Update BoringSSL to 4ca15d5dcbe6e8051a4654df7c971ea8307abfe0 (#142)

Package.swift

@@ -22,7 +22,7 @@ import PackageDescription
 // Sources/CNIOBoringSSL directory. The source repository is at
 // https://boringssl.googlesource.com/boringssl.
 //
-// BoringSSL Commit: 6e7255c17e1a7348a2377fbc804441dd284806e2
+// BoringSSL Commit: 4ca15d5dcbe6e8051a4654df7c971ea8307abfe0
 
 let package = Package(
     name: "swift-nio-ssl",

Sources/CNIOBoringSSL/crypto/chacha/chacha-armv4.linux.arm.S

@@ -1490,6 +1490,7 @@ ChaCha20_neon:
 .size	ChaCha20_neon,.-ChaCha20_neon
 .comm	OPENSSL_armcap_P,4,4
 #endif
+.section	.note.GNU-stack,"",%progbits
 #endif
 #endif  // !OPENSSL_NO_ASM
 #endif  // defined(__arm__) && defined(__linux__)

Sources/CNIOBoringSSL/crypto/chacha/chacha-armv8.linux.aarch64.S

@@ -1982,6 +1982,7 @@ ChaCha20_512_neon:
 	ldp	x29,x30,[sp],#96
 	ret
 .size	ChaCha20_512_neon,.-ChaCha20_512_neon
+.section	.note.GNU-stack,"",%progbits
 #endif
 #endif  // !OPENSSL_NO_ASM
 #endif  // defined(__aarch64__) && defined(__linux__)

Sources/CNIOBoringSSL/crypto/chacha/chacha-x86.linux.x86.S

@@ -973,6 +973,7 @@ ChaCha20_ssse3:
 .byte	44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32
 .byte	60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111
 .byte	114,103,62,0
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__i386__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/chacha/chacha-x86_64.linux.x86_64.S

@@ -1631,6 +1631,7 @@ ChaCha20_8x:
 	.byte	0xf3,0xc3
 .cfi_endproc	
 .size	ChaCha20_8x,.-ChaCha20_8x
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__x86_64__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/cipher_extra/aes128gcmsiv-x86_64.linux.x86_64.S

@@ -3077,6 +3077,7 @@ aes256gcmsiv_kdf:
 	.byte	0xf3,0xc3
 .cfi_endproc	
 .size	aes256gcmsiv_kdf, .-aes256gcmsiv_kdf
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__x86_64__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/cipher_extra/chacha20_poly1305_x86_64.linux.x86_64.S

@@ -8985,6 +8985,7 @@ seal_avx2_short_tail:
 	vzeroupper
 	jmp	seal_sse_tail_16
 .cfi_endproc	
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__x86_64__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/curve25519/asm/x25519-asm-arm.S

@@ -2131,6 +2131,10 @@ mov sp,r12
 vpop {q4,q5,q6,q7}
 bx lr
 
+#if defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
+#endif
+
 #endif  /* !OPENSSL_NO_ASM && __arm__ && !__APPLE__ */
 #endif  // defined(__arm__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/fipsmodule/aes-586.linux.x86.S

@@ -3261,6 +3261,7 @@ aes_nohw_set_decrypt_key:
 .byte	65,69,83,32,102,111,114,32,120,56,54,44,32,67,82,89
 .byte	80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114
 .byte	111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__i386__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/fipsmodule/aes-armv4.linux.arm.S

@@ -1219,6 +1219,7 @@ _armv4_AES_decrypt:
 .byte	65,69,83,32,102,111,114,32,65,82,77,118,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align	2
 .align	2
+.section	.note.GNU-stack,"",%progbits
 #endif
 #endif  // !OPENSSL_NO_ASM
 #endif  // defined(__arm__) && defined(__linux__)

Sources/CNIOBoringSSL/crypto/fipsmodule/aes-x86_64.linux.x86_64.S

@@ -2663,6 +2663,7 @@ aes_nohw_cbc_encrypt:
 .long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
 .byte	65,69,83,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align	64
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__x86_64__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/fipsmodule/aesni-gcm-x86_64.linux.x86_64.S

@@ -850,6 +850,7 @@ aesni_gcm_encrypt:
 .byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
 .byte	65,69,83,45,78,73,32,71,67,77,32,109,111,100,117,108,101,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align	64
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__x86_64__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/fipsmodule/aesni-x86.linux.x86.S

@@ -2511,6 +2511,7 @@ aes_hw_set_decrypt_key:
 .byte	83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83
 .byte	32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115
 .byte	115,108,46,111,114,103,62,0
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__i386__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/fipsmodule/aesni-x86_64.linux.x86_64.S

@@ -2504,6 +2504,7 @@ __aesni_set_encrypt_key:
 
 .byte	65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align	64
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__x86_64__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/fipsmodule/aesv8-armx32.linux.arm.S

