From 9bc388837835aec972b7be2d42ae1f30dce4a047 Mon Sep 17 00:00:00 2001 From: deepak1556 Date: Thu, 14 Feb 2019 22:00:44 +0530 Subject: [PATCH] chore: update patches/common/boringssl --- patches/common/boringssl/.patches | 3 - ...order_bits_for_openssl_compatibility.patch | 39 --------- ...ey_key2buf_for_openssl_compatibility.patch | 65 -------------- patches/common/boringssl/expose_aes-cfb.patch | 32 +++---- .../common/boringssl/expose_ripemd160.patch | 6 +- .../boringssl/sync_sorted_ciphers.patch | 85 ------------------- 6 files changed, 17 insertions(+), 213 deletions(-) delete mode 100644 patches/common/boringssl/add_ec_group_order_bits_for_openssl_compatibility.patch delete mode 100644 patches/common/boringssl/add_ec_key_key2buf_for_openssl_compatibility.patch delete mode 100644 patches/common/boringssl/sync_sorted_ciphers.patch diff --git a/patches/common/boringssl/.patches b/patches/common/boringssl/.patches index ed62fb6194..7af3d9819b 100644 --- a/patches/common/boringssl/.patches +++ b/patches/common/boringssl/.patches @@ -1,6 +1,3 @@ -add_ec_group_order_bits_for_openssl_compatibility.patch -add_ec_key_key2buf_for_openssl_compatibility.patch expose_ripemd160.patch expose_aes-cfb.patch -sync_sorted_ciphers.patch handle_pub_key_null_in_ec_key_set_public_key.patch diff --git a/patches/common/boringssl/add_ec_group_order_bits_for_openssl_compatibility.patch b/patches/common/boringssl/add_ec_group_order_bits_for_openssl_compatibility.patch deleted file mode 100644 index 1995ab5493..0000000000 --- a/patches/common/boringssl/add_ec_group_order_bits_for_openssl_compatibility.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Jeremy Apthorp -Date: Wed, 19 Dec 2018 14:42:26 -0800 -Subject: Add EC_GROUP_order_bits for OpenSSL compatibility - -Change-Id: I37149fa4274357d84befff85728ce2337131afa7 -Reviewed-on: https://boringssl-review.googlesource.com/c/33804 -Commit-Queue: Adam Langley -Reviewed-by: Adam Langley - -diff --git a/crypto/fipsmodule/ec/ec.c b/crypto/fipsmodule/ec/ec.c -index bd0662a703d6285df51735c5d4870d21a82b39cf..90b9d71f61f8d6d7ddf838c47a59729748d0d0f2 100644 ---- a/crypto/fipsmodule/ec/ec.c -+++ b/crypto/fipsmodule/ec/ec.c -@@ -625,6 +625,10 @@ int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) { - return 1; - } - -+int EC_GROUP_order_bits(const EC_GROUP *group) { -+ return BN_num_bits(&group->order); -+} -+ - int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, - BN_CTX *ctx) { - // All |EC_GROUP|s have cofactor 1. -diff --git a/include/openssl/ec.h b/include/openssl/ec.h -index 966393ea3b726214aa84a604c8e5a13654dcdf76..c65a1a7519fd80b681d1cf899792ee46aaa8bad6 100644 ---- a/include/openssl/ec.h -+++ b/include/openssl/ec.h -@@ -133,6 +133,9 @@ OPENSSL_EXPORT const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); - // |group| that specifies the order of the group. - OPENSSL_EXPORT const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); - -+// EC_GROUP_order_bits returns the number of bits of the order of |group|. -+OPENSSL_EXPORT int EC_GROUP_order_bits(const EC_GROUP *group); -+ - // EC_GROUP_get_cofactor sets |*cofactor| to the cofactor of |group| using - // |ctx|, if it's not NULL. It returns one on success and zero otherwise. - OPENSSL_EXPORT int EC_GROUP_get_cofactor(const EC_GROUP *group, diff --git a/patches/common/boringssl/add_ec_key_key2buf_for_openssl_compatibility.patch b/patches/common/boringssl/add_ec_key_key2buf_for_openssl_compatibility.patch deleted file mode 100644 index d2e21d3c0d..0000000000 --- a/patches/common/boringssl/add_ec_key_key2buf_for_openssl_compatibility.