remain intact:\nhttps://author-tools.ietf.org/iddiff?url1\u003ddraft-ietf-tls-esni-13\u0026url2\u003drfc9849\u0026difftype\u003d--html\n\nChange-Id: Iae68c2b6d60c0df7e05f5e26fe19c8f7ecbead2d\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91927\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\n" }, { "commit": "13b950692e7d0c43a1d770742f9955df99276b6e", "tree": "4738207ac043c0d9526925d67ddd2d844b2e8666", "parents": [ "10a2bc581c60caa5a8dd72f35050d6e599ea11f1" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Thu Apr 02 10:21:33 2026 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Apr 03 09:30:54 2026 -0700" }, "message": "Define OPENSSL_NO_UI_CONSOLE\n\nOtherwise curl, when targetting OpenSSL 3.x, wants to pull in a whole\nton of provider and UI stuff.\n\nBug: 497675628\nChange-Id: I105a8e7eb0cc480e8e2bdcc2098872b9d14c0d3c\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91911\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\n" }, { "commit": "10a2bc581c60caa5a8dd72f35050d6e599ea11f1", "tree": "abfc57f3a573bc3571c09ad69371c98f5cd15a65", "parents": [ "8a91a2ea32f370b527c0383e11d8ff5c8ffe6306" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Thu Apr 02 10:04:45 2026 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Apr 03 09:27:13 2026 -0700" }, "message": "Switch callers within the library to EVP_PKEY_eq\n\nBug: 497675628\nChange-Id: I35137b7598199e79740002f45b3eb8597327ea17\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91910\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "8a91a2ea32f370b527c0383e11d8ff5c8ffe6306", "tree": "85dd34a5f8e465235019e4fe706108a3de6ee623", "parents": [ "666959298d57463251d90603ef5fd390641de57b" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Thu Apr 02 10:00:56 2026 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Apr 03 09:24:14 2026 -0700" }, "message": "Add EVP_PKEY_eq and EVP_PKEY_parameters_eq\n\nThe new names are better so, matching OpenSSL, deprecate the cmp\nspelling. We have a lot of callers in the library so a follow-up CL will\nswitch existing calls.\n\nBug: 497675628\nChange-Id: I956c70e5c96b0b056becdff0b0ad89f8b2c4bf77\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91909\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "666959298d57463251d90603ef5fd390641de57b", "tree": "fd2d1597ac02834e12b58d2dc435ee7ca98470e1", "parents": [ "24efad30d65add13b8f78ab60715620b3494ac5c" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Thu Apr 02 10:05:44 2026 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Apr 03 09:24:09 2026 -0700" }, "message": "Restore X509_check_private_key\u0027s error after EVP_PKEY_cmp narrowing\n\nI updated X509_REQ_check_private_key in\nhttps://boringssl-review.googlesource.com/c/boringssl/+/87008 but forgot\nX509_check_private_key.\n\nThis apparently did not break anything, but let\u0027s restore the original\nbehavior.\n\nUpdate-Note: X509_check_private_key returns different errors again for\nkey type vs value mismatch.\n\nChange-Id: I20395ac651d6565c89383eabacba0ed7c75a9e42\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91908\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "24efad30d65add13b8f78ab60715620b3494ac5c", "tree": "487da03f37379116c1fd3fde1a5702d2edb62a82", "parents": [ "b0ae229f686f2be70689584d1e1c6a727a2cdfab" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Thu Apr 02 09:54:09 2026 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Apr 03 09:14:51 2026 -0700" }, "message": "Start filling in some functions from OpenSSL 3.x\n\nStub out the ridiculous fetch infrastructure by just no-oping\neverything.\n\nBug: 497675628\nChange-Id: Id76b82a0b908605233ff712fa15473ea239c52ce\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91907\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "b0ae229f686f2be70689584d1e1c6a727a2cdfab", "tree": "f963deea9bdf749a48b985cd188a507a9bb761b7", "parents": [ "a9fcad767317332761881f3487a453fbfaa94555" ], "author": { "name": "Lily Chen", "email": "chlily@google.com", "time": "Thu Apr 02 13:43:19 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Apr 02 11:03:31 2026 -0700" }, "message": "Add definition of OSSL_PARAM\n\nOSSL_PARAM was previously not defined and was expected to be null when\npassed as function parameters. Since some consumers need it to compile,\nfor compatibility with OpenSSL, this CL defines the struct and adds the\nmacro for a terminating OSSL_PARAM. BoringSSL functions still expect an\nOSSL_PARAM array argument to either be null or start with a terminaing\nOSSL_PARAM.\n\nBug: 497718229\nChange-Id: I6c42cf488d8f2aefc6dd69c4b2b994c86a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91887\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "a9fcad767317332761881f3487a453fbfaa94555", "tree": "e5576a969e835ea6d3d2284a70aafef483530bb4", "parents": [ "7f5a43945aab78fe4e71459ac4881ff9033d73d8" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Wed Apr 01 21:50:48 2026 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Apr 02 08:10:07 2026 -0700" }, "message": "Benchmark all three ML-DSA sizes\n\nNow that we\u0027ve wired it up to EVP, it\u0027s not too bad, except OpenSSL\u0027s\nEVP_DigestSign signing API is still tedious and needs something like\nEVP_SIGNATURE.\n\nWhen/if we make an EVP_SIGNATURE API, to parallel EVP_KEM, we can\nprobably unify every signing benchmark under one umbrella. Right now\never signature algorithm involves a different ball of EVP_PKEY_CTX ctrl\ncalls.\n\nChange-Id: Ib67bd1a8c3e05ca359f8a78cca23f7dff6201713\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91867\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\nPresubmit-BoringSSL-Verified: Boringssl LUCI CQ \u003cboringssl-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "7f5a43945aab78fe4e71459ac4881ff9033d73d8", "tree": "c8278981fb518187f5c332817c03d2a751c1656e", "parents": [ "987160a451651da344b81a1f3ebd6408dbb505d1" ], "author": { "name": "Rudolf Polzer", "email": "rpolzer@google.com", "time": "Wed Apr 01 01:10:42 2026 -0700" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Apr 01 01:29:56 2026 -0700" }, "message": "Fix use of empty line in prefix_symbols.h.\n\nTrivial fix; just matches our usual use of the double newline after the\nincludes.\n\nBug: 42220000\nChange-Id: I113402e3863bfdae2fde4e6c6ffe85716a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91847\nCommit-Queue: Rudolf Polzer \u003crpolzer@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\nAuto-Submit: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "987160a451651da344b81a1f3ebd6408dbb505d1", "tree": "91b07f03eeb88615721f538b48280437ee16cc14", "parents": [ "d9c112ad89e8713b39c1b427783f773d222f2e8c" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Mar 31 18:02:13 2026 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 31 21:11:53 2026 -0700" }, "message": "Work around a GCC false positive warning\n\nGCC is getting upset about working off of the first in.size() bytes of\nout, but in.size() is at most kBlockSize, so this definitely fits.\n\nStill, moving the Span(out).first(in.size()) call slightly earlier seems\nto silence this, probably by causing the compiler to emit the bounds\ncheck slightly earlier. The bounds check is redudant (it\u0027s a consequence\nof the compiler not knowing some of the bounds), but if we\u0027re paying for\nit anyway, may as well pay for it before we call f_final than after.\n\nThat seems to, as a side effect, make GCC behave.\n\nFixed: 496903323\nChange-Id: Ia7a5279964d78d3998658d44cbbb06f9ea544f19\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91807\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nPresubmit-BoringSSL-Verified: Boringssl LUCI CQ \u003cboringssl-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\n" }, { "commit": "d9c112ad89e8713b39c1b427783f773d222f2e8c", "tree": "9a8dc71bfeeb6bb2a419ec9c2ef95b185f6b3f8d", "parents": [ "83b9e76e694a95e3ec054683d4742e89d3653cc3" ], "author": { "name": "Nick Harper", "email": "nharper@chromium.org", "time": "Tue Mar 31 22:35:58 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 31 16:04:59 2026 -0700" }, "message": "Update annotate_test_data.py to python3\n\nTested by re-running the script.\n\nChange-Id: Idc1727df80e5f6616854240bcb87aab50cd564ef\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91827\nCommit-Queue: Matt Mueller \u003cmattm@google.com\u003e\nReviewed-by: Matt Mueller \u003cmattm@google.com\u003e\nPresubmit-BoringSSL-Verified: Boringssl LUCI CQ \u003cboringssl-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: Nick Harper \u003cnharper@chromium.org\u003e\n" }, { "commit": "83b9e76e694a95e3ec054683d4742e89d3653cc3", "tree": "58f01f789215053afd4d6ae316db50cb841156db", "parents": [ "3dbb5f85aff466e10a370ef5702c4771f0d2b9c1" ], "author": { "name": "Xiangfei Ding", "email": "xfding@google.com", "time": "Fri Mar 27 16:15:12 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 31 14:59:17 2026 -0700" }, "message": "rust: bssl-tls: allow FFI interop with BoringSSL-dependent libraries\n\nSigned-off-by: Xiangfei Ding \u003cxfding@google.com\u003e\nChange-Id: I804914b00e4b62e8a0742fb6d17813dd6a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91667\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n" }, { "commit": "3dbb5f85aff466e10a370ef5702c4771f0d2b9c1", "tree": "e6e1ca369b8a60d341c0bbdf85bfd4ca4057148c", "parents": [ "105fdbdc79edbc33a3cf19d1a3e19486b2fbf077" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Mar 31 14:27:11 2026 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 31 14:49:07 2026 -0700" }, "message": "Tidy up X509StoreGet1IssuerMultipleMatches tests a bit\n\nWe already have a AddSubjectKeyIdentifier helper function.\n\nThe comment about sort order didn\u0027t actually apply, since X509_STORE\ndoes not sort certificates that way.\n\nAlthough we mitigated it with a stable sort, I\u0027ve modified the test to\ninsert lots of bad certificates that way, if we are unable to make this\ndeterministic in the future (perhaps if X509_STORE switches to a hash\ntable), the extra copies mean the test will only fail to catch errors 1%\nof the time, which seems fine.\n\nChange-Id: I0b7ad6383d30856bc8094d8a6444849a791d5099\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91787\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nPresubmit-BoringSSL-Verified: Boringssl LUCI CQ \u003cboringssl-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "105fdbdc79edbc33a3cf19d1a3e19486b2fbf077", "tree": "2af6662ba3bf2422da87cad8031b7a24622da3df", "parents": [ "992dfa0b56f98b8decaf82cd8df44aa714675d99" ], "author": { "name": "Lily Chen", "email": "chlily@google.com", "time": "Fri Jan 23 18:42:44 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 31 14:21:36 2026 -0700" }, "message": "Raw Public Keys: Configure cert types accepted from the server\n\nTo indicate support for Raw Public Keys (RFC 7250), the client may list\ncert type(s) accepted from the server (the options are RawPublicKey or\nX.509) in the ClientHello, and the server may list a client cert type\naccepted from the client in the ServerHello.