chore: update patches/common/boringssl

This commit is contained in:
deepak1556 2019-02-14 22:00:44 +05:30 committed by Samuel Attard
parent c13bf5692a
commit 9bc3888378
6 changed files with 17 additions and 213 deletions

View file

@ -1,6 +1,3 @@
add_ec_group_order_bits_for_openssl_compatibility.patch
add_ec_key_key2buf_for_openssl_compatibility.patch
expose_ripemd160.patch
expose_aes-cfb.patch
sync_sorted_ciphers.patch
handle_pub_key_null_in_ec_key_set_public_key.patch

View file

@ -1,39 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Apthorp <jeremya@chromium.org>
Date: Wed, 19 Dec 2018 14:42:26 -0800
Subject: Add EC_GROUP_order_bits for OpenSSL compatibility
Change-Id: I37149fa4274357d84befff85728ce2337131afa7
Reviewed-on: https://boringssl-review.googlesource.com/c/33804
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/fipsmodule/ec/ec.c b/crypto/fipsmodule/ec/ec.c
index bd0662a703d6285df51735c5d4870d21a82b39cf..90b9d71f61f8d6d7ddf838c47a59729748d0d0f2 100644
--- a/crypto/fipsmodule/ec/ec.c
+++ b/crypto/fipsmodule/ec/ec.c
@@ -625,6 +625,10 @@ int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) {
return 1;
}
+int EC_GROUP_order_bits(const EC_GROUP *group) {
+ return BN_num_bits(&group->order);
+}
+
int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
BN_CTX *ctx) {
// All |EC_GROUP|s have cofactor 1.
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 966393ea3b726214aa84a604c8e5a13654dcdf76..c65a1a7519fd80b681d1cf899792ee46aaa8bad6 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -133,6 +133,9 @@ OPENSSL_EXPORT const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
// |group| that specifies the order of the group.
OPENSSL_EXPORT const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
+// EC_GROUP_order_bits returns the number of bits of the order of |group|.
+OPENSSL_EXPORT int EC_GROUP_order_bits(const EC_GROUP *group);
+
// EC_GROUP_get_cofactor sets |*cofactor| to the cofactor of |group| using
// |ctx|, if it's not NULL. It returns one on success and zero otherwise.
OPENSSL_EXPORT int EC_GROUP_get_cofactor(const EC_GROUP *group,

View file

@ -1,65 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Apthorp <jeremya@chromium.org>
Date: Wed, 19 Dec 2018 14:46:14 -0800
Subject: Add EC_KEY_key2buf for OpenSSL compatibility
Change-Id: If45ef3a9bb757bd0c7f592f40ececaf4aa2f607d
Reviewed-on: https://boringssl-review.googlesource.com/c/33824
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
diff --git a/crypto/fipsmodule/ec/ec_key.c b/crypto/fipsmodule/ec/ec_key.c
index 632dc9b2d902dfba01567f4c02ad7ad6d0c8c3e8..4bc12a073650f66f5ae8ba2beabb9a6fb2b21878 100644
--- a/crypto/fipsmodule/ec/ec_key.c
+++ b/crypto/fipsmodule/ec/ec_key.c
@@ -394,6 +394,33 @@ err:
return ok;
}
+size_t EC_KEY_key2buf(EC_KEY *key, point_conversion_form_t form,
+ unsigned char **out_buf, BN_CTX *ctx) {
+ if (key == NULL || key->pub_key == NULL || key->group == NULL) {
+ return 0;
+ }
+
+ const size_t len =
+ EC_POINT_point2oct(key->group, key->pub_key, form, NULL, 0, ctx);
+ if (len == 0) {
+ return 0;
+ }
+
+ uint8_t *buf = OPENSSL_malloc(len);
+ if (buf == NULL) {
+ return 0;
+ }
+
+ if (EC_POINT_point2oct(key->group, key->pub_key, form, buf, len, ctx) !=
+ len) {
+ OPENSSL_free(buf);
+ return 0;
+ }
+
+ *out_buf = buf;
+ return len;
+}
+
int EC_KEY_generate_key(EC_KEY *key) {
if (key == NULL || key->group == NULL) {
OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
diff --git a/include/openssl/ec_key.h b/include/openssl/ec_key.h
index 9bc788758b26bb4883626a80f3e0b8c8d6eb7974..3b1a5666fa1f2071212393a3f5c8d5394c32efeb 100644
--- a/include/openssl/ec_key.h
+++ b/include/openssl/ec_key.h
@@ -177,6 +177,12 @@ OPENSSL_EXPORT int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key,
BIGNUM *x,
BIGNUM *y);
+// EC_KEY_key2buf encodes the public key in |key| to an allocated octet string
+// and sets |*out_buf| to point to it. It returns the length of the encoded
+// octet string or zero if an error occurred.
+OPENSSL_EXPORT size_t EC_KEY_key2buf(EC_KEY *key, point_conversion_form_t form,
+ unsigned char **out_buf, BN_CTX *ctx);
+
// Key generation.

