grpc 1.24.0 → 1.25.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +306 -243
- data/etc/roots.pem +0 -100
- data/include/grpc/grpc_security.h +44 -18
- data/include/grpc/impl/codegen/grpc_types.h +15 -0
- data/include/grpc/impl/codegen/port_platform.h +27 -11
- data/include/grpc/impl/codegen/sync_generic.h +1 -1
- data/src/boringssl/err_data.c +695 -650
- data/src/core/ext/filters/client_channel/client_channel.cc +257 -179
- data/src/core/ext/filters/client_channel/client_channel.h +24 -0
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +2 -3
- data/src/core/ext/filters/client_channel/client_channel_factory.h +1 -5
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +18 -45
- data/src/core/ext/filters/client_channel/health/health_check_client.h +5 -13
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy.cc +2 -3
- data/src/core/ext/filters/client_channel/lb_policy.h +65 -55
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +14 -14
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +113 -36
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +14 -19
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +36 -13
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -10
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +814 -1589
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +2 -5
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -6
- data/src/core/ext/filters/client_channel/resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver.h +8 -16
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +25 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +46 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +10 -17
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +7 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +111 -44
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +22 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +29 -10
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +27 -36
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +7 -10
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -16
- data/src/core/ext/filters/client_channel/resolver_factory.h +4 -8
- data/src/core/ext/filters/client_channel/resolver_registry.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver_registry.h +1 -1
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +7 -10
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +7 -8
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +1 -1
- data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
- data/src/core/ext/filters/client_channel/retry_throttle.h +1 -4
- data/src/core/ext/filters/client_channel/service_config.h +8 -8
- data/src/core/ext/filters/client_channel/subchannel.cc +53 -86
- data/src/core/ext/filters/client_channel/subchannel.h +7 -9
- data/src/core/ext/filters/client_channel/subchannel_interface.h +9 -13
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +3 -6
- data/src/core/ext/filters/client_channel/{lb_policy/xds/xds_load_balancer_api.cc → xds/xds_api.cc} +169 -52
- data/src/core/ext/filters/client_channel/xds/xds_api.h +171 -0
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +450 -0
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +99 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel.h +8 -6
- data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel_secure.cc +28 -11
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +1413 -0
- data/src/core/ext/filters/client_channel/xds/xds_client.h +221 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.cc +1 -5
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.h +3 -4
- data/src/core/ext/filters/deadline/deadline_filter.cc +20 -20
- data/src/core/ext/filters/http/client/http_client_filter.cc +15 -15
- data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +12 -12
- data/src/core/ext/filters/max_age/max_age_filter.cc +59 -50
- data/src/core/ext/filters/message_size/message_size_filter.cc +18 -18
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +15 -14
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +233 -175
- data/src/core/ext/transport/chttp2/transport/flow_control.h +21 -24
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +253 -163
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +24 -12
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +13 -15
- data/src/core/ext/transport/chttp2/transport/writing.cc +3 -0
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
- data/src/core/lib/channel/channel_args.cc +16 -0
- data/src/core/lib/channel/channel_args.h +22 -0
- data/src/core/lib/channel/channelz.cc +5 -6
- data/src/core/lib/channel/channelz.h +1 -1
- data/src/core/lib/channel/connected_channel.cc +20 -20
- data/src/core/lib/channel/handshaker.h +3 -4
- data/src/core/lib/channel/handshaker_factory.h +1 -3
- data/src/core/lib/debug/trace.h +3 -2
- data/src/core/lib/gprpp/arena.cc +3 -3
- data/src/core/lib/gprpp/arena.h +2 -3
- data/src/core/lib/gprpp/inlined_vector.h +9 -0
- data/src/core/lib/gprpp/map.h +3 -501
- data/src/core/lib/gprpp/memory.h +45 -41
- data/src/core/lib/gprpp/mpscq.cc +108 -0
- data/src/core/lib/gprpp/mpscq.h +98 -0
- data/src/core/lib/gprpp/orphanable.h +6 -11
- data/src/core/lib/gprpp/ref_counted.h +25 -19
- data/src/core/lib/gprpp/set.h +33 -0
- data/src/core/lib/gprpp/thd.h +2 -4
- data/src/core/lib/http/httpcli.cc +1 -1
- data/src/core/lib/http/httpcli_security_connector.cc +15 -11
- data/src/core/lib/http/parser.cc +1 -1
- data/src/core/lib/iomgr/buffer_list.cc +4 -5
- data/src/core/lib/iomgr/buffer_list.h +5 -6
- data/src/core/lib/iomgr/call_combiner.cc +4 -5
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/cfstream_handle.h +3 -5
- data/src/core/lib/iomgr/closure.h +8 -3
- data/src/core/lib/iomgr/combiner.cc +45 -82
- data/src/core/lib/iomgr/combiner.h +32 -8
- data/src/core/lib/iomgr/endpoint_cfstream.cc +5 -3
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -15
- data/src/core/lib/iomgr/ev_poll_posix.cc +3 -1
- data/src/core/lib/iomgr/exec_ctx.h +4 -3
- data/src/core/lib/iomgr/executor.cc +4 -2
- data/src/core/lib/iomgr/executor.h +3 -0
- data/src/core/lib/iomgr/executor/mpmcqueue.h +3 -6
- data/src/core/lib/iomgr/executor/threadpool.cc +1 -2
- data/src/core/lib/iomgr/executor/threadpool.h +7 -11
- data/src/core/lib/iomgr/resource_quota.cc +55 -51
- data/src/core/lib/iomgr/resource_quota.h +13 -9
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +13 -0
- data/src/core/lib/iomgr/socket_utils_posix.h +4 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +4 -11
- data/src/core/lib/iomgr/tcp_custom.cc +9 -7
- data/src/core/lib/iomgr/tcp_posix.cc +20 -16
- data/src/core/lib/iomgr/tcp_server.h +1 -4
- data/src/core/lib/iomgr/tcp_server_custom.cc +5 -5
- data/src/core/lib/iomgr/tcp_server_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -11
- data/src/core/lib/iomgr/timer_custom.cc +2 -2
- data/src/core/lib/iomgr/udp_server.cc +3 -2
- data/src/core/lib/iomgr/udp_server.h +6 -12
- data/src/core/lib/json/json.h +1 -1
- data/src/core/lib/json/json_string.cc +2 -2
- data/src/core/lib/profiling/basic_timers.cc +2 -2
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -2
