From 127d3745c37b5705e4bc8d16c7951c48dcc3332c Mon Sep 17 00:00:00 2001 From: Cory Benfield Date: Wed, 8 Sep 2021 16:17:47 +0100 Subject: [PATCH] Update BoringSSL to 25773430c07075a368416c3646fa4b07daf4968a (#91) --- Package.swift | 2 +- .../CCryptoBoringSSL/crypto/asn1/a_mbstr.c | 32 +- .../CCryptoBoringSSL/crypto/asn1/a_print.c | 48 +- .../CCryptoBoringSSL/crypto/asn1/a_strex.c | 2 +- .../CCryptoBoringSSL/crypto/asn1/a_strnid.c | 2 +- .../CCryptoBoringSSL/crypto/asn1/internal.h | 4 + .../CCryptoBoringSSL/crypto/bytestring/cbb.c | 9 + .../CCryptoBoringSSL/crypto/bytestring/cbs.c | 8 + .../crypto/digest_extra/digest_extra.c | 1 + .../CCryptoBoringSSL/crypto/err/err_data.c | 550 +++++++++--------- .../crypto/fipsmodule/bn/div.c | 24 +- .../crypto/fipsmodule/bn/gcd_extra.c | 5 +- .../crypto/fipsmodule/bn/internal.h | 7 +- .../crypto/fipsmodule/md4/md4.c | 2 +- .../crypto/fipsmodule/modes/gcm_nohw.c | 2 +- .../crypto/fipsmodule/rand/rand.c | 2 +- .../crypto/fipsmodule/rsa/rsa.c | 27 +- .../crypto/fipsmodule/rsa/rsa_impl.c | 6 +- Sources/CCryptoBoringSSL/crypto/mem.c | 11 +- .../crypto/pkcs8/pkcs8_x509.c | 2 +- .../CCryptoBoringSSL/crypto/x509/by_file.c | 2 + .../CCryptoBoringSSL/crypto/x509/internal.h | 183 +++++- .../CCryptoBoringSSL/crypto/x509/name_print.c | 4 +- .../CCryptoBoringSSL/crypto/x509/t_x509a.c | 6 +- .../CCryptoBoringSSL/crypto/x509/x509_obj.c | 1 + .../CCryptoBoringSSL/crypto/x509/x509_vfy.c | 10 +- .../CCryptoBoringSSL/crypto/x509/x509name.c | 6 +- Sources/CCryptoBoringSSL/crypto/x509/x_name.c | 1 + Sources/CCryptoBoringSSL/crypto/x509/x_x509.c | 5 +- .../CCryptoBoringSSL/crypto/x509v3/internal.h | 9 + .../crypto/x509v3/pcy_cache.c | 1 + .../CCryptoBoringSSL/crypto/x509v3/pcy_data.c | 2 +- .../CCryptoBoringSSL/crypto/x509v3/pcy_int.h | 2 +- .../CCryptoBoringSSL/crypto/x509v3/pcy_map.c | 1 + .../CCryptoBoringSSL/crypto/x509v3/pcy_tree.c | 7 +- .../CCryptoBoringSSL/crypto/x509v3/v3_akey.c | 29 +- .../CCryptoBoringSSL/crypto/x509v3/v3_alt.c | 25 +- .../CCryptoBoringSSL/crypto/x509v3/v3_cpols.c | 12 +- .../CCryptoBoringSSL/crypto/x509v3/v3_crld.c | 1 + .../CCryptoBoringSSL/crypto/x509v3/v3_ncons.c | 167 ++++-- .../CCryptoBoringSSL/crypto/x509v3/v3_pci.c | 3 +- .../CCryptoBoringSSL/crypto/x509v3/v3_purp.c | 1 + .../CCryptoBoringSSL/crypto/x509v3/v3_utl.c | 97 ++- Sources/CCryptoBoringSSL/hash.txt | 2 +- .../include/CCryptoBoringSSL_asn1.h | 32 +- .../include/CCryptoBoringSSL_base.h | 7 +- ...CryptoBoringSSL_boringssl_prefix_symbols.h | 4 + ...toBoringSSL_boringssl_prefix_symbols_asm.h | 4 + .../include/CCryptoBoringSSL_bytestring.h | 9 + .../include/CCryptoBoringSSL_hkdf.h | 4 + .../include/CCryptoBoringSSL_span.h | 52 +- .../include/CCryptoBoringSSL_x509.h | 75 +-- .../include/CCryptoBoringSSL_x509_vfy.h | 126 ---- .../include/CCryptoBoringSSL_x509v3.h | 54 +- .../include/boringssl_prefix_symbols_nasm.inc | 8 + 55 files changed, 984 insertions(+), 714 deletions(-) diff --git a/Package.swift b/Package.swift index e03954e8..c2f91ea6 100644 --- a/Package.swift +++ b/Package.swift @@ -20,7 +20,7 @@ // Sources/CCryptoBoringSSL directory. The source repository is at // https://boringssl.googlesource.com/boringssl. // -// BoringSSL Commit: 2e68a05c9943a8dec1758d4a393b2ae906fd3295 +// BoringSSL Commit: 25773430c07075a368416c3646fa4b07daf4968a import PackageDescription diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_mbstr.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_mbstr.c index 1aff6f72..94bf3a3c 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/a_mbstr.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/a_mbstr.c @@ -66,8 +66,6 @@ #include "internal.h" #include "../bytestring/internal.h" -static int is_printable(uint32_t value); - /* * These functions take a string in UTF8, ASCII or multibyte form and a mask * of permissible ASN1 string types. It then works out the minimal type @@ -153,7 +151,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, } /* Update which output formats are still possible. */ - if ((mask & B_ASN1_PRINTABLESTRING) && !is_printable(c)) { + if ((mask & B_ASN1_PRINTABLESTRING) && !asn1_is_printable(c)) { mask &= ~B_ASN1_PRINTABLESTRING; } if ((mask & B_ASN1_IA5STRING) && (c > 127)) { @@ -285,24 +283,16 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, return -1; } -/* Return 1 if the character is permitted in a PrintableString */ -static int is_printable(uint32_t value) +int asn1_is_printable(uint32_t value) { - int ch; - if (value > 0x7f) + if (value > 0x7f) { return 0; - ch = (int)value; - /* - * Note: we can't use 'isalnum' because certain accented characters may - * count as alphanumeric in some environments. - */ - if ((ch >= 'a') && (ch <= 'z')) - return 1; - if ((ch >= 'A') && (ch <= 'Z')) - return 1; - if ((ch >= '0') && (ch <= '9')) - return 1; - if ((ch == ' ') || strchr("'()+,-./:=?", ch)) - return 1; - return 0; + } + /* Note we cannot use |isalnum| because it is locale-dependent. */ + return ('a' <= value && value <= 'z') || // + ('A' <= value && value <= 'Z') || // + ('0' <= value && value <= '9') || // + value == ' ' || value == '\'' || value == '(' || value == ')' || + value == '+' || value == ',' || value == '-' || value == '.' || + value == '/' || value == ':' || value == '=' || value == '?'; } diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_print.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_print.c index b77912df..3b4d05a4 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/a_print.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/a_print.c @@ -56,38 +56,28 @@ #include -#include -#include +#include + +#include "internal.h" + int ASN1_PRINTABLE_type(const unsigned char *s, int len) { - int c; - int ia5 = 0; - int t61 = 0; - - if (len <= 0) - len = -1; - if (s == NULL) - return (V_ASN1_PRINTABLESTRING); + if (len < 0) { + len = strlen((const char *)s); + } - while ((*s) && (len-- != 0)) { - c = *(s++); - if (!(((c >= 'a') && (c <= 'z')) || - ((c >= 'A') && (c <= 'Z')) || - (c == ' ') || - ((c >= '0') && (c <= '9')) || - (c == ' ') || (c == '\'') || - (c == '(') || (c == ')') || - (c == '+') || (c == ',') || - (c == '-') || (c == '.') || - (c == '/') || (c == ':') || (c == '=') || (c == '?'))) - ia5 = 1; - if (c & 0x80) - t61 = 1; + int printable = 1; + for (int i = 0; i < len; i++) { + unsigned char c = s[i]; + if (c & 0x80) { + /* No need to continue iterating. */ + return V_ASN1_T61STRING; + } + if (!asn1_is_printable(c)) { + printable = 0; + } } - if (t61) - return (V_ASN1_T61STRING); - if (ia5) - return (V_ASN1_IA5STRING); - return (V_ASN1_PRINTABLESTRING); + + return printable ? V_ASN1_PRINTABLESTRING : V_ASN1_IA5STRING; } diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_strex.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_strex.c index 74374f38..b19fb147 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/a_strex.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/a_strex.c @@ -279,7 +279,7 @@ static int do_hex_dump(BIO *out, unsigned char *buf, int buflen) /* * "dump" a string. This is done when the type is unknown, or the flags * request it. We can either dump the content octets or the entire DER - * encoding. This uses the RFC2253 #01234 format. + * encoding. This uses the RFC 2253 #01234 format. */ static int do_dump(unsigned long lflags, BIO *out, const ASN1_STRING *str) diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/a_strnid.c b/Sources/CCryptoBoringSSL/crypto/asn1/a_strnid.c index 2a1b9ce4..627a7da1 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/a_strnid.c +++ b/Sources/CCryptoBoringSSL/crypto/asn1/a_strnid.c @@ -118,7 +118,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, * Now the tables and helper functions for the string table: */ -/* size limits: this stuff is taken straight from RFC3280 */ +/* size limits: this stuff is taken straight from RFC 3280 */ #define ub_name 32768 #define ub_common_name 64 diff --git a/Sources/CCryptoBoringSSL/crypto/asn1/internal.h b/Sources/CCryptoBoringSSL/crypto/asn1/internal.h index c97de172..f2c1a537 100644 --- a/Sources/CCryptoBoringSSL/crypto/asn1/internal.h +++ b/Sources/CCryptoBoringSSL/crypto/asn1/internal.h @@ -150,6 +150,10 @@ int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, * a pointer. */ const void *asn1_type_value_as_pointer(const ASN1_TYPE *a); +/* asn1_is_printable returns one if |value| is a valid Unicode codepoint for an + * ASN.1 PrintableString, and zero otherwise. */ +int asn1_is_printable(uint32_t value); + #if defined(__cplusplus) } /* extern C */ diff --git a/Sources/CCryptoBoringSSL/crypto/bytestring/cbb.c b/Sources/CCryptoBoringSSL/crypto/bytestring/cbb.c index 675b7b51..dc98b419 100644 --- a/Sources/CCryptoBoringSSL/crypto/bytestring/cbb.c +++ b/Sources/CCryptoBoringSSL/crypto/bytestring/cbb.c @@ -404,6 +404,15 @@ int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len) { return 1; } +int CBB_add_zeros(CBB *cbb, size_t len) { + uint8_t *out; + if (!CBB_add_space(cbb, &out, len)) { + return 0; + } + OPENSSL_memset(out, 0, len); + return 1; +} + int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len) { if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, out_data, len)) { diff --git a/Sources/CCryptoBoringSSL/crypto/bytestring/cbs.c b/Sources/CCryptoBoringSSL/crypto/bytestring/cbs.c index bcb8a3e5..9786f0ac 100644 --- a/Sources/CCryptoBoringSSL/crypto/bytestring/cbs.c +++ b/Sources/CCryptoBoringSSL/crypto/bytestring/cbs.c @@ -216,6 +216,14 @@ int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out) { return cbs_get_length_prefixed(cbs, out, 3); } +int CBS_get_until_first(CBS *cbs, CBS *out, uint8_t c) { + const uint8_t *split = OPENSSL_memchr(CBS_data(cbs), c, CBS_len(cbs)); + if (split == NULL) { + return 0; + } + return CBS_get_bytes(cbs, out, split - CBS_data(cbs)); +} + // parse_base128_integer reads a big-endian base-128 integer from |cbs| and sets // |*out| to the result. This is the encoding used in DER for both high tag // number form and OID components. diff --git a/Sources/CCryptoBoringSSL/crypto/digest_extra/digest_extra.c b/Sources/CCryptoBoringSSL/crypto/digest_extra/digest_extra.c index 7c032f9d..94e4140b 100644 --- a/Sources/CCryptoBoringSSL/crypto/digest_extra/digest_extra.c +++ b/Sources/CCryptoBoringSSL/crypto/digest_extra/digest_extra.c @@ -83,6 +83,7 @@ static const struct nid_to_digest nid_to_digest_mapping[] = { {NID_sha256, EVP_sha256, SN_sha256, LN_sha256}, {NID_sha384, EVP_sha384, SN_sha384, LN_sha384}, {NID_sha512, EVP_sha512, SN_sha512, LN_sha512}, + {NID_sha512_256, EVP_sha512_256, SN_sha512_256, LN_sha512_256}, {NID_md5_sha1, EVP_md5_sha1, SN_md5_sha1, LN_md5_sha1}, // As a remnant of signing |EVP_MD|s, OpenSSL returned the corresponding // hash function when given a signature OID. To avoid unintended lax parsing diff --git a/Sources/CCryptoBoringSSL/crypto/err/err_data.c b/Sources/CCryptoBoringSSL/crypto/err/err_data.c index e36c7097..63611c96 100644 --- a/Sources/CCryptoBoringSSL/crypto/err/err_data.c +++ b/Sources/CCryptoBoringSSL/crypto/err/err_data.c @@ -193,47 +193,47 @@ const uint32_t kOpenSSLReasonValues[] = { 0x283480b9, 0x283500f7, 0x28358c79, - 0x2c323234, + 0x2c32326b, 0x2c329313, - 0x2c333242, - 0x2c33b254, - 0x2c343268, - 0x2c34b27a, - 0x2c353295, - 0x2c35b2a7, - 0x2c3632d7, + 0x2c333279, + 0x2c33b28b, + 0x2c34329f, + 0x2c34b2b1, + 0x2c3532cc, + 0x2c35b2de, + 0x2c36330e, 0x2c36833a, - 0x2c3732e4, - 0x2c37b310, - 0x2c383335, - 0x2c38b34c, - 0x2c39336a, - 0x2c39b37a, - 0x2c3a338c, - 0x2c3ab3a0, - 0x2c3b33b1, - 0x2c3bb3d0, + 0x2c37331b, + 0x2c37b347, + 0x2c38336c, + 0x2c38b383, + 0x2c3933a1, + 0x2c39b3b1, + 0x2c3a33c3, + 0x2c3ab3d7, + 0x2c3b33e8, + 0x2c3bb407, 0x2c3c1325, 0x2c3c933b, - 0x2c3d33e4, + 0x2c3d341b, 0x2c3d9354, - 0x2c3e3401, - 0x2c3eb40f, - 0x2c3f3427, - 0x2c3fb43f, - 0x2c403469, + 0x2c3e3438, + 0x2c3eb446, + 0x2c3f345e, + 0x2c3fb476, + 0x2c4034a0, 0x2c409226, - 0x2c41347a, - 0x2c41b48d, + 0x2c4134b1, + 0x2c41b4c4, 0x2c4211ec, - 0x2c42b49e, + 0x2c42b4d5, 0x2c43072f, - 0x2c43b3c2, - 0x2c443323, - 0x2c44b44c, - 0x2c4532ba, - 0x2c45b2f6, - 0x2c46335a, + 0x2c43b3f9, + 0x2c44335a, + 0x2c44b483, + 0x2c4532f1, + 0x2c45b32d, + 0x2c463391, 0x30320000, 0x30328015, 0x3033001f, @@ -427,201 +427,203 @@ const uint32_t kOpenSSLReasonValues[] = { 0x404da01b, 0x404e202f, 0x404ea03c, - 0x404f20b9, - 0x404fa12f, - 0x40502186, - 0x4050a19a, - 0x405121cd, - 0x405221dd, - 0x4052a201, - 0x40532219, - 0x4053a22c, - 0x40542241, - 0x4054a264, - 0x4055228f, - 0x4055a2cc, - 0x405622f1, - 0x4056a30a, - 0x40572322, - 0x4057a335, - 0x4058234a, - 0x4058a371, - 0x405923a0, - 0x4059a3cd, - 0x405a23e1, - 0x405aa3f1, - 0x405b2409, - 0x405ba41a, - 0x405c242d, - 0x405ca46c, - 0x405d2479, - 0x405da49e, - 0x405e24dc, + 0x404f20d6, + 0x404fa14c, + 0x405021a3, + 0x4050a1b7, + 0x405121ea, + 0x405221fa, + 0x4052a21e, + 0x40532236, + 0x4053a249, + 0x4054225e, + 0x4054a281, + 0x405522ac, + 0x4055a2e9, + 0x4056230e, + 0x4056a327, + 0x4057233f, + 0x4057a352, + 0x40582367, + 0x4058a38e, + 0x405923bd, + 0x4059a3ea, + 0x405a23fe, + 0x405aa40e, + 0x405b2426, + 0x405ba437, + 0x405c244a, + 0x405ca489, + 0x405d2496, + 0x405da4bb, + 0x405e24f9, 0x405e8ac0, - 0x405f24fd, - 0x405fa50a, - 0x40602518, - 0x4060a53a, - 0x4061259b, - 0x4061a5d3, - 0x406225ea, - 0x4062a5fb, - 0x40632648, - 0x4063a65d, - 0x40642674, - 0x4064a6a0, - 0x406526bb, - 0x4065a6d2, - 0x406626ea, - 0x4066a714, - 0x4067273f, - 0x4067a784, - 0x406827cc, - 0x4068a7ed, - 0x4069281f, - 0x4069a84d, - 0x406a286e, - 0x406aa88e, - 0x406b2a16, - 0x406baa39, - 0x406c2a4f, - 0x406cad59, - 0x406d2d88, - 0x406dadb0, - 0x406e2dde, - 0x406eae2b, - 0x406f2e84, - 0x406faebc, - 