Update BoringSSL to 6a2ccdcc2ed1d37a43a2183658d2ae61fd5ce208

Package.swift

@@ -20,7 +20,7 @@
 // Sources/CCryptoBoringSSL directory. The source repository is at
 // https://boringssl.googlesource.com/boringssl.
 //
-// BoringSSL Commit: dbad745811195c00b729efd0ee0a09b7d9fce1d2
+// BoringSSL Commit: 6a2ccdcc2ed1d37a43a2183658d2ae61fd5ce208
 
 import PackageDescription
 

Sources/CCryptoBoringSSL/CMakeLists.txt

@@ -91,6 +91,7 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/dh_extra/dh_asn1.c"
   "crypto/dh_extra/params.c"
   "crypto/digest_extra/digest_extra.c"
+  "crypto/dilithium/dilithium.c"
   "crypto/dsa/dsa.c"
   "crypto/dsa/dsa_asn1.c"
   "crypto/ec_extra/ec_asn1.c"
@@ -100,10 +101,11 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/ecdsa_extra/ecdsa_asn1.c"
   "crypto/engine/engine.c"
   "crypto/err/err.c"
-  "crypto/err/err_data.c"
   "crypto/evp/evp.c"
   "crypto/evp/evp_asn1.c"
   "crypto/evp/evp_ctx.c"
+  "crypto/evp/p_dh.c"
+  "crypto/evp/p_dh_asn1.c"
   "crypto/evp/p_dsa_asn1.c"
   "crypto/evp/p_ec.c"
   "crypto/evp/p_ec_asn1.c"
@@ -119,89 +121,17 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/evp/scrypt.c"
   "crypto/evp/sign.c"
   "crypto/ex_data.c"
-  "crypto/fipsmodule/aes/aes.c"
-  "crypto/fipsmodule/aes/aes_nohw.c"
-  "crypto/fipsmodule/aes/key_wrap.c"
-  "crypto/fipsmodule/aes/mode_wrappers.c"
-  "crypto/fipsmodule/bn/add.c"
-  "crypto/fipsmodule/bn/asm/x86_64-gcc.c"
-  "crypto/fipsmodule/bn/bn.c"
-  "crypto/fipsmodule/bn/bytes.c"
-  "crypto/fipsmodule/bn/cmp.c"
-  "crypto/fipsmodule/bn/ctx.c"
-  "crypto/fipsmodule/bn/div.c"
-  "crypto/fipsmodule/bn/div_extra.c"
-  "crypto/fipsmodule/bn/exponentiation.c"
-  "crypto/fipsmodule/bn/gcd.c"
-  "crypto/fipsmodule/bn/gcd_extra.c"
-  "crypto/fipsmodule/bn/generic.c"
-  "crypto/fipsmodule/bn/jacobi.c"
-  "crypto/fipsmodule/bn/montgomery.c"
-  "crypto/fipsmodule/bn/montgomery_inv.c"
-  "crypto/fipsmodule/bn/mul.c"
-  "crypto/fipsmodule/bn/prime.c"
-  "crypto/fipsmodule/bn/random.c"
-  "crypto/fipsmodule/bn/rsaz_exp.c"
-  "crypto/fipsmodule/bn/shift.c"
-  "crypto/fipsmodule/bn/sqrt.c"
-  "crypto/fipsmodule/cipher/aead.c"
-  "crypto/fipsmodule/cipher/cipher.c"
-  "crypto/fipsmodule/cipher/e_aes.c"
-  "crypto/fipsmodule/cipher/e_aesccm.c"
-  "crypto/fipsmodule/cmac/cmac.c"
-  "crypto/fipsmodule/dh/check.c"
-  "crypto/fipsmodule/dh/dh.c"
-  "crypto/fipsmodule/digest/digest.c"
-  "crypto/fipsmodule/digest/digests.c"
-  "crypto/fipsmodule/digestsign/digestsign.c"
-  "crypto/fipsmodule/ec/ec.c"
-  "crypto/fipsmodule/ec/ec_key.c"
-  "crypto/fipsmodule/ec/ec_montgomery.c"
-  "crypto/fipsmodule/ec/felem.c"
-  "crypto/fipsmodule/ec/oct.c"
-  "crypto/fipsmodule/ec/p224-64.c"
-  "crypto/fipsmodule/ec/p256-nistz.c"
-  "crypto/fipsmodule/ec/p256.c"
-  "crypto/fipsmodule/ec/scalar.c"
