Update boringssl to ff62b38 (#108)

Author: Lukasa

Package.swift

@@ -22,7 +22,7 @@ import PackageDescription
 // Sources/CNIOBoringSSL directory. The source repository is at
 // https://boringssl.googlesource.com/boringssl.
 //
-// BoringSSL Commit: ad9eee1628aa4dac2ac3528cb6bb5ddf27e73560
+// BoringSSL Commit: ff62b38b4b5a0e7926034b5f93d0c276e55b571d
 
 let package = Package(
     name: "swift-nio-ssl",

Sources/CNIOBoringSSL/crypto/cipher_extra/e_aesgcmsiv.c

@@ -426,6 +426,11 @@ static int aead_aes_gcm_siv_asm_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
     return 0;
   }
 
+  if (nonce_len != EVP_AEAD_AES_GCM_SIV_NONCE_LEN) {
+    OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
+    return 0;
+  }
+
   const struct aead_aes_gcm_siv_asm_ctx *gcm_siv_ctx = asm_ctx_from_ctx(ctx);
   const size_t plaintext_len = in_len - EVP_AEAD_AES_GCM_SIV_TAG_LEN;
   const uint8_t *const given_tag = in + plaintext_len;

Sources/CNIOBoringSSL/crypto/dsa/dsa.c

@@ -558,29 +558,34 @@ static int mod_mul_consttime(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
 }
 
 DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len, const DSA *dsa) {
-  BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
-  BIGNUM m;
-  BIGNUM xr;
-  BN_CTX *ctx = NULL;
-  int reason = ERR_R_BN_LIB;
-  DSA_SIG *ret = NULL;
-
-  BN_init(&m);
-  BN_init(&xr);
-
   if (!dsa->p || !dsa->q || !dsa->g) {
-    reason = DSA_R_MISSING_PARAMETERS;
-    goto err;
+    OPENSSL_PUT_ERROR(DSA, DSA_R_MISSING_PARAMETERS);
+    return NULL;
+  }
+
+  // Reject invalid parameters. In particular, the algorithm will infinite loop
+  // if |g| is zero.
+  if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) {
+    OPENSSL_PUT_ERROR(DSA, DSA_R_INVALID_PARAMETERS);
+    return NULL;
   }
 
   // We only support DSA keys that are a multiple of 8 bits. (This is a weaker
   // check than the one in |DSA_do_check_signature|, which only allows 160-,
   // 224-, and 256-bit keys.
   if (BN_num_bits(dsa->q) % 8 != 0) {
-    reason = DSA_R_BAD_Q_VALUE;
-    goto err;
+    OPENSSL_PUT_ERROR(DSA, DSA_R_BAD_Q_VALUE);
+    return NULL;
   }
 
+  BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
+  BIGNUM m;
+  BIGNUM xr;
+  BN_CTX *ctx = NULL;
+  DSA_SIG *ret = NULL;
+
+  BN_init(&m);
+  BN_init(&xr);
   s = BN_new();
   if (s == NULL) {
     goto err;
@@ -640,7 +645,7 @@ DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len, const DSA *dsa) {
 
 err:
   if (ret == NULL) {
-    OPENSSL_PUT_ERROR(DSA, reason);
+    OPENSSL_PUT_ERROR(DSA, ERR_R_BN_LIB);
     BN_free(r);
     BN_free(s);
   }

Sources/CNIOBoringSSL/crypto/engine/engine.c

@@ -41,9 +41,10 @@ ENGINE *ENGINE_new(void) {
   return engine;
 }
 
-void ENGINE_free(ENGINE *engine) {
+int ENGINE_free(ENGINE *engine) {
   // Methods are currently required to be static so are not unref'ed.
   OPENSSL_free(engine);
+  return 1;
 }
 
