grpc 1.35.0 → 1.36.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Makefile +60 -57
- data/include/grpc/grpc_security.h +16 -11
- data/src/core/ext/filters/client_channel/client_channel.cc +32 -26
- data/src/core/ext/filters/client_channel/client_channel.h +0 -2
- data/src/core/ext/filters/client_channel/config_selector.h +1 -1
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +3 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +8 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +289 -170
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +231 -109
- data/src/core/ext/filters/client_channel/resolver.cc +2 -5
- data/src/core/ext/filters/client_channel/resolver.h +1 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +36 -45
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +29 -41
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +16 -14
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +18 -15
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +362 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +22 -74
- data/src/core/ext/filters/client_channel/server_address.cc +6 -0
- data/src/core/ext/filters/client_channel/server_address.h +31 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -2
- data/src/core/ext/filters/max_age/max_age_filter.cc +35 -32
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +1 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +47 -22
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +11 -16
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +42 -59
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +15 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +25 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +75 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +41 -7
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -21
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +13 -9
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +37 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +11 -9
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +44 -27
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +42 -16
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +106 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +13 -16
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +51 -42
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +16 -13
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +50 -18
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +4 -7
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -17
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +30 -23
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +85 -73
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -1
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +21 -4
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +29 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +5 -5
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/resource.upb.c +9 -9
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +747 -724
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +369 -376
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/xds/xds_api.cc +738 -567
- data/src/core/ext/xds/xds_api.h +46 -84
- data/src/core/ext/xds/xds_bootstrap.cc +59 -40
- data/src/core/ext/xds/xds_bootstrap.h +12 -4
- data/src/core/ext/xds/xds_certificate_provider.cc +180 -74
- data/src/core/ext/xds/xds_certificate_provider.h +83 -44
- data/src/core/ext/xds/xds_client.cc +13 -11
- data/src/core/ext/xds/xds_client.h +3 -0
- data/src/core/ext/xds/xds_client_stats.cc +2 -1
- data/src/core/ext/xds/xds_server_config_fetcher.cc +147 -11
- data/src/core/lib/channel/handshaker.cc +2 -5
- data/src/core/lib/channel/handshaker.h +1 -1
- data/src/core/lib/gpr/log.cc +6 -1
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/ref_counted.h +1 -1
- data/src/core/lib/gprpp/sync.h +129 -40
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/httpcli_security_connector.cc +2 -2
- data/src/core/lib/iomgr/ev_apple.cc +10 -7
- data/src/core/lib/iomgr/ev_epollex_linux.cc +4 -4
- data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
- data/src/core/lib/iomgr/sockaddr_utils.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +4 -4
- data/src/core/lib/security/authorization/matchers.cc +339 -0
- data/src/core/lib/security/authorization/matchers.h +158 -0
- data/src/core/lib/security/authorization/mock_cel/activation.h +1 -1
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +9 -7
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/credentials.h +2 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +2 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +7 -6
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +0 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -3
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +128 -59
- data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +5 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +3 -0
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +26 -14
- data/src/core/lib/security/transport/security_handshaker.cc +1 -3
- data/src/core/lib/slice/slice_intern.cc +1 -1
- data/src/core/lib/surface/init.cc +13 -15
- data/src/core/lib/surface/server.cc +3 -3
- data/src/core/lib/surface/server.h +3 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/metadata.cc +6 -2
- data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +17 -20
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +16 -21
- data/src/core/tsi/fake_transport_security.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
- data/src/core/tsi/ssl_transport_security.cc +0 -3
- data/src/core/tsi/ssl_transport_security.h +0 -3
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
- data/third_party/boringssl-with-bazel/err_data.c +725 -723
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -14
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +128 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +147 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +18 -29
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -545
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +12 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +42 -24
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +27 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +287 -98
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +139 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +10 -5
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +37 -16
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +20 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +329 -31
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +66 -24
- metadata +77 -65
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -60
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -143
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -84
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -94
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -173
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -92
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
|
@@ -797,6 +797,12 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
|
|
|
797
797
|
return 1;
|
|
798
798
|
}
|
|
799
799
|
|
|
800
|
+
int EC_POINT_get_affine_coordinates(const EC_GROUP *group,
|
|
801
|
+
const EC_POINT *point, BIGNUM *x, BIGNUM *y,
|
|
802
|
+
BN_CTX *ctx) {
|
|
803
|
+
return EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx);
|
|
804
|
+
}
|
|
805
|
+
|
|
800
806
|
void ec_affine_to_jacobian(const EC_GROUP *group, EC_RAW_POINT *out,
|
|
801
807
|
const EC_AFFINE *p) {
|
|
802
808
|
out->X = p->X;
|
|
@@ -879,6 +885,12 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
|
|
|
879
885
|
return 1;
|
|
880
886
|
}
|
|
881
887
|
|
|
888
|
+
int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
|
|
889
|
+
const BIGNUM *x, const BIGNUM *y,
|
|
890
|
+
BN_CTX *ctx) {
|
|
891
|
+
return EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx);
|
|
892
|
+
}
|
|
893
|
+
|
|
882
894
|
int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
|
|
883
895
|
const EC_POINT *b, BN_CTX *ctx) {
|
|
884
896
|
if (EC_GROUP_cmp(group, r->group, NULL) != 0 ||
|
|
@@ -440,7 +440,15 @@ int EC_KEY_generate_key(EC_KEY *key) {
|
|
|
440
440
|
}
|
|
441
441
|
|
|
442
442
|
int EC_KEY_generate_key_fips(EC_KEY *eckey) {
|
|
443
|
-
|
|
443
|
+
if (EC_KEY_generate_key(eckey) && EC_KEY_check_fips(eckey)) {
|
|
444
|
+
return 1;
|
|
445
|
+
}
|
|
446
|
+
|
|
447
|
+
EC_POINT_free(eckey->pub_key);
|
|
448
|
+
ec_wrapped_scalar_free(eckey->priv_key);
|
|
449
|
+
eckey->pub_key = NULL;
|
|
450
|
+
eckey->priv_key = NULL;
|
|
451
|
+
return 0;
|
|
444
452
|
}
|
|
445
453
|
|
|
446
454
|
int EC_KEY_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
|
|
@@ -36,6 +36,34 @@ extern "C" {
|
|
|
36
36
|
void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
|
|
37
37
|
const uint8_t user_additional_data[32]);
|
|
38
38
|
|
|
39
|
+
#if defined(BORINGSSL_FIPS)
|
|
40
|
+
|
|
41
|
+
// We overread from /dev/urandom or RDRAND by a factor of 10 and XOR to whiten.
