grpc 1.24.0 → 1.25.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +306 -243
- data/etc/roots.pem +0 -100
- data/include/grpc/grpc_security.h +44 -18
- data/include/grpc/impl/codegen/grpc_types.h +15 -0
- data/include/grpc/impl/codegen/port_platform.h +27 -11
- data/include/grpc/impl/codegen/sync_generic.h +1 -1
- data/src/boringssl/err_data.c +695 -650
- data/src/core/ext/filters/client_channel/client_channel.cc +257 -179
- data/src/core/ext/filters/client_channel/client_channel.h +24 -0
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +2 -3
- data/src/core/ext/filters/client_channel/client_channel_factory.h +1 -5
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +18 -45
- data/src/core/ext/filters/client_channel/health/health_check_client.h +5 -13
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy.cc +2 -3
- data/src/core/ext/filters/client_channel/lb_policy.h +65 -55
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +14 -14
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +113 -36
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +14 -19
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +36 -13
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -10
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +814 -1589
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +2 -5
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -6
- data/src/core/ext/filters/client_channel/resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver.h +8 -16
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +25 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +46 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +10 -17
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +7 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +111 -44
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +22 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +29 -10
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +27 -36
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +7 -10
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -16
- data/src/core/ext/filters/client_channel/resolver_factory.h +4 -8
- data/src/core/ext/filters/client_channel/resolver_registry.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver_registry.h +1 -1
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +7 -10
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +7 -8
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +1 -1
- data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
- data/src/core/ext/filters/client_channel/retry_throttle.h +1 -4
- data/src/core/ext/filters/client_channel/service_config.h +8 -8
- data/src/core/ext/filters/client_channel/subchannel.cc +53 -86
- data/src/core/ext/filters/client_channel/subchannel.h +7 -9
- data/src/core/ext/filters/client_channel/subchannel_interface.h +9 -13
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +3 -6
- data/src/core/ext/filters/client_channel/{lb_policy/xds/xds_load_balancer_api.cc → xds/xds_api.cc} +169 -52
- data/src/core/ext/filters/client_channel/xds/xds_api.h +171 -0
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +450 -0
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +99 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel.h +8 -6
- data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel_secure.cc +28 -11
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +1413 -0
- data/src/core/ext/filters/client_channel/xds/xds_client.h +221 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.cc +1 -5
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.h +3 -4
- data/src/core/ext/filters/deadline/deadline_filter.cc +20 -20
- data/src/core/ext/filters/http/client/http_client_filter.cc +15 -15
- data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +12 -12
- data/src/core/ext/filters/max_age/max_age_filter.cc +59 -50
- data/src/core/ext/filters/message_size/message_size_filter.cc +18 -18
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +15 -14
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +233 -175
- data/src/core/ext/transport/chttp2/transport/flow_control.h +21 -24
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +253 -163
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +24 -12
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +13 -15
- data/src/core/ext/transport/chttp2/transport/writing.cc +3 -0
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
- data/src/core/lib/channel/channel_args.cc +16 -0
- data/src/core/lib/channel/channel_args.h +22 -0
- data/src/core/lib/channel/channelz.cc +5 -6
- data/src/core/lib/channel/channelz.h +1 -1
- data/src/core/lib/channel/connected_channel.cc +20 -20
- data/src/core/lib/channel/handshaker.h +3 -4
- data/src/core/lib/channel/handshaker_factory.h +1 -3
- data/src/core/lib/debug/trace.h +3 -2
- data/src/core/lib/gprpp/arena.cc +3 -3
- data/src/core/lib/gprpp/arena.h +2 -3
- data/src/core/lib/gprpp/inlined_vector.h +9 -0
- data/src/core/lib/gprpp/map.h +3 -501
- data/src/core/lib/gprpp/memory.h +45 -41
- data/src/core/lib/gprpp/mpscq.cc +108 -0
- data/src/core/lib/gprpp/mpscq.h +98 -0
- data/src/core/lib/gprpp/orphanable.h +6 -11
- data/src/core/lib/gprpp/ref_counted.h +25 -19
- data/src/core/lib/gprpp/set.h +33 -0
- data/src/core/lib/gprpp/thd.h +2 -4
- data/src/core/lib/http/httpcli.cc +1 -1
- data/src/core/lib/http/httpcli_security_connector.cc +15 -11
- data/src/core/lib/http/parser.cc +1 -1
- data/src/core/lib/iomgr/buffer_list.cc +4 -5
- data/src/core/lib/iomgr/buffer_list.h +5 -6
- data/src/core/lib/iomgr/call_combiner.cc +4 -5
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/cfstream_handle.h +3 -5
- data/src/core/lib/iomgr/closure.h +8 -3
- data/src/core/lib/iomgr/combiner.cc +45 -82
- data/src/core/lib/iomgr/combiner.h +32 -8
- data/src/core/lib/iomgr/endpoint_cfstream.cc +5 -3
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -15
- data/src/core/lib/iomgr/ev_poll_posix.cc +3 -1
- data/src/core/lib/iomgr/exec_ctx.h +4 -3
- data/src/core/lib/iomgr/executor.cc +4 -2
- data/src/core/lib/iomgr/executor.h +3 -0
- data/src/core/lib/iomgr/executor/mpmcqueue.h +3 -6
- data/src/core/lib/iomgr/executor/threadpool.cc +1 -2
- data/src/core/lib/iomgr/executor/threadpool.h +7 -11
- data/src/core/lib/iomgr/resource_quota.cc +55 -51
- data/src/core/lib/iomgr/resource_quota.h +13 -9
