aws-crt 0.1.9 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/auth.h +1 -0
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/aws_imds_client.h +5 -0
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/credentials.h +5 -0
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/private/aws_signing.h +1 -0
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/private/credentials_utils.h +2 -0
- data/aws-crt-ffi/crt/aws-c-auth/include/aws/auth/signing_config.h +1 -0
- data/aws-crt-ffi/crt/aws-c-auth/source/auth.c +3 -1
- data/aws-crt-ffi/crt/aws-c-auth/source/aws_imds_client.c +146 -63
- data/aws-crt-ffi/crt/aws-c-auth/source/aws_signing.c +41 -19
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_provider_imds.c +1 -0
- data/aws-crt-ffi/crt/aws-c-auth/source/credentials_utils.c +1 -0
- data/aws-crt-ffi/crt/aws-c-auth/source/signable_http_request.c +2 -1
- data/aws-crt-ffi/crt/aws-c-auth/source/signing_config.c +25 -0
- data/aws-crt-ffi/crt/aws-c-auth/tests/CMakeLists.txt +3 -0
- data/aws-crt-ffi/crt/aws-c-auth/tests/aws_imds_client_test.c +197 -31
- data/aws-crt-ffi/crt/aws-c-auth/tests/credentials_provider_imds_tests.c +16 -18
- data/aws-crt-ffi/crt/aws-c-auth/tests/sigv4_signing_tests.c +3 -1
- data/aws-crt-ffi/crt/aws-c-cal/include/aws/cal/private/opensslcrypto_common.h +22 -0
- data/aws-crt-ffi/crt/aws-c-cal/source/darwin/commoncrypto_aes.c +46 -17
- data/aws-crt-ffi/crt/aws-c-cal/source/unix/openssl_aes.c +1 -0
- data/aws-crt-ffi/crt/aws-c-cal/source/unix/openssl_platform_init.c +7 -0
- data/aws-crt-ffi/crt/aws-c-cal/source/unix/openssl_rsa.c +59 -2
- data/aws-crt-ffi/crt/aws-c-cal/source/unix/opensslcrypto_ecc.c +1 -0
- data/aws-crt-ffi/crt/aws-c-common/CMakeLists.txt +13 -1
- data/aws-crt-ffi/crt/aws-c-common/THIRD-PARTY-LICENSES.txt +28 -7
- data/aws-crt-ffi/crt/aws-c-common/bin/system_info/CMakeLists.txt +18 -0
- data/aws-crt-ffi/crt/aws-c-common/bin/system_info/print_system_info.c +48 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/allocator.h +23 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/byte_buf.h +12 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/cross_process_lock.h +35 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/hash_table.h +1 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/priority_queue.h +24 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/private/system_info_priv.h +37 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/system_info.h +47 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/common/system_resource_util.h +30 -0
- data/aws-crt-ffi/crt/aws-c-common/include/aws/testing/aws_test_harness.h +3 -2
- data/aws-crt-ffi/crt/aws-c-common/source/allocator.c +64 -13
- data/aws-crt-ffi/crt/aws-c-common/source/android/logging.c +14 -0
- data/aws-crt-ffi/crt/aws-c-common/source/common.c +3 -3
- data/aws-crt-ffi/crt/aws-c-common/source/file.c +96 -35
- data/aws-crt-ffi/crt/aws-c-common/source/linux/system_info.c +24 -0
- data/aws-crt-ffi/crt/aws-c-common/source/memtrace.c +10 -3
- data/aws-crt-ffi/crt/aws-c-common/source/platform_fallback_stubs/system_info.c +21 -0
- data/aws-crt-ffi/crt/aws-c-common/source/posix/cross_process_lock.c +141 -0
- data/aws-crt-ffi/crt/aws-c-common/source/posix/system_info.c +1 -1
- data/aws-crt-ffi/crt/aws-c-common/source/posix/system_resource_utils.c +32 -0
- data/aws-crt-ffi/crt/aws-c-common/source/priority_queue.c +24 -0
- data/aws-crt-ffi/crt/aws-c-common/source/system_info.c +80 -0
- data/aws-crt-ffi/crt/aws-c-common/source/task_scheduler.c +2 -2
- data/aws-crt-ffi/crt/aws-c-common/source/windows/cross_process_lock.c +93 -0
- data/aws-crt-ffi/crt/aws-c-common/source/windows/system_resource_utils.c +31 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/CMakeLists.txt +16 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/alloc_test.c +83 -22
- data/aws-crt-ffi/crt/aws-c-common/tests/cross_process_lock_tests.c +116 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/file_test.c +103 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/priority_queue_test.c +36 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/system_info_tests.c +19 -0
- data/aws-crt-ffi/crt/aws-c-common/tests/system_resource_util_test.c +37 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/connection.h +9 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/http.h +1 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/connection_impl.h +5 -4
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/connection_manager_system_vtable.h +10 -18
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/proxy_impl.h +5 -1
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/private/request_response_impl.h +5 -0
- data/aws-crt-ffi/crt/aws-c-http/include/aws/http/request_response.h +10 -0
- data/aws-crt-ffi/crt/aws-c-http/source/connection.c +5 -2
- data/aws-crt-ffi/crt/aws-c-http/source/connection_manager.c +22 -21
- data/aws-crt-ffi/crt/aws-c-http/source/h1_connection.c +102 -17
- data/aws-crt-ffi/crt/aws-c-http/source/h1_stream.c +1 -0
- data/aws-crt-ffi/crt/aws-c-http/source/http.c +3 -0
- data/aws-crt-ffi/crt/aws-c-http/source/proxy_connection.c +2 -2
- data/aws-crt-ffi/crt/aws-c-http/tests/CMakeLists.txt +2 -0
- data/aws-crt-ffi/crt/aws-c-http/tests/test_connection_manager.c +18 -18
- data/aws-crt-ffi/crt/aws-c-http/tests/test_h1_client.c +111 -1
- data/aws-crt-ffi/crt/aws-c-http/tests/test_proxy.c +2 -2
- data/aws-crt-ffi/crt/aws-c-http/tests/test_stream_manager.c +2 -2
- data/aws-crt-ffi/crt/aws-c-io/include/aws/io/retry_strategy.h +1 -1
- data/aws-crt-ffi/crt/aws-c-io/source/exponential_backoff_retry_strategy.c +1 -1
- data/aws-crt-ffi/crt/aws-c-io/source/pkcs11_tls_op_handler.c +2 -4
- data/aws-crt-ffi/crt/aws-lc/CMakeLists.txt +16 -8
- data/aws-crt-ffi/crt/aws-lc/cmake/go.cmake +6 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/CMakeLists.txt +6 -9
- data/aws-crt-ffi/crt/aws-lc/crypto/asn1/a_time.c +34 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/asn1/a_utctm.c +4 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/asn1/asn1_test.cc +41 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/bio_mem.c +6 -7
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/bio_test.cc +152 -16
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/connect.c +6 -12
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/fd.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/file.c +20 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/socket.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/bio/socket_helper.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/blake2/blake2.c +11 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/bytestring/cbb.c +13 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/bytestring/cbs.c +9 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/chacha/asm/chacha-armv8.pl +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/chacha/chacha.c +49 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/chacha/chacha_test.cc +110 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/chacha/internal.h +8 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/compiler_test.cc +4 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/conf/conf_test.cc +1 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/crypto_test.cc +9 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/curve25519.c +189 -108
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/curve25519_nohw.c +78 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/ed25519_test.cc +9 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/internal.h +24 -10
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/spake25519.c +4 -4
- data/aws-crt-ffi/crt/aws-lc/crypto/curve25519/x25519_test.cc +80 -11
- data/aws-crt-ffi/crt/aws-lc/crypto/decrepit/evp/evp_do_all.c +2 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/digest_extra/digest_extra.c +8 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/digest_extra/digest_test.cc +110 -45
- data/aws-crt-ffi/crt/aws-lc/crypto/dsa/dsa_test.cc +8 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/dsa/internal.h +18 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/dynamic_loading_test.c +8 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/ec_extra/ec_derive.c +4 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/ec_extra/hash_to_curve.c +6 -18
- data/aws-crt-ffi/crt/aws-lc/crypto/endian_test.cc +308 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/err/ssl.errordata +2 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/evp_extra_test.cc +2 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/evp_test.cc +11 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/evp_tests.txt +25 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/p_ec_asn1.c +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/p_kem.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/p_rsa_asn1.c +1 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/print.c +7 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/evp_extra/scrypt.c +13 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/CMakeLists.txt +13 -4
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/aes/aes_nohw.c +18 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bcm.c +12 -4
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/bn_assert_test.cc +77 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/bn_test.cc +30 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/bytes.c +112 -22
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/div.c +12 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/exponentiation.c +54 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/gcd.c +5 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/internal.h +37 -15
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/montgomery.c +4 -11
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/bn/montgomery_inv.c +51 -15
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/cipher/aead.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/digest/digest.c +29 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/digest/digests.c +89 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/digest/internal.h +4 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec.c +19 -36
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec_key.c +3 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec_montgomery.c +9 -7
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/ec_test.cc +33 -9