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Jeremy Apthorp -Date: Wed, 19 Dec 2018 14:46:14 -0800 -Subject: Add EC_KEY_key2buf for OpenSSL compatibility - -Change-Id: If45ef3a9bb757bd0c7f592f40ececaf4aa2f607d -Reviewed-on: https://boringssl-review.googlesource.com/c/33824 -Reviewed-by: Adam Langley -Commit-Queue: Adam Langley - -diff --git a/crypto/fipsmodule/ec/ec_key.c b/crypto/fipsmodule/ec/ec_key.c -index 632dc9b2d902dfba01567f4c02ad7ad6d0c8c3e8..4bc12a073650f66f5ae8ba2beabb9a6fb2b21878 100644 ---- a/crypto/fipsmodule/ec/ec_key.c -+++ b/crypto/fipsmodule/ec/ec_key.c -@@ -394,6 +394,33 @@ err: - return ok; - } - -+size_t EC_KEY_key2buf(EC_KEY *key, point_conversion_form_t form, -+ unsigned char **out_buf, BN_CTX *ctx) { -+ if (key == NULL || key->pub_key == NULL || key->group == NULL) { -+ return 0; -+ } -+ -+ const size_t len = -+ EC_POINT_point2oct(key->group, key->pub_key, form, NULL, 0, ctx); -+ if (len == 0) { -+ return 0; -+ } -+ -+ uint8_t *buf = OPENSSL_malloc(len); -+ if (buf == NULL) { -+ return 0; -+ } -+ -+ if (EC_POINT_point2oct(key->group, key->pub_key, form, buf, len, ctx) != -+ len) { -+ OPENSSL_free(buf); -+ return 0; -+ } -+ -+ *out_buf = buf; -+ return len; -+} -+ - int EC_KEY_generate_key(EC_KEY *key) { - if (key == NULL || key->group == NULL) { - OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); -diff --git a/include/openssl/ec_key.h b/include/openssl/ec_key.h -index 9bc788758b26bb4883626a80f3e0b8c8d6eb7974..3b1a5666fa1f2071212393a3f5c8d5394c32efeb 100644 ---- a/include/openssl/ec_key.h -+++ b/include/openssl/ec_key.h -@@ -177,6 +177,12 @@ OPENSSL_EXPORT int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, - BIGNUM *x, - BIGNUM *y); - -+// EC_KEY_key2buf encodes the public key in |key| to an allocated octet string -+// and sets |*out_buf| to point to it. It returns the length of the encoded -+// octet string or zero if an error occurred. -+OPENSSL_EXPORT size_t EC_KEY_key2buf(EC_KEY *key, point_conversion_form_t form, -+ unsigned char **out_buf, BN_CTX *ctx); -+ - - // Key generation. - diff --git a/patches/common/boringssl/expose_aes-cfb.patch b/patches/common/boringssl/expose_aes-cfb.patch index d5ee8d44de..10e0173ad3 100644 --- a/patches/common/boringssl/expose_aes-cfb.patch +++ b/patches/common/boringssl/expose_aes-cfb.patch @@ -5,7 +5,7 @@ Subject: expose aes-{128,256}-cfb diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c -index 1b23ad32f8cff2a00512ba58d24b47b628e7920c..be7ef07b2c188a76890deb0f305cf92fcc57a64e 100644 +index b132265bc103658dba3de6e0c3dc50d3634da5b0..588a4773437c311877f275bf3679f9688cda3c46 100644 --- a/crypto/cipher_extra/cipher_extra.c +++ b/crypto/cipher_extra/cipher_extra.c @@ -101,10 +101,14 