grpc 1.24.0 → 1.25.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +306 -243
- data/etc/roots.pem +0 -100
- data/include/grpc/grpc_security.h +44 -18
- data/include/grpc/impl/codegen/grpc_types.h +15 -0
- data/include/grpc/impl/codegen/port_platform.h +27 -11
- data/include/grpc/impl/codegen/sync_generic.h +1 -1
- data/src/boringssl/err_data.c +695 -650
- data/src/core/ext/filters/client_channel/client_channel.cc +257 -179
- data/src/core/ext/filters/client_channel/client_channel.h +24 -0
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +2 -3
- data/src/core/ext/filters/client_channel/client_channel_factory.h +1 -5
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +18 -45
- data/src/core/ext/filters/client_channel/health/health_check_client.h +5 -13
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy.cc +2 -3
- data/src/core/ext/filters/client_channel/lb_policy.h +65 -55
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +14 -14
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +113 -36
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +14 -19
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +36 -13
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -10
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +814 -1589
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +2 -5
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -6
- data/src/core/ext/filters/client_channel/resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver.h +8 -16
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +25 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +46 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +10 -17
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +7 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +111 -44
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +22 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +29 -10
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +27 -36
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +7 -10
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -16
- data/src/core/ext/filters/client_channel/resolver_factory.h +4 -8
- data/src/core/ext/filters/client_channel/resolver_registry.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver_registry.h +1 -1
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +7 -10
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +7 -8
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +1 -1
- data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
- data/src/core/ext/filters/client_channel/retry_throttle.h +1 -4
- data/src/core/ext/filters/client_channel/service_config.h +8 -8
- data/src/core/ext/filters/client_channel/subchannel.cc +53 -86
- data/src/core/ext/filters/client_channel/subchannel.h +7 -9
- data/src/core/ext/filters/client_channel/subchannel_interface.h +9 -13
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +3 -6
- data/src/core/ext/filters/client_channel/{lb_policy/xds/xds_load_balancer_api.cc → xds/xds_api.cc} +169 -52
- data/src/core/ext/filters/client_channel/xds/xds_api.h +171 -0
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +450 -0
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +99 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel.h +8 -6
- data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel_secure.cc +28 -11
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +1413 -0
- data/src/core/ext/filters/client_channel/xds/xds_client.h +221 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.cc +1 -5
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.h +3 -4
- data/src/core/ext/filters/deadline/deadline_filter.cc +20 -20
- data/src/core/ext/filters/http/client/http_client_filter.cc +15 -15
- data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +12 -12
- data/src/core/ext/filters/max_age/max_age_filter.cc +59 -50
- data/src/core/ext/filters/message_size/message_size_filter.cc +18 -18
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +15 -14
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +233 -175
- data/src/core/ext/transport/chttp2/transport/flow_control.h +21 -24
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +253 -163
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +24 -12
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +13 -15
- data/src/core/ext/transport/chttp2/transport/writing.cc +3 -0
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
- data/src/core/lib/channel/channel_args.cc +16 -0
- data/src/core/lib/channel/channel_args.h +22 -0
- data/src/core/lib/channel/channelz.cc +5 -6
- data/src/core/lib/channel/channelz.h +1 -1
- data/src/core/lib/channel/connected_channel.cc +20 -20
- data/src/core/lib/channel/handshaker.h +3 -4
- data/src/core/lib/channel/handshaker_factory.h +1 -3
- data/src/core/lib/debug/trace.h +3 -2
- data/src/core/lib/gprpp/arena.cc +3 -3
- data/src/core/lib/gprpp/arena.h +2 -3
- data/src/core/lib/gprpp/inlined_vector.h +9 -0
- data/src/core/lib/gprpp/map.h +3 -501
- data/src/core/lib/gprpp/memory.h +45 -41
- data/src/core/lib/gprpp/mpscq.cc +108 -0
- data/src/core/lib/gprpp/mpscq.h +98 -0
- data/src/core/lib/gprpp/orphanable.h +6 -11
- data/src/core/lib/gprpp/ref_counted.h +25 -19
- data/src/core/lib/gprpp/set.h +33 -0
- data/src/core/lib/gprpp/thd.h +2 -4
- data/src/core/lib/http/httpcli.cc +1 -1
- data/src/core/lib/http/httpcli_security_connector.cc +15 -11
- data/src/core/lib/http/parser.cc +1 -1
- data/src/core/lib/iomgr/buffer_list.cc +4 -5
- data/src/core/lib/iomgr/buffer_list.h +5 -6
- data/src/core/lib/iomgr/call_combiner.cc +4 -5
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/cfstream_handle.h +3 -5
- data/src/core/lib/iomgr/closure.h +8 -3
- data/src/core/lib/iomgr/combiner.cc +45 -82
- data/src/core/lib/iomgr/combiner.h +32 -8
- data/src/core/lib/iomgr/endpoint_cfstream.cc +5 -3
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -15
- data/src/core/lib/iomgr/ev_poll_posix.cc +3 -1
- data/src/core/lib/iomgr/exec_ctx.h +4 -3
- data/src/core/lib/iomgr/executor.cc +4 -2
- data/src/core/lib/iomgr/executor.h +3 -0
- data/src/core/lib/iomgr/executor/mpmcqueue.h +3 -6
- data/src/core/lib/iomgr/executor/threadpool.cc +1 -2
- data/src/core/lib/iomgr/executor/threadpool.h +7 -11
- data/src/core/lib/iomgr/resource_quota.cc +55 -51
- data/src/core/lib/iomgr/resource_quota.h +13 -9
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +13 -0
- data/src/core/lib/iomgr/socket_utils_posix.h +4 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +4 -11
- data/src/core/lib/iomgr/tcp_custom.cc +9 -7
- data/src/core/lib/iomgr/tcp_posix.cc +20 -16
- data/src/core/lib/iomgr/tcp_server.h +1 -4
- data/src/core/lib/iomgr/tcp_server_custom.cc +5 -5
- data/src/core/lib/iomgr/tcp_server_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -11
- data/src/core/lib/iomgr/timer_custom.cc +2 -2
- data/src/core/lib/iomgr/udp_server.cc +3 -2
- data/src/core/lib/iomgr/udp_server.h +6 -12
- data/src/core/lib/json/json.h +1 -1
- data/src/core/lib/json/json_string.cc +2 -2
- data/src/core/lib/profiling/basic_timers.cc +2 -2
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -2
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -1
- data/src/core/lib/security/credentials/credentials.h +4 -20
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +4 -4
