aws-crt 0.1.9 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/auth.h +1 -0
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/aws_imds_client.h +5 -0
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/credentials.h +5 -0
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/private/aws_signing.h +1 -0
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/private/credentials_utils.h +2 -0
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/signing_config.h +1 -0
- data/aws-crt-ffi/crt/aws-c-auth/source/auth.c +3 -1
- data/aws-crt-ffi/crt/aws-c-auth/source/aws_imds_client.c +146 -63
- data/aws-crt-ffi/crt/aws-c-auth/source/aws_signing.c +41 -19
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_provider_imds.c +1 -0
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_utils.c +1 -0
- data/aws-crt-ffi/crt/aws-c-auth/source/signable_http_request.c +2 -1
- data/aws-crt-ffi/crt/aws-c-auth/source/signing_config.c +25 -0
- data/aws-crt-ffi/crt/aws-c-auth/tests/CMakeLists.txt +3 -0
- data/aws-crt-ffi/crt/aws-c-auth/tests/aws_imds_client_test.c +197 -31
- data/aws-crt-ffi/crt/aws-c-auth/tests/credentials_provider_imds_tests.c +16 -18
- data/aws-crt-ffi/crt/aws-c-auth/tests/sigv4_signing_tests.c +3 -1
- data/aws-crt-ffi/crt/aws-c-cal/include/aws/cal/private/opensslcrypto_common.h +22 -0
- data/aws-crt-ffi/crt/aws-c-cal/source/darwin/commoncrypto_aes.c +46 -17
- data/aws-crt-ffi/crt/aws-c-cal/source/unix/openssl_aes.c +1 -0
- data/aws-crt-ffi/crt/aws-c-cal/source/unix/openssl_platform_init.c +7 -0
- data/aws-crt-ffi/crt/aws-c-cal/source/unix/openssl_rsa.c +59 -2
- data/aws-crt-ffi/crt/aws-c-cal/source/unix/opensslcrypto_ecc.c +1 -0
- data/aws-crt-ffi/crt/aws-c-common/CMakeLists.txt +13 -1
- data/aws-crt-ffi/crt/aws-c-common/THIRD-PARTY-LICENSES.txt +28 -7
- data/aws-crt-ffi/crt/aws-c-common/bin/system_info/CMakeLists.txt +18 -0
- data/aws-crt-ffi/crt/aws-c-common/bin/system_info/print_system_info.c +48 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/allocator.h +23 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/byte_buf.h +12 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/cross_process_lock.h +35 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/hash_table.h +1 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/priority_queue.h +24 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/private/system_info_priv.h +37 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/system_info.h +47 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/system_resource_util.h +30 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/testing/aws_test_harness.h +3 -2
- data/aws-crt-ffi/crt/aws-c-common/source/allocator.c +64 -13
- data/aws-crt-ffi/crt/aws-c-common/source/android/logging.c +14 -0
- data/aws-crt-ffi/crt/aws-c-common/source/common.c +3 -3
- data/aws-crt-ffi/crt/aws-c-common/source/file.c +96 -35
- data/aws-crt-ffi/crt/aws-c-common/source/linux/system_info.c +24 -0
- data/aws-crt-ffi/crt/aws-c-common/source/memtrace.c +10 -3
- data/aws-crt-ffi/crt/aws-c-common/source/platform_fallback_stubs/system_info.c +21 -0
- data/aws-crt-ffi/crt/aws-c-common/source/posix/cross_process_lock.c +141 -0
- data/aws-crt-ffi/crt/aws-c-common/source/posix/system_info.c +1 -1
- data/aws-crt-ffi/crt/aws-c-common/source/posix/system_resource_utils.c +32 -0
- data/aws-crt-ffi/crt/aws-c-common/source/priority_queue.c +24 -0
- data/aws-crt-ffi/crt/aws-c-common/source/system_info.c +80 -0
- data/aws-crt-ffi/crt/aws-c-common/source/task_scheduler.c +2 -2
- data/aws-crt-ffi/crt/aws-c-common/source/windows/cross_process_lock.c +93 -0
- data/aws-crt-ffi/crt/aws-c-common/source/windows/system_resource_utils.c +31 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/CMakeLists.txt +16 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/alloc_test.c +83 -22
- data/aws-crt-ffi/crt/aws-c-common/tests/cross_process_lock_tests.c +116 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/file_test.c +103 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/priority_queue_test.c +36 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/system_info_tests.c +19 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/system_resource_util_test.c +37 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/connection.h +9 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/http.h +1 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/connection_impl.h +5 -4
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/connection_manager_system_vtable.h +10 -18
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/proxy_impl.h +5 -1
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/request_response_impl.h +5 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/request_response.h +10 -0
- data/aws-crt-ffi/crt/aws-c-http/source/connection.c +5 -2
- data/aws-crt-ffi/crt/aws-c-http/source/connection_manager.c +22 -21
- data/aws-crt-ffi/crt/aws-c-http/source/h1_connection.c +102 -17
- data/aws-crt-ffi/crt/aws-c-http/source/h1_stream.c +1 -0
- data/aws-crt-ffi/crt/aws-c-http/source/http.c +3 -0
- data/aws-crt-ffi/crt/aws-c-http/source/proxy_connection.c +2 -2
- data/aws-crt-ffi/crt/aws-c-http/tests/CMakeLists.txt +2 -0
- data/aws-crt-ffi/crt/aws-c-http/tests/test_connection_manager.c +18 -18
- data/aws-crt-ffi/crt/aws-c-http/tests/test_h1_client.c +111 -1
- data/aws-crt-ffi/crt/aws-c-http/tests/test_proxy.c +2 -2
- data/aws-crt-ffi/crt/aws-c-http/tests/test_stream_manager.c +2 -2
- data/aws-crt-ffi/crt/aws-c-io/include/aws/io/retry_strategy.h +1 -1
- data/aws-crt-ffi/crt/aws-c-io/source/exponential_backoff_retry_strategy.c +1 -1
- data/aws-crt-ffi/crt/aws-c-io/source/pkcs11_tls_op_handler.c +2 -4
- data/aws-crt-ffi/crt/aws-lc/CMakeLists.txt +16 -8
- data/aws-crt-ffi/crt/aws-lc/cmake/go.cmake +6 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/CMakeLists.txt +6 -9
- data/aws-crt-ffi/crt/aws-lc/crypto/asn1/a_time.c +34 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/asn1/a_utctm.c +4 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/asn1/asn1_test.cc +41 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/bio_mem.c +6 -7
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/bio_test.cc +152 -16
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/connect.c +6 -12
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/fd.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/file.c +20 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/socket.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/socket_helper.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/blake2/blake2.c +11 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/bytestring/cbb.c +13 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/bytestring/cbs.c +9 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/chacha/asm/chacha-armv8.pl +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/chacha/chacha.c +49 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/chacha/chacha_test.cc +110 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/chacha/internal.h +8 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/compiler_test.cc +4 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/conf/conf_test.cc +1 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/crypto_test.cc +9 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/curve25519.c +189 -108
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/curve25519_nohw.c +78 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/ed25519_test.cc +9 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/internal.h +24 -10
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/spake25519.c +4 -4
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/x25519_test.cc +80 -11
- data/aws-crt-ffi/crt/aws-lc/crypto/decrepit/evp/evp_do_all.c +2 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/digest_extra/digest_extra.c +8 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/digest_extra/digest_test.cc +110 -45
- data/aws-crt-ffi/crt/aws-lc/crypto/dsa/dsa_test.cc +8 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/dsa/internal.h +18 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/dynamic_loading_test.c +8 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/ec_extra/ec_derive.c +4 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/ec_extra/hash_to_curve.c +6 -18
- data/aws-crt-ffi/crt/aws-lc/crypto/endian_test.cc +308 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/err/ssl.errordata +2 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/evp_extra_test.cc +2 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/evp_test.cc +11 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/evp_tests.txt +25 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/p_ec_asn1.c +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/p_kem.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/p_rsa_asn1.c +1 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/print.c +7 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/scrypt.c +13 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/CMakeLists.txt +13 -4
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/aes/aes_nohw.c +18 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bcm.c +12 -4
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/bn_assert_test.cc +77 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/bn_test.cc +30 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/bytes.c +112 -22
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/div.c +12 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/exponentiation.c +54 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/gcd.c +5 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/internal.h +37 -15
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/montgomery.c +4 -11
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/montgomery_inv.c +51 -15
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/cipher/aead.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/digest/digest.c +29 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/digest/digests.c +89 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/digest/internal.h +4 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec.c +19 -36
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec_key.c +3 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec_montgomery.c +9 -7
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec_test.cc +33 -9
