grpc 1.12.0 → 1.13.0.pre1

data/third_party/boringssl/crypto/fipsmodule/tls/internal.h

@@ -0,0 +1,39 @@
+/* Copyright (c) 2018, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_CRYPTO_FIPSMODULE_TLS_INTERNAL_H
+#define OPENSSL_HEADER_CRYPTO_FIPSMODULE_TLS_INTERNAL_H
+
+#include <openssl/base.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+// tls1_prf calculates |out_len| bytes of the TLS PDF, using |digest|, and
+// writes them to |out|. It returns one on success and zero on error.
+OPENSSL_EXPORT int CRYPTO_tls1_prf(const EVP_MD *digest,
+                                   uint8_t *out, size_t out_len,
+                                   const uint8_t *secret, size_t secret_len,
+                                   const char *label, size_t label_len,
+                                   const uint8_t *seed1, size_t seed1_len,
+                                   const uint8_t *seed2, size_t seed2_len);
+
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif  // OPENSSL_HEADER_CRYPTO_FIPSMODULE_TLS_INTERNAL_H

data/third_party/boringssl/crypto/fipsmodule/tls/kdf.c

@@ -0,0 +1,165 @@
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com). */
+
+#include <assert.h>
+
+#include <openssl/digest.h>
+#include <openssl/hmac.h>
+#include <openssl/mem.h>
+
+#include "internal.h"
+#include "../../internal.h"
+
+
+// tls1_P_hash computes the TLS P_<hash> function as described in RFC 5246,
+// section 5. It XORs |out_len| bytes to |out|, using |md| as the hash and
+// |secret| as the secret. |label|, |seed1|, and |seed2| are concatenated to
+// form the seed parameter. It returns true on success and false on failure.
+static int tls1_P_hash(uint8_t *out, size_t out_len,
+                       const EVP_MD *md,
+                       const uint8_t *secret, size_t secret_len,
+                       const char *label, size_t label_len,
+                       const uint8_t *seed1, size_t seed1_len,
+                       const uint8_t *seed2, size_t seed2_len) {
+  HMAC_CTX ctx, ctx_tmp, ctx_init;
+  uint8_t A1[EVP_MAX_MD_SIZE];
+  unsigned A1_len;
+  int ret = 0;
+
+  const size_t chunk = EVP_MD_size(md);
+  HMAC_CTX_init(&ctx);
+  HMAC_CTX_init(&ctx_tmp);
+  HMAC_CTX_init(&ctx_init);
+
+  if (!HMAC_Init_ex(&ctx_init, secret, secret_len, md, NULL) ||
+      !HMAC_CTX_copy_ex(&ctx, &ctx_init) ||
+      !HMAC_Update(&ctx, (const uint8_t *) label, label_len) ||
+      !HMAC_Update(&ctx, seed1, seed1_len) ||
+      !HMAC_Update(&ctx, seed2, seed2_len) ||
+      !HMAC_Final(&ctx, A1, &A1_len)) {
+    goto err;
+  }
+
+  for (;;) {
+    unsigned len;
+    uint8_t hmac[EVP_MAX_MD_SIZE];
+    if (!HMAC_CTX_copy_ex(&ctx, &ctx_init) ||
+        !HMAC_Update(&ctx, A1, A1_len) ||
+        // Save a copy of |ctx| to compute the next A1 value below.
+        (out_len > chunk && !HMAC_CTX_copy_ex(&ctx_tmp, &ctx)) ||
+        !HMAC_Update(&ctx, (const uint8_t *) label, label_len) ||
+        !HMAC_Update(&ctx, seed1, seed1_len) ||
+        !HMAC_Update(&ctx, seed2, seed2_len) ||
+        !HMAC_Final(&ctx, hmac, &len)) {
+      goto err;
+    }
+    assert(len == chunk);
+
+    // XOR the result into |out|.
+    if (len > out_len) {
+      len = out_len;
+    }
+    for (unsigned i = 0; i < len; i++) {
+      out[i] ^= hmac[i];
+    }
+    out += len;
+    out_len -= len;
+
+    if (out_len == 0) {
+      break;
+    }
+
+    // Calculate the next A1 value.
+    if (!HMAC_Final(&ctx_tmp, A1, &A1_len)) {
+      goto err;
+    }
+  }
+
+  ret = 1;
+
+err:
+  OPENSSL_cleanse(A1, sizeof(A1));
+  HMAC_CTX_cleanup(&ctx);
+  HMAC_CTX_cleanup(&ctx_tmp);
+  HMAC_CTX_cleanup(&ctx_init);
+  return ret;
+}
+
+int CRYPTO_tls1_prf(const EVP_MD *digest,
+                    uint8_t *out, size_t out_len,
+                    const uint8_t *secret, size_t secret_len,
+                    const char *label, size_t label_len,
+                    const uint8_t *seed1, size_t seed1_len,
+                    const uint8_t *seed2, size_t seed2_len) {
+  if (out_len == 0) {
+    return 1;
+  }
+
+  OPENSSL_memset(out, 0, out_len);
+
+  if (digest == EVP_md5_sha1()) {
+    // If using the MD5/SHA1 PRF, |secret| is partitioned between MD5 and SHA-1.
+    size_t secret_half = secret_len - (secret_len / 2);
+    if (!tls1_P_hash(out, out_len, EVP_md5(), secret, secret_half, label,
+                     label_len, seed1, seed1_len, seed2, seed2_len)) {
+      return 0;
+    }
+
+    // Note that, if |secret_len| is odd, the two halves share a byte.
+    secret += secret_len - secret_half;
+    secret_len = secret_half;
+    digest = EVP_sha1();
+  }
+
+  return tls1_P_hash(out, out_len, digest, secret, secret_len, label, label_len,
+                     seed1, seed1_len, seed2, seed2_len);
+}

