Merge pull request #217 from lwthiker/upgrade-boringssl

Upgrade BoringSSL version
2025-04-27 07:36:47 +00:00 · 2024-03-02 19:16:20 +02:00 · 2024-03-02 19:16:20 +02:00 · 7a043aac03
commit 7a043aac03
parent 094ad0b709 6d04ffee27
6 changed files with 126 additions and 38 deletions
--- a/.github/workflows/build-and-test-make.yml
+++ b/.github/workflows/build-and-test-make.yml
@ -12,7 +12,7 @@ on:

 env:
  NSS_VERSION: nss-3.77
-  BORING_SSL_COMMIT: 3a667d10e94186fd503966f5638e134fe9fb4080
+  BORING_SSL_COMMIT: 1b7fdbd9101dedc3e0aa3fcf4ff74eacddb34ecc

 jobs:
  build-and-test:
@ -54,7 +54,7 @@ jobs:
          sudo apt-get update
          sudo apt-get install build-essential pkg-config cmake ninja-build curl autoconf automake libtool
          # Chrome version dependencies
-          sudo apt-get install golang-go
+          sudo snap install go --classic
          # Needed to compile 'minicurl'
          sudo apt-get install libcurl4-openssl-dev
          # More dependencies for the tests
--- a/Dockerfile.template
+++ b/Dockerfile.template
@ -97,7 +97,7 @@ RUN tar xf ${NSS_VERSION}.tar.gz && \
 {{#chrome}}
 # BoringSSL doesn't have versions. Choose a commit that is used in a stable
 # Chromium version.
-ARG BORING_SSL_COMMIT=3a667d10e94186fd503966f5638e134fe9fb4080
+ARG BORING_SSL_COMMIT=1b7fdbd9101dedc3e0aa3fcf4ff74eacddb34ecc
 RUN curl -L https://github.com/google/boringssl/archive/${BORING_SSL_COMMIT}.zip -o boringssl.zip && \
    unzip boringssl && \
    mv boringssl-${BORING_SSL_COMMIT} boringssl
--- a/Makefile.in
+++ b/Makefile.in
@ -13,7 +13,7 @@ BROTLI_VERSION := 1.0.9
 NSS_VERSION := nss-3.92
 NSS_URL := https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_92_RTM/src/nss-3.92-with-nspr-4.35.tar.gz
 # In case this is changed, update build-and-test-make.yml as well
-BORING_SSL_COMMIT := 3a667d10e94186fd503966f5638e134fe9fb4080
+BORING_SSL_COMMIT := 1b7fdbd9101dedc3e0aa3fcf4ff74eacddb34ecc
 NGHTTP2_VERSION := nghttp2-1.56.0
 NGHTTP2_URL := https://github.com/nghttp2/nghttp2/releases/download/v1.56.0/nghttp2-1.56.0.tar.bz2
 CURL_VERSION := curl-8.1.1
--- a/chrome/Dockerfile
+++ b/chrome/Dockerfile
@ -39,7 +39,7 @@ RUN cd brotli-${BROTLI_VERSION} && \

 # BoringSSL doesn't have versions. Choose a commit that is used in a stable
 # Chromium version.
-ARG BORING_SSL_COMMIT=3a667d10e94186fd503966f5638e134fe9fb4080
+ARG BORING_SSL_COMMIT=1b7fdbd9101dedc3e0aa3fcf4ff74eacddb34ecc
 RUN curl -L https://github.com/google/boringssl/archive/${BORING_SSL_COMMIT}.zip -o boringssl.zip && \
    unzip boringssl && \
    mv boringssl-${BORING_SSL_COMMIT} boringssl
--- a/chrome/Dockerfile.alpine
+++ b/chrome/Dockerfile.alpine
@ -32,7 +32,7 @@ RUN cd brotli-${BROTLI_VERSION} && \

