external/boringssl: Sync to 387b07b78dac785a341eeb2ff86e29393ffe8627.android-q-preview-6android-q-preview-5android-q-preview-4android-q-preview-2.5

This includes the following changes:

https://boringssl.googlesource.com/boringssl/+log/df11bed9ee05141b54da7b88cc5b7960ca858164..387b07b78dac785a341eeb2ff86e29393ffe8627

Test: atest CtsLibcoreTestCases (TODO)
Change-Id: I815f6f838a77041a4b71abfa2a03d409f106e71a

6 files changed, 49 insertions, 33 deletions

diff --git a/src/crypto/fipsmodule/digest/md32_common.h b/src/crypto/fipsmodule/digest/md32_common.h
index a0c3665d..07d39d9d 100644
--- a/src/crypto/fipsmodule/digest/md32_common.h
+++ b/src/crypto/fipsmodule/digest/md32_common.h
@@ -223,12 +223,12 @@ int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) {
 }
 
 
-void HASH_TRANSFORM(HASH_CTX *c, const uint8_t *data) {
+void HASH_TRANSFORM(HASH_CTX *c, const uint8_t data[HASH_CBLOCK]) {
   HASH_BLOCK_DATA_ORDER(c->h, data, 1);
 }
 
 
-int HASH_FINAL(uint8_t *md, HASH_CTX *c) {
+int HASH_FINAL(uint8_t out[HASH_DIGEST_LENGTH], HASH_CTX *c) {
   // |c->data| always has room for at least one byte. A full block would have
   // been consumed.
   size_t n = c->num;
@@ -258,7 +258,7 @@ int HASH_FINAL(uint8_t *md, HASH_CTX *c) {
   c->num = 0;
   OPENSSL_memset(c->data, 0, HASH_CBLOCK);
 
-  HASH_MAKE_STRING(c, md);
+  HASH_MAKE_STRING(c, out);
   return 1;
 }
 
diff --git a/src/crypto/fipsmodule/md4/md4.c b/src/crypto/fipsmodule/md4/md4.c
index f0c1dcdf..cc2a6314 100644
--- a/src/crypto/fipsmodule/md4/md4.c
+++ b/src/crypto/fipsmodule/md4/md4.c
@@ -62,7 +62,7 @@
 #include "../../internal.h"
 
 
-uint8_t *MD4(const uint8_t *data, size_t len, uint8_t *out) {
+uint8_t *MD4(const uint8_t *data, size_t len, uint8_t out[MD4_DIGEST_LENGTH]) {
   MD4_CTX ctx;
   MD4_Init(&ctx);
   MD4_Update(&ctx, data, len);
@@ -88,6 +88,7 @@ void md4_block_data_order(uint32_t *state, const uint8_t *data, size_t num);
 
 #define HASH_CTX MD4_CTX
 #define HASH_CBLOCK 64
+#define HASH_DIGEST_LENGTH 16
 #define HASH_UPDATE MD4_Update
 #define HASH_TRANSFORM MD4_Transform
 #define HASH_FINAL MD4_Final
@@ -238,6 +239,7 @@ void md4_block_data_order(uint32_t *state, const uint8_t *data, size_t num) {
 #undef DATA_ORDER_IS_LITTLE_ENDIAN
 #undef HASH_CTX
 #undef HASH_CBLOCK
+#undef HASH_DIGEST_LENGTH
 #undef HASH_UPDATE
 #undef HASH_TRANSFORM
 #undef HASH_FINAL
diff --git a/src/crypto/fipsmodule/md5/md5.c b/src/crypto/fipsmodule/md5/md5.c
index 66c65a6b..a48d7043 100644
--- a/src/crypto/fipsmodule/md5/md5.c
+++ b/src/crypto/fipsmodule/md5/md5.c
@@ -64,7 +64,7 @@
 #include "../../internal.h"
 
 
-uint8_t *MD5(const uint8_t *data, size_t len, uint8_t *out) {
+uint8_t *MD5(const uint8_t *data, size_t len, uint8_t out[MD5_DIGEST_LENGTH]) {
   MD5_CTX ctx;
   MD5_Init(&ctx);
   MD5_Update(&ctx, data, len);
@@ -94,6 +94,7 @@ static void md5_block_data_order(uint32_t *state, const uint8_t *data,
 
