Roll src/third_party/boringssl/src 78987bb7b..5f43b12d5

https://boringssl.googlesource.com/boringssl/+log/78987bb7bb4764ca3a8b08b0a6f7bd14b53c3e4f..5f43b12d52e94b50e481bae2ccb74ab95904123d

The following commits have update notes:
  239634da1 Introduce a TRUST_TOKEN_METHOD hook to select TRUST_TOKEN variations.
  17078f21a Fix the types used in token counts.

This CL additionally pulls in
https://boringssl.googlesource.com/boringssl/+/b1086cdb12052b23b9aa64c9c632fd7a0c6dc467
which calls madvise(MADV_WIPEONFORK) on Linux. Based on
EvaluateSyscallImpl() in
sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc, it appears this
will fail with EPERM, which is fine for our purposes because it doesn't
crash. The sandbox also prohibits fork() and fork()-like clone() calls,
so we don't lose anything by not having the WIPEONFORK page.

Bug: none
Change-Id: Ib248b58622bb22f89fe90aa867d4549c1677fd83
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2186465
Commit-Queue: Steven Valdez <svaldez@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Steven Valdez <svaldez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#766846}

DEPS

@@ -205,7 +205,7 @@ vars = {
   #
   # Note this revision should be updated with
   # third_party/boringssl/roll_boringssl.py, not roll-dep.
-  'boringssl_revision': '78987bb7bb4764ca3a8b08b0a6f7bd14b53c3e4f',
+  'boringssl_revision': '5f43b12d52e94b50e481bae2ccb74ab95904123d',
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling google-toolbox-for-mac
   # and whatever else without interference from each other.

services/network/trust_tokens/boringssl_trust_token_issuance_cryptographer.cc

@@ -30,12 +30,12 @@ BoringsslTrustTokenIssuanceCryptographer::
 
 bool BoringsslTrustTokenIssuanceCryptographer::Initialize(
     int issuer_configured_batch_size) {
-  if (!base::IsValueInRangeForNumericType<uint16_t>(
-          issuer_configured_batch_size))
+  if (!base::IsValueInRangeForNumericType<size_t>(issuer_configured_batch_size))
     return false;
 
   ctx_ = bssl::UniquePtr<TRUST_TOKEN_CLIENT>(TRUST_TOKEN_CLIENT_new(
-      static_cast<uint16_t>(issuer_configured_batch_size)));
+      TRUST_TOKEN_experiment_v0(),
+      static_cast<size_t>(issuer_configured_batch_size)));
   return !!ctx_;
 }
 

services/network/trust_tokens/boringssl_trust_token_issuance_cryptographer_unittest.cc

@@ -18,6 +18,7 @@ std::string GenerateValidVerificationKey() {
       signing(TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE, 'a');
   size_t verification_len, signing_len;
   CHECK(TRUST_TOKEN_generate_key(
+      TRUST_TOKEN_experiment_v0(),
       base::as_writable_bytes(base::make_span(signing)).data(), &signing_len,
       signing.size(),
       base::as_writable_bytes(base::make_span(verification)).data(),

services/network/trust_tokens/boringssl_trust_token_redemption_cryptographer.cc

@@ -27,12 +27,12 @@ BoringsslTrustTokenRedemptionCryptographer::
 bool BoringsslTrustTokenRedemptionCryptographer::Initialize(
     int issuer_configured_batch_size,
     base::StringPiece signed_redemption_record_verification_key) {
-  if (!base::IsValueInRangeForNumericType<uint16_t>(
-          issuer_configured_batch_size))
+  if (!base::IsValueInRangeForNumericType<size_t>(issuer_configured_batch_size))
     return false;
 
   ctx_ = bssl::UniquePtr<TRUST_TOKEN_CLIENT>(TRUST_TOKEN_CLIENT_new(
-      static_cast<uint16_t>(issuer_configured_batch_size)));
+      TRUST_TOKEN_experiment_v0(),
+      static_cast<size_t>(issuer_configured_batch_size)));
   if (!ctx_)
     return false;
 

services/network/trust_tokens/test/trust_token_request_handler.cc

@@ -47,9 +47,10 @@ IssuanceKeyPair GenerateIssuanceKeyPair(int id) {
   keys.signing.resize(TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE);
   keys.verification.resize(TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE);
   size_t signing_key_len, verification_key_len;
-  TRUST_TOKEN_generate_key(keys.signing.data(), &signing_key_len,
-                           keys.signing.size(), keys.verification.data(),
-                           &verification_key_len, keys.verification.size(), id);
+  CHECK(TRUST_TOKEN_generate_key(
+      TRUST_TOKEN_experiment_v0(), keys.signing.data(), &signing_key_len,
+      keys.signing.size(), keys.verification.data(), &verification_key_len,
+      keys.verification.size(), id));
   keys.signing.resize(signing_key_len);
   keys.verification.resize(verification_key_len);
 
