Update BoringSSL to abfd5ebc87ddca0fab9fca067c9d7edbc355eae8 (#171)

* Update BoringSSL vendoring scripts for new perlasm * Update BoringSSL to abfd5ebc87ddca0fab9fca067c9d7edbc355eae8
apple · Apr 13, 2023 · 6d9c36b · 6d9c36b
1 parent a56d70a
commit 6d9c36b
Show file tree

Hide file tree

Showing 318 changed files with 7,548 additions and 7,241 deletions.
diff --git a/Package.swift b/Package.swift
@@ -20,7 +20,7 @@
 // Sources/CCryptoBoringSSL directory. The source repository is at
 // https://boringssl.googlesource.com/boringssl.
 //
-// BoringSSL Commit: 45b8d7bbd771cbf7e116db2ba1f1cc7af959497e
+// BoringSSL Commit: abfd5ebc87ddca0fab9fca067c9d7edbc355eae8
 
 import PackageDescription
 

diff --git a/Sources/CCryptoBoringSSL/CMakeLists.txt b/Sources/CCryptoBoringSSL/CMakeLists.txt
@@ -82,7 +82,6 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/cpu_arm_freebsd.c"
   "crypto/cpu_arm_linux.c"
   "crypto/cpu_intel.c"
-  "crypto/cpu_ppc64le.c"
   "crypto/crypto.c"
   "crypto/curve25519/curve25519.c"
   "crypto/curve25519/spake25519.c"
@@ -190,14 +189,15 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/fipsmodule/self_check/fips.c"
   "crypto/fipsmodule/self_check/self_check.c"
   "crypto/fipsmodule/service_indicator/service_indicator.c"
-  "crypto/fipsmodule/sha/sha1-altivec.c"
   "crypto/fipsmodule/sha/sha1.c"
   "crypto/fipsmodule/sha/sha256.c"
   "crypto/fipsmodule/sha/sha512.c"
   "crypto/fipsmodule/tls/kdf.c"
   "crypto/hkdf/hkdf.c"
   "crypto/hpke/hpke.c"
   "crypto/hrss/hrss.c"
+  "crypto/kyber/keccak.c"
+  "crypto/kyber/kyber.c"
   "crypto/lhash/lhash.c"
   "crypto/mem.c"
   "crypto/obj/obj.c"
@@ -229,6 +229,7 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/refcount_c11.c"
   "crypto/refcount_lock.c"
   "crypto/rsa_extra/rsa_asn1.c"
+  "crypto/rsa_extra/rsa_crypt.c"
   "crypto/rsa_extra/rsa_print.c"
   "crypto/siphash/siphash.c"
   "crypto/stack/stack.c"
@@ -248,6 +249,7 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/x509/by_file.c"
   "crypto/x509/i2d_pr.c"
   "crypto/x509/name_print.c"
+  "crypto/x509/policy.c"
   "crypto/x509/rsa_pss.c"
   "crypto/x509/t_crl.c"
   "crypto/x509/t_req.c"
@@ -287,11 +289,6 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/x509/x_val.c"
   "crypto/x509/x_x509.c"
   "crypto/x509/x_x509a.c"
-  "crypto/x509v3/pcy_cache.c"
-  "crypto/x509v3/pcy_data.c"
-  "crypto/x509v3/pcy_map.c"
-  "crypto/x509v3/pcy_node.c"
-  "crypto/x509v3/pcy_tree.c"
   "crypto/x509v3/v3_akey.c"
   "crypto/x509v3/v3_akeya.c"
   "crypto/x509v3/v3_alt.c"
@@ -309,8 +306,6 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/x509v3/v3_lib.c"
   "crypto/x509v3/v3_ncons.c"
   "crypto/x509v3/v3_ocsp.c"
-  "crypto/x509v3/v3_pci.c"
-  "crypto/x509v3/v3_pcia.c"
   "crypto/x509v3/v3_pcons.c"
   "crypto/x509v3/v3_pmaps.c"
   "crypto/x509v3/v3_prn.c"
@@ -320,74 +315,76 @@ add_library(CCryptoBoringSSL STATIC
 
