external/boringssl: Sync to 3a18bf04745c0ef9850efeec1a52e402c4392388.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/9a127b43b8b78a135d6b64a3e25b8a704c2c069f..3a18bf04745c0ef9850efeec1a52e402c4392388
Test: BoringSSL CTS Presubmits.
Change-Id: Id39a146b1a6d7483f4142a7c191796ba65f32883
diff --git a/src/ssl/handshake_client.cc b/src/ssl/handshake_client.cc
index 18dd58f..3916692 100644
--- a/src/ssl/handshake_client.cc
+++ b/src/ssl/handshake_client.cc
@@ -1367,7 +1367,6 @@
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
- OPENSSL_cleanse(pms, pms_len);
OPENSSL_free(pms);
pms = new_pms;
pms_len = new_pms_len;
@@ -1385,19 +1384,14 @@
goto err;
}
hs->new_session->extended_master_secret = hs->extended_master_secret;
- OPENSSL_cleanse(pms, pms_len);
OPENSSL_free(pms);
hs->state = state_send_client_certificate_verify;
return ssl_hs_ok;
err:
- if (pms != NULL) {
- OPENSSL_cleanse(pms, pms_len);
- OPENSSL_free(pms);
- }
+ OPENSSL_free(pms);
return ssl_hs_error;
-
}
static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL_HANDSHAKE *hs) {
@@ -1499,7 +1493,7 @@
}
if (!ssl->method->add_change_cipher_spec(ssl) ||
- !tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
+ !tls1_change_cipher_state(hs, evp_aead_seal)) {
return ssl_hs_error;
}
@@ -1652,7 +1646,7 @@
}
static enum ssl_hs_wait_t do_process_change_cipher_spec(SSL_HANDSHAKE *hs) {
- if (!tls1_change_cipher_state(hs, SSL3_CHANGE_CIPHER_CLIENT_READ)) {
+ if (!tls1_change_cipher_state(hs, evp_aead_open)) {
return ssl_hs_error;
}