external/boringssl: Sync to 9c33ae85621ef8e00a42309b5101e0bedd02b816.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/629db8cd0c84628e37aa81242b5b07fec7602f55..9c33ae85621ef8e00a42309b5101e0bedd02b816
Bug: 33622440
Test: BoringSSL tests
Change-Id: I20da15ad995a620b6b2f08db20c77ebd0f05ca10
diff --git a/src/crypto/aes/aes_test.cc b/src/crypto/aes/aes_test.cc
index 4fb3a31..cdf03d3 100644
--- a/src/crypto/aes/aes_test.cc
+++ b/src/crypto/aes/aes_test.cc
@@ -21,6 +21,7 @@
#include <openssl/aes.h>
#include <openssl/crypto.h>
+#include "../internal.h"
#include "../test/file_test.h"
@@ -54,7 +55,7 @@
}
// Test in-place encryption.
- memcpy(block, plaintext.data(), AES_BLOCK_SIZE);
+ OPENSSL_memcpy(block, plaintext.data(), AES_BLOCK_SIZE);
AES_encrypt(block, block, &aes_key);
if (!t->ExpectBytesEqual(block, AES_BLOCK_SIZE, ciphertext.data(),
ciphertext.size())) {
@@ -76,7 +77,7 @@
}
// Test in-place decryption.
- memcpy(block, ciphertext.data(), AES_BLOCK_SIZE);
+ OPENSSL_memcpy(block, ciphertext.data(), AES_BLOCK_SIZE);
AES_decrypt(block, block, &aes_key);
if (!t->ExpectBytesEqual(block, AES_BLOCK_SIZE, plaintext.data(),
plaintext.size())) {
@@ -123,7 +124,7 @@
return false;
}
- memset(buf.get(), 0, ciphertext.size());
+ OPENSSL_memset(buf.get(), 0, ciphertext.size());
if (AES_wrap_key(&aes_key, kDefaultIV, buf.get(), plaintext.data(),
plaintext.size()) != static_cast<int>(ciphertext.size()) ||
!t->ExpectBytesEqual(buf.get(), ciphertext.size(), ciphertext.data(),
@@ -146,7 +147,7 @@
return false;
}
- memset(buf.get(), 0, plaintext.size());
+ OPENSSL_memset(buf.get(), 0, plaintext.size());
if (AES_unwrap_key(&aes_key, kDefaultIV, buf.get(), ciphertext.data(),
ciphertext.size()) != static_cast<int>(plaintext.size()) ||
!t->ExpectBytesEqual(buf.get(), plaintext.size(), plaintext.data(),
@@ -155,6 +156,13 @@
return false;
}
+ ciphertext[0] ^= 1;
+ if (AES_unwrap_key(&aes_key, nullptr /* iv */, buf.get(), ciphertext.data(),
+ ciphertext.size()) != -1) {
+ t->PrintLine("AES_unwrap_key with bad input unexpectedly succeeded.");
+ return false;
+ }
+
return true;
}
diff --git a/src/crypto/aes/key_wrap.c b/src/crypto/aes/key_wrap.c
index c8b6a03..23553b7 100644
--- a/src/crypto/aes/key_wrap.c
+++ b/src/crypto/aes/key_wrap.c
@@ -53,6 +53,8 @@
#include <openssl/mem.h>
+#include "../internal.h"
+
/* kDefaultIV is the default IV value given in RFC 3394, 2.2.3.1. */
static const uint8_t kDefaultIV[] = {
@@ -73,15 +75,15 @@
iv = kDefaultIV;
}
- memmove(out + 8, in, in_len);
+ OPENSSL_memmove(out + 8, in, in_len);
uint8_t A[AES_BLOCK_SIZE];
- memcpy(A, iv, 8);
+ OPENSSL_memcpy(A, iv, 8);
size_t n = in_len / 8;
for (unsigned j = 0; j < kBound; j++) {
for (size_t i = 1; i <= n; i++) {
- memcpy(A + 8, out + 8 * i, 8);
+ OPENSSL_memcpy(A + 8, out + 8 * i, 8);
AES_encrypt(A, A, key);
uint32_t t = (uint32_t)(n * j + i);
@@ -89,11 +91,11 @@
A[6] ^= (t >> 8) & 0xff;
A[5] ^= (t >> 16) & 0xff;
A[4] ^= (t >> 24) & 0xff;
- memcpy(out + 8 * i, A + 8, 8);
+ OPENSSL_memcpy(out + 8 * i, A + 8, 8);
}
}
- memcpy(out, A, 8);
+ OPENSSL_memcpy(out, A, 8);
return (int)in_len + 8;
}
@@ -110,8 +112,8 @@
}
uint8_t A[AES_BLOCK_SIZE];
- memcpy(A, in, 8);
- memmove(out, in + 8, in_len - 8);
+ OPENSSL_memcpy(A, in, 8);
+ OPENSSL_memmove(out, in + 8, in_len - 8);
size_t n = (in_len / 8) - 1;
@@ -122,9 +124,9 @@
A[6] ^= (t >> 8) & 0xff;
A[5] ^= (t >> 16) & 0xff;
A[4] ^= (t >> 24) & 0xff;
- memcpy(A + 8, out + 8 * (i - 1), 8);
+ OPENSSL_memcpy(A + 8, out + 8 * (i - 1), 8);
AES_decrypt(A, A, key);
- memcpy(out + 8 * (i - 1), A + 8, 8);
+ OPENSSL_memcpy(out + 8 * (i - 1), A + 8, 8);
}
}