 # BoringSSL doesn't have versions. Choose a commit that is used in a stable
 # Chromium version.
-ARG BORING_SSL_COMMIT=3a667d10e94186fd503966f5638e134fe9fb4080
+ARG BORING_SSL_COMMIT=1b7fdbd9101dedc3e0aa3fcf4ff74eacddb34ecc
 RUN curl -L https://github.com/google/boringssl/archive/${BORING_SSL_COMMIT}.zip -o boringssl.zip && \
    unzip boringssl && \
    mv boringssl-${BORING_SSL_COMMIT} boringssl
--- a/chrome/patches/boringssl-old-ciphers.patch
+++ b/chrome/patches/boringssl-old-ciphers.patch
@ -1,31 +1,30 @@
-diff -u1 -Nar --exclude build --exclude tags boringssl-3a667d10e94186fd503966f5638e134fe9fb4080/ssl/internal.h boringssl/ssl/internal.h
--- boringssl-3a667d10e94186fd503966f5638e134fe9fb4080/ssl/internal.h	2021-11-22 19:06:04.000000000 +0200
-+++ boringssl/ssl/internal.h	2022-02-27 12:20:25.308284303 +0200
-@@ -566,4 +566,10 @@
- #define SSL_SHA1 0x00000001u
+diff -u1 -Nar --exclude build --exclude tags boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/internal.h boringssl/ssl/internal.h
+--- boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/internal.h	2023-09-27 05:13:00.000000000 +0300
+++ boringssl/ssl/internal.h	2024-02-29 20:02:32.711209565 +0200
+@@ -577,4 +577,9 @@
+ #define SSL_SHA256 0x00000002u
 +// curl-impersonate:
-+// SSL_SHA256 and SSL_SHA384 were removed in
+// SSL_SHA384 was removed in
 +// https://boringssl-review.googlesource.com/c/boringssl/+/27944/
 +// but restored to impersonate browsers with older ciphers.
-+#define SSL_SHA256 0x00000002u
 +#define SSL_SHA384 0x00000004u
 // SSL_AEAD is set for all AEADs.
-#define SSL_AEAD 0x00000002u
+-#define SSL_AEAD 0x00000004u
 +#define SSL_AEAD 0x00000008u
 
-diff -u1 -Nar --exclude build --exclude tags boringssl-3a667d10e94186fd503966f5638e134fe9fb4080/ssl/ssl_cipher.cc boringssl/ssl/ssl_cipher.cc
--- boringssl-3a667d10e94186fd503966f5638e134fe9fb4080/ssl/ssl_cipher.cc	2021-11-22 19:06:04.000000000 +0200
-+++ boringssl/ssl/ssl_cipher.cc	2022-02-27 13:54:05.378053046 +0200
-@@ -210,2 +210,33 @@
+diff -u1 -Nar --exclude build --exclude tags boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/ssl_cipher.cc boringssl/ssl/ssl_cipher.cc
+--- boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/ssl_cipher.cc	2023-09-27 05:13:00.000000000 +0300
+++ boringssl/ssl/ssl_cipher.cc	2024-02-29 20:02:32.711209565 +0200
+@@ -199,2 +199,33 @@
 
 +    // curl-impersonate: Ciphers 3C, 3D were removed in
 +    // https://boringssl-review.googlesource.com/c/boringssl/+/27944/
 +    // but restored here to impersonate browsers with older ciphers. They are
 +    // not expected to actually work; but just to be included in the TLS
 +    // Client Hello.
-+
+ 
 +    // TLS v1.2 ciphersuites
-+
+ 
 +    // Cipher 3C
 +    {
 +     TLS1_TXT_RSA_WITH_AES_128_SHA256,
@ -50,13 +49,13 @@ diff -u1 -Nar --exclude build --exclude tags boringssl-3a667d10e94186fd503966f56
 +    },
 +
     // PSK cipher suites.
-@@ -300,2 +331,19 @@
+@@ -289,2 +320,19 @@
 
 +    // curl-impersonate: Cipher C008 was missing from BoringSSL,
 +    // probably because it is weak. Add it back from OpenSSL (ssl/s3_lib.c)
 +    // where it is called ECDHE-ECDSA-DES-CBC3-SHA.
 +    // It's not supposed to really work but just appear in the TLS client hello.
-+
+ 
 +    // Cipher C008
 +    {
 +     "ECDHE-ECDSA-DES-CBC3-SHA",
@ -70,7 +69,7 @@ diff -u1 -Nar --exclude build --exclude tags boringssl-3a667d10e94186fd503966f56
 +    },
 +
     // Cipher C009
-@@ -324,2 +372,17 @@
+@@ -313,2 +361,17 @@
 
 +    // curl-impersonate: Cipher C012 was missing from BoringSSL,
 +    // probably because it is weak. Add it back from OpenSSL (ssl/s3_lib.c)
@ -88,9 +87,9 @@ diff -u1 -Nar --exclude build --exclude tags boringssl-3a667d10e94186fd503966f56
 +    },
 +
     // Cipher C013
-@@ -348,2 +411,55 @@
+@@ -337,2 +400,33 @@
 
