grpc 1.24.0 → 1.25.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (505) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +306 -243
  3. data/etc/roots.pem +0 -100
  4. data/include/grpc/grpc_security.h +44 -18
  5. data/include/grpc/impl/codegen/grpc_types.h +15 -0
  6. data/include/grpc/impl/codegen/port_platform.h +27 -11
  7. data/include/grpc/impl/codegen/sync_generic.h +1 -1
  8. data/src/boringssl/err_data.c +695 -650
  9. data/src/core/ext/filters/client_channel/client_channel.cc +257 -179
  10. data/src/core/ext/filters/client_channel/client_channel.h +24 -0
  11. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +2 -3
  12. data/src/core/ext/filters/client_channel/client_channel_factory.h +1 -5
  13. data/src/core/ext/filters/client_channel/health/health_check_client.cc +18 -45
  14. data/src/core/ext/filters/client_channel/health/health_check_client.h +5 -13
  15. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
  16. data/src/core/ext/filters/client_channel/lb_policy.cc +2 -3
  17. data/src/core/ext/filters/client_channel/lb_policy.h +65 -55
  18. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +14 -14
  19. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +113 -36
  20. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +14 -19
  21. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +36 -13
  22. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -10
  23. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +814 -1589
  24. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +2 -5
  25. data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -6
  26. data/src/core/ext/filters/client_channel/resolver.cc +1 -2
  27. data/src/core/ext/filters/client_channel/resolver.h +8 -16
  28. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +25 -8
  29. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +46 -12
  30. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +10 -17
  31. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +7 -8
  32. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
  33. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +111 -44
  34. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +22 -14
  35. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
  36. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +2 -2
  37. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +29 -10
  38. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +27 -36
  39. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +7 -10
  40. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -16
  41. data/src/core/ext/filters/client_channel/resolver_factory.h +4 -8
  42. data/src/core/ext/filters/client_channel/resolver_registry.cc +1 -1
  43. data/src/core/ext/filters/client_channel/resolver_registry.h +1 -1
  44. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +7 -10
  45. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +7 -8
  46. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +1 -1
  47. data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
  48. data/src/core/ext/filters/client_channel/retry_throttle.h +1 -4
  49. data/src/core/ext/filters/client_channel/service_config.h +8 -8
  50. data/src/core/ext/filters/client_channel/subchannel.cc +53 -86
  51. data/src/core/ext/filters/client_channel/subchannel.h +7 -9
  52. data/src/core/ext/filters/client_channel/subchannel_interface.h +9 -13
  53. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +3 -6
  54. data/src/core/ext/filters/client_channel/{lb_policy/xds/xds_load_balancer_api.cc → xds/xds_api.cc} +169 -52
  55. data/src/core/ext/filters/client_channel/xds/xds_api.h +171 -0
  56. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +450 -0
  57. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +99 -0
  58. data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel.h +8 -6
  59. data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
  60. data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel_secure.cc +28 -11
  61. data/src/core/ext/filters/client_channel/xds/xds_client.cc +1413 -0
  62. data/src/core/ext/filters/client_channel/xds/xds_client.h +221 -0
  63. data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.cc +1 -5
  64. data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.h +3 -4
  65. data/src/core/ext/filters/deadline/deadline_filter.cc +20 -20
  66. data/src/core/ext/filters/http/client/http_client_filter.cc +15 -15
  67. data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
  68. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +12 -12
  69. data/src/core/ext/filters/max_age/max_age_filter.cc +59 -50
  70. data/src/core/ext/filters/message_size/message_size_filter.cc +18 -18
  71. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +15 -14
  72. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +233 -175
  73. data/src/core/ext/transport/chttp2/transport/flow_control.h +21 -24
  74. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +253 -163
  75. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +24 -12
  76. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -3
  77. data/src/core/ext/transport/chttp2/transport/internal.h +13 -15
  78. data/src/core/ext/transport/chttp2/transport/writing.cc +3 -0
  79. data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
  80. data/src/core/lib/channel/channel_args.cc +16 -0
  81. data/src/core/lib/channel/channel_args.h +22 -0
  82. data/src/core/lib/channel/channelz.cc +5 -6
  83. data/src/core/lib/channel/channelz.h +1 -1
  84. data/src/core/lib/channel/connected_channel.cc +20 -20
  85. data/src/core/lib/channel/handshaker.h +3 -4
  86. data/src/core/lib/channel/handshaker_factory.h +1 -3
  87. data/src/core/lib/debug/trace.h +3 -2
  88. data/src/core/lib/gprpp/arena.cc +3 -3
  89. data/src/core/lib/gprpp/arena.h +2 -3
  90. data/src/core/lib/gprpp/inlined_vector.h +9 -0
  91. data/src/core/lib/gprpp/map.h +3 -501
  92. data/src/core/lib/gprpp/memory.h +45 -41
  93. data/src/core/lib/gprpp/mpscq.cc +108 -0
  94. data/src/core/lib/gprpp/mpscq.h +98 -0
  95. data/src/core/lib/gprpp/orphanable.h +6 -11
  96. data/src/core/lib/gprpp/ref_counted.h +25 -19
  97. data/src/core/lib/gprpp/set.h +33 -0
  98. data/src/core/lib/gprpp/thd.h +2 -4
  99. data/src/core/lib/http/httpcli.cc +1 -1
  100. data/src/core/lib/http/httpcli_security_connector.cc +15 -11
  101. data/src/core/lib/http/parser.cc +1 -1
  102. data/src/core/lib/iomgr/buffer_list.cc +4 -5
  103. data/src/core/lib/iomgr/buffer_list.h +5 -6
  104. data/src/core/lib/iomgr/call_combiner.cc +4 -5
  105. data/src/core/lib/iomgr/call_combiner.h +2 -2
  106. data/src/core/lib/iomgr/cfstream_handle.h +3 -5
  107. data/src/core/lib/iomgr/closure.h +8 -3
  108. data/src/core/lib/iomgr/combiner.cc +45 -82
  109. data/src/core/lib/iomgr/combiner.h +32 -8
  110. data/src/core/lib/iomgr/endpoint_cfstream.cc +5 -3
  111. data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -15
  112. data/src/core/lib/iomgr/ev_poll_posix.cc +3 -1
  113. data/src/core/lib/iomgr/exec_ctx.h +4 -3
  114. data/src/core/lib/iomgr/executor.cc +4 -2
  115. data/src/core/lib/iomgr/executor.h +3 -0
  116. data/src/core/lib/iomgr/executor/mpmcqueue.h +3 -6
  117. data/src/core/lib/iomgr/executor/threadpool.cc +1 -2
  118. data/src/core/lib/iomgr/executor/threadpool.h +7 -11
  119. data/src/core/lib/iomgr/resource_quota.cc +55 -51
  120. data/src/core/lib/iomgr/resource_quota.h +13 -9
  121. data/src/core/lib/iomgr/socket_utils_common_posix.cc +13 -0
  122. data/src/core/lib/iomgr/socket_utils_posix.h +4 -0
  123. data/src/core/lib/iomgr/tcp_client_posix.cc +4 -11
  124. data/src/core/lib/iomgr/tcp_custom.cc +9 -7
  125. data/src/core/lib/iomgr/tcp_posix.cc +20 -16
  126. data/src/core/lib/iomgr/tcp_server.h +1 -4
  127. data/src/core/lib/iomgr/tcp_server_custom.cc +5 -5
  128. data/src/core/lib/iomgr/tcp_server_posix.cc +1 -1
  129. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -11
  130. data/src/core/lib/iomgr/timer_custom.cc +2 -2
  131. data/src/core/lib/iomgr/udp_server.cc +3 -2
  132. data/src/core/lib/iomgr/udp_server.h +6 -12
  133. data/src/core/lib/json/json.h +1 -1
  134. data/src/core/lib/json/json_string.cc +2 -2
  135. data/src/core/lib/profiling/basic_timers.cc +2 -2
  136. data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -2
  137. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -1
  138. data/src/core/lib/security/credentials/credentials.h +4 -20
  139. data/src/core/lib/security/credentials/fake/fake_credentials.cc +4 -4
  140. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -3
  141. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +64 -0
  142. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +4 -4
  143. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -7
  144. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +2 -0
  145. data/src/core/lib/security/security_connector/local/local_security_connector.cc +4 -4
  146. data/src/core/lib/security/security_connector/security_connector.cc +1 -0
  147. data/src/core/lib/security/security_connector/security_connector.h +19 -17
  148. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +8 -5
  149. data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
  150. data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
  151. data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +14 -6
  152. data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +4 -2
  153. data/src/core/lib/security/transport/client_auth_filter.cc +17 -17
  154. data/src/core/lib/security/transport/security_handshaker.cc +29 -13
  155. data/src/core/lib/security/transport/security_handshaker.h +4 -2
  156. data/src/core/lib/security/transport/server_auth_filter.cc +14 -14
  157. data/src/core/lib/slice/slice.cc +2 -10
  158. data/src/core/lib/slice/slice_hash_table.h +4 -6
  159. data/src/core/lib/slice/slice_intern.cc +42 -39
  160. data/src/core/lib/slice/slice_internal.h +3 -3
  161. data/src/core/lib/slice/slice_utils.h +21 -4
  162. data/src/core/lib/slice/slice_weak_hash_table.h +4 -6
  163. data/src/core/lib/surface/call.cc +3 -3
  164. data/src/core/lib/surface/channel.cc +7 -0
  165. data/src/core/lib/surface/completion_queue.cc +12 -11
  166. data/src/core/lib/surface/completion_queue.h +4 -2
  167. data/src/core/lib/surface/init.cc +1 -0
  168. data/src/core/lib/surface/lame_client.cc +33 -18
  169. data/src/core/lib/surface/server.cc +77 -76
  170. data/src/core/lib/surface/version.cc +1 -1
  171. data/src/core/lib/transport/byte_stream.h +3 -7
  172. data/src/core/lib/transport/connectivity_state.cc +112 -98
  173. data/src/core/lib/transport/connectivity_state.h +100 -50
  174. data/src/core/lib/transport/static_metadata.cc +276 -288
  175. data/src/core/lib/transport/static_metadata.h +73 -76
