external/boringssl: Sync to e34bcc91.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/0e9138d295cd556e830dc8b3be735e808680f4bd..e34bcc91c07c0bf65ecc53a814d51f5246007150
This also removes BORINGSSL_ENABLE_RC4_TLS and android_compat_hacks.c as
they are no longer needed.
Test: Built tree, phone boots. Ran cts-tradefed run cts -m CtsLibcoreTestCases
Change-Id: I86df196e1856c338bbf72c60e2e47dd1b74ae537
diff --git a/src/ssl/s3_both.c b/src/ssl/s3_both.c
index aa8dea6..52c93aa 100644
--- a/src/ssl/s3_both.c
+++ b/src/ssl/s3_both.c
@@ -142,19 +142,6 @@
return hs;
}
-void ssl_handshake_clear_groups(SSL_HANDSHAKE *hs) {
- if (hs->groups == NULL) {
- return;
- }
-
- for (size_t i = 0; i < hs->groups_len; i++) {
- SSL_ECDH_CTX_cleanup(&hs->groups[i]);
- }
- OPENSSL_free(hs->groups);
- hs->groups = NULL;
- hs->groups_len = 0;
-}
-
void ssl_handshake_free(SSL_HANDSHAKE *hs) {
if (hs == NULL) {
return;
@@ -162,10 +149,11 @@
OPENSSL_cleanse(hs->secret, sizeof(hs->secret));
OPENSSL_cleanse(hs->traffic_secret_0, sizeof(hs->traffic_secret_0));
- ssl_handshake_clear_groups(hs);
+ SSL_ECDH_CTX_cleanup(&hs->ecdh_ctx);
OPENSSL_free(hs->key_share_bytes);
OPENSSL_free(hs->public_key);
OPENSSL_free(hs->peer_sigalgs);
+ OPENSSL_free(hs->peer_psk_identity_hint);
OPENSSL_free(hs);
}
@@ -180,7 +168,7 @@
/* ssl3_write_bytes writes the data in its entirety. */
assert((size_t)ret == len);
- ssl_do_msg_callback(ssl, 1 /* write */, ssl->version, type, data, len);
+ ssl_do_msg_callback(ssl, 1 /* write */, type, data, len);
return 1;
}
@@ -314,18 +302,14 @@
}
size_t finished_len = ssl->s3->tmp.peer_finish_md_len;
- if (finished_len != ssl->init_num) {
- al = SSL_AD_DECODE_ERROR;
- OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_DIGEST_LENGTH);
- goto f_err;
- }
- int finished_ret =
- CRYPTO_memcmp(ssl->init_msg, ssl->s3->tmp.peer_finish_md, finished_len);
+ int finished_ok = ssl->init_num == finished_len &&
+ CRYPTO_memcmp(ssl->init_msg, ssl->s3->tmp.peer_finish_md,
+ finished_len) == 0;
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
- finished_ret = 0;
+ finished_ok = 1;
#endif
- if (finished_ret != 0) {
+ if (!finished_ok) {
al = SSL_AD_DECRYPT_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED);
goto f_err;
@@ -480,7 +464,7 @@
return -1;
}
- ssl_do_msg_callback(ssl, 0 /* read */, SSL2_VERSION, 0,
+ ssl_do_msg_callback(ssl, 0 /* read */, 0 /* V2ClientHello */,
CBS_data(&v2_client_hello), CBS_len(&v2_client_hello));
uint8_t msg_type;
@@ -634,8 +618,8 @@
}
/* We have now received a complete message. */
- ssl_do_msg_callback(ssl, 0 /* read */, ssl->version, SSL3_RT_HANDSHAKE,
- ssl->init_buf->data, ssl->init_buf->length);
+ ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HANDSHAKE, ssl->init_buf->data,
+ ssl->init_buf->length);
ssl->s3->tmp.message_type = ((const uint8_t *)ssl->init_buf->data)[0];
ssl->init_msg = (uint8_t*)ssl->init_buf->data + SSL3_HM_HEADER_LENGTH;