Update supported Swift Versions and BoringSSL (vapor#72)

* Update vending scripts * Start migrating script to Python 3 * Start migrating script to Python 3 * Start migrating script to Python 3 * Start migrating script to Python 3 * Start migrating script to Python 3 * Update BoringSSL to ce2a353d0147bac03ef883d91dcd9c405ab527fa * Remove test discovery flags * Udpate tools version to 5.4 * Update CI * Fix CI
dreamIf · May 15, 2022 · 3537dd3 · 3537dd3
1 parent a07d27c
commit 3537dd3
Show file tree

Hide file tree

Showing 289 changed files with 26,640 additions and 10,049 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -12,7 +12,7 @@ jobs:
       matrix:
         dependent:
           - jwt
-    container: swift:5.2-focal
+    container: swift:5.6-focal
     steps: 
       - name: Check out JWTKit
         uses: actions/checkout@v2
@@ -29,45 +29,8 @@ jobs:
       - name: Run tests with Thread Sanitizer
         run: swift test --enable-test-discovery --sanitize=thread
         working-directory: dependent
-  linux:
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        image:
-          # 5.2 Stable
-          - swift:5.2-xenial
-          - swift:5.2-bionic
-          - swift:5.2-focal
-          - swift:5.2-centos8
-          - swift:5.2-amazonlinux2
-          # 5.2 Unstable
-          - swiftlang/swift:nightly-5.2-xenial
-          - swiftlang/swift:nightly-5.2-bionic
-          # 5.3 Unstable
-          - swiftlang/swift:nightly-5.3-xenial
-          - swiftlang/swift:nightly-5.3-bionic
-          # Master Unstable
-          - swiftlang/swift:nightly-master-xenial
-          - swiftlang/swift:nightly-master-bionic
-          - swiftlang/swift:nightly-master-focal
-          - swiftlang/swift:nightly-master-centos8
-          - swiftlang/swift:nightly-master-amazonlinux2
-    container: ${{ matrix.image }}
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v2
-      - name: Run tests with Thread Sanitizer
-        timeout-minutes: 10
-        run: swift test --enable-test-discovery --sanitize=thread
-  macOS:
-    runs-on: macos-latest
-    steps:
-      - name: Select latest available Xcode
-        uses: maxim-lobanov/[email protected]
-        with:
-          xcode-version: latest
-      - name: Check out code
-        uses: actions/checkout@v2
-      - name: Run tests with Thread Sanitizer
-        run: swift test --enable-test-discovery --sanitize=thread
+  unit-tests:
+     uses: vapor/ci/.github/workflows/run-unit-tests.yml@reusable-workflows
+     with:
+       with_coverage: false
+       with_tsan: true
diff --git a/Package.swift b/Package.swift
@@ -1,4 +1,4 @@
-// swift-tools-version:5.2
+// swift-tools-version:5.4
 import PackageDescription
 
 let package = Package(

diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/a_bitstr.c b/Sources/CJWTKitBoringSSL/crypto/asn1/a_bitstr.c
@@ -63,24 +63,25 @@
 #include <CJWTKitBoringSSL_mem.h>
 
 #include "../internal.h"
+#include "internal.h"
 
 
 int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, const unsigned char *d, int len)
 {
     return ASN1_STRING_set(x, d, len);
 }
 
-static int asn1_bit_string_length(const ASN1_BIT_STRING *str,
-                                  uint8_t *out_padding_bits) {
+int asn1_bit_string_length(const ASN1_BIT_STRING *str,
+                           uint8_t *out_padding_bits) {
     int len = str->length;
     if (str->flags & ASN1_STRING_FLAG_BITS_LEFT) {
         // If the string is already empty, it cannot have padding bits.
         *out_padding_bits = len == 0 ? 0 : str->flags & 0x07;
         return len;
     }
 