  176. data/src/core/lib/transport/status_conversion.cc +1 -1
  177. data/src/core/lib/transport/status_metadata.cc +1 -1
  178. data/src/core/lib/transport/transport.cc +2 -2
  179. data/src/core/lib/transport/transport.h +12 -4
  180. data/src/core/lib/transport/transport_op_string.cc +14 -11
  181. data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
  182. data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +1 -1
  183. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +5 -5
  184. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -2
  185. data/src/core/tsi/fake_transport_security.cc +7 -5
  186. data/src/core/tsi/grpc_shadow_boringssl.h +2918 -2627
  187. data/src/core/tsi/local_transport_security.cc +8 -6
  188. data/src/core/tsi/ssl/session_cache/ssl_session.h +1 -3
  189. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -2
  190. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +7 -5
  191. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -6
  192. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -2
  193. data/src/core/tsi/ssl_transport_security.cc +12 -12
  194. data/src/core/tsi/ssl_transport_security.h +2 -2
  195. data/src/core/tsi/transport_security_grpc.cc +7 -0
  196. data/src/core/tsi/transport_security_grpc.h +6 -0
  197. data/src/ruby/ext/grpc/extconf.rb +1 -0
  198. data/src/ruby/ext/grpc/rb_call.c +1 -1
  199. data/src/ruby/ext/grpc/rb_channel.c +1 -1
  200. data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
  201. data/src/ruby/lib/grpc/generic/rpc_server.rb +1 -1
  202. data/src/ruby/lib/grpc/version.rb +1 -1
  203. data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
  204. data/third_party/boringssl/crypto/asn1/a_bool.c +18 -5
  205. data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +17 -221
  206. data/third_party/boringssl/crypto/asn1/a_dup.c +0 -24
  207. data/third_party/boringssl/crypto/asn1/a_enum.c +2 -2
  208. data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +10 -72
  209. data/third_party/boringssl/crypto/asn1/a_int.c +12 -71
  210. data/third_party/boringssl/crypto/asn1/a_mbstr.c +110 -216
  211. data/third_party/boringssl/crypto/asn1/a_object.c +16 -5
  212. data/third_party/boringssl/crypto/asn1/a_strnid.c +1 -0
  213. data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -1
  214. data/third_party/boringssl/crypto/asn1/tasn_enc.c +3 -1
  215. data/third_party/boringssl/crypto/base64/base64.c +2 -2
  216. data/third_party/boringssl/crypto/bio/bio.c +73 -9
  217. data/third_party/boringssl/crypto/bio/connect.c +4 -0
  218. data/third_party/boringssl/crypto/bio/fd.c +4 -0
  219. data/third_party/boringssl/crypto/bio/file.c +5 -2
  220. data/third_party/boringssl/crypto/bio/socket.c +4 -0
  221. data/third_party/boringssl/crypto/bio/socket_helper.c +4 -0
  222. data/third_party/boringssl/crypto/bn_extra/convert.c +11 -7
  223. data/third_party/boringssl/crypto/bytestring/ber.c +8 -4
  224. data/third_party/boringssl/crypto/bytestring/cbb.c +19 -7
  225. data/third_party/boringssl/crypto/bytestring/cbs.c +28 -15
  226. data/third_party/boringssl/crypto/bytestring/internal.h +28 -7
  227. data/third_party/boringssl/crypto/bytestring/unicode.c +155 -0
  228. data/third_party/boringssl/crypto/chacha/chacha.c +36 -19
  229. data/third_party/boringssl/crypto/chacha/internal.h +45 -0
  230. data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +29 -0
  231. data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +269 -25
  232. data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +16 -14
  233. data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +54 -38
  234. data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +133 -41
  235. data/third_party/boringssl/crypto/cipher_extra/e_tls.c +23 -15
  236. data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +24 -15
  237. data/third_party/boringssl/crypto/cmac/cmac.c +62 -25
  238. data/third_party/boringssl/crypto/conf/conf.c +7 -0
  239. data/third_party/boringssl/crypto/cpu-arm-linux.c +4 -148
  240. data/third_party/boringssl/crypto/cpu-arm-linux.h +201 -0
  241. data/third_party/boringssl/crypto/cpu-intel.c +45 -51
  242. data/third_party/boringssl/crypto/crypto.c +39 -22
  243. data/third_party/boringssl/crypto/curve25519/spake25519.c +1 -1
  244. data/third_party/boringssl/crypto/dsa/dsa.c +77 -53
  245. data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +20 -8
  246. data/third_party/boringssl/crypto/ec_extra/ec_derive.c +96 -0
  247. data/third_party/boringssl/crypto/{ecdh/ecdh.c → ecdh_extra/ecdh_extra.c} +20 -58
  248. data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -9
  249. data/third_party/boringssl/crypto/engine/engine.c +2 -1
  250. data/third_party/boringssl/crypto/err/err.c +2 -0
  251. data/third_party/boringssl/crypto/err/internal.h +2 -2
  252. data/third_party/boringssl/crypto/evp/evp.c +89 -8
  253. data/third_party/boringssl/crypto/evp/evp_asn1.c +56 -5
  254. data/third_party/boringssl/crypto/evp/evp_ctx.c +52 -14
  255. data/third_party/boringssl/crypto/evp/internal.h +18 -1
  256. data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +5 -0
  257. data/third_party/boringssl/crypto/evp/p_ec.c +51 -3
  258. data/third_party/boringssl/crypto/evp/p_ec_asn1.c +6 -7
  259. data/third_party/boringssl/crypto/evp/p_ed25519.c +36 -3
  260. data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +76 -45
  261. data/third_party/boringssl/crypto/evp/p_rsa.c +3 -1
  262. data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +5 -0
  263. data/third_party/boringssl/crypto/evp/p_x25519.c +110 -0
  264. data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +249 -0
  265. data/third_party/boringssl/crypto/evp/scrypt.c +6 -2
  266. data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +34 -274
  267. data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +161 -21
  268. data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +111 -13
  269. data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +17 -21
  270. data/third_party/boringssl/crypto/fipsmodule/bcm.c +119 -7
  271. data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +19 -2
  272. data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +2 -2
  273. data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +93 -160
  274. data/third_party/boringssl/crypto/fipsmodule/bn/div.c +48 -57
  275. data/third_party/boringssl/crypto/fipsmodule/bn/div_extra.c +87 -0
  276. data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +143 -211
  277. data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -305
  278. data/third_party/boringssl/crypto/fipsmodule/bn/gcd_extra.c +325 -0
  279. data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +168 -50
  280. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +68 -92
  281. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +7 -6
  282. data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +11 -14
  283. data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +358 -443
  284. data/third_party/boringssl/crypto/fipsmodule/bn/random.c +25 -35
  285. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +20 -25
  286. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +76 -5
  287. data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +14 -14
  288. data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +7 -2
  289. data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +383 -516
  290. data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +4 -0
  291. data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +3 -4
  292. data/third_party/boringssl/crypto/fipsmodule/delocate.h +3 -2
  293. data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +32 -17
  294. data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +3 -3
  295. data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +228 -122
  296. data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +34 -8
  297. data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +311 -98
  298. data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +82 -0
  299. data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +263 -97
  300. data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +22 -59
  301. data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +317 -234
  302. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9473 -9475
  303. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +313 -109
  304. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +36 -0
  305. data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +96 -0
  306. data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +126 -792
  307. data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +84 -0
  308. data/third_party/boringssl/crypto/fipsmodule/ec/util.c +163 -12
  309. data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +84 -211
  310. data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +122 -0
  311. data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +60 -205
  312. data/third_party/boringssl/crypto/fipsmodule/fips_shared_support.c +32 -0
  313. data/third_party/boringssl/crypto/fipsmodule/is_fips.c +2 -0
  314. data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +3 -1
  315. data/third_party/boringssl/crypto/fipsmodule/md5/internal.h +37 -0
  316. data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +11 -8
  317. data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +35 -79
  318. data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +7 -39
  319. data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +7 -27
  320. data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +123 -309
  321. data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +189 -126
  322. data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +3 -2
  323. data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +2 -2
  324. data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +35 -0
  325. data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +24 -19
  326. data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +256 -77
  327. data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +10 -7
  328. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +5 -1
  329. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +131 -14
  330. data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +83 -10
  331. data/third_party/boringssl/crypto/fipsmodule/sha/internal.h +53 -0
  332. data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +9 -13
  333. data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +18 -12
  334. data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +95 -168
  335. data/third_party/boringssl/crypto/hrss/hrss.c +2201 -0
  336. data/third_party/boringssl/crypto/hrss/internal.h +62 -0