0x40702ecf, - 0x4070aeec, + 0x405f2534, + 0x405fa541, + 0x4060254f, + 0x4060a571, + 0x406125d2, + 0x4061a60a, + 0x40622621, + 0x4062a632, + 0x4063267f, + 0x4063a694, + 0x406426ab, + 0x4064a6d7, + 0x406526f2, + 0x4065a709, + 0x40662721, + 0x4066a74b, + 0x40672776, + 0x4067a7bb, + 0x40682803, + 0x4068a824, + 0x40692856, + 0x4069a884, + 0x406a28a5, + 0x406aa8c5, + 0x406b2a4d, + 0x406baa70, + 0x406c2a86, + 0x406cad90, + 0x406d2dbf, + 0x406dade7, + 0x406e2e15, + 0x406eae62, + 0x406f2ebb, + 0x406faef3, + 0x40702f06, + 0x4070af23, 0x4071080f, - 0x4071aefe, - 0x40722f11, - 0x4072af47, - 0x40732f5f, + 0x4071af35, + 0x40722f48, + 0x4072af7e, + 0x40732f96, 0x40739525, - 0x40742f73, - 0x4074af8d, - 0x40752f9e, - 0x4075afb2, - 0x40762fc0, + 0x40742faa, + 0x4074afc4, + 0x40752fd5, + 0x4075afe9, + 0x40762ff7, 0x407692e9, - 0x40772fe5, - 0x4077b025, - 0x40783040, - 0x4078b079, - 0x40793090, - 0x4079b0a6, - 0x407a30d2, - 0x407ab0e5, - 0x407b30fa, - 0x407bb10c, - 0x407c313d, - 0x407cb146, - 0x407d2808, - 0x407da13f, - 0x407e3055, - 0x407ea381, + 0x4077301c, + 0x4077b05c, + 0x40783077, + 0x4078b0b0, + 0x407930c7, + 0x4079b0dd, + 0x407a3109, + 0x407ab11c, + 0x407b3131, + 0x407bb143, + 0x407c3174, + 0x407cb17d, + 0x407d283f, + 0x407da15c, + 0x407e308c, + 0x407ea39e, 0x407f1db0, 0x407f9f83, - 0x408020c9, + 0x408020e6, 0x40809dd8, - 0x408121ef, - 0x4081a06d, - 0x40822dc9, + 0x4081220c, + 0x4081a08a, + 0x40822e00, 0x40829b2b, - 0x4083235c, - 0x4083a685, + 0x40832379, + 0x4083a6bc, 0x40841dec, - 0x4084a3b9, - 0x4085243e, - 0x4085a562, - 0x408624be, - 0x4086a159, - 0x40872e0f, - 0x4087a5b0, + 0x4084a3d6, + 0x4085245b, + 0x4085a599, + 0x408624db, + 0x4086a176, + 0x40872e46, + 0x4087a5e7, 0x40881b69, - 0x4088a797, + 0x4088a7ce, 0x40891bb8, 0x40899b45, - 0x408a2a87, + 0x408a2abe, 0x408a993d, - 0x408b3121, - 0x408bae99, - 0x408c244e, + 0x408b3158, + 0x408baed0, + 0x408c246b, 0x408c9975, 0x408d1ed4, 0x408d9e1e, 0x408e2004, - 0x408ea2ac, - 0x408f27ab, - 0x408fa57e, - 0x40902760, - 0x4090a490, - 0x40912a6f, + 0x408ea2c9, + 0x408f27e2, + 0x408fa5b5, + 0x40902797, + 0x4090a4ad, + 0x40912aa6, 0x4091999b, 0x40921c05, - 0x4092ae4a, - 0x40932f2a, - 0x4093a16a, + 0x4092ae81, + 0x40932f61, + 0x4093a187, 0x40941e00, - 0x4094aaa0, - 0x4095260c, - 0x4095b0b2, - 0x40962df6, - 0x4096a0e2, - 0x409721b5, + 0x4094aad7, + 0x40952643, + 0x4095b0e9, + 0x40962e2d, + 0x4096a0ff, + 0x409721d2, 0x4097a053, 0x40981c65, - 0x4098a620, - 0x40992e66, - 0x4099a2d9, - 0x409a2272, + 0x4098a657, + 0x40992e9d, + 0x4099a2f6, + 0x409a228f, 0x409a9959, 0x409b1e5a, 0x409b9e85, - 0x409c3007, + 0x409c303e, 0x409c9ead, - 0x409d209e, - 0x409da083, + 0x409d20bb, + 0x409da0a0, 0x409e1cf6, - 0x409ea117, - 0x409f20ff, + 0x409ea134, + 0x409f211c, 0x409f9e4d, - 0x41f42941, - 0x41f929d3, - 0x41fe28c6, - 0x41feab7c, - 0x41ff2caa, - 0x4203295a, - 0x4208297c, - 0x4208a9b8, - 0x420928aa, - 0x4209a9f2, - 0x420a2901, - 0x420aa8e1, - 0x420b2921, - 0x420ba99a, - 0x420c2cc6, - 0x420caab0, - 0x420d2b63, - 0x420dab9a, - 0x42122bcd, - 0x42172c8d, - 0x4217ac0f, - 0x421c2c31, - 0x421f2bec, - 0x42212d3e, - 0x42262c70, - 0x422b2d1c, - 0x422bab3e, - 0x422c2cfe, - 0x422caaf1, - 0x422d2aca, - 0x422dacdd, - 0x422e2b1d, - 0x42302c4c, - 0x4230abb4, + 0x40a0251a, + 0x40a0a06d, + 0x41f42978, + 0x41f92a0a, + 0x41fe28fd, + 0x41feabb3, + 0x41ff2ce1, + 0x42032991, + 0x420829b3, + 0x4208a9ef, + 0x420928e1, + 0x4209aa29, + 0x420a2938, + 0x420aa918, + 0x420b2958, + 0x420ba9d1, + 0x420c2cfd, + 0x420caae7, + 0x420d2b9a, + 0x420dabd1, + 0x42122c04, + 0x42172cc4, + 0x4217ac46, + 0x421c2c68, + 0x421f2c23, + 0x42212d75, + 0x42262ca7, + 0x422b2d53, + 0x422bab75, + 0x422c2d35, + 0x422cab28, + 0x422d2b01, + 0x422dad14, + 0x422e2b54, + 0x42302c83, + 0x4230abeb, 0x4432073a, 0x44328749, 0x44330755, @@ -676,69 +678,70 @@ const uint32_t kOpenSSLReasonValues[] = { 0x4c411582, 0x4c419405, 0x4c42156e, - 0x503234b0, - 0x5032b4bf, - 0x503334ca, - 0x5033b4da, - 0x503434f3, - 0x5034b50d, - 0x5035351b, - 0x5035b531, - 0x50363543, - 0x5036b559, - 0x50373572, - 0x5037b585, - 0x5038359d, - 0x5038b5ae, - 0x503935c3, - 0x5039b5d7, - 0x503a35f7, - 0x503ab60d, - 0x503b3625, - 0x503bb637, - 0x503c3653, - 0x503cb66a, - 0x503d3683, - 0x503db699, - 0x503e36a6, - 0x503eb6bc, - 0x503f36ce, + 0x503234e7, + 0x5032b4f6, + 0x50333501, + 0x5033b511, + 0x5034352a, + 0x5034b544, + 0x50353552, + 0x5035b568, + 0x5036357a, + 0x5036b590, + 0x503735a9, + 0x5037b5bc, + 0x503835d4, + 0x5038b5e5, + 0x503935fa, + 0x5039b60e, + 0x503a362e, + 0x503ab644, + 0x503b365c, + 0x503bb66e, + 0x503c368a, + 0x503cb6a1, + 0x503d36ba, + 0x503db6d0, + 0x503e36dd, + 0x503eb6f3, + 0x503f3705, 0x503f8388, - 0x504036e1, - 0x5040b6f1, - 0x5041370b, - 0x5041b71a, - 0x50423734, - 0x5042b751, - 0x50433761, - 0x5043b771, - 0x50443780, + 0x50403718, + 0x5040b728, + 0x50413742, + 0x5041b751, + 0x5042376b, + 0x5042b788, + 0x50433798, + 0x5043b7a8, + 0x504437c5, 0x5044843e, - 0x50453794, - 0x5045b7b2, - 0x504637c5, - 0x5046b7db, - 0x504737ed, - 0x5047b802, - 0x50483828, - 0x5048b836, - 0x50493849, - 0x5049b85e, - 0x504a3874, - 0x504ab884, - 0x504b38a4, - 0x504bb8b7, - 0x504c38da, - 0x504cb908, - 0x504d391a, - 0x504db937, - 0x504e3952, - 0x504eb96e, - 0x504f3980, - 0x504fb997, - 0x505039a6, + 0x504537d9, + 0x5045b7f7, + 0x5046380a, + 0x5046b820, + 0x50473832, + 0x5047b847, + 0x5048386d, + 0x5048b87b, + 0x5049388e, + 0x5049b8a3, + 0x504a38b9, + 0x504ab8c9, + 0x504b38e9, + 0x504bb8fc, + 0x504c391f, + 0x504cb94d, + 0x504d395f, + 0x504db97c, + 0x504e3997, + 0x504eb9b3, + 0x504f39c5, + 0x504fb9dc, + 0x505039eb, 0x505086fe, - 0x505139b9, + 0x505139fe, + 0x5051b7b7, 0x58320f72, 0x68320f34, 0x68328c8c, @@ -782,19 +785,19 @@ const uint32_t kOpenSSLReasonValues[] = { 0x7c321202, 0x80321418, 0x80328090, - 0x80333203, + 0x8033323a, 0x803380b9, - 0x80343212, - 0x8034b17a, - 0x80353198, - 0x8035b226, - 0x803631da, - 0x8036b189, - 0x803731cc, - 0x8037b167, - 0x803831ed, - 0x8038b1a9, - 0x803931be, + 0x80343249, + 0x8034b1b1, + 0x803531cf, + 0x8035b25d, + 0x80363211, + 0x8036b1c0, + 0x80373203, + 0x8037b19e, + 0x80383224, + 0x8038b1e0, + 0x803931f5, }; const size_t kOpenSSLReasonValuesLen = sizeof(kOpenSSLReasonValues) / sizeof(kOpenSSLReasonValues[0]); @@ -1207,6 +1210,7 @@ const char kOpenSSLReasonStringData[] = "HTTP_REQUEST\0" "INAPPROPRIATE_FALLBACK\0" "INCONSISTENT_CLIENT_HELLO\0" + "INCONSISTENT_ECH_NEGOTIATION\0" "INVALID_ALPN_PROTOCOL\0" "INVALID_ALPN_PROTOCOL_LIST\0" "INVALID_CLIENT_HELLO_INNER\0" @@ -1259,6 +1263,7 @@ const char kOpenSSLReasonStringData[] = "OLD_SESSION_CIPHER_NOT_RETURNED\0" "OLD_SESSION_PRF_HASH_MISMATCH\0" "OLD_SESSION_VERSION_NOT_RETURNED\0" + "OUTER_EXTENSION_NOT_FOUND\0" "PARSE_TLSEXT\0" "PATH_TOO_LONG\0" "PEER_DID_NOT_RETURN_A_CERTIFICATE\0" @@ -1454,6 +1459,7 @@ const char kOpenSSLReasonStringData[] = "INVALID_PURPOSE\0" "INVALID_SECTION\0" "INVALID_SYNTAX\0" + "INVALID_VALUE\0" "ISSUER_DECODE_ERROR\0" "NEED_ORGANIZATION_AND_NUMBERS\0" "NO_CONFIG_DATABASE\0" diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/div.c b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/div.c index 488ba940..bf5a41cc 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/div.c +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/div.c @@ -456,7 +456,7 @@ void bn_mod_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int bn_div_consttime(BIGNUM *quotient, BIGNUM *remainder, const BIGNUM *numerator, const BIGNUM *divisor, - BN_CTX *ctx) { + unsigned divisor_min_bits, BN_CTX *ctx) { if (BN_is_negative(numerator) || BN_is_negative(divisor)) { OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER); return 0; @@ -496,8 +496,26 @@ int bn_div_consttime(BIGNUM *quotient, BIGNUM *remainder, r->neg = 0; // Incorporate |numerator| into |r|, one bit at a time, reducing after each - // step. At the start of each loop iteration, |r| < |divisor| - for (int i = numerator->width - 1; i >= 0; i--) { + // step. We maintain the invariant that |0 <= r < divisor| and + // |q * divisor + r = n| where |n| is the portion of |numerator| incorporated + // so far. + // + // First, we short-circuit the loop: if we know |divisor| has at least + // |divisor_min_bits| bits, the top |divisor_min_bits - 1| can be incorporated + // without reductions. This significantly speeds up |RSA_check_key|. For + // simplicity, we round down to a whole number of words. + assert(divisor_min_bits <= BN_num_bits(divisor)); + int initial_words = 0; + if (divisor_min_bits > 0) { + initial_words = (divisor_min_bits - 1) / BN_BITS2; + if (initial_words > numerator->width) { + initial_words = numerator->width; + } + OPENSSL_memcpy(r->d, numerator->d + numerator->width - initial_words, + initial_words * sizeof(BN_ULONG)); + } + + for (int i = numerator->width - initial_words - 1; i >= 0; i--) { for (int bit = BN_BITS2 - 1; bit >= 0; bit--) { // Incorporate the next bit of the numerator, by computing // r = 2*r or 2*r + 1. Note the result fits in one more word. We store the diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/gcd_extra.c b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/gcd_extra.c index af08c125..2135655a 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/gcd_extra.c +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/gcd_extra.c @@ -157,10 +157,11 @@ int bn_lcm_consttime(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { BN_CTX_start(ctx); unsigned shift; BIGNUM *gcd = BN_CTX_get(ctx); - int ret = gcd != NULL && + int ret = gcd != NULL && // bn_mul_consttime(r, a, b, ctx) && bn_gcd_consttime(gcd, &shift, a, b, ctx) && - bn_div_consttime(r, NULL, r, gcd, ctx) && + // |gcd| has a secret bit width. + bn_div_consttime(r, NULL, r, gcd, /*divisor_min_bits=*/0, ctx) && bn_rshift_secret_shift(r, r, shift, ctx); BN_CTX_end(ctx); return ret; diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/internal.h b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/internal.h index 449c8035..485169c2 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/internal.h +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/bn/internal.h @@ -552,12 +552,15 @@ int bn_sqr_consttime(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); // bn_div_consttime behaves like |BN_div|, but it rejects negative inputs and // treats both inputs, including their magnitudes, as secret. It is, as a // result, much slower than |BN_div| and should only be used for rare operations -// where Montgomery reduction is not available. +// where Montgomery reduction is not available. |divisor_min_bits| is a +// public lower bound for |BN_num_bits(divisor)|. When |divisor|'s bit width is +// public, this can speed up the operation. // // Note that |quotient->width| will be set pessimally to |numerator->width|. OPENSSL_EXPORT int bn_div_consttime(BIGNUM *quotient, BIGNUM *remainder, const BIGNUM *numerator, - const BIGNUM *divisor, BN_CTX *ctx); + const BIGNUM *divisor, + unsigned divisor_min_bits, BN_CTX *ctx); // bn_is_relatively_prime checks whether GCD(|x|, |y|) is one. On success, it // returns one and sets |*out_relatively_prime| to one if the GCD was one and diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/md4/md4.c b/Sources/CCryptoBoringSSL/crypto/fipsmodule/md4/md4.c index 7324b710..b98bf098 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/md4/md4.c +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/md4/md4.c @@ -72,7 +72,7 @@ uint8_t *MD4(const uint8_t *data, size_t len, uint8_t out[MD4_DIGEST_LENGTH]) { return out; } -// Implemented from RFC1186 The MD4 Message-Digest Algorithm. +// Implemented from RFC 1186 The MD4 Message-Digest Algorithm. int MD4_Init(MD4_CTX *md4) { OPENSSL_memset(md4, 0, sizeof(MD4_CTX)); diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/gcm_nohw.c b/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/gcm_nohw.c index 19da1900..3503c7f6 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/gcm_nohw.c +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/modes/gcm_nohw.c @@ -193,7 +193,7 @@ static void gcm_mul64_nohw(uint64_t *out_lo, uint64_t *out_hi, uint64_t a, #endif // BORINGSSL_HAS_UINT128 void gcm_init_nohw(u128 Htable[16], const uint64_t Xi[2]) { - // We implement GHASH in terms of POLYVAL, as described in RFC8452. This + // We implement GHASH in terms of POLYVAL, as described in RFC 8452. This // avoids a shift by 1 in the multiplication, needed to account for bit // reversal losing a bit after multiplication, that is, // rev128(X) * rev128(Y) = rev255(X*Y). diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/rand.c b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/rand.c index 3e0c9893..45bdeeea 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/rand.c +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rand/rand.c @@ -356,7 +356,7 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len, int used_cpu; rand_get_seed(state, seed, &used_cpu); - uint8_t personalization[CTR_DRBG_ENTROPY_LEN]; + uint8_t personalization[CTR_DRBG_ENTROPY_LEN] = {0}; size_t personalization_len = 0; #if defined(OPENSSL_URANDOM) // If we used RDRAND, also opportunistically read from the system. This diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa.c b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa.c index 08aa35be..91a862ae 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa.c +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa.c @@ -657,7 +657,8 @@ int RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *digest, size_t digest_len, } static int check_mod_inverse(int *out_ok, const BIGNUM *a, const BIGNUM *ainv, - const BIGNUM *m, BN_CTX *ctx) { + const BIGNUM *m, unsigned m_min_bits, + BN_CTX *ctx) { if (BN_is_negative(ainv) || BN_cmp(ainv, m) >= 