Update BoringSSL to 21a879a78a60c8667468a9eba994c8365eaf92ea. (#182)

apple · Feb 12, 2020 · 978dfd6 · 978dfd6
1 parent e61c217
commit 978dfd6
Show file tree

Hide file tree

Showing 48 changed files with 1,829 additions and 12,172 deletions.
diff --git a/Package.swift b/Package.swift
@@ -22,7 +22,7 @@ import PackageDescription
 // Sources/CNIOBoringSSL directory. The source repository is at
 // https://boringssl.googlesource.com/boringssl.
 //
-// BoringSSL Commit: 0deb91ab3f7e24307572497f0f7438684590bf92
+// BoringSSL Commit: 21a879a78a60c8667468a9eba994c8365eaf92ea
 
 let package = Package(
     name: "swift-nio-ssl",

diff --git a/Sources/CNIOBoringSSL/crypto/bytestring/cbb.c b/Sources/CNIOBoringSSL/crypto/bytestring/cbb.c
@@ -447,6 +447,10 @@ int CBB_add_u16(CBB *cbb, uint16_t value) {
   return cbb_buffer_add_u(cbb->base, value, 2);
 }
 
+int CBB_add_u16le(CBB *cbb, uint16_t value) {
+  return CBB_add_u16(cbb, CRYPTO_bswap2(value));
+}
+
 int CBB_add_u24(CBB *cbb, uint32_t value) {
   if (!CBB_flush(cbb)) {
     return 0;
@@ -463,13 +467,21 @@ int CBB_add_u32(CBB *cbb, uint32_t value) {
   return cbb_buffer_add_u(cbb->base, value, 4);
 }
 
+int CBB_add_u32le(CBB *cbb, uint32_t value) {
+  return CBB_add_u32(cbb, CRYPTO_bswap4(value));
+}
+
 int CBB_add_u64(CBB *cbb, uint64_t value) {
   if (!CBB_flush(cbb)) {
     return 0;
   }
   return cbb_buffer_add_u(cbb->base, value, 8);
 }
 
+int CBB_add_u64le(CBB *cbb, uint64_t value) {
+  return CBB_add_u64(cbb, CRYPTO_bswap8(value));
+}
+
 void CBB_discard_child(CBB *cbb) {
   if (cbb->child == NULL) {
     return;

diff --git a/Sources/CNIOBoringSSL/crypto/bytestring/cbs.c b/Sources/CNIOBoringSSL/crypto/bytestring/cbs.c
@@ -120,6 +120,14 @@ int CBS_get_u16(CBS *cbs, uint16_t *out) {
   return 1;
 }
 
+int CBS_get_u16le(CBS *cbs, uint16_t *out) {
+  if (!CBS_get_u16(cbs, out)) {
+    return 0;
+  }
+  *out = CRYPTO_bswap2(*out);
+  return 1;
+}
+
 int CBS_get_u24(CBS *cbs, uint32_t *out) {
   uint64_t v;
   if (!cbs_get_u(cbs, &v, 3)) {
@@ -138,10 +146,26 @@ int CBS_get_u32(CBS *cbs, uint32_t *out) {
   return 1;
 }
 
+int CBS_get_u32le(CBS *cbs, uint32_t *out) {
+  if (!CBS_get_u32(cbs, out)) {
+    return 0;
+  }
+  *out = CRYPTO_bswap4(*out);
+  return 1;
+}
+
 int CBS_get_u64(CBS *cbs, uint64_t *out) {
   return cbs_get_u(cbs, out, 8);
 }
 
+int CBS_get_u64le(CBS *cbs, uint64_t *out) {
+  if (!cbs_get_u(cbs, out, 8)) {
+    return 0;
+  }
+  *out = CRYPTO_bswap8(*out);
+  return 1;
+}
+
 int CBS_get_last_u8(CBS *cbs, uint8_t *out) {
   if (cbs->len == 0) {
     return 0;

diff --git a/Sources/CNIOBoringSSL/crypto/cipher_extra/e_aesgcmsiv.c b/Sources/CNIOBoringSSL/crypto/cipher_extra/e_aesgcmsiv.c
@@ -723,6 +723,14 @@ static void gcm_siv_keys(
   }
 
   OPENSSL_memcpy(out_keys->auth_key, key_material, 16);
+  // Note the |ctr128_f| function uses a big-endian couner, while AES-GCM-SIV
+  // uses a little-endian counter. We ignore the return value and only use
+  // |block128_f|. This has a significant performance cost for the fallback
+  // bitsliced AES implementations (bsaes and aes_nohw).
+  //
+  // We currently do not consider AES-GCM-SIV to be performance-sensitive on
+  // client hardware. If this changes, we can write little-endian |ctr128_f|
+  // functions.
   aes_ctr_set_key(&out_keys->enc_key.ks, NULL, &out_keys->enc_block,
                   key_material + 16, gcm_siv_ctx->is_256 ? 32 : 16);
 }