  337. data/third_party/boringssl/crypto/internal.h +95 -20
  338. data/third_party/boringssl/crypto/lhash/lhash.c +45 -33
  339. data/third_party/boringssl/crypto/mem.c +39 -2
  340. data/third_party/boringssl/crypto/obj/obj.c +4 -4
  341. data/third_party/boringssl/crypto/obj/obj_dat.h +6181 -875
  342. data/third_party/boringssl/crypto/pem/pem_all.c +2 -3
  343. data/third_party/boringssl/crypto/pem/pem_info.c +144 -162
  344. data/third_party/boringssl/crypto/pem/pem_lib.c +53 -52
  345. data/third_party/boringssl/crypto/pem/pem_pkey.c +13 -21
  346. data/third_party/boringssl/crypto/pkcs7/pkcs7.c +15 -22
  347. data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +168 -16
  348. data/third_party/boringssl/crypto/pkcs8/internal.h +11 -0
  349. data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +24 -15
  350. data/third_party/boringssl/crypto/pkcs8/pkcs8.c +42 -25
  351. data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +559 -43
  352. data/third_party/boringssl/crypto/pool/internal.h +1 -1
  353. data/third_party/boringssl/crypto/pool/pool.c +21 -0
  354. data/third_party/boringssl/crypto/rand_extra/deterministic.c +8 -0
  355. data/third_party/boringssl/crypto/rand_extra/fuchsia.c +1 -14
  356. data/third_party/boringssl/crypto/refcount_lock.c +2 -2
  357. data/third_party/boringssl/crypto/rsa_extra/rsa_print.c +22 -0
  358. data/third_party/boringssl/crypto/siphash/siphash.c +80 -0
  359. data/third_party/boringssl/crypto/stack/stack.c +83 -32
  360. data/third_party/boringssl/crypto/thread_none.c +2 -2
  361. data/third_party/boringssl/crypto/thread_pthread.c +2 -2
  362. data/third_party/boringssl/crypto/thread_win.c +38 -19
  363. data/third_party/boringssl/crypto/x509/a_strex.c +22 -2
  364. data/third_party/boringssl/crypto/x509/asn1_gen.c +2 -1
  365. data/third_party/boringssl/crypto/x509/by_dir.c +7 -0
  366. data/third_party/boringssl/crypto/x509/by_file.c +12 -10
  367. data/third_party/boringssl/crypto/x509/t_crl.c +5 -8
  368. data/third_party/boringssl/crypto/x509/t_req.c +1 -3
  369. data/third_party/boringssl/crypto/x509/t_x509.c +5 -8
  370. data/third_party/boringssl/crypto/x509/x509_cmp.c +1 -1
  371. data/third_party/boringssl/crypto/x509/x509_def.c +1 -1
  372. data/third_party/boringssl/crypto/x509/x509_lu.c +114 -5
  373. data/third_party/boringssl/crypto/x509/x509_req.c +20 -0
  374. data/third_party/boringssl/crypto/x509/x509_set.c +5 -0
  375. data/third_party/boringssl/crypto/x509/x509_trs.c +1 -0
  376. data/third_party/boringssl/crypto/x509/x509_txt.c +4 -5
  377. data/third_party/boringssl/crypto/x509/x509_vfy.c +145 -138
  378. data/third_party/boringssl/crypto/x509/x509_vpm.c +2 -0
  379. data/third_party/boringssl/crypto/x509/x509cset.c +40 -0
  380. data/third_party/boringssl/crypto/x509/x509name.c +2 -3
  381. data/third_party/boringssl/crypto/x509/x_all.c +109 -210
  382. data/third_party/boringssl/crypto/x509/x_x509.c +6 -0
  383. data/third_party/boringssl/crypto/x509v3/ext_dat.h +1 -3
  384. data/third_party/boringssl/crypto/x509v3/internal.h +56 -0
  385. data/third_party/boringssl/crypto/x509v3/pcy_cache.c +2 -0
  386. data/third_party/boringssl/crypto/x509v3/pcy_node.c +1 -0
  387. data/third_party/boringssl/crypto/x509v3/pcy_tree.c +4 -2
  388. data/third_party/boringssl/crypto/x509v3/v3_akey.c +5 -2
  389. data/third_party/boringssl/crypto/x509v3/v3_alt.c +19 -13
  390. data/third_party/boringssl/crypto/x509v3/v3_conf.c +2 -1
  391. data/third_party/boringssl/crypto/x509v3/v3_cpols.c +3 -2
  392. data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -6
  393. data/third_party/boringssl/crypto/x509v3/v3_lib.c +1 -0
  394. data/third_party/boringssl/crypto/x509v3/v3_ocsp.c +68 -0
  395. data/third_party/boringssl/crypto/x509v3/v3_pci.c +2 -1
  396. data/third_party/boringssl/crypto/x509v3/v3_purp.c +47 -69
  397. data/third_party/boringssl/crypto/x509v3/v3_skey.c +5 -2
  398. data/third_party/boringssl/crypto/x509v3/v3_utl.c +69 -25
  399. data/third_party/boringssl/include/openssl/aead.h +45 -19
  400. data/third_party/boringssl/include/openssl/aes.h +32 -7
  401. data/third_party/boringssl/include/openssl/asn1.h +7 -77
  402. data/third_party/boringssl/include/openssl/base.h +120 -6
  403. data/third_party/boringssl/include/openssl/base64.h +4 -1
  404. data/third_party/boringssl/include/openssl/bio.h +112 -81
  405. data/third_party/boringssl/include/openssl/blowfish.h +3 -3
  406. data/third_party/boringssl/include/openssl/bn.h +55 -29
  407. data/third_party/boringssl/include/openssl/buf.h +2 -2
  408. data/third_party/boringssl/include/openssl/bytestring.h +54 -32
  409. data/third_party/boringssl/include/openssl/cast.h +2 -2
  410. data/third_party/boringssl/include/openssl/cipher.h +46 -16
  411. data/third_party/boringssl/include/openssl/cmac.h +6 -2
  412. data/third_party/boringssl/include/openssl/conf.h +3 -6
  413. data/third_party/boringssl/include/openssl/cpu.h +25 -9
  414. data/third_party/boringssl/include/openssl/crypto.h +32 -10
  415. data/third_party/boringssl/include/openssl/curve25519.h +4 -4
  416. data/third_party/boringssl/include/openssl/dh.h +3 -2
  417. data/third_party/boringssl/include/openssl/digest.h +21 -7
  418. data/third_party/boringssl/include/openssl/dsa.h +8 -2
  419. data/third_party/boringssl/include/openssl/e_os2.h +18 -0
  420. data/third_party/boringssl/include/openssl/ec.h +25 -21
  421. data/third_party/boringssl/include/openssl/ec_key.h +36 -8
  422. data/third_party/boringssl/include/openssl/ecdh.h +17 -0
  423. data/third_party/boringssl/include/openssl/ecdsa.h +3 -3
  424. data/third_party/boringssl/include/openssl/engine.h +4 -4
  425. data/third_party/boringssl/include/openssl/err.h +3 -0
  426. data/third_party/boringssl/include/openssl/evp.h +199 -42
  427. data/third_party/boringssl/include/openssl/hmac.h +4 -4
  428. data/third_party/boringssl/include/openssl/hrss.h +100 -0
  429. data/third_party/boringssl/include/openssl/lhash.h +131 -23
  430. data/third_party/boringssl/include/openssl/md4.h +6 -4
  431. data/third_party/boringssl/include/openssl/md5.h +6 -4
  432. data/third_party/boringssl/include/openssl/mem.h +6 -2
  433. data/third_party/boringssl/include/openssl/nid.h +3 -0
  434. data/third_party/boringssl/include/openssl/obj.h +3 -0
  435. data/third_party/boringssl/include/openssl/pem.h +102 -64
  436. data/third_party/boringssl/include/openssl/pkcs7.h +136 -3
  437. data/third_party/boringssl/include/openssl/pkcs8.h +42 -3
  438. data/third_party/boringssl/include/openssl/pool.h +13 -2
  439. data/third_party/boringssl/include/openssl/ripemd.h +5 -4
  440. data/third_party/boringssl/include/openssl/rsa.h +46 -15
  441. data/third_party/boringssl/include/openssl/sha.h +40 -28
  442. data/third_party/boringssl/include/openssl/siphash.h +37 -0
  443. data/third_party/boringssl/include/openssl/span.h +17 -9
  444. data/third_party/boringssl/include/openssl/ssl.h +766 -393
  445. data/third_party/boringssl/include/openssl/ssl3.h +4 -3
  446. data/third_party/boringssl/include/openssl/stack.h +134 -77
  447. data/third_party/boringssl/include/openssl/thread.h +1 -1
  448. data/third_party/boringssl/include/openssl/tls1.h +25 -9
  449. data/third_party/boringssl/include/openssl/type_check.h +14 -15
  450. data/third_party/boringssl/include/openssl/x509.h +28 -3
  451. data/third_party/boringssl/include/openssl/x509_vfy.h +98 -32
  452. data/third_party/boringssl/include/openssl/x509v3.h +17 -13
  453. data/third_party/boringssl/ssl/d1_both.cc +9 -18
  454. data/third_party/boringssl/ssl/d1_lib.cc +4 -3
  455. data/third_party/boringssl/ssl/d1_pkt.cc +4 -4
  456. data/third_party/boringssl/ssl/d1_srtp.cc +15 -15
  457. data/third_party/boringssl/ssl/dtls_method.cc +0 -1
  458. data/third_party/boringssl/ssl/dtls_record.cc +28 -28
  459. data/third_party/boringssl/ssl/handoff.cc +295 -91
  460. data/third_party/boringssl/ssl/handshake.cc +133 -72
  461. data/third_party/boringssl/ssl/handshake_client.cc +218 -189
  462. data/third_party/boringssl/ssl/handshake_server.cc +399 -272
  463. data/third_party/boringssl/ssl/internal.h +1413 -928
  464. data/third_party/boringssl/ssl/s3_both.cc +175 -36
  465. data/third_party/boringssl/ssl/s3_lib.cc +9 -13
  466. data/third_party/boringssl/ssl/s3_pkt.cc +63 -29
  467. data/third_party/boringssl/ssl/ssl_aead_ctx.cc +55 -35
  468. data/third_party/boringssl/ssl/ssl_asn1.cc +57 -73
  469. data/third_party/boringssl/ssl/ssl_buffer.cc +13 -12
  470. data/third_party/boringssl/ssl/ssl_cert.cc +313 -210
  471. data/third_party/boringssl/ssl/ssl_cipher.cc +159 -221
  472. data/third_party/boringssl/ssl/ssl_file.cc +2 -0
  473. data/third_party/boringssl/ssl/ssl_key_share.cc +164 -19
  474. data/third_party/boringssl/ssl/ssl_lib.cc +847 -555
  475. data/third_party/boringssl/ssl/ssl_privkey.cc +441 -111
  476. data/third_party/boringssl/ssl/ssl_session.cc +230 -178
  477. data/third_party/boringssl/ssl/ssl_transcript.cc +21 -142
  478. data/third_party/boringssl/ssl/ssl_versions.cc +88 -93
  479. data/third_party/boringssl/ssl/ssl_x509.cc +279 -218
  480. data/third_party/boringssl/ssl/t1_enc.cc +5 -96
  481. data/third_party/boringssl/ssl/t1_lib.cc +931 -678
  482. data/third_party/boringssl/ssl/tls13_both.cc +251 -121
  483. data/third_party/boringssl/ssl/tls13_client.cc +129 -73
  484. data/third_party/boringssl/ssl/tls13_enc.cc +350 -282
  485. data/third_party/boringssl/ssl/tls13_server.cc +259 -192
  486. data/third_party/boringssl/ssl/tls_method.cc +26 -21
  487. data/third_party/boringssl/ssl/tls_record.cc +42 -47
  488. data/third_party/boringssl/third_party/fiat/curve25519.c +261 -1324
  489. data/third_party/boringssl/third_party/fiat/curve25519_32.h +911 -0
  490. data/third_party/boringssl/third_party/fiat/curve25519_64.h +559 -0
  491. data/third_party/boringssl/third_party/fiat/p256.c +238 -999
  492. data/third_party/boringssl/third_party/fiat/p256_32.h +3226 -0
  493. data/third_party/boringssl/third_party/fiat/p256_64.h +1217 -0
  494. data/third_party/upb/upb/port_def.inc +1 -1
  495. data/third_party/upb/upb/table.c +2 -1
  496. metadata +72 -44
  497. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +0 -127
  498. data/src/core/lib/gpr/mpscq.cc +0 -117
  499. data/src/core/lib/gpr/mpscq.h +0 -88
  500. data/src/core/lib/gprpp/abstract.h +0 -47
  501. data/src/core/lib/gprpp/pair.h +0 -38
  502. data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
  503. data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
  504. data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
  505. data/third_party/boringssl/ssl/custom_extensions.cc +0 -265
@@ -124,12 +124,22 @@ void CMAC_CTX_free(CMAC_CTX *ctx) {
124
124
  OPENSSL_free(ctx);
125
125
  }
126
126
 