data/third_party/boringssl/crypto/internal.h

@@ -116,7 +116,14 @@
 #include <assert.h>
 #include <string.h>
 
-#if !defined(__cplusplus)
+#if defined(__GNUC__) && \
+    (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) < 40800
+// |alignas| and |alignof| were added in C11. GCC added support in version 4.8.
+// Testing for __STDC_VERSION__/__cplusplus doesn't work because 4.7 already
+// reports support for C11.
+#define alignas(x) __attribute__ ((aligned (x)))
+#define alignof(x) __alignof__ (x)
+#elif !defined(__cplusplus)
 #if defined(_MSC_VER)
 #define alignas(x) __declspec(align(x))
 #define alignof __alignof
@@ -151,13 +158,34 @@ void OPENSSL_cpuid_setup(void);
 #endif
 
 
-#if !defined(_MSC_VER) && defined(OPENSSL_64_BIT)
+#if (!defined(_MSC_VER) || defined(__clang__)) && defined(OPENSSL_64_BIT)
+#define BORINGSSL_HAS_UINT128
 typedef __int128_t int128_t;
 typedef __uint128_t uint128_t;
+
+// clang-cl supports __uint128_t but modulus and division don't work.
+// https://crbug.com/787617.
+#if !defined(_MSC_VER) || !defined(__clang__)
+#define BORINGSSL_CAN_DIVIDE_UINT128
+#endif
 #endif
 
 #define OPENSSL_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0]))
 
+// Have a generic fall-through for different versions of C/C++.
+#if defined(__cplusplus) && __cplusplus >= 201703L
+#define OPENSSL_FALLTHROUGH [[fallthrough]]
+#elif defined(__cplusplus) && __cplusplus >= 201103L && defined(__clang__)
+#define OPENSSL_FALLTHROUGH [[clang::fallthrough]]
+#elif defined(__cplusplus) && __cplusplus >= 201103L && defined(__GNUC__) && \
+    __GNUC__ >= 7
+#define OPENSSL_FALLTHROUGH [[gnu::fallthrough]]
+#elif defined(__GNUC__) && __GNUC__ >= 7 // gcc 7
+#define OPENSSL_FALLTHROUGH __attribute__ ((fallthrough))
+#else // C++11 on gcc 6, and all other cases
+#define OPENSSL_FALLTHROUGH
+#endif
+
 // buffers_alias returns one if |a| and |b| alias and zero otherwise.
 static inline int buffers_alias(const uint8_t *a, size_t a_len,
                                 const uint8_t *b, size_t b_len) {
@@ -584,6 +612,41 @@ OPENSSL_EXPORT void CRYPTO_free_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class,
                                         void *obj, CRYPTO_EX_DATA *ad);
 
