external/boringssl: Sync to c3889634a1aa52575c5d26497696238208fbd0f5.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/41c10e2b5f37edce8b9f292f7f3bacb7e30e25c4..c3889634a1aa52575c5d26497696238208fbd0f5
Test: atest CtsLibcoreTestCases
Change-Id: Ia1c2941ccf58a9e0d736b3409a2d13c21603a205
diff --git a/src/ssl/handshake_server.cc b/src/ssl/handshake_server.cc
index 8b3b942..cb4e9d1 100644
--- a/src/ssl/handshake_server.cc
+++ b/src/ssl/handshake_server.cc
@@ -303,7 +303,7 @@
uint32_t mask_k = 0;
uint32_t mask_a = 0;
- if (ssl_has_certificate(hs->config)) {
+ if (ssl_has_certificate(hs)) {
mask_a |= ssl_cipher_auth_mask_for_key(hs->local_pubkey.get());
if (EVP_PKEY_id(hs->local_pubkey.get()) == EVP_PKEY_RSA) {
mask_k |= SSL_kRSA;
@@ -402,8 +402,7 @@
}
// is_probably_jdk11_with_tls13 returns whether |client_hello| was probably sent
-// from a JDK 11 client (11.0.1 or earlier) with both TLS 1.3 and a prior
-// version enabled.
+// from a JDK 11 client with both TLS 1.3 and a prior version enabled.
static bool is_probably_jdk11_with_tls13(const SSL_CLIENT_HELLO *client_hello) {
// JDK 11 ClientHellos contain a number of unusual properties which should
// limit false positives.
@@ -868,7 +867,7 @@
ScopedCBB cbb;
if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
- if (!ssl_has_certificate(hs->config)) {
+ if (!ssl_has_certificate(hs)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_SET);
return ssl_hs_error;
}
@@ -974,7 +973,7 @@
// Add a signature.
if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
- if (!ssl_has_private_key(hs->config)) {
+ if (!ssl_has_private_key(hs)) {
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
return ssl_hs_error;
}
@@ -1226,6 +1225,8 @@
return ssl_hs_error;
}
+ CONSTTIME_SECRET(decrypt_buf.data(), decrypt_len);
+
// Prepare a random premaster, to be used on invalid padding. See RFC 5246,
// section 7.4.7.1.
if (!premaster_secret.Init(SSL_MAX_MASTER_KEY_LENGTH) ||
@@ -1348,6 +1349,8 @@
return ssl_hs_error;
}
hs->new_session->extended_master_secret = hs->extended_master_secret;
+ CONSTTIME_DECLASSIFY(hs->new_session->master_key,
+ hs->new_session->master_key_length);
ssl->method->next_message(ssl);
hs->state = state12_read_client_certificate_verify;