127
- // binary_field_mul_x treats the 128 bits at |in| as an element of GF(2¹²⁸)
128
- // with a hard-coded reduction polynomial and sets |out| as x times the
129
- // input.
127
+ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) {
128
+ if (!EVP_CIPHER_CTX_copy(&out->cipher_ctx, &in->cipher_ctx)) {
129
+ return 0;
130
+ }
131
+ OPENSSL_memcpy(out->k1, in->k1, AES_BLOCK_SIZE);
132
+ OPENSSL_memcpy(out->k2, in->k2, AES_BLOCK_SIZE);
133
+ OPENSSL_memcpy(out->block, in->block, AES_BLOCK_SIZE);
134
+ out->block_used = in->block_used;
135
+ return 1;
136
+ }
137
+
138
+ // binary_field_mul_x_128 treats the 128 bits at |in| as an element of GF(2¹²⁸)
139
+ // with a hard-coded reduction polynomial and sets |out| as x times the input.
130
140
  //
131
141
  // See https://tools.ietf.org/html/rfc4493#section-2.3
132
- static void binary_field_mul_x(uint8_t out[16], const uint8_t in[16]) {
142
+ static void binary_field_mul_x_128(uint8_t out[16], const uint8_t in[16]) {
133
143
  unsigned i;
134
144
 