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +64 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -7
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +2 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/security_connector.cc +1 -0
- data/src/core/lib/security/security_connector/security_connector.h +19 -17
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +8 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
- data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +14 -6
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +4 -2
- data/src/core/lib/security/transport/client_auth_filter.cc +17 -17
- data/src/core/lib/security/transport/security_handshaker.cc +29 -13
- data/src/core/lib/security/transport/security_handshaker.h +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +14 -14
- data/src/core/lib/slice/slice.cc +2 -10
- data/src/core/lib/slice/slice_hash_table.h +4 -6
- data/src/core/lib/slice/slice_intern.cc +42 -39
- data/src/core/lib/slice/slice_internal.h +3 -3
- data/src/core/lib/slice/slice_utils.h +21 -4
- data/src/core/lib/slice/slice_weak_hash_table.h +4 -6
- data/src/core/lib/surface/call.cc +3 -3
- data/src/core/lib/surface/channel.cc +7 -0
- data/src/core/lib/surface/completion_queue.cc +12 -11
- data/src/core/lib/surface/completion_queue.h +4 -2
- data/src/core/lib/surface/init.cc +1 -0
- data/src/core/lib/surface/lame_client.cc +33 -18
- data/src/core/lib/surface/server.cc +77 -76
- data/src/core/lib/surface/version.cc +1 -1
- data/src/core/lib/transport/byte_stream.h +3 -7
- data/src/core/lib/transport/connectivity_state.cc +112 -98
- data/src/core/lib/transport/connectivity_state.h +100 -50
- data/src/core/lib/transport/static_metadata.cc +276 -288
- data/src/core/lib/transport/static_metadata.h +73 -76
- data/src/core/lib/transport/status_conversion.cc +1 -1
- data/src/core/lib/transport/status_metadata.cc +1 -1
- data/src/core/lib/transport/transport.cc +2 -2
- data/src/core/lib/transport/transport.h +12 -4
- data/src/core/lib/transport/transport_op_string.cc +14 -11
- data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +5 -5
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -2
- data/src/core/tsi/fake_transport_security.cc +7 -5
- data/src/core/tsi/grpc_shadow_boringssl.h +2918 -2627
- data/src/core/tsi/local_transport_security.cc +8 -6
- data/src/core/tsi/ssl/session_cache/ssl_session.h +1 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +7 -5
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -6
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -2
- data/src/core/tsi/ssl_transport_security.cc +12 -12
- data/src/core/tsi/ssl_transport_security.h +2 -2
- data/src/core/tsi/transport_security_grpc.cc +7 -0
- data/src/core/tsi/transport_security_grpc.h +6 -0
- data/src/ruby/ext/grpc/extconf.rb +1 -0
- data/src/ruby/ext/grpc/rb_call.c +1 -1
- data/src/ruby/ext/grpc/rb_channel.c +1 -1
- data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
- data/src/ruby/lib/grpc/generic/rpc_server.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
- data/third_party/boringssl/crypto/asn1/a_bool.c +18 -5
- data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +17 -221
- data/third_party/boringssl/crypto/asn1/a_dup.c +0 -24
- data/third_party/boringssl/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +10 -72
- data/third_party/boringssl/crypto/asn1/a_int.c +12 -71
- data/third_party/boringssl/crypto/asn1/a_mbstr.c +110 -216
- data/third_party/boringssl/crypto/asn1/a_object.c +16 -5
- data/third_party/boringssl/crypto/asn1/a_strnid.c +1 -0
- data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -1
- data/third_party/boringssl/crypto/asn1/tasn_enc.c +3 -1
- data/third_party/boringssl/crypto/base64/base64.c +2 -2
- data/third_party/boringssl/crypto/bio/bio.c +73 -9
- data/third_party/boringssl/crypto/bio/connect.c +4 -0
- data/third_party/boringssl/crypto/bio/fd.c +4 -0
- data/third_party/boringssl/crypto/bio/file.c +5 -2
- data/third_party/boringssl/crypto/bio/socket.c +4 -0
- data/third_party/boringssl/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl/crypto/bn_extra/convert.c +11 -7
- data/third_party/boringssl/crypto/bytestring/ber.c +8 -4
- data/third_party/boringssl/crypto/bytestring/cbb.c +19 -7
- data/third_party/boringssl/crypto/bytestring/cbs.c +28 -15
- data/third_party/boringssl/crypto/bytestring/internal.h +28 -7
- data/third_party/boringssl/crypto/bytestring/unicode.c +155 -0
- data/third_party/boringssl/crypto/chacha/chacha.c +36 -19
- data/third_party/boringssl/crypto/chacha/internal.h +45 -0
- data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +29 -0
- data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +269 -25
- data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +16 -14
- data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +54 -38
- data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +133 -41
- data/third_party/boringssl/crypto/cipher_extra/e_tls.c +23 -15
- data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +24 -15
- data/third_party/boringssl/crypto/cmac/cmac.c +62 -25
- data/third_party/boringssl/crypto/conf/conf.c +7 -0
- data/third_party/boringssl/crypto/cpu-arm-linux.c +4 -148
- data/third_party/boringssl/crypto/cpu-arm-linux.h +201 -0
- data/third_party/boringssl/crypto/cpu-intel.c +45 -51
- data/third_party/boringssl/crypto/crypto.c +39 -22
- data/third_party/boringssl/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl/crypto/dsa/dsa.c +77 -53
- data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +20 -8
- data/third_party/boringssl/crypto/ec_extra/ec_derive.c +96 -0
- data/third_party/boringssl/crypto/{ecdh/ecdh.c → ecdh_extra/ecdh_extra.c} +20 -58
- data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -9
- data/third_party/boringssl/crypto/engine/engine.c +2 -1
- data/third_party/boringssl/crypto/err/err.c +2 -0
- data/third_party/boringssl/crypto/err/internal.h +2 -2
- data/third_party/boringssl/crypto/evp/evp.c +89 -8
- data/third_party/boringssl/crypto/evp/evp_asn1.c +56 -5
- data/third_party/boringssl/crypto/evp/evp_ctx.c +52 -14
- data/third_party/boringssl/crypto/evp/internal.h +18 -1
- data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +5 -0
- data/third_party/boringssl/crypto/evp/p_ec.c +51 -3
- data/third_party/boringssl/crypto/evp/p_ec_asn1.c +6 -7
- data/third_party/boringssl/crypto/evp/p_ed25519.c +36 -3
- data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +76 -45
- data/third_party/boringssl/crypto/evp/p_rsa.c +3 -1
- data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +5 -0
- data/third_party/boringssl/crypto/evp/p_x25519.c +110 -0
- data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +249 -0
- data/third_party/boringssl/crypto/evp/scrypt.c +6 -2
- data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +34 -274
- data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +161 -21
- data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +111 -13
- data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +17 -21
- data/third_party/boringssl/crypto/fipsmodule/bcm.c +119 -7
- data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +19 -2
- data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +2 -2
- data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +93 -160
- data/third_party/boringssl/crypto/fipsmodule/bn/div.c +48 -57
- data/third_party/boringssl/crypto/fipsmodule/bn/div_extra.c +87 -0
