Update BoringSSL (#134)

* Update vend script * Fix ASM script * Update BoringSSL * Update RSA key * Adjust whitespace and add explicit access modifier * Update README header --------- Co-authored-by: Paul <paultoffoloni@gmail.com>
vapor · Feb 21, 2024 · e05513b · e05513b
1 parent 362dc6e
commit e05513b
Show file tree

Hide file tree

Showing 384 changed files with 17,283 additions and 19,874 deletions.
diff --git a/Package.swift b/Package.swift
@@ -1,13 +1,22 @@
 // swift-tools-version:5.6
 import PackageDescription
 
+// This package contains a vendored copy of BoringSSL. For ease of tracking
+// down problems with the copy of BoringSSL in use, we include a copy of the
+// commit hash of the revision of BoringSSL included in the given release.
+// This is also reproduced in a file called hash.txt in the
+// Sources/CCryptoBoringSSL directory. The source repository is at
+// https://boringssl.googlesource.com/boringssl.
+//
+// BoringSSL Commit: 58a318edc892a595a5b043359a5d441869158699
+
 let package = Package(
     name: "jwt-kit",
     platforms: [
         .macOS(.v10_15),
         .iOS(.v13),
         .tvOS(.v13),
-        .watchOS(.v6)
+        .watchOS(.v6),
     ],
     products: [
         .library(name: "JWTKit", targets: ["JWTKit"]),
@@ -16,7 +25,7 @@ let package = Package(
         MANGLE_END */
     ],
     dependencies: [
-        .package(url: "https://github.com/apple/swift-crypto.git", "2.0.0" ..< "4.0.0")
+        .package(url: "https://github.com/apple/swift-crypto.git", "2.0.0" ..< "4.0.0"),
     ],
     targets: [
         .target(name: "CJWTKitBoringSSL"),
@@ -28,5 +37,5 @@ let package = Package(
             .target(name: "JWTKit"),
         ]),
     ],
-     cxxLanguageStandard: .cxx11
+    cxxLanguageStandard: .cxx11
 )
diff --git a/README.md b/README.md
@@ -1,23 +1,19 @@
 <p align="center">
-    <img 
-        src="https://user-images.githubusercontent.com/1342803/59471117-1c77b300-8e08-11e9-838e-441b280855b3.png" 
-        height="64" 
-        alt="JWTKit">
-    <a href="https://docs.vapor.codes/4.0/">
-        <img src="http://img.shields.io/badge/read_the-docs-2196f3.svg" alt="Documentation">
-    </a>
-    <a href="https://discord.gg/vapor">
-        <img src="https://img.shields.io/discord/431917998102675485.svg" alt="Team Chat">
-    </a>
-    <a href="LICENSE">
-        <img src="http://img.shields.io/badge/license-MIT-brightgreen.svg" alt="MIT License">
-    </a>
-    <a href="https://github.com/vapor/jwt-kit/actions/workflows/test.yml">
-        <img src="https://github.com/vapor/jwt-kit/actions/workflows/test.yml/badge.svg?event=push" alt="CI">
-    </a>
-    <a href="https://swift.org">
-        <img src="http://img.shields.io/badge/swift-5.6-brightgreen.svg" alt="Swift 5.6">
-    </a>
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="https://github.com/vapor/jwt-kit/assets/1130717/06939767-8779-42ea-9bb6-9d3e7a07d20c">
+  <source media="(prefers-color-scheme: light)" srcset="https://github.com/vapor/jwt-kit/assets/1130717/bdc5befe-01c4-4e50-a203-c6ef71e16394">
+  <img src="https://github.com/vapor/jwt-kit/assets/1130717/bdc5befe-01c4-4e50-a203-c6ef71e16394" height="96" alt="JWTKit">
+</picture> 
+<br>
+<br>
+<a href="https://docs.vapor.codes/4.0/"><img src="https://design.vapor.codes/images/readthedocs.svg" alt="Documentation"></a>
+<a href="https://discord.gg/vapor"><img src="https://design.vapor.codes/images/discordchat.svg" alt="Team Chat"></a>
+<a href="LICENSE"><img src="https://design.vapor.codes/images/mitlicense.svg" alt="MIT License"></a>
+<a href="https://github.com/vapor/jwt-kit/actions/workflows/test.yml"><img src="https://img.shields.io/github/actions/workflow/status/vapor/jwt-kit/test.yml?event=push&style=plastic&logo=github&label=tests&logoColor=%23ccc" alt="Continuous Integration"></a>
+<a href="https://codecov.io/github/vapor/jwt-kit"><img src="https://img.shields.io/codecov/c/github/vapor/jwt-kit?style=plastic&logo=codecov&label=codecov"></a>
+</p>
+
+<br>
 </p>
 
