Update BoringSSL to ab7811ee8751ea699b22095caa70246f641ed3a2 (#289)

Package.swift

@@ -22,7 +22,7 @@ import PackageDescription
 // Sources/CNIOBoringSSL directory. The source repository is at
 // https://boringssl.googlesource.com/boringssl.
 //
-// BoringSSL Commit: 04b3213d43492b6c9e0434d8e2a4530a9938f958
+// BoringSSL Commit: ab7811ee8751ea699b22095caa70246f641ed3a2
 
 let package = Package(
     name: "swift-nio-ssl",

Sources/CNIOBoringSSL/crypto/asn1/a_bool.c

@@ -78,7 +78,7 @@ int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
     }
 
     ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
-    *p = (unsigned char)a;
+    *p = a ? 0xff : 0x00;
 
     /*
      * If a new buffer was allocated, just return it back.

Sources/CNIOBoringSSL/crypto/asn1/a_type.c

@@ -66,18 +66,28 @@
 
 int ASN1_TYPE_get(const ASN1_TYPE *a)
 {
-    if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
-        return (a->type);
-    else
-        return (0);
+    if (a->type == V_ASN1_BOOLEAN || a->type == V_ASN1_NULL ||
+        a->value.ptr != NULL) {
+        return a->type;
+    }
+    return 0;
 }
 
-void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
+const void *asn1_type_value_as_pointer(const ASN1_TYPE *a)
 {
-    if (a->value.ptr != NULL) {
-        ASN1_TYPE **tmp_a = &a;
-        ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
+    if (a->type == V_ASN1_BOOLEAN) {
+        return a->value.boolean ? (void *)0xff : NULL;
+    }
+    if (a->type == V_ASN1_NULL) {
+        return NULL;
     }
+    return a->value.ptr;
+}
+
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
+{
+    ASN1_TYPE **tmp_a = &a;
+    ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
     a->type = type;
     if (type == V_ASN1_BOOLEAN)
         a->value.boolean = value ? 0xff : 0;

Sources/CNIOBoringSSL/crypto/asn1/asn1_lib.c

@@ -370,8 +370,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
 
 void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
 {
-    if (str->data)
-        OPENSSL_free(str->data);
+    OPENSSL_free(str->data);
     str->data = data;
     str->length = len;
 }

Sources/CNIOBoringSSL/crypto/asn1/asn1_locl.h

@@ -126,6 +126,11 @@ int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
 int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
                   const ASN1_ITEM *it);
 
+/* asn1_type_value_as_pointer returns |a|'s value in pointer form. This is
+ * usually the value object but, for BOOLEAN values, is 0 or 0xff cast to
+ * a pointer. */
+const void *asn1_type_value_as_pointer(const ASN1_TYPE *a);
+
 
 #if defined(__cplusplus)
 }  /* extern C */

Sources/CNIOBoringSSL/crypto/asn1/tasn_enc.c

@@ -569,7 +569,7 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
             if (!*tbool && !it->size)
                 return -1;
         }
-        c = (unsigned char)*tbool;
+        c = *tbool ? 0xff : 0x00;
         cont = &c;
         len = 1;
         break;

Sources/CNIOBoringSSL/crypto/asn1/tasn_fre.c

@@ -192,7 +192,7 @@ void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
         ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
         utype = typ->type;
         pval = &typ->value.asn1_value;
-        if (!*pval)
+        if (utype != V_ASN1_BOOLEAN && !*pval)
             return;
     } else if (it->itype == ASN1_ITYPE_MSTRING) {
         utype = -1;

Sources/CNIOBoringSSL/crypto/cipher_extra/e_tls.c

@@ -343,7 +343,7 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,
   if (EVP_CIPHER_CTX_mode(&tls_ctx->cipher_ctx) == EVP_CIPH_CBC_MODE &&
       EVP_tls_cbc_record_digest_supported(tls_ctx->hmac_ctx.md)) {
     if (!EVP_tls_cbc_digest_record(tls_ctx->hmac_ctx.md, mac, &mac_len,
-                                   ad_fixed, out, data_plus_mac_len, total,
+                                   ad_fixed, out, data_len, total,
                                    tls_ctx->mac_key, tls_ctx->mac_key_len)) {
       OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
       return 0;
@@ -406,14 +406,6 @@ static int aead_aes_128_cbc_sha1_tls_implicit_iv_init(
                        EVP_sha1(), 1);
 }
 