View file

@ -5,7 +5,7 @@ Subject: expose aes-{128,256}-cfb
diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c
index 1b23ad32f8cff2a00512ba58d24b47b628e7920c..be7ef07b2c188a76890deb0f305cf92fcc57a64e 100644
index b132265bc103658dba3de6e0c3dc50d3634da5b0..588a4773437c311877f275bf3679f9688cda3c46 100644
--- a/crypto/cipher_extra/cipher_extra.c
+++ b/crypto/cipher_extra/cipher_extra.c
@@ -101,10 +101,14 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) {
@ -41,44 +41,40 @@ index d3a176163303a202baeb1f95727c6ed3525439d6..21d108a7b73d454aa6b0e324df4b6708
const EVP_CIPHER *EVP_aes_128_cfb128(void) { return &aes_128_cfb128; }
+const EVP_CIPHER *EVP_aes_256_cfb128(void) { return &aes_256_cfb128; }
diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c
index acc4719b7e9c4c4461fc6142f2ae9156b407915b..8b008a401ec2f2d0673f6876609dd5786cace4c2 100644
index 53cb9d2dc8f1962a70dc12b648d27c32be8aca4b..84af06fc56e4aa72d4d48801d7c037add0221747 100644
--- a/decrepit/evp/evp_do_all.c
+++ b/decrepit/evp/evp_do_all.c
@@ -20,10 +20,12 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
@@ -20,8 +20,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
const char *unused, void *arg),
void *arg) {
callback(EVP_aes_128_cbc(), "AES-128-CBC", NULL, arg);
+ callback(EVP_aes_128_cfb128(), "AES-128-CFB", NULL, arg);
callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg);
callback(EVP_aes_128_ecb(), "AES-128-ECB", NULL, arg);
callback(EVP_aes_128_ofb(), "AES-128-OFB", NULL, arg);
callback(EVP_aes_192_cbc(), "AES-192-CBC", NULL, arg);
callback(EVP_aes_256_cbc(), "AES-256-CBC", NULL, arg);
+ callback(EVP_aes_256_cfb128(), "AES-256-CFB", NULL, arg);
callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg);
callback(EVP_aes_192_ctr(), "AES-192-CTR", NULL, arg);
callback(EVP_aes_256_ctr(), "AES-256-CTR", NULL, arg);
callback(EVP_aes_256_ecb(), "AES-256-ECB", NULL, arg);
callback(EVP_aes_256_ofb(), "AES-256-OFB", NULL, arg);
@@ -38,10 +40,12 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
@@ -44,8 +46,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
// OpenSSL returns everything twice, the second time in lower case.
callback(EVP_aes_128_cbc(), "aes-128-cbc", NULL, arg);
+ callback(EVP_aes_128_cfb128(), "aes-128-cfb", NULL, arg);
callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg);
callback(EVP_aes_128_ecb(), "aes-128-ecb", NULL, arg);
callback(EVP_aes_128_ofb(), "aes-128-ofb", NULL, arg);
callback(EVP_aes_192_cbc(), "aes-192-cbc", NULL, arg);
callback(EVP_aes_256_cbc(), "aes-256-cbc", NULL, arg);
+ callback(EVP_aes_256_cfb128(), "aes-256-cfb", NULL, arg);
callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg);
callback(EVP_aes_192_ctr(), "aes-192-ctr", NULL, arg);
callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg);
callback(EVP_aes_256_ecb(), "aes-256-ecb", NULL, arg);
callback(EVP_aes_256_ofb(), "aes-256-ofb", NULL, arg);
diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h
index e9545c82ca7e663ae25d9e85d29acea2be54d38f..4902859cdb96012eae7956d9fc3b1dcd47a71c07 100644
index ea7a940ab3003f6919322ef1c4b7caaa9dea8588..5320d5d84c10c6396eb869dc1767b31afeeac4ef 100644
--- a/include/openssl/cipher.h
+++ b/include/openssl/cipher.h
@@ -421,6 +421,7 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ofb(void);
@@ -424,6 +424,7 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3_ecb(void);
// EVP_aes_128_cfb128 is only available in decrepit.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb128(void);
+OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb128(void);
// The following flags do nothing and are included only to make it easier to
// compile code with BoringSSL.
// EVP_bf_ecb is Blowfish in ECB mode and is only available in decrepit.
OPENSSL_EXPORT const EVP_CIPHER *EVP_bf_ecb(void);