 <br>

diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/a_gentm.c b/Sources/CJWTKitBoringSSL/crypto/asn1/a_gentm.c
@@ -58,8 +58,9 @@
 #include <CJWTKitBoringSSL_bytestring.h>
 #include <CJWTKitBoringSSL_err.h>
 #include <CJWTKitBoringSSL_mem.h>
-#include <CJWTKitBoringSSL_time.h>
+#include <CJWTKitBoringSSL_posix_time.h>
 
+#include <stdlib.h>
 #include <string.h>
 #include <time.h>
 
@@ -123,9 +124,12 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
   }
 
   char buf[16];
-  BIO_snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d%02dZ",
-               data.tm_year + 1900, data.tm_mon + 1, data.tm_mday, data.tm_hour,
-               data.tm_min, data.tm_sec);
+  int ret = snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d%02dZ",
+                     data.tm_year + 1900, data.tm_mon + 1, data.tm_mday,
+                     data.tm_hour, data.tm_min, data.tm_sec);
+  if (ret != (int)(sizeof(buf) - 1)) {
+    abort();  // |snprintf| should neither truncate nor write fewer bytes.
+  }
 
   int free_s = 0;
   if (s == NULL) {

diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/a_mbstr.c b/Sources/CJWTKitBoringSSL/crypto/asn1/a_mbstr.c
@@ -97,22 +97,22 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in,
   int error;
   switch (inform) {
     case MBSTRING_BMP:
-      decode_func = cbs_get_ucs2_be;
+      decode_func = CBS_get_ucs2_be;
       error = ASN1_R_INVALID_BMPSTRING;
       break;
 
     case MBSTRING_UNIV:
-      decode_func = cbs_get_utf32_be;
+      decode_func = CBS_get_utf32_be;
       error = ASN1_R_INVALID_UNIVERSALSTRING;
       break;
 
     case MBSTRING_UTF8:
-      decode_func = cbs_get_utf8;
+      decode_func = CBS_get_utf8;
       error = ASN1_R_INVALID_UTF8STRING;
       break;
 
     case MBSTRING_ASC:
-      decode_func = cbs_get_latin1;
+      decode_func = CBS_get_latin1;
       error = ERR_R_INTERNAL_ERROR;  // Latin-1 inputs are never invalid.
       break;
 
@@ -162,7 +162,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in,
     }
 
     nchar++;
-    utf8_len += cbb_get_utf8_len(c);
+    utf8_len += CBB_get_utf8_len(c);
     if (maxsize > 0 && nchar > (size_t)maxsize) {
       OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_LONG);
       ERR_add_error_dataf("maxsize=%zu", (size_t)maxsize);
@@ -178,7 +178,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in,
 
