Bug 1443854 - update boring version and enable some tests, r=mt

Differential Revision: https://phabricator.services.mozilla.com/D1346

--HG--
extra : rebase_source : 87691d1e14bbd0733c8c64787ddade84e6fe50dd
extra : amend_source : 1d960c10e559650776a9357e4f7b4d057d8cbf37

gtests/nss_bogo_shim/config.json

@@ -1,6 +1,9 @@
 {
     "DisabledTests": {
         "### These tests break whenever we rev versions, so just leave them here for easy uncommenting":"",
+        "*TLS13Draft23*":"NSS supports draft 28 only.",
+        "IgnoreClientVersionOrder":"Uses draft23",
+        "DuplicateCertCompressionExt*":"BoGo expects that an alert is sent if more than one compression algorithm is sent.",
         "ServerBogusVersion":"Check that SH.legacy_version=TLS12 when the server picks TLS 1.3 (Bug 1443761)",
         "DummyPQPadding-Server*":"Boring is testing a dummy PQ padding extension",
         "VerifyPreferences-Enforced":"NSS sends alerts in response to errors in protected handshake messages in the clear",
@@ -12,14 +15,8 @@
         "ServerCipherFilter*":"Add Ed25519 support (Bug 1325335)",
         "GarbageCertificate*":"Send bad_certificate alert when certificate parsing fails (Bug 1441565)",
         "SupportedVersionSelection-TLS12":"Should maybe reject TLS 1.2 in SH.supported_versions (Bug 1438266)",
-        "*TLS13*":"(NSS=19, BoGo=18)",
-        "*HelloRetryRequest*":"(NSS=19, BoGo=18)",
-        "*KeyShare*":"(NSS=19, BoGo=18)",
-        "*EncryptedExtensions*":"(NSS=19, BoGo=18)",
-        "*SecondClientHello*":"(NSS=19, BoGo=18)",
-        "*IgnoreClientVersionOrder*":"(NSS=19, BoGo=18)",
-        "SkipEarlyData*":"(NSS=19, BoGo=18)",
-        "*Binder*":"(NSS=19, BoGo=18)",
+        "WrongMessageType-TLS13-EncryptedExtensions":"wrong boring expectedLocalError",
+        "TrailingMessageData-TLS13-EncryptedExtensions":"wrong boring expectedLocalError",
         "Resume-Server-BinderWrongLength":"Alert disagreement (Bug 1317633)",
         "Resume-Server-NoPSKBinder":"Alert disagreement (Bug 1317633)",
         "CheckRecordVersion-TLS*":"Bug 1317634",
@@ -48,14 +45,12 @@
         "StrayHelloRequest*":"NSS doesn't disable renegotiation by default",
         "NoSupportedCurves-TLS13":"wanted SSL_ERROR_NO_CYPHER_OVERLAP, got missing extension error",
         "FragmentedClientVersion":"received a malformed Client Hello handshake message",
-        "UnofferedExtension-Client-TLS13":"nss updated/broken",
-        "UnknownExtension-Client-TLS13":"nss updated/broken",
-        "WrongMessageType-TLS13-EncryptedExtensions":"nss updated/broken",
-        "WrongMessageType-TLS13-CertificateRequest":"nss updated/broken",
-        "WrongMessageType-TLS13-ServerCertificateVerify":"nss updated/broken",
-        "WrongMessageType-TLS13-ServerCertificate":"nss updated/broken",
-        "WrongMessageType-TLS13-ServerFinished":"nss updated/broken",
-        "EmptyEncryptedExtensions":"nss updated/broken",
+        "UnofferedExtension-Client-TLS13":"wrong boring expectedLocalError",
+        "UnknownExtension-Client-TLS13":"wrong boring expectedLocalError",
+        "WrongMessageType-TLS13-CertificateRequest":"wrong boring expectedLocalError",
+        "WrongMessageType-TLS13-ServerCertificateVerify":"wrong boring expectedLocalError",
+        "WrongMessageType-TLS13-ServerCertificate":"wrong boring expectedLocalError",
+        "WrongMessageType-TLS13-ServerFinished":"wrong boring expectedLocalError",
         "TrailingMessageData-*": "Bug 1304575",
         "DuplicateKeyShares":"Bug 1304578",
         "Resume-Server-TLS13-TLS13":"Bug 1314351",

tests/bogo/bogo.sh

@@ -25,7 +25,7 @@ bogo_init()
   BORING=${BORING:=boringssl}
   if [ ! -d "$BORING" ]; then
     git clone -q https://boringssl.googlesource.com/boringssl "$BORING"
-    git -C "$BORING" checkout -q ec55dc15d3a39e5f1a58bfd79148729f38f6acb4
+    git -C "$BORING" checkout -q 9af1edbe2201e6c6d58e5e484bf56281d8c751d9
   fi
 
   SCRIPTNAME="bogo.sh"