grpc 1.35.0 → 1.36.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Makefile +60 -57
- data/include/grpc/grpc_security.h +16 -11
- data/src/core/ext/filters/client_channel/client_channel.cc +32 -26
- data/src/core/ext/filters/client_channel/client_channel.h +0 -2
- data/src/core/ext/filters/client_channel/config_selector.h +1 -1
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +3 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +8 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +289 -170
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +231 -109
- data/src/core/ext/filters/client_channel/resolver.cc +2 -5
- data/src/core/ext/filters/client_channel/resolver.h +1 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +36 -45
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +29 -41
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +16 -14
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +18 -15
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +362 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +22 -74
- data/src/core/ext/filters/client_channel/server_address.cc +6 -0
- data/src/core/ext/filters/client_channel/server_address.h +31 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -2
- data/src/core/ext/filters/max_age/max_age_filter.cc +35 -32
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +1 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +47 -22
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +11 -16
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +42 -59
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +15 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +25 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +75 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +41 -7
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -21
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +13 -9
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +37 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +11 -9
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +44 -27
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +42 -16
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +106 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +13 -16
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +51 -42
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +16 -13
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +50 -18
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +4 -7
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -17
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +30 -23
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +85 -73
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -1
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +21 -4
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +29 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +5 -5
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/resource.upb.c +9 -9
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +747 -724
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +369 -376
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/xds/xds_api.cc +738 -567
- data/src/core/ext/xds/xds_api.h +46 -84
- data/src/core/ext/xds/xds_bootstrap.cc +59 -40
- data/src/core/ext/xds/xds_bootstrap.h +12 -4
- data/src/core/ext/xds/xds_certificate_provider.cc +180 -74
- data/src/core/ext/xds/xds_certificate_provider.h +83 -44
- data/src/core/ext/xds/xds_client.cc +13 -11
- data/src/core/ext/xds/xds_client.h +3 -0
- data/src/core/ext/xds/xds_client_stats.cc +2 -1
- data/src/core/ext/xds/xds_server_config_fetcher.cc +147 -11
- data/src/core/lib/channel/handshaker.cc +2 -5
- data/src/core/lib/channel/handshaker.h +1 -1
- data/src/core/lib/gpr/log.cc +6 -1
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/ref_counted.h +1 -1
- data/src/core/lib/gprpp/sync.h +129 -40
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/httpcli_security_connector.cc +2 -2
- data/src/core/lib/iomgr/ev_apple.cc +10 -7
- data/src/core/lib/iomgr/ev_epollex_linux.cc +4 -4
- data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
- data/src/core/lib/iomgr/sockaddr_utils.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +4 -4
- data/src/core/lib/security/authorization/matchers.cc +339 -0
- data/src/core/lib/security/authorization/matchers.h +158 -0
- data/src/core/lib/security/authorization/mock_cel/activation.h +1 -1
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +9 -7
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/credentials.h +2 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +2 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +7 -6
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +0 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -3
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +128 -59
- data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +5 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +3 -0
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +26 -14