   // Now work out output format and string type
   int str_type;
-  int (*encode_func)(CBB *, uint32_t) = cbb_add_latin1;
+  int (*encode_func)(CBB *, uint32_t) = CBB_add_latin1;
   size_t size_estimate = nchar;
   int outform = MBSTRING_ASC;
   if (mask & B_ASN1_PRINTABLESTRING) {
@@ -190,17 +190,17 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in,
   } else if (mask & B_ASN1_BMPSTRING) {
     str_type = V_ASN1_BMPSTRING;
     outform = MBSTRING_BMP;
-    encode_func = cbb_add_ucs2_be;
+    encode_func = CBB_add_ucs2_be;
     size_estimate = 2 * nchar;
   } else if (mask & B_ASN1_UNIVERSALSTRING) {
     str_type = V_ASN1_UNIVERSALSTRING;
-    encode_func = cbb_add_utf32_be;
+    encode_func = CBB_add_utf32_be;
     size_estimate = 4 * nchar;
     outform = MBSTRING_UNIV;
   } else if (mask & B_ASN1_UTF8STRING) {
     str_type = V_ASN1_UTF8STRING;
     outform = MBSTRING_UTF8;
-    encode_func = cbb_add_utf8;
+    encode_func = CBB_add_utf8;
     size_estimate = utf8_len;
   } else {
     OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_CHARACTERS);

diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/a_strex.c b/Sources/CJWTKitBoringSSL/crypto/asn1/a_strex.c
@@ -68,6 +68,7 @@
 #include <CJWTKitBoringSSL_mem.h>
 
 #include "../bytestring/internal.h"
+#include "../internal.h"
 #include "internal.h"
 
