diff options
author | Robert Sloan <varomodt@google.com> | 2017-08-14 09:33:19 -0700 |
---|---|---|
committer | Robert Sloan <varomodt@google.com> | 2017-08-14 09:33:31 -0700 |
commit | 843770915703e4d21d7f1776be72e769812f9f1e (patch) | |
tree | 5ea3cbd36bbd443a8f74a3cb16b3dd20cd764d5b /src/crypto | |
parent | caa34167616dfc6602c9157b32a29b5d5a7c751c (diff) | |
download | boringssl-843770915703e4d21d7f1776be72e769812f9f1e.tar.gz |
external/boringssl: Sync to 348f0d8db9c2a0eca0503ba654020209c579d552.android-o-iot-preview-5o-iot-preview-5
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/9bbdf5832de8a2d395303c669b594fc61c791f4d..348f0d8db9c2a0eca0503ba654020209c579d552
Test: BoringSSL CTS Presubmits.
Change-Id: I69a8590da0c89a0d66446775fd669e206a46308a
Diffstat (limited to 'src/crypto')
-rw-r--r-- | src/crypto/fipsmodule/ec/p256-x86_64_test.cc | 5 | ||||
-rw-r--r-- | src/crypto/obj/obj_dat.h | 30 | ||||
-rw-r--r-- | src/crypto/obj/obj_mac.num | 9 | ||||
-rw-r--r-- | src/crypto/obj/objects.txt | 16 | ||||
-rw-r--r-- | src/crypto/pem/pem_pk8.c | 1 | ||||
-rw-r--r-- | src/crypto/pem/pem_pkey.c | 1 |
6 files changed, 59 insertions, 3 deletions
diff --git a/src/crypto/fipsmodule/ec/p256-x86_64_test.cc b/src/crypto/fipsmodule/ec/p256-x86_64_test.cc index 4600c76e..a802bfb5 100644 --- a/src/crypto/fipsmodule/ec/p256-x86_64_test.cc +++ b/src/crypto/fipsmodule/ec/p256-x86_64_test.cc @@ -27,6 +27,7 @@ #include <openssl/mem.h> #include "../bn/internal.h" +#include "../../internal.h" #include "../../test/file_test.h" #include "../../test/test_util.h" #include "p256-x86_64.h" @@ -39,7 +40,7 @@ TEST(P256_X86_64Test, SelectW5) { // Fill a table with some garbage input. - P256_POINT table[16]; + alignas(64) P256_POINT table[16]; for (size_t i = 0; i < 16; i++) { OPENSSL_memset(table[i].X, 3 * i, sizeof(table[i].X)); OPENSSL_memset(table[i].Y, 3 * i + 1, sizeof(table[i].Y)); @@ -64,7 +65,7 @@ TEST(P256_X86_64Test, SelectW5) { TEST(P256_X86_64Test, SelectW7) { // Fill a table with some garbage input. - P256_POINT_AFFINE table[64]; + alignas(64) P256_POINT_AFFINE table[64]; for (size_t i = 0; i < 64; i++) { OPENSSL_memset(table[i].X, 2 * i, sizeof(table[i].X)); OPENSSL_memset(table[i].Y, 2 * i + 1, sizeof(table[i].Y)); diff --git a/src/crypto/obj/obj_dat.h b/src/crypto/obj/obj_dat.h index b3da0e89..dceaf03d 100644 --- a/src/crypto/obj/obj_dat.h +++ b/src/crypto/obj/obj_dat.h @@ -57,7 +57,7 @@ /* This file is generated by crypto/obj/objects.go. */ -#define NUM_NID 950 +#define NUM_NID 959 static const uint8_t kObjectData[] = { /* NID_rsadsi */ @@ -3444,6 +3444,16 @@ static const ASN1_OBJECT kObjects[NUM_NID] = { {"dh-cofactor-kdf", "dh-cofactor-kdf", NID_dh_cofactor_kdf, 0, NULL, 0}, {"X25519", "X25519", NID_X25519, 0, NULL, 0}, {"ED25519", "ED25519", NID_ED25519, 3, &kObjectData[6175], 0}, + {"ChaCha20-Poly1305", "chacha20-poly1305", NID_chacha20_poly1305, 0, NULL, + 0}, + {"KxRSA", "kx-rsa", NID_kx_rsa, 0, NULL, 0}, + {"KxECDHE", "kx-ecdhe", NID_kx_ecdhe, 0, NULL, 0}, + {"KxPSK", "kx-psk", NID_kx_psk, 0, NULL, 0}, + {"AuthRSA", "auth-rsa", NID_auth_rsa, 0, NULL, 0}, + {"AuthECDSA", "auth-ecdsa", NID_auth_ecdsa, 0, NULL, 0}, + {"AuthPSK", "auth-psk", NID_auth_psk, 0, NULL, 0}, + {"KxANY", "kx-any", NID_kx_any, 0, NULL, 0}, + {"AuthANY", "auth-any", NID_auth_any, 0, NULL, 0}, }; static const unsigned kNIDsInShortNameOrder[] = { @@ -3474,6 +3484,10 @@ static const