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +13 -0
- data/src/core/lib/iomgr/socket_utils_posix.h +4 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +4 -11
- data/src/core/lib/iomgr/tcp_custom.cc +9 -7
- data/src/core/lib/iomgr/tcp_posix.cc +20 -16
- data/src/core/lib/iomgr/tcp_server.h +1 -4
- data/src/core/lib/iomgr/tcp_server_custom.cc +5 -5
- data/src/core/lib/iomgr/tcp_server_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -11
- data/src/core/lib/iomgr/timer_custom.cc +2 -2
- data/src/core/lib/iomgr/udp_server.cc +3 -2
- data/src/core/lib/iomgr/udp_server.h +6 -12
- data/src/core/lib/json/json.h +1 -1
- data/src/core/lib/json/json_string.cc +2 -2
- data/src/core/lib/profiling/basic_timers.cc +2 -2
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -2
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -1
- data/src/core/lib/security/credentials/credentials.h +4 -20
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +4 -4
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +64 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -7
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +2 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/security_connector.cc +1 -0
- data/src/core/lib/security/security_connector/security_connector.h +19 -17
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +8 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
- data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +14 -6
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +4 -2
- data/src/core/lib/security/transport/client_auth_filter.cc +17 -17
- data/src/core/lib/security/transport/security_handshaker.cc +29 -13
- data/src/core/lib/security/transport/security_handshaker.h +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +14 -14
- data/src/core/lib/slice/slice.cc +2 -10
- data/src/core/lib/slice/slice_hash_table.h +4 -6
- data/src/core/lib/slice/slice_intern.cc +42 -39
- data/src/core/lib/slice/slice_internal.h +3 -3
- data/src/core/lib/slice/slice_utils.h +21 -4
- data/src/core/lib/slice/slice_weak_hash_table.h +4 -6
- data/src/core/lib/surface/call.cc +3 -3
- data/src/core/lib/surface/channel.cc +7 -0
- data/src/core/lib/surface/completion_queue.cc +12 -11
- data/src/core/lib/surface/completion_queue.h +4 -2
- data/src/core/lib/surface/init.cc +1 -0
- data/src/core/lib/surface/lame_client.cc +33 -18
- data/src/core/lib/surface/server.cc +77 -76
- data/src/core/lib/surface/version.cc +1 -1
- data/src/core/lib/transport/byte_stream.h +3 -7
- data/src/core/lib/transport/connectivity_state.cc +112 -98
- data/src/core/lib/transport/connectivity_state.h +100 -50
- data/src/core/lib/transport/static_metadata.cc +276 -288
- data/src/core/lib/transport/static_metadata.h +73 -76
- data/src/core/lib/transport/status_conversion.cc +1 -1
- data/src/core/lib/transport/status_metadata.cc +1 -1
- data/src/core/lib/transport/transport.cc +2 -2
- data/src/core/lib/transport/transport.h +12 -4
- data/src/core/lib/transport/transport_op_string.cc +14 -11
- data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +5 -5
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -2
- data/src/core/tsi/fake_transport_security.cc +7 -5
- data/src/core/tsi/grpc_shadow_boringssl.h +2918 -2627
- data/src/core/tsi/local_transport_security.cc +8 -6
- data/src/core/tsi/ssl/session_cache/ssl_session.h +1 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +7 -5
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -6
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -2
- data/src/core/tsi/ssl_transport_security.cc +12 -12
- data/src/core/tsi/ssl_transport_security.h +2 -2
- data/src/core/tsi/transport_security_grpc.cc +7 -0
- data/src/core/tsi/transport_security_grpc.h +6 -0
- data/src/ruby/ext/grpc/extconf.rb +1 -0
- data/src/ruby/ext/grpc/rb_call.c +1 -1
- data/src/ruby/ext/grpc/rb_channel.c +1 -1
- data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
- data/src/ruby/lib/grpc/generic/rpc_server.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
- data/third_party/boringssl/crypto/asn1/a_bool.c +18 -5
- data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +17 -221
- data/third_party/boringssl/crypto/asn1/a_dup.c +0 -24
- data/third_party/boringssl/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +10 -72
- data/third_party/boringssl/crypto/asn1/a_int.c +12 -71
- data/third_party/boringssl/crypto/asn1/a_mbstr.c +110 -216
- data/third_party/boringssl/crypto/asn1/a_object.c +16 -5
- data/third_party/boringssl/crypto/asn1/a_strnid.c +1 -0
- data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -1
- data/third_party/boringssl/crypto/asn1/tasn_enc.c +3 -1
- data/third_party/boringssl/crypto/base64/base64.c +2 -2
- data/third_party/boringssl/crypto/bio/bio.c +73 -9
- data/third_party/boringssl/crypto/bio/connect.c +4 -0
- data/third_party/boringssl/crypto/bio/fd.c +4 -0
- data/third_party/boringssl/crypto/bio/file.c +5 -2
- data/third_party/boringssl/crypto/bio/socket.c +4 -0
- data/third_party/boringssl/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl/crypto/bn_extra/convert.c +11 -7
- data/third_party/boringssl/crypto/bytestring/ber.c +8 -4
- data/third_party/boringssl/crypto/bytestring/cbb.c +19 -7
- data/third_party/boringssl/crypto/bytestring/cbs.c +28 -15
- data/third_party/boringssl/crypto/bytestring/internal.h +28 -7
- data/third_party/boringssl/crypto/bytestring/unicode.c +155 -0
- data/third_party/boringssl/crypto/chacha/chacha.c +36 -19
- data/third_party/boringssl/crypto/chacha/internal.h +45 -0
- data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +29 -0
- data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +269 -25
- data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +16 -14
- data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +54 -38
- data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +133 -41
- data/third_party/boringssl/crypto/cipher_extra/e_tls.c +23 -15
- data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +24 -15
- data/third_party/boringssl/crypto/cmac/cmac.c +62 -25
- data/third_party/boringssl/crypto/conf/conf.c +7 -0
- data/third_party/boringssl/crypto/cpu-arm-linux.c +4 -148
- data/third_party/boringssl/crypto/cpu-arm-linux.h +201 -0
- data/third_party/boringssl/crypto/cpu-intel.c +45 -51
- data/third_party/boringssl/crypto/crypto.c +39 -22