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/internal.h +17 -12
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p224-64.c +5 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p256-nistz.c +8 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p256.c +9 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p384.c +33 -16
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p521.c +14 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/scalar.c +26 -24
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/simple_mul.c +8 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/wnaf.c +3 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ecdsa/ecdsa.c +9 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/evp/evp.c +43 -12
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/evp/p_ec.c +4 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/hmac/hmac.c +3 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/modes/xts.c +26 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/cpu_jitter_test.cc +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/internal.h +20 -11
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/rand.c +10 -10
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/urandom.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/internal.h +59 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/padding.c +9 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/rsa.c +7 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/rsa_impl.c +51 -60
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/service_indicator/service_indicator.c +5 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/service_indicator/service_indicator_test.cc +205 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/asm/sha1-armv8.pl +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/asm/sha512-armv8.pl +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/internal.h +8 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/sha3.c +37 -15
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/sha3_test.cc +115 -110
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/sha512.c +55 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sshkdf/sshkdf.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/hmac_extra/hmac_test.cc +12 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/hmac_extra/hmac_tests.txt +10 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/hrss/asm/poly_rq_mul.S +2 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/impl_dispatch_test.cc +9 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/internal.h +90 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/kem/kem.c +28 -27
- data/aws-crt-ffi/crt/aws-lc/crypto/kyber/kem_kyber.h +14 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/obj/obj_dat.h +52 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/obj/obj_mac.num +5 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/obj/objects.txt +7 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/arm-xlate.pl +3 -14
- data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/ppc-xlate.pl +1 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/x86_64-xlate.pl +4 -15
- data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/x86asm.pl +4 -13
- data/aws-crt-ffi/crt/aws-lc/crypto/poly1305/poly1305_arm_asm.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/deterministic.c +4 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/fuchsia.c +4 -4
- data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/rand_test.cc +0 -63
- data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/windows.c +41 -19
- data/aws-crt-ffi/crt/aws-lc/crypto/rsa_extra/rsa_test.cc +3 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/siphash/siphash.c +12 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/siphash/siphash_test.cc +5 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/stack/stack.c +68 -46
- data/aws-crt-ffi/crt/aws-lc/crypto/trust_token/pmbtoken.c +4 -4
- data/aws-crt-ffi/crt/aws-lc/crypto/trust_token/voprf.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/by_dir.c +0 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/internal.h +4 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_lu.c +33 -9
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_test.cc +87 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_trs.c +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_vfy.c +35 -13
- data/aws-crt-ffi/crt/aws-lc/crypto/x509v3/v3_lib.c +2 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/x509v3/v3_purp.c +4 -6
- data/aws-crt-ffi/crt/aws-lc/generated-src/crypto_test_data.cc +179 -151
- data/aws-crt-ffi/crt/aws-lc/generated-src/err_data.c +353 -349
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/chacha/chacha-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/aesv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/aesv8-gcm-armv8-unroll8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/aesv8-gcm-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/armv8-mont.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/bn-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/ghash-neon-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/ghashv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/keccak1600-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/md5-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/p256-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/sha1-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/sha256-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/sha512-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/vpaes-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/test/trampoline-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/chacha/chacha-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/aesv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/armv4-mont.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/bsaes-armv7.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/ghash-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/ghashv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/sha1-armv4-large.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/sha256-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/sha512-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/vpaes-armv7.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/test/trampoline-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/chacha/chacha-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/aesv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/aesv8-gcm-armv8-unroll8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/aesv8-gcm-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/armv8-mont.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/bn-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/ghash-neon-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/ghashv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/keccak1600-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/md5-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/p256-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/sha1-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/sha256-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/sha512-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/vpaes-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/test/trampoline-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/chacha/chacha-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/aesv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/armv4-mont.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/bsaes-armv7.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/ghash-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/ghashv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/sha1-armv4-large.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/sha256-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/sha512-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/vpaes-armv7.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/test/trampoline-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-ppc64le/crypto/fipsmodule/aesp8-ppc.S +1 -5
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-ppc64le/crypto/fipsmodule/ghashp8-ppc.S +1 -5
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-ppc64le/crypto/test/trampoline-ppc.S +1 -5
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/chacha/chacha-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/aesni-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/bn-586.S +4 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/co-586.S +4 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/ghash-ssse3-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/ghash-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/md5-586.S +4 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/sha1-586.S +4 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/sha256-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/sha512-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/vpaes-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/x86-mont.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/test/trampoline-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/chacha/chacha-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/aesni-sha1-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/aesni-sha256-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-gcm-avx512.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-xts-avx512.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/ghash-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/md5-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/sha1-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/sha256-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/sha512-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/x86_64-mont.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/test/trampoline-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/chacha/chacha-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/aesni-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/bn-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/co-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/ghash-ssse3-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/ghash-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/md5-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/sha1-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/sha256-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/sha512-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/vpaes-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/x86-mont.