Skip to content

Final catchup merge #415

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 37 commits into from
Sep 24, 2025
Merged

Final catchup merge #415

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
46eca5f
Fix typo in documentation for RSA private key constructors (#362)
YourMJK Jun 16, 2025
dbb4559
Make EllipticCurvePoint and ArbitraryPrecisionInteger Sendable (#366)
Lukasa Jun 19, 2025
6214426
Add static SDK CI workflow (#340)
rnro Jun 26, 2025
7416764
Enable Windows CI on main (#371)
Lukasa Jun 27, 2025
4ce1b9b
Add a PKCS#8 DER property to private keys (#372)
josephnoir Jul 2, 2025
9fb2fd8
Remove security backend (#373)
josephnoir Jul 2, 2025
93a2ebf
Add API for ARC(P-256) and deprecate ARC(P-384) (#374)
simonjbeaumont Jul 2, 2025
af6be72
CMake: Declare ASN1 dependency (#376)
etcwilde Jul 3, 2025
871f95d
Typealias CryptoKitError (#285)
0xTim Jul 7, 2025
e5f10a7
Mention Windows in README (#378)
gjcairo Jul 15, 2025
75475b8
Back out changes post-quantum changes for release (#379)
glbrntt Jul 21, 2025
9934678
build: Make swift-crypto build on Windows (#370)
Steelskin Jul 21, 2025
88b9c9b
Work around Swift compiler issue with consuming and TSAN (#384)
Lukasa Jul 22, 2025
84b1d49
Add a few more inlinability annotation (#383)
glbrntt Jul 22, 2025
64a4de0
Add some benchmarks for EC key agreement (#390)
Lukasa Jul 30, 2025
176abc2
Cache curves to avoid repeatedly reallocating state (#391)
Lukasa Jul 30, 2025
8c9d27a
Enable release mode builds in CI (#388)
josephnoir Jul 30, 2025
c68a7a7
Add Sequence conformance to AES._CBC.IV (#389) (#392)
wnagrodzki Jul 31, 2025
334e682
Add AES CMAC support (#394)
Lukasa Aug 5, 2025
2347f20
Use Thread.threadDictionary instead of TaskLocal for thread-local (#395)
simonjbeaumont Aug 8, 2025
c066b05
Improve vendor-boringssl.sh script to make it work better (#396)
xtremekforever Aug 11, 2025
b7c303d
Use Swift SDKs to generate symbols for Linux targets and armv7 (using…
xtremekforever Aug 15, 2025
d1c6b70
Avoid TSAN issue in _CryptoExtras/AES/CMAC (#402)
aryan-25 Aug 27, 2025
c462502
Move away from Foundation.Thread (#404)
Lukasa Sep 9, 2025
9552067
Fix script path in PR template (#408)
0xTim Sep 9, 2025
141f5b4
Make the tests Swift 6 ready. (#409)
Lukasa Sep 9, 2025
c661deb
Update BoringSSL to 0226f30467f540a3f62ef48d453f93927da199b6 (#406)
gwynne Sep 15, 2025
b1f7679
Buildfix OpenBSD. (#411)
3405691582 Sep 16, 2025
527fef6
Remove useless `try` to fix warnings (#412)
ptoffy Sep 22, 2025
95ba031
Enable Swift 6.2 jobs in CI (#414)
rnro Sep 22, 2025
a0df0a1
Merge remote-tracking branch 'origin/main' into cb-final-catchup-merge
Lukasa Sep 22, 2025
52668ca
Remove unneeded import
Lukasa Sep 22, 2025
a5fc067
Fixup extra cryptoextras file
Lukasa Sep 22, 2025
635e176
Return this test file
Lukasa Sep 22, 2025
aae5ab7
Re-add missing exports file
Lukasa Sep 22, 2025
23f7e74
Remove the incorrectly moved exports
Lukasa Sep 22, 2025
f52fa59
Missing header files
Lukasa Sep 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,17 @@ jobs:
linux_5_10_arguments_override: "--explicit-target-dependency-import-check error"
linux_6_0_arguments_override: "--explicit-target-dependency-import-check error"
linux_6_1_arguments_override: "--explicit-target-dependency-import-check error"
linux_6_2_arguments_override: "--explicit-target-dependency-import-check error"
linux_nightly_next_arguments_override: "--explicit-target-dependency-import-check error"
linux_nightly_main_arguments_override: "--explicit-target-dependency-import-check error"
windows_6_0_enabled: true
windows_6_1_enabled: true
windows_6_2_enabled: true
windows_nightly_next_enabled: true
windows_nightly_main_enabled: true
windows_6_0_arguments_override: "--explicit-target-dependency-import-check error"
windows_6_1_arguments_override: "--explicit-target-dependency-import-check error"
windows_6_2_arguments_override: "--explicit-target-dependency-import-check error"
windows_nightly_next_arguments_override: "--explicit-target-dependency-import-check error"
windows_nightly_main_arguments_override: "--explicit-target-dependency-import-check error"

