chore: update BoringSSL to 02be8eb1

example/pubspec.lock

@@ -198,10 +198,10 @@ packages:
     dependency: transitive
     description:
       name: matcher
-      sha256: "31bd099b47c10cd1aeb55146a2d46ce0277630ecef3f7dae54ad7873f36696cd"
+      sha256: dc0b7dc7651697ea4ff3e69ef44b0407ea32c487a39fff6a4004fa585e901861
       url: "https://pub.dev"
     source: hosted
-    version: "0.12.20"
+    version: "0.12.19"
   material_color_utilities:
     dependency: transitive
     description:
@@ -214,10 +214,10 @@ packages:
     dependency: transitive
     description:
       name: meta
-      sha256: df0c643f44ad098eb37988027a8e2b2b5a031fd3977f06bbfd3a76637e8df739
+      sha256: "1741988757a65eb6b36abe716829688cf01910bbf91c34354ff7ec1c3de2b349"
       url: "https://pub.dev"
     source: hosted
-    version: "1.18.2"
+    version: "1.18.0"
   native_toolchain_cmake:
     dependency: transitive
     description:
@@ -323,10 +323,10 @@ packages:
     dependency: transitive
     description:
       name: test_api
-      sha256: "2a122cbe059f8b610d3a5415f42e255b6c17b1f21eee1d960f31080237fb4f11"
+      sha256: "949a932224383300f01be9221c39180316445ecb8e7547f70a41a35bf421fb9e"
       url: "https://pub.dev"
     source: hosted
-    version: "0.7.12"
+    version: "0.7.11"
   typed_data:
     dependency: transitive
     description:
@@ -339,10 +339,10 @@ packages:
     dependency: transitive
     description:
       name: vector_math
-      sha256: "47a1b32ee755c3fcffa33db52a7258c137f97bdb2209a1075be847809fac4ccf"
+      sha256: d530bd74fea330e6e364cda7a85019c434070188383e1cd8d9777ee586914c5b
       url: "https://pub.dev"
     source: hosted
-    version: "2.3.0"
+    version: "2.2.0"
   vm_service:
     dependency: transitive
     description:
@@ -357,7 +357,7 @@ packages:
       path: ".."
       relative: true
     source: path
-    version: "0.6.0"
+    version: "0.6.1"
   webdriver:
     dependency: transitive
     description:

third_party/boringssl/sources.cmake

@@ -167,7 +167,6 @@ set(crypto_sources
   ${BORINGSSL_ROOT}src/crypto/rand/forkunsafe.cc
   ${BORINGSSL_ROOT}src/crypto/rand/getentropy.cc
   ${BORINGSSL_ROOT}src/crypto/rand/ios.cc
-  ${BORINGSSL_ROOT}src/crypto/rand/passive.cc
   ${BORINGSSL_ROOT}src/crypto/rand/rand.cc
   ${BORINGSSL_ROOT}src/crypto/rand/trusty.cc
   ${BORINGSSL_ROOT}src/crypto/rand/urandom.cc

third_party/boringssl/src/crypto/asn1/a_object.cc

@@ -158,12 +158,12 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a) {
     return;
   }
   if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) {
-    OPENSSL_free((void *)a->sn);
-    OPENSSL_free((void *)a->ln);
+    OPENSSL_free(const_cast<char *>(a->sn));
+    OPENSSL_free(const_cast<char *>(a->ln));
     a->sn = a->ln = nullptr;
   }
   if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
-    OPENSSL_free((void *)a->data);
+    OPENSSL_free(const_cast<uint8_t *>(a->data));
     a->data = nullptr;
     a->length = 0;
   }

third_party/boringssl/src/crypto/bcm_support.h

@@ -32,10 +32,6 @@ void CRYPTO_init_sysrand();
 // system.
 void CRYPTO_sysrand(uint8_t *buf, size_t len);
 
-// RAND_need_entropy is called whenever the BCM module has stopped because it
-// has run out of entropy.
-void RAND_need_entropy(size_t bytes_needed);
-
 // crypto_get_fork_generation returns the fork generation number for the current
 // process, or zero if not supported on the platform. The fork generation number
 // is a non-zero, strictly-monotonic counter with the property that, if queried

third_party/boringssl/src/crypto/bytestring/asn1_compat.cc

@@ -34,7 +34,6 @@ int bssl::CBB_finish_i2d(CBB *cbb, uint8_t **outp) {
   uint8_t *der;
   size_t der_len;
   if (!CBB_finish(cbb, &der, &der_len)) {
-    CBB_cleanup(cbb);
     return -1;
   }
   if (der_len > INT_MAX) {

