grpc 1.24.0 → 1.25.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +306 -243
- data/etc/roots.pem +0 -100
- data/include/grpc/grpc_security.h +44 -18
- data/include/grpc/impl/codegen/grpc_types.h +15 -0
- data/include/grpc/impl/codegen/port_platform.h +27 -11
- data/include/grpc/impl/codegen/sync_generic.h +1 -1
- data/src/boringssl/err_data.c +695 -650
- data/src/core/ext/filters/client_channel/client_channel.cc +257 -179
- data/src/core/ext/filters/client_channel/client_channel.h +24 -0
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +2 -3
- data/src/core/ext/filters/client_channel/client_channel_factory.h +1 -5
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +18 -45
- data/src/core/ext/filters/client_channel/health/health_check_client.h +5 -13
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy.cc +2 -3
- data/src/core/ext/filters/client_channel/lb_policy.h +65 -55
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +14 -14
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +113 -36
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +14 -19
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +36 -13
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -10
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +814 -1589
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +2 -5
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -6
- data/src/core/ext/filters/client_channel/resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver.h +8 -16
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +25 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +46 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +10 -17
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +7 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +111 -44
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +22 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +29 -10
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +27 -36
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +7 -10
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -16
- data/src/core/ext/filters/client_channel/resolver_factory.h +4 -8
- data/src/core/ext/filters/client_channel/resolver_registry.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver_registry.h +1 -1
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +7 -10
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +7 -8
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +1 -1
- data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
- data/src/core/ext/filters/client_channel/retry_throttle.h +1 -4
- data/src/core/ext/filters/client_channel/service_config.h +8 -8
- data/src/core/ext/filters/client_channel/subchannel.cc +53 -86
- data/src/core/ext/filters/client_channel/subchannel.h +7 -9
- data/src/core/ext/filters/client_channel/subchannel_interface.h +9 -13
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +3 -6
- data/src/core/ext/filters/client_channel/{lb_policy/xds/xds_load_balancer_api.cc → xds/xds_api.cc} +169 -52
- data/src/core/ext/filters/client_channel/xds/xds_api.h +171 -0
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +450 -0
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +99 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel.h +8 -6
- data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel_secure.cc +28 -11
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +1413 -0
- data/src/core/ext/filters/client_channel/xds/xds_client.h +221 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.cc +1 -5
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.h +3 -4
- data/src/core/ext/filters/deadline/deadline_filter.cc +20 -20
- data/src/core/ext/filters/http/client/http_client_filter.cc +15 -15
- data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +12 -12
- data/src/core/ext/filters/max_age/max_age_filter.cc +59 -50
- data/src/core/ext/filters/message_size/message_size_filter.cc +18 -18
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +15 -14
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +233 -175
- data/src/core/ext/transport/chttp2/transport/flow_control.h +21 -24
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +253 -163
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +24 -12
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +13 -15
- data/src/core/ext/transport/chttp2/transport/writing.cc +3 -0
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
- data/src/core/lib/channel/channel_args.cc +16 -0
- data/src/core/lib/channel/channel_args.h +22 -0
- data/src/core/lib/channel/channelz.cc +5 -6
- data/src/core/lib/channel/channelz.h +1 -1
- data/src/core/lib/channel/connected_channel.cc +20 -20
- data/src/core/lib/channel/handshaker.h +3 -4
- data/src/core/lib/channel/handshaker_factory.h +1 -3
- data/src/core/lib/debug/trace.h +3 -2
- data/src/core/lib/gprpp/arena.cc +3 -3
- data/src/core/lib/gprpp/arena.h +2 -3
- data/src/core/lib/gprpp/inlined_vector.h +9 -0
- data/src/core/lib/gprpp/map.h +3 -501
- data/src/core/lib/gprpp/memory.h +45 -41
- data/src/core/lib/gprpp/mpscq.cc +108 -0
- data/src/core/lib/gprpp/mpscq.h +98 -0
- data/src/core/lib/gprpp/orphanable.h +6 -11
- data/src/core/lib/gprpp/ref_counted.h +25 -19
- data/src/core/lib/gprpp/set.h +33 -0
- data/src/core/lib/gprpp/thd.h +2 -4
- data/src/core/lib/http/httpcli.cc +1 -1
- data/src/core/lib/http/httpcli_security_connector.cc +15 -11
- data/src/core/lib/http/parser.cc +1 -1
- data/src/core/lib/iomgr/buffer_list.cc +4 -5
- data/src/core/lib/iomgr/buffer_list.h +5 -6
- data/src/core/lib/iomgr/call_combiner.cc +4 -5
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/cfstream_handle.h +3 -5
- data/src/core/lib/iomgr/closure.h +8 -3
- data/src/core/lib/iomgr/combiner.cc +45 -82
- data/src/core/lib/iomgr/combiner.h +32 -8
- data/src/core/lib/iomgr/endpoint_cfstream.cc +5 -3
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -15
- data/src/core/lib/iomgr/ev_poll_posix.cc +3 -1
- data/src/core/lib/iomgr/exec_ctx.h +4 -3
- data/src/core/lib/iomgr/executor.cc +4 -2
- data/src/core/lib/iomgr/executor.h +3 -0
- data/src/core/lib/iomgr/executor/mpmcqueue.h +3 -6
- data/src/core/lib/iomgr/executor/threadpool.cc +1 -2
- data/src/core/lib/iomgr/executor/threadpool.h +7 -11
- data/src/core/lib/iomgr/resource_quota.cc +55 -51
- data/src/core/lib/iomgr/resource_quota.h +13 -9
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +13 -0
- data/src/core/lib/iomgr/socket_utils_posix.h +4 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +4 -11
- data/src/core/lib/iomgr/tcp_custom.cc +9 -7
- data/src/core/lib/iomgr/tcp_posix.cc +20 -16
- data/src/core/lib/iomgr/tcp_server.h +1 -4
- data/src/core/lib/iomgr/tcp_server_custom.cc +5 -5
- data/src/core/lib/iomgr/tcp_server_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -11
- data/src/core/lib/iomgr/timer_custom.cc +2 -2
- data/src/core/lib/iomgr/udp_server.cc +3 -2
- data/src/core/lib/iomgr/udp_server.h +6 -12
- data/src/core/lib/json/json.h +1 -1
- data/src/core/lib/json/json_string.cc +2 -2
- data/src/core/lib/profiling/basic_timers.cc +2 -2
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -2
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -1
- data/src/core/lib/security/credentials/credentials.h +4 -20
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +4 -4
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +64 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -7
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +2 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/security_connector.cc +1 -0
- data/src/core/lib/security/security_connector/security_connector.h +19 -17
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +8 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
- data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +14 -6
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +4 -2