-  "crypto/fipsmodule/ec/simple.c"
-  "crypto/fipsmodule/ec/simple_mul.c"
-  "crypto/fipsmodule/ec/util.c"
-  "crypto/fipsmodule/ec/wnaf.c"
-  "crypto/fipsmodule/ecdh/ecdh.c"
-  "crypto/fipsmodule/ecdsa/ecdsa.c"
+  "crypto/fipsmodule/bcm.c"
   "crypto/fipsmodule/fips_shared_support.c"
-  "crypto/fipsmodule/hkdf/hkdf.c"
-  "crypto/fipsmodule/hmac/hmac.c"
-  "crypto/fipsmodule/md4/md4.c"
-  "crypto/fipsmodule/md5/md5.c"
-  "crypto/fipsmodule/modes/cbc.c"
-  "crypto/fipsmodule/modes/cfb.c"
-  "crypto/fipsmodule/modes/ctr.c"
-  "crypto/fipsmodule/modes/gcm.c"
-  "crypto/fipsmodule/modes/gcm_nohw.c"
-  "crypto/fipsmodule/modes/ofb.c"
-  "crypto/fipsmodule/modes/polyval.c"
-  "crypto/fipsmodule/rand/ctrdrbg.c"
-  "crypto/fipsmodule/rand/fork_detect.c"
-  "crypto/fipsmodule/rand/rand.c"
-  "crypto/fipsmodule/rand/urandom.c"
-  "crypto/fipsmodule/rsa/blinding.c"
-  "crypto/fipsmodule/rsa/padding.c"
-  "crypto/fipsmodule/rsa/rsa.c"
-  "crypto/fipsmodule/rsa/rsa_impl.c"
-  "crypto/fipsmodule/self_check/fips.c"
-  "crypto/fipsmodule/self_check/self_check.c"
-  "crypto/fipsmodule/service_indicator/service_indicator.c"
-  "crypto/fipsmodule/sha/sha1.c"
-  "crypto/fipsmodule/sha/sha256.c"
-  "crypto/fipsmodule/sha/sha512.c"
-  "crypto/fipsmodule/tls/kdf.c"
   "crypto/hpke/hpke.c"
   "crypto/hrss/hrss.c"
   "crypto/keccak/keccak.c"
   "crypto/kyber/kyber.c"
   "crypto/lhash/lhash.c"
+  "crypto/md4/md4.c"
+  "crypto/md5/md5.c"
   "crypto/mem.c"
+  "crypto/mldsa/mldsa.c"
   "crypto/obj/obj.c"
   "crypto/obj/obj_xref.c"
   "crypto/pem/pem_all.c"
@@ -222,26 +152,29 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/poly1305/poly1305_vec.c"
   "crypto/pool/pool.c"
   "crypto/rand_extra/deterministic.c"
+  "crypto/rand_extra/fork_detect.c"
   "crypto/rand_extra/forkunsafe.c"
   "crypto/rand_extra/getentropy.c"
   "crypto/rand_extra/ios.c"
   "crypto/rand_extra/passive.c"
   "crypto/rand_extra/rand_extra.c"
   "crypto/rand_extra/trusty.c"
+  "crypto/rand_extra/urandom.c"
   "crypto/rand_extra/windows.c"
   "crypto/rc4/rc4.c"
   "crypto/refcount.c"
   "crypto/rsa_extra/rsa_asn1.c"
   "crypto/rsa_extra/rsa_crypt.c"
   "crypto/rsa_extra/rsa_print.c"
+  "crypto/sha/sha1.c"
   "crypto/siphash/siphash.c"
-  "crypto/spx/address.c"
-  "crypto/spx/fors.c"
-  "crypto/spx/merkle.c"
   "crypto/spx/spx.c"
+  "crypto/spx/spx_address.c"
+  "crypto/spx/spx_fors.c"
+  "crypto/spx/spx_merkle.c"
+  "crypto/spx/spx_thash.c"
   "crypto/spx/spx_util.c"
-  "crypto/spx/thash.c"
-  "crypto/spx/wots.c"
+  "crypto/spx/spx_wots.c"
   "crypto/stack/stack.c"
   "crypto/thread.c"
   "crypto/thread_none.c"
@@ -319,80 +252,21 @@ add_library(CCryptoBoringSSL STATIC
   "crypto/x509/x_spki.c"
   "crypto/x509/x_val.c"
   "crypto/x509/x_x509.c"
-  "crypto/x509/x_x509a.c")
+  "crypto/x509/x_x509a.c"
+  "gen/crypto/err_data.c")
 
