Upstream

CMakeLists.txt

@@ -773,8 +773,6 @@ endif()
 
 if(CONSTANT_TIME_VALIDATION)
   add_definitions(-DBORINGSSL_CONSTANT_TIME_VALIDATION)
-  # Asserts will often test secret data.
-  add_definitions(-DNDEBUG)
 endif()
 
 # CMake's iOS support uses Apple's multiple-architecture toolchain. It takes an
@@ -984,7 +982,11 @@ if(BUILD_TESTING)
         DEPENDS util/embed_test_data.go ${CRYPTO_TEST_DATA}
         WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
   else()
-    file(COPY ${GENERATE_CODE_ROOT}/crypto_test_data.cc DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/)
+    add_custom_command(
+        OUTPUT crypto_test_data.cc
+        COMMAND ${CMAKE_COMMAND} -E tar "jxvf" ${GENERATE_CODE_ROOT}/crypto_test_data.cc.tar.bz2
+        DEPENDS  ${GENERATE_CODE_ROOT}/crypto_test_data.cc.tar.bz2
+        WORKING_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}")
   endif()
   add_library(crypto_test_data OBJECT crypto_test_data.cc)
 

PrivacyInfo.xcprivacy

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+
+<!--
+This file is for using BoringSSL in Apple ecosystems. You may have to point
+Xcode at it yourself. See
+https://developer.apple.com/documentation/bundleresources/privacy_manifest_files
+-->
+
+<dict>
+	<key>NSPrivacyTracking</key>
+	<false/>
+	<key>NSPrivacyTrackingDomains</key>
+	<array/>
+	<key>NSPrivacyCollectedDataTypes</key>
+	<array/>
+	<key>NSPrivacyAccessedAPITypes</key>
+	<array/>
+</dict>
+</plist>

crypto/CMakeLists.txt

@@ -395,6 +395,7 @@ add_library(
   cipher_extra/e_rc4.c
   cipher_extra/e_tls.c
   cipher_extra/tls_cbc.c
+  curve25519_extra/curve25519_extra.c
   conf/conf.c
   crypto.c
   des/des.c
@@ -474,9 +475,7 @@ add_library(
   rand_extra/deterministic.c
   rand_extra/entropy_passive.c
   rand_extra/forkunsafe.c
-  rand_extra/fuchsia.c
   rand_extra/rand_extra.c
-  rand_extra/trusty.c
   rand_extra/windows.c
   rc4/rc4.c
   refcount_c11.c

crypto/bio/bio.c

@@ -85,10 +85,15 @@ static int call_bio_callback_with_processed(BIO *bio, const int oper,
     // Pass the original BIO's return value to the callback. If the callback
     // is successful return processed from the callback, if the callback is
     // not successful return the callback's return value.
-    ret = (int)bio->callback_ex(bio, oper, buf, len, 0, 0L, ret, &processed);
-    if (ret > 0) {
-      // BIO will only read int |len| bytes so this is a safe cast
-      ret = (int)processed;
+    long callback_ret = bio->callback_ex(bio, oper, buf, len, 0, 0L, ret, &processed);
+    if (callback_ret <= INT_MAX && callback_ret >= INT_MIN) {
+      ret = (int)callback_ret;
+      if (ret > 0) {
+        // BIO will only read int |len| bytes so this is a safe cast
+        ret = (int)processed;
+      }
+    } else {
+      ret = -1;
     }
   }
   return ret;
@@ -131,9 +136,12 @@ int BIO_free(BIO *bio) {
       bio->method->destroy(bio);
     }
     if (HAS_CALLBACK(bio)) {
-      int ret = (int)bio->callback_ex(bio, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL);
+      long ret = bio->callback_ex(bio, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL);
       if (ret <= 0) {
-        return ret;
+        if (ret >= INT_MIN) {
+          return (int)ret;
+        }
+        return INT_MIN;
       }
     }
 