- data/src/core/lib/security/transport/client_auth_filter.cc +17 -17
- data/src/core/lib/security/transport/security_handshaker.cc +29 -13
- data/src/core/lib/security/transport/security_handshaker.h +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +14 -14
- data/src/core/lib/slice/slice.cc +2 -10
- data/src/core/lib/slice/slice_hash_table.h +4 -6
- data/src/core/lib/slice/slice_intern.cc +42 -39
- data/src/core/lib/slice/slice_internal.h +3 -3
- data/src/core/lib/slice/slice_utils.h +21 -4
- data/src/core/lib/slice/slice_weak_hash_table.h +4 -6
- data/src/core/lib/surface/call.cc +3 -3
- data/src/core/lib/surface/channel.cc +7 -0
- data/src/core/lib/surface/completion_queue.cc +12 -11
- data/src/core/lib/surface/completion_queue.h +4 -2
- data/src/core/lib/surface/init.cc +1 -0
- data/src/core/lib/surface/lame_client.cc +33 -18
- data/src/core/lib/surface/server.cc +77 -76
- data/src/core/lib/surface/version.cc +1 -1
- data/src/core/lib/transport/byte_stream.h +3 -7
- data/src/core/lib/transport/connectivity_state.cc +112 -98
- data/src/core/lib/transport/connectivity_state.h +100 -50
- data/src/core/lib/transport/static_metadata.cc +276 -288
- data/src/core/lib/transport/static_metadata.h +73 -76
- data/src/core/lib/transport/status_conversion.cc +1 -1
- data/src/core/lib/transport/status_metadata.cc +1 -1
- data/src/core/lib/transport/transport.cc +2 -2
- data/src/core/lib/transport/transport.h +12 -4
- data/src/core/lib/transport/transport_op_string.cc +14 -11
- data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +5 -5
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -2
- data/src/core/tsi/fake_transport_security.cc +7 -5
- data/src/core/tsi/grpc_shadow_boringssl.h +2918 -2627
- data/src/core/tsi/local_transport_security.cc +8 -6
- data/src/core/tsi/ssl/session_cache/ssl_session.h +1 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +7 -5
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -6
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -2
- data/src/core/tsi/ssl_transport_security.cc +12 -12
- data/src/core/tsi/ssl_transport_security.h +2 -2
- data/src/core/tsi/transport_security_grpc.cc +7 -0
- data/src/core/tsi/transport_security_grpc.h +6 -0
- data/src/ruby/ext/grpc/extconf.rb +1 -0
- data/src/ruby/ext/grpc/rb_call.c +1 -1
- data/src/ruby/ext/grpc/rb_channel.c +1 -1
- data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
- data/src/ruby/lib/grpc/generic/rpc_server.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
- data/third_party/boringssl/crypto/asn1/a_bool.c +18 -5
- data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +17 -221
- data/third_party/boringssl/crypto/asn1/a_dup.c +0 -24
- data/third_party/boringssl/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +10 -72
- data/third_party/boringssl/crypto/asn1/a_int.c +12 -71
- data/third_party/boringssl/crypto/asn1/a_mbstr.c +110 -216
- data/third_party/boringssl/crypto/asn1/a_object.c +16 -5
- data/third_party/boringssl/crypto/asn1/a_strnid.c +1 -0
- data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -1
- data/third_party/boringssl/crypto/asn1/tasn_enc.c +3 -1
- data/third_party/boringssl/crypto/base64/base64.c +2 -2
- data/third_party/boringssl/crypto/bio/bio.c +73 -9
- data/third_party/boringssl/crypto/bio/connect.c +4 -0
- data/third_party/boringssl/crypto/bio/fd.c +4 -0
- data/third_party/boringssl/crypto/bio/file.c +5 -2
- data/third_party/boringssl/crypto/bio/socket.c +4 -0
- data/third_party/boringssl/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl/crypto/bn_extra/convert.c +11 -7
- data/third_party/boringssl/crypto/bytestring/ber.c +8 -4
- data/third_party/boringssl/crypto/bytestring/cbb.c +19 -7
- data/third_party/boringssl/crypto/bytestring/cbs.c +28 -15
- data/third_party/boringssl/crypto/bytestring/internal.h +28 -7
- data/third_party/boringssl/crypto/bytestring/unicode.c +155 -0
- data/third_party/boringssl/crypto/chacha/chacha.c +36 -19
- data/third_party/boringssl/crypto/chacha/internal.h +45 -0
- data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +29 -0
- data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +269 -25
- data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +16 -14
- data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +54 -38
- data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +133 -41
- data/third_party/boringssl/crypto/cipher_extra/e_tls.c +23 -15
- data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +24 -15
- data/third_party/boringssl/crypto/cmac/cmac.c +62 -25
- data/third_party/boringssl/crypto/conf/conf.c +7 -0
- data/third_party/boringssl/crypto/cpu-arm-linux.c +4 -148
- data/third_party/boringssl/crypto/cpu-arm-linux.h +201 -0
- data/third_party/boringssl/crypto/cpu-intel.c +45 -51
- data/third_party/boringssl/crypto/crypto.c +39 -22
- data/third_party/boringssl/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl/crypto/dsa/dsa.c +77 -53
- data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +20 -8
- data/third_party/boringssl/crypto/ec_extra/ec_derive.c +96 -0
- data/third_party/boringssl/crypto/{ecdh/ecdh.c → ecdh_extra/ecdh_extra.c} +20 -58
- data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -9
- data/third_party/boringssl/crypto/engine/engine.c +2 -1
- data/third_party/boringssl/crypto/err/err.c +2 -0
- data/third_party/boringssl/crypto/err/internal.h +2 -2
- data/third_party/boringssl/crypto/evp/evp.c +89 -8
- data/third_party/boringssl/crypto/evp/evp_asn1.c +56 -5
- data/third_party/boringssl/crypto/evp/evp_ctx.c +52 -14
- data/third_party/boringssl/crypto/evp/internal.h +18 -1
- data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +5 -0
- data/third_party/boringssl/crypto/evp/p_ec.c +51 -3
- data/third_party/boringssl/crypto/evp/p_ec_asn1.c +6 -7
- data/third_party/boringssl/crypto/evp/p_ed25519.c +36 -3
- data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +76 -45
- data/third_party/boringssl/crypto/evp/p_rsa.c +3 -1
- data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +5 -0
- data/third_party/boringssl/crypto/evp/p_x25519.c +110 -0
- data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +249 -0
- data/third_party/boringssl/crypto/evp/scrypt.c +6 -2
- data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +34 -274
- data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +161 -21
- data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +111 -13
- data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +17 -21
- data/third_party/boringssl/crypto/fipsmodule/bcm.c +119 -7
- data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +19 -2
- data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +2 -2
- data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +93 -160
- data/third_party/boringssl/crypto/fipsmodule/bn/div.c +48 -57
- data/third_party/boringssl/crypto/fipsmodule/bn/div_extra.c +87 -0
- data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +143 -211
- data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -305
- data/third_party/boringssl/crypto/fipsmodule/bn/gcd_extra.c +325 -0
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +168 -50
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +68 -92
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +7 -6
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +11 -14
- data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +358 -443
- data/third_party/boringssl/crypto/fipsmodule/bn/random.c +25 -35
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +20 -25
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +76 -5
- data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +14 -14
- data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +7 -2
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +383 -516
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +4 -0
- data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +3 -4
- data/third_party/boringssl/crypto/fipsmodule/delocate.h +3 -2