- data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +143 -211
- data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -305
- data/third_party/boringssl/crypto/fipsmodule/bn/gcd_extra.c +325 -0
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +168 -50
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +68 -92
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +7 -6
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +11 -14
- data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +358 -443
- data/third_party/boringssl/crypto/fipsmodule/bn/random.c +25 -35
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +20 -25
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +76 -5
- data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +14 -14
- data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +7 -2
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +383 -516
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +4 -0
- data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +3 -4
- data/third_party/boringssl/crypto/fipsmodule/delocate.h +3 -2
- data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +32 -17
- data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +3 -3
- data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +228 -122
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +34 -8
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +311 -98
- data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +82 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +263 -97
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +22 -59
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +317 -234
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9473 -9475
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +313 -109
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +36 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +96 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +126 -792
- data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +84 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/util.c +163 -12
- data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +84 -211
- data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +122 -0
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +60 -205
- data/third_party/boringssl/crypto/fipsmodule/fips_shared_support.c +32 -0
- data/third_party/boringssl/crypto/fipsmodule/is_fips.c +2 -0
- data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +3 -1
- data/third_party/boringssl/crypto/fipsmodule/md5/internal.h +37 -0
- data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +11 -8
- data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +35 -79
- data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +7 -39
- data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +7 -27
- data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +123 -309
- data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +189 -126
- data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +3 -2
- data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +2 -2
- data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +35 -0
- data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +24 -19
- data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +256 -77
- data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +10 -7
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +5 -1
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +131 -14
- data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +83 -10
- data/third_party/boringssl/crypto/fipsmodule/sha/internal.h +53 -0
- data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +9 -13
- data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +18 -12
- data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +95 -168
- data/third_party/boringssl/crypto/hrss/hrss.c +2201 -0
- data/third_party/boringssl/crypto/hrss/internal.h +62 -0
- data/third_party/boringssl/crypto/internal.h +95 -20
- data/third_party/boringssl/crypto/lhash/lhash.c +45 -33
- data/third_party/boringssl/crypto/mem.c +39 -2
- data/third_party/boringssl/crypto/obj/obj.c +4 -4
- data/third_party/boringssl/crypto/obj/obj_dat.h +6181 -875
- data/third_party/boringssl/crypto/pem/pem_all.c +2 -3
- data/third_party/boringssl/crypto/pem/pem_info.c +144 -162
- data/third_party/boringssl/crypto/pem/pem_lib.c +53 -52
- data/third_party/boringssl/crypto/pem/pem_pkey.c +13 -21
- data/third_party/boringssl/crypto/pkcs7/pkcs7.c +15 -22
- data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +168 -16
- data/third_party/boringssl/crypto/pkcs8/internal.h +11 -0
- data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +24 -15
- data/third_party/boringssl/crypto/pkcs8/pkcs8.c +42 -25
- data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +559 -43
- data/third_party/boringssl/crypto/pool/internal.h +1 -1
- data/third_party/boringssl/crypto/pool/pool.c +21 -0
- data/third_party/boringssl/crypto/rand_extra/deterministic.c +8 -0
- data/third_party/boringssl/crypto/rand_extra/fuchsia.c +1 -14
- data/third_party/boringssl/crypto/refcount_lock.c +2 -2
- data/third_party/boringssl/crypto/rsa_extra/rsa_print.c +22 -0
- data/third_party/boringssl/crypto/siphash/siphash.c +80 -0
- data/third_party/boringssl/crypto/stack/stack.c +83 -32
- data/third_party/boringssl/crypto/thread_none.c +2 -2
- data/third_party/boringssl/crypto/thread_pthread.c +2 -2
- data/third_party/boringssl/crypto/thread_win.c +38 -19
- data/third_party/boringssl/crypto/x509/a_strex.c +22 -2
- data/third_party/boringssl/crypto/x509/asn1_gen.c +2 -1
- data/third_party/boringssl/crypto/x509/by_dir.c +7 -0
- data/third_party/boringssl/crypto/x509/by_file.c +12 -10
- data/third_party/boringssl/crypto/x509/t_crl.c +5 -8
- data/third_party/boringssl/crypto/x509/t_req.c +1 -3
- data/third_party/boringssl/crypto/x509/t_x509.c +5 -8
- data/third_party/boringssl/crypto/x509/x509_cmp.c +1 -1
- data/third_party/boringssl/crypto/x509/x509_def.c +1 -1
- data/third_party/boringssl/crypto/x509/x509_lu.c +114 -5
- data/third_party/boringssl/crypto/x509/x509_req.c +20 -0
- data/third_party/boringssl/crypto/x509/x509_set.c +5 -0
- data/third_party/boringssl/crypto/x509/x509_trs.c +1 -0
- data/third_party/boringssl/crypto/x509/x509_txt.c +4 -5
- data/third_party/boringssl/crypto/x509/x509_vfy.c +145 -138
- data/third_party/boringssl/crypto/x509/x509_vpm.c +2 -0
- data/third_party/boringssl/crypto/x509/x509cset.c +40 -0
- data/third_party/boringssl/crypto/x509/x509name.c +2 -3
- data/third_party/boringssl/crypto/x509/x_all.c +109 -210
- data/third_party/boringssl/crypto/x509/x_x509.c +6 -0
- data/third_party/boringssl/crypto/x509v3/ext_dat.h +1 -3
- data/third_party/boringssl/crypto/x509v3/internal.h +56 -0
- data/third_party/boringssl/crypto/x509v3/pcy_cache.c +2 -0
- data/third_party/boringssl/crypto/x509v3/pcy_node.c +1 -0
- data/third_party/boringssl/crypto/x509v3/pcy_tree.c +4 -2
- data/third_party/boringssl/crypto/x509v3/v3_akey.c +5 -2
- data/third_party/boringssl/crypto/x509v3/v3_alt.c +19 -13
- data/third_party/boringssl/crypto/x509v3/v3_conf.c +2 -1
- data/third_party/boringssl/crypto/x509v3/v3_cpols.c +3 -2
- data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -6
- data/third_party/boringssl/crypto/x509v3/v3_lib.c +1 -0