 // set_method takes a pointer to a method and its given size and sets

Sources/CNIOBoringSSL/crypto/err/err_data.c

@@ -79,7 +79,7 @@ const uint32_t kOpenSSLReasonValues[] = {
     0x10331580,
     0x10339599,
     0x103415ac,
-    0x10348f14,
+    0x10348f27,
     0x10350c60,
     0x103595bf,
     0x103615e9,
@@ -120,7 +120,7 @@ const uint32_t kOpenSSLReasonValues[] = {
     0x104798ad,
     0x104818c2,
     0x104898d0,
-    0x10490e60,
+    0x10490e73,
     0x1049970a,
     0x104a15d4,
     0x14320c07,
@@ -130,24 +130,24 @@ const uint32_t kOpenSSLReasonValues[] = {
     0x143400ac,
     0x143480ea,
     0x18320083,
-    0x18328f6a,
+    0x18328f7d,
     0x183300ac,
-    0x18338f80,
-    0x18340f94,
+    0x18338f93,
+    0x18340fa7,
     0x183480ea,
-    0x18350fa9,
-    0x18358fc1,
-    0x18360fd6,
-    0x18368fea,
-    0x1837100e,
-    0x18379024,
-    0x18381038,
-    0x18389048,
+    0x18350fbc,
+    0x18358fd4,
+    0x18360fe9,
+    0x18368ffd,
+    0x18371021,
+    0x18379037,
+    0x1838104b,
+    0x1838905b,
     0x18390a75,
-    0x18399058,
+    0x1839906b,
     0x183a1080,
     0x183a90a6,
-    0x183b0c6c,
+    0x183b0c7f,
     0x183b90db,
     0x183c10ed,
     0x183c90f8,
@@ -162,7 +162,7 @@ const uint32_t kOpenSSLReasonValues[] = {
     0x184110c9,
     0x18419094,
     0x184210b3,
-    0x1842906d,
+    0x18428c6c,
     0x203211d0,
     0x203291bd,
     0x243211dc,
@@ -181,12 +181,13 @@ const uint32_t kOpenSSLReasonValues[] = {
     0x24389293,
     0x243912a6,
     0x28320c54,
-    0x28328c6c,
+    0x28328c7f,
     0x28330c24,
-    0x28338c7f,
+    0x28338c92,
     0x28340c60,
     0x283480ac,
     0x283500ea,
+    0x28358c6c,
     0x2c322ec7,
     0x2c3292bd,
     0x2c332ed5,
@@ -326,39 +327,39 @@ const uint32_t kOpenSSLReasonValues[] = {
     0x34348bf1,
     0x34350bd5,
     0x3c320083,
-    0x3c328ca9,
-    0x3c330cc2,
-    0x3c338cdd,
-    0x3c340cfa,
-    0x3c348d24,
-    0x3c350d3f,
-    0x3c358d65,
-    0x3c360d7e,
-    0x3c368d96,
-    0x3c370da7,
-    0x3c378db5,
-    0x3c380dc2,
-    0x3c388dd6,
-    0x3c390c6c,
-    0x3c398df9,
-    0x3c3a0e0d,
+    0x3c328cbc,
+    0x3c330cd5,
+    0x3c338cf0,
+    0x3c340d0d,
+    0x3c348d37,
+    0x3c350d52,
+    0x3c358d78,
+    0x3c360d91,
+    0x3c368da9,
+    0x3c370dba,
+    0x3c378dc8,
+    0x3c380dd5,
+    0x3c388de9,
+    0x3c390c7f,
+    0x3c398e0c,
+    0x3c3a0e20,
     0x3c3a890f,
-    0x3c3b0e1d,
-    0x3c3b8e38,
-    0x3c3c0e4a,
-    0x3c3c8e7d,
-    0x3c3d0e87,
-    0x3c3d8e9b,
-    0x3c3e0ea9,
-    0x3c3e8ece,
-    0x3c3f0c95,
-    0x3c3f8eb7,
+    0x3c3b0e30,
+    0x3c3b8e4b,
+    0x3c3c0e5d,
+    0x3c3c8e90,
+    0x3c3d0e9a,
+    0x3c3d8eae,
+    0x3c3e0ebc,
+    0x3c3e8ee1,
+    0x3c3f0ca8,
+    0x3c3f8eca,
     0x3c4000ac,
     0x3c4080ea,
-    0x3c410d15,
-    0x3c418d54,
-    0x3c420e60,
-    0x3c428dea,
+    0x3c410d28,
+    0x3c418d67,
+    0x3c420e73,
+    0x3c428dfd,
     0x40321946,
     0x4032995c,
     0x4033198a,
@@ -373,7 +374,7 @@ const uint32_t kOpenSSLReasonValues[] = {
     0x40379a2b,
     0x40381a36,
     0x40389a48,
-    0x40390f14,
+    0x40390f27,
     0x40399a58,
     0x403a1a6b,
     0x403a9a8c,
@@ -710,17 +711,17 @@ const uint32_t kOpenSSLReasonValues[] = {
     0x505035f2,
     0x505086f1,
     0x50513605,
-    0x58320f52,
-    0x68320f14,
-    0x68328c6c,
-    0x68330c7f,
-    0x68338f22,
-    0x68340f32,
+    0x58320f65,
+    0x68320f27,
+    0x68328c7f,
+    0x68330c92,
+    0x68338f35,
+    0x68340f45,
     0x683480ea,
-    0x6c320eda,
+    0x6c320eed,
     0x6c328c36,
-    0x6c330ee5,
-    0x6c338efe,
+    0x6c330ef8,
+    0x6c338f11,
     0x74320a1b,
     0x743280ac,
     0x74330c47,
@@ -924,6 +925,7 @@ const char kOpenSSLReasonStringData[] =
     "UNKNOWN_HASH\0"
     "BAD_Q_VALUE\0"
     "BAD_VERSION\0"
+    "INVALID_PARAMETERS\0"
     "MISSING_PARAMETERS\0"
     "NEED_NEW_SETUP_VALUES\0"
     "BIGNUM_OUT_OF_RANGE\0"
@@ -974,7 +976,6 @@ const char kOpenSSLReasonStringData[] =
     "INVALID_KEYBITS\0"
     "INVALID_MGF1_MD\0"
     "INVALID_PADDING_MODE\0"
-    "INVALID_PARAMETERS\0"
     "INVALID_PSS_SALTLEN\0"
     "INVALID_SIGNATURE\0"
     "KEYS_NOT_SET\0"