 
+// Endianness conversions.
+
+#if defined(__GNUC__) && __GNUC__ >= 2
+static inline uint32_t CRYPTO_bswap4(uint32_t x) {
+  return __builtin_bswap32(x);
+}
+
+static inline uint64_t CRYPTO_bswap8(uint64_t x) {
+  return __builtin_bswap64(x);
+}
+#elif defined(_MSC_VER)
+OPENSSL_MSVC_PRAGMA(warning(push, 3))
+#include <intrin.h>
+OPENSSL_MSVC_PRAGMA(warning(pop))
+#pragma intrinsic(_byteswap_uint64, _byteswap_ulong)
+static inline uint32_t CRYPTO_bswap4(uint32_t x) {
+  return _byteswap_ulong(x);
+}
+
+static inline uint64_t CRYPTO_bswap8(uint64_t x) {
+  return _byteswap_uint64(x);
+}
+#else
+static inline uint32_t CRYPTO_bswap4(uint32_t x) {
+  x = (x >> 16) | (x << 16);
+  x = ((x & 0xff00ff00) >> 8) | ((x & 0x00ff00ff) << 8);
+  return x;
+}
+
+static inline uint64_t CRYPTO_bswap8(uint64_t x) {
+  return CRYPTO_bswap4(x >> 32) | (((uint64_t)CRYPTO_bswap4(x)) << 32);
+}
+#endif
+
+
 // Language bug workarounds.
 //
 // Most C standard library functions are undefined if passed NULL, even when the

data/third_party/boringssl/crypto/mem.c

@@ -65,8 +65,6 @@
 OPENSSL_MSVC_PRAGMA(warning(push, 3))
 #include <windows.h>
 OPENSSL_MSVC_PRAGMA(warning(pop))
-#else
-#include <strings.h>
 #endif
 
 #include "internal.h"

data/third_party/boringssl/crypto/obj/obj.c

@@ -434,36 +434,6 @@ static int strlcpy_int(char *dst, const char *src, int dst_size) {
   return (int)ret;
 }
 
-static int parse_oid_component(CBS *cbs, uint64_t *out) {
-  uint64_t v = 0;
-  uint8_t b;
-  do {
-    if (!CBS_get_u8(cbs, &b)) {
-      return 0;
-    }
-    if ((v >> (64 - 7)) != 0) {
-      // The component is too large.
-      return 0;
-    }
-    if (v == 0 && b == 0x80) {
-      // The component must be minimally encoded.
-      return 0;
-    }
-    v = (v << 7) | (b & 0x7f);
-
-    // Components end at an octet with the high bit cleared.
-  } while (b & 0x80);
-
-  *out = v;
-  return 1;
-}
-
-static int add_decimal(CBB *out, uint64_t v) {
-  char buf[DECIMAL_SIZE(uint64_t) + 1];
-  BIO_snprintf(buf, sizeof(buf), "%" PRIu64, v);
-  return CBB_add_bytes(out, (const uint8_t *)buf, strlen(buf));
-}
-
 int OBJ_obj2txt(char *out, int out_len, const ASN1_OBJECT *obj,
                 int always_return_oid) {
   // Python depends on the empty OID successfully encoding as the empty
@@ -485,56 +455,19 @@ int OBJ_obj2txt(char *out, int out_len, const ASN1_OBJECT *obj,
     }
   }
 
-  CBB cbb;
-  if (!CBB_init(&cbb, 32)) {
-    goto err;
-  }
-
   CBS cbs;
   CBS_init(&cbs, obj->data, obj->length);
-
-  // The first component is 40 * value1 + value2, where value1 is 0, 1, or 2.
-  uint64_t v;
-  if (!parse_oid_component(&cbs, &v)) {
-    goto err;
-  }
-
-  if (v >= 80) {
-    if (!CBB_add_bytes(&cbb, (const uint8_t *)"2.", 2) ||
-        !add_decimal(&cbb, v - 80)) {
-      goto err;
-    }
-  } else if (!add_decimal(&cbb, v / 40) ||
-             !CBB_add_u8(&cbb, '.') ||
-             !add_decimal(&cbb, v % 40)) {
-    goto err;
-  }
-
-  while (CBS_len(&cbs) != 0) {
-    if (!parse_oid_component(&cbs, &v) ||
-        !CBB_add_u8(&cbb, '.') ||
-        !add_decimal(&cbb, v)) {
-      goto err;
+  char *txt = CBS_asn1_oid_to_text(&cbs);
+  if (txt == NULL) {
+    if (out_len > 0) {
+      out[0] = '\0';
     }
+    return -1;
   }
 
