external/boringssl: Sync to 7c5728649affe20e2952b11a0aeaf0e7b114aad9.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/68f37b7a3f451aa1ca8c93669c024d01f6270ae8..7c5728649affe20e2952b11a0aeaf0e7b114aad9
This also removes sha256-armv4.S from libcrypto_sources_no_clang; clang
can assemble it now. The other files still need to be there though.
Note this pulls in a fix to a wpa_supplicant regression introduced in
c895d6b1c580258e72e1ed3fcc86d38970ded9e1.
Test: make checkbuild
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Change-Id: Ife1d9ea1c87a0b7b1814b8e3590d6f1eaf721629
diff --git a/src/crypto/x509/x509_test.cc b/src/crypto/x509/x509_test.cc
index c39d98d..0c25754 100644
--- a/src/crypto/x509/x509_test.cc
+++ b/src/crypto/x509/x509_test.cc
@@ -25,7 +25,6 @@
#include <openssl/pool.h>
#include <openssl/x509.h>
-namespace bssl {
static const char kCrossSigningRootPEM[] =
"-----BEGIN CERTIFICATE-----\n"
@@ -724,7 +723,7 @@
}
// Test PKCS#1 v1.5.
- ScopedEVP_MD_CTX md_ctx;
+ bssl::ScopedEVP_MD_CTX md_ctx;
if (!EVP_DigestSignInit(md_ctx.get(), NULL, EVP_sha256(), NULL, pkey.get()) ||
!SignatureRoundTrips(md_ctx.get(), pkey.get())) {
fprintf(stderr, "RSA PKCS#1 with SHA-256 failed\n");
@@ -941,7 +940,51 @@
return true;
}
-static int Main() {
+static bool TestFailedParseFromBuffer() {
+ static const uint8_t kNonsense[] = {1, 2, 3, 4, 5};
+
+ bssl::UniquePtr<CRYPTO_BUFFER> buf(
+ CRYPTO_BUFFER_new(kNonsense, sizeof(kNonsense), nullptr));
+ if (!buf) {
+ return false;
+ }
+
+ bssl::UniquePtr<X509> cert(X509_parse_from_buffer(buf.get()));
+ if (cert) {
+ fprintf(stderr, "Nonsense somehow parsed.\n");
+ return false;
+ }
+ ERR_clear_error();
+
+ // Test a buffer with trailing data.
+ size_t data_len;
+ bssl::UniquePtr<uint8_t> data;
+ if (!PEMToDER(&data, &data_len, kRootCAPEM)) {
+ return false;
+ }
+
+ std::unique_ptr<uint8_t[]> data_with_trailing_byte(new uint8_t[data_len + 1]);
+ memcpy(data_with_trailing_byte.get(), data.get(), data_len);
+ data_with_trailing_byte[data_len] = 0;
+
+ bssl::UniquePtr<CRYPTO_BUFFER> buf_with_trailing_byte(
+ CRYPTO_BUFFER_new(data_with_trailing_byte.get(), data_len + 1, nullptr));
+ if (!buf_with_trailing_byte) {
+ return false;
+ }
+
+ bssl::UniquePtr<X509> root(
+ X509_parse_from_buffer(buf_with_trailing_byte.get()));
+ if (root) {
+ fprintf(stderr, "Parsed buffer with trailing byte.\n");
+ return false;
+ }
+ ERR_clear_error();
+
+ return true;
+}
+
+int main() {
CRYPTO_library_init();
if (!TestVerify() ||
@@ -952,16 +995,11 @@
!TestFromBuffer() ||
!TestFromBufferTrailingData() ||
!TestFromBufferModified() ||
- !TestFromBufferReused()) {
+ !TestFromBufferReused() ||
+ !TestFailedParseFromBuffer()) {
return 1;
}
printf("PASS\n");
return 0;
}
-
-} // namespace bssl
-
-int main() {
- return bssl::Main();
-}
diff --git a/src/crypto/x509/x_x509.c b/src/crypto/x509/x_x509.c
index 845d4b2..d3cd5b0 100644
--- a/src/crypto/x509/x_x509.c
+++ b/src/crypto/x509/x_x509.c
@@ -106,6 +106,7 @@
ret->crldp = NULL;
ret->buf = NULL;
CRYPTO_new_ex_data(&ret->ex_data);
+ CRYPTO_MUTEX_init(&ret->lock);
break;
case ASN1_OP_D2I_PRE:
@@ -120,6 +121,7 @@
break;
case ASN1_OP_FREE_POST:
+ CRYPTO_MUTEX_cleanup(&ret->lock);
CRYPTO_free_ex_data(&g_ex_data_class, ret, &ret->ex_data);
X509_CERT_AUX_free(ret->aux);
ASN1_OCTET_STRING_free(ret->skid);
@@ -129,9 +131,7 @@
GENERAL_NAMES_free(ret->altname);
NAME_CONSTRAINTS_free(ret->nc);
CRYPTO_BUFFER_free(ret->buf);
-
- if (ret->name != NULL)
- OPENSSL_free(ret->name);
+ OPENSSL_free(ret->name);
break;
}
@@ -162,8 +162,8 @@
X509 *x509p = x509;
X509 *ret = d2i_X509(&x509p, &inp, CRYPTO_BUFFER_len(buf));
if (ret == NULL ||
- (inp - CRYPTO_BUFFER_data(buf)) != (ptrdiff_t) CRYPTO_BUFFER_len(buf)) {
- X509_free(x509);
+ inp - CRYPTO_BUFFER_data(buf) != (ptrdiff_t)CRYPTO_BUFFER_len(buf)) {
+ X509_free(x509p);
return NULL;
}
assert(x509p == x509);