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/test/trampoline-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/chacha/chacha-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/aesni-sha1-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/aesni-sha256-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-gcm-avx512.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-xts-avx512.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/ghash-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/md5-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/sha1-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/sha256-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/sha512-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/x86_64-mont.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/test/trampoline-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/chacha/chacha-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/aesv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/aesv8-gcm-armv8-unroll8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/aesv8-gcm-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/armv8-mont.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/bn-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/ghash-neon-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/ghashv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/keccak1600-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/md5-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/p256-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/sha1-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/sha256-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/sha512-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/vpaes-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/test/trampoline-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/go.mod +4 -4
- data/aws-crt-ffi/crt/aws-lc/go.sum +8 -10
- data/aws-crt-ffi/crt/aws-lc/include/openssl/aead.h +2 -2
- data/aws-crt-ffi/crt/aws-lc/include/openssl/arm_arch.h +4 -119
- data/aws-crt-ffi/crt/aws-lc/include/openssl/asm_base.h +185 -0
- data/aws-crt-ffi/crt/aws-lc/include/openssl/asn1.h +5 -0
- data/aws-crt-ffi/crt/aws-lc/include/openssl/base.h +31 -134
- data/aws-crt-ffi/crt/aws-lc/include/openssl/bio.h +30 -18
- data/aws-crt-ffi/crt/aws-lc/include/openssl/bn.h +0 -2
- data/aws-crt-ffi/crt/aws-lc/include/openssl/chacha.h +6 -0
- data/aws-crt-ffi/crt/aws-lc/include/openssl/cipher.h +2 -2
- data/aws-crt-ffi/crt/aws-lc/include/openssl/digest.h +9 -6
- data/aws-crt-ffi/crt/aws-lc/include/openssl/dsa.h +0 -21
- data/aws-crt-ffi/crt/aws-lc/include/openssl/ec.h +1 -1
- data/aws-crt-ffi/crt/aws-lc/include/openssl/err.h +1 -1
- data/aws-crt-ffi/crt/aws-lc/include/openssl/evp.h +8 -5
- data/aws-crt-ffi/crt/aws-lc/include/openssl/nid.h +21 -0
- data/aws-crt-ffi/crt/aws-lc/include/openssl/rsa.h +1 -65
- data/aws-crt-ffi/crt/aws-lc/include/openssl/sha.h +22 -1
- data/aws-crt-ffi/crt/aws-lc/include/openssl/ssl.h +121 -13
- data/aws-crt-ffi/crt/aws-lc/include/openssl/stack.h +229 -208
- data/aws-crt-ffi/crt/aws-lc/include/openssl/target.h +166 -0
- data/aws-crt-ffi/crt/aws-lc/include/openssl/x509.h +30 -10
- data/aws-crt-ffi/crt/aws-lc/include/openssl/x509v3.h +6 -4
- data/aws-crt-ffi/crt/aws-lc/sources.cmake +2 -0
- data/aws-crt-ffi/crt/aws-lc/ssl/extensions.cc +12 -7
- data/aws-crt-ffi/crt/aws-lc/ssl/handshake_server.cc +28 -18
- data/aws-crt-ffi/crt/aws-lc/ssl/internal.h +41 -6
- data/aws-crt-ffi/crt/aws-lc/ssl/s3_both.cc +9 -17
- data/aws-crt-ffi/crt/aws-lc/ssl/ssl_cipher.cc +13 -5
- data/aws-crt-ffi/crt/aws-lc/ssl/ssl_key_share.cc +542 -2
- data/aws-crt-ffi/crt/aws-lc/ssl/ssl_lib.cc +35 -0
- data/aws-crt-ffi/crt/aws-lc/ssl/ssl_test.cc +1847 -14
- data/aws-crt-ffi/crt/aws-lc/ssl/ssl_x509.cc +128 -0
- data/aws-crt-ffi/crt/aws-lc/ssl/test/PORTING.md +10 -7
- data/aws-crt-ffi/crt/aws-lc/ssl/test/bssl_shim.cc +133 -77
- data/aws-crt-ffi/crt/aws-lc/ssl/test/handshake_util.cc +3 -3
- data/aws-crt-ffi/crt/aws-lc/ssl/test/handshaker.cc +4 -0
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/handshake_client.go +6 -2
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/handshake_messages.go +894 -1042
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/handshake_server.go +24 -23
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/prf.go +6 -5
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/runner.go +56 -55
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/shim_dispatcher.go +188 -0
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/ticket.go +37 -39
- data/aws-crt-ffi/crt/aws-lc/ssl/test/test_config.cc +59 -24
- data/aws-crt-ffi/crt/aws-lc/ssl/test/test_config.h +3 -2
- data/aws-crt-ffi/crt/aws-lc/ssl/tls13_server.cc +10 -11
- data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/app.py +4 -4
- data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/cdk/{aws_lc_mac_arm_ci_stack.py → aws_lc_ec2_test_framework_ci_stack.py} +13 -29
- data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/cdk/ssm/general_test_run_ssm_document.yaml +43 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/common_posix_setup.sh +10 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-aarch/amazonlinux-2023_base/Dockerfile +5 -1
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-aarch/ubuntu-22.04_base/Dockerfile +19 -3
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/amazonlinux-2_gcc-7x-intel-sde/Dockerfile +5 -4
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/build_images.sh +1 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/push_images.sh +2 -1
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/ubuntu-20.04_clang-10x_formal-verification/create_image.sh +1 -1
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/ubuntu-22.04_base/Dockerfile +1 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/ubuntu-22.04_clang-14x-sde/Dockerfile +42 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/windows/vs2017/Dockerfile +14 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/windows/windows_base/Dockerfile +3 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/README.md +12 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/nginx_patch/aws-lc-nginx.patch +68 -23
- data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/run_crt_integration.sh +27 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/run_monit_integration.sh +56 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/sslproxy_patch/aws-lc-sslproxy.patch +2 -2
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_ec2_test_framework.sh +135 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_fips_tests.sh +14 -2
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_tests_with_sde.sh +4 -1
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_tests_with_sde_asan.sh +14 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_windows_tests.bat +39 -3
- data/aws-crt-ffi/crt/aws-lc/third_party/fiat/README.md +21 -6
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_madd_n25519.S +284 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_madd_n25519_alt.S +210 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_mod_n25519.S +186 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_neg_p25519.S +65 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519.S +1043 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519_alt.S +1043 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519_byte.S +1043 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519_byte_alt.S +1043 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base.S +1042 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base_alt.S +1042 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base_byte.S +1042 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base_byte_alt.S +1043 -354
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_decode.S +700 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_decode_alt.S +563 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_encode.S +131 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmulbase.S +9626 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmulbase_alt.S +9468 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmuldouble.S +3157 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmuldouble_alt.S +2941 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/p384/Makefile +1 -1
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/p521/Makefile +1 -1
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/include/s2n-bignum_aws-lc.h +34 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_madd_n25519.S +219 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_madd_n25519_alt.S +245 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_mod_n25519.S +228 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_neg_p25519.S +86 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519.S +1350 -407
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519_alt.S +1350 -407
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519base.S +1344 -400
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519base_alt.S +1348 -402
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_decode.S +670 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_decode_alt.S +751 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_encode.S +81 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmulbase.S +9910 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmulbase_alt.S +9986 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmuldouble.S +3619 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmuldouble_alt.S +3736 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_224_test.json +1978 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_224_test.txt +1403 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_256_test.json +1993 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_256_test.txt +1416 -0
- data/aws-crt-ffi/crt/aws-lc/tool/digest.cc +4 -0
- data/aws-crt-ffi/crt/aws-lc/tool/internal.h +1 -0
- data/aws-crt-ffi/crt/aws-lc/tool/speed.cc +53 -6
- data/aws-crt-ffi/crt/aws-lc/util/all_tests.go +43 -12
- data/aws-crt-ffi/crt/aws-lc/util/all_tests.json +13 -5
