grpc 1.35.0 → 1.36.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (335) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +60 -57
  3. data/include/grpc/grpc_security.h +16 -11
  4. data/src/core/ext/filters/client_channel/client_channel.cc +32 -26
  5. data/src/core/ext/filters/client_channel/client_channel.h +0 -2
  6. data/src/core/ext/filters/client_channel/config_selector.h +1 -1
  7. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -2
  8. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +3 -5
  9. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
  10. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
  11. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
  12. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +8 -6
  13. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +289 -170
  14. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +5 -0
  15. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -3
  16. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +231 -109
  17. data/src/core/ext/filters/client_channel/resolver.cc +2 -5
  18. data/src/core/ext/filters/client_channel/resolver.h +1 -12
  19. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +36 -45
  20. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +29 -41
  21. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +16 -14
  22. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +18 -15
  23. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +362 -0
  24. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -4
  25. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +22 -74
  26. data/src/core/ext/filters/client_channel/server_address.cc +6 -0
  27. data/src/core/ext/filters/client_channel/server_address.h +31 -0
  28. data/src/core/ext/filters/client_channel/subchannel.cc +2 -2
  29. data/src/core/ext/filters/max_age/max_age_filter.cc +35 -32
  30. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +1 -1
  31. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +47 -22
  32. data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
  33. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
  34. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
  35. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -1
  36. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +11 -16
  37. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +42 -59
  38. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +3 -2
  39. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +15 -0
  40. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +25 -1
  41. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +75 -0
  42. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -2
  43. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +9 -9
  44. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +7 -7
  45. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +28 -13
  46. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -1
  47. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
  48. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +41 -7
  49. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -1
  50. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -21
  51. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
  52. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +13 -9
  53. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +37 -5
  54. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -1
  55. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +11 -9
  56. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +44 -27
  57. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +42 -16
  58. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +106 -0
  59. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -1
  60. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
  61. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
  62. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +13 -16
  63. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +51 -42
  64. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
  65. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +16 -13
  66. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +50 -18
  67. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +4 -7
  68. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -17
  69. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -1
  70. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +30 -23
  71. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +85 -73
  72. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -3
  73. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -3
  74. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -1
  75. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -2
  76. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -1
  77. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +21 -4
  78. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +29 -0
  79. data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +5 -5
  80. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
  81. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
  82. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
  83. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
  84. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
  85. data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/resource.upb.c +9 -9
  86. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
  87. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
  88. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
  89. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
  90. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
  91. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
  92. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
  93. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
  94. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
  95. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
  96. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
  97. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
  98. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
  99. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
  100. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
  101. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
  102. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
  103. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
  104. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
  105. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
  106. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +747 -724
  107. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
  108. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
  109. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
  110. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
  111. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +369 -376
  112. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
  113. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
  114. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
  115. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
  116. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
  117. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
  118. data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
  119. data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
  120. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
  121. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
  122. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
  123. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
  124. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
  125. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
  126. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
  127. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
  128. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
  129. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
  130. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
  131. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
  132. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
  133. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
  134. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
  135. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
  136. data/src/core/ext/xds/xds_api.cc +738 -567
  137. data/src/core/ext/xds/xds_api.h +46 -84
  138. data/src/core/ext/xds/xds_bootstrap.cc +59 -40
  139. data/src/core/ext/xds/xds_bootstrap.h +12 -4
  140. data/src/core/ext/xds/xds_certificate_provider.cc +180 -74
  141. data/src/core/ext/xds/xds_certificate_provider.h +83 -44
  142. data/src/core/ext/xds/xds_client.cc +13 -11
  143. data/src/core/ext/xds/xds_client.h +3 -0
  144. data/src/core/ext/xds/xds_client_stats.cc +2 -1
  145. data/src/core/ext/xds/xds_server_config_fetcher.cc +147 -11
  146. data/src/core/lib/channel/handshaker.cc +2 -5
  147. data/src/core/lib/channel/handshaker.h +1 -1
  148. data/src/core/lib/gpr/log.cc +6 -1
  149. data/src/core/lib/gprpp/mpscq.cc +2 -2
  150. data/src/core/lib/gprpp/ref_counted.h +1 -1
  151. data/src/core/lib/gprpp/sync.h +129 -40
  152. data/src/core/lib/gprpp/time_util.cc +77 -0
  153. data/src/core/lib/gprpp/time_util.h +42 -0
  154. data/src/core/lib/http/httpcli_security_connector.cc +2 -2
  155. data/src/core/lib/iomgr/ev_apple.cc +10 -7
  156. data/src/core/lib/iomgr/ev_epollex_linux.cc +4 -4
  157. data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
  158. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
  159. data/src/core/lib/iomgr/sockaddr_utils.cc +1 -1
  160. data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
  161. data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
  162. data/src/core/lib/iomgr/tcp_posix.cc +4 -4
  163. data/src/core/lib/security/authorization/matchers.cc +339 -0
  164. data/src/core/lib/security/authorization/matchers.h +158 -0
  165. data/src/core/lib/security/authorization/mock_cel/activation.h +1 -1
  166. data/src/core/lib/security/authorization/mock_cel/cel_value.h +9 -7
  167. data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
  168. data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
  169. data/src/core/lib/security/credentials/credentials.h +2 -1
  170. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +1 -1
  171. data/src/core/lib/security/credentials/external/external_account_credentials.cc +2 -2
  172. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -1
  173. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -1
  174. data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -1
  175. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +7 -6
  176. data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
  177. data/src/core/lib/security/credentials/jwt/json_token.cc +0 -3
  178. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -3
  179. data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
  180. data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
  181. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -1
  182. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
  183. data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -1
  184. data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
  185. data/src/core/lib/security/credentials/xds/xds_credentials.cc +128 -59
  186. data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
  187. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +5 -5
  188. data/src/core/lib/security/security_connector/ssl_utils.cc +3 -0
  189. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +26 -14
  190. data/src/core/lib/security/transport/security_handshaker.cc +1 -3
  191. data/src/core/lib/slice/slice_intern.cc +1 -1
  192. data/src/core/lib/surface/init.cc +13 -15
  193. data/src/core/lib/surface/server.cc +3 -3
  194. data/src/core/lib/surface/server.h +3 -0
  195. data/src/core/lib/surface/version.cc +2 -2
  196. data/src/core/lib/transport/metadata.cc +6 -2
  197. data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -0
  198. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +17 -20
  199. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +16 -21
  200. data/src/core/tsi/fake_transport_security.cc +1 -1
  201. data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
  202. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
  203. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
  204. data/src/core/tsi/ssl_transport_security.cc +0 -3
  205. data/src/core/tsi/ssl_transport_security.h +0 -3
  206. data/src/ruby/lib/grpc/version.rb +1 -1
  207. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -0
  208. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
  209. data/third_party/boringssl-with-bazel/err_data.c +725 -723
  210. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
  211. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
  212. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
  213. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
  214. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
  215. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
  216. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
  217. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -14
  218. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
  219. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
  220. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
  221. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
  222. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
  223. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
  224. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
  225. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
  226. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
  227. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
  228. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
  229. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
  230. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
  231. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
  232. data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
  233. data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
  234. data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
  235. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
  236. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
  237. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
  238. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
  239. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
  240. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
  241. data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
  242. data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
  243. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
  244. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
  245. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
  246. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +128 -38
  247. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
  248. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
  249. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +147 -0
  250. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +18 -29
  251. data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +13 -4
  252. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
  253. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
  254. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
  255. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
  256. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
  257. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
  258. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
  259. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +1 -1
  260. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
  261. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
  262. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +8 -8
  263. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
  264. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
  265. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +1 -2
  266. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
  267. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -6
  268. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
  269. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
  270. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
  271. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
  272. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
  273. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
  274. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
  275. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
  276. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
  277. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
  278. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
  279. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +6 -6
  280. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
  281. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
  282. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -545
  283. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
  284. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +10 -5
  285. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
  286. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
  287. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +15 -0
  288. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
  289. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
  290. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
  291. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +12 -2
  292. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
  293. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
  294. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +42 -24
  295. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +27 -8
  296. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +287 -98
  297. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +139 -36
  298. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +4 -3
  299. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
  300. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +10 -5
  301. data/third_party/boringssl-with-bazel/src/ssl/internal.h +37 -16
  302. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
  303. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
  304. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +20 -14
  305. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
  306. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
  307. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
  308. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +329 -31
  309. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
  310. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
  311. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +66 -24
  312. metadata +77 -65
  313. data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -60
  314. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
  315. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -143
  316. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
  317. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -84
  318. data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -94
  319. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
  320. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -173
  321. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
  322. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -92
  323. data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
  324. data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
  325. data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
  326. data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
  327. data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
  328. data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
  329. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
  330. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
  331. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
  332. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
  333. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
  334. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
  335. data/src/core/lib/iomgr/iomgr_posix.h +0 -26
@@ -797,6 +797,12 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
797
797
  return 1;
798
798
  }
799
799
 