third_party/boringssl/src/crypto/bytestring/cbb.cc

@@ -67,6 +67,7 @@ void CBB_cleanup(CBB *cbb) {
 
   if (cbb->u.base.can_resize) {
     OPENSSL_free(cbb->u.base.buf);
+    cbb->u.base.buf = nullptr;
   }
 }
 

third_party/boringssl/src/crypto/bytestring/cbs.cc

@@ -146,6 +146,8 @@ int CBS_get_u32le(CBS *cbs, uint32_t *out) {
   return 1;
 }
 
+int CBS_get_u48(CBS *cbs, uint64_t *out) { return cbs_get_u(cbs, out, 6); }
+
 int CBS_get_u64(CBS *cbs, uint64_t *out) { return cbs_get_u(cbs, out, 8); }
 
 int CBS_get_u64le(CBS *cbs, uint64_t *out) {

third_party/boringssl/src/crypto/bytestring/internal.h

@@ -64,8 +64,7 @@ OPENSSL_EXPORT int CBS_get_asn1_implicit_string(CBS *in, CBS *out,
 // CBB_finish_i2d calls |CBB_finish| on |cbb| which must have been initialized
 // with |CBB_init|. If |outp| is not NULL then the result is written to |*outp|
 // and |*outp| is advanced just past the output. It returns the number of bytes
-// in the result, whether written or not, or a negative value on error. On
-// error, it calls |CBB_cleanup| on |cbb|.
+// in the result, whether written or not, or a negative value on error.
 //
 // This function may be used to help implement legacy i2d ASN.1 functions.
 OPENSSL_EXPORT int CBB_finish_i2d(CBB *cbb, uint8_t **outp);

third_party/boringssl/src/crypto/cipher/e_aesctrhmac.cc

@@ -221,6 +221,13 @@ static int aead_aes_ctr_hmac_sha256_openv_detached(
     Span<const CRYPTO_IVEC> aadvecs) {
   const struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx =
       (struct aead_aes_ctr_hmac_sha256_ctx *)&ctx->state;
+  const uint64_t in_len_64 = bssl::iovec::TotalLength(iovecs);
+
+  if (in_len_64 >= (UINT64_C(1) << 32) * AES_BLOCK_SIZE) {
+    // This input is so large it would overflow the 32-bit block counter.
+    OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
+    return 0;
+  }
 
   if (in_tag.size() != ctx->tag_len) {
     OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);

third_party/boringssl/src/crypto/cipher/e_aesgcmsiv.cc

@@ -321,7 +321,7 @@ void aead_aes_gcm_siv_kdf(int is_128_bit,
                           uint64_t out_record_auth_key[2],
                           uint64_t out_record_enc_key[4],
                           const uint8_t nonce[12]) {
-  alignas(16) uint8_t padded_nonce[16];
+  alignas(16) uint8_t padded_nonce[16] = {0};
   OPENSSL_memcpy(padded_nonce, nonce, 12);
 
   alignas(16) uint64_t key_material[12];
@@ -972,7 +972,7 @@ int aead_aes_gcm_siv_openv_detached(const EVP_AEAD_CTX *ctx,
 
   const uint64_t in_len_64 = bssl::iovec::TotalLength(iovecs);
   if (in_tag.size() != EVP_AEAD_AES_GCM_SIV_TAG_LEN ||
-      in_len_64 > (UINT64_C(1) << 36) + AES_BLOCK_SIZE) {
+      in_len_64 > (UINT64_C(1) << 36)) {
     OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
     return 0;
   }

third_party/boringssl/src/crypto/cipher/e_rc2.cc

@@ -100,7 +100,7 @@ typedef struct rc2_key_st {
   uint16_t data[64];
 } RC2_KEY;
 
-static void RC2_encrypt(uint32_t *d, RC2_KEY *key) {
+static void rc2_encrypt(uint32_t *d, RC2_KEY *key) {
   int i, n;
   uint16_t *p0, *p1;
   uint16_t x0, x1, x2, x3, t;
@@ -144,7 +144,7 @@ static void RC2_encrypt(uint32_t *d, RC2_KEY *key) {
   d[1] = (uint32_t)(x2 & 0xffff) | ((uint32_t)(x3 & 0xffff) << 16L);
 }
 
