Merge pull request #217 from lwthiker/upgrade-boringssl

Upgrade BoringSSL version

.github/workflows/build-and-test-make.yml

@@ -12,7 +12,7 @@ on:
 
 env:
   NSS_VERSION: nss-3.77
-  BORING_SSL_COMMIT: 3a667d10e94186fd503966f5638e134fe9fb4080
+  BORING_SSL_COMMIT: 1b7fdbd9101dedc3e0aa3fcf4ff74eacddb34ecc
 
 jobs:
   build-and-test:
@@ -54,7 +54,7 @@ jobs:
           sudo apt-get update
           sudo apt-get install build-essential pkg-config cmake ninja-build curl autoconf automake libtool
           # Chrome version dependencies
-          sudo apt-get install golang-go
+          sudo snap install go --classic
           # Needed to compile 'minicurl'
           sudo apt-get install libcurl4-openssl-dev
           # More dependencies for the tests

Dockerfile.template

@@ -97,7 +97,7 @@ RUN tar xf ${NSS_VERSION}.tar.gz && \
 {{#chrome}}
 # BoringSSL doesn't have versions. Choose a commit that is used in a stable
 # Chromium version.
-ARG BORING_SSL_COMMIT=3a667d10e94186fd503966f5638e134fe9fb4080
+ARG BORING_SSL_COMMIT=1b7fdbd9101dedc3e0aa3fcf4ff74eacddb34ecc
 RUN curl -L https://github.com/google/boringssl/archive/${BORING_SSL_COMMIT}.zip -o boringssl.zip && \
     unzip boringssl && \
     mv boringssl-${BORING_SSL_COMMIT} boringssl

Makefile.in

@@ -13,7 +13,7 @@ BROTLI_VERSION := 1.0.9
 NSS_VERSION := nss-3.92
 NSS_URL := https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_92_RTM/src/nss-3.92-with-nspr-4.35.tar.gz
  # In case this is changed, update build-and-test-make.yml as well
-BORING_SSL_COMMIT := 3a667d10e94186fd503966f5638e134fe9fb4080
+BORING_SSL_COMMIT := 1b7fdbd9101dedc3e0aa3fcf4ff74eacddb34ecc
 NGHTTP2_VERSION := nghttp2-1.56.0
 NGHTTP2_URL := https://github.com/nghttp2/nghttp2/releases/download/v1.56.0/nghttp2-1.56.0.tar.bz2
 CURL_VERSION := curl-8.1.1

chrome/Dockerfile

@@ -39,7 +39,7 @@ RUN cd brotli-${BROTLI_VERSION} && \
 
 # BoringSSL doesn't have versions. Choose a commit that is used in a stable
 # Chromium version.
-ARG BORING_SSL_COMMIT=3a667d10e94186fd503966f5638e134fe9fb4080
+ARG BORING_SSL_COMMIT=1b7fdbd9101dedc3e0aa3fcf4ff74eacddb34ecc
 RUN curl -L https://github.com/google/boringssl/archive/${BORING_SSL_COMMIT}.zip -o boringssl.zip && \
     unzip boringssl && \
     mv boringssl-${BORING_SSL_COMMIT} boringssl

chrome/Dockerfile.alpine

@@ -32,7 +32,7 @@ RUN cd brotli-${BROTLI_VERSION} && \
 
 # BoringSSL doesn't have versions. Choose a commit that is used in a stable
 # Chromium version.
-ARG BORING_SSL_COMMIT=3a667d10e94186fd503966f5638e134fe9fb4080
+ARG BORING_SSL_COMMIT=1b7fdbd9101dedc3e0aa3fcf4ff74eacddb34ecc
 RUN curl -L https://github.com/google/boringssl/archive/${BORING_SSL_COMMIT}.zip -o boringssl.zip && \
     unzip boringssl && \
     mv boringssl-${BORING_SSL_COMMIT} boringssl

chrome/patches/boringssl-old-ciphers.patch

@@ -1,31 +1,30 @@
-diff -u1 -Nar --exclude build --exclude tags boringssl-3a667d10e94186fd503966f5638e134fe9fb4080/ssl/internal.h boringssl/ssl/internal.h
---- boringssl-3a667d10e94186fd503966f5638e134fe9fb4080/ssl/internal.h	2021-11-22 19:06:04.000000000 +0200
-+++ boringssl/ssl/internal.h	2022-02-27 12:20:25.308284303 +0200
-@@ -566,4 +566,10 @@
- #define SSL_SHA1 0x00000001u
+diff -u1 -Nar --exclude build --exclude tags boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/internal.h boringssl/ssl/internal.h
+--- boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/internal.h	2023-09-27 05:13:00.000000000 +0300
++++ boringssl/ssl/internal.h	2024-02-29 20:02:32.711209565 +0200
+@@ -577,4 +577,9 @@
+ #define SSL_SHA256 0x00000002u
 +// curl-impersonate:
-+// SSL_SHA256 and SSL_SHA384 were removed in
++// SSL_SHA384 was removed in
 +// https://boringssl-review.googlesource.com/c/boringssl/+/27944/
 +// but restored to impersonate browsers with older ciphers.
-+#define SSL_SHA256 0x00000002u
 +#define SSL_SHA384 0x00000004u
  // SSL_AEAD is set for all AEADs.
--#define SSL_AEAD 0x00000002u
+-#define SSL_AEAD 0x00000004u
 +#define SSL_AEAD 0x00000008u
 