Expand All @@ -31,6 +34,7 @@ jobs:
with:
windows_6_0_enabled: true
windows_6_1_enabled: true
windows_6_2_enabled: true
windows_nightly_next_enabled: true
windows_nightly_main_enabled: true

Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/pull_request.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,17 @@ jobs:
linux_5_10_arguments_override: "--explicit-target-dependency-import-check error"
linux_6_0_arguments_override: "--explicit-target-dependency-import-check error"
linux_6_1_arguments_override: "--explicit-target-dependency-import-check error"
linux_6_2_arguments_override: "--explicit-target-dependency-import-check error"
linux_nightly_next_arguments_override: "--explicit-target-dependency-import-check error"
linux_nightly_main_arguments_override: "--explicit-target-dependency-import-check error"
windows_6_0_enabled: true
windows_6_1_enabled: true
windows_6_2_enabled: true
windows_nightly_next_enabled: true
windows_nightly_main_enabled: true
windows_6_0_arguments_override: "--explicit-target-dependency-import-check error"
windows_6_1_arguments_override: "--explicit-target-dependency-import-check error"
windows_6_2_arguments_override: "--explicit-target-dependency-import-check error"
windows_nightly_next_arguments_override: "--explicit-target-dependency-import-check error"
windows_nightly_main_arguments_override: "--explicit-target-dependency-import-check error"

Expand All @@ -36,6 +39,7 @@ jobs:
with:
windows_6_0_enabled: true
windows_6_1_enabled: true
windows_6_2_enabled: true
windows_nightly_next_enabled: true
windows_nightly_main_enabled: true

Expand Down
2 changes: 1 addition & 1 deletion Package.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
// Sources/CCryptoBoringSSL directory. The source repository is at
// https://boringssl.googlesource.com/boringssl.
//
// BoringSSL Commit: 035e720641f385e82c72b7b0a9e1d89e58cb5ed5
// BoringSSL Commit: 0226f30467f540a3f62ef48d453f93927da199b6

import PackageDescription

Expand Down
1 change: 0 additions & 1 deletion Sources/CCryptoBoringSSL/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -255,7 +255,6 @@ add_library(CCryptoBoringSSL STATIC
"crypto/x509/x_req.cc"
"crypto/x509/x_sig.cc"
"crypto/x509/x_spki.cc"
"crypto/x509/x_val.cc"
"crypto/x509/x_x509.cc"
"crypto/x509/x_x509a.cc"
"crypto/xwing/xwing.cc"
Expand Down
123 changes: 72 additions & 51 deletions Sources/CCryptoBoringSSL/crypto/asn1/a_bitstr.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
#include <CCryptoBoringSSL_bytestring.h>
#include <CCryptoBoringSSL_err.h>
#include <CCryptoBoringSSL_mem.h>
#include <CCryptoBoringSSL_span.h>

#include "../internal.h"
#include "internal.h"
Expand Down Expand Up @@ -110,76 +111,96 @@ int asn1_marshal_bit_string(CBB *out, const ASN1_BIT_STRING *in,
CBB_flush(out);
}

ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
const unsigned char **pp, long len) {
ASN1_BIT_STRING *ret = NULL;
const unsigned char *p;
unsigned char *s;
int padding;
uint8_t padding_mask;

if (len < 1) {
static int asn1_parse_bit_string_contents(bssl::Span<const uint8_t> in,
ASN1_BIT_STRING *out) {
CBS cbs = in;
uint8_t padding;
if (!CBS_get_u8(&cbs, &padding)) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_SHORT);
goto err;
return 0;
}

if (len > INT_MAX) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_LONG);
goto err;
if (padding > 7) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
return 0;
}

if ((a == NULL) || ((*a) == NULL)) {
if ((ret = ASN1_BIT_STRING_new()) == NULL) {
return NULL;
// Unused bits in a BIT STRING must be zero.
uint8_t padding_mask = (1 << padding) - 1;
if (padding != 0) {
CBS copy = cbs;
uint8_t last;
if (!CBS_get_last_u8(&copy, &last) || (last & padding_mask) != 0) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BIT_STRING_PADDING);
return 0;
}
} else {
ret = (*a);
}

p = *pp;
padding = *(p++);
len--;
if (padding > 7) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
goto err;
if (!ASN1_STRING_set(out, CBS_data(&cbs), CBS_len(&cbs))) {
return 0;
}