 if(CMAKE_SYSTEM_NAME STREQUAL Darwin AND CMAKE_SYSTEM_PROCESSOR MATCHES "amd64|x86_64")
   target_sources(CCryptoBoringSSL PRIVATE
-    crypto/chacha/chacha-x86_64.mac.x86_64.S
-    crypto/cipher_extra/aes128gcmsiv-x86_64.mac.x86_64.S
-    crypto/cipher_extra/chacha20_poly1305_x86_64.mac.x86_64.S
-    crypto/fipsmodule/aesni-gcm-x86_64.mac.x86_64.S
-    crypto/fipsmodule/aesni-x86_64.mac.x86_64.S
-    crypto/fipsmodule/ghash-ssse3-x86_64.mac.x86_64.S
-    crypto/fipsmodule/ghash-x86_64.mac.x86_64.S
-    crypto/fipsmodule/md5-x86_64.mac.x86_64.S
-    crypto/fipsmodule/p256-x86_64-asm.mac.x86_64.S
-    crypto/fipsmodule/p256_beeu-x86_64-asm.mac.x86_64.S
-    crypto/fipsmodule/rdrand-x86_64.mac.x86_64.S
-    crypto/fipsmodule/rsaz-avx2.mac.x86_64.S
-    crypto/fipsmodule/sha1-x86_64.mac.x86_64.S
-    crypto/fipsmodule/sha256-x86_64.mac.x86_64.S
-    crypto/fipsmodule/sha512-x86_64.mac.x86_64.S
-    crypto/fipsmodule/vpaes-x86_64.mac.x86_64.S
-    crypto/fipsmodule/x86_64-mont.mac.x86_64.S
-    crypto/fipsmodule/x86_64-mont5.mac.x86_64.S)
+    crypto/chacha/chacha-x86_64-mac.mac.x86_64.S
+    crypto/cipher_extra/aes128gcmsiv-x86_64-mac.mac.x86_64.S
+    crypto/cipher_extra/chacha20_poly1305_x86_64-mac.mac.x86_64.S
+    crypto/fipsmodule/aesni-gcm-x86_64-mac.mac.x86_64.S
+    crypto/fipsmodule/aesni-x86_64-mac.mac.x86_64.S
+    crypto/fipsmodule/ghash-ssse3-x86_64-mac.mac.x86_64.S
+    crypto/fipsmodule/ghash-x86_64-mac.mac.x86_64.S
+    crypto/fipsmodule/md5-x86_64-mac.mac.x86_64.S
+    crypto/fipsmodule/p256-x86_64-asm-mac.mac.x86_64.S
+    crypto/fipsmodule/p256_beeu-x86_64-asm-mac.mac.x86_64.S
+    crypto/fipsmodule/rdrand-x86_64-mac.mac.x86_64.S
+    crypto/fipsmodule/rsaz-avx2-mac.mac.x86_64.S
+    crypto/fipsmodule/sha1-x86_64-mac.mac.x86_64.S
+    crypto/fipsmodule/sha256-x86_64-mac.mac.x86_64.S
+    crypto/fipsmodule/sha512-x86_64-mac.mac.x86_64.S
+    crypto/fipsmodule/vpaes-x86_64-mac.mac.x86_64.S
+    crypto/fipsmodule/x86_64-mont-mac.mac.x86_64.S
+    crypto/fipsmodule/x86_64-mont5-mac.mac.x86_64.S)
 elseif(CMAKE_SYSTEM_NAME MATCHES "Linux|Android" AND CMAKE_SYSTEM_PROCESSOR MATCHES "amd64|x86_64")
   target_sources(CCryptoBoringSSL PRIVATE
-    crypto/chacha/chacha-x86_64.linux.x86_64.S
-    crypto/cipher_extra/aes128gcmsiv-x86_64.linux.x86_64.S
-    crypto/cipher_extra/chacha20_poly1305_x86_64.linux.x86_64.S
-    crypto/fipsmodule/aesni-gcm-x86_64.linux.x86_64.S
-    crypto/fipsmodule/aesni-x86_64.linux.x86_64.S
-    crypto/fipsmodule/ghash-ssse3-x86_64.linux.x86_64.S