\n\nThis CL adds API functions to configure the cert types that the caller\nwishes to accept from the peer (whether the caller is client or server),\nand implements the client\u0027s sending of the accepted types in\nserver_certificate_type in the ClientHello. (The client_certificate_type\nextension in the ServerHello, which is also derived from the accepted\ntypes on the server side, is implemented later.)\n\nBug: 467663225\nChange-Id: I6042fa9a03eb395d85f9c92fd766e2836a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/89827\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "992dfa0b56f98b8decaf82cd8df44aa714675d99", "tree": "14232be9d225205a5c13b84299faf0bdbc60f7d1", "parents": [ "3e22010a8ebdfe84c7a25407c32b05cea615c555" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Mon Mar 30 15:38:35 2026 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Mar 30 13:23:45 2026 -0700" }, "message": "Remove a stray space\n\nChange-Id: Ic10c84db014692f4bbb04a7997c74662f9bac38a\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91747\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\n" }, { "commit": "3e22010a8ebdfe84c7a25407c32b05cea615c555", "tree": "071fcb2b19695dcac81c9d1081fb34f79e4fdc23", "parents": [ "664a985707470a62f436cca862ccec9524c561ca" ], "author": { "name": "Lily Chen", "email": "chlily@google.com", "time": "Fri Mar 27 20:23:22 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Sat Mar 28 10:12:09 2026 -0700" }, "message": "Use stable sort in OPENSSL_sk_sort to sort STACK_OF(T)\n\nIn other places where we use `std::sort`, we are sorting types that\ncannot compare equal unless they really are equal. However, when sorting\na STACK, items may compare equal while still being distinguishable.\n\nNondeterminism is awful. And this particular non-determinism made the\nrecently added test in d258906c99, flaky.\n\nChange-Id: I104e665b51bd0d2bcd0d4d9fc8eef1c66a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91687\nPresubmit-BoringSSL-Verified: Boringssl LUCI CQ \u003cboringssl-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: Lily Chen \u003cchlily@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\n" }, { "commit": "664a985707470a62f436cca862ccec9524c561ca", "tree": "7e1596eb05d97d5be270ef0aba4be4b0fb0783eb", "parents": [ "6ecaafbcc8e942899a66fce282a51f35bbb9827a" ], "author": { "name": "Lily Chen", "email": "chlily@google.com", "time": "Thu Mar 26 14:13:29 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Mar 27 10:01:28 2026 -0700" }, "message": "Add some missing #includes\n\nChange-Id: I37bb5aca682b7fdc6e9c08b28c866e1a6a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91587\nPresubmit-BoringSSL-Verified: Boringssl LUCI CQ \u003cboringssl-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\nAuto-Submit: Lily Chen \u003cchlily@google.com\u003e\n" }, { "commit": "6ecaafbcc8e942899a66fce282a51f35bbb9827a", "tree": "091144968db46a6c2910e3a575dba6e28776a74e", "parents": [ "6307dac7cd53a8d0db941b9159269f72c0d563fb" ], "author": { "name": "Xiangfei Ding", "email": "xfding@google.com", "time": "Tue Mar 24 14:29:42 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Mar 27 09:56:39 2026 -0700" }, "message": "rust: bssl-tls: Introduce shutdown controls\n\nBug: 479599893\n\nSigned-off-by: Xiangfei Ding \u003cxfding@google.com\u003e\nChange-Id: I129f4aeaac80967ca3c56215c786d2456a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91408\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n" }, { "commit": "6307dac7cd53a8d0db941b9159269f72c0d563fb", "tree": "a957e8fa9b10eb0ebb8bde99282a8618659979f6", "parents": [ "4c91be649fec6c35fb1a3ae0539eaf85e9443ace" ], "author": { "name": "Xiangfei Ding", "email": "xfding@google.com", "time": "Tue Mar 24 14:34:03 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Mar 27 09:41:51 2026 -0700" }, "message": "rust: bssl-tls: Introduce I/O model\n\nBug: 479599893\n\nSigned-off-by: Xiangfei Ding \u003cxfding@google.com\u003e\nChange-Id: I26f09e3b18a446c7cf7cf180059bcf046a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91407\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n" }, { "commit": "4c91be649fec6c35fb1a3ae0539eaf85e9443ace", "tree": "8ff2865ba832a414d66aab776897b2a02496ab36", "parents": [ "cce3e64cce8aea20f5b683aadaaa1877422a8718" ], "author": { "name": "Lily Chen", "email": "chlily@google.com", "time": "Fri Mar 27 14:59:24 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Mar 27 09:14:30 2026 -0700" }, "message": "Bump version for BCR to 0.20260327.0\n\nChange-Id: Idd9565109b42db63e996eeb0e06ff7296a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91647\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\nAuto-Submit: Lily Chen \u003cchlily@google.com\u003e\n" }, { "commit": "cce3e64cce8aea20f5b683aadaaa1877422a8718", "tree": "0cb7b3039c5ff4fc033a67d3b2fbd308abba3170", "parents": [ "7fbc53a72d9879aa453e8c06c2458cce6406f64f" ], "author": { "name": "Xiangfei Ding", "email": "xfding@google.com", "time": "Tue Mar 24 15:16:41 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Mar 27 09:14:17 2026 -0700" }, "message": "rust: bssl-tls: add TLS-specific error codes\n\nBug: 479599893\n\nSigned-off-by: Xiangfei Ding \u003cxfding@google.com\u003e\nChange-Id: I62014b4f1757a690c1f7b2a9794026416a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91447\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n" }, { "commit": "7fbc53a72d9879aa453e8c06c2458cce6406f64f", "tree": "3baa5f050251e7fd2e16a0133fe2e637cff09aa4", "parents": [ "11f21c1ef9e71fb9746de650a1646997851b5dad" ], "author": { "name": "Xiangfei Ding", "email": "xfding@google.com", "time": "Wed Mar 25 15:26:59 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Mar 27 08:57:00 2026 -0700" }, "message": "rust: bssl-tls: Precise control over handshakes\n\nBug: 479599893\n\nSigned-off-by: Xiangfei Ding \u003cxfding@google.com\u003e\nChange-Id: Ie8ee5ff4363ad002a4a4c3b0577829056a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91527\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n" }, { "commit": "11f21c1ef9e71fb9746de650a1646997851b5dad", "tree": "516e97017e77adfc1b007d82f0a17042f78380e6", "parents": [ "9741c06f5a95f6dfc4116baff84432ca254fb65c" ], "author": { "name": "xfding", "email": "xfding@google.com", "time": "Wed Feb 11 13:09:08 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Mar 27 08:56:54 2026 -0700" }, "message": "rust: bssl-tls: basic bssl-tls framework\n\nThis is a strictly minimal set of essential types, on which the rest of\nthe binding would be based on.\n\nBug: 479599893\n\nSigned-off-by: Xiangfei Ding \u003cxfding@google.com\u003e\nChange-Id: Icffc68b5a687b1fadfa4ffff5bc09ea16a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/89427\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "9741c06f5a95f6dfc4116baff84432ca254fb65c", "tree": "ffdcbb815ae525a9aacd3a3e0a8ce442e24b62b7", "parents": [ "d258906c992e30c07328eac375f2c6a4a0f30fd9" ], "author": { "name": "Rudolf Polzer", "email": "rpolzer@google.com", "time": "Fri Mar 27 00:46:00 2026 -0700" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Mar 27 01:29:12 2026 -0700" }, "message": "Symbol renaming: also rename inline functions using `redefine_extname`.\n\nThis has previously not been done as they\u0027re `static inline` in C, and\nusing the pragma would warn.\n\nHowever, in that case they don\u0027t need any renaming _at all_, as they\u0027re\nnot emitting linker symbols to begin with!\n\nReduces public macro footprint to zero with Clang. No change with GCC.\nRemoves inline functions from macro footprint with nonsupporting\ncompilers such as MSVC when compiling as C.\n\nAlso, rephrase `BORINGSSL_ADD_USER_LABEL_AND_PREFIX` so in case the new\nC identifier already has a macro on it, it will use that macro\u0027s\nexpansion. This makes the `redefine_extname` and `#define` methods\nbehave more similar to each other in case e.g. a global header include\nwants to rename our renamed symbols further.\n\nBug: 42220000\nChange-Id: I7ceade63493ead2f7859c14c1e7916306a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91627\nCommit-Queue: Xiangfei Ding \u003cxfding@google.com\u003e\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\n" }, { "commit": "d258906c992e30c07328eac375f2c6a4a0f30fd9", "tree": "73b4915ac936ebb7272ccc80c06103e5cb49fddf", "parents": [ "a539826c55252739b4db155db96adce49fab6259" ], "author": { "name": "Rudolf Polzer", "email": "rpolzer@google.com", "time": "Wed Mar 25 09:45:35 2026 -0700" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Mar 27 00:21:47 2026 -0700" }, "message": "Regression test for I7cdf6cbdbd5f07093cdf3c191bfbd5c46a6a6964.\n\nBug: 495832128\nChange-Id: Id95713074dd97cee8fa8fff78e59e0666a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91528\nPresubmit-BoringSSL-Verified: Boringssl LUCI CQ \u003cboringssl-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "a539826c55252739b4db155db96adce49fab6259", "tree": "c99351b89fb3cc539944baf587d00cb583b581d9", "parents": [ "b4aca02389a30b11b7acd0ed750fd8c1acf05de0" ], "author": { "name": "Rudolf Polzer", "email": "rpolzer@google.com", "time": "Mon Mar 23 01:55:46 2026 -0700" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 26 05:34:34 2026 -0700" }, "message": "Reapply \"Reapply \"Simplify the symbol prefixing macros.\"\"\n\nThis reverts commit b7d706a3823f3fc9f1ee4706751591f7fe859442.\n\nAs Chromium\u0027s build system can\u0027t handle it, let\u0027s not include the\nheaders always, but still check for BORINGSSL_PREFIX in them; also, the\nmacros use less case distinctions now.\n\nThis reduces the RAM usage of the compiler, but also is generally nicer\nin the sense that it now properly autodetects the need to prepend an\nunderscore rather than relying on Apple vs non-Apple.\n\nIt also is part of a potential workaround to use the #pragma\nredefine_extname together with precompiled headers.