 if(CMAKE_SYSTEM_NAME STREQUAL Darwin AND CMAKE_SYSTEM_PROCESSOR MATCHES "amd64|x86_64")
   target_sources(CCryptoBoringSSL PRIVATE
-    crypto/chacha/chacha-x86_64-mac.mac.x86_64.S
-    crypto/cipher_extra/aes128gcmsiv-x86_64-mac.mac.x86_64.S
-    crypto/cipher_extra/chacha20_poly1305_x86_64-mac.mac.x86_64.S
-    crypto/fipsmodule/aesni-gcm-x86_64-mac.mac.x86_64.S
-    crypto/fipsmodule/aesni-x86_64-mac.mac.x86_64.S
-    crypto/fipsmodule/ghash-ssse3-x86_64-mac.mac.x86_64.S
-    crypto/fipsmodule/ghash-x86_64-mac.mac.x86_64.S
-    crypto/fipsmodule/md5-x86_64-mac.mac.x86_64.S
-    crypto/fipsmodule/p256-x86_64-asm-mac.mac.x86_64.S
-    crypto/fipsmodule/p256_beeu-x86_64-asm-mac.mac.x86_64.S
-    crypto/fipsmodule/rdrand-x86_64-mac.mac.x86_64.S
-    crypto/fipsmodule/rsaz-avx2-mac.mac.x86_64.S
-    crypto/fipsmodule/sha1-x86_64-mac.mac.x86_64.S
-    crypto/fipsmodule/sha256-x86_64-mac.mac.x86_64.S
-    crypto/fipsmodule/sha512-x86_64-mac.mac.x86_64.S
-    crypto/fipsmodule/vpaes-x86_64-mac.mac.x86_64.S
-    crypto/fipsmodule/x86_64-mont-mac.mac.x86_64.S
-    crypto/fipsmodule/x86_64-mont5-mac.mac.x86_64.S)
+)
 elseif(CMAKE_SYSTEM_NAME MATCHES "Linux|Android" AND CMAKE_SYSTEM_PROCESSOR MATCHES "amd64|x86_64")
   target_sources(CCryptoBoringSSL PRIVATE
-    crypto/chacha/chacha-x86_64-linux.linux.x86_64.S
-    crypto/cipher_extra/aes128gcmsiv-x86_64-linux.linux.x86_64.S
-    crypto/cipher_extra/chacha20_poly1305_x86_64-linux.linux.x86_64.S
-    crypto/fipsmodule/aesni-gcm-x86_64-linux.linux.x86_64.S
-    crypto/fipsmodule/aesni-x86_64-linux.linux.x86_64.S
-    crypto/fipsmodule/ghash-ssse3-x86_64-linux.linux.x86_64.S
-    crypto/fipsmodule/ghash-x86_64-linux.linux.x86_64.S
-    crypto/fipsmodule/md5-x86_64-linux.linux.x86_64.S
-    crypto/fipsmodule/p256-x86_64-asm-linux.linux.x86_64.S
-    crypto/fipsmodule/p256_beeu-x86_64-asm-linux.linux.x86_64.S
-    crypto/fipsmodule/rdrand-x86_64-linux.linux.x86_64.S
-    crypto/fipsmodule/rsaz-avx2-linux.linux.x86_64.S
-    crypto/fipsmodule/sha1-x86_64-linux.linux.x86_64.S
-    crypto/fipsmodule/sha256-x86_64-linux.linux.x86_64.S