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -1
- data/src/core/lib/security/credentials/credentials.h +4 -20
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +4 -4
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +64 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -7
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +2 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/security_connector.cc +1 -0
- data/src/core/lib/security/security_connector/security_connector.h +19 -17
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +8 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
- data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +14 -6
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +4 -2
- data/src/core/lib/security/transport/client_auth_filter.cc +17 -17
- data/src/core/lib/security/transport/security_handshaker.cc +29 -13
- data/src/core/lib/security/transport/security_handshaker.h +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +14 -14
- data/src/core/lib/slice/slice.cc +2 -10
- data/src/core/lib/slice/slice_hash_table.h +4 -6
- data/src/core/lib/slice/slice_intern.cc +42 -39
- data/src/core/lib/slice/slice_internal.h +3 -3
- data/src/core/lib/slice/slice_utils.h +21 -4
- data/src/core/lib/slice/slice_weak_hash_table.h +4 -6
- data/src/core/lib/surface/call.cc +3 -3
- data/src/core/lib/surface/channel.cc +7 -0
- data/src/core/lib/surface/completion_queue.cc +12 -11
- data/src/core/lib/surface/completion_queue.h +4 -2
- data/src/core/lib/surface/init.cc +1 -0
- data/src/core/lib/surface/lame_client.cc +33 -18
- data/src/core/lib/surface/server.cc +77 -76
- data/src/core/lib/surface/version.cc +1 -1
- data/src/core/lib/transport/byte_stream.h +3 -7
- data/src/core/lib/transport/connectivity_state.cc +112 -98
- data/src/core/lib/transport/connectivity_state.h +100 -50
- data/src/core/lib/transport/static_metadata.cc +276 -288
- data/src/core/lib/transport/static_metadata.h +73 -76
- data/src/core/lib/transport/status_conversion.cc +1 -1
- data/src/core/lib/transport/status_metadata.cc +1 -1
- data/src/core/lib/transport/transport.cc +2 -2
- data/src/core/lib/transport/transport.h +12 -4
- data/src/core/lib/transport/transport_op_string.cc +14 -11
- data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +5 -5
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -2
- data/src/core/tsi/fake_transport_security.cc +7 -5
- data/src/core/tsi/grpc_shadow_boringssl.h +2918 -2627
- data/src/core/tsi/local_transport_security.cc +8 -6
- data/src/core/tsi/ssl/session_cache/ssl_session.h +1 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +7 -5
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -6
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -2
- data/src/core/tsi/ssl_transport_security.cc +12 -12
- data/src/core/tsi/ssl_transport_security.h +2 -2
- data/src/core/tsi/transport_security_grpc.cc +7 -0
- data/src/core/tsi/transport_security_grpc.h +6 -0
- data/src/ruby/ext/grpc/extconf.rb +1 -0
- data/src/ruby/ext/grpc/rb_call.c +1 -1
- data/src/ruby/ext/grpc/rb_channel.c +1 -1
- data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
- data/src/ruby/lib/grpc/generic/rpc_server.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
- data/third_party/boringssl/crypto/asn1/a_bool.c +18 -5
- data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +17 -221
- data/third_party/boringssl/crypto/asn1/a_dup.c +0 -24
- data/third_party/boringssl/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +10 -72
- data/third_party/boringssl/crypto/asn1/a_int.c +12 -71
- data/third_party/boringssl/crypto/asn1/a_mbstr.c +110 -216
- data/third_party/boringssl/crypto/asn1/a_object.c +16 -5
- data/third_party/boringssl/crypto/asn1/a_strnid.c +1 -0
- data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -1
- data/third_party/boringssl/crypto/asn1/tasn_enc.c +3 -1
- data/third_party/boringssl/crypto/base64/base64.c +2 -2
- data/third_party/boringssl/crypto/bio/bio.c +73 -9
- data/third_party/boringssl/crypto/bio/connect.c +4 -0
- data/third_party/boringssl/crypto/bio/fd.c +4 -0
- data/third_party/boringssl/crypto/bio/file.c +5 -2
- data/third_party/boringssl/crypto/bio/socket.c +4 -0
- data/third_party/boringssl/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl/crypto/bn_extra/convert.c +11 -7
- data/third_party/boringssl/crypto/bytestring/ber.c +8 -4
- data/third_party/boringssl/crypto/bytestring/cbb.c +19 -7
- data/third_party/boringssl/crypto/bytestring/cbs.c +28 -15
- data/third_party/boringssl/crypto/bytestring/internal.h +28 -7
- data/third_party/boringssl/crypto/bytestring/unicode.c +155 -0
- data/third_party/boringssl/crypto/chacha/chacha.c +36 -19
- data/third_party/boringssl/crypto/chacha/internal.h +45 -0
- data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +29 -0
- data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +269 -25
- data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +16 -14
- data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +54 -38
- data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +133 -41
- data/third_party/boringssl/crypto/cipher_extra/e_tls.c +23 -15
- data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +24 -15
- data/third_party/boringssl/crypto/cmac/cmac.c +62 -25
- data/third_party/boringssl/crypto/conf/conf.c +7 -0
- data/third_party/boringssl/crypto/cpu-arm-linux.c +4 -148
- data/third_party/boringssl/crypto/cpu-arm-linux.h +201 -0
- data/third_party/boringssl/crypto/cpu-intel.c +45 -51
- data/third_party/boringssl/crypto/crypto.c +39 -22
- data/third_party/boringssl/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl/crypto/dsa/dsa.c +77 -53
- data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +20 -8
- data/third_party/boringssl/crypto/ec_extra/ec_derive.c +96 -0
- data/third_party/boringssl/crypto/{ecdh/ecdh.c → ecdh_extra/ecdh_extra.c} +20 -58
- data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -9
- data/third_party/boringssl/crypto/engine/engine.c +2 -1
- data/third_party/boringssl/crypto/err/err.c +2 -0
- data/third_party/boringssl/crypto/err/internal.h +2 -2
- data/third_party/boringssl/crypto/evp/evp.c +89 -8
- data/third_party/boringssl/crypto/evp/evp_asn1.c +56 -5
- data/third_party/boringssl/crypto/evp/evp_ctx.c +52 -14
- data/third_party/boringssl/crypto/evp/internal.h +18 -1
- data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +5 -0
- data/third_party/boringssl/crypto/evp/p_ec.c +51 -3
- data/third_party/boringssl/crypto/evp/p_ec_asn1.c +6 -7
- data/third_party/boringssl/crypto/evp/p_ed25519.c +36 -3
- data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +76 -45
- data/third_party/boringssl/crypto/evp/p_rsa.c +3 -1
- data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +5 -0
- data/third_party/boringssl/crypto/evp/p_x25519.c +110 -0
- data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +249 -0
- data/third_party/boringssl/crypto/evp/scrypt.c +6 -2
- data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +34 -274
- data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +161 -21
- data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +111 -13