- data/src/core/lib/security/transport/security_handshaker.cc +1 -3
- data/src/core/lib/slice/slice_intern.cc +1 -1
- data/src/core/lib/surface/init.cc +13 -15
- data/src/core/lib/surface/server.cc +3 -3
- data/src/core/lib/surface/server.h +3 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/metadata.cc +6 -2
- data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +17 -20
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +16 -21
- data/src/core/tsi/fake_transport_security.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
- data/src/core/tsi/ssl_transport_security.cc +0 -3
- data/src/core/tsi/ssl_transport_security.h +0 -3
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
- data/third_party/boringssl-with-bazel/err_data.c +725 -723
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -14
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +128 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +147 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +18 -29
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -545
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +12 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +42 -24
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +27 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +287 -98
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +139 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +10 -5
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +37 -16
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +20 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +329 -31
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +66 -24
- metadata +77 -65
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -60
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -143
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -84
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -94
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -173
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -92
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
|
@@ -18,18 +18,15 @@
|
|
|
18
18
|
|
|
19
19
|
#include <openssl/chacha.h>
|
|
20
20
|
#include <openssl/cipher.h>
|
|
21
|
-
#include <openssl/cpu.h>
|
|
22
21
|
#include <openssl/err.h>
|
|
23
22
|
#include <openssl/mem.h>
|
|
24
23
|
#include <openssl/poly1305.h>
|
|
25
24
|
#include <openssl/type_check.h>
|
|
26
25
|
|
|
26
|
+
#include "internal.h"
|
|
27
|
+
#include "../chacha/internal.h"
|
|
27
28
|
#include "../fipsmodule/cipher/internal.h"
|
|
28
29
|
#include "../internal.h"
|
|
29
|
-
#include "../chacha/internal.h"
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
#define POLY1305_TAG_LEN 16
|
|
33
30
|
|
|
34
31
|
struct aead_chacha20_poly1305_ctx {
|
|
35
32
|
uint8_t key[32];
|
|
@@ -44,78 +41,6 @@ OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
|
|
|
44
41
|
"AEAD state has insufficient alignment");
|
|
45
42
|
#endif
|
|
46
43
|
|
|
47
|
-
// For convenience (the x86_64 calling convention allows only six parameters in
|
|
48
|
-
// registers), the final parameter for the assembly functions is both an input
|
|
49
|
-
// and output parameter.
|
|
50
|
-
union open_data {
|
|
51
|
-
struct {
|
|
52
|
-
alignas(16) uint8_t key[32];
|
|
53
|
-
uint32_t counter;
|
|
54
|
-
uint8_t nonce[12];
|
|
55
|
-
} in;
|
|
56
|
-
struct {
|
|
57
|
-
uint8_t tag[POLY1305_TAG_LEN];
|
|
58
|
-
} out;
|
|
59
|
-
};
|
|
60
|
-
|
|
61
|
-
union seal_data {
|
|
62
|
-
struct {
|
|
63
|
-
alignas(16) uint8_t key[32];
|
|
64
|
-
uint32_t counter;
|
|
65
|
-
uint8_t nonce[12];
|
|
66
|
-
const uint8_t *extra_ciphertext;
|
|
67
|
-
size_t extra_ciphertext_len;
|
|
68
|
-
} in;
|
|
69
|
-
struct {
|
|
70
|
-
uint8_t tag[POLY1305_TAG_LEN];
|
|
71
|
-
} out;
|
|
72
|
-
};
|
|
73
|
-
|
|
74
|
-
#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) && \
|
|
75
|
-
!defined(OPENSSL_WINDOWS)
|
|
76
|
-
static int asm_capable(void) {
|
|
77
|
-
const int sse41_capable = (OPENSSL_ia32cap_P[1] & (1 << 19)) != 0;
|
|
78
|
-
return sse41_capable;
|
|
79
|
-
}
|
|
80
|
-
|
|
81
|
-
OPENSSL_STATIC_ASSERT(sizeof(union open_data) == 48, "wrong open_data size");
|
|
82
|
-
OPENSSL_STATIC_ASSERT(sizeof(union seal_data) == 48 + 8 + 8,
|
|
83
|
-
"wrong seal_data size");
|
|
84
|
-
|
|
85
|
-
// chacha20_poly1305_open is defined in chacha20_poly1305_x86_64.pl. It decrypts
|
|
86
|
-
// |plaintext_len| bytes from |ciphertext| and writes them to |out_plaintext|.
|
|
87
|
-
// Additional input parameters are passed in |aead_data->in|. On exit, it will
|
|
88
|
-
// write calculated tag value to |aead_data->out.tag|, which the caller must
|
|
89
|
-
// check.
|
|
90
|
-
extern void chacha20_poly1305_open(uint8_t *out_plaintext,
|
|
91
|
-
const uint8_t *ciphertext,
|
|
92
|
-
size_t plaintext_len, const uint8_t *ad,
|
|
93
|
-
size_t ad_len, union open_data *aead_data);
|
|
94
|
-
|
|
95
|
-
// chacha20_poly1305_open is defined in chacha20_poly1305_x86_64.pl. It encrypts
|
|
96
|
-
// |plaintext_len| bytes from |plaintext| and writes them to |out_ciphertext|.