\n\nBug: 42220000\nChange-Id: I773f2820a5852d7f1681383abeb9299c6a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91247\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\nCommit-Queue: Xiangfei Ding \u003cxfding@google.com\u003e\n" }, { "commit": "b4aca02389a30b11b7acd0ed750fd8c1acf05de0", "tree": "380d6a554df914ffbfe051745920a411bc1cf1ad", "parents": [ "8dce4fd20ab7e768c0a5103edc1d8cb7e54366ba" ], "author": { "name": "Lily Chen", "email": "chlily@google.com", "time": "Wed Mar 25 16:41:52 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 26 03:46:38 2026 -0700" }, "message": "Don\u0027t vote Presubmit-BoringSSL-Verified:-1 on dry run cancellation\n\nI copied this config almost verbatim from LUCI docs, but I think we\ndon\u0027t actually want the suggested behavior where a dry run cancellation\ncauses CV to vote -1 on the verified label.\n\nA dry run can be cancelled if the user switches to a full run (i.e.\nsubmit) while it is running. This shouldn\u0027t result in a big red -1\nlabel.\n\nChange-Id: I7efca3b6e04f52e2bd318b7505eb77d56a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91547\nCommit-Queue: Rudolf Polzer \u003crpolzer@google.com\u003e\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\nAuto-Submit: Lily Chen \u003cchlily@google.com\u003e\nPresubmit-BoringSSL-Verified: Boringssl LUCI CQ \u003cboringssl-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n" }, { "commit": "8dce4fd20ab7e768c0a5103edc1d8cb7e54366ba", "tree": "cd5d5c2f448c0ba034f2945441f1df5e696bc5e8", "parents": [ "5a706f2d40fd0fbe287ad0067aac886d078c75f0" ], "author": { "name": "Rudolf Polzer", "email": "rpolzer@google.com", "time": "Wed Mar 25 07:18:20 2026 -0700" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Mar 25 07:46:30 2026 -0700" }, "message": "Partial rollback of I40aed9832f72f6bd2b4b8a7f9d68f60ae0eb1e2c.\n\nOne loop is changed back to an index loop, as it had intentionally not\nstarted at zero.\n\nTests in a future CL - get this partial rollback out first.\n\nBug: 495832128\nChange-Id: I7cdf6cbdbd5f07093cdf3c191bfbd5c46a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91507\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\nCommit-Queue: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "5a706f2d40fd0fbe287ad0067aac886d078c75f0", "tree": "d4ecb85c95cc987616c99eaf065d3d22841747f9", "parents": [ "aa0acca1acf36b7fb16aa8a7b60b97d5cb01404d" ], "author": { "name": "Xiangfei Ding", "email": "xfding@google.com", "time": "Wed Mar 25 09:08:43 2026 +0000" }, "committer": { "name": "Xiangfei Ding", "email": "xfding@google.com", "time": "Wed Mar 25 05:51:38 2026 -0700" }, "message": "rust: Fix the lifetime contract for intermediate certs used by verifiers\n\nX509_STORE_CTX contract demands all certificates to outlive the\nverifier.\n\nSigned-off-by: Xiangfei Ding \u003cxfding@google.com\u003e\nChange-Id: I2af585c1a4d1d04e289e0d050791f69b6a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91487\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "aa0acca1acf36b7fb16aa8a7b60b97d5cb01404d", "tree": "78cbc830ab559b2eab4a2807dc615623e4a4fb7f", "parents": [ "2668883b7cdaa6197e36f5928e440c742d114c09" ], "author": { "name": "Lily Chen", "email": "chlily@google.com", "time": "Mon Mar 16 17:02:31 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Mar 23 15:52:16 2026 -0700" }, "message": "Add new EVP_KEM API\n\nThis adds a new EVP_KEM type which provides a more ergonomic API for KEM\nencapsulate and decapsulate operations, and implements them for\nML-KEM-768 and 1024.\n\nBug: 449751916\nChange-Id: Ie9b3a68a6e9e835a5055810cd23401716a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91267\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n" }, { "commit": "2668883b7cdaa6197e36f5928e440c742d114c09", "tree": "a659a51ac5949672a68485b673d28e60b3453f6f", "parents": [ "f5fa5b73931d0753851a6f5ec764d7bed1f1853f" ], "author": { "name": "Lily Chen", "email": "chlily@google.com", "time": "Mon Mar 23 18:47:06 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Mar 23 14:27:53 2026 -0700" }, "message": "CQ: Apply Presubmit-BoringSSL-Verified label when dry run finishes\n\nThis will enable integrations with Gerrit Flows such as automatically\nsending a CL for review when dry run passes.\n\nChange-Id: I1a0b04ac3fdc4c8a4f0cd71252fab7516a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91327\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nAuto-Submit: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\n" }, { "commit": "f5fa5b73931d0753851a6f5ec764d7bed1f1853f", "tree": "080f69c77dee416ad3a0a4667385cee4232d5691", "parents": [ "a025942147a72e6e3ba88eb5ef6b0a9a23d9bf64" ], "author": { "name": "Lily Chen", "email": "chlily@google.com", "time": "Mon Mar 16 17:02:31 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Mar 23 13:13:57 2026 -0700" }, "message": "Implement ML-KEM integration with EVP_PKEY_CTX\n\nThis adds encapsulate and decapsulate operations for EVP_PKEY_CTX, and\nimplements them for ML-KEM-768 and 1024. Functions match the equivalent\nOpenSSL API.\n\nBug: 449751916\nChange-Id: I8671027ca217b58743cd154d78421bb16a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90947\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\n" }, { "commit": "a025942147a72e6e3ba88eb5ef6b0a9a23d9bf64", "tree": "8d03c5c744713e5d1a2327dc1093c242ce4fe95b", "parents": [ "8f1f6360480481a6950bdd702061e68ecd7d0a79" ], "author": { "name": "Lily Chen", "email": "chlily@google.com", "time": "Mon Mar 23 18:13:42 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Mar 23 12:40:54 2026 -0700" }, "message": "Add a helper to compare two ML-KEM public keys\n\nTwo ML-KEM public keys are equal if their hashes are equal.\nThis will be exposed through EVP_PKEY_cmp.\n\nBug: 449751916\nChange-Id: I6514292c0f62bb9ec1f2cfe6a48996ac6a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91307\nAuto-Submit: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n" }, { "commit": "8f1f6360480481a6950bdd702061e68ecd7d0a79", "tree": "c7c0db4f88d7045a03923f332a74bf9f6e853a70", "parents": [ "031e739fceefd9fc14ae141a222778b57917cd44" ], "author": { "name": "Lily Chen", "email": "chlily@google.com", "time": "Thu Mar 19 18:36:11 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Mar 23 07:51:25 2026 -0700" }, "message": "Add accessors for ML-KEM public key part of private key\n\nThe ML-KEM private key struct includes the whole public key. To avoid\nunnecessary copies, this exposes the public key data witin the private\nkey, so that the EVP representation doesn\u0027t need to store two separate\ncopies.\n\nBug: 449751916\nChange-Id: I98130744fe01da5ffaa9b3070c6ffa246a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91107\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nAuto-Submit: Lily Chen \u003cchlily@google.com\u003e\n" }, { "commit": "031e739fceefd9fc14ae141a222778b57917cd44", "tree": "8d567ab15a67ce4eeb71feb052e8aeb6c21ac53c", "parents": [ "ba3de4d9b41906eb7e50d69edca140ef3cec053a" ], "author": { "name": "Rudolf Polzer", "email": "rpolzer@google.com", "time": "Mon Mar 23 01:02:28 2026 -0700" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Mar 23 01:23:51 2026 -0700" }, "message": "Revert \"Reapply \"Simplify the symbol prefixing macros.\"\"\n\nChromium is still not ready for it:\n\nhttps://ci.chromium.org/ui/p/chromium/builders/ci/linux-win-cross-rel/8864/overview\n\nAnd I honestly have no clue how to fix it.\n\nBug: 42220000\nThis reverts commit ba3de4d9b41906eb7e50d69edca140ef3cec053a.\n\nChange-Id: I690b4aa1918848ee86c3b7f87fa181b56a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91227\nCommit-Queue: Xiangfei Ding \u003cxfding@google.com\u003e\nAuto-Submit: Rudolf Polzer \u003crpolzer@google.com\u003e\nCommit-Queue: Rudolf Polzer \u003crpolzer@google.com\u003e\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\n" }, { "commit": "ba3de4d9b41906eb7e50d69edca140ef3cec053a", "tree": "aa5ccc40c438925fe1c05e293a0eb20facdf7deb", "parents": [ "6453bd80a9fe293c0adb8ae67d5d9c233100a7b9" ], "author": { "name": "Rudolf Polzer", "email": "rpolzer@google.com", "time": "Thu Mar 05 02:56:53 2026 -0800" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Mar 20 03:12:35 2026 -0700" }, "message": "Reapply \"Simplify the symbol prefixing macros.\"\n\nThis reverts commit 9b4d8692731864f624593083326c407a8fe25ba4.\n\nThe headers are now always included, but check for BORINGSSL_PREFIX\nthemselves; also, the macros use less case distinctions now.\n\nThis reduces the RAM usage of the compiler, but also is generally nicer\nin the sense that it now properly autodetects the need to prepend an\nunderscore rather than relying on Apple vs non-Apple.\n\nIt also is part of a potential workaround to use the #pragma\nredefine_extname together with precompiled headers.\n\nUpdate-Note: \u003copenssl/prefix_symbols.h\u003e is now always included.\nDownstream build systems may need changes to add this file to the build\ndependencies. Similarly, nasm files now always include\n\"boringssl_prefix_symbols_internal_*.inc\" from gen/, and thus build\nsystems may need to add the directory to the include path.\n\nNow the Chromium build should have been fixed.\n\nBug: 42220000\nChange-Id: I9bf318e4d80a21aaa4f053bb17249bd96a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90408\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\nCommit-Queue: Xiangfei Ding \u003cxfding@google.com\u003e\n" }, { "commit": "6453bd80a9fe293c0adb8ae67d5d9c233100a7b9", "tree": "8d567ab15a67ce4eeb71feb052e8aeb6c21ac53c", "parents": [ "28cf3dd50d8a9c8bc810c8fa84138af8da711e97" ], "author": { "name": "Rudolf Polzer", "email": "rpolzer@google.com", "time": "Tue Mar 17 06:05:36 2026 -0700" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Mar 20 02:17:59 2026 -0700" }, "message": "i2d_SSL_SESSION: support operating as allocating i2d function.\n\nNothing in the documentation says it _cannot_ be used this way, so let\u0027s\nmake\n\n```\nuint8_t *out \u003d nullptr;\ni2d_SSL_SESSION(session, \u0026out);\n```\n\nwork.\n\nFound by #Gemini.\n\nChange-Id: Ibff50d411a51b51f74db09f087ce24af6a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91008\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "28cf3dd50d8a9c8bc810c8fa84138af8da711e97", "tree": "ce15b4e2494db46805265e2012a983edfbd26af0", "parents": [ "4d969991f61733b4cab1ae871b136fd4dd6c6005" ], "author": { "name": "Lily Chen", "email": "chlily@google.com", "time": "Thu Mar 19 20:56:54 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 19 14:38:00 2026 -0700" }, "message": "Fix misspelling in error reason name\n\nAnd leaves a compatibility define for the old misspelled name.\n\nOpenSSL had the typo too, and they fixed it in\nhttps://github.com/openssl/openssl/pull/14429.