Update BoringSSL to 8462a367bb57e9524c3d8eca9c62733c63a63cf4 (#399)

* Update BoringSSL umbrella header

* Update BoringSSL to 8462a367bb57e9524c3d8eca9c62733c63a63cf4

Package.swift

@@ -26,7 +26,7 @@ import class Foundation.ProcessInfo
 // Sources/CNIOBoringSSL directory. The source repository is at
 // https://boringssl.googlesource.com/boringssl.
 //
-// BoringSSL Commit: c239ffd0552179f358de31517391679e9b62ccd3
+// BoringSSL Commit: 8462a367bb57e9524c3d8eca9c62733c63a63cf4
 
 /// This function generates the dependencies we want to express.
 ///

Sources/CNIOBoringSSL/crypto/asn1/a_gentm.c

@@ -107,57 +107,42 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
                                                time_t t, int offset_day,
                                                long offset_sec) {
-  char *p;
-  struct tm *ts;
   struct tm data;
-  size_t len = 20;
-  ASN1_GENERALIZEDTIME *tmps = NULL;
-
-  if (s == NULL) {
-    tmps = ASN1_GENERALIZEDTIME_new();
-  } else {
-    tmps = s;
-  }
-  if (tmps == NULL) {
+  if (!OPENSSL_gmtime(&t, &data)) {
     return NULL;
   }
 
-  ts = OPENSSL_gmtime(&t, &data);
-  if (ts == NULL) {
-    goto err;
-  }
-
   if (offset_day || offset_sec) {
-    if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) {
-      goto err;
+    if (!OPENSSL_gmtime_adj(&data, offset_day, offset_sec)) {
+      return NULL;
     }
   }
 
-  if (ts->tm_year < 0 - 1900 || ts->tm_year > 9999 - 1900) {
+  if (data.tm_year < 0 - 1900 || data.tm_year > 9999 - 1900) {
     OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_TIME_VALUE);
-    goto err;
+    return NULL;
   }
 
-  p = (char *)tmps->data;
-  if ((p == NULL) || ((size_t)tmps->length < len)) {
-    p = OPENSSL_malloc(len);
-    if (p == NULL) {
-      OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
-      goto err;
+  char buf[16];
+  BIO_snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d%02dZ",
+               data.tm_year + 1900, data.tm_mon + 1, data.tm_mday, data.tm_hour,
+               data.tm_min, data.tm_sec);
+
+  int free_s = 0;
+  if (s == NULL) {
+    free_s = 1;
+    s = ASN1_UTCTIME_new();
+    if (s == NULL) {
+      return NULL;
     }
-    OPENSSL_free(tmps->data);
-    tmps->data = (unsigned char *)p;
   }
 
-  BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900,
-               ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
-               ts->tm_sec);
-  tmps->length = strlen(p);
-  tmps->type = V_ASN1_GENERALIZEDTIME;
-  return tmps;
-err:
-  if (s == NULL) {
-    ASN1_GENERALIZEDTIME_free(tmps);
+  if (!ASN1_STRING_set(s, buf, strlen(buf))) {
+    if (free_s) {
+      ASN1_UTCTIME_free(s);
+    }
+    return NULL;
   }
-  return NULL;
+  s->type = V_ASN1_GENERALIZEDTIME;
+  return s;
 }

Sources/CNIOBoringSSL/crypto/asn1/a_int.c

@@ -56,13 +56,13 @@
 
 #include <CNIOBoringSSL_asn1.h>
 
+#include <assert.h>
 #include <limits.h>
 #include <string.h>
 
 #include <CNIOBoringSSL_bytestring.h>
 #include <CNIOBoringSSL_err.h>
 #include <CNIOBoringSSL_mem.h>
-#include <CNIOBoringSSL_type_check.h>
 
 #include "../internal.h"
 
@@ -353,7 +353,7 @@ static long asn1_string_get_long(const ASN1_STRING *a, int type) {
     i64 = (int64_t)v;
     fits_in_i64 = i64 >= 0;
   }
-  OPENSSL_STATIC_ASSERT(sizeof(long) <= sizeof(int64_t), "long is too big");
+  static_assert(sizeof(long) <= sizeof(int64_t), "long is too big");
 
   if (fits_in_i64 && LONG_MIN <= i64 && i64 <= LONG_MAX) {
     return (long)i64;