135
145
  // Shift |in| to left, including carry.
@@ -142,23 +152,46 @@ static void binary_field_mul_x(uint8_t out[16], const uint8_t in[16]) {
142
152
  out[i] = (in[i] << 1) ^ ((0 - carry) & 0x87);
143
153
  }
144
154
 
155
+ // binary_field_mul_x_64 behaves like |binary_field_mul_x_128| but acts on an
156
+ // element of GF(2⁶⁴).
157
+ //
158
+ // See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf
159
+ static void binary_field_mul_x_64(uint8_t out[8], const uint8_t in[8]) {
160
+ unsigned i;
161
+
162
+ // Shift |in| to left, including carry.
163
+ for (i = 0; i < 7; i++) {
164
+ out[i] = (in[i] << 1) | (in[i+1] >> 7);
165
+ }
166
+
167
+ // If MSB set fixup with R.
168
+ const uint8_t carry = in[0] >> 7;
169
+ out[i] = (in[i] << 1) ^ ((0 - carry) & 0x1b);
170
+ }
171
+
145
172
  static const uint8_t kZeroIV[AES_BLOCK_SIZE] = {0};
146
173
 
147
174
  int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t key_len,
148
175
  const EVP_CIPHER *cipher, ENGINE *engine) {
149
176
  uint8_t scratch[AES_BLOCK_SIZE];
150
177
 
151
- if (EVP_CIPHER_block_size(cipher) != AES_BLOCK_SIZE ||
178
+ size_t block_size = EVP_CIPHER_block_size(cipher);
179
+ if ((block_size != AES_BLOCK_SIZE && block_size != 8 /* 3-DES */) ||
152
180
  EVP_CIPHER_key_length(cipher) != key_len ||
153
181
  !EVP_EncryptInit_ex(&ctx->cipher_ctx, cipher, NULL, key, kZeroIV) ||
154
- !EVP_Cipher(&ctx->cipher_ctx, scratch, kZeroIV, AES_BLOCK_SIZE) ||
182
+ !EVP_Cipher(&ctx->cipher_ctx, scratch, kZeroIV, block_size) ||
155
183
  // Reset context again ready for first data.
156
184
  !EVP_EncryptInit_ex(&ctx->cipher_ctx, NULL, NULL, NULL, kZeroIV)) {
157
185
  return 0;
158
186
  }
159
187
 
160
- binary_field_mul_x(ctx->k1, scratch);
161
- binary_field_mul_x(ctx->k2, ctx->k1);
188
+ if (block_size == AES_BLOCK_SIZE) {
189
+ binary_field_mul_x_128(ctx->k1, scratch);
190
+ binary_field_mul_x_128(ctx->k2, ctx->k1);
191
+ } else {
192
+ binary_field_mul_x_64(ctx->k1, scratch);
193
+ binary_field_mul_x_64(ctx->k2, ctx->k1);
194
+ }
162
195
  ctx->block_used = 0;
163
196
 
164
197
  return 1;
@@ -170,10 +203,12 @@ int CMAC_Reset(CMAC_CTX *ctx) {
170
203
  }
171
204
 
172
205
  int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len) {
206
+ size_t block_size = EVP_CIPHER_CTX_block_size(&ctx->cipher_ctx);
207
+ assert(block_size <= AES_BLOCK_SIZE);
173
208
  uint8_t scratch[AES_BLOCK_SIZE];
174
209
 
175
210
  if (ctx->block_used > 0) {
176
- size_t todo = AES_BLOCK_SIZE - ctx->block_used;
211
+ size_t todo = block_size - ctx->block_used;
177
212
  if (in_len < todo) {
178
213
  todo = in_len;
179
214
  }
@@ -184,28 +219,28 @@ int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len) {
184
219
  ctx->block_used += todo;
185
220
 