-    crypto/fipsmodule/ghash-x86_64.linux.x86_64.S
-    crypto/fipsmodule/md5-x86_64.linux.x86_64.S
-    crypto/fipsmodule/p256-x86_64-asm.linux.x86_64.S
-    crypto/fipsmodule/p256_beeu-x86_64-asm.linux.x86_64.S
-    crypto/fipsmodule/rdrand-x86_64.linux.x86_64.S
-    crypto/fipsmodule/rsaz-avx2.linux.x86_64.S
-    crypto/fipsmodule/sha1-x86_64.linux.x86_64.S
-    crypto/fipsmodule/sha256-x86_64.linux.x86_64.S
-    crypto/fipsmodule/sha512-x86_64.linux.x86_64.S
-    crypto/fipsmodule/vpaes-x86_64.linux.x86_64.S
-    crypto/fipsmodule/x86_64-mont.linux.x86_64.S
-    crypto/fipsmodule/x86_64-mont5.linux.x86_64.S)
+    crypto/chacha/chacha-x86_64-linux.linux.x86_64.S
+    crypto/cipher_extra/aes128gcmsiv-x86_64-linux.linux.x86_64.S
+    crypto/cipher_extra/chacha20_poly1305_x86_64-linux.linux.x86_64.S
+    crypto/fipsmodule/aesni-gcm-x86_64-linux.linux.x86_64.S
+    crypto/fipsmodule/aesni-x86_64-linux.linux.x86_64.S
+    crypto/fipsmodule/ghash-ssse3-x86_64-linux.linux.x86_64.S
+    crypto/fipsmodule/ghash-x86_64-linux.linux.x86_64.S
+    crypto/fipsmodule/md5-x86_64-linux.linux.x86_64.S
+    crypto/fipsmodule/p256-x86_64-asm-linux.linux.x86_64.S
+    crypto/fipsmodule/p256_beeu-x86_64-asm-linux.linux.x86_64.S
+    crypto/fipsmodule/rdrand-x86_64-linux.linux.x86_64.S
+    crypto/fipsmodule/rsaz-avx2-linux.linux.x86_64.S
+    crypto/fipsmodule/sha1-x86_64-linux.linux.x86_64.S
+    crypto/fipsmodule/sha256-x86_64-linux.linux.x86_64.S
+    crypto/fipsmodule/sha512-x86_64-linux.linux.x86_64.S
+    crypto/fipsmodule/vpaes-x86_64-linux.linux.x86_64.S
+    crypto/fipsmodule/x86_64-mont-linux.linux.x86_64.S
+    crypto/fipsmodule/x86_64-mont5-linux.linux.x86_64.S)
 elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin AND CMAKE_SYSTEM_PROCESSOR MATCHES "arm64|aarch64")
   target_sources(CCryptoBoringSSL PRIVATE
-    crypto/chacha/chacha-armv8.ios.aarch64.S
-    crypto/cipher_extra/chacha20_poly1305_armv8.ios.aarch64.S
-    crypto/fipsmodule/aesv8-armx64.ios.aarch64.S
-    crypto/fipsmodule/aesv8-gcm-armv8.ios.aarch64.S
-    crypto/fipsmodule/armv8-mont.ios.aarch64.S
-    crypto/fipsmodule/ghash-neon-armv8.ios.aarch64.S
-    crypto/fipsmodule/ghashv8-armx64.ios.aarch64.S
-    crypto/fipsmodule/p256-armv8-asm.ios.aarch64.S
-    crypto/fipsmodule/p256_beeu-armv8-asm.ios.aarch64.S
-    crypto/fipsmodule/sha1-armv8.ios.aarch64.S
-    crypto/fipsmodule/sha256-armv8.ios.aarch64.S
-    crypto/fipsmodule/sha512-armv8.ios.aarch64.S