Sources/CNIOBoringSSL/crypto/asn1/a_strex.c

@@ -66,6 +66,7 @@
 #include <CNIOBoringSSL_bytestring.h>
 #include <CNIOBoringSSL_mem.h>
 
+#include "../bytestring/internal.h"
 #include "internal.h"
 
 
@@ -129,70 +130,46 @@ static int do_esc_char(uint32_t c, unsigned long flags, char *do_quotes,
 // appropriate.
 
 static int do_buf(const unsigned char *buf, int buflen, int encoding,
-                  int utf8_convert, unsigned long flags, char *quotes,
-                  BIO *out) {
-  // Reject invalid UCS-4 and UCS-2 lengths without parsing.
+                  unsigned long flags, char *quotes, BIO *out) {
+  int (*get_char)(CBS *cbs, uint32_t *out);
+  int get_char_error;
   switch (encoding) {
     case MBSTRING_UNIV:
-      if (buflen & 3) {
-        OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_UNIVERSALSTRING);
-        return -1;
-      }
+      get_char = cbs_get_utf32_be;
+      get_char_error = ASN1_R_INVALID_UNIVERSALSTRING;
       break;
     case MBSTRING_BMP:
-      if (buflen & 1) {
-        OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BMPSTRING);
-        return -1;
-      }
+      get_char = cbs_get_ucs2_be;
+      get_char_error = ASN1_R_INVALID_BMPSTRING;
+      break;
+    case MBSTRING_ASC:
+      get_char = cbs_get_latin1;
+      get_char_error = ERR_R_INTERNAL_ERROR;  // Should not be possible.
       break;
+    case MBSTRING_UTF8:
+      get_char = cbs_get_utf8;
+      get_char_error = ASN1_R_INVALID_UTF8STRING;
+      break;
+    default:
+      assert(0);
+      return -1;
   }
 
-  const unsigned char *p = buf;
-  const unsigned char *q = buf + buflen;
+  CBS cbs;
+  CBS_init(&cbs, buf, buflen);
   int outlen = 0;
-  while (p != q) {
-    const int is_first = p == buf;
-    // TODO(davidben): Replace this with |cbs_get_ucs2_be|, etc., to check
-    // for invalid codepoints. Before doing that, enforce it in the parser,
-    // https://crbug.com/boringssl/427, so these error cases are not
-    // reachable from parsed objects.
+  while (CBS_len(&cbs) != 0) {
+    const int is_first = CBS_data(&cbs) == buf;
     uint32_t c;
-    switch (encoding) {
-      case MBSTRING_UNIV:
-        c = ((uint32_t)*p++) << 24;
-        c |= ((uint32_t)*p++) << 16;
-        c |= ((uint32_t)*p++) << 8;
-        c |= *p++;
-        break;
-
-      case MBSTRING_BMP:
-        c = ((uint32_t)*p++) << 8;
-        c |= *p++;
-        break;
-
-      case MBSTRING_ASC:
-        c = *p++;
-        break;
-
-      case MBSTRING_UTF8: {
-        int consumed = UTF8_getc(p, buflen, &c);
-        if (consumed < 0) {
-          return -1;  // Invalid UTF8String
-        }
-        buflen -= consumed;
-        p += consumed;
-        break;
-      }
-
-      default:
-        assert(0);
-        return -1;
+    if (!get_char(&cbs, &c)) {
+      OPENSSL_PUT_ERROR(ASN1, get_char_error);
+      return -1;
     }
-    const int is_last = p == q;
-    if (utf8_convert) {
+    const int is_last = CBS_len(&cbs) == 0;
+    if (flags & ASN1_STRFLGS_UTF8_CONVERT) {
       unsigned char utfbuf[6];
       int utflen;
-      utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
+      utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
       for (int i = 0; i < utflen; i++) {
         int len = do_esc_char(utfbuf[i], flags, quotes, out, is_first && i == 0,
                               is_last && i == utflen - 1);
@@ -350,24 +327,9 @@ int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str,
     return outlen;
   }
 