@@ -105,7 +106,8 @@ struct TrustTokenRequestHandler::Rep {
 
 bssl::UniquePtr<TRUST_TOKEN_ISSUER>
 TrustTokenRequestHandler::Rep::CreateIssuerContextFromUnexpiredKeys() const {
-  bssl::UniquePtr<TRUST_TOKEN_ISSUER> ret(TRUST_TOKEN_ISSUER_new(batch_size));
+  bssl::UniquePtr<TRUST_TOKEN_ISSUER> ret(
+      TRUST_TOKEN_ISSUER_new(TRUST_TOKEN_experiment_v0(), batch_size));
   if (!ret)
     return nullptr;
 
@@ -250,7 +252,7 @@ base::Optional<std::string> TrustTokenRequestHandler::Issue(
   constexpr uint8_t kPrivateMetadata = 0;
 
   ScopedBoringsslBytes decoded_issuance_response;
-  uint8_t num_tokens_issued = 0;
+  size_t num_tokens_issued = 0;
   bool ok = false;
 
   for (size_t i = 0; i < rep_->issuance_keys.size(); ++i) {

services/network/trust_tokens/trust_token_cryptographers_test.cc

@@ -61,10 +61,10 @@ TokenKeyPair GenerateTokenKeys(uint32_t key_id) {
   keys.signing.resize(TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE);
   keys.verification.resize(TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE);
   size_t signing_key_len, verification_key_len;
-  CHECK(TRUST_TOKEN_generate_key(keys.signing.data(), &signing_key_len,
-                                 keys.signing.size(), keys.verification.data(),
-                                 &verification_key_len,
-                                 keys.verification.size(), key_id));
+  CHECK(TRUST_TOKEN_generate_key(
+      TRUST_TOKEN_experiment_v0(), keys.signing.data(), &signing_key_len,
+      keys.signing.size(), keys.verification.data(), &verification_key_len,
+      keys.verification.size(), key_id));
   keys.signing.resize(signing_key_len);
   keys.verification.resize(verification_key_len);
 
@@ -130,7 +130,7 @@ void RequestManyTokensAndRetainOneArbitrarily(
 
   constexpr uint8_t kPrivateMetadata = 0;
   ScopedBoringsslBytes raw_issuance_response;
-  uint8_t num_tokens_issued;
+  size_t num_tokens_issued;
   ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
       issuer_ctx, raw_issuance_response.mutable_ptr(),
       raw_issuance_response.mutable_len(), &num_tokens_issued,
@@ -234,8 +234,8 @@ TEST(TrustTokenCryptographersTest, IssuanceAndRedemption) {
 
   // Initialization: provide the issuer context the token-signing and
   // SRR-signing keys.
-  bssl::UniquePtr<TRUST_TOKEN_ISSUER> issuer_ctx(
-      TRUST_TOKEN_ISSUER_new(/*max_batchsize=*/kNumTokensToRequest));
+  bssl::UniquePtr<TRUST_TOKEN_ISSUER> issuer_ctx(TRUST_TOKEN_ISSUER_new(
+      TRUST_TOKEN_experiment_v0(), /*max_batchsize=*/kNumTokensToRequest));
   ASSERT_TRUE(issuer_ctx);
   for (const TokenKeyPair& token_key_pair : keys.token_keys) {
     ASSERT_TRUE(TRUST_TOKEN_ISSUER_add_key(issuer_ctx.get(),
@@ -274,8 +274,8 @@ TEST(TrustTokenCryptographersTest, IssuanceAndRedemptionWithMultipleKeys) {
 
   // Initialization: provide the issuer context the token-signing and
   // SRR-signing keys.
-  bssl::UniquePtr<TRUST_TOKEN_ISSUER> issuer_ctx(
-      TRUST_TOKEN_ISSUER_new(/*max_batchsize=*/kNumTokensToRequest));
+  bssl::UniquePtr<TRUST_TOKEN_ISSUER> issuer_ctx(TRUST_TOKEN_ISSUER_new(
+      TRUST_TOKEN_experiment_v0(), /*max_batchsize=*/kNumTokensToRequest));
   ASSERT_TRUE(issuer_ctx);
   for (const TokenKeyPair& token_key_pair : keys.token_keys) {
     ASSERT_TRUE(TRUST_TOKEN_ISSUER_add_key(issuer_ctx.get(),