- data/third_party/boringssl/crypto/x509v3/v3_ocsp.c +68 -0
- data/third_party/boringssl/crypto/x509v3/v3_pci.c +2 -1
- data/third_party/boringssl/crypto/x509v3/v3_purp.c +47 -69
- data/third_party/boringssl/crypto/x509v3/v3_skey.c +5 -2
- data/third_party/boringssl/crypto/x509v3/v3_utl.c +69 -25
- data/third_party/boringssl/include/openssl/aead.h +45 -19
- data/third_party/boringssl/include/openssl/aes.h +32 -7
- data/third_party/boringssl/include/openssl/asn1.h +7 -77
- data/third_party/boringssl/include/openssl/base.h +120 -6
- data/third_party/boringssl/include/openssl/base64.h +4 -1
- data/third_party/boringssl/include/openssl/bio.h +112 -81
- data/third_party/boringssl/include/openssl/blowfish.h +3 -3
- data/third_party/boringssl/include/openssl/bn.h +55 -29
- data/third_party/boringssl/include/openssl/buf.h +2 -2
- data/third_party/boringssl/include/openssl/bytestring.h +54 -32
- data/third_party/boringssl/include/openssl/cast.h +2 -2
- data/third_party/boringssl/include/openssl/cipher.h +46 -16
- data/third_party/boringssl/include/openssl/cmac.h +6 -2
- data/third_party/boringssl/include/openssl/conf.h +3 -6
- data/third_party/boringssl/include/openssl/cpu.h +25 -9
- data/third_party/boringssl/include/openssl/crypto.h +32 -10
- data/third_party/boringssl/include/openssl/curve25519.h +4 -4
- data/third_party/boringssl/include/openssl/dh.h +3 -2
- data/third_party/boringssl/include/openssl/digest.h +21 -7
- data/third_party/boringssl/include/openssl/dsa.h +8 -2
- data/third_party/boringssl/include/openssl/e_os2.h +18 -0
- data/third_party/boringssl/include/openssl/ec.h +25 -21
- data/third_party/boringssl/include/openssl/ec_key.h +36 -8
- data/third_party/boringssl/include/openssl/ecdh.h +17 -0
- data/third_party/boringssl/include/openssl/ecdsa.h +3 -3
- data/third_party/boringssl/include/openssl/engine.h +4 -4
- data/third_party/boringssl/include/openssl/err.h +3 -0
- data/third_party/boringssl/include/openssl/evp.h +199 -42
- data/third_party/boringssl/include/openssl/hmac.h +4 -4
- data/third_party/boringssl/include/openssl/hrss.h +100 -0
- data/third_party/boringssl/include/openssl/lhash.h +131 -23
- data/third_party/boringssl/include/openssl/md4.h +6 -4
- data/third_party/boringssl/include/openssl/md5.h +6 -4
- data/third_party/boringssl/include/openssl/mem.h +6 -2
- data/third_party/boringssl/include/openssl/nid.h +3 -0
- data/third_party/boringssl/include/openssl/obj.h +3 -0
- data/third_party/boringssl/include/openssl/pem.h +102 -64
- data/third_party/boringssl/include/openssl/pkcs7.h +136 -3
- data/third_party/boringssl/include/openssl/pkcs8.h +42 -3
- data/third_party/boringssl/include/openssl/pool.h +13 -2
- data/third_party/boringssl/include/openssl/ripemd.h +5 -4
- data/third_party/boringssl/include/openssl/rsa.h +46 -15
- data/third_party/boringssl/include/openssl/sha.h +40 -28
- data/third_party/boringssl/include/openssl/siphash.h +37 -0
- data/third_party/boringssl/include/openssl/span.h +17 -9
- data/third_party/boringssl/include/openssl/ssl.h +766 -393
- data/third_party/boringssl/include/openssl/ssl3.h +4 -3
- data/third_party/boringssl/include/openssl/stack.h +134 -77
- data/third_party/boringssl/include/openssl/thread.h +1 -1
- data/third_party/boringssl/include/openssl/tls1.h +25 -9
- data/third_party/boringssl/include/openssl/type_check.h +14 -15
- data/third_party/boringssl/include/openssl/x509.h +28 -3
- data/third_party/boringssl/include/openssl/x509_vfy.h +98 -32
- data/third_party/boringssl/include/openssl/x509v3.h +17 -13
- data/third_party/boringssl/ssl/d1_both.cc +9 -18
- data/third_party/boringssl/ssl/d1_lib.cc +4 -3
- data/third_party/boringssl/ssl/d1_pkt.cc +4 -4
- data/third_party/boringssl/ssl/d1_srtp.cc +15 -15
- data/third_party/boringssl/ssl/dtls_method.cc +0 -1
- data/third_party/boringssl/ssl/dtls_record.cc +28 -28
- data/third_party/boringssl/ssl/handoff.cc +295 -91
- data/third_party/boringssl/ssl/handshake.cc +133 -72
- data/third_party/boringssl/ssl/handshake_client.cc +218 -189
- data/third_party/boringssl/ssl/handshake_server.cc +399 -272
- data/third_party/boringssl/ssl/internal.h +1413 -928
- data/third_party/boringssl/ssl/s3_both.cc +175 -36
- data/third_party/boringssl/ssl/s3_lib.cc +9 -13
- data/third_party/boringssl/ssl/s3_pkt.cc +63 -29
- data/third_party/boringssl/ssl/ssl_aead_ctx.cc +55 -35
- data/third_party/boringssl/ssl/ssl_asn1.cc +57 -73
- data/third_party/boringssl/ssl/ssl_buffer.cc +13 -12
- data/third_party/boringssl/ssl/ssl_cert.cc +313 -210
- data/third_party/boringssl/ssl/ssl_cipher.cc +159 -221
- data/third_party/boringssl/ssl/ssl_file.cc +2 -0
- data/third_party/boringssl/ssl/ssl_key_share.cc +164 -19
- data/third_party/boringssl/ssl/ssl_lib.cc +847 -555
- data/third_party/boringssl/ssl/ssl_privkey.cc +441 -111
- data/third_party/boringssl/ssl/ssl_session.cc +230 -178
- data/third_party/boringssl/ssl/ssl_transcript.cc +21 -142
- data/third_party/boringssl/ssl/ssl_versions.cc +88 -93
- data/third_party/boringssl/ssl/ssl_x509.cc +279 -218
- data/third_party/boringssl/ssl/t1_enc.cc +5 -96
- data/third_party/boringssl/ssl/t1_lib.cc +931 -678
- data/third_party/boringssl/ssl/tls13_both.cc +251 -121
- data/third_party/boringssl/ssl/tls13_client.cc +129 -73
- data/third_party/boringssl/ssl/tls13_enc.cc +350 -282
- data/third_party/boringssl/ssl/tls13_server.cc +259 -192
- data/third_party/boringssl/ssl/tls_method.cc +26 -21
- data/third_party/boringssl/ssl/tls_record.cc +42 -47
- data/third_party/boringssl/third_party/fiat/curve25519.c +261 -1324
- data/third_party/boringssl/third_party/fiat/curve25519_32.h +911 -0
- data/third_party/boringssl/third_party/fiat/curve25519_64.h +559 -0
- data/third_party/boringssl/third_party/fiat/p256.c +238 -999
- data/third_party/boringssl/third_party/fiat/p256_32.h +3226 -0
- data/third_party/boringssl/third_party/fiat/p256_64.h +1217 -0
- data/third_party/upb/upb/port_def.inc +1 -1
- data/third_party/upb/upb/table.c +2 -1
- metadata +72 -44
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +0 -127
- data/src/core/lib/gpr/mpscq.cc +0 -117
- data/src/core/lib/gpr/mpscq.h +0 -88
- data/src/core/lib/gprpp/abstract.h +0 -47
- data/src/core/lib/gprpp/pair.h +0 -38
- data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
- data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
- data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
- data/third_party/boringssl/ssl/custom_extensions.cc +0 -265
@@ -26,6 +26,7 @@
|
|
26
26
|
|
27
27
|
#include "../fipsmodule/cipher/internal.h"
|
28
28
|
#include "../internal.h"
|
29
|
+
#include "../chacha/internal.h"
|
29
30
|
|
30
31
|
|
31
32
|
#define POLY1305_TAG_LEN 16
|
@@ -34,6 +35,15 @@ struct aead_chacha20_poly1305_ctx {
|
|
34
35
|
uint8_t key[32];
|
35
36
|
};
|
36
37
|
|
38
|
+
OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
|
39
|
+
sizeof(struct aead_chacha20_poly1305_ctx),
|
40
|
+
"AEAD state is too small");
|
41
|
+
#if defined(__GNUC__) || defined(__clang__)
|
42
|
+
OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
|
43
|
+
alignof(struct aead_chacha20_poly1305_ctx),
|
44
|
+
"AEAD state has insufficient alignment");
|
45
|
+
#endif
|
46
|
+
|
37
47
|
// For convenience (the x86_64 calling convention allows only six parameters in
|
38
48
|
// registers), the final parameter for the assembly functions is both an input
|
39
49
|
// and output parameter.