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) { @@ -41,44 +41,40 @@ index d3a176163303a202baeb1f95727c6ed3525439d6..21d108a7b73d454aa6b0e324df4b6708 const EVP_CIPHER *EVP_aes_128_cfb128(void) { return &aes_128_cfb128; } +const EVP_CIPHER *EVP_aes_256_cfb128(void) { return &aes_256_cfb128; } diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c -index acc4719b7e9c4c4461fc6142f2ae9156b407915b..8b008a401ec2f2d0673f6876609dd5786cace4c2 100644 +index 53cb9d2dc8f1962a70dc12b648d27c32be8aca4b..84af06fc56e4aa72d4d48801d7c037add0221747 100644 --- a/decrepit/evp/evp_do_all.c +++ b/decrepit/evp/evp_do_all.c -@@ -20,10 +20,12 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher, +@@ -20,8 +20,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher, const char *unused, void *arg), void *arg) { callback(EVP_aes_128_cbc(), "AES-128-CBC", NULL, arg); + callback(EVP_aes_128_cfb128(), "AES-128-CFB", NULL, arg); - callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg); - callback(EVP_aes_128_ecb(), "AES-128-ECB", NULL, arg); - callback(EVP_aes_128_ofb(), "AES-128-OFB", NULL, arg); + callback(EVP_aes_192_cbc(), "AES-192-CBC", NULL, arg); callback(EVP_aes_256_cbc(), "AES-256-CBC", NULL, arg); + callback(EVP_aes_256_cfb128(), "AES-256-CFB", NULL, arg); + callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg); + callback(EVP_aes_192_ctr(), "AES-192-CTR", NULL, arg); callback(EVP_aes_256_ctr(), "AES-256-CTR", NULL, arg); - callback(EVP_aes_256_ecb(), "AES-256-ECB", NULL, arg); - callback(EVP_aes_256_ofb(), "AES-256-OFB", NULL, arg); -@@ -38,10 +40,12 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher, +@@ -44,8 +46,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher, // OpenSSL returns everything twice, the second time in lower case. callback(EVP_aes_128_cbc(), "aes-128-cbc", NULL, arg); + callback(EVP_aes_128_cfb128(), "aes-128-cfb", NULL, arg); - callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg); - callback(EVP_aes_128_ecb(), "aes-128-ecb", NULL, arg); - callback(EVP_aes_128_ofb(), "aes-128-ofb", NULL, arg); + callback(EVP_aes_192_cbc(), "aes-192-cbc", NULL, arg); callback(EVP_aes_256_cbc(), "aes-256-cbc", NULL, arg); + callback(EVP_aes_256_cfb128(), "aes-256-cfb", NULL, arg); + callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg); + callback(EVP_aes_192_ctr(), "aes-192-ctr", NULL, arg); callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg); - callback(EVP_aes_256_ecb(), "aes-256-ecb", NULL, arg); - callback(EVP_aes_256_ofb(), "aes-256-ofb", NULL, arg); diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h -index e9545c82ca7e663ae25d9e85d29acea2be54d38f..4902859cdb96012eae7956d9fc3b1dcd47a71c07 100644 +index ea7a940ab3003f6919322ef1c4b7caaa9dea8588..5320d5d84c10c6396eb869dc1767b31afeeac4ef 100644 --- a/include/openssl/cipher.h +++ b/include/openssl/cipher.h -@@ -421,6 +421,7 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ofb(void); +@@ -424,6 +424,7 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3_ecb(void); // EVP_aes_128_cfb128 is only available in decrepit. OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb128(void); +OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb128(void); - // The