-    // TODO(davidben): If we move this logic to |ASN1_BIT_STRING_set_bit|, can
-    // we remove this representation?
+    // TODO(https://crbug.com/boringssl/447): If we move this logic to
+    // |ASN1_BIT_STRING_set_bit|, can we remove this representation?
     while (len > 0 && str->data[len - 1] == 0) {
         len--;
     }
@@ -158,33 +159,40 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
 
     p = *pp;
     padding = *(p++);
+    len--;
     if (padding > 7) {
         OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
         goto err;
     }
 
+    /* Unused bits in a BIT STRING must be zero. */
+    uint8_t padding_mask = (1 << padding) - 1;
+    if (padding != 0 &&
+        (len < 1 || (p[len - 1] & padding_mask) != 0)) {
+        OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BIT_STRING_PADDING);
+        goto err;
+    }
+
     /*
      * We do this to preserve the settings.  If we modify the settings, via
      * the _set_bit function, we will recalculate on output
      */
     ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */
     ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | padding); /* set */
 
-    if (len-- > 1) {            /* using one because of the bits left byte */
-        s = (unsigned char *)OPENSSL_malloc((int)len);
+    if (len > 0) {
+        s = OPENSSL_memdup(p, len);
         if (s == NULL) {
             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
             goto err;
         }
-        OPENSSL_memcpy(s, p, (int)len);
-        s[len - 1] &= (0xff << padding);
         p += len;
-    } else
+    } else {
         s = NULL;
+    }
 
     ret->length = (int)len;
-    if (ret->data != NULL)
-        OPENSSL_free(ret->data);
+    OPENSSL_free(ret->data);
     ret->data = s;
     ret->type = V_ASN1_BIT_STRING;
     if (a != NULL)

diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/a_bool.c b/Sources/CJWTKitBoringSSL/crypto/asn1/a_bool.c
@@ -59,7 +59,7 @@
 #include <CJWTKitBoringSSL_err.h>
 #include <CJWTKitBoringSSL_mem.h>
 
-int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
+int i2d_ASN1_BOOLEAN(ASN1_BOOLEAN a, unsigned char **pp)
 {
     int r;
     unsigned char *p, *allocated = NULL;
@@ -71,7 +71,7 @@ int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
     if (*pp == NULL) {
         if ((p = allocated = OPENSSL_malloc(r)) == NULL) {
             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
-            return 0;
+            return -1;
         }
     } else {
         p = *pp;
@@ -88,36 +88,35 @@ int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
     return r;
 }
 
-int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
-{
-    int ret = -1;
-    const unsigned char *p;
+ASN1_BOOLEAN d2i_ASN1_BOOLEAN(ASN1_BOOLEAN *a, const unsigned char **pp,
+                              long length) {
+    const unsigned char *p = *pp;
     long len;
     int inf, tag, xclass;
-    int i = 0;
-
-    p = *pp;
     inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
     if (inf & 0x80) {
-        i = ASN1_R_BAD_OBJECT_HEADER;
-        goto err;
+        OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_OBJECT_HEADER);
+        return -1;
     }
 
-    if (tag != V_ASN1_BOOLEAN) {
-        i = ASN1_R_EXPECTING_A_BOOLEAN;
-        goto err;
+    if (inf & V_ASN1_CONSTRUCTED) {
+        OPENSSL_PUT_ERROR(ASN1, ASN1_R_TYPE_NOT_PRIMITIVE);
+        return -1;
+    }
+
+    if (tag != V_ASN1_BOOLEAN || xclass != V_ASN1_UNIVERSAL) {
+      OPENSSL_PUT_ERROR(ASN1, ASN1_R_EXPECTING_A_BOOLEAN);
+      return -1;
     }
 
     if (len != 1) {
-        i = ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
-        goto err;
+        OPENSSL_PUT_ERROR(ASN1, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+        return -1;
     }
-    ret = (int)*(p++);
-    if (a != NULL)
+    ASN1_BOOLEAN ret = (ASN1_BOOLEAN)*(p++);
+    if (a != NULL) {
         (*a) = ret;
+    }
     *pp = p;
-    return (ret);
- err:
-    OPENSSL_PUT_ERROR(ASN1, i);
-    return (ret);
+    return ret;
 }