external/boringssl: Sync to f21650709a6f76e829ddcc77fe221c9d6a5c12de.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/348f0d8db9c2a0eca0503ba654020209c579d552..f21650709a6f76e829ddcc77fe221c9d6a5c12de
Test: BoringSSL CTS Presubmits.
Change-Id: Ie6e99c3315c552068b5ea57e31b1af7ff94f9b0f
diff --git a/src/ssl/internal.h b/src/ssl/internal.h
index 931ac82..b9c3998 100644
--- a/src/ssl/internal.h
+++ b/src/ssl/internal.h
@@ -1249,6 +1249,8 @@
unsigned received_hello_retry_request:1;
+ unsigned received_custom_extension:1;
+
/* accept_psk_mode stores whether the client's PSK mode is compatible with our
* preferences. */
unsigned accept_psk_mode:1;
@@ -1334,6 +1336,11 @@
enum ssl_hs_wait_t tls13_client_handshake(SSL_HANDSHAKE *hs);
enum ssl_hs_wait_t tls13_server_handshake(SSL_HANDSHAKE *hs);
+/* The following functions return human-readable representations of the TLS 1.3
+ * handshake states for debugging. */
+const char *tls13_client_handshake_state(SSL_HANDSHAKE *hs);
+const char *tls13_server_handshake_state(SSL_HANDSHAKE *hs);
+
/* tls13_post_handshake processes a post-handshake message. It returns one on
* success and zero on failure. */
int tls13_post_handshake(SSL *ssl, const SSLMessage &msg);
@@ -1824,6 +1831,11 @@
* |add_change_cipher_spec| will start a new flight. */
bool outgoing_messages_complete:1;
+ /* flight_has_reply is true if the current outgoing flight is complete and has
+ * processed at least one message. This is used to detect whether we or the
+ * peer sent the final flight. */
+ bool flight_has_reply:1;
+
uint8_t cookie[DTLS1_COOKIE_LENGTH];
size_t cookie_len;
@@ -2064,6 +2076,7 @@
int ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey);
int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server);
int ssl_encrypt_ticket(SSL *ssl, CBB *out, const SSL_SESSION *session);
+int ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx);
/* ssl_session_new returns a newly-allocated blank |SSL_SESSION| or nullptr on
* error. */
@@ -2326,6 +2339,8 @@
int ssl_can_read(const SSL *ssl);
void ssl_get_current_time(const SSL *ssl, struct OPENSSL_timeval *out_clock);
+void ssl_ctx_get_current_time(const SSL_CTX *ctx,
+ struct OPENSSL_timeval *out_clock);
/* ssl_reset_error_state resets state for |SSL_get_error|. */
void ssl_reset_error_state(SSL *ssl);