- data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +32 -17
- data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +3 -3
- data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +228 -122
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +34 -8
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +311 -98
- data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +82 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +263 -97
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +22 -59
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +317 -234
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9473 -9475
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +313 -109
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +36 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +96 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +126 -792
- data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +84 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/util.c +163 -12
- data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +84 -211
- data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +122 -0
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +60 -205
- data/third_party/boringssl/crypto/fipsmodule/fips_shared_support.c +32 -0
- data/third_party/boringssl/crypto/fipsmodule/is_fips.c +2 -0
- data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +3 -1
- data/third_party/boringssl/crypto/fipsmodule/md5/internal.h +37 -0
- data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +11 -8
- data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +35 -79
- data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +7 -39
- data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +7 -27
- data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +123 -309
- data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +189 -126
- data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +3 -2
- data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +2 -2
- data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +35 -0
- data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +24 -19
- data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +256 -77
- data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +10 -7
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +5 -1
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +131 -14
- data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +83 -10
- data/third_party/boringssl/crypto/fipsmodule/sha/internal.h +53 -0
- data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +9 -13
- data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +18 -12
- data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +95 -168
- data/third_party/boringssl/crypto/hrss/hrss.c +2201 -0
- data/third_party/boringssl/crypto/hrss/internal.h +62 -0
- data/third_party/boringssl/crypto/internal.h +95 -20
- data/third_party/boringssl/crypto/lhash/lhash.c +45 -33
- data/third_party/boringssl/crypto/mem.c +39 -2
- data/third_party/boringssl/crypto/obj/obj.c +4 -4
- data/third_party/boringssl/crypto/obj/obj_dat.h +6181 -875
- data/third_party/boringssl/crypto/pem/pem_all.c +2 -3
- data/third_party/boringssl/crypto/pem/pem_info.c +144 -162
- data/third_party/boringssl/crypto/pem/pem_lib.c +53 -52
- data/third_party/boringssl/crypto/pem/pem_pkey.c +13 -21
- data/third_party/boringssl/crypto/pkcs7/pkcs7.c +15 -22
- data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +168 -16
- data/third_party/boringssl/crypto/pkcs8/internal.h +11 -0
- data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +24 -15
- data/third_party/boringssl/crypto/pkcs8/pkcs8.c +42 -25
- data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +559 -43
- data/third_party/boringssl/crypto/pool/internal.h +1 -1
- data/third_party/boringssl/crypto/pool/pool.c +21 -0
- data/third_party/boringssl/crypto/rand_extra/deterministic.c +8 -0
- data/third_party/boringssl/crypto/rand_extra/fuchsia.c +1 -14
- data/third_party/boringssl/crypto/refcount_lock.c +2 -2
- data/third_party/boringssl/crypto/rsa_extra/rsa_print.c +22 -0
- data/third_party/boringssl/crypto/siphash/siphash.c +80 -0
- data/third_party/boringssl/crypto/stack/stack.c +83 -32
- data/third_party/boringssl/crypto/thread_none.c +2 -2
- data/third_party/boringssl/crypto/thread_pthread.c +2 -2
- data/third_party/boringssl/crypto/thread_win.c +38 -19
- data/third_party/boringssl/crypto/x509/a_strex.c +22 -2
- data/third_party/boringssl/crypto/x509/asn1_gen.c +2 -1
- data/third_party/boringssl/crypto/x509/by_dir.c +7 -0
- data/third_party/boringssl/crypto/x509/by_file.c +12 -10
- data/third_party/boringssl/crypto/x509/t_crl.c +5 -8
- data/third_party/boringssl/crypto/x509/t_req.c +1 -3
- data/third_party/boringssl/crypto/x509/t_x509.c +5 -8
- data/third_party/boringssl/crypto/x509/x509_cmp.c +1 -1
- data/third_party/boringssl/crypto/x509/x509_def.c +1 -1
- data/third_party/boringssl/crypto/x509/x509_lu.c +114 -5
- data/third_party/boringssl/crypto/x509/x509_req.c +20 -0
- data/third_party/boringssl/crypto/x509/x509_set.c +5 -0
- data/third_party/boringssl/crypto/x509/x509_trs.c +1 -0
- data/third_party/boringssl/crypto/x509/x509_txt.c +4 -5
- data/third_party/boringssl/crypto/x509/x509_vfy.c +145 -138
- data/third_party/boringssl/crypto/x509/x509_vpm.c +2 -0
- data/third_party/boringssl/crypto/x509/x509cset.c +40 -0
- data/third_party/boringssl/crypto/x509/x509name.c +2 -3
- data/third_party/boringssl/crypto/x509/x_all.c +109 -210
- data/third_party/boringssl/crypto/x509/x_x509.c +6 -0
- data/third_party/boringssl/crypto/x509v3/ext_dat.h +1 -3
- data/third_party/boringssl/crypto/x509v3/internal.h +56 -0
- data/third_party/boringssl/crypto/x509v3/pcy_cache.c +2 -0
- data/third_party/boringssl/crypto/x509v3/pcy_node.c +1 -0
- data/third_party/boringssl/crypto/x509v3/pcy_tree.c +4 -2
- data/third_party/boringssl/crypto/x509v3/v3_akey.c +5 -2
- data/third_party/boringssl/crypto/x509v3/v3_alt.c +19 -13
- data/third_party/boringssl/crypto/x509v3/v3_conf.c +2 -1
- data/third_party/boringssl/crypto/x509v3/v3_cpols.c +3 -2
- data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -6
- data/third_party/boringssl/crypto/x509v3/v3_lib.c +1 -0
- data/third_party/boringssl/crypto/x509v3/v3_ocsp.c +68 -0
- data/third_party/boringssl/crypto/x509v3/v3_pci.c +2 -1
- data/third_party/boringssl/crypto/x509v3/v3_purp.c +47 -69
- data/third_party/boringssl/crypto/x509v3/v3_skey.c +5 -2
- data/third_party/boringssl/crypto/x509v3/v3_utl.c +69 -25
- data/third_party/boringssl/include/openssl/aead.h +45 -19
- data/third_party/boringssl/include/openssl/aes.h +32 -7
- data/third_party/boringssl/include/openssl/asn1.h +7 -77
- data/third_party/boringssl/include/openssl/base.h +120 -6
- data/third_party/boringssl/include/openssl/base64.h +4 -1
- data/third_party/boringssl/include/openssl/bio.h +112 -81
- data/third_party/boringssl/include/openssl/blowfish.h +3 -3
- data/third_party/boringssl/include/openssl/bn.h +55 -29
- data/third_party/boringssl/include/openssl/buf.h +2 -2
- data/third_party/boringssl/include/openssl/bytestring.h +54 -32
- data/third_party/boringssl/include/openssl/cast.h +2 -2
- data/third_party/boringssl/include/openssl/cipher.h +46 -16
- data/third_party/boringssl/include/openssl/cmac.h +6 -2
- data/third_party/boringssl/include/openssl/conf.h +3 -6
- data/third_party/boringssl/include/openssl/cpu.h +25 -9
- data/third_party/boringssl/include/openssl/crypto.h +32 -10
- data/third_party/boringssl/include/openssl/curve25519.h +4 -4
- data/third_party/boringssl/include/openssl/dh.h +3 -2
- data/third_party/boringssl/include/openssl/digest.h +21 -7
- data/third_party/boringssl/include/openssl/dsa.h +8 -2
- data/third_party/boringssl/include/openssl/e_os2.h +18 -0
- data/third_party/boringssl/include/openssl/ec.h +25 -21
- data/third_party/boringssl/include/openssl/ec_key.h +36 -8