Sources/CNIOBoringSSL/crypto/evp/evp.c

@@ -330,7 +330,73 @@ int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) {
   return 1;
 }
 
+EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *unused,
+                                       const uint8_t *in, size_t len) {
+  EVP_PKEY *ret = EVP_PKEY_new();
+  if (ret == NULL ||
+      !EVP_PKEY_set_type(ret, type)) {
+    goto err;
+  }
+
+  if (ret->ameth->set_priv_raw == NULL) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+    goto err;
+  }
+
+  if (!ret->ameth->set_priv_raw(ret, in, len)) {
+    goto err;
+  }
+
+  return ret;
+
+err:
+  EVP_PKEY_free(ret);
+  return NULL;
+}
+
+EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *unused,
+                                      const uint8_t *in, size_t len) {
+  EVP_PKEY *ret = EVP_PKEY_new();
+  if (ret == NULL ||
+      !EVP_PKEY_set_type(ret, type)) {
+    goto err;
+  }
+
+  if (ret->ameth->set_pub_raw == NULL) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+    goto err;
+  }
+
+  if (!ret->ameth->set_pub_raw(ret, in, len)) {
+    goto err;
+  }
+
+  return ret;
+
+err:
+  EVP_PKEY_free(ret);
+  return NULL;
+}
 
+int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, uint8_t *out,
+                                 size_t *out_len) {
+  if (pkey->ameth->get_priv_raw == NULL) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+    return 0;
+  }
+
+  return pkey->ameth->get_priv_raw(pkey, out, out_len);
+}
+
+int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, uint8_t *out,
+                                size_t *out_len) {
+  if (pkey->ameth->get_pub_raw == NULL) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+    return 0;
+  }
+
+  return pkey->ameth->get_pub_raw(pkey, out, out_len);
+}
 
 int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) {
   if (a->type != b->type) {

Sources/CNIOBoringSSL/crypto/evp/internal.h

@@ -96,6 +96,11 @@ struct evp_pkey_asn1_method_st {
   // |out|. It returns one on success and zero on error.
   int (*priv_encode)(CBB *out, const EVP_PKEY *key);
 
+  int (*set_priv_raw)(EVP_PKEY *pkey, const uint8_t *in, size_t len);
+  int (*set_pub_raw)(EVP_PKEY *pkey, const uint8_t *in, size_t len);
+  int (*get_priv_raw)(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len);
+  int (*get_pub_raw)(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len);
+
   // pkey_opaque returns 1 if the |pk| is opaque. Opaque keys are backed by
   // custom implementations which do not expose key material and parameters.
   int (*pkey_opaque)(const EVP_PKEY *pk);

Sources/CNIOBoringSSL/crypto/evp/p_dsa_asn1.c

@@ -255,6 +255,11 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meth = {
   dsa_priv_decode,
   dsa_priv_encode,
 
+  NULL /* set_priv_raw */,
+  NULL /* set_pub_raw */,
+  NULL /* get_priv_raw */,
+  NULL /* get_pub_raw */,
+
   NULL /* pkey_opaque */,
 
   int_dsa_size,