Skip to content

Commit

Permalink
Update BoringSSL to 76968bb3d53982560bcf08bcd0ba3e1865fe15cd (#271)
Browse files Browse the repository at this point in the history
Also fixes the build issues on Windows, resolves #262
  • Loading branch information
Lukasa authored Oct 7, 2024
1 parent b639b5b commit 735a29c
Show file tree
Hide file tree
Showing 53 changed files with 2,308 additions and 250 deletions.
2 changes: 1 addition & 1 deletion Package.swift
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
// Sources/CCryptoBoringSSL directory. The source repository is at
// https://boringssl.googlesource.com/boringssl.
//
// BoringSSL Commit: 6a2ccdcc2ed1d37a43a2183658d2ae61fd5ce208
// BoringSSL Commit: 76968bb3d53982560bcf08bcd0ba3e1865fe15cd

import PackageDescription

Expand Down
8 changes: 8 additions & 0 deletions Sources/CCryptoBoringSSL/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -165,9 +165,17 @@ add_library(CCryptoBoringSSL STATIC
"crypto/refcount.c"
"crypto/rsa_extra/rsa_asn1.c"
"crypto/rsa_extra/rsa_crypt.c"
"crypto/rsa_extra/rsa_extra.c"
"crypto/rsa_extra/rsa_print.c"
"crypto/sha/sha1.c"
"crypto/sha/sha256.c"
"crypto/sha/sha512.c"
"crypto/siphash/siphash.c"
"crypto/slhdsa/fors.c"
"crypto/slhdsa/merkle.c"
"crypto/slhdsa/slhdsa.c"
"crypto/slhdsa/thash.c"
"crypto/slhdsa/wots.c"
"crypto/spx/spx.c"
"crypto/spx/spx_address.c"
"crypto/spx/spx_fors.c"
Expand Down
6 changes: 6 additions & 0 deletions Sources/CCryptoBoringSSL/crypto/bcm_support.h
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@

#include <CCryptoBoringSSL_base.h>

#include <stdio.h>

// Provided by libcrypto, called from BCM

#if defined(__cplusplus)
Expand Down Expand Up @@ -105,6 +107,10 @@ OPENSSL_EXPORT uint64_t CRYPTO_get_fork_generation(void);
OPENSSL_EXPORT void CRYPTO_fork_detect_force_madv_wipeonfork_for_testing(
int on);

// CRYPTO_get_stderr returns stderr. This function exists to avoid BCM needing
// a data dependency on libc.
FILE *CRYPTO_get_stderr(void);


#if defined(__cplusplus)
} // extern C
Expand Down
1 change: 1 addition & 0 deletions Sources/CCryptoBoringSSL/crypto/cipher_extra/e_tls.c
Original file line number Diff line number Diff line change
Expand Up @@ -442,6 +442,7 @@ static int aead_tls_get_iv(const EVP_AEAD_CTX *ctx, const uint8_t **out_iv,
const AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)&ctx->state;
const size_t iv_len = EVP_CIPHER_CTX_iv_length(&tls_ctx->cipher_ctx);
if (iv_len <= 1) {
OPENSSL_PUT_ERROR(CIPHER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}

Expand Down
3 changes: 3 additions & 0 deletions Sources/CCryptoBoringSSL/crypto/crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
#include <CCryptoBoringSSL_crypto.h>

#include <assert.h>
#include <stdio.h>

#include "fipsmodule/rand/internal.h"
#include "bcm_support.h"
Expand Down Expand Up @@ -186,3 +187,5 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
}

void OPENSSL_cleanup(void) {}

FILE *CRYPTO_get_stderr(void) { return stderr; }
2 changes: 0 additions & 2 deletions Sources/CCryptoBoringSSL/crypto/dsa/internal.h
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,6 @@ struct dsa_st {
CRYPTO_EX_DATA ex_data;
};

#define OPENSSL_DSA_MAX_MODULUS_BITS 10000

// dsa_check_key performs cheap self-checks on |dsa|, and ensures it is within
// DoS bounds. It returns one on success and zero on error.
int dsa_check_key(const DSA *dsa);
Expand Down
35 changes: 35 additions & 0 deletions Sources/CCryptoBoringSSL/crypto/ec_extra/ec_asn1.c
Original file line number Diff line number Diff line change
Expand Up @@ -478,6 +478,41 @@ int i2d_ECPrivateKey(const EC_KEY *key, uint8_t **outp) {
return CBB_finish_i2d(&cbb, outp);
}

EC_GROUP *d2i_ECPKParameters(EC_GROUP **out, const uint8_t **inp, long len) {
if (len < 0) {
return NULL;
}

CBS cbs;
CBS_init(&cbs, *inp, (size_t)len);
EC_GROUP *ret = EC_KEY_parse_parameters(&cbs);
if (ret == NULL) {
return NULL;
}

if (out != NULL) {
EC_GROUP_free(*out);
*out = ret;
}
*inp = CBS_data(&cbs);
return ret;
}

int i2d_ECPKParameters(const EC_GROUP *group, uint8_t **outp) {
if (group == NULL) {
OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
return -1;
}