-  uint8_t *txt;
-  size_t txt_len;
-  if (!CBB_add_u8(&cbb, '\0') ||
-      !CBB_finish(&cbb, &txt, &txt_len)) {
-    goto err;
-  }
-
-  int ret = strlcpy_int(out, (const char *)txt, out_len);
+  int ret = strlcpy_int(out, txt, out_len);
   OPENSSL_free(txt);
   return ret;
-
-err:
-  CBB_cleanup(&cbb);
-  if (out_len > 0) {
-    out[0] = '\0';
-  }
-  return -1;
 }
 
 static uint32_t hash_nid(const ASN1_OBJECT *obj) {

data/third_party/boringssl/crypto/thread_pthread.c

@@ -94,6 +94,8 @@ void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void)) {
 static pthread_mutex_t g_destructors_lock = PTHREAD_MUTEX_INITIALIZER;
 static thread_local_destructor_t g_destructors[NUM_OPENSSL_THREAD_LOCALS];
 
+// thread_local_destructor is called when a thread exits. It releases thread
+// local data for that thread only.
 static void thread_local_destructor(void *arg) {
   if (arg == NULL) {
     return;
@@ -119,16 +121,44 @@ static void thread_local_destructor(void *arg) {
 
 static pthread_once_t g_thread_local_init_once = PTHREAD_ONCE_INIT;
 static pthread_key_t g_thread_local_key;
-static int g_thread_local_failed = 0;
+static int g_thread_local_key_created = 0;
+
+// OPENSSL_DANGEROUS_RELEASE_PTHREAD_KEY can be defined to cause
+// |pthread_key_delete| to be called in a destructor function. This can be
+// useful for programs that dlclose BoringSSL.
+//
+// Note that dlclose()ing BoringSSL is not supported and will leak memory:
+// thread-local values will be leaked as well as anything initialised via a
+// once. The |pthread_key_t| is destroyed because they run out very quickly,
+// while the other leaks are slow, and this allows code that happens to use
+// dlclose() despite all the problems to continue functioning.
+//
+// This is marked "dangerous" because it can cause multi-threaded processes to
+// crash (even if they don't use dlclose): if the destructor runs while other
+// threads are still executing then they may end up using an invalid key to
+// access thread-local variables.
+//
+// This may be removed after February 2020.
+#if defined(OPENSSL_DANGEROUS_RELEASE_PTHREAD_KEY) && \
+    (defined(__GNUC__) || defined(__clang__))
+// thread_key_destructor is called when the library is unloaded with dlclose.
+static void thread_key_destructor(void) __attribute__((destructor, unused));
+static void thread_key_destructor(void) {
+  if (g_thread_local_key_created) {
+    g_thread_local_key_created = 0;
+    pthread_key_delete(g_thread_local_key);
+  }
+}
+#endif
 
 static void thread_local_init(void) {
-  g_thread_local_failed =
-      pthread_key_create(&g_thread_local_key, thread_local_destructor) != 0;
+  g_thread_local_key_created =
+      pthread_key_create(&g_thread_local_key, thread_local_destructor) == 0;
 }
 
 void *CRYPTO_get_thread_local(thread_local_data_t index) {
   CRYPTO_once(&g_thread_local_init_once, thread_local_init);
-  if (g_thread_local_failed) {
+  if (!g_thread_local_key_created) {
     return NULL;
   }
 
@@ -142,7 +172,7 @@ void *CRYPTO_get_thread_local(thread_local_data_t index) {
 int CRYPTO_set_thread_local(thread_local_data_t index, void *value,
                             thread_local_destructor_t destructor) {
   CRYPTO_once(&g_thread_local_init_once, thread_local_init);
-  if (g_thread_local_failed) {
+  if (!g_thread_local_key_created) {
     destructor(value);
     return 0;
   }