Backport: Update BoringSSL to 7ae2b910c13017b63f1a8bd6c8decfce692869b0 (#190)

Package.swift

@@ -20,7 +20,7 @@
 // Sources/CCryptoBoringSSL directory. The source repository is at
 // https://boringssl.googlesource.com/boringssl.
 //
-// BoringSSL Commit: abfd5ebc87ddca0fab9fca067c9d7edbc355eae8
+// BoringSSL Commit: 7ae2b910c13017b63f1a8bd6c8decfce692869b0
 
 import PackageDescription
 

Sources/CCryptoBoringSSL/CMakeLists.txt

@@ -44,6 +44,7 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/bio/bio.c"
   "crypto/bio/bio_mem.c"
   "crypto/bio/connect.c"
+  "crypto/bio/errno.c"
   "crypto/bio/fd.c"
   "crypto/bio/file.c"
   "crypto/bio/hexdump.c"
@@ -74,16 +75,18 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/cipher_extra/tls_cbc.c"
   "crypto/conf/conf.c"
   "crypto/cpu_aarch64_apple.c"
-  "crypto/cpu_aarch64_freebsd.c"
   "crypto/cpu_aarch64_fuchsia.c"
   "crypto/cpu_aarch64_linux.c"
+  "crypto/cpu_aarch64_openbsd.c"
+  "crypto/cpu_aarch64_sysreg.c"
   "crypto/cpu_aarch64_win.c"
   "crypto/cpu_arm.c"
   "crypto/cpu_arm_freebsd.c"
   "crypto/cpu_arm_linux.c"
   "crypto/cpu_intel.c"
   "crypto/crypto.c"
   "crypto/curve25519/curve25519.c"
+  "crypto/curve25519/curve25519_64_adx.c"
   "crypto/curve25519/spake25519.c"
   "crypto/des/des.c"
   "crypto/dh_extra/dh_asn1.c"
@@ -168,6 +171,7 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/fipsmodule/ecdh/ecdh.c"
   "crypto/fipsmodule/ecdsa/ecdsa.c"
   "crypto/fipsmodule/fips_shared_support.c"
+  "crypto/fipsmodule/hkdf/hkdf.c"
   "crypto/fipsmodule/hmac/hmac.c"
   "crypto/fipsmodule/md4/md4.c"
   "crypto/fipsmodule/md5/md5.c"
@@ -193,7 +197,6 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/fipsmodule/sha/sha256.c"
   "crypto/fipsmodule/sha/sha512.c"
   "crypto/fipsmodule/tls/kdf.c"
-  "crypto/hkdf/hkdf.c"
   "crypto/hpke/hpke.c"
   "crypto/hrss/hrss.c"
   "crypto/kyber/keccak.c"
@@ -221,13 +224,14 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/pool/pool.c"
   "crypto/rand_extra/deterministic.c"
   "crypto/rand_extra/forkunsafe.c"
-  "crypto/rand_extra/fuchsia.c"
+  "crypto/rand_extra/getentropy.c"
+  "crypto/rand_extra/ios.c"
   "crypto/rand_extra/passive.c"
   "crypto/rand_extra/rand_extra.c"
+  "crypto/rand_extra/trusty.c"
   "crypto/rand_extra/windows.c"
   "crypto/rc4/rc4.c"
-  "crypto/refcount_c11.c"
-  "crypto/refcount_lock.c"
+  "crypto/refcount.c"
   "crypto/rsa_extra/rsa_asn1.c"
   "crypto/rsa_extra/rsa_crypt.c"
   "crypto/rsa_extra/rsa_print.c"

Sources/CCryptoBoringSSL/crypto/asn1/a_gentm.c

@@ -60,6 +60,7 @@
 #include <CCryptoBoringSSL_mem.h>
 #include <CCryptoBoringSSL_time.h>
 
+#include <stdlib.h>
 #include <string.h>
 #include <time.h>
 
@@ -123,9 +124,12 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
   }
 
   char buf[16];
-  BIO_snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d%02dZ",
-               data.tm_year + 1900, data.tm_mon + 1, data.tm_mday, data.tm_hour,
-               data.tm_min, data.tm_sec);
+  int ret = snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d%02dZ",
+                     data.tm_year + 1900, data.tm_mon + 1, data.tm_mday,
+                     data.tm_hour, data.tm_min, data.tm_sec);
+  if (ret != (int)(sizeof(buf) - 1)) {
+    abort();  // |snprintf| should neither truncate nor write fewer bytes.
+  }
 
   int free_s = 0;
   if (s == NULL) {

Sources/CCryptoBoringSSL/crypto/asn1/a_mbstr.c

@@ -73,18 +73,19 @@
 // horrible: it has to be :-( The 'ncopy' form checks minimum and maximum
 // size limits too.
 