- data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +17 -21
- data/third_party/boringssl/crypto/fipsmodule/bcm.c +119 -7
- data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +19 -2
- data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +2 -2
- data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +93 -160
- data/third_party/boringssl/crypto/fipsmodule/bn/div.c +48 -57
- data/third_party/boringssl/crypto/fipsmodule/bn/div_extra.c +87 -0
- data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +143 -211
- data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -305
- data/third_party/boringssl/crypto/fipsmodule/bn/gcd_extra.c +325 -0
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +168 -50
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +68 -92
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +7 -6
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +11 -14
- data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +358 -443
- data/third_party/boringssl/crypto/fipsmodule/bn/random.c +25 -35
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +20 -25
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +76 -5
- data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +14 -14
- data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +7 -2
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +383 -516
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +4 -0
- data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +3 -4
- data/third_party/boringssl/crypto/fipsmodule/delocate.h +3 -2
- data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +32 -17
- data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +3 -3
- data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +228 -122
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +34 -8
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +311 -98
- data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +82 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +263 -97
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +22 -59
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +317 -234
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9473 -9475
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +313 -109
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +36 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +96 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +126 -792
- data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +84 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/util.c +163 -12
- data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +84 -211
- data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +122 -0
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +60 -205
- data/third_party/boringssl/crypto/fipsmodule/fips_shared_support.c +32 -0
- data/third_party/boringssl/crypto/fipsmodule/is_fips.c +2 -0
- data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +3 -1
- data/third_party/boringssl/crypto/fipsmodule/md5/internal.h +37 -0
- data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +11 -8
- data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +35 -79
- data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +7 -39
- data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +7 -27
- data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +123 -309
- data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +189 -126
- data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +3 -2
- data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +2 -2
- data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +35 -0
- data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +24 -19
- data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +256 -77
- data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +10 -7
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +5 -1
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +131 -14
- data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +83 -10
- data/third_party/boringssl/crypto/fipsmodule/sha/internal.h +53 -0
- data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +9 -13
- data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +18 -12
- data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +95 -168
- data/third_party/boringssl/crypto/hrss/hrss.c +2201 -0
- data/third_party/boringssl/crypto/hrss/internal.h +62 -0
- data/third_party/boringssl/crypto/internal.h +95 -20
- data/third_party/boringssl/crypto/lhash/lhash.c +45 -33
- data/third_party/boringssl/crypto/mem.c +39 -2
- data/third_party/boringssl/crypto/obj/obj.c +4 -4
- data/third_party/boringssl/crypto/obj/obj_dat.h +6181 -875
- data/third_party/boringssl/crypto/pem/pem_all.c +2 -3
- data/third_party/boringssl/crypto/pem/pem_info.c +144 -162
- data/third_party/boringssl/crypto/pem/pem_lib.c +53 -52
- data/third_party/boringssl/crypto/pem/pem_pkey.c +13 -21
- data/third_party/boringssl/crypto/pkcs7/pkcs7.c +15 -22
- data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +168 -16
- data/third_party/boringssl/crypto/pkcs8/internal.h +11 -0
- data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +24 -15
- data/third_party/boringssl/crypto/pkcs8/pkcs8.c +42 -25
- data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +559 -43
- data/third_party/boringssl/crypto/pool/internal.h +1 -1
- data/third_party/boringssl/crypto/pool/pool.c +21 -0
- data/third_party/boringssl/crypto/rand_extra/deterministic.c +8 -0
- data/third_party/boringssl/crypto/rand_extra/fuchsia.c +1 -14
- data/third_party/boringssl/crypto/refcount_lock.c +2 -2
- data/third_party/boringssl/crypto/rsa_extra/rsa_print.c +22 -0
- data/third_party/boringssl/crypto/siphash/siphash.c +80 -0
- data/third_party/boringssl/crypto/stack/stack.c +83 -32
- data/third_party/boringssl/crypto/thread_none.c +2 -2
- data/third_party/boringssl/crypto/thread_pthread.c +2 -2
- data/third_party/boringssl/crypto/thread_win.c +38 -19
- data/third_party/boringssl/crypto/x509/a_strex.c +22 -2
- data/third_party/boringssl/crypto/x509/asn1_gen.c +2 -1
- data/third_party/boringssl/crypto/x509/by_dir.c +7 -0
- data/third_party/boringssl/crypto/x509/by_file.c +12 -10
- data/third_party/boringssl/crypto/x509/t_crl.c +5 -8
- data/third_party/boringssl/crypto/x509/t_req.c +1 -3
- data/third_party/boringssl/crypto/x509/t_x509.c +5 -8
- data/third_party/boringssl/crypto/x509/x509_cmp.c +1 -1
- data/third_party/boringssl/crypto/x509/x509_def.c +1 -1
- data/third_party/boringssl/crypto/x509/x509_lu.c +114 -5
- data/third_party/boringssl/crypto/x509/x509_req.c +20 -0
- data/third_party/boringssl/crypto/x509/x509_set.c +5 -0
- data/third_party/boringssl/crypto/x509/x509_trs.c +1 -0
- data/third_party/boringssl/crypto/x509/x509_txt.c +4 -5
- data/third_party/boringssl/crypto/x509/x509_vfy.c +145 -138
- data/third_party/boringssl/crypto/x509/x509_vpm.c +2 -0
- data/third_party/boringssl/crypto/x509/x509cset.c +40 -0
- data/third_party/boringssl/crypto/x509/x509name.c +2 -3
- data/third_party/boringssl/crypto/x509/x_all.c +109 -210
- data/third_party/boringssl/crypto/x509/x_x509.c +6 -0