-diff -u1 -Nar --exclude build --exclude tags boringssl-3a667d10e94186fd503966f5638e134fe9fb4080/ssl/ssl_cipher.cc boringssl/ssl/ssl_cipher.cc
---- boringssl-3a667d10e94186fd503966f5638e134fe9fb4080/ssl/ssl_cipher.cc	2021-11-22 19:06:04.000000000 +0200
-+++ boringssl/ssl/ssl_cipher.cc	2022-02-27 13:54:05.378053046 +0200
-@@ -210,2 +210,33 @@
+diff -u1 -Nar --exclude build --exclude tags boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/ssl_cipher.cc boringssl/ssl/ssl_cipher.cc
+--- boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/ssl_cipher.cc	2023-09-27 05:13:00.000000000 +0300
++++ boringssl/ssl/ssl_cipher.cc	2024-02-29 20:02:32.711209565 +0200
+@@ -199,2 +199,33 @@
 
 +    // curl-impersonate: Ciphers 3C, 3D were removed in
 +    // https://boringssl-review.googlesource.com/c/boringssl/+/27944/
 +    // but restored here to impersonate browsers with older ciphers. They are
 +    // not expected to actually work; but just to be included in the TLS
 +    // Client Hello.
-+
++ 
 +    // TLS v1.2 ciphersuites
-+
++ 
 +    // Cipher 3C
 +    {
 +     TLS1_TXT_RSA_WITH_AES_128_SHA256,
@@ -50,13 +49,13 @@ diff -u1 -Nar --exclude build --exclude tags boringssl-3a667d10e94186fd503966f56
 +    },
 +
      // PSK cipher suites.
-@@ -300,2 +331,19 @@
+@@ -289,2 +320,19 @@
 
 +    // curl-impersonate: Cipher C008 was missing from BoringSSL,
 +    // probably because it is weak. Add it back from OpenSSL (ssl/s3_lib.c)
 +    // where it is called ECDHE-ECDSA-DES-CBC3-SHA.
 +    // It's not supposed to really work but just appear in the TLS client hello.
-+
++ 
 +    // Cipher C008
 +    {
 +     "ECDHE-ECDSA-DES-CBC3-SHA",
@@ -70,7 +69,7 @@ diff -u1 -Nar --exclude build --exclude tags boringssl-3a667d10e94186fd503966f56
 +    },
 +
      // Cipher C009
-@@ -324,2 +372,17 @@
+@@ -313,2 +361,17 @@
 
 +    // curl-impersonate: Cipher C012 was missing from BoringSSL,
 +    // probably because it is weak. Add it back from OpenSSL (ssl/s3_lib.c)
@@ -88,9 +87,9 @@ diff -u1 -Nar --exclude build --exclude tags boringssl-3a667d10e94186fd503966f56
 +    },
 +
      // Cipher C013
-@@ -348,2 +411,55 @@
+@@ -337,2 +400,33 @@
 