\n\nChange-Id: I992a36962a32648ef2843196f17f640c6a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91127\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nAuto-Submit: Lily Chen \u003cchlily@google.com\u003e\n" }, { "commit": "4d969991f61733b4cab1ae871b136fd4dd6c6005", "tree": "18e50290a7d7594c7a0b6fa88c15a41aada177d6", "parents": [ "4dd559a6b088c9e8704fcd9b227599be8a228f4d" ], "author": { "name": "Lily Chen", "email": "chlily@google.com", "time": "Tue Mar 17 15:23:49 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 19 02:53:32 2026 -0700" }, "message": "GitHub: Loosen branch-time.yml check\n\nThis check should require that the current GitHub HEAD commit is at or\npast the latest upstream commit as of 24 hours ago. Effectively, this\nchecks that the import has run and succeeded in the last 24 hours.\n\nThis loosens the behavior from what was previously checked: that the\ntime between the GitHub HEAD and the upstream HEAD is at most 24 hours.\nSince commits may be more than 24 hours apart, this is a less useful\ncondition to check.\n\nChange-Id: I1710c5c8552fe8e75d1a23da4d46b1a76a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91027\nAuto-Submit: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "4dd559a6b088c9e8704fcd9b227599be8a228f4d", "tree": "9e36af8db32a0d4fabf77b8fb8478feeac5b7c4b", "parents": [ "4a0e7967db63fbfa2d89f6c9639de47abe831909" ], "author": { "name": "Lily Chen", "email": "chlily@google.com", "time": "Tue Mar 17 18:52:40 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 19 00:34:26 2026 -0700" }, "message": "Add a function to copy the public part of an EVP_PKEY\n\nThis provides a consistent way to take an EVP_PKEY containing a private\nkey and get a new EVP_PKEY that matches it, but only has the public key.\nWithout this convenience function, depending on the key type, the caller\nmay have to manipulate the underlying algorithm-specific key, or\nserialize the public key and deserialize it into a new EVP_PKEY.\n\nChange-Id: I399b1ee44f2f6531105ae63f1653b3206a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91067\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "4a0e7967db63fbfa2d89f6c9639de47abe831909", "tree": "6f0cb58a837b23ab2ad412e01bddf99151f01bd6", "parents": [ "7b899aa352f41ce4d2174b59a832c4b520471f4d" ], "author": { "name": "xfding", "email": "xfding@google.com", "time": "Wed Feb 11 13:09:08 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Mar 18 15:15:10 2026 -0700" }, "message": "rust: Move test data around for incoming crates\n\nAlso the CA was constructed to expire too soon.\nIts `notAfter` date has been adjusted.\n\nSigned-off-by: Xiangfei Ding \u003cxfding@google.com\u003e\nChange-Id: I9dac134416268e340514d5f3dce7b5f36a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91047\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n" }, { "commit": "7b899aa352f41ce4d2174b59a832c4b520471f4d", "tree": "28effd6362641ac83a90e9d04b6381af456c0db5", "parents": [ "8496dec61c9a9f8f852a8a41a2d5d8fff2cdbb11" ], "author": { "name": "Rudolf Polzer", "email": "rpolzer@google.com", "time": "Tue Mar 17 00:53:59 2026 -0700" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 17 09:52:47 2026 -0700" }, "message": "Array::CopyFrom and InPlaceVector::TryCopyFrom: do not allow in to alias this.\n\nAlso, fix one \"theoretical\" use-after-free in tls13_enc that happens in\nthe tls13_rotate_traffic_key -\u003e tls13_set_traffic_key call chain by\nresetting the secret to the same secret we already have. This reads the\nsecret after having called std::destroy_n() on it.\n\nThis is not detected by asan and msan, as the std::destroy_n() call\ncompiles to nothing when the declared type is a built-in integer type\nlike here (uint8_t). At the same time this means that it also is\nharmless - at least for now, as long as all types this happens with are\nPOD and as long as std::destroy_n() will keep doing nothing on them.\n\nIssue found by asking #Gemini to analyze the code.\n\nChange-Id: I65ef3b45a6fd3b394f85c79a658dfc2e6a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90987\nCommit-Queue: Xiangfei Ding \u003cxfding@google.com\u003e\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\n" }, { "commit": "8496dec61c9a9f8f852a8a41a2d5d8fff2cdbb11", "tree": "9aaf47d664a8461a76fadbdfcd33989e16465205", "parents": [ "7623d2a83d7bcaace929a9c5283792028ac557dc" ], "author": { "name": "Rudolf Polzer", "email": "rpolzer@google.com", "time": "Tue Mar 17 02:37:34 2026 -0700" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 17 07:24:35 2026 -0700" }, "message": "Document that BIO flags should usually be left alone.\n\nSome BIO flags can be memory safety risks when misused; others simply\nare not meant to be used after BIO creation. However, outright blocking\nis not an option, as users can define their own BIOs with their own flag\nsemantics.\n\nChange-Id: Iad1a3dfe942155626da2163c07909f1a6a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/91007\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\nAuto-Submit: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "7623d2a83d7bcaace929a9c5283792028ac557dc", "tree": "5c8d3557abc523d6b14c12e6239d82c3b1bc9a44", "parents": [ "c9adcbb55901715856a6aed27a2f15b5f91680b9" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Mar 17 11:44:01 2026 +0800" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 17 01:30:21 2026 -0700" }, "message": "Add RFC 9525 to references\n\nI always forget where this document is.\n\nChange-Id: I204ed847c78614c415a31cfc89935586e1e0ae58\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90967\nCommit-Queue: Xiangfei Ding \u003cxfding@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\n" }, { "commit": "c9adcbb55901715856a6aed27a2f15b5f91680b9", "tree": "c77ccc9d114877e00a7d1c77e35d416a0415bf07", "parents": [ "dec5ee1f0108484e83409805ee570021c13b225c" ], "author": { "name": "Lily Chen", "email": "chlily@google.com", "time": "Mon Mar 16 22:28:07 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Mar 16 21:09:19 2026 -0700" }, "message": "Const-correct EVP_PKEY_CTX_set1_signature_context_string\n\nIts input byte string should be const.\n\nChange-Id: Id49fd4c8a478bfcf7b52975db05ee6c16a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90927\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\nAuto-Submit: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "dec5ee1f0108484e83409805ee570021c13b225c", "tree": "e79399b98abb52234632a8964a64b0a388e2a371", "parents": [ "d2c7ec9e5943cc367894c5793fdc068f9f1ebc13" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Mon Mar 16 11:27:15 2026 +0800" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Mar 16 07:23:16 2026 -0700" }, "message": "Tolerate feof returning arbitrary non-zero values\n\nfeof apparently does not promise EOF returns 1, just a non-zero value.\nSee [0]. We very much do not care about the impacted platform, but it is\nprobably prudent to handle this, in case some platform we do care about\nuses this leeway. While I\u0027m here, add a test for EOF in file BIOs.\n\nIn writing this test, I noticed that BIO_reset\u0027s return value\nconvention, like BIO_seek, is completely inconsistent. Document the\nproblem for now. (OpenSSL\u0027s documentation[1] also mentions this, though\nthey seem to have missed that fds are also impacted.)\n\n[0] https://github.com/openssl/openssl/pull/30395\n[1] https://docs.openssl.org/master/man3/BIO_ctrl/#description:~:text\u003d%C2%B6-,BIO_reset()%20normally%20returns%201%20for%20success%20and%20%3C%3D0%20for%20failure.%20File%20BIOs%20are%20an%20exception%2C%20they%20return%200%20for%20success%20and%20%2D1%20for%20failure.,-BIO_seek()%20and%20BIO_tell\n\nChange-Id: I2df1925b157bb34897174143d74ca9e5e86a673c\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90888\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "d2c7ec9e5943cc367894c5793fdc068f9f1ebc13", "tree": "180a34f6f195d02ca51aa2754229eb02b5b284b1", "parents": [ "9989c11cbd874697322aaf2f86ac39a02a6e4564" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Mon Mar 16 10:57:24 2026 +0800" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Mar 16 07:19:17 2026 -0700" }, "message": "OpenSSL Advisory: March 13th, 2026 (BoringSSL Not Affected)\n\nBoringSSL counterpart to\nhttps://openssl-library.org/news/secadv/20260313.txt\n\nChange-Id: Ida53472905bbf18622c18e7fc6e75520f4d46a20\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90887\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "9989c11cbd874697322aaf2f86ac39a02a6e4564", "tree": "27946c35a3c4786dc7b8b30185718a38c095a63c", "parents": [ "8338e40d711138b4014206457f17d1dc65f18b89" ], "author": { "name": "xfding", "email": "xfding@google.com", "time": "Sun Mar 15 16:07:47 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Mar 16 01:15:15 2026 -0700" }, "message": "rust: x509 remove deprecated and no-op parameter flags\n\nSigned-off-by: Xiangfei Ding \u003cxfding@google.com\u003e\nChange-Id: I5d8f2da02d5a9fd44118746522ba3ddd6a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90867\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "8338e40d711138b4014206457f17d1dc65f18b89", "tree": "8c0c1a8bc7cf7591181c8e79823a68b2773988d7", "parents": [ "f584dc2a89f88421ba7a9faf0a5c107641587255" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Fri Mar 13 02:21:05 2026 +0800" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Sun Mar 15 23:29:01 2026 -0700" }, "message": "Remove DEFINE_NAMESPACED_STACK_OF from stack_test.cc\n\nThis never needed DEFINE_NAMESPACED_STACK_OF. The test doesn\u0027t have any\nparticular namespacing requirements, and it\u0027s better to test the macro\nthat the rest of the code uses.\n\nChange-Id: Id88b5366e1cca36500a3ab58632ff5c8a853e14e\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90788\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\nCommit-Queue: Rudolf Polzer \u003crpolzer@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "f584dc2a89f88421ba7a9faf0a5c107641587255", "tree": "61d38511c09d78401b9a2f85a49d3c11b58dd18e", "parents": [ "c586eb6da14861eec6f83e0deff28664a26eab41" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Fri Mar 13 02:15:15 2026 +0800" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Sun Mar 15 23:27:49 2026 -0700" }, "message": "Remove an easy DEFINE_NAMESPACED_STACK_OF\n\nWhen types aren\u0027t exported outside, we can use bssl::Vector. When they\nare exported outside, the STACK_OF isn\u0027t going to be namespaced.\n\nAlso modernize the rest of X509_STORE\u0027s lifetime management.\n\nChange-Id: I4b90caa2df3a16f67913b9e88cc90bbccd9e0cc8\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90787\nCommit-Queue: Rudolf Polzer \u003crpolzer@google.com\u003e\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "c586eb6da14861eec6f83e0deff28664a26eab41", "tree": "c3a5e078fe4286164eb6ebbd44ebcabc36e731f3", "parents": [ "1202ae49d6b10a0bff1a81337691b5df86b44c1c" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Thu Mar 12 09:08:50 2026 +0800" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Sun Mar 15 23:22:10 2026 -0700" }, "message": "Modernize p_hkdf.cc a bit\n\nAdd a bssl::Vector::Append. That was carrying a CBB just to implement an\nappendable buffer. Also a couple of minor bits elsewhere in crypto/evp.