800
+ int EC_POINT_get_affine_coordinates(const EC_GROUP *group,
801
+ const EC_POINT *point, BIGNUM *x, BIGNUM *y,
802
+ BN_CTX *ctx) {
803
+ return EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx);
804
+ }
805
+
800
806
  void ec_affine_to_jacobian(const EC_GROUP *group, EC_RAW_POINT *out,
801
807
  const EC_AFFINE *p) {
802
808
  out->X = p->X;
@@ -879,6 +885,12 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
879
885
  return 1;
880
886
  }
881
887
 
888
+ int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
889
+ const BIGNUM *x, const BIGNUM *y,
890
+ BN_CTX *ctx) {
891
+ return EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx);
892
+ }
893
+
882
894
  int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
883
895
  const EC_POINT *b, BN_CTX *ctx) {
884
896
  if (EC_GROUP_cmp(group, r->group, NULL) != 0 ||
@@ -440,7 +440,15 @@ int EC_KEY_generate_key(EC_KEY *key) {
440
440
  }
441
441
 
442
442
  int EC_KEY_generate_key_fips(EC_KEY *eckey) {
443
- return EC_KEY_generate_key(eckey) && EC_KEY_check_fips(eckey);
443
+ if (EC_KEY_generate_key(eckey) && EC_KEY_check_fips(eckey)) {
444
+ return 1;
445
+ }
446
+
447
+ EC_POINT_free(eckey->pub_key);
448
+ ec_wrapped_scalar_free(eckey->priv_key);
449
+ eckey->pub_key = NULL;
450
+ eckey->priv_key = NULL;
451
+ return 0;
444
452
  }
445
453
 
446
454
  int EC_KEY_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
@@ -36,6 +36,34 @@ extern "C" {
36
36
  void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
37
37
  const uint8_t user_additional_data[32]);
38
38
 