|
@@ -68,9 +78,9 @@ static int asm_capable(void) {
|
|
68
78
|
return sse41_capable;
|
69
79
|
}
|
70
80
|
|
71
|
-
|
72
|
-
|
73
|
-
|
81
|
+
OPENSSL_STATIC_ASSERT(sizeof(union open_data) == 48, "wrong open_data size");
|
82
|
+
OPENSSL_STATIC_ASSERT(sizeof(union seal_data) == 48 + 8 + 8,
|
83
|
+
"wrong seal_data size");
|
74
84
|
|
75
85
|
// chacha20_poly1305_open is defined in chacha20_poly1305_x86_64.pl. It decrypts
|
76
86
|
// |plaintext_len| bytes from |ciphertext| and writes them to |out_plaintext|.
|
@@ -108,7 +118,8 @@ static void chacha20_poly1305_seal(uint8_t *out_ciphertext,
|
|
108
118
|
|
109
119
|
static int aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
|
110
120
|
size_t key_len, size_t tag_len) {
|
111
|
-
struct aead_chacha20_poly1305_ctx *c20_ctx
|
121
|
+
struct aead_chacha20_poly1305_ctx *c20_ctx =
|
122
|
+
(struct aead_chacha20_poly1305_ctx *)&ctx->state;
|
112
123
|
|
113
124
|
if (tag_len == 0) {
|
114
125
|
tag_len = POLY1305_TAG_LEN;
|
@@ -123,21 +134,13 @@ static int aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
|
|
123
134
|
return 0; // internal error - EVP_AEAD_CTX_init should catch this.
|
124
135
|
}
|
125
136
|
|
126
|
-
c20_ctx = OPENSSL_malloc(sizeof(struct aead_chacha20_poly1305_ctx));
|
127
|
-
if (c20_ctx == NULL) {
|
128
|
-
return 0;
|
129
|
-
}
|
130
|
-
|
131
137
|
OPENSSL_memcpy(c20_ctx->key, key, key_len);
|
132
|
-
ctx->aead_state = c20_ctx;
|
133
138
|
ctx->tag_len = tag_len;
|
134
139
|
|
135
140
|
return 1;
|
136
141
|
}
|
137
142
|
|
138
|
-
static void aead_chacha20_poly1305_cleanup(EVP_AEAD_CTX *ctx) {
|
139
|
-
OPENSSL_free(ctx->aead_state);
|
140
|
-
}
|
143
|
+
static void aead_chacha20_poly1305_cleanup(EVP_AEAD_CTX *ctx) {}
|
141
144
|
|
142
145
|
static void poly1305_update_length(poly1305_state *poly1305, size_t data_len) {
|
143
146
|
uint8_t length_bytes[8];
|
@@ -151,16 +154,15 @@ static void poly1305_update_length(poly1305_state *poly1305, size_t data_len) {
|
|
151
154
|
}
|
152
155
|
|
153
156
|
// calc_tag fills |tag| with the authentication tag for the given inputs.
|
154
|
-
static void calc_tag(uint8_t tag[POLY1305_TAG_LEN],
|
155
|
-
const struct aead_chacha20_poly1305_ctx *c20_ctx,
|
157
|
+
static void calc_tag(uint8_t tag[POLY1305_TAG_LEN], const uint8_t *key,
|
156
158
|
const uint8_t nonce[12], const uint8_t *ad, size_t ad_len,
|
157
159
|
const uint8_t *ciphertext, size_t ciphertext_len,
|
158
160
|
const uint8_t *ciphertext_extra,
|
159
161
|
size_t ciphertext_extra_len) {
|
160
162
|
alignas(16) uint8_t poly1305_key[32];
|
161
163
|
OPENSSL_memset(poly1305_key, 0, sizeof(poly1305_key));
|
162
|
-
CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key),
|
163
|
-
|
164
|
+
CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key), key, nonce,
|
165
|
+
0);
|
164
166
|
|
165
167
|
static const uint8_t padding[16] = { 0 }; // Padding is all zeros.
|
166
168
|
poly1305_state ctx;
|
@@ -181,18 +183,16 @@ static void calc_tag(uint8_t tag[POLY1305_TAG_LEN],
|
|
181
183
|
CRYPTO_poly1305_finish(&ctx, tag);
|
182
184
|
}
|
183
185
|
|
184
|
-
static int
|
185
|
-
const
|
186
|
+
static int chacha20_poly1305_seal_scatter(
|
187
|
+
const uint8_t *key, uint8_t *out, uint8_t *out_tag,
|
186
188
|
size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
|
187
189
|
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
|
188
|
-
size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
|
189
|
-
|
190
|
-
|
191
|
-
if (extra_in_len + ctx->tag_len < ctx->tag_len) {
|
190
|
+
size_t extra_in_len, const uint8_t *ad, size_t ad_len, size_t tag_len) {
|
191
|
+
if (extra_in_len + tag_len < tag_len) {
|
192
192
|
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
|
193
193
|
return 0;
|
194
194
|
}
|
195
|
-
if (max_out_tag_len <
|
195
|
+
if (max_out_tag_len < tag_len + extra_in_len) {
|
196
196
|
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
|
197
197
|
return 0;
|
198
198
|
}
|
@@ -213,7 +213,7 @@ static int aead_chacha20_poly1305_seal_scatter(
|
|
213
213
|
return 0;
|
214
214
|
}
|
215
215
|
|
216
|
-
if (max_out_tag_len <
|
216
|
+
if (max_out_tag_len < tag_len) {
|
217
217
|
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
|
218
218
|
return 0;
|
219
219
|
}
|
@@ -228,7 +228,7 @@ static int aead_chacha20_poly1305_seal_scatter(
|
|
228
228
|
|
229
229
|
for (size_t done = 0; done < extra_in_len; block_counter++) {
|
230
230
|
memset(block, 0, sizeof(block));
|
231
|
-
CRYPTO_chacha_20(block, block, sizeof(block),
|
231
|
+
CRYPTO_chacha_20(block, block, sizeof(block), key, nonce,
|
232
232
|
block_counter);
|
233
233
|
for (size_t i = offset; i < sizeof(block) && done < extra_in_len;
|
234
234
|
i++, done++) {
|
@@ -240,35 +240,71 @@ static int aead_chacha20_poly1305_seal_scatter(
|
|
240
240
|
|
241
241
|
union seal_data data;
|
242
242
|
if (asm_capable()) {
|
243
|
-
OPENSSL_memcpy(data.in.key,
|
243
|
+
OPENSSL_memcpy(data.in.key, key, 32);
|
244
244
|
data.in.counter = 0;
|
245
245
|
OPENSSL_memcpy(data.in.nonce, nonce, 12);
|
246
246
|
data.in.extra_ciphertext = out_tag;
|
247
247
|
data.in.extra_ciphertext_len = extra_in_len;