0) { *out_ok = 0; return 1; @@ -670,7 +671,7 @@ static int check_mod_inverse(int *out_ok, const BIGNUM *a, const BIGNUM *ainv, BIGNUM *tmp = BN_CTX_get(ctx); int ret = tmp != NULL && bn_mul_consttime(tmp, a, ainv, ctx) && - bn_div_consttime(NULL, tmp, tmp, m, ctx); + bn_div_consttime(NULL, tmp, tmp, m, m_min_bits, ctx); if (ret) { *out_ok = BN_is_one(tmp); } @@ -750,10 +751,15 @@ int RSA_check_key(const RSA *key) { // simply check that d * e is one mod p-1 and mod q-1. Note d and e were bound // by earlier checks in this function. if (!bn_usub_consttime(&pm1, key->p, BN_value_one()) || - !bn_usub_consttime(&qm1, key->q, BN_value_one()) || - !bn_mul_consttime(&de, key->d, key->e, ctx) || - !bn_div_consttime(NULL, &tmp, &de, &pm1, ctx) || - !bn_div_consttime(NULL, &de, &de, &qm1, ctx)) { + !bn_usub_consttime(&qm1, key->q, BN_value_one())) { + OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN); + goto out; + } + const unsigned pm1_bits = BN_num_bits(&pm1); + const unsigned qm1_bits = BN_num_bits(&qm1); + if (!bn_mul_consttime(&de, key->d, key->e, ctx) || + !bn_div_consttime(NULL, &tmp, &de, &pm1, pm1_bits, ctx) || + !bn_div_consttime(NULL, &de, &de, &qm1, qm1_bits, ctx)) { OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN); goto out; } @@ -772,9 +778,12 @@ int RSA_check_key(const RSA *key) { if (has_crt_values) { int dmp1_ok, dmq1_ok, iqmp_ok; - if (!check_mod_inverse(&dmp1_ok, key->e, key->dmp1, &pm1, ctx) || - !check_mod_inverse(&dmq1_ok, key->e, key->dmq1, &qm1, ctx) || - !check_mod_inverse(&iqmp_ok, key->q, key->iqmp, key->p, ctx)) { + if (!check_mod_inverse(&dmp1_ok, key->e, key->dmp1, &pm1, pm1_bits, ctx) || + !check_mod_inverse(&dmq1_ok, key->e, key->dmq1, &qm1, qm1_bits, ctx) || + // |p| is odd, so |pm1| and |p| have the same bit width. If they didn't, + // we only need a lower bound anyway. + !check_mod_inverse(&iqmp_ok, key->q, key->iqmp, key->p, pm1_bits, + ctx)) { OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN); goto out; } diff --git a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa_impl.c b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa_impl.c index 7b23bff9..61605002 100644 --- a/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa_impl.c +++ b/Sources/CCryptoBoringSSL/crypto/fipsmodule/rsa/rsa_impl.c @@ -1262,12 +1262,14 @@ static int rsa_generate_key_impl(RSA *rsa, int bits, const BIGNUM *e_value, // values for d. } while (BN_cmp(rsa->d, pow2_prime_bits) <= 0); + assert(BN_num_bits(pm1) == (unsigned)prime_bits); + assert(BN_num_bits(qm1) == (unsigned)prime_bits); if (// Calculate n. !bn_mul_consttime(rsa->n, rsa->p, rsa->q, ctx) || // Calculate d mod (p-1). - !bn_div_consttime(NULL, rsa->dmp1, rsa->d, pm1, ctx) || + !bn_div_consttime(NULL, rsa->dmp1, rsa->d, pm1, prime_bits, ctx) || // Calculate d mod (q-1) - !bn_div_consttime(NULL, rsa->dmq1, rsa->d, qm1, ctx)) { + !bn_div_consttime(NULL, rsa->dmq1, rsa->d, qm1, prime_bits, ctx)) { goto bn_err; } bn_set_minimal_width(rsa->n); diff --git a/Sources/CCryptoBoringSSL/crypto/mem.c b/Sources/CCryptoBoringSSL/crypto/mem.c index 64a87728..66e1ace9 100644 --- a/Sources/CCryptoBoringSSL/crypto/mem.c +++ b/Sources/CCryptoBoringSSL/crypto/mem.c @@ -324,22 +324,15 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) { } char *OPENSSL_strndup(const char *str, size_t size) { - char *ret; - size_t alloc_size; - - if (str == NULL) { - return NULL; - } - size = OPENSSL_strnlen(str, size); - alloc_size = size + 1; + size_t alloc_size = size + 1; if (alloc_size < size) { // overflow OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE); return NULL; } - ret = OPENSSL_malloc(alloc_size); + char *ret = OPENSSL_malloc(alloc_size); if (ret == NULL) { OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/Sources/CCryptoBoringSSL/crypto/pkcs8/pkcs8_x509.c b/Sources/CCryptoBoringSSL/crypto/pkcs8/pkcs8_x509.c index 2b6f854a..a51d662f 100644 --- a/Sources/CCryptoBoringSSL/crypto/pkcs8/pkcs8_x509.c +++ b/Sources/CCryptoBoringSSL/crypto/pkcs8/pkcs8_x509.c @@ -1180,7 +1180,7 @@ PKCS12 *PKCS12_create(const char *password, const char *name, } // PKCS#12 is a very confusing recursive data format, built out of another - // recursive data format. Section 5.1 of RFC7292 describes the encoding + // recursive data format. Section 5.1 of RFC 7292 describes the encoding // algorithm, but there is no clear overview. A quick summary: // // PKCS#7 defines a ContentInfo structure, which is a overgeneralized typed diff --git a/Sources/CCryptoBoringSSL/crypto/x509/by_file.c b/Sources/CCryptoBoringSSL/crypto/x509/by_file.c index 699b4d74..87d75824 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/by_file.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/by_file.c @@ -61,6 +61,8 @@ #include #include +#include "internal.h" + #ifndef OPENSSL_NO_STDIO static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, diff --git a/Sources/CCryptoBoringSSL/crypto/x509/internal.h b/Sources/CCryptoBoringSSL/crypto/x509/internal.h index ee16244c..30280f77 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/internal.h +++ b/Sources/CCryptoBoringSSL/crypto/x509/internal.h @@ -81,6 +81,22 @@ struct X509_pubkey_st { EVP_PKEY *pkey; } /* X509_PUBKEY */; +struct X509_name_entry_st { + ASN1_OBJECT *object; + ASN1_STRING *value; + int set; +} /* X509_NAME_ENTRY */; + +// we always keep X509_NAMEs in 2 forms. +struct X509_name_st { + STACK_OF(X509_NAME_ENTRY) *entries; + int modified; // true if 'bytes' needs to be built + BUF_MEM *bytes; + // unsigned long hash; Keep the hash around for lookups + unsigned char *canon_enc; + int canon_enclen; +} /* X509_NAME */; + struct x509_attributes_st { ASN1_OBJECT *object; STACK_OF(ASN1_TYPE) *set; @@ -100,6 +116,47 @@ struct X509_extension_st { ASN1_OCTET_STRING *value; } /* X509_EXTENSION */; +typedef struct { + ASN1_INTEGER *version; // [ 0 ] default of v1 + ASN1_INTEGER *serialNumber; + X509_ALGOR *signature; + X509_NAME *issuer; + X509_VAL *validity; + X509_NAME *subject; + X509_PUBKEY *key; + ASN1_BIT_STRING *issuerUID; // [ 1 ] optional in v2 + ASN1_BIT_STRING *subjectUID; // [ 2 ] optional in v2 + STACK_OF(X509_EXTENSION) *extensions; // [ 3 ] optional in v3 + ASN1_ENCODING enc; +} X509_CINF; + +DECLARE_ASN1_FUNCTIONS(X509_CINF) + +struct x509_st { + X509_CINF *cert_info; + X509_ALGOR *sig_alg; + ASN1_BIT_STRING *signature; + CRYPTO_refcount_t references; + CRYPTO_EX_DATA ex_data; + // These contain copies of various extension values + long ex_pathlen; + long ex_pcpathlen; + unsigned long ex_flags; + unsigned long ex_kusage; + unsigned long ex_xkusage; + unsigned long ex_nscert; + ASN1_OCTET_STRING *skid; + AUTHORITY_KEYID *akid; + X509_POLICY_CACHE *policy_cache; + STACK_OF(DIST_POINT) *crldp; + STACK_OF(GENERAL_NAME) *altname; + NAME_CONSTRAINTS *nc; + unsigned char sha1_hash[SHA_DIGEST_LENGTH]; + X509_CERT_AUX *aux; + CRYPTO_BUFFER *buf; + CRYPTO_MUTEX lock; +} /* X509 */; + typedef struct { ASN1_ENCODING enc; ASN1_INTEGER *version; @@ -153,7 +210,6 @@ struct X509_crl_st { void *meth_data; } /* X509_CRL */; - struct X509_VERIFY_PARAM_st { char *name; time_t check_time; // Time to use @@ -174,6 +230,131 @@ struct X509_VERIFY_PARAM_st { unsigned char poison; // Fail all verifications at name checking } /* X509_VERIFY_PARAM */; +struct x509_object_st { + // one of the above types + int type; + union { + char *ptr; + X509 *x509; + X509_CRL *crl; + EVP_PKEY *pkey; + } data; +} /* X509_OBJECT */; + +// This is a static that defines the function interface +struct x509_lookup_method_st { + const char *name; + int (*new_item)(X509_LOOKUP *ctx); + void (*free)(X509_LOOKUP *ctx); + int (*init)(X509_LOOKUP *ctx); + int (*shutdown)(X509_LOOKUP *ctx); + int (*ctrl)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, + char **ret); + int (*get_by_subject)(X509_LOOKUP *ctx, int type, X509_NAME *name, + X509_OBJECT *ret); + int (*get_by_issuer_serial)(X509_LOOKUP *ctx, int type, X509_NAME *name, + ASN1_INTEGER *serial, X509_OBJECT *ret); + int (*get_by_fingerprint)(X509_LOOKUP *ctx, int type, unsigned char *bytes, + int len, X509_OBJECT *ret); + int (*get_by_alias)(X509_LOOKUP *ctx, int type, char *str, int len, + X509_OBJECT *ret); +} /* X509_LOOKUP_METHOD */; + +// This is used to hold everything. It is used for all certificate +// validation. Once we have a certificate chain, the 'verify' +// function is then called to actually check the cert chain. +struct x509_store_st { + // The following is a cache of trusted certs + int cache; // if true, stash any hits + STACK_OF(X509_OBJECT) *objs; // Cache of all objects + CRYPTO_MUTEX objs_lock; + STACK_OF(X509) *additional_untrusted; + + // These are external lookup methods + STACK_OF(X509_LOOKUP) *get_cert_methods; + + X509_VERIFY_PARAM *param; + + // Callbacks for various operations + X509_STORE_CTX_verify_fn verify; // called to verify a certificate + X509_STORE_CTX_verify_cb verify_cb; // error callback + X509_STORE_CTX_get_issuer_fn get_issuer; // get issuers cert from ctx + X509_STORE_CTX_check_issued_fn check_issued; // check issued + X509_STORE_CTX_check_revocation_fn + check_revocation; // Check revocation status of chain + X509_STORE_CTX_get_crl_fn get_crl; // retrieve CRL + X509_STORE_CTX_check_crl_fn check_crl; // Check CRL validity + X509_STORE_CTX_cert_crl_fn cert_crl; // Check certificate against CRL + X509_STORE_CTX_lookup_certs_fn lookup_certs; + X509_STORE_CTX_lookup_crls_fn lookup_crls; + X509_STORE_CTX_cleanup_fn cleanup; + + CRYPTO_refcount_t references; +} /* X509_STORE */; + + +// This is the functions plus an instance of the local variables. +struct x509_lookup_st { + int init; // have we been started + int skip; // don't use us. + X509_LOOKUP_METHOD *method; // the functions + char *method_data; // method data + + X509_STORE *store_ctx; // who owns us +} /* X509_LOOKUP */; + +// This is a used when verifying cert chains. Since the +// gathering of the cert chain can take some time (and have to be +// 'retried', this needs to be kept and passed around. +struct x509_store_ctx_st { + X509_STORE *ctx; + + // The following are set by the caller + X509 *cert; // The cert to check + STACK_OF(X509) *untrusted; // chain of X509s - untrusted - passed in + STACK_OF(X509_CRL) *crls; // set of CRLs passed in + + X509_VERIFY_PARAM *param; + void *other_ctx; // Other info for use with get_issuer() + + // Callbacks for various operations + X509_STORE_CTX_verify_fn verify; // called to verify a certificate + X509_STORE_CTX_verify_cb verify_cb; // error callback + X509_STORE_CTX_get_issuer_fn get_issuer; // get issuers cert from ctx + X509_STORE_CTX_check_issued_fn check_issued; // check issued + X509_STORE_CTX_check_revocation_fn + check_revocation; // Check revocation status of chain + X509_STORE_CTX_get_crl_fn get_crl; // retrieve CRL + X509_STORE_CTX_check_crl_fn check_crl; // Check CRL validity + X509_STORE_CTX_cert_crl_fn cert_crl; // Check certificate against CRL + X509_STORE_CTX_check_policy_fn check_policy; + X509_STORE_CTX_lookup_certs_fn lookup_certs; + X509_STORE_CTX_lookup_crls_fn lookup_crls; + X509_STORE_CTX_cleanup_fn cleanup; + + // The following is built up + int valid; // if 0, rebuild chain + int last_untrusted; // index of last untrusted cert + STACK_OF(X509) *chain; // chain of X509s - built up and trusted + X509_POLICY_TREE *tree; // Valid policy tree + + int explicit_policy; // Require explicit policy value + + // When something goes wrong, this is why + int error_depth; + int error; + X509 *current_cert; + X509 *current_issuer; // cert currently being tested as valid issuer + X509_CRL *current_crl; // current CRL + + int current_crl_score; // score of current CRL + unsigned int current_reasons; // Reason mask + + X509_STORE_CTX *parent; // For CRL path validation: parent context + + CRYPTO_EX_DATA ex_data; +} /* X509_STORE_CTX */; + /* RSA-PSS functions. */ diff --git a/Sources/CCryptoBoringSSL/crypto/x509/name_print.c b/Sources/CCryptoBoringSSL/crypto/x509/name_print.c index 0c0cfc97..568a97fb 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/name_print.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/name_print.c @@ -155,7 +155,7 @@ static int do_name_ex(BIO *out, const X509_NAME *n, int indent, else ent = X509_NAME_get_entry(n, i); if (prev != -1) { - if (prev == ent->set) { + if (prev == X509_NAME_ENTRY_set(ent)) { if (!maybe_write(out, sep_mv, sep_mv_len)) return -1; outlen += sep_mv_len; @@ -168,7 +168,7 @@ static int do_name_ex(BIO *out, const X509_NAME *n, int indent, outlen += indent; } } - prev = ent->set; + prev = X509_NAME_ENTRY_set(ent); fn = X509_NAME_ENTRY_get_object(ent); val = X509_NAME_ENTRY_get_data(ent); fn_nid = OBJ_obj2nid(fn); diff --git a/Sources/CCryptoBoringSSL/crypto/x509/t_x509a.c b/Sources/CCryptoBoringSSL/crypto/x509/t_x509a.c index 49294948..81832635 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/t_x509a.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/t_x509a.c @@ -102,8 +102,10 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) BIO_puts(out, "\n"); } else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); - if (aux->alias) - BIO_printf(out, "%*sAlias: %s\n", indent, "", aux->alias->data); + if (aux->alias) { + BIO_printf(out, "%*sAlias: %.*s\n", indent, "", aux->alias->length, + aux->alias->data); + } if (aux->keyid) { BIO_printf(out, "%*sKey Id: ", indent, ""); for (j = 0; j < aux->keyid->length; j++) diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509_obj.c b/Sources/CCryptoBoringSSL/crypto/x509/x509_obj.c index e91abcee..2e3d4db1 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/x509_obj.