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/internal.h +17 -12
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p224-64.c +5 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p256-nistz.c +8 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p256.c +9 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p384.c +33 -16
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/p521.c +14 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/scalar.c +26 -24
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/simple_mul.c +8 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ec/wnaf.c +3 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/ecdsa/ecdsa.c +9 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/evp/evp.c +43 -12
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/evp/p_ec.c +4 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/hmac/hmac.c +3 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/modes/xts.c +26 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/cpu_jitter_test.cc +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/internal.h +20 -11
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/rand.c +10 -10
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rand/urandom.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/internal.h +59 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/padding.c +9 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/rsa.c +7 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/rsa/rsa_impl.c +51 -60
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/service_indicator/service_indicator.c +5 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/service_indicator/service_indicator_test.cc +205 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/asm/sha1-armv8.pl +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/asm/sha512-armv8.pl +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/internal.h +8 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/sha3.c +37 -15
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/sha3_test.cc +115 -110
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sha/sha512.c +55 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/fipsmodule/sshkdf/sshkdf.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/hmac_extra/hmac_test.cc +12 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/hmac_extra/hmac_tests.txt +10 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/hrss/asm/poly_rq_mul.S +2 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/impl_dispatch_test.cc +9 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/internal.h +90 -8
- data/aws-crt-ffi/crt/aws-lc/crypto/kem/kem.c +28 -27
- data/aws-crt-ffi/crt/aws-lc/crypto/kyber/kem_kyber.h +14 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/obj/obj_dat.h +52 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/obj/obj_mac.num +5 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/obj/objects.txt +7 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/arm-xlate.pl +3 -14
- data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/ppc-xlate.pl +1 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/x86_64-xlate.pl +4 -15
- data/aws-crt-ffi/crt/aws-lc/crypto/perlasm/x86asm.pl +4 -13
- data/aws-crt-ffi/crt/aws-lc/crypto/poly1305/poly1305_arm_asm.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/deterministic.c +4 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/fuchsia.c +4 -4
- data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/rand_test.cc +0 -63
- data/aws-crt-ffi/crt/aws-lc/crypto/rand_extra/windows.c +41 -19
- data/aws-crt-ffi/crt/aws-lc/crypto/rsa_extra/rsa_test.cc +3 -3
- data/aws-crt-ffi/crt/aws-lc/crypto/siphash/siphash.c +12 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/siphash/siphash_test.cc +5 -5
- data/aws-crt-ffi/crt/aws-lc/crypto/stack/stack.c +68 -46
- data/aws-crt-ffi/crt/aws-lc/crypto/trust_token/pmbtoken.c +4 -4
- data/aws-crt-ffi/crt/aws-lc/crypto/trust_token/voprf.c +2 -2
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/by_dir.c +0 -6
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/internal.h +4 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_lu.c +33 -9
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_test.cc +87 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_trs.c +1 -1
- data/aws-crt-ffi/crt/aws-lc/crypto/x509/x509_vfy.c +35 -13
- data/aws-crt-ffi/crt/aws-lc/crypto/x509v3/v3_lib.c +2 -0
- data/aws-crt-ffi/crt/aws-lc/crypto/x509v3/v3_purp.c +4 -6
- data/aws-crt-ffi/crt/aws-lc/generated-src/crypto_test_data.cc +179 -151
- data/aws-crt-ffi/crt/aws-lc/generated-src/err_data.c +353 -349
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/chacha/chacha-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/aesv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/aesv8-gcm-armv8-unroll8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/aesv8-gcm-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/armv8-mont.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/bn-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/ghash-neon-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/ghashv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/keccak1600-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/md5-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/p256-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/sha1-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/sha256-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/sha512-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/fipsmodule/vpaes-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-aarch64/crypto/test/trampoline-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/chacha/chacha-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/aesv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/armv4-mont.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/bsaes-armv7.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/ghash-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/ghashv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/sha1-armv4-large.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/sha256-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/sha512-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/fipsmodule/vpaes-armv7.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/ios-arm/crypto/test/trampoline-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/chacha/chacha-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/aesv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/aesv8-gcm-armv8-unroll8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/aesv8-gcm-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/armv8-mont.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/bn-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/ghash-neon-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/ghashv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/keccak1600-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/md5-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/p256-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/sha1-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/sha256-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/sha512-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/fipsmodule/vpaes-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-aarch64/crypto/test/trampoline-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/chacha/chacha-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/aesv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/armv4-mont.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/bsaes-armv7.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/ghash-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/ghashv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/sha1-armv4-large.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/sha256-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/sha512-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/fipsmodule/vpaes-armv7.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-arm/crypto/test/trampoline-armv4.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-ppc64le/crypto/fipsmodule/aesp8-ppc.S +1 -5
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-ppc64le/crypto/fipsmodule/ghashp8-ppc.S +1 -5
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-ppc64le/crypto/test/trampoline-ppc.S +1 -5
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/chacha/chacha-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/aesni-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/bn-586.S +4 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/co-586.S +4 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/ghash-ssse3-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/ghash-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/md5-586.S +4 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/sha1-586.S +4 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/sha256-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/sha512-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/vpaes-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/fipsmodule/x86-mont.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86/crypto/test/trampoline-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/chacha/chacha-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/aesni-sha1-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/aesni-sha256-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-gcm-avx512.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/aesni-xts-avx512.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/ghash-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/md5-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/sha1-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/sha256-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/sha512-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/x86_64-mont.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/linux-x86_64/crypto/test/trampoline-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/chacha/chacha-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/aesni-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/bn-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/co-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/ghash-ssse3-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/ghash-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/md5-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/sha1-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/sha256-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/sha512-586.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/vpaes-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/fipsmodule/x86-mont.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86/crypto/test/trampoline-x86.S +3 -12
