external/boringssl: Sync to 3a18bf04745c0ef9850efeec1a52e402c4392388.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/9a127b43b8b78a135d6b64a3e25b8a704c2c069f..3a18bf04745c0ef9850efeec1a52e402c4392388
Test: BoringSSL CTS Presubmits.
Change-Id: Id39a146b1a6d7483f4142a7c191796ba65f32883
diff --git a/src/ssl/d1_srtp.cc b/src/ssl/d1_srtp.cc
index 30733ec..1a8e084 100644
--- a/src/ssl/d1_srtp.cc
+++ b/src/ssl/d1_srtp.cc
@@ -160,9 +160,9 @@
static int ssl_ctx_make_profiles(const char *profiles_string,
STACK_OF(SRTP_PROTECTION_PROFILE) **out) {
- STACK_OF(SRTP_PROTECTION_PROFILE) *profiles =
- sk_SRTP_PROTECTION_PROFILE_new_null();
- if (profiles == NULL) {
+ UniquePtr<STACK_OF(SRTP_PROTECTION_PROFILE)> profiles(
+ sk_SRTP_PROTECTION_PROFILE_new_null());
+ if (profiles == nullptr) {
OPENSSL_PUT_ERROR(SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
return 0;
}
@@ -176,11 +176,11 @@
if (!find_profile_by_name(ptr, &profile,
col ? (size_t)(col - ptr) : strlen(ptr))) {
OPENSSL_PUT_ERROR(SSL, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
- goto err;
+ return 0;
}
- if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, profile)) {
- goto err;
+ if (!sk_SRTP_PROTECTION_PROFILE_push(profiles.get(), profile)) {
+ return 0;
}
if (col) {
@@ -189,12 +189,8 @@
} while (col);
sk_SRTP_PROTECTION_PROFILE_free(*out);
- *out = profiles;
+ *out = profiles.release();
return 1;
-
-err:
- sk_SRTP_PROTECTION_PROFILE_free(profiles);
- return 0;
}
int SSL_CTX_set_srtp_profiles(SSL_CTX *ctx, const char *profiles) {
diff --git a/src/ssl/handshake.cc b/src/ssl/handshake.cc
index 5770d6f..6746582 100644
--- a/src/ssl/handshake.cc
+++ b/src/ssl/handshake.cc
@@ -144,12 +144,6 @@
}
SSL_HANDSHAKE::~SSL_HANDSHAKE() {
- OPENSSL_cleanse(secret, sizeof(secret));
- OPENSSL_cleanse(early_traffic_secret, sizeof(early_traffic_secret));
- OPENSSL_cleanse(client_handshake_secret, sizeof(client_handshake_secret));
- OPENSSL_cleanse(server_handshake_secret, sizeof(server_handshake_secret));
- OPENSSL_cleanse(client_traffic_secret_0, sizeof(client_traffic_secret_0));
- OPENSSL_cleanse(server_traffic_secret_0, sizeof(server_traffic_secret_0));
OPENSSL_free(cookie);
OPENSSL_free(key_share_bytes);
OPENSSL_free(ecdh_public_key);
@@ -159,11 +153,7 @@
OPENSSL_free(server_params);
ssl->ctx->x509_method->hs_flush_cached_ca_names(this);
OPENSSL_free(certificate_types);
-
- if (key_block != NULL) {
- OPENSSL_cleanse(key_block, key_block_len);
- OPENSSL_free(key_block);
- }
+ OPENSSL_free(key_block);
}
SSL_HANDSHAKE *ssl_handshake_new(SSL *ssl) {
diff --git a/src/ssl/handshake_client.cc b/src/ssl/handshake_client.cc
index 18dd58f..3916692 100644
--- a/src/ssl/handshake_client.cc
+++ b/src/ssl/handshake_client.cc
@@ -1367,7 +1367,6 @@
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
- OPENSSL_cleanse(pms, pms_len);
OPENSSL_free(pms);
pms = new_pms;
pms_len = new_pms_len;
@@ -1385,19 +1384,14 @@
goto err;
}
hs->new_session->extended_master_secret = hs->extended_master_secret;
- OPENSSL_cleanse(pms, pms_len);
OPENSSL_free(pms);
hs->state = state_send_client_certificate_verify;
return ssl_hs_ok;
err:
- if (pms != NULL) {
- OPENSSL_cleanse(pms, pms_len);
- OPENSSL_free(pms);
- }
+ OPENSSL_free(pms);
return ssl_hs_error;
-
}
static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL_HANDSHAKE *hs) {
@@ -1499,7 +1493,7 @@