- data/third_party/boringssl/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl/crypto/dsa/dsa.c +77 -53
- data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +20 -8
- data/third_party/boringssl/crypto/ec_extra/ec_derive.c +96 -0
- data/third_party/boringssl/crypto/{ecdh/ecdh.c → ecdh_extra/ecdh_extra.c} +20 -58
- data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -9
- data/third_party/boringssl/crypto/engine/engine.c +2 -1
- data/third_party/boringssl/crypto/err/err.c +2 -0
- data/third_party/boringssl/crypto/err/internal.h +2 -2
- data/third_party/boringssl/crypto/evp/evp.c +89 -8
- data/third_party/boringssl/crypto/evp/evp_asn1.c +56 -5
- data/third_party/boringssl/crypto/evp/evp_ctx.c +52 -14
- data/third_party/boringssl/crypto/evp/internal.h +18 -1
- data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +5 -0
- data/third_party/boringssl/crypto/evp/p_ec.c +51 -3
- data/third_party/boringssl/crypto/evp/p_ec_asn1.c +6 -7
- data/third_party/boringssl/crypto/evp/p_ed25519.c +36 -3
- data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +76 -45
- data/third_party/boringssl/crypto/evp/p_rsa.c +3 -1
- data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +5 -0
- data/third_party/boringssl/crypto/evp/p_x25519.c +110 -0
- data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +249 -0
- data/third_party/boringssl/crypto/evp/scrypt.c +6 -2
- data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +34 -274
- data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +161 -21
- data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +111 -13
- data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +17 -21
- data/third_party/boringssl/crypto/fipsmodule/bcm.c +119 -7
- data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +19 -2
- data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +2 -2
- data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +93 -160
- data/third_party/boringssl/crypto/fipsmodule/bn/div.c +48 -57
- data/third_party/boringssl/crypto/fipsmodule/bn/div_extra.c +87 -0
- data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +143 -211
- data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -305
- data/third_party/boringssl/crypto/fipsmodule/bn/gcd_extra.c +325 -0
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +168 -50
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +68 -92
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +7 -6
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +11 -14
- data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +358 -443
- data/third_party/boringssl/crypto/fipsmodule/bn/random.c +25 -35
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +20 -25
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +76 -5
- data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +14 -14
- data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +7 -2
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +383 -516
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +4 -0
- data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +3 -4
- data/third_party/boringssl/crypto/fipsmodule/delocate.h +3 -2
- data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +32 -17
- data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +3 -3
- data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +228 -122
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +34 -8
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +311 -98
- data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +82 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +263 -97
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +22 -59
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +317 -234
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9473 -9475
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +313 -109
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +36 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +96 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +126 -792
- data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +84 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/util.c +163 -12
- data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +84 -211
- data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +122 -0
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +60 -205
- data/third_party/boringssl/crypto/fipsmodule/fips_shared_support.c +32 -0
- data/third_party/boringssl/crypto/fipsmodule/is_fips.c +2 -0
- data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +3 -1
- data/third_party/boringssl/crypto/fipsmodule/md5/internal.h +37 -0
- data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +11 -8
- data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +35 -79
- data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +7 -39
- data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +7 -27
- data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +123 -309
- data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +189 -126
- data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +3 -2
- data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +2 -2
- data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +35 -0
- data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +24 -19
- data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +256 -77
- data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +10 -7
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +5 -1
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +131 -14
- data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +83 -10
- data/third_party/boringssl/crypto/fipsmodule/sha/internal.h +53 -0
- data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +9 -13
- data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +18 -12
- data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +95 -168
- data/third_party/boringssl/crypto/hrss/hrss.c +2201 -0
- data/third_party/boringssl/crypto/hrss/internal.h +62 -0
- data/third_party/boringssl/crypto/internal.h +95 -20
- data/third_party/boringssl/crypto/lhash/lhash.c +45 -33
- data/third_party/boringssl/crypto/mem.c +39 -2
- data/third_party/boringssl/crypto/obj/obj.c +4 -4
- data/third_party/boringssl/crypto/obj/obj_dat.h +6181 -875
- data/third_party/boringssl/crypto/pem/pem_all.c +2 -3