39
+ #if defined(BORINGSSL_FIPS)
40
+
41
+ // We overread from /dev/urandom or RDRAND by a factor of 10 and XOR to whiten.
42
+ #define BORINGSSL_FIPS_OVERREAD 10
43
+
44
+ // CRYPTO_get_seed_entropy writes |out_entropy_len| bytes of entropy, suitable
45
+ // for seeding a DRBG, to |out_entropy|. It sets |*out_used_cpu| to one if the
46
+ // entropy came directly from the CPU and zero if it came from the OS. It
47
+ // actively obtains entropy from the CPU/OS and so should not be called from
48
+ // within the FIPS module if |BORINGSSL_FIPS_PASSIVE_ENTROPY| is defined.
49
+ void CRYPTO_get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len,
50
+ int *out_used_cpu);
51
+
52
+ #if defined(BORINGSSL_FIPS_PASSIVE_ENTROPY)
53
+
54
+ // RAND_load_entropy supplies |entropy_len| bytes of entropy to the module. The
55
+ // |from_cpu| parameter is true iff the entropy was obtained directly from the
56
+ // CPU.
57
+ void RAND_load_entropy(const uint8_t *entropy, size_t entropy_len,
58
+ int from_cpu);
59
+
60
+ // RAND_need_entropy is implemented outside of the FIPS module and is called
61
+ // when the module has stopped because it has run out of entropy.
62
+ void RAND_need_entropy(size_t bytes_needed);
63
+
64
+ #endif // BORINGSSL_FIPS_PASSIVE_ENTROPY
65
+ #endif // BORINGSSL_FIPS
66
+
39
67
  // CRYPTO_sysrand fills |len| bytes at |buf| with entropy from the operating
40
68
  // system.
41
69
  void CRYPTO_sysrand(uint8_t *buf, size_t len);
@@ -25,6 +25,7 @@
25
25
  #include <openssl/chacha.h>
26
26
  #include <openssl/cpu.h>
27
27
  #include <openssl/mem.h>
28
+ #include <openssl/type_check.h>
28
29
 
29
30
  #include "internal.h"
30
31
  #include "fork_detect.h"
@@ -63,11 +64,11 @@ struct rand_thread_state {
63
64
  // (re)seeded. This is bound by |kReseedInterval|.
64
65
  unsigned calls;
65
66
  // last_block_valid is non-zero iff |last_block| contains data from
66
- // |CRYPTO_sysrand_for_seed|.
67
+ // |get_seed_entropy|.
67
68
  int last_block_valid;
68
69
 
69
70
  #if defined(BORINGSSL_FIPS)
70
- // last_block contains the previous block from |CRYPTO_sysrand_for_seed|.
71
+ // last_block contains the previous block from |get_seed_entropy|.
71
72
  uint8_t last_block[CRNGT_BLOCK_SIZE];
72
73
  // next and prev form a NULL-terminated, double-linked list of all states in
73
74
  // a process.
@@ -146,12 +147,6 @@ static int rdrand(uint8_t *buf, const size_t len) {
146
147
  OPENSSL_memcpy(buf + len_multiple8, rand_buf, remainder);
147
148
  }
148
149
 
149
- #if defined(BORINGSSL_FIPS_BREAK_CRNG)
150
- // This breaks the "continuous random number generator test" defined in FIPS
151
- // 140-2, section 4.9.2, and implemented in rand_get_seed().
152
- OPENSSL_memset(buf, 0, len);
153
- #endif
154
-
155
150
  return 1;
156
151
  }
157
152
 