CBB cbb;
if (!CBB_init(&cbb, 0) || //
!EC_KEY_marshal_curve_name(&cbb, group)) {
CBB_cleanup(&cbb);
return -1;
}
return CBB_finish_i2d(&cbb, outp);
}

EC_KEY *d2i_ECParameters(EC_KEY **out_key, const uint8_t **inp, long len) {
if (len < 0) {
return NULL;
Expand Down
9 changes: 5 additions & 4 deletions Sources/CCryptoBoringSSL/crypto/fipsmodule/bcm.c
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
#include <CCryptoBoringSSL_sha.h>

#include "bcm_interface.h"
#include "../bcm_support.h"
#include "../internal.h"

// TODO(crbug.com/362530616): When delocate is removed, build these files as
Expand Down Expand Up @@ -136,7 +137,7 @@ static void assert_within(const void *start, const void *symbol,
}

fprintf(
stderr,
CRYPTO_get_stderr(),
"FIPS module doesn't span expected symbol. Expected %p <= %p < %p\n",
start, symbol, end);
BORINGSSL_FIPS_abort();
Expand Down Expand Up @@ -194,7 +195,7 @@ int BORINGSSL_integrity_test(void) {
assert_within(start, RSA_sign, end);
assert_within(start, BCM_rand_bytes, end);
assert_within(start, EC_GROUP_cmp, end);
assert_within(start, SHA256_Update, end);
assert_within(start, BCM_sha256_update, end);
assert_within(start, ecdsa_verify_fixed, end);
assert_within(start, EVP_AEAD_CTX_seal, end);

Expand Down Expand Up @@ -224,7 +225,7 @@ int BORINGSSL_integrity_test(void) {
HMAC_CTX_init(&hmac_ctx);
if (!HMAC_Init_ex(&hmac_ctx, kHMACKey, sizeof(kHMACKey), kHashFunction,
NULL /* no ENGINE */)) {
fprintf(stderr, "HMAC_Init_ex failed.\n");
fprintf(CRYPTO_get_stderr(), "HMAC_Init_ex failed.\n");
return 0;
}

Expand All @@ -244,7 +245,7 @@ int BORINGSSL_integrity_test(void) {

if (!HMAC_Final(&hmac_ctx, result, &result_len) ||
result_len != sizeof(result)) {
fprintf(stderr, "HMAC failed.\n");
fprintf(CRYPTO_get_stderr(), "HMAC failed.\n");
return 0;
}
HMAC_CTX_cleanse(&hmac_ctx); // FIPS 140-3, AS05.10.
Expand Down
114 changes: 113 additions & 1 deletion Sources/CCryptoBoringSSL/crypto/fipsmodule/bcm_interface.h
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,8 @@ bcm_infallible BCM_sha1_init(SHA_CTX *sha);
// BCM_SHA1_transform is a low-level function that performs a single, SHA-1
// block transformation using the state from |sha| and |SHA_CBLOCK| bytes from
// |block|.
bcm_infallible BCM_sha1_transform(SHA_CTX *c, const uint8_t data[BCM_SHA_CBLOCK]);
bcm_infallible BCM_sha1_transform(SHA_CTX *c,
const uint8_t data[BCM_SHA_CBLOCK]);

// BCM_sha1_update adds |len| bytes from |data| to |sha|.
bcm_infallible BCM_sha1_update(SHA_CTX *c, const void *data, size_t len);
Expand All @@ -125,6 +126,117 @@ bcm_infallible BCM_fips_186_2_prf(uint8_t *out, size_t out_len,
const uint8_t xkey[BCM_SHA_DIGEST_LENGTH]);


// SHA-224

// SHA224_DIGEST_LENGTH is the length of a SHA-224 digest.
#define BCM_SHA224_DIGEST_LENGTH 28

// BCM_sha224_unit initialises |sha|.
bcm_infallible BCM_sha224_init(SHA256_CTX *sha);

// BCM_sha224_update adds |len| bytes from |data| to |sha|.
bcm_infallible BCM_sha224_update(SHA256_CTX *sha, const void *data, size_t len);

// BCM_sha224_final adds the final padding to |sha| and writes the resulting
// digest to |out|, which must have at least |SHA224_DIGEST_LENGTH| bytes of
// space. It aborts on programmer error.
bcm_infallible BCM_sha224_final(uint8_t out[BCM_SHA224_DIGEST_LENGTH],
SHA256_CTX *sha);


// SHA-256

// BCM_SHA256_DIGEST_LENGTH is the length of a SHA-256 digest.
#define BCM_SHA256_DIGEST_LENGTH 32

// BCM_sha256_init initialises |sha|.
bcm_infallible BCM_sha256_init(SHA256_CTX *sha);