- data/aws-crt-ffi/crt/aws-lc/util/bot/DEPS +4 -4
- data/aws-crt-ffi/crt/aws-lc/util/bot/update_clang.py +8 -2
- data/aws-crt-ffi/crt/aws-lc/util/codecov-ci.sh +82 -0
- data/aws-crt-ffi/crt/aws-lc/util/convert_wycheproof/convert_wycheproof.go +7 -5
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/ACVP.md +7 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/subprocess/hash.go +24 -9
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/subprocess/rsa.go +3 -4
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/subprocess/subprocess.go +15 -10
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512-224.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/SHA2-512-224.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/SHAKE-128.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/SHAKE-256.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/sha-tests/sha512-224-tests.json +1 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/sha-tests/shake-128-tests.json +1 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/sha-tests/shake-256-tests.json +1 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/tests.json +1 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512-224.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/SHA2-512-224.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/SHAKE-128.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/SHAKE-256.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/modulewrapper/main.cc +4 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/modulewrapper/modulewrapper.cc +144 -1
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/delocate/delocate.go +9 -3
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/delocate/testdata/aarch64-Basic/in.s +4 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/delocate/testdata/aarch64-Basic/out.s +11 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/inject_hash/inject_hash.go +13 -4
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/test-break-kat.sh +2 -0
- data/aws-crt-ffi/crt/aws-lc/util/testconfig/testconfig.go +2 -1
- data/aws-crt-ffi/crt/s2n/api/s2n.h +9 -5
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/benches/handshake.rs +9 -6
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/benches/resumption.rs +14 -14
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/benches/throughput.rs +9 -6
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/harness.rs +106 -102
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/openssl.rs +24 -20
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/rustls.rs +28 -24
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/s2n_tls.rs +52 -50
- data/aws-crt-ffi/crt/s2n/bindings/rust/generate/Cargo.toml +1 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/integration/Cargo.toml +3 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/Cargo.toml +2 -2
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/src/connection.rs +9 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-sys/templates/Cargo.template +2 -1
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/Cargo.toml +2 -2
- data/aws-crt-ffi/crt/s2n/tests/cbmc/sources/make_common_datastructures.c +9 -2
- data/aws-crt-ffi/crt/s2n/tests/fuzz/s2n_client_cert_verify_recv_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/fuzz/s2n_hybrid_ecdhe_kyber_r3_fuzz_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/fuzz/s2n_tls13_cert_verify_recv_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_version_negotiation.py +4 -4
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_auth_selection_test.c +19 -9
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_auth_handshake_test.c +3 -3
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_cert_verify_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_hello_recv_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_hello_test.c +4 -4
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_signature_algorithms_extension_test.c +4 -5
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_connection_protocol_versions_test.c +390 -0
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_connection_test.c +8 -4
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_handshake_test.c +2 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_quic_support_io_test.c +106 -0
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_security_policies_test.c +6 -2
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_self_talk_offload_signing_test.c +3 -3
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_self_talk_session_resumption_test.c +135 -0
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_server_new_session_ticket_test.c +32 -0
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_server_signature_algorithms_extension_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_signature_algorithms_test.c +307 -283
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_cert_request_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_cert_verify_test.c +18 -17
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_x509_validator_test.c +125 -0
- data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_client_signature_algorithms.c +8 -1
- data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_client_supported_versions.c +43 -11
- data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_client_supported_versions.h +3 -0
- data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_server_signature_algorithms.c +8 -1
- data/aws-crt-ffi/crt/s2n/tls/s2n_auth_selection.c +4 -2
- data/aws-crt-ffi/crt/s2n/tls/s2n_client_cert_verify.c +7 -10
- data/aws-crt-ffi/crt/s2n/tls/s2n_client_hello.c +2 -2
- data/aws-crt-ffi/crt/s2n/tls/s2n_connection.c +75 -14
- data/aws-crt-ffi/crt/s2n/tls/s2n_handshake.h +2 -2
- data/aws-crt-ffi/crt/s2n/tls/s2n_post_handshake.c +1 -1
- data/aws-crt-ffi/crt/s2n/tls/s2n_post_handshake.h +1 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_quic_support.c +29 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_quic_support.h +5 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_security_policies.c +40 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_security_policies.h +4 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_server_cert_request.c +1 -1
- data/aws-crt-ffi/crt/s2n/tls/s2n_server_hello.c +0 -3
- data/aws-crt-ffi/crt/s2n/tls/s2n_server_key_exchange.c +8 -9
- data/aws-crt-ffi/crt/s2n/tls/s2n_server_new_session_ticket.c +8 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_signature_algorithms.c +111 -72
- data/aws-crt-ffi/crt/s2n/tls/s2n_signature_algorithms.h +11 -9
- data/aws-crt-ffi/crt/s2n/tls/s2n_signature_scheme.c +9 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_signature_scheme.h +2 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_certificate_verify.c +12 -18
- data/aws-crt-ffi/crt/s2n/tls/s2n_x509_validator.c +7 -7
- data/aws-crt-ffi/src/api.h +1 -0
- data/lib/aws-crt/native.rb +1 -1
- metadata +68 -5
- data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/cdk/ssm/m1_tests_ssm_document.yaml +0 -34
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_m1_ec2_instance.sh +0 -96
|
@@ -0,0 +1,166 @@
|
|
|
1
|
+
/* Copyright (c) 2023, Google Inc.
|
|
2
|
+
*
|
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
|
6
|
+
*
|
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
14
|
+
|
|
15
|
+
#ifndef OPENSSL_HEADER_TARGET_H
|
|
16
|
+
#define OPENSSL_HEADER_TARGET_H
|
|
17
|
+
|
|
18
|
+
// Preprocessor symbols that define the target platform.
|
|
19
|
+
//
|
|
20
|
+
// This file may be included in C, C++, and assembler and must be compatible
|
|
21
|
+
// with each environment. It is separated out only to share code between
|
|
22
|
+
// <openssl/base.h> and <openssl/asm_base.h>. Prefer to include those headers
|
|
23
|
+
// instead.
|
|
24
|
+
|
|
25
|
+
#if defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64)
|
|
26
|
+
#define OPENSSL_64_BIT
|
|
27
|
+
#define OPENSSL_X86_64
|
|
28
|
+
#elif defined(__x86) || defined(__i386) || defined(__i386__) || defined(_M_IX86)
|
|
29
|
+
#define OPENSSL_32_BIT
|
|
30
|
+
#define OPENSSL_X86
|
|
31
|
+
#elif defined(__AARCH64EL__) || defined(_M_ARM64)
|
|
32
|
+
#define OPENSSL_64_BIT
|
|
33
|
+
#define OPENSSL_AARCH64
|
|
34
|
+
#elif defined(__ARMEL__) || defined(_M_ARM)
|
|
35
|
+
#define OPENSSL_32_BIT
|
|
36
|
+
#define OPENSSL_ARM
|
|
37
|
+
#elif (defined(__PPC64__) || defined(__powerpc64__)) && defined(_LITTLE_ENDIAN)
|
|
38
|
+
#define OPENSSL_64_BIT
|
|
39
|
+
#define OPENSSL_PPC64LE
|
|
40
|
+
#elif (defined(__PPC64__) || defined(__powerpc64__)) && defined(_BIG_ENDIAN)
|
|
41
|
+
#define OPENSSL_64_BIT
|
|
42
|
+
#define OPENSSL_PPC64BE
|
|
43
|
+
#define OPENSSL_BIG_ENDIAN
|
|
44
|
+
#elif (defined(__PPC__) || defined(__powerpc__)) && defined(_BIG_ENDIAN)
|
|
45
|
+
#define OPENSSL_32_BIT
|
|
46
|
+
#define OPENSSL_PPC32BE
|
|
47
|
+
#define OPENSSL_BIG_ENDIAN
|
|
48
|
+
#elif defined(__MIPSEL__) && !defined(__LP64__)
|
|
49
|
+
#define OPENSSL_32_BIT
|
|
50
|
+
#define OPENSSL_MIPS
|
|
51
|
+
#elif defined(__MIPSEL__) && defined(__LP64__)
|
|
52
|
+
#define OPENSSL_64_BIT
|
|
53
|
+
#define OPENSSL_MIPS64
|
|
54
|
+
#elif defined(__riscv) && __SIZEOF_POINTER__ == 8
|
|
55
|
+
#define OPENSSL_64_BIT
|
|
56
|
+
#define OPENSSL_RISCV64
|
|
57
|
+
#elif defined(__riscv) && __SIZEOF_POINTER__ == 4
|
|
58
|
+
#define OPENSSL_32_BIT
|
|
59
|
+
#elif defined(__loongarch_lp64)
|
|
60
|
+
#define OPENSSL_64_BIT
|
|
61
|
+
#define OPENSSL_LOONGARCH64
|
|
62
|
+
#elif defined(__pnacl__)
|
|
63
|
+
#define OPENSSL_32_BIT
|
|
64
|
+
#define OPENSSL_PNACL
|
|
65
|
+
#elif defined(__wasm__)
|
|
66
|
+
#define OPENSSL_32_BIT
|
|
67
|
+
#elif defined(__asmjs__)
|
|
68
|
+
#define OPENSSL_32_BIT
|
|
69
|
+
#elif defined(__myriad2__)
|
|
70
|
+
#define OPENSSL_32_BIT
|
|
71
|
+
#else
|
|
72
|
+
// Run the crypto_test binary, notably crypto/compiler_test.cc, before adding
|
|
73
|
+
// a new architecture.
|
|
74
|
+
#error "Unknown target CPU"
|
|
75
|
+
#endif
|
|
76
|
+
|
|
77
|
+
#if defined(__APPLE__)
|
|
78
|
+
#define OPENSSL_APPLE
|
|
79
|
+
#endif
|
|
80
|
+
|
|
81
|
+
#if defined(_WIN32)
|
|
82
|
+
#define OPENSSL_WINDOWS
|
|
83
|
+
#endif
|
|
84
|
+
|
|
85
|
+
// Trusty isn't Linux but currently defines __linux__. As a workaround, we
|
|
86
|
+
// exclude it here.
|
|
87
|
+
// TODO(b/169780122): Remove this workaround once Trusty no longer defines it.