unsigned kNIDsInShortNameOrder[] = { 426 /* AES-256-ECB */, 428 /* AES-256-OFB */, 914 /* AES-256-XTS */, + 958 /* AuthANY */, + 955 /* AuthECDSA */, + 956 /* AuthPSK */, + 954 /* AuthRSA */, 91 /* BF-CBC */, 93 /* BF-CFB */, 92 /* BF-ECB */, @@ -3505,6 +3519,7 @@ static const unsigned kNIDsInShortNameOrder[] = { 13 /* CN */, 141 /* CRLReason */, 417 /* CSPName */, + 950 /* ChaCha20-Poly1305 */, 367 /* CrlID */, 391 /* DC */, 31 /* DES-CBC */, @@ -3547,6 +3562,10 @@ static const unsigned kNIDsInShortNameOrder[] = { 645 /* ITU-T */, 646 /* JOINT-ISO-ITU-T */, 773 /* KISA */, + 957 /* KxANY */, + 952 /* KxECDHE */, + 953 /* KxPSK */, + 951 /* KxRSA */, 15 /* L */, 856 /* LocalKeySet */, 3 /* MD2 */, @@ -4570,6 +4589,10 @@ static const unsigned kNIDsInLongNameOrder[] = { 484 /* associatedDomain */, 485 /* associatedName */, 501 /* audio */, + 958 /* auth-any */, + 955 /* auth-ecdsa */, + 956 /* auth-psk */, + 954 /* auth-rsa */, 882 /* authorityRevocationList */, 91 /* bf-cbc */, 93 /* bf-cfb */, @@ -4640,6 +4663,7 @@ static const unsigned kNIDsInLongNameOrder[] = { 677 /* certicom-arc */, 517 /* certificate extensions */, 883 /* certificateRevocationList */, + 950 /* chacha20-poly1305 */, 54 /* challengePassword */, 407 /* characteristic-two-field */, 395 /* clearance */, @@ -4982,6 +5006,10 @@ static const unsigned kNIDsInLongNameOrder[] = { 646 /* joint-iso-itu-t */, 150 /* keyBag */, 773 /* kisa */, + 957 /* kx-any */, + 952 /* kx-ecdhe */, + 953 /* kx-psk */, + 951 /* kx-rsa */, 477 /* lastModifiedBy */, 476 /* lastModifiedTime */, 157 /* localKeyID */, diff --git a/src/crypto/obj/obj_mac.num b/src/crypto/obj/obj_mac.num index 572a01b0..6dbc0f13 100644 --- a/src/crypto/obj/obj_mac.num +++ b/src/crypto/obj/obj_mac.num @@ -938,3 +938,12 @@ dh_std_kdf 946 dh_cofactor_kdf 947 X25519 948 ED25519 949 +chacha20_poly1305 950 +kx_rsa 951 +kx_ecdhe 952 +kx_psk 953 +auth_rsa 954 +auth_ecdsa 955 +auth_psk 956 +kx_any 957 +auth_any 958 diff --git a/src/crypto/obj/objects.txt b/src/crypto/obj/objects.txt index 03056deb..f1a63955 100644 --- a/src/crypto/obj/objects.txt +++ b/src/crypto/obj/objects.txt @@ -1336,3 +1336,19 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme # See draft-ietf-curdle-pkix-04. 1 3 101 112 : ED25519 + + : ChaCha20-Poly1305 : chacha20-poly1305 + +# NIDs for TLS 1.2 cipher suite key exchanges. + : KxRSA : kx-rsa + : KxECDHE : kx-ecdhe + : KxPSK : kx-psk + +# NIDs for TLS 1.2 cipher suite authentication types. + : AuthRSA : auth-rsa + : AuthECDSA : auth-ecdsa + : AuthPSK : auth-psk + +# TLS 1.3 cipher suites do not specify key exchange or authentication. + : KxANY : kx-any + : AuthANY : auth-any diff --git a/src/crypto/pem/pem_pk8.c b/src/crypto/pem/pem_pk8.c index 550661d6..15385eca 100644 --- a/src/crypto/pem/pem_pk8.c +++ b/src/crypto/pem/pem_pk8.c @@ -176,6 +176,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, } p8inf = PKCS8_decrypt(p8, psbuf, klen); X509_SIG_free(p8); + OPENSSL_cleanse(psbuf, klen); if (!p8inf) return NULL; ret = EVP_PKCS82PKEY(p8inf); diff --git a/src/crypto/pem/pem_pkey.c b/src/crypto/pem/pem_pkey.c index 058c0311..96675509 100644 --- a/src/crypto/pem/pem_pkey.c +++ b/src/crypto/pem/pem_pkey.c @@ -114,6 +114,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, } p8inf = PKCS8_decrypt(p8, psbuf, klen); X509_SIG_free(p8); + OPENSSL_cleanse(psbuf, klen); if (!p8inf) goto p8err; ret = EVP_PKCS82PKEY(p8inf); |