// BCM_sha256_update adds |len| bytes from |data| to |sha|.
bcm_infallible BCM_sha256_update(SHA256_CTX *sha, const void *data, size_t len);

// BCM_sha256_final adds the final padding to |sha| and writes the resulting
// digest to |out|, which must have at least |BCM_SHA256_DIGEST_LENGTH| bytes of
// space. It aborts on programmer error.
bcm_infallible BCM_sha256_final(uint8_t out[BCM_SHA256_DIGEST_LENGTH],
SHA256_CTX *sha);

// BCM_sha256_transform is a low-level function that performs a single, SHA-256
// block transformation using the state from |sha| and |BCM_SHA256_CBLOCK| bytes
// from |block|.
bcm_infallible BCM_sha256_transform(SHA256_CTX *sha,
const uint8_t block[BCM_SHA256_CBLOCK]);

// BCM_sha256_transform_blocks is a low-level function that takes |num_blocks| *
// |BCM_SHA256_CBLOCK| bytes of data and performs SHA-256 transforms on it to
// update |state|.
bcm_infallible BCM_sha256_transform_blocks(uint32_t state[8],
const uint8_t *data,
size_t num_blocks);


// SHA-384.

// BCM_SHA384_DIGEST_LENGTH is the length of a SHA-384 digest.
#define BCM_SHA384_DIGEST_LENGTH 48

// BCM_sha384_init initialises |sha|.
bcm_infallible BCM_sha384_init(SHA512_CTX *sha);

// BCM_sha384_update adds |len| bytes from |data| to |sha|.
bcm_infallible BCM_sha384_update(SHA512_CTX *sha, const void *data, size_t len);

// BCM_sha384_final adds the final padding to |sha| and writes the resulting
// digest to |out|, which must have at least |BCM_sha384_DIGEST_LENGTH| bytes of
// space. It may abort on programmer error.
bcm_infallible BCM_sha384_final(uint8_t out[BCM_SHA384_DIGEST_LENGTH],
SHA512_CTX *sha);


// SHA-512.

// BCM_SHA512_DIGEST_LENGTH is the length of a SHA-512 digest.
#define BCM_SHA512_DIGEST_LENGTH 64

// BCM_sha512_init initialises |sha|.
bcm_infallible BCM_sha512_init(SHA512_CTX *sha);

// BCM_sha512_update adds |len| bytes from |data| to |sha|.
bcm_infallible BCM_sha512_update(SHA512_CTX *sha, const void *data, size_t len);

// BCM_sha512_final adds the final padding to |sha| and writes the resulting
// digest to |out|, which must have at least |BCM_sha512_DIGEST_LENGTH| bytes of
// space.
bcm_infallible BCM_sha512_final(uint8_t out[BCM_SHA512_DIGEST_LENGTH],
SHA512_CTX *sha);

// BCM_sha512_transform is a low-level function that performs a single, SHA-512
// block transformation using the state from |sha| and |BCM_sha512_CBLOCK| bytes
// from |block|.
bcm_infallible BCM_sha512_transform(SHA512_CTX *sha,
const uint8_t block[BCM_SHA512_CBLOCK]);


// SHA-512-256
//
// See https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf section 5.3.6

#define BCM_SHA512_256_DIGEST_LENGTH 32

// BCM_sha512_256_init initialises |sha|.
bcm_infallible BCM_sha512_256_init(SHA512_CTX *sha);

// BCM_sha512_256_update adds |len| bytes from |data| to |sha|.
bcm_infallible BCM_sha512_256_update(SHA512_CTX *sha, const void *data,
size_t len);

// BCM_sha512_256_final adds the final padding to |sha| and writes the resulting
// digest to |out|, which must have at least |BCM_sha512_256_DIGEST_LENGTH|
// bytes of space. It may abort on programmer error.
bcm_infallible BCM_sha512_256_final(uint8_t out[BCM_SHA512_256_DIGEST_LENGTH],
SHA512_CTX *sha);


#if defined(__cplusplus)
} // extern C
#endif
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -262,6 +262,7 @@ const EVP_AEAD *EVP_AEAD_CTX_aead(const EVP_AEAD_CTX *ctx) { return ctx->aead; }
int EVP_AEAD_CTX_get_iv(const EVP_AEAD_CTX *ctx, const uint8_t **out_iv,
size_t *out_len) {
if (ctx->aead->get_iv == NULL) {
OPENSSL_PUT_ERROR(CIPHER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}

Expand Down
2 changes: 0 additions & 2 deletions Sources/CCryptoBoringSSL/crypto/fipsmodule/dh/internal.h
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,6 @@ extern "C" {
#endif


#define OPENSSL_DH_MAX_MODULUS_BITS 10000

struct dh_st {
BIGNUM *p;
BIGNUM *g;
Expand Down
Loading

0 comments on commit 735a29c

Please sign in to comment.