|
|
88
|
+
#if defined(__linux__) && !defined(__TRUSTY__)
|
|
89
|
+
#define OPENSSL_LINUX
|
|
90
|
+
#endif
|
|
91
|
+
|
|
92
|
+
#if defined(__Fuchsia__)
|
|
93
|
+
#define OPENSSL_FUCHSIA
|
|
94
|
+
#endif
|
|
95
|
+
|
|
96
|
+
#if defined(__TRUSTY__)
|
|
97
|
+
#define OPENSSL_TRUSTY
|
|
98
|
+
#define OPENSSL_NO_POSIX_IO
|
|
99
|
+
#define OPENSSL_NO_SOCK
|
|
100
|
+
#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
|
|
101
|
+
#endif
|
|
102
|
+
|
|
103
|
+
#if defined(OPENSSL_NANOLIBC)
|
|
104
|
+
#define OPENSSL_NO_POSIX_IO
|
|
105
|
+
#define OPENSSL_NO_SOCK
|
|
106
|
+
#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
|
|
107
|
+
#endif
|
|
108
|
+
|
|
109
|
+
#if defined(__ANDROID_API__)
|
|
110
|
+
#define OPENSSL_ANDROID
|
|
111
|
+
#endif
|
|
112
|
+
|
|
113
|
+
#if defined(__FreeBSD__)
|
|
114
|
+
#define OPENSSL_FREEBSD
|
|
115
|
+
#endif
|
|
116
|
+
|
|
117
|
+
#if defined(__OpenBSD__)
|
|
118
|
+
#define OPENSSL_OPENBSD
|
|
119
|
+
#endif
|
|
120
|
+
|
|
121
|
+
// BoringSSL requires platform's locking APIs to make internal global state
|
|
122
|
+
// thread-safe, including the PRNG. On some single-threaded embedded platforms,
|
|
123
|
+
// locking APIs may not exist, so this dependency may be disabled with the
|
|
124
|
+
// following build flag.
|
|
125
|
+
//
|
|
126
|
+
// IMPORTANT: Doing so means the consumer promises the library will never be
|
|
127
|
+
// used in any multi-threaded context. It causes BoringSSL to be globally
|
|
128
|
+
// thread-unsafe. Setting it inappropriately will subtly and unpredictably
|
|
129
|
+
// corrupt memory and leak secret keys.
|
|
130
|
+
//
|
|
131
|
+
// Do not set this flag on any platform where threads are possible. BoringSSL
|
|
132
|
+
// maintainers will not provide support for any consumers that do so. Changes
|
|
133
|
+
// which break such unsupported configurations will not be reverted.
|
|
134
|
+
#if !defined(OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED)
|
|
135
|
+
#define OPENSSL_THREADS
|
|
136
|
+
#endif
|
|
137
|
+
|
|
138
|
+
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) && \
|
|
139
|
+
!defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
|
|
140
|
+
#define BORINGSSL_UNSAFE_DETERMINISTIC_MODE
|
|
141
|
+
#endif
|
|
142
|
+
|
|
143
|
+
#if defined(__has_feature)
|
|
144
|
+
#if __has_feature(address_sanitizer)
|
|
145
|
+
#define OPENSSL_ASAN
|
|
146
|
+
#endif
|
|
147
|
+
#if __has_feature(thread_sanitizer)
|
|
148
|
+
#define OPENSSL_TSAN
|
|
149
|
+
#endif
|
|
150
|
+
#if __has_feature(memory_sanitizer)
|
|
151
|
+
#define OPENSSL_MSAN
|
|
152
|
+
#define OPENSSL_ASM_INCOMPATIBLE
|
|
153
|
+
#endif
|
|
154
|
+
#if __has_feature(hwaddress_sanitizer)
|
|
155
|
+
#define OPENSSL_HWASAN
|
|
156
|
+
#endif
|
|
157
|
+
#endif
|
|
158
|
+
|
|
159
|
+
#if defined(OPENSSL_ASM_INCOMPATIBLE)
|
|
160
|
+
#undef OPENSSL_ASM_INCOMPATIBLE
|
|
161
|
+
#if !defined(OPENSSL_NO_ASM)
|
|
162
|
+
#define OPENSSL_NO_ASM
|
|
163
|
+
#endif
|
|
164
|
+
#endif // OPENSSL_ASM_INCOMPATIBLE
|
|
165
|
+
|
|
166
|
+
#endif // OPENSSL_HEADER_TARGET_H
|
|
@@ -2495,11 +2495,16 @@ OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid,
|
|
|
2495
2495
|
// NOTE:
|
|
2496
2496
|
// 1. Applications rarely call this function directly, but it is used
|
|
2497
2497
|
// internally for certificate validation.
|
|
2498
|
-
// 2.
|
|
2499
|
-
//
|
|
2500
|
-
//
|
|
2501
|
-
//
|
|
2502
|
-
//
|
|
2498
|
+
// 2. |X509_verify_cert| and other related functions call
|
|
2499
|
+
// |sk_X509_OBJECT_sort| internally, which rearranges the certificate
|
|
2500
|
+
// ordering. There will be cases where two certs have an identical
|
|
2501
|
+
// |subject| and |X509_OBJECT_cmp| will return 0, but one is a valid cert
|
|
2502
|
+
// and the other is invalid.
|
|
2503
|
+
// Due to https://github.com/openssl/openssl/issues/18708, certificate
|
|
2504
|
+
// verification could fail if an invalid cert is checked before the valid
|
|
2505
|
+
// cert. What we do with sorting behavior when certs are identical is
|
|
2506
|
+
// considered "unstable" and certain sorting expectations shouldn't be
|
|
2507
|
+
// depended on.
|
|
2503
2508
|
OPENSSL_EXPORT int X509_verify_cert(X509_STORE_CTX *ctx);
|
|
2504
2509
|
|
|
2505
2510
|
// PKCS#8 utilities
|
|
@@ -2557,7 +2562,7 @@ OPENSSL_EXPORT X509_TRUST *X509_TRUST_get0(int idx);
|
|
|
2557
2562
|
OPENSSL_EXPORT int X509_TRUST_get_by_id(int id);
|
|
2558
2563
|
OPENSSL_EXPORT int X509_TRUST_add(int id, int flags,
|
|
2559
2564
|
int (*ck)(X509_TRUST *, X509 *, int),
|
|
2560
|
-
char *name, int arg1, void *arg2);
|
|
2565
|
+
const char *name, int arg1, void *arg2);
|
|
2561
2566
|
OPENSSL_EXPORT void X509_TRUST_cleanup(void);
|
|
2562
2567
|
OPENSSL_EXPORT int X509_TRUST_get_flags(const X509_TRUST *xp);
|
|
2563
2568
|
OPENSSL_EXPORT char *X509_TRUST_get0_name(const X509_TRUST *xp);
|
|
@@ -2778,6 +2783,12 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
|
|
|
2778
2783
|
(X509_V_FLAG_POLICY_CHECK | X509_V_FLAG_EXPLICIT_POLICY | \
|
|
2779
2784
|
X509_V_FLAG_INHIBIT_ANY | X509_V_FLAG_INHIBIT_MAP)
|
|
2780
2785
|
|
|
2786
|
+
// X509_OBJECT_new allocates an |X509_OBJECT| on the heap.
|
|
2787
|
+
OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_new(void);
|
|
2788
|
+
|
|
2789
|
+
// X509_OBJECT_free frees an |X509_OBJECT| from the heap.