\n\nChange-Id: Ieccd77887ee5fc9f9c0f66358903524411d90d49\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90727\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: Rudolf Polzer \u003crpolzer@google.com\u003e\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "1202ae49d6b10a0bff1a81337691b5df86b44c1c", "tree": "bec59f70b69f8278ca6ac6ca1575ab072d3fa6ae", "parents": [ "75a1350717c122d5f1edf8938a9c17f1ce79f888" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Sat Mar 07 03:01:38 2026 -0800" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Sun Mar 15 23:19:26 2026 -0700" }, "message": "Use UniquePtr in RSA\n\nIn doing so, clean up a pattern introduced with FromOpaque in\nrsa_test.cc. Instead, keep to RSA\u0027s public APIs. In the couple places\nwhere we actually to reach in, just FromOpaque on that expression, which\nis much less error-prone than trying to keep two variables in sync.\n\nThe \"raw_access\" thread in the thread test can be removed. They\u0027re a\nremnant of when the struct was exposed in the public API.\n\nChange-Id: Id3fcd7e0fc5e7b58a505d5ad546a4c92636ebf18\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90547\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\nCommit-Queue: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "75a1350717c122d5f1edf8938a9c17f1ce79f888", "tree": "67db75a24acce8dadcef7a6040b29706b805963d", "parents": [ "d61cb8f3df753b28098c13213afbeba42c475252" ], "author": { "name": "Adam Langley", "email": "agl@chromium.org", "time": "Thu Mar 12 16:28:47 2026 -0700" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Sat Mar 14 15:38:16 2026 -0700" }, "message": "bssl-x509: don\u0027t expose X509CertificateList\n\nA set of intermediates generally isn\u0027t reused, and it doesn\u0027t otherwise\nhave utility.\n\nChange-Id: Ia14b156606d18065727f162549866a8e32ec6a80\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90808\nCommit-Queue: Xiangfei Ding \u003cxfding@google.com\u003e\nAuto-Submit: Adam Langley \u003cagl@google.com\u003e\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\n" }, { "commit": "d61cb8f3df753b28098c13213afbeba42c475252", "tree": "555835ea0f14b70666acb5a80745f48c9ff72cb0", "parents": [ "de8c7af5e7c40153eb6cc0a79ff61a43f4bb03f9" ], "author": { "name": "Adam Langley", "email": "agl@chromium.org", "time": "Thu Mar 12 16:23:23 2026 -0700" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Mar 13 15:54:06 2026 -0700" }, "message": "bssl-x509: API tweaks in certificates.rs\n\n* `get_` isn\u0027t typical in Rust code.\n* All X509 objects should have a valid serial number: other functions\n will crash in C code otherwise. Therefore check, but don\u0027t make\n functions fallible without good cause.\n* Serial numbers are generally required to be \u003e 16 bytes long, so\n functions to get them as 64-bit values probably aren\u0027t helpful. But do\n allow them to be formatted.\n\nChange-Id: Id5818eafc1923576acc33af3b5c5cb531b8bb83f\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90807\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: Xiangfei Ding \u003cxfding@google.com\u003e\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\nAuto-Submit: Adam Langley \u003cagl@google.com\u003e\n" }, { "commit": "de8c7af5e7c40153eb6cc0a79ff61a43f4bb03f9", "tree": "8e5b3924ae3dc62691e3df5bb305ed38f0917291", "parents": [ "1ec43b43bb531a66d604138eb13da913a95ee28a" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Sat Mar 07 03:10:13 2026 -0800" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 12 12:05:22 2026 -0700" }, "message": "Remove unused internal constant\n\nChange-Id: I1e482072a069175dfc8433ae7e279a5e65bc7f4e\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90548\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "1ec43b43bb531a66d604138eb13da913a95ee28a", "tree": "672435643ab2549f9774ccdf7ef78dcf0362a463", "parents": [ "9084caea4f86a0064492c3a8bf9447eff1d8c737" ], "author": { "name": "Adam Langley", "email": "agl@chromium.org", "time": "Thu Mar 12 09:41:22 2026 -0700" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 12 10:42:38 2026 -0700" }, "message": "bssl-x509: documentation improvements.\n\nChange-Id: Ib58314641b211c3d6e9ba3a565be61f44601617a\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90768\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\nAuto-Submit: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: Xiangfei Ding \u003cxfding@google.com\u003e\n" }, { "commit": "9084caea4f86a0064492c3a8bf9447eff1d8c737", "tree": "127e1f699acdadbba60c91fc1b7938a9fc98c567", "parents": [ "488e3e2e187596ffb615c923b8bd8433647d2bd0" ], "author": { "name": "Adam Langley", "email": "agl@chromium.org", "time": "Thu Mar 12 09:40:57 2026 -0700" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 12 10:40:29 2026 -0700" }, "message": "bssl-x509: various tidy-ups.\n\nNo semantic change intended.\n\nChange-Id: Ic2cde4dac0755bad786092b4809d259ba95286a7\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90767\nCommit-Queue: Xiangfei Ding \u003cxfding@google.com\u003e\nAuto-Submit: Adam Langley \u003cagl@google.com\u003e\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\n" }, { "commit": "488e3e2e187596ffb615c923b8bd8433647d2bd0", "tree": "c5ea1ccf9223cf7320781ba1a979b0b3b293a488", "parents": [ "5a814828165157246b32abaf19598cf16ff89234" ], "author": { "name": "xfding", "email": "xfding@google.com", "time": "Thu Mar 12 09:03:05 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 12 06:47:38 2026 -0700" }, "message": "rust: Pick up std feature by default for x509 and tls crate\n\nIt could be a major footgun to commit to no_std by default on these\ncrates, given that callbacks could still panic-unwind into C frames.\n\n- If a user wants to use these crates in `no_std`, it would be better for\nthem to explicitly opt-out and install their own panic handler.\n- It is also very rare to have any use for these crates in `no_std`.\n\nSigned-off-by: Xiangfei Ding \u003cxfding@google.com\u003e\nChange-Id: Id05c90822774da711dbfe9649fbb51026a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90747\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "5a814828165157246b32abaf19598cf16ff89234", "tree": "297f73936386d883872dae63ccd53aeaa0526f30", "parents": [ "74e2d10966c71e931f6b215d3722554fdac40b27" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Mar 10 21:18:20 2026 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 12 00:04:00 2026 -0700" }, "message": "Remove NewZeroed entirely\n\nNewZeroed was never actually necessary. We were performing\nvalue-initialization, which means that, if the default constructor were\nnot user-provided, it does zero-initialization anyway.\n\nIf the default constructor is user-provided, this changes and the\nuser-provided constructor is responsible for initializing every field.\nNewZeroed looks like it saved this case, but it does not according to\nGCC. GCC believes that, for all types, a memset preceding a placement\nnew can be deleted.\n\nThus we can simply replace NewZeroed with New. We need to be very\ncareful that, when we introduce a constructor to a type, we initialize\nthe fields explicitly. This was always true in C++.\n\nBug: 491512320\nChange-Id: I8f7cba6afaffeb8baf5f1190c2f7590bfd459b0a\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90667\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\nCommit-Queue: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "74e2d10966c71e931f6b215d3722554fdac40b27", "tree": "10e9c83e30886973414a8b7f7a427577e878e0db", "parents": [ "5e289a79529ff730ee6473772813e2b2f8c8cda5" ], "author": { "name": "Norbert Fabritius", "email": "nfabritius@google.com", "time": "Thu Feb 19 13:56:14 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Mar 11 15:38:13 2026 -0700" }, "message": "Add Send and Sync marker traits to X509Certificate\n\nChange-Id: Ic4857aa011d5ca723114096cd7ab7aedc3d80c81\nSigned-off-by: Norbert Fabritius \u003cnfabritius@google.com\u003e\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/89667\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: Xiangfei Ding \u003cxfding@google.com\u003e\n" }, { "commit": "5e289a79529ff730ee6473772813e2b2f8c8cda5", "tree": "011e04830b19e4608238bcc05a53dbb7fad89e0d", "parents": [ "560ec7270c9ba40bf69fe7a7f0216a600d0cd139" ], "author": { "name": "Lily Chen", "email": "chlily@google.com", "time": "Wed Mar 11 20:23:05 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Mar 11 14:24:40 2026 -0700" }, "message": "Add new Rust crates to build files\n\nAdded in https://boringssl-review.googlesource.com/c/boringssl/+/90427\n\nChange-Id: Ic6981d2ccfa6a69a09c01f66331f079c6a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90707\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\nAuto-Submit: Lily Chen \u003cchlily@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\n" }, { "commit": "560ec7270c9ba40bf69fe7a7f0216a600d0cd139", "tree": "9adcd3009fdef2202b2075368681a60d1c1eaa3e", "parents": [ "13c19cb1a5a8766f65165e6693e4ca41ae4c5923" ], "author": { "name": "xfding", "email": "xfding@google.com", "time": "Wed Mar 11 15:21:01 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Mar 11 12:47:31 2026 -0700" }, "message": "rust: Fix doc test since last crate renaming\n\nSigned-off-by: Xiangfei Ding \u003cxfding@google.com\u003e\nChange-Id: I0904002e8f7a1eae8b99251f8f8416126a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90687\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n" }, { "commit": "13c19cb1a5a8766f65165e6693e4ca41ae4c5923", "tree": "cf6a5a7c34c021b3a35d3db8e6fa10b94150ee2e", "parents": [ "eedf10c1f4ab44629e2fe3fe6f07e2fb0897c0f4" ], "author": { "name": "xfding", "email": "xfding@google.com", "time": "Thu Mar 05 09:26:45 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Mar 11 11:47:43 2026 -0700" }, "message": "rust: Introduce X.509 bindings\n\nThis crate will assist X.509 store construction, verification\nconfiguration and certificate verification.