@@ -167,9 +175,12 @@ int BIO_read(BIO *bio, void *buf, int len) {
   }
 
   if (HAS_CALLBACK(bio)) {
-    ret = (int)bio->callback_ex(bio, BIO_CB_READ, buf, len, 0, 0L, 1L, NULL);
-    if (ret <= 0) {
-      return ret;
+    long callback_ret = bio->callback_ex(bio, BIO_CB_READ, buf, len, 0, 0L, 1L, NULL);
+    if (callback_ret <= 0) {
+      if (callback_ret >= INT_MIN) {
+        return (int)callback_ret;
+      }
+      return INT_MIN;
     }
   }
   if (!bio->init) {
@@ -217,18 +228,20 @@ int BIO_gets(BIO *bio, char *buf, int len) {
     return 0;
   }
 
-  int ret = 0;
   if (HAS_CALLBACK(bio)) {
-    ret = (int)bio->callback_ex(bio, BIO_CB_GETS, buf, len, 0, 0L, 1L, NULL);
-    if (ret <= 0) {
-      return ret;
+    long callback_ret = bio->callback_ex(bio, BIO_CB_GETS, buf, len, 0, 0L, 1L, NULL);
+    if (callback_ret <= 0) {
+      if (callback_ret >= INT_MIN) {
+        return (int)callback_ret;
+      }
+      return INT_MIN;
     }
   }
   if (!bio->init) {
     OPENSSL_PUT_ERROR(BIO, BIO_R_UNINITIALIZED);
     return -2;
   }
-  ret = bio->method->bgets(bio, buf, len);
+  int ret = bio->method->bgets(bio, buf, len);
   if (ret > 0) {
     bio->num_read += ret;
   }
@@ -248,9 +261,12 @@ int BIO_write(BIO *bio, const void *in, int inl) {
   }
 
   if (HAS_CALLBACK(bio)) {
-    ret = (int)bio->callback_ex(bio, BIO_CB_WRITE, in, inl, 0, 0L, 1L, NULL);
-    if (ret <= 0) {
-      return ret;
+    long callback_ret = bio->callback_ex(bio, BIO_CB_WRITE, in, inl, 0, 0L, 1L, NULL);
+    if (callback_ret <= 0) {
+      if (callback_ret >= INT_MIN) {
+        return (int)callback_ret;
+      }
+      return INT_MIN;
     }
   }
 
@@ -317,18 +333,21 @@ int BIO_puts(BIO *bio, const char *in) {
     OPENSSL_PUT_ERROR(BIO, BIO_R_UNSUPPORTED_METHOD);
     return -2;
   }
-  int ret = 0;
   if(HAS_CALLBACK(bio)) {
-    ret = (int)bio->callback_ex(bio, BIO_CB_PUTS, in, 0, 0, 0L, 1L, NULL);
-    if (ret <= 0) {
-      return ret;
+    long callback_ret = bio->callback_ex(bio, BIO_CB_PUTS, in, 0, 0, 0L, 1L, NULL);
+    if (callback_ret <= 0) {
+      if (callback_ret >= INT_MIN) {
+        return (int)callback_ret;
+      }
+      return INT_MIN;
     }
   }
 
   if (!bio->init) {
     OPENSSL_PUT_ERROR(BIO, BIO_R_UNINITIALIZED);
     return -2;
   }
+  int ret = 0;
   if (bio->method->bputs != NULL) {
     ret = bio->method->bputs(bio, in);
   } else {

crypto/bio/hexdump.c

@@ -98,7 +98,9 @@ static int hexdump_write(struct hexdump_ctx *ctx, const uint8_t *data,
   for (size_t i = 0; i < len; i++) {
     if (ctx->used == 0) {
       // The beginning of a line.
-      BIO_indent(ctx->bio, ctx->indent, UINT_MAX);
+      if (!BIO_indent(ctx->bio, ctx->indent, UINT_MAX)) {
+        return 0;
+      }
 
       hexbyte(&buf[0], ctx->n >> 24);
       hexbyte(&buf[2], ctx->n >> 16);

crypto/bn_extra/convert.c

@@ -74,7 +74,7 @@ int BN_bn2cbb_padded(CBB *out, size_t len, const BIGNUM *in) {
   return CBB_add_space(out, &ptr, len) && BN_bn2bin_padded(ptr, len, in);
 }
 