|
|
2790
|
+
OPENSSL_EXPORT void X509_OBJECT_free(X509_OBJECT *a);
|
|
2791
|
+
|
|
2781
2792
|
OPENSSL_EXPORT int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h,
|
|
2782
2793
|
int type, X509_NAME *name);
|
|
2783
2794
|
OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_by_subject(
|
|
@@ -2785,7 +2796,6 @@ OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_by_subject(
|
|
|
2785
2796
|
OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
|
|
2786
2797
|
X509_OBJECT *x);
|
|
2787
2798
|
OPENSSL_EXPORT int X509_OBJECT_up_ref_count(X509_OBJECT *a);
|
|
2788
|
-
OPENSSL_EXPORT void X509_OBJECT_free_contents(X509_OBJECT *a);
|
|
2789
2799
|
OPENSSL_EXPORT int X509_OBJECT_get_type(const X509_OBJECT *a);
|
|
2790
2800
|
OPENSSL_EXPORT X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
|
|
2791
2801
|
// X509_OBJECT_get0_X509_CRL returns the |X509_CRL| associated with |a|
|
|
@@ -2901,9 +2911,6 @@ OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
|
|
|
2901
2911
|
OPENSSL_EXPORT int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
|
|
2902
2912
|
OPENSSL_EXPORT int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
|
|
2903
2913
|
|
|
2904
|
-
OPENSSL_EXPORT int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type,
|
|
2905
|
-
X509_NAME *name, X509_OBJECT *ret);
|
|
2906
|
-
|
|
2907
2914
|
OPENSSL_EXPORT int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
|
|
2908
2915
|
long argl, char **ret);
|
|
2909
2916
|
|
|
@@ -2997,6 +3004,19 @@ OPENSSL_EXPORT void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx,
|
|
|
2997
3004
|
OPENSSL_EXPORT int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx,
|
|
2998
3005
|
const char *name);
|
|
2999
3006
|
|
|
3007
|
+
// X509_STORE_get_by_subject is an alias to |X509_STORE_CTX_get_by_subject| in
|
|
3008
|
+
// OpenSSL 1.1.1.
|
|
3009
|
+
#define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject
|
|
3010
|
+
|
|
3011
|
+
// X509_STORE_CTX_get_by_subject tries to find an object of a given type, which
|
|
3012
|
+
// may be |X509_LU_X509| or |X509_LU_CRL|, and the subject name from the store
|
|
3013
|
+
// in |vs|. If found and |ret| is not NULL, it increments the reference count
|
|
3014
|
+
// and stores the object in |ret|.
|
|
3015
|
+
OPENSSL_EXPORT int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs,
|
|
3016
|
+
int type,
|
|
3017
|
+
X509_NAME *name,
|
|
3018
|
+
X509_OBJECT *ret);
|
|
3019
|
+
|
|
3000
3020
|
// X509_VERIFY_PARAM functions
|
|
3001
3021
|
|
|
3002
3022
|
OPENSSL_EXPORT X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
|
|
@@ -707,7 +707,7 @@ OPENSSL_EXPORT char *i2s_ASN1_ENUMERATED(const X509V3_EXT_METHOD *meth,
|
|
|
707
707
|
// callers should simply handle the custom extension with the byte-based
|
|
708
708
|
// |X509_EXTENSION| APIs directly. Registering |ext| with the library has little
|
|
709
709
|
// practical value.
|
|
710
|
-
OPENSSL_EXPORT int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
|
|
710
|
+
OPENSSL_EXPORT OPENSSL_DEPRECATED int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
|
|
711
711
|
|
|
712
712
|
// X509V3_EXT_add_list calls |X509V3_EXT_add| on |&extlist[0]|, |&extlist[1]|,
|
|
713
713
|
// and so on, until some |extlist[i]->ext_nid| is -1. It returns one on success
|
|
@@ -721,7 +721,8 @@ OPENSSL_EXPORT int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
|
|
|
721
721
|
// and zero on error.
|
|
722
722
|
//
|
|
723
723
|
// WARNING: Do not use this function. See |X509V3_EXT_add|.
|
|
724
|
-
OPENSSL_EXPORT int X509V3_EXT_add_alias(int nid_to,
|
|
724
|
+
OPENSSL_EXPORT OPENSSL_DEPRECATED int X509V3_EXT_add_alias(int nid_to,
|
|
725
|
+
int nid_from);
|
|
725
726
|
|
|
726
727
|
// X509V3_EXT_cleanup removes all custom extensions registered with
|
|
727
728
|
// |X509V3_EXT_add*|.
|
|
@@ -942,12 +943,13 @@ OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_authority_serial(X509 *x509);
|
|
|
942
943
|
|
|
943
944
|
OPENSSL_EXPORT int X509_PURPOSE_get_count(void);
|
|
944
945
|
OPENSSL_EXPORT X509_PURPOSE *X509_PURPOSE_get0(int idx);
|
|
945
|
-
OPENSSL_EXPORT int X509_PURPOSE_get_by_sname(char *sname);
|
|
946
|
+
OPENSSL_EXPORT int X509_PURPOSE_get_by_sname(const char *sname);
|
|
946
947
|
OPENSSL_EXPORT int X509_PURPOSE_get_by_id(int id);
|
|
947
948
|
OPENSSL_EXPORT int X509_PURPOSE_add(int id, int trust, int flags,
|
|
948
949
|
int (*ck)(const X509_PURPOSE *,
|
|
949
950
|
const X509 *, int),
|
|
950
|
-
char *name, char *sname,
|
|
951
|
+
const char *name, const char *sname,
|
|
952
|
+
void *arg);
|
|
951
953
|
OPENSSL_EXPORT char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp);
|
|
952
954
|
OPENSSL_EXPORT char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
|
|
953
955
|
OPENSSL_EXPORT int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
|
|
@@ -273,6 +273,8 @@ set(
|
|
|
273
273
|
third_party/wycheproof_testvectors/hmac_sha256_test.txt
|
|
274
274
|
third_party/wycheproof_testvectors/hmac_sha384_test.txt
|
|
275
275
|
third_party/wycheproof_testvectors/hmac_sha512_test.txt
|
|
276
|
+
third_party/wycheproof_testvectors/hmac_sha512_224_test.txt
|
|
277
|
+
third_party/wycheproof_testvectors/hmac_sha512_256_test.txt
|
|
276
278
|
third_party/wycheproof_testvectors/kwp_test.txt
|
|
277
279
|
third_party/wycheproof_testvectors/kw_test.txt
|
|
278
280
|
third_party/wycheproof_testvectors/primality_test.txt
|
|
@@ -205,6 +205,11 @@ static bool tls1_check_duplicate_extensions(const CBS *cbs) {
|
|
|
205
205
|
}
|
|
206
206
|
|
|
207
207
|
static bool is_post_quantum_group(uint16_t id) {
|
|
208
|
+
for (const uint16_t pq_group_id : PQGroups()) {
|
|
209
|
+
if (id == pq_group_id) {
|
|
210
|
+
return true;
|
|
211
|
+
}
|
|
212
|
+
}
|
|
208
213
|
return false;
|
|
209
214
|
}
|
|
210
215
|
|
|
@@ -339,13 +344,13 @@ bool tls1_get_shared_group(SSL_HANDSHAKE *hs, uint16_t *out_group_id) {
|
|
|
339
344
|
|
|
340
345
|
for (uint16_t pref_group : pref) {
|
|
341
346
|
for (uint16_t supp_group : supp) {
|
|
342
|
-
if (pref_group == supp_group
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
347
|
+
if (pref_group == supp_group) {
|
|
348
|
+
// PQ groups require TLS 1.3 or later
|
|
349
|
+
if (!is_post_quantum_group(pref_group) ||
|
|
350
|
+
ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
351
|
+
*out_group_id = pref_group;
|
|
352
|
+
return true;
|
|
353
|
+
}
|
|
349
354
|
}
|
|
350
355
|
}
|
|
351
356
|
}
|
|
@@ -264,15 +264,23 @@ static bool negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
