)]}'
{
  "commit": "6cf98208371e5c2c8b9d34ce3b8c452ea90e2963",
  "tree": "7538382943080ee97ab515110e38bc084fe081fe",
  "parents": [
    "335523a2c456e7444297ed0786e65771839931c3"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Fri May 26 22:03:30 2023 -0400"
  },
  "committer": {
    "name": "Boringssl LUCI CQ",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Wed May 31 15:24:16 2023 +0000"
  },
  "message": "Align NIDs vs group IDs in TLS group APIs\n\nRight now we use NIDs to configure the group list, but group IDs (the\nTLS codepoints) to return the negotiated group. The NIDs come from\nOpenSSL, while the group ID was original our API. OpenSSL has since\nadded SSL_get_negotiated_group, but we don\u0027t implement it.\n\nTo add Kyber to QUIC, we\u0027ll need to add an API for configuring groups to\nQUICHE. Carrying over our inconsistency into QUICHE\u0027s public API would\nbe unfortunate, so let\u0027s use this as the time to align things.\n\nWe could either align with OpenSSL and say NIDs are now the group\nrepresentation at the public API, or we could add a parallel group ID\nAPI. (Or we could make a whole new SSL_NAMED_GROUP object to pattern\nafter SSL_CIPHER, which isn\u0027t wrong, but is even more new APIs.)\n\nAligning with OpenSSL would be fewer APIs, but NIDs aren\u0027t a great\nrepresentation. The numbers are ad-hoc and even diverge a bit between\nOpenSSL and BoringSSL. The TLS codepoints are better to export out to\ncallers. Also QUICHE has exported the negotiated group using the\ncodepoints, so the natural solution would be to use codepoints on input\ntoo.\n\nThus, this CL adds SSL_CTX_set1_group_ids and SSL_set1_group_ids. It\nalso rearranges the API docs slightly to put the group ID ones first,\nand leaves a little note about the NID representation before introducing\nthose.\n\nWhile I\u0027m here, I\u0027ve added SSL_get_negotiated_group. NGINX seems to use\nit when available, so we may as well fill in that unnecessary\ncompatibility hole.\n\nBug: chromium:1442377\nChange-Id: I47ca8ae52c274133f28da9893aed7fc70f942bf8\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60208\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "f7c1f73501b289a187cd0137bc4a831373e0cd6c",
      "old_mode": 33188,
      "old_path": "fuzz/ssl_ctx_api.cc",
      "new_id": "bbf7c71a6357c90d000d16f341f869ea12fff20e",
      "new_mode": 33188,
      "new_path": "fuzz/ssl_ctx_api.cc"
    },
    {
      "type": "modify",
      "old_id": "3141676e1aa05bba310b1a7eda39c589a06c6e29",
      "old_mode": 33188,
      "old_path": "include/openssl/base.h",
      "new_id": "aa5c63d088f51b822fe9c0e7bec9b631cabe36d8",
      "new_mode": 33188,
      "new_path": "include/openssl/base.h"
    },
    {
      "type": "modify",
      "old_id": "5084fa226eb3a19cf308a54713bb912da6681768",
      "old_mode": 33188,
      "old_path": "include/openssl/ssl.h",
      "new_id": "7974b27c69e121fd4e9472d53256222020813963",
      "new_mode": 33188,
      "new_path": "include/openssl/ssl.h"
    },
    {
      "type": "modify",
      "old_id": "c95b8fab7b6be474df80e8564f4af81eae2f036d",
      "old_mode": 33188,
      "old_path": "ssl/internal.h",
      "new_id": "fa35073fa8fab7c6f17fa67a0e93267b9719a333",
      "new_mode": 33188,
      "new_path": "ssl/internal.h"
    },
    {
      "type": "modify",
      "old_id": "b7ebef41aa7adcce45a3e4c7ab3c632bc2ebd1be",
      "old_mode": 33188,
      "old_path": "ssl/ssl_key_share.cc",
      "new_id": "d932ef3855c2d38714a4294c50b98b97944c6308",
      "new_mode": 33188,
      "new_path": "ssl/ssl_key_share.cc"
    },
    {
      "type": "modify",
      "old_id": "b7303d49a4a61425a5b5be136adcbe34fcd29a1a",
      "old_mode": 33188,
      "old_path": "ssl/ssl_lib.cc",
      "new_id": "d7b5be3ddeec762a3353baefc67d659c9aba68f5",
      "new_mode": 33188,
      "new_path": "ssl/ssl_lib.cc"
    },
    {
      "type": "modify",
      "old_id": "fdaf2fd6d29d67aa8a6414892318a9ed2527a475",
      "old_mode": 33188,
      "old_path": "ssl/ssl_test.cc",
      "new_id": "455b996e779a02c400e3850379a9c0512a7b80ff",
      "new_mode": 33188,
      "new_path": "ssl/ssl_test.cc"
    },
    {
      "type": "modify",
      "old_id": "5041501295076c1a649a31e6375ea64271d308ec",
      "old_mode": 33188,
      "old_path": "ssl/test/fuzzer.h",
      "new_id": "e6d2d0219d522c82abd521ca1be4a32a9800b06d",
      "new_mode": 33188,
      "new_path": "ssl/test/fuzzer.h"
    },
    {
      "type": "modify",
      "old_id": "4cb348513fe5bf80b7a62f346c75cba1f6df421f",
      "old_mode": 33188,
      "old_path": "ssl/test/test_config.cc",
      "new_id": "485a560b28422bbd14f11832f099d8ea733b615b",
      "new_mode": 33188,
      "new_path": "ssl/test/test_config.cc"
    },
    {
      "type": "modify",
      "old_id": "e8c473a169e7881f2328ecce582d1f66fedf3cec",
      "old_mode": 33188,
      "old_path": "ssl/test/test_config.h",
      "new_id": "e5c605799db1ee5ac4b765912af1b49028832f4f",
      "new_mode": 33188,
      "new_path": "ssl/test/test_config.h"
    }
  ]
}