-+    // curl-impersonate: Ciphers C023, C024, C027, C028 were removed in
+    // curl-impersonate: Ciphers C023, C024, C028 were removed in
 +    // https://boringssl-review.googlesource.com/c/boringssl/+/27944/
 +    // but restored here to impersonate browsers with older ciphers. They are
 +    // not expected to actually work; but just to be included in the TLS
@ -120,17 +119,10 @@ diff -u1 -Nar --exclude build --exclude tags boringssl-3a667d10e94186fd503966f56
 +     SSL_SHA384,
 +     SSL_HANDSHAKE_MAC_SHA384,
 +    },
-+    // Cipher C027
-+    {
-+     TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
-+     "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
-+     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
-+     SSL_kECDHE,
-+     SSL_aRSA,
-+     SSL_AES128,
-+     SSL_SHA256,
-+     SSL_HANDSHAKE_MAC_SHA256,
-+    },
+
+     // Cipher C027
+@@ -349,2 +443,14 @@
+ 
 +    // Cipher C028
 +    {
 +     TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
@ -144,11 +136,107 @@ diff -u1 -Nar --exclude build --exclude tags boringssl-3a667d10e94186fd503966f56
 +    },
 +
     // GCM based TLS v1.2 ciphersuites from RFC 5289
-@@ -539,2 +655,7 @@
-     {"SHA", ~0u, ~0u, ~0u, SSL_SHA1, 0},
+@@ -555,2 +661,7 @@
+     {"SHA1", ~0u, ~0u, ~0u, SSL_SHA1, 0},
 +    // curl-impersonate:
 +    // Removed in https://boringssl-review.googlesource.com/c/boringssl/+/27944/
 +    // but restored to impersonate browsers with older ciphers.
 +    {"SHA256", ~0u, ~0u, ~0u, SSL_SHA256, 0},
 +    {"SHA384", ~0u, ~0u, ~0u, SSL_SHA384, 0},
+     {"SHA", ~0u, ~0u, ~0u, SSL_SHA1, 0},
+@@ -1170,2 +1281,10 @@
+       SSL3_CK_RSA_DES_192_CBC3_SHA & 0xffff,
+      // curl-impersonate: add legacy cipehrs.
+      TLS1_CK_RSA_WITH_AES_128_SHA256 & 0xffff,
+      TLS1_CK_RSA_WITH_AES_256_SHA256 & 0xffff,
+      0x0300C008 & 0xffff,
+      0x0300C012 & 0xffff,
+      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 & 0xffff,
+      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 & 0xffff,
+      TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 & 0xffff,
+   };
+diff -u1 -Nar --exclude build --exclude tags boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/ssl_privkey.cc boringssl/ssl/ssl_privkey.cc
+--- boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/ssl_privkey.cc	2023-09-27 05:13:00.000000000 +0300
+++ boringssl/ssl/ssl_privkey.cc	2024-02-29 21:26:15.518023534 +0200
+@@ -560,40 +560,45 @@
+ 
+-static int compare_uint16_t(const void *p1, const void *p2) {
+-  uint16_t u1 = *((const uint16_t *)p1);
+-  uint16_t u2 = *((const uint16_t *)p2);
+-  if (u1 < u2) {
+-    return -1;
+-  } else if (u1 > u2) {
+-    return 1;
+-  } else {
+-    return 0;
+-  }
+-}
+-
+-static bool sigalgs_unique(Span<const uint16_t> in_sigalgs) {
+-  if (in_sigalgs.size() < 2) {
+-    return true;
+-  }
+-
+-  Array<uint16_t> sigalgs;
+-  if (!sigalgs.CopyFrom(in_sigalgs)) {
+-    return false;
+-  }
+-
+-  qsort(sigalgs.data(), sigalgs.size(), sizeof(uint16_t), compare_uint16_t);
+-
+-  for (size_t i = 1; i < sigalgs.size(); i++) {
+-    if (sigalgs[i - 1] == sigalgs[i]) {
+-      OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_SIGNATURE_ALGORITHM);
+-      return false;
+-    }
+-  }
+-
+-  return true;
+-}
+// curl-impersonate: Remove the uniqueness check. Older Safari versions (15)
+// send out duplicated algorithm prefs.
+// static int compare_uint16_t(const void *p1, const void *p2) {
+//   uint16_t u1 = *((const uint16_t *)p1);
+//   uint16_t u2 = *((const uint16_t *)p2);
+//   if (u1 < u2) {
+//     return -1;
+//   } else if (u1 > u2) {
+//     return 1;
+//   } else {
+//     return 0;
+//   }
+// }
+
+// static bool sigalgs_unique(Span<const uint16_t> in_sigalgs) {
+//   if (in_sigalgs.size() < 2) {
+//     return true;
+//   }
+// 
+//   Array<uint16_t> sigalgs;
+//   if (!sigalgs.CopyFrom(in_sigalgs)) {
+//     return false;
+//   }
+// 
+//   qsort(sigalgs.data(), sigalgs.size(), sizeof(uint16_t), compare_uint16_t);
+// 
+//   for (size_t i = 1; i < sigalgs.size(); i++) {
+//     if (sigalgs[i - 1] == sigalgs[i]) {
+//       OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_SIGNATURE_ALGORITHM);
+//       return false;
+//     }
+//   }
+// 
+//   return true;
+// }
+ 
+ static bool set_sigalg_prefs(Array<uint16_t> *out, Span<const uint16_t> prefs) {
+-  if (!sigalgs_unique(prefs)) {
+-    return false;
+-  }
+  // curl-impersonate: Remove the uniqueness check. Older Safari versions (15)
+  // send out duplicated algorithm prefs.
+
+  // if (!sigalgs_unique(prefs)) {
+  //   return false;
+  // }