- data/third_party/boringssl/crypto/pem/pem_info.c +144 -162
- data/third_party/boringssl/crypto/pem/pem_lib.c +53 -52
- data/third_party/boringssl/crypto/pem/pem_pkey.c +13 -21
- data/third_party/boringssl/crypto/pkcs7/pkcs7.c +15 -22
- data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +168 -16
- data/third_party/boringssl/crypto/pkcs8/internal.h +11 -0
- data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +24 -15
- data/third_party/boringssl/crypto/pkcs8/pkcs8.c +42 -25
- data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +559 -43
- data/third_party/boringssl/crypto/pool/internal.h +1 -1
- data/third_party/boringssl/crypto/pool/pool.c +21 -0
- data/third_party/boringssl/crypto/rand_extra/deterministic.c +8 -0
- data/third_party/boringssl/crypto/rand_extra/fuchsia.c +1 -14
- data/third_party/boringssl/crypto/refcount_lock.c +2 -2
- data/third_party/boringssl/crypto/rsa_extra/rsa_print.c +22 -0
- data/third_party/boringssl/crypto/siphash/siphash.c +80 -0
- data/third_party/boringssl/crypto/stack/stack.c +83 -32
- data/third_party/boringssl/crypto/thread_none.c +2 -2
- data/third_party/boringssl/crypto/thread_pthread.c +2 -2
- data/third_party/boringssl/crypto/thread_win.c +38 -19
- data/third_party/boringssl/crypto/x509/a_strex.c +22 -2
- data/third_party/boringssl/crypto/x509/asn1_gen.c +2 -1
- data/third_party/boringssl/crypto/x509/by_dir.c +7 -0
- data/third_party/boringssl/crypto/x509/by_file.c +12 -10
- data/third_party/boringssl/crypto/x509/t_crl.c +5 -8
- data/third_party/boringssl/crypto/x509/t_req.c +1 -3
- data/third_party/boringssl/crypto/x509/t_x509.c +5 -8
- data/third_party/boringssl/crypto/x509/x509_cmp.c +1 -1
- data/third_party/boringssl/crypto/x509/x509_def.c +1 -1
- data/third_party/boringssl/crypto/x509/x509_lu.c +114 -5
- data/third_party/boringssl/crypto/x509/x509_req.c +20 -0
- data/third_party/boringssl/crypto/x509/x509_set.c +5 -0
- data/third_party/boringssl/crypto/x509/x509_trs.c +1 -0
- data/third_party/boringssl/crypto/x509/x509_txt.c +4 -5
- data/third_party/boringssl/crypto/x509/x509_vfy.c +145 -138
- data/third_party/boringssl/crypto/x509/x509_vpm.c +2 -0
- data/third_party/boringssl/crypto/x509/x509cset.c +40 -0
- data/third_party/boringssl/crypto/x509/x509name.c +2 -3
- data/third_party/boringssl/crypto/x509/x_all.c +109 -210
- data/third_party/boringssl/crypto/x509/x_x509.c +6 -0
- data/third_party/boringssl/crypto/x509v3/ext_dat.h +1 -3
- data/third_party/boringssl/crypto/x509v3/internal.h +56 -0
- data/third_party/boringssl/crypto/x509v3/pcy_cache.c +2 -0
- data/third_party/boringssl/crypto/x509v3/pcy_node.c +1 -0
- data/third_party/boringssl/crypto/x509v3/pcy_tree.c +4 -2
- data/third_party/boringssl/crypto/x509v3/v3_akey.c +5 -2
- data/third_party/boringssl/crypto/x509v3/v3_alt.c +19 -13
- data/third_party/boringssl/crypto/x509v3/v3_conf.c +2 -1
- data/third_party/boringssl/crypto/x509v3/v3_cpols.c +3 -2
- data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -6
- data/third_party/boringssl/crypto/x509v3/v3_lib.c +1 -0
- data/third_party/boringssl/crypto/x509v3/v3_ocsp.c +68 -0
- data/third_party/boringssl/crypto/x509v3/v3_pci.c +2 -1
- data/third_party/boringssl/crypto/x509v3/v3_purp.c +47 -69
- data/third_party/boringssl/crypto/x509v3/v3_skey.c +5 -2
- data/third_party/boringssl/crypto/x509v3/v3_utl.c +69 -25
- data/third_party/boringssl/include/openssl/aead.h +45 -19
- data/third_party/boringssl/include/openssl/aes.h +32 -7
- data/third_party/boringssl/include/openssl/asn1.h +7 -77
- data/third_party/boringssl/include/openssl/base.h +120 -6
- data/third_party/boringssl/include/openssl/base64.h +4 -1
- data/third_party/boringssl/include/openssl/bio.h +112 -81
- data/third_party/boringssl/include/openssl/blowfish.h +3 -3
- data/third_party/boringssl/include/openssl/bn.h +55 -29
- data/third_party/boringssl/include/openssl/buf.h +2 -2
- data/third_party/boringssl/include/openssl/bytestring.h +54 -32
- data/third_party/boringssl/include/openssl/cast.h +2 -2
- data/third_party/boringssl/include/openssl/cipher.h +46 -16
- data/third_party/boringssl/include/openssl/cmac.h +6 -2
- data/third_party/boringssl/include/openssl/conf.h +3 -6
- data/third_party/boringssl/include/openssl/cpu.h +25 -9
- data/third_party/boringssl/include/openssl/crypto.h +32 -10
- data/third_party/boringssl/include/openssl/curve25519.h +4 -4
- data/third_party/boringssl/include/openssl/dh.h +3 -2
- data/third_party/boringssl/include/openssl/digest.h +21 -7
- data/third_party/boringssl/include/openssl/dsa.h +8 -2
- data/third_party/boringssl/include/openssl/e_os2.h +18 -0
- data/third_party/boringssl/include/openssl/ec.h +25 -21
- data/third_party/boringssl/include/openssl/ec_key.h +36 -8
- data/third_party/boringssl/include/openssl/ecdh.h +17 -0
- data/third_party/boringssl/include/openssl/ecdsa.h +3 -3
- data/third_party/boringssl/include/openssl/engine.h +4 -4
- data/third_party/boringssl/include/openssl/err.h +3 -0
- data/third_party/boringssl/include/openssl/evp.h +199 -42
- data/third_party/boringssl/include/openssl/hmac.h +4 -4
- data/third_party/boringssl/include/openssl/hrss.h +100 -0
- data/third_party/boringssl/include/openssl/lhash.h +131 -23
- data/third_party/boringssl/include/openssl/md4.h +6 -4
- data/third_party/boringssl/include/openssl/md5.h +6 -4
- data/third_party/boringssl/include/openssl/mem.h +6 -2
- data/third_party/boringssl/include/openssl/nid.h +3 -0
- data/third_party/boringssl/include/openssl/obj.h +3 -0
- data/third_party/boringssl/include/openssl/pem.h +102 -64
- data/third_party/boringssl/include/openssl/pkcs7.h +136 -3
- data/third_party/boringssl/include/openssl/pkcs8.h +42 -3
- data/third_party/boringssl/include/openssl/pool.h +13 -2
- data/third_party/boringssl/include/openssl/ripemd.h +5 -4
- data/third_party/boringssl/include/openssl/rsa.h +46 -15
- data/third_party/boringssl/include/openssl/sha.h +40 -28
- data/third_party/boringssl/include/openssl/siphash.h +37 -0
- data/third_party/boringssl/include/openssl/span.h +17 -9
- data/third_party/boringssl/include/openssl/ssl.h +766 -393
- data/third_party/boringssl/include/openssl/ssl3.h +4 -3
- data/third_party/boringssl/include/openssl/stack.h +134 -77
- data/third_party/boringssl/include/openssl/thread.h +1 -1
- data/third_party/boringssl/include/openssl/tls1.h +25 -9