View file

@ -62,10 +62,10 @@ index f2fa349c2b32ae88766624af3109ece4b1d69909..bcaed59c5401bef071acba9b9919d906
+
#undef CHECK
diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c
index 38b8f9f78f76050174096740596ac59a0fe18757..acc4719b7e9c4c4461fc6142f2ae9156b407915b 100644
index d540144b293297791c087e0b968a47d368a73695..53cb9d2dc8f1962a70dc12b648d27c32be8aca4b 100644
--- a/decrepit/evp/evp_do_all.c
+++ b/decrepit/evp/evp_do_all.c
@@ -66,6 +66,7 @@ void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher,
@@ -78,6 +78,7 @@ void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher,
callback(EVP_sha256(), "SHA256", NULL, arg);
callback(EVP_sha384(), "SHA384", NULL, arg);
callback(EVP_sha512(), "SHA512", NULL, arg);
@ -73,7 +73,7 @@ index 38b8f9f78f76050174096740596ac59a0fe18757..acc4719b7e9c4c4461fc6142f2ae9156
callback(EVP_md4(), "md4", NULL, arg);
callback(EVP_md5(), "md5", NULL, arg);
@@ -74,4 +75,5 @@ void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher,
@@ -86,4 +87,5 @@ void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher,
callback(EVP_sha256(), "sha256", NULL, arg);
callback(EVP_sha384(), "sha384", NULL, arg);
callback(EVP_sha512(), "sha512", NULL, arg);