- data/third_party/boringssl/include/openssl/ecdh.h +17 -0
- data/third_party/boringssl/include/openssl/ecdsa.h +3 -3
- data/third_party/boringssl/include/openssl/engine.h +4 -4
- data/third_party/boringssl/include/openssl/err.h +3 -0
- data/third_party/boringssl/include/openssl/evp.h +199 -42
- data/third_party/boringssl/include/openssl/hmac.h +4 -4
- data/third_party/boringssl/include/openssl/hrss.h +100 -0
- data/third_party/boringssl/include/openssl/lhash.h +131 -23
- data/third_party/boringssl/include/openssl/md4.h +6 -4
- data/third_party/boringssl/include/openssl/md5.h +6 -4
- data/third_party/boringssl/include/openssl/mem.h +6 -2
- data/third_party/boringssl/include/openssl/nid.h +3 -0
- data/third_party/boringssl/include/openssl/obj.h +3 -0
- data/third_party/boringssl/include/openssl/pem.h +102 -64
- data/third_party/boringssl/include/openssl/pkcs7.h +136 -3
- data/third_party/boringssl/include/openssl/pkcs8.h +42 -3
- data/third_party/boringssl/include/openssl/pool.h +13 -2
- data/third_party/boringssl/include/openssl/ripemd.h +5 -4
- data/third_party/boringssl/include/openssl/rsa.h +46 -15
- data/third_party/boringssl/include/openssl/sha.h +40 -28
- data/third_party/boringssl/include/openssl/siphash.h +37 -0
- data/third_party/boringssl/include/openssl/span.h +17 -9
- data/third_party/boringssl/include/openssl/ssl.h +766 -393
- data/third_party/boringssl/include/openssl/ssl3.h +4 -3
- data/third_party/boringssl/include/openssl/stack.h +134 -77
- data/third_party/boringssl/include/openssl/thread.h +1 -1
- data/third_party/boringssl/include/openssl/tls1.h +25 -9
- data/third_party/boringssl/include/openssl/type_check.h +14 -15
- data/third_party/boringssl/include/openssl/x509.h +28 -3
- data/third_party/boringssl/include/openssl/x509_vfy.h +98 -32
- data/third_party/boringssl/include/openssl/x509v3.h +17 -13
- data/third_party/boringssl/ssl/d1_both.cc +9 -18
- data/third_party/boringssl/ssl/d1_lib.cc +4 -3
- data/third_party/boringssl/ssl/d1_pkt.cc +4 -4
- data/third_party/boringssl/ssl/d1_srtp.cc +15 -15
- data/third_party/boringssl/ssl/dtls_method.cc +0 -1
- data/third_party/boringssl/ssl/dtls_record.cc +28 -28
- data/third_party/boringssl/ssl/handoff.cc +295 -91
- data/third_party/boringssl/ssl/handshake.cc +133 -72
- data/third_party/boringssl/ssl/handshake_client.cc +218 -189
- data/third_party/boringssl/ssl/handshake_server.cc +399 -272
- data/third_party/boringssl/ssl/internal.h +1413 -928
- data/third_party/boringssl/ssl/s3_both.cc +175 -36
- data/third_party/boringssl/ssl/s3_lib.cc +9 -13
- data/third_party/boringssl/ssl/s3_pkt.cc +63 -29
- data/third_party/boringssl/ssl/ssl_aead_ctx.cc +55 -35
- data/third_party/boringssl/ssl/ssl_asn1.cc +57 -73
- data/third_party/boringssl/ssl/ssl_buffer.cc +13 -12
- data/third_party/boringssl/ssl/ssl_cert.cc +313 -210
- data/third_party/boringssl/ssl/ssl_cipher.cc +159 -221
- data/third_party/boringssl/ssl/ssl_file.cc +2 -0
- data/third_party/boringssl/ssl/ssl_key_share.cc +164 -19
- data/third_party/boringssl/ssl/ssl_lib.cc +847 -555
- data/third_party/boringssl/ssl/ssl_privkey.cc +441 -111
- data/third_party/boringssl/ssl/ssl_session.cc +230 -178
- data/third_party/boringssl/ssl/ssl_transcript.cc +21 -142
- data/third_party/boringssl/ssl/ssl_versions.cc +88 -93
- data/third_party/boringssl/ssl/ssl_x509.cc +279 -218
- data/third_party/boringssl/ssl/t1_enc.cc +5 -96
- data/third_party/boringssl/ssl/t1_lib.cc +931 -678
- data/third_party/boringssl/ssl/tls13_both.cc +251 -121
- data/third_party/boringssl/ssl/tls13_client.cc +129 -73
- data/third_party/boringssl/ssl/tls13_enc.cc +350 -282
- data/third_party/boringssl/ssl/tls13_server.cc +259 -192
- data/third_party/boringssl/ssl/tls_method.cc +26 -21
- data/third_party/boringssl/ssl/tls_record.cc +42 -47
- data/third_party/boringssl/third_party/fiat/curve25519.c +261 -1324
- data/third_party/boringssl/third_party/fiat/curve25519_32.h +911 -0
- data/third_party/boringssl/third_party/fiat/curve25519_64.h +559 -0
- data/third_party/boringssl/third_party/fiat/p256.c +238 -999
- data/third_party/boringssl/third_party/fiat/p256_32.h +3226 -0
- data/third_party/boringssl/third_party/fiat/p256_64.h +1217 -0
- data/third_party/upb/upb/port_def.inc +1 -1
- data/third_party/upb/upb/table.c +2 -1
- metadata +72 -44
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +0 -127
- data/src/core/lib/gpr/mpscq.cc +0 -117
- data/src/core/lib/gpr/mpscq.h +0 -88
- data/src/core/lib/gprpp/abstract.h +0 -47
- data/src/core/lib/gprpp/pair.h +0 -38
- data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
- data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
- data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
- data/third_party/boringssl/ssl/custom_extensions.cc +0 -265
@@ -170,7 +170,7 @@ int RSA_padding_add_PKCS1_type_2(uint8_t *to, size_t to_len,
|
|
170
170
|
}
|
171
171
|
|
172
172
|
if (from_len > to_len - RSA_PKCS1_PADDING_SIZE) {
|
173
|
-
OPENSSL_PUT_ERROR(RSA,
|
173
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
|
174
174
|
return 0;
|
175
175
|
}
|
176
176
|
|
@@ -233,6 +233,9 @@ int RSA_padding_check_PKCS1_type_2(uint8_t *out, size_t *out_len,
|
|
233
233
|
// impossible to completely avoid Bleichenbacher's attack. Consumers should
|
234
234
|
// use |RSA_PADDING_NONE| and perform the padding check in constant-time
|
235
235
|
// combined with a swap to a random session key or other mitigation.
|
236
|
+
CONSTTIME_DECLASSIFY(&valid_index, sizeof(valid_index));
|
237
|
+
CONSTTIME_DECLASSIFY(&zero_index, sizeof(zero_index));
|
238
|
+
|
236
239
|
if (!valid_index) {
|
237
240
|
OPENSSL_PUT_ERROR(RSA, RSA_R_PKCS_DECODING_ERROR);
|
238
241
|
return 0;
|
@@ -254,7 +257,7 @@ int RSA_padding_check_PKCS1_type_2(uint8_t *out, size_t *out_len,
|
|
254
257
|
int RSA_padding_add_none(uint8_t *to, size_t to_len, const uint8_t *from,
|
255
258
|
size_t from_len) {
|
256
259
|
if (from_len > to_len) {
|
257
|
-
OPENSSL_PUT_ERROR(RSA,
|
260
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
|
258
261
|
return 0;
|
259
262
|
}
|
260
263
|
|
@@ -330,7 +333,7 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(uint8_t *to, size_t to_len,
|
|
330
333
|
|
331
334
|
size_t emlen = to_len - 1;
|
332
335
|
if (from_len > emlen - 2 * mdlen - 1) {
|
333
|
-
OPENSSL_PUT_ERROR(RSA,
|
336
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
|
334
337
|
return 0;
|
335
338
|
}
|
336
339
|
|
@@ -480,7 +483,7 @@ decoding_err:
|
|
480
483
|
|
481
484
|
static const uint8_t kPSSZeroes[] = {0, 0, 0, 0, 0, 0, 0, 0};
|
482
485
|
|
483
|
-
int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash,
|
486
|
+
int RSA_verify_PKCS1_PSS_mgf1(const RSA *rsa, const uint8_t *mHash,
|
484
487
|
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
|
485
488
|
const uint8_t *EM, int sLen) {
|
486
489
|
int i;
|
@@ -579,7 +582,7 @@ err:
|
|
579
582
|
return ret;
|
580
583
|
}
|
581
584
|
|
582
|
-
int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
|
585
|
+
int RSA_padding_add_PKCS1_PSS_mgf1(const RSA *rsa, unsigned char *EM,
|
583
586
|
const unsigned char *mHash,
|
584
587
|
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
|
585
588
|
int sLenRequested) {
|
@@ -608,7 +611,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
|
|
608
611
|
}
|
609
612
|
|
610
613
|
if (emLen < hLen + 2) {
|
611
|
-
OPENSSL_PUT_ERROR(RSA,
|
614
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
|
612
615
|
goto err;
|
613
616
|
}
|
614
617
|
|
@@ -629,7 +632,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
|
|
629
632
|
}
|
630
633
|
|
631
634
|
if (emLen - hLen - 2 < sLen) {
|
632
|
-
OPENSSL_PUT_ERROR(RSA,
|
635
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
|
633
636
|
goto err;
|
634
637
|
}
|
635
638
|
|
@@ -76,7 +76,11 @@
|
|
76
76
|
#include "internal.h"
|
77
77
|
|
78
78
|
|
79
|
-
|
79
|
+
// RSA_R_BLOCK_TYPE_IS_NOT_02 is part of the legacy SSLv23 padding scheme.