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/x509_obj.c @@ -64,6 +64,7 @@ #include #include "../internal.h" +#include "internal.h" /* diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509_vfy.c b/Sources/CCryptoBoringSSL/crypto/x509/x509_vfy.c index 105ac23b..411f1dd4 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/x509_vfy.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/x509_vfy.c @@ -1403,12 +1403,12 @@ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x) } /* - * RFC3280 says nothing about the relationship between CRL path and + * RFC 3280 says nothing about the relationship between CRL path and * certificate path, which could lead to situations where a certificate could - * be revoked or validated by a CA not authorised to do so. RFC5280 is more + * be revoked or validated by a CA not authorised to do so. RFC 5280 is more * strict and states that the two paths must end in the same trust anchor, * though some discussions remain... until this is resolved we use the - * RFC5280 version + * RFC 5280 version */ static int check_crl_chain(X509_STORE_CTX *ctx, @@ -1919,8 +1919,8 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) int i, day, sec, ret = 0; /* - * Note that ASN.1 allows much more slack in the time format than RFC5280. - * In RFC5280, the representation is fixed: + * Note that ASN.1 allows much more slack in the time format than RFC 5280. + * In RFC 5280, the representation is fixed: * UTCTime: YYMMDDHHMMSSZ * GeneralizedTime: YYYYMMDDHHMMSSZ * diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x509name.c b/Sources/CCryptoBoringSSL/crypto/x509/x509name.c index 8ed5b10c..e1d6daa6 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/x509name.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/x509name.c @@ -64,6 +64,7 @@ #include #include "../internal.h" +#include "internal.h" int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid, char *buf, @@ -367,10 +368,7 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, if (!i) return (0); if (type != V_ASN1_UNDEF) { - if (type == V_ASN1_APP_CHOOSE) - ne->value->type = ASN1_PRINTABLE_type(bytes, len); - else - ne->value->type = type; + ne->value->type = type; } return (1); } diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x_name.c b/Sources/CCryptoBoringSSL/crypto/x509/x_name.c index 3acdb32d..17bf1417 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/x_name.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/x_name.c @@ -68,6 +68,7 @@ #include "../asn1/internal.h" #include "../internal.h" +#include "internal.h" typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY; diff --git a/Sources/CCryptoBoringSSL/crypto/x509/x_x509.c b/Sources/CCryptoBoringSSL/crypto/x509/x_x509.c index 5c45c21b..46c3fa30 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509/x_x509.c +++ b/Sources/CCryptoBoringSSL/crypto/x509/x_x509.c @@ -69,6 +69,7 @@ #include #include "../internal.h" +#include "internal.h" static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT; @@ -128,14 +129,14 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, } } - /* Per RFC5280, section 4.1.2.8, these fields require v2 or v3. */ + /* Per RFC 5280, section 4.1.2.8, these fields require v2 or v3. */ if (version == 0 && (ret->cert_info->issuerUID != NULL || ret->cert_info->subjectUID != NULL)) { OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION); return 0; } - /* Per RFC5280, section 4.1.2.9, extensions require v3. */ + /* Per RFC 5280, section 4.1.2.9, extensions require v3. */ if (version != 2 && ret->cert_info->extensions != NULL) { OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION); return 0; diff --git a/Sources/CCryptoBoringSSL/crypto/x509v3/internal.h b/Sources/CCryptoBoringSSL/crypto/x509v3/internal.h index 51487b5b..d3b2e7d9 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509v3/internal.h +++ b/Sources/CCryptoBoringSSL/crypto/x509v3/internal.h @@ -17,6 +17,8 @@ #include +#include + #if defined(__cplusplus) extern "C" { #endif @@ -67,6 +69,13 @@ typedef struct { const char *sname; } BIT_STRING_BITNAME; +// x509V3_add_value_asn1_string appends a |CONF_VALUE| with the specified name +// and value to |*extlist|. if |*extlist| is NULL, it sets |*extlist| to a +// newly-allocated |STACK_OF(CONF_VALUE)| first. It returns one on success and +// zero on error. +int x509V3_add_value_asn1_string(const char *name, const ASN1_STRING *value, + STACK_OF(CONF_VALUE) **extlist); + #if defined(__cplusplus) } /* extern C */ diff --git a/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_cache.c b/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_cache.c index e420fb7e..f400ee77 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_cache.c +++ b/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_cache.c @@ -62,6 +62,7 @@ #include "pcy_int.h" #include "../internal.h" +#include "../x509/internal.h" static int policy_data_cmp(const X509_POLICY_DATA **a, const X509_POLICY_DATA **b); diff --git a/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_data.c b/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_data.c index e3c0ae35..41ac6116 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_data.c +++ b/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_data.c @@ -79,7 +79,7 @@ void policy_data_free(X509_POLICY_DATA *data) /* * Create a data based on an existing policy. If 'id' is NULL use the oid in * the policy, otherwise use 'id'. This behaviour covers the two types of - * data in RFC3280: data with from a CertificatePolcies extension and + * data in RFC 3280: data with from a CertificatePolcies extension and * additional data with just the qualifiers of anyPolicy and ID from another * source. */ diff --git a/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_int.h b/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_int.h index fc6e20a9..aee71d6f 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_int.h +++ b/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_int.h @@ -65,7 +65,7 @@ DEFINE_STACK_OF(X509_POLICY_DATA) /* * This structure and the field names correspond to the Policy 'node' of - * RFC3280. NB this structure contains no pointers to parent or child data: + * RFC 3280. NB this structure contains no pointers to parent or child data: * X509_POLICY_NODE contains that. This means that the main policy data can * be kept static and cached with the certificate. */ diff --git a/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_map.c b/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_map.c index 9ba402aa..b37d124a 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_map.c +++ b/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_map.c @@ -62,6 +62,7 @@ #include #include "pcy_int.h" +#include "../x509/internal.h" /* * Set policy mapping entries in cache. Note: this modifies the passed diff --git a/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_tree.c b/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_tree.c index 4a151543..ebf5bd4f 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_tree.c +++ b/Sources/CCryptoBoringSSL/crypto/x509v3/pcy_tree.c @@ -67,6 +67,7 @@ #include "pcy_int.h" #include "../internal.h" +#include "../x509/internal.h" /* * Enable this to print out the complete policy tree at various point during @@ -332,7 +333,7 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, } /* - * This corresponds to RFC3280 6.1.3(d)(1): link any data from + * This corresponds to RFC 3280 6.1.3(d)(1): link any data from * CertificatePolicies onto matching parent or anyPolicy if no match. */ @@ -365,7 +366,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, } /* - * This corresponds to RFC3280 6.1.3(d)(2): Create new data for any unmatched + * This corresponds to RFC 3280 6.1.3(d)(2): Create new data for any unmatched * policies in the parent and link to anyPolicy. */ @@ -500,7 +501,7 @@ static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) if (curr->flags & X509_V_FLAG_INHIBIT_MAP) { for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0; i--) { node = sk_X509_POLICY_NODE_value(nodes, i); - /* Delete any mapped data: see RFC3280 XXXX */ + /* Delete any mapped data: see RFC 3280 XXXX */ if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK) { node->parent->nchild--; OPENSSL_free(node); diff --git a/Sources/CCryptoBoringSSL/crypto/x509v3/v3_akey.c b/Sources/CCryptoBoringSSL/crypto/x509v3/v3_akey.c index f72b0a5a..27355319 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509v3/v3_akey.c +++ b/Sources/CCryptoBoringSSL/crypto/x509v3/v3_akey.c @@ -93,20 +93,39 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, STACK_OF(CONF_VALUE) *extlist) { - char *tmp; + char *tmp = NULL; + int extlist_was_null = extlist == NULL; if (akeyid->keyid) { tmp = x509v3_bytes_to_hex(akeyid->keyid->data, akeyid->keyid->length); - X509V3_add_value("keyid", tmp, &extlist); + int ok = tmp != NULL && X509V3_add_value("keyid", tmp, &extlist); OPENSSL_free(tmp); + if (!ok) { + goto err; + } + } + if (akeyid->issuer) { + STACK_OF(CONF_VALUE) *tmpextlist = + i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); + if (tmpextlist == NULL) { + goto err; + } + extlist = tmpextlist; } - if (akeyid->issuer) - extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); if (akeyid->serial) { tmp = x509v3_bytes_to_hex(akeyid->serial->data, akeyid->serial->length); - X509V3_add_value("serial", tmp, &extlist); + int ok = tmp != NULL && X509V3_add_value("serial", tmp, &extlist); OPENSSL_free(tmp); + if (!ok) { + goto err; + } } return extlist; + +err: + if (extlist_was_null) { + sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free); + } + return NULL; } /* diff --git a/Sources/CCryptoBoringSSL/crypto/x509v3/v3_alt.c b/Sources/CCryptoBoringSSL/crypto/x509v3/v3_alt.c index 172fbeb8..28d8ed53 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509v3/v3_alt.c +++ b/Sources/CCryptoBoringSSL/crypto/x509v3/v3_alt.c @@ -104,11 +104,17 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret) { - size_t i; - GENERAL_NAME *gen; - for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { - gen = sk_GENERAL_NAME_value(gens, i); - ret = i2v_GENERAL_NAME(method, gen, ret); + int ret_was_null = ret == NULL; + for (size_t i = 0; i < sk_GENERAL_NAME_num(gens); i++) { + GENERAL_NAME *gen = sk_GENERAL_NAME_value(gens, i); + STACK_OF(CONF_VALUE) *tmp = i2v_GENERAL_NAME(method, gen, ret); + if (tmp == NULL) { + if (ret_was_null) { + sk_CONF_VALUE_pop_free(ret, X509V3_conf_free); + } + return NULL; + } + ret = tmp; } if (!ret) return sk_CONF_VALUE_new_null(); @@ -119,6 +125,9 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret) { + /* Note the error-handling for this function relies on there being at most + * one |X509V3_add_value| call. If there were two and the second failed, we + * would need to sometimes free the first call's result. */ unsigned char *p; char oline[256], htmp[5]; int i; @@ -139,17 +148,17 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, break; case GEN_EMAIL: - if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret)) + if (!x509V3_add_value_asn1_string("email", gen->d.ia5, &ret)) return NULL; break; case GEN_DNS: - if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret)) + if (!x509V3_add_value_asn1_string("DNS", gen->d.ia5, &ret)) return NULL; break; case GEN_URI: - if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret)) + if (!x509V3_add_value_asn1_string("URI", gen->d.ia5, &ret)) return NULL; break; diff --git a/Sources/CCryptoBoringSSL/crypto/x509v3/v3_cpols.c b/Sources/CCryptoBoringSSL/crypto/x509v3/v3_cpols.c index f766d289..3de17125 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509v3/v3_cpols.c +++ b/Sources/CCryptoBoringSSL/crypto/x509v3/v3_cpols.c @@ -432,8 +432,8 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, qualinfo = sk_POLICYQUALINFO_value(quals, i); switch (OBJ_obj2nid(qualinfo->pqualid)) { case NID_id_qt_cps: - BIO_printf(out, "%*sCPS: %s\n", indent, "", - qualinfo->d.cpsuri->data); + BIO_printf(out, "%*sCPS: %.*s\n", indent, "", + qualinfo->d.cpsuri->length, qualinfo->d.cpsuri->data); break; case NID_id_qt_unotice: @@ -457,8 +457,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) if (notice->noticeref) { NOTICEREF *ref; ref = notice->noticeref; - BIO_printf(out, "%*sOrganization: %s\n", indent, "", - ref->organization->data); + BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", + ref->organization->length, ref->organization->data); BIO_printf(out, "%*sNumber%s: ", indent, "", sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { @@ -480,8 +480,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) BIO_puts(out, "\n"); } if (notice->exptext) - BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", - notice->exptext->data); + BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "", + notice->exptext->length, notice->exptext->data); } void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) diff --git a/Sources/CCryptoBoringSSL/crypto/x509v3/v3_crld.c b/Sources/CCryptoBoringSSL/crypto/x509v3/v3_crld.c index bc4b071f..051d7262 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509v3/v3_crld.c +++ b/Sources/CCryptoBoringSSL/crypto/x509v3/v3_crld.c @@ -67,6 +67,7 @@ #include #include "internal.h" +#include "../x509/internal.h" static void *v2i_crld(const X509V3_EXT_METHOD *method, diff --git a/Sources/CCryptoBoringSSL/crypto/x509v3/v3_ncons.c b/Sources/CCryptoBoringSSL/crypto/x509v3/v3_ncons.c index 74b02acf..ef942cd2 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509v3/v3_ncons.c +++ b/Sources/CCryptoBoringSSL/crypto/x509v3/v3_ncons.c @@ -66,6 +66,7 @@ #include #include "../internal.h" +#include "../x509/internal.h" static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, @@ -389,25 +390,73 @@ static int nc_dn(X509_NAME *nm, X509_NAME *base) return X509_V_OK; } +static int starts_with(const CBS *cbs, uint8_t c) +{ + return CBS_len(cbs) > 0 && CBS_data(cbs)[0] == c; +} + +static int equal_case(const CBS *a, const CBS *b) +{ + if (CBS_len(a) != CBS_len(b)) { + return 0; + } + /* Note we cannot use |OPENSSL_strncasecmp| because that would stop + * iterating at NUL. */ + const uint8_t *a_data = CBS_data(a), *b_data = CBS_data(b); + for (size_t i = 0; i < CBS_len(a); i++) { + if (OPENSSL_tolower(a_data[i]) != OPENSSL_tolower(b_data[i])) { + return 0; + } + } + return 1; +} + +static int has_suffix_case(const CBS *a, const CBS *b) +{ + if (CBS_len(a) < CBS_len(b)) { + return 0; + } + CBS copy = *a; + CBS_skip(©, CBS_len(a) - CBS_len(b)); + return equal_case(©, b); +} + static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) { - char *baseptr = (char *)base->data; - char *dnsptr = (char *)dns->data; + CBS dns_cbs, base_cbs; + CBS_init(&dns_cbs, dns->data, dns->length); + CBS_init(&base_cbs, base->data, base->length); + /* Empty matches everything */ - if (!