|
|
42
|
+
#define BORINGSSL_FIPS_OVERREAD 10
|
|
43
|
+
|
|
44
|
+
// CRYPTO_get_seed_entropy writes |out_entropy_len| bytes of entropy, suitable
|
|
45
|
+
// for seeding a DRBG, to |out_entropy|. It sets |*out_used_cpu| to one if the
|
|
46
|
+
// entropy came directly from the CPU and zero if it came from the OS. It
|
|
47
|
+
// actively obtains entropy from the CPU/OS and so should not be called from
|
|
48
|
+
// within the FIPS module if |BORINGSSL_FIPS_PASSIVE_ENTROPY| is defined.
|
|
49
|
+
void CRYPTO_get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len,
|
|
50
|
+
int *out_used_cpu);
|
|
51
|
+
|
|
52
|
+
#if defined(BORINGSSL_FIPS_PASSIVE_ENTROPY)
|
|
53
|
+
|
|
54
|
+
// RAND_load_entropy supplies |entropy_len| bytes of entropy to the module. The
|
|
55
|
+
// |from_cpu| parameter is true iff the entropy was obtained directly from the
|
|
56
|
+
// CPU.
|
|
57
|
+
void RAND_load_entropy(const uint8_t *entropy, size_t entropy_len,
|
|
58
|
+
int from_cpu);
|
|
59
|
+
|
|
60
|
+
// RAND_need_entropy is implemented outside of the FIPS module and is called
|
|
61
|
+
// when the module has stopped because it has run out of entropy.
|
|
62
|
+
void RAND_need_entropy(size_t bytes_needed);
|
|
63
|
+
|
|
64
|
+
#endif // BORINGSSL_FIPS_PASSIVE_ENTROPY
|
|
65
|
+
#endif // BORINGSSL_FIPS
|
|
66
|
+
|
|
39
67
|
// CRYPTO_sysrand fills |len| bytes at |buf| with entropy from the operating
|
|
40
68
|
// system.
|
|
41
69
|
void CRYPTO_sysrand(uint8_t *buf, size_t len);
|
|
@@ -25,6 +25,7 @@
|
|
|
25
25
|
#include <openssl/chacha.h>
|
|
26
26
|
#include <openssl/cpu.h>
|
|
27
27
|
#include <openssl/mem.h>
|
|
28
|
+
#include <openssl/type_check.h>
|
|
28
29
|
|
|
29
30
|
#include "internal.h"
|
|
30
31
|
#include "fork_detect.h"
|
|
@@ -63,11 +64,11 @@ struct rand_thread_state {
|
|
|
63
64
|
// (re)seeded. This is bound by |kReseedInterval|.
|
|
64
65
|
unsigned calls;
|
|
65
66
|
// last_block_valid is non-zero iff |last_block| contains data from
|
|
66
|
-
// |
|
|
67
|
+
// |get_seed_entropy|.
|
|
67
68
|
int last_block_valid;
|
|
68
69
|
|
|
69
70
|
#if defined(BORINGSSL_FIPS)
|
|
70
|
-
// last_block contains the previous block from |
|
|
71
|
+
// last_block contains the previous block from |get_seed_entropy|.
|
|
71
72
|
uint8_t last_block[CRNGT_BLOCK_SIZE];
|
|
72
73
|
// next and prev form a NULL-terminated, double-linked list of all states in
|
|
73
74
|
// a process.
|
|
@@ -146,12 +147,6 @@ static int rdrand(uint8_t *buf, const size_t len) {
|
|
|
146
147
|
OPENSSL_memcpy(buf + len_multiple8, rand_buf, remainder);
|
|
147
148
|
}
|
|
148
149
|
|
|
149
|
-
#if defined(BORINGSSL_FIPS_BREAK_CRNG)
|
|
150
|
-
// This breaks the "continuous random number generator test" defined in FIPS
|
|
151
|
-
// 140-2, section 4.9.2, and implemented in rand_get_seed().
|
|
152
|
-
OPENSSL_memset(buf, 0, len);
|
|
153
|
-
#endif
|
|
154
|
-
|
|
155
150
|
return 1;
|
|
156
151
|
}
|
|
157
152
|
|
|
@@ -165,25 +160,110 @@ static int rdrand(uint8_t *buf, size_t len) {
|
|
|
165
160
|
|
|
166
161
|
#if defined(BORINGSSL_FIPS)
|
|
167
162
|
|
|
163
|
+
void CRYPTO_get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len,
|
|
164
|
+
int *out_used_cpu) {
|
|
165
|
+
*out_used_cpu = 0;
|
|
166
|
+
if (have_rdrand() && rdrand(out_entropy, out_entropy_len)) {
|
|
167
|
+
*out_used_cpu = 1;
|
|
168
|
+
} else {
|
|
169
|
+
CRYPTO_sysrand_for_seed(out_entropy, out_entropy_len);
|
|
170
|
+
}
|
|
171
|
+
|
|
172
|
+
#if defined(BORINGSSL_FIPS_BREAK_CRNG)
|
|
173
|
+
// This breaks the "continuous random number generator test" defined in FIPS
|
|
174
|
+
// 140-2, section 4.9.2, and implemented in |rand_get_seed|.
|
|
175
|
+
OPENSSL_memset(out_entropy, 0, out_entropy_len);
|
|
176
|
+
#endif
|
|
177
|
+
}
|
|
178
|
+
|
|
179
|
+
#if defined(BORINGSSL_FIPS_PASSIVE_ENTROPY)
|
|
180
|
+
|
|
181
|
+
// In passive entropy mode, entropy is supplied from outside of the module via
|
|
182
|
+
// |RAND_load_entropy| and is stored in global instance of the following
|
|
183
|
+
// structure.