- data/third_party/boringssl/crypto/x509v3/ext_dat.h +1 -3
- data/third_party/boringssl/crypto/x509v3/internal.h +56 -0
- data/third_party/boringssl/crypto/x509v3/pcy_cache.c +2 -0
- data/third_party/boringssl/crypto/x509v3/pcy_node.c +1 -0
- data/third_party/boringssl/crypto/x509v3/pcy_tree.c +4 -2
- data/third_party/boringssl/crypto/x509v3/v3_akey.c +5 -2
- data/third_party/boringssl/crypto/x509v3/v3_alt.c +19 -13
- data/third_party/boringssl/crypto/x509v3/v3_conf.c +2 -1
- data/third_party/boringssl/crypto/x509v3/v3_cpols.c +3 -2
- data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -6
- data/third_party/boringssl/crypto/x509v3/v3_lib.c +1 -0
- data/third_party/boringssl/crypto/x509v3/v3_ocsp.c +68 -0
- data/third_party/boringssl/crypto/x509v3/v3_pci.c +2 -1
- data/third_party/boringssl/crypto/x509v3/v3_purp.c +47 -69
- data/third_party/boringssl/crypto/x509v3/v3_skey.c +5 -2
- data/third_party/boringssl/crypto/x509v3/v3_utl.c +69 -25
- data/third_party/boringssl/include/openssl/aead.h +45 -19
- data/third_party/boringssl/include/openssl/aes.h +32 -7
- data/third_party/boringssl/include/openssl/asn1.h +7 -77
- data/third_party/boringssl/include/openssl/base.h +120 -6
- data/third_party/boringssl/include/openssl/base64.h +4 -1
- data/third_party/boringssl/include/openssl/bio.h +112 -81
- data/third_party/boringssl/include/openssl/blowfish.h +3 -3
- data/third_party/boringssl/include/openssl/bn.h +55 -29
- data/third_party/boringssl/include/openssl/buf.h +2 -2
- data/third_party/boringssl/include/openssl/bytestring.h +54 -32
- data/third_party/boringssl/include/openssl/cast.h +2 -2
- data/third_party/boringssl/include/openssl/cipher.h +46 -16
- data/third_party/boringssl/include/openssl/cmac.h +6 -2
- data/third_party/boringssl/include/openssl/conf.h +3 -6
- data/third_party/boringssl/include/openssl/cpu.h +25 -9
- data/third_party/boringssl/include/openssl/crypto.h +32 -10
- data/third_party/boringssl/include/openssl/curve25519.h +4 -4
- data/third_party/boringssl/include/openssl/dh.h +3 -2
- data/third_party/boringssl/include/openssl/digest.h +21 -7
- data/third_party/boringssl/include/openssl/dsa.h +8 -2
- data/third_party/boringssl/include/openssl/e_os2.h +18 -0
- data/third_party/boringssl/include/openssl/ec.h +25 -21
- data/third_party/boringssl/include/openssl/ec_key.h +36 -8
- data/third_party/boringssl/include/openssl/ecdh.h +17 -0
- data/third_party/boringssl/include/openssl/ecdsa.h +3 -3
- data/third_party/boringssl/include/openssl/engine.h +4 -4
- data/third_party/boringssl/include/openssl/err.h +3 -0
- data/third_party/boringssl/include/openssl/evp.h +199 -42
- data/third_party/boringssl/include/openssl/hmac.h +4 -4
- data/third_party/boringssl/include/openssl/hrss.h +100 -0
- data/third_party/boringssl/include/openssl/lhash.h +131 -23
- data/third_party/boringssl/include/openssl/md4.h +6 -4
- data/third_party/boringssl/include/openssl/md5.h +6 -4
- data/third_party/boringssl/include/openssl/mem.h +6 -2
- data/third_party/boringssl/include/openssl/nid.h +3 -0
- data/third_party/boringssl/include/openssl/obj.h +3 -0
- data/third_party/boringssl/include/openssl/pem.h +102 -64
- data/third_party/boringssl/include/openssl/pkcs7.h +136 -3
- data/third_party/boringssl/include/openssl/pkcs8.h +42 -3
- data/third_party/boringssl/include/openssl/pool.h +13 -2
- data/third_party/boringssl/include/openssl/ripemd.h +5 -4
- data/third_party/boringssl/include/openssl/rsa.h +46 -15
- data/third_party/boringssl/include/openssl/sha.h +40 -28
- data/third_party/boringssl/include/openssl/siphash.h +37 -0
- data/third_party/boringssl/include/openssl/span.h +17 -9
- data/third_party/boringssl/include/openssl/ssl.h +766 -393
- data/third_party/boringssl/include/openssl/ssl3.h +4 -3
- data/third_party/boringssl/include/openssl/stack.h +134 -77
- data/third_party/boringssl/include/openssl/thread.h +1 -1
- data/third_party/boringssl/include/openssl/tls1.h +25 -9
- data/third_party/boringssl/include/openssl/type_check.h +14 -15
- data/third_party/boringssl/include/openssl/x509.h +28 -3
- data/third_party/boringssl/include/openssl/x509_vfy.h +98 -32
- data/third_party/boringssl/include/openssl/x509v3.h +17 -13
- data/third_party/boringssl/ssl/d1_both.cc +9 -18
- data/third_party/boringssl/ssl/d1_lib.cc +4 -3
- data/third_party/boringssl/ssl/d1_pkt.cc +4 -4
- data/third_party/boringssl/ssl/d1_srtp.cc +15 -15
- data/third_party/boringssl/ssl/dtls_method.cc +0 -1
- data/third_party/boringssl/ssl/dtls_record.cc +28 -28
- data/third_party/boringssl/ssl/handoff.cc +295 -91
- data/third_party/boringssl/ssl/handshake.cc +133 -72
- data/third_party/boringssl/ssl/handshake_client.cc +218 -189
- data/third_party/boringssl/ssl/handshake_server.cc +399 -272
- data/third_party/boringssl/ssl/internal.h +1413 -928
- data/third_party/boringssl/ssl/s3_both.cc +175 -36
- data/third_party/boringssl/ssl/s3_lib.cc +9 -13
- data/third_party/boringssl/ssl/s3_pkt.cc +63 -29
- data/third_party/boringssl/ssl/ssl_aead_ctx.cc +55 -35
- data/third_party/boringssl/ssl/ssl_asn1.cc +57 -73
- data/third_party/boringssl/ssl/ssl_buffer.cc +13 -12
- data/third_party/boringssl/ssl/ssl_cert.cc +313 -210
- data/third_party/boringssl/ssl/ssl_cipher.cc +159 -221
- data/third_party/boringssl/ssl/ssl_file.cc +2 -0
- data/third_party/boringssl/ssl/ssl_key_share.cc +164 -19
- data/third_party/boringssl/ssl/ssl_lib.cc +847 -555
- data/third_party/boringssl/ssl/ssl_privkey.cc +441 -111
- data/third_party/boringssl/ssl/ssl_session.cc +230 -178
- data/third_party/boringssl/ssl/ssl_transcript.cc +21 -142
- data/third_party/boringssl/ssl/ssl_versions.cc +88 -93
- data/third_party/boringssl/ssl/ssl_x509.cc +279 -218
- data/third_party/boringssl/ssl/t1_enc.cc +5 -96
- data/third_party/boringssl/ssl/t1_lib.cc +931 -678
- data/third_party/boringssl/ssl/tls13_both.cc +251 -121
- data/third_party/boringssl/ssl/tls13_client.cc +129 -73
- data/third_party/boringssl/ssl/tls13_enc.cc +350 -282
- data/third_party/boringssl/ssl/tls13_server.cc +259 -192
- data/third_party/boringssl/ssl/tls_method.cc +26 -21
- data/third_party/boringssl/ssl/tls_record.cc +42 -47
- data/third_party/boringssl/third_party/fiat/curve25519.c +261 -1324
- data/third_party/boringssl/third_party/fiat/curve25519_32.h +911 -0
- data/third_party/boringssl/third_party/fiat/curve25519_64.h +559 -0
- data/third_party/boringssl/third_party/fiat/p256.c +238 -999
- data/third_party/boringssl/third_party/fiat/p256_32.h +3226 -0
- data/third_party/boringssl/third_party/fiat/p256_64.h +1217 -0
- data/third_party/upb/upb/port_def.inc +1 -1
- data/third_party/upb/upb/table.c +2 -1
- metadata +72 -44
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +0 -127
- data/src/core/lib/gpr/mpscq.cc +0 -117
- data/src/core/lib/gpr/mpscq.h +0 -88
- data/src/core/lib/gprpp/abstract.h +0 -47
- data/src/core/lib/gprpp/pair.h +0 -38
- data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
- data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
- data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
- data/third_party/boringssl/ssl/custom_extensions.cc +0 -265
@@ -0,0 +1,62 @@
|
|
1
|
+
/* Copyright (c) 2018, Google Inc.
