grpc 1.24.0 → 1.25.0

data/third_party/boringssl/crypto/bytestring/cbs.c

@@ -12,10 +12,6 @@
  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
 
-#if !defined(__STDC_FORMAT_MACROS)
-#define __STDC_FORMAT_MACROS
-#endif
-
 #include <openssl/buf.h>
 #include <openssl/mem.h>
 #include <openssl/bytestring.h>
@@ -92,8 +88,8 @@ int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len) {
   return CRYPTO_memcmp(cbs->data, data, len) == 0;
 }
 
-static int cbs_get_u(CBS *cbs, uint32_t *out, size_t len) {
-  uint32_t result = 0;
+static int cbs_get_u(CBS *cbs, uint64_t *out, size_t len) {
+  uint64_t result = 0;
   const uint8_t *data;
 
   if (!cbs_get(cbs, &data, len)) {
@@ -117,7 +113,7 @@ int CBS_get_u8(CBS *cbs, uint8_t *out) {
 }
 
 int CBS_get_u16(CBS *cbs, uint16_t *out) {
-  uint32_t v;
+  uint64_t v;
   if (!cbs_get_u(cbs, &v, 2)) {
     return 0;
   }
@@ -126,11 +122,25 @@ int CBS_get_u16(CBS *cbs, uint16_t *out) {
 }
 
 int CBS_get_u24(CBS *cbs, uint32_t *out) {
-  return cbs_get_u(cbs, out, 3);
+  uint64_t v;
+  if (!cbs_get_u(cbs, &v, 3)) {
+    return 0;
+  }
+  *out = v;
+  return 1;
 }
 
 int CBS_get_u32(CBS *cbs, uint32_t *out) {
-  return cbs_get_u(cbs, out, 4);
+  uint64_t v;
+  if (!cbs_get_u(cbs, &v, 4)) {
+    return 0;
+  }
+  *out = v;
+  return 1;
+}
+
+int CBS_get_u64(CBS *cbs, uint64_t *out) {
+  return cbs_get_u(cbs, out, 8);
 }
 
 int CBS_get_last_u8(CBS *cbs, uint8_t *out) {
@@ -161,10 +171,13 @@ int CBS_copy_bytes(CBS *cbs, uint8_t *out, size_t len) {
 }
 
 static int cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len) {
-  uint32_t len;
+  uint64_t len;
   if (!cbs_get_u(cbs, &len, len_len)) {
     return 0;
   }
+  // If |len_len| <= 3 then we know that |len| will fit into a |size_t|, even on
+  // 32-bit systems.
+  assert(len_len <= 3);
   return CBS_get_bytes(cbs, out, len);
 }
 
@@ -278,7 +291,7 @@ static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag,
     // encode the number of subsequent octets used to encode the length (ITU-T
     // X.690 clause 8.1.3.5.b).
     const size_t num_bytes = length_byte & 0x7f;
-    uint32_t len32;
+    uint64_t len64;
 
     if (ber_ok && (tag & CBS_ASN1_CONSTRUCTED) != 0 && num_bytes == 0) {
       // indefinite length
@@ -294,20 +307,20 @@ static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag,
     if (num_bytes == 0 || num_bytes > 4) {
       return 0;
     }
-    if (!cbs_get_u(&header, &len32, num_bytes)) {
+    if (!cbs_get_u(&header, &len64, num_bytes)) {
       return 0;
     }
     // ITU-T X.690 section 10.1 (DER length forms) requires encoding the length
     // with the minimum number of octets.
-    if (len32 < 128) {
+    if (len64 < 128) {
       // Length should have used short-form encoding.
       return 0;
     }
-    if ((len32 >> ((num_bytes-1)*8)) == 0) {
+    if ((len64 >> ((num_bytes-1)*8)) == 0) {
       // Length should have been at least one byte shorter.
       return 0;
     }
-    len = len32;
+    len = len64;
     if (len + header_len + num_bytes < len) {
       // Overflow.
       return 0;