following flags do nothing and are included only to make it easier to - // compile code with BoringSSL. + // EVP_bf_ecb is Blowfish in ECB mode and is only available in decrepit. + OPENSSL_EXPORT const EVP_CIPHER *EVP_bf_ecb(void); diff --git a/patches/common/boringssl/expose_ripemd160.patch b/patches/common/boringssl/expose_ripemd160.patch index f1a1c6d96d..80bd9ffd93 100644 --- a/patches/common/boringssl/expose_ripemd160.patch +++ b/patches/common/boringssl/expose_ripemd160.patch @@ -62,10 +62,10 @@ index f2fa349c2b32ae88766624af3109ece4b1d69909..bcaed59c5401bef071acba9b9919d906 + #undef CHECK diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c -index 38b8f9f78f76050174096740596ac59a0fe18757..acc4719b7e9c4c4461fc6142f2ae9156b407915b 100644 +index d540144b293297791c087e0b968a47d368a73695..53cb9d2dc8f1962a70dc12b648d27c32be8aca4b 100644 --- a/decrepit/evp/evp_do_all.c +++ b/decrepit/evp/evp_do_all.c -@@ -66,6 +66,7 @@ void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher, +@@ -78,6 +78,7 @@ void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher, callback(EVP_sha256(), "SHA256", NULL, arg); callback(EVP_sha384(), "SHA384", NULL, arg); callback(EVP_sha512(), "SHA512", NULL, arg); @@ -73,7 +73,7 @@ index 38b8f9f78f76050174096740596ac59a0fe18757..acc4719b7e9c4c4461fc6142f2ae9156 callback(EVP_md4(), "md4", NULL, arg); callback(EVP_md5(), "md5", NULL, arg); -@@ -74,4 +75,5 @@ void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher, +@@ -86,4 +87,5 @@ void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher, callback(EVP_sha256(), "sha256", NULL, arg); callback(EVP_sha384(), "sha384", NULL, arg); callback(EVP_sha512(), "sha512", NULL, arg); diff --git a/patches/common/boringssl/sync_sorted_ciphers.patch b/patches/common/boringssl/sync_sorted_ciphers.patch deleted file mode 100644 index 9787324c58..0000000000 --- a/patches/common/boringssl/sync_sorted_ciphers.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Shelley Vohr -Date: Thu, 7 Feb 2019 11:11:35 -0800 -Subject: sync EVP_get_cipherbyname with EVP_do_all_sorted - -EVP_get_cipherbyname should work on everything that EVP_do_all_sorted -lists, and conversely, there should be nothing that -EVP_get_cipherbyname works on that EVP_do_all_sorted doesn't list. -This thus does that. - -diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c -index be7ef07b2c188a76890deb0f305cf92fcc57a64e..588a4773437c311877f275bf3679f9688cda3c46 100644 ---- a/crypto/cipher_extra/cipher_extra.c -+++ b/crypto/cipher_extra/cipher_extra.c -@@ -133,6 +133,14 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) { - return EVP_aes_192_ofb(); - } else if (OPENSSL_strcasecmp(name, "aes-256-ofb") == 0) { - return EVP_aes_256_ofb(); -+ } else if (OPENSSL_strcasecmp(name, "des-ecb") == 0) { -+ return EVP_des_ecb(); -+ } else if (OPENSSL_strcasecmp(name, "des-ede") == 0) { -+ return EVP_des_ede(); -+ } else if (OPENSSL_strcasecmp(name, "des-ede-cbc") == 0) { -+ return EVP_des_ede_cbc(); -+ } else if (OPENSSL_strcasecmp(name, "rc2-cbc") == 0) { -+ return EVP_rc2_cbc(); - } - - return NULL; -diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c -index 8b008a401ec2f2d0673f6876609dd5786cace4c2..3e88b29cb599730d2e8682070aaa4be38d06ed80 100644 ---- a/decrepit/evp/evp_do_all.c -+++ b/decrepit/evp/evp_do_all.c -@@ -21,15 +21,21 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher, - void *arg) { - callback(EVP_aes_128_cbc(), "AES-128-CBC", NULL, arg); - callback(EVP_aes_128_cfb128(), "AES-128-CFB", NULL, arg); -- callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg); -- callback(EVP_aes_128_ecb(), "AES-128-ECB", NULL, arg); -- callback(EVP_aes_128_ofb(), "AES-128-OFB", NULL, arg); -+ callback(EVP_aes_192_cbc(), "AES-192-CBC", NULL, arg); - callback(EVP_aes_256_cbc(), "AES-256-CBC", NULL, arg); -+ callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg); -+ callback(EVP_aes_192_ctr(), "AES-192-CTR", NULL, arg); - callback(EVP_aes_256_cfb128(), "AES-256-CFB", NULL, arg); - callback(EVP_aes_256_ctr(), "AES-256-CTR", NULL, arg); -+ callback(EVP_aes_128_ecb(), "AES-128-ECB", NULL, arg); -+ callback(EVP_aes_192_ecb(), "AES-192-ECB", NULL, arg); - callback(EVP_aes_256_ecb(), "AES-256-ECB", NULL, arg); -+ callback(EVP_aes_128_ofb(), "AES-128-OFB", NULL, arg); -+ callback(EVP_aes_192_ofb(), "AES-192-OFB", NULL, arg); - callback(EVP_aes_256_ofb(), "AES-256-OFB", NULL, arg); -- callback(EVP_aes_256_xts(), "AES-256-XTS", NULL, arg); -+ callback(EVP_aes_128_gcm(), "AES-128-GCM", NULL, arg); -+ callback(EVP_aes_192_gcm(), "AES-192-GCM", NULL, arg); -+ callback(EVP_aes_256_gcm(), "AES-256-GCM", NULL, arg); - callback(EVP_des_cbc(), "DES-CBC", NULL, arg); - callback(EVP_des_ecb(), "DES-ECB", NULL, arg); - callback(EVP_des_ede(), "DES-EDE", NULL, arg); -@@ -41,15 +47,21 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher, - // OpenSSL returns everything twice, the second time in lower case. - callback(EVP_aes_128_cbc(), "aes-128-cbc", NULL, arg); - callback(EVP_aes_128_cfb128(), "aes-128-cfb", NULL, arg); -- callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg); -- callback(EVP_aes_128_ecb(), "aes-128-ecb", NULL, arg); -- callback(EVP_aes_128_ofb(), "aes-128-ofb", NULL, arg); -+ callback(EVP_aes_192_cbc(), "aes-192-cbc", NULL, arg); - callback(EVP_aes_256_cbc(), "aes-256-cbc", NULL, arg); -+ callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg); -+ callback(EVP_aes_192_ctr(), "aes-192-ctr", NULL, arg); - callback(EVP_aes_256_cfb128(), "aes-256-cfb", NULL, arg); - callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg); -+ callback(EVP_aes_128_ecb(), "aes-128-ecb", NULL, arg); -+ callback(EVP_aes_192_ecb(), "aes-192-ecb", NULL, arg); - callback(EVP_aes_256_ecb(), "aes-256-ecb", NULL, arg); -+ callback(EVP_aes_128_ofb(), "aes-128-ofb", NULL, arg); -+ callback(EVP_aes_192_ofb(), "aes-192-ofb", NULL, arg); - callback(EVP_aes_256_ofb(), "aes-256-ofb", NULL, arg); -- callback(EVP_aes_256_xts(), "aes-256-xts", NULL, arg); -+ callback(EVP_aes_128_gcm(), "aes-128-gcm", NULL, arg); -+ callback(EVP_aes_192_gcm(), "aes-192-gcm", NULL, arg); -+ callback(EVP_aes_256_gcm(), "aes-256-gcm", NULL, arg); - callback(EVP_des_cbc(), "des-cbc", NULL, arg); - callback(EVP_des_ecb(), "des-ecb", NULL, arg); - callback(EVP_des_ede(), "des-ede", NULL, arg);