*baseptr) + if (CBS_len(&base_cbs) == 0) { return X509_V_OK; + } + + /* If |base_cbs| begins with a '.', do a simple suffix comparison. This is + * not part of RFC5280, but is part of OpenSSL's original behavior. */ + if (starts_with(&base_cbs, '.')) { + if (has_suffix_case(&dns_cbs, &base_cbs)) { + return X509_V_OK; + } + return X509_V_ERR_PERMITTED_VIOLATION; + } + /* * Otherwise can add zero or more components on the left so compare RHS * and if dns is longer and expect '.' as preceding character. */ - if (dns->length > base->length) { - dnsptr += dns->length - base->length; - if (*baseptr != '.' && dnsptr[-1] != '.') + if (CBS_len(&dns_cbs) > CBS_len(&base_cbs)) { + uint8_t dot; + if (!CBS_skip(&dns_cbs, CBS_len(&dns_cbs) - CBS_len(&base_cbs) - 1) || + !CBS_get_u8(&dns_cbs, &dot) || + dot != '.') { return X509_V_ERR_PERMITTED_VIOLATION; + } } - if (OPENSSL_strcasecmp(baseptr, dnsptr)) + if (!equal_case(&dns_cbs, &base_cbs)) { return X509_V_ERR_PERMITTED_VIOLATION; + } return X509_V_OK; @@ -415,86 +464,94 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) { - const char *baseptr = (char *)base->data; - const char *emlptr = (char *)eml->data; - - const char *baseat = strchr(baseptr, '@'); - const char *emlat = strchr(emlptr, '@'); - if (!emlat) + CBS eml_cbs, base_cbs; + CBS_init(&eml_cbs, eml->data, eml->length); + CBS_init(&base_cbs, base->data, base->length); + + /* TODO(davidben): In OpenSSL 1.1.1, this switched from the first '@' to the + * last one. Match them here, or perhaps do an actual parse. Looks like + * multiple '@'s may be allowed in quoted strings. */ + CBS eml_local, base_local; + if (!CBS_get_until_first(&eml_cbs, &eml_local, '@')) { return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + } + int base_has_at = CBS_get_until_first(&base_cbs, &base_local, '@'); + /* Special case: inital '.' is RHS match */ - if (!baseat && (*baseptr == '.')) { - if (eml->length > base->length) { - emlptr += eml->length - base->length; - if (!OPENSSL_strcasecmp(baseptr, emlptr)) - return X509_V_OK; + if (!base_has_at && starts_with(&base_cbs, '.')) { + if (has_suffix_case(&eml_cbs, &base_cbs)) { + return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; } /* If we have anything before '@' match local part */ - - if (baseat) { - if (baseat != baseptr) { - if ((baseat - baseptr) != (emlat - emlptr)) - return X509_V_ERR_PERMITTED_VIOLATION; + if (base_has_at) { + /* TODO(davidben): This interprets a constraint of "@example.com" as + * "example.com", which is not part of RFC5280. */ + if (CBS_len(&base_local) > 0) { /* Case sensitive match of local part */ - if (strncmp(baseptr, emlptr, emlat - emlptr)) + if (!CBS_mem_equal(&base_local, CBS_data(&eml_local), + CBS_len(&eml_local))) { return X509_V_ERR_PERMITTED_VIOLATION; + } } /* Position base after '@' */ - baseptr = baseat + 1; + assert(starts_with(&base_cbs, '@')); + CBS_skip(&base_cbs, 1); } - emlptr = emlat + 1; + /* Just have hostname left to match: case insensitive */ - if (OPENSSL_strcasecmp(baseptr, emlptr)) + assert(starts_with(&eml_cbs, '@')); + CBS_skip(&eml_cbs, 1); + if (!equal_case(&base_cbs, &eml_cbs)) { return X509_V_ERR_PERMITTED_VIOLATION; + } return X509_V_OK; - } static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) { - const char *baseptr = (char *)base->data; - const char *hostptr = (char *)uri->data; - const char *p = strchr(hostptr, ':'); - int hostlen; + CBS uri_cbs, base_cbs; + CBS_init(&uri_cbs, uri->data, uri->length); + CBS_init(&base_cbs, base->data, base->length); + /* Check for foo:// and skip past it */ - if (!p || (p[1] != '/') || (p[2] != '/')) + CBS scheme; + uint8_t byte; + if (!CBS_get_until_first(&uri_cbs, &scheme, ':') || + !CBS_skip(&uri_cbs, 1) || // Skip the colon + !CBS_get_u8(&uri_cbs, &byte) || byte != '/' || + !CBS_get_u8(&uri_cbs, &byte) || byte != '/') { return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; - hostptr = p + 3; - - /* Determine length of hostname part of URI */ - - /* Look for a port indicator as end of hostname first */ - - p = strchr(hostptr, ':'); - /* Otherwise look for trailing slash */ - if (!p) - p = strchr(hostptr, '/'); + } - if (!p) - hostlen = strlen(hostptr); - else - hostlen = p - hostptr; + /* Look for a port indicator as end of hostname first. Otherwise look for + * trailing slash, or the end of the string. + * TODO(davidben): This is not a correct URI parser and mishandles IPv6 + * literals. */ + CBS host; + if (!CBS_get_until_first(&uri_cbs, &host, ':') && + !CBS_get_until_first(&uri_cbs, &host, '/')) { + host = uri_cbs; + } - if (hostlen == 0) + if (CBS_len(&host) == 0) { return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + } /* Special case: inital '.' is RHS match */ - if (*baseptr == '.') { - if (hostlen > base->length) { - p = hostptr + hostlen - base->length; - if (!OPENSSL_strncasecmp(p, baseptr, base->length)) - return X509_V_OK; + if (starts_with(&base_cbs, '.')) { + if (has_suffix_case(&host, &base_cbs)) { + return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; } - if ((base->length != (int)hostlen) - || OPENSSL_strncasecmp(hostptr, baseptr, hostlen)) + if (!equal_case(&base_cbs, &host)) { return X509_V_ERR_PERMITTED_VIOLATION; + } return X509_V_OK; diff --git a/Sources/CCryptoBoringSSL/crypto/x509v3/v3_pci.c b/Sources/CCryptoBoringSSL/crypto/x509v3/v3_pci.c index 3c9a6530..54b49272 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509v3/v3_pci.c +++ b/Sources/CCryptoBoringSSL/crypto/x509v3/v3_pci.c @@ -75,7 +75,8 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); BIO_puts(out, "\n"); if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) - BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", + BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "", + pci->proxyPolicy->policy->length, pci->proxyPolicy->policy->data); return 1; } diff --git a/Sources/CCryptoBoringSSL/crypto/x509v3/v3_purp.c b/Sources/CCryptoBoringSSL/crypto/x509v3/v3_purp.c index 4bd29c90..c10d525d 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509v3/v3_purp.c +++ b/Sources/CCryptoBoringSSL/crypto/x509v3/v3_purp.c @@ -68,6 +68,7 @@ #include #include "../internal.h" +#include "../x509/internal.h" #include "internal.h" #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) diff --git a/Sources/CCryptoBoringSSL/crypto/x509v3/v3_utl.c b/Sources/CCryptoBoringSSL/crypto/x509v3/v3_utl.c index 2a471293..25a1ab48 100644 --- a/Sources/CCryptoBoringSSL/crypto/x509v3/v3_utl.c +++ b/Sources/CCryptoBoringSSL/crypto/x509v3/v3_utl.c @@ -88,42 +88,69 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen); /* Add a CONF_VALUE name value pair to stack */ -int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist) +static int x509V3_add_len_value(const char *name, const char *value, + size_t value_len, int omit_value, + STACK_OF(CONF_VALUE) **extlist) { CONF_VALUE *vtmp = NULL; char *tname = NULL, *tvalue = NULL; + int extlist_was_null = *extlist == NULL; if (name && !(tname = OPENSSL_strdup(name))) - goto err; - if (value && !(tvalue = OPENSSL_strdup(value))) - goto err; + goto malloc_err; + if (!omit_value) { + /* |CONF_VALUE| cannot represent strings with NULs. */ + if (OPENSSL_memchr(value, 0, value_len)) { + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_VALUE); + goto err; + } + tvalue = OPENSSL_strndup(value, value_len); + if (tvalue == NULL) { + goto malloc_err; + } + } if (!(vtmp = CONF_VALUE_new())) - goto err; + goto malloc_err; if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) - goto err; + goto malloc_err; vtmp->section = NULL; vtmp->name = tname; vtmp->value = tvalue; if (!sk_CONF_VALUE_push(*extlist, vtmp)) - goto err; + goto malloc_err; return 1; - err: + malloc_err: OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); - if (vtmp) - OPENSSL_free(vtmp); - if (tname) - OPENSSL_free(tname); - if (tvalue) - OPENSSL_free(tvalue); + err: + if (extlist_was_null) { + sk_CONF_VALUE_free(*extlist); + *extlist = NULL; + } + OPENSSL_free(vtmp); + OPENSSL_free(tname); + OPENSSL_free(tvalue); return 0; } +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist) +{ + return x509V3_add_len_value(name, value, value != NULL ? strlen(value) : 0, + /*omit_value=*/value == NULL, extlist); +} + int X509V3_add_value_uchar(const char *name, const unsigned char *value, STACK_OF(CONF_VALUE) **extlist) { return X509V3_add_value(name, (const char *)value, extlist); } +int x509V3_add_value_asn1_string(const char *name, const ASN1_STRING *value, + STACK_OF(CONF_VALUE) **extlist) +{ + return x509V3_add_len_value(name, (const char *)value->data, value->length, + /*omit_value=*/0, extlist); +} + /* Free function for STACK_OF(CONF_VALUE) */ void X509V3_conf_free(CONF_VALUE *conf) @@ -268,7 +295,7 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) return aint; } -int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, +int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, STACK_OF(CONF_VALUE) **extlist) { char *strtmp; @@ -631,27 +658,45 @@ static void str_free(OPENSSL_STRING str) static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email) { - char *emtmp; /* First some sanity checks */ if (email->type != V_ASN1_IA5STRING) return 1; - if (!email->data || !email->length) + if (email->data == NULL || email->length == 0) + return 1; + /* |OPENSSL_STRING| cannot represent strings with embedded NULs. Do not + * report them as outputs. */ + if (OPENSSL_memchr(email->data, 0, email->length) != NULL) return 1; + + char *emtmp = NULL; if (!*sk) *sk = sk_OPENSSL_STRING_new(sk_strcmp); if (!*sk) - return 0; + goto err; + + emtmp = OPENSSL_strndup((char *)email->data, email->length); + if (emtmp == NULL) { + goto err; + } + /* Don't add duplicates */ sk_OPENSSL_STRING_sort(*sk); - if (sk_OPENSSL_STRING_find(*sk, NULL, (char *)email->data)) + if (sk_OPENSSL_STRING_find(*sk, NULL, emtmp)) { + OPENSSL_free(emtmp); return 1; - emtmp = OPENSSL_strdup((char *)email->data); - if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) { - X509_email_free(*sk); - *sk = NULL; - return 0; + } + if (!sk_OPENSSL_STRING_push(*sk, emtmp)) { + goto err; } return 1; + +err: + /* TODO(davidben): Fix the error-handling in this file. It currently relies + * on |append_ia5| leaving |*sk| at NULL on error. */ + OPENSSL_free(emtmp); + X509_email_free(*sk); + *sk = NULL; + return 0; } void X509_email_free(STACK_OF(OPENSSL_STRING) *sk) @@ -1120,7 +1165,7 @@ int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags) /* * Convert IP addresses both IPv4 and IPv6 into an OCTET STRING compatible - * with RFC3280. + * with RFC 3280. */ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) diff --git a/Sources/CCryptoBoringSSL/hash.txt b/Sources/CCryptoBoringSSL/hash.txt index e047a2ad..9575d13a 100644 --- a/Sources/CCryptoBoringSSL/hash.txt +++ b/Sources/CCryptoBoringSSL/hash.txt @@ -1 +1 @@ -This directory is derived from BoringSSL cloned from https://boringssl.googlesource.com/boringssl at revision 2e68a05c9943a8dec1758d4a393b2ae906fd3295 +This directory is derived from BoringSSL cloned from https://boringssl.googlesource.com/boringssl at revision 25773430c07075a368416c3646fa4b07daf4968a diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_asn1.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_asn1.h index 182a5d3e..2101eba4 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_asn1.