Update BoringSSL to 45b8d7bbd771cbf7e116db2ba1f1cc7af959497e (#143)

* Update vendoring scripts for new BoringSSL

* Update BoringSSL to 45b8d7bbd771cbf7e116db2ba1f1cc7af959497e

* Minor tweak

Package.swift

@@ -20,7 +20,7 @@
 // Sources/CCryptoBoringSSL directory. The source repository is at
 // https://boringssl.googlesource.com/boringssl.
 //
-// BoringSSL Commit: 0faffc7a30eeb195248ea43056f4848e2a9b1c6d
+// BoringSSL Commit: 45b8d7bbd771cbf7e116db2ba1f1cc7af959497e
 
 import PackageDescription
 

Sources/CCryptoBoringSSL/CMakeLists.txt

@@ -23,7 +23,6 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/asn1/a_mbstr.c"
   "crypto/asn1/a_object.c"
   "crypto/asn1/a_octet.c"
-  "crypto/asn1/a_print.c"
   "crypto/asn1/a_strex.c"
   "crypto/asn1/a_strnid.c"
   "crypto/asn1/a_time.c"
@@ -364,6 +363,7 @@ elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin AND CMAKE_SYSTEM_PROCESSOR MATCHES "arm
     crypto/chacha/chacha-armv8.ios.aarch64.S
     crypto/cipher_extra/chacha20_poly1305_armv8.ios.aarch64.S
     crypto/fipsmodule/aesv8-armx64.ios.aarch64.S
+    crypto/fipsmodule/aesv8-gcm-armv8.ios.aarch64.S
     crypto/fipsmodule/armv8-mont.ios.aarch64.S
     crypto/fipsmodule/ghash-neon-armv8.ios.aarch64.S
     crypto/fipsmodule/ghashv8-armx64.ios.aarch64.S
@@ -378,6 +378,7 @@ elseif(CMAKE_SYSTEM_NAME MATCHES "Linux|Android" AND CMAKE_SYSTEM_PROCESSOR MATC
     crypto/chacha/chacha-armv8.linux.aarch64.S
     crypto/cipher_extra/chacha20_poly1305_armv8.linux.aarch64.S
     crypto/fipsmodule/aesv8-armx64.linux.aarch64.S
+    crypto/fipsmodule/aesv8-gcm-armv8.linux.aarch64.S
     crypto/fipsmodule/armv8-mont.linux.aarch64.S
     crypto/fipsmodule/ghash-neon-armv8.linux.aarch64.S
     crypto/fipsmodule/ghashv8-armx64.linux.aarch64.S

Sources/CCryptoBoringSSL/crypto/asn1/a_bitstr.c

@@ -66,7 +66,8 @@
 #include "internal.h"
 
 
-int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, const unsigned char *d, int len) {
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, const unsigned char *d,
+                        ossl_ssize_t len) {
   return ASN1_STRING_set(x, d, len);
 }
 

Sources/CCryptoBoringSSL/crypto/asn1/a_gentm.c

@@ -81,22 +81,20 @@ int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d) {
 }
 
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) {
-  ASN1_GENERALIZEDTIME t;
-
-  t.type = V_ASN1_GENERALIZEDTIME;
-  t.length = strlen(str);
-  t.data = (unsigned char *)str;
-  if (ASN1_GENERALIZEDTIME_check(&t)) {
-    if (s != NULL) {
-      if (!ASN1_STRING_set((ASN1_STRING *)s, (unsigned char *)str, t.length)) {
-        return 0;
-      }
-      s->type = V_ASN1_GENERALIZEDTIME;
-    }
-    return 1;
-  } else {
+  size_t len = strlen(str);
+  CBS cbs;
+  CBS_init(&cbs, (const uint8_t *)str, len);
+  if (!CBS_parse_generalized_time(&cbs, /*out_tm=*/NULL,
+                                  /*allow_timezone_offset=*/0)) {
     return 0;
   }
+  if (s != NULL) {
+    if (!ASN1_STRING_set(s, str, len)) {
+      return 0;
+    }
+    s->type = V_ASN1_GENERALIZEDTIME;
+  }
+  return 1;
 }
 