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/chacha/chacha-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/aesni-sha1-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/aesni-sha256-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-gcm-avx512.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/aesni-xts-avx512.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/ghash-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/md5-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/sha1-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/sha256-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/sha512-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/x86_64-mont.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/mac-x86_64/crypto/test/trampoline-x86_64.S +2 -11
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/chacha/chacha-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/aesv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/aesv8-gcm-armv8-unroll8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/aesv8-gcm-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/armv8-mont.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/bn-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/ghash-neon-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/ghashv8-armx.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/keccak1600-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/md5-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/p256-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/sha1-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/sha256-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/sha512-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/fipsmodule/vpaes-armv8.S +3 -13
- data/aws-crt-ffi/crt/aws-lc/generated-src/win-aarch64/crypto/test/trampoline-armv8.S +4 -14
- data/aws-crt-ffi/crt/aws-lc/go.mod +4 -4
- data/aws-crt-ffi/crt/aws-lc/go.sum +8 -10
- data/aws-crt-ffi/crt/aws-lc/include/openssl/aead.h +2 -2
- data/aws-crt-ffi/crt/aws-lc/include/openssl/arm_arch.h +4 -119
- data/aws-crt-ffi/crt/aws-lc/include/openssl/asm_base.h +185 -0
- data/aws-crt-ffi/crt/aws-lc/include/openssl/asn1.h +5 -0
- data/aws-crt-ffi/crt/aws-lc/include/openssl/base.h +31 -134
- data/aws-crt-ffi/crt/aws-lc/include/openssl/bio.h +30 -18
- data/aws-crt-ffi/crt/aws-lc/include/openssl/bn.h +0 -2
- data/aws-crt-ffi/crt/aws-lc/include/openssl/chacha.h +6 -0
- data/aws-crt-ffi/crt/aws-lc/include/openssl/cipher.h +2 -2
- data/aws-crt-ffi/crt/aws-lc/include/openssl/digest.h +9 -6
- data/aws-crt-ffi/crt/aws-lc/include/openssl/dsa.h +0 -21
- data/aws-crt-ffi/crt/aws-lc/include/openssl/ec.h +1 -1
- data/aws-crt-ffi/crt/aws-lc/include/openssl/err.h +1 -1
- data/aws-crt-ffi/crt/aws-lc/include/openssl/evp.h +8 -5
- data/aws-crt-ffi/crt/aws-lc/include/openssl/nid.h +21 -0
- data/aws-crt-ffi/crt/aws-lc/include/openssl/rsa.h +1 -65
- data/aws-crt-ffi/crt/aws-lc/include/openssl/sha.h +22 -1
- data/aws-crt-ffi/crt/aws-lc/include/openssl/ssl.h +121 -13
- data/aws-crt-ffi/crt/aws-lc/include/openssl/stack.h +229 -208
- data/aws-crt-ffi/crt/aws-lc/include/openssl/target.h +166 -0
- data/aws-crt-ffi/crt/aws-lc/include/openssl/x509.h +30 -10
- data/aws-crt-ffi/crt/aws-lc/include/openssl/x509v3.h +6 -4
- data/aws-crt-ffi/crt/aws-lc/sources.cmake +2 -0
- data/aws-crt-ffi/crt/aws-lc/ssl/extensions.cc +12 -7
- data/aws-crt-ffi/crt/aws-lc/ssl/handshake_server.cc +28 -18
- data/aws-crt-ffi/crt/aws-lc/ssl/internal.h +41 -6
- data/aws-crt-ffi/crt/aws-lc/ssl/s3_both.cc +9 -17
- data/aws-crt-ffi/crt/aws-lc/ssl/ssl_cipher.cc +13 -5
- data/aws-crt-ffi/crt/aws-lc/ssl/ssl_key_share.cc +542 -2
- data/aws-crt-ffi/crt/aws-lc/ssl/ssl_lib.cc +35 -0
- data/aws-crt-ffi/crt/aws-lc/ssl/ssl_test.cc +1847 -14
- data/aws-crt-ffi/crt/aws-lc/ssl/ssl_x509.cc +128 -0
- data/aws-crt-ffi/crt/aws-lc/ssl/test/PORTING.md +10 -7
- data/aws-crt-ffi/crt/aws-lc/ssl/test/bssl_shim.cc +133 -77
- data/aws-crt-ffi/crt/aws-lc/ssl/test/handshake_util.cc +3 -3
- data/aws-crt-ffi/crt/aws-lc/ssl/test/handshaker.cc +4 -0
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/handshake_client.go +6 -2
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/handshake_messages.go +894 -1042
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/handshake_server.go +24 -23
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/prf.go +6 -5
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/runner.go +56 -55
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/shim_dispatcher.go +188 -0
- data/aws-crt-ffi/crt/aws-lc/ssl/test/runner/ticket.go +37 -39
- data/aws-crt-ffi/crt/aws-lc/ssl/test/test_config.cc +59 -24
- data/aws-crt-ffi/crt/aws-lc/ssl/test/test_config.h +3 -2
- data/aws-crt-ffi/crt/aws-lc/ssl/tls13_server.cc +10 -11
- data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/app.py +4 -4
- data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/cdk/{aws_lc_mac_arm_ci_stack.py → aws_lc_ec2_test_framework_ci_stack.py} +13 -29
- data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/cdk/ssm/general_test_run_ssm_document.yaml +43 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/common_posix_setup.sh +10 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-aarch/amazonlinux-2023_base/Dockerfile +5 -1
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-aarch/ubuntu-22.04_base/Dockerfile +19 -3
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/amazonlinux-2_gcc-7x-intel-sde/Dockerfile +5 -4
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/build_images.sh +1 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/push_images.sh +2 -1
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/ubuntu-20.04_clang-10x_formal-verification/create_image.sh +1 -1
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/ubuntu-22.04_base/Dockerfile +1 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/linux-x86/ubuntu-22.04_clang-14x-sde/Dockerfile +42 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/windows/vs2017/Dockerfile +14 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/docker_images/windows/windows_base/Dockerfile +3 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/README.md +12 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/nginx_patch/aws-lc-nginx.patch +68 -23
- data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/run_crt_integration.sh +27 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/run_monit_integration.sh +56 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/integration/sslproxy_patch/aws-lc-sslproxy.patch +2 -2
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_ec2_test_framework.sh +135 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_fips_tests.sh +14 -2
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_tests_with_sde.sh +4 -1
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_tests_with_sde_asan.sh +14 -0
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_windows_tests.bat +39 -3
- data/aws-crt-ffi/crt/aws-lc/third_party/fiat/README.md +21 -6
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_madd_n25519.S +284 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_madd_n25519_alt.S +210 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_mod_n25519.S +186 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/bignum_neg_p25519.S +65 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519.S +1043 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519_alt.S +1043 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519_byte.S +1043 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519_byte_alt.S +1043 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base.S +1042 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base_alt.S +1042 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base_byte.S +1042 -352
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/curve25519_x25519base_byte_alt.S +1043 -354
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_decode.S +700 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_decode_alt.S +563 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_encode.S +131 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmulbase.S +9626 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmulbase_alt.S +9468 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmuldouble.S +3157 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/curve25519/edwards25519_scalarmuldouble_alt.S +2941 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/p384/Makefile +1 -1
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/arm/p521/Makefile +1 -1
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/include/s2n-bignum_aws-lc.h +34 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_madd_n25519.S +219 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_madd_n25519_alt.S +245 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_mod_n25519.S +228 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/bignum_neg_p25519.S +86 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519.S +1350 -407
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519_alt.S +1350 -407
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519base.S +1344 -400
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/curve25519_x25519base_alt.S +1348 -402
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_decode.S +670 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_decode_alt.S +751 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_encode.S +81 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmulbase.S +9910 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmulbase_alt.S +9986 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmuldouble.S +3619 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/s2n-bignum/x86_att/curve25519/edwards25519_scalarmuldouble_alt.S +3736 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_224_test.json +1978 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_224_test.txt +1403 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_256_test.json +1993 -0