186
221
  // If |in_len| is zero then either |ctx->block_used| is less than
187
- // |AES_BLOCK_SIZE|, in which case we can stop here, or |ctx->block_used|
188
- // is exactly |AES_BLOCK_SIZE| but there's no more data to process. In the
189
- // latter case we don't want to process this block now because it might be
190
- // the last block and that block is treated specially.
222
+ // |block_size|, in which case we can stop here, or |ctx->block_used| is
223
+ // exactly |block_size| but there's no more data to process. In the latter
224
+ // case we don't want to process this block now because it might be the last
225
+ // block and that block is treated specially.
191
226
  if (in_len == 0) {
192
227
  return 1;
193
228
  }
194
229
 
195
- assert(ctx->block_used == AES_BLOCK_SIZE);
230
+ assert(ctx->block_used == block_size);
196
231
 
197
- if (!EVP_Cipher(&ctx->cipher_ctx, scratch, ctx->block, AES_BLOCK_SIZE)) {
232
+ if (!EVP_Cipher(&ctx->cipher_ctx, scratch, ctx->block, block_size)) {
198
233
  return 0;
199
234
  }
200
235
  }
201
236
 
202
237
  // Encrypt all but one of the remaining blocks.
203
- while (in_len > AES_BLOCK_SIZE) {
204
- if (!EVP_Cipher(&ctx->cipher_ctx, scratch, in, AES_BLOCK_SIZE)) {
238
+ while (in_len > block_size) {
239
+ if (!EVP_Cipher(&ctx->cipher_ctx, scratch, in, block_size)) {
205
240
  return 0;
206
241
  }
207
- in += AES_BLOCK_SIZE;
208
- in_len -= AES_BLOCK_SIZE;
242
+ in += block_size;
243
+ in_len -= block_size;
209
244
  }
210
245
 
211
246
  OPENSSL_memcpy(ctx->block, in, in_len);
@@ -215,27 +250,29 @@ int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len) {
215
250
  }
216
251
 
217
252
  int CMAC_Final(CMAC_CTX *ctx, uint8_t *out, size_t *out_len) {
218
- *out_len = AES_BLOCK_SIZE;
253
+ size_t block_size = EVP_CIPHER_CTX_block_size(&ctx->cipher_ctx);
254
+ assert(block_size <= AES_BLOCK_SIZE);
255
+
256
+ *out_len = block_size;
219
257
  if (out == NULL) {
220
258
  return 1;
221
259
  }
222
260
 
223
261
  const uint8_t *mask = ctx->k1;
224
262
 
225
- if (ctx->block_used != AES_BLOCK_SIZE) {
263
+ if (ctx->block_used != block_size) {
226
264
  // If the last block is incomplete, terminate it with a single 'one' bit
227
265
  // followed by zeros.
228
266
  ctx->block[ctx->block_used] = 0x80;
229
267
  OPENSSL_memset(ctx->block + ctx->block_used + 1, 0,
230
- AES_BLOCK_SIZE - (ctx->block_used + 1));
268
+ block_size - (ctx->block_used + 1));
231
269
 
232
270
  mask = ctx->k2;
233
271
  }
234
272
 
235
- unsigned i;
236
- for (i = 0; i < AES_BLOCK_SIZE; i++) {
273
+ for (unsigned i = 0; i < block_size; i++) {
237
274
  out[i] = ctx->block[i] ^ mask[i];
238
275
  }
239
276
 
240
- return EVP_Cipher(&ctx->cipher_ctx, out, out, AES_BLOCK_SIZE);
277
+ return EVP_Cipher(&ctx->cipher_ctx, out, out, block_size);
241
278
  }
@@ -62,6 +62,7 @@
62
62
  #include <openssl/bio.h>
63
63
  #include <openssl/buf.h>
64
64
  #include <openssl/err.h>
65
+ #include <openssl/lhash.h>
65
66
  #include <openssl/mem.h>
66
67
 
67
68
  #include "conf_def.h"
@@ -69,6 +70,12 @@
69
70
  #include "../internal.h"
70
71
 
71
72
 
73
+ DEFINE_LHASH_OF(CONF_VALUE)
74
+
75
+ struct conf_st {
76
+ LHASH_OF(CONF_VALUE) *data;
77
+ };
78
+
72
79
  // The maximum length we can grow a value to after variable expansion. 64k
73
80
  // should be more than enough for all reasonable uses.
74
81
  #define MAX_CONF_VALUE_LENGTH 65536
@@ -15,10 +15,8 @@
15
15
  #include <openssl/cpu.h>
16
16
 
17
17
  #if defined(OPENSSL_ARM) && !defined(OPENSSL_STATIC_ARMCAP)
18
-
19
18
  #include <errno.h>
20
19
  #include <fcntl.h>
21
- #include <string.h>
22
20
  #include <sys/types.h>
23
21
  #include <unistd.h>
24
22
 
@@ -26,21 +24,11 @@
26
24
  #include <openssl/buf.h>
27
25
  #include <openssl/mem.h>
28
26
 
29
- #include "internal.h"
30
-
27
+ #include "cpu-arm-linux.h"
31
28
 
32
29
  #define AT_HWCAP 16
33
30
  #define AT_HWCAP2 26
34
31
 
35
- #define HWCAP_NEON (1 << 12)
36
-
37
- // See /usr/include/asm/hwcap.h on an ARM installation for the source of
38
- // these values.
39
- #define HWCAP2_AES (1 << 0)
40
- #define HWCAP2_PMULL (1 << 1)
41
- #define HWCAP2_SHA1 (1 << 2)
42
- #define HWCAP2_SHA2 (1 << 3)
43
-
44
32
  // |getauxval| is not available on Android until API level 20. Link it as a weak
45
33
  // symbol and use other methods as fallback.
46
34
  unsigned long getauxval(unsigned long type) __attribute__((weak));
@@ -154,138 +142,6 @@ static unsigned long getauxval_proc(unsigned long type) {
154
142
  return 0;
155
143
  }
156
144
 
