grpc 1.35.0 → 1.36.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +60 -57
- data/include/grpc/grpc_security.h +16 -11
- data/src/core/ext/filters/client_channel/client_channel.cc +32 -26
- data/src/core/ext/filters/client_channel/client_channel.h +0 -2
- data/src/core/ext/filters/client_channel/config_selector.h +1 -1
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +3 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +8 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +289 -170
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +231 -109
- data/src/core/ext/filters/client_channel/resolver.cc +2 -5
- data/src/core/ext/filters/client_channel/resolver.h +1 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +36 -45
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +29 -41
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +16 -14
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +18 -15
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +362 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +22 -74
- data/src/core/ext/filters/client_channel/server_address.cc +6 -0
- data/src/core/ext/filters/client_channel/server_address.h +31 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -2
- data/src/core/ext/filters/max_age/max_age_filter.cc +35 -32
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +1 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +47 -22
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +11 -16
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +42 -59
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +15 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +25 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +75 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +41 -7
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -21
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +13 -9
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +37 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +11 -9
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +44 -27
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +42 -16
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +106 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +13 -16
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +51 -42
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +16 -13
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +50 -18
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +4 -7
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -17
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +30 -23
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +85 -73
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -1
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +21 -4
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +29 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +5 -5
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/resource.upb.c +9 -9
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +747 -724
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +369 -376
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/xds/xds_api.cc +738 -567
- data/src/core/ext/xds/xds_api.h +46 -84
- data/src/core/ext/xds/xds_bootstrap.cc +59 -40
- data/src/core/ext/xds/xds_bootstrap.h +12 -4
- data/src/core/ext/xds/xds_certificate_provider.cc +180 -74
- data/src/core/ext/xds/xds_certificate_provider.h +83 -44
- data/src/core/ext/xds/xds_client.cc +13 -11
- data/src/core/ext/xds/xds_client.h +3 -0
- data/src/core/ext/xds/xds_client_stats.cc +2 -1
- data/src/core/ext/xds/xds_server_config_fetcher.cc +147 -11
- data/src/core/lib/channel/handshaker.cc +2 -5
- data/src/core/lib/channel/handshaker.h +1 -1
- data/src/core/lib/gpr/log.cc +6 -1
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/ref_counted.h +1 -1
- data/src/core/lib/gprpp/sync.h +129 -40
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/httpcli_security_connector.cc +2 -2
- data/src/core/lib/iomgr/ev_apple.cc +10 -7
- data/src/core/lib/iomgr/ev_epollex_linux.cc +4 -4
- data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
- data/src/core/lib/iomgr/sockaddr_utils.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +4 -4
- data/src/core/lib/security/authorization/matchers.cc +339 -0
- data/src/core/lib/security/authorization/matchers.h +158 -0
- data/src/core/lib/security/authorization/mock_cel/activation.h +1 -1
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +9 -7
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/credentials.h +2 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +2 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +7 -6
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +0 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -3
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +128 -59
- data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +5 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +3 -0
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +26 -14
- data/src/core/lib/security/transport/security_handshaker.cc +1 -3
- data/src/core/lib/slice/slice_intern.cc +1 -1
- data/src/core/lib/surface/init.cc +13 -15
- data/src/core/lib/surface/server.cc +3 -3
- data/src/core/lib/surface/server.h +3 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/metadata.cc +6 -2
- data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +17 -20
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +16 -21
- data/src/core/tsi/fake_transport_security.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
- data/src/core/tsi/ssl_transport_security.cc +0 -3
- data/src/core/tsi/ssl_transport_security.h +0 -3
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
- data/third_party/boringssl-with-bazel/err_data.c +725 -723
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -14
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +128 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +147 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +18 -29
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -545
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +12 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +42 -24
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +27 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +287 -98
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +139 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +10 -5
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +37 -16
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +20 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +329 -31
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +66 -24
- metadata +77 -65
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -60
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -143
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -84
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -94
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -173
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -92
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
|
@@ -27,7 +27,7 @@
|
|
|
27
27
|
#include "internal.h"
|
|
28
28
|
|
|
29
29
|
|
|
30
|
-
// This file implements draft-irtf-cfrg-hpke-
|
|
30
|
+
// This file implements draft-irtf-cfrg-hpke-07.
