external/boringssl: Sync to 348f0d8db9c2a0eca0503ba654020209c579d552.android-o-iot-preview-5 o-iot-preview-5

This includes the following changes: https://boringssl.googlesource.com/boringssl/+log/9bbdf5832de8a2d395303c669b594fc61c791f4d..348f0d8db9c2a0eca0503ba654020209c579d552 Test: BoringSSL CTS Presubmits. Change-Id: I69a8590da0c89a0d66446775fd669e206a46308a
author: Robert Sloan <varomodt@google.com> 2017-08-14 09:33:19 -0700
committer: Robert Sloan <varomodt@google.com> 2017-08-14 09:33:31 -0700
commit: 843770915703e4d21d7f1776be72e769812f9f1e (patch)
tree: 5ea3cbd36bbd443a8f74a3cb16b3dd20cd764d5b /src/crypto
parent: caa34167616dfc6602c9157b32a29b5d5a7c751c (diff)
download: boringssl-843770915703e4d21d7f1776be72e769812f9f1e.tar.gz
6 files changed, 59 insertions, 3 deletions
diff --git a/src/crypto/fipsmodule/ec/p256-x86_64_test.cc b/src/crypto/fipsmodule/ec/p256-x86_64_test.cc
index 4600c76e..a802bfb5 100644
--- a/src/crypto/fipsmodule/ec/p256-x86_64_test.cc
+++ b/src/crypto/fipsmodule/ec/p256-x86_64_test.cc
@@ -27,6 +27,7 @@
 #include <openssl/mem.h>
 
 #include "../bn/internal.h"
+#include "../../internal.h"
 #include "../../test/file_test.h"
 #include "../../test/test_util.h"
 #include "p256-x86_64.h"
@@ -39,7 +40,7 @@
 
 TEST(P256_X86_64Test, SelectW5) {
   // Fill a table with some garbage input.
-  P256_POINT table[16];
+  alignas(64) P256_POINT table[16];
   for (size_t i = 0; i < 16; i++) {
     OPENSSL_memset(table[i].X, 3 * i, sizeof(table[i].X));
     OPENSSL_memset(table[i].Y, 3 * i + 1, sizeof(table[i].Y));
@@ -64,7 +65,7 @@ TEST(P256_X86_64Test, SelectW5) {
 
 TEST(P256_X86_64Test, SelectW7) {
   // Fill a table with some garbage input.
-  P256_POINT_AFFINE table[64];
+  alignas(64) P256_POINT_AFFINE table[64];
   for (size_t i = 0; i < 64; i++) {
     OPENSSL_memset(table[i].X, 2 * i, sizeof(table[i].X));
     OPENSSL_memset(table[i].Y, 2 * i + 1, sizeof(table[i].Y));
diff --git a/src/crypto/obj/obj_dat.h b/src/crypto/obj/obj_dat.h
index b3da0e89..dceaf03d 100644
--- a/src/crypto/obj/obj_dat.h
+++ b/src/crypto/obj/obj_dat.h
@@ -57,7 +57,7 @@
 /* This file is generated by crypto/obj/objects.go. */
 
 
-#define NUM_NID 950
+#define NUM_NID 959
 
 static const uint8_t kObjectData[] = {
     /* NID_rsadsi */
@@ -3444,6 +3444,16 @@ static const ASN1_OBJECT kObjects[NUM_NID] = {
     {"dh-cofactor-kdf", "dh-cofactor-kdf", NID_dh_cofactor_kdf, 0, NULL, 0},
     {"X25519", "X25519", NID_X25519, 0, NULL, 0},
     {"ED25519", "ED25519", NID_ED25519, 3, &kObjectData[6175], 0},
+    {"ChaCha20-Poly1305", "chacha20-poly1305", NID_chacha20_poly1305, 0, NULL,
+     0},
+    {"KxRSA", "kx-rsa", NID_kx_rsa, 0, NULL, 0},
+    {"KxECDHE", "kx-ecdhe", NID_kx_ecdhe, 0, NULL, 0},
+    {"KxPSK", "kx-psk", NID_kx_psk, 0, NULL, 0},
+    {"AuthRSA", "auth-rsa", NID_auth_rsa, 0, NULL, 0},
+    {"AuthECDSA", "auth-ecdsa", NID_auth_ecdsa, 0, NULL, 0},
+    {"AuthPSK", "auth-psk", NID_auth_psk, 0, NULL, 0},
+    {"KxANY", "kx-any", NID_kx_any, 0, NULL, 0},
+    {"AuthANY", "auth-any", NID_auth_any, 0, NULL, 0},
 };
 
