external/boringssl: Sync to 9c33ae85621ef8e00a42309b5101e0bedd02b816.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/629db8cd0c84628e37aa81242b5b07fec7602f55..9c33ae85621ef8e00a42309b5101e0bedd02b816
Bug: 33622440
Test: BoringSSL tests
Change-Id: I20da15ad995a620b6b2f08db20c77ebd0f05ca10
diff --git a/src/ssl/s3_both.c b/src/ssl/s3_both.c
index 4800f92..492884f 100644
--- a/src/ssl/s3_both.c
+++ b/src/ssl/s3_both.c
@@ -127,6 +127,7 @@
#include <openssl/sha.h>
#include <openssl/x509.h>
+#include "../crypto/internal.h"
#include "internal.h"
@@ -136,7 +137,7 @@
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
return NULL;
}
- memset(hs, 0, sizeof(SSL_HANDSHAKE));
+ OPENSSL_memset(hs, 0, sizeof(SSL_HANDSHAKE));
hs->ssl = ssl;
hs->wait = ssl_hs_ok;
hs->state = SSL_ST_INIT;
@@ -149,6 +150,10 @@
}
OPENSSL_cleanse(hs->secret, sizeof(hs->secret));
+ OPENSSL_cleanse(hs->client_handshake_secret,
+ sizeof(hs->client_handshake_secret));
+ OPENSSL_cleanse(hs->server_handshake_secret,
+ sizeof(hs->server_handshake_secret));
OPENSSL_cleanse(hs->client_traffic_secret_0,
sizeof(hs->client_traffic_secret_0));
OPENSSL_cleanse(hs->server_traffic_secret_0,
@@ -291,10 +296,10 @@
}
if (ssl->server) {
- memcpy(ssl->s3->previous_server_finished, finished, finished_len);
+ OPENSSL_memcpy(ssl->s3->previous_server_finished, finished, finished_len);
ssl->s3->previous_server_finished_len = finished_len;
} else {
- memcpy(ssl->s3->previous_client_finished, finished, finished_len);
+ OPENSSL_memcpy(ssl->s3->previous_client_finished, finished, finished_len);
ssl->s3->previous_client_finished_len = finished_len;
}
}
@@ -349,10 +354,10 @@
}
if (ssl->server) {
- memcpy(ssl->s3->previous_client_finished, finished, finished_len);
+ OPENSSL_memcpy(ssl->s3->previous_client_finished, finished, finished_len);
ssl->s3->previous_client_finished_len = finished_len;
} else {
- memcpy(ssl->s3->previous_server_finished, finished, finished_len);
+ OPENSSL_memcpy(ssl->s3->previous_server_finished, finished, finished_len);
ssl->s3->previous_server_finished_len = finished_len;
}
}
@@ -517,9 +522,9 @@
rand_len = SSL3_RANDOM_SIZE;
}
uint8_t random[SSL3_RANDOM_SIZE];
- memset(random, 0, SSL3_RANDOM_SIZE);
- memcpy(random + (SSL3_RANDOM_SIZE - rand_len), CBS_data(&challenge),
- rand_len);
+ OPENSSL_memset(random, 0, SSL3_RANDOM_SIZE);
+ OPENSSL_memcpy(random + (SSL3_RANDOM_SIZE - rand_len), CBS_data(&challenge),
+ rand_len);
/* Write out an equivalent SSLv3 ClientHello. */
size_t max_v3_client_hello = SSL3_HM_HEADER_LENGTH + 2 /* version */ +
@@ -775,7 +780,7 @@
int ssl_parse_extensions(const CBS *cbs, uint8_t *out_alert,
const SSL_EXTENSION_TYPE *ext_types,
- size_t num_ext_types) {
+ size_t num_ext_types, int ignore_unknown) {
/* Reset everything. */
for (size_t i = 0; i < num_ext_types; i++) {
*ext_types[i].out_present = 0;
@@ -802,6 +807,9 @@
}
if (ext_type == NULL) {
+ if (ignore_unknown) {
+ continue;
+ }
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
return 0;