|
248
248
|
chacha20_poly1305_seal(out, in, in_len, ad, ad_len, &data);
|
249
249
|
} else {
|
250
|
-
CRYPTO_chacha_20(out, in, in_len,
|
251
|
-
calc_tag(data.out.tag,
|
250
|
+
CRYPTO_chacha_20(out, in, in_len, key, nonce, 1);
|
251
|
+
calc_tag(data.out.tag, key, nonce, ad, ad_len, out, in_len, out_tag,
|
252
252
|
extra_in_len);
|
253
253
|
}
|
254
254
|
|
255
|
-
OPENSSL_memcpy(out_tag + extra_in_len, data.out.tag,
|
256
|
-
*out_tag_len = extra_in_len +
|
255
|
+
OPENSSL_memcpy(out_tag + extra_in_len, data.out.tag, tag_len);
|
256
|
+
*out_tag_len = extra_in_len + tag_len;
|
257
257
|
return 1;
|
258
258
|
}
|
259
259
|
|
260
|
-
static int
|
261
|
-
const EVP_AEAD_CTX *ctx, uint8_t *out,
|
262
|
-
size_t
|
263
|
-
size_t
|
264
|
-
|
260
|
+
static int aead_chacha20_poly1305_seal_scatter(
|
261
|
+
const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag,
|
262
|
+
size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
|
263
|
+
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
|
264
|
+
size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
|
265
|
+
const struct aead_chacha20_poly1305_ctx *c20_ctx =
|
266
|
+
(struct aead_chacha20_poly1305_ctx *)&ctx->state;
|
267
|
+
|
268
|
+
return chacha20_poly1305_seal_scatter(
|
269
|
+
c20_ctx->key, out, out_tag, out_tag_len, max_out_tag_len, nonce,
|
270
|
+
nonce_len, in, in_len, extra_in, extra_in_len, ad, ad_len, ctx->tag_len);
|
271
|
+
}
|
272
|
+
|
273
|
+
static int aead_xchacha20_poly1305_seal_scatter(
|
274
|
+
const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag,
|
275
|
+
size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
|
276
|
+
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
|
277
|
+
size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
|
278
|
+
const struct aead_chacha20_poly1305_ctx *c20_ctx =
|
279
|
+
(struct aead_chacha20_poly1305_ctx *)&ctx->state;
|
265
280
|
|
281
|
+
if (nonce_len != 24) {
|
282
|
+
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
|
283
|
+
return 0;
|
284
|
+
}
|
285
|
+
|
286
|
+
alignas(4) uint8_t derived_key[32];
|
287
|
+
alignas(4) uint8_t derived_nonce[12];
|
288
|
+
CRYPTO_hchacha20(derived_key, c20_ctx->key, nonce);
|
289
|
+
OPENSSL_memset(derived_nonce, 0, 4);
|
290
|
+
OPENSSL_memcpy(&derived_nonce[4], &nonce[16], 8);
|
291
|
+
|
292
|
+
return chacha20_poly1305_seal_scatter(
|
293
|
+
derived_key, out, out_tag, out_tag_len, max_out_tag_len,
|
294
|
+
derived_nonce, sizeof(derived_nonce), in, in_len, extra_in, extra_in_len,
|
295
|
+
ad, ad_len, ctx->tag_len);
|
296
|
+
}
|
297
|
+
|
298
|
+
static int chacha20_poly1305_open_gather(
|
299
|
+
const uint8_t *key, uint8_t *out, const uint8_t *nonce,
|
300
|
+
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *in_tag,
|
301
|
+
size_t in_tag_len, const uint8_t *ad, size_t ad_len, size_t tag_len) {
|
266
302
|
if (nonce_len != 12) {
|
267
303
|
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
|
268
304
|
return 0;
|
269
305
|
}
|
270
306
|
|
271
|
-
if (in_tag_len !=
|
307
|
+
if (in_tag_len != tag_len) {
|
272
308
|
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
|
273
309
|
return 0;
|
274
310
|
}
|
@@ -287,16 +323,16 @@ static int aead_chacha20_poly1305_open_gather(
|
|
287
323
|
|
288
324
|
union open_data data;
|
289
325
|
if (asm_capable()) {
|
290
|
-
OPENSSL_memcpy(data.in.key,
|
326
|
+
OPENSSL_memcpy(data.in.key, key, 32);
|
291
327
|
data.in.counter = 0;
|
292
328
|
OPENSSL_memcpy(data.in.nonce, nonce, 12);
|
293
329
|
chacha20_poly1305_open(out, in, in_len, ad, ad_len, &data);
|
294
330
|
} else {
|
295
|
-
calc_tag(data.out.tag,
|
296
|
-
CRYPTO_chacha_20(out, in, in_len,
|
331
|
+
calc_tag(data.out.tag, key, nonce, ad, ad_len, in, in_len, NULL, 0);
|
332
|
+
CRYPTO_chacha_20(out, in, in_len, key, nonce, 1);
|
297
333
|
}
|
298
334
|
|
299
|
-
if (CRYPTO_memcmp(data.out.tag, in_tag,
|
335
|
+
if (CRYPTO_memcmp(data.out.tag, in_tag, tag_len) != 0) {
|
300
336
|
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
|
301
337
|
return 0;
|
302
338
|
}
|
@@ -304,6 +340,41 @@ static int aead_chacha20_poly1305_open_gather(
|
|
304
340
|
return 1;
|
305
341
|
}
|
306
342
|
|
343
|
+
static int aead_chacha20_poly1305_open_gather(
|
344
|
+
const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *nonce,
|
345
|
+
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *in_tag,
|
346
|
+
size_t in_tag_len, const uint8_t *ad, size_t ad_len) {
|
347
|
+
const struct aead_chacha20_poly1305_ctx *c20_ctx =
|
348
|
+
(struct aead_chacha20_poly1305_ctx *)&ctx->state;
|
349
|
+
|
350
|
+
return chacha20_poly1305_open_gather(c20_ctx->key, out, nonce, nonce_len, in,
|
351
|
+
in_len, in_tag, in_tag_len, ad, ad_len,
|
352
|
+
ctx->tag_len);
|
353
|
+
}
|
354
|
+
|
355
|
+
static int aead_xchacha20_poly1305_open_gather(
|
356
|
+
const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *nonce,
|
357
|
+
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *in_tag,
|
358
|
+
size_t in_tag_len, const uint8_t *ad, size_t ad_len) {
|
359
|
+
const struct aead_chacha20_poly1305_ctx *c20_ctx =
|
360
|
+