- data/aws-crt-ffi/crt/aws-lc/third_party/wycheproof_testvectors/hmac_sha512_256_test.txt +1416 -0
- data/aws-crt-ffi/crt/aws-lc/tool/digest.cc +4 -0
- data/aws-crt-ffi/crt/aws-lc/tool/internal.h +1 -0
- data/aws-crt-ffi/crt/aws-lc/tool/speed.cc +53 -6
- data/aws-crt-ffi/crt/aws-lc/util/all_tests.go +43 -12
- data/aws-crt-ffi/crt/aws-lc/util/all_tests.json +13 -5
- data/aws-crt-ffi/crt/aws-lc/util/bot/DEPS +4 -4
- data/aws-crt-ffi/crt/aws-lc/util/bot/update_clang.py +8 -2
- data/aws-crt-ffi/crt/aws-lc/util/codecov-ci.sh +82 -0
- data/aws-crt-ffi/crt/aws-lc/util/convert_wycheproof/convert_wycheproof.go +7 -5
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/ACVP.md +7 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/subprocess/hash.go +24 -9
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/subprocess/rsa.go +3 -4
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/subprocess/subprocess.go +15 -10
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512-224.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/SHA2-512-224.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/SHAKE-128.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/expected/SHAKE-256.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/sha-tests/sha512-224-tests.json +1 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/sha-tests/shake-128-tests.json +1 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/sha-tests/shake-256-tests.json +1 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/tests.json +1 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512-224.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/SHA2-512-224.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/SHAKE-128.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/acvptool/test/vectors/SHAKE-256.bz2 +0 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/modulewrapper/main.cc +4 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/acvp/modulewrapper/modulewrapper.cc +144 -1
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/delocate/delocate.go +9 -3
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/delocate/testdata/aarch64-Basic/in.s +4 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/delocate/testdata/aarch64-Basic/out.s +11 -0
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/inject_hash/inject_hash.go +13 -4
- data/aws-crt-ffi/crt/aws-lc/util/fipstools/test-break-kat.sh +2 -0
- data/aws-crt-ffi/crt/aws-lc/util/testconfig/testconfig.go +2 -1
- data/aws-crt-ffi/crt/s2n/api/s2n.h +9 -5
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/benches/handshake.rs +9 -6
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/benches/resumption.rs +14 -14
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/benches/throughput.rs +9 -6
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/harness.rs +106 -102
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/openssl.rs +24 -20
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/rustls.rs +28 -24
- data/aws-crt-ffi/crt/s2n/bindings/rust/bench/src/s2n_tls.rs +52 -50
- data/aws-crt-ffi/crt/s2n/bindings/rust/generate/Cargo.toml +1 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/integration/Cargo.toml +3 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/Cargo.toml +2 -2
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls/src/connection.rs +9 -0
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-sys/templates/Cargo.template +2 -1
- data/aws-crt-ffi/crt/s2n/bindings/rust/s2n-tls-tokio/Cargo.toml +2 -2
- data/aws-crt-ffi/crt/s2n/tests/cbmc/sources/make_common_datastructures.c +9 -2
- data/aws-crt-ffi/crt/s2n/tests/fuzz/s2n_client_cert_verify_recv_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/fuzz/s2n_hybrid_ecdhe_kyber_r3_fuzz_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/fuzz/s2n_tls13_cert_verify_recv_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/integrationv2/test_version_negotiation.py +4 -4
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_auth_selection_test.c +19 -9
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_auth_handshake_test.c +3 -3
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_cert_verify_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_hello_recv_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_hello_test.c +4 -4
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_client_signature_algorithms_extension_test.c +4 -5
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_connection_protocol_versions_test.c +390 -0
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_connection_test.c +8 -4
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_handshake_test.c +2 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_quic_support_io_test.c +106 -0
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_security_policies_test.c +6 -2
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_self_talk_offload_signing_test.c +3 -3
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_self_talk_session_resumption_test.c +135 -0
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_server_new_session_ticket_test.c +32 -0
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_server_signature_algorithms_extension_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_signature_algorithms_test.c +307 -283
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_cert_request_test.c +1 -1
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_tls13_cert_verify_test.c +18 -17
- data/aws-crt-ffi/crt/s2n/tests/unit/s2n_x509_validator_test.c +125 -0
- data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_client_signature_algorithms.c +8 -1
- data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_client_supported_versions.c +43 -11
- data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_client_supported_versions.h +3 -0
- data/aws-crt-ffi/crt/s2n/tls/extensions/s2n_server_signature_algorithms.c +8 -1
- data/aws-crt-ffi/crt/s2n/tls/s2n_auth_selection.c +4 -2
- data/aws-crt-ffi/crt/s2n/tls/s2n_client_cert_verify.c +7 -10
- data/aws-crt-ffi/crt/s2n/tls/s2n_client_hello.c +2 -2
- data/aws-crt-ffi/crt/s2n/tls/s2n_connection.c +75 -14
- data/aws-crt-ffi/crt/s2n/tls/s2n_handshake.h +2 -2
- data/aws-crt-ffi/crt/s2n/tls/s2n_post_handshake.c +1 -1
- data/aws-crt-ffi/crt/s2n/tls/s2n_post_handshake.h +1 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_quic_support.c +29 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_quic_support.h +5 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_security_policies.c +40 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_security_policies.h +4 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_server_cert_request.c +1 -1
- data/aws-crt-ffi/crt/s2n/tls/s2n_server_hello.c +0 -3
- data/aws-crt-ffi/crt/s2n/tls/s2n_server_key_exchange.c +8 -9
- data/aws-crt-ffi/crt/s2n/tls/s2n_server_new_session_ticket.c +8 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_signature_algorithms.c +111 -72
- data/aws-crt-ffi/crt/s2n/tls/s2n_signature_algorithms.h +11 -9
- data/aws-crt-ffi/crt/s2n/tls/s2n_signature_scheme.c +9 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_signature_scheme.h +2 -0
- data/aws-crt-ffi/crt/s2n/tls/s2n_tls13_certificate_verify.c +12 -18
- data/aws-crt-ffi/crt/s2n/tls/s2n_x509_validator.c +7 -7
- data/aws-crt-ffi/src/api.h +1 -0
- data/lib/aws-crt/native.rb +1 -1
- metadata +68 -5
- data/aws-crt-ffi/crt/aws-lc/tests/ci/cdk/cdk/ssm/m1_tests_ssm_document.yaml +0 -34
- data/aws-crt-ffi/crt/aws-lc/tests/ci/run_m1_ec2_instance.sh +0 -96
|
@@ -0,0 +1,166 @@
|
|
|
1
|
+
/* Copyright (c) 2023, Google Inc.
|
|
2
|
+
*
|
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
|
6
|
+
*
|
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
14
|
+
|
|
15
|
+
#ifndef OPENSSL_HEADER_TARGET_H
|
|
16
|
+
#define OPENSSL_HEADER_TARGET_H
|
|
17
|
+
|
|
18
|
+
// Preprocessor symbols that define the target platform.
|
|
19
|
+
//
|
|
20
|
+
// This file may be included in C, C++, and assembler and must be compatible
|
|
21
|
+
// with each environment. It is separated out only to share code between
|
|
22
|
+
// <openssl/base.h> and <openssl/asm_base.h>. Prefer to include those headers
|
|
23
|
+
// instead.
|
|
24
|
+
|
|
25
|
+
#if defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64)
|
|
26
|
+
#define OPENSSL_64_BIT
|
|
27
|
+
#define OPENSSL_X86_64
|
|
28
|
+
#elif defined(__x86) || defined(__i386) || defined(__i386__) || defined(_M_IX86)
|
|
29
|
+
#define OPENSSL_32_BIT
|
|
30
|
+
#define OPENSSL_X86
|
|
31
|
+
#elif defined(__AARCH64EL__) || defined(_M_ARM64)
|
|
32
|
+
#define OPENSSL_64_BIT
|
|
33
|
+
#define OPENSSL_AARCH64
|
|
34
|
+
#elif defined(__ARMEL__) || defined(_M_ARM)
|
|
35
|
+
#define OPENSSL_32_BIT
|
|
36
|
+
#define OPENSSL_ARM
|
|
37
|
+
#elif (defined(__PPC64__) || defined(__powerpc64__)) && defined(_LITTLE_ENDIAN)
|
|
38
|
+
#define OPENSSL_64_BIT
|
|
39
|
+
#define OPENSSL_PPC64LE
|
|
40
|
+
#elif (defined(__PPC64__) || defined(__powerpc64__)) && defined(_BIG_ENDIAN)
|
|
41
|
+
#define OPENSSL_64_BIT
|
|
42
|
+
#define OPENSSL_PPC64BE
|
|
43
|
+
#define OPENSSL_BIG_ENDIAN
|
|
44
|
+
#elif (defined(__PPC__) || defined(__powerpc__)) && defined(_BIG_ENDIAN)
|
|
45
|
+
#define OPENSSL_32_BIT
|
|
46
|
+
#define OPENSSL_PPC32BE
|
|
47
|
+
#define OPENSSL_BIG_ENDIAN
|
|
48
|
+
#elif defined(__MIPSEL__) && !defined(__LP64__)
|
|
49
|
+
#define OPENSSL_32_BIT
|
|
50
|
+
#define OPENSSL_MIPS
|
|
51
|
+
#elif defined(__MIPSEL__) && defined(__LP64__)
|
|
52
|
+
#define OPENSSL_64_BIT
|
|
53
|
+
#define OPENSSL_MIPS64
|
|
54
|
+
#elif defined(__riscv) && __SIZEOF_POINTER__ == 8
|
|
55
|
+
#define OPENSSL_64_BIT
|
|
56
|
+
#define OPENSSL_RISCV64
|
|
57
|
+
#elif defined(__riscv) && __SIZEOF_POINTER__ == 4
|
|
58
|
+
#define OPENSSL_32_BIT
|
|
59
|
+
#elif defined(__loongarch_lp64)
|
|
60
|
+
#define OPENSSL_64_BIT
|
|
61
|
+
#define OPENSSL_LOONGARCH64
|
|
62
|
+
#elif defined(__pnacl__)
|
|
63
|
+
#define OPENSSL_32_BIT
|
|
64
|
+
#define OPENSSL_PNACL
|
|
65
|
+
#elif defined(__wasm__)
|
|
66
|
+
#define OPENSSL_32_BIT
|
|
67
|
+
#elif defined(__asmjs__)
|
|
68
|
+
#define OPENSSL_32_BIT
|
|
69
|
+
#elif defined(__myriad2__)
|
|
70
|
+
#define OPENSSL_32_BIT
|
|
71
|
+
#else
|
|
72
|
+
// Run the crypto_test binary, notably crypto/compiler_test.cc, before adding
|
|
73
|
+
// a new architecture.