@@ -165,25 +160,110 @@ static int rdrand(uint8_t *buf, size_t len) {
165
160
 
166
161
  #if defined(BORINGSSL_FIPS)
167
162
 
163
+ void CRYPTO_get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len,
164
+ int *out_used_cpu) {
165
+ *out_used_cpu = 0;
166
+ if (have_rdrand() && rdrand(out_entropy, out_entropy_len)) {
167
+ *out_used_cpu = 1;
168
+ } else {
169
+ CRYPTO_sysrand_for_seed(out_entropy, out_entropy_len);
170
+ }
171
+
172
+ #if defined(BORINGSSL_FIPS_BREAK_CRNG)
173
+ // This breaks the "continuous random number generator test" defined in FIPS
174
+ // 140-2, section 4.9.2, and implemented in |rand_get_seed|.
175
+ OPENSSL_memset(out_entropy, 0, out_entropy_len);
176
+ #endif
177
+ }
178
+
179
+ #if defined(BORINGSSL_FIPS_PASSIVE_ENTROPY)
180
+
181
+ // In passive entropy mode, entropy is supplied from outside of the module via
182
+ // |RAND_load_entropy| and is stored in global instance of the following
183
+ // structure.
184
+
185
+ struct entropy_buffer {
186
+ // bytes contains entropy suitable for seeding a DRBG.
187
+ uint8_t bytes[CTR_DRBG_ENTROPY_LEN * BORINGSSL_FIPS_OVERREAD];
188
+ // bytes_valid indicates the number of bytes of |bytes| that contain valid
189
+ // data.
190
+ size_t bytes_valid;
191
+ // from_cpu is true if any of the contents of |bytes| were obtained directly
192
+ // from the CPU.
193
+ int from_cpu;
194
+ };
195
+
196
+ DEFINE_BSS_GET(struct entropy_buffer, entropy_buffer);
197
+ DEFINE_STATIC_MUTEX(entropy_buffer_lock);
198
+
199
+ void RAND_load_entropy(const uint8_t *entropy, size_t entropy_len,
200
+ int from_cpu) {
201
+ struct entropy_buffer *const buffer = entropy_buffer_bss_get();
202
+
203
+ CRYPTO_STATIC_MUTEX_lock_write(entropy_buffer_lock_bss_get());
204
+ const size_t space = sizeof(buffer->bytes) - buffer->bytes_valid;
205
+ if (entropy_len > space) {
206
+ entropy_len = space;
207
+ }
208
+
209
+ OPENSSL_memcpy(&buffer->bytes[buffer->bytes_valid], entropy, entropy_len);
210
+ buffer->bytes_valid += entropy_len;
211
+ buffer->from_cpu |= from_cpu && (entropy_len != 0);
212
+ CRYPTO_STATIC_MUTEX_unlock_write(entropy_buffer_lock_bss_get());
213
+ }
214
+
215
+ // get_seed_entropy fills |out_entropy_len| bytes of |out_entropy| from the
216
+ // global |entropy_buffer|.
217
+ static void get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len,
218
+ int *out_used_cpu) {
219
+ struct entropy_buffer *const buffer = entropy_buffer_bss_get();
220
+ if (out_entropy_len > sizeof(buffer->bytes)) {
221
+ abort();
222
+ }
223
+
224
+ CRYPTO_STATIC_MUTEX_lock_write(entropy_buffer_lock_bss_get());
225
+ while (buffer->bytes_valid < out_entropy_len) {
226
+ CRYPTO_STATIC_MUTEX_unlock_write(entropy_buffer_lock_bss_get());
227
+ RAND_need_entropy(out_entropy_len - buffer->bytes_valid);
228
+ CRYPTO_STATIC_MUTEX_lock_write(entropy_buffer_lock_bss_get());
229
+ }
230
+
231
+ *out_used_cpu = buffer->from_cpu;
232
+ OPENSSL_memcpy(out_entropy, buffer->bytes, out_entropy_len);
233
+ OPENSSL_memmove(buffer->bytes, &buffer->bytes[out_entropy_len],
234
+ buffer->bytes_valid - out_entropy_len);
235
+ buffer->bytes_valid -= out_entropy_len;
236
+ if (buffer->bytes_valid == 0) {
237
+ buffer->from_cpu = 0;
238
+ }
239
+
240
+ CRYPTO_STATIC_MUTEX_unlock_write(entropy_buffer_lock_bss_get());
241
+ }
242
+
243
+ #else
244
+
245
+ // In the active case, |get_seed_entropy| simply calls |CRYPTO_get_seed_entropy|
246
+ // in order to obtain entropy from the CPU or OS.
247
+ static void get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len,
248
+ int *out_used_cpu) {
249
+ CRYPTO_get_seed_entropy(out_entropy, out_entropy_len, out_used_cpu);
250
+ }
251
+
252
+ #endif // !BORINGSSL_FIPS_PASSIVE_ENTROPY
253
+
254
+ // rand_get_seed fills |seed| with entropy and sets |*out_used_cpu| to one if
255
+ // that entropy came directly from the CPU and zero otherwise.
168
256
  static void rand_get_seed(struct rand_thread_state *state,
169
- uint8_t seed[CTR_DRBG_ENTROPY_LEN]) {
257
+ uint8_t seed[CTR_DRBG_ENTROPY_LEN],
258
+ int *out_used_cpu) {
170
259
  if (!state->last_block_valid) {
171
- if (!have_rdrand() ||
172
- !rdrand(state->last_block, sizeof(state->last_block))) {
173
- CRYPTO_sysrand_for_seed(state->last_block, sizeof(state->last_block));
174
- }
260
+ int unused;
261
+ get_seed_entropy(state->last_block, sizeof(state->last_block), &unused);
175
262
  state->last_block_valid = 1;
176
263
  }
177
264
 
178
- // We overread from /dev/urandom or RDRAND by a factor of 10 and XOR to
179
- // whiten.
180
- #define FIPS_OVERREAD 10
181
- uint8_t entropy[CTR_DRBG_ENTROPY_LEN * FIPS_OVERREAD];
182
-
183
- int used_rdrand = have_rdrand() && rdrand(entropy, sizeof(entropy));
184
- if (!used_rdrand) {
185
- CRYPTO_sysrand_for_seed(entropy, sizeof(entropy));
186
- }
265
+ uint8_t entropy[CTR_DRBG_ENTROPY_LEN * BORINGSSL_FIPS_OVERREAD];
266
+ get_seed_entropy(entropy, sizeof(entropy), out_used_cpu);
187
267
 
188
268
  // See FIPS 140-2, section 4.9.2. This is the “continuous random number
189
269
  // generator test” which causes the program to randomly abort. Hopefully the
@@ -193,6 +273,7 @@ static void rand_get_seed(struct rand_thread_state *state,
193
273
  BORINGSSL_FIPS_abort();
194
274
  }
195
275
 
276
+ OPENSSL_STATIC_ASSERT(sizeof(entropy) % CRNGT_BLOCK_SIZE == 0, "");
196
277
  for (size_t i = CRNGT_BLOCK_SIZE; i < sizeof(entropy);
197
278
  i += CRNGT_BLOCK_SIZE) {
198
279
  if (CRYPTO_memcmp(entropy + i - CRNGT_BLOCK_SIZE, entropy + i,
@@ -207,31 +288,24 @@ static void rand_get_seed(struct rand_thread_state *state,
207
288
 
208
289
  OPENSSL_memcpy(seed, entropy, CTR_DRBG_ENTROPY_LEN);
209
290
 
210
- for (size_t i = 1; i < FIPS_OVERREAD; i++) {
291
+ for (size_t i = 1; i < BORINGSSL_FIPS_OVERREAD; i++) {
211
292
  for (size_t j = 0; j < CTR_DRBG_ENTROPY_LEN; j++) {
212
293
  seed[j] ^= entropy[CTR_DRBG_ENTROPY_LEN * i + j];
213
294
  }
214
295
  }
215
-
216
- #if defined(OPENSSL_URANDOM)
217
- // If we used RDRAND, also opportunistically read from the system. This avoids
218
- // solely relying on the hardware once the entropy pool has been initialized.
219
- if (used_rdrand) {
220
- CRYPTO_sysrand_if_available(entropy, CTR_DRBG_ENTROPY_LEN);
221
- for (size_t i = 0; i < CTR_DRBG_ENTROPY_LEN; i++) {
222
- seed[i] ^= entropy[i];
223
- }
224
- }
225
- #endif
226
296
  }
227
297
 