|
|
184
|
+
|
|
185
|
+
struct entropy_buffer {
|
|
186
|
+
// bytes contains entropy suitable for seeding a DRBG.
|
|
187
|
+
uint8_t bytes[CTR_DRBG_ENTROPY_LEN * BORINGSSL_FIPS_OVERREAD];
|
|
188
|
+
// bytes_valid indicates the number of bytes of |bytes| that contain valid
|
|
189
|
+
// data.
|
|
190
|
+
size_t bytes_valid;
|
|
191
|
+
// from_cpu is true if any of the contents of |bytes| were obtained directly
|
|
192
|
+
// from the CPU.
|
|
193
|
+
int from_cpu;
|
|
194
|
+
};
|
|
195
|
+
|
|
196
|
+
DEFINE_BSS_GET(struct entropy_buffer, entropy_buffer);
|
|
197
|
+
DEFINE_STATIC_MUTEX(entropy_buffer_lock);
|
|
198
|
+
|
|
199
|
+
void RAND_load_entropy(const uint8_t *entropy, size_t entropy_len,
|
|
200
|
+
int from_cpu) {
|
|
201
|
+
struct entropy_buffer *const buffer = entropy_buffer_bss_get();
|
|
202
|
+
|
|
203
|
+
CRYPTO_STATIC_MUTEX_lock_write(entropy_buffer_lock_bss_get());
|
|
204
|
+
const size_t space = sizeof(buffer->bytes) - buffer->bytes_valid;
|
|
205
|
+
if (entropy_len > space) {
|
|
206
|
+
entropy_len = space;
|
|
207
|
+
}
|
|
208
|
+
|
|
209
|
+
OPENSSL_memcpy(&buffer->bytes[buffer->bytes_valid], entropy, entropy_len);
|
|
210
|
+
buffer->bytes_valid += entropy_len;
|
|
211
|
+
buffer->from_cpu |= from_cpu && (entropy_len != 0);
|
|
212
|
+
CRYPTO_STATIC_MUTEX_unlock_write(entropy_buffer_lock_bss_get());
|
|
213
|
+
}
|
|
214
|
+
|
|
215
|
+
// get_seed_entropy fills |out_entropy_len| bytes of |out_entropy| from the
|
|
216
|
+
// global |entropy_buffer|.
|
|
217
|
+
static void get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len,
|
|
218
|
+
int *out_used_cpu) {
|
|
219
|
+
struct entropy_buffer *const buffer = entropy_buffer_bss_get();
|
|
220
|
+
if (out_entropy_len > sizeof(buffer->bytes)) {
|
|
221
|
+
abort();
|
|
222
|
+
}
|
|
223
|
+
|
|
224
|
+
CRYPTO_STATIC_MUTEX_lock_write(entropy_buffer_lock_bss_get());
|
|
225
|
+
while (buffer->bytes_valid < out_entropy_len) {
|
|
226
|
+
CRYPTO_STATIC_MUTEX_unlock_write(entropy_buffer_lock_bss_get());
|
|
227
|
+
RAND_need_entropy(out_entropy_len - buffer->bytes_valid);
|
|
228
|
+
CRYPTO_STATIC_MUTEX_lock_write(entropy_buffer_lock_bss_get());
|
|
229
|
+
}
|
|
230
|
+
|
|
231
|
+
*out_used_cpu = buffer->from_cpu;
|
|
232
|
+
OPENSSL_memcpy(out_entropy, buffer->bytes, out_entropy_len);
|
|
233
|
+
OPENSSL_memmove(buffer->bytes, &buffer->bytes[out_entropy_len],
|
|
234
|
+
buffer->bytes_valid - out_entropy_len);
|
|
235
|
+
buffer->bytes_valid -= out_entropy_len;
|
|
236
|
+
if (buffer->bytes_valid == 0) {
|
|
237
|
+
buffer->from_cpu = 0;
|
|
238
|
+
}
|
|
239
|
+
|
|
240
|
+
CRYPTO_STATIC_MUTEX_unlock_write(entropy_buffer_lock_bss_get());
|
|
241
|
+
}
|
|
242
|
+
|
|
243
|
+
#else
|
|
244
|
+
|
|
245
|
+
// In the active case, |get_seed_entropy| simply calls |CRYPTO_get_seed_entropy|
|
|
246
|
+
// in order to obtain entropy from the CPU or OS.
|
|
247
|
+
static void get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len,
|
|
248
|
+
int *out_used_cpu) {
|
|
249
|
+
CRYPTO_get_seed_entropy(out_entropy, out_entropy_len, out_used_cpu);
|
|
250
|
+
}
|
|
251
|
+
|
|
252
|
+
#endif // !BORINGSSL_FIPS_PASSIVE_ENTROPY
|
|
253
|
+
|
|
254
|
+
// rand_get_seed fills |seed| with entropy and sets |*out_used_cpu| to one if
|
|
255
|
+
// that entropy came directly from the CPU and zero otherwise.