264
264
|
return true;
|
|
265
265
|
}
|
|
266
266
|
|
|
267
|
-
|
|
268
|
-
const SSL_CLIENT_HELLO *client_hello) {
|
|
267
|
+
bool ssl_parse_client_cipher_list(
|
|
268
|
+
const SSL_CLIENT_HELLO *client_hello, UniquePtr<STACK_OF(SSL_CIPHER)> *ciphers_out) {
|
|
269
|
+
ciphers_out->reset();
|
|
270
|
+
|
|
269
271
|
CBS cipher_suites;
|
|
270
272
|
CBS_init(&cipher_suites, client_hello->cipher_suites,
|
|
271
273
|
client_hello->cipher_suites_len);
|
|
272
274
|
|
|
275
|
+
// Cipher suites are encoded as 2-byte unsigned integers
|
|
276
|
+
if (CBS_len(&cipher_suites) % 2 != 0) {
|
|
277
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
|
|
278
|
+
return false;
|
|
279
|
+
}
|
|
280
|
+
|
|
273
281
|
UniquePtr<STACK_OF(SSL_CIPHER)> sk(sk_SSL_CIPHER_new_null());
|
|
274
282
|
if (!sk) {
|
|
275
|
-
return
|
|
283
|
+
return false;
|
|
276
284
|
}
|
|
277
285
|
|
|
278
286
|
while (CBS_len(&cipher_suites) > 0) {
|
|
@@ -280,16 +288,19 @@ static UniquePtr<STACK_OF(SSL_CIPHER)> ssl_parse_client_cipher_list(
|
|
|
280
288
|
|
|
281
289
|
if (!CBS_get_u16(&cipher_suites, &cipher_suite)) {
|
|
282
290
|
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
|
|
283
|
-
return
|
|
291
|
+
return false;
|
|
284
292
|
}
|
|
285
293
|
|
|
286
294
|
const SSL_CIPHER *c = SSL_get_cipher_by_value(cipher_suite);
|
|
287
295
|
if (c != NULL && !sk_SSL_CIPHER_push(sk.get(), c)) {
|
|
288
|
-
|
|
296
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
|
|
297
|
+
return false;
|
|
289
298
|
}
|
|
290
299
|
}
|
|
291
300
|
|
|
292
|
-
|
|
301
|
+
*ciphers_out = std::move(sk);
|
|
302
|
+
|
|
303
|
+
return true;
|
|
293
304
|
}
|
|
294
305
|
|
|
295
306
|
// ssl_get_compatible_server_ciphers determines the key exchange and
|
|
@@ -338,9 +349,8 @@ static void ssl_get_compatible_server_ciphers(SSL_HANDSHAKE *hs,
|
|
|
338
349
|
*out_mask_a = mask_a;
|
|
339
350
|
}
|
|
340
351
|
|
|
341
|
-
static const SSL_CIPHER *choose_cipher(
|
|
342
|
-
|
|
343
|
-
const SSLCipherPreferenceList *server_pref) {
|
|
352
|
+
static const SSL_CIPHER *choose_cipher(SSL_HANDSHAKE *hs,
|
|
353
|
+
const SSLCipherPreferenceList *server_pref) {
|
|
344
354
|
SSL *const ssl = hs->ssl;
|
|
345
355
|
const STACK_OF(SSL_CIPHER) *prio, *allow;
|
|
346
356
|
// in_group_flags will either be NULL, or will point to an array of bytes
|
|
@@ -352,18 +362,12 @@ static const SSL_CIPHER *choose_cipher(
|
|
|
352
362
|
// such value exists yet.
|
|
353
363
|
int group_min = -1;
|
|
354
364
|
|
|
355
|
-
UniquePtr<STACK_OF(SSL_CIPHER)> client_pref =
|
|
356
|
-
ssl_parse_client_cipher_list(client_hello);
|
|
357
|
-
if (!client_pref) {
|
|
358
|
-
return nullptr;
|
|
359
|
-
}
|
|
360
|
-
|
|
361
365
|
if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
|
|
362
366
|
prio = server_pref->ciphers.get();
|
|
363
367
|
in_group_flags = server_pref->in_group_flags;
|
|
364
|
-
allow =
|
|
368
|
+
allow = ssl->client_cipher_suites.get();
|
|
365
369
|
} else {
|
|
366
|
-
prio =
|
|
370
|
+
prio = ssl->client_cipher_suites.get();
|
|
367
371
|
in_group_flags = NULL;
|
|
368
372
|
allow = server_pref->ciphers.get();
|
|
369
373
|
}
|
|
@@ -810,12 +814,18 @@ static enum ssl_hs_wait_t do_select_certificate(SSL_HANDSHAKE *hs) {
|
|
|
810
814
|
return ssl_hs_error;
|
|
811
815
|
}
|
|
812
816
|
|
|
817
|
+
if (!ssl_parse_client_cipher_list(&client_hello, &ssl->client_cipher_suites)) {
|
|
818
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
|
|
819
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
|
|
820
|
+
return ssl_hs_error;
|
|
821
|
+
}
|
|
822
|
+
|
|
813
823
|
// Negotiate the cipher suite. This must be done after |cert_cb| so the
|
|
814
824
|
// certificate is finalized.
|
|
815
825
|
SSLCipherPreferenceList *prefs = hs->config->cipher_list
|
|
816
826
|
? hs->config->cipher_list.get()
|
|
817
827
|
: ssl->ctx->cipher_list.get();
|
|
818
|
-
hs->new_cipher = choose_cipher(hs,
|
|
828
|
+
hs->new_cipher = choose_cipher(hs, prefs);
|
|
819
829
|
if (hs->new_cipher == NULL) {
|
|
820
830
|
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
|
|
821
831
|
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
|
|
@@ -703,13 +703,13 @@ bool ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher);
|
|
|
703
703
|
size_t ssl_cipher_get_record_split_len(const SSL_CIPHER *cipher);
|
|
704
704
|
|
|
705
705
|
// ssl_choose_tls13_cipher returns an |SSL_CIPHER| corresponding with the best
|
|
706
|
-
// available from |
|
|
706
|
+
// available from |client_cipher_suites| compatible with |version|, |group_id| and
|
|
707
707
|
// configured |tls13_ciphers|. It returns NULL if there isn't a compatible
|
|
708
708
|
// cipher. |has_aes_hw| indicates if the choice should be made as if support for
|
|
709
709
|
// AES in hardware is available.
|
|
710
710
|
const SSL_CIPHER *ssl_choose_tls13_cipher(
|
|
711
|
-
|
|
712
|
-
const STACK_OF(SSL_CIPHER) *tls13_ciphers);
|
|
711
|
+
const STACK_OF(SSL_CIPHER) *client_cipher_suites, bool has_aes_hw, uint16_t version,
|
|
712
|
+
uint16_t group_id, const STACK_OF(SSL_CIPHER) *tls13_ciphers);
|
|
713
713
|
|
|
714
714
|
|
|
715
715
|
// Transcript layer.
|
|
@@ -1158,8 +1158,9 @@ class SSLKeyShare {
|
|
|
1158
1158
|
HAS_VIRTUAL_DESTRUCTOR
|
|
1159
1159
|
|
|
1160
1160
|
// Create returns a SSLKeyShare instance for use with group |group_id| or
|
|
1161
|
-
// nullptr on error.
|
|
1162
|
-
|
|
1161
|
+
// nullptr on error. Marked with OPENSSL_EXPORT to make it available for
|
|
1162
|
+
// unit tests.
|
|
1163
|
+
OPENSSL_EXPORT static UniquePtr<SSLKeyShare> Create(uint16_t group_id);
|
|
1163
1164
|
|
|
1164
1165
|
// GroupID returns the group ID.
|
|
1165
1166
|
virtual uint16_t GroupID() const PURE_VIRTUAL;
|
|
@@ -1197,12 +1198,35 @@ class SSLKeyShare {
|
|
|
1197
1198
|
struct NamedGroup {
|
|
1198
1199
|
int nid;
|
|
1199
1200
|
uint16_t group_id;
|
|
1200
|
-
const char name[
|
|
1201
|
+
const char name[32], alias[32];
|
|
1201
1202
|
};
|
|
1202
1203
|
|
|
1203
1204
|
// NamedGroups returns all supported groups.
|
|
1204
1205
|
Span<const NamedGroup> NamedGroups();
|
|
1205
1206
|
|
|
1207
|
+
// Hybrid groups adhere to the draft specification:
|
|
1208
|
+
// https://datatracker.ietf.org/doc/html/draft-ietf-tls-hybrid-design
|
|
1209
|
+
#define NUM_HYBRID_COMPONENTS 2
|
|
1210
|
+
struct HybridGroup {
|
|
1211
|
+
// Just like regular groups, each hybrid group has a group ID that
|
|
1212
|
+
// identifies the group as a whole unit...