228
298
  #else
229
299
 
300
+ // rand_get_seed fills |seed| with entropy and sets |*out_used_cpu| to one if
301
+ // that entropy came directly from the CPU and zero otherwise.
230
302
  static void rand_get_seed(struct rand_thread_state *state,
231
- uint8_t seed[CTR_DRBG_ENTROPY_LEN]) {
303
+ uint8_t seed[CTR_DRBG_ENTROPY_LEN],
304
+ int *out_used_cpu) {
232
305
  // If not in FIPS mode, we don't overread from the system entropy source and
233
306
  // we don't depend only on the hardware RDRAND.
234
307
  CRYPTO_sysrand(seed, CTR_DRBG_ENTROPY_LEN);
308
+ *out_used_cpu = 0;
235
309
  }
236
310
 
237
311
  #endif
@@ -290,8 +364,23 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
290
364
 
291
365
  state->last_block_valid = 0;
292
366
  uint8_t seed[CTR_DRBG_ENTROPY_LEN];
293
- rand_get_seed(state, seed);
294
- if (!CTR_DRBG_init(&state->drbg, seed, NULL, 0)) {
367
+ int used_cpu;
368
+ rand_get_seed(state, seed, &used_cpu);
369
+
370
+ uint8_t personalization[CTR_DRBG_ENTROPY_LEN];
371
+ size_t personalization_len = 0;
372
+ #if defined(OPENSSL_URANDOM)
373
+ // If we used RDRAND, also opportunistically read from the system. This
374
+ // avoids solely relying on the hardware once the entropy pool has been
375
+ // initialized.
376
+ if (used_cpu &&
377
+ CRYPTO_sysrand_if_available(personalization, sizeof(personalization))) {
378
+ personalization_len = sizeof(personalization);
379
+ }
380
+ #endif
381
+
382
+ if (!CTR_DRBG_init(&state->drbg, seed, personalization,
383
+ personalization_len)) {
295
384
  abort();
296
385
  }
297
386
  state->calls = 0;
@@ -315,7 +404,8 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
315
404
  if (state->calls >= kReseedInterval ||
316
405
  state->fork_generation != fork_generation) {
317
406
  uint8_t seed[CTR_DRBG_ENTROPY_LEN];
318
- rand_get_seed(state, seed);
407
+ int used_cpu;
408
+ rand_get_seed(state, seed, &used_cpu);
319
409
  #if defined(BORINGSSL_FIPS)
320
410
  // Take a read lock around accesses to |state->drbg|. This is needed to
321
411
  // avoid returning bad entropy if we race with
@@ -366,14 +366,7 @@ void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
366
366
  perror("entropy fill failed");
367
367
  abort();
368
368
  }
369
-
370
- #if defined(BORINGSSL_FIPS_BREAK_CRNG)
371
- // This breaks the "continuous random number generator test" defined in FIPS
372
- // 140-2, section 4.9.2, and implemented in rand_get_seed().
373
- OPENSSL_memset(out, 0, requested);
374
- #endif
375
369
  }
376
-
377
370
  #endif // BORINGSSL_FIPS
378
371
 
379
372
  int CRYPTO_sysrand_if_available(uint8_t *out, size_t requested) {
@@ -1316,52 +1316,72 @@ static void replace_bn_mont_ctx(BN_MONT_CTX **out, BN_MONT_CTX **in) {
1316
1316
  *in = NULL;
1317
1317
  }
1318
1318
 
1319
- int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e_value,
1320
- BN_GENCB *cb) {
1319
+ static int RSA_generate_key_ex_maybe_fips(RSA *rsa, int bits,
1320
+ const BIGNUM *e_value, BN_GENCB *cb,
1321
+ int check_fips) {
1322
+ RSA *tmp = NULL;
1323
+ uint32_t err;
1324
+ int ret = 0;
1325
+
1321
1326
  // |rsa_generate_key_impl|'s 2^-20 failure probability is too high at scale,
1322
1327
  // so we run the FIPS algorithm four times, bringing it down to 2^-80. We
1323
1328
  // should just adjust the retry limit, but FIPS 186-4 prescribes that value
1324
1329
  // and thus results in unnecessary complexity.
1325
- for (int i = 0; i < 4; i++) {
1330
+ int failures = 0;
1331
+ do {
1326
1332
  ERR_clear_error();
1327
1333
  // Generate into scratch space, to avoid leaving partial work on failure.
1328
- RSA *tmp = RSA_new();
1334
+ tmp = RSA_new();
1329
1335
  if (tmp == NULL) {
1330
- return 0;
1336
+ goto out;
1331
1337
  }
1338
+
1332
1339
  if (rsa_generate_key_impl(tmp, bits, e_value, cb)) {
1333
- replace_bignum(&rsa->n, &tmp->n);
1334
- replace_bignum(&rsa->e, &tmp->e);
1335
- replace_bignum(&rsa->d, &tmp->d);
1336
- replace_bignum(&rsa->p, &tmp->p);
1337
- replace_bignum(&rsa->q, &tmp->q);
1338
- replace_bignum(&rsa->dmp1, &tmp->dmp1);
1339
- replace_bignum(&rsa->dmq1, &tmp->dmq1);
1340
- replace_bignum(&rsa->iqmp, &tmp->iqmp);
1341
- replace_bn_mont_ctx(&rsa->mont_n, &tmp->mont_n);
1342
- replace_bn_mont_ctx(&rsa->mont_p, &tmp->mont_p);
1343
- replace_bn_mont_ctx(&rsa->mont_q, &tmp->mont_q);
1344
- replace_bignum(&rsa->d_fixed, &tmp->d_fixed);
1345
- replace_bignum(&rsa->dmp1_fixed, &tmp->dmp1_fixed);
1346
- replace_bignum(&rsa->dmq1_fixed, &tmp->dmq1_fixed);
1347
- replace_bignum(&rsa->inv_small_mod_large_mont,
1348
- &tmp->inv_small_mod_large_mont);
1349
- rsa->private_key_frozen = tmp->private_key_frozen;
1350
- RSA_free(tmp);
1351
- return 1;
1340
+ break;
1352
1341
  }
1353
- uint32_t err = ERR_peek_error();
1342
+
1343
+ err = ERR_peek_error();
1354
1344
  RSA_free(tmp);
1355
1345
  tmp = NULL;
1346
+ failures++;
1347
+
1356
1348
  // Only retry on |RSA_R_TOO_MANY_ITERATIONS|. This is so a caller-induced
1357
1349
  // failure in |BN_GENCB_call| is still fatal.
1358
- if (ERR_GET_LIB(err) != ERR_LIB_RSA ||
1359
- ERR_GET_REASON(err) != RSA_R_TOO_MANY_ITERATIONS) {
1360
- return 0;
1361
- }
1350
+ } while (failures < 4 && ERR_GET_LIB(err) == ERR_LIB_RSA &&
1351
+ ERR_GET_REASON(err) == RSA_R_TOO_MANY_ITERATIONS);
1352
+
1353
+ if (tmp == NULL || (check_fips && !RSA_check_fips(tmp))) {
1354
+ goto out;
1362
1355
  }
1363
1356
 