// Unused bits in a BIT STRING must be zero.
padding_mask = (1 << padding) - 1;
if (padding != 0 && (len < 1 || (p[len - 1] & padding_mask) != 0)) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BIT_STRING_PADDING);
goto err;
}
out->type = V_ASN1_BIT_STRING;
// |ASN1_STRING_FLAG_BITS_LEFT| and the bottom 3 bits encode |padding|.
out->flags &= ~0x07;
out->flags |= ASN1_STRING_FLAG_BITS_LEFT | padding;
return 1;
}

// We do this to preserve the settings. If we modify the settings, via
// the _set_bit function, we will recalculate on output
ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); // clear
ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | padding); // set
ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
const unsigned char **pp, long len) {
if (len < 0) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_SHORT);
return nullptr;
}

if (len > 0) {
s = reinterpret_cast<uint8_t *>(OPENSSL_memdup(p, len));
if (s == NULL) {
goto err;
ASN1_BIT_STRING *ret = nullptr;
if (a == nullptr || *a == nullptr) {
if ((ret = ASN1_BIT_STRING_new()) == nullptr) {
return nullptr;
}
p += len;
} else {
s = NULL;
ret = *a;
}

ret->length = (int)len;
OPENSSL_free(ret->data);
ret->data = s;
ret->type = V_ASN1_BIT_STRING;
if (a != NULL) {
(*a) = ret;
if (!asn1_parse_bit_string_contents(bssl::Span(*pp, len), ret)) {
if (ret != nullptr && (a == nullptr || *a != ret)) {
ASN1_BIT_STRING_free(ret);
}
return nullptr;
}
*pp = p;

if (a != nullptr) {
*a = ret;
}
*pp += len;
return ret;
err:
if ((ret != NULL) && ((a == NULL) || (*a != ret))) {
ASN1_BIT_STRING_free(ret);
}

int asn1_parse_bit_string(CBS *cbs, ASN1_BIT_STRING *out, CBS_ASN1_TAG tag) {
tag = tag == 0 ? CBS_ASN1_BITSTRING : tag;
CBS child;
if (!CBS_get_asn1(cbs, &child, tag)) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
return 0;
}
return asn1_parse_bit_string_contents(child, out);
}

int asn1_parse_bit_string_with_bad_length(CBS *cbs, ASN1_BIT_STRING *out) {
CBS child;
CBS_ASN1_TAG tag;
size_t header_len;
int indefinite;
if (!CBS_get_any_ber_asn1_element(cbs, &child, &tag, &header_len,
/*out_ber_found=*/nullptr,
&indefinite) ||
tag != CBS_ASN1_BITSTRING || indefinite || //
!CBS_skip(&child, header_len)) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
return 0;
}
return NULL;
return asn1_parse_bit_string_contents(child, out);
}

// These next 2 functions from Goetz Babin-Ebell <[email protected]>
Expand Down
11 changes: 4 additions & 7 deletions Sources/CCryptoBoringSSL/crypto/asn1/a_bool.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,10 @@


int i2d_ASN1_BOOLEAN(ASN1_BOOLEAN a, unsigned char **outp) {
CBB cbb;
if (!CBB_init(&cbb, 3) || //
!CBB_add_asn1_bool(&cbb, a != ASN1_BOOLEAN_FALSE)) {
CBB_cleanup(&cbb);
return -1;
}
return CBB_finish_i2d(&cbb, outp);
return bssl::I2DFromCBB(
/*initial_capacity=*/3, outp, [&](CBB *cbb) -> bool {
return CBB_add_asn1_bool(cbb, a != ASN1_BOOLEAN_FALSE);
});
}

ASN1_BOOLEAN d2i_ASN1_BOOLEAN(ASN1_BOOLEAN *out, const unsigned char **inp,
Expand Down
17 changes: 17 additions & 0 deletions Sources/CCryptoBoringSSL/crypto/asn1/a_gentm.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,23 @@ int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d) {
return 1;
}

int asn1_parse_generalized_time(CBS *cbs, ASN1_GENERALIZEDTIME *out,
CBS_ASN1_TAG tag) {
tag = tag == 0 ? CBS_ASN1_GENERALIZEDTIME : tag;
CBS child;
if (!CBS_get_asn1(cbs, &child, tag) ||
!CBS_parse_generalized_time(&child, nullptr,
/*allow_timezone_offset=*/0)) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
return 0;
}
if (!ASN1_STRING_set(out, CBS_data(&child), CBS_len(&child))) {
return 0;
}
out->type = V_ASN1_GENERALIZEDTIME;
return 1;
}

int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d) {
return asn1_generalizedtime_to_tm(NULL, d);
}
Expand Down
Loading
Loading