|
|
74
|
+
#error "Unknown target CPU"
|
|
75
|
+
#endif
|
|
76
|
+
|
|
77
|
+
#if defined(__APPLE__)
|
|
78
|
+
#define OPENSSL_APPLE
|
|
79
|
+
#endif
|
|
80
|
+
|
|
81
|
+
#if defined(_WIN32)
|
|
82
|
+
#define OPENSSL_WINDOWS
|
|
83
|
+
#endif
|
|
84
|
+
|
|
85
|
+
// Trusty isn't Linux but currently defines __linux__. As a workaround, we
|
|
86
|
+
// exclude it here.
|
|
87
|
+
// TODO(b/169780122): Remove this workaround once Trusty no longer defines it.
|
|
88
|
+
#if defined(__linux__) && !defined(__TRUSTY__)
|
|
89
|
+
#define OPENSSL_LINUX
|
|
90
|
+
#endif
|
|
91
|
+
|
|
92
|
+
#if defined(__Fuchsia__)
|
|
93
|
+
#define OPENSSL_FUCHSIA
|
|
94
|
+
#endif
|
|
95
|
+
|
|
96
|
+
#if defined(__TRUSTY__)
|
|
97
|
+
#define OPENSSL_TRUSTY
|
|
98
|
+
#define OPENSSL_NO_POSIX_IO
|
|
99
|
+
#define OPENSSL_NO_SOCK
|
|
100
|
+
#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
|
|
101
|
+
#endif
|
|
102
|
+
|
|
103
|
+
#if defined(OPENSSL_NANOLIBC)
|
|
104
|
+
#define OPENSSL_NO_POSIX_IO
|
|
105
|
+
#define OPENSSL_NO_SOCK
|
|
106
|
+
#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
|
|
107
|
+
#endif
|
|
108
|
+
|
|
109
|
+
#if defined(__ANDROID_API__)
|
|
110
|
+
#define OPENSSL_ANDROID
|
|
111
|
+
#endif
|
|
112
|
+
|
|
113
|
+
#if defined(__FreeBSD__)
|
|
114
|
+
#define OPENSSL_FREEBSD
|
|
115
|
+
#endif
|
|
116
|
+
|
|
117
|
+
#if defined(__OpenBSD__)
|
|
118
|
+
#define OPENSSL_OPENBSD
|
|
119
|
+
#endif
|
|
120
|
+
|
|
121
|
+
// BoringSSL requires platform's locking APIs to make internal global state
|
|
122
|
+
// thread-safe, including the PRNG. On some single-threaded embedded platforms,
|
|
123
|
+
// locking APIs may not exist, so this dependency may be disabled with the
|
|
124
|
+
// following build flag.
|
|
125
|
+
//
|
|
126
|
+
// IMPORTANT: Doing so means the consumer promises the library will never be
|
|
127
|
+
// used in any multi-threaded context. It causes BoringSSL to be globally
|
|
128
|
+
// thread-unsafe. Setting it inappropriately will subtly and unpredictably
|
|
129
|
+
// corrupt memory and leak secret keys.
|
|
130
|
+
//
|
|
131
|
+
// Do not set this flag on any platform where threads are possible. BoringSSL
|
|
132
|
+
// maintainers will not provide support for any consumers that do so. Changes
|
|
133
|
+
// which break such unsupported configurations will not be reverted.
|
|
134
|
+
#if !defined(OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED)
|
|
135
|
+
#define OPENSSL_THREADS
|
|
136
|
+
#endif
|
|
137
|
+
|
|
138
|
+
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) && \
|
|
139
|
+
!defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
|
|
140
|
+
#define BORINGSSL_UNSAFE_DETERMINISTIC_MODE
|
|
141
|
+
#endif
|
|
142
|
+
|
|
143
|
+
#if defined(__has_feature)
|
|
144
|
+
#if __has_feature(address_sanitizer)
|
|
145
|
+
#define OPENSSL_ASAN
|
|
146
|
+
#endif
|
|
147
|
+
#if __has_feature(thread_sanitizer)
|
|
148
|
+
#define OPENSSL_TSAN
|
|
149
|
+
#endif
|
|
150
|
+
#if __has_feature(memory_sanitizer)
|
|
151
|
+
#define OPENSSL_MSAN
|
|
152
|
+
#define OPENSSL_ASM_INCOMPATIBLE
|
|
153
|
+
#endif
|
|
154
|
+
#if __has_feature(hwaddress_sanitizer)
|
|
155
|
+
#define OPENSSL_HWASAN
|
|
156
|
+
#endif
|
|
157
|
+
#endif
|
|
158
|
+
|
|
159
|
+
#if defined(OPENSSL_ASM_INCOMPATIBLE)
|
|
160
|
+
#undef OPENSSL_ASM_INCOMPATIBLE
|
|
161
|
+
#if !defined(OPENSSL_NO_ASM)
|
|
162
|
+
#define OPENSSL_NO_ASM
|
|
163
|
+
#endif
|
|
164
|
+
#endif // OPENSSL_ASM_INCOMPATIBLE
|
|
165
|
+
|
|
166
|
+
#endif // OPENSSL_HEADER_TARGET_H
|
|
@@ -2495,11 +2495,16 @@ OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid,
|
|
|
2495
2495
|
// NOTE:
|
|
2496
2496
|
// 1. Applications rarely call this function directly, but it is used
|
|
2497
2497
|
// internally for certificate validation.
|
|
2498
|
-
// 2.
|
|
2499
|
-
//
|
|
2500
|
-
//
|
|
2501
|
-
//
|
|
2502
|
-
//
|
|
2498
|
+
// 2. |X509_verify_cert| and other related functions call
|
|
2499
|
+
// |sk_X509_OBJECT_sort| internally, which rearranges the certificate
|
|
2500
|
+
// ordering. There will be cases where two certs have an identical
|
|
2501
|
+
// |subject| and |X509_OBJECT_cmp| will return 0, but one is a valid cert
|
|
2502
|
+
// and the other is invalid.
|
|
2503
|
+
// Due to https://github.com/openssl/openssl/issues/18708, certificate
|
|
2504
|
+
// verification could fail if an invalid cert is checked before the valid
|
|
2505
|
+
// cert. What we do with sorting behavior when certs are identical is
|
|
2506
|
+
// considered "unstable" and certain sorting expectations shouldn't be
|
|
2507
|
+
// depended on.
|
|
2503
2508
|
OPENSSL_EXPORT int X509_verify_cert(X509_STORE_CTX *ctx);
|
|
2504
2509
|
|
|
2505
2510
|
// PKCS#8 utilities
|
|
@@ -2557,7 +2562,7 @@ OPENSSL_EXPORT X509_TRUST *X509_TRUST_get0(int idx);
|
|
|
2557
2562
|
OPENSSL_EXPORT int X509_TRUST_get_by_id(int id);
|
|
2558
2563
|
OPENSSL_EXPORT int X509_TRUST_add(int id, int flags,
|
|
2559
2564
|
int (*ck)(X509_TRUST *, X509 *, int),
|
|
2560
|
-
char *name, int arg1, void *arg2);
|
|
2565
|
+
const char *name, int arg1, void *arg2);
|
|
2561
2566
|
OPENSSL_EXPORT void X509_TRUST_cleanup(void);
|
|
2562
2567
|
OPENSSL_EXPORT int X509_TRUST_get_flags(const X509_TRUST *xp);
|
|
2563
2568
|
OPENSSL_EXPORT char *X509_TRUST_get0_name(const X509_TRUST *xp);
|
|
@@ -2778,6 +2783,12 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
|
|
|
2778
2783
|
(X509_V_FLAG_POLICY_CHECK | X509_V_FLAG_EXPLICIT_POLICY | \
|
|
2779
2784
|
X509_V_FLAG_INHIBIT_ANY | X509_V_FLAG_INHIBIT_MAP)
|
|
2780
2785
|
|
|
2786
|
+
// X509_OBJECT_new allocates an |X509_OBJECT| on the heap.
