Merge branch 'main' into docker-updates

CMakeLists.txt

@@ -982,7 +982,11 @@ if(BUILD_TESTING)
         DEPENDS util/embed_test_data.go ${CRYPTO_TEST_DATA}
         WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
   else()
-    file(COPY ${GENERATE_CODE_ROOT}/crypto_test_data.cc DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/)
+    add_custom_command(
+        OUTPUT crypto_test_data.cc
+        COMMAND ${CMAKE_COMMAND} -E tar "jxvf" ${GENERATE_CODE_ROOT}/crypto_test_data.cc.tar.bz2
+        DEPENDS  ${GENERATE_CODE_ROOT}/crypto_test_data.cc.tar.bz2
+        WORKING_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}")
   endif()
   add_library(crypto_test_data OBJECT crypto_test_data.cc)
 

PrivacyInfo.xcprivacy

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+
+<!--
+This file is for using BoringSSL in Apple ecosystems. You may have to point
+Xcode at it yourself. See
+https://developer.apple.com/documentation/bundleresources/privacy_manifest_files
+-->
+
+<dict>
+	<key>NSPrivacyTracking</key>
+	<false/>
+	<key>NSPrivacyTrackingDomains</key>
+	<array/>
+	<key>NSPrivacyCollectedDataTypes</key>
+	<array/>
+	<key>NSPrivacyAccessedAPITypes</key>
+	<array/>
+</dict>
+</plist>

crypto/bytestring/unicode.c

@@ -18,11 +18,12 @@
 
 
 static int is_valid_code_point(uint32_t v) {
-  // References in the following are to Unicode 9.0.0.
+  // References in the following are to Unicode 15.0.0.
   if (// The Unicode space runs from zero to 0x10ffff (3.4 D9).
       v > 0x10ffff ||
       // Values 0x...fffe, 0x...ffff, and 0xfdd0-0xfdef are permanently reserved
-      // (3.4 D14)
+      // as noncharacters (3.4 D14). See also 23.7. As our APIs are intended for
+      // "open interchange", such as ASN.1, we reject them.
       (v & 0xfffe) == 0xfffe ||
       (v >= 0xfdd0 && v <= 0xfdef) ||
       // Surrogate code points are invalid (3.2 C1).

crypto/cipher_extra/e_des.c

@@ -85,16 +85,14 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
 }
 
 static const EVP_CIPHER evp_des_cbc = {
-    /* nid = */ NID_des_cbc,
-    /* block_size = */ 8,
-    /* key_len = */ 8,
-    /* iv_len = */ 8,
-    /* ctx_size = */ sizeof(EVP_DES_KEY),
-    /* flags = */ EVP_CIPH_CBC_MODE,
-    /* init = */ des_init_key,
-    /* cipher = */ des_cbc_cipher,
-    /* cleanup = */ NULL,
-    /* ctrl = */ NULL,
+    .nid = NID_des_cbc,
+    .block_size = 8,
+    .key_len = 8,
+    .iv_len = 8,
+    .ctx_size = sizeof(EVP_DES_KEY),
+    .flags = EVP_CIPH_CBC_MODE,
+    .init = des_init_key,
+    .cipher = des_cbc_cipher,
 };
 
 const EVP_CIPHER *EVP_des_cbc(void) { return &evp_des_cbc; }
@@ -114,16 +112,14 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
 }
 
 static const EVP_CIPHER evp_des_ecb = {
-    /* nid = */ NID_des_ecb,
-    /* block_size = */ 8,
-    /* key_len = */ 8,
-    /* iv_len = */ 0,
-    /* ctx_size = */ sizeof(EVP_DES_KEY),
-    /* flags = */ EVP_CIPH_ECB_MODE,
-    /* init = */ des_init_key,
-    /* cipher = */ des_ecb_cipher,
-    /* cleanup = */ NULL,
-    /* ctrl = */ NULL,
+    .nid = NID_des_ecb,
+    .block_size = 8,
+    .key_len = 8,
+    .iv_len = 0,
+    .ctx_size = sizeof(EVP_DES_KEY),
+    .flags = EVP_CIPH_ECB_MODE,
+    .init = des_init_key,
+    .cipher = des_ecb_cipher,
 };
 