-    crypto/fipsmodule/sha512-x86_64-linux.linux.x86_64.S
-    crypto/fipsmodule/vpaes-x86_64-linux.linux.x86_64.S
-    crypto/fipsmodule/x86_64-mont-linux.linux.x86_64.S
-    crypto/fipsmodule/x86_64-mont5-linux.linux.x86_64.S)
+)
 elseif(CMAKE_SYSTEM_NAME STREQUAL Darwin AND CMAKE_SYSTEM_PROCESSOR MATCHES "arm64|aarch64")
   target_sources(CCryptoBoringSSL PRIVATE
-    crypto/chacha/chacha-armv8-ios.ios.aarch64.S
-    crypto/cipher_extra/chacha20_poly1305_armv8-ios.ios.aarch64.S
-    crypto/fipsmodule/aesv8-armv8-ios.ios.aarch64.S
-    crypto/fipsmodule/aesv8-gcm-armv8-ios.ios.aarch64.S
-    crypto/fipsmodule/armv8-mont-ios.ios.aarch64.S
-    crypto/fipsmodule/bn-armv8-ios.ios.aarch64.S
-    crypto/fipsmodule/ghash-neon-armv8-ios.ios.aarch64.S
-    crypto/fipsmodule/ghashv8-armv8-ios.ios.aarch64.S
-    crypto/fipsmodule/p256-armv8-asm-ios.ios.aarch64.S
-    crypto/fipsmodule/p256_beeu-armv8-asm-ios.ios.aarch64.S
-    crypto/fipsmodule/sha1-armv8-ios.ios.aarch64.S
-    crypto/fipsmodule/sha256-armv8-ios.ios.aarch64.S
-    crypto/fipsmodule/sha512-armv8-ios.ios.aarch64.S
-    crypto/fipsmodule/vpaes-armv8-ios.ios.aarch64.S)
+)
 elseif(CMAKE_SYSTEM_NAME MATCHES "Linux|Android" AND CMAKE_SYSTEM_PROCESSOR MATCHES "arm64|aarch64")
   target_sources(CCryptoBoringSSL PRIVATE
-    crypto/chacha/chacha-armv8-linux.linux.aarch64.S
-    crypto/cipher_extra/chacha20_poly1305_armv8-linux.linux.aarch64.S
-    crypto/fipsmodule/aesv8-armv8-linux.linux.aarch64.S
-    crypto/fipsmodule/aesv8-gcm-armv8-linux.linux.aarch64.S
-    crypto/fipsmodule/armv8-mont-linux.linux.aarch64.S
-    crypto/fipsmodule/bn-armv8-linux.linux.aarch64.S
-    crypto/fipsmodule/ghash-neon-armv8-linux.linux.aarch64.S
-    crypto/fipsmodule/ghashv8-armv8-linux.linux.aarch64.S
-    crypto/fipsmodule/p256-armv8-asm-linux.linux.aarch64.S
-    crypto/fipsmodule/p256_beeu-armv8-asm-linux.linux.aarch64.S
-    crypto/fipsmodule/sha1-armv8-linux.linux.aarch64.S
-    crypto/fipsmodule/sha256-armv8-linux.linux.aarch64.S
-    crypto/fipsmodule/sha512-armv8-linux.linux.aarch64.S
-    crypto/fipsmodule/vpaes-armv8-linux.linux.aarch64.S)
+)
 endif()
 