\n\nSigned-off-by: Xiangfei Ding \u003cxfding@google.com\u003e\nChange-Id: I8beb5f11ae04fb7c844b2d1970d65eff6a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90427\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n" }, { "commit": "eedf10c1f4ab44629e2fe3fe6f07e2fb0897c0f4", "tree": "15b899376b19c155cad195d800cf46fbc469bee4", "parents": [ "2afc51cfa4b6fa4594dbc689e5301826876a9be7" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Mar 10 19:28:26 2026 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Mar 11 00:07:29 2026 -0700" }, "message": "Remove some more easy NewZeroed calls\n\nBug: 491512320\nChange-Id: I4f4c23a4fa0054e67b4118789b68d6cab6dea2f4\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90647\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "2afc51cfa4b6fa4594dbc689e5301826876a9be7", "tree": "dc832b68664e74a964a597d1fc35e2c9536b2771", "parents": [ "6c0eb259bf059ddebabbd904c8201f6f323abdcd" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Mar 10 19:14:48 2026 -0400" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Mar 11 00:07:00 2026 -0700" }, "message": "Remove some dependencies on NewZeroed\n\nBug: 491512320\nChange-Id: If57a8b748c4eaf9a5d021308e1775a8f6b55a38c\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90627\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: Rudolf Polzer \u003crpolzer@google.com\u003e\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "6c0eb259bf059ddebabbd904c8201f6f323abdcd", "tree": "3a3f8fb974a7f6a6b53d2cbc42f66dca99954423", "parents": [ "4871095458977dfc9e3fdd1f2af66e21f3e5f4bd" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Mon Feb 23 12:42:25 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 10 23:51:55 2026 -0700" }, "message": "Wire up ML-DSA keygen to the EVP API\n\nThis works for both EVP_PKEY_CTX_new_id and also the more friendly\nEVP_PKEY_ALG API.\n\nBug: 449751916\nChange-Id: Id342948327b627e0c3ab29e02349e1f29a0fa4c8\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90609\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "4871095458977dfc9e3fdd1f2af66e21f3e5f4bd", "tree": "96514af302f26d6f6cec771f34c7aca7642b0242", "parents": [ "a6fa010a8eb3bbec0830fcf0e36aed6ba3594518" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Mar 10 09:54:03 2026 +0800" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 10 23:48:23 2026 -0700" }, "message": "Add new APIs to generate EVP_PKEYs\n\nGenerating keys with EVP_PKEY_CTX_new_id is both tedious and pulls in\nevery algorithm.\n\nEVP_RSA_gen comes from OpenSSL. It\u0027s solid.\n\nEVP_PKEY_generate_from_alg is a single-step operation and works with\nEVP_PKEY_ALG, so it is static-linker-friendly.\n\nBug: 42290364\nChange-Id: Ie88595cd239eead95d0d32dfe12795bd28d30b59\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90608\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\n" }, { "commit": "a6fa010a8eb3bbec0830fcf0e36aed6ba3594518", "tree": "1d2b359b8a305555b820a20c5bbea59db519b636", "parents": [ "476f4835186050a44f7fe6f088abbd279b634194" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Mon Feb 23 13:49:05 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 10 23:46:16 2026 -0700" }, "message": "Center EVP_PKEY_CTX creation on EVP_PKEY_ALG\n\nThis is in preparation for adding a way to generate an EVP_PKEY from an\nEVP_PKEY_ALG, by internally creating EVP_PKEY_CTXs. It also means we\ncould, if we wanted to, expose an EVP_PKEY_ALG version of\nEVP_PKEY_CTX_new_id.\n\nBug: 42290364\nChange-Id: Id9a74b50764717c6a0f9212c187781833a8cab54\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90607\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\n" }, { "commit": "476f4835186050a44f7fe6f088abbd279b634194", "tree": "ce01efd80edc06edc60a7cd084d20d749481d6f1", "parents": [ "a2f9a2474d0703e6ac3111a07129ead7c5aa8245" ], "author": { "name": "Ryan Macnak", "email": "rmacnak@google.com", "time": "Mon Mar 09 07:37:54 2026 -0700" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Mar 09 18:12:39 2026 -0700" }, "message": "Place kObjects constants in namespace bssl.\n\nWhen looking at binary size analysis of projects including boringssl, the ~100kB symbol \"kObjects\" at the top level is difficult to attribute to boringssl.\n\nChange-Id: I13c908ef2b5fd856ac5d6eed9cd99e24d1753599\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90307\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "a2f9a2474d0703e6ac3111a07129ead7c5aa8245", "tree": "7c1026df4e80329065a6cc18285ea788349d2f65", "parents": [ "27bc28d7f03fb9e3752980dce01de1a529236532" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Sun Mar 08 09:00:58 2026 +0800" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Mar 09 11:35:00 2026 -0700" }, "message": "runner: Also copy resumeExpectations before running the test\n\nSimilar to\nhttps://boringssl-review.googlesource.com/c/boringssl/+/86187, but\nanother pointer field.\n\nBug: 490701749\nChange-Id: I62cca506e7bc06d607fdb3cd715d5856d4472e66\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90567\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\n" }, { "commit": "27bc28d7f03fb9e3752980dce01de1a529236532", "tree": "68127c66d1715a51598b9579b971e4d16fa3020b", "parents": [ "a218d49e02183a4b5d6ff2c3e4343bf4bbdfdc50" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Thu Mar 05 12:43:19 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Mar 09 03:22:27 2026 -0700" }, "message": "Don\u0027t allow half-empty EVP_PKEYs to be passed into various APIs\n\nOpenSSL\u0027s API is poorly-typed and exposes many variations on empty\nstates. They are not reachable from typical callers, this is merely a\ntyping error in the OpenSSL API.\n\nPerforming operations on such objects will sometimes crash. While not\nideal, we do not consider this to be a security issue, nor much of a\nfunctional bug. Better would be to fix the APIs to eliminate as many\nhalf-empty states as possible, as we\u0027ve been doing in\ncrbug.com/42290409. Still, the X25519 one is difficult to avoid, so\nadd some EVP-wide null checks on a few functions.\n\nUltimately, however, this is a caller error.\n\nBug: 42290409\nFixed: 489983951\nChange-Id: I21dca6b3ee84659d812b9c17e5410fc5f516a7d0\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90447\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "a218d49e02183a4b5d6ff2c3e4343bf4bbdfdc50", "tree": "bbc6c0d6eaa4300a65cf87e3912afeb56b41066c", "parents": [ "30cd935189c9a7d45ad789e038fc6506d1b7a0bd" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Mon Mar 09 17:10:23 2026 +0800" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Mon Mar 09 02:26:05 2026 -0700" }, "message": "Revert \"Reduce thread contention for pooled CRYPTO_BUFFERs\"\n\nThis reverts commit fbf01ffae10929d863b6744bb505f0cae6c9c712 with a\nregression test.\n\nThis change was incorrect. When we observe an unmodified refcount of\nzero, it\u0027s possible that some other thread brought this up, and then\nback down again.\n\nBug: 490953577\nChange-Id: I3248c5440ee7a6310774a85a728aa24e29c6a158\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90587\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "30cd935189c9a7d45ad789e038fc6506d1b7a0bd", "tree": "262b388e959c34f9f7f8322a28b21057a2c5cede", "parents": [ "5bf54f4ac7f73e8cc625d1292a39edd508f64e2f" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Fri Mar 06 12:26:35 2026 -0800" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Mar 06 13:12:35 2026 -0800" }, "message": "Document \u003copenssl/cast.h\u003e\n\nThis is a legacy cipher that no one should be using anymore, but as long\nas we have these symbols, we ought to document how you use them. While\nI\u0027m here, use the uint8_t foo[N] syntax for the fixed-width fields.\n(C doesn\u0027t check it, it\u0027s just an easy bit of documentation.)\n\nAlso fill in some missing bits for \u003copenssl/des.h\u003e too. (DES\u0027s CFB code\nalso needs to be documented, but I haven\u0027t stared at that yet.\nDESTest.CFB suggests there was something weird, so I\u0027ll leave it alone\nfor now.)\n\nChange-Id: I214cd95391b7162c103a665f38e25dee9579f7c7\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90527\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\n" }, { "commit": "5bf54f4ac7f73e8cc625d1292a39edd508f64e2f", "tree": "051510218029715582ad1497697a885c1bca1350", "parents": [ "50c3ac87fcdd5a83b95943b128b0974d42743755" ], "author": { "name": "xfding", "email": "xfding@google.com", "time": "Fri Mar 06 12:24:50 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Mar 06 04:59:05 2026 -0800" }, "message": "rust: Properly dispatch the key types to the right curve after parsing\n\nThis patch partially revert 90487 because of the potential curve type\nmismatch.\n\nUpdate-Note: To parse `ECPrivateKey` with inferred curve type, please\nuse `ParsedPrivateKey` in the respective EC modules in bssl-crypto.\n\nSigned-off-by: Xiangfei Ding \u003cxfding@google.com\u003e\nChange-Id: Ia30048686a971f1bdba804fb579e8f576a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90507\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "50c3ac87fcdd5a83b95943b128b0974d42743755", "tree": "e99c9134b17305912cd9b0535ad62eba1d427c08", "parents": [ "afa6f3d420e88be1f2229412925b960a1f080a1d" ], "author": { "name": "xfding", "email": "xfding@google.com", "time": "Fri Mar 06 10:00:20 2026 +0000" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Fri Mar 06 04:16:29 2026 -0800" }, "message": "rust: parse keys into the right curve type per DER encoding\n\nGiven that we now encode names of known curves in DER/PEM encoding,\nwe will also support decoding from DER/PEM if the curve name has been\nencoded in the input.\n\nUpdate-Note: bssl_crypto::ecdsa::PrivateKey and\nbssl_crypto::ecdh::PrivateKey now always encode the known curve names in\nDERs. To decode ECPrivateKeys against a curve already specified in the\ninput DER,\nbssl_crypto::ecdsa::PrivateKey::from_der_ec_private_key_with_curve_names\nor bssl_crypto::ecdh::PrivateKey::from_der_ec_private_key_with_curve_names\ncan be used.\n\nBug: 487901642\nSigned-off-by: Xiangfei Ding \u003cxfding@google.com\u003e\nChange-Id: Ibb2bfd77efb2267701a10371df3bcf4b6a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90487\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "afa6f3d420e88be1f2229412925b960a1f080a1d", "tree": "c49a14e8e12c45b46698b3e8ec36864bd913b233", "parents": [ "bf6bb3239780390d13b8f768a56d7d44163c1fed" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Thu Mar 05 13:00:56 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 05 17:59:53 2026 -0800" }, "message": "Document length requirements on low-level DES APIs\n\nCBC only works for inputs that are a multiple of the block length, so\nthese APIs do not accept all buffer sizes.\n\nThese are low-level, infallible functions, so mostly all we can do is\nsay this is a caller obligation. I\u0027ve just added debug asserts for now.\n(Possibly we could do release checks, but it would make sense to treat\nAES and DES the same here, and the AES one matters a bit more\nperf-wise.)