-    crypto/fipsmodule/vpaes-armv8.ios.aarch64.S)
+    crypto/chacha/chacha-armv8-ios.ios.aarch64.S
+    crypto/cipher_extra/chacha20_poly1305_armv8-ios.ios.aarch64.S
+    crypto/fipsmodule/aesv8-armv8-ios.ios.aarch64.S
+    crypto/fipsmodule/aesv8-gcm-armv8-ios.ios.aarch64.S
+    crypto/fipsmodule/armv8-mont-ios.ios.aarch64.S
+    crypto/fipsmodule/bn-armv8-ios.ios.aarch64.S
+    crypto/fipsmodule/ghash-neon-armv8-ios.ios.aarch64.S
+    crypto/fipsmodule/ghashv8-armv8-ios.ios.aarch64.S
+    crypto/fipsmodule/p256-armv8-asm-ios.ios.aarch64.S
+    crypto/fipsmodule/p256_beeu-armv8-asm-ios.ios.aarch64.S
+    crypto/fipsmodule/sha1-armv8-ios.ios.aarch64.S
+    crypto/fipsmodule/sha256-armv8-ios.ios.aarch64.S
+    crypto/fipsmodule/sha512-armv8-ios.ios.aarch64.S
+    crypto/fipsmodule/vpaes-armv8-ios.ios.aarch64.S)
 elseif(CMAKE_SYSTEM_NAME MATCHES "Linux|Android" AND CMAKE_SYSTEM_PROCESSOR MATCHES "arm64|aarch64")
   target_sources(CCryptoBoringSSL PRIVATE
-    crypto/chacha/chacha-armv8.linux.aarch64.S
-    crypto/cipher_extra/chacha20_poly1305_armv8.linux.aarch64.S
-    crypto/fipsmodule/aesv8-armx64.linux.aarch64.S
-    crypto/fipsmodule/aesv8-gcm-armv8.linux.aarch64.S
-    crypto/fipsmodule/armv8-mont.linux.aarch64.S
-    crypto/fipsmodule/ghash-neon-armv8.linux.aarch64.S
-    crypto/fipsmodule/ghashv8-armx64.linux.aarch64.S
-    crypto/fipsmodule/p256-armv8-asm.linux.aarch64.S
-    crypto/fipsmodule/p256_beeu-armv8-asm.linux.aarch64.S
-    crypto/fipsmodule/sha1-armv8.linux.aarch64.S
-    crypto/fipsmodule/sha256-armv8.linux.aarch64.S
-    crypto/fipsmodule/sha512-armv8.linux.aarch64.S
-    crypto/fipsmodule/vpaes-armv8.linux.aarch64.S)
+    crypto/chacha/chacha-armv8-linux.linux.aarch64.S
+    crypto/cipher_extra/chacha20_poly1305_armv8-linux.linux.aarch64.S
+    crypto/fipsmodule/aesv8-armv8-linux.linux.aarch64.S
+    crypto/fipsmodule/aesv8-gcm-armv8-linux.linux.aarch64.S
+    crypto/fipsmodule/armv8-mont-linux.linux.aarch64.S
+    crypto/fipsmodule/bn-armv8-linux.linux.aarch64.S
+    crypto/fipsmodule/ghash-neon-armv8-linux.linux.aarch64.S
+    crypto/fipsmodule/ghashv8-armv8-linux.linux.aarch64.S
+    crypto/fipsmodule/p256-armv8-asm-linux.linux.aarch64.S
+    crypto/fipsmodule/p256_beeu-armv8-asm-linux.linux.aarch64.S
+    crypto/fipsmodule/sha1-armv8-linux.linux.aarch64.S
+    crypto/fipsmodule/sha256-armv8-linux.linux.aarch64.S
+    crypto/fipsmodule/sha512-armv8-linux.linux.aarch64.S
+    crypto/fipsmodule/vpaes-armv8-linux.linux.aarch64.S)
 endif()
 