(struct aead_chacha20_poly1305_ctx *)&ctx->state;
|
361
|
+
|
362
|
+
if (nonce_len != 24) {
|
363
|
+
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
|
364
|
+
return 0;
|
365
|
+
}
|
366
|
+
|
367
|
+
alignas(4) uint8_t derived_key[32];
|
368
|
+
alignas(4) uint8_t derived_nonce[12];
|
369
|
+
CRYPTO_hchacha20(derived_key, c20_ctx->key, nonce);
|
370
|
+
OPENSSL_memset(derived_nonce, 0, 4);
|
371
|
+
OPENSSL_memcpy(&derived_nonce[4], &nonce[16], 8);
|
372
|
+
|
373
|
+
return chacha20_poly1305_open_gather(
|
374
|
+
derived_key, out, derived_nonce, sizeof(derived_nonce), in, in_len,
|
375
|
+
in_tag, in_tag_len, ad, ad_len, ctx->tag_len);
|
376
|
+
}
|
377
|
+
|
307
378
|
static const EVP_AEAD aead_chacha20_poly1305 = {
|
308
379
|
32, // key len
|
309
380
|
12, // nonce len
|
@@ -321,6 +392,27 @@ static const EVP_AEAD aead_chacha20_poly1305 = {
|
|
321
392
|
NULL, // tag_len
|
322
393
|
};
|
323
394
|
|
395
|
+
static const EVP_AEAD aead_xchacha20_poly1305 = {
|
396
|
+
32, // key len
|
397
|
+
24, // nonce len
|
398
|
+
POLY1305_TAG_LEN, // overhead
|
399
|
+
POLY1305_TAG_LEN, // max tag length
|
400
|
+
1, // seal_scatter_supports_extra_in
|
401
|
+
|
402
|
+
aead_chacha20_poly1305_init,
|
403
|
+
NULL, // init_with_direction
|
404
|
+
aead_chacha20_poly1305_cleanup,
|
405
|
+
NULL /* open */,
|
406
|
+
aead_xchacha20_poly1305_seal_scatter,
|
407
|
+
aead_xchacha20_poly1305_open_gather,
|
408
|
+
NULL, // get_iv
|
409
|
+
NULL, // tag_len
|
410
|
+
};
|
411
|
+
|
324
412
|
const EVP_AEAD *EVP_aead_chacha20_poly1305(void) {
|
325
413
|
return &aead_chacha20_poly1305;
|
326
414
|
}
|
415
|
+
|
416
|
+
const EVP_AEAD *EVP_aead_xchacha20_poly1305(void) {
|
417
|
+
return &aead_xchacha20_poly1305;
|
418
|
+
}
|
@@ -42,14 +42,22 @@ typedef struct {
|
|
42
42
|
char implicit_iv;
|
43
43
|
} AEAD_TLS_CTX;
|
44
44
|
|
45
|
-
|
45
|
+
OPENSSL_STATIC_ASSERT(EVP_MAX_MD_SIZE < 256,
|
46
|
+
"mac_key_len does not fit in uint8_t");
|
47
|
+
|
48
|
+
OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
|
49
|
+
sizeof(AEAD_TLS_CTX),
|
50
|
+
"AEAD state is too small");
|
51
|
+
#if defined(__GNUC__) || defined(__clang__)
|
52
|
+
OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
|
53
|
+
alignof(AEAD_TLS_CTX),
|
54
|
+
"AEAD state has insufficient alignment");
|
55
|
+
#endif
|
46
56
|
|
47
57
|
static void aead_tls_cleanup(EVP_AEAD_CTX *ctx) {
|
48
|
-
AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)ctx->
|
58
|
+
AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)&ctx->state;
|
49
59
|
EVP_CIPHER_CTX_cleanup(&tls_ctx->cipher_ctx);
|
50
60
|
HMAC_CTX_cleanup(&tls_ctx->hmac_ctx);
|
51
|
-
OPENSSL_free(tls_ctx);
|
52
|
-
ctx->aead_state = NULL;
|
53
61
|
}
|
54
62
|
|
55
63
|
static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len,
|
@@ -72,11 +80,7 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len,
|
|
72
80
|
assert(mac_key_len + enc_key_len +
|
73
81
|
(implicit_iv ? EVP_CIPHER_iv_length(cipher) : 0) == key_len);
|
74
82
|
|
75
|
-
AEAD_TLS_CTX *tls_ctx =
|
76
|
-
if (tls_ctx == NULL) {
|
77
|
-
OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
|
78
|
-
return 0;
|
79
|
-
}
|
83
|
+
AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)&ctx->state;
|
80
84
|
EVP_CIPHER_CTX_init(&tls_ctx->cipher_ctx);
|
81
85
|
HMAC_CTX_init(&tls_ctx->hmac_ctx);
|
82
86
|
assert(mac_key_len <= EVP_MAX_MD_SIZE);
|
@@ -84,13 +88,11 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len,
|
|
84
88
|
tls_ctx->mac_key_len = (uint8_t)mac_key_len;
|
85
89
|
tls_ctx->implicit_iv = implicit_iv;
|
86
90
|
|
87
|
-
ctx->aead_state = tls_ctx;
|
88
91
|
if (!EVP_CipherInit_ex(&tls_ctx->cipher_ctx, cipher, NULL, &key[mac_key_len],
|
89
92
|
implicit_iv ? &key[mac_key_len + enc_key_len] : NULL,
|
90
93
|
dir == evp_aead_seal) ||
|
91
94
|
!HMAC_Init_ex(&tls_ctx->hmac_ctx, key, mac_key_len, md, NULL)) {
|
92
95
|
aead_tls_cleanup(ctx);
|
93
|
-
ctx->aead_state = NULL;
|
94
96
|
return 0;
|
95
97
|
}
|
96
98
|
EVP_CIPHER_CTX_set_padding(&tls_ctx->cipher_ctx, 0);
|
@@ -101,7 +103,7 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len,
|
|
101
103
|
static size_t aead_tls_tag_len(const EVP_AEAD_CTX *ctx, const size_t in_len,
|
102
104
|
const size_t extra_in_len) {
|
103
105
|
assert(extra_in_len == 0);
|
104
|
-
AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)ctx->
|
106
|
+
const AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)&ctx->state;
|
105
107
|
|
106
108
|
const size_t hmac_len = HMAC_size(&tls_ctx->hmac_ctx);
|
107
109
|
if (EVP_CIPHER_CTX_mode(&tls_ctx->cipher_ctx) != EVP_CIPH_CBC_MODE) {
|
@@ -125,7 +127,7 @@ static int aead_tls_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out,
|
|
125
127
|
const uint8_t *extra_in,
|
126
128
|
const size_t extra_in_len, const uint8_t *ad,
|
127
129
|
const size_t ad_len) {
|
128
|
-
AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)ctx->
|
130
|
+
AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)&ctx->state;
|
129
131
|
|
130
132
|
if (!tls_ctx->cipher_ctx.encrypt) {
|
131
133
|
// Unlike a normal AEAD, a TLS AEAD may only be used in one direction.