|
|
97
|
-
// Additional input parameters are passed in |aead_data->in|. The calculated tag
|
|
98
|
-
// value is over the computed ciphertext concatenated with |extra_ciphertext|
|
|
99
|
-
// and written to |aead_data->out.tag|.
|
|
100
|
-
extern void chacha20_poly1305_seal(uint8_t *out_ciphertext,
|
|
101
|
-
const uint8_t *plaintext,
|
|
102
|
-
size_t plaintext_len, const uint8_t *ad,
|
|
103
|
-
size_t ad_len, union seal_data *aead_data);
|
|
104
|
-
#else
|
|
105
|
-
static int asm_capable(void) { return 0; }
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
static void chacha20_poly1305_open(uint8_t *out_plaintext,
|
|
109
|
-
const uint8_t *ciphertext,
|
|
110
|
-
size_t plaintext_len, const uint8_t *ad,
|
|
111
|
-
size_t ad_len, union open_data *aead_data) {}
|
|
112
|
-
|
|
113
|
-
static void chacha20_poly1305_seal(uint8_t *out_ciphertext,
|
|
114
|
-
const uint8_t *plaintext,
|
|
115
|
-
size_t plaintext_len, const uint8_t *ad,
|
|
116
|
-
size_t ad_len, union seal_data *aead_data) {}
|
|
117
|
-
#endif
|
|
118
|
-
|
|
119
44
|
static int aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
|
|
120
45
|
size_t key_len, size_t tag_len) {
|
|
121
46
|
struct aead_chacha20_poly1305_ctx *c20_ctx =
|
|
@@ -238,8 +163,8 @@ static int chacha20_poly1305_seal_scatter(
|
|
|
238
163
|
}
|
|
239
164
|
}
|
|
240
165
|
|
|
241
|
-
union
|
|
242
|
-
if (
|
|
166
|
+
union chacha20_poly1305_seal_data data;
|
|
167
|
+
if (chacha20_poly1305_asm_capable()) {
|
|
243
168
|
OPENSSL_memcpy(data.in.key, key, 32);
|
|
244
169
|
data.in.counter = 0;
|
|
245
170
|
OPENSSL_memcpy(data.in.nonce, nonce, 12);
|
|
@@ -321,8 +246,8 @@ static int chacha20_poly1305_open_gather(
|
|
|
321
246
|
return 0;
|
|
322
247
|
}
|
|
323
248
|
|
|
324
|
-
union
|
|
325
|
-
if (
|
|
249
|
+
union chacha20_poly1305_open_data data;
|
|
250
|
+
if (chacha20_poly1305_asm_capable()) {
|
|
326
251
|
OPENSSL_memcpy(data.in.key, key, 32);
|
|
327
252
|
data.in.counter = 0;
|
|
328
253
|
OPENSSL_memcpy(data.in.nonce, nonce, 12);
|
|
@@ -57,7 +57,11 @@
|
|
|
57
57
|
#ifndef OPENSSL_HEADER_CIPHER_EXTRA_INTERNAL_H
|
|
58
58
|
#define OPENSSL_HEADER_CIPHER_EXTRA_INTERNAL_H
|
|
59
59
|
|
|
60
|
+
#include <stdlib.h>
|
|
61
|
+
|
|
60
62
|
#include <openssl/base.h>
|
|
63
|
+
#include <openssl/cpu.h>
|
|
64
|
+
#include <openssl/type_check.h>
|
|
61
65
|
|
|
62
66
|
#include "../internal.h"
|
|
63
67
|
|
|
@@ -120,6 +124,89 @@ int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out,
|
|
|
120
124
|
const uint8_t *mac_secret,
|
|
121
125
|
unsigned mac_secret_length);
|
|
122
126
|
|
|
127
|
+
#define POLY1305_TAG_LEN 16
|
|
128
|
+
|
|
129
|
+
// For convenience (the x86_64 calling convention allows only six parameters in
|
|
130
|
+
// registers), the final parameter for the assembly functions is both an input
|
|
131
|
+
// and output parameter.