157
- typedef struct {
158
- const char *data;
159
- size_t len;
160
- } STRING_PIECE;
161
-
162
- static int STRING_PIECE_equals(const STRING_PIECE *a, const char *b) {
163
- size_t b_len = strlen(b);
164
- return a->len == b_len && OPENSSL_memcmp(a->data, b, b_len) == 0;
165
- }
166
-
167
- // STRING_PIECE_split finds the first occurence of |sep| in |in| and, if found,
168
- // sets |*out_left| and |*out_right| to |in| split before and after it. It
169
- // returns one if |sep| was found and zero otherwise.
170
- static int STRING_PIECE_split(STRING_PIECE *out_left, STRING_PIECE *out_right,
171
- const STRING_PIECE *in, char sep) {
172
- const char *p = OPENSSL_memchr(in->data, sep, in->len);
173
- if (p == NULL) {
174
- return 0;
175
- }
176
- // |out_left| or |out_right| may alias |in|, so make a copy.
177
- STRING_PIECE in_copy = *in;
178
- out_left->data = in_copy.data;
179
- out_left->len = p - in_copy.data;
180
- out_right->data = in_copy.data + out_left->len + 1;
181
- out_right->len = in_copy.len - out_left->len - 1;
182
- return 1;
183
- }
184
-
185
- // STRING_PIECE_trim removes leading and trailing whitespace from |s|.
186
- static void STRING_PIECE_trim(STRING_PIECE *s) {
187
- while (s->len != 0 && (s->data[0] == ' ' || s->data[0] == '\t')) {
188
- s->data++;
189
- s->len--;
190
- }
191
- while (s->len != 0 &&
192
- (s->data[s->len - 1] == ' ' || s->data[s->len - 1] == '\t')) {
193
- s->len--;
194
- }
195
- }
196
-
197
- // extract_cpuinfo_field extracts a /proc/cpuinfo field named |field| from
198
- // |in|. If found, it sets |*out| to the value and returns one. Otherwise, it
199
- // returns zero.
200
- static int extract_cpuinfo_field(STRING_PIECE *out, const STRING_PIECE *in,
201
- const char *field) {
202
- // Process |in| one line at a time.
203
- STRING_PIECE remaining = *in, line;
204
- while (STRING_PIECE_split(&line, &remaining, &remaining, '\n')) {
205
- STRING_PIECE key, value;
206
- if (!STRING_PIECE_split(&key, &value, &line, ':')) {
207
- continue;
208
- }
209
- STRING_PIECE_trim(&key);
210
- if (STRING_PIECE_equals(&key, field)) {
211
- STRING_PIECE_trim(&value);
212
- *out = value;
213
- return 1;
214
- }
215
- }
216
-
217
- return 0;
218
- }
219
-
220
- static int cpuinfo_field_equals(const STRING_PIECE *cpuinfo, const char *field,
221
- const char *value) {
222
- STRING_PIECE extracted;
223
- return extract_cpuinfo_field(&extracted, cpuinfo, field) &&
224
- STRING_PIECE_equals(&extracted, value);
225
- }
226
-
227
- // has_list_item treats |list| as a space-separated list of items and returns
228
- // one if |item| is contained in |list| and zero otherwise.
229
- static int has_list_item(const STRING_PIECE *list, const char *item) {
230
- STRING_PIECE remaining = *list, feature;
231
- while (STRING_PIECE_split(&feature, &remaining, &remaining, ' ')) {
232
- if (STRING_PIECE_equals(&feature, item)) {
233
- return 1;
234
- }
235
- }
236
- return 0;
237
- }
238
-
239
- static unsigned long get_hwcap_cpuinfo(const STRING_PIECE *cpuinfo) {
240
- if (cpuinfo_field_equals(cpuinfo, "CPU architecture", "8")) {
241
- // This is a 32-bit ARM binary running on a 64-bit kernel. NEON is always
242
- // available on ARMv8. Linux omits required features, so reading the
243
- // "Features" line does not work. (For simplicity, use strict equality. We
244
- // assume everything running on future ARM architectures will have a
245
- // working |getauxval|.)
246
- return HWCAP_NEON;
247
- }
248
-
249
- STRING_PIECE features;
250
- if (extract_cpuinfo_field(&features, cpuinfo, "Features") &&
251
- has_list_item(&features, "neon")) {
252
- return HWCAP_NEON;
253
- }
254
- return 0;
255
- }
256
-
257
- static unsigned long get_hwcap2_cpuinfo(const STRING_PIECE *cpuinfo) {
258
- STRING_PIECE features;
259
- if (!extract_cpuinfo_field(&features, cpuinfo, "Features")) {
260
- return 0;
261
- }
262
-
263
- unsigned long ret = 0;
264
- if (has_list_item(&features, "aes")) {
265
- ret |= HWCAP2_AES;
266
- }
267
- if (has_list_item(&features, "pmull")) {
268
- ret |= HWCAP2_PMULL;
269
- }
270
- if (has_list_item(&features, "sha1")) {
271
- ret |= HWCAP2_SHA1;
272
- }
273
- if (has_list_item(&features, "sha2")) {
274
- ret |= HWCAP2_SHA2;
275
- }
276
- return ret;
277
- }
278
-
279
- // has_broken_neon returns one if |in| matches a CPU known to have a broken
280
- // NEON unit. See https://crbug.com/341598.
281
- static int has_broken_neon(const STRING_PIECE *cpuinfo) {
282
- return cpuinfo_field_equals(cpuinfo, "CPU implementer", "0x51") &&
283
- cpuinfo_field_equals(cpuinfo, "CPU architecture", "7") &&
284
- cpuinfo_field_equals(cpuinfo, "CPU variant", "0x1") &&
285
- cpuinfo_field_equals(cpuinfo, "CPU part", "0x04d") &&
286
- cpuinfo_field_equals(cpuinfo, "CPU revision", "0");
287
- }
288
-
289
145
  extern uint32_t OPENSSL_armcap_P;
290
146
 
291
147
  static int g_has_broken_neon, g_needs_hwcap2_workaround;
@@ -315,11 +171,11 @@ void OPENSSL_cpuid_setup(void) {
315
171
  hwcap = getauxval_proc(AT_HWCAP);
316
172
  }
317
173
  if (hwcap == 0) {
318
- hwcap = get_hwcap_cpuinfo(&cpuinfo);
174
+ hwcap = crypto_get_arm_hwcap_from_cpuinfo(&cpuinfo);
319
175
  }
320
176
 
321
177
  // Clear NEON support if known broken.
322
- g_has_broken_neon = has_broken_neon(&cpuinfo);
178
+ g_has_broken_neon = crypto_cpuinfo_has_broken_neon(&cpuinfo);
323
179
  if (g_has_broken_neon) {
324
180
  hwcap &= ~HWCAP_NEON;
325
181
  }
@@ -335,7 +191,7 @@ void OPENSSL_cpuid_setup(void) {
335
191
  hwcap2 = getauxval(AT_HWCAP2);
336
192
  }
337
193
  if (hwcap2 == 0) {
338
- hwcap2 = get_hwcap2_cpuinfo(&cpuinfo);
194
+ hwcap2 = crypto_get_arm_hwcap2_from_cpuinfo(&cpuinfo);
339
195
  g_needs_hwcap2_workaround = hwcap2 != 0;
340
196
  }
341
197
 