|
2
|
+
*
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
6
|
+
*
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
14
|
+
|
15
|
+
#ifndef OPENSSL_HEADER_HRSS_INTERNAL_H
|
16
|
+
#define OPENSSL_HEADER_HRSS_INTERNAL_H
|
17
|
+
|
18
|
+
#include <openssl/base.h>
|
19
|
+
#include "../internal.h"
|
20
|
+
|
21
|
+
#if defined(__cplusplus)
|
22
|
+
extern "C" {
|
23
|
+
#endif
|
24
|
+
|
25
|
+
|
26
|
+
#define N 701
|
27
|
+
#define BITS_PER_WORD (sizeof(crypto_word_t) * 8)
|
28
|
+
#define WORDS_PER_POLY ((N + BITS_PER_WORD - 1) / BITS_PER_WORD)
|
29
|
+
#define BITS_IN_LAST_WORD (N % BITS_PER_WORD)
|
30
|
+
|
31
|
+
struct poly2 {
|
32
|
+
crypto_word_t v[WORDS_PER_POLY];
|
33
|
+
};
|
34
|
+
|
35
|
+
struct poly3 {
|
36
|
+
struct poly2 s, a;
|
37
|
+
};
|
38
|
+
|
39
|
+
OPENSSL_EXPORT void HRSS_poly2_rotr_consttime(struct poly2 *p, size_t bits);
|
40
|
+
OPENSSL_EXPORT void HRSS_poly3_mul(struct poly3 *out, const struct poly3 *x,
|
41
|
+
const struct poly3 *y);
|
42
|
+
OPENSSL_EXPORT void HRSS_poly3_invert(struct poly3 *out,
|
43
|
+
const struct poly3 *in);
|
44
|
+
|
45
|
+
// On x86-64, we can use the AVX2 code from [HRSS]. (The authors have given
|
46
|
+
// explicit permission for this and signed a CLA.) However it's 57KB of object
|
47
|
+
// code, so it's not used if |OPENSSL_SMALL| is defined.
|
48
|
+
#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_SMALL) && \
|
49
|
+
defined(OPENSSL_X86_64) && defined(OPENSSL_LINUX)
|
50
|
+
#define POLY_RQ_MUL_ASM
|
51
|
+
// poly_Rq_mul is defined in assembly. Inputs and outputs must be 16-byte-
|
52
|
+
// aligned.
|
53
|
+
extern void poly_Rq_mul(uint16_t r[N + 3], const uint16_t a[N + 3],
|
54
|
+
const uint16_t b[N + 3]);
|
55
|
+
#endif
|
56
|
+
|
57
|
+
|
58
|
+
#if defined(__cplusplus)
|
59
|
+
} // extern "C"
|
60
|
+
#endif
|
61
|
+
|
62
|
+
#endif // !OPENSSL_HEADER_HRSS_INTERNAL_H
|
@@ -116,14 +116,11 @@
|
|
116
116
|
#include <assert.h>
|
117
117
|
#include <string.h>
|
118
118
|
|
119
|
-
#if defined(
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
#define alignas(x) __attribute__ ((aligned (x)))
|
125
|
-
#define alignof(x) __alignof__ (x)
|
126
|
-
#elif !defined(__cplusplus)
|
119
|
+
#if defined(BORINGSSL_CONSTANT_TIME_VALIDATION)
|
120
|
+
#include <valgrind/memcheck.h>
|
121
|
+
#endif
|
122
|
+
|
123
|
+
#if !defined(__cplusplus)
|
127
124
|
#if defined(_MSC_VER)
|
128
125
|
#define alignas(x) __declspec(align(x))
|
129
126
|
#define alignof __alignof
|
@@ -132,13 +129,13 @@
|
|
132
129
|
#endif
|
133
130
|
#endif
|
134
131
|
|
135
|
-
#if
|
132
|
+
#if defined(OPENSSL_THREADS) && \
|
136
133
|
(!defined(OPENSSL_WINDOWS) || defined(__MINGW32__))
|
137
134
|
#include <pthread.h>
|
138
135
|
#define OPENSSL_PTHREADS
|
139
136
|
#endif
|
140
137
|
|
141
|
-
#if
|
138
|
+
#if defined(OPENSSL_THREADS) && !defined(OPENSSL_PTHREADS) && \
|
142
139
|
defined(OPENSSL_WINDOWS)
|
143
140
|
#define OPENSSL_WINDOWS_THREADS
|
144
141
|
OPENSSL_MSVC_PRAGMA(warning(push, 3))
|
@@ -157,6 +154,14 @@ extern "C" {
|
|
157
154
|
void OPENSSL_cpuid_setup(void);
|
158
155
|
#endif
|
159
156
|
|
157
|
+
#if (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) && \
|
158
|
+
!defined(OPENSSL_STATIC_ARMCAP)
|
159
|
+
// OPENSSL_get_armcap_pointer_for_test returns a pointer to |OPENSSL_armcap_P|
|
160
|
+
// for unit tests. Any modifications to the value must be made after
|
161
|
+
// |CRYPTO_library_init| but before any other function call in BoringSSL.
|
162
|
+
OPENSSL_EXPORT uint32_t *OPENSSL_get_armcap_pointer_for_test(void);
|
163
|
+
#endif
|
164
|
+
|
160
165
|
|
161
166
|
#if (!defined(_MSC_VER) || defined(__clang__)) && defined(OPENSSL_64_BIT)
|
162
167
|
#define BORINGSSL_HAS_UINT128
|
@@ -182,6 +187,15 @@ typedef __uint128_t uint128_t;
|
|
182
187
|
#define OPENSSL_FALLTHROUGH [[gnu::fallthrough]]
|
183
188
|
#elif defined(__GNUC__) && __GNUC__ >= 7 // gcc 7
|
184
189
|
#define OPENSSL_FALLTHROUGH __attribute__ ((fallthrough))
|
190
|
+
#elif defined(__clang__)
|
191
|
+
#if __has_attribute(fallthrough) && __clang_major__ >= 5
|
192
|
+
// Clang 3.5, at least, complains about "error: declaration does not declare
|
193
|
+
// anything", possibily because we put a semicolon after this macro in
|
194
|
+
// practice. Thus limit it to >= Clang 5, which does work.
|
195
|
+
#define OPENSSL_FALLTHROUGH __attribute__ ((fallthrough))
|
196
|
+
#else // clang versions that do not support fallthrough.
|
197
|
+
#define OPENSSL_FALLTHROUGH
|
198
|
+
#endif
|
185
199
|
#else // C++11 on gcc 6, and all other cases
|
186
200
|
#define OPENSSL_FALLTHROUGH
|
187
201
|
#endif
|
@@ -230,15 +244,41 @@ typedef uint32_t crypto_word_t;
|
|
230
244
|
#error "Must define either OPENSSL_32_BIT or OPENSSL_64_BIT"
|
231
245
|
#endif
|
232
246
|
|
233
|
-
#define CONSTTIME_TRUE_W ~((crypto_word_t)0)
|
234
|
-
#define CONSTTIME_FALSE_W ((crypto_word_t)0)
|
235
|
-
#define CONSTTIME_TRUE_8 ((uint8_t)0xff)
|
236
|
-
|
237
247
|
#define CONSTTIME_TRUE_W ~((crypto_word_t)0)
|
238
248
|
#define CONSTTIME_FALSE_W ((crypto_word_t)0)
|
239
249
|
#define CONSTTIME_TRUE_8 ((uint8_t)0xff)
|
240
250
|
#define CONSTTIME_FALSE_8 ((uint8_t)0)
|
241
251
|
|
252
|
+
// value_barrier_w returns |a|, but prevents GCC and Clang from reasoning about
|
253
|
+
// the returned value. This is used to mitigate compilers undoing constant-time
|
254
|
+
// code, until we can express our requirements directly in the language.
