diff options
| author | Robert Sloan <varomodt@google.com> | 2018-09-17 15:29:11 -0700 |
|---|---|---|
| committer | Robert Sloan <varomodt@google.com> | 2018-09-17 15:29:21 -0700 |
| commit | f573be7b33b44c59433a07bf70284e725458c379 (patch) | |
| tree | dd07fd06ed8f6c24527179085a38370a9966ce1b | |
| parent | d991ad649a97ca2154b9e2b98f9c13fcca53a382 (diff) | |
| download | boringssl-f573be7b33b44c59433a07bf70284e725458c379.tar.gz | |
external/boringssl: Sync to 5baee45652d9de70ae957d1aa1e04a2d27101c3b.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/689019fe40d5ad94df46ffeebcd794ff359a7074..5baee45652d9de70ae957d1aa1e04a2d27101c3b
Test: BoringSSL CTS Presubmits
Change-Id: I6f92d4fa84a3b9d6f35b291cb0da0782219b2b05
64 files changed, 432 insertions, 187 deletions
diff --git a/BORINGSSL_REVISION b/BORINGSSL_REVISION index 6defbc42..c2e11fae 100644 --- a/BORINGSSL_REVISION +++ b/BORINGSSL_REVISION @@ -1 +1 @@ -689019fe40d5ad94df46ffeebcd794ff359a7074 +5baee45652d9de70ae957d1aa1e04a2d27101c3b diff --git a/linux-ppc64le/crypto/fipsmodule/aesp8-ppc.S b/linux-ppc64le/crypto/fipsmodule/aesp8-ppc.S index 89c5926b..618bd1c5 100644 --- a/linux-ppc64le/crypto/fipsmodule/aesp8-ppc.S +++ b/linux-ppc64le/crypto/fipsmodule/aesp8-ppc.S @@ -1,6 +1,6 @@ #if defined(__has_feature) -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)" -#define OPENSSL_NO_ASM" +#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM #endif #endif diff --git a/linux-ppc64le/crypto/fipsmodule/ghashp8-ppc.S b/linux-ppc64le/crypto/fipsmodule/ghashp8-ppc.S index f6ac4241..f4f9d252 100644 --- a/linux-ppc64le/crypto/fipsmodule/ghashp8-ppc.S +++ b/linux-ppc64le/crypto/fipsmodule/ghashp8-ppc.S @@ -1,6 +1,6 @@ #if defined(__has_feature) -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)" -#define OPENSSL_NO_ASM" +#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM #endif #endif diff --git a/src/.gitignore b/src/.gitignore index db50b0be..9cb72518 100644 --- a/src/.gitignore +++ b/src/.gitignore @@ -17,7 +17,6 @@ util/bot/golang util/bot/gyp util/bot/libcxx util/bot/libcxxabi -util/bot/libFuzzer util/bot/llvm-build util/bot/nasm-win32.exe util/bot/perl-win32 diff --git a/src/BUILDING.md b/src/BUILDING.md index 9bf9cb26..ab9b71d9 100644 --- a/src/BUILDING.md +++ b/src/BUILDING.md @@ -29,8 +29,9 @@ and Clang should work on non-Windows platforms, and maybe on Windows too. To build the tests, you also need a C++ compiler with C++11 support. - * [Go](https://golang.org/dl/) is required. If not found by CMake, the go - executable may be configured explicitly by setting `GO_EXECUTABLE`. + * The most recent stable version of [Go](https://golang.org/dl/) is required. + If not found by CMake, the go executable may be configured explicitly by + setting `GO_EXECUTABLE`. * To build the x86 and x86\_64 assembly, your assembler must support AVX2 instructions and MOVBE. If using GNU binutils, you must have 2.22 or later diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index c614a65a..1586d34d 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -334,6 +334,43 @@ if(OPENSSL_SMALL) add_definitions(-DOPENSSL_SMALL) endif() +function(go_executable dest package) + set(godeps "${CMAKE_SOURCE_DIR}/util/godeps.go") + if(${CMAKE_VERSION} VERSION_LESS "3.7" OR + NOT ${CMAKE_GENERATOR} STREQUAL "Ninja") + # The DEPFILE parameter to add_custom_command is new as of CMake 3.7 and + # only works with Ninja. Query the sources at configure time. Additionally, + # everything depends on go.mod. That affects what external packages to use. + execute_process(COMMAND ${GO_EXECUTABLE} run ${godeps} -format cmake + -pkg ${package} + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} + OUTPUT_VARIABLE sources + RESULT_VARIABLE godeps_result) + add_custom_command(OUTPUT ${dest} + COMMAND ${GO_EXECUTABLE} build + -o ${CMAKE_CURRENT_BINARY_DIR}/${dest} ${package} + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} + DEPENDS ${sources} ${CMAKE_SOURCE_DIR}/go.mod) + else() + # Ninja expects the target in the depfile to match the output. This is a + # relative path from the build directory. + string(LENGTH "${CMAKE_BINARY_DIR}" root_dir_length) + math(EXPR root_dir_length "${root_dir_length} + 1") + string(SUBSTRING "${CMAKE_CURRENT_BINARY_DIR}" ${root_dir_length} -1 target) + set(target "${target}/${dest}") + + set(depfile "${CMAKE_CURRENT_BINARY_DIR}/${dest}.d") + add_custom_command(OUTPUT ${dest} + COMMAND ${GO_EXECUTABLE} build + -o ${CMAKE_CURRENT_BINARY_DIR}/${dest} ${package} + COMMAND ${GO_EXECUTABLE} run ${godeps} -format depfile + -target ${target} -pkg ${package} -out ${depfile} + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} + DEPENDS ${godeps} ${CMAKE_SOURCE_DIR}/go.mod + DEPFILE ${depfile}) + endif() +endfunction() + # CMake's iOS support uses Apple's multiple-architecture toolchain. It takes an # architecture list from CMAKE_OSX_ARCHITECTURES, leaves CMAKE_SYSTEM_PROCESSOR # alone, and expects all architecture-specific logic to be conditioned within diff --git a/src/crypto/fipsmodule/CMakeLists.txt b/src/crypto/fipsmodule/CMakeLists.txt index 1242aa2f..9868dd87 100644 --- a/src/crypto/fipsmodule/CMakeLists.txt +++ b/src/crypto/fipsmodule/CMakeLists.txt @@ -141,21 +141,12 @@ if(FIPS_DELOCATE) set_target_properties(bcm_c_generated_asm PROPERTIES COMPILE_OPTIONS "-S") set_target_properties(bcm_c_generated_asm PROPERTIES POSITION_INDEPENDENT_CODE ON) - function(prepend_path values prefix output) - set(result) - foreach(value ${values}) - list(APPEND result "${prefix}/${value}") - endforeach(value) - set(${output} ${result} PARENT_SCOPE) - endfunction() - - prepend_path("${BCM_ASM_SOURCES}" "${CMAKE_CURRENT_BINARY_DIR}" DELOCATE_ASM_ARGS) - + go_executable(delocate boringssl.googlesource.com/boringssl/util/fipstools/delocate) add_custom_command( OUTPUT bcm-delocated.S - COMMAND ${GO_EXECUTABLE} run util/fipstools/delocate.go util/fipstools/delocate.peg.go util/fipstools/ar.go util/fipstools/const.go -a $<TARGET_FILE:bcm_c_generated_asm> -o ${CMAKE_CURRENT_BINARY_DIR}/bcm-delocated.S ${DELOCATE_ASM_ARGS} - DEPENDS bcm_c_generated_asm ${BCM_ASM_SOURCES} ${CMAKE_SOURCE_DIR}/util/fipstools/delocate.go ${CMAKE_SOURCE_DIR}/util/fipstools/delocate.peg.go ${CMAKE_SOURCE_DIR}/util/fipstools/ar.go ${CMAKE_SOURCE_DIR}/util/fipstools/const.go - WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} + COMMAND ./delocate -a $<TARGET_FILE:bcm_c_generated_asm> -o bcm-delocated.S ${BCM_ASM_SOURCES} + DEPENDS bcm_c_generated_asm delocate ${BCM_ASM_SOURCES} + WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} ) add_library( @@ -171,11 +162,13 @@ if(FIPS_DELOCATE) set_target_properties(bcm_hashunset PROPERTIES POSITION_INDEPENDENT_CODE ON) set_target_properties(bcm_hashunset PROPERTIES LINKER_LANGUAGE C) + go_executable(inject-hash + boringssl.googlesource.com/boringssl/util/fipstools/inject-hash) add_custom_command( OUTPUT bcm.o - COMMAND ${GO_EXECUTABLE} run util/fipstools/inject-hash.go util/fipstools/ar.go util/fipstools/const.go -o ${CMAKE_CURRENT_BINARY_DIR}/bcm.o -in-archive $<TARGET_FILE:bcm_hashunset> - DEPENDS bcm_hashunset ${CMAKE_SOURCE_DIR}/util/fipstools/inject-hash.go ${CMAKE_SOURCE_DIR}/util/fipstools/ar.go ${CMAKE_SOURCE_DIR}/util/fipstools/const.go - WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} + COMMAND ./inject-hash -o bcm.o -in-archive $<TARGET_FILE:bcm_hashunset> + DEPENDS bcm_hashunset inject-hash + WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} ) # The outputs of add_custom_command cannot be referenced outside of the diff --git a/src/crypto/fipsmodule/cipher/e_aes.c b/src/crypto/fipsmodule/cipher/e_aes.c index de2f10f0..734a5174 100644 --- a/src/crypto/fipsmodule/cipher/e_aes.c +++ b/src/crypto/fipsmodule/cipher/e_aes.c @@ -305,13 +305,13 @@ static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, return 1; } -ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx, +ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_KEY *gcm_key, block128_f *out_block, const uint8_t *key, size_t key_bytes) { if (hwaes_capable()) { aes_hw_set_encrypt_key(key, key_bytes * 8, aes_key); - if (gcm_ctx != NULL) { - CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)aes_hw_encrypt, 1); + if (gcm_key != NULL) { + CRYPTO_gcm128_init_key(gcm_key, aes_key, (block128_f)aes_hw_encrypt, 1); } if (out_block) { *out_block = (block128_f) aes_hw_encrypt; @@ -321,8 +321,8 @@ ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx, if (bsaes_capable()) { AES_set_encrypt_key(key, key_bytes * 8, aes_key); - if (gcm_ctx != NULL) { - CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt, 0); + if (gcm_key != NULL) { + CRYPTO_gcm128_init_key(gcm_key, aes_key, (block128_f)AES_encrypt, 0); } if (out_block) { *out_block = (block128_f) AES_encrypt; @@ -335,15 +335,15 @@ ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx, if (out_block) { *out_block = (block128_f) vpaes_encrypt; } - if (gcm_ctx != NULL) { - CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)vpaes_encrypt, 0); + if (gcm_key != NULL) { + CRYPTO_gcm128_init_key(gcm_key, aes_key, (block128_f)vpaes_encrypt, 0); } return NULL; } AES_set_encrypt_key(key, key_bytes * 8, aes_key); - if (gcm_ctx != NULL) { - CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt, 0); + if (gcm_key != NULL) { + CRYPTO_gcm128_init_key(gcm_key, aes_key, (block128_f)AES_encrypt, 0); } if (out_block) { *out_block = (block128_f) AES_encrypt; @@ -358,8 +358,9 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, return 1; } if (key) { - gctx->ctr = - aes_ctr_set_key(&gctx->ks.ks, &gctx->gcm, NULL, key, ctx->key_len); + OPENSSL_memset(&gctx->gcm, 0, sizeof(gctx->gcm)); + gctx->ctr = aes_ctr_set_key(&gctx->ks.ks, &gctx->gcm.gcm_key, NULL, key, + ctx->key_len); // If we have an iv can set it directly, otherwise use saved IV. if (iv == NULL && gctx->iv_set) { iv = gctx->iv; @@ -879,7 +880,7 @@ struct aead_aes_gcm_ctx { double align; AES_KEY ks; } ks; - GCM128_CONTEXT gcm; + GCM128_KEY gcm_key; ctr128_f ctr; }; @@ -903,7 +904,7 @@ static int aead_aes_gcm_init_impl(struct aead_aes_gcm_ctx *gcm_ctx, } gcm_ctx->ctr = - aes_ctr_set_key(&gcm_ctx->ks.ks, &gcm_ctx->gcm, NULL, key, key_len); + aes_ctr_set_key(&gcm_ctx->ks.ks, &gcm_ctx->gcm_key, NULL, key, key_len); *out_tag_len = tag_len; return 1; } @@ -941,7 +942,6 @@ static int aead_aes_gcm_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t extra_in_len, const uint8_t *ad, size_t ad_len) { const struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state; - GCM128_CONTEXT gcm; if (extra_in_len + ctx->tag_len < ctx->tag_len) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); @@ -958,7 +958,9 @@ static int aead_aes_gcm_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out, const AES_KEY *key = &gcm_ctx->ks.ks; - OPENSSL_memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm)); + GCM128_CONTEXT gcm; + OPENSSL_memset(&gcm, 0, sizeof(gcm)); + OPENSSL_memcpy(&gcm.gcm_key, &gcm_ctx->gcm_key, sizeof(gcm.gcm_key)); CRYPTO_gcm128_setiv(&gcm, key, nonce, nonce_len); if (ad_len > 0 && !CRYPTO_gcm128_aad(&gcm, ad, ad_len)) { @@ -1002,7 +1004,6 @@ static int aead_aes_gcm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *ad, size_t ad_len) { const struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state; uint8_t tag[EVP_AEAD_AES_GCM_TAG_LEN]; - GCM128_CONTEXT gcm; if (nonce_len == 0) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE); @@ -1016,7 +1017,9 @@ static int aead_aes_gcm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out, const AES_KEY *key = &gcm_ctx->ks.ks; - OPENSSL_memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm)); + GCM128_CONTEXT gcm; + OPENSSL_memset(&gcm, 0, sizeof(gcm)); + OPENSSL_memcpy(&gcm.gcm_key, &gcm_ctx->gcm_key, sizeof(gcm.gcm_key)); CRYPTO_gcm128_setiv(&gcm, key, nonce, nonce_len); if (!CRYPTO_gcm128_aad(&gcm, ad, ad_len)) { diff --git a/src/crypto/fipsmodule/cipher/internal.h b/src/crypto/fipsmodule/cipher/internal.h index 7b5f23f0..7c739fbd 100644 --- a/src/crypto/fipsmodule/cipher/internal.h +++ b/src/crypto/fipsmodule/cipher/internal.h @@ -114,11 +114,11 @@ struct evp_aead_st { // aes_ctr_set_key initialises |*aes_key| using |key_bytes| bytes from |key|, // where |key_bytes| must either be 16, 24 or 32. If not NULL, |*out_block| is -// set to a function that encrypts single blocks. If not NULL, |*gcm_ctx| is +// set to a function that encrypts single blocks. If not NULL, |*gcm_key| is // initialised to do GHASH with the given key. It returns a function for // optimised CTR-mode, or NULL if CTR-mode should be built using // |*out_block|. -ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx, +ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_KEY *gcm_key, block128_f *out_block, const uint8_t *key, size_t key_bytes); diff --git a/src/crypto/fipsmodule/modes/gcm.c b/src/crypto/fipsmodule/modes/gcm.c index 99d0e15e..6eff4792 100644 --- a/src/crypto/fipsmodule/modes/gcm.c +++ b/src/crypto/fipsmodule/modes/gcm.c @@ -243,9 +243,10 @@ void gcm_ghash_4bit(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, size_t len); #endif -#define GCM_MUL(ctx, Xi) gcm_gmult_4bit((ctx)->Xi.u, (ctx)->Htable) +#define