- data/third_party/boringssl/include/openssl/type_check.h +14 -15
- data/third_party/boringssl/include/openssl/x509.h +28 -3
- data/third_party/boringssl/include/openssl/x509_vfy.h +98 -32
- data/third_party/boringssl/include/openssl/x509v3.h +17 -13
- data/third_party/boringssl/ssl/d1_both.cc +9 -18
- data/third_party/boringssl/ssl/d1_lib.cc +4 -3
- data/third_party/boringssl/ssl/d1_pkt.cc +4 -4
- data/third_party/boringssl/ssl/d1_srtp.cc +15 -15
- data/third_party/boringssl/ssl/dtls_method.cc +0 -1
- data/third_party/boringssl/ssl/dtls_record.cc +28 -28
- data/third_party/boringssl/ssl/handoff.cc +295 -91
- data/third_party/boringssl/ssl/handshake.cc +133 -72
- data/third_party/boringssl/ssl/handshake_client.cc +218 -189
- data/third_party/boringssl/ssl/handshake_server.cc +399 -272
- data/third_party/boringssl/ssl/internal.h +1413 -928
- data/third_party/boringssl/ssl/s3_both.cc +175 -36
- data/third_party/boringssl/ssl/s3_lib.cc +9 -13
- data/third_party/boringssl/ssl/s3_pkt.cc +63 -29
- data/third_party/boringssl/ssl/ssl_aead_ctx.cc +55 -35
- data/third_party/boringssl/ssl/ssl_asn1.cc +57 -73
- data/third_party/boringssl/ssl/ssl_buffer.cc +13 -12
- data/third_party/boringssl/ssl/ssl_cert.cc +313 -210
- data/third_party/boringssl/ssl/ssl_cipher.cc +159 -221
- data/third_party/boringssl/ssl/ssl_file.cc +2 -0
- data/third_party/boringssl/ssl/ssl_key_share.cc +164 -19
- data/third_party/boringssl/ssl/ssl_lib.cc +847 -555
- data/third_party/boringssl/ssl/ssl_privkey.cc +441 -111
- data/third_party/boringssl/ssl/ssl_session.cc +230 -178
- data/third_party/boringssl/ssl/ssl_transcript.cc +21 -142
- data/third_party/boringssl/ssl/ssl_versions.cc +88 -93
- data/third_party/boringssl/ssl/ssl_x509.cc +279 -218
- data/third_party/boringssl/ssl/t1_enc.cc +5 -96
- data/third_party/boringssl/ssl/t1_lib.cc +931 -678
- data/third_party/boringssl/ssl/tls13_both.cc +251 -121
- data/third_party/boringssl/ssl/tls13_client.cc +129 -73
- data/third_party/boringssl/ssl/tls13_enc.cc +350 -282
- data/third_party/boringssl/ssl/tls13_server.cc +259 -192
- data/third_party/boringssl/ssl/tls_method.cc +26 -21
- data/third_party/boringssl/ssl/tls_record.cc +42 -47
- data/third_party/boringssl/third_party/fiat/curve25519.c +261 -1324
- data/third_party/boringssl/third_party/fiat/curve25519_32.h +911 -0
- data/third_party/boringssl/third_party/fiat/curve25519_64.h +559 -0
- data/third_party/boringssl/third_party/fiat/p256.c +238 -999
- data/third_party/boringssl/third_party/fiat/p256_32.h +3226 -0
- data/third_party/boringssl/third_party/fiat/p256_64.h +1217 -0
- data/third_party/upb/upb/port_def.inc +1 -1
- data/third_party/upb/upb/table.c +2 -1
- metadata +72 -44
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +0 -127
- data/src/core/lib/gpr/mpscq.cc +0 -117
- data/src/core/lib/gpr/mpscq.h +0 -88
- data/src/core/lib/gprpp/abstract.h +0 -47
- data/src/core/lib/gprpp/pair.h +0 -38
- data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
- data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
- data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
- data/third_party/boringssl/ssl/custom_extensions.cc +0 -265
@@ -73,6 +73,7 @@ static const EVP_PKEY_ASN1_METHOD *const kASN1Methods[] = {
|
|
73
73
|
&ec_asn1_meth,
|
74
74
|
&dsa_asn1_meth,
|
75
75
|
&ed25519_asn1_meth,
|
76
|
+
&x25519_asn1_meth,
|
76
77
|
};
|
77
78
|
|
78
79
|
static int parse_key_type(CBS *cbs, int *out_type) {
|
@@ -100,10 +101,16 @@ EVP_PKEY *EVP_parse_public_key(CBS *cbs) {
|
|
100
101
|
uint8_t padding;
|
101
102
|
if (!CBS_get_asn1(cbs, &spki, CBS_ASN1_SEQUENCE) ||
|
102
103
|
!CBS_get_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||
|
103
|
-
!parse_key_type(&algorithm, &type) ||
|
104
104
|
!CBS_get_asn1(&spki, &key, CBS_ASN1_BITSTRING) ||
|
105
|
-
CBS_len(&spki) != 0
|
106
|
-
|
105
|
+
CBS_len(&spki) != 0) {
|
106
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
|
107
|
+
return NULL;
|
108
|
+
}
|
109
|
+
if (!parse_key_type(&algorithm, &type)) {
|
110
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);
|
111
|
+
return NULL;
|
112
|
+
}
|
113
|
+
if (// Every key type defined encodes the key as a byte string with the same
|
107
114
|
// conversion to BIT STRING.
|
108
115
|
!CBS_get_u8(&key, &padding) ||
|
109
116
|
padding != 0) {
|
@@ -152,11 +159,14 @@ EVP_PKEY *EVP_parse_private_key(CBS *cbs) {
|
|
152
159
|
!CBS_get_asn1_uint64(&pkcs8, &version) ||
|
153
160
|
version != 0 ||
|
154
161
|
!CBS_get_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||
|
155
|
-
!parse_key_type(&algorithm, &type) ||
|
156
162
|
!CBS_get_asn1(&pkcs8, &key, CBS_ASN1_OCTETSTRING)) {
|
157
163
|
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
|
158
164
|
return NULL;
|
159
165
|
}
|
166
|
+
if (!parse_key_type(&algorithm, &type)) {
|
167
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);
|
168
|
+
return NULL;
|
169
|
+
}
|
160
170
|
|
161
171
|
// A PrivateKeyInfo ends with a SET of Attributes which we ignore.
|
162
172
|
|
@@ -322,7 +332,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp, long len) {
|
|
322
332
|
}
|
323
333
|
}
|
324
334
|
|
325
|
-
int i2d_PublicKey(EVP_PKEY *key, uint8_t **outp) {
|
335
|
+
int i2d_PublicKey(const EVP_PKEY *key, uint8_t **outp) {
|
326
336
|
switch (key->type) {
|
327
337
|
case EVP_PKEY_RSA:
|
328
338
|
return i2d_RSAPublicKey(key->pkey.rsa, outp);
|
@@ -335,3 +345,44 @@ int i2d_PublicKey(EVP_PKEY *key, uint8_t **outp) {
|
|
335
345
|
return -1;
|
336
346
|
}
|
337
347
|
}
|
348
|
+
|
349
|
+
EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **out, const uint8_t **inp,
|
350
|
+
long len) {
|
351
|
+
EVP_PKEY *ret = EVP_PKEY_new();
|
352
|
+
if (ret == NULL) {
|
353
|
+
return NULL;
|
354
|
+
}
|
355
|
+
|
356
|
+
CBS cbs;
|
357
|
+
CBS_init(&cbs, *inp, len < 0 ? 0 : (size_t)len);
|
358
|
+
switch (type) {
|
359
|
+
case EVP_PKEY_RSA: {
|
360
|
+
RSA *rsa = RSA_parse_public_key(&cbs);
|
361
|
+
if (rsa == NULL || !EVP_PKEY_assign_RSA(ret, rsa)) {
|
362
|
+
RSA_free(rsa);
|
363
|
+
goto err;
|
364
|
+
}
|
365
|
+
break;
|
366
|
+
}
|
367
|
+
|
368
|
+
// Unlike OpenSSL, we do not support EC keys with this API. The raw EC
|
369
|
+
// public key serialization requires knowing the group. In OpenSSL, calling
|
370
|
+
// this function with |EVP_PKEY_EC| and setting |out| to NULL does not work.
