[Instrumented libraries] Fix libgnutls30 build for Focal

R=thestig

Bug: 1260217
Change-Id: I7d280890ca4954f71812ab54a9c97fe4059f0336
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3268801
Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/main@{#939694}

third_party/instrumented_libraries/focal/BUILD.gn

@@ -441,6 +441,7 @@ instrumented_library("libgnutls30") {
     "--disable-guile",
     "--with-libgcrypt",
     "--with-packager=Debian",
+    "--with-included-unistring",
 
     # MSAN is not compatible with instructions such as CPUID.
     # https://github.com/google/oss-fuzz/issues/578

third_party/instrumented_libraries/focal/patches/libgnutls30.1.diff

@@ -1,12 +1,19 @@
-diff --color -rupN gnutls28-3.4.10/lib/safe-memfuncs.c gnutls28-3.4.10.new/lib/safe-memfuncs.c
---- gnutls28-3.4.10/lib/safe-memfuncs.c	2015-04-04 01:30:48.000000000 -0700
-+++ gnutls28-3.4.10.new/lib/safe-memfuncs.c	2021-09-24 16:19:27.754634473 -0700
-@@ -39,18 +39,7 @@
+diff -rup gnutls28-3.6.13/lib/safe-memfuncs.c gnutls28-3.6.13.new/lib/safe-memfuncs.c
+--- gnutls28-3.6.13/lib/safe-memfuncs.c	2020-01-01 20:10:19.000000000 +0000
++++ gnutls28-3.6.13.new/lib/safe-memfuncs.c	2021-11-08 23:20:28.486672798 +0000
+@@ -34,25 +34,7 @@
   **/
  void gnutls_memset(void *data, int c, size_t size)
  {
--	volatile unsigned volatile_zero = 0;
+-	volatile unsigned volatile_zero;
 -	volatile char *vdata = (volatile char*)data;
+-#ifdef HAVE_EXPLICIT_BZERO
+-	if (c == 0) {
+-		explicit_bzero(data, size);
+-		return;
+-	}
+-#endif
+-	volatile_zero = 0;
 -
 -	/* This is based on a nice trick for safe memset,
 -	 * sent by David Jacobson in the openssl-dev mailing list.
@@ -17,11 +24,11 @@ diff --color -rupN gnutls28-3.4.10/lib/safe-memfuncs.c gnutls28-3.4.10.new/lib/s
 -			memset(data, c, size);
 -		} while(vdata[volatile_zero] != c);
 -	}
-+    memset(data, c, size);
++  memset(data, c, size);
  }
 
  /**
-@@ -69,16 +58,7 @@ void gnutls_memset(void *data, int c, si
+@@ -71,16 +53,7 @@ void gnutls_memset(void *data, int c, si
   **/
  int gnutls_memcmp(const void *s1, const void *s2, size_t n)
  {
@@ -35,7 +42,8 @@ diff --color -rupN gnutls28-3.4.10/lib/safe-memfuncs.c gnutls28-3.4.10.new/lib/s
 -	}
 -
 -	return status;
-+    return memcmp(s1, s2, n);
++  return memcmp(s1, s2, n)
  }
 
  #ifdef TEST_SAFE_MEMSET
+Only in gnutls28-3.6.13.new/lib: safe-memfuncs.c~

third_party/instrumented_libraries/focal/patches/libgnutls30.2.diff

@@ -1,47 +1,37 @@
-diff -rup gnutls28-3.4.10.bak/lib/gnutls_mbuffers.c gnutls28-3.4.10/lib/gnutls_mbuffers.c
---- gnutls28-3.4.10.bak/lib/gnutls_mbuffers.c	2021-09-28 19:32:36.657779361 +0000
-+++ gnutls28-3.4.10/lib/gnutls_mbuffers.c	2021-09-28 19:57:20.893828258 +0000
-@@ -330,7 +330,7 @@ mbuffer_st *_mbuffer_alloc_align16(size_
+diff -rup gnutls28-3.6.13/lib/mbuffers.c gnutls28-3.6.13.new/lib/mbuffers.c
+--- gnutls28-3.6.13/lib/mbuffers.c	2020-01-01 20:11:40.000000000 +0000
++++ gnutls28-3.6.13.new/lib/mbuffers.c	2021-11-08 23:30:49.519648440 +0000
+@@ -284,7 +284,7 @@ mbuffer_st *_mbuffer_alloc(size_t maximu
  	}
 