-+    // curl-impersonate: Ciphers C023, C024, C027, C028 were removed in
++    // curl-impersonate: Ciphers C023, C024, C028 were removed in
 +    // https://boringssl-review.googlesource.com/c/boringssl/+/27944/
 +    // but restored here to impersonate browsers with older ciphers. They are
 +    // not expected to actually work; but just to be included in the TLS
@@ -120,17 +119,10 @@ diff -u1 -Nar --exclude build --exclude tags boringssl-3a667d10e94186fd503966f56
 +     SSL_SHA384,
 +     SSL_HANDSHAKE_MAC_SHA384,
 +    },
-+    // Cipher C027
-+    {
-+     TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
-+     "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
-+     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
-+     SSL_kECDHE,
-+     SSL_aRSA,
-+     SSL_AES128,
-+     SSL_SHA256,
-+     SSL_HANDSHAKE_MAC_SHA256,
-+    },
++
+     // Cipher C027
+@@ -349,2 +443,14 @@
+
 +    // Cipher C028
 +    {
 +     TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
@@ -144,11 +136,107 @@ diff -u1 -Nar --exclude build --exclude tags boringssl-3a667d10e94186fd503966f56
 +    },
 +
      // GCM based TLS v1.2 ciphersuites from RFC 5289
-@@ -539,2 +655,7 @@
-     {"SHA", ~0u, ~0u, ~0u, SSL_SHA1, 0},
+@@ -555,2 +661,7 @@
+     {"SHA1", ~0u, ~0u, ~0u, SSL_SHA1, 0},
 +    // curl-impersonate:
 +    // Removed in https://boringssl-review.googlesource.com/c/boringssl/+/27944/
 +    // but restored to impersonate browsers with older ciphers.
 +    {"SHA256", ~0u, ~0u, ~0u, SSL_SHA256, 0},
 +    {"SHA384", ~0u, ~0u, ~0u, SSL_SHA384, 0},
+     {"SHA", ~0u, ~0u, ~0u, SSL_SHA1, 0},
+@@ -1170,2 +1281,10 @@
+       SSL3_CK_RSA_DES_192_CBC3_SHA & 0xffff,
++      // curl-impersonate: add legacy cipehrs.
++      TLS1_CK_RSA_WITH_AES_128_SHA256 & 0xffff,
++      TLS1_CK_RSA_WITH_AES_256_SHA256 & 0xffff,
++      0x0300C008 & 0xffff,
++      0x0300C012 & 0xffff,
++      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 & 0xffff,
++      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 & 0xffff,
++      TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 & 0xffff,
+   };
+diff -u1 -Nar --exclude build --exclude tags boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/ssl_privkey.cc boringssl/ssl/ssl_privkey.cc
+--- boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/ssl_privkey.cc	2023-09-27 05:13:00.000000000 +0300
++++ boringssl/ssl/ssl_privkey.cc	2024-02-29 21:26:15.518023534 +0200
+@@ -560,40 +560,45 @@
+
+-static int compare_uint16_t(const void *p1, const void *p2) {
+-  uint16_t u1 = *((const uint16_t *)p1);
+-  uint16_t u2 = *((const uint16_t *)p2);
+-  if (u1 < u2) {
+-    return -1;
+-  } else if (u1 > u2) {
+-    return 1;
+-  } else {
+-    return 0;
+-  }
+-}
+-
+-static bool sigalgs_unique(Span<const uint16_t> in_sigalgs) {
+-  if (in_sigalgs.size() < 2) {
+-    return true;
+-  }
+-
+-  Array<uint16_t> sigalgs;
+-  if (!sigalgs.CopyFrom(in_sigalgs)) {
+-    return false;
+-  }
+-
+-  qsort(sigalgs.data(), sigalgs.size(), sizeof(uint16_t), compare_uint16_t);
+-
+-  for (size_t i = 1; i < sigalgs.size(); i++) {
+-    if (sigalgs[i - 1] == sigalgs[i]) {
+-      OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_SIGNATURE_ALGORITHM);
+-      return false;
+-    }
+-  }
+-
+-  return true;
+-}
++// curl-impersonate: Remove the uniqueness check. Older Safari versions (15)
++// send out duplicated algorithm prefs.
++// static int compare_uint16_t(const void *p1, const void *p2) {
++//   uint16_t u1 = *((const uint16_t *)p1);
++//   uint16_t u2 = *((const uint16_t *)p2);
++//   if (u1 < u2) {
++//     return -1;
++//   } else if (u1 > u2) {
++//     return 1;
++//   } else {
++//     return 0;
++//   }
++// }
++
++// static bool sigalgs_unique(Span<const uint16_t> in_sigalgs) {
++//   if (in_sigalgs.size() < 2) {
++//     return true;
++//   }
++// 
++//   Array<uint16_t> sigalgs;
++//   if (!sigalgs.CopyFrom(in_sigalgs)) {
++//     return false;
++//   }
++// 
++//   qsort(sigalgs.data(), sigalgs.size(), sizeof(uint16_t), compare_uint16_t);
++// 
++//   for (size_t i = 1; i < sigalgs.size(); i++) {
++//     if (sigalgs[i - 1] == sigalgs[i]) {
++//       OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_SIGNATURE_ALGORITHM);
++//       return false;
++//     }
++//   }
++// 
++//   return true;
++// }
+
+ static bool set_sigalg_prefs(Array<uint16_t> *out, Span<const uint16_t> prefs) {
+-  if (!sigalgs_unique(prefs)) {
+-    return false;
+-  }
++  // curl-impersonate: Remove the uniqueness check. Older Safari versions (15)
++  // send out duplicated algorithm prefs.
++
++  // if (!sigalgs_unique(prefs)) {
++  //   return false;
++  // }