|
|
132
|
+
union chacha20_poly1305_open_data {
|
|
133
|
+
struct {
|
|
134
|
+
alignas(16) uint8_t key[32];
|
|
135
|
+
uint32_t counter;
|
|
136
|
+
uint8_t nonce[12];
|
|
137
|
+
} in;
|
|
138
|
+
struct {
|
|
139
|
+
uint8_t tag[POLY1305_TAG_LEN];
|
|
140
|
+
} out;
|
|
141
|
+
};
|
|
142
|
+
|
|
143
|
+
union chacha20_poly1305_seal_data {
|
|
144
|
+
struct {
|
|
145
|
+
alignas(16) uint8_t key[32];
|
|
146
|
+
uint32_t counter;
|
|
147
|
+
uint8_t nonce[12];
|
|
148
|
+
const uint8_t *extra_ciphertext;
|
|
149
|
+
size_t extra_ciphertext_len;
|
|
150
|
+
} in;
|
|
151
|
+
struct {
|
|
152
|
+
uint8_t tag[POLY1305_TAG_LEN];
|
|
153
|
+
} out;
|
|
154
|
+
};
|
|
155
|
+
|
|
156
|
+
#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM)
|
|
157
|
+
|
|
158
|
+
OPENSSL_STATIC_ASSERT(sizeof(union chacha20_poly1305_open_data) == 48,
|
|
159
|
+
"wrong chacha20_poly1305_open_data size");
|
|
160
|
+
OPENSSL_STATIC_ASSERT(sizeof(union chacha20_poly1305_seal_data) == 48 + 8 + 8,
|
|
161
|
+
"wrong chacha20_poly1305_seal_data size");
|
|
162
|
+
|
|
163
|
+
OPENSSL_INLINE int chacha20_poly1305_asm_capable(void) {
|
|
164
|
+
const int sse41_capable = (OPENSSL_ia32cap_P[1] & (1 << 19)) != 0;
|
|
165
|
+
return sse41_capable;
|
|
166
|
+
}
|
|
167
|
+
|
|
168
|
+
// chacha20_poly1305_open is defined in chacha20_poly1305_x86_64.pl. It decrypts
|
|
169
|
+
// |plaintext_len| bytes from |ciphertext| and writes them to |out_plaintext|.
|
|
170
|
+
// Additional input parameters are passed in |aead_data->in|. On exit, it will
|
|
171
|
+
// write calculated tag value to |aead_data->out.tag|, which the caller must
|
|
172
|
+
// check.
|
|
173
|
+
extern void chacha20_poly1305_open(uint8_t *out_plaintext,
|
|
174
|
+
const uint8_t *ciphertext,
|
|
175
|
+
size_t plaintext_len, const uint8_t *ad,
|
|
176
|
+
size_t ad_len,
|
|
177
|
+
union chacha20_poly1305_open_data *data);
|
|
178
|
+
|
|
179
|
+
// chacha20_poly1305_open is defined in chacha20_poly1305_x86_64.pl. It encrypts
|
|
180
|
+
// |plaintext_len| bytes from |plaintext| and writes them to |out_ciphertext|.
|
|
181
|
+
// Additional input parameters are passed in |aead_data->in|. The calculated tag
|
|
182
|
+
// value is over the computed ciphertext concatenated with |extra_ciphertext|
|
|
183
|
+
// and written to |aead_data->out.tag|.