|
|
31
31
|
|
|
32
32
|
#define KEM_CONTEXT_LEN (2 * X25519_PUBLIC_VALUE_LEN)
|
|
33
33
|
|
|
@@ -40,7 +40,7 @@
|
|
|
40
40
|
#define HPKE_MODE_BASE 0
|
|
41
41
|
#define HPKE_MODE_PSK 1
|
|
42
42
|
|
|
43
|
-
static const char kHpkeRfcId[] = "HPKE-
|
|
43
|
+
static const char kHpkeRfcId[] = "HPKE-07";
|
|
44
44
|
|
|
45
45
|
static int add_label_string(CBB *cbb, const char *label) {
|
|
46
46
|
return CBB_add_bytes(cbb, (const uint8_t *)label, strlen(label));
|
|
@@ -125,7 +125,7 @@ static int hpke_extract_and_expand(const EVP_MD *hkdf_md, uint8_t *out_key,
|
|
|
125
125
|
return 1;
|
|
126
126
|
}
|
|
127
127
|
|
|
128
|
-
|
|
128
|
+
const EVP_AEAD *EVP_HPKE_get_aead(uint16_t aead_id) {
|
|
129
129
|
switch (aead_id) {
|
|
130
130
|
case EVP_HPKE_AEAD_AES_GCM_128:
|
|
131
131
|
return EVP_aead_aes_128_gcm();
|
|
@@ -138,7 +138,7 @@ static const EVP_AEAD *hpke_get_aead(uint16_t aead_id) {
|
|
|
138
138
|
return NULL;
|
|
139
139
|
}
|
|
140
140
|
|
|
141
|
-
|
|
141
|
+
const EVP_MD *EVP_HPKE_get_hkdf_md(uint16_t kdf_id) {
|
|
142
142
|
switch (kdf_id) {
|
|
143
143
|
case EVP_HPKE_HKDF_SHA256:
|
|
144
144
|
return EVP_sha256();
|
|
@@ -174,7 +174,7 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, uint8_t mode,
|
|
|
174
174
|
}
|
|
175
175
|
|
|
176
176
|
// Attempt to get an EVP_AEAD*.
|
|
177
|
-
const EVP_AEAD *aead =
|
|
177
|
+
const EVP_AEAD *aead = EVP_HPKE_get_aead(hpke->aead_id);
|
|
178
178
|
if (aead == NULL) {
|
|
179
179
|
return 0;
|
|
180
180
|
}
|
|
@@ -216,24 +216,13 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, uint8_t mode,
|
|
|
216
216
|
return 0;
|
|
217
217
|
}
|
|
218
218
|
|
|
219
|
-
//
|
|
220
|
-
static const char kPskHashLabel[] = "psk_hash";
|
|
221
|
-
uint8_t psk_hash[EVP_MAX_MD_SIZE];
|
|
222
|
-
size_t psk_hash_len;
|
|
223
|
-
if (!hpke_labeled_extract(hpke->hkdf_md, psk_hash, &psk_hash_len, NULL, 0,
|
|
224
|
-
suite_id, sizeof(suite_id), kPskHashLabel, psk,
|
|
225
|
-
psk_len)) {
|
|
226
|
-
return 0;
|
|
227
|
-
}
|
|
228
|
-
|
|
229
|
-
// secret = LabeledExtract(psk_hash, "secret", shared_secret)
|
|
219
|
+
// secret = LabeledExtract(shared_secret, "secret", psk)
|
|
230
220
|
static const char kSecretExtractLabel[] = "secret";
|
|
231
221
|
uint8_t secret[EVP_MAX_MD_SIZE];
|
|
232
222
|
size_t secret_len;
|
|
233
|
-
if (!hpke_labeled_extract(hpke->hkdf_md, secret, &secret_len,
|
|
234
|
-
|
|
235
|
-
kSecretExtractLabel,
|
|
236
|
-
shared_secret_len)) {
|
|
223
|
+
if (!hpke_labeled_extract(hpke->hkdf_md, secret, &secret_len, shared_secret,
|
|
224
|
+
shared_secret_len, suite_id, sizeof(suite_id),
|
|
225
|
+
kSecretExtractLabel, psk, psk_len)) {
|
|
237
226
|
return 0;
|
|
238
227
|
}
|
|
239
228
|
|
|
@@ -252,9 +241,9 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, uint8_t mode,
|
|
|
252
241
|
return 0;
|
|
253
242