View file

@ -1,85 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Shelley Vohr <shelley.vohr@gmail.com>
Date: Thu, 7 Feb 2019 11:11:35 -0800
Subject: sync EVP_get_cipherbyname with EVP_do_all_sorted
EVP_get_cipherbyname should work on everything that EVP_do_all_sorted
lists, and conversely, there should be nothing that
EVP_get_cipherbyname works on that EVP_do_all_sorted doesn't list.
This thus does that.
diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c
index be7ef07b2c188a76890deb0f305cf92fcc57a64e..588a4773437c311877f275bf3679f9688cda3c46 100644
--- a/crypto/cipher_extra/cipher_extra.c
+++ b/crypto/cipher_extra/cipher_extra.c
@@ -133,6 +133,14 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) {
return EVP_aes_192_ofb();
} else if (OPENSSL_strcasecmp(name, "aes-256-ofb") == 0) {
return EVP_aes_256_ofb();
+ } else if (OPENSSL_strcasecmp(name, "des-ecb") == 0) {
+ return EVP_des_ecb();
+ } else if (OPENSSL_strcasecmp(name, "des-ede") == 0) {
+ return EVP_des_ede();
+ } else if (OPENSSL_strcasecmp(name, "des-ede-cbc") == 0) {
+ return EVP_des_ede_cbc();
+ } else if (OPENSSL_strcasecmp(name, "rc2-cbc") == 0) {
+ return EVP_rc2_cbc();
}
return NULL;
diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c
index 8b008a401ec2f2d0673f6876609dd5786cace4c2..3e88b29cb599730d2e8682070aaa4be38d06ed80 100644
--- a/decrepit/evp/evp_do_all.c
+++ b/decrepit/evp/evp_do_all.c
@@ -21,15 +21,21 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
void *arg) {
callback(EVP_aes_128_cbc(), "AES-128-CBC", NULL, arg);
callback(EVP_aes_128_cfb128(), "AES-128-CFB", NULL, arg);
- callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg);
- callback(EVP_aes_128_ecb(), "AES-128-ECB", NULL, arg);
- callback(EVP_aes_128_ofb(), "AES-128-OFB", NULL, arg);
+ callback(EVP_aes_192_cbc(), "AES-192-CBC", NULL, arg);
callback(EVP_aes_256_cbc(), "AES-256-CBC", NULL, arg);
+ callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg);
+ callback(EVP_aes_192_ctr(), "AES-192-CTR", NULL, arg);
callback(EVP_aes_256_cfb128(), "AES-256-CFB", NULL, arg);
callback(EVP_aes_256_ctr(), "AES-256-CTR", NULL, arg);
+ callback(EVP_aes_128_ecb(), "AES-128-ECB", NULL, arg);
+ callback(EVP_aes_192_ecb(), "AES-192-ECB", NULL, arg);
callback(EVP_aes_256_ecb(), "AES-256-ECB", NULL, arg);
+ callback(EVP_aes_128_ofb(), "AES-128-OFB", NULL, arg);
+ callback(EVP_aes_192_ofb(), "AES-192-OFB", NULL, arg);
callback(EVP_aes_256_ofb(), "AES-256-OFB", NULL, arg);
- callback(EVP_aes_256_xts(), "AES-256-XTS", NULL, arg);
+ callback(EVP_aes_128_gcm(), "AES-128-GCM", NULL, arg);
+ callback(EVP_aes_192_gcm(), "AES-192-GCM", NULL, arg);
+ callback(EVP_aes_256_gcm(), "AES-256-GCM", NULL, arg);
callback(EVP_des_cbc(), "DES-CBC", NULL, arg);
callback(EVP_des_ecb(), "DES-ECB", NULL, arg);
callback(EVP_des_ede(), "DES-EDE", NULL, arg);
@@ -41,15 +47,21 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
// OpenSSL returns everything twice, the second time in lower case.
callback(EVP_aes_128_cbc(), "aes-128-cbc", NULL, arg);
callback(EVP_aes_128_cfb128(), "aes-128-cfb", NULL, arg);
- callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg);
- callback(EVP_aes_128_ecb(), "aes-128-ecb", NULL, arg);
- callback(EVP_aes_128_ofb(), "aes-128-ofb", NULL, arg);
+ callback(EVP_aes_192_cbc(), "aes-192-cbc", NULL, arg);
callback(EVP_aes_256_cbc(), "aes-256-cbc", NULL, arg);
+ callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg);
+ callback(EVP_aes_192_ctr(), "aes-192-ctr", NULL, arg);
callback(EVP_aes_256_cfb128(), "aes-256-cfb", NULL, arg);
callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg);
+ callback(EVP_aes_128_ecb(), "aes-128-ecb", NULL, arg);
+ callback(EVP_aes_192_ecb(), "aes-192-ecb", NULL, arg);
callback(EVP_aes_256_ecb(), "aes-256-ecb", NULL, arg);
+ callback(EVP_aes_128_ofb(), "aes-128-ofb", NULL, arg);
+ callback(EVP_aes_192_ofb(), "aes-192-ofb", NULL, arg);
callback(EVP_aes_256_ofb(), "aes-256-ofb", NULL, arg);
- callback(EVP_aes_256_xts(), "aes-256-xts", NULL, arg);
+ callback(EVP_aes_128_gcm(), "aes-128-gcm", NULL, arg);
+ callback(EVP_aes_192_gcm(), "aes-192-gcm", NULL, arg);
+ callback(EVP_aes_256_gcm(), "aes-256-gcm", NULL, arg);
callback(EVP_des_cbc(), "des-cbc", NULL, arg);
callback(EVP_des_ecb(), "des-ecb", NULL, arg);
callback(EVP_des_ede(), "des-ede", NULL, arg);