|
371
|
+
// It requires |*out| to include a partially-initiazed |EVP_PKEY| to extract
|
372
|
+
// the group.
|
373
|
+
default:
|
374
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
|
375
|
+
goto err;
|
376
|
+
}
|
377
|
+
|
378
|
+
*inp = CBS_data(&cbs);
|
379
|
+
if (out != NULL) {
|
380
|
+
EVP_PKEY_free(*out);
|
381
|
+
*out = ret;
|
382
|
+
}
|
383
|
+
return ret;
|
384
|
+
|
385
|
+
err:
|
386
|
+
EVP_PKEY_free(ret);
|
387
|
+
return NULL;
|
388
|
+
}
|
@@ -67,15 +67,14 @@
|
|
67
67
|
|
68
68
|
|
69
69
|
static const EVP_PKEY_METHOD *const evp_methods[] = {
|
70
|
-
|
71
|
-
|
72
|
-
|
70
|
+
&rsa_pkey_meth,
|
71
|
+
&ec_pkey_meth,
|
72
|
+
&ed25519_pkey_meth,
|
73
|
+
&x25519_pkey_meth,
|
73
74
|
};
|
74
75
|
|
75
76
|
static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) {
|
76
|
-
|
77
|
-
|
78
|
-
for (i = 0; i < sizeof(evp_methods)/sizeof(EVP_PKEY_METHOD*); i++) {
|
77
|
+
for (size_t i = 0; i < sizeof(evp_methods)/sizeof(EVP_PKEY_METHOD*); i++) {
|
79
78
|
if (evp_methods[i]->pkey_id == type) {
|
80
79
|
return evp_methods[i];
|
81
80
|
}
|
@@ -415,7 +414,7 @@ int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx) {
|
|
415
414
|
return 1;
|
416
415
|
}
|
417
416
|
|
418
|
-
int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **
|
417
|
+
int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **out_pkey) {
|
419
418
|
if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) {
|
420
419
|
OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
421
420
|
return 0;
|
@@ -425,21 +424,60 @@ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) {
|
|
425
424
|
return 0;
|
426
425
|
}
|
427
426
|
|
428
|
-
if (!
|
427
|
+
if (!out_pkey) {
|
428
|
+
return 0;
|
429
|
+
}
|
430
|
+
|
431
|
+
if (!*out_pkey) {
|
432
|
+
*out_pkey = EVP_PKEY_new();
|
433
|
+
if (!*out_pkey) {
|
434
|
+
OPENSSL_PUT_ERROR(EVP, ERR_LIB_EVP);
|
435
|
+
return 0;
|
436
|
+
}
|
437
|
+
}
|
438
|
+
|
439
|
+
if (!ctx->pmeth->keygen(ctx, *out_pkey)) {
|
440
|
+
EVP_PKEY_free(*out_pkey);
|
441
|
+
*out_pkey = NULL;
|
442
|
+
return 0;
|
443
|
+
}
|
444
|
+
return 1;
|
445
|
+
}
|
446
|
+
|
447
|
+
int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx) {
|
448
|
+
if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) {
|
449
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
450
|
+
return 0;
|
451
|
+
}
|
452
|
+
ctx->operation = EVP_PKEY_OP_PARAMGEN;
|
453
|
+
return 1;
|
454
|
+
}
|
455
|
+
|
456
|
+
int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **out_pkey) {
|
457
|
+
if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) {
|
458
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
459
|
+
return 0;
|
460
|
+
}
|
461
|
+
if (ctx->operation != EVP_PKEY_OP_PARAMGEN) {
|
462
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED);
|
463
|
+
return 0;
|
464
|
+
}
|
465
|
+
|
466
|
+
if (!out_pkey) {
|
429
467
|
return 0;
|
430
468
|
}
|
431
469
|
|
432
|
-
if (!*
|
433
|
-
*
|
434
|
-
if (!*
|
470
|
+
if (!*out_pkey) {
|
471
|
+
*out_pkey = EVP_PKEY_new();
|
472
|
+
if (!*out_pkey) {
|
435
473
|
OPENSSL_PUT_ERROR(EVP, ERR_LIB_EVP);
|
436
474
|
return 0;
|
437
475
|
}
|
438
476
|
}
|
439
477
|
|
440
|
-
if (!ctx->pmeth->
|
441
|
-
EVP_PKEY_free(*
|
442
|
-
*
|
478
|
+
if (!ctx->pmeth->paramgen(ctx, *out_pkey)) {
|
479
|
+
EVP_PKEY_free(*out_pkey);
|
480
|
+
*out_pkey = NULL;
|
443
481
|
return 0;
|
444
482
|
}
|
445
483
|
return 1;
|
@@ -96,6 +96,11 @@ struct evp_pkey_asn1_method_st {
|
|
96
96
|
// |out|. It returns one on success and zero on error.
|
97
97
|
int (*priv_encode)(CBB *out, const EVP_PKEY *key);
|
98
98
|
|
99
|
+
int (*set_priv_raw)(EVP_PKEY *pkey, const uint8_t *in, size_t len);
|
100
|
+
int (*set_pub_raw)(EVP_PKEY *pkey, const uint8_t *in, size_t len);
|
101
|
+
int (*get_priv_raw)(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len);
|
102
|
+
int (*get_pub_raw)(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len);
|
103
|
+
|
99
104
|
// pkey_opaque returns 1 if the |pk| is opaque. Opaque keys are backed by
|
100
105
|
// custom implementations which do not expose key material and parameters.