-static const char hextable[] = "0123456789abcdef";
+static const char hextable[] = "0123456789ABCDEF";
 
 char *BN_bn2hex(const BIGNUM *bn) {
   int width = bn_minimal_width(bn);
@@ -448,7 +448,14 @@ BIGNUM *BN_mpi2bn(const uint8_t *in, size_t len, BIGNUM *out) {
   }
   out->neg = ((*in) & 0x80) != 0;
   if (out->neg) {
-    BN_clear_bit(out, BN_num_bits(out) - 1);
+    unsigned num_bits = BN_num_bits(out);
+    if (num_bits >= INT_MAX) {
+      if (out_is_alloced) {
+        BN_free(out);
+      }
+      return NULL;
+    }
+    BN_clear_bit(out, (int)num_bits - 1);
   }
   return out;
 }

crypto/bytestring/unicode.c

@@ -18,11 +18,12 @@
 
 
 static int is_valid_code_point(uint32_t v) {
-  // References in the following are to Unicode 9.0.0.
+  // References in the following are to Unicode 15.0.0.
   if (// The Unicode space runs from zero to 0x10ffff (3.4 D9).
       v > 0x10ffff ||
       // Values 0x...fffe, 0x...ffff, and 0xfdd0-0xfdef are permanently reserved
-      // (3.4 D14)
+      // as noncharacters (3.4 D14). See also 23.7. As our APIs are intended for
+      // "open interchange", such as ASN.1, we reject them.
       (v & 0xfffe) == 0xfffe ||
       (v >= 0xfdd0 && v <= 0xfdef) ||
       // Surrogate code points are invalid (3.2 C1).

crypto/cipher_extra/e_des.c

@@ -85,16 +85,14 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
 }
 
 static const EVP_CIPHER evp_des_cbc = {
-    /* nid = */ NID_des_cbc,
-    /* block_size = */ 8,
-    /* key_len = */ 8,
-    /* iv_len = */ 8,
-    /* ctx_size = */ sizeof(EVP_DES_KEY),
-    /* flags = */ EVP_CIPH_CBC_MODE,
-    /* init = */ des_init_key,
-    /* cipher = */ des_cbc_cipher,
-    /* cleanup = */ NULL,
-    /* ctrl = */ NULL,
+    .nid = NID_des_cbc,
+    .block_size = 8,
+    .key_len = 8,
+    .iv_len = 8,
+    .ctx_size = sizeof(EVP_DES_KEY),
+    .flags = EVP_CIPH_CBC_MODE,
+    .init = des_init_key,
+    .cipher = des_cbc_cipher,
 };
 
 const EVP_CIPHER *EVP_des_cbc(void) { return &evp_des_cbc; }
@@ -114,16 +112,14 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
 }
 
 static const EVP_CIPHER evp_des_ecb = {
-    /* nid = */ NID_des_ecb,
-    /* block_size = */ 8,
-    /* key_len = */ 8,
-    /* iv_len = */ 0,
-    /* ctx_size = */ sizeof(EVP_DES_KEY),
-    /* flags = */ EVP_CIPH_ECB_MODE,
-    /* init = */ des_init_key,
-    /* cipher = */ des_ecb_cipher,
-    /* cleanup = */ NULL,
-    /* ctrl = */ NULL,
+    .nid = NID_des_ecb,
+    .block_size = 8,
+    .key_len = 8,
+    .iv_len = 0,
+    .ctx_size = sizeof(EVP_DES_KEY),
+    .flags = EVP_CIPH_ECB_MODE,
+    .init = des_init_key,
+    .cipher = des_ecb_cipher,
 };
 
 const EVP_CIPHER *EVP_des_ecb(void) { return &evp_des_ecb; }
@@ -153,16 +149,14 @@ static int des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
 }
 
 static const EVP_CIPHER evp_des_ede3_cbc = {
-    /* nid = */ NID_des_ede3_cbc,
-    /* block_size = */ 8,
-    /* key_len = */ 24,
-    /* iv_len = */ 8,
-    /* ctx_size = */ sizeof(DES_EDE_KEY),
-    /* flags = */ EVP_CIPH_CBC_MODE,
-    /* init = */ des_ede3_init_key,
-    /* cipher = */ des_ede3_cbc_cipher,
-    /* cleanup = */ NULL,
-    /* ctrl = */ NULL,
+    .nid = NID_des_ede3_cbc,
+    .block_size = 8,
+    .key_len = 24,
+    .iv_len = 8,
+    .ctx_size = sizeof(DES_EDE_KEY),
+    .flags = EVP_CIPH_CBC_MODE,
+    .init = des_ede3_init_key,
+    .cipher = des_ede3_cbc_cipher,
 };
 