GCM_MUL(ctx, Xi) gcm_gmult_4bit((ctx)->Xi.u, (ctx)->gcm_key.Htable) #if defined(GHASH_ASM) -#define GHASH(ctx, in, len) gcm_ghash_4bit((ctx)->Xi.u, (ctx)->Htable, in, len) +#define GHASH(ctx, in, len) \ + gcm_ghash_4bit((ctx)->Xi.u, (ctx)->gcm_key.Htable, in, len) // GHASH_CHUNK is "stride parameter" missioned to mitigate cache // trashing effect. In other words idea is to hash data while it's // still in L1 cache after encryption pass... @@ -337,10 +338,11 @@ void gcm_ghash_p8(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, #ifdef GCM_FUNCREF_4BIT #undef GCM_MUL -#define GCM_MUL(ctx, Xi) (*gcm_gmult_p)((ctx)->Xi.u, (ctx)->Htable) +#define GCM_MUL(ctx, Xi) (*gcm_gmult_p)((ctx)->Xi.u, (ctx)->gcm_key.Htable) #ifdef GHASH #undef GHASH -#define GHASH(ctx, in, len) (*gcm_ghash_p)((ctx)->Xi.u, (ctx)->Htable, in, len) +#define GHASH(ctx, in, len) \ + (*gcm_ghash_p)((ctx)->Xi.u, (ctx)->gcm_key.Htable, in, len) #endif #endif @@ -417,27 +419,28 @@ void CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash, #endif } -void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const void *aes_key, - block128_f block, int block_is_hwaes) { - OPENSSL_memset(ctx, 0, sizeof(*ctx)); - ctx->block = block; +void CRYPTO_gcm128_init_key(GCM128_KEY *gcm_key, const void *aes_key, + block128_f block, int block_is_hwaes) { + OPENSSL_memset(gcm_key, 0, sizeof(*gcm_key)); + gcm_key->block = block; - uint8_t gcm_key[16]; - OPENSSL_memset(gcm_key, 0, sizeof(gcm_key)); - (*block)(gcm_key, gcm_key, aes_key); + uint8_t ghash_key[16]; + OPENSSL_memset(ghash_key, 0, sizeof(ghash_key)); + (*block)(ghash_key, ghash_key, aes_key); int is_avx; - CRYPTO_ghash_init(&ctx->gmult, &ctx->ghash, &ctx->H, ctx->Htable, &is_avx, - gcm_key); + CRYPTO_ghash_init(&gcm_key->gmult, &gcm_key->ghash, &gcm_key->H, + gcm_key->Htable, &is_avx, ghash_key); - ctx->use_aesni_gcm_crypt = (is_avx && block_is_hwaes) ? 1 : 0; + gcm_key->use_aesni_gcm_crypt = (is_avx && block_is_hwaes) ? 1 : 0; } void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const void *key, const uint8_t *iv, size_t len) { unsigned int ctr; #ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gmult; + void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = + ctx->gcm_key.gmult; #endif ctx->Yi.u[0] = 0; @@ -477,7 +480,7 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const void *key, ctr = CRYPTO_bswap4(ctx->Yi.d[3]); } - (*ctx->block)(ctx->Yi.c, ctx->EK0.c, key); + (*ctx->gcm_key.block)(ctx->Yi.c, ctx->EK0.c, key); ++ctr; ctx->Yi.d[3] = CRYPTO_bswap4(ctr); } @@ -486,10 +489,11 @@ int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const uint8_t *aad, size_t len) { unsigned int n; uint64_t alen = ctx->len.u[0]; #ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gmult; + void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = + ctx->gcm_key.gmult; #ifdef GHASH void (*gcm_ghash_p)(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, - size_t len) = ctx->ghash; + size_t len) = ctx->gcm_key.ghash; #endif #endif @@ -553,12 +557,13 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const void *key, const uint8_t *in, uint8_t *out, size_t len) { unsigned int n, ctr; uint64_t mlen = ctx->len.u[1]; - block128_f block = ctx->block; + block128_f block = ctx->gcm_key.block; #ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gmult; + void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = + ctx->gcm_key.gmult; #ifdef GHASH void (*gcm_ghash_p)(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, - size_t len) = ctx->ghash; + size_t len) = ctx->gcm_key.ghash; #endif #endif @@ -679,12 +684,13 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const void *key, size_t len) { unsigned int n, ctr; uint64_t mlen = ctx->len.u[1]; - block128_f block = ctx->block; + block128_f block = ctx->gcm_key.block; #ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gmult; + void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = + ctx->gcm_key.gmult; #ifdef GHASH void (*gcm_ghash_p)(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, - size_t len) = ctx->ghash; + size_t len) = ctx->gcm_key.ghash; #endif #endif @@ -813,10 +819,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const void *key, unsigned int n, ctr; uint64_t mlen = ctx->len.u[1]; #ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gmult; + void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = + ctx->gcm_key.gmult; #ifdef GHASH void (*gcm_ghash_p)(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, - size_t len) = ctx->ghash; + size_t len) = ctx->gcm_key.ghash; #endif #endif @@ -849,7 +856,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const void *key, } #if defined(AESNI_GCM) - if (ctx->use_aesni_gcm_crypt) { + if (ctx->gcm_key.use_aesni_gcm_crypt) { // |aesni_gcm_encrypt| may not process all the input given to it. It may // not process *any* of its input if it is deemed too small. size_t bulk = aesni_gcm_encrypt(in, out, len, key, ctx->Yi.c, ctx->Xi.u); @@ -895,7 +902,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const void *key, #endif } if (len) { - (*ctx->block)(ctx->Yi.c, ctx->EKi.c, key); + (*ctx->gcm_key.block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; ctx->Yi.d[3] = CRYPTO_bswap4(ctr); while (len--) { @@ -914,10 +921,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const void *key, unsigned int n, ctr; uint64_t mlen = ctx->len.u[1]; #ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gmult; + void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = + ctx->gcm_key.gmult; #ifdef GHASH void (*gcm_ghash_p)(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, - size_t len) = ctx->ghash; + size_t len) = ctx->gcm_key.ghash; #endif #endif @@ -952,7 +960,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const void *key, } #if defined(AESNI_GCM) - if (ctx->use_aesni_gcm_crypt) { + if (ctx->gcm_key.use_aesni_gcm_crypt) { // |aesni_gcm_decrypt| may not process all the input given to it. It may // not process *any* of its input if it is deemed too small. size_t bulk = aesni_gcm_decrypt(in, out, len, key, ctx->Yi.c, ctx->Xi.u); @@ -1001,7 +1009,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const void *key, len -= i; } if (len) { - (*ctx->block)(ctx->Yi.c, ctx->EKi.c, key); + (*ctx->gcm_key.block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; ctx->Yi.d[3] = CRYPTO_bswap4(ctr); while (len--) { @@ -1020,7 +1028,8 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const uint8_t *tag, size_t len) { uint64_t alen = ctx->len.u[0] << 3; uint64_t clen = ctx->len.u[1] << 