}
if (!ssl->method->add_change_cipher_spec(ssl) ||
- !tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
+ !tls1_change_cipher_state(hs, evp_aead_seal)) {
return ssl_hs_error;
}
@@ -1652,7 +1646,7 @@
}
static enum ssl_hs_wait_t do_process_change_cipher_spec(SSL_HANDSHAKE *hs) {
- if (!tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_CLIENT_READ)) {
+ if (!tls1_change_cipher_state(hs, evp_aead_open)) {
return ssl_hs_error;
}
diff --git a/src/ssl/handshake_server.cc b/src/ssl/handshake_server.cc
index cd99ec9..a38e25f 100644
--- a/src/ssl/handshake_server.cc
+++ b/src/ssl/handshake_server.cc
@@ -1397,7 +1397,7 @@
}
static enum ssl_hs_wait_t do_process_change_cipher_spec(SSL_HANDSHAKE *hs) {
- if (!tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_SERVER_READ)) {
+ if (!tls1_change_cipher_state(hs, evp_aead_open)) {
return ssl_hs_error;
}
@@ -1525,7 +1525,7 @@
}
if (!ssl->method->add_change_cipher_spec(ssl) ||
- !tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_SERVER_WRITE) ||
+ !tls1_change_cipher_state(hs, evp_aead_seal) ||
!ssl3_send_finished(hs)) {
return ssl_hs_error;
}
diff --git a/src/ssl/internal.h b/src/ssl/internal.h
index 9e67457..d5500bb 100644
--- a/src/ssl/internal.h
+++ b/src/ssl/internal.h
@@ -2297,7 +2297,7 @@
void dtls1_next_message(SSL *ssl);
int dtls1_dispatch_alert(SSL *ssl);
-int tls1_change_cipher_state(SSL_HANDSHAKE *hs, int which);
+int tls1_change_cipher_state(SSL_HANDSHAKE *hs, evp_aead_direction_t direction);
int tls1_generate_master_secret(SSL_HANDSHAKE *hs, uint8_t *out,
const uint8_t *premaster, size_t premaster_len);
@@ -2396,16 +2396,6 @@
// ssl_reset_error_state resets state for |SSL_get_error|.
void ssl_reset_error_state(SSL *ssl);
-
-// Utility macros
-
-#if defined(__clang__)
-// SSL_FALLTHROUGH annotates a fallthough case in a switch statement.
-#define SSL_FALLTHROUGH [[clang::fallthrough]]
-#else
-#define SSL_FALLTHROUGH
-#endif
-
} // namespace bssl
diff --git a/src/ssl/ssl_cipher.cc b/src/ssl/ssl_cipher.cc
index 78cf60d..435441d 100644
--- a/src/ssl/ssl_cipher.cc
+++ b/src/ssl/ssl_cipher.cc
@@ -1513,6 +1513,19 @@
return NID_undef;
}
+int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *cipher) {
+ switch (cipher->algorithm_prf) {
+ case SSL_HANDSHAKE_MAC_DEFAULT:
+ return NID_md5_sha1;
+ case SSL_HANDSHAKE_MAC_SHA256:
+ return NID_sha256;
+ case SSL_HANDSHAKE_MAC_SHA384:
+ return NID_sha384;
+ }
+ assert(0);
+ return NID_undef;
+}
+
int SSL_CIPHER_is_block_cipher(const SSL_CIPHER *cipher) {
return (cipher->algorithm_enc & SSL_eNULL) == 0 &&
cipher->algorithm_mac != SSL_AEAD;
diff --git a/src/ssl/ssl_session.cc b/src/ssl/ssl_session.cc
index e885324..0e6c66c 100644
--- a/src/ssl/ssl_session.cc
+++ b/src/ssl/ssl_session.cc
@@ -983,7 +983,6 @@
CRYPTO_BUFFER_free(session->ocsp_response);
OPENSSL_free(session->psk_identity);
OPENSSL_free(session->early_alpn);
- OPENSSL_cleanse(session, sizeof(*session));
OPENSSL_free(session);
}
diff --git a/src/ssl/ssl_test.cc b/src/ssl/ssl_test.cc
index f032b25..10bc215 100644
--- a/src/ssl/ssl_test.cc
+++ b/src/ssl/ssl_test.cc
@@ -828,6 +828,7 @@
int digest_nid;
int kx_nid;
int auth_nid;
+ int prf_nid;
} kTests[] = {
{
SSL3_CK_RSA_DES_192_CBC3_SHA,
@@ -836,6 +837,7 @@
NID_sha1,
NID_kx_rsa,
NID_auth_rsa,
+ NID_md5_sha1,
},
{
TLS1_CK_RSA_WITH_AES_128_SHA,
@@ -844,6 +846,7 @@