@@ -0,0 +1,201 @@
1
+ /* Copyright (c) 2018, Google Inc.
2
+ *
3
+ * Permission to use, copy, modify, and/or distribute this software for any
4
+ * purpose with or without fee is hereby granted, provided that the above
5
+ * copyright notice and this permission notice appear in all copies.
6
+ *
7
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
+
15
+ #ifndef OPENSSL_HEADER_CRYPTO_CPU_ARM_LINUX_H
16
+ #define OPENSSL_HEADER_CRYPTO_CPU_ARM_LINUX_H
17
+
18
+ #include <openssl/base.h>
19
+
20
+ #include <string.h>
21
+
22
+ #include "internal.h"
23
+
24
+ #if defined(__cplusplus)
25
+ extern "C" {
26
+ #endif
27
+
28
+
29
+ // The cpuinfo parser lives in a header file so it may be accessible from
30
+ // cross-platform fuzzers without adding code to those platforms normally.
31
+
32
+ #define HWCAP_NEON (1 << 12)
33
+
34
+ // See /usr/include/asm/hwcap.h on an ARM installation for the source of
35
+ // these values.
36
+ #define HWCAP2_AES (1 << 0)
37
+ #define HWCAP2_PMULL (1 << 1)
38
+ #define HWCAP2_SHA1 (1 << 2)
39
+ #define HWCAP2_SHA2 (1 << 3)
40
+
41
+ typedef struct {
42
+ const char *data;
43
+ size_t len;
44
+ } STRING_PIECE;
45
+
46
+ static int STRING_PIECE_equals(const STRING_PIECE *a, const char *b) {
47
+ size_t b_len = strlen(b);
48
+ return a->len == b_len && OPENSSL_memcmp(a->data, b, b_len) == 0;
49
+ }
50
+
51
+ // STRING_PIECE_split finds the first occurence of |sep| in |in| and, if found,
52
+ // sets |*out_left| and |*out_right| to |in| split before and after it. It
53
+ // returns one if |sep| was found and zero otherwise.
54
+ static int STRING_PIECE_split(STRING_PIECE *out_left, STRING_PIECE *out_right,
55
+ const STRING_PIECE *in, char sep) {
56
+ const char *p = (const char *)OPENSSL_memchr(in->data, sep, in->len);
57
+ if (p == NULL) {
58
+ return 0;
59
+ }
60
+ // |out_left| or |out_right| may alias |in|, so make a copy.
61
+ STRING_PIECE in_copy = *in;
62
+ out_left->data = in_copy.data;
63
+ out_left->len = p - in_copy.data;
64
+ out_right->data = in_copy.data + out_left->len + 1;
65
+ out_right->len = in_copy.len - out_left->len - 1;
66
+ return 1;
67
+ }
68
+
69
+ // STRING_PIECE_get_delimited reads a |sep|-delimited entry from |s|, writing it
70
+ // to |out| and updating |s| to point beyond it. It returns one on success and
71
+ // zero if |s| is empty. If |s| is has no copies of |sep| and is non-empty, it
72
+ // reads the entire string to |out|.
73
+ static int STRING_PIECE_get_delimited(STRING_PIECE *s, STRING_PIECE *out, char sep) {
74
+ if (s->len == 0) {
75
+ return 0;
76
+ }
77
+ if (!STRING_PIECE_split(out, s, s, sep)) {
78
+ // |s| had no instances of |sep|. Return the entire string.
79
+ *out = *s;
80
+ s->data += s->len;
81
+ s->len = 0;
82
+ }
83
+ return 1;
84
+ }
85
+
86
+ // STRING_PIECE_trim removes leading and trailing whitespace from |s|.
87
+ static void STRING_PIECE_trim(STRING_PIECE *s) {
88
+ while (s->len != 0 && (s->data[0] == ' ' || s->data[0] == '\t')) {
89
+ s->data++;
90
+ s->len--;
91
+ }
92
+ while (s->len != 0 &&
93
+ (s->data[s->len - 1] == ' ' || s->data[s->len - 1] == '\t')) {
94
+ s->len--;
95
+ }
96
+ }
97
+
98
+ // extract_cpuinfo_field extracts a /proc/cpuinfo field named |field| from
99
+ // |in|. If found, it sets |*out| to the value and returns one. Otherwise, it
100
+ // returns zero.
101
+ static int extract_cpuinfo_field(STRING_PIECE *out, const STRING_PIECE *in,
102
+ const char *field) {
103
+ // Process |in| one line at a time.
104
+ STRING_PIECE remaining = *in, line;
105
+ while (STRING_PIECE_get_delimited(&remaining, &line, '\n')) {
106
+ STRING_PIECE key, value;
107
+ if (!STRING_PIECE_split(&key, &value, &line, ':')) {
108
+ continue;
109
+ }
110
+ STRING_PIECE_trim(&key);
111
+ if (STRING_PIECE_equals(&key, field)) {
112
+ STRING_PIECE_trim(&value);
113
+ *out = value;
114
+ return 1;
115
+ }
116
+ }
117
+
118
+ return 0;
119
+ }
120
+
121
+ static int cpuinfo_field_equals(const STRING_PIECE *cpuinfo, const char *field,
122
+ const char *value) {
123
+ STRING_PIECE extracted;
124
+ return extract_cpuinfo_field(&extracted, cpuinfo, field) &&
125
+ STRING_PIECE_equals(&extracted, value);
126
+ }
127
+
128
+ // has_list_item treats |list| as a space-separated list of items and returns
129
+ // one if |item| is contained in |list| and zero otherwise.
130
+ static int has_list_item(const STRING_PIECE *list, const char *item) {
131
+ STRING_PIECE remaining = *list, feature;
132
+ while (STRING_PIECE_get_delimited(&remaining, &feature, ' ')) {
133
+ if (STRING_PIECE_equals(&feature, item)) {
134
+ return 1;
135
+ }
136
+ }
137
+ return 0;
138
+ }
139
+
140
+ // crypto_get_arm_hwcap_from_cpuinfo returns an equivalent ARM |AT_HWCAP| value
141
+ // from |cpuinfo|.
142
+ static unsigned long crypto_get_arm_hwcap_from_cpuinfo(
143
+ const STRING_PIECE *cpuinfo) {
144
+ if (cpuinfo_field_equals(cpuinfo, "CPU architecture", "8")) {
145
+ // This is a 32-bit ARM binary running on a 64-bit kernel. NEON is always
146
+ // available on ARMv8. Linux omits required features, so reading the
147
+ // "Features" line does not work. (For simplicity, use strict equality. We
148
+ // assume everything running on future ARM architectures will have a
149
+ // working |getauxval|.)
150
+ return HWCAP_NEON;
151
+ }
152
+
153
+ STRING_PIECE features;
154
+ if (extract_cpuinfo_field(&features, cpuinfo, "Features") &&
155
+ has_list_item(&features, "neon")) {
156
+ return HWCAP_NEON;
157
+ }
158
+ return 0;
159
+ }
160
+
161
+ // crypto_get_arm_hwcap2_from_cpuinfo returns an equivalent ARM |AT_HWCAP2|
162
+ // value from |cpuinfo|.
163
+ static unsigned long crypto_get_arm_hwcap2_from_cpuinfo(
164
+ const STRING_PIECE *cpuinfo) {
165
+ STRING_PIECE features;
166
+ if (!extract_cpuinfo_field(&features, cpuinfo, "Features")) {
167
+ return 0;
168
+ }
169
+
170
+ unsigned long ret = 0;
171
+ if (has_list_item(&features, "aes")) {
172
+ ret |= HWCAP2_AES;
173
+ }
174
+ if (has_list_item(&features, "pmull")) {
175
+ ret |= HWCAP2_PMULL;
176
+ }
177
+ if (has_list_item(&features, "sha1")) {
178
+ ret |= HWCAP2_SHA1;
179
+ }
180
+ if (has_list_item(&features, "sha2")) {
181
+ ret |= HWCAP2_SHA2;
182
+ }
183
+ return ret;
184
+ }
185
+
186
+ // crypto_cpuinfo_has_broken_neon returns one if |cpuinfo| matches a CPU known
187
+ // to have broken NEON unit and zero otherwise. See https://crbug.com/341598.
188
+ static int crypto_cpuinfo_has_broken_neon(const STRING_PIECE *cpuinfo) {
189
+ return cpuinfo_field_equals(cpuinfo, "CPU implementer", "0x51") &&
190
+ cpuinfo_field_equals(cpuinfo, "CPU architecture", "7") &&
191
+ cpuinfo_field_equals(cpuinfo, "CPU variant", "0x1") &&
192
+ cpuinfo_field_equals(cpuinfo, "CPU part", "0x04d") &&
193
+ cpuinfo_field_equals(cpuinfo, "CPU revision", "0");
194
+ }
195
+
196
+
197
+ #if defined(__cplusplus)
198
+ } // extern C
199
+ #endif
200
+
201
+ #endif // OPENSSL_HEADER_CRYPTO_CPU_ARM_LINUX_H