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,

Sources/CCryptoBoringSSL/crypto/asn1/a_object.c

@@ -107,8 +107,12 @@ int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a) {
 }
 
 static int write_str(BIO *bp, const char *str) {
-  int len = strlen(str);
-  return BIO_write(bp, str, len) == len ? len : -1;
+  size_t len = strlen(str);
+  if (len > INT_MAX) {
+    OPENSSL_PUT_ERROR(ASN1, ERR_R_OVERFLOW);
+    return -1;
+  }
+  return BIO_write(bp, str, (int)len) == (int)len ? (int)len : -1;
 }
 
 int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a) {

Sources/CCryptoBoringSSL/crypto/asn1/a_strex.c

@@ -59,6 +59,7 @@
 #include <assert.h>
 #include <ctype.h>
 #include <inttypes.h>
+#include <limits.h>
 #include <string.h>
 #include <time.h>
 
@@ -121,7 +122,8 @@ static int do_esc_char(uint32_t c, unsigned long flags, char *do_quotes,
     return maybe_write(out, &u8, 1) ? 1 : -1;
   }
 
-  int len = strlen(buf);
+  static_assert(sizeof(buf) < INT_MAX, "len may not fit in int");
+  int len = (int)strlen(buf);
   return maybe_write(out, buf, len) ? len : -1;
 }
 

Sources/CCryptoBoringSSL/crypto/asn1/a_time.c

@@ -55,6 +55,7 @@
  * [including the GNU Public Licence.] */
 
 #include <CCryptoBoringSSL_asn1.h>
+#include <CCryptoBoringSSL_time.h>
 
 #include <string.h>
 #include <time.h>
@@ -163,28 +164,9 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
   return NULL;
 }
 
-
 int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) {
-  ASN1_TIME t;
-
-  t.length = strlen(str);
-  t.data = (unsigned char *)str;
-  t.flags = 0;
-
-  t.type = V_ASN1_UTCTIME;
-
-  if (!ASN1_TIME_check(&t)) {
-    t.type = V_ASN1_GENERALIZEDTIME;
-    if (!ASN1_TIME_check(&t)) {
-      return 0;
-    }
-  }
-
-  if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t)) {
-    return 0;
-  }
-
-  return 1;
+  return ASN1_UTCTIME_set_string(s, str) ||
+         ASN1_GENERALIZEDTIME_set_string(s, str);
 }
 
 static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t,

Sources/CCryptoBoringSSL/crypto/asn1/a_utctm.c

@@ -82,22 +82,20 @@ int ASN1_UTCTIME_check(const ASN1_UTCTIME *d) {
 }
 
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) {
-  ASN1_UTCTIME t;
-
-  t.type = V_ASN1_UTCTIME;
-  t.length = strlen(str);
-  t.data = (unsigned char *)str;
-  if (ASN1_UTCTIME_check(&t)) {
-    if (s != NULL) {
-      if (!ASN1_STRING_set((ASN1_STRING *)s, (unsigned char *)str, t.length)) {
-        return 0;
-      }
-      s->type = V_ASN1_UTCTIME;
-    }
-    return 1;
-  } else {
+  size_t len = strlen(str);
+  CBS cbs;
+  CBS_init(&cbs, (const uint8_t *)str, len);
+  if (!CBS_parse_utc_time(&cbs, /*out_tm=*/NULL,
+                          /*allow_timezone_offset=*/1)) {
     return 0;
   }
+  if (s != NULL) {
+    if (!ASN1_STRING_set(s, str, len)) {
+      return 0;
+    }
+    s->type = V_ASN1_UTCTIME;
+  }
+  return 1;
 }
 
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) {

Sources/CCryptoBoringSSL/crypto/asn1/asn1_lib.c

@@ -117,7 +117,7 @@ int ASN1_get_object(const unsigned char **inp, long *out_len, int *out_tag,
   // signature fields (see b/18228011). Make this only apply to that field,
   // while requiring DER elsewhere. Better yet, it should be limited to an
   // preprocessing step in that part of Android.
-  unsigned tag;
+  CBS_ASN1_TAG tag;
   size_t header_len;
   int indefinite;
   CBS cbs, body;
@@ -271,19 +271,27 @@ ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str) {
   return ret;
 }
 