-  int utf8_convert = 0;
-  if (flags & ASN1_STRFLGS_UTF8_CONVERT) {
-    // If the string is UTF-8, skip decoding and just interpret it as 1 byte
-    // per character to avoid converting twice.
-    //
-    // TODO(davidben): This is not quite a valid optimization if the input
-    // was invalid UTF-8.
-    if (encoding == MBSTRING_UTF8) {
-      encoding = MBSTRING_ASC;
-    } else {
-      utf8_convert = 1;
-    }
-  }
-
   // Measure the length.
   char quotes = 0;
-  int len = do_buf(str->data, str->length, encoding, utf8_convert, flags,
-                   &quotes, NULL);
+  int len = do_buf(str->data, str->length, encoding, flags, &quotes, NULL);
   if (len < 0) {
     return -1;
   }
@@ -381,8 +343,7 @@ int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str,
 
   // Encode the value.
   if ((quotes && !maybe_write(out, "\"", 1)) ||
-      do_buf(str->data, str->length, encoding, utf8_convert, flags, NULL, out) <
-          0 ||
+      do_buf(str->data, str->length, encoding, flags, NULL, out) < 0 ||
       (quotes && !maybe_write(out, "\"", 1))) {
     return -1;
   }

Sources/CNIOBoringSSL/crypto/asn1/a_time.c

@@ -187,7 +187,8 @@ int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) {
   return 1;
 }
 
-static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t) {
+static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t,
+                           int allow_timezone_offset) {
   if (t == NULL) {
     time_t now_t;
     time(&now_t);
@@ -198,7 +199,7 @@ static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t) {
   }
 
   if (t->type == V_ASN1_UTCTIME) {
-    return asn1_utctime_to_tm(tm, t);
+    return asn1_utctime_to_tm(tm, t, allow_timezone_offset);
   } else if (t->type == V_ASN1_GENERALIZEDTIME) {
     return asn1_generalizedtime_to_tm(tm, t);
   }
@@ -209,11 +210,35 @@ static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t) {
 int ASN1_TIME_diff(int *out_days, int *out_seconds, const ASN1_TIME *from,
                    const ASN1_TIME *to) {
   struct tm tm_from, tm_to;
-  if (!asn1_time_to_tm(&tm_from, from)) {
+  if (!asn1_time_to_tm(&tm_from, from, /*allow_timezone_offset=*/1)) {
     return 0;
   }
-  if (!asn1_time_to_tm(&tm_to, to)) {
+  if (!asn1_time_to_tm(&tm_to, to, /*allow_timezone_offset=*/1)) {
     return 0;
   }
   return OPENSSL_gmtime_diff(out_days, out_seconds, &tm_from, &tm_to);
 }
+
+// The functions below do *not* permissively allow the use of four digit
+// timezone offsets in UTC times, as is done elsewhere in the code. They are
+// both new API, and used internally to X509_cmp_time. This is to discourage the
+// use of nonstandard times in new code, and to ensure that this code behaves
+// correctly in X509_cmp_time which historically did its own time validations
+// slightly different than the many other copies of X.509 time validation
+// sprinkled through the codebase. The custom checks in X509_cmp_time meant that
+// it did not allow four digit timezone offsets in UTC times.
+int ASN1_TIME_to_time_t(const ASN1_TIME *t, time_t *out_time) {
+  struct tm tm;
+  if (!asn1_time_to_tm(&tm, t, /*allow_timezone_offset=*/0)) {
+    return 0;
+  }
+  return OPENSSL_timegm(&tm, out_time);
+}
+
+int ASN1_TIME_to_posix(const ASN1_TIME *t, int64_t *out_time) {
+  struct tm tm;
+  if (!asn1_time_to_tm(&tm, t, /*allow_timezone_offset=*/0)) {
+    return 0;
+  }
+  return OPENSSL_tm_to_posix(&tm, out_time);
+}