|
}
|
|
254
243
|
|
|
255
|
-
//
|
|
256
|
-
static const char kNonceExpandLabel[] = "
|
|
257
|
-
if (!hpke_labeled_expand(hpke->hkdf_md, hpke->
|
|
244
|
+
// base_nonce = LabeledExpand(secret, "base_nonce", key_schedule_context, Nn)
|
|
245
|
+
static const char kNonceExpandLabel[] = "base_nonce";
|
|
246
|
+
if (!hpke_labeled_expand(hpke->hkdf_md, hpke->base_nonce,
|
|
258
247
|
EVP_AEAD_nonce_length(aead), secret, secret_len,
|
|
259
248
|
suite_id, sizeof(suite_id), kNonceExpandLabel,
|
|
260
249
|
context, context_len)) {
|
|
@@ -351,7 +340,7 @@ int EVP_HPKE_CTX_setup_base_s_x25519_for_test(
|
|
|
351
340
|
hpke->is_sender = 1;
|
|
352
341
|
hpke->kdf_id = kdf_id;
|
|
353
342
|
hpke->aead_id = aead_id;
|
|
354
|
-
hpke->hkdf_md =
|
|
343
|
+
hpke->hkdf_md = EVP_HPKE_get_hkdf_md(kdf_id);
|
|
355
344
|
if (hpke->hkdf_md == NULL) {
|
|
356
345
|
return 0;
|
|
357
346
|
}
|
|
@@ -375,7 +364,7 @@ int EVP_HPKE_CTX_setup_base_r_x25519(
|
|
|
375
364
|
hpke->is_sender = 0;
|
|
376
365
|
hpke->kdf_id = kdf_id;
|
|
377
366
|
hpke->aead_id = aead_id;
|
|
378
|
-
hpke->hkdf_md =
|
|
367
|
+
hpke->hkdf_md = EVP_HPKE_get_hkdf_md(kdf_id);
|
|
379
368
|
if (hpke->hkdf_md == NULL) {
|
|
380
369
|
return 0;
|
|
381
370
|
}
|
|
@@ -415,7 +404,7 @@ int EVP_HPKE_CTX_setup_psk_s_x25519_for_test(
|
|
|
415
404
|
hpke->is_sender = 1;
|
|
416
405
|
hpke->kdf_id = kdf_id;
|
|
417
406
|
hpke->aead_id = aead_id;
|
|
418
|
-
hpke->hkdf_md =
|
|
407
|
+
hpke->hkdf_md = EVP_HPKE_get_hkdf_md(kdf_id);
|
|
419
408
|
if (hpke->hkdf_md == NULL) {
|
|
420
409
|
return 0;
|
|
421
410
|
}
|
|
@@ -440,7 +429,7 @@ int EVP_HPKE_CTX_setup_psk_r_x25519(
|
|
|
440
429
|
hpke->is_sender = 0;
|
|
441
430
|
hpke->kdf_id = kdf_id;
|
|
442
431
|
hpke->aead_id = aead_id;
|
|
443
|
-
hpke->hkdf_md =
|
|
432
|
+
hpke->hkdf_md = EVP_HPKE_get_hkdf_md(kdf_id);
|
|
444
433
|
if (hpke->hkdf_md == NULL) {
|
|
445
434
|
return 0;
|
|
446
435
|
}
|
|
@@ -466,9 +455,9 @@ static void hpke_nonce(const EVP_HPKE_CTX *hpke, uint8_t *out_nonce,
|
|
|
466
455
|
seq_copy >>= 8;
|
|
467
456
|
}
|
|
468
457
|
|
|
469
|
-
// XOR the encoded sequence with the |hpke->
|
|
458
|
+
// XOR the encoded sequence with the |hpke->base_nonce|.
|
|
470
459
|
for (size_t i = 0; i < nonce_len; i++) {
|
|
471
|
-
out_nonce[i] ^= hpke->
|
|
460
|
+
out_nonce[i] ^= hpke->base_nonce[i];
|
|
472
461
|
}
|
|
473
462
|
}
|
|
474
463
|
|
|
@@ -18,6 +18,7 @@
|
|
|
18
18
|
#include <openssl/aead.h>
|
|
19
19
|
#include <openssl/base.h>
|
|
20
20
|
#include <openssl/curve25519.h>
|
|
21
|
+
#include <openssl/digest.h>
|
|
21
22
|
|
|
22
23
|
#if defined(__cplusplus)
|
|
23
24
|
extern "C" {
|
|
@@ -30,7 +31,7 @@ extern "C" {
|
|
|
30
31
|
// receiver with a public key. Optionally, the sender may authenticate its
|
|
31
32
|
// possession of a pre-shared key to the recipient.