-int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
-                       int inform, unsigned long mask) {
-  return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in,
+                       ossl_ssize_t len, int inform, unsigned long mask) {
+  return ASN1_mbstring_ncopy(out, in, len, inform, mask, /*minsize=*/0,
+                             /*maxsize=*/0);
 }
 
 OPENSSL_DECLARE_ERROR_REASON(ASN1, INVALID_BMPSTRING)
 OPENSSL_DECLARE_ERROR_REASON(ASN1, INVALID_UNIVERSALSTRING)
 OPENSSL_DECLARE_ERROR_REASON(ASN1, INVALID_UTF8STRING)
 
-int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
-                        int inform, unsigned long mask, long minsize,
-                        long maxsize) {
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in,
+                        ossl_ssize_t len, int inform, unsigned long mask,
+                        ossl_ssize_t minsize, ossl_ssize_t maxsize) {
   if (len == -1) {
     len = strlen((const char *)in);
   }
@@ -164,14 +165,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
     utf8_len += cbb_get_utf8_len(c);
     if (maxsize > 0 && nchar > (size_t)maxsize) {
       OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_LONG);
-      ERR_add_error_dataf("maxsize=%ld", maxsize);
+      ERR_add_error_dataf("maxsize=%zu", (size_t)maxsize);
       return -1;
     }
   }
 
   if (minsize > 0 && nchar < (size_t)minsize) {
     OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_SHORT);
-    ERR_add_error_dataf("minsize=%ld", minsize);
+    ERR_add_error_dataf("minsize=%zu", (size_t)minsize);
     return -1;
   }
 

Sources/CCryptoBoringSSL/crypto/asn1/a_strex.c

@@ -89,18 +89,18 @@ static int do_esc_char(uint32_t c, unsigned long flags, char *do_quotes,
   char buf[16];  // Large enough for "\\W01234567".
   unsigned char u8 = (unsigned char)c;
   if (c > 0xffff) {
-    BIO_snprintf(buf, sizeof(buf), "\\W%08" PRIX32, c);
+    snprintf(buf, sizeof(buf), "\\W%08" PRIX32, c);
   } else if (c > 0xff) {
-    BIO_snprintf(buf, sizeof(buf), "\\U%04" PRIX32, c);
+    snprintf(buf, sizeof(buf), "\\U%04" PRIX32, c);
   } else if ((flags & ASN1_STRFLGS_ESC_MSB) && c > 0x7f) {
-    BIO_snprintf(buf, sizeof(buf), "\\%02X", c);
+    snprintf(buf, sizeof(buf), "\\%02X", c);
   } else if ((flags & ASN1_STRFLGS_ESC_CTRL) && is_control_character(c)) {
-    BIO_snprintf(buf, sizeof(buf), "\\%02X", c);
+    snprintf(buf, sizeof(buf), "\\%02X", c);
   } else if (flags & ASN1_STRFLGS_ESC_2253) {
     // See RFC 2253, sections 2.4 and 4.
     if (c == '\\' || c == '"') {
       // Quotes and backslashes are always escaped, quoted or not.
-      BIO_snprintf(buf, sizeof(buf), "\\%c", (int)c);
+      snprintf(buf, sizeof(buf), "\\%c", (int)c);
     } else if (c == ',' || c == '+' || c == '<' || c == '>' || c == ';' ||
                (is_first && (c == ' ' || c == '#')) ||
                (is_last && (c == ' '))) {
@@ -111,13 +111,13 @@ static int do_esc_char(uint32_t c, unsigned long flags, char *do_quotes,
         }
         return maybe_write(out, &u8, 1) ? 1 : -1;
       }
-      BIO_snprintf(buf, sizeof(buf), "\\%c", (int)c);
+      snprintf(buf, sizeof(buf), "\\%c", (int)c);
     } else {
       return maybe_write(out, &u8, 1) ? 1 : -1;
     }
   } else if ((flags & ESC_FLAGS) && c == '\\') {
     // If any escape flags are set, also escape backslashes.
-    BIO_snprintf(buf, sizeof(buf), "\\%c", (int)c);
+    snprintf(buf, sizeof(buf), "\\%c", (int)c);
   } else {
     return maybe_write(out, &u8, 1) ? 1 : -1;
   }

Sources/CCryptoBoringSSL/crypto/asn1/a_strnid.c

@@ -72,7 +72,7 @@
 DEFINE_LHASH_OF(ASN1_STRING_TABLE)
 
 static LHASH_OF(ASN1_STRING_TABLE) *string_tables = NULL;
-static struct CRYPTO_STATIC_MUTEX string_tables_lock = CRYPTO_STATIC_MUTEX_INIT;
+static CRYPTO_MUTEX string_tables_lock = CRYPTO_MUTEX_INIT;
 
 void ASN1_STRING_set_default_mask(unsigned long mask) {}
 
@@ -87,7 +87,7 @@ static const ASN1_STRING_TABLE *asn1_string_table_get(int nid);
 // a corresponding OID. For example certificates and certificate requests.
 
 ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
-                                    int len, int inform, int nid) {
+                                    ossl_ssize_t len, int inform, int nid) {
   ASN1_STRING *str = NULL;
   int ret;
   if (!out) {
@@ -176,11 +176,11 @@ static const ASN1_STRING_TABLE *asn1_string_table_get(int nid) {
     return tbl;
   }
 
-  CRYPTO_STATIC_MUTEX_lock_read(&string_tables_lock);
+  CRYPTO_MUTEX_lock_read(&string_tables_lock);
   if (string_tables != NULL) {
     tbl = lh_ASN1_STRING_TABLE_retrieve(string_tables, &key);
   }
-  CRYPTO_STATIC_MUTEX_unlock_read(&string_tables_lock);
+  CRYPTO_MUTEX_unlock_read(&string_tables_lock);
   // Note returning |tbl| without the lock is only safe because
   // |ASN1_STRING_TABLE_add| cannot modify or delete existing entries. If we
   // wish to support that, this function must copy the result under a lock.
@@ -196,7 +196,7 @@ int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize,
   }
 
   int ret = 0;
-  CRYPTO_STATIC_MUTEX_lock_write(&string_tables_lock);
+  CRYPTO_MUTEX_lock_write(&string_tables_lock);
 
   if (string_tables == NULL) {
     string_tables = lh_ASN1_STRING_TABLE_new(table_hash, table_cmp);
@@ -232,7 +232,7 @@ int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize,
   ret = 1;
 
 err:
-  CRYPTO_STATIC_MUTEX_unlock_write(&string_tables_lock);
+  CRYPTO_MUTEX_unlock_write(&string_tables_lock);
   return ret;
 }
 

Sources/CCryptoBoringSSL/crypto/asn1/a_time.c

@@ -61,6 +61,7 @@
 #include <time.h>
 
 #include <CCryptoBoringSSL_asn1t.h>
+#include <CCryptoBoringSSL_bytestring.h>
 #include <CCryptoBoringSSL_err.h>
 #include <CCryptoBoringSSL_mem.h>
 
@@ -82,6 +83,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t time) {
   return ASN1_TIME_adj(s, time, 0, 0);
 }
 
+static int fits_in_utc_time(const struct tm *tm) {
+  return 50 <= tm->tm_year && tm->tm_year < 150;
+}
+
 ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, int64_t posix_time, int offset_day,
                          long offset_sec) {
   struct tm tm;
@@ -95,7 +100,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, int64_t posix_time, int offset_day,
       return NULL;
     }
   }
-  if ((tm.tm_year >= 50) && (tm.tm_year < 150)) {
+  if (fits_in_utc_time(&tm)) {
     return ASN1_UTCTIME_adj(s, posix_time, offset_day, offset_sec);
   }
   return ASN1_GENERALIZEDTIME_adj(s, posix_time, offset_day, offset_sec);
@@ -171,6 +176,34 @@ int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) {
          ASN1_GENERALIZEDTIME_set_string(s, str);
 }
 
+int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str) {
+  CBS cbs;
+  CBS_init(&cbs, (const uint8_t*)str, strlen(str));
+  int type;
+  struct tm tm;
+  if (CBS_parse_utc_time(&cbs, /*out_tm=*/NULL,
+                         /*allow_timezone_offset=*/0)) {
+    type = V_ASN1_UTCTIME;
+  } else if (CBS_parse_generalized_time(&cbs, &tm,
+                                        /*allow_timezone_offset=*/0)) {
+    type = V_ASN1_GENERALIZEDTIME;
+    if (fits_in_utc_time(&tm)) {
+      type = V_ASN1_UTCTIME;
+      CBS_skip(&cbs, 2);
+    }
+  } else {
+    return 0;
+  }
+
+  if (s != NULL) {
+    if (!ASN1_STRING_set(s, CBS_data(&cbs), CBS_len(&cbs))) {
+      return 0;
+    }
+    s->type = type;
+  }
+  return 1;
+}
+
 static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t,
                            int allow_timezone_offset) {
   if (t == NULL) {

Sources/CCryptoBoringSSL/crypto/asn1/a_utctm.c

@@ -60,6 +60,7 @@
 #include <CCryptoBoringSSL_mem.h>
 #include <CCryptoBoringSSL_time.h>
 