 const EVP_CIPHER *EVP_des_ecb(void) { return &evp_des_ecb; }
@@ -153,16 +149,14 @@ static int des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
 }
 
 static const EVP_CIPHER evp_des_ede3_cbc = {
-    /* nid = */ NID_des_ede3_cbc,
-    /* block_size = */ 8,
-    /* key_len = */ 24,
-    /* iv_len = */ 8,
-    /* ctx_size = */ sizeof(DES_EDE_KEY),
-    /* flags = */ EVP_CIPH_CBC_MODE,
-    /* init = */ des_ede3_init_key,
-    /* cipher = */ des_ede3_cbc_cipher,
-    /* cleanup = */ NULL,
-    /* ctrl = */ NULL,
+    .nid = NID_des_ede3_cbc,
+    .block_size = 8,
+    .key_len = 24,
+    .iv_len = 8,
+    .ctx_size = sizeof(DES_EDE_KEY),
+    .flags = EVP_CIPH_CBC_MODE,
+    .init = des_ede3_init_key,
+    .cipher = des_ede3_cbc_cipher,
 };
 
 const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &evp_des_ede3_cbc; }
@@ -178,16 +172,14 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
 }
 
 static const EVP_CIPHER evp_des_ede_cbc = {
-    /* nid = */ NID_des_ede_cbc,
-    /* block_size = */ 8,
-    /* key_len = */ 16,
-    /* iv_len = */ 8,
-    /* ctx_size = */ sizeof(DES_EDE_KEY),
-    /* flags = */ EVP_CIPH_CBC_MODE,
-    /* init = */ des_ede_init_key,
-    /* cipher = */ des_ede3_cbc_cipher,
-    /* cleanup = */ NULL,
-    /* ctrl = */ NULL,
+    .nid = NID_des_ede_cbc,
+    .block_size = 8,
+    .key_len = 16,
+    .iv_len = 8,
+    .ctx_size = sizeof(DES_EDE_KEY),
+    .flags = EVP_CIPH_CBC_MODE,
+    .init = des_ede_init_key,
+    .cipher = des_ede3_cbc_cipher,
 };
 
 const EVP_CIPHER *EVP_des_ede_cbc(void) { return &evp_des_ede_cbc; }
@@ -208,31 +200,27 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
 }
 
 static const EVP_CIPHER evp_des_ede = {
-    /* nid = */ NID_des_ede_ecb,
-    /* block_size = */ 8,
-    /* key_len = */ 16,
-    /* iv_len = */ 0,
-    /* ctx_size = */ sizeof(DES_EDE_KEY),
-    /* flags = */ EVP_CIPH_ECB_MODE,
-    /* init = */ des_ede_init_key,
-    /* cipher = */ des_ede_ecb_cipher,
-    /* cleanup = */ NULL,
-    /* ctrl = */ NULL,
+    .nid = NID_des_ede_ecb,
+    .block_size = 8,
+    .key_len = 16,
+    .iv_len = 0,
+    .ctx_size = sizeof(DES_EDE_KEY),
+    .flags = EVP_CIPH_ECB_MODE,
+    .init = des_ede_init_key,
+    .cipher = des_ede_ecb_cipher,
 };
 
 const EVP_CIPHER *EVP_des_ede(void) { return &evp_des_ede; }
 
 static const EVP_CIPHER evp_des_ede3 = {
-    /* nid = */ NID_des_ede3_ecb,
-    /* block_size = */ 8,
-    /* key_len = */ 24,
-    /* iv_len = */ 0,
-    /* ctx_size = */ sizeof(DES_EDE_KEY),
-    /* flags = */ EVP_CIPH_ECB_MODE,
-    /* init = */ des_ede3_init_key,
-    /* cipher = */ des_ede_ecb_cipher,
-    /* cleanup = */ NULL,
-    /* ctrl = */ NULL,
+    .nid = NID_des_ede3_ecb,
+    .block_size = 8,
+    .key_len = 24,
+    .iv_len = 0,
+    .ctx_size = sizeof(DES_EDE_KEY),
+    .flags = EVP_CIPH_ECB_MODE,
+    .init = des_ede3_init_key,
+    .cipher = des_ede_ecb_cipher,
 };
 