|
|
32
33
|
//
|
|
33
|
-
// See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-
|
|
34
|
+
// See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-07.
|
|
34
35
|
|
|
35
36
|
// EVP_HPKE_AEAD_* are AEAD identifiers.
|
|
36
37
|
#define EVP_HPKE_AEAD_AES_GCM_128 0x0001
|
|
@@ -55,7 +56,7 @@ typedef struct evp_hpke_ctx_st {
|
|
|
55
56
|
EVP_AEAD_CTX aead_ctx;
|
|
56
57
|
uint16_t kdf_id;
|
|
57
58
|
uint16_t aead_id;
|
|
58
|
-
uint8_t
|
|
59
|
+
uint8_t base_nonce[EVP_AEAD_MAX_NONCE_LENGTH];
|
|
59
60
|
uint8_t exporter_secret[EVP_MAX_MD_SIZE];
|
|
60
61
|
uint64_t seq;
|
|
61
62
|
int is_sender;
|
|
@@ -77,8 +78,8 @@ OPENSSL_EXPORT void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx);
|
|
|
77
78
|
// In each of the following functions, |hpke| must have been initialized with
|
|
78
79
|
// |EVP_HPKE_CTX_init|. |kdf_id| selects the KDF for non-KEM HPKE operations and
|
|
79
80
|
// must be one of the |EVP_HPKE_HKDF_*| constants. |aead_id| selects the AEAD
|
|
80
|
-
// for the "open" and "seal" operations and must be one of the |EVP_HPKE_AEAD_
|
|
81
|
-
// constants.
|
|
81
|
+
// for the "open" and "seal" operations and must be one of the |EVP_HPKE_AEAD_*|
|
|
82
|
+
// constants.
|
|
82
83
|
|
|
83
84
|
// EVP_HPKE_CTX_setup_base_s_x25519 sets up |hpke| as a sender context that can
|
|
84
85
|
// encrypt for the private key corresponding to |peer_public_value| (the
|
|
@@ -215,6 +216,14 @@ OPENSSL_EXPORT int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *hpke, uint8_t *out,
|
|
|
215
216
|
// set up as a sender.
|
|
216
217
|
OPENSSL_EXPORT size_t EVP_HPKE_CTX_max_overhead(const EVP_HPKE_CTX *hpke);
|
|
217
218
|
|
|
219
|
+
// EVP_HPKE_get_aead returns the AEAD corresponding to |aead_id|, or NULL if
|
|
220
|
+
// |aead_id| is not a known AEAD identifier.
|
|
221
|
+
OPENSSL_EXPORT const EVP_AEAD *EVP_HPKE_get_aead(uint16_t aead_id);
|
|
222
|
+
|
|
223
|
+
// EVP_HPKE_get_hkdf_md returns the hash function associated with |kdf_id|, or
|
|
224
|
+
// NULL if |kdf_id| is not a known KDF identifier that uses HKDF.