third_party/boringssl/BUILD.generated.gni

@@ -84,6 +84,9 @@ crypto_sources = [
   "src/crypto/cpu-intel.c",
   "src/crypto/cpu-ppc64le.c",
   "src/crypto/crypto.c",
+  "src/crypto/curve25519/curve25519.c",
+  "src/crypto/curve25519/curve25519_tables.h",
+  "src/crypto/curve25519/internal.h",
   "src/crypto/curve25519/spake25519.c",
   "src/crypto/dh/check.c",
   "src/crypto/dh/dh.c",
@@ -136,6 +139,7 @@ crypto_sources = [
   "src/crypto/fipsmodule/is_fips.c",
   "src/crypto/fipsmodule/md5/internal.h",
   "src/crypto/fipsmodule/modes/internal.h",
+  "src/crypto/fipsmodule/rand/fork_detect.h",
   "src/crypto/fipsmodule/rand/getrandom_fillin.h",
   "src/crypto/fipsmodule/rand/internal.h",
   "src/crypto/fipsmodule/rsa/internal.h",
@@ -278,11 +282,8 @@ crypto_sources = [
   "src/crypto/x509v3/v3_skey.c",
   "src/crypto/x509v3/v3_sxnet.c",
   "src/crypto/x509v3/v3_utl.c",
-  "src/third_party/fiat/curve25519.c",
   "src/third_party/fiat/curve25519_32.h",
   "src/third_party/fiat/curve25519_64.h",
-  "src/third_party/fiat/curve25519_tables.h",
-  "src/third_party/fiat/internal.h",
   "src/third_party/fiat/p256_32.h",
   "src/third_party/fiat/p256_64.h",
 ]

third_party/boringssl/BUILD.generated_tests.gni

@@ -59,6 +59,7 @@ crypto_test_sources = [
   "src/crypto/fipsmodule/md5/md5_test.cc",
   "src/crypto/fipsmodule/modes/gcm_test.cc",
   "src/crypto/fipsmodule/rand/ctrdrbg_test.cc",
+  "src/crypto/fipsmodule/rand/fork_detect_test.cc",
   "src/crypto/fipsmodule/sha/sha_test.cc",
   "src/crypto/hkdf/hkdf_test.cc",
   "src/crypto/hmac_extra/hmac_test.cc",

third_party/boringssl/err_data.c

@@ -50,8 +50,8 @@ OPENSSL_STATIC_ASSERT(ERR_LIB_HMAC == 28, "library value changed");
 OPENSSL_STATIC_ASSERT(ERR_LIB_DIGEST == 29, "library value changed");
 OPENSSL_STATIC_ASSERT(ERR_LIB_CIPHER == 30, "library value changed");
 OPENSSL_STATIC_ASSERT(ERR_LIB_HKDF == 31, "library value changed");
-OPENSSL_STATIC_ASSERT(ERR_LIB_USER == 32, "library value changed");
-OPENSSL_STATIC_ASSERT(ERR_LIB_TRUST_TOKEN == 33, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_TRUST_TOKEN == 32, "library value changed");
+OPENSSL_STATIC_ASSERT(ERR_LIB_USER == 33, "library value changed");
 OPENSSL_STATIC_ASSERT(ERR_NUM_LIBS == 34, "number of libraries changed");
 
 const uint32_t kOpenSSLReasonValues[] = {
@@ -758,21 +758,21 @@ const uint32_t kOpenSSLReasonValues[] = {
     0x783e0aa2,
     0x783e8a54,
     0x7c3211d7,
-    0x843213ed,
-    0x84328083,
-    0x84332fe1,
-    0x843380ac,
-    0x84342ff0,
-    0x8434af58,
-    0x84352f76,
-    0x8435b004,
-    0x84362fb8,
-    0x8436af67,
-    0x84372faa,
-    0x8437af45,
-    0x84382fcb,
-    0x8438af87,
-    0x84392f9c,
+    0x803213ed,
+    0x80328083,
+    0x80332fe1,
+    0x803380ac,
+    0x80342ff0,
+    0x8034af58,
+    0x80352f76,
+    0x8035b004,
+    0x80362fb8,
+    0x8036af67,
+    0x80372faa,
+    0x8037af45,
+    0x80382fcb,
+    0x8038af87,
+    0x80392f9c,
 };
 
 const size_t kOpenSSLReasonValuesLen = sizeof(kOpenSSLReasonValues) / sizeof(kOpenSSLReasonValues[0]);

third_party/boringssl/linux-x86_64/crypto/fipsmodule/ghash-x86_64.S

@@ -1119,8 +1119,6 @@ gcm_ghash_avx:
 .byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
 .L7_mask:
 .long	7,0,7,0
-.L7_mask_poly:
-.long	7,0,450,0
 .align	64
 
 .byte	71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0

third_party/boringssl/mac-x86_64/crypto/fipsmodule/ghash-x86_64.S

@@ -1118,8 +1118,6 @@ L$0x1c2_polynomial:
 .byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
 L$7_mask:
 .long	7,0,7,0
-L$7_mask_poly:
-.long	7,0,450,0
 .p2align	6
 
 .byte	71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0

third_party/boringssl/win-x86_64/crypto/fipsmodule/ghash-x86_64.asm

@@ -1177,8 +1177,6 @@ $L$0x1c2_polynomial:
 DB	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
 $L$7_mask:
 	DD	7,0,7,0
-$L$7_mask_poly:
-	DD	7,0,450,0
 ALIGN	64
 
 DB	71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52