external/boringssl: Sync to e60b080dda138e1dd02d99fb34641ac22e46c85d.

This includes the following changes:

https://boringssl.googlesource.com/boringssl/+log/a8ffaf1bf2ec64cbbb17863ede06ba506b3db8b8..e60b080dda138e1dd02d99fb34641ac22e46c85d

Bug: 137267623
Bug: 140918050
Test: atest CtsLibcoreTestCases CtsLibcoreOkHttpTestCases
Change-Id: I00eeca876b9070a7163ec284433fc2ec5ea5ef01

3 files changed, 13 insertions, 5 deletions

diff --git a/src/include/openssl/cipher.h b/src/include/openssl/cipher.h
index ea7a940a..17b7b91c 100644
--- a/src/include/openssl/cipher.h
+++ b/src/include/openssl/cipher.h
@@ -136,8 +136,8 @@ OPENSSL_EXPORT int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out,
                                        const EVP_CIPHER_CTX *in);
 
 // EVP_CIPHER_CTX_reset calls |EVP_CIPHER_CTX_cleanup| followed by
-// |EVP_CIPHER_CTX_init|.
-OPENSSL_EXPORT void EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx);
+// |EVP_CIPHER_CTX_init| and returns one.
+OPENSSL_EXPORT int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx);
 
 
 // Cipher context configuration.
diff --git a/src/include/openssl/ec_key.h b/src/include/openssl/ec_key.h
index 3b1a5666..be0faaf8 100644
--- a/src/include/openssl/ec_key.h
+++ b/src/include/openssl/ec_key.h
@@ -174,8 +174,8 @@ OPENSSL_EXPORT int EC_KEY_check_fips(const EC_KEY *key);
 // EC_KEY_set_public_key_affine_coordinates sets the public key in |key| to
 // (|x|, |y|). It returns one on success and zero otherwise.
 OPENSSL_EXPORT int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key,
-                                                            BIGNUM *x,
-                                                            BIGNUM *y);
+                                                            const BIGNUM *x,
+                                                            const BIGNUM *y);
 
 // EC_KEY_key2buf encodes the public key in |key| to an allocated octet string
 // and sets |*out_buf| to point to it. It returns the length of the encoded
diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h
index 1ef9f84b..d3ca63c9 100644
--- a/src/include/openssl/ssl.h
+++ b/src/include/openssl/ssl.h
@@ -3140,6 +3140,13 @@ OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl);
 // |SSL_process_quic_post_handshake| to process it. It is an error to call
 // |SSL_read| and |SSL_write| in QUIC.
 //
+// 0-RTT behaves similarly to |TLS_method|'s usual behavior. |SSL_do_handshake|
+// returns early as soon as the client (respectively, server) is allowed to send
+// 0-RTT (respectively, half-RTT) data. The caller should then call
+// |SSL_do_handshake| again to consume the remaining handshake messages and
+// confirm the handshake. As a client, |SSL_ERROR_EARLY_DATA_REJECTED| and
+// |SSL_reset_early_data_reject| behave as usual.
+//
 // Note that secrets for an encryption level may be available to QUIC before the
 // level is active in TLS. Callers should use |SSL_quic_read_level| to determine
 // the active read level for |SSL_provide_quic_data|. |SSL_do_handshake| will
@@ -3155,7 +3162,8 @@ OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl);
 // |SSL_quic_max_handshake_flight_len| to get the maximum buffer length at each
 // encryption level.
 //
-// Note: 0-RTT is not currently supported via this API.
+// Note: 0-RTT support is incomplete and does not currently handle QUIC
+// transport parameters and server SETTINGS frame.
 
 // ssl_encryption_level_t represents a specific QUIC encryption level used to
 // transmit handshake messages.