+#include <stdlib.h>
 #include <string.h>
 #include <time.h>
 
@@ -83,11 +84,14 @@ int ASN1_UTCTIME_check(const ASN1_UTCTIME *d) {
 }
 
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) {
+  // Although elsewhere we allow timezone offsets with UTCTime, to be compatible
+  // with some existing misissued certificates, this function is used to
+  // construct new certificates and can be stricter.
   size_t len = strlen(str);
   CBS cbs;
   CBS_init(&cbs, (const uint8_t *)str, len);
   if (!CBS_parse_utc_time(&cbs, /*out_tm=*/NULL,
-                          /*allow_timezone_offset=*/1)) {
+                          /*allow_timezone_offset=*/0)) {
     return 0;
   }
   if (s != NULL) {
@@ -121,9 +125,12 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, int64_t posix_time, int offset_d
   }
 
   char buf[14];
-  BIO_snprintf(buf, sizeof(buf), "%02d%02d%02d%02d%02d%02dZ",
-               data.tm_year % 100, data.tm_mon + 1, data.tm_mday, data.tm_hour,
-               data.tm_min, data.tm_sec);
+  int ret = snprintf(buf, sizeof(buf), "%02d%02d%02d%02d%02d%02dZ",
+                     data.tm_year % 100, data.tm_mon + 1, data.tm_mday,
+                     data.tm_hour, data.tm_min, data.tm_sec);
+  if (ret != (int)(sizeof(buf) - 1)) {
+    abort();  // |snprintf| should neither truncate nor write fewer bytes.
+  }
 
   int free_s = 0;
   if (s == NULL) {

Sources/CCryptoBoringSSL/crypto/bio/bio.c

@@ -628,14 +628,14 @@ void BIO_set_retry_special(BIO *bio) {
 
 int BIO_set_write_buffer_size(BIO *bio, int buffer_size) { return 0; }
 
-static struct CRYPTO_STATIC_MUTEX g_index_lock = CRYPTO_STATIC_MUTEX_INIT;
+static CRYPTO_MUTEX g_index_lock = CRYPTO_MUTEX_INIT;
 static int g_index = BIO_TYPE_START;
 
 int BIO_get_new_index(void) {
-  CRYPTO_STATIC_MUTEX_lock_write(&g_index_lock);
+  CRYPTO_MUTEX_lock_write(&g_index_lock);
   // If |g_index| exceeds 255, it will collide with the flags bits.
   int ret = g_index > 255 ? -1 : g_index++;
-  CRYPTO_STATIC_MUTEX_unlock_write(&g_index_lock);
+  CRYPTO_MUTEX_unlock_write(&g_index_lock);
   return ret;
 }
 

Sources/CCryptoBoringSSL/crypto/bio/bio_mem.c

@@ -206,7 +206,6 @@ static int mem_gets(BIO *bio, char *buf, int size) {
 
 static long mem_ctrl(BIO *bio, int cmd, long num, void *ptr) {
   long ret = 1;
-  char **pptr;
 
   BUF_MEM *b = (BUF_MEM *)bio->ptr;
 
@@ -232,8 +231,8 @@ static long mem_ctrl(BIO *bio, int cmd, long num, void *ptr) {
     case BIO_CTRL_INFO:
       ret = (long)b->length;
       if (ptr != NULL) {
-        pptr = (char **)ptr;
-        *pptr = (char *)&b->data[0];
+        char **pptr = ptr;
+        *pptr = b->data;
       }
       break;
     case BIO_C_SET_BUF_MEM:
@@ -243,8 +242,8 @@ static long mem_ctrl(BIO *bio, int cmd, long num, void *ptr) {
       break;
     case BIO_C_GET_BUF_MEM_PTR:
       if (ptr != NULL) {
-        pptr = (char **)ptr;
-        *pptr = (char *)b;
+        BUF_MEM **pptr = ptr;
+        *pptr = b;
       }
       break;
     case BIO_CTRL_GET_CLOSE:
@@ -294,15 +293,15 @@ int BIO_mem_contents(const BIO *bio, const uint8_t **out_contents,
 }
 
 long BIO_get_mem_data(BIO *bio, char **contents) {
-  return BIO_ctrl(bio, BIO_CTRL_INFO, 0, (char *) contents);
+  return BIO_ctrl(bio, BIO_CTRL_INFO, 0, contents);
 }
 
 int BIO_get_mem_ptr(BIO *bio, BUF_MEM **out) {
-  return (int)BIO_ctrl(bio, BIO_C_GET_BUF_MEM_PTR, 0, (char *) out);
+  return (int)BIO_ctrl(bio, BIO_C_GET_BUF_MEM_PTR, 0, out);
 }
 
 int BIO_set_mem_buf(BIO *bio, BUF_MEM *b, int take_ownership) {
-  return (int)BIO_ctrl(bio, BIO_C_SET_BUF_MEM, take_ownership, (char *) b);
+  return (int)BIO_ctrl(bio, BIO_C_SET_BUF_MEM, take_ownership, b);
 }
 
 int BIO_set_mem_eof_return(BIO *bio, int eof_value) {