data/third_party/boringssl/crypto/bytestring/internal.h

@@ -24,12 +24,10 @@ extern "C" {
 
 // CBS_asn1_ber_to_der reads a BER element from |in|. If it finds
 // indefinite-length elements or constructed strings then it converts the BER
-// data to DER and sets |*out| and |*out_length| to describe a malloced buffer
-// containing the DER data. Additionally, |*in| will be advanced over the BER
-// element.
-//
-// If it doesn't find any indefinite-length elements or constructed strings then
-// it sets |*out| to NULL and |*in| is unmodified.
+// data to DER, sets |out| to the converted contents and |*out_storage| to a
+// buffer which the caller must release with |OPENSSL_free|. Otherwise, it sets
+// |out| to the original BER element in |in| and |*out_storage| to NULL.
+// Additionally, |*in| will be advanced over the BER element.
 //
 // This function should successfully process any valid BER input, however it
 // will not convert all of BER's deviations from DER. BER is ambiguous between
@@ -39,7 +37,8 @@ extern "C" {
 // must also account for BER variations in the contents of a primitive.
 //
 // It returns one on success and zero otherwise.
-OPENSSL_EXPORT int CBS_asn1_ber_to_der(CBS *in, uint8_t **out, size_t *out_len);
+OPENSSL_EXPORT int CBS_asn1_ber_to_der(CBS *in, CBS *out,
+                                       uint8_t **out_storage);
 
 // CBS_get_asn1_implicit_string parses a BER string of primitive type
 // |inner_tag| implicitly-tagged with |outer_tag|. It sets |out| to the
@@ -68,6 +67,28 @@ OPENSSL_EXPORT int CBS_get_asn1_implicit_string(CBS *in, CBS *out,
 int CBB_finish_i2d(CBB *cbb, uint8_t **outp);
 
 
+// Unicode utilities.
+
+// The following functions read one Unicode code point from |cbs| with the
+// corresponding encoding and store it in |*out|. They return one on success and
+// zero on error.
+OPENSSL_EXPORT int cbs_get_utf8(CBS *cbs, uint32_t *out);
+OPENSSL_EXPORT int cbs_get_latin1(CBS *cbs, uint32_t *out);
+OPENSSL_EXPORT int cbs_get_ucs2_be(CBS *cbs, uint32_t *out);
+OPENSSL_EXPORT int cbs_get_utf32_be(CBS *cbs, uint32_t *out);
+
+// cbb_get_utf8_len returns the number of bytes needed to represent |u| in
+// UTF-8.
+OPENSSL_EXPORT size_t cbb_get_utf8_len(uint32_t u);
+
+// The following functions encode |u| to |cbb| with the corresponding
+// encoding. They return one on success and zero on error.
+OPENSSL_EXPORT int cbb_add_utf8(CBB *cbb, uint32_t u);
+OPENSSL_EXPORT int cbb_add_latin1(CBB *cbb, uint32_t u);
+OPENSSL_EXPORT int cbb_add_ucs2_be(CBB *cbb, uint32_t u);
+OPENSSL_EXPORT int cbb_add_utf32_be(CBB *cbb, uint32_t u);
+
+
 #if defined(__cplusplus)
 }  // extern C
 #endif