 target_include_directories(CCryptoBoringSSL PUBLIC

diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_bitstr.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_bitstr.c
@@ -184,7 +184,6 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
   if (len > 0) {
     s = OPENSSL_memdup(p, len);
     if (s == NULL) {
-      OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
       goto err;
     }
     p += len;
@@ -236,7 +235,6 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) {
       c = (unsigned char *)OPENSSL_realloc(a->data, w + 1);
     }
     if (c == NULL) {
-      OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
       return 0;
     }
     if (w + 1 - a->length > 0) {

diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_bool.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_bool.c
@@ -56,65 +56,40 @@
 
 #include <CCryptoBoringSSL_asn1.h>
 
+#include <CCryptoBoringSSL_bytestring.h>
 #include <CCryptoBoringSSL_err.h>
-#include <CCryptoBoringSSL_mem.h>
 
-int i2d_ASN1_BOOLEAN(ASN1_BOOLEAN a, unsigned char **pp) {
-  int r;
-  unsigned char *p, *allocated = NULL;
+#include "../bytestring/internal.h"
 
-  r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
-  if (pp == NULL) {
-    return r;
-  }
-
-  if (*pp == NULL) {
-    if ((p = allocated = OPENSSL_malloc(r)) == NULL) {
-      OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
-      return -1;
-    }
-  } else {
-    p = *pp;
-  }
-
-  ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
-  *p = a ? 0xff : 0x00;
-
-  // If a new buffer was allocated, just return it back.
-  // If not, return the incremented buffer pointer.
-  *pp = allocated != NULL ? allocated : p + 1;
-  return r;
-}
 
-ASN1_BOOLEAN d2i_ASN1_BOOLEAN(ASN1_BOOLEAN *a, const unsigned char **pp,
-                              long length) {
-  const unsigned char *p = *pp;
-  long len;
-  int inf, tag, xclass;
-  inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
-  if (inf & 0x80) {
-    OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_OBJECT_HEADER);
+int i2d_ASN1_BOOLEAN(ASN1_BOOLEAN a, unsigned char **outp) {
+  CBB cbb;
+  if (!CBB_init(&cbb, 3) ||  //
+      !CBB_add_asn1_bool(&cbb, a != ASN1_BOOLEAN_FALSE)) {
+    CBB_cleanup(&cbb);
     return -1;
   }
+  return CBB_finish_i2d(&cbb, outp);
+}
 
-  if (inf & V_ASN1_CONSTRUCTED) {
-    OPENSSL_PUT_ERROR(ASN1, ASN1_R_TYPE_NOT_PRIMITIVE);
-    return -1;
+ASN1_BOOLEAN d2i_ASN1_BOOLEAN(ASN1_BOOLEAN *out, const unsigned char **inp,
+                              long len) {
+  if (len < 0) {
+    return ASN1_BOOLEAN_NONE;
   }
 
-  if (tag != V_ASN1_BOOLEAN || xclass != V_ASN1_UNIVERSAL) {
-    OPENSSL_PUT_ERROR(ASN1, ASN1_R_EXPECTING_A_BOOLEAN);
-    return -1;
+  CBS cbs;
+  CBS_init(&cbs, *inp, (size_t)len);
+  int val;
+  if (!CBS_get_asn1_bool(&cbs, &val)) {
+    OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
+    return ASN1_BOOLEAN_NONE;
   }
 
-  if (len != 1) {
-    OPENSSL_PUT_ERROR(ASN1, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
-    return -1;
-  }
-  ASN1_BOOLEAN ret = (ASN1_BOOLEAN) * (p++);
-  if (a != NULL) {
-    (*a) = ret;
+  ASN1_BOOLEAN ret = val ? ASN1_BOOLEAN_TRUE : ASN1_BOOLEAN_FALSE;
+  if (out != NULL) {
+    *out = ret;
   }
-  *pp = p;
+  *inp = CBS_data(&cbs);
   return ret;
 }
diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_dup.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_dup.c
@@ -75,7 +75,6 @@ void *ASN1_item_dup(const ASN1_ITEM *it, void *x) {
 
   i = ASN1_item_i2d(x, &b, it);
   if (b == NULL) {
-    OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
     return NULL;
   }
   p = b;

diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_gentm.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_gentm.c
@@ -58,6 +58,7 @@
 #include <CCryptoBoringSSL_bytestring.h>
 #include <CCryptoBoringSSL_err.h>
 #include <CCryptoBoringSSL_mem.h>
+#include <CCryptoBoringSSL_time.h>
 
 #include <string.h>
 #include <time.h>
@@ -98,15 +99,15 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) {
 }
 
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
-                                               time_t t) {
-  return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0);
+                                               int64_t posix_time) {
+  return ASN1_GENERALIZEDTIME_adj(s, posix_time, 0, 0);
 }
 
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
-                                               time_t t, int offset_day,
+                                               int64_t posix_time, int offset_day,
                                                long offset_sec) {
   struct tm data;
-  if (!OPENSSL_gmtime(&t, &data)) {
+  if (!OPENSSL_posix_to_tm(posix_time, &data)) {
     return NULL;
   }
 

diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_i2d_fp.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_i2d_fp.c
@@ -76,7 +76,6 @@ int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) {
   unsigned char *b = NULL;
   int n = ASN1_item_i2d(x, &b, it);
   if (b == NULL) {
-    OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
     return 0;
   }