1364
- return 0;
1357
+ replace_bignum(&rsa->n, &tmp->n);
1358
+ replace_bignum(&rsa->e, &tmp->e);
1359
+ replace_bignum(&rsa->d, &tmp->d);
1360
+ replace_bignum(&rsa->p, &tmp->p);
1361
+ replace_bignum(&rsa->q, &tmp->q);
1362
+ replace_bignum(&rsa->dmp1, &tmp->dmp1);
1363
+ replace_bignum(&rsa->dmq1, &tmp->dmq1);
1364
+ replace_bignum(&rsa->iqmp, &tmp->iqmp);
1365
+ replace_bn_mont_ctx(&rsa->mont_n, &tmp->mont_n);
1366
+ replace_bn_mont_ctx(&rsa->mont_p, &tmp->mont_p);
1367
+ replace_bn_mont_ctx(&rsa->mont_q, &tmp->mont_q);
1368
+ replace_bignum(&rsa->d_fixed, &tmp->d_fixed);
1369
+ replace_bignum(&rsa->dmp1_fixed, &tmp->dmp1_fixed);
1370
+ replace_bignum(&rsa->dmq1_fixed, &tmp->dmq1_fixed);
1371
+ replace_bignum(&rsa->inv_small_mod_large_mont,
1372
+ &tmp->inv_small_mod_large_mont);
1373
+ rsa->private_key_frozen = tmp->private_key_frozen;
1374
+ ret = 1;
1375
+
1376
+ out:
1377
+ RSA_free(tmp);
1378
+ return ret;
1379
+ }
1380
+
1381
+ int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e_value,
1382
+ BN_GENCB *cb) {
1383
+ return RSA_generate_key_ex_maybe_fips(rsa, bits, e_value, cb,
1384
+ /*check_fips=*/0);
1365
1385
  }
1366
1386
 
1367
1387
  int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb) {
@@ -1377,8 +1397,7 @@ int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb) {
1377
1397
  BIGNUM *e = BN_new();
1378
1398
  int ret = e != NULL &&
1379
1399
  BN_set_word(e, RSA_F4) &&
1380
- RSA_generate_key_ex(rsa, bits, e, cb) &&
1381
- RSA_check_fips(rsa);
1400
+ RSA_generate_key_ex_maybe_fips(rsa, bits, e, cb, /*check_fips=*/1);
1382
1401
  BN_free(e);
1383
1402
  return ret;
1384
1403
  }
@@ -21,6 +21,8 @@
21
21
  #include <openssl/aes.h>
22
22
  #include <openssl/bn.h>
23
23
  #include <openssl/des.h>
24
+ #include <openssl/dh.h>
25
+ #include <openssl/digest.h>
24
26
  #include <openssl/ec.h>
25
27
  #include <openssl/ecdsa.h>
26
28
  #include <openssl/ec_key.h>
@@ -31,6 +33,7 @@
31
33
  #include "../../internal.h"
32
34
  #include "../ec/internal.h"
33
35
  #include "../rand/internal.h"
36
+ #include "../tls/internal.h"
34
37
 
35
38
 
36
39
  // MSVC wants to put a NUL byte at the end of non-char arrays and so cannot
@@ -244,6 +247,41 @@ static EC_KEY *self_test_ecdsa_key(void) {
244
247
  return ec_key;
245
248
  }
246
249
 