|
255
|
+
//
|
256
|
+
// Note the compiler is aware that |value_barrier_w| has no side effects and
|
257
|
+
// always has the same output for a given input. This allows it to eliminate
|
258
|
+
// dead code, move computations across loops, and vectorize.
|
259
|
+
static inline crypto_word_t value_barrier_w(crypto_word_t a) {
|
260
|
+
#if !defined(OPENSSL_NO_ASM) && (defined(__GNUC__) || defined(__clang__))
|
261
|
+
__asm__("" : "+r"(a) : /* no inputs */);
|
262
|
+
#endif
|
263
|
+
return a;
|
264
|
+
}
|
265
|
+
|
266
|
+
// value_barrier_u32 behaves like |value_barrier_w| but takes a |uint32_t|.
|
267
|
+
static inline uint32_t value_barrier_u32(uint32_t a) {
|
268
|
+
#if !defined(OPENSSL_NO_ASM) && (defined(__GNUC__) || defined(__clang__))
|
269
|
+
__asm__("" : "+r"(a) : /* no inputs */);
|
270
|
+
#endif
|
271
|
+
return a;
|
272
|
+
}
|
273
|
+
|
274
|
+
// value_barrier_u64 behaves like |value_barrier_w| but takes a |uint64_t|.
|
275
|
+
static inline uint64_t value_barrier_u64(uint64_t a) {
|
276
|
+
#if !defined(OPENSSL_NO_ASM) && (defined(__GNUC__) || defined(__clang__))
|
277
|
+
__asm__("" : "+r"(a) : /* no inputs */);
|
278
|
+
#endif
|
279
|
+
return a;
|
280
|
+
}
|
281
|
+
|
242
282
|
// constant_time_msb_w returns the given value with the MSB copied to all the
|
243
283
|
// other bits.
|
244
284
|
static inline crypto_word_t constant_time_msb_w(crypto_word_t a) {
|
@@ -351,7 +391,13 @@ static inline uint8_t constant_time_eq_int_8(int a, int b) {
|
|
351
391
|
static inline crypto_word_t constant_time_select_w(crypto_word_t mask,
|
352
392
|
crypto_word_t a,
|
353
393
|
crypto_word_t b) {
|
354
|
-
|
394
|
+
// Clang recognizes this pattern as a select. While it usually transforms it
|
395
|
+
// to a cmov, it sometimes further transforms it into a branch, which we do
|
396
|
+
// not want.
|
397
|
+
//
|
398
|
+
// Adding barriers to both |mask| and |~mask| breaks the relationship between
|
399
|
+
// the two, which makes the compiler stick with bitmasks.
|
400
|
+
return (value_barrier_w(mask) & a) | (value_barrier_w(~mask) & b);
|
355
401
|
}
|
356
402
|
|
357
403
|
// constant_time_select_8 acts like |constant_time_select| but operates on
|
@@ -368,10 +414,30 @@ static inline int constant_time_select_int(crypto_word_t mask, int a, int b) {
|
|
368
414
|
(crypto_word_t)(b)));
|
369
415
|
}
|
370
416
|
|
417
|
+
#if defined(BORINGSSL_CONSTANT_TIME_VALIDATION)
|
418
|
+
|
419
|
+
// CONSTTIME_SECRET takes a pointer and a number of bytes and marks that region
|
420
|
+
// of memory as secret. Secret data is tracked as it flows to registers and
|
421
|
+
// other parts of a memory. If secret data is used as a condition for a branch,
|
422
|
+
// or as a memory index, it will trigger warnings in valgrind.
|
423
|
+
#define CONSTTIME_SECRET(x, y) VALGRIND_MAKE_MEM_UNDEFINED(x, y)
|
424
|
+
|
425
|
+
// CONSTTIME_DECLASSIFY takes a pointer and a number of bytes and marks that
|
426
|
+
// region of memory as public. Public data is not subject to constant-time
|
427
|
+
// rules.
|
428
|
+
#define CONSTTIME_DECLASSIFY(x, y) VALGRIND_MAKE_MEM_DEFINED(x, y)
|
429
|
+
|
430
|
+
#else
|
431
|
+
|
432
|
+
#define CONSTTIME_SECRET(x, y)
|
433
|
+
#define CONSTTIME_DECLASSIFY(x, y)
|
434
|
+
|
435
|
+
#endif // BORINGSSL_CONSTANT_TIME_VALIDATION
|
436
|
+
|
371
437
|
|
372
438
|
// Thread-safe initialisation.
|
373
439
|
|
374
|
-
#if defined(
|
440
|
+
#if !defined(OPENSSL_THREADS)
|
375
441
|
typedef uint32_t CRYPTO_once_t;
|
376
442
|
#define CRYPTO_ONCE_INIT 0
|
377
443
|
#elif defined(OPENSSL_WINDOWS_THREADS)
|
@@ -427,7 +493,7 @@ OPENSSL_EXPORT int CRYPTO_refcount_dec_and_test_zero(CRYPTO_refcount_t *count);
|
|
427
493
|
// thread.h as a structure large enough to fit the real type. The global lock is
|
428
494
|
// a different type so it may be initialized with platform initializer macros.
|
429
495
|
|
430
|
-
#if defined(
|
496
|
+
#if !defined(OPENSSL_THREADS)
|
431
497
|
struct CRYPTO_STATIC_MUTEX {
|
432
498
|
char padding; // Empty structs have different sizes in C and C++.
|
433
499
|
};
|
@@ -492,7 +558,7 @@ OPENSSL_EXPORT void CRYPTO_STATIC_MUTEX_unlock_write(
|
|
492
558
|
#if defined(__cplusplus)
|
493
559
|
extern "C++" {
|
494
560
|
|
495
|
-
|
561
|
+
BSSL_NAMESPACE_BEGIN
|
496
562
|
|
497
563
|
namespace internal {
|
498
564
|
|
@@ -520,7 +586,7 @@ using MutexWriteLock =
|
|
520
586
|
using MutexReadLock =
|
521
587
|
internal::MutexLockBase<CRYPTO_MUTEX_lock_read, CRYPTO_MUTEX_unlock_read>;
|
522
588
|
|
523
|
-
|
589
|
+
BSSL_NAMESPACE_END
|
524
590
|
|
525
591
|
} // extern "C++"
|
526
592
|
#endif // defined(__cplusplus)
|
@@ -624,7 +690,7 @@ static inline uint64_t CRYPTO_bswap8(uint64_t x) {
|
|
624
690
|
}
|
625
691
|
#elif defined(_MSC_VER)
|
626
692
|
OPENSSL_MSVC_PRAGMA(warning(push, 3))
|
627
|
-
#include <
|
693
|
+
#include <stdlib.h>
|
628
694
|
OPENSSL_MSVC_PRAGMA(warning(pop))
|
629
695
|
#pragma intrinsic(_byteswap_uint64, _byteswap_ulong)
|
630
696
|
static inline uint32_t CRYPTO_bswap4(uint32_t x) {
|
@@ -732,6 +798,15 @@ static inline void *OPENSSL_memset(void *dst, int c, size_t n) {
|
|
732
798
|
void BORINGSSL_FIPS_abort(void) __attribute__((noreturn));
|
733
799
|
#endif
|
734
800
|
|
801
|
+
// boringssl_fips_self_test runs the FIPS KAT-based self tests. It returns one
|
802
|
+
// on success and zero on error. The argument is the integrity hash of the FIPS
|
803
|
+
// module and may be used to check and write flag files to suppress duplicate
|
804
|
+
// self-tests. If |module_hash_len| is zero then no flag file will be checked
|
805
|
+
// nor written and tests will always be run.