|
|
168
256
|
static void rand_get_seed(struct rand_thread_state *state,
|
|
169
|
-
uint8_t seed[CTR_DRBG_ENTROPY_LEN]
|
|
257
|
+
uint8_t seed[CTR_DRBG_ENTROPY_LEN],
|
|
258
|
+
int *out_used_cpu) {
|
|
170
259
|
if (!state->last_block_valid) {
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
CRYPTO_sysrand_for_seed(state->last_block, sizeof(state->last_block));
|
|
174
|
-
}
|
|
260
|
+
int unused;
|
|
261
|
+
get_seed_entropy(state->last_block, sizeof(state->last_block), &unused);
|
|
175
262
|
state->last_block_valid = 1;
|
|
176
263
|
}
|
|
177
264
|
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
#define FIPS_OVERREAD 10
|
|
181
|
-
uint8_t entropy[CTR_DRBG_ENTROPY_LEN * FIPS_OVERREAD];
|
|
182
|
-
|
|
183
|
-
int used_rdrand = have_rdrand() && rdrand(entropy, sizeof(entropy));
|
|
184
|
-
if (!used_rdrand) {
|
|
185
|
-
CRYPTO_sysrand_for_seed(entropy, sizeof(entropy));
|
|
186
|
-
}
|
|
265
|
+
uint8_t entropy[CTR_DRBG_ENTROPY_LEN * BORINGSSL_FIPS_OVERREAD];
|
|
266
|
+
get_seed_entropy(entropy, sizeof(entropy), out_used_cpu);
|
|
187
267
|
|
|
188
268
|
// See FIPS 140-2, section 4.9.2. This is the “continuous random number
|
|
189
269
|
// generator test” which causes the program to randomly abort. Hopefully the
|
|
@@ -193,6 +273,7 @@ static void rand_get_seed(struct rand_thread_state *state,
|
|
|
193
273
|
BORINGSSL_FIPS_abort();
|
|
194
274
|
}
|
|
195
275
|
|
|
276
|
+
OPENSSL_STATIC_ASSERT(sizeof(entropy) % CRNGT_BLOCK_SIZE == 0, "");
|
|
196
277
|
for (size_t i = CRNGT_BLOCK_SIZE; i < sizeof(entropy);
|
|
197
278
|
i += CRNGT_BLOCK_SIZE) {
|
|
198
279
|
if (CRYPTO_memcmp(entropy + i - CRNGT_BLOCK_SIZE, entropy + i,
|
|
@@ -207,31 +288,24 @@ static void rand_get_seed(struct rand_thread_state *state,
|
|
|
207
288
|
|
|
208
289
|
OPENSSL_memcpy(seed, entropy, CTR_DRBG_ENTROPY_LEN);
|
|
209
290
|
|
|
210
|
-
for (size_t i = 1; i <
|
|
291
|
+
for (size_t i = 1; i < BORINGSSL_FIPS_OVERREAD; i++) {
|
|
211
292
|
for (size_t j = 0; j < CTR_DRBG_ENTROPY_LEN; j++) {
|
|
212
293
|
seed[j] ^= entropy[CTR_DRBG_ENTROPY_LEN * i + j];
|
|
213
294
|
}
|
|
214
295
|
}
|
|
215
|
-
|
|
216
|
-
#if defined(OPENSSL_URANDOM)
|
|
217
|
-
// If we used RDRAND, also opportunistically read from the system. This avoids
|
|
218
|
-
// solely relying on the hardware once the entropy pool has been initialized.
|
|
219
|
-
if (used_rdrand) {
|
|
220
|
-
CRYPTO_sysrand_if_available(entropy, CTR_DRBG_ENTROPY_LEN);
|
|
221
|
-
for (size_t i = 0; i < CTR_DRBG_ENTROPY_LEN; i++) {
|
|
222
|
-
seed[i] ^= entropy[i];
|
|
223
|
-
}
|
|
224
|
-
}
|
|
225
|
-
#endif
|
|
226
296
|
}
|
|
227
297
|
|
|
228
298
|
#else
|
|
229
299
|
|
|
300
|
+
// rand_get_seed fills |seed| with entropy and sets |*out_used_cpu| to one if
|
|
301
|
+
// that entropy came directly from the CPU and zero otherwise.
|
|
230
302
|
static void rand_get_seed(struct rand_thread_state *state,
|
|
231
|
-
uint8_t seed[CTR_DRBG_ENTROPY_LEN]
|
|
303
|
+
uint8_t seed[CTR_DRBG_ENTROPY_LEN],
|
|
304
|
+
int *out_used_cpu) {
|
|
232
305
|
// If not in FIPS mode, we don't overread from the system entropy source and
|
|
233
306
|
// we don't depend only on the hardware RDRAND.
|
|
234
307
|
CRYPTO_sysrand(seed, CTR_DRBG_ENTROPY_LEN);
|
|
308
|
+
*out_used_cpu = 0;
|
|
235
309
|
}
|
|
236
310
|
|
|
237
311
|
#endif
|
|
@@ -290,8 +364,23 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
|
|
|
290
364
|
|
|
291
365
|
state->last_block_valid = 0;
|
|
292
366
|
uint8_t seed[CTR_DRBG_ENTROPY_LEN];
|
|
293
|
-
|
|
294
|
-
|
|
367
|
+
int used_cpu;
|
|
368
|
+
rand_get_seed(state, seed, &used_cpu);
|
|
369
|
+
|
|
370
|
+
uint8_t personalization[CTR_DRBG_ENTROPY_LEN];
|
|
371
|
+
size_t personalization_len = 0;
|
|
372
|
+
#if defined(OPENSSL_URANDOM)
|
|
373
|
+
// If we used RDRAND, also opportunistically read from the system. This
|
|
374
|
+
// avoids solely relying on the hardware once the entropy pool has been
|
|
375
|
+
// initialized.
|
|
376
|
+
if (used_cpu &&
|
|
377
|
+
CRYPTO_sysrand_if_available(personalization, sizeof(personalization))) {
|
|
378
|
+
personalization_len = sizeof(personalization);
|
|
379
|
+
}
|
|
380
|
+
#endif
|
|
381
|
+
|
|
382
|
+
if (!CTR_DRBG_init(&state->drbg, seed, personalization,
|
|
383
|
+
personalization_len)) {
|
|
295
384
|
abort();
|
|
296
385
|
}
|
|
297
386
|
state->calls = 0;
|
|
@@ -315,7 +404,8 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
|
|
|
315
404
|
if (state->calls >= kReseedInterval ||
|
|
316
405
|
state->fork_generation != fork_generation) {
|
|
317
406
|
uint8_t seed[CTR_DRBG_ENTROPY_LEN];
|
|
318
|
-
|
|
407
|
+
int used_cpu;
|
|
408
|
+
rand_get_seed(state, seed, &used_cpu);
|
|
319
409
|
#if defined(BORINGSSL_FIPS)
|
|
320
410
|
// Take a read lock around accesses to |state->drbg|. This is needed to
|
|
321
411
|
// avoid returning bad entropy if we race with
|
|
@@ -366,14 +366,7 @@ void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
|
|
|
366
366
|
perror("entropy fill failed");
|
|
367
367
|
abort();
|
|
368
368
|
}
|
|
369
|
-
|
|
370
|
-
#if defined(BORINGSSL_FIPS_BREAK_CRNG)
|
|
371
|
-
// This breaks the "continuous random number generator test" defined in FIPS
|
|
372
|
-
// 140-2, section 4.9.2, and implemented in rand_get_seed().
