grpc 1.24.0 → 1.25.0.pre1

data/third_party/boringssl/crypto/fipsmodule/fips_shared_support.c

@@ -0,0 +1,32 @@
+/* Copyright (c) 2019, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <stdint.h>
+
+
+#if defined(BORINGSSL_FIPS) && defined(BORINGSSL_SHARED_LIBRARY)
+// BORINGSSL_bcm_text_hash is is default hash value for the FIPS integrity check
+// that must be replaced with the real value during the build process. This
+// value need only be distinct, i.e. so that we can safely search-and-replace it
+// in an object file.
+const uint8_t BORINGSSL_bcm_text_hash[64];
+const uint8_t BORINGSSL_bcm_text_hash[64] = {
+    0xae, 0x2c, 0xea, 0x2a, 0xbd, 0xa6, 0xf3, 0xec, 0x97, 0x7f, 0x9b,
+    0xf6, 0x94, 0x9a, 0xfc, 0x83, 0x68, 0x27, 0xcb, 0xa0, 0xa0, 0x9f,
+    0x6b, 0x6f, 0xde, 0x52, 0xcd, 0xe2, 0xcd, 0xff, 0x31, 0x80, 0xa2,
+    0xd4, 0xc3, 0x66, 0x0f, 0xc2, 0x6a, 0x7b, 0xf4, 0xbe, 0x39, 0xa2,
+    0xd7, 0x25, 0xdb, 0x21, 0x98, 0xe9, 0xd5, 0x53, 0xbf, 0x5c, 0x32,
+    0x06, 0x83, 0x34, 0x0c, 0x65, 0x89, 0x52, 0xbd, 0x1f,
+};
+#endif  // FIPS && SHARED_LIBRARY

data/third_party/boringssl/crypto/fipsmodule/is_fips.c

@@ -25,3 +25,5 @@ int FIPS_mode(void) {
   return 0;
 #endif
 }
+
+int FIPS_mode_set(int on) { return on == FIPS_mode(); }

data/third_party/boringssl/crypto/fipsmodule/md4/md4.c

@@ -62,7 +62,7 @@
 #include "../../internal.h"
 
 
-uint8_t *MD4(const uint8_t *data, size_t len, uint8_t *out) {
+uint8_t *MD4(const uint8_t *data, size_t len, uint8_t out[MD4_DIGEST_LENGTH]) {
   MD4_CTX ctx;
   MD4_Init(&ctx);
   MD4_Update(&ctx, data, len);
@@ -88,6 +88,7 @@ void md4_block_data_order(uint32_t *state, const uint8_t *data, size_t num);
 
 #define HASH_CTX MD4_CTX
 #define HASH_CBLOCK 64
+#define HASH_DIGEST_LENGTH 16
 #define HASH_UPDATE MD4_Update
 #define HASH_TRANSFORM MD4_Transform
 #define HASH_FINAL MD4_Final
@@ -238,6 +239,7 @@ void md4_block_data_order(uint32_t *state, const uint8_t *data, size_t num) {
 #undef DATA_ORDER_IS_LITTLE_ENDIAN
 #undef HASH_CTX
 #undef HASH_CBLOCK
+#undef HASH_DIGEST_LENGTH
 #undef HASH_UPDATE
 #undef HASH_TRANSFORM
 #undef HASH_FINAL

data/third_party/boringssl/crypto/fipsmodule/md5/internal.h

@@ -0,0 +1,37 @@
+/* Copyright (c) 2018, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_MD5_INTERNAL_H
+#define OPENSSL_HEADER_MD5_INTERNAL_H
+
+#include <openssl/base.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+#if !defined(OPENSSL_NO_ASM) && \
+    (defined(OPENSSL_X86_64) || defined(OPENSSL_X86))
+#define MD5_ASM
+extern void md5_block_asm_data_order(uint32_t *state, const uint8_t *data,
+                                     size_t num);
+#endif
+
+
+#if defined(__cplusplus)
+}  // extern "C"
+#endif
+
+#endif  // OPENSSL_HEADER_MD5_INTERNAL_H

data/third_party/boringssl/crypto/fipsmodule/md5/md5.c

@@ -60,10 +60,11 @@
 
 #include <openssl/mem.h>
 
+#include "internal.h"
 #include "../../internal.h"
 
 
-uint8_t *MD5(const uint8_t *data, size_t len, uint8_t *out) {
+uint8_t *MD5(const uint8_t *data, size_t len, uint8_t out[MD5_DIGEST_LENGTH]) {
   MD5_CTX ctx;
   MD5_Init(&ctx);
   MD5_Update(&ctx, data, len);
@@ -81,19 +82,19 @@ int MD5_Init(MD5_CTX *md5) {
   return 1;
 }
 