|
806
|
+
int boringssl_fips_self_test(const uint8_t *module_hash,
|
807
|
+
size_t module_hash_len);
|
808
|
+
|
809
|
+
|
735
810
|
#if defined(__cplusplus)
|
736
811
|
} // extern C
|
737
812
|
#endif
|
@@ -139,17 +139,17 @@ size_t lh_num_items(const _LHASH *lh) { return lh->num_items; }
|
|
139
139
|
// not found, it returns a pointer that points to a NULL pointer. If |out_hash|
|
140
140
|
// is not NULL, then it also puts the hash value of |data| in |*out_hash|.
|
141
141
|
static LHASH_ITEM **get_next_ptr_and_hash(const _LHASH *lh, uint32_t *out_hash,
|
142
|
-
const void *data
|
143
|
-
|
144
|
-
|
145
|
-
|
142
|
+
const void *data,
|
143
|
+
lhash_hash_func_helper call_hash_func,
|
144
|
+
lhash_cmp_func_helper call_cmp_func) {
|
145
|
+
const uint32_t hash = call_hash_func(lh->hash, data);
|
146
146
|
if (out_hash != NULL) {
|
147
147
|
*out_hash = hash;
|
148
148
|
}
|
149
149
|
|
150
|
-
ret = &lh->buckets[hash % lh->num_buckets];
|
151
|
-
for (cur = *ret; cur != NULL; cur = *ret) {
|
152
|
-
if (lh->comp
|
150
|
+
LHASH_ITEM **ret = &lh->buckets[hash % lh->num_buckets];
|
151
|
+
for (LHASH_ITEM *cur = *ret; cur != NULL; cur = *ret) {
|
152
|
+
if (call_cmp_func(lh->comp, cur->data, data) == 0) {
|
153
153
|
break;
|
154
154
|
}
|
155
155
|
ret = &cur->next;
|
@@ -158,16 +158,35 @@ static LHASH_ITEM **get_next_ptr_and_hash(const _LHASH *lh, uint32_t *out_hash,
|
|
158
158
|
return ret;
|
159
159
|
}
|
160
160
|
|
161
|
-
|
162
|
-
|
161
|
+
// get_next_ptr_by_key behaves like |get_next_ptr_and_hash| but takes a key
|
162
|
+
// which may be a different type from the values stored in |lh|.
|
163
|
+
static LHASH_ITEM **get_next_ptr_by_key(const _LHASH *lh, const void *key,
|
164
|
+
uint32_t key_hash,
|
165
|
+
int (*cmp_key)(const void *key,
|
166
|
+
const void *value)) {
|
167
|
+
LHASH_ITEM **ret = &lh->buckets[key_hash % lh->num_buckets];
|
168
|
+
for (LHASH_ITEM *cur = *ret; cur != NULL; cur = *ret) {
|
169
|
+
if (cmp_key(key, cur->data) == 0) {
|
170
|
+
break;
|
171
|
+
}
|
172
|
+
ret = &cur->next;
|
173
|
+
}
|
163
174
|
|
164
|
-
|
175
|
+
return ret;
|
176
|
+
}
|
165
177
|
|
166
|
-
|
167
|
-
|
168
|
-
|
178
|
+
void *lh_retrieve(const _LHASH *lh, const void *data,
|
179
|
+
lhash_hash_func_helper call_hash_func,
|
180
|
+
lhash_cmp_func_helper call_cmp_func) {
|
181
|
+
LHASH_ITEM **next_ptr =
|
182
|
+
get_next_ptr_and_hash(lh, NULL, data, call_hash_func, call_cmp_func);
|
183
|
+
return *next_ptr == NULL ? NULL : (*next_ptr)->data;
|
184
|
+
}
|
169
185
|
|
170
|
-
|
186
|
+
void *lh_retrieve_key(const _LHASH *lh, const void *key, uint32_t key_hash,
|
187
|
+
int (*cmp_key)(const void *key, const void *value)) {
|
188
|
+
LHASH_ITEM **next_ptr = get_next_ptr_by_key(lh, key, key_hash, cmp_key);
|
189
|
+
return *next_ptr == NULL ? NULL : (*next_ptr)->data;
|
171
190
|
}
|
172
191
|
|
173
192
|
// lh_rebucket allocates a new array of |new_num_buckets| pointers and
|
@@ -233,12 +252,15 @@ static void lh_maybe_resize(_LHASH *lh) {
|
|
233
252
|
}
|
234
253
|
}
|
235
254
|
|
236
|
-
int lh_insert(_LHASH *lh, void **old_data, void *data
|
255
|
+
int lh_insert(_LHASH *lh, void **old_data, void *data,
|
256
|
+
lhash_hash_func_helper call_hash_func,
|
257
|
+
lhash_cmp_func_helper call_cmp_func) {
|
237
258
|
uint32_t hash;
|
238
259
|
LHASH_ITEM **next_ptr, *item;
|
239
260
|
|
240
261
|
*old_data = NULL;
|
241
|
-
next_ptr =
|
262
|
+
next_ptr =
|
263
|
+
get_next_ptr_and_hash(lh, &hash, data, call_hash_func, call_cmp_func);
|
242
264
|
|
243
265
|
|
244
266
|
if (*next_ptr != NULL) {
|
@@ -265,10 +287,13 @@ int lh_insert(_LHASH *lh, void **old_data, void *data) {
|
|
265
287
|
return 1;
|
266
288
|
}
|
267
289
|
|
268
|
-
void *lh_delete(_LHASH *lh, const void *data
|
290
|
+
void *lh_delete(_LHASH *lh, const void *data,
|
291
|
+
lhash_hash_func_helper call_hash_func,
|
292
|
+
lhash_cmp_func_helper call_cmp_func) {
|
269
293
|
LHASH_ITEM **next_ptr, *item, *ret;
|
270
294
|
|
271
|
-
next_ptr =
|
295
|
+
next_ptr =
|
296
|
+
get_next_ptr_and_hash(lh, NULL, data, call_hash_func, call_cmp_func);
|
272
297
|
|
273
298
|
if (*next_ptr == NULL) {
|
274
299
|
// No such element.