|
80
|
+
// Cryptography.io depends on this error code.
|
81
|
+
OPENSSL_DECLARE_ERROR_REASON(RSA, BLOCK_TYPE_IS_NOT_02)
|
82
|
+
|
83
|
+
DEFINE_STATIC_EX_DATA_CLASS(g_rsa_ex_data_class)
|
80
84
|
|
81
85
|
RSA *RSA_new(void) { return RSA_new_method(NULL); }
|
82
86
|
|
@@ -120,6 +120,8 @@ static int ensure_fixed_copy(BIGNUM **out, const BIGNUM *in, int width) {
|
|
120
120
|
return 0;
|
121
121
|
}
|
122
122
|
*out = copy;
|
123
|
+
CONSTTIME_SECRET(copy->d, sizeof(BN_ULONG) * width);
|
124
|
+
|
123
125
|
return 1;
|
124
126
|
}
|
125
127
|
|
@@ -166,8 +168,13 @@ static int freeze_private_key(RSA *rsa, BN_CTX *ctx) {
|
|
166
168
|
}
|
167
169
|
|
168
170
|
if (rsa->p != NULL && rsa->q != NULL) {
|
171
|
+
// TODO: p and q are also CONSTTIME_SECRET but not yet marked as such
|
172
|
+
// because the Montgomery code does things like test whether or not values
|
173
|
+
// are zero. So the secret marking probably needs to happen inside that
|
174
|
+
// code.
|
175
|
+
|
169
176
|
if (rsa->mont_p == NULL) {
|
170
|
-
rsa->mont_p =
|
177
|
+
rsa->mont_p = BN_MONT_CTX_new_consttime(rsa->p, ctx);
|
171
178
|
if (rsa->mont_p == NULL) {
|
172
179
|
goto err;
|
173
180
|
}
|
@@ -175,7 +182,7 @@ static int freeze_private_key(RSA *rsa, BN_CTX *ctx) {
|
|
175
182
|
const BIGNUM *p_fixed = &rsa->mont_p->N;
|
176
183
|
|
177
184
|
if (rsa->mont_q == NULL) {
|
178
|
-
rsa->mont_q =
|
185
|
+
rsa->mont_q = BN_MONT_CTX_new_consttime(rsa->q, ctx);
|
179
186
|
if (rsa->mont_q == NULL) {
|
180
187
|
goto err;
|
181
188
|
}
|
@@ -224,6 +231,9 @@ static int freeze_private_key(RSA *rsa, BN_CTX *ctx) {
|
|
224
231
|
goto err;
|
225
232
|
}
|
226
233
|
rsa->inv_small_mod_large_mont = inv_small_mod_large_mont;
|
234
|
+
CONSTTIME_SECRET(
|
235
|
+
rsa->inv_small_mod_large_mont->d,
|
236
|
+
sizeof(BN_ULONG) * rsa->inv_small_mod_large_mont->width);
|
227
237
|
}
|
228
238
|
}
|
229
239
|
}
|
@@ -303,7 +313,7 @@ int RSA_encrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
|
|
303
313
|
|
304
314
|
if (BN_ucmp(f, rsa->n) >= 0) {
|
305
315
|
// usually the padding functions would catch this
|
306
|
-
OPENSSL_PUT_ERROR(RSA,
|
316
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
|
307
317
|
goto err;
|
308
318
|
}
|
309
319
|
|
@@ -480,6 +490,7 @@ int rsa_default_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out,
|
|
480
490
|
goto err;
|
481
491
|
}
|
482
492
|
|
493
|
+
CONSTTIME_DECLASSIFY(out, rsa_size);
|
483
494
|
*out_len = rsa_size;
|
484
495
|
ret = 1;
|
485
496
|
|
@@ -539,8 +550,11 @@ int rsa_default_decrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
|
|
539
550
|
goto err;
|
540
551
|
}
|
541
552
|
|
553
|
+
CONSTTIME_DECLASSIFY(&ret, sizeof(ret));
|
542
554
|
if (!ret) {
|
543
555
|
OPENSSL_PUT_ERROR(RSA, RSA_R_PADDING_CHECK_FAILED);
|
556
|
+
} else {
|
557
|
+
CONSTTIME_DECLASSIFY(out, *out_len);
|
544
558
|
}
|
545
559
|
|
546
560
|
err:
|
@@ -609,7 +623,7 @@ int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
|
|
609
623
|
}
|
610
624
|
|
611
625
|
if (BN_ucmp(f, rsa->n) >= 0) {
|
612
|
-
OPENSSL_PUT_ERROR(RSA,
|
626
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
|
613
627
|
goto err;
|
614
628
|
}
|
615
629
|
|
@@ -683,7 +697,7 @@ int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in,
|
|
683
697
|
|
684
698
|
if (BN_ucmp(f, rsa->n) >= 0) {
|
685
699
|
// Usually the padding functions would catch this.
|
686
|
-
OPENSSL_PUT_ERROR(RSA,
|
700
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
|
687
701
|
goto err;
|
688
702
|
}
|
689
703
|
|
@@ -715,7 +729,13 @@ int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in,
|
|
715
729
|
}
|
716
730
|
|
717
731
|
if (rsa->p != NULL && rsa->q != NULL && rsa->e != NULL && rsa->dmp1 != NULL &&
|
718
|
-
rsa->dmq1 != NULL && rsa->iqmp != NULL
|
732
|
+
rsa->dmq1 != NULL && rsa->iqmp != NULL &&
|
733
|
+
// Require that we can reduce |f| by |rsa->p| and |rsa->q| in constant
|
734
|
+
// time, which requires primes be the same size, rounded to the Montgomery
|
735
|
+
// coefficient. (See |mod_montgomery|.) This is not required by RFC 8017,
|
736
|
+
// but it is true for keys generated by us and all common implementations.
|
737
|
+
bn_less_than_montgomery_R(rsa->q, rsa->mont_p) &&
|
738
|
+
bn_less_than_montgomery_R(rsa->p, rsa->mont_q)) {
|
719
739
|
if (!mod_exp(result, f, rsa, ctx)) {
|
720
740
|
goto err;
|
721
741
|
}
|
@@ -753,7 +773,7 @@ int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in,
|
|
753
773
|
// that it and serializing does not leak information about the magnitude of
|
754
774
|
// the result.
|
755
775
|
//
|
756
|
-
// See Falko
|
776
|
+
// See Falko Strenzke, "Manger's Attack revisited", ICICS 2010.
|
757
777
|
assert(result->width == rsa->mont_n->N.width);
|
758
778
|
if (!BN_bn2bin_padded(out, len, result)) {
|
759
779
|
OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
|
@@ -780,11 +800,11 @@ static int mod_montgomery(BIGNUM *r, const BIGNUM *I, const BIGNUM *p,
|
|
780
800
|
const BN_MONT_CTX *mont_p, const BIGNUM *q,
|
781
801
|
BN_CTX *ctx) {
|
782
802
|
// Reducing in constant-time with Montgomery reduction requires I <= p * R. We
|
783
|
-
// have I < p * q, so this follows if q < R.
|
784
|
-
//
|
785
|
-
// sane generates. For other keys, we fall back to |BN_mod|.
|
803
|
+
// have I < p * q, so this follows if q < R. The caller should have checked
|
804
|
+
// this already.