 static const unsigned kNIDsInShortNameOrder[] = {
@@ -3474,6 +3484,10 @@ static const unsigned kNIDsInShortNameOrder[] = {
     426 /* AES-256-ECB */,
     428 /* AES-256-OFB */,
     914 /* AES-256-XTS */,
+    958 /* AuthANY */,
+    955 /* AuthECDSA */,
+    956 /* AuthPSK */,
+    954 /* AuthRSA */,
     91 /* BF-CBC */,
     93 /* BF-CFB */,
     92 /* BF-ECB */,
@@ -3505,6 +3519,7 @@ static const unsigned kNIDsInShortNameOrder[] = {
     13 /* CN */,
     141 /* CRLReason */,
     417 /* CSPName */,
+    950 /* ChaCha20-Poly1305 */,
     367 /* CrlID */,
     391 /* DC */,
     31 /* DES-CBC */,
@@ -3547,6 +3562,10 @@ static const unsigned kNIDsInShortNameOrder[] = {
     645 /* ITU-T */,
     646 /* JOINT-ISO-ITU-T */,
     773 /* KISA */,
+    957 /* KxANY */,
+    952 /* KxECDHE */,
+    953 /* KxPSK */,
+    951 /* KxRSA */,
     15 /* L */,
     856 /* LocalKeySet */,
     3 /* MD2 */,
@@ -4570,6 +4589,10 @@ static const unsigned kNIDsInLongNameOrder[] = {
     484 /* associatedDomain */,
     485 /* associatedName */,
     501 /* audio */,
+    958 /* auth-any */,
+    955 /* auth-ecdsa */,
+    956 /* auth-psk */,
+    954 /* auth-rsa */,
     882 /* authorityRevocationList */,
     91 /* bf-cbc */,
     93 /* bf-cfb */,
@@ -4640,6 +4663,7 @@ static const unsigned kNIDsInLongNameOrder[] = {
     677 /* certicom-arc */,
     517 /* certificate extensions */,
     883 /* certificateRevocationList */,
+    950 /* chacha20-poly1305 */,
     54 /* challengePassword */,
     407 /* characteristic-two-field */,
     395 /* clearance */,
@@ -4982,6 +5006,10 @@ static const unsigned kNIDsInLongNameOrder[] = {
     646 /* joint-iso-itu-t */,
     150 /* keyBag */,
     773 /* kisa */,
+    957 /* kx-any */,
+    952 /* kx-ecdhe */,
+    953 /* kx-psk */,
+    951 /* kx-rsa */,
     477 /* lastModifiedBy */,
     476 /* lastModifiedTime */,
     157 /* localKeyID */,
diff --git a/src/crypto/obj/obj_mac.num b/src/crypto/obj/obj_mac.num
index 572a01b0..6dbc0f13 100644
--- a/src/crypto/obj/obj_mac.num
+++ b/src/crypto/obj/obj_mac.num
@@ -938,3 +938,12 @@ dh_std_kdf		946
 dh_cofactor_kdf		947
 X25519		948
 ED25519		949
+chacha20_poly1305		950
+kx_rsa		951
+kx_ecdhe		952
+kx_psk		953
+auth_rsa		954
+auth_ecdsa		955
+auth_psk		956
+kx_any		957
+auth_any		958
diff --git a/src/crypto/obj/objects.txt b/src/crypto/obj/objects.txt
index 03056deb..f1a63955 100644
--- a/src/crypto/obj/objects.txt
+++ b/src/crypto/obj/objects.txt
@@ -1336,3 +1336,19 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
 
 # See draft-ietf-curdle-pkix-04.
 1 3 101 112 : ED25519
+
+ : ChaCha20-Poly1305 : chacha20-poly1305
+
+# NIDs for TLS 1.2 cipher suite key exchanges.
+ : KxRSA : kx-rsa
+ : KxECDHE : kx-ecdhe
+ : KxPSK : kx-psk
+
+# NIDs for TLS 1.2 cipher suite authentication types.
+ : AuthRSA : auth-rsa
+ : AuthECDSA : auth-ecdsa
+ : AuthPSK : auth-psk
+
+# TLS 1.3 cipher suites do not specify key exchange or authentication.
+ : KxANY : kx-any
+ : AuthANY : auth-any
diff --git a/src/crypto/pem/pem_pk8.c b/src/crypto/pem/pem_pk8.c
index 550661d6..15385eca 100644
--- a/src/crypto/pem/pem_pk8.c
+++ b/src/crypto/pem/pem_pk8.c
@@ -176,6 +176,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
     }
     p8inf = PKCS8_decrypt(p8, psbuf, klen);
     X509_SIG_free(p8);
+    OPENSSL_cleanse(psbuf, klen);
     if (!p8inf)
         return NULL;
     ret = EVP_PKCS82PKEY(p8inf);
diff --git a/src/crypto/pem/pem_pkey.c b/src/crypto/pem/pem_pkey.c
index 058c0311..96675509 100644
--- a/src/crypto/pem/pem_pkey.c
+++ b/src/crypto/pem/pem_pkey.c
@@ -114,6 +114,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
         }
         p8inf = PKCS8_decrypt(p8, psbuf, klen);
         X509_SIG_free(p8);
+        OPENSSL_cleanse(psbuf, klen);
         if (!p8inf)
             goto p8err;
         ret = EVP_PKCS82PKEY(p8inf);
author	Robert Sloan <varomodt@google.com>	2017-08-14 09:33:19 -0700
committer	Robert Sloan <varomodt@google.com>	2017-08-14 09:33:31 -0700
commit	843770915703e4d21d7f1776be72e769812f9f1e (patch)
tree	5ea3cbd36bbd443a8f74a3cb16b3dd20cd764d5b /src/crypto
parent	caa34167616dfc6602c9157b32a29b5d5a7c751c (diff)
download	boringssl-843770915703e4d21d7f1776be72e769812f9f1e.tar.gz