|
@@ -241,7 +243,7 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,
|
|
241
243
|
size_t max_out_len, const uint8_t *nonce,
|
242
244
|
size_t nonce_len, const uint8_t *in, size_t in_len,
|
243
245
|
const uint8_t *ad, size_t ad_len) {
|
244
|
-
AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)ctx->
|
246
|
+
AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)&ctx->state;
|
245
247
|
|
246
248
|
if (tls_ctx->cipher_ctx.encrypt) {
|
247
249
|
// Unlike a normal AEAD, a TLS AEAD may only be used in one direction.
|
@@ -297,6 +299,8 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,
|
|
297
299
|
total += len;
|
298
300
|
assert(total == in_len);
|
299
301
|
|
302
|
+
CONSTTIME_SECRET(out, total);
|
303
|
+
|
300
304
|
// Remove CBC padding. Code from here on is timing-sensitive with respect to
|
301
305
|
// |padding_ok| and |data_plus_mac_len| for CBC ciphers.
|
302
306
|
size_t data_plus_mac_len;
|
@@ -373,11 +377,15 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,
|
|
373
377
|
crypto_word_t good =
|
374
378
|
constant_time_eq_int(CRYPTO_memcmp(record_mac, mac, mac_len), 0);
|
375
379
|
good &= padding_ok;
|
380
|
+
CONSTTIME_DECLASSIFY(&good, sizeof(good));
|
376
381
|
if (!good) {
|
377
382
|
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
|
378
383
|
return 0;
|
379
384
|
}
|
380
385
|
|
386
|
+
CONSTTIME_DECLASSIFY(&data_len, sizeof(data_len));
|
387
|
+
CONSTTIME_DECLASSIFY(out, data_len);
|
388
|
+
|
381
389
|
// End of timing-sensitive code.
|
382
390
|
|
383
391
|
*out_len = data_len;
|
@@ -453,7 +461,7 @@ static int aead_des_ede3_cbc_sha1_tls_implicit_iv_init(
|
|
453
461
|
|
454
462
|
static int aead_tls_get_iv(const EVP_AEAD_CTX *ctx, const uint8_t **out_iv,
|
455
463
|
size_t *out_iv_len) {
|
456
|
-
const AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX*)
|
464
|
+
const AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)&ctx->state;
|
457
465
|
const size_t iv_len = EVP_CIPHER_CTX_iv_length(&tls_ctx->cipher_ctx);
|
458
466
|
if (iv_len <= 1) {
|
459
467
|
return 0;
|
@@ -271,7 +271,7 @@ int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out,
|
|
271
271
|
HASH_CTX md_state;
|
272
272
|
void (*md_final_raw)(HASH_CTX *ctx, uint8_t *md_out);
|
273
273
|
void (*md_transform)(HASH_CTX *ctx, const uint8_t *block);
|
274
|
-
unsigned md_size, md_block_size = 64;
|
274
|
+
unsigned md_size, md_block_size = 64, md_block_shift = 6;
|
275
275
|
// md_length_size is the number of bytes in the length field that terminates
|
276
276
|
// the hash.
|
277
277
|
unsigned md_length_size = 8;
|
@@ -305,6 +305,7 @@ int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out,
|
|
305
305
|
md_transform = tls1_sha512_transform;
|
306
306
|
md_size = SHA384_DIGEST_LENGTH;
|
307
307
|
md_block_size = 128;
|
308
|
+
md_block_shift = 7;
|
308
309
|
md_length_size = 16;
|
309
310
|
break;
|
310
311
|
|
@@ -318,6 +319,7 @@ int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out,
|
|
318
319
|
|
319
320
|
assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
|
320
321
|
assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
|
322
|
+
assert(md_block_size == (1u << md_block_shift));
|
321
323
|
assert(md_size <= EVP_MAX_MD_SIZE);
|
322
324
|
|
323
325
|
static const size_t kHeaderLength = 13;
|
@@ -327,9 +329,18 @@ int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out,
|
|
327
329
|
// padding value.
|
328
330
|
//
|
329
331
|
// TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
|
330
|
-
// required to be minimal. Therefore we say that the final
|
331
|
-
// can vary based on the padding.
|
332
|
-
|
332
|
+
// required to be minimal. Therefore we say that the final |kVarianceBlocks|
|
333
|
+
// blocks can vary based on the padding and on the hash used. This value
|
334
|
+
// must be derived from public information.
|
335
|
+
const size_t kVarianceBlocks =
|
336
|
+
( 255 + 1 + // maximum padding bytes + padding length
|
337
|
+
md_size + // length of hash's output
|
338
|
+
md_block_size - 1 // ceiling
|
339
|
+
) / md_block_size
|
340
|
+
+ 1; // the 0x80 marker and the encoded message length could or not
|
341
|
+
// require an extra block; since the exact value depends on the
|
342
|
+
// message length; thus, one extra block is always added to run
|
343
|
+
// in constant time.
|
333
344
|
|
334
345
|
// From now on we're dealing with the MAC, which conceptually has 13
|
335
346
|
// bytes of `header' before the start of the data.
|
@@ -350,18 +361,16 @@ int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out,
|
|
350
361
|
// k is the starting byte offset into the conceptual header||data where
|
351
362
|
// we start processing.
|
352
363
|
size_t k = 0;
|
353
|
-
// mac_end_offset is the index just past the end of the data to be
|
354
|
-
// MACed.
|
364
|
+
// mac_end_offset is the index just past the end of the data to be MACed.
|
355
365
|
size_t mac_end_offset = data_plus_mac_size + kHeaderLength - md_size;
|
356
|
-
// c is the index of the 0x80 byte in the final hash block that
|
357
|
-
//
|
358
|
-
size_t c = mac_end_offset
|
359
|
-
// index_a is the hash block number that contains the 0x80 terminating
|
360
|
-
|
361
|
-
|
362
|
-
//
|
363
|
-
|
364
|
-
size_t index_b = (mac_end_offset + md_length_size) / md_block_size;
|
366
|
+
// c is the index of the 0x80 byte in the final hash block that contains
|
367
|
+
// application data.
|
368
|
+
size_t c = mac_end_offset & (md_block_size - 1);
|
369
|
+
// index_a is the hash block number that contains the 0x80 terminating value.
|
370
|
+
size_t index_a = mac_end_offset >> md_block_shift;
|
371
|
+
// index_b is the hash block number that contains the 64-bit hash length, in
|
372
|
+
// bits.
|
373
|
+
size_t index_b = (mac_end_offset + md_length_size) >> md_block_shift;
|
365
374
|
|
366
375
|
if (num_blocks > kVarianceBlocks) {
|
367
376
|
num_starting_blocks = num_blocks - kVarianceBlocks;
|