|
|
373
|
-
OPENSSL_memset(out, 0, requested);
|
|
374
|
-
#endif
|
|
375
369
|
}
|
|
376
|
-
|
|
377
370
|
#endif // BORINGSSL_FIPS
|
|
378
371
|
|
|
379
372
|
int CRYPTO_sysrand_if_available(uint8_t *out, size_t requested) {
|
|
@@ -1316,52 +1316,72 @@ static void replace_bn_mont_ctx(BN_MONT_CTX **out, BN_MONT_CTX **in) {
|
|
|
1316
1316
|
*in = NULL;
|
|
1317
1317
|
}
|
|
1318
1318
|
|
|
1319
|
-
int
|
|
1320
|
-
|
|
1319
|
+
static int RSA_generate_key_ex_maybe_fips(RSA *rsa, int bits,
|
|
1320
|
+
const BIGNUM *e_value, BN_GENCB *cb,
|
|
1321
|
+
int check_fips) {
|
|
1322
|
+
RSA *tmp = NULL;
|
|
1323
|
+
uint32_t err;
|
|
1324
|
+
int ret = 0;
|
|
1325
|
+
|
|
1321
1326
|
// |rsa_generate_key_impl|'s 2^-20 failure probability is too high at scale,
|
|
1322
1327
|
// so we run the FIPS algorithm four times, bringing it down to 2^-80. We
|
|
1323
1328
|
// should just adjust the retry limit, but FIPS 186-4 prescribes that value
|
|
1324
1329
|
// and thus results in unnecessary complexity.
|
|
1325
|
-
|
|
1330
|
+
int failures = 0;
|
|
1331
|
+
do {
|
|
1326
1332
|
ERR_clear_error();
|
|
1327
1333
|
// Generate into scratch space, to avoid leaving partial work on failure.
|
|
1328
|
-
|
|
1334
|
+
tmp = RSA_new();
|
|
1329
1335
|
if (tmp == NULL) {
|
|
1330
|
-
|
|
1336
|
+
goto out;
|
|
1331
1337
|
}
|
|
1338
|
+
|
|
1332
1339
|
if (rsa_generate_key_impl(tmp, bits, e_value, cb)) {
|
|
1333
|
-
|
|
1334
|
-
replace_bignum(&rsa->e, &tmp->e);
|
|
1335
|
-
replace_bignum(&rsa->d, &tmp->d);
|
|
1336
|
-
replace_bignum(&rsa->p, &tmp->p);
|
|
1337
|
-
replace_bignum(&rsa->q, &tmp->q);
|
|
1338
|
-
replace_bignum(&rsa->dmp1, &tmp->dmp1);
|
|
1339
|
-
replace_bignum(&rsa->dmq1, &tmp->dmq1);
|
|
1340
|
-
replace_bignum(&rsa->iqmp, &tmp->iqmp);
|
|
1341
|
-
replace_bn_mont_ctx(&rsa->mont_n, &tmp->mont_n);
|
|
1342
|
-
replace_bn_mont_ctx(&rsa->mont_p, &tmp->mont_p);
|
|
1343
|
-
replace_bn_mont_ctx(&rsa->mont_q, &tmp->mont_q);
|
|
1344
|
-
replace_bignum(&rsa->d_fixed, &tmp->d_fixed);
|
|
1345
|
-
replace_bignum(&rsa->dmp1_fixed, &tmp->dmp1_fixed);
|
|
1346
|
-
replace_bignum(&rsa->dmq1_fixed, &tmp->dmq1_fixed);
|
|
1347
|
-
replace_bignum(&rsa->inv_small_mod_large_mont,
|
|
1348
|
-
&tmp->inv_small_mod_large_mont);
|
|
1349
|
-
rsa->private_key_frozen = tmp->private_key_frozen;
|
|
1350
|
-
RSA_free(tmp);
|
|
1351
|
-
return 1;
|
|
1340
|
+
break;
|
|
1352
1341
|
}
|
|
1353
|
-
|
|
1342
|
+
|
|
1343
|
+
err = ERR_peek_error();
|
|
1354
1344
|
RSA_free(tmp);
|
|
1355
1345
|
tmp = NULL;
|
|
1346
|
+
failures++;
|
|
1347
|
+
|
|
1356
1348
|
// Only retry on |RSA_R_TOO_MANY_ITERATIONS|. This is so a caller-induced
|
|
1357
1349
|
// failure in |BN_GENCB_call| is still fatal.