|
786
805
|
if (!bn_less_than_montgomery_R(q, mont_p)) {
|
787
|
-
|
806
|
+
OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
|
807
|
+
return 0;
|
788
808
|
}
|
789
809
|
|
790
810
|
if (// Reduce mod p with Montgomery reduction. This computes I * R^-1 mod p.
|
@@ -928,6 +948,8 @@ const size_t kBoringSSLRSASqrtTwoLen = OPENSSL_ARRAY_SIZE(kBoringSSLRSASqrtTwo);
|
|
928
948
|
// relatively prime to |e|. If |p| is non-NULL, |out| will also not be close to
|
929
949
|
// |p|. |sqrt2| must be ⌊2^(bits-1)×√2⌋ (or a slightly overestimate for large
|
930
950
|
// sizes), and |pow2_bits_100| must be 2^(bits-100).
|
951
|
+
//
|
952
|
+
// This function fails with probability around 2^-21.
|
931
953
|
static int generate_prime(BIGNUM *out, int bits, const BIGNUM *e,
|
932
954
|
const BIGNUM *p, const BIGNUM *sqrt2,
|
933
955
|
const BIGNUM *pow2_bits_100, BN_CTX *ctx,
|
@@ -944,11 +966,36 @@ static int generate_prime(BIGNUM *out, int bits, const BIGNUM *e,
|
|
944
966
|
// Use the limit from steps 4.7 and 5.8 for most values of |e|. When |e| is 3,
|
945
967
|
// the 186-4 limit is too low, so we use a higher one. Note this case is not
|
946
968
|
// reachable from |RSA_generate_key_fips|.
|
969
|
+
//
|
970
|
+
// |limit| determines the failure probability. We must find a prime that is
|
971
|
+
// not 1 mod |e|. By the prime number theorem, we'll find one with probability
|
972
|
+
// p = (e-1)/e * 2/(ln(2)*bits). Note the second term is doubled because we
|
973
|
+
// discard even numbers.
|
974
|
+
//
|
975
|
+
// The failure probability is thus (1-p)^limit. To convert that to a power of
|
976
|
+
// two, we take logs. -log_2((1-p)^limit) = -limit * ln(1-p) / ln(2).
|
977
|
+
//
|
978
|
+
// >>> def f(bits, e, limit):
|
979
|
+
// ... p = (e-1.0)/e * 2.0/(math.log(2)*bits)
|
980
|
+
// ... return -limit * math.log(1 - p) / math.log(2)
|
981
|
+
// ...
|
982
|
+
// >>> f(1024, 65537, 5*1024)
|
983
|
+
// 20.842750558272634
|
984
|
+
// >>> f(1536, 65537, 5*1536)
|
985
|
+
// 20.83294549602474
|
986
|
+
// >>> f(2048, 65537, 5*2048)
|
987
|
+
// 20.828047576234948
|
988
|
+
// >>> f(1024, 3, 8*1024)
|
989
|
+
// 22.222147925962307
|
990
|
+
// >>> f(1536, 3, 8*1536)
|
991
|
+
// 22.21518251065506
|
992
|
+
// >>> f(2048, 3, 8*2048)
|
993
|
+
// 22.211701985875937
|
947
994
|
if (bits >= INT_MAX/32) {
|
948
995
|
OPENSSL_PUT_ERROR(RSA, RSA_R_MODULUS_TOO_LARGE);
|
949
996
|
return 0;
|
950
997
|
}
|
951
|
-
int limit = BN_is_word(e, 3) ? bits *
|
998
|
+
int limit = BN_is_word(e, 3) ? bits * 8 : bits * 5;
|
952
999
|
|
953
1000
|
int ret = 0, tries = 0, rand_tries = 0;
|
954
1001
|
BN_CTX_start(ctx);
|
@@ -988,7 +1035,7 @@ static int generate_prime(BIGNUM *out, int bits, const BIGNUM *e,
|
|
988
1035
|
}
|
989
1036
|
|
990
1037
|
// RSA key generation's bottleneck is discarding composites. If it fails
|
991
|
-
// trial division, do not bother computing a GCD or performing Rabin
|
1038
|
+
// trial division, do not bother computing a GCD or performing Miller-Rabin.
|
992
1039
|
if (!bn_odd_number_is_obviously_composite(out)) {
|
993
1040
|
// Check gcd(out-1, e) is one (steps 4.5 and 5.6).
|
994
1041
|
int relatively_prime;
|
@@ -1027,7 +1074,14 @@ err:
|
|
1027
1074
|
return ret;
|
1028
1075
|
}
|
1029
1076
|
|
1030
|
-
|
1077
|
+
// rsa_generate_key_impl generates an RSA key using a generalized version of
|
1078
|
+
// FIPS 186-4 appendix B.3. |RSA_generate_key_fips| performs additional checks
|
1079
|
+
// for FIPS-compliant key generation.
|
1080
|
+
//
|
1081
|
+
// This function returns one on success and zero on failure. It has a failure
|
1082
|
+
// probability of about 2^-20.
|
1083
|
+
static int rsa_generate_key_impl(RSA *rsa, int bits, const BIGNUM *e_value,
|
1084
|
+
BN_GENCB *cb) {
|
1031
1085
|
// See FIPS 186-4 appendix B.3. This function implements a generalized version
|
1032
1086
|
// of the FIPS algorithm. |RSA_generate_key_fips| performs additional checks
|
1033
1087
|
// for FIPS-compliant key generation.
|
@@ -1113,6 +1167,9 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) {
|
|
1113
1167
|
do {
|
1114
1168
|
// Generate p and q, each of size |prime_bits|, using the steps outlined in
|
1115
1169
|
// appendix FIPS 186-4 appendix B.3.3.
|
1170
|
+
//
|
1171
|
+
// Each call to |generate_prime| fails with probability p = 2^-21. The
|
1172
|
+
// probability that either call fails is 1 - (1-p)^2, which is around 2^-20.
|
1116
1173
|
if (!generate_prime(rsa->p, prime_bits, rsa->e, NULL, sqrt2,
|
1117
1174
|
pow2_prime_bits_100, ctx, cb) ||
|
1118
1175
|
!BN_GENCB_call(cb, 3, 0) ||
|
@@ -1192,6 +1249,66 @@ err:
|
|
1192
1249
|
return ret;
|
1193
1250
|
}
|
1194
1251
|
|
1252
|
+
static void replace_bignum(BIGNUM **out, BIGNUM **in) {
|
1253
|
+
BN_free(*out);
|
1254
|
+
*out = *in;
|
1255
|
+
*in = NULL;
|
1256
|
+
}
|
1257
|
+
|
1258
|
+
static void replace_bn_mont_ctx(BN_MONT_CTX **out, BN_MONT_CTX **in) {
|
1259
|
+
BN_MONT_CTX_free(*out);
|
1260
|
+
*out = *in;
|
1261
|
+
*in = NULL;
|
1262
|
+
}
|
1263
|
+
|
1264
|
+
int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e_value,
|
1265
|
+
BN_GENCB *cb) {
|
1266
|
+
// |rsa_generate_key_impl|'s 2^-20 failure probability is too high at scale,
|
1267
|
+
// so we run the FIPS algorithm four times, bringing it down to 2^-80. We
|
1268
|
+
// should just adjust the retry limit, but FIPS 186-4 prescribes that value
|
1269
|
+
// and thus results in unnecessary complexity.
|
1270
|
+
for (int i = 0; i < 4; i++) {
|
1271
|
+
ERR_clear_error();
|
1272
|
+
// Generate into scratch space, to avoid leaving partial work on failure.