|
|
2787
|
+
OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_new(void);
|
|
2788
|
+
|
|
2789
|
+
// X509_OBJECT_free frees an |X509_OBJECT| from the heap.
|
|
2790
|
+
OPENSSL_EXPORT void X509_OBJECT_free(X509_OBJECT *a);
|
|
2791
|
+
|
|
2781
2792
|
OPENSSL_EXPORT int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h,
|
|
2782
2793
|
int type, X509_NAME *name);
|
|
2783
2794
|
OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_by_subject(
|
|
@@ -2785,7 +2796,6 @@ OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_by_subject(
|
|
|
2785
2796
|
OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
|
|
2786
2797
|
X509_OBJECT *x);
|
|
2787
2798
|
OPENSSL_EXPORT int X509_OBJECT_up_ref_count(X509_OBJECT *a);
|
|
2788
|
-
OPENSSL_EXPORT void X509_OBJECT_free_contents(X509_OBJECT *a);
|
|
2789
2799
|
OPENSSL_EXPORT int X509_OBJECT_get_type(const X509_OBJECT *a);
|
|
2790
2800
|
OPENSSL_EXPORT X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
|
|
2791
2801
|
// X509_OBJECT_get0_X509_CRL returns the |X509_CRL| associated with |a|
|
|
@@ -2901,9 +2911,6 @@ OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
|
|
|
2901
2911
|
OPENSSL_EXPORT int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
|
|
2902
2912
|
OPENSSL_EXPORT int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
|
|
2903
2913
|
|
|
2904
|
-
OPENSSL_EXPORT int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type,
|
|
2905
|
-
X509_NAME *name, X509_OBJECT *ret);
|
|
2906
|
-
|
|
2907
2914
|
OPENSSL_EXPORT int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
|
|
2908
2915
|
long argl, char **ret);
|
|
2909
2916
|
|
|
@@ -2997,6 +3004,19 @@ OPENSSL_EXPORT void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx,
|
|
|
2997
3004
|
OPENSSL_EXPORT int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx,
|
|
2998
3005
|
const char *name);
|
|
2999
3006
|
|
|
3007
|
+
// X509_STORE_get_by_subject is an alias to |X509_STORE_CTX_get_by_subject| in
|
|
3008
|
+
// OpenSSL 1.1.1.
|
|
3009
|
+
#define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject
|
|
3010
|
+
|
|
3011
|
+
// X509_STORE_CTX_get_by_subject tries to find an object of a given type, which
|
|
3012
|
+
// may be |X509_LU_X509| or |X509_LU_CRL|, and the subject name from the store
|
|
3013
|
+
// in |vs|. If found and |ret| is not NULL, it increments the reference count
|
|
3014
|
+
// and stores the object in |ret|.
|
|
3015
|
+
OPENSSL_EXPORT int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs,
|
|
3016
|
+
int type,
|
|
3017
|
+
X509_NAME *name,
|
|
3018
|
+
X509_OBJECT *ret);
|
|
3019
|
+
|
|
3000
3020
|
// X509_VERIFY_PARAM functions
|
|
3001
3021
|
|
|
3002
3022
|
OPENSSL_EXPORT X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
|
|
@@ -707,7 +707,7 @@ OPENSSL_EXPORT char *i2s_ASN1_ENUMERATED(const X509V3_EXT_METHOD *meth,
|
|
|
707
707
|
// callers should simply handle the custom extension with the byte-based
|
|
708
708
|
// |X509_EXTENSION| APIs directly. Registering |ext| with the library has little
|
|
709
709
|
// practical value.
|
|
710
|
-
OPENSSL_EXPORT int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
|
|
710
|
+
OPENSSL_EXPORT OPENSSL_DEPRECATED int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
|
|
711
711
|
|
|
712
712
|
// X509V3_EXT_add_list calls |X509V3_EXT_add| on |&extlist[0]|, |&extlist[1]|,
|
|
713
713
|
// and so on, until some |extlist[i]->ext_nid| is -1. It returns one on success
|
|
@@ -721,7 +721,8 @@ OPENSSL_EXPORT int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
|
|
|
721
721
|
// and zero on error.
|
|
722
722
|
//
|
|
723
723
|
// WARNING: Do not use this function. See |X509V3_EXT_add|.
|
|
724
|
-
OPENSSL_EXPORT int X509V3_EXT_add_alias(int nid_to,
|
|
724
|
+
OPENSSL_EXPORT OPENSSL_DEPRECATED int X509V3_EXT_add_alias(int nid_to,
|
|
725
|
+
int nid_from);
|
|
725
726
|
|
|
726
727
|
// X509V3_EXT_cleanup removes all custom extensions registered with
|
|
727
728
|
// |X509V3_EXT_add*|.
|
|
@@ -942,12 +943,13 @@ OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_authority_serial(X509 *x509);
|
|
|
942
943
|
|
|
943
944
|
OPENSSL_EXPORT int X509_PURPOSE_get_count(void);
|
|
944
945
|
OPENSSL_EXPORT X509_PURPOSE *X509_PURPOSE_get0(int idx);
|
|
945
|
-
OPENSSL_EXPORT int X509_PURPOSE_get_by_sname(char *sname);
|
|
946
|
+
OPENSSL_EXPORT int X509_PURPOSE_get_by_sname(const char *sname);
|
|
946
947
|
OPENSSL_EXPORT int X509_PURPOSE_get_by_id(int id);
|
|
947
948
|
OPENSSL_EXPORT int X509_PURPOSE_add(int id, int trust, int flags,
|
|
948
949
|
int (*ck)(const X509_PURPOSE *,
|
|
949
950
|
const X509 *, int),
|
|
950
|
-
char *name, char *sname,
|
|
951
|
+
const char *name, const char *sname,
|
|
952
|
+
void *arg);
|
|
951
953
|
OPENSSL_EXPORT char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp);
|
|
952
954
|
OPENSSL_EXPORT char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
|
|
953
955
|
OPENSSL_EXPORT int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
|
|
@@ -273,6 +273,8 @@ set(
|
|
|
273
273
|
third_party/wycheproof_testvectors/hmac_sha256_test.txt
|
|
274
274
|
third_party/wycheproof_testvectors/hmac_sha384_test.txt
|
|
275
275
|
third_party/wycheproof_testvectors/hmac_sha512_test.txt
|
|
276
|
+
third_party/wycheproof_testvectors/hmac_sha512_224_test.txt
|
|
277
|
+
third_party/wycheproof_testvectors/hmac_sha512_256_test.txt
|
|
276
278
|
third_party/wycheproof_testvectors/kwp_test.txt
|
|
277
279
|
third_party/wycheproof_testvectors/kw_test.txt
|
|
278
280
|
third_party/wycheproof_testvectors/primality_test.txt
|
|
@@ -205,6 +205,11 @@ static bool tls1_check_duplicate_extensions(const CBS *cbs) {
|
|
|
205
205
|
}
|
|
206
206
|
|
|
207
207
|
static bool is_post_quantum_group(uint16_t id) {
|
|
208
|
+
for (const uint16_t pq_group_id : PQGroups()) {
|
|
209
|
+
if (id == pq_group_id) {
|
|
210
|
+
return true;
|
|
211
|
+
}
|
|
212
|
+
}
|
|
208
213
|
return false;
|
|
209
214
|
}
|
|
210
215
|
|
|
@@ -339,13 +344,13 @@ bool tls1_get_shared_group(SSL_HANDSHAKE *hs, uint16_t *out_group_id) {
|
|
|
339
344
|
|
|
340
345
|
for (uint16_t pref_group : pref) {
|
|
341
346
|
for (uint16_t supp_group : supp) {
|
|
342
|
-
if (pref_group == supp_group
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
347
|
+
if (pref_group == supp_group) {
|
|
348
|
+
// PQ groups require TLS 1.3 or later
|
|
349