-static void RC2_decrypt(uint32_t *d, RC2_KEY *key) {
+static void rc2_decrypt(uint32_t *d, RC2_KEY *key) {
   int i, n;
   uint16_t *p0, *p1;
   uint16_t x0, x1, x2, x3, t;
@@ -189,7 +189,7 @@ static void RC2_decrypt(uint32_t *d, RC2_KEY *key) {
   d[1] = (uint32_t)(x2 & 0xffff) | ((uint32_t)(x3 & 0xffff) << 16L);
 }
 
-static void RC2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
+static void rc2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
                             RC2_KEY *ks, uint8_t *iv, int encrypt) {
   uint32_t tin0, tin1;
   uint32_t tout0, tout1, xor0, xor1;
@@ -207,7 +207,7 @@ static void RC2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
       tin1 ^= tout1;
       tin[0] = tin0;
       tin[1] = tin1;
-      RC2_encrypt(tin, ks);
+      rc2_encrypt(tin, ks);
       tout0 = tin[0];
       l2c(tout0, out);
       tout1 = tin[1];
@@ -219,7 +219,7 @@ static void RC2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
       tin1 ^= tout1;
       tin[0] = tin0;
       tin[1] = tin1;
-      RC2_encrypt(tin, ks);
+      rc2_encrypt(tin, ks);
       tout0 = tin[0];
       l2c(tout0, out);
       tout1 = tin[1];
@@ -236,7 +236,7 @@ static void RC2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
       tin[0] = tin0;
       c2l(in, tin1);
       tin[1] = tin1;
-      RC2_decrypt(tin, ks);
+      rc2_decrypt(tin, ks);
       tout0 = tin[0] ^ xor0;
       tout1 = tin[1] ^ xor1;
       l2c(tout0, out);
@@ -249,7 +249,7 @@ static void RC2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
       tin[0] = tin0;
       c2l(in, tin1);
       tin[1] = tin1;
-      RC2_decrypt(tin, ks);
+      rc2_decrypt(tin, ks);
       tout0 = tin[0] ^ xor0;
       tout1 = tin[1] ^ xor1;
       l2cn(tout0, tout1, out, l + 8);
@@ -287,18 +287,23 @@ static const uint8_t key_table[256] = {
     0xfe, 0x7f, 0xc1, 0xad,
 };
 
-static void RC2_set_key(RC2_KEY *key, int len, const uint8_t *data, int bits) {
-  int i, j;
+static int rc2_set_key(RC2_KEY *key, size_t len, const uint8_t *data,
+                       int bits) {
+  size_t i, j;
   uint8_t *k;
-  uint16_t *ki;
   unsigned int c, d;
 
   k = (uint8_t *)&key->data[0];
   *k = 0;  // for if there is a zero length key
 
+  if (len == 0) {
+    OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH);
+    return 0;
+  }
   if (len > 128) {
     len = 128;
   }
+
   if (bits <= 0) {
     bits = 1024;
   }
@@ -326,16 +331,20 @@ static void RC2_set_key(RC2_KEY *key, int len, const uint8_t *data, int bits) {
 
   d = key_table[k[i] & c];
   k[i] = d;
-  while (i--) {
+
+  while (i > 0) {
+    --i;
     d = key_table[k[i + j] ^ d];
     k[i] = d;
   }
 
   // copy from bytes into uint16_t's
-  ki = &(key->data[63]);
-  for (i = 127; i >= 0; i -= 2) {
-    *(ki--) = ((k[i] << 8) | k[i - 1]) & 0xffff;
+  for (i = 0; i < 64; ++i) {
+    j = 63 - i;
+    key->data[j] = ((k[2 * j + 1] << 8) | k[2 * j]) & 0xffff;
   }
+
+  return 1;
 }
 
 typedef struct {
@@ -346,8 +355,10 @@ typedef struct {
 static int rc2_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
                         const uint8_t *iv, int enc) {
   EVP_RC2_KEY *rc2_key = (EVP_RC2_KEY *)ctx->cipher_data;
-  RC2_set_key(&rc2_key->ks, EVP_CIPHER_CTX_key_length(ctx), key,
-              rc2_key->key_bits);
+  if (!rc2_set_key(&rc2_key->ks, EVP_CIPHER_CTX_key_length(ctx), key,
+                   rc2_key->key_bits)) {
+    return 0;
+  }
   return 1;
 }
 