|
101
106
|
int (*pkey_opaque)(const EVP_PKEY *pk);
|
@@ -119,6 +124,7 @@ struct evp_pkey_asn1_method_st {
|
|
119
124
|
#define EVP_PKEY_OP_ENCRYPT (1 << 6)
|
120
125
|
#define EVP_PKEY_OP_DECRYPT (1 << 7)
|
121
126
|
#define EVP_PKEY_OP_DERIVE (1 << 8)
|
127
|
+
#define EVP_PKEY_OP_PARAMGEN (1 << 9)
|
122
128
|
|
123
129
|
#define EVP_PKEY_OP_TYPE_SIG \
|
124
130
|
(EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER)
|
@@ -128,7 +134,7 @@ struct evp_pkey_asn1_method_st {
|
|
128
134
|
#define EVP_PKEY_OP_TYPE_NOGEN \
|
129
135
|
(EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE)
|
130
136
|
|
131
|
-
#define EVP_PKEY_OP_TYPE_GEN EVP_PKEY_OP_KEYGEN
|
137
|
+
#define EVP_PKEY_OP_TYPE_GEN (EVP_PKEY_OP_KEYGEN | EVP_PKEY_OP_PARAMGEN)
|
132
138
|
|
133
139
|
// EVP_PKEY_CTX_ctrl performs |cmd| on |ctx|. The |keytype| and |optype|
|
134
140
|
// arguments can be -1 to specify that any type and operation are acceptable,
|
@@ -171,6 +177,7 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
|
|
171
177
|
#define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 10)
|
172
178
|
#define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 11)
|
173
179
|
#define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)
|
180
|
+
#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 13)
|
174
181
|
|
175
182
|
struct evp_pkey_ctx_st {
|
176
183
|
// Method associated with this operation
|
@@ -219,6 +226,8 @@ struct evp_pkey_method_st {
|
|
219
226
|
|
220
227
|
int (*derive)(EVP_PKEY_CTX *ctx, uint8_t *key, size_t *keylen);
|
221
228
|
|
229
|
+
int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
|
230
|
+
|
222
231
|
int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
|
223
232
|
} /* EVP_PKEY_METHOD */;
|
224
233
|
|
@@ -235,14 +244,22 @@ typedef struct {
|
|
235
244
|
char has_private;
|
236
245
|
} ED25519_KEY;
|
237
246
|
|
247
|
+
typedef struct {
|
248
|
+
uint8_t pub[32];
|
249
|
+
uint8_t priv[32];
|
250
|
+
char has_private;
|
251
|
+
} X25519_KEY;
|
252
|
+
|
238
253
|
extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meth;
|
239
254
|
extern const EVP_PKEY_ASN1_METHOD ec_asn1_meth;
|
240
255
|
extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth;
|
241
256
|
extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
|
257
|
+
extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth;
|
242
258
|
|
243
259
|
extern const EVP_PKEY_METHOD rsa_pkey_meth;
|
244
260
|
extern const EVP_PKEY_METHOD ec_pkey_meth;
|
245
261
|
extern const EVP_PKEY_METHOD ed25519_pkey_meth;
|
262
|
+
extern const EVP_PKEY_METHOD x25519_pkey_meth;
|
246
263
|
|
247
264
|
|
248
265
|
#if defined(__cplusplus)
|
@@ -255,6 +255,11 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meth = {
|
|
255
255
|
dsa_priv_decode,
|
256
256
|
dsa_priv_encode,
|
257
257
|
|
258
|
+
NULL /* set_priv_raw */,
|
259
|
+
NULL /* set_pub_raw */,
|
260
|
+
NULL /* get_priv_raw */,
|
261
|
+
NULL /* get_pub_raw */,
|
262
|
+
|
258
263
|
NULL /* pkey_opaque */,
|
259
264
|
|
260
265
|
int_dsa_size,
|
@@ -76,6 +76,7 @@
|
|
76
76
|
typedef struct {
|
77
77
|
// message digest
|
78
78
|
const EVP_MD *md;
|
79
|
+
EC_GROUP *gen_group;
|
79
80
|
} EC_PKEY_CTX;
|
80
81
|
|
81
82
|
|
@@ -111,6 +112,7 @@ static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) {
|
|
111
112
|
return;
|
112
113
|
}
|
113
114
|
|
115
|
+
EC_GROUP_free(dctx->gen_group);
|
114
116
|
OPENSSL_free(dctx);
|
115
117
|
}
|
116
118
|
|
@@ -199,6 +201,16 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) {
|
|
199
201
|
// Default behaviour is OK
|
200
202
|
return 1;
|
201
203
|
|
204
|
+
case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: {
|
205
|
+
EC_GROUP *group = EC_GROUP_new_by_curve_name(p1);
|
206
|
+
if (group == NULL) {
|
207
|
+
return 0;
|
208
|
+
}
|
209
|
+
EC_GROUP_free(dctx->gen_group);
|
210
|
+
dctx->gen_group = group;
|
211
|
+
return 1;
|
212
|
+
}
|
213
|
+
|
202
214
|
default:
|
203
215
|
OPENSSL_PUT_ERROR(EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
204
216
|
return 0;
|
@@ -206,14 +218,35 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) {
|
|
206
218
|
}
|
207
219
|
|
208
220
|
static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) {
|
209
|
-
|
221
|
+
EC_PKEY_CTX *dctx = ctx->data;
|
222
|
+
const EC_GROUP *group = dctx->gen_group;
|
223
|
+
if (group == NULL) {
|
224
|
+
if (ctx->pkey == NULL) {
|
225
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_NO_PARAMETERS_SET);
|
226
|
+
return 0;
|
227
|
+
}
|
228
|
+
group = EC_KEY_get0_group(ctx->pkey->pkey.ec);
|
229
|
+
}
|
230
|
+
EC_KEY *ec = EC_KEY_new();
|
231
|
+
if (ec == NULL ||
|
232
|
+
!EC_KEY_set_group(ec, group) ||
|
233
|
+
!EC_KEY_generate_key(ec)) {
|
234
|
+
EC_KEY_free(ec);
|
235
|
+
return 0;
|
236
|
+
}
|
237
|
+
EVP_PKEY_assign_EC_KEY(pkey, ec);
|
238
|
+
return 1;
|
239
|
+
}
|
240
|
+
|
241
|
+
static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) {
|
242
|
+
EC_PKEY_CTX *dctx = ctx->data;
|
243
|
+
if (dctx->gen_group == NULL) {
|
210
244
|
OPENSSL_PUT_ERROR(EVP, EVP_R_NO_PARAMETERS_SET);
|
211
245
|
return 0;
|
212
246
|
}
|
213
247
|
EC_KEY *ec = EC_KEY_new();
|
214
248
|
if (ec == NULL ||
|
215
|
-
!EC_KEY_set_group(ec,
|
216
|
-
!EC_KEY_generate_key(ec)) {
|
249
|
+
!EC_KEY_set_group(ec, dctx->gen_group)) {
|
217
250
|
EC_KEY_free(ec);
|
218
251
|
return 0;
|
219
252
|
}
|
@@ -235,5 +268,20 @@ const EVP_PKEY_METHOD ec_pkey_meth = {
|
|
235
268
|
NULL /* encrypt */,
|
236
269
|
NULL /* decrypt */,
|
237
270
|
pkey_ec_derive,
|
271
|
+
pkey_ec_paramgen,
|
238
272
|
pkey_ec_ctrl,
|
239
273
|
};
|
274
|
+
|
275
|
+
int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid) {
|
276
|
+
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_TYPE_GEN,
|
277
|
+
EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL);
|
278
|
+
}
|
279
|
+
|
280
|
+
int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int encoding) {
|
281
|
+
// BoringSSL only supports named curve syntax.