  	/* set the structure to zero */
 -	memset(st, 0, sizeof(*st));
-+	memset(st, 0, maximum_size + sizeof(mbuffer_st) + ALIGN_SIZE);
++	memset(st, 0, maximum_size + sizeof(mbuffer_st));
 
  	/* payload points after the mbuffer_st structure */
  	st->msg.data = (uint8_t *) st + sizeof(mbuffer_st);
-diff -rup gnutls28-3.4.10.bak/lib/gnutls_state.c gnutls28-3.4.10/lib/gnutls_state.c
---- gnutls28-3.4.10.bak/lib/gnutls_state.c	2021-09-28 19:32:36.689779620 +0000
-+++ gnutls28-3.4.10/lib/gnutls_state.c	2021-09-28 19:51:38.311029189 +0000
-@@ -804,6 +804,7 @@ P_hash(gnutls_mac_algorithm_t algorithm,
- 	mac_hd_st td2;
- 	int i, times, how, blocksize, A_size;
- 	uint8_t final[MAX_HASH_SIZE], Atmp[MAX_SEED_SIZE];
-+	memset(final, 0, MAX_HASH_SIZE);
- 	int output_bytes, result;
- 	const mac_entry_st *me = mac_to_entry(algorithm);
-
-Binary files gnutls28-3.4.10.bak/lib/nettle/.libs/cipher.o and gnutls28-3.4.10/lib/nettle/.libs/cipher.o differ
-Binary files gnutls28-3.4.10.bak/lib/nettle/.libs/libcrypto.a and gnutls28-3.4.10/lib/nettle/.libs/libcrypto.a differ
-diff -rup gnutls28-3.4.10.bak/lib/nettle/cipher.c gnutls28-3.4.10/lib/nettle/cipher.c
---- gnutls28-3.4.10.bak/lib/nettle/cipher.c	2021-09-28 19:32:36.681779555 +0000
-+++ gnutls28-3.4.10/lib/nettle/cipher.c	2021-09-28 19:47:34.521036429 +0000
-@@ -664,6 +664,7 @@ wrap_nettle_cipher_aead_decrypt(void *_c
+Only in gnutls28-3.6.13.new/lib: mbuffers.c~
+diff -rup gnutls28-3.6.13/lib/nettle/cipher.c gnutls28-3.6.13.new/lib/nettle/cipher.c
+--- gnutls28-3.6.13/lib/nettle/cipher.c	2020-03-24 08:26:29.000000000 +0000
++++ gnutls28-3.6.13.new/lib/nettle/cipher.c	2021-11-08 23:24:35.104648910 +0000
+@@ -1020,6 +1020,7 @@ wrap_nettle_cipher_aead_decrypt(void *_c
  	if (ctx->cipher->aead_decrypt == NULL) {
  		/* proper AEAD cipher */
  		uint8_t tag[MAX_HASH_SIZE];
 +		memset(tag, 0, MAX_HASH_SIZE);
 
  		ctx->cipher->set_iv(ctx->ctx_ptr, nonce_size, nonce);
  		ctx->cipher->auth(ctx->ctx_ptr, auth_size, auth);
-diff -rup gnutls28-3.4.10/lib/nettle/pk.c gnutls28-3.4.10.new/lib/nettle/pk.c
---- gnutls28-3.4.10/lib/nettle/pk.c	2015-07-21 09:42:08.000000000 +0000
-+++ gnutls28-3.4.10.new/lib/nettle/pk.c	2021-09-28 20:25:00.439384325 +0000
-@@ -248,6 +248,7 @@ dh_cleanup:
+Only in gnutls28-3.6.13.new/lib/nettle: cipher.c~
+diff -rup gnutls28-3.6.13/lib/nettle/pk.c gnutls28-3.6.13.new/lib/nettle/pk.c
+--- gnutls28-3.6.13/lib/nettle/pk.c	2020-03-13 20:17:54.000000000 +0000
++++ gnutls28-3.6.13.new/lib/nettle/pk.c	2021-11-08 23:24:58.344835111 +0000
+@@ -369,6 +369,7 @@ dh_cleanup:
  	case GNUTLS_PK_EC:
  		{
  			struct ecc_scalar ecc_priv;
 +			memset(&ecc_priv, 0, sizeof(ecc_priv));
  			struct ecc_point ecc_pub;
  			const struct ecc_curve *curve;
 
+Only in gnutls28-3.6.13.new/lib/nettle: pk.c~