 const EVP_CIPHER *EVP_des_ede3(void) { return &evp_des_ede3; }

crypto/cipher_extra/e_null.c

@@ -78,9 +78,13 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
 }
 
 static const EVP_CIPHER n_cipher = {
-    NID_undef,          1 /* block size */, 0 /* key_len */, 0 /* iv_len */,
-    0 /* ctx_size */,   0 /* flags */,      null_init_key,   null_cipher,
-    NULL /* cleanup */, NULL /* ctrl */,
+    .nid = NID_undef,
+    .block_size = 1,
+    .key_len = 0,
+    .iv_len = 0,
+    .ctx_size = 0,
+    .init = null_init_key,
+    .cipher = null_cipher,
 };
 
 const EVP_CIPHER *EVP_enc_null(void) { return &n_cipher; }

crypto/cipher_extra/e_rc2.c

@@ -427,35 +427,29 @@ static int rc2_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) {
 }
 
 static const EVP_CIPHER rc2_40_cbc = {
-    NID_rc2_40_cbc,
-    8 /* block size */,
-    5 /* 40 bit */,
-    8 /* iv len */,
-    sizeof(EVP_RC2_KEY),
-    EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
-    rc2_init_key,
-    rc2_cbc_cipher,
-    NULL,
-    rc2_ctrl,
+    .nid = NID_rc2_40_cbc,
+    .block_size = 8,
+    .key_len = 5 /* 40 bit */,
+    .iv_len = 8,
+    .ctx_size = sizeof(EVP_RC2_KEY),
+    .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+    .init = rc2_init_key,
+    .cipher = rc2_cbc_cipher,
+    .ctrl = rc2_ctrl,
 };
 
-const EVP_CIPHER *EVP_rc2_40_cbc(void) {
-  return &rc2_40_cbc;
-}
+const EVP_CIPHER *EVP_rc2_40_cbc(void) { return &rc2_40_cbc; }
 
 static const EVP_CIPHER rc2_cbc = {
-    NID_rc2_cbc,
-    8 /* block size */,
-    16 /* 128 bit */,
-    8 /* iv len */,
-    sizeof(EVP_RC2_KEY),
-    EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
-    rc2_init_key,
-    rc2_cbc_cipher,
-    NULL,
-    rc2_ctrl,
+    .nid = NID_rc2_cbc,
+    .block_size = 8,
+    .key_len = 16 /* 128 bit */,
+    .iv_len = 8,
+    .ctx_size = sizeof(EVP_RC2_KEY),
+    .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+    .init = rc2_init_key,
+    .cipher = rc2_cbc_cipher,
+    .ctrl = rc2_ctrl,
 };
 
-const EVP_CIPHER *EVP_rc2_cbc(void) {
-  return &rc2_cbc;
-}
+const EVP_CIPHER *EVP_rc2_cbc(void) { return &rc2_cbc; }

crypto/cipher_extra/e_rc4.c

@@ -81,10 +81,14 @@ static int rc4_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
 }
 
 static const EVP_CIPHER rc4 = {
-    NID_rc4,         1 /* block_size */, 16 /* key_size */,
-    0 /* iv_len */,  sizeof(RC4_KEY),    EVP_CIPH_VARIABLE_LENGTH,
-    rc4_init_key,    rc4_cipher,         NULL /* cleanup */,
-    NULL /* ctrl */,
+    .nid = NID_rc4,
+    .block_size = 1,
+    .key_len = 16,
+    .iv_len = 0,
+    .ctx_size = sizeof(RC4_KEY),
+    .flags = EVP_CIPH_VARIABLE_LENGTH,
+    .init = rc4_init_key,
+    .cipher = rc4_cipher,
 };
 
 const EVP_CIPHER *EVP_rc4(void) { return &rc4; }

crypto/decrepit/blowfish/blowfish.c

@@ -594,27 +594,36 @@ static int bf_cfb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
 }
 