 
@@ -89,18 +90,18 @@ static int do_esc_char(uint32_t c, unsigned long flags, char *do_quotes,
   char buf[16];  // Large enough for "\\W01234567".
   unsigned char u8 = (unsigned char)c;
   if (c > 0xffff) {
-    BIO_snprintf(buf, sizeof(buf), "\\W%08" PRIX32, c);
+    snprintf(buf, sizeof(buf), "\\W%08" PRIX32, c);
   } else if (c > 0xff) {
-    BIO_snprintf(buf, sizeof(buf), "\\U%04" PRIX32, c);
+    snprintf(buf, sizeof(buf), "\\U%04" PRIX32, c);
   } else if ((flags & ASN1_STRFLGS_ESC_MSB) && c > 0x7f) {
-    BIO_snprintf(buf, sizeof(buf), "\\%02X", c);
+    snprintf(buf, sizeof(buf), "\\%02X", c);
   } else if ((flags & ASN1_STRFLGS_ESC_CTRL) && is_control_character(c)) {
-    BIO_snprintf(buf, sizeof(buf), "\\%02X", c);
+    snprintf(buf, sizeof(buf), "\\%02X", c);
   } else if (flags & ASN1_STRFLGS_ESC_2253) {
     // See RFC 2253, sections 2.4 and 4.
     if (c == '\\' || c == '"') {
       // Quotes and backslashes are always escaped, quoted or not.
-      BIO_snprintf(buf, sizeof(buf), "\\%c", (int)c);
+      snprintf(buf, sizeof(buf), "\\%c", (int)c);
     } else if (c == ',' || c == '+' || c == '<' || c == '>' || c == ';' ||
                (is_first && (c == ' ' || c == '#')) ||
                (is_last && (c == ' '))) {
@@ -111,13 +112,13 @@ static int do_esc_char(uint32_t c, unsigned long flags, char *do_quotes,
         }
         return maybe_write(out, &u8, 1) ? 1 : -1;
       }
-      BIO_snprintf(buf, sizeof(buf), "\\%c", (int)c);
+      snprintf(buf, sizeof(buf), "\\%c", (int)c);
     } else {
       return maybe_write(out, &u8, 1) ? 1 : -1;
     }
   } else if ((flags & ESC_FLAGS) && c == '\\') {
     // If any escape flags are set, also escape backslashes.
-    BIO_snprintf(buf, sizeof(buf), "\\%c", (int)c);
+    snprintf(buf, sizeof(buf), "\\%c", (int)c);
   } else {
     return maybe_write(out, &u8, 1) ? 1 : -1;
   }
@@ -137,19 +138,19 @@ static int do_buf(const unsigned char *buf, int buflen, int encoding,
   int get_char_error;
   switch (encoding) {
     case MBSTRING_UNIV:
-      get_char = cbs_get_utf32_be;
+      get_char = CBS_get_utf32_be;
       get_char_error = ASN1_R_INVALID_UNIVERSALSTRING;
       break;
     case MBSTRING_BMP:
-      get_char = cbs_get_ucs2_be;
+      get_char = CBS_get_ucs2_be;
       get_char_error = ASN1_R_INVALID_BMPSTRING;
       break;
     case MBSTRING_ASC:
-      get_char = cbs_get_latin1;
+      get_char = CBS_get_latin1;
       get_char_error = ERR_R_INTERNAL_ERROR;  // Should not be possible.
       break;
     case MBSTRING_UTF8:
-      get_char = cbs_get_utf8;
+      get_char = CBS_get_utf8;
       get_char_error = ASN1_R_INVALID_UTF8STRING;
       break;
     default:
@@ -172,7 +173,7 @@ static int do_buf(const unsigned char *buf, int buflen, int encoding,
       uint8_t utf8_buf[6];
       CBB utf8_cbb;
       CBB_init_fixed(&utf8_cbb, utf8_buf, sizeof(utf8_buf));
-      if (!cbb_add_utf8(&utf8_cbb, c)) {
+      if (!CBB_add_utf8(&utf8_cbb, c)) {
         OPENSSL_PUT_ERROR(ASN1, ERR_R_INTERNAL_ERROR);
         return 1;
       }
@@ -238,22 +239,8 @@ static int do_dump(unsigned long flags, BIO *out, const ASN1_STRING *str) {
   // Placing the ASN1_STRING in a temporary ASN1_TYPE allows the DER encoding
   // to readily obtained.
   ASN1_TYPE t;
-  t.type = str->type;
-  // Negative INTEGER and ENUMERATED values are the only case where
-  // |ASN1_STRING| and |ASN1_TYPE| types do not match.
-  //
-  // TODO(davidben): There are also some type fields which, in |ASN1_TYPE|, do
-  // not correspond to |ASN1_STRING|. It is unclear whether those are allowed
-  // in |ASN1_STRING| at all, or what the space of allowed types is.
-  // |ASN1_item_ex_d2i| will never produce such a value so, for now, we say
-  // this is an invalid input. But this corner of the library in general
-  // should be more robust.
-  if (t.type == V_ASN1_NEG_INTEGER) {
-    t.type = V_ASN1_INTEGER;
-  } else if (t.type == V_ASN1_NEG_ENUMERATED) {
-    t.type = V_ASN1_ENUMERATED;
-  }
-  t.value.asn1_string = (ASN1_STRING *)str;
+  OPENSSL_memset(&t, 0, sizeof(ASN1_TYPE));
+  asn1_type_set0_string(&t, (ASN1_STRING *)str);
   unsigned char *der_buf = NULL;
   int der_len = i2d_ASN1_TYPE(&t, &der_buf);
   if (der_len < 0) {

diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/a_strnid.c b/Sources/CJWTKitBoringSSL/crypto/asn1/a_strnid.c
@@ -72,7 +72,7 @@
 DEFINE_LHASH_OF(ASN1_STRING_TABLE)
 
 static LHASH_OF(ASN1_STRING_TABLE) *string_tables = NULL;
-static struct CRYPTO_STATIC_MUTEX string_tables_lock = CRYPTO_STATIC_MUTEX_INIT;
+static CRYPTO_MUTEX string_tables_lock = CRYPTO_MUTEX_INIT;
 
 void ASN1_STRING_set_default_mask(unsigned long mask) {}
 
@@ -176,11 +176,11 @@ static const ASN1_STRING_TABLE *asn1_string_table_get(int nid) {
     return tbl;
   }
 