NID_sha1,
NID_kx_rsa,
NID_auth_rsa,
+ NID_md5_sha1,
},
{
TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
@@ -852,6 +855,7 @@
NID_sha1,
NID_kx_psk,
NID_auth_psk,
+ NID_md5_sha1,
},
{
TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
@@ -860,6 +864,7 @@
NID_sha256,
NID_kx_ecdhe,
NID_auth_rsa,
+ NID_sha256,
},
{
TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
@@ -868,6 +873,7 @@
NID_sha384,
NID_kx_ecdhe,
NID_auth_rsa,
+ NID_sha384,
},
{
TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
@@ -876,6 +882,7 @@
NID_undef,
NID_kx_ecdhe,
NID_auth_rsa,
+ NID_sha256,
},
{
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
@@ -884,6 +891,7 @@
NID_undef,
NID_kx_ecdhe,
NID_auth_ecdsa,
+ NID_sha256,
},
{
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
@@ -892,6 +900,7 @@
NID_undef,
NID_kx_ecdhe,
NID_auth_ecdsa,
+ NID_sha384,
},
{
TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
@@ -900,6 +909,7 @@
NID_sha1,
NID_kx_ecdhe,
NID_auth_psk,
+ NID_md5_sha1,
},
{
TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
@@ -908,6 +918,7 @@
NID_undef,
NID_kx_ecdhe,
NID_auth_rsa,
+ NID_sha256,
},
{
TLS1_CK_AES_256_GCM_SHA384,
@@ -916,6 +927,7 @@
NID_undef,
NID_kx_any,
NID_auth_any,
+ NID_sha384,
},
{
TLS1_CK_AES_128_GCM_SHA256,
@@ -924,6 +936,7 @@
NID_undef,
NID_kx_any,
NID_auth_any,
+ NID_sha256,
},
{
TLS1_CK_CHACHA20_POLY1305_SHA256,
@@ -932,6 +945,7 @@
NID_undef,
NID_kx_any,
NID_auth_any,
+ NID_sha256,
},
};
@@ -950,6 +964,7 @@
EXPECT_EQ(t.digest_nid, SSL_CIPHER_get_digest_nid(cipher));
EXPECT_EQ(t.kx_nid, SSL_CIPHER_get_kx_nid(cipher));
EXPECT_EQ(t.auth_nid, SSL_CIPHER_get_auth_nid(cipher));
+ EXPECT_EQ(t.prf_nid, SSL_CIPHER_get_prf_nid(cipher));
}
}
diff --git a/src/ssl/t1_enc.cc b/src/ssl/t1_enc.cc
index 0283c6e..d693007 100644
--- a/src/ssl/t1_enc.cc
+++ b/src/ssl/t1_enc.cc
@@ -375,21 +375,19 @@
return 1;
}
-int tls1_change_cipher_state(SSL_HANDSHAKE *hs, int which) {
+int tls1_change_cipher_state(SSL_HANDSHAKE *hs,
+ evp_aead_direction_t direction) {
SSL *const ssl = hs->ssl;
// Ensure the key block is set up.
if (!tls1_setup_key_block(hs)) {
return 0;
}
- // is_read is true if we have just read a ChangeCipherSpec message - i.e. we
- // need to update the read cipherspec. Otherwise we have just written one.
- const char is_read = (which & SSL3_CC_READ) != 0;
// use_client_keys is true if we wish to use the keys for the "client write"
// direction. This is the case if we're a client sending a ChangeCipherSpec,
// or a server reading a client's ChangeCipherSpec.
- const char use_client_keys = which == SSL3_CHANGE_CIPHER_CLIENT_WRITE ||
- which == SSL3_CHANGE_CIPHER_SERVER_READ;
+ const bool use_client_keys =
+ direction == (ssl->server ? evp_aead_open : evp_aead_seal);
size_t mac_secret_len = ssl->s3->tmp.new_mac_secret_len;
size_t key_len = ssl->s3->tmp.new_key_len;
@@ -422,14 +420,13 @@
}
UniquePtr<SSLAEADContext> aead_ctx = SSLAEADContext::Create(
- is_read ? evp_aead_open : evp_aead_seal, ssl->version,
- SSL_is_dtls(ssl), hs->new_cipher, key, key_len, mac_secret,
- mac_secret_len, iv, iv_len);
+ direction, ssl->version, SSL_is_dtls(ssl), hs->new_cipher, key, key_len,
+ mac_secret, mac_secret_len, iv, iv_len);
if (!aead_ctx) {
return 0;
}
- if (is_read) {
+ if (direction == evp_aead_open) {
return ssl->method->set_read_state(ssl, std::move(aead_ctx));
}