|
282
|
+
if (encoding != OPENSSL_EC_NAMED_CURVE) {
|
283
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PARAMETERS);
|
284
|
+
return 0;
|
285
|
+
}
|
286
|
+
return 1;
|
287
|
+
}
|
@@ -206,13 +206,7 @@ static int ec_missing_parameters(const EVP_PKEY *pkey) {
|
|
206
206
|
}
|
207
207
|
|
208
208
|
static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) {
|
209
|
-
|
210
|
-
if (group == NULL ||
|
211
|
-
EC_KEY_set_group(to->pkey.ec, group) == 0) {
|
212
|
-
return 0;
|
213
|
-
}
|
214
|
-
EC_GROUP_free(group);
|
215
|
-
return 1;
|
209
|
+
return EC_KEY_set_group(to->pkey.ec, EC_KEY_get0_group(from->pkey.ec));
|
216
210
|
}
|
217
211
|
|
218
212
|
static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) {
|
@@ -243,6 +237,11 @@ const EVP_PKEY_ASN1_METHOD ec_asn1_meth = {
|
|
243
237
|
eckey_priv_decode,
|
244
238
|
eckey_priv_encode,
|
245
239
|
|
240
|
+
NULL /* set_priv_raw */,
|
241
|
+
NULL /* set_pub_raw */,
|
242
|
+
NULL /* get_priv_raw */,
|
243
|
+
NULL /* get_pub_raw */,
|
244
|
+
|
246
245
|
eckey_opaque,
|
247
246
|
|
248
247
|
int_ec_size,
|
@@ -16,6 +16,7 @@
|
|
16
16
|
|
17
17
|
#include <openssl/curve25519.h>
|
18
18
|
#include <openssl/err.h>
|
19
|
+
#include <openssl/mem.h>
|
19
20
|
|
20
21
|
#include "internal.h"
|
21
22
|
|
@@ -23,6 +24,27 @@
|
|
23
24
|
// Ed25519 has no parameters to copy.
|
24
25
|
static int pkey_ed25519_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { return 1; }
|
25
26
|
|
27
|
+
static int pkey_ed25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) {
|
28
|
+
ED25519_KEY *key = OPENSSL_malloc(sizeof(ED25519_KEY));
|
29
|
+
if (key == NULL) {
|
30
|
+
OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
|
31
|
+
return 0;
|
32
|
+
}
|
33
|
+
|
34
|
+
if (!EVP_PKEY_set_type(pkey, EVP_PKEY_ED25519)) {
|
35
|
+
OPENSSL_free(key);
|
36
|
+
return 0;
|
37
|
+
}
|
38
|
+
|
39
|
+
uint8_t pubkey_unused[32];
|
40
|
+
ED25519_keypair(pubkey_unused, key->key.priv);
|
41
|
+
key->has_private = 1;
|
42
|
+
|
43
|
+
OPENSSL_free(pkey->pkey.ptr);
|
44
|
+
pkey->pkey.ptr = key;
|
45
|
+
return 1;
|
46
|
+
}
|
47
|
+
|
26
48
|
static int pkey_ed25519_sign_message(EVP_PKEY_CTX *ctx, uint8_t *sig,
|
27
49
|
size_t *siglen, const uint8_t *tbs,
|
28
50
|
size_t tbslen) {
|
@@ -32,12 +54,22 @@ static int pkey_ed25519_sign_message(EVP_PKEY_CTX *ctx, uint8_t *sig,
|
|
32
54
|
return 0;
|
33
55
|
}
|
34
56
|
|
35
|
-
*siglen = 64;
|
36
57
|
if (sig == NULL) {
|
58
|
+
*siglen = 64;
|
37
59
|
return 1;
|
38
60
|
}
|
39
61
|
|
40
|
-
|
62
|
+
if (*siglen < 64) {
|
63
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL);
|
64
|
+
return 0;
|
65
|
+
}
|
66
|
+
|
67
|
+
if (!ED25519_sign(sig, tbs, tbslen, key->key.priv)) {
|
68
|
+
return 0;
|
69
|
+
}
|
70
|
+
|
71
|
+
*siglen = 64;
|
72
|
+
return 1;
|
41
73
|
}
|
42
74
|
|
43
75
|
static int pkey_ed25519_verify_message(EVP_PKEY_CTX *ctx, const uint8_t *sig,
|
@@ -58,7 +90,7 @@ const EVP_PKEY_METHOD ed25519_pkey_meth = {
|
|
58
90
|
NULL /* init */,
|
59
91
|
pkey_ed25519_copy,
|
60
92
|
NULL /* cleanup */,
|
61
|
-
|
93
|
+
pkey_ed25519_keygen,
|
62
94
|
NULL /* sign */,
|
63
95
|
pkey_ed25519_sign_message,
|
64
96
|
NULL /* verify */,
|
@@ -67,5 +99,6 @@ const EVP_PKEY_METHOD ed25519_pkey_meth = {
|
|
67
99
|
NULL /* encrypt */,
|
68
100
|
NULL /* decrypt */,
|
69
101
|
NULL /* derive */,
|
102
|
+
NULL /* paramgen */,
|
70
103
|
NULL /* ctrl */,
|
71
104
|
};
|