-#if !defined(OPENSSL_NO_ASM) && \
-    (defined(OPENSSL_X86_64) || defined(OPENSSL_X86))
-#define MD5_ASM
+#if defined(MD5_ASM)
 #define md5_block_data_order md5_block_asm_data_order
+#else
+static void md5_block_data_order(uint32_t *state, const uint8_t *data,
+                                 size_t num);
 #endif
 
 
-void md5_block_data_order(uint32_t *state, const uint8_t *data, size_t num);
-
 #define DATA_ORDER_IS_LITTLE_ENDIAN
 
 #define HASH_CTX MD5_CTX
 #define HASH_CBLOCK 64
+#define HASH_DIGEST_LENGTH 16
 #define HASH_UPDATE MD5_Update
 #define HASH_TRANSFORM MD5_Transform
 #define HASH_FINAL MD5_Final
@@ -151,11 +152,12 @@ void md5_block_data_order(uint32_t *state, const uint8_t *data, size_t num);
     (a) += (b);                            \
   } while (0)
 
-#ifndef md5_block_data_order
+#ifndef MD5_ASM
 #ifdef X
 #undef X
 #endif
-void md5_block_data_order(uint32_t *state, const uint8_t *data, size_t num) {
+static void md5_block_data_order(uint32_t *state, const uint8_t *data,
+                                 size_t num) {
   uint32_t A, B, C, D, l;
   uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12,
       XX13, XX14, XX15;
@@ -280,6 +282,7 @@ void md5_block_data_order(uint32_t *state, const uint8_t *data, size_t num) {
 #undef DATA_ORDER_IS_LITTLE_ENDIAN
 #undef HASH_CTX
 #undef HASH_CBLOCK
+#undef HASH_DIGEST_LENGTH
 #undef HASH_UPDATE
 #undef HASH_TRANSFORM
 #undef HASH_FINAL

data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c

@@ -49,11 +49,13 @@
 #include <assert.h>
 #include <string.h>
 
+#include <openssl/type_check.h>
+
 #include "internal.h"
 
 
 void CRYPTO_cbc128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
-                           const void *key, uint8_t ivec[16],
+                           const AES_KEY *key, uint8_t ivec[16],
                            block128_f block) {
   size_t n;
   const uint8_t *iv = ivec;
@@ -61,30 +63,15 @@ void CRYPTO_cbc128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
   assert(key != NULL && ivec != NULL);
   assert(len == 0 || (in != NULL && out != NULL));
 
-  if (STRICT_ALIGNMENT &&
-      ((uintptr_t)in | (uintptr_t)out | (uintptr_t)ivec) % sizeof(size_t) !=
-          0) {
-    while (len >= 16) {
-      for (n = 0; n < 16; ++n) {
-        out[n] = in[n] ^ iv[n];
-      }
-      (*block)(out, out, key);
-      iv = out;
-      len -= 16;
-      in += 16;
-      out += 16;
-    }
-  } else {
-    while (len >= 16) {
-      for (n = 0; n < 16; n += sizeof(size_t)) {
-        store_word_le(out + n, load_word_le(in + n) ^ load_word_le(iv + n));
-      }
-      (*block)(out, out, key);
-      iv = out;
-      len -= 16;
-      in += 16;
-      out += 16;
+  while (len >= 16) {
+    for (n = 0; n < 16; n += sizeof(size_t)) {
+      store_word_le(out + n, load_word_le(in + n) ^ load_word_le(iv + n));
     }
+    (*block)(out, out, key);
+    iv = out;
+    len -= 16;
+    in += 16;
+    out += 16;
   }
 
   while (len) {
@@ -108,7 +95,7 @@ void CRYPTO_cbc128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
 }
 