 #define HASH_CTX MD5_CTX
 #define HASH_CBLOCK 64
+#define HASH_DIGEST_LENGTH 16
 #define HASH_UPDATE MD5_Update
 #define HASH_TRANSFORM MD5_Transform
 #define HASH_FINAL MD5_Final
@@ -281,6 +282,7 @@ static void md5_block_data_order(uint32_t *state, const uint8_t *data,
 #undef DATA_ORDER_IS_LITTLE_ENDIAN
 #undef HASH_CTX
 #undef HASH_CBLOCK
+#undef HASH_DIGEST_LENGTH
 #undef HASH_UPDATE
 #undef HASH_TRANSFORM
 #undef HASH_FINAL
diff --git a/src/crypto/fipsmodule/sha/sha1.c b/src/crypto/fipsmodule/sha/sha1.c
index a3b771a9..cc1243be 100644
--- a/src/crypto/fipsmodule/sha/sha1.c
+++ b/src/crypto/fipsmodule/sha/sha1.c
@@ -74,7 +74,7 @@ int SHA1_Init(SHA_CTX *sha) {
   return 1;
 }
 
-uint8_t *SHA1(const uint8_t *data, size_t len, uint8_t *out) {
+uint8_t *SHA1(const uint8_t *data, size_t len, uint8_t out[SHA_DIGEST_LENGTH]) {
   SHA_CTX ctx;
   SHA1_Init(&ctx);
   SHA1_Update(&ctx, data, len);
@@ -87,6 +87,7 @@ uint8_t *SHA1(const uint8_t *data, size_t len, uint8_t *out) {
 
 #define HASH_CTX                SHA_CTX
 #define HASH_CBLOCK             64
+#define HASH_DIGEST_LENGTH      20
 #define HASH_MAKE_STRING(c, s) \
   do {                         \
     uint32_t ll;               \
@@ -343,6 +344,7 @@ static void sha1_block_data_order(uint32_t *state, const uint8_t *data,
 #undef DATA_ORDER_IS_BIG_ENDIAN
 #undef HASH_CTX
 #undef HASH_CBLOCK
+#undef HASH_DIGEST_LENGTH
 #undef HASH_MAKE_STRING
 #undef HASH_UPDATE
 #undef HASH_TRANSFORM
diff --git a/src/crypto/fipsmodule/sha/sha256.c b/src/crypto/fipsmodule/sha/sha256.c
index 92a52956..0e424461 100644
--- a/src/crypto/fipsmodule/sha/sha256.c
+++ b/src/crypto/fipsmodule/sha/sha256.c
@@ -92,7 +92,8 @@ int SHA256_Init(SHA256_CTX *sha) {
   return 1;
 }
 
-uint8_t *SHA224(const uint8_t *data, size_t len, uint8_t *out) {
+uint8_t *SHA224(const uint8_t *data, size_t len,
+                uint8_t out[SHA224_DIGEST_LENGTH]) {
   SHA256_CTX ctx;
   SHA224_Init(&ctx);
   SHA224_Update(&ctx, data, len);
@@ -101,7 +102,8 @@ uint8_t *SHA224(const uint8_t *data, size_t len, uint8_t *out) {
   return out;
 }
 
-uint8_t *SHA256(const uint8_t *data, size_t len, uint8_t *out) {
+uint8_t *SHA256(const uint8_t *data, size_t len,
+                uint8_t out[SHA256_DIGEST_LENGTH]) {
   SHA256_CTX ctx;
   SHA256_Init(&ctx);
   SHA256_Update(&ctx, data, len);
@@ -114,14 +116,17 @@ int SHA224_Update(SHA256_CTX *ctx, const void *data, size_t len) {
   return SHA256_Update(ctx, data, len);
 }
 
-int SHA224_Final(uint8_t *md, SHA256_CTX *ctx) {
-  return SHA256_Final(md, ctx);
+int SHA224_Final(uint8_t out[SHA224_DIGEST_LENGTH], SHA256_CTX *ctx) {
+  // SHA224_Init sets |ctx->md_len| to |SHA224_DIGEST_LENGTH|, so this has a
+  // smaller output.
+  return SHA256_Final(out, ctx);
 }
 
 #define DATA_ORDER_IS_BIG_ENDIAN
 
 #define HASH_CTX SHA256_CTX
 #define HASH_CBLOCK 64
+#define HASH_DIGEST_LENGTH 32
 
 // Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
 // default: case below covers for it. It's not clear however if it's permitted
@@ -319,6 +324,7 @@ void SHA256_TransformBlocks(uint32_t state[8], const uint8_t *data,
 #undef DATA_ORDER_IS_BIG_ENDIAN
 #undef HASH_CTX
 #undef HASH_CBLOCK
+#undef HASH_DIGEST_LENGTH
 #undef HASH_MAKE_STRING
 #undef HASH_UPDATE
 #undef HASH_TRANSFORM
diff --git a/src/crypto/fipsmodule/sha/sha512.c b/src/crypto/fipsmodule/sha/sha512.c
index f96cfbd8..848f3b62 100644
--- a/src/crypto/fipsmodule/sha/sha512.c
+++ b/src/crypto/fipsmodule/sha/sha512.c
@@ -105,7 +105,8 @@ int SHA512_Init(SHA512_CTX *sha) {
   return 1;
 }
 