\n\nChange-Id: I3af3e91079d2fbf13012c571158a5339adab5159\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90448\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "bf6bb3239780390d13b8f768a56d7d44163c1fed", "tree": "5bf094114dc2a238e64748490bc0a4e75c1a2af6", "parents": [ "b2478d6da284551bc511ea9a9aae6603b565085f" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Mar 03 16:47:37 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 05 10:42:30 2026 -0800" }, "message": "Check for syntax errors in SANs in X509_check_host\n\nOpenSSL\u0027s X509_get_ext_d2i is very difficult to use correctly and makes\nit easy to mix up missing extension and invalid extension. This happened\nin X509_check_host and caused it to use the common name fallback.\n\nThis does not have any real consequence:\n\nFirst, such certificates have EXFLAG_INVALID set and would actually fail\nto validate in the first place. (Ideally such a state would not exist at\nall, and then this will be moot. See crbug.com/42290243.) This is\ndemostrated by having to update cert verification test expectations.\n\nSecond, even if it were reachable, one would need to somehow convince a\ntrusted CA to misissue a certificate with an unparseable SAN extension\n*and* place a DNS name in the common name that it didn\u0027t intend\nvalidate. An attacker that can do this can no doubt already cause the\nCA to misissue a well-formed, wrong certificate too.\n\nNonetheless, it\u0027s good to handle errors, so do so.\n\nBug: 489032714\nChange-Id: I5cef97e616b9af2e4b65a47d967a2980c46fd1ad\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90227\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "b2478d6da284551bc511ea9a9aae6603b565085f", "tree": "7ee00d7619ecc2c8a6b3b0696a0d3c3c18a87baa", "parents": [ "b8b7f308253df4a65f709a0f17d37c89dbcb9111" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Thu Mar 05 13:15:38 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 05 10:34:29 2026 -0800" }, "message": "Fix typo in comment\n\nChange-Id: I3fe945d4508206770d264facc014b05c3817d87d\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90449\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "b8b7f308253df4a65f709a0f17d37c89dbcb9111", "tree": "f61dcfd5fd357a824c05a02d7fc3d13665f8e41a", "parents": [ "cc635fb59ea527cf37408e58e634d44459dcc26d" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Wed Mar 04 22:00:55 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 05 05:56:07 2026 -0800" }, "message": "Add some options to bssl client and bssl server to test PSKs\n\nBasic support just to make it easier for folks to do interop testing.\nOur actual implementation supports much more, but that would require\nmuch more complex flags to capture:\n\n- Clients that configure multiple PSKs\n- Servers that configure multiple PSKs\n- Clients that accept either PSKs or certs from the server\n- Servers that have a mix of PSK and certs available\n\nBug: 369963041\nChange-Id: I9e9a84a89271a5b615af7bf6a350db89173a0187\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90347\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\n" }, { "commit": "cc635fb59ea527cf37408e58e634d44459dcc26d", "tree": "2c395db3e03f1688d36e0f11fabc1d724417c48c", "parents": [ "2127bd31b60ecc072559f5fa4cca027eec3a3530" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Wed Mar 04 20:23:48 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 05 05:56:03 2026 -0800" }, "message": "Warn in docs that TLS 1.3 PSKs must be high entropy\n\nI thought I wrote this, but it must have gotten lost while I was working\non this across machines. Put something like it back; using a password as\na PSK is a somewhat attractive nuisance and *not* safe.\n\nBug: 369963041\nChange-Id: I3840e72658b43e4d26a1b5aad789f79fc71ff633\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90327\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "2127bd31b60ecc072559f5fa4cca027eec3a3530", "tree": "5488547f6d6740eb3a9433eb4027074cdeae6e21", "parents": [ "9d2c26fad8699b836e976f91c5814e966d7c5593" ], "author": { "name": "Rudolf Polzer", "email": "rpolzer@google.com", "time": "Thu Mar 05 02:39:52 2026 -0800" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 05 02:56:18 2026 -0800" }, "message": "Revert \"Simplify the symbol prefixing macros.\"\n\nThis reverts commit 0535965a993724419b9369757f04fd6cf4bb708d.\n\nChromium is not ready for the change yet:\n\nhttps://ci.chromium.org/ui/p/chromium/builders/try/win-arm64-compile-dbg/775975/overview\n\nBug: 42220000\nChange-Id: I20f662ef9d4d580cfb352fd92a68bee96a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90407\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\nCommit-Queue: Xiangfei Ding \u003cxfding@google.com\u003e\nAuto-Submit: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "9d2c26fad8699b836e976f91c5814e966d7c5593", "tree": "21012afc6f685f2c661a015316a4f61beac2f911", "parents": [ "0535965a993724419b9369757f04fd6cf4bb708d" ], "author": { "name": "Rudolf Polzer", "email": "rpolzer@google.com", "time": "Thu Mar 05 01:37:58 2026 -0800" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 05 02:23:42 2026 -0800" }, "message": "Fix prefixed names on MSVC.\n\nMSVC does not define __USER_LABEL_PREFIX__, however on all such\nplatforms it is entirely correct to define it to be empty.\n\nBug: 42220000\nChange-Id: Ic28e58faeb6532e89838181756f4d0ec6a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90387\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\nCommit-Queue: Xiangfei Ding \u003cxfding@google.com\u003e\n" }, { "commit": "0535965a993724419b9369757f04fd6cf4bb708d", "tree": "cd45fb3f619b4a335b1074c2f5272a734b6e7dbc", "parents": [ "745d3ebf4064a4ea7c0a115ecbba5affa2609bcd" ], "author": { "name": "Rudolf Polzer", "email": "rpolzer@google.com", "time": "Tue Mar 03 08:58:00 2026 -0800" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Thu Mar 05 01:10:36 2026 -0800" }, "message": "Simplify the symbol prefixing macros.\n\nThe headers are now always included, but check for BORINGSSL_PREFIX\nthemselves; also, the macros use less case distinctions now.\n\nThis reduces the RAM usage of the compiler, but also is generally nicer\nin the sense that it now properly autodetects the need to prepend an\nunderscore rather than relying on Apple vs non-Apple.\n\nIt also is part of a potential workaround to use the #pragma\nredefine_extname together with precompiled headers.\n\nUpdate-Note: \u003copenssl/prefix_symbols.h\u003e is now always included.\nDownstream build systems may need changes to add this file to the build\ndependencies. Similarly, nasm files now always include\n\"boringssl_prefix_symbols_internal_*.inc\" from gen/, and thus build\nsystems may need to add the directory to the include path.\n\nBug: 42220000\nChange-Id: I9fbf9a15d08f3127d114c0fab0732fca6a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90207\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\nCommit-Queue: Xiangfei Ding \u003cxfding@google.com\u003e\n" }, { "commit": "745d3ebf4064a4ea7c0a115ecbba5affa2609bcd", "tree": "5488547f6d6740eb3a9433eb4027074cdeae6e21", "parents": [ "cc55e9fe9062dde8277ef675106666e27526d271" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Sat Feb 14 20:13:34 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Mar 04 14:35:15 2026 -0800" }, "message": "Implement RFC 9258 as a server\n\nFixed: 369963041\nChange-Id: I30fc886360723658f0354a4ca7ce4e5b2a4c7e2c\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/89547\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "cc55e9fe9062dde8277ef675106666e27526d271", "tree": "bc102ae9d6a2da3a8a7c8aaee840f42d3f58f191", "parents": [ "c5fbe07583f571d143fb560fa92cac3f42e9f826" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Feb 17 14:15:20 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Mar 04 14:08:43 2026 -0800" }, "message": "Handle an API edge case with PSKs and client certificates\n\nIf a client is configured to accept PSKs or server certificates, the\nserver may authenticate with a certificate and then request a client\ncertificate.\n\nThe client may then wish to decline to send a client certificate. We\nnormally express this with an empty credential list. But such a client\ncannot have an empty credential list because it contains PSKs.\n\nDue to the order of protocol decisions, the client\u0027s credential list is\neffectively two credential lists: a set of \"non-certificate\" credentials\n(PSKs, PAKEs), which can pick non-certificate modes, and then a set of\n\"certificate\" credentials. We only care if the second one is empty. In\nother words, skip over PSK/PAKE credentials when evaluating emptiness.\n\nThey\u0027re still one combined list because, on the server, the choice is\nmade at the same time and having one combined list is helpful to express\nan ordering.\n\n(For this purpose, a raw public key is a certificate credential.)\n\nBug: 369963041\nChange-Id: If7b06e2bd347a187499a8621eb692c4a87c5dbf6\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/89567\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "c5fbe07583f571d143fb560fa92cac3f42e9f826", "tree": "07a7a47280c8ae799f1224a5853dfe4edf938aab", "parents": [ "03dde63bad22da8b3abf278988acf77d863fc163" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Sat Jan 11 13:24:28 2025 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Mar 04 13:56:21 2026 -0800" }, "message": "Implement RFC 9258 as a client\n\nFollow-up CLs will:\n\n- Address an API edge case around a PSK-or-certs connection that sees a\n CertificateRequest and aims to decline to send a certificate.\n\n- Add server support\n\nBug: 369963041\nChange-Id: Ieef6bd3d2808fb5615dc8aaf66d7c3045440493d\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/89475\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "03dde63bad22da8b3abf278988acf77d863fc163", "tree": "b2a99f2d8ef327f74767dae457b9ab03e01e9434", "parents": [ "5774eca6004ed7c7467bd644c057797ca96b65f2" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Wed Mar 04 14:06:57 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Mar 04 11:34:54 2026 -0800" }, "message": "Ignore CMS_PARTIAL in CMS_add1_signer\n\nCurrently we reject it, but I\u0027m actually not sure what the intent there\nwas. We already defer actually signing it to the end anyway. Looking at\nOpenSSL, they only look at CMS_PARTIAL as part of this CMS_REUSE_DIGEST\nmode that we do not implement.\n\nThe kernel started passing a bunch of unused flags to all these\nfunctions. This seems a mistake[*] because CMS_PARTIAL is really a\nper-operation thing, but it also seems to be harmless so we may as well\nkeep it working.