250
+ static DH *self_test_dh(void) {
251
+ DH *dh = DH_get_rfc7919_2048();
252
+ if (!dh) {
253
+ return NULL;
254
+ }
255
+
256
+ BIGNUM *priv = BN_new();
257
+ if (!priv) {
258
+ goto err;
259
+ }
260
+
261
+ // kFFDHE2048PrivateKeyData is a 225-bit value. (225 because that's the
262
+ // minimum private key size in
263
+ // https://tools.ietf.org/html/rfc7919#appendix-A.1.)
264
+ static const BN_ULONG kFFDHE2048PrivateKeyData[] = {
265
+ TOBN(0x187be36b, 0xd38a4fa1),
266
+ TOBN(0x0a152f39, 0x6458f3b8),
267
+ TOBN(0x0570187e, 0xc422eeb7),
268
+ TOBN(0x00000001, 0x91173f2a),
269
+ };
270
+
271
+ bn_set_static_words(priv, kFFDHE2048PrivateKeyData,
272
+ OPENSSL_ARRAY_SIZE(kFFDHE2048PrivateKeyData));
273
+
274
+ if (!DH_set0_key(dh, NULL, priv)) {
275
+ goto err;
276
+ }
277
+ return dh;
278
+
279
+ err:
280
+ BN_free(priv);
281
+ DH_free(dh);
282
+ return NULL;
283
+ }
284
+
247
285
  #if defined(OPENSSL_ANDROID)
248
286
  static const size_t kModuleDigestSize = SHA256_DIGEST_LENGTH;
249
287
  #else
@@ -460,6 +498,81 @@ int boringssl_fips_self_test(
460
498
  0x00,
461
499
  #endif
462
500
  };
501
+ const uint8_t kTLSOutput[32] = {
502
+ 0x67, 0x85, 0xde, 0x60, 0xfc, 0x0a, 0x83, 0xe9, 0xa2, 0x2a, 0xb3,
503
+ 0xf0, 0x27, 0x0c, 0xba, 0xf7, 0xfa, 0x82, 0x3d, 0x14, 0x77, 0x1d,
504
+ 0x86, 0x29, 0x79, 0x39, 0x77, 0x8a, 0xd5, 0x0e, 0x9d,
505
+ #if !defined(BORINGSSL_FIPS_BREAK_TLS_KDF)
506
+ 0x32,
507
+ #else
508
+ 0x00,
509
+ #endif
510
+ };
511
+ const uint8_t kTLSSecret[32] = {
512
+ 0xbf, 0xe4, 0xb7, 0xe0, 0x26, 0x55, 0x5f, 0x6a, 0xdf, 0x5d, 0x27,
513
+ 0xd6, 0x89, 0x99, 0x2a, 0xd6, 0xf7, 0x65, 0x66, 0x07, 0x4b, 0x55,
514
+ 0x5f, 0x64, 0x55, 0xcd, 0xd5, 0x77, 0xa4, 0xc7, 0x09, 0x61,
515
+ };
516
+ const char kTLSLabel[] = "FIPS self test";
517
+ const uint8_t kTLSSeed1[16] = {
518
+ 0x8f, 0x0d, 0xe8, 0xb6, 0x90, 0x8f, 0xb1, 0xd2,
519
+ 0x6d, 0x51, 0xf4, 0x79, 0x18, 0x63, 0x51, 0x65,
520
+ };
521
+ const uint8_t kTLSSeed2[16] = {
522
+ 0x7d, 0x24, 0x1a, 0x9d, 0x3c, 0x59, 0xbf, 0x3c,
523
+ 0x31, 0x1e, 0x2b, 0x21, 0x41, 0x8d, 0x32, 0x81,
524
+ };
525
+
526
+ // kFFDHE2048PublicValueData is an arbitrary public value, mod
527
+ // kFFDHE2048Data. (The private key happens to be 4096.)
528
+ static const BN_ULONG kFFDHE2048PublicValueData[] = {
529
+ TOBN(0x187be36b, 0xd38a4fa1), TOBN(0x0a152f39, 0x6458f3b8),
530
+ TOBN(0x0570187e, 0xc422eeb7), TOBN(0x18af7482, 0x91173f2a),
531
+ TOBN(0xe9fdac6a, 0xcff4eaaa), TOBN(0xf6afebb7, 0x6e589d6c),
532
+ TOBN(0xf92f8e9a, 0xb7e33fb0), TOBN(0x70acf2aa, 0x4cf36ddd),
533
+ TOBN(0x561ab426, 0xd07137fd), TOBN(0x5f57d037, 0x430ee91e),
534
+ TOBN(0xe3e768c8, 0x60d10b8a), TOBN(0xb14884d8, 0xa18af8ce),
535
+ TOBN(0xf8a98014, 0xa12b74e4), TOBN(0x748d407c, 0x3437b7a8),
536
+ TOBN(0x627588c4, 0x9875d5a7), TOBN(0xdd24a127, 0x53c8f09d),
537
+ TOBN(0x85a997d5, 0x0cd51aec), TOBN(0x44f0c619, 0xce348458),
538
+ TOBN(0x9b894b24, 0x5f6b69a1), TOBN(0xae1302f2, 0xf6d4777e),
539
+ TOBN(0xe6678eeb, 0x375db18e), TOBN(0x2674e1d6, 0x4fbcbdc8),
540
+ TOBN(0xb297a823, 0x6fa93d28), TOBN(0x6a12fb70, 0x7c8c0510),
541
+ TOBN(0x5c6d1aeb, 0xdb06f65b), TOBN(0xe8c2954e, 0x4c1804ca),
542
+ TOBN(0x06bdeac1, 0xf5500fa7), TOBN(0x6a315604, 0x189cd76b),
543
+ TOBN(0xbae7b0b3, 0x6e362dc0), TOBN(0xa57c73bd, 0xdc70fb82),
544
+ TOBN(0xfaff50d2, 0x9d573457), TOBN(0x352bd399, 0xbe84058e),
545
+ };
546
+
547
+ const uint8_t kDHOutput[2048 / 8] = {
548
+ 0x2a, 0xe6, 0xd3, 0xa6, 0x13, 0x58, 0x8e, 0xce, 0x53, 0xaa, 0xf6, 0x5d,
549
+ 0x9a, 0xae, 0x02, 0x12, 0xf5, 0x80, 0x3d, 0x06, 0x09, 0x76, 0xac, 0x57,
550
+ 0x37, 0x9e, 0xab, 0x38, 0x62, 0x25, 0x05, 0x1d, 0xf3, 0xa9, 0x39, 0x60,
551
+ 0xf6, 0xae, 0x90, 0xed, 0x1e, 0xad, 0x6e, 0xe9, 0xe3, 0xba, 0x27, 0xf6,
552
+ 0xdb, 0x54, 0xdf, 0xe2, 0xbd, 0xbb, 0x7f, 0xf1, 0x81, 0xac, 0x1a, 0xfa,
553
+ 0xdb, 0x87, 0x07, 0x98, 0x76, 0x90, 0x21, 0xf2, 0xae, 0xda, 0x0d, 0x84,
554
+ 0x97, 0x64, 0x0b, 0xbf, 0xb8, 0x8d, 0x10, 0x46, 0xe2, 0xd5, 0xca, 0x1b,
555
+ 0xbb, 0xe5, 0x37, 0xb2, 0x3b, 0x35, 0xd3, 0x1b, 0x65, 0xea, 0xae, 0xf2,
556
+ 0x03, 0xe2, 0xb6, 0xde, 0x22, 0xb7, 0x86, 0x49, 0x79, 0xfe, 0xd7, 0x16,
557
+ 0xf7, 0xdc, 0x9c, 0x59, 0xf5, 0xb7, 0x70, 0xc0, 0x53, 0x42, 0x6f, 0xb1,
558
+ 0xd2, 0x4e, 0x00, 0x25, 0x4b, 0x2d, 0x5a, 0x9b, 0xd0, 0xe9, 0x27, 0x43,
559
+ 0xcc, 0x00, 0x66, 0xea, 0x94, 0x7a, 0x0b, 0xb9, 0x89, 0x0c, 0x5e, 0x94,
560
+ 0xb8, 0x3a, 0x78, 0x9c, 0x4d, 0x84, 0xe6, 0x32, 0x2c, 0x38, 0x7c, 0xf7,
561
+ 0x43, 0x9c, 0xd8, 0xb8, 0x1c, 0xce, 0x24, 0x91, 0x20, 0x67, 0x7a, 0x54,
562
+ 0x1f, 0x7e, 0x86, 0x7f, 0xa1, 0xc1, 0x03, 0x4e, 0x2c, 0x26, 0x71, 0xb2,
563
+ 0x06, 0x30, 0xb3, 0x6c, 0x15, 0xcc, 0xac, 0x25, 0xe5, 0x37, 0x3f, 0x24,
564
+ 0x8f, 0x2a, 0x89, 0x5e, 0x3d, 0x43, 0x94, 0xc9, 0x36, 0xae, 0x40, 0x00,
565
+ 0x6a, 0x0d, 0xb0, 0x6e, 0x8b, 0x2e, 0x70, 0x57, 0xe1, 0x88, 0x53, 0xd6,
566
+ 0x06, 0x80, 0x2a, 0x4e, 0x5a, 0xf0, 0x1e, 0xaa, 0xcb, 0xab, 0x06, 0x0e,
567
+ 0x27, 0x0f, 0xd9, 0x88, 0xd9, 0x01, 0xe3, 0x07, 0xeb, 0xdf, 0xc3, 0x12,
568
+ 0xe3, 0x40, 0x88, 0x7b, 0x5f, 0x59, 0x78, 0x6e, 0x26, 0x20, 0xc3, 0xdf,
569
+ 0xc8, 0xe4, 0x5e,
570
+ #if !defined(BORINGSSL_FIPS_BREAK_FFC_DH)
571
+ 0xb8,
572
+ #else
573
+ 0x00,
574
+ #endif
575
+ };
463
576
 