|
|
1358
|
-
|
|
1359
|
-
|
|
1360
|
-
|
|
1361
|
-
|
|
1350
|
+
} while (failures < 4 && ERR_GET_LIB(err) == ERR_LIB_RSA &&
|
|
1351
|
+
ERR_GET_REASON(err) == RSA_R_TOO_MANY_ITERATIONS);
|
|
1352
|
+
|
|
1353
|
+
if (tmp == NULL || (check_fips && !RSA_check_fips(tmp))) {
|
|
1354
|
+
goto out;
|
|
1362
1355
|
}
|
|
1363
1356
|
|
|
1364
|
-
|
|
1357
|
+
replace_bignum(&rsa->n, &tmp->n);
|
|
1358
|
+
replace_bignum(&rsa->e, &tmp->e);
|
|
1359
|
+
replace_bignum(&rsa->d, &tmp->d);
|
|
1360
|
+
replace_bignum(&rsa->p, &tmp->p);
|
|
1361
|
+
replace_bignum(&rsa->q, &tmp->q);
|
|
1362
|
+
replace_bignum(&rsa->dmp1, &tmp->dmp1);
|
|
1363
|
+
replace_bignum(&rsa->dmq1, &tmp->dmq1);
|
|
1364
|
+
replace_bignum(&rsa->iqmp, &tmp->iqmp);
|
|
1365
|
+
replace_bn_mont_ctx(&rsa->mont_n, &tmp->mont_n);
|
|
1366
|
+
replace_bn_mont_ctx(&rsa->mont_p, &tmp->mont_p);
|
|
1367
|
+
replace_bn_mont_ctx(&rsa->mont_q, &tmp->mont_q);
|
|
1368
|
+
replace_bignum(&rsa->d_fixed, &tmp->d_fixed);
|
|
1369
|
+
replace_bignum(&rsa->dmp1_fixed, &tmp->dmp1_fixed);
|
|
1370
|
+
replace_bignum(&rsa->dmq1_fixed, &tmp->dmq1_fixed);
|
|
1371
|
+
replace_bignum(&rsa->inv_small_mod_large_mont,
|
|
1372
|
+
&tmp->inv_small_mod_large_mont);
|
|
1373
|
+
rsa->private_key_frozen = tmp->private_key_frozen;
|
|
1374
|
+
ret = 1;
|
|
1375
|
+
|
|
1376
|
+
out:
|
|
1377
|
+
RSA_free(tmp);
|
|
1378
|
+
return ret;
|
|
1379
|
+
}
|
|
1380
|
+
|
|
1381
|
+
int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e_value,
|
|
1382
|
+
BN_GENCB *cb) {
|
|
1383
|
+
return RSA_generate_key_ex_maybe_fips(rsa, bits, e_value, cb,
|
|
1384
|
+
/*check_fips=*/0);
|
|
1365
1385
|
}
|
|
1366
1386
|
|
|
1367
1387
|
int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb) {
|
|
@@ -1377,8 +1397,7 @@ int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb) {
|
|
|
1377
1397
|
BIGNUM *e = BN_new();
|
|
1378
1398
|
int ret = e != NULL &&
|
|
1379
1399
|
BN_set_word(e, RSA_F4) &&
|
|
1380
|
-
|
|
1381
|
-
RSA_check_fips(rsa);
|
|
1400
|
+
RSA_generate_key_ex_maybe_fips(rsa, bits, e, cb, /*check_fips=*/1);
|
|
1382
1401
|
BN_free(e);
|
|
1383
1402
|
return ret;
|
|
1384
1403
|
}
|
|
@@ -21,6 +21,8 @@
|
|
|
21
21
|
#include <openssl/aes.h>
|
|
22
22
|
#include <openssl/bn.h>
|
|
23
23
|
#include <openssl/des.h>
|
|
24
|
+
#include <openssl/dh.h>
|
|
25
|
+
#include <openssl/digest.h>
|
|
24
26
|
#include <openssl/ec.h>
|
|
25
27
|
#include <openssl/ecdsa.h>
|
|
26
28
|
#include <openssl/ec_key.h>
|
|
@@ -31,6 +33,7 @@
|
|
|
31
33
|
#include "../../internal.h"
|
|
32
34
|
#include "../ec/internal.h"
|
|
33
35
|
#include "../rand/internal.h"
|
|
36
|
+
#include "../tls/internal.h"
|
|
34
37
|
|
|
35
38
|
|
|
36
39
|
// MSVC wants to put a NUL byte at the end of non-char arrays and so cannot
|
|
@@ -244,6 +247,41 @@ static EC_KEY *self_test_ecdsa_key(void) {
|
|
|
244
247
|
return ec_key;
|
|
245
248
|
}
|
|
246
249
|
|
|
250
|
+
static DH *self_test_dh(void) {
|
|
251
|
+
DH *dh = DH_get_rfc7919_2048();
|
|
252
|
+
if (!dh) {
|
|
253
|
+
return NULL;
|
|
254
|
+
}
|
|
255
|
+
|
|
256
|
+
BIGNUM *priv = BN_new();
|
|
257
|
+
if (!priv) {
|
|
258
|
+
goto err;
|
|
259
|
+
}
|
|
260
|
+
|
|
261
|
+
// kFFDHE2048PrivateKeyData is a 225-bit value. (225 because that's the
|
|
262
|
+
// minimum private key size in
|
|
263
|
+
// https://tools.ietf.org/html/rfc7919#appendix-A.1.)
|
|
264
|
+
static const BN_ULONG kFFDHE2048PrivateKeyData[] = {
|
|
265
|
+
TOBN(0x187be36b, 0xd38a4fa1),
|
|
266
|
+
TOBN(0x0a152f39, 0x6458f3b8),
|
|
267
|
+
TOBN(0x0570187e, 0xc422eeb7),