|
+
if (!is_post_quantum_group(pref_group) ||
|
|
350
|
+
ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
351
|
+
*out_group_id = pref_group;
|
|
352
|
+
return true;
|
|
353
|
+
}
|
|
349
354
|
}
|
|
350
355
|
}
|
|
351
356
|
}
|
|
@@ -264,15 +264,23 @@ static bool negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
264
264
|
return true;
|
|
265
265
|
}
|
|
266
266
|
|
|
267
|
-
|
|
268
|
-
const SSL_CLIENT_HELLO *client_hello) {
|
|
267
|
+
bool ssl_parse_client_cipher_list(
|
|
268
|
+
const SSL_CLIENT_HELLO *client_hello, UniquePtr<STACK_OF(SSL_CIPHER)> *ciphers_out) {
|
|
269
|
+
ciphers_out->reset();
|
|
270
|
+
|
|
269
271
|
CBS cipher_suites;
|
|
270
272
|
CBS_init(&cipher_suites, client_hello->cipher_suites,
|
|
271
273
|
client_hello->cipher_suites_len);
|
|
272
274
|
|
|
275
|
+
// Cipher suites are encoded as 2-byte unsigned integers
|
|
276
|
+
if (CBS_len(&cipher_suites) % 2 != 0) {
|
|
277
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
|
|
278
|
+
return false;
|
|
279
|
+
}
|
|
280
|
+
|
|
273
281
|
UniquePtr<STACK_OF(SSL_CIPHER)> sk(sk_SSL_CIPHER_new_null());
|
|
274
282
|
if (!sk) {
|
|
275
|
-
return
|
|
283
|
+
return false;
|
|
276
284
|
}
|
|
277
285
|
|
|
278
286
|
while (CBS_len(&cipher_suites) > 0) {
|
|
@@ -280,16 +288,19 @@ static UniquePtr<STACK_OF(SSL_CIPHER)> ssl_parse_client_cipher_list(
|
|
|
280
288
|
|
|
281
289
|
if (!CBS_get_u16(&cipher_suites, &cipher_suite)) {
|
|
282
290
|
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
|
|
283
|
-
return
|
|
291
|
+
return false;
|
|
284
292
|
}
|
|
285
293
|
|
|
286
294
|
const SSL_CIPHER *c = SSL_get_cipher_by_value(cipher_suite);
|
|
287
295
|
if (c != NULL && !sk_SSL_CIPHER_push(sk.get(), c)) {
|
|
288
|
-
|
|
296
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
|
|
297
|
+
return false;
|
|
289
298
|
}
|
|
290
299
|
}
|
|
291
300
|
|
|
292
|
-
|
|
301
|
+
*ciphers_out = std::move(sk);
|
|
302
|
+
|
|
303
|
+
return true;
|
|
293
304
|
}
|
|
294
305
|
|
|
295
306
|
// ssl_get_compatible_server_ciphers determines the key exchange and
|
|
@@ -338,9 +349,8 @@ static void ssl_get_compatible_server_ciphers(SSL_HANDSHAKE *hs,
|
|
|
338
349
|
*out_mask_a = mask_a;
|
|
339
350
|
}
|
|
340
351
|
|
|
341
|
-
static const SSL_CIPHER *choose_cipher(
|
|
342
|
-
|
|
343
|
-
const SSLCipherPreferenceList *server_pref) {
|
|
352
|
+
static const SSL_CIPHER *choose_cipher(SSL_HANDSHAKE *hs,
|
|
353
|
+
const SSLCipherPreferenceList *server_pref) {
|
|
344
354
|
SSL *const ssl = hs->ssl;
|
|
345
355
|
const STACK_OF(SSL_CIPHER) *prio, *allow;
|
|
346
356
|
// in_group_flags will either be NULL, or will point to an array of bytes
|
|
@@ -352,18 +362,12 @@ static const SSL_CIPHER *choose_cipher(
|
|
|
352
362
|
// such value exists yet.
|
|
353
363
|
int group_min = -1;
|
|
354
364
|
|
|
355
|
-
UniquePtr<STACK_OF(SSL_CIPHER)> client_pref =
|
|
356
|
-
ssl_parse_client_cipher_list(client_hello);
|
|
357
|
-
if (!client_pref) {
|
|
358
|
-
return nullptr;
|
|
359
|
-
}
|
|
360
|
-
|
|
361
365
|
if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
|
|
362
366
|
prio = server_pref->ciphers.get();
|
|
363
367
|
in_group_flags = server_pref->in_group_flags;
|
|
364
|
-
allow =
|
|
368
|
+
allow = ssl->client_cipher_suites.get();
|
|
365
369
|
} else {
|
|
366
|
-
prio =
|
|
370
|
+
prio = ssl->client_cipher_suites.get();
|
|
367
371
|
in_group_flags = NULL;
|
|
368
372
|
allow = server_pref->ciphers.get();
|
|
369
373
|
}
|
|
@@ -810,12 +814,18 @@ static enum ssl_hs_wait_t do_select_certificate(SSL_HANDSHAKE *hs) {
|
|
|
810
814
|
return ssl_hs_error;
|
|
811
815
|
}
|
|
812
816
|
|
|
817
|
+
if (!ssl_parse_client_cipher_list(&client_hello, &ssl->client_cipher_suites)) {
|
|
818
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
|
|
819
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
|
|
820
|
+
return ssl_hs_error;
|
|
821
|
+
}
|
|
822
|
+
|
|
813
823
|
// Negotiate the cipher suite. This must be done after |cert_cb| so the
|
|
814
824
|
// certificate is finalized.
|
|
815
825
|
SSLCipherPreferenceList *prefs = hs->config->cipher_list
|
|
816
826
|
? hs->config->cipher_list.get()
|
|
817
827
|
: ssl->ctx->cipher_list.get();
|
|
818
|
-
hs->new_cipher = choose_cipher(hs,
|
|
828
|
+
hs->new_cipher = choose_cipher(hs, prefs);
|
|
819
829
|
if (hs->new_cipher == NULL) {
|
|
820
830
|
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
|
|
821
831
|
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
|
|
@@ -703,13 +703,13 @@ bool ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher);
|
|
|
703
703
|
size_t ssl_cipher_get_record_split_len(const SSL_CIPHER *cipher);
|
|
704
704
|
|
|
705
705
|
// ssl_choose_tls13_cipher returns an |SSL_CIPHER| corresponding with the best
|
|
706
|
-
// available from |
|
|
706
|
+
// available from |client_cipher_suites| compatible with |version|, |group_id| and
|
|
707
707
|
// configured |tls13_ciphers|. It returns NULL if there isn't a compatible
|
|
708
708
|
// cipher. |has_aes_hw| indicates if the choice should be made as if support for
|
|
709
709
|
// AES in hardware is available.
|
|
710
710
|
const SSL_CIPHER *ssl_choose_tls13_cipher(
|
|
711
|
-
|
|
712
|
-
const STACK_OF(SSL_CIPHER) *tls13_ciphers);
|
|
711
|
+
const STACK_OF(SSL_CIPHER) *client_cipher_suites, bool has_aes_hw, uint16_t version,
|
|
712
|
+
uint16_t group_id, const STACK_OF(SSL_CIPHER) *tls13_ciphers);
|
|
713
713
|
|
|
714
714
|
|
|
715
715
|
// Transcript layer.
|
|
@@ -1158,8 +1158,9 @@ class SSLKeyShare {
|
|
|
1158
1158
|
HAS_VIRTUAL_DESTRUCTOR
|
|
1159
1159
|
|
|
1160
1160
|
// Create returns a SSLKeyShare instance for use with group |group_id| or
|
|
1161
|
-
// nullptr on error.
|
|
1162
|
-
|
|
1161
|
+
// nullptr on error. Marked with OPENSSL_EXPORT to make it available for
|
|
1162
|
+
// unit tests.
|
|
1163
|
+
OPENSSL_EXPORT static UniquePtr<SSLKeyShare> Create(uint16_t group_id);
|
|
1163
1164
|
|
|
1164
1165
|
// GroupID returns the group ID.
|
|
1165
1166
|
virtual uint16_t GroupID() const PURE_VIRTUAL;
|
|
@@ -1197,12 +1198,35 @@ class SSLKeyShare {
|
|
|
1197
1198
|
struct NamedGroup {
|
|
1198
1199
|
int nid;
|
|
1199
1200
|
uint16_t group_id;
|
|
1200
|
-
const char name[
|
|
1201
|
+
const char name[32], alias[32];
|
|
1201
1202
|
};
|
|
1202
1203
|
|
|
1203
1204
|
// NamedGroups returns all supported groups.