-uint8_t *SHA384(const uint8_t *data, size_t len, uint8_t *out) {
+uint8_t *SHA384(const uint8_t *data, size_t len,
+                uint8_t out[SHA384_DIGEST_LENGTH]) {
   SHA512_CTX ctx;
   SHA384_Init(&ctx);
   SHA384_Update(&ctx, data, len);
@@ -114,7 +115,8 @@ uint8_t *SHA384(const uint8_t *data, size_t len, uint8_t *out) {
   return out;
 }
 
-uint8_t *SHA512(const uint8_t *data, size_t len, uint8_t *out) {
+uint8_t *SHA512(const uint8_t *data, size_t len,
+                uint8_t out[SHA512_DIGEST_LENGTH]) {
   SHA512_CTX ctx;
   SHA512_Init(&ctx);
   SHA512_Update(&ctx, data, len);
@@ -129,15 +131,17 @@ static void sha512_block_data_order(uint64_t *state, const uint8_t *in,
 #endif
 
 
-int SHA384_Final(uint8_t *md, SHA512_CTX *sha) {
-  return SHA512_Final(md, sha);
+int SHA384_Final(uint8_t out[SHA384_DIGEST_LENGTH], SHA512_CTX *sha) {
+  // |SHA384_Init| sets |sha->md_len| to |SHA384_DIGEST_LENGTH|, so this has a
+  // |smaller output.
+  return SHA512_Final(out, sha);
 }
 
 int SHA384_Update(SHA512_CTX *sha, const void *data, size_t len) {
   return SHA512_Update(sha, data, len);
 }
 
-void SHA512_Transform(SHA512_CTX *c, const uint8_t *block) {
+void SHA512_Transform(SHA512_CTX *c, const uint8_t block[SHA512_CBLOCK]) {
   sha512_block_data_order(c->h, block, 1);
 }
 
@@ -189,7 +193,7 @@ int SHA512_Update(SHA512_CTX *c, const void *in_data, size_t len) {
   return 1;
 }
 
-int SHA512_Final(uint8_t *md, SHA512_CTX *sha) {
+int SHA512_Final(uint8_t out[SHA512_DIGEST_LENGTH], SHA512_CTX *sha) {
   uint8_t *p = sha->p;
   size_t n = sha->num;
 
@@ -221,7 +225,7 @@ int SHA512_Final(uint8_t *md, SHA512_CTX *sha) {
 
   sha512_block_data_order(sha->h, p, 1);
 
-  if (md == NULL) {
+  if (out == NULL) {
     // TODO(davidben): This NULL check is absent in other low-level hash 'final'
     // functions and is one of the few places one can fail.
     return 0;
@@ -233,28 +237,28 @@ int SHA512_Final(uint8_t *md, SHA512_CTX *sha) {
       for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) {
         uint64_t t = sha->h[n];
 
-        *(md++) = (uint8_t)(t >> 56);
-        *(md++) = (uint8_t)(t >> 48);
-        *(md++) = (uint8_t)(t >> 40);
-        *(md++) = (uint8_t)(t >> 32);
-        *(md++) = (uint8_t)(t >> 24);
-        *(md++) = (uint8_t)(t >> 16);
-        *(md++) = (uint8_t)(t >> 8);
-        *(md++) = (uint8_t)(t);
+        *(out++) = (uint8_t)(t >> 56);
+        *(out++) = (uint8_t)(t >> 48);
+        *(out++) = (uint8_t)(t >> 40);
+        *(out++) = (uint8_t)(t >> 32);
+        *(out++) = (uint8_t)(t >> 24);
+        *(out++) = (uint8_t)(t >> 16);
+        *(out++) = (uint8_t)(t >> 8);
+        *(out++) = (uint8_t)(t);
       }
       break;
     case SHA512_DIGEST_LENGTH:
       for (n = 0; n < SHA512_DIGEST_LENGTH / 8; n++) {
         uint64_t t = sha->h[n];
 
-        *(md++) = (uint8_t)(t >> 56);
-        *(md++) = (uint8_t)(t >> 48);
-        *(md++) = (uint8_t)(t >> 40);
-        *(md++) = (uint8_t)(t >> 32);
-        *(md++) = (uint8_t)(t >> 24);
-        *(md++) = (uint8_t)(t >> 16);
-        *(md++) = (uint8_t)(t >> 8);
-        *(md++) = (uint8_t)(t);
+        *(out++) = (uint8_t)(t >> 56);
+        *(out++) = (uint8_t)(t >> 48);
+        *(out++) = (uint8_t)(t >> 40);
+        *(out++) = (uint8_t)(t >> 32);
+        *(out++) = (uint8_t)(t >> 24);
+        *(out++) = (uint8_t)(t >> 16);
+        *(out++) = (uint8_t)(t >> 8);
+        *(out++) = (uint8_t)(t);
       }
       break;
     // ... as well as make sure md_len is not abused.