|
|
268
|
+
TOBN(0x00000001, 0x91173f2a),
|
|
269
|
+
};
|
|
270
|
+
|
|
271
|
+
bn_set_static_words(priv, kFFDHE2048PrivateKeyData,
|
|
272
|
+
OPENSSL_ARRAY_SIZE(kFFDHE2048PrivateKeyData));
|
|
273
|
+
|
|
274
|
+
if (!DH_set0_key(dh, NULL, priv)) {
|
|
275
|
+
goto err;
|
|
276
|
+
}
|
|
277
|
+
return dh;
|
|
278
|
+
|
|
279
|
+
err:
|
|
280
|
+
BN_free(priv);
|
|
281
|
+
DH_free(dh);
|
|
282
|
+
return NULL;
|
|
283
|
+
}
|
|
284
|
+
|
|
247
285
|
#if defined(OPENSSL_ANDROID)
|
|
248
286
|
static const size_t kModuleDigestSize = SHA256_DIGEST_LENGTH;
|
|
249
287
|
#else
|
|
@@ -460,6 +498,81 @@ int boringssl_fips_self_test(
|
|
|
460
498
|
0x00,
|
|
461
499
|
#endif
|
|
462
500
|
};
|
|
501
|
+
const uint8_t kTLSOutput[32] = {
|
|
502
|
+
0x67, 0x85, 0xde, 0x60, 0xfc, 0x0a, 0x83, 0xe9, 0xa2, 0x2a, 0xb3,
|
|
503
|
+
0xf0, 0x27, 0x0c, 0xba, 0xf7, 0xfa, 0x82, 0x3d, 0x14, 0x77, 0x1d,
|
|
504
|
+
0x86, 0x29, 0x79, 0x39, 0x77, 0x8a, 0xd5, 0x0e, 0x9d,
|
|
505
|
+
#if !defined(BORINGSSL_FIPS_BREAK_TLS_KDF)
|
|
506
|
+
0x32,
|
|
507
|
+
#else
|
|
508
|
+
0x00,
|
|
509
|
+
#endif
|
|
510
|
+
};
|
|
511
|
+
const uint8_t kTLSSecret[32] = {
|
|
512
|
+
0xbf, 0xe4, 0xb7, 0xe0, 0x26, 0x55, 0x5f, 0x6a, 0xdf, 0x5d, 0x27,
|
|
513
|
+
0xd6, 0x89, 0x99, 0x2a, 0xd6, 0xf7, 0x65, 0x66, 0x07, 0x4b, 0x55,
|
|
514
|
+
0x5f, 0x64, 0x55, 0xcd, 0xd5, 0x77, 0xa4, 0xc7, 0x09, 0x61,
|
|
515
|
+
};
|
|
516
|
+
const char kTLSLabel[] = "FIPS self test";
|
|
517
|
+
const uint8_t kTLSSeed1[16] = {
|
|
518
|
+
0x8f, 0x0d, 0xe8, 0xb6, 0x90, 0x8f, 0xb1, 0xd2,
|
|
519
|
+
0x6d, 0x51, 0xf4, 0x79, 0x18, 0x63, 0x51, 0x65,
|
|
520
|
+
};
|
|
521
|
+
const uint8_t kTLSSeed2[16] = {
|
|
522
|
+
0x7d, 0x24, 0x1a, 0x9d, 0x3c, 0x59, 0xbf, 0x3c,
|
|
523
|
+
0x31, 0x1e, 0x2b, 0x21, 0x41, 0x8d, 0x32, 0x81,
|
|
524
|
+
};
|
|
525
|
+
|
|
526
|
+
// kFFDHE2048PublicValueData is an arbitrary public value, mod
|
|
527
|
+
// kFFDHE2048Data. (The private key happens to be 4096.)
|
|
528
|
+
static const BN_ULONG kFFDHE2048PublicValueData[] = {
|
|
529
|
+
TOBN(0x187be36b, 0xd38a4fa1), TOBN(0x0a152f39, 0x6458f3b8),
|
|
530
|
+
TOBN(0x0570187e, 0xc422eeb7), TOBN(0x18af7482, 0x91173f2a),
|
|
531
|
+
TOBN(0xe9fdac6a, 0xcff4eaaa), TOBN(0xf6afebb7, 0x6e589d6c),
|
|
532
|
+
TOBN(0xf92f8e9a, 0xb7e33fb0), TOBN(0x70acf2aa, 0x4cf36ddd),
|
|
533
|
+
TOBN(0x561ab426, 0xd07137fd), TOBN(0x5f57d037, 0x430ee91e),
|
|
534
|
+
TOBN(0xe3e768c8, 0x60d10b8a), TOBN(0xb14884d8, 0xa18af8ce),
|
|
535
|
+
TOBN(0xf8a98014, 0xa12b74e4), TOBN(0x748d407c, 0x3437b7a8),
|
|
536
|
+
TOBN(0x627588c4, 0x9875d5a7), TOBN(0xdd24a127, 0x53c8f09d),
|
|
537
|
+
TOBN(0x85a997d5, 0x0cd51aec), TOBN(0x44f0c619, 0xce348458),
|
|
538
|
+
TOBN(0x9b894b24, 0x5f6b69a1), TOBN(0xae1302f2, 0xf6d4777e),
|
|
539
|
+
TOBN(0xe6678eeb, 0x375db18e), TOBN(0x2674e1d6, 0x4fbcbdc8),
|
|
540
|
+
TOBN(0xb297a823, 0x6fa93d28), TOBN(0x6a12fb70, 0x7c8c0510),
|
|
541
|
+
TOBN(0x5c6d1aeb, 0xdb06f65b), TOBN(0xe8c2954e, 0x4c1804ca),
|
|
542
|
+
TOBN(0x06bdeac1, 0xf5500fa7), TOBN(0x6a315604, 0x189cd76b),
|
|
543
|
+
TOBN(0xbae7b0b3, 0x6e362dc0), TOBN(0xa57c73bd, 0xdc70fb82),
|
|
544
|
+
TOBN(0xfaff50d2, 0x9d573457), TOBN(0x352bd399, 0xbe84058e),
|
|
545
|
+
};
|
|
546
|
+
|
|
547
|
+
const uint8_t kDHOutput[2048 / 8] = {
|
|
548
|
+
0x2a, 0xe6, 0xd3, 0xa6, 0x13, 0x58, 0x8e, 0xce, 0x53, 0xaa, 0xf6, 0x5d,
|
|
549
|
+
0x9a, 0xae, 0x02, 0x12, 0xf5, 0x80, 0x3d, 0x06, 0x09, 0x76, 0xac, 0x57,
|
|
550
|
+
0x37, 0x9e, 0xab, 0x38, 0x62, 0x25, 0x05, 0x1d, 0xf3, 0xa9, 0x39, 0x60,
|
|
551
|
+