|
|
184
|
+
extern void chacha20_poly1305_seal(uint8_t *out_ciphertext,
|
|
185
|
+
const uint8_t *plaintext,
|
|
186
|
+
size_t plaintext_len, const uint8_t *ad,
|
|
187
|
+
size_t ad_len,
|
|
188
|
+
union chacha20_poly1305_seal_data *data);
|
|
189
|
+
#else
|
|
190
|
+
|
|
191
|
+
OPENSSL_INLINE int chacha20_poly1305_asm_capable(void) { return 0; }
|
|
192
|
+
|
|
193
|
+
OPENSSL_INLINE void chacha20_poly1305_open(uint8_t *out_plaintext,
|
|
194
|
+
const uint8_t *ciphertext,
|
|
195
|
+
size_t plaintext_len, const uint8_t *ad,
|
|
196
|
+
size_t ad_len,
|
|
197
|
+
union chacha20_poly1305_open_data *data) {
|
|
198
|
+
abort();
|
|
199
|
+
}
|
|
200
|
+
|
|
201
|
+
OPENSSL_INLINE void chacha20_poly1305_seal(uint8_t *out_ciphertext,
|
|
202
|
+
const uint8_t *plaintext,
|
|
203
|
+
size_t plaintext_len, const uint8_t *ad,
|
|
204
|
+
size_t ad_len,
|
|
205
|
+
union chacha20_poly1305_seal_data *data) {
|
|
206
|
+
abort();
|
|
207
|
+
}
|
|
208
|
+
#endif
|
|
209
|
+
|
|
123
210
|
|
|
124
211
|
#if defined(__cplusplus)
|
|
125
212
|
} // extern C
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
/* Copyright (c) 2018, Google Inc.
|
|
2
|
+
* Copyright (c) 2020, Arm Ltd.
|
|
3
|
+
*
|
|
4
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
|
5
|
+
* purpose with or without fee is hereby granted, provided that the above
|
|
6
|
+
* copyright notice and this permission notice appear in all copies.
|
|
7
|
+
*
|
|
8
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
9
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
10
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
11
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
12
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
13
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
14
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
15
|
+
|
|
16
|
+
#include <openssl/cpu.h>
|
|
17
|
+
|
|
18
|
+
#if defined(OPENSSL_AARCH64) && defined(OPENSSL_WINDOWS) && \
|
|
19
|
+
!defined(OPENSSL_STATIC_ARMCAP)
|
|
20
|
+
|
|
21
|
+
#include <windows.h>
|
|
22
|
+
|
|
23
|
+
#include <openssl/arm_arch.h>
|
|
24
|
+
|
|
25
|
+
#include "internal.h"
|
|
26
|
+
|
|
27
|
+
extern uint32_t OPENSSL_armcap_P;
|
|
28
|
+
void OPENSSL_cpuid_setup(void) {
|
|
29
|
+
// We do not need to check for the presence of NEON, as Armv8-A always has it
|
|
30
|
+
OPENSSL_armcap_P |= ARMV7_NEON;
|
|
31
|
+
|
|
32
|
+
if (IsProcessorFeaturePresent(PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE)) {
|
|
33
|
+
// These are all covered by one call in Windows
|
|
34
|
+
OPENSSL_armcap_P |= ARMV8_AES;
|
|
35
|
+
OPENSSL_armcap_P |= ARMV8_PMULL;
|
|
36
|
+
OPENSSL_armcap_P |= ARMV8_SHA1;
|
|
37
|
+
OPENSSL_armcap_P |= ARMV8_SHA256;
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
#endif
|
|
File without changes
|
|
@@ -53,6 +53,8 @@
|
|
|
53
53
|
#include <openssl/dh.h>
|
|
54
54
|
|
|
55
55
|
#include <openssl/bn.h>
|
|
56
|
+
#include <openssl/err.h>
|
|
57
|
+
#include <openssl/mem.h>
|
|
56
58
|
|
|
57
59
|
#include "../fipsmodule/bn/internal.h"
|
|
58
60
|
|
|
@@ -91,3 +93,180 @@ BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *ret) {
|
|
|
91
93
|
|
|
92
94
|
return ret;
|
|
93
95
|
}
|
|
96
|
+
|
|
97
|
+
int DH_generate_parameters_ex(DH *dh, int prime_bits, int generator,
|
|
98
|
+
BN_GENCB *cb) {
|
|
99
|
+
// We generate DH parameters as follows
|
|
100
|
+
// find a prime q which is prime_bits/2 bits long.