|
@@ -286,8 +311,7 @@ void *lh_delete(_LHASH *lh, const void *data) {
|
|
286
311
|
return ret;
|
287
312
|
}
|
288
313
|
|
289
|
-
|
290
|
-
void (*arg_func)(void *, void *), void *arg) {
|
314
|
+
void lh_doall_arg(_LHASH *lh, void (*func)(void *, void *), void *arg) {
|
291
315
|
if (lh == NULL) {
|
292
316
|
return;
|
293
317
|
}
|
@@ -301,11 +325,7 @@ static void lh_doall_internal(_LHASH *lh, void (*no_arg_func)(void *),
|
|
301
325
|
LHASH_ITEM *next;
|
302
326
|
for (LHASH_ITEM *cur = lh->buckets[i]; cur != NULL; cur = next) {
|
303
327
|
next = cur->next;
|
304
|
-
|
305
|
-
arg_func(cur->data, arg);
|
306
|
-
} else {
|
307
|
-
no_arg_func(cur->data);
|
308
|
-
}
|
328
|
+
func(cur->data, arg);
|
309
329
|
}
|
310
330
|
}
|
311
331
|
|
@@ -319,14 +339,6 @@ static void lh_doall_internal(_LHASH *lh, void (*no_arg_func)(void *),
|
|
319
339
|
lh_maybe_resize(lh);
|
320
340
|
}
|
321
341
|
|
322
|
-
void lh_doall(_LHASH *lh, void (*func)(void *)) {
|
323
|
-
lh_doall_internal(lh, func, NULL, NULL);
|
324
|
-
}
|
325
|
-
|
326
|
-
void lh_doall_arg(_LHASH *lh, void (*func)(void *, void *), void *arg) {
|
327
|
-
lh_doall_internal(lh, NULL, func, arg);
|
328
|
-
}
|
329
|
-
|
330
342
|
uint32_t lh_strhash(const char *c) {
|
331
343
|
if (c == NULL) {
|
332
344
|
return 0;
|
@@ -59,7 +59,6 @@
|
|
59
59
|
#include <assert.h>
|
60
60
|
#include <stdarg.h>
|
61
61
|
#include <stdio.h>
|
62
|
-
#include <string.h>
|
63
62
|
|
64
63
|
#if defined(OPENSSL_WINDOWS)
|
65
64
|
OPENSSL_MSVC_PRAGMA(warning(push, 3))
|
@@ -72,6 +71,36 @@ OPENSSL_MSVC_PRAGMA(warning(pop))
|
|
72
71
|
|
73
72
|
#define OPENSSL_MALLOC_PREFIX 8
|
74
73
|
|
74
|
+
#if defined(OPENSSL_ASAN)
|
75
|
+
void __asan_poison_memory_region(const volatile void *addr, size_t size);
|
76
|
+
void __asan_unpoison_memory_region(const volatile void *addr, size_t size);
|
77
|
+
#else
|
78
|
+
static void __asan_poison_memory_region(const void *addr, size_t size) {}
|
79
|
+
static void __asan_unpoison_memory_region(const void *addr, size_t size) {}
|
80
|
+
#endif
|
81
|
+
|
82
|
+
// Windows doesn't really support weak symbols as of May 2019, and Clang on
|
83
|
+
// Windows will emit strong symbols instead. See
|
84
|
+
// https://bugs.llvm.org/show_bug.cgi?id=37598
|
85
|
+
#if defined(__GNUC__) || (defined(__clang__) && !defined(_MSC_VER))
|
86
|
+
// sdallocx is a sized |free| function. By passing the size (which we happen to
|
87
|
+
// always know in BoringSSL), the malloc implementation can save work. We cannot
|
88
|
+
// depend on |sdallocx| being available so we declare a wrapper that falls back
|
89
|
+
// to |free| as a weak symbol.
|
90
|
+
//
|
91
|
+
// This will always be safe, but will only be overridden if the malloc
|
92
|
+
// implementation is statically linked with BoringSSL. So, if |sdallocx| is
|
93
|
+
// provided in, say, libc.so, we still won't use it because that's dynamically
|
94
|
+
// linked. This isn't an ideal result, but its helps in some cases.
|
95
|
+
void sdallocx(void *ptr, size_t size, int flags);
|
96
|
+
|
97
|
+
__attribute((weak, noinline))
|
98
|
+
#else
|
99
|
+
static
|
100
|
+
#endif
|
101
|
+
void sdallocx(void *ptr, size_t size, int flags) {
|
102
|
+
free(ptr);
|
103
|
+
}
|
75
104
|
|
76
105
|
void *OPENSSL_malloc(size_t size) {
|
77
106
|
void *ptr = malloc(size + OPENSSL_MALLOC_PREFIX);
|
@@ -81,6 +110,7 @@ void *OPENSSL_malloc(size_t size) {
|
|
81
110
|
|
82
111
|
*(size_t *)ptr = size;
|
83
112
|
|
113
|
+
__asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
|
84
114
|
return ((uint8_t *)ptr) + OPENSSL_MALLOC_PREFIX;
|
85
115
|
}
|
86
116
|
|
@@ -90,10 +120,11 @@ void OPENSSL_free(void *orig_ptr) {
|
|
90
120
|
}
|
91
121
|
|
92
122
|
void *ptr = ((uint8_t *)orig_ptr) - OPENSSL_MALLOC_PREFIX;
|
123
|
+
__asan_unpoison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
|
93
124
|
|
94
125
|
size_t size = *(size_t *)ptr;
|
95
126
|
OPENSSL_cleanse(ptr, size + OPENSSL_MALLOC_PREFIX);
|
96
|
-
|
127
|
+
sdallocx(ptr, size + OPENSSL_MALLOC_PREFIX, 0 /* flags */);
|
97
128
|
}
|
98
129
|
|
99
130
|
void *OPENSSL_realloc(void *orig_ptr, size_t new_size) {
|
@@ -102,7 +133,9 @@ void *OPENSSL_realloc(void *orig_ptr, size_t new_size) {
|
|
102
133
|
}
|
103
134
|
|
104
135
|
void *ptr = ((uint8_t *)orig_ptr) - OPENSSL_MALLOC_PREFIX;
|
136
|
+
__asan_unpoison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
|
105
137
|
size_t old_size = *(size_t *)ptr;
|
138
|
+
__asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
|
106
139
|
|
107
140
|
void *ret = OPENSSL_malloc(new_size);
|
108
141
|
if (ret == NULL) {
|
@@ -135,6 +168,10 @@ void OPENSSL_cleanse(void *ptr, size_t len) {
|
|
135
168
|
#endif // !OPENSSL_NO_ASM
|
136
169
|
}
|
137
170
|
|
171
|
+
void OPENSSL_clear_free(void *ptr, size_t unused) {
|
172
|
+
OPENSSL_free(ptr);
|
173
|
+
}
|
174
|
+
|
138
175
|
int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) {
|
139
176
|
const uint8_t *a = in_a;
|
140
177
|
const uint8_t *b = in_b;
|