-  CRYPTO_STATIC_MUTEX_lock_read(&string_tables_lock);
+  CRYPTO_MUTEX_lock_read(&string_tables_lock);
   if (string_tables != NULL) {
     tbl = lh_ASN1_STRING_TABLE_retrieve(string_tables, &key);
   }
-  CRYPTO_STATIC_MUTEX_unlock_read(&string_tables_lock);
+  CRYPTO_MUTEX_unlock_read(&string_tables_lock);
   // Note returning |tbl| without the lock is only safe because
   // |ASN1_STRING_TABLE_add| cannot modify or delete existing entries. If we
   // wish to support that, this function must copy the result under a lock.
@@ -196,7 +196,7 @@ int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize,
   }
 
   int ret = 0;
-  CRYPTO_STATIC_MUTEX_lock_write(&string_tables_lock);
+  CRYPTO_MUTEX_lock_write(&string_tables_lock);
 
   if (string_tables == NULL) {
     string_tables = lh_ASN1_STRING_TABLE_new(table_hash, table_cmp);
@@ -232,7 +232,7 @@ int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize,
   ret = 1;
 
 err:
-  CRYPTO_STATIC_MUTEX_unlock_write(&string_tables_lock);
+  CRYPTO_MUTEX_unlock_write(&string_tables_lock);
   return ret;
 }
 

diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/a_time.c b/Sources/CJWTKitBoringSSL/crypto/asn1/a_time.c
@@ -55,12 +55,13 @@
  * [including the GNU Public Licence.] */
 
 #include <CJWTKitBoringSSL_asn1.h>
-#include <CJWTKitBoringSSL_time.h>
+#include <CJWTKitBoringSSL_posix_time.h>
 
 #include <string.h>
 #include <time.h>
 
 #include <CJWTKitBoringSSL_asn1t.h>
+#include <CJWTKitBoringSSL_bytestring.h>
 #include <CJWTKitBoringSSL_err.h>
 #include <CJWTKitBoringSSL_mem.h>
 
@@ -82,6 +83,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t time) {
   return ASN1_TIME_adj(s, time, 0, 0);
 }
 
+static int fits_in_utc_time(const struct tm *tm) {
+  return 50 <= tm->tm_year && tm->tm_year < 150;
+}
+
 ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, int64_t posix_time, int offset_day,
                          long offset_sec) {
   struct tm tm;
@@ -95,7 +100,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, int64_t posix_time, int offset_day,
       return NULL;
     }
   }
-  if ((tm.tm_year >= 50) && (tm.tm_year < 150)) {
+  if (fits_in_utc_time(&tm)) {
     return ASN1_UTCTIME_adj(s, posix_time, offset_day, offset_sec);
   }
   return ASN1_GENERALIZEDTIME_adj(s, posix_time, offset_day, offset_sec);
@@ -171,6 +176,34 @@ int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) {
          ASN1_GENERALIZEDTIME_set_string(s, str);
 }
 
+int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str) {
+  CBS cbs;
+  CBS_init(&cbs, (const uint8_t*)str, strlen(str));
+  int type;
+  struct tm tm;
+  if (CBS_parse_utc_time(&cbs, /*out_tm=*/NULL,
+                         /*allow_timezone_offset=*/0)) {
+    type = V_ASN1_UTCTIME;
+  } else if (CBS_parse_generalized_time(&cbs, &tm,
+                                        /*allow_timezone_offset=*/0)) {
+    type = V_ASN1_GENERALIZEDTIME;
+    if (fits_in_utc_time(&tm)) {
+      type = V_ASN1_UTCTIME;
+      CBS_skip(&cbs, 2);
+    }
+  } else {
+    return 0;
+  }
+
+  if (s != NULL) {
+    if (!ASN1_STRING_set(s, CBS_data(&cbs), CBS_len(&cbs))) {
+      return 0;
+    }
+    s->type = type;
+  }
+  return 1;
+}
+
 static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t,
                            int allow_timezone_offset) {
   if (t == NULL) {