 static const EVP_CIPHER bf_ecb = {
-    NID_bf_ecb,         BF_BLOCK /* block_size */,
-    16 /* key_size */,  BF_BLOCK /* iv_len */,
-    sizeof(BF_KEY),     EVP_CIPH_ECB_MODE | EVP_CIPH_VARIABLE_LENGTH,
-    bf_init_key,        bf_ecb_cipher,
-    NULL /* cleanup */, NULL /* ctrl */,
+    .nid = NID_bf_ecb,
+    .block_size = BF_BLOCK,
+    .key_len = 16,
+    .iv_len = BF_BLOCK,
+    .ctx_size = sizeof(BF_KEY),
+    .flags = EVP_CIPH_ECB_MODE | EVP_CIPH_VARIABLE_LENGTH,
+    .init = bf_init_key,
+    .cipher = bf_ecb_cipher,
 };
 
 static const EVP_CIPHER bf_cbc = {
-    NID_bf_cbc,         BF_BLOCK /* block_size */,
-    16 /* key_size */,  BF_BLOCK /* iv_len */,
-    sizeof(BF_KEY),     EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH,
-    bf_init_key,        bf_cbc_cipher,
-    NULL /* cleanup */, NULL /* ctrl */,
+    .nid = NID_bf_cbc,
+    .block_size = BF_BLOCK,
+    .key_len = 16,
+    .iv_len = BF_BLOCK,
+    .ctx_size = sizeof(BF_KEY),
+    .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH,
+    .init = bf_init_key,
+    .cipher = bf_cbc_cipher,
 };
 
 static const EVP_CIPHER bf_cfb = {
-    NID_bf_cfb64,       1 /* block_size */,
-    16 /* key_size */,  BF_BLOCK /* iv_len */,
-    sizeof(BF_KEY),     EVP_CIPH_CFB_MODE | EVP_CIPH_VARIABLE_LENGTH,
-    bf_init_key,        bf_cfb_cipher,
-    NULL /* cleanup */, NULL /* ctrl */,
+    .nid = NID_bf_cfb64,
+    .block_size = 1,
+    .key_len = 16,
+    .iv_len = BF_BLOCK,
+    .ctx_size = sizeof(BF_KEY),
+    .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_VARIABLE_LENGTH,
+    .init = bf_init_key,
+    .cipher = bf_cfb_cipher,
 };
 
 const EVP_CIPHER *EVP_bf_ecb(void) { return &bf_ecb; }

crypto/decrepit/cast/cast.c

@@ -384,19 +384,25 @@ static int cast_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
 }
 
 static const EVP_CIPHER cast5_ecb = {
-    NID_cast5_ecb,      CAST_BLOCK,
-    CAST_KEY_LENGTH,    CAST_BLOCK /* iv_len */,
-    sizeof(CAST_KEY),   EVP_CIPH_ECB_MODE | EVP_CIPH_VARIABLE_LENGTH,
-    cast_init_key,      cast_ecb_cipher,
-    NULL /* cleanup */, NULL /* ctrl */,
+    .nid = NID_cast5_ecb,
+    .block_size = CAST_BLOCK,
+    .key_len = CAST_KEY_LENGTH,
+    .iv_len = CAST_BLOCK,
+    .ctx_size = sizeof(CAST_KEY),
+    .flags = EVP_CIPH_ECB_MODE | EVP_CIPH_VARIABLE_LENGTH,
+    .init = cast_init_key,
+    .cipher = cast_ecb_cipher,
 };
 
 static const EVP_CIPHER cast5_cbc = {
-    NID_cast5_cbc,      CAST_BLOCK,
-    CAST_KEY_LENGTH,    CAST_BLOCK /* iv_len */,
-    sizeof(CAST_KEY),   EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH,
-    cast_init_key,      cast_cbc_cipher,
-    NULL /* cleanup */, NULL /* ctrl */,
+    .nid = NID_cast5_cbc,
+    .block_size = CAST_BLOCK,
+    .key_len = CAST_KEY_LENGTH,
+    .iv_len = CAST_BLOCK,
+    .ctx_size = sizeof(CAST_KEY),
+    .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH,
+    .init = cast_init_key,
+    .cipher = cast_cbc_cipher,
 };
 
 const EVP_CIPHER *EVP_cast5_ecb(void) { return &cast5_ecb; }