-static int aead_aes_128_cbc_sha256_tls_init(EVP_AEAD_CTX *ctx,
-                                            const uint8_t *key, size_t key_len,
-                                            size_t tag_len,
-                                            enum evp_aead_direction_t dir) {
-  return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_128_cbc(),
-                       EVP_sha256(), 0);
-}
-
 static int aead_aes_256_cbc_sha1_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
                                           size_t key_len, size_t tag_len,
                                           enum evp_aead_direction_t dir) {
@@ -428,22 +420,6 @@ static int aead_aes_256_cbc_sha1_tls_implicit_iv_init(
                        EVP_sha1(), 1);
 }
 
-static int aead_aes_256_cbc_sha256_tls_init(EVP_AEAD_CTX *ctx,
-                                            const uint8_t *key, size_t key_len,
-                                            size_t tag_len,
-                                            enum evp_aead_direction_t dir) {
-  return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_256_cbc(),
-                       EVP_sha256(), 0);
-}
-
-static int aead_aes_256_cbc_sha384_tls_init(EVP_AEAD_CTX *ctx,
-                                            const uint8_t *key, size_t key_len,
-                                            size_t tag_len,
-                                            enum evp_aead_direction_t dir) {
-  return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_256_cbc(),
-                       EVP_sha384(), 0);
-}
-
 static int aead_des_ede3_cbc_sha1_tls_init(EVP_AEAD_CTX *ctx,
                                            const uint8_t *key, size_t key_len,
                                            size_t tag_len,
@@ -513,23 +489,6 @@ static const EVP_AEAD aead_aes_128_cbc_sha1_tls_implicit_iv = {
     aead_tls_tag_len,
 };
 
-static const EVP_AEAD aead_aes_128_cbc_sha256_tls = {
-    SHA256_DIGEST_LENGTH + 16,  // key len (SHA256 + AES128)
-    16,                         // nonce len (IV)
-    16 + SHA256_DIGEST_LENGTH,  // overhead (padding + SHA256)
-    SHA256_DIGEST_LENGTH,       // max tag length
-    0,                          // seal_scatter_supports_extra_in
-
-    NULL,  // init
-    aead_aes_128_cbc_sha256_tls_init,
-    aead_tls_cleanup,
-    aead_tls_open,
-    aead_tls_seal_scatter,
-    NULL,  // open_gather
-    NULL,  // get_iv
-    aead_tls_tag_len,
-};
-
 static const EVP_AEAD aead_aes_256_cbc_sha1_tls = {
     SHA_DIGEST_LENGTH + 32,  // key len (SHA1 + AES256)
     16,                      // nonce len (IV)
@@ -564,40 +523,6 @@ static const EVP_AEAD aead_aes_256_cbc_sha1_tls_implicit_iv = {
     aead_tls_tag_len,
 };
 