 const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &evp_des_ede3_cbc; }
@@ -178,16 +172,14 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
 }
 
 static const EVP_CIPHER evp_des_ede_cbc = {
-    /* nid = */ NID_des_ede_cbc,
-    /* block_size = */ 8,
-    /* key_len = */ 16,
-    /* iv_len = */ 8,
-    /* ctx_size = */ sizeof(DES_EDE_KEY),
-    /* flags = */ EVP_CIPH_CBC_MODE,
-    /* init = */ des_ede_init_key,
-    /* cipher = */ des_ede3_cbc_cipher,
-    /* cleanup = */ NULL,
-    /* ctrl = */ NULL,
+    .nid = NID_des_ede_cbc,
+    .block_size = 8,
+    .key_len = 16,
+    .iv_len = 8,
+    .ctx_size = sizeof(DES_EDE_KEY),
+    .flags = EVP_CIPH_CBC_MODE,
+    .init = des_ede_init_key,
+    .cipher = des_ede3_cbc_cipher,
 };
 
 const EVP_CIPHER *EVP_des_ede_cbc(void) { return &evp_des_ede_cbc; }
@@ -208,31 +200,27 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
 }
 
 static const EVP_CIPHER evp_des_ede = {
-    /* nid = */ NID_des_ede_ecb,
-    /* block_size = */ 8,
-    /* key_len = */ 16,
-    /* iv_len = */ 0,
-    /* ctx_size = */ sizeof(DES_EDE_KEY),
-    /* flags = */ EVP_CIPH_ECB_MODE,
-    /* init = */ des_ede_init_key,
-    /* cipher = */ des_ede_ecb_cipher,
-    /* cleanup = */ NULL,
-    /* ctrl = */ NULL,
+    .nid = NID_des_ede_ecb,
+    .block_size = 8,
+    .key_len = 16,
+    .iv_len = 0,
+    .ctx_size = sizeof(DES_EDE_KEY),
+    .flags = EVP_CIPH_ECB_MODE,
+    .init = des_ede_init_key,
+    .cipher = des_ede_ecb_cipher,
 };
 
 const EVP_CIPHER *EVP_des_ede(void) { return &evp_des_ede; }
 
 static const EVP_CIPHER evp_des_ede3 = {
-    /* nid = */ NID_des_ede3_ecb,
-    /* block_size = */ 8,
-    /* key_len = */ 24,
-    /* iv_len = */ 0,
-    /* ctx_size = */ sizeof(DES_EDE_KEY),
-    /* flags = */ EVP_CIPH_ECB_MODE,
-    /* init = */ des_ede3_init_key,
-    /* cipher = */ des_ede_ecb_cipher,
-    /* cleanup = */ NULL,
-    /* ctrl = */ NULL,
+    .nid = NID_des_ede3_ecb,
+    .block_size = 8,
+    .key_len = 24,
+    .iv_len = 0,
+    .ctx_size = sizeof(DES_EDE_KEY),
+    .flags = EVP_CIPH_ECB_MODE,
+    .init = des_ede3_init_key,
+    .cipher = des_ede_ecb_cipher,
 };
 
 const EVP_CIPHER *EVP_des_ede3(void) { return &evp_des_ede3; }

crypto/cipher_extra/e_null.c

@@ -78,9 +78,13 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
 }
 
 static const EVP_CIPHER n_cipher = {
-    NID_undef,          1 /* block size */, 0 /* key_len */, 0 /* iv_len */,
-    0 /* ctx_size */,   0 /* flags */,      null_init_key,   null_cipher,
-    NULL /* cleanup */, NULL /* ctrl */,
+    .nid = NID_undef,
+    .block_size = 1,
+    .key_len = 0,
+    .iv_len = 0,
+    .ctx_size = 0,
+    .init = null_init_key,
+    .cipher = null_cipher,
 };
 
 const EVP_CIPHER *EVP_enc_null(void) { return &n_cipher; }