@@ -778,6 +778,7 @@ aes_hw_ctr32_encrypt_blocks:
 	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,pc}
 .size	aes_hw_ctr32_encrypt_blocks,.-aes_hw_ctr32_encrypt_blocks
 #endif
+.section	.note.GNU-stack,"",%progbits
 #endif
 #endif  // !OPENSSL_NO_ASM
 #endif  // defined(__arm__) && defined(__linux__)

Sources/CNIOBoringSSL/crypto/fipsmodule/aesv8-armx64.linux.aarch64.S

@@ -772,6 +772,7 @@ aes_hw_ctr32_encrypt_blocks:
 	ret
 .size	aes_hw_ctr32_encrypt_blocks,.-aes_hw_ctr32_encrypt_blocks
 #endif
+.section	.note.GNU-stack,"",%progbits
 #endif
 #endif  // !OPENSSL_NO_ASM
 #endif  // defined(__aarch64__) && defined(__linux__)

Sources/CNIOBoringSSL/crypto/fipsmodule/armv4-mont.linux.arm.S

@@ -974,6 +974,7 @@ bn_mul8x_mont_neon:
 .comm	OPENSSL_armcap_P,4,4
 .hidden	OPENSSL_armcap_P
 #endif
+.section	.note.GNU-stack,"",%progbits
 #endif
 #endif  // !OPENSSL_NO_ASM
 #endif  // defined(__arm__) && defined(__linux__)

Sources/CNIOBoringSSL/crypto/fipsmodule/armv8-mont.linux.aarch64.S

@@ -1420,6 +1420,7 @@ __bn_mul4x_mont:
 .byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align	2
 .align	4
+.section	.note.GNU-stack,"",%progbits
 #endif
 #endif  // !OPENSSL_NO_ASM
 #endif  // defined(__aarch64__) && defined(__linux__)

Sources/CNIOBoringSSL/crypto/fipsmodule/bn-586.linux.x86.S

@@ -1542,6 +1542,7 @@ bn_sub_part_words:
 	popl	%ebp
 	ret
 .size	bn_sub_part_words,.-.L_bn_sub_part_words_begin
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__i386__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/fipsmodule/bsaes-armv7.linux.arm.S

@@ -1526,6 +1526,7 @@ bsaes_ctr32_encrypt_blocks:
 	@ out to retain a constant-time implementation.
 .size	bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
 #endif
+.section	.note.GNU-stack,"",%progbits
 #endif
 #endif  // !OPENSSL_NO_ASM
 #endif  // defined(__arm__) && defined(__linux__)

Sources/CNIOBoringSSL/crypto/fipsmodule/co-586.linux.x86.S

@@ -1264,6 +1264,7 @@ bn_sqr_comba4:
 	popl	%esi
 	ret
 .size	bn_sqr_comba4,.-.L_bn_sqr_comba4_begin
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__i386__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/fipsmodule/ghash-armv4.linux.arm.S

@@ -588,6 +588,7 @@ gcm_ghash_neon:
 .byte	71,72,65,83,72,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align	2
 .align	2
+.section	.note.GNU-stack,"",%progbits
 #endif
 #endif  // !OPENSSL_NO_ASM
 #endif  // defined(__arm__) && defined(__linux__)

Sources/CNIOBoringSSL/crypto/fipsmodule/ghash-neon-armv8.linux.aarch64.S

@@ -338,6 +338,7 @@ gcm_ghash_neon:
 .byte	71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,100,101,114,105,118,101,100,32,102,114,111,109,32,65,82,77,118,52,32,118,101,114,115,105,111,110,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align	2
 .align	2
+.section	.note.GNU-stack,"",%progbits
 #endif
 #endif  // !OPENSSL_NO_ASM
 #endif  // defined(__aarch64__) && defined(__linux__)

Sources/CNIOBoringSSL/crypto/fipsmodule/ghash-ssse3-x86.linux.x86.S

@@ -292,6 +292,7 @@ gcm_ghash_ssse3:
 .align	16
 .Llow4_mask:
 .long	252645135,252645135,252645135,252645135
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__i386__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/fipsmodule/ghash-ssse3-x86_64.linux.x86_64.S

@@ -425,6 +425,7 @@ gcm_ghash_ssse3:
 
 .Llow4_mask:
 .quad	0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__x86_64__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/fipsmodule/ghash-x86.linux.x86.S

@@ -1073,6 +1073,7 @@ gcm_ghash_clmul:
 .byte	82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112
 .byte	112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62
 .byte	0
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__i386__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/fipsmodule/ghash-x86_64.linux.x86_64.S

@@ -1870,6 +1870,7 @@ gcm_ghash_avx:
 
 .byte	71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align	64
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__x86_64__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/fipsmodule/ghashv8-armx32.linux.arm.S

@@ -250,6 +250,7 @@ gcm_ghash_v8:
 .byte	71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align	2
 .align	2
+.section	.note.GNU-stack,"",%progbits
 #endif
 #endif  // !OPENSSL_NO_ASM
 #endif  // defined(__arm__) && defined(__linux__)