data/third_party/boringssl/crypto/bytestring/unicode.c

@@ -0,0 +1,155 @@
+/* Copyright (c) 2018, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <openssl/bytestring.h>
+
+#include "internal.h"
+
+
+static int is_valid_code_point(uint32_t v) {
+  // References in the following are to Unicode 9.0.0.
+  if (// The Unicode space runs from zero to 0x10ffff (3.4 D9).
+      v > 0x10ffff ||
+      // Values 0x...fffe, 0x...ffff, and 0xfdd0-0xfdef are permanently reserved
+      // (3.4 D14)
+      (v & 0xfffe) == 0xfffe ||
+      (v >= 0xfdd0 && v <= 0xfdef) ||
+      // Surrogate code points are invalid (3.2 C1).
+      (v >= 0xd800 && v <= 0xdfff)) {
+    return 0;
+  }
+  return 1;
+}
+
+// BOTTOM_BITS returns a byte with the bottom |n| bits set.
+#define BOTTOM_BITS(n) (uint8_t)((1u << (n)) - 1)
+
+// TOP_BITS returns a byte with the top |n| bits set.
+#define TOP_BITS(n) ((uint8_t)~BOTTOM_BITS(8 - (n)))
+
+int cbs_get_utf8(CBS *cbs, uint32_t *out) {
+  uint8_t c;
+  if (!CBS_get_u8(cbs, &c)) {
+    return 0;
+  }
+  if (c <= 0x7f) {
+    *out = c;
+    return 1;
+  }
+  uint32_t v, lower_bound;
+  size_t len;
+  if ((c & TOP_BITS(3)) == TOP_BITS(2)) {
+    v = c & BOTTOM_BITS(5);
+    len = 1;
+    lower_bound = 0x80;
+  } else if ((c & TOP_BITS(4)) == TOP_BITS(3)) {
+    v = c & BOTTOM_BITS(4);
+    len = 2;
+    lower_bound = 0x800;
+  } else if ((c & TOP_BITS(5)) == TOP_BITS(4)) {
+    v = c & BOTTOM_BITS(3);
+    len = 3;
+    lower_bound = 0x10000;
+  } else {
+    return 0;
+  }
+  for (size_t i = 0; i < len; i++) {
+    if (!CBS_get_u8(cbs, &c) ||
+        (c & TOP_BITS(2)) != TOP_BITS(1)) {
+      return 0;
+    }
+    v <<= 6;
+    v |= c & BOTTOM_BITS(6);
+  }
+  if (!is_valid_code_point(v) ||
+      v < lower_bound) {
+    return 0;
+  }
+  *out = v;
+  return 1;
+}
+
+int cbs_get_latin1(CBS *cbs, uint32_t *out) {
+  uint8_t c;
+  if (!CBS_get_u8(cbs, &c)) {
+    return 0;
+  }
+  *out = c;
+  return 1;
+}
+
+int cbs_get_ucs2_be(CBS *cbs, uint32_t *out) {
+  // Note UCS-2 (used by BMPString) does not support surrogates.
+  uint16_t c;
+  if (!CBS_get_u16(cbs, &c) ||
+      !is_valid_code_point(c)) {
+    return 0;
+  }
+  *out = c;
+  return 1;
+}
+
+int cbs_get_utf32_be(CBS *cbs, uint32_t *out) {
+  return CBS_get_u32(cbs, out) && is_valid_code_point(*out);
+}
+
+size_t cbb_get_utf8_len(uint32_t u) {
+  if (u <= 0x7f) {
+    return 1;
+  }
+  if (u <= 0x7ff) {
+    return 2;
+  }
+  if (u <= 0xffff) {
+    return 3;
+  }
+  return 4;
+}
+
+int cbb_add_utf8(CBB *cbb, uint32_t u) {
+  if (!is_valid_code_point(u)) {
+    return 0;
+  }
+  if (u <= 0x7f) {
+    return CBB_add_u8(cbb, (uint8_t)u);
+  }
+  if (u <= 0x7ff) {
+    return CBB_add_u8(cbb, TOP_BITS(2) | (u >> 6)) &&
+           CBB_add_u8(cbb, TOP_BITS(1) | (u & BOTTOM_BITS(6)));
+  }
+  if (u <= 0xffff) {
+    return CBB_add_u8(cbb, TOP_BITS(3) | (u >> 12)) &&
+           CBB_add_u8(cbb, TOP_BITS(1) | ((u >> 6) & BOTTOM_BITS(6))) &&
+           CBB_add_u8(cbb, TOP_BITS(1) | (u & BOTTOM_BITS(6)));
+  }
+  if (u <= 0x10ffff) {
+    return CBB_add_u8(cbb, TOP_BITS(4) | (u >> 18)) &&
+           CBB_add_u8(cbb, TOP_BITS(1) | ((u >> 12) & BOTTOM_BITS(6))) &&
+           CBB_add_u8(cbb, TOP_BITS(1) | ((u >> 6) & BOTTOM_BITS(6))) &&
+           CBB_add_u8(cbb, TOP_BITS(1) | (u & BOTTOM_BITS(6)));
+  }
+  return 0;
+}
+
+int cbb_add_latin1(CBB *cbb, uint32_t u) {
+  return u <= 0xff && CBB_add_u8(cbb, (uint8_t)u);
+}
+
+int cbb_add_ucs2_be(CBB *cbb, uint32_t u) {
+  return u <= 0xffff && is_valid_code_point(u) && CBB_add_u16(cbb, (uint16_t)u);
+}
+
+int cbb_add_utf32_be(CBB *cbb, uint32_t u) {
+  return is_valid_code_point(u) && CBB_add_u32(cbb, u);
+}

data/third_party/boringssl/crypto/chacha/chacha.c

@@ -22,19 +22,49 @@
 #include <openssl/cpu.h>
 
 #include "../internal.h"
+#include "internal.h"
 