\n\n[*] They also pass it to CMS_final which *really* doesn\u0027t make sense. Ah\nwell.\n\nBug: 316589225\nChange-Id: Id88bd659848975814363fbd26355196e4d712cb5\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90287\nReviewed-by: Lily Chen \u003cchlily@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: Lily Chen \u003cchlily@google.com\u003e\n" }, { "commit": "5774eca6004ed7c7467bd644c057797ca96b65f2", "tree": "fc348bfce5244b9d552ce8879434f37e9fded5b0", "parents": [ "e16f17a59eab34110d011291ff97fbc84d776205" ], "author": { "name": "Rudolf Polzer", "email": "rpolzer@google.com", "time": "Mon Mar 02 07:14:10 2026 -0800" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Mar 04 10:42:37 2026 -0800" }, "message": "crypto/x509: Fix interaction of DNS exclude constraints with wildcard DNS names.\n\nAn exclusion of \"foo.example.com\" must match a DNS name of\n\"*.example.com\".\n\nBug: 488306305\nChange-Id: Id911cb841451da1568c4f938a42c75316a6a6964\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90167\nAuto-Submit: Rudolf Polzer \u003crpolzer@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "e16f17a59eab34110d011291ff97fbc84d776205", "tree": "efa5f0959d336e9313f2a85565efa68bc9629a36", "parents": [ "450046f892e6426644df2dc077e36524acf5fb2b" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Mar 03 21:52:28 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Mar 04 03:02:05 2026 -0800" }, "message": "Use UniquePtr in DSAImpl\n\nWe still have CRYPTO_EX_DATA to destruct, but otherwise the rest is\nRAII.\n\nChange-Id: I45ebaab67ace887682be985e0839c5d5002b46a4\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90249\nCommit-Queue: Rudolf Polzer \u003crpolzer@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "450046f892e6426644df2dc077e36524acf5fb2b", "tree": "bb48e7e6f3d3017306a7bf20fbdacc062cbd2bef", "parents": [ "104436af49c2dd3e5dd0b3412a79d2f76dce2eb3" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Mar 03 20:18:58 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Mar 04 03:02:02 2026 -0800" }, "message": "Use UniquePtr in DHImpl\n\nAlso a few BN_MONT_CTXs that are all tied together via\nBN_MONT_CTX_set_locked.\n\nChange-Id: I2ab5e243163280952c6889053e2e2722b7e6f1bd\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90248\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\nCommit-Queue: Rudolf Polzer \u003crpolzer@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "104436af49c2dd3e5dd0b3412a79d2f76dce2eb3", "tree": "5e8991db61bf170bfae3e282ceec4bb4f95c39dc", "parents": [ "fbf01ffae10929d863b6744bb505f0cae6c9c712" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Tue Mar 03 20:19:44 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Mar 04 02:55:56 2026 -0800" }, "message": "Remove redundant DH_num_bits API\n\nThis isn\u0027t actually an OpenSSL API. We added it back in\nhttps://boringssl-review.googlesource.com/4813. OpenSSL later introduced\nDH_bits. Code search suggests no one ever used DH_num_bits so let\u0027s just\nstandardize on DH_bits.\n\nUpdate-Note: Users of DH_num_bits should switch to DH_bits. (None seem\nto exist.)\n\nChange-Id: Ie2dab37e5948944956b35fea7abd0f8c23d2386b\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90247\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: Rudolf Polzer \u003crpolzer@google.com\u003e\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "fbf01ffae10929d863b6744bb505f0cae6c9c712", "tree": "ef20c292a4cc84a70a6ce4ae717a8e13376a95a5", "parents": [ "3cbf7f3d3927478082a2f0a73ef028663c67b58f" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Mon Mar 02 00:20:34 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 03 15:12:59 2026 -0800" }, "message": "Reduce thread contention for pooled CRYPTO_BUFFERs\n\nWe previously locked all CRYPTO_BUFFER_frees of pooled buffers, but we\nonly need to lock it when we observe a reference count of zero. When we\nsee zero, we then lock to synchronize with any threads that might try to\nupgrade our weak reference.\n\nChange-Id: I3c21f8a7cc3091457560cdfcd60c00159ba26400\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90155\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "3cbf7f3d3927478082a2f0a73ef028663c67b58f", "tree": "61c281574b2feef4beb45f814f12d833743b3b70", "parents": [ "a5d1b42d483dd51f745c26c3003ae640bd0230bc" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Thu Feb 26 12:28:32 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 03 15:12:48 2026 -0800" }, "message": "Allow CRYPTO_BUFFERs to outlive CRYPTO_BUFFER_POOL\n\nWe actually forgot to document this lifetime contract in the first\nplace, but the lifetime contract is also unnecessary. See bug. This\nshoudl make CRYPTO_BUFFER_POOL usable in more places. (Thus far, outside\nof tests, we\u0027ve only been using global, never-freed pools.)\n\nFixed: 487909748\nChange-Id: I9cbe87e57968aea23a2dabed4304007b891d7dce\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90154\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "a5d1b42d483dd51f745c26c3003ae640bd0230bc", "tree": "d0cce7ff6f8772c7860b2065474d45fef85b47cb", "parents": [ "c87c15681cca69184eb956cbc12f0f18ccbadb9d" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Sun Mar 01 23:00:41 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 03 15:12:27 2026 -0800" }, "message": "C++ CRYPTO_BUFFER internals a bit more\n\nWe can\u0027t use the RefCounted base class, but we can do a decent job just\nimplementing it by hand. I also decided to try suffixing the members\nwith underscore. This is technically what the style guide says[0], and\navoids the mess where constructor parameters and member variables shadow\neach other.\n\n[0] https://google.github.io/styleguide/cppguide.html#Variable_Names is\nbased on class vs struct, not private vs public.\n\nChange-Id: I7cc96de1c5eac142d4c05f62224f3a3506ec90ae\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90153\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "c87c15681cca69184eb956cbc12f0f18ccbadb9d", "tree": "b8b357c66a61c2c48be2ff3cb18749d2de355d78", "parents": [ "4903b98f77fba3c8215f33c28121e354c35f6ad3" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Thu Feb 26 15:56:20 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 03 14:47:30 2026 -0800" }, "message": "Make CRYPTO_MUTEX a C++ type\n\nThis finally removes the need to manually destroy CRYPTO_MUTEX values.\nSadly this means we\u0027re back to having separate Mutex and StaticMutex\ntypes. I tried adding NoDestructor so the globals can be\nNoDestructor\u003cMutex\u003e, but then the constructor isn\u0027t constexpr. Losing\nconstexpr on ExDataClass then causes us to hit the static initialization\norder fiasco.\n\nThis is a mess, so just make a separate StaticMutex type.\n\nChange-Id: I40aed9832f72f6bd2b4b8a7f9d68f60ae0eb1e2c\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90152\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "4903b98f77fba3c8215f33c28121e354c35f6ad3", "tree": "64abd7e7577f7e33189a9d4fa3b1b63bcd529ca8", "parents": [ "f35c040ae81c410878425f8e41f137869c7325be" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Sun Mar 01 22:21:20 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 03 14:47:25 2026 -0800" }, "message": "Add a test for bssl::Cleanup\n\nMay as well.\n\nChange-Id: I014493e3907efb62df82804c6a83e8a1be616667\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90151\nReviewed-by: Xiangfei Ding \u003cxfding@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\n" }, { "commit": "f35c040ae81c410878425f8e41f137869c7325be", "tree": "a4de6b85600965088fb6d743df2e44251b1bc325", "parents": [ "ff52e2d0ca70267b1c606ad4b5a3c2069eceba7d" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Sun Mar 01 21:10:08 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 03 14:39:17 2026 -0800" }, "message": "Give CRYPTO_EX_DATA_CLASS a constructor\n\nThis unblocks making Mutex a proper C++ type in a subsequent class.\nWhile I\u0027m here, name this C++-style.\n\nWe should another pass at this later. Ideally CRYPTO_EX_DATA would\nitself have a destructor. But, for that, we\u0027d actually need it to be\nExData\u003c...\u003e instance that instantiates the ExDataClass as part of of the\nclass template.\n\nFor that to be viable, we need to knock all ExDataClass instances out of\nthe FIPS module. That also should happen, but I\u0027m far too many layers\ndown my yak stack as it is...\n\nChange-Id: Ia25d20e2aa44039f1e04497c9c01cf27b4f4f5ef\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90150\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "ff52e2d0ca70267b1c606ad4b5a3c2069eceba7d", "tree": "f2dfb78cb92a5b01e34311cbd0b101ce2911eb84", "parents": [ "16d1a81e475be0b3f859eb2264642bc1b6501f6e" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Sun Mar 01 20:57:13 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 03 14:13:02 2026 -0800" }, "message": "Simplify delocate macros slightly\n\nWe only need to vary DEFINE_BSS_GET.\n\nChange-Id: I3c577c682b0007186bf13d7f2a725d589d8c74c7\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90149\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "16d1a81e475be0b3f859eb2264642bc1b6501f6e", "tree": "4a87e820cfe5e8cd1695ec91c33f0cf44d970c95", "parents": [ "9b1ce5ba9e4b24247139cd4964a2f215f69fa1ba" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Thu Feb 26 13:29:17 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 03 14:07:16 2026 -0800" }, "message": "More consistently use the public/private struct split in crypto/pool\n\nThis does not yet make CryptoBufferPool or CryptoBuffer use destructors\nmore meaningfully, just gets the more mechanical changes and\nnamespace-hopping out of the way.\n\nChange-Id: I30d3a4c134d46910e0922b47fc21e93f53e25f44\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90148\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n" }, { "commit": "9b1ce5ba9e4b24247139cd4964a2f215f69fa1ba", "tree": "cb61171a098aea8e981f803af000a07c3e8a38ab", "parents": [ "d0fcf49574b06de7090cba4ad8124df638a0134e" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Thu Feb 26 13:06:02 2026 -0500" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Tue Mar 03 14:07:12 2026 -0800" }, "message": "Don\u0027t stack-allocate CryptoBuffer for pool lookups\n\nWe can use the retrieve_key function instead, which is how LHASH spells\nheterogeneous lookup.\n\nChange-Id: Id8d5e1da0de4e5ddc5a9b53c91de2853e1f5a90f\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90147\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Rudolf Polzer \u003crpolzer@google.com\u003e\n" } ], "next": "d0fcf49574b06de7090cba4ad8124df638a0134e" }