Sources/CNIOBoringSSL/crypto/fipsmodule/ghashv8-armx64.linux.aarch64.S

@@ -246,6 +246,7 @@ gcm_ghash_v8:
 .byte	71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align	2
 .align	2
+.section	.note.GNU-stack,"",%progbits
 #endif
 #endif  // !OPENSSL_NO_ASM
 #endif  // defined(__aarch64__) && defined(__linux__)

Sources/CNIOBoringSSL/crypto/fipsmodule/md5-586.linux.x86.S

@@ -686,6 +686,7 @@ md5_block_asm_data_order:
 	popl	%esi
 	ret
 .size	md5_block_asm_data_order,.-.L_md5_block_asm_data_order_begin
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__i386__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/fipsmodule/md5-x86_64.linux.x86_64.S

@@ -700,6 +700,7 @@ md5_block_asm_data_order:
 	.byte	0xf3,0xc3
 .cfi_endproc	
 .size	md5_block_asm_data_order,.-md5_block_asm_data_order
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__x86_64__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/fipsmodule/p256-x86_64-asm.linux.x86_64.S

@@ -4541,6 +4541,7 @@ ecp_nistz256_point_add_affinex:
 	.byte	0xf3,0xc3
 .cfi_endproc	
 .size	ecp_nistz256_point_add_affinex,.-ecp_nistz256_point_add_affinex
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__x86_64__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/fipsmodule/p256_beeu-x86_64-asm.linux.x86_64.S

@@ -341,6 +341,7 @@ beeu_mod_inverse_vartime:
 .cfi_endproc	
 
 .size	beeu_mod_inverse_vartime, .-beeu_mod_inverse_vartime
+.section	.note.GNU-stack,"",@progbits
 #endif
 #endif  // defined(__x86_64__) && defined(__linux__)
 #if defined(__linux__) && defined(__ELF__)

Sources/CNIOBoringSSL/crypto/fipsmodule/rand/internal.h

@@ -41,6 +41,11 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
 void CRYPTO_sysrand(uint8_t *buf, size_t len);
 
 #if defined(OPENSSL_URANDOM) && defined(BORINGSSL_FIPS)
+// CRYPTO_sysrand_for_seed fills |len| bytes at |buf| with entropy from the
+// operating system. It may draw from the |GRND_RANDOM| pool on Android,
+// depending on the vendor's configuration.
+void CRYPTO_sysrand_for_seed(uint8_t *buf, size_t len);
+
 // CRYPTO_sysrand_if_available fills |len| bytes at |buf| with entropy from the
 // operating system, if the entropy pool is initialized. If it is uninitialized,
 // it will not block and will instead fill |buf| with all zeros or early

Sources/CNIOBoringSSL/crypto/fipsmodule/rand/rand.c

@@ -32,9 +32,9 @@
 
 
 // It's assumed that the operating system always has an unfailing source of
-// entropy which is accessed via |CRYPTO_sysrand|. (If the operating system
-// entropy source fails, it's up to |CRYPTO_sysrand| to abort the process—we
-// don't try to handle it.)
+// entropy which is accessed via |CRYPTO_sysrand[_for_seed]|. (If the operating
+// system entropy source fails, it's up to |CRYPTO_sysrand| to abort the
+// process—we don't try to handle it.)
 //
 // In addition, the hardware may provide a low-latency RNG. Intel's rdrand
 // instruction is the canonical example of this. When a hardware RNG is
@@ -61,11 +61,11 @@ struct rand_thread_state {
   // (re)seeded. This is bound by |kReseedInterval|.
   unsigned calls;
   // last_block_valid is non-zero iff |last_block| contains data from
-  // |CRYPTO_sysrand|.
+  // |CRYPTO_sysrand_for_seed|.
   int last_block_valid;
 
 #if defined(BORINGSSL_FIPS)
-  // last_block contains the previous block from |CRYPTO_sysrand|.
+  // last_block contains the previous block from |CRYPTO_sysrand_for_seed|.
   uint8_t last_block[CRNGT_BLOCK_SIZE];
   // next and prev form a NULL-terminated, double-linked list of all states in
   // a process.
@@ -169,7 +169,7 @@ static void rand_get_seed(struct rand_thread_state *state,
                           uint8_t seed[CTR_DRBG_ENTROPY_LEN]) {
   if (!state->last_block_valid) {
     if (!hwrand(state->last_block, sizeof(state->last_block))) {
-      CRYPTO_sysrand(state->last_block, sizeof(state->last_block));
+      CRYPTO_sysrand_for_seed(state->last_block, sizeof(state->last_block));
     }
     state->last_block_valid = 1;
   }
@@ -181,7 +181,7 @@ static void rand_get_seed(struct rand_thread_state *state,
 
   int used_hwrand = hwrand(entropy, sizeof(entropy));
   if (!used_hwrand) {
-    CRYPTO_sysrand(entropy, sizeof(entropy));
+    CRYPTO_sysrand_for_seed(entropy, sizeof(entropy));
   }
 
   // See FIPS 140-2, section 4.9.2. This is the “continuous random number