0xf6, 0xae, 0x90, 0xed, 0x1e, 0xad, 0x6e, 0xe9, 0xe3, 0xba, 0x27, 0xf6,
|
|
552
|
+
0xdb, 0x54, 0xdf, 0xe2, 0xbd, 0xbb, 0x7f, 0xf1, 0x81, 0xac, 0x1a, 0xfa,
|
|
553
|
+
0xdb, 0x87, 0x07, 0x98, 0x76, 0x90, 0x21, 0xf2, 0xae, 0xda, 0x0d, 0x84,
|
|
554
|
+
0x97, 0x64, 0x0b, 0xbf, 0xb8, 0x8d, 0x10, 0x46, 0xe2, 0xd5, 0xca, 0x1b,
|
|
555
|
+
0xbb, 0xe5, 0x37, 0xb2, 0x3b, 0x35, 0xd3, 0x1b, 0x65, 0xea, 0xae, 0xf2,
|
|
556
|
+
0x03, 0xe2, 0xb6, 0xde, 0x22, 0xb7, 0x86, 0x49, 0x79, 0xfe, 0xd7, 0x16,
|
|
557
|
+
0xf7, 0xdc, 0x9c, 0x59, 0xf5, 0xb7, 0x70, 0xc0, 0x53, 0x42, 0x6f, 0xb1,
|
|
558
|
+
0xd2, 0x4e, 0x00, 0x25, 0x4b, 0x2d, 0x5a, 0x9b, 0xd0, 0xe9, 0x27, 0x43,
|
|
559
|
+
0xcc, 0x00, 0x66, 0xea, 0x94, 0x7a, 0x0b, 0xb9, 0x89, 0x0c, 0x5e, 0x94,
|
|
560
|
+
0xb8, 0x3a, 0x78, 0x9c, 0x4d, 0x84, 0xe6, 0x32, 0x2c, 0x38, 0x7c, 0xf7,
|
|
561
|
+
0x43, 0x9c, 0xd8, 0xb8, 0x1c, 0xce, 0x24, 0x91, 0x20, 0x67, 0x7a, 0x54,
|
|
562
|
+
0x1f, 0x7e, 0x86, 0x7f, 0xa1, 0xc1, 0x03, 0x4e, 0x2c, 0x26, 0x71, 0xb2,
|
|
563
|
+
0x06, 0x30, 0xb3, 0x6c, 0x15, 0xcc, 0xac, 0x25, 0xe5, 0x37, 0x3f, 0x24,
|
|
564
|
+
0x8f, 0x2a, 0x89, 0x5e, 0x3d, 0x43, 0x94, 0xc9, 0x36, 0xae, 0x40, 0x00,
|
|
565
|
+
0x6a, 0x0d, 0xb0, 0x6e, 0x8b, 0x2e, 0x70, 0x57, 0xe1, 0x88, 0x53, 0xd6,
|
|
566
|
+
0x06, 0x80, 0x2a, 0x4e, 0x5a, 0xf0, 0x1e, 0xaa, 0xcb, 0xab, 0x06, 0x0e,
|
|
567
|
+
0x27, 0x0f, 0xd9, 0x88, 0xd9, 0x01, 0xe3, 0x07, 0xeb, 0xdf, 0xc3, 0x12,
|
|
568
|
+
0xe3, 0x40, 0x88, 0x7b, 0x5f, 0x59, 0x78, 0x6e, 0x26, 0x20, 0xc3, 0xdf,
|
|
569
|
+
0xc8, 0xe4, 0x5e,
|
|
570
|
+
#if !defined(BORINGSSL_FIPS_BREAK_FFC_DH)
|
|
571
|
+
0xb8,
|
|
572
|
+
#else
|
|
573
|
+
0x00,
|
|
574
|
+
#endif
|
|
575
|
+
};
|
|
463
576
|
|
|
464
577
|
EVP_AEAD_CTX aead_ctx;
|
|
465
578
|
EVP_AEAD_CTX_zero(&aead_ctx);
|
|
@@ -666,6 +779,29 @@ int boringssl_fips_self_test(
|
|
|
666
779
|
goto err;
|
|
667
780
|
}
|
|
668
781
|
|
|
782
|
+
// FFC Diffie-Hellman KAT
|
|
783
|
+
|
|
784
|
+
BIGNUM *const ffdhe2048_value = BN_new();
|
|
785
|
+
DH *const dh = self_test_dh();
|
|
786
|
+
int dh_ok = 0;
|
|
787
|
+
if (ffdhe2048_value && dh) {
|
|
788
|
+
bn_set_static_words(ffdhe2048_value, kFFDHE2048PublicValueData,
|
|
789
|
+
OPENSSL_ARRAY_SIZE(kFFDHE2048PublicValueData));
|
|
790
|
+
|
|
791
|
+
uint8_t dh_out[sizeof(kDHOutput)];
|
|
792
|
+
dh_ok =
|
|
793
|
+
sizeof(dh_out) == DH_size(dh) &&
|
|
794
|
+
DH_compute_key_padded(dh_out, ffdhe2048_value, dh) == sizeof(dh_out) &&
|
|
795
|
+
check_test(kDHOutput, dh_out, sizeof(dh_out), "FFC DH");
|
|
796
|
+
}
|
|
797
|
+
|
|
798
|
+
BN_free(ffdhe2048_value);
|
|
799
|
+
DH_free(dh);
|
|
800
|
+
if (!dh_ok) {
|
|
801
|
+
fprintf(stderr, "FFDH failed.\n");
|
|
802
|
+
goto err;
|
|
803
|
+
}
|
|
804
|
+
|
|
669
805
|
// DBRG KAT
|
|
670
806
|
CTR_DRBG_STATE drbg;
|
|
671
807
|
if (!CTR_DRBG_init(&drbg, kDRBGEntropy, kDRBGPersonalization,
|
|
@@ -690,6 +826,17 @@ int boringssl_fips_self_test(
|
|
|
690
826
|
goto err;
|
|
691
827
|
}
|
|
692
828
|
|
|
829
|
+
// TLS KDF KAT
|
|
830
|
+
uint8_t tls_output[sizeof(kTLSOutput)];
|
|
831
|
+
if (!CRYPTO_tls1_prf(EVP_sha256(), tls_output, sizeof(tls_output), kTLSSecret,
|
|
832
|
+
sizeof(kTLSSecret), kTLSLabel, sizeof(kTLSLabel),
|
|
833
|
+
kTLSSeed1, sizeof(kTLSSeed1), kTLSSeed2,
|
|
834
|
+
sizeof(kTLSSeed2)) ||
|
|
835
|
+
!check_test(kTLSOutput, tls_output, sizeof(kTLSOutput), "TLS KDF KAT")) {
|
|
836
|
+
fprintf(stderr, "TLS KDF failed.\n");
|
|
837
|
+
goto err;
|
|
838
|
+
}
|
|
839
|
+
|
|
693
840
|
ret = 1;
|
|
694
841
|
|
|
695
842
|
#if defined(BORINGSSL_FIPS_SELF_TEST_FLAG_FILE)
|