|
1273
|
+
RSA *tmp = RSA_new();
|
1274
|
+
if (tmp == NULL) {
|
1275
|
+
return 0;
|
1276
|
+
}
|
1277
|
+
if (rsa_generate_key_impl(tmp, bits, e_value, cb)) {
|
1278
|
+
replace_bignum(&rsa->n, &tmp->n);
|
1279
|
+
replace_bignum(&rsa->e, &tmp->e);
|
1280
|
+
replace_bignum(&rsa->d, &tmp->d);
|
1281
|
+
replace_bignum(&rsa->p, &tmp->p);
|
1282
|
+
replace_bignum(&rsa->q, &tmp->q);
|
1283
|
+
replace_bignum(&rsa->dmp1, &tmp->dmp1);
|
1284
|
+
replace_bignum(&rsa->dmq1, &tmp->dmq1);
|
1285
|
+
replace_bignum(&rsa->iqmp, &tmp->iqmp);
|
1286
|
+
replace_bn_mont_ctx(&rsa->mont_n, &tmp->mont_n);
|
1287
|
+
replace_bn_mont_ctx(&rsa->mont_p, &tmp->mont_p);
|
1288
|
+
replace_bn_mont_ctx(&rsa->mont_q, &tmp->mont_q);
|
1289
|
+
replace_bignum(&rsa->d_fixed, &tmp->d_fixed);
|
1290
|
+
replace_bignum(&rsa->dmp1_fixed, &tmp->dmp1_fixed);
|
1291
|
+
replace_bignum(&rsa->dmq1_fixed, &tmp->dmq1_fixed);
|
1292
|
+
replace_bignum(&rsa->inv_small_mod_large_mont,
|
1293
|
+
&tmp->inv_small_mod_large_mont);
|
1294
|
+
rsa->private_key_frozen = tmp->private_key_frozen;
|
1295
|
+
RSA_free(tmp);
|
1296
|
+
return 1;
|
1297
|
+
}
|
1298
|
+
uint32_t err = ERR_peek_error();
|
1299
|
+
RSA_free(tmp);
|
1300
|
+
tmp = NULL;
|
1301
|
+
// Only retry on |RSA_R_TOO_MANY_ITERATIONS|. This is so a caller-induced
|
1302
|
+
// failure in |BN_GENCB_call| is still fatal.
|
1303
|
+
if (ERR_GET_LIB(err) != ERR_LIB_RSA ||
|
1304
|
+
ERR_GET_REASON(err) != RSA_R_TOO_MANY_ITERATIONS) {
|
1305
|
+
return 0;
|
1306
|
+
}
|
1307
|
+
}
|
1308
|
+
|
1309
|
+
return 0;
|
1310
|
+
}
|
1311
|
+
|
1195
1312
|
int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb) {
|
1196
1313
|
// FIPS 186-4 allows 2048-bit and 3072-bit RSA keys (1024-bit and 1536-bit
|
1197
1314
|
// primes, respectively) with the prime generation method we use.
|
@@ -15,6 +15,7 @@
|
|
15
15
|
#include <openssl/crypto.h>
|
16
16
|
|
17
17
|
#include <stdio.h>
|
18
|
+
#include <stdlib.h>
|
18
19
|
|
19
20
|
#include <openssl/aead.h>
|
20
21
|
#include <openssl/aes.h>
|
@@ -35,20 +36,36 @@
|
|
35
36
|
// compile this.
|
36
37
|
#if !defined(_MSC_VER)
|
37
38
|
|
39
|
+
#if defined(BORINGSSL_FIPS) && defined(OPENSSL_ANDROID)
|
40
|
+
// FIPS builds on Android will test for flag files, named after the module hash,
|
41
|
+
// in /dev/boringssl/selftest/. If such a flag file exists, it's assumed that
|
42
|
+
// self-tests have already passed and thus do not need to be repeated. (The
|
43
|
+
// integrity tests always run, however.)
|
44
|
+
//
|
45
|
+
// If self-tests complete successfully and the environment variable named in
|
46
|
+
// |kFlagWriteEnableEnvVar| is present, then the flag file will be created. The
|
47
|
+
// flag file isn't written without the environment variable being set in order
|
48
|
+
// to avoid SELinux violations on Android.
|
49
|
+
#define BORINGSSL_FIPS_SELF_TEST_FLAG_FILE
|
50
|
+
static const char kFlagPrefix[] = "/dev/boringssl/selftest/";
|
51
|
+
static const char kFlagWriteEnableEnvVar[] = "BORINGSSL_SELF_TEST_CREATE_FLAG";
|
52
|
+
#endif
|
53
|
+
|
38
54
|
static void hexdump(const uint8_t *in, size_t len) {
|
39
55
|
for (size_t i = 0; i < len; i++) {
|
40
|
-
|
56
|
+
fprintf(stderr, "%02x", in[i]);
|
41
57
|
}
|
42
58
|
}
|
43
59
|
|
44
60
|
static int check_test(const void *expected, const void *actual,
|
45
61
|
size_t expected_len, const char *name) {
|
46
62
|
if (OPENSSL_memcmp(actual, expected, expected_len) != 0) {
|
47
|
-
|
63
|
+
fprintf(stderr, "%s failed.\nExpected: ", name);
|
48
64
|
hexdump(expected, expected_len);
|
49
|
-
|
65
|
+
fprintf(stderr, "\nCalculated: ");
|
50
66
|
hexdump(actual, expected_len);
|
51
|
-
|
67
|
+
fprintf(stderr, "\n");
|
68
|
+
fflush(stderr);
|
52
69
|
return 0;
|
53
70
|
}
|
54
71
|
return 1;
|
@@ -226,7 +243,42 @@ static EC_KEY *self_test_ecdsa_key(void) {
|
|
226
243
|
return ec_key;
|
227
244
|
}
|
228
245
|
|
229
|
-
|
246
|
+
#if defined(OPENSSL_ANDROID)
|
247
|
+
static const size_t kModuleDigestSize = SHA256_DIGEST_LENGTH;
|
248
|
+
#else
|
249
|
+
static const size_t kModuleDigestSize = SHA512_DIGEST_LENGTH;
|
250
|
+
#endif
|
251
|
+
|
252
|
+
int boringssl_fips_self_test(
|
253
|
+
const uint8_t *module_hash, size_t module_hash_len) {
|
254
|
+
#if defined(BORINGSSL_FIPS_SELF_TEST_FLAG_FILE)
|
255
|
+
char flag_path[sizeof(kFlagPrefix) + 2*kModuleDigestSize];
|
256
|
+
if (module_hash_len != 0) {
|
257
|
+
if (module_hash_len != kModuleDigestSize) {
|
258
|
+
fprintf(stderr,
|
259
|
+
"module hash of length %zu does not match expected length %zu\n",
|
260
|
+
module_hash_len, kModuleDigestSize);
|
261
|
+
BORINGSSL_FIPS_abort();
|
262
|
+
}
|
263
|
+
|
264
|
+
// Test whether the flag file exists.
|
265
|
+
memcpy(flag_path, kFlagPrefix, sizeof(kFlagPrefix) - 1);
|
266
|
+
static const char kHexTable[17] = "0123456789abcdef";
|
267
|
+
for (size_t i = 0; i < kModuleDigestSize; i++) {
|
268
|
+
flag_path[sizeof(kFlagPrefix) - 1 + 2 * i] =
|
269
|
+
kHexTable[module_hash[i] >> 4];
|
270
|
+
flag_path[sizeof(kFlagPrefix) - 1 + 2 * i + 1] =
|
271
|
+
kHexTable[module_hash[i] & 15];
|
272
|
+
}
|
273
|
+
flag_path[sizeof(flag_path) - 1] = 0;
|
274
|
+
|
275
|
+
if (access(flag_path, F_OK) == 0) {
|
276
|
+
// Flag file found. Skip self-tests.
