Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / boringssl / 4c22c5fad19b2a554bcb056ca25ca4cc2ef6a45c^! / . / src / ssl / handshake_server.cc
commit4c22c5fad19b2a554bcb056ca25ca4cc2ef6a45c[log] [tgz]
authorRobert Sloan <varomodt@google.com>Fri Mar 01 15:53:37 2019 -0800
committerRobert Sloan <varomodt@google.com>Fri Mar 01 16:02:19 2019 -0800
treefb0dc666dadcc955218e7a701ea482a9270d1a53
parentb6b07c32187eec60f4c9f27e0959c58d145f87ef [diff] [blame]
external/boringssl: Sync to c3889634a1aa52575c5d26497696238208fbd0f5.

This includes the following changes:

https://boringssl.googlesource.com/boringssl/+log/41c10e2b5f37edce8b9f292f7f3bacb7e30e25c4..c3889634a1aa52575c5d26497696238208fbd0f5

Test: atest CtsLibcoreTestCases
Change-Id: Ia1c2941ccf58a9e0d736b3409a2d13c21603a205

diff --git a/src/ssl/handshake_server.cc b/src/ssl/handshake_server.cc
index 8b3b942..cb4e9d1 100644
--- a/src/ssl/handshake_server.cc
+++ b/src/ssl/handshake_server.cc

@@ -303,7 +303,7 @@
   uint32_t mask_k = 0;
   uint32_t mask_a = 0;
 
-  if (ssl_has_certificate(hs->config)) {
+  if (ssl_has_certificate(hs)) {
     mask_a |= ssl_cipher_auth_mask_for_key(hs->local_pubkey.get());
     if (EVP_PKEY_id(hs->local_pubkey.get()) == EVP_PKEY_RSA) {
       mask_k |= SSL_kRSA;
@@ -402,8 +402,7 @@
 }
 
 // is_probably_jdk11_with_tls13 returns whether |client_hello| was probably sent
-// from a JDK 11 client (11.0.1 or earlier) with both TLS 1.3 and a prior
-// version enabled.
+// from a JDK 11 client with both TLS 1.3 and a prior version enabled.
 static bool is_probably_jdk11_with_tls13(const SSL_CLIENT_HELLO *client_hello) {
   // JDK 11 ClientHellos contain a number of unusual properties which should
   // limit false positives.
@@ -868,7 +867,7 @@
   ScopedCBB cbb;
 
   if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
-    if (!ssl_has_certificate(hs->config)) {
+    if (!ssl_has_certificate(hs)) {
       OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_SET);
       return ssl_hs_error;
     }
@@ -974,7 +973,7 @@
 
   // Add a signature.
   if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
-    if (!ssl_has_private_key(hs->config)) {
+    if (!ssl_has_private_key(hs)) {
       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
       return ssl_hs_error;
     }
@@ -1226,6 +1225,8 @@
       return ssl_hs_error;
     }
 
+    CONSTTIME_SECRET(decrypt_buf.data(), decrypt_len);
+
     // Prepare a random premaster, to be used on invalid padding. See RFC 5246,
     // section 7.4.7.1.
     if (!premaster_secret.Init(SSL_MAX_MASTER_KEY_LENGTH) ||
@@ -1348,6 +1349,8 @@
     return ssl_hs_error;
   }
   hs->new_session->extended_master_secret = hs->extended_master_secret;
+  CONSTTIME_DECLASSIFY(hs->new_session->master_key,
+                       hs->new_session->master_key_length);
 
   ssl->method->next_message(ssl);
   hs->state = state12_read_client_certificate_verify;