 target_include_directories(CCryptoBoringSSL PUBLIC

Sources/CCryptoBoringSSL/crypto/base64/base64.c

@@ -307,6 +307,10 @@ static int base64_decode_quad(uint8_t *out, size_t *out_num_bytes,
                                    (in[2] == '=') << 1 |
                                    (in[3] == '=');
 
+  // In presence of padding, the lowest bits of v are unused. Canonical encoding
+  // (RFC 4648, section 3.5) requires that these bits all be set to zero. Common
+  // PEM parsers accept noncanonical base64, adding to the malleability of the
+  // format. This decoder follows OpenSSL's and Go's PEM parsers and accepts it.
   switch (padding_pattern) {
     case 0:
       // The common case of no padding.

Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/fork_detect.h → Sources/CCryptoBoringSSL/crypto/bcm_support.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2020, Google Inc.
+/* Copyright (c) 2024, Google Inc.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -12,11 +12,17 @@
  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
 
-#ifndef OPENSSL_HEADER_CRYPTO_FORK_DETECT_H
-#define OPENSSL_HEADER_CRYPTO_FORK_DETECT_H
+#ifndef OPENSSL_HEADER_CRYPTO_BCM_SUPPORT_H
+#define OPENSSL_HEADER_CRYPTO_BCM_SUPPORT_H
 
 #include <CCryptoBoringSSL_base.h>
 
+// Provided by libcrypto, called from BCM
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
 #if defined(OPENSSL_LINUX)
 // On linux we use MADVISE instead of pthread_atfork(), due
 // to concerns about clone() being used for address space
@@ -29,15 +35,54 @@
 // iOS doesn't normally allow fork in apps, but it's there.
 #define OPENSSL_FORK_DETECTION
 #define OPENSSL_FORK_DETECTION_PTHREAD_ATFORK
-#elif defined(OPENSSL_WINDOWS) || defined(OPENSSL_TRUSTY)
+#elif defined(OPENSSL_WINDOWS) || defined(OPENSSL_TRUSTY) || \
+    defined(__ZEPHYR__) || defined(CROS_EC)
 // These platforms do not fork.
 #define OPENSSL_DOES_NOT_FORK
 #endif
 
-#if defined(__cplusplus)
-extern "C" {
+#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
+#define OPENSSL_RAND_DETERMINISTIC
+#elif defined(OPENSSL_TRUSTY)
+#define OPENSSL_RAND_TRUSTY
+#elif defined(OPENSSL_WINDOWS)
+#define OPENSSL_RAND_WINDOWS
+#elif defined(OPENSSL_LINUX)
+#define OPENSSL_RAND_URANDOM
+#elif defined(OPENSSL_APPLE) && !defined(OPENSSL_MACOS)
+// Unlike macOS, iOS and similar hide away getentropy().
+#define OPENSSL_RAND_IOS
+#else
+// By default if you are integrating BoringSSL we expect you to
+// provide getentropy from the <unistd.h> header file.
+#define OPENSSL_RAND_GETENTROPY
 #endif
 
+// Provided by libcrypto, called from BCM
+
+// CRYPTO_init_sysrand initializes long-lived resources needed to draw entropy
+// from the operating system, if the operating system requires initialization.
+void CRYPTO_init_sysrand(void);
+
+// CRYPTO_sysrand fills |len| bytes at |buf| with entropy from the operating
+// system.
+void CRYPTO_sysrand(uint8_t *buf, size_t len);
+
+// CRYPTO_sysrand_if_available fills |len| bytes at |buf| with entropy from the
+// operating system, or early /dev/urandom data, and returns 1, _if_ the entropy
+// pool is initialized or if getrandom() is not available and not in FIPS mode.
+// Otherwise it will not block and will instead fill |buf| with all zeros and
+// return 0.
+int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len);
+
+// CRYPTO_sysrand_for_seed fills |len| bytes at |buf| with entropy from the
+// operating system. It may draw from the |GRND_RANDOM| pool on Android,
+// depending on the vendor's configuration.
+void CRYPTO_sysrand_for_seed(uint8_t *buf, size_t len);
+
+// RAND_need_entropy is called whenever the BCM module has stopped because it
+// has run out of entropy.
+void RAND_need_entropy(size_t bytes_needed);
 
 // crypto_get_fork_generation returns the fork generation number for the current
 // process, or zero if not supported on the platform. The fork generation number
@@ -60,8 +105,9 @@ OPENSSL_EXPORT uint64_t CRYPTO_get_fork_generation(void);
 OPENSSL_EXPORT void CRYPTO_fork_detect_force_madv_wipeonfork_for_testing(
     int on);
 
+
 #if defined(__cplusplus)
 }  // extern C
 #endif
 
-#endif  // OPENSSL_HEADER_CRYPTO_FORK_DETECT_H
+#endif  // OPENSSL_HEADER_CRYPTO_BCM_SUPPORT_H