 
 #define U8TO32_LITTLE(p)                              \
   (((uint32_t)((p)[0])) | ((uint32_t)((p)[1]) << 8) | \
    ((uint32_t)((p)[2]) << 16) | ((uint32_t)((p)[3]) << 24))
 
-#if !defined(OPENSSL_NO_ASM) &&                         \
-    (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
-     defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
+// sigma contains the ChaCha constants, which happen to be an ASCII string.
+static const uint8_t sigma[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3',
+                                   '2', '-', 'b', 'y', 't', 'e', ' ', 'k' };
+
+#define ROTATE(v, n) (((v) << (n)) | ((v) >> (32 - (n))))
+
+// QUARTERROUND updates a, b, c, d with a ChaCha "quarter" round.
+#define QUARTERROUND(a, b, c, d)                \
+  x[a] += x[b]; x[d] = ROTATE(x[d] ^ x[a], 16); \
+  x[c] += x[d]; x[b] = ROTATE(x[b] ^ x[c], 12); \
+  x[a] += x[b]; x[d] = ROTATE(x[d] ^ x[a],  8); \
+  x[c] += x[d]; x[b] = ROTATE(x[b] ^ x[c],  7);
 
-// ChaCha20_ctr32 is defined in asm/chacha-*.pl.
-void ChaCha20_ctr32(uint8_t *out, const uint8_t *in, size_t in_len,
-                    const uint32_t key[8], const uint32_t counter[4]);
+void CRYPTO_hchacha20(uint8_t out[32], const uint8_t key[32],
+                      const uint8_t nonce[16]) {
+  uint32_t x[16];
+  OPENSSL_memcpy(x, sigma, sizeof(sigma));
+  OPENSSL_memcpy(&x[4], key, 32);
+  OPENSSL_memcpy(&x[12], nonce, 16);
+
+  for (size_t i = 0; i < 20; i += 2) {
+    QUARTERROUND(0, 4, 8, 12)
+    QUARTERROUND(1, 5, 9, 13)
+    QUARTERROUND(2, 6, 10, 14)
+    QUARTERROUND(3, 7, 11, 15)
+    QUARTERROUND(0, 5, 10, 15)
+    QUARTERROUND(1, 6, 11, 12)
+    QUARTERROUND(2, 7, 8, 13)
+    QUARTERROUND(3, 4, 9, 14)
+  }
+
+  OPENSSL_memcpy(out, &x[0], sizeof(uint32_t) * 4);
+  OPENSSL_memcpy(&out[16], &x[12], sizeof(uint32_t) * 4);
+}
+
+#if defined(CHACHA20_ASM)
 
 void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, size_t in_len,
                       const uint8_t key[32], const uint8_t nonce[12],
@@ -69,12 +99,6 @@ void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, size_t in_len,
 
 #else
 
-// sigma contains the ChaCha constants, which happen to be an ASCII string.
-static const uint8_t sigma[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3',
-                                   '2', '-', 'b', 'y', 't', 'e', ' ', 'k' };
-
-#define ROTATE(v, n) (((v) << (n)) | ((v) >> (32 - (n))))
-
 #define U32TO8_LITTLE(p, v)    \
   {                            \
     (p)[0] = (v >> 0) & 0xff;  \
@@ -83,13 +107,6 @@ static const uint8_t sigma[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3',
     (p)[3] = (v >> 24) & 0xff; \
   }
 
-// QUARTERROUND updates a, b, c, d with a ChaCha "quarter" round.
-#define QUARTERROUND(a, b, c, d)                \
-  x[a] += x[b]; x[d] = ROTATE(x[d] ^ x[a], 16); \
-  x[c] += x[d]; x[b] = ROTATE(x[b] ^ x[c], 12); \
-  x[a] += x[b]; x[d] = ROTATE(x[d] ^ x[a],  8); \
-  x[c] += x[d]; x[b] = ROTATE(x[b] ^ x[c],  7);
-
 // chacha_core performs 20 rounds of ChaCha on the input words in
 // |input| and writes the 64 output bytes to |output|.
 static void chacha_core(uint8_t output[64], const uint32_t input[16]) {