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_asn1.h @@ -111,10 +111,6 @@ extern "C" { // V_ASN1_UNDEF is used in some APIs to indicate an ASN.1 element is omitted. #define V_ASN1_UNDEF (-1) -// V_ASN1_APP_CHOOSE is used in some APIs to specify a default ASN.1 type based -// on the context. -#define V_ASN1_APP_CHOOSE (-2) - // V_ASN1_OTHER is used in |ASN1_TYPE| to indicate a non-universal ASN.1 type. #define V_ASN1_OTHER (-3) @@ -384,7 +380,7 @@ OPENSSL_EXPORT int ASN1_mbstring_ncopy(ASN1_STRING **out, const uint8_t *in, // in several forms: // // Some BIT STRINGs represent a bitmask of named bits, such as the X.509 key -// usage extension in RFC5280, section 4.2.1.3. For such bit strings, DER +// usage extension in RFC 5280, section 4.2.1.3. For such bit strings, DER // imposes an additional restriction that trailing zero bits are removed. Some // functions like |ASN1_BIT_STRING_set_bit| help in maintaining this. // @@ -523,10 +519,10 @@ OPENSSL_EXPORT BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, // epoch would be "19700101000000Z" for a GeneralizedTime and "700101000000Z" // for a UTCTime. // -// ASN.1 does not define how to interpret UTCTime's two-digit year. RFC5280 +// ASN.1 does not define how to interpret UTCTime's two-digit year. RFC 5280 // defines it as a range from 1950 to 2049 for X.509. The library uses the -// RFC5280 interpretation. It does not currently enforce the restrictions from -// BER, and the additional restrictions from RFC5280, but future versions may. +// RFC 5280 interpretation. It does not currently enforce the restrictions from +// BER, and the additional restrictions from RFC 5280, but future versions may. // Callers should not rely on fractional seconds and non-UTC time zones. // // The |ASN1_TIME| typedef represents the X.509 Time type, which is a CHOICE of @@ -606,7 +602,7 @@ OPENSSL_EXPORT int ASN1_TIME_diff(int *out_days, int *out_seconds, const ASN1_TIME *from, const ASN1_TIME *to); // ASN1_TIME_set represents |t| as a GeneralizedTime or UTCTime and writes -// the result to |s|. As in RFC5280, section 4.1.2.5, it uses UTCTime when the +// the result to |s|. As in RFC 5280, section 4.1.2.5, it uses UTCTime when the // time fits and GeneralizedTime otherwise. It returns |s| on success and NULL // on error. If |s| is NULL, it returns a newly-allocated |ASN1_TIME| instead. // @@ -614,7 +610,7 @@ OPENSSL_EXPORT int ASN1_TIME_diff(int *out_days, int *out_seconds, OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); // ASN1_TIME_adj adds |offset_day| days and |offset_sec| seconds to -// |t| and writes the result to |s|. As in RFC5280, section 4.1.2.5, it uses +// |t| and writes the result to |s|. As in RFC 5280, section 4.1.2.5, it uses // UTCTime when the time fits and GeneralizedTime otherwise. It returns |s| on // success and NULL on error. If |s| is NULL, it returns a newly-allocated // |ASN1_GENERALIZEDTIME| instead. @@ -774,7 +770,7 @@ OPENSSL_EXPORT int ASN1_TIME_print(BIO *out, const ASN1_TIME *a); // replaced with '.'. OPENSSL_EXPORT int ASN1_STRING_print(BIO *out, const ASN1_STRING *str); -// ASN1_STRFLGS_ESC_2253 causes characters to be escaped as in RFC2253, section +// ASN1_STRFLGS_ESC_2253 causes characters to be escaped as in RFC 2253, section // 2.4. #define ASN1_STRFLGS_ESC_2253 1 @@ -805,7 +801,7 @@ OPENSSL_EXPORT int ASN1_STRING_print(BIO *out, const ASN1_STRING *str); #define ASN1_STRFLGS_SHOW_TYPE 0x40 // ASN1_STRFLGS_DUMP_ALL causes all strings to be printed as a hexdump, using -// RFC2253 hexstring notation, such as "#0123456789ABCDEF". +// RFC 2253 hexstring notation, such as "#0123456789ABCDEF". #define ASN1_STRFLGS_DUMP_ALL 0x80 // ASN1_STRFLGS_DUMP_UNKNOWN behaves like |ASN1_STRFLGS_DUMP_ALL| but only @@ -815,11 +811,11 @@ OPENSSL_EXPORT int ASN1_STRING_print(BIO *out, const ASN1_STRING *str); // ASN1_STRFLGS_DUMP_DER causes hexdumped strings (as determined by // |ASN1_STRFLGS_DUMP_ALL| or |ASN1_STRFLGS_DUMP_UNKNOWN|) to print the entire -// DER element as in RFC2253, rather than only the contents of the +// DER element as in RFC 2253, rather than only the contents of the // |ASN1_STRING|. #define ASN1_STRFLGS_DUMP_DER 0x200 -// ASN1_STRFLGS_RFC2253 causes the string to be escaped as in RFC2253, +// ASN1_STRFLGS_RFC2253 causes the string to be escaped as in RFC 2253, // additionally escaping control characters. #define ASN1_STRFLGS_RFC2253 \ (ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | \ @@ -1118,9 +1114,11 @@ OPENSSL_EXPORT ASN1_OBJECT *ASN1_OBJECT_create(int nid, int len, const char *sn, const char *ln); -// General -// given a string, return the correct type, max is the maximum length -OPENSSL_EXPORT int ASN1_PRINTABLE_type(const unsigned char *s, int max); +// ASN1_PRINTABLE_type interprets |len| bytes from |s| as a Latin-1 string. It +// returns the first of |V_ASN1_PRINTABLESTRING|, |V_ASN1_IA5STRING|, or +// |V_ASN1_T61STRING| that can represent every character. If |len| is negative, +// |strlen(s)| is used instead. +OPENSSL_EXPORT int ASN1_PRINTABLE_type(const unsigned char *s, int len); OPENSSL_EXPORT unsigned long ASN1_tag2bit(int tag); diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_base.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_base.h index 36b5ab40..50a62104 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_base.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_base.h @@ -153,7 +153,7 @@ extern "C" { // Trusty isn't Linux but currently defines __linux__. As a workaround, we // exclude it here. // TODO(b/169780122): Remove this workaround once Trusty no longer defines it. -#if defined(__linux__) && !defined(TRUSTY) +#if defined(__linux__) && !defined(__TRUSTY__) #define OPENSSL_LINUX #endif @@ -161,7 +161,7 @@ extern "C" { #define OPENSSL_FUCHSIA #endif -#if defined(TRUSTY) +#if defined(__TRUSTY__) #define OPENSSL_TRUSTY #define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED #endif @@ -453,9 +453,10 @@ typedef struct trust_token_method_st TRUST_TOKEN_METHOD; typedef struct v3_ext_ctx X509V3_CTX; typedef struct x509_attributes_st X509_ATTRIBUTE; typedef struct x509_cert_aux_st X509_CERT_AUX; -typedef struct x509_cinf_st X509_CINF; typedef struct x509_crl_method_st X509_CRL_METHOD; typedef struct x509_lookup_st X509_LOOKUP; +typedef struct x509_lookup_method_st X509_LOOKUP_METHOD; +typedef struct x509_object_st X509_OBJECT; typedef struct x509_revoked_st X509_REVOKED; typedef struct x509_st X509; typedef struct x509_store_ctx_st X509_STORE_CTX; diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_boringssl_prefix_symbols.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_boringssl_prefix_symbols.h index d2267e02..ce984b7f 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_boringssl_prefix_symbols.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_boringssl_prefix_symbols.h @@ -465,6 +465,7 @@ #define CBB_add_u64le BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBB_add_u64le) #define CBB_add_u8 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBB_add_u8) #define CBB_add_u8_length_prefixed BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBB_add_u8_length_prefixed) +#define CBB_add_zeros BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBB_add_zeros) #define CBB_cleanup BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBB_cleanup) #define CBB_data BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBB_data) #define CBB_did_write BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBB_did_write) @@ -510,6 +511,7 @@ #define CBS_get_u64le BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_get_u64le) #define CBS_get_u8 BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_get_u8) #define CBS_get_u8_length_prefixed BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_get_u8_length_prefixed) +#define CBS_get_until_first BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_get_until_first) #define CBS_init BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_init) #define CBS_is_unsigned_asn1_integer BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_is_unsigned_asn1_integer) #define CBS_is_valid_asn1_bitstring BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, CBS_is_valid_asn1_bitstring) @@ -2214,6 +2216,7 @@ #define asn1_generalizedtime_to_tm BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, asn1_generalizedtime_to_tm) #define asn1_get_choice_selector BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, asn1_get_choice_selector) #define asn1_get_field_ptr BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, asn1_get_field_ptr) +#define asn1_is_printable BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, asn1_is_printable) #define asn1_item_combine_free BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, asn1_item_combine_free) #define asn1_refcount_dec_and_test_zero BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, asn1_refcount_dec_and_test_zero) #define asn1_refcount_set_one BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, asn1_refcount_set_one) @@ -2833,6 +2836,7 @@ #define x25519_ge_tobytes BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, x25519_ge_tobytes) #define x25519_pkey_meth BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, x25519_pkey_meth) #define x25519_sc_reduce BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, x25519_sc_reduce) +#define x509V3_add_value_asn1_string BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, x509V3_add_value_asn1_string) #define x509_digest_sign_algorithm BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, x509_digest_sign_algorithm) #define x509_digest_verify_init BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, x509_digest_verify_init) #define x509_print_rsa_pss_params BORINGSSL_ADD_PREFIX(BORINGSSL_PREFIX, x509_print_rsa_pss_params) diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_boringssl_prefix_symbols_asm.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_boringssl_prefix_symbols_asm.h index b3e6891e..6b14d955 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_boringssl_prefix_symbols_asm.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_boringssl_prefix_symbols_asm.h @@ -470,6 +470,7 @@ #define _CBB_add_u64le BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBB_add_u64le) #define _CBB_add_u8 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBB_add_u8) #define _CBB_add_u8_length_prefixed BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBB_add_u8_length_prefixed) +#define _CBB_add_zeros BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBB_add_zeros) #define _CBB_cleanup BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBB_cleanup) #define _CBB_data BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBB_data) #define _CBB_did_write BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBB_did_write) @@ -515,6 +516,7 @@ #define _CBS_get_u64le BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_get_u64le) #define _CBS_get_u8 BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_get_u8) #define _CBS_get_u8_length_prefixed BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_get_u8_length_prefixed) +#define _CBS_get_until_first BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_get_until_first) #define _CBS_init BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_init) #define _CBS_is_unsigned_asn1_integer BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_is_unsigned_asn1_integer) #define _CBS_is_valid_asn1_bitstring BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, CBS_is_valid_asn1_bitstring) @@ -2219,6 +2221,7 @@ #define _asn1_generalizedtime_to_tm BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, asn1_generalizedtime_to_tm) #define _asn1_get_choice_selector BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, asn1_get_choice_selector) #define _asn1_get_field_ptr BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, asn1_get_field_ptr) +#define _asn1_is_printable BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, asn1_is_printable) #define _asn1_item_combine_free BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, asn1_item_combine_free) #define _asn1_refcount_dec_and_test_zero BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, asn1_refcount_dec_and_test_zero) #define _asn1_refcount_set_one BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, asn1_refcount_set_one) @@ -2838,6 +2841,7 @@ #define _x25519_ge_tobytes BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, x25519_ge_tobytes) #define _x25519_pkey_meth BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, x25519_pkey_meth) #define _x25519_sc_reduce BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, x25519_sc_reduce) +#define _x509V3_add_value_asn1_string BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, x509V3_add_value_asn1_string) #define _x509_digest_sign_algorithm BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, x509_digest_sign_algorithm) #define _x509_digest_verify_init BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, x509_digest_verify_init) #define _x509_print_rsa_pss_params BORINGSSL_ADD_PREFIX_MAC_ASM(BORINGSSL_PREFIX, x509_print_rsa_pss_params) diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_bytestring.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_bytestring.h index 8d8e6f82..4b3aa212 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_bytestring.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_bytestring.h @@ -154,6 +154,11 @@ OPENSSL_EXPORT int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out); // returns one on success and zero on error. OPENSSL_EXPORT int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out); +// CBS_get_until_first finds the first instance of |c| in |cbs|. If found, it +// sets |*out| to the text before the match, advances |cbs| over it, and returns +// one. Otherwise, it returns zero and leaves |cbs| unmodified. +OPENSSL_EXPORT int CBS_get_until_first(CBS *cbs, CBS *out, uint8_t c); + // Parsing ASN.1 // @@ -463,6 +468,10 @@ OPENSSL_EXPORT int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned tag); // success and zero otherwise. OPENSSL_EXPORT int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len); +// CBB_add_zeros append |len| bytes with value zero to |cbb|. It returns one on +// success and zero otherwise. +OPENSSL_EXPORT int CBB_add_zeros(CBB *cbb, size_t len); + // CBB_add_space appends |len| bytes to |cbb| and sets |*out_data| to point to // the beginning of that space. The caller must then write |len| bytes of // actual contents to |*out_data|. It returns one on success and zero diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_hkdf.