 void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len,
-                           const void *key, uint8_t ivec[16],
+                           const AES_KEY *key, uint8_t ivec[16],
                            block128_f block) {
   size_t n;
   union {
@@ -127,66 +114,35 @@ void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len,
   if ((inptr >= 32 && outptr <= inptr - 32) || inptr < outptr) {
     // If |out| is at least two blocks behind |in| or completely disjoint, there
     // is no need to decrypt to a temporary block.
+    OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0,
+                          "block cannot be evenly divided into words");
     const uint8_t *iv = ivec;
-
-    if (STRICT_ALIGNMENT &&
-        ((uintptr_t)in | (uintptr_t)out | (uintptr_t)ivec) % sizeof(size_t) !=
-            0) {
-      while (len >= 16) {
-        (*block)(in, out, key);
-        for (n = 0; n < 16; ++n) {
-          out[n] ^= iv[n];
-        }
-        iv = in;
-        len -= 16;
-        in += 16;
-        out += 16;
-      }
-    } else if (16 % sizeof(size_t) == 0) {  // always true
-      while (len >= 16) {
-        (*block)(in, out, key);
-        for (n = 0; n < 16; n += sizeof(size_t)) {
-          store_word_le(out + n, load_word_le(out + n) ^ load_word_le(iv + n));
-        }
-        iv = in;
-        len -= 16;
-        in += 16;
-        out += 16;
+    while (len >= 16) {
+      (*block)(in, out, key);
+      for (n = 0; n < 16; n += sizeof(size_t)) {
+        store_word_le(out + n, load_word_le(out + n) ^ load_word_le(iv + n));
       }
+      iv = in;
+      len -= 16;
+      in += 16;
+      out += 16;
     }
     OPENSSL_memcpy(ivec, iv, 16);
   } else {
-    // |out| is less than two blocks behind |in|. Decrypting an input block
-    // directly to |out| would overwrite a ciphertext block before it is used as
-    // the next block's IV. Decrypt to a temporary block instead.
-    if (STRICT_ALIGNMENT &&
-        ((uintptr_t)in | (uintptr_t)out | (uintptr_t)ivec) % sizeof(size_t) !=
-            0) {
-      uint8_t c;
-      while (len >= 16) {
-        (*block)(in, tmp.c, key);
-        for (n = 0; n < 16; ++n) {
-          c = in[n];
-          out[n] = tmp.c[n] ^ ivec[n];
-          ivec[n] = c;
-        }
-        len -= 16;
-        in += 16;
-        out += 16;
-      }
-    } else if (16 % sizeof(size_t) == 0) {  // always true
-      while (len >= 16) {
-        (*block)(in, tmp.c, key);
-        for (n = 0; n < 16; n += sizeof(size_t)) {
-          size_t c = load_word_le(in + n);
-          store_word_le(out + n,
-                        tmp.t[n / sizeof(size_t)] ^ load_word_le(ivec + n));
-          store_word_le(ivec + n, c);
-        }
-        len -= 16;
-        in += 16;
-        out += 16;
+    OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0,
+                          "block cannot be evenly divided into words");
+
+    while (len >= 16) {
+      (*block)(in, tmp.c, key);
+      for (n = 0; n < 16; n += sizeof(size_t)) {
+        size_t c = load_word_le(in + n);
+        store_word_le(out + n,
+                      tmp.t[n / sizeof(size_t)] ^ load_word_le(ivec + n));
+        store_word_le(ivec + n, c);
       }
+      len -= 16;
+      in += 16;
+      out += 16;
     }
   }
 

data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c

@@ -54,13 +54,12 @@
 #include "internal.h"
 
 
-OPENSSL_COMPILE_ASSERT((16 % sizeof(size_t)) == 0, bad_size_t_size_cfb);
+OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0,
+                      "block cannot be divided into size_t");
 
 void CRYPTO_cfb128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
-                           const void *key, uint8_t ivec[16], unsigned *num,
+                           const AES_KEY *key, uint8_t ivec[16], unsigned *num,
                            int enc, block128_f block) {
-  size_t l = 0;
-
   assert(in && out && key && ivec && num);
 