|
277
|
+
return 1;
|
278
|
+
}
|
279
|
+
}
|
280
|
+
#endif // BORINGSSL_FIPS_SELF_TEST_FLAG_FILE
|
281
|
+
|
230
282
|
static const uint8_t kAESKey[16] = "BoringCrypto Key";
|
231
283
|
static const uint8_t kAESIV[16] = {0};
|
232
284
|
static const uint8_t kPlaintext[64] =
|
@@ -393,6 +445,7 @@ int BORINGSSL_self_test(void) {
|
|
393
445
|
// AES-CBC Encryption KAT
|
394
446
|
memcpy(aes_iv, kAESIV, sizeof(kAESIV));
|
395
447
|
if (AES_set_encrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key) != 0) {
|
448
|
+
fprintf(stderr, "AES_set_encrypt_key failed.\n");
|
396
449
|
goto err;
|
397
450
|
}
|
398
451
|
AES_cbc_encrypt(kPlaintext, output, sizeof(kPlaintext), &aes_key, aes_iv,
|
@@ -405,6 +458,7 @@ int BORINGSSL_self_test(void) {
|
|
405
458
|
// AES-CBC Decryption KAT
|
406
459
|
memcpy(aes_iv, kAESIV, sizeof(kAESIV));
|
407
460
|
if (AES_set_decrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key) != 0) {
|
461
|
+
fprintf(stderr, "AES_set_decrypt_key failed.\n");
|
408
462
|
goto err;
|
409
463
|
}
|
410
464
|
AES_cbc_encrypt(kAESCBCCiphertext, output, sizeof(kAESCBCCiphertext),
|
@@ -419,6 +473,7 @@ int BORINGSSL_self_test(void) {
|
|
419
473
|
OPENSSL_memset(nonce, 0, sizeof(nonce));
|
420
474
|
if (!EVP_AEAD_CTX_init(&aead_ctx, EVP_aead_aes_128_gcm(), kAESKey,
|
421
475
|
sizeof(kAESKey), 0, NULL)) {
|
476
|
+
fprintf(stderr, "EVP_AEAD_CTX_init for AES-128-GCM failed.\n");
|
422
477
|
goto err;
|
423
478
|
}
|
424
479
|
|
@@ -428,6 +483,7 @@ int BORINGSSL_self_test(void) {
|
|
428
483
|
kPlaintext, sizeof(kPlaintext), NULL, 0) ||
|
429
484
|
!check_test(kAESGCMCiphertext, output, sizeof(kAESGCMCiphertext),
|
430
485
|
"AES-GCM Encryption KAT")) {
|
486
|
+
fprintf(stderr, "EVP_AEAD_CTX_seal for AES-128-GCM failed.\n");
|
431
487
|
goto err;
|
432
488
|
}
|
433
489
|
|
@@ -438,6 +494,7 @@ int BORINGSSL_self_test(void) {
|
|
438
494
|
0) ||
|
439
495
|
!check_test(kPlaintext, output, sizeof(kPlaintext),
|
440
496
|
"AES-GCM Decryption KAT")) {
|
497
|
+
fprintf(stderr, "EVP_AEAD_CTX_open for AES-128-GCM failed.\n");
|
441
498
|
goto err;
|
442
499
|
}
|
443
500
|
|
@@ -488,7 +545,7 @@ int BORINGSSL_self_test(void) {
|
|
488
545
|
|
489
546
|
rsa_key = self_test_rsa_key();
|
490
547
|
if (rsa_key == NULL) {
|
491
|
-
|
548
|
+
fprintf(stderr, "RSA KeyGen failed\n");
|
492
549
|
goto err;
|
493
550
|
}
|
494
551
|
|
@@ -503,19 +560,20 @@ int BORINGSSL_self_test(void) {
|
|
503
560
|
&sig_len, rsa_key) ||
|
504
561
|
!check_test(kRSASignature, output, sizeof(kRSASignature),
|
505
562
|
"RSA Sign KAT")) {
|
563
|
+
fprintf(stderr, "RSA signing test failed.\n");
|
506
564
|
goto err;
|
507
565
|
}
|
508
566
|
|
509
567
|
// RSA Verify KAT
|
510
568
|
if (!RSA_verify(NID_sha256, kPlaintextSHA256, sizeof(kPlaintextSHA256),
|
511
569
|
kRSASignature, sizeof(kRSASignature), rsa_key)) {
|
512
|
-
|
570
|
+
fprintf(stderr, "RSA Verify KAT failed.\n");
|
513
571
|
goto err;
|
514
572
|
}
|
515
573
|
|
516
574
|
ec_key = self_test_ecdsa_key();
|
517
575
|
if (ec_key == NULL) {
|
518
|
-
|
576
|
+
fprintf(stderr, "ECDSA KeyGen failed\n");
|
519
577
|
goto err;
|
520
578
|
}
|
521
579
|
|
@@ -525,7 +583,7 @@ int BORINGSSL_self_test(void) {
|
|
525
583
|
ec_key->fixed_k = BN_new();
|
526
584
|
if (ec_key->fixed_k == NULL ||
|
527
585
|
!BN_set_word(ec_key->fixed_k, 42)) {
|
528
|
-
|
586
|
+
fprintf(stderr, "Out of memory\n");
|
529
587
|
goto err;
|
530
588
|
}
|
531
589
|
|
@@ -540,7 +598,7 @@ int BORINGSSL_self_test(void) {
|
|
540
598
|
!BN_bn2bin(sig->s, ecdsa_s_bytes) ||
|
541
599
|
!check_test(kECDSASigR, ecdsa_r_bytes, sizeof(kECDSASigR), "ECDSA R") ||
|
542
600
|
!check_test(kECDSASigS, ecdsa_s_bytes, sizeof(kECDSASigS), "ECDSA S")) {
|
543
|
-
|
601
|
+
fprintf(stderr, "ECDSA KAT failed.\n");
|
544
602
|
goto err;
|
545
603
|
}
|
546
604
|
|
@@ -557,6 +615,7 @@ int BORINGSSL_self_test(void) {
|
|
557
615
|
sizeof(kDRBGAD)) ||
|
558
616
|
!check_test(kDRBGReseedOutput, output, sizeof(kDRBGReseedOutput),
|
559
617
|
"DRBG Reseed KAT")) {
|
618
|
+
fprintf(stderr, "CTR-DRBG failed.\n");
|
560
619
|
goto err;
|
561
620
|
}
|
562
621
|
CTR_DRBG_clear(&drbg);
|
@@ -569,6 +628,16 @@ int BORINGSSL_self_test(void) {
|
|
569
628
|
|
570
629
|
ret = 1;
|
571
630
|
|
631
|
+
#if defined(BORINGSSL_FIPS_SELF_TEST_FLAG_FILE)
|
632
|
+
// Tests were successful. Write flag file if requested.
|
633
|
+
if (module_hash_len != 0 && getenv(kFlagWriteEnableEnvVar) != NULL) {
|
634
|
+
const int fd = open(flag_path, O_WRONLY | O_CREAT | O_TRUNC, 0644);
|
635
|
+
if (fd >= 0) {
|
636
|
+
close(fd);
|
637
|
+
}
|
638
|
+
}
|
639
|
+
#endif // BORINGSSL_FIPS_SELF_TEST_FLAG_FILE
|
640
|
+
|
572
641
|
err:
|
573
642
|
EVP_AEAD_CTX_cleanup(&aead_ctx);
|
574
643
|
RSA_free(rsa_key);
|
@@ -578,4 +647,8 @@ err:
|
|
578
647
|
return ret;
|
579
648
|
}
|
580
649
|
|
650
|
+
int BORINGSSL_self_test(void) {
|
651
|
+
return boringssl_fips_self_test(NULL, 0);
|
652
|
+
}
|
653
|
+
|
581
654
|
#endif // !_MSC_VER
|