|
|
101
|
+
// p=(2*q)+1 or (p-1)/2 = q
|
|
102
|
+
// For this case, g is a generator if
|
|
103
|
+
// g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
|
|
104
|
+
// Since the factors of p-1 are q and 2, we just need to check
|
|
105
|
+
// g^2 mod p != 1 and g^q mod p != 1.
|
|
106
|
+
//
|
|
107
|
+
// Having said all that,
|
|
108
|
+
// there is another special case method for the generators 2, 3 and 5.
|
|
109
|
+
// for 2, p mod 24 == 11
|
|
110
|
+
// for 3, p mod 12 == 5 <<<<< does not work for safe primes.
|
|
111
|
+
// for 5, p mod 10 == 3 or 7
|
|
112
|
+
//
|
|
113
|
+
// Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
|
|
114
|
+
// special generators and for answering some of my questions.
|
|
115
|
+
//
|
|
116
|
+
// I've implemented the second simple method :-).
|
|
117
|
+
// Since DH should be using a safe prime (both p and q are prime),
|
|
118
|
+
// this generator function can take a very very long time to run.
|
|
119
|
+
|
|
120
|
+
// Actually there is no reason to insist that 'generator' be a generator.
|
|
121
|
+
// It's just as OK (and in some sense better) to use a generator of the
|
|
122
|
+
// order-q subgroup.
|
|
123
|
+
|
|
124
|
+
BIGNUM *t1, *t2;
|
|
125
|
+
int g, ok = 0;
|
|
126
|
+
BN_CTX *ctx = NULL;
|
|
127
|
+
|
|
128
|
+
ctx = BN_CTX_new();
|
|
129
|
+
if (ctx == NULL) {
|
|
130
|
+
goto err;
|
|
131
|
+
}
|
|
132
|
+
BN_CTX_start(ctx);
|
|
133
|
+
t1 = BN_CTX_get(ctx);
|
|
134
|
+
t2 = BN_CTX_get(ctx);
|
|
135
|
+
if (t1 == NULL || t2 == NULL) {
|
|
136
|
+
goto err;
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
// Make sure |dh| has the necessary elements
|
|
140
|
+
if (dh->p == NULL) {
|
|
141
|
+
dh->p = BN_new();
|
|
142
|
+
if (dh->p == NULL) {
|
|
143
|
+
goto err;
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
if (dh->g == NULL) {
|
|
147
|
+
dh->g = BN_new();
|
|
148
|
+
if (dh->g == NULL) {
|
|
149
|
+
goto err;
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
|
|
153
|
+
if (generator <= 1) {
|
|
154
|
+
OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
|
|
155
|
+
goto err;
|
|
156
|
+
}
|
|
157
|
+
if (generator == DH_GENERATOR_2) {
|
|
158
|
+
if (!BN_set_word(t1, 24)) {
|
|
159
|
+
goto err;
|
|
160
|
+
}
|
|
161
|
+
if (!BN_set_word(t2, 11)) {
|
|
162
|
+
goto err;
|
|
163
|
+
}
|
|
164
|
+
g = 2;
|
|
165
|
+
} else if (generator == DH_GENERATOR_5) {
|
|
166
|
+
if (!BN_set_word(t1, 10)) {
|
|
167
|
+
goto err;
|
|
168
|
+
}
|
|
169
|
+
if (!BN_set_word(t2, 3)) {
|
|
170
|
+
goto err;
|
|
171
|
+
}
|
|
172
|
+
// BN_set_word(t3,7); just have to miss
|
|
173
|
+
// out on these ones :-(
|
|
174
|