data/third_party/boringssl/crypto/chacha/internal.h

@@ -0,0 +1,45 @@
+/* Copyright (c) 2018, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_CHACHA_INTERNAL
+#define OPENSSL_HEADER_CHACHA_INTERNAL
+
+#include <openssl/base.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+// CRYPTO_hchacha20 computes the HChaCha20 function, which should only be used
+// as part of XChaCha20.
+void CRYPTO_hchacha20(uint8_t out[32], const uint8_t key[32],
+                      const uint8_t nonce[16]);
+
+#if !defined(OPENSSL_NO_ASM) &&                         \
+    (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
+     defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
+#define CHACHA20_ASM
+
+// ChaCha20_ctr32 is defined in asm/chacha-*.pl.
+void ChaCha20_ctr32(uint8_t *out, const uint8_t *in, size_t in_len,
+                    const uint32_t key[8], const uint32_t counter[4]);
+#endif
+
+
+#if defined(__cplusplus)
+}  // extern C
+#endif
+
+#endif  // OPENSSL_HEADER_CHACHA_INTERNAL

data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c

@@ -94,20 +94,49 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) {
   } else if (OPENSSL_strcasecmp(name, "des-cbc") == 0) {
     return EVP_des_cbc();
   } else if (OPENSSL_strcasecmp(name, "des-ede3-cbc") == 0 ||
+             // This is not a name used by OpenSSL, but tcpdump registers it
+             // with |EVP_add_cipher_alias|. Our |EVP_add_cipher_alias| is a
+             // no-op, so we support the name here.
              OPENSSL_strcasecmp(name, "3des") == 0) {
     return EVP_des_ede3_cbc();
   } else if (OPENSSL_strcasecmp(name, "aes-128-cbc") == 0) {
     return EVP_aes_128_cbc();
+  } else if (OPENSSL_strcasecmp(name, "aes-192-cbc") == 0) {
+    return EVP_aes_192_cbc();
   } else if (OPENSSL_strcasecmp(name, "aes-256-cbc") == 0) {
     return EVP_aes_256_cbc();
   } else if (OPENSSL_strcasecmp(name, "aes-128-ctr") == 0) {
     return EVP_aes_128_ctr();
+  } else if (OPENSSL_strcasecmp(name, "aes-192-ctr") == 0) {
+    return EVP_aes_192_ctr();
   } else if (OPENSSL_strcasecmp(name, "aes-256-ctr") == 0) {
     return EVP_aes_256_ctr();
   } else if (OPENSSL_strcasecmp(name, "aes-128-ecb") == 0) {
     return EVP_aes_128_ecb();
+  } else if (OPENSSL_strcasecmp(name, "aes-192-ecb") == 0) {
+    return EVP_aes_192_ecb();
   } else if (OPENSSL_strcasecmp(name, "aes-256-ecb") == 0) {
     return EVP_aes_256_ecb();
+  } else if (OPENSSL_strcasecmp(name, "aes-128-gcm") == 0) {
+    return EVP_aes_128_gcm();
+  } else if (OPENSSL_strcasecmp(name, "aes-192-gcm") == 0) {
+    return EVP_aes_192_gcm();
+  } else if (OPENSSL_strcasecmp(name, "aes-256-gcm") == 0) {
+    return EVP_aes_256_gcm();
+  } else if (OPENSSL_strcasecmp(name, "aes-128-ofb") == 0) {
+    return EVP_aes_128_ofb();
+  } else if (OPENSSL_strcasecmp(name, "aes-192-ofb") == 0) {
+    return EVP_aes_192_ofb();
+  } else if (OPENSSL_strcasecmp(name, "aes-256-ofb") == 0) {
+    return EVP_aes_256_ofb();
+  } else if (OPENSSL_strcasecmp(name, "des-ecb") == 0) {
+    return EVP_des_ecb();
+  } else if (OPENSSL_strcasecmp(name, "des-ede") == 0) {
+    return EVP_des_ede();
+  } else if (OPENSSL_strcasecmp(name, "des-ede-cbc") == 0) {
+    return EVP_des_ede_cbc();
+  } else if (OPENSSL_strcasecmp(name, "rc2-cbc") == 0) {
+    return EVP_rc2_cbc();
   }
 
   return NULL;