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_hkdf.h index 4779708a..76c8eaac 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_hkdf.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_hkdf.h @@ -41,6 +41,10 @@ OPENSSL_EXPORT int HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest, // keying material |secret| and salt |salt| using |digest|, and outputs // |out_len| bytes to |out_key|. The maximum output size is |EVP_MAX_MD_SIZE|. // It returns one on success and zero on error. +// +// WARNING: This function orders the inputs differently from RFC 5869 +// specification. Double-check which parameter is the secret/IKM and which is +// the salt when using. OPENSSL_EXPORT int HKDF_extract(uint8_t *out_key, size_t *out_len, const EVP_MD *digest, const uint8_t *secret, size_t secret_len, const uint8_t *salt, diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_span.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_span.h index 1d36ff33..43e668f6 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_span.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_span.h @@ -94,18 +94,6 @@ class SpanBase { template class Span : private internal::SpanBase { private: - // Heuristically test whether C is a container type that can be converted into - // a Span by checking for data() and size() member functions. - // - // TODO(davidben): Switch everything to std::enable_if_t when we remove - // support for MSVC 2015. Although we could write our own enable_if_t and MSVC - // 2015 has std::enable_if_t anyway, MSVC 2015's SFINAE implementation is - // problematic and does not work below unless we write the ::type at use. - template - using EnableIfContainer = std::enable_if< - std::is_convertible().data()), T *>::value && - std::is_integral().size())>::value>; - static const size_t npos = static_cast(-1); public: @@ -116,12 +104,27 @@ class Span : private internal::SpanBase { constexpr Span(T (&array)[N]) : Span(array, N) {} template < - typename C, typename = typename EnableIfContainer::type, + typename C, + // TODO(davidben): Switch everything to std::enable_if_t when we remove + // support for MSVC 2015. Although we could write our own enable_if_t and + // MSVC 2015 has std::enable_if_t anyway, MSVC 2015's SFINAE + // implementation is problematic and does not work below unless we write + // the ::type at use. + // + // TODO(davidben): Move this and the identical copy below into an + // EnableIfContainer alias when we drop MSVC 2015 support. MSVC 2015's + // SFINAE support cannot handle type aliases. + typename = typename std::enable_if< + std::is_convertible().data()), T *>::value && + std::is_integral().size())>::value>::type, typename = typename std::enable_if::value, C>::type> Span(const C &container) : data_(container.data()), size_(container.size()) {} template < - typename C, typename = typename EnableIfContainer::type, + typename C, + typename = typename std::enable_if< + std::is_convertible().data()), T *>::value && + std::is_integral().size())>::value>::type, typename = typename std::enable_if::value, C>::type> explicit Span(C &container) : data_(container.data()), size_(container.size()) {} @@ -158,11 +161,30 @@ class Span : private internal::SpanBase { Span subspan(size_t pos = 0, size_t len = npos) const { if (pos > size_) { - abort(); // absl::Span throws an exception here. + // absl::Span throws an exception here. Note std::span and Chromium + // base::span additionally forbid pos + len being out of range, with a + // special case at npos/dynamic_extent, while absl::Span::subspan clips + // the span. For now, we align with absl::Span in case we switch to it in + // the future. + abort(); } return Span(data_ + pos, std::min(size_ - pos, len)); } + Span first(size_t len) { + if (len > size_) { + abort(); + } + return Span(data_, len); + } + + Span last(size_t len) { + if (len > size_) { + abort(); + } + return Span(data_ + size_ - len, len); + } + private: T *data_; size_t size_; diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_x509.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_x509.h index ac41a3b6..064e8a2f 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_x509.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_x509.h @@ -121,24 +121,8 @@ DEFINE_STACK_OF(X509_ALGOR) typedef STACK_OF(X509_ALGOR) X509_ALGORS; -struct X509_name_entry_st { - ASN1_OBJECT *object; - ASN1_STRING *value; - int set; -} /* X509_NAME_ENTRY */; - DEFINE_STACK_OF(X509_NAME_ENTRY) -// we always keep X509_NAMEs in 2 forms. -struct X509_name_st { - STACK_OF(X509_NAME_ENTRY) *entries; - int modified; // true if 'bytes' needs to be built - BUF_MEM *bytes; - // unsigned long hash; Keep the hash around for lookups - unsigned char *canon_enc; - int canon_enclen; -} /* X509_NAME */; - DEFINE_STACK_OF(X509_NAME) typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; @@ -147,20 +131,6 @@ DEFINE_STACK_OF(X509_EXTENSION) DEFINE_STACK_OF(X509_ATTRIBUTE) -struct x509_cinf_st { - ASN1_INTEGER *version; // [ 0 ] default of v1 - ASN1_INTEGER *serialNumber; - X509_ALGOR *signature; - X509_NAME *issuer; - X509_VAL *validity; - X509_NAME *subject; - X509_PUBKEY *key; - ASN1_BIT_STRING *issuerUID; // [ 1 ] optional in v2 - ASN1_BIT_STRING *subjectUID; // [ 2 ] optional in v2 - STACK_OF(X509_EXTENSION) *extensions; // [ 3 ] optional in v3 - ASN1_ENCODING enc; -} /* X509_CINF */; - // This stuff is certificate "auxiliary info" // it contains details which are useful in certificate // stores and databases. When used this is tagged onto @@ -169,31 +139,6 @@ struct x509_cinf_st { DECLARE_STACK_OF(DIST_POINT) DECLARE_STACK_OF(GENERAL_NAME) -struct x509_st { - X509_CINF *cert_info; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - CRYPTO_refcount_t references; - CRYPTO_EX_DATA ex_data; - // These contain copies of various extension values - long ex_pathlen; - long ex_pcpathlen; - unsigned long ex_flags; - unsigned long ex_kusage; - unsigned long ex_xkusage; - unsigned long ex_nscert; - ASN1_OCTET_STRING *skid; - AUTHORITY_KEYID *akid; - X509_POLICY_CACHE *policy_cache; - STACK_OF(DIST_POINT) *crldp; - STACK_OF(GENERAL_NAME) *altname; - NAME_CONSTRAINTS *nc; - unsigned char sha1_hash[SHA_DIGEST_LENGTH]; - X509_CERT_AUX *aux; - CRYPTO_BUFFER *buf; - CRYPTO_MUTEX lock; -} /* X509 */; - DEFINE_STACK_OF(X509) // This is used for a table of trust checking functions @@ -261,7 +206,7 @@ DEFINE_STACK_OF(X509_TRUST) #define XN_FLAG_SEP_MASK (0xf << 16) #define XN_FLAG_COMPAT 0 // Traditional SSLeay: use old X509_NAME_print -#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) // RFC2253 ,+ +#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) // RFC 2253 ,+ #define XN_FLAG_SEP_CPLUS_SPC (2 << 16) // ,+ spaced: more readable #define XN_FLAG_SEP_SPLUS_SPC (3 << 16) // ;+ spaced #define XN_FLAG_SEP_MULTILINE (4 << 16) // One line per field @@ -280,13 +225,13 @@ DEFINE_STACK_OF(X509_TRUST) #define XN_FLAG_SPC_EQ (1 << 23) // Put spaces round '=' // This determines if we dump fields we don't recognise: -// RFC2253 requires this. +// RFC 2253 requires this. #define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) #define XN_FLAG_FN_ALIGN (1 << 25) // Align field names to 20 characters -// Complete set of RFC2253 flags +// Complete set of RFC 2253 flags #define XN_FLAG_RFC2253 \ (ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | \ @@ -463,7 +408,7 @@ OPENSSL_EXPORT void X509_get0_uids(const X509 *x509, #define X509_extract_key(x) X509_get_pubkey(x) // X509_get_pathlen returns path length constraint from the basic constraints -// extension in |x509|. (See RFC5280, section 4.2.1.9.) It returns -1 if the +// extension in |x509|. (See RFC 5280, section 4.2.1.9.) It returns -1 if the // constraint is not present, or if some extension in |x509| was invalid. // // Note that decoding an |X509| object will not check for invalid extensions. To @@ -939,8 +884,6 @@ DECLARE_ASN1_FUNCTIONS(X509_NAME) // to the copy, and returns one. Otherwise, it returns zero. OPENSSL_EXPORT int X509_NAME_set(X509_NAME **xn, X509_NAME *name); -DECLARE_ASN1_FUNCTIONS(X509_CINF) - DECLARE_ASN1_FUNCTIONS(X509) DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) @@ -1144,7 +1087,7 @@ OPENSSL_EXPORT void X509_REQ_get0_signature(const X509_REQ *req, // a known NID. OPENSSL_EXPORT int X509_REQ_get_signature_nid(const X509_REQ *req); -// i2d_re_X509_REQ_tbs serializes the CertificationRequestInfo (see RFC2986) +// i2d_re_X509_REQ_tbs serializes the CertificationRequestInfo (see RFC 2986) // portion of |req|. If |outp| is NULL, nothing is written. Otherwise, if // |*outp| is not NULL, the result is written to |*outp|, which must have enough // space available, and |*outp| is advanced just past the output. If |outp| is @@ -1171,7 +1114,7 @@ OPENSSL_EXPORT EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); // X509_REQ_extension_nid returns one if |nid| is a supported CSR attribute type // for carrying extensions and zero otherwise. The supported types are -// |NID_ext_req| (pkcs-9-at-extensionRequest from RFC2985) and |NID_ms_ext_req| +// |NID_ext_req| (pkcs-9-at-extensionRequest from RFC 2985) and |NID_ms_ext_req| // (a Microsoft szOID_CERT_EXTENSIONS variant). OPENSSL_EXPORT int X509_REQ_extension_nid(int nid); @@ -1179,7 +1122,7 @@ OPENSSL_EXPORT int X509_REQ_extension_nid(int nid); // returns a newly-allocated |STACK_OF(X509_EXTENSION)| containing the result. // It returns NULL on error, or if |req| did not request extensions. // -// This function supports both pkcs-9-at-extensionRequest from RFC2985 and the +// This function supports both pkcs-9-at-extensionRequest from RFC 2985 and the // Microsoft szOID_CERT_EXTENSIONS variant. OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); @@ -1989,10 +1932,6 @@ BORINGSSL_MAKE_UP_REF(X509_STORE, X509_STORE_up_ref) BORINGSSL_MAKE_DELETER(X509_STORE_CTX, X509_STORE_CTX_free) BORINGSSL_MAKE_DELETER(X509_VERIFY_PARAM, X509_VERIFY_PARAM_free) -using ScopedX509_STORE_CTX = - internal::StackAllocated; - BSSL_NAMESPACE_END } // extern C++ diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_x509_vfy.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_x509_vfy.h index 30206885..5f692b39 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_x509_vfy.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_x509_vfy.h @@ -99,39 +99,8 @@ certificate chain. #define X509_LU_CRL 2 #define X509_LU_PKEY 3 -typedef struct x509_object_st { - // one of the above types - int type; - union { - char *ptr; - X509 *x509; - X509_CRL *crl; - EVP_PKEY *pkey; - } data; -} X509_OBJECT; - DEFINE_STACK_OF(X509_LOOKUP) DEFINE_STACK_OF(X509_OBJECT) - -// This is a static that defines the function interface -typedef struct x509_lookup_method_st { - const char *name; - int (*new_item)(X509_LOOKUP *ctx); - void (*free)(X509_LOOKUP *ctx); - int (*init)(X509_LOOKUP *ctx); - int (*shutdown)(X509_LOOKUP *ctx); - int (*ctrl)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret); - int (*get_by_subject)(X509_LOOKUP *ctx, int type, X509_NAME *name, - X509_OBJECT *ret); - int (*get_by_issuer_serial)(X509_LOOKUP *ctx, int type, X509_NAME *name, - ASN1_INTEGER *serial, X509_OBJECT *ret); - int (*get_by_fingerprint)(X509_LOOKUP *ctx, int type, unsigned char *bytes, - int len, X509_OBJECT *ret); - int (*get_by_alias)(X509_LOOKUP *ctx, int type, char *str, int len, - X509_OBJECT *ret); -} X509_LOOKUP_METHOD; - DEFINE_STACK_OF(X509_VERIFY_PARAM) typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); @@ -153,103 +122,8 @@ typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)( X509_STORE_CTX *ctx, X509_NAME *nm); typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); -// This is used to hold everything. It is used for all certificate -// validation. Once we have a certificate chain, the 'verify' -// function is then called to actually check the cert chain. -struct x509_store_st { - // The following is a cache of trusted certs - int cache; // if true, stash any hits - STACK_OF(X509_OBJECT) *objs; // Cache of all objects - CRYPTO_MUTEX objs_lock; - STACK_OF(X509) *additional_untrusted; - - // These are external lookup methods - STACK_OF(X509_LOOKUP) *get_cert_methods; - - X509_VERIFY_PARAM *param; - - // Callbacks for various operations - X509_STORE_CTX_verify_fn verify; // called to verify a certificate - X509_STORE_CTX_verify_cb verify_cb; // error callback - X509_STORE_CTX_get_issuer_fn get_issuer; // get issuers cert from ctx - X509_STORE_CTX_check_issued_fn check_issued; // check issued - X509_STORE_CTX_check_revocation_fn - check_revocation; // Check revocation status of chain - X509_STORE_CTX_get_crl_fn get_crl; // retrieve CRL - X509_STORE_CTX_check_crl_fn check_crl; // Check CRL validity - X509_STORE_CTX_cert_crl_fn cert_crl; // Check certificate against CRL - X509_STORE_CTX_lookup_certs_fn lookup_certs; - X509_STORE_CTX_lookup_crls_fn lookup_crls; - X509_STORE_CTX_cleanup_fn cleanup; - - CRYPTO_refcount_t references; -} /* X509_STORE */; - OPENSSL_EXPORT int X509_STORE_set_depth(X509_STORE *store, int depth); -// This is the functions plus an instance of the local variables. -struct x509_lookup_st { - int init; // have we been started - int skip; // don't use us. - X509_LOOKUP_METHOD *method; // the functions - char *method_data; // method data - - X509_STORE *store_ctx; // who owns us -} /* X509_LOOKUP */; - -// This is a used when verifying cert chains. Since the -// gathering of the cert chain can take some time (and have to be -// 'retried', this needs to be kept and passed around. -struct x509_store_ctx_st // X509_STORE_CTX -{ - X509_STORE *ctx; - - // The following are set by the caller - X509 *cert; // The cert to check - STACK_OF(X509) *untrusted; // chain of X509s - untrusted - passed in - STACK_OF(X509_CRL) *crls; // set of CRLs passed in - - X509_VERIFY_PARAM *param; - void *other_ctx; // Other info for use with get_issuer() - - // Callbacks for various operations - X509_STORE_CTX_verify_fn verify; // called to verify a certificate - X509_STORE_CTX_verify_cb verify_cb; // error callback - X509_STORE_CTX_get_issuer_fn get_issuer; // get issuers cert from ctx - X509_STORE_CTX_check_issued_fn check_issued; // check issued - X509_STORE_CTX_check_revocation_fn - check_revocation; // Check revocation status of chain - X509_STORE_CTX_get_crl_fn get_crl; // retrieve CRL - X509_STORE_CTX_check_crl_fn check_crl; // Check CRL validity - X509_STORE_CTX_cert_crl_fn cert_crl; // Check certificate against CRL - X509_STORE_CTX_check_policy_fn check_policy; - X509_STORE_CTX_lookup_certs_fn lookup_certs; - X509_STORE_CTX_lookup_crls_fn lookup_crls; - X509_STORE_CTX_cleanup_fn cleanup; - - // The following is built up - int valid; // if 0, rebuild chain - int last_untrusted; // index of last untrusted cert - STACK_OF(X509) *chain; // chain of X509s - built up and trusted - X509_POLICY_TREE *tree; // Valid policy tree - - int explicit_policy; // Require explicit policy value - - // When something goes wrong, this is why - int error_depth; - int error; - X509 *current_cert; - X509 *current_issuer; // cert currently being tested as valid issuer - X509_CRL *current_crl; // current CRL - - int current_crl_score; // score of current CRL - unsigned int current_reasons; // Reason mask - - X509_STORE_CTX *parent; // For CRL path validation: parent context - - CRYPTO_EX_DATA ex_data; -} /* X509_STORE_CTX */; - OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_STORE_CTX_set_app_data(ctx, data) \ diff --git a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_x509v3.h b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_x509v3.h index 1e1f5d23..d08da56c 100644 --- a/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_x509v3.h +++ b/Sources/CCryptoBoringSSL/include/CCryptoBoringSSL_x509v3.h @@ -483,12 +483,30 @@ OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING( X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *extlist); +// i2v_GENERAL_NAME serializes |gen| as a |CONF_VALUE|. If |ret| is non-NULL, it +// appends the value to |ret| and returns |ret| on success or NULL on error. If +// it returns NULL, the caller is still responsible for freeing |ret|. If |ret| +// is NULL, it returns a newly-allocated |STACK_OF(CONF_VALUE)| containing the +// result. |method| is ignored. +// +// Do not use this function. This is an internal implementation detail of the +// human-readable print functions. If extracting a SAN list from a certificate, +// look at |gen| directly. OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME( X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret); OPENSSL_EXPORT int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) +// i2v_GENERAL_NAMES serializes |gen| as a list of |CONF_VALUE|s. If |ret| is +// non-NULL, it appends the values to |ret| and returns |ret| on success or NULL +// on error. If it returns NULL, the caller is still responsible for freeing +// |ret|. If |ret| is NULL, it returns a newly-allocated |STACK_OF(CONF_VALUE)| +// containing the results. |method| is ignored. +// +// Do not use this function. This is an internal implementation detail of the +// human-readable print functions. If extracting a SAN list from a certificate, +// look at |gen| directly. OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES( X509V3_EXT_METHOD *method, GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist); @@ -602,15 +620,35 @@ OPENSSL_EXPORT void X509V3_section_free(X509V3_CTX *ctx, OPENSSL_EXPORT void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, X509_REQ *req, X509_CRL *crl, int flags); +// X509V3_add_value appends a |CONF_VALUE| containing |name| and |value| to +// |*extlist|. It returns one on success and zero on error. If |*extlist| is +// NULL, it sets |*extlist| to a newly-allocated |STACK_OF(CONF_VALUE)| +// containing the result. Either |name| or |value| may be NULL to omit the +// field. +// +// On failure, if |*extlist| was NULL, |*extlist| will remain NULL when the +// function returns. OPENSSL_EXPORT int X509V3_add_value(const char *name, const char *value, STACK_OF(CONF_VALUE) **extlist); + +// X509V3_add_value_uchar behaves like |X509V3_add_value| but takes an +// |unsigned char| pointer. OPENSSL_EXPORT int X509V3_add_value_uchar(const char *name, const unsigned char *value, STACK_OF(CONF_VALUE) **extlist); + +// X509V3_add_value_bool behaves like |X509V3_add_value| but stores the value +// "TRUE" if |asn1_bool| is non-zero and "FALSE" otherwise. OPENSSL_EXPORT int X509V3_add_value_bool(const char *name, int asn1_bool, STACK_OF(CONF_VALUE) **extlist); -OPENSSL_EXPORT int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, + +// X509V3_add_value_bool behaves like |X509V3_add_value| but stores a string +// representation of |aint|. Note this string representation may be decimal or +// hexadecimal, depending on the size of |aint|. +OPENSSL_EXPORT int X509V3_add_value_int(const char *name, + const ASN1_INTEGER *aint, STACK_OF(CONF_VALUE) **extlist); + OPENSSL_EXPORT char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); OPENSSL_EXPORT ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, @@ -657,7 +695,7 @@ OPENSSL_EXPORT void *X509V3_EXT_d2i(const X509_EXTENSION *ext); // extension, or -1 if not found. If |out_idx| is non-NULL, duplicate extensions // are not treated as an error. Callers, however, should not rely on this // behavior as it may be removed in the future. Duplicate extensions are -// forbidden in RFC5280. +// forbidden in RFC 5280. // // WARNING: This function is difficult to use correctly. Callers should pass a // non-NULL |out_critical| and check both the return value and |*out_critical| @@ -787,7 +825,7 @@ OPENSSL_EXPORT uint32_t X509_get_key_usage(X509 *x); OPENSSL_EXPORT uint32_t X509_get_extended_key_usage(X509 *x); // X509_get0_subject_key_id returns |x509|'s subject key identifier, if present. -// (See RFC5280, section 4.2.1.2.) It returns NULL if the extension is not +// (See RFC 5280, section 4.2.1.2.) It returns NULL if the extension is not // present or if some extension in |x509| was invalid. // // Note that decoding an |X509| object will not check for invalid extensions. To @@ -796,7 +834,7 @@ OPENSSL_EXPORT uint32_t X509_get_extended_key_usage(X509 *x); OPENSSL_EXPORT const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x509); // X509_get0_authority_key_id returns keyIdentifier of |x509|'s authority key -// identifier, if the extension and field are present. (See RFC5280, +// identifier, if the extension and field are present. (See RFC 5280, // section 4.2.1.1.) It returns NULL if the extension is not present, if it is // present but lacks a keyIdentifier field, or if some extension in |x509| was // invalid. @@ -808,7 +846,7 @@ OPENSSL_EXPORT const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x509); // X509_get0_authority_issuer returns the authorityCertIssuer of |x509|'s // authority key identifier, if the extension and field are present. (See -// RFC5280, section 4.2.1.1.) It returns NULL if the extension is not present, +// RFC 5280, section 4.2.1.1.) It returns NULL if the extension is not present, // if it is present but lacks a authorityCertIssuer field, or if some extension // in |x509| was invalid. // @@ -819,7 +857,7 @@ OPENSSL_EXPORT const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x509); // X509_get0_authority_serial returns the authorityCertSerialNumber of |x509|'s // authority key identifier, if the extension and field are present. (See -// RFC5280, section 4.2.1.1.) It returns NULL if the extension is not present, +// RFC 5280, section 4.2.1.1.) It returns NULL if the extension is not present, // if it is present but lacks a authorityCertSerialNumber field, or if some // extension in |x509| was invalid. // @@ -900,8 +938,11 @@ BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(ACCESS_DESCRIPTION, ACCESS_DESCRIPTION_free) BORINGSSL_MAKE_DELETER(AUTHORITY_KEYID, AUTHORITY_KEYID_free) BORINGSSL_MAKE_DELETER(BASIC_CONSTRAINTS, BASIC_CONSTRAINTS_free) +// TODO(davidben): Move this to conf.h and rename to CONF_VALUE_free. +BORINGSSL_MAKE_DELETER(CONF_VALUE, X509V3_conf_free) BORINGSSL_MAKE_DELETER(DIST_POINT, DIST_POINT_free) BORINGSSL_MAKE_DELETER(GENERAL_NAME, GENERAL_NAME_free) +BORINGSSL_MAKE_DELETER(GENERAL_SUBTREE, GENERAL_SUBTREE_free) BORINGSSL_MAKE_DELETER(NAME_CONSTRAINTS, NAME_CONSTRAINTS_free) BORINGSSL_MAKE_DELETER(POLICY_MAPPING, POLICY_MAPPING_free) BORINGSSL_MAKE_DELETER(POLICYINFO, POLICYINFO_free) @@ -974,5 +1015,6 @@ BSSL_NAMESPACE_END #define X509V3_R_UNSUPPORTED_OPTION 160 #define X509V3_R_UNSUPPORTED_TYPE 161 #define X509V3_R_USER_TOO_LONG 162 +#define X509V3_R_INVALID_VALUE 163 #endif diff --git a/Sources/CCryptoBoringSSL/include/boringssl_prefix_symbols_nasm.inc b/Sources/CCryptoBoringSSL/include/boringssl_prefix_symbols_nasm.inc index 359bf772..fc8499d7 100644 --- a/Sources/CCryptoBoringSSL/include/boringssl_prefix_symbols_nasm.inc +++ b/Sources/CCryptoBoringSSL/include/boringssl_prefix_symbols_nasm.inc @@ -462,6 +462,7 @@ %xdefine _CBB_add_u64le _ %+ BORINGSSL_PREFIX %+ _CBB_add_u64le %xdefine _CBB_add_u8 _ %+ BORINGSSL_PREFIX %+ _CBB_add_u8 %xdefine _CBB_add_u8_length_prefixed _ %+ BORINGSSL_PREFIX %+ _CBB_add_u8_length_prefixed +%xdefine _CBB_add_zeros _ %+ BORINGSSL_PREFIX %+ _CBB_add_zeros %xdefine _CBB_cleanup _ %+ BORINGSSL_PREFIX %+ _CBB_cleanup %xdefine _CBB_data _ %+ BORINGSSL_PREFIX %+ _CBB_data %xdefine _CBB_did_write _ %+ BORINGSSL_PREFIX %+ _CBB_did_write @@ -507,6 +508,7 @@ %xdefine _CBS_get_u64le _ %+ BORINGSSL_PREFIX %+ _CBS_get_u64le %xdefine _CBS_get_u8 _ %+ BORINGSSL_PREFIX %+ _CBS_get_u8 %xdefine _CBS_get_u8_length_prefixed _ %+ BORINGSSL_PREFIX %+ _CBS_get_u8_length_prefixed +%xdefine _CBS_get_until_first _ %+ BORINGSSL_PREFIX %+ _CBS_get_until_first %xdefine _CBS_init _ %+ BORINGSSL_PREFIX %+ _CBS_init %xdefine _CBS_is_unsigned_asn1_integer _ %+ BORINGSSL_PREFIX %+ _CBS_is_unsigned_asn1_integer %xdefine _CBS_is_valid_asn1_bitstring _ %+ BORINGSSL_PREFIX %+ _CBS_is_valid_asn1_bitstring @@ -2211,6 +2213,7 @@ %xdefine _asn1_generalizedtime_to_tm _ %+ BORINGSSL_PREFIX %+ _asn1_generalizedtime_to_tm %xdefine _asn1_get_choice_selector _ %+ BORINGSSL_PREFIX %+ _asn1_get_choice_selector %xdefine _asn1_get_field_ptr _ %+ BORINGSSL_PREFIX %+ _asn1_get_field_ptr +%xdefine _asn1_is_printable _ %+ BORINGSSL_PREFIX %+ _asn1_is_printable %xdefine _asn1_item_combine_free _ %+ BORINGSSL_PREFIX %+ _asn1_item_combine_free %xdefine _asn1_refcount_dec_and_test_zero _ %+ BORINGSSL_PREFIX %+ _asn1_refcount_dec_and_test_zero %xdefine _asn1_refcount_set_one _ %+ BORINGSSL_PREFIX %+ _asn1_refcount_set_one @@ -2830,6 +2833,7 @@ %xdefine _x25519_ge_tobytes _ %+ BORINGSSL_PREFIX %+ _x25519_ge_tobytes %xdefine _x25519_pkey_meth _ %+ BORINGSSL_PREFIX %+ _x25519_pkey_meth %xdefine _x25519_sc_reduce _ %+ BORINGSSL_PREFIX %+ _x25519_sc_reduce +%xdefine _x509V3_add_value_asn1_string _ %+ BORINGSSL_PREFIX %+ _x509V3_add_value_asn1_string %xdefine _x509_digest_sign_algorithm _ %+ BORINGSSL_PREFIX %+ _x509_digest_sign_algorithm %xdefine _x509_digest_verify_init _ %+ BORINGSSL_PREFIX %+ _x509_digest_verify_init %xdefine _x509_print_rsa_pss_params _ %+ BORINGSSL_PREFIX %+ _x509_print_rsa_pss_params @@ -3290,6 +3294,7 @@ %xdefine CBB_add_u64le BORINGSSL_PREFIX %+ _CBB_add_u64le %xdefine CBB_add_u8 BORINGSSL_PREFIX %+ _CBB_add_u8 %xdefine CBB_add_u8_length_prefixed BORINGSSL_PREFIX %+ _CBB_add_u8_length_prefixed +%xdefine CBB_add_zeros BORINGSSL_PREFIX %+ _CBB_add_zeros %xdefine CBB_cleanup BORINGSSL_PREFIX %+ _CBB_cleanup %xdefine CBB_data BORINGSSL_PREFIX %+ _CBB_data %xdefine CBB_did_write BORINGSSL_PREFIX %+ _CBB_did_write @@ -3335,6 +3340,7 @@ %xdefine CBS_get_u64le BORINGSSL_PREFIX %+ _CBS_get_u64le %xdefine CBS_get_u8 BORINGSSL_PREFIX %+ _CBS_get_u8 %xdefine CBS_get_u8_length_prefixed BORINGSSL_PREFIX %+ _CBS_get_u8_length_prefixed +%xdefine CBS_get_until_first BORINGSSL_PREFIX %+ _CBS_get_until_first %xdefine CBS_init BORINGSSL_PREFIX %+ _CBS_init %xdefine CBS_is_unsigned_asn1_integer BORINGSSL_PREFIX %+ _CBS_is_unsigned_asn1_integer %xdefine CBS_is_valid_asn1_bitstring BORINGSSL_PREFIX %+ _CBS_is_valid_asn1_bitstring @@ -5039,6 +5045,7 @@ %xdefine asn1_generalizedtime_to_tm BORINGSSL_PREFIX %+ _asn1_generalizedtime_to_tm %xdefine asn1_get_choice_selector BORINGSSL_PREFIX %+ _asn1_get_choice_selector %xdefine asn1_get_field_ptr BORINGSSL_PREFIX %+ _asn1_get_field_ptr +%xdefine asn1_is_printable BORINGSSL_PREFIX %+ _asn1_is_printable %xdefine asn1_item_combine_free BORINGSSL_PREFIX %+ _asn1_item_combine_free %xdefine asn1_refcount_dec_and_test_zero BORINGSSL_PREFIX %+ _asn1_refcount_dec_and_test_zero %xdefine asn1_refcount_set_one BORINGSSL_PREFIX %+ _asn1_refcount_set_one @@ -5658,6 +5665,7 @@ %xdefine x25519_ge_tobytes BORINGSSL_PREFIX %+ _x25519_ge_tobytes %xdefine x25519_pkey_meth BORINGSSL_PREFIX %+ _x25519_pkey_meth %xdefine x25519_sc_reduce BORINGSSL_PREFIX %+ _x25519_sc_reduce +%xdefine x509V3_add_value_asn1_string BORINGSSL_PREFIX %+ _x509V3_add_value_asn1_string %xdefine x509_digest_sign_algorithm BORINGSSL_PREFIX %+ _x509_digest_sign_algorithm %xdefine x509_digest_verify_init BORINGSSL_PREFIX %+ _x509_digest_verify_init %xdefine x509_print_rsa_pss_params BORINGSSL_PREFIX %+ _x509_print_rsa_pss_params