-int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) {
-  unsigned char *c;
+int ASN1_STRING_set(ASN1_STRING *str, const void *_data, ossl_ssize_t len_s) {
   const char *data = _data;
-
-  if (len < 0) {
+  size_t len;
+  if (len_s < 0) {
     if (data == NULL) {
       return 0;
-    } else {
-      len = strlen(data);
     }
+    len = strlen(data);
+  } else {
+    len = (size_t)len_s;
+  }
+
+  // |ASN1_STRING| cannot represent strings that exceed |int|, and we must
+  // reserve space for a trailing NUL below.
+  if (len > INT_MAX || len + 1 < len) {
+    OPENSSL_PUT_ERROR(ASN1, ERR_R_OVERFLOW);
+    return 0;
   }
-  if ((str->length <= len) || (str->data == NULL)) {
-    c = str->data;
+
+  if (str->length <= (int)len || str->data == NULL) {
+    unsigned char *c = str->data;
     if (c == NULL) {
       str->data = OPENSSL_malloc(len + 1);
     } else {
@@ -296,10 +304,13 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) {
       return 0;
     }
   }
-  str->length = len;
+  str->length = (int)len;
   if (data != NULL) {
     OPENSSL_memcpy(str->data, data, len);
-    // an allowance for strings :-)
+    // Historically, OpenSSL would NUL-terminate most (but not all)
+    // |ASN1_STRING|s, in case anyone accidentally passed |str->data| into a
+    // function expecting a C string. We retain this behavior for compatibility,
+    // but code must not rely on this. See CVE-2021-3712.
     str->data[len] = '\0';
   }
   return 1;

Sources/CCryptoBoringSSL/crypto/asn1/internal.h

@@ -71,16 +71,6 @@ extern "C" {
 
 // Wrapper functions for time functions.
 
-// OPENSSL_posix_to_tm converts a int64_t POSIX time value in |time| whuch must
-// be in the range of year 0000 to 9999 to a broken out time value in |tm|. It
-// returns one on success and zero on error.
-OPENSSL_EXPORT int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm);
-
-// OPENSSL_tm_to_posix converts a time value between the years 0 and 9999 in
-// |tm| to a POSIX time value in |out|. One is returned on success, zero is
-// returned on failure. It is a failure if the tm contains out of range values.
-OPENSSL_EXPORT int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out);
-
 // OPENSSL_gmtime converts a time_t value in |time| which must be in the range
 // of year 0000 to 9999 to a broken out time value in |tm|. On success |tm| is
 // returned. On failure NULL is returned.
@@ -137,8 +127,7 @@ ASN1_OBJECT *ASN1_OBJECT_new(void);
 // problems with invalid encodings which can break signatures.
 typedef struct ASN1_ENCODING_st {
   unsigned char *enc;  // DER encoding
-  long len;            // Length of encoding
-  int modified;        // set to 1 if 'enc' is invalid
+  long len;            // Length of encoding, or zero if not present.
   // alias_only is zero if |enc| owns the buffer that it points to
   // (although |enc| may still be NULL). If one, |enc| points into a
   // buffer that is owned elsewhere.
@@ -208,6 +197,9 @@ int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
 int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
                   const ASN1_ITEM *it);
 
+// asn1_encoding_clear clears the cached encoding in |enc|.
+void asn1_encoding_clear(ASN1_ENCODING *enc);
+
 // asn1_type_value_as_pointer returns |a|'s value in pointer form. This is
 // usually the value object but, for BOOLEAN values, is 0 or 0xff cast to
 // a pointer.

Sources/CCryptoBoringSSL/crypto/asn1/posix_time.c

@@ -15,6 +15,8 @@
 // Time conversion to/from POSIX time_t and struct tm, with no support
 // for time zones other than UTC
 
+#include <CCryptoBoringSSL_time.h>
+
 #include <assert.h>
 #include <inttypes.h>
 #include <limits.h>