3; #ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gmult; + void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = + ctx->gcm_key.gmult; #endif if (ctx->mres || ctx->ares) { diff --git a/src/crypto/fipsmodule/modes/gcm_test.cc b/src/crypto/fipsmodule/modes/gcm_test.cc index 59889453..ab8cc34e 100644 --- a/src/crypto/fipsmodule/modes/gcm_test.cc +++ b/src/crypto/fipsmodule/modes/gcm_test.cc @@ -87,7 +87,8 @@ TEST(GCMTest, TestVectors) { ASSERT_EQ(0, AES_set_encrypt_key(key.data(), key.size() * 8, &aes_key)); GCM128_CONTEXT ctx; - CRYPTO_gcm128_init(&ctx, &aes_key, (block128_f)AES_encrypt, 0); + OPENSSL_memset(&ctx, 0, sizeof(ctx)); + CRYPTO_gcm128_init_key(&ctx.gcm_key, &aes_key, (block128_f)AES_encrypt, 0); CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce.data(), nonce.size()); if (!additional_data.empty()) { CRYPTO_gcm128_aad(&ctx, additional_data.data(), additional_data.size()); diff --git a/src/crypto/fipsmodule/modes/internal.h b/src/crypto/fipsmodule/modes/internal.h index 338bf132..788960b7 100644 --- a/src/crypto/fipsmodule/modes/internal.h +++ b/src/crypto/fipsmodule/modes/internal.h @@ -91,52 +91,6 @@ static inline void store_word_le(void *out, size_t v) { typedef void (*block128_f)(const uint8_t in[16], uint8_t out[16], const void *key); -// GCM definitions -typedef struct { uint64_t hi,lo; } u128; - -// gmult_func multiplies |Xi| by the GCM key and writes the result back to -// |Xi|. -typedef void (*gmult_func)(uint64_t Xi[2], const u128 Htable[16]); - -// ghash_func repeatedly multiplies |Xi| by the GCM key and adds in blocks from -// |inp|. The result is written back to |Xi| and the |len| argument must be a -// multiple of 16. -typedef void (*ghash_func)(uint64_t Xi[2], const u128 Htable[16], - const uint8_t *inp, size_t len); - -// This differs from upstream's |gcm128_context| in that it does not have the -// |key| pointer, in order to make it |memcpy|-friendly. Rather the key is -// passed into each call that needs it. -struct gcm128_context { - // Following 6 names follow names in GCM specification - union { - uint64_t u[2]; - uint32_t d[4]; - uint8_t c[16]; - size_t t[16 / sizeof(size_t)]; - } Yi, EKi, EK0, len, Xi; - - // Note that the order of |Xi|, |H| and |Htable| is fixed by the MOVBE-based, - // x86-64, GHASH assembly. - u128 H; - u128 Htable[16]; - gmult_func gmult; - ghash_func ghash; - - unsigned int mres, ares; - block128_f block; - - // use_aesni_gcm_crypt is true if this context should use the assembly - // functions |aesni_gcm_encrypt| and |aesni_gcm_decrypt| to process data. - unsigned use_aesni_gcm_crypt:1; -}; - -#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) -// crypto_gcm_clmul_enabled returns one if the CLMUL implementation of GCM is -// used. -int crypto_gcm_clmul_enabled(void); -#endif - // CTR. @@ -176,9 +130,59 @@ void aesni_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t blocks, // This API differs from the upstream API slightly. The |GCM128_CONTEXT| does // not have a |key| pointer that points to the key as upstream's version does. // Instead, every function takes a |key| parameter. This way |GCM128_CONTEXT| -// can be safely copied. +// can be safely copied. Additionally, |gcm_key| is split into a separate +// struct. -typedef struct gcm128_context GCM128_CONTEXT; +typedef struct { uint64_t hi,lo; } u128; + +// gmult_func multiplies |Xi| by the GCM key and writes the result back to +// |Xi|. +typedef void (*gmult_func)(uint64_t Xi[2], const u128 Htable[16]); + +// ghash_func repeatedly multiplies |Xi| by the GCM key and adds in blocks from +// |inp|. The result is written back to |Xi| and the |len| argument must be a +// multiple of 16. +typedef void (*ghash_func)(uint64_t Xi[2], const u128 Htable[16], + const uint8_t *inp, size_t len); + +typedef struct gcm128_key_st { + // Note the MOVBE-based, x86-64, GHASH assembly requires |H| and |Htable| to + // be the first two elements of this struct. + u128 H; + u128 Htable[16]; + gmult_func gmult; + ghash_func ghash; + + block128_f block; + + // use_aesni_gcm_crypt is true if this context should use the assembly + // functions |aesni_gcm_encrypt| and |aesni_gcm_decrypt| to process data. + unsigned use_aesni_gcm_crypt:1; +} GCM128_KEY; + +// GCM128_CONTEXT contains state for a single GCM operation. The structure +// should be zero-initialized before use. +typedef struct { + // The following 5 names follow names in GCM specification + union { + uint64_t u[2]; + uint32_t d[4]; + uint8_t c[16]; + size_t t[16 / sizeof(size_t)]; + } Yi, EKi, EK0, len, Xi; + + // Note that the order of |Xi| and |gcm_key| is fixed by the MOVBE-based, + // x86-64, GHASH assembly. + GCM128_KEY gcm_key; + + unsigned mres, ares; +} GCM128_CONTEXT; + +#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) +// crypto_gcm_clmul_enabled returns one if the CLMUL implementation of GCM is +// used. +int crypto_gcm_clmul_enabled(void); +#endif // CRYPTO_ghash_init writes a precomputed table of powers of |gcm_key| to // |out_table| and sets |*out_mult| and |*out_hash| to (potentially hardware @@ -188,10 +192,11 @@ void CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash, u128 *out_key, u128 out_table[16], int *out_is_avx, const uint8_t *gcm_key); -// CRYPTO_gcm128_init initialises |ctx| to use |block| (typically AES) with -// the given key. |block_is_hwaes| is one if |block| is |aes_hw_encrypt|. -OPENSSL_EXPORT void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const void *key, - block128_f block, int block_is_hwaes); +// CRYPTO_gcm128_init_key initialises |gcm_key| to use |block| (typically AES) +// with the given key. |block_is_hwaes| is one if |block| is |aes_hw_encrypt|. +OPENSSL_EXPORT void CRYPTO_gcm128_init_key(GCM128_KEY *gcm_key, const void *key, + block128_f block, + int block_is_hwaes); // CRYPTO_gcm128_setiv sets the IV (nonce) for |ctx|. The |key| must be the // same key that was passed to |CRYPTO_gcm128_init|. diff --git a/src/crypto/mem.c b/src/crypto/mem.c index 5d45baa1..a06061b4 100644 --- a/src/crypto/mem.c +++ b/src/crypto/mem.c @@ -71,6 +71,25 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) #define OPENSSL_MALLOC_PREFIX 8 +#if defined(__GNUC__) || defined(__clang__) +// sdallocx is a sized |free| function. By passing the size (which we happen to +// always know in BoringSSL), the malloc implementation can save work. We cannot +// depend on |sdallocx| being available so we declare a wrapper that falls back +// to |free| as a weak symbol. +// +// This will always be safe, but will only be overridden if the