-static const EVP_AEAD aead_aes_256_cbc_sha256_tls = {
-    SHA256_DIGEST_LENGTH + 32,  // key len (SHA256 + AES256)
-    16,                         // nonce len (IV)
-    16 + SHA256_DIGEST_LENGTH,  // overhead (padding + SHA256)
-    SHA256_DIGEST_LENGTH,       // max tag length
-    0,                          // seal_scatter_supports_extra_in
-
-    NULL,  // init
-    aead_aes_256_cbc_sha256_tls_init,
-    aead_tls_cleanup,
-    aead_tls_open,
-    aead_tls_seal_scatter,
-    NULL,  // open_gather
-    NULL,  // get_iv
-    aead_tls_tag_len,
-};
-
-static const EVP_AEAD aead_aes_256_cbc_sha384_tls = {
-    SHA384_DIGEST_LENGTH + 32,  // key len (SHA384 + AES256)
-    16,                         // nonce len (IV)
-    16 + SHA384_DIGEST_LENGTH,  // overhead (padding + SHA384)
-    SHA384_DIGEST_LENGTH,       // max tag length
-    0,                          // seal_scatter_supports_extra_in
-
-    NULL,  // init
-    aead_aes_256_cbc_sha384_tls_init,
-    aead_tls_cleanup,
-    aead_tls_open,
-    aead_tls_seal_scatter,
-    NULL,  // open_gather
-    NULL,  // get_iv
-    aead_tls_tag_len,
-};
-
 static const EVP_AEAD aead_des_ede3_cbc_sha1_tls = {
     SHA_DIGEST_LENGTH + 24,  // key len (SHA1 + 3DES)
     8,                       // nonce len (IV)
@@ -657,10 +582,6 @@ const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls_implicit_iv(void) {
   return &aead_aes_128_cbc_sha1_tls_implicit_iv;
 }
 
-const EVP_AEAD *EVP_aead_aes_128_cbc_sha256_tls(void) {
-  return &aead_aes_128_cbc_sha256_tls;
-}
-
 const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_tls(void) {
   return &aead_aes_256_cbc_sha1_tls;
 }
@@ -669,14 +590,6 @@ const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_tls_implicit_iv(void) {
   return &aead_aes_256_cbc_sha1_tls_implicit_iv;
 }
 
-const EVP_AEAD *EVP_aead_aes_256_cbc_sha256_tls(void) {
-  return &aead_aes_256_cbc_sha256_tls;
-}
-
-const EVP_AEAD *EVP_aead_aes_256_cbc_sha384_tls(void) {
-  return &aead_aes_256_cbc_sha384_tls;
-}
-
 const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls(void) {
   return &aead_des_ede3_cbc_sha1_tls;
 }

Sources/CNIOBoringSSL/crypto/cipher_extra/internal.h

@@ -99,6 +99,17 @@ void EVP_tls_cbc_copy_mac(uint8_t *out, size_t md_size, const uint8_t *in,
 // which EVP_tls_cbc_digest_record supports.
 int EVP_tls_cbc_record_digest_supported(const EVP_MD *md);
 
+// EVP_sha1_final_with_secret_suffix computes the result of hashing |len| bytes
+// from |in| to |ctx| and writes the resulting hash to |out|. |len| is treated
+// as secret and must be at most |max_len|, which is treated as public. |in|
+// must point to a buffer of at least |max_len| bytes. It returns one on success
+// and zero if inputs are too long.
+//
+// This function is exported for unit tests.
+OPENSSL_EXPORT int EVP_sha1_final_with_secret_suffix(
+    SHA_CTX *ctx, uint8_t out[SHA_DIGEST_LENGTH], const uint8_t *in, size_t len,
+    size_t max_len);
+
 // EVP_tls_cbc_digest_record computes the MAC of a decrypted, padded TLS
 // record.
 //
@@ -108,8 +119,8 @@ int EVP_tls_cbc_record_digest_supported(const EVP_MD *md);
 //   md_out_size: the number of output bytes is written here.
 //   header: the 13-byte, TLS record header.
 //   data: the record data itself
-//   data_plus_mac_size: the secret, reported length of the data and MAC
-//     once the padding has been removed.
+//   data_size: the secret, reported length of the data once the padding and MAC
+//     have been removed.
 //   data_plus_mac_plus_padding_size: the public length of the whole
 //     record, including padding.
 //
@@ -119,7 +130,7 @@ int EVP_tls_cbc_record_digest_supported(const EVP_MD *md);
 // padding too. )
 int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out,
                               size_t *md_out_size, const uint8_t header[13],
-                              const uint8_t *data, size_t data_plus_mac_size,
+                              const uint8_t *data, size_t data_size,
                               size_t data_plus_mac_plus_padding_size,
                               const uint8_t *mac_secret,
                               unsigned mac_secret_length);