464
577
  EVP_AEAD_CTX aead_ctx;
465
578
  EVP_AEAD_CTX_zero(&aead_ctx);
@@ -666,6 +779,29 @@ int boringssl_fips_self_test(
666
779
  goto err;
667
780
  }
668
781
 
782
+ // FFC Diffie-Hellman KAT
783
+
784
+ BIGNUM *const ffdhe2048_value = BN_new();
785
+ DH *const dh = self_test_dh();
786
+ int dh_ok = 0;
787
+ if (ffdhe2048_value && dh) {
788
+ bn_set_static_words(ffdhe2048_value, kFFDHE2048PublicValueData,
789
+ OPENSSL_ARRAY_SIZE(kFFDHE2048PublicValueData));
790
+
791
+ uint8_t dh_out[sizeof(kDHOutput)];
792
+ dh_ok =
793
+ sizeof(dh_out) == DH_size(dh) &&
794
+ DH_compute_key_padded(dh_out, ffdhe2048_value, dh) == sizeof(dh_out) &&
795
+ check_test(kDHOutput, dh_out, sizeof(dh_out), "FFC DH");
796
+ }
797
+
798
+ BN_free(ffdhe2048_value);
799
+ DH_free(dh);
800
+ if (!dh_ok) {
801
+ fprintf(stderr, "FFDH failed.\n");
802
+ goto err;
803
+ }
804
+
669
805
  // DBRG KAT
670
806
  CTR_DRBG_STATE drbg;
671
807
  if (!CTR_DRBG_init(&drbg, kDRBGEntropy, kDRBGPersonalization,
@@ -690,6 +826,17 @@ int boringssl_fips_self_test(
690
826
  goto err;
691
827
  }
692
828
 
829
+ // TLS KDF KAT
830
+ uint8_t tls_output[sizeof(kTLSOutput)];
831
+ if (!CRYPTO_tls1_prf(EVP_sha256(), tls_output, sizeof(tls_output), kTLSSecret,
832
+ sizeof(kTLSSecret), kTLSLabel, sizeof(kTLSLabel),
833
+ kTLSSeed1, sizeof(kTLSSeed1), kTLSSeed2,
834
+ sizeof(kTLSSeed2)) ||
835
+ !check_test(kTLSOutput, tls_output, sizeof(kTLSOutput), "TLS KDF KAT")) {
836
+ fprintf(stderr, "TLS KDF failed.\n");
837
+ goto err;
838
+ }
839
+
693
840
  ret = 1;
694
841
 
695
842
  #if defined(BORINGSSL_FIPS_SELF_TEST_FLAG_FILE)