malloc +// implementation is statically linked with BoringSSL. So, if |sdallocx| is +// provided in, say, libc.so, we still won't use it because that's dynamically +// linked. This isn't an ideal result, but its helps in some cases. +void sdallocx(void *ptr, size_t size, int flags); + +__attribute((weak, noinline)) +#else +static +#endif +void sdallocx(void *ptr, size_t size, int flags) { + free(ptr); +} void *OPENSSL_malloc(size_t size) { void *ptr = malloc(size + OPENSSL_MALLOC_PREFIX); @@ -92,7 +111,7 @@ void OPENSSL_free(void *orig_ptr) { size_t size = *(size_t *)ptr; OPENSSL_cleanse(ptr, size + OPENSSL_MALLOC_PREFIX); - free(ptr); + sdallocx(ptr, size + OPENSSL_MALLOC_PREFIX, 0 /* flags */); } void *OPENSSL_realloc(void *orig_ptr, size_t new_size) { diff --git a/src/crypto/perlasm/ppc-xlate.pl b/src/crypto/perlasm/ppc-xlate.pl index 05595f2c..7f01dbde 100644 --- a/src/crypto/perlasm/ppc-xlate.pl +++ b/src/crypto/perlasm/ppc-xlate.pl @@ -257,8 +257,8 @@ my $darn = sub { print <<___; #if defined(__has_feature) -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)" -#define OPENSSL_NO_ASM" +#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) +#define OPENSSL_NO_ASM #endif #endif diff --git a/src/go.mod b/src/go.mod new file mode 100644 index 00000000..09d36fbf --- /dev/null +++ b/src/go.mod @@ -0,0 +1 @@ +module boringssl.googlesource.com/boringssl diff --git a/src/include/openssl/dh.h b/src/include/openssl/dh.h index 7188790a..7e103038 100644 --- a/src/include/openssl/dh.h +++ b/src/include/openssl/dh.h @@ -281,6 +281,7 @@ extern "C++" { BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(DH, DH_free) +BORINGSSL_MAKE_UP_REF(DH, DH_up_ref) BSSL_NAMESPACE_END diff --git a/src/include/openssl/dsa.h b/src/include/openssl/dsa.h index 70cde7bb..bed93c5d 100644 --- a/src/include/openssl/dsa.h +++ b/src/include/openssl/dsa.h @@ -420,6 +420,7 @@ extern "C++" { BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(DSA, DSA_free) +BORINGSSL_MAKE_UP_REF(DSA, DSA_up_ref) BORINGSSL_MAKE_DELETER(DSA_SIG, DSA_SIG_free) BSSL_NAMESPACE_END diff --git a/src/include/openssl/ec_key.h b/src/include/openssl/ec_key.h index 7e9e4e8f..9bc78875 100644 --- a/src/include/openssl/ec_key.h +++ b/src/include/openssl/ec_key.h @@ -339,6 +339,7 @@ extern "C++" { BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(EC_KEY, EC_KEY_free) +BORINGSSL_MAKE_UP_REF(EC_KEY, EC_KEY_up_ref) BSSL_NAMESPACE_END diff --git a/src/include/openssl/rsa.h b/src/include/openssl/rsa.h index 8098c482..dcca9e3f 100644 --- a/src/include/openssl/rsa.h +++ b/src/include/openssl/rsa.h @@ -726,6 +726,7 @@ extern "C++" { BSSL_NAMESPACE_BEGIN BORINGSSL_MAKE_DELETER(RSA, RSA_free) +BORINGSSL_MAKE_UP_REF(RSA, RSA_up_ref) BSSL_NAMESPACE_END diff --git a/src/ssl/d1_both.cc b/src/ssl/d1_both.cc index 3f7739ed..d82852d7 100644 --- a/src/ssl/d1_both.cc +++ b/src/ssl/d1_both.cc @@ -601,15 +601,6 @@ bool dtls1_add_change_cipher_spec(SSL *ssl) { return add_outgoing(ssl, true /* ChangeCipherSpec */, Array<uint8_t>()); } -bool dtls1_add_alert(SSL *ssl, uint8_t level, uint8_t desc) { - // The |add_alert| path is only used for warning alerts for now, which DTLS - // never sends. This will be implemented later once closure alerts are - // converted. - assert(false); - OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); - return false; -} - // dtls1_update_mtu updates the current MTU from the BIO, ensuring it is above // the minimum. static void dtls1_update_mtu(SSL *ssl) { diff --git a/src/ssl/dtls_method.cc b/src/ssl/dtls_method.cc index 8d40edf8..d49687f8 100644 --- a/src/ssl/dtls_method.cc +++ b/src/ssl/dtls_method.cc @@ -121,7 +121,6 @@ static const SSL_PROTOCOL_METHOD kDTLSProtocolMethod = { dtls1_finish_message, dtls1_add_message, dtls1_add_change_cipher_spec, - dtls1_add_alert, dtls1_flush_flight, dtls1_on_handshake_complete, dtls1_set_read_state, diff --git a/src/ssl/internal.h b/src/ssl/internal.h index 7ba23ef4..0535b8de 100644 --- a/src/ssl/internal.h +++ b/src/ssl/internal.h @@ -1889,9 +1889,6 @@ struct SSL_PROTOCOL_METHOD { // add_change_cipher_spec adds a ChangeCipherSpec record to the pending // flight. It returns true on success and false on error. bool (*add_change_cipher_spec)(SSL *ssl); - // add_alert adds an alert to the pending flight. It returns true on success - // and false on error. - bool (*add_alert)(SSL *ssl, uint8_t level, uint8_t desc); // flush_flight flushes the pending flight to the transport. It returns one on // success and <= 0 on error. int (*flush_flight)(SSL *ssl); @@ -2589,14 +2586,12 @@ bool ssl3_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type); bool ssl3_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg); bool ssl3_add_message(SSL *ssl, Array<uint8_t> msg); bool ssl3_add_change_cipher_spec(SSL *ssl); -bool ssl3_add_alert(SSL *ssl, uint8_t level, uint8_t desc); int ssl3_flush_flight(SSL *ssl); bool dtls1_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type); bool dtls1_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg); bool dtls1_add_message(SSL *ssl, Array<uint8_t> msg); bool dtls1_add_change_cipher_spec(SSL *ssl); -bool dtls1_add_alert(SSL *ssl, uint8_t level, uint8_t desc); int dtls1_flush_flight(SSL *ssl); // ssl_add_message_cbb finishes the handshake message in |cbb| and adds it to diff --git a/src/ssl/s3_both.cc b/src/ssl/s3_both.cc index c1d4b652..3f09d50b 100644 --- a/src/ssl/s3_both.cc +++ b/src/ssl/s3_both.cc @@ -266,18 +266,6 @@ bool ssl3_add_change_cipher_spec(SSL *ssl) { return true; } -bool ssl3_add_alert(SSL *ssl, uint8_t level, uint8_t desc) { - uint8_t alert[2] = {level, desc}; - if (!tls_flush_pending_hs_data(ssl) || - !add_record_to_flight(ssl, SSL3_RT_ALERT, alert)) { - return false; - } - - ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_ALERT, alert); - ssl_do_info_callback(ssl, SSL_CB_WRITE_ALERT, ((int)level << 8) | desc); - return true; -} - int ssl3_flush_flight(SSL *ssl) { if (!tls_flush_pending_hs_data(ssl)) { return -1; diff --git a/src/ssl/test/runner/chacha20_poly1305.go b/src/ssl/test/runner/chacha20_poly1305.go index 866f7242..446fb557 100644 --- a/src/ssl/test/runner/chacha20_poly1305.go +++ b/src/ssl/test/runner/chacha20_poly1305.go @@ -20,7 +20,7 @@ import ( "encoding/binary" "errors" - "./poly1305" + "boringssl.googlesource.com/boringssl/ssl/test/runner/poly1305" ) // See RFC 7539. diff --git a/src/ssl/test/runner/ed25519/ed25519.go b/src/ssl/test/runner/ed25519/ed25519.go index dfef0ffc..9a27332d 100644 --- a/src/ssl/test/runner/ed25519/ed25519.go +++ b/src/ssl/test/runner/ed25519/ed25519.go @@ -21,7 +21,7 @@ import ( "io" "strconv" - "./internal/edwards25519" + "boringssl.googlesource.com/boringssl/ssl/test/runner/ed25519/internal/edwards25519" ) const ( diff --git a/src/ssl/test/runner/ed25519/ed25519_test.go b/src/ssl/test/runner/ed25519/ed25519_test.go index 02c98614..b84cfa81 100644 --- a/src/ssl/test/runner/ed25519/ed25519_test.go +++ b/src/ssl/test/runner/ed25519/ed25519_test.go @@ -15,7 +15,7 @@ import ( "strings" "testing" - "./internal/edwards25519" + "boringssl.googlesource.com/boringssl/ssl/test/runner/ed25519/internal/edwards25519" ) type zeroReader struct{} diff --git a/src/ssl/test/runner/handshake_client.go b/src/ssl/test/runner/handshake_client.go index 49e947d4..4dfa4699 100644 --- a/src/ssl/test/runner/handshake_client.go +++ b/src/ssl/test/runner/handshake_client.go @@ -19,7 +19,7 @@ import ( "net" "time" - "./ed25519" + "boringssl.googlesource.com/boringssl/ssl/test/runner/ed25519" ) type clientHandshakeState struct { diff --git a/src/ssl/test/runner/handshake_server.go b/src/ssl/test/runner/handshake_server.go index ca7a7d37..4950a4fe 100644 --- a/src/ssl/test/runner/handshake_server.go +++ b/src/ssl/test/runner/handshake_server.go @@ -18,7 +18,7 @@ import ( "math/big" "time" - "./ed25519" + "boringssl.googlesource.com/boringssl/ssl/test/runner/ed25519" ) // serverHandshakeState contains details of a server handshake in progress. diff --git a/src/ssl/test/runner/key_agreement.go b/src/ssl/test/runner/key_agreement.go index 5a304699..791325cd 100644 --- a/src/ssl/test/runner/key_agreement.go +++ b/src/ssl/test/runner/key_agreement.go @@ -15,8 +15,8 @@ import ( "io" "math/big" - "./curve25519" - "./ed25519" + "boringssl.googlesource.com/boringssl/ssl/test/runner/curve25519" + "boringssl.googlesource.com/boringssl/ssl/test/runner/ed25519" ) type keyType int diff --git a/src/ssl/test/runner/sign.go b/src/ssl/test/runner/sign.go index ceae05c1..0c963d99 100644 --- a/src/ssl/test/runner/sign.go +++ b/src/ssl/test/runner/sign.go @@ -18,7 +18,7 @@ import ( "fmt" "math/big" - "./ed25519" + "boringssl.googlesource.com/boringssl/ssl/test/runner/ed25519" ) type signer interface { diff --git a/src/ssl/test/runner/tls.go b/src/ssl/test/runner/tls.go index 225794ba..41931bea 100644 --- a/src/ssl/test/runner/tls.go +++ b/src/ssl/test/runner/tls.go @@ -18,7 +18,7 @@ import ( "strings" "time" - "./ed25519" + "boringssl.googlesource.com/boringssl/ssl/test/runner/ed25519" ) // Server returns a new TLS server side connection diff --git a/src/ssl/tls_method.cc b/src/ssl/tls_method.cc index 116f0270..bc9410b3 100644 --- a/src/ssl/tls_method.cc +++ b/src/ssl/tls_method.cc @@ -119,7 +119,6 @@ static const SSL_PROTOCOL_METHOD kTLSProtocolMethod = { ssl3_finish_message, ssl3_add_message, ssl3_add_change_cipher_spec, - ssl3_add_alert, ssl3_flush_flight, ssl3_on_handshake_complete, ssl3_set_read_state, diff --git a/src/util/bot/DEPS b/src/util/bot/DEPS index 5dab2031..5449ab0d 100644 --- a/src/util/bot/DEPS +++ b/src/util/bot/DEPS @@ -16,7 +16,6 @@ vars = { 'chromium_git': 'https://chromium.googlesource.com', 'checkout_clang': False, - 'checkout_fuzzer': False, 'checkout_sde': False, 'checkout_nasm': False, 'checkout_libcxx': False, @@ -24,7 +23,7 @@ vars = { deps = { 'boringssl/util/bot/android_ndk': { - 'url': Var('chromium_git') + '/android_ndk.git' + '@' + '5cd86312e794bdf542a3685c6f10cbb96072990b', + 'url': Var('chromium_git') + '/android_ndk.git' + '@' + '4e2cea441bfd43f0863d14f57b1e1844260b9884', 'condition': 'checkout_android', }, @@ -36,11 +35,6 @@ deps = { 'boringssl/util/bot/gyp': Var('chromium_git') + '/external/gyp.git' + '@' + 'd61a9397e668fa9843c4aa7da9e79460fe590bfb', - 'boringssl/util/bot/libFuzzer': { - 'url': Var('chromium_git') + '/chromium/llvm-project/compiler-rt/lib/fuzzer.git' + '@' + '658ff786a213703ff0df6ba4a288e9a1e218c074', - 'condition': 'checkout_fuzzer', - }, - # Update the following revisions from # https://chromium.googlesource.com/chromium/buildtools/+/master/DEPS 'boringssl/util/bot/libcxx': { diff --git a/src/util/bot/go/bootstrap.py b/src/util/bot/go/bootstrap.py index eb6eed9c..9dbabe52 100755 --- a/src/util/bot/go/bootstrap.py +++ b/src/util/bot/go/bootstrap.py @@ -45,7 +45,7 @@ WORKSPACE = os.path.join(ROOT, 'go') EXE_SFX = '.exe' if sys.platform == 'win32' else '' # Pinned version of Go toolset to download. -TOOLSET_VERSION = 'go1.10.3' +TOOLSET_VERSION = 'go1.11' # Platform dependent portion of a download URL. See http://golang.org/dl/. TOOLSET_VARIANTS = { diff --git a/src/util/doc.go b/src/util/doc.go index ab21547f..33bcc66b 100644 --- a/src/util/doc.go +++ b/src/util/doc.go @@ -453,7 +453,7 @@ func (config *Config) parseHeader(path string) (*HeaderFile, error) { ok = strings.HasPrefix(name, subject[:l-1]) } if !ok { - return nil, fmt.Errorf("Comment for %q doesn't seem to match line %s:%d\n", name, path, declLineNo) + return nil, fmt.Errorf("comment for %q doesn't seem to match line %s:%d\n", name, path, declLineNo) } } anchor := sanitizeAnchor(name) diff --git a/src/util/fipstools/delocate.go b/src/util/fipstools/delocate/delocate.go index d58e5bec..a8c4fd0e 100644 --- a/src/util/fipstools/delocate.go +++ b/src/util/fipstools/delocate/delocate.go @@ -25,6 +25,8 @@ import ( "sort" "strconv" "strings" + + "boringssl.googlesource.com/boringssl/util/fipstools/fipscommon" ) // inputFile represents a textual assembly file. @@ -1405,7 +1407,7 @@ func transform(w stringWriter, inputs []inputFile) error { w.WriteString(".type BORINGSSL_bcm_text_hash, @object\n") w.WriteString(".size BORINGSSL_bcm_text_hash, 64\n") w.WriteString("BORINGSSL_bcm_text_hash:\n") - for _, b := range uninitHashValue { + for _, b := range fipscommon.UninitHashValue { w.WriteString(".byte 0x" + strconv.FormatUint(uint64(b), 16) + "\n") } @@ -1423,7 +1425,7 @@ func parseInputs(inputs []inputFile) error { } defer arFile.Close() - ar, err := ParseAR(arFile) + ar, err := fipscommon.ParseAR(arFile) if err != nil { return err } diff --git a/src/util/fipstools/delocate.peg b/src/util/fipstools/delocate/delocate.peg index 3dcead2d..3dcead2d 100644 --- a/src/util/fipstools/delocate.peg +++ b/src/util/fipstools/delocate/delocate.peg diff --git a/src/util/fipstools/delocate.peg.go b/src/util/fipstools/delocate/delocate.peg.go index f0ad78f6..f0ad78f6 100644 --- a/src/util/fipstools/delocate.peg.go +++ b/src/util/fipstools/delocate/delocate.peg.go diff --git a/src/util/fipstools/delocate_test.go b/src/util/fipstools/delocate/delocate_test.go index e0ecc177..e0ecc177 100644 --- a/src/util/fipstools/delocate_test.go +++ b/src/util/fipstools/delocate/delocate_test.go diff --git a/src/util/fipstools/testdata/ppc64le-GlobalEntry/in.s b/src/util/fipstools/delocate/testdata/ppc64le-GlobalEntry/in.s index af1a182c..af1a182c 100644 --- a/src/util/fipstools/testdata/ppc64le-GlobalEntry/in.s +++ b/src/util/fipstools/delocate/testdata/ppc64le-GlobalEntry/in.s diff --git a/src/util/fipstools/testdata/ppc64le-GlobalEntry/out.s b/src/util/fipstools/delocate/testdata/ppc64le-GlobalEntry/out.s index 304f697a..304f697a 100644 --- a/src/util/fipstools/testdata/ppc64le-GlobalEntry/out.s +++ b/src/util/fipstools/delocate/testdata/ppc64le-GlobalEntry/out.s diff --git a/src/util/fipstools/testdata/ppc64le-LoadToR0/in.s b/src/util/fipstools/delocate/testdata/ppc64le-LoadToR0/in.s index 81766dc0..81766dc0 100644 --- a/src/util/fipstools/testdata/ppc64le-LoadToR0/in.s +++ b/src/util/fipstools/delocate/testdata/ppc64le-LoadToR0/in.s diff --git a/src/util/fipstools/testdata/ppc64le-LoadToR0/out.s b/src/util/fipstools/delocate/testdata/ppc64le-LoadToR0/out.s index 5fdbeb89..5fdbeb89 100644 --- a/src/util/fipstools/testdata/ppc64le-LoadToR0/out.s +++ b/src/util/fipstools/delocate/testdata/ppc64le-LoadToR0/out.s diff --git a/src/util/fipstools/testdata/ppc64le-Sample/in.s b/src/util/fipstools/delocate/testdata/ppc64le-Sample/in.s index 6e7422ab..6e7422ab 100644 --- a/src/util/fipstools/testdata/ppc64le-Sample/in.s +++ b/src/util/fipstools/delocate/testdata/ppc64le-Sample/in.s diff --git a/src/util/fipstools/testdata/ppc64le-Sample/out.s b/src/util/fipstools/delocate/testdata/ppc64le-Sample/out.s index e3d682e5..e3d682e5 100644 --- a/src/util/fipstools/testdata/ppc64le-Sample/out.s +++ b/src/util/fipstools/delocate/testdata/ppc64le-Sample/out.s diff --git a/src/util/fipstools/testdata/ppc64le-Sample2/in.s b/src/util/fipstools/delocate/testdata/ppc64le-Sample2/in.s index eb856269..eb856269 100644 --- a/src/util/fipstools/testdata/ppc64le-Sample2/in.s +++ b/src/util/fipstools/delocate/testdata/ppc64le-Sample2/in.s diff --git a/src/util/fipstools/testdata/ppc64le-Sample2/out.s b/src/util/fipstools/delocate/testdata/ppc64le-Sample2/out.s index 54cbd6f8..54cbd6f8 100644 --- a/src/util/fipstools/testdata/ppc64le-Sample2/out.s +++ b/src/util/fipstools/delocate/testdata/ppc64le-Sample2/out.s diff --git a/src/util/fipstools/testdata/ppc64le-TOCWithOffset/in.s b/src/util/fipstools/delocate/testdata/ppc64le-TOCWithOffset/in.s index 94ea2111..94ea2111 100644 --- a/src/util/fipstools/testdata/ppc64le-TOCWithOffset/in.s +++ b/src/util/fipstools/delocate/testdata/ppc64le-TOCWithOffset/in.s diff --git a/src/util/fipstools/testdata/ppc64le-TOCWithOffset/out.s b/src/util/fipstools/delocate/testdata/ppc64le-TOCWithOffset/out.s index 2fff0efb..2fff0efb 100644 --- a/src/util/fipstools/testdata/ppc64le-TOCWithOffset/out.s +++ b/src/util/fipstools/delocate/testdata/ppc64le-TOCWithOffset/out.s diff --git a/src/util/fipstools/testdata/x86_64-BSS/in.s b/src/util/fipstools/delocate/testdata/x86_64-BSS/in.s index 2d313635..2d313635 100644 --- a/src/util/fipstools/testdata/x86_64-BSS/in.s +++ b/src/util/fipstools/delocate/testdata/x86_64-BSS/in.s diff --git a/src/util/fipstools/testdata/x86_64-BSS/out.s b/src/util/fipstools/delocate/testdata/x86_64-BSS/out.s index 5c576d95..5c576d95 100644 --- a/src/util/fipstools/testdata/x86_64-BSS/out.s +++ b/src/util/fipstools/delocate/testdata/x86_64-BSS/out.s diff --git a/src/util/fipstools/testdata/x86_64-Basic/in.s b/src/util/fipstools/delocate/testdata/x86_64-Basic/in.s index 89e8aafa..89e8aafa 100644 --- a/src/util/fipstools/testdata/x86_64-Basic/in.s +++ b/src/util/fipstools/delocate/testdata/x86_64-Basic/in.s diff --git a/src/util/fipstools/testdata/x86_64-Basic/out.s b/src/util/fipstools/delocate/testdata/x86_64-Basic/out.s index 02a60256..02a60256 100644 --- a/src/util/fipstools/testdata/x86_64-Basic/out.s +++ b/src/util/fipstools/delocate/testdata/x86_64-Basic/out.s diff --git a/src/util/fipstools/testdata/x86_64-GOTRewrite/in.s b/src/util/fipstools/delocate/testdata/x86_64-GOTRewrite/in.s index ccbc0bf3..ccbc0bf3 100644 --- a/src/util/fipstools/testdata/x86_64-GOTRewrite/in.s +++ b/src/util/fipstools/delocate/testdata/x86_64-GOTRewrite/in.s diff --git a/src/util/fipstools/testdata/x86_64-GOTRewrite/out.s b/src/util/fipstools/delocate/testdata/x86_64-GOTRewrite/out.s index 3d421e56..3d421e56 100644 --- a/src/util/fipstools/testdata/x86_64-GOTRewrite/out.s +++ b/src/util/fipstools/delocate/testdata/x86_64-GOTRewrite/out.s diff --git a/src/util/fipstools/testdata/x86_64-LabelRewrite/in1.s b/src/util/fipstools/delocate/testdata/x86_64-LabelRewrite/in1.s index e97b280b..e97b280b 100644 --- a/src/util/fipstools/testdata/x86_64-LabelRewrite/in1.s +++ b/src/util/fipstools/delocate/testdata/x86_64-LabelRewrite/in1.s diff --git a/src/util/fipstools/testdata/x86_64-LabelRewrite/in2.s b/src/util/fipstools/delocate/testdata/x86_64-LabelRewrite/in2.s index 7a5a5510..7a5a5510 100644 --- a/src/util/fipstools/testdata/x86_64-LabelRewrite/in2.s +++ b/src/util/fipstools/delocate/testdata/x86_64-LabelRewrite/in2.s diff --git a/src/util/fipstools/testdata/x86_64-LabelRewrite/out.s b/src/util/fipstools/delocate/testdata/x86_64-LabelRewrite/out.s index 4a018537..4a018537 100644 --- a/src/util/fipstools/testdata/x86_64-LabelRewrite/out.s +++ b/src/util/fipstools/delocate/testdata/x86_64-LabelRewrite/out.s diff --git a/src/util/fipstools/testdata/x86_64-Sections/in.s b/src/util/fipstools/delocate/testdata/x86_64-Sections/in.s index 8358a4c5..8358a4c5 100644 --- a/src/util/fipstools/testdata/x86_64-Sections/in.s +++ b/src/util/fipstools/delocate/testdata/x86_64-Sections/in.s diff --git a/src/util/fipstools/testdata/x86_64-Sections/out.s b/src/util/fipstools/delocate/testdata/x86_64-Sections/out.s index ba427ade..ba427ade 100644 --- a/src/util/fipstools/testdata/x86_64-Sections/out.s +++ b/src/util/fipstools/delocate/testdata/x86_64-Sections/out.s diff --git a/src/util/fipstools/ar.go b/src/util/fipstools/fipscommon/ar.go index 51e7aa5d..85b378d6 100644 --- a/src/util/fipstools/ar.go +++ b/src/util/fipstools/fipscommon/ar.go @@ -14,7 +14,7 @@ // ar.go contains functions for parsing .a archive files. -package main +package fipscommon import ( "bytes" diff --git a/src/util/fipstools/const.go b/src/util/fipstools/fipscommon/const.go index 2e009ac8..56934140 100644 --- a/src/util/fipstools/const.go +++ b/src/util/fipstools/fipscommon/const.go @@ -12,11 +12,11 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -package main +package fipscommon -// uninitHashValue is the default hash value