|
|
1204
1205
|
Span<const NamedGroup> NamedGroups();
|
|
1205
1206
|
|
|
1207
|
+
// Hybrid groups adhere to the draft specification:
|
|
1208
|
+
// https://datatracker.ietf.org/doc/html/draft-ietf-tls-hybrid-design
|
|
1209
|
+
#define NUM_HYBRID_COMPONENTS 2
|
|
1210
|
+
struct HybridGroup {
|
|
1211
|
+
// Just like regular groups, each hybrid group has a group ID that
|
|
1212
|
+
// identifies the group as a whole unit...
|
|
1213
|
+
uint16_t group_id;
|
|
1214
|
+
|
|
1215
|
+
// ...and each component of the hybrid group has its own group ID
|
|
1216
|
+
uint16_t component_group_ids[NUM_HYBRID_COMPONENTS];
|
|
1217
|
+
};
|
|
1218
|
+
|
|
1219
|
+
// HybridGroups returns all supported hybrid groups. A hybrid group will likely
|
|
1220
|
+
// (but not necessarily) contain at least one PQ group. Marked with
|
|
1221
|
+
// OPENSSL_EXPORT to make it available for unit tests.
|
|
1222
|
+
OPENSSL_EXPORT Span<const HybridGroup> HybridGroups();
|
|
1223
|
+
|
|
1224
|
+
// PQGroups returns all supported post-quantum groups. A post-quantum
|
|
1225
|
+
// group may be a hybrid group containing at least one PQ
|
|
1226
|
+
// component (e.g. SSL_GROUP_SECP256R1_KYBER768_DRAFT00) or a standalone PQ group
|
|
1227
|
+
// (e.g. KYBER768_R3).
|
|
1228
|
+
Span<const uint16_t> PQGroups();
|
|
1229
|
+
|
|
1206
1230
|
// ssl_nid_to_group_id looks up the group corresponding to |nid|. On success, it
|
|
1207
1231
|
// sets |*out_group_id| to the group ID and returns true. Otherwise, it returns
|
|
1208
1232
|
// false.
|
|
@@ -2425,6 +2449,12 @@ bool ssl_client_hello_get_extension(const SSL_CLIENT_HELLO *client_hello,
|
|
|
2425
2449
|
bool ssl_client_cipher_list_contains_cipher(
|
|
2426
2450
|
const SSL_CLIENT_HELLO *client_hello, uint16_t id);
|
|
2427
2451
|
|
|
2452
|
+
// ssl_parse_client_cipher_list returns the ciphers offered by the client
|
|
2453
|
+
// during handshake, or null if the handshake hasn't occurred or there was an
|
|
2454
|
+
// error.
|
|
2455
|
+
bool ssl_parse_client_cipher_list(const SSL_CLIENT_HELLO *client_hello,
|
|
2456
|
+
UniquePtr<STACK_OF(SSL_CIPHER)> *ciphers_out);
|
|
2457
|
+
|
|
2428
2458
|
|
|
2429
2459
|
// GREASE.
|
|
2430
2460
|
|
|
@@ -4000,6 +4030,11 @@ struct ssl_st {
|
|
|
4000
4030
|
// is immutable.
|
|
4001
4031
|
bssl::UniquePtr<SSL_SESSION> session;
|
|
4002
4032
|
|
|
4033
|
+
// client_cipher_suites contains cipher suites offered by the client during
|
|
4034
|
+
// the handshake, with preference order maintained. This field is NOT
|
|
4035
|
+
// serialized and is only populated if used in a server context.
|
|
4036
|
+
bssl::UniquePtr<STACK_OF(SSL_CIPHER)> client_cipher_suites;
|
|
4037
|
+
|
|
4003
4038
|
void (*info_callback)(const SSL *ssl, int type, int value) = nullptr;
|
|
4004
4039
|
|
|
4005
4040
|
bssl::UniquePtr<SSL_CTX> ctx;
|
|
@@ -686,36 +686,28 @@ class CipherScorer {
|
|
|
686
686
|
};
|
|
687
687
|
|
|
688
688
|
const SSL_CIPHER *ssl_choose_tls13_cipher(
|
|
689
|
-
|
|
690
|
-
const STACK_OF(SSL_CIPHER) *tls13_ciphers) {
|
|
691
|
-
if (CBS_len(&cipher_suites) % 2 != 0) {
|
|
692
|
-
return nullptr;
|
|
693
|
-
}
|
|
689
|
+
const STACK_OF(SSL_CIPHER) *client_cipher_suites, bool has_aes_hw, uint16_t version,
|
|
690
|
+
uint16_t group_id, const STACK_OF(SSL_CIPHER) *tls13_ciphers) {
|
|
694
691
|
|
|
695
692
|
const SSL_CIPHER *best = nullptr;
|
|
696
693
|
CipherScorer scorer(has_aes_hw);
|
|
697
694
|
CipherScorer::Score best_score = scorer.MinScore();
|
|
698
695
|
|
|
699
|
-
|
|
700
|
-
|
|
701
|
-
|
|
702
|
-
return nullptr;
|
|
703
|
-
}
|
|
704
|
-
|
|
705
|
-
SSL_CIPHER *candidate = nullptr;
|
|
696
|
+
for (size_t i = 0; i < sk_SSL_CIPHER_num(client_cipher_suites); i++) {
|
|
697
|
+
const SSL_CIPHER *client_cipher = sk_SSL_CIPHER_value(client_cipher_suites, i);
|
|
698
|
+
const SSL_CIPHER *candidate = nullptr;
|
|
706
699
|
if (tls13_ciphers != nullptr) {
|
|
707
700
|
// Limit to customized TLS 1.3 ciphers if configured.
|
|
708
|
-
|
|
709
|
-
|
|
710
|
-
|
|
711
|
-
if (cipher != nullptr && cipher->id == cipher_suite_id) {
|
|
701
|
+
for (size_t j = 0; j < sk_SSL_CIPHER_num(tls13_ciphers); j++) {
|
|
702
|
+
const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(tls13_ciphers, j);
|
|
703
|
+
if (cipher != nullptr && cipher->id == client_cipher->id) {
|
|
712
704
|
candidate = (SSL_CIPHER *)cipher;
|
|
713
705
|
break;
|
|
714
706
|
}
|
|
715
707
|
}
|
|
716
708
|
} else {
|
|
717
709
|
// Limit to TLS 1.3 ciphers we know about.
|
|
718
|
-
candidate =
|
|
710
|
+
candidate = client_cipher;
|
|
719
711
|
}
|
|
720
712
|
if (candidate == nullptr ||
|
|
721
713
|
SSL_CIPHER_get_min_version(candidate) > version ||
|
|
@@ -1523,17 +1523,25 @@ int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *cipher) {
|
|
|
1523
1523
|
return NID_undef;
|
|
1524
1524
|
}
|
|
1525
1525
|
|
|
1526
|
-
|
|
1526
|
+
const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *cipher) {
|
|
1527
1527
|
switch (cipher->algorithm_prf) {
|
|
1528
1528
|
case SSL_HANDSHAKE_MAC_DEFAULT:
|
|
1529
|
-
return
|
|
1529
|
+
return EVP_md5_sha1();
|
|
1530
1530
|
case SSL_HANDSHAKE_MAC_SHA256:
|
|
1531
|
-
return
|
|
1531
|
+
return EVP_sha256();
|
|
1532
1532
|
case SSL_HANDSHAKE_MAC_SHA384:
|
|
1533
|
-
return
|
|
1533
|
+
return EVP_sha384();
|
|
1534
1534
|
}
|
|
1535
1535
|
assert(0);
|
|
1536
|
-
return
|
|
1536
|
+
return NULL;
|
|
1537
|
+
}
|
|
1538
|
+
|
|
1539
|
+
int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *cipher) {
|
|
1540
|
+
const EVP_MD *md = SSL_CIPHER_get_handshake_digest(cipher);
|
|
1541
|
+
if (md == NULL) {
|
|
1542
|
+
return NID_undef;
|
|
1543
|
+
}
|
|
1544
|
+
return EVP_MD_nid(md);
|
|
1537
1545
|
}
|
|
1538
1546
|
|
|
1539
1547
|
int SSL_CIPHER_is_block_cipher(const SSL_CIPHER *cipher) {
|