+
g = 5;
|
|
175
|
+
} else {
|
|
176
|
+
// in the general case, don't worry if 'generator' is a
|
|
177
|
+
// generator or not: since we are using safe primes,
|
|
178
|
+
// it will generate either an order-q or an order-2q group,
|
|
179
|
+
// which both is OK
|
|
180
|
+
if (!BN_set_word(t1, 2)) {
|
|
181
|
+
goto err;
|
|
182
|
+
}
|
|
183
|
+
if (!BN_set_word(t2, 1)) {
|
|
184
|
+
goto err;
|
|
185
|
+
}
|
|
186
|
+
g = generator;
|
|
187
|
+
}
|
|
188
|
+
|
|
189
|
+
if (!BN_generate_prime_ex(dh->p, prime_bits, 1, t1, t2, cb)) {
|
|
190
|
+
goto err;
|
|
191
|
+
}
|
|
192
|
+
if (!BN_GENCB_call(cb, 3, 0)) {
|
|
193
|
+
goto err;
|
|
194
|
+
}
|
|
195
|
+
if (!BN_set_word(dh->g, g)) {
|
|
196
|
+
goto err;
|
|
197
|
+
}
|
|
198
|
+
ok = 1;
|
|
199
|
+
|
|
200
|
+
err:
|
|
201
|
+
if (!ok) {
|
|
202
|
+
OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB);
|
|
203
|
+
}
|
|
204
|
+
|
|
205
|
+
if (ctx != NULL) {
|
|
206
|
+
BN_CTX_end(ctx);
|
|
207
|
+
BN_CTX_free(ctx);
|
|
208
|
+
}
|
|
209
|
+
return ok;
|
|
210
|
+
}
|
|
211
|
+
|
|
212
|
+
static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src) {
|
|
213
|
+
BIGNUM *a = NULL;
|
|
214
|
+
|
|
215
|
+
if (src) {
|
|
216
|
+
a = BN_dup(src);
|
|
217
|
+
if (!a) {
|
|
218
|
+
return 0;
|
|
219
|
+
}
|
|
220
|
+
}
|
|
221
|
+
|
|
222
|
+
BN_free(*dst);
|
|
223
|
+
*dst = a;
|
|
224
|
+
return 1;
|
|
225
|
+
}
|
|
226
|
+
|
|
227
|
+
static int int_dh_param_copy(DH *to, const DH *from, int is_x942) {
|
|
228
|
+
if (is_x942 == -1) {
|
|
229
|
+
is_x942 = !!from->q;
|
|
230
|
+
}
|
|
231
|
+
if (!int_dh_bn_cpy(&to->p, from->p) ||
|
|
232
|
+
!int_dh_bn_cpy(&to->g, from->g)) {
|
|
233
|
+
return 0;
|
|
234
|
+
}
|
|
235
|
+
|
|
236
|
+
if (!is_x942) {
|
|
237
|
+
return 1;
|
|
238
|
+
}
|
|
239
|
+
|
|
240
|
+
if (!int_dh_bn_cpy(&to->q, from->q) ||
|
|
241
|
+
!int_dh_bn_cpy(&to->j, from->j)) {
|
|
242
|
+
return 0;
|
|
243
|
+
}
|
|
244
|
+
|
|
245
|
+
OPENSSL_free(to->seed);
|
|
246
|
+
to->seed = NULL;
|
|
247
|
+
to->seedlen = 0;
|
|
248
|
+
|
|
249
|
+
if (from->seed) {
|
|
250
|
+
to->seed = OPENSSL_memdup(from->seed, from->seedlen);
|
|
251
|
+
if (!to->seed) {
|
|
252
|
+
return 0;
|
|
253
|
+
}
|
|
254
|
+
to->seedlen = from->seedlen;
|
|
255
|
+
}
|
|
256
|
+
|
|
257
|
+
return 1;
|
|
258
|
+
}
|
|
259
|
+
|
|
260
|
+
DH *DHparams_dup(const DH *dh) {
|
|
261
|
+
DH *ret = DH_new();
|
|
262
|
+
if (!ret) {
|
|
263
|
+
return NULL;
|
|
264
|
+
}
|
|
265
|
+
|
|
266
|
+
if (!int_dh_param_copy(ret, dh, -1)) {
|
|
267
|
+
DH_free(ret);
|
|
268
|
+
return NULL;
|
|
269
|
+
}
|
|
270
|
+
|
|
271
|
+
return ret;
|
|
272
|
+
}
|