that we inject into the module. +// UninitHashValue is the default hash value that we inject into the module. // This value need only be distinct, i.e. so that we can safely // search-and-replace it in an object file. -var uninitHashValue = [64]byte{ +var UninitHashValue = [64]byte{ 0xae, 0x2c, 0xea, 0x2a, 0xbd, 0xa6, 0xf3, 0xec, 0x97, 0x7f, 0x9b, 0xf6, 0x94, 0x9a, 0xfc, 0x83, 0x68, 0x27, 0xcb, 0xa0, 0xa0, 0x9f, 0x6b, 0x6f, 0xde, 0x52, 0xcd, 0xe2, 0xcd, 0xff, 0x31, 0x80, 0xa2, 0xd4, 0xc3, 0x66, 0x0f, 0xc2, 0x6a, 0x7b, 0xf4, 0xbe, 0x39, 0xa2, 0xd7, 0x25, 0xdb, 0x21, 0x98, 0xe9, 0xd5, 0x53, 0xbf, 0x5c, 0x32, 0x06, 0x83, 0x34, 0x0c, 0x65, 0x89, 0x52, 0xbd, 0x1f, } diff --git a/src/util/fipstools/inject-hash.go b/src/util/fipstools/inject-hash/inject-hash.go index 688024d1..14418a38 100644 --- a/src/util/fipstools/inject-hash.go +++ b/src/util/fipstools/inject-hash/inject-hash.go @@ -28,6 +28,8 @@ import ( "io" "io/ioutil" "os" + + "boringssl.googlesource.com/boringssl/util/fipstools/fipscommon" ) func do(outPath, oInput string, arInput string) error { @@ -43,7 +45,7 @@ func do(outPath, oInput string, arInput string) error { } defer arFile.Close() - ar, err := ParseAR(arFile) + ar, err := fipscommon.ParseAR(arFile) if err != nil { return err } @@ -145,12 +147,12 @@ func do(outPath, oInput string, arInput string) error { // Replace the default hash value in the object with the calculated // value and write it out. - offset := bytes.Index(objectBytes, uninitHashValue[:]) + offset := bytes.Index(objectBytes, fipscommon.UninitHashValue[:]) if offset < 0 { return errors.New("did not find uninitialised hash value in object file") } - if bytes.Index(objectBytes[offset+1:], uninitHashValue[:]) >= 0 { + if bytes.Index(objectBytes[offset+1:], fipscommon.UninitHashValue[:]) >= 0 { return errors.New("found two occurrences of uninitialised hash value in object file") } diff --git a/src/util/godeps.go b/src/util/godeps.go new file mode 100644 index 00000000..960faa46 --- /dev/null +++ b/src/util/godeps.go @@ -0,0 +1,203 @@ +// Copyright (c) 2018, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +// godeps prints out dependencies of a package in either CMake or Make depfile +// format, for incremental rebuilds. +// +// The depfile format is preferred. It works correctly when new files are added. +// However, CMake only supports depfiles for custom commands with Ninja and +// starting CMake 3.7. For other configurations, we also support CMake's format, +// but CMake must be rerun when file lists change. +package main + +import ( + "flag" + "fmt" + "go/build" + "os" + "path/filepath" + "sort" + "strings" +) + +var ( + format = flag.String("format", "cmake", "The format to output to, either 'cmake' or 'depfile'") + mainPkg = flag.String("pkg", "", "The package to print dependencies for") + target = flag.String("target", "", "The name of the output file") + out = flag.String("out", "", "The path to write the output to. If unset, this is stdout") +) + +func cMakeQuote(in string) string { + // See https://cmake.org/cmake/help/v3.0/manual/cmake-language.7.html#quoted-argument + var b strings.Builder + b.Grow(len(in)) + // Iterate over in as bytes. + for i := 0; i < len(in); i++ { + switch c := in[i]; c { + case '\\', '"': + b.WriteByte('\\') + b.WriteByte(c) + case '\t': + b.WriteString("\\t") + case '\r': + b.WriteString("\\r") + case '\n': + b.WriteString("\\n") + default: + b.WriteByte(in[i]) + } + } + return b.String() +} + +func writeCMake(outFile *os.File, files []string) error { + for i, file := range files { + if i != 0 { + if _, err := outFile.WriteString(";"); err != nil { + return err + } + } + if _, err := outFile.WriteString(cMakeQuote(file)); err != nil { + return err + } + } + return nil +} + +func makeQuote(in string) string { + // See https://www.gnu.org/software/make/manual/make.html#Rule-Syntax + var b strings.Builder + b.Grow(len(in)) + // Iterate over in as bytes. + for i := 0; i < len(in); i++ { + switch c := in[i]; c { + case '$': + b.WriteString("$$") + case '#', '\\', ' ': + b.WriteByte('\\') + b.WriteByte(c) + default: + b.WriteByte(c) + } + } + return b.String() +} + +func writeDepfile(outFile *os.File, files []string) error { + if _, err := fmt.Fprintf(outFile, "%s:", makeQuote(*target)); err != nil { + return err + } + for _, file := range files { + if _, err := fmt.Fprintf(outFile, " %s", makeQuote(file)); err != nil { + return err + } + } + _, err := outFile.WriteString("\n") + return err +} + +func appendPrefixed(list, newFiles []string, prefix string) []string { + for _, file := range newFiles { + list = append(list, filepath.Join(prefix, file)) + } + return list +} + +func main() { + flag.Parse() + + if len(*mainPkg) == 0 { + fmt.Fprintf(os.Stderr, "-pkg argument is required.\n") + os.Exit(1) + } + + var isDepfile bool + switch *format { + case "depfile": + isDepfile = true + case "cmake": + isDepfile = false + default: + fmt.Fprintf(os.Stderr, "Unknown format: %q\n", *format) + os.Exit(1) + } + + if isDepfile && len(*target) == 0 { + fmt.Fprintf(os.Stderr, "-target argument is required for depfile.\n") + os.Exit(1) + } + + done := make(map[string]struct{}) + var files []string + var recurse func(pkgName string) error + recurse = func(pkgName string) error { + pkg, err := build.Default.Import(pkgName, ".", 0) + if err != nil { + return err + } + + // Skip standard packages. + if pkg.Goroot { + return nil + } + + // Skip already-visited packages. + if _, ok := done[pkg.Dir]; ok { + return nil + } + done[pkg.Dir] = struct{}{} + + files = appendPrefixed(files, pkg.GoFiles, pkg.Dir) + files = appendPrefixed(files, pkg.CgoFiles, pkg.Dir) + // Include ignored Go files. A subsequent change may cause them + // to no longer be ignored. + files = appendPrefixed(files, pkg.IgnoredGoFiles, pkg.Dir) + + // Recurse into imports. + for _, importName := range pkg.Imports { + if err := recurse(importName); err != nil { + return err + } + } + return nil + } + if err := recurse(*mainPkg); err != nil { + fmt.Fprintf(os.Stderr, "Error getting dependencies: %s\n", err) + os.Exit(1) + } + + sort.Strings(files) + + outFile := os.Stdout + if len(*out) != 0 { + var err error + outFile, err = os.Create(*out) + if err != nil { + fmt.Fprintf(os.Stderr, "Error writing output: %s\n", err) + os.Exit(1) + } + defer outFile.Close() + } + + var err error + if isDepfile { + err = writeDepfile(outFile, files) + } else { + err = writeCMake(outFile, files) + } + if err != nil { + fmt.Fprintf(os.Stderr, "Error writing output: %s\n", err) + os.Exit(1) + } +} |