@@ -357,13 +368,13 @@ static int rc2_cbc_cipher_update(EVP_CIPHER_CTX *ctx, uint8_t *out,
   static const size_t kChunkSize = 0x10000;
 
   while (len >= kChunkSize) {
-    RC2_cbc_encrypt(in, out, kChunkSize, &key->ks, ctx->iv, ctx->encrypt);
+    rc2_cbc_encrypt(in, out, kChunkSize, &key->ks, ctx->iv, ctx->encrypt);
     len -= kChunkSize;
     in += kChunkSize;
     out += kChunkSize;
   }
   if (len) {
-    RC2_cbc_encrypt(in, out, len, &key->ks, ctx->iv, ctx->encrypt);
+    rc2_cbc_encrypt(in, out, len, &key->ks, ctx->iv, ctx->encrypt);
   }
   return 1;
 }

third_party/boringssl/src/crypto/dsa/dsa.cc

@@ -741,6 +741,7 @@ int DSA_verify(int type, const uint8_t *digest, size_t digest_len,
 int DSA_check_signature(int *out_valid, const uint8_t *digest,
                         size_t digest_len, const uint8_t *sig, size_t sig_len,
                         const DSA *dsa) {
+  *out_valid = 0;
   DSA_SIG *s = nullptr;
   int ret = 0;
   uint8_t *der = nullptr;

third_party/boringssl/src/crypto/evp/pbkdf.cc

@@ -16,6 +16,7 @@
 
 #include <string.h>
 
+#include <openssl/err.h>
 #include <openssl/hmac.h>
 
 #include "../internal.h"
@@ -34,6 +35,10 @@ int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len,
 
   uint32_t i = 1;
   size_t md_len = EVP_MD_size(digest);
+  if (key_len > ((uint64_t{1} << 32) - 1) * md_len) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_SECRET_LENGTH);
+    return 0;
+  }
   while (key_len > 0) {
     size_t todo = md_len;
     if (todo > key_len) {

third_party/boringssl/src/crypto/fipsmodule/bcm.cc

@@ -102,6 +102,7 @@ OPENSSL_CLANG_PRAGMA("clang diagnostic ignored \"-Wheader-hygiene\"")
 #include "keccak/keccak.cc.inc"
 #include "mldsa/mldsa.cc.inc"
 #include "mlkem/mlkem.cc.inc"
+#include "rand/android_entropy_client.cc.inc"
 #include "rand/ctrdrbg.cc.inc"
 #include "rand/rand.cc.inc"
 #include "rsa/padding.cc.inc"
@@ -181,8 +182,8 @@ static void BORINGSSL_maybe_set_module_text_permissions(int permission) {}
 
 #endif  // !ASAN
 
-static void
-    __attribute__((constructor)) BORINGSSL_bcm_power_on_self_test(void) {
+static void __attribute__((constructor)) BORINGSSL_bcm_power_on_self_test(
+    void) {
 #if !defined(OPENSSL_ASAN)
   // Integrity tests cannot run under ASAN because it involves reading the full
   // .text section, which triggers the global-buffer overflow detection.

third_party/boringssl/src/crypto/fipsmodule/bcm_interface.h

@@ -73,12 +73,6 @@ inline bcm_status_t bcm_as_not_approved_status(int result) {
 
 #endif  // BORINGSSL_FIPS
 
-// BCM_rand_load_entropy supplies |entropy_len| bytes of entropy to the BCM
-// module. The |want_additional_input| parameter is true iff the entropy was
-// obtained from a source other than the system, e.g. directly from the CPU.
-bcm_infallible BCM_rand_load_entropy(const uint8_t *entropy, size_t entropy_len,
-                                     int want_additional_input);
-
 // BCM_rand_bytes is the same as the public |RAND_bytes| function, other
 // than returning a bcm_infallible status indicator.
 bcm_infallible BCM_rand_bytes(uint8_t *out, size_t out_len);

third_party/boringssl/src/crypto/fipsmodule/cipher/e_aes.cc.inc

@@ -341,16 +341,14 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
       return 1;
 
     case EVP_CTRL_GCM_IV_GEN: {
-      if (gctx->iv_gen == 0 || gctx->key_set == 0) {
+      if (gctx->iv_gen == 0 || gctx->key_set == 0 || gctx->ivlen < 8) {
         return 0;
       }
       CRYPTO_gcm128_init_ctx(&gctx->key, &gctx->gcm, gctx->iv, gctx->ivlen);
       if (arg <= 0 || arg > gctx->ivlen) {
         arg = gctx->ivlen;
       }
       OPENSSL_memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
-      // Invocation field will be at least 8 bytes in size, so no need to check
-      // wrap around or increment more than last 8 bytes.
       uint8_t *ctr = gctx->iv + gctx->ivlen - 8;
       CRYPTO_store_u64_be(ctr, CRYPTO_load_u64_be(ctr) + 1);
       gctx->iv_set = 1;