   unsigned n = *num;
@@ -71,21 +70,6 @@ void CRYPTO_cfb128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
       --len;
       n = (n + 1) % 16;
     }
-#if STRICT_ALIGNMENT
-    if (((uintptr_t)in | (uintptr_t)out | (uintptr_t)ivec) % sizeof(size_t) !=
-        0) {
-      while (l < len) {
-        if (n == 0) {
-          (*block)(ivec, ivec, key);
-        }
-        out[l] = ivec[n] ^= in[l];
-        ++l;
-        n = (n + 1) % 16;
-      }
-      *num = n;
-      return;
-    }
-#endif
     while (len >= 16) {
       (*block)(ivec, ivec, key);
       for (; n < 16; n += sizeof(size_t)) {
@@ -115,22 +99,6 @@ void CRYPTO_cfb128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
       --len;
       n = (n + 1) % 16;
     }
-    if (STRICT_ALIGNMENT &&
-        ((uintptr_t)in | (uintptr_t)out | (uintptr_t)ivec) % sizeof(size_t) !=
-            0) {
-      while (l < len) {
-        uint8_t c;
-        if (n == 0) {
-          (*block)(ivec, ivec, key);
-        }
-        out[l] = ivec[n] ^ (c = in[l]);
-        ivec[n] = c;
-        ++l;
-        n = (n + 1) % 16;
-      }
-      *num = n;
-      return;
-    }
     while (len >= 16) {
       (*block)(ivec, ivec, key);
       for (; n < 16; n += sizeof(size_t)) {
@@ -161,7 +129,7 @@ void CRYPTO_cfb128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
 /* This expects a single block of size nbits for both in and out. Note that
    it corrupts any extra bits in the last byte of out */
 static void cfbr_encrypt_block(const uint8_t *in, uint8_t *out, unsigned nbits,
-                               const void *key, uint8_t ivec[16], int enc,
+                               const AES_KEY *key, uint8_t ivec[16], int enc,
                                block128_f block) {
   int n, rem, num;
   uint8_t ovec[16 * 2 + 1]; /* +1 because we dererefence (but don't use) one
@@ -203,8 +171,8 @@ static void cfbr_encrypt_block(const uint8_t *in, uint8_t *out, unsigned nbits,
 
 // N.B. This expects the input to be packed, MS bit first
 void CRYPTO_cfb128_1_encrypt(const uint8_t *in, uint8_t *out, size_t bits,
-                             const void *key, uint8_t ivec[16], unsigned *num,
-                             int enc, block128_f block) {
+                             const AES_KEY *key, uint8_t ivec[16],
+                             unsigned *num, int enc, block128_f block) {
   size_t n;
   uint8_t c[1], d[1];
 
@@ -220,7 +188,7 @@ void CRYPTO_cfb128_1_encrypt(const uint8_t *in, uint8_t *out, size_t bits,
 }
 
 void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
-                             size_t length, const void *key,
+                             size_t length, const AES_KEY *key,
                              unsigned char ivec[16], unsigned *num, int enc,
                              block128_f block) {
   size_t n;

data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c

@@ -69,7 +69,8 @@ static void ctr128_inc(uint8_t *counter) {
   } while (n);
 }
 
-OPENSSL_COMPILE_ASSERT((16 % sizeof(size_t)) == 0, bad_size_t_size_ctr);
+OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0,
+                      "block cannot be divided into size_t");
 
 // The input encrypted as though 128bit counter mode is being used.  The extra
 // state information to record how much of the 128bit block we have used is
@@ -82,7 +83,7 @@ OPENSSL_COMPILE_ASSERT((16 % sizeof(size_t)) == 0, bad_size_t_size_ctr);
 // of the IV.  This implementation takes NO responsibility for checking that
 // the counter doesn't overflow into the rest of the IV when incremented.
 void CRYPTO_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
-                           const void *key, uint8_t ivec[16],
+                           const AES_KEY *key, uint8_t ivec[16],
                            uint8_t ecount_buf[16], unsigned int *num,
                            block128_f block) {
   unsigned int n;
@@ -98,26 +99,6 @@ void CRYPTO_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
     --len;
     n = (n + 1) % 16;
   }
-
-#if STRICT_ALIGNMENT
-  if (((uintptr_t)in | (uintptr_t)out |
-        (uintptr_t)ecount_buf) % sizeof(size_t) != 0) {
-    size_t l = 0;
-    while (l < len) {
-      if (n == 0) {
-        (*block)(ivec, ecount_buf, key);
-        ctr128_inc(ivec);
-      }
-      out[l] = in[l] ^ ecount_buf[n];
-      ++l;
-      n = (n + 1) % 16;
-    }
-
-    *num = n;
-    return;
-  }
-#endif
-
   while (len >= 16) {
     (*block)(ivec, ecount_buf, key);
     ctr128_inc(ivec);
@@ -153,11 +134,10 @@ static void ctr96_inc(uint8_t *counter) {
   } while (n);
 }
 
-void CRYPTO_ctr128_encrypt_ctr32(const uint8_t *in, uint8_t *out,
-                                 size_t len, const void *key,
-                                 uint8_t ivec[16],
-                                 uint8_t ecount_buf[16],
-                                 unsigned int *num, ctr128_f func) {
+void CRYPTO_ctr128_encrypt_ctr32(const uint8_t *in, uint8_t *out, size_t len,
+                                 const AES_KEY *key, uint8_t ivec[16],
+                                 uint8_t ecount_buf[16], unsigned int *num,
+                                 ctr128_f func) {
   unsigned int n, ctr32;
 
   assert(key && ecount_buf && num);