|
|
1213
|
+
uint16_t group_id;
|
|
1214
|
+
|
|
1215
|
+
// ...and each component of the hybrid group has its own group ID
|
|
1216
|
+
uint16_t component_group_ids[NUM_HYBRID_COMPONENTS];
|
|
1217
|
+
};
|
|
1218
|
+
|
|
1219
|
+
// HybridGroups returns all supported hybrid groups. A hybrid group will likely
|
|
1220
|
+
// (but not necessarily) contain at least one PQ group. Marked with
|
|
1221
|
+
// OPENSSL_EXPORT to make it available for unit tests.
|
|
1222
|
+
OPENSSL_EXPORT Span<const HybridGroup> HybridGroups();
|
|
1223
|
+
|
|
1224
|
+
// PQGroups returns all supported post-quantum groups. A post-quantum
|
|
1225
|
+
// group may be a hybrid group containing at least one PQ
|
|
1226
|
+
// component (e.g. SSL_GROUP_SECP256R1_KYBER768_DRAFT00) or a standalone PQ group
|
|
1227
|
+
// (e.g. KYBER768_R3).
|
|
1228
|
+
Span<const uint16_t> PQGroups();
|
|
1229
|
+
|
|
1206
1230
|
// ssl_nid_to_group_id looks up the group corresponding to |nid|. On success, it
|
|
1207
1231
|
// sets |*out_group_id| to the group ID and returns true. Otherwise, it returns
|
|
1208
1232
|
// false.
|
|
@@ -2425,6 +2449,12 @@ bool ssl_client_hello_get_extension(const SSL_CLIENT_HELLO *client_hello,
|
|
|
2425
2449
|
bool ssl_client_cipher_list_contains_cipher(
|
|
2426
2450
|
const SSL_CLIENT_HELLO *client_hello, uint16_t id);
|
|
2427
2451
|
|
|
2452
|
+
// ssl_parse_client_cipher_list returns the ciphers offered by the client
|
|
2453
|
+
// during handshake, or null if the handshake hasn't occurred or there was an
|
|
2454
|
+
// error.
|
|
2455
|
+
bool ssl_parse_client_cipher_list(const SSL_CLIENT_HELLO *client_hello,
|
|
2456
|
+
UniquePtr<STACK_OF(SSL_CIPHER)> *ciphers_out);
|
|
2457
|
+
|
|
2428
2458
|
|
|
2429
2459
|
// GREASE.
|
|
2430
2460
|
|
|
@@ -4000,6 +4030,11 @@ struct ssl_st {
|
|
|
4000
4030
|
// is immutable.
|
|
4001
4031
|
bssl::UniquePtr<SSL_SESSION> session;
|
|
4002
4032
|
|
|
4033
|
+
// client_cipher_suites contains cipher suites offered by the client during
|
|
4034
|
+
// the handshake, with preference order maintained. This field is NOT
|
|
4035
|
+
// serialized and is only populated if used in a server context.
|
|
4036
|
+
bssl::UniquePtr<STACK_OF(SSL_CIPHER)> client_cipher_suites;
|
|
4037
|
+
|
|
4003
4038
|
void (*info_callback)(const SSL *ssl, int type, int value) = nullptr;
|
|
4004
4039
|
|
|
4005
4040
|
bssl::UniquePtr<SSL_CTX> ctx;
|
|
@@ -686,36 +686,28 @@ class CipherScorer {
|
|
|
686
686
|
};
|
|
687
687
|
|
|
688
688
|
const SSL_CIPHER *ssl_choose_tls13_cipher(
|
|
689
|
-
|
|
690
|
-
const STACK_OF(SSL_CIPHER) *tls13_ciphers) {
|
|
691
|
-
if (CBS_len(&cipher_suites) % 2 != 0) {
|
|
692
|
-
return nullptr;
|
|
693
|
-
}
|
|
689
|
+
const STACK_OF(SSL_CIPHER) *client_cipher_suites, bool has_aes_hw, uint16_t version,
|
|
690
|
+
uint16_t group_id, const STACK_OF(SSL_CIPHER) *tls13_ciphers) {
|
|
694
691
|
|
|
695
692
|
const SSL_CIPHER *best = nullptr;
|
|
696
693
|
CipherScorer scorer(has_aes_hw);
|
|
697
694
|
CipherScorer::Score best_score = scorer.MinScore();
|
|
698
695
|
|
|
699
|
-
|
|
700
|
-
|
|
701
|
-
|
|
702
|
-
return nullptr;
|
|
703
|
-
}
|
|
704
|
-
|
|
705
|
-
SSL_CIPHER *candidate = nullptr;
|
|
696
|
+
for (size_t i = 0; i < sk_SSL_CIPHER_num(client_cipher_suites); i++) {
|
|
697
|
+
const SSL_CIPHER *client_cipher = sk_SSL_CIPHER_value(client_cipher_suites, i);
|
|
698
|
+
const SSL_CIPHER *candidate = nullptr;
|
|
706
699
|
if (tls13_ciphers != nullptr) {
|
|
707
700
|
// Limit to customized TLS 1.3 ciphers if configured.
|
|
708
|
-
|
|
709
|
-
|
|
710
|
-
|
|
711
|
-
if (cipher != nullptr && cipher->id == cipher_suite_id) {
|
|
701
|
+
for (size_t j = 0; j < sk_SSL_CIPHER_num(tls13_ciphers); j++) {
|
|
702
|
+
const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(tls13_ciphers, j);
|
|
703
|
+
if (cipher != nullptr && cipher->id == client_cipher->id) {
|
|
712
704
|
candidate = (SSL_CIPHER *)cipher;
|
|
713
705
|
break;
|
|
714
706
|
}
|
|
715
707
|
}
|
|
716
708
|
} else {
|
|
717
709
|
// Limit to TLS 1.3 ciphers we know about.
|
|
718
|
-
candidate =
|
|
710
|
+
candidate = client_cipher;
|
|
719
711
|
}
|
|
720
712
|
if (candidate == nullptr ||
|
|
721
713
|
SSL_CIPHER_get_min_version(candidate) > version ||
|
|
@@ -1523,17 +1523,25 @@ int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *cipher) {
|
|
|
1523
1523
|
return NID_undef;
|
|
1524
1524
|
}
|
|
1525
1525
|
|
|
1526
|
-
|
|
1526
|
+
const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *cipher) {
|
|
1527
1527
|
switch (cipher->algorithm_prf) {
|
|
1528
1528
|
case SSL_HANDSHAKE_MAC_DEFAULT:
|
|
1529
|
-
return
|
|
1529
|
+
return EVP_md5_sha1();
|
|
1530
1530
|
case SSL_HANDSHAKE_MAC_SHA256:
|
|
1531
|
-
return
|
|
1531
|
+
return EVP_sha256();
|
|
1532
1532
|
case SSL_HANDSHAKE_MAC_SHA384:
|
|
1533
|
-
return
|
|
1533
|
+
return EVP_sha384();
|
|
1534
1534
|
}
|
|
1535
1535
|
assert(0);
|
|
1536
|
-
return
|
|
1536
|
+
return NULL;
|
|
1537
|
+
}
|
|
1538
|
+
|
|
1539
|
+
int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *cipher) {
|
|
1540
|
+
const EVP_MD *md = SSL_CIPHER_get_handshake_digest(cipher);
|
|
1541
|
+
if (md == NULL) {
|
|
1542
|
+
return NID_undef;
|
|
1543
|
+
}
|
|
1544
|
+
return EVP_MD_nid(md);
|
|
1537
1545
|
}
|
|
1538
1546
|
|
|
1539
1547
|
int SSL_CIPHER_is_block_cipher(const SSL_CIPHER *cipher) {
|