|
|
225
|
+
OPENSSL_EXPORT const EVP_MD *EVP_HPKE_get_hkdf_md(uint16_t kdf_id);
|
|
226
|
+
|
|
218
227
|
|
|
219
228
|
#if defined(__cplusplus)
|
|
220
229
|
} // extern C
|
|
@@ -46,10 +46,14 @@ struct poly1305_state_st {
|
|
|
46
46
|
uint32_t s1, s2, s3, s4;
|
|
47
47
|
uint32_t h0, h1, h2, h3, h4;
|
|
48
48
|
uint8_t buf[16];
|
|
49
|
-
|
|
49
|
+
size_t buf_used;
|
|
50
50
|
uint8_t key[16];
|
|
51
51
|
};
|
|
52
52
|
|
|
53
|
+
OPENSSL_STATIC_ASSERT(
|
|
54
|
+
sizeof(struct poly1305_state_st) + 63 <= sizeof(poly1305_state),
|
|
55
|
+
"poly1305_state isn't large enough to hold aligned poly1305_state_st");
|
|
56
|
+
|
|
53
57
|
static inline struct poly1305_state_st *poly1305_aligned_state(
|
|
54
58
|
poly1305_state *state) {
|
|
55
59
|
return (struct poly1305_state_st *)(((uintptr_t)state + 63) & ~63);
|
|
@@ -200,7 +204,6 @@ void CRYPTO_poly1305_init(poly1305_state *statep, const uint8_t key[32]) {
|
|
|
200
204
|
|
|
201
205
|
void CRYPTO_poly1305_update(poly1305_state *statep, const uint8_t *in,
|
|
202
206
|
size_t in_len) {
|
|
203
|
-
unsigned int i;
|
|
204
207
|
struct poly1305_state_st *state = poly1305_aligned_state(statep);
|
|
205
208
|
|
|
206
209
|
#if defined(OPENSSL_POLY1305_NEON)
|
|
@@ -211,11 +214,11 @@ void CRYPTO_poly1305_update(poly1305_state *statep, const uint8_t *in,
|
|
|
211
214
|
#endif
|
|
212
215
|
|
|
213
216
|
if (state->buf_used) {
|
|
214
|
-
|
|
217
|
+
size_t todo = 16 - state->buf_used;
|
|
215
218
|
if (todo > in_len) {
|
|
216
|
-
todo =
|
|
219
|
+
todo = in_len;
|
|
217
220
|
}
|
|
218
|
-
for (i = 0; i < todo; i++) {
|
|
221
|
+
for (size_t i = 0; i < todo; i++) {
|
|
219
222
|
state->buf[state->buf_used + i] = in[i];
|
|
220
223
|
}
|
|
221
224
|
state->buf_used += todo;
|
|
@@ -236,10 +239,10 @@ void CRYPTO_poly1305_update(poly1305_state *statep, const uint8_t *in,
|
|
|
236
239
|
}
|
|
237
240
|
|
|
238
241
|
if (in_len) {
|
|
239
|
-
for (i = 0; i < in_len; i++) {
|
|
242
|
+
for (size_t i = 0; i < in_len; i++) {
|
|
240
243
|
state->buf[i] = in[i];
|
|
241
244
|
}
|
|
242
|
-
state->buf_used =
|
|
245
|
+
state->buf_used = in_len;
|
|
243
246
|
}
|
|
244
247
|
}
|
|
245
248
|
|
|
@@ -36,7 +36,7 @@ extern void addmulmod(fe1305x2 *r, const fe1305x2 *x, const fe1305x2 *y,
|
|
|
36
36
|
const fe1305x2 *c);
|
|
37
37
|
|
|
38
38
|
extern int blocks(fe1305x2 *h, const fe1305x2 *precomp, const uint8_t *in,
|
|
39
|
-
|
|
39
|
+
size_t inlen);
|
|
40
40
|
|
|
41
41
|
static void freeze(fe1305x2 *r) {
|
|
42
42
|
int i;
|
|
@@ -136,7 +136,7 @@ static void fe1305x2_tobytearray(uint8_t r[16], fe1305x2 *x) {
|
|
|
136
136
|
}
|
|
137
137
|
|
|
138
138
|
static void fe1305x2_frombytearray(fe1305x2 *r, const uint8_t *x, size_t xlen) {
|
|
139
|
-
|
|
139
|
+
size_t i;
|
|
140
140
|
uint8_t t[17];
|
|
141
141
|
|
|
142
142
|
for (i = 0; (i < 16) && (i < xlen); i++) {
|
|
@@ -179,17 +179,20 @@ static const alignas(16) fe1305x2 zero;
|
|
|
179
179
|
struct poly1305_state_st {
|
|
180
180
|
uint8_t data[sizeof(fe1305x2[5]) + 128];
|
|
181
181
|
uint8_t buf[32];
|
|
182
|
-
|
|
182
|
+
size_t buf_used;
|
|
183
183
|
uint8_t key[16];
|
|
184
184
|
};
|
|
185
185
|
|
|
186
|
+
OPENSSL_STATIC_ASSERT(
|
|
187
|
+
sizeof(struct poly1305_state_st) + 63 <= sizeof(poly1305_state),
|
|
188
|
+
"poly1305_state isn't large enough to hold aligned poly1305_state_st.");
|
|
189
|
+
|
|
186
190
|
void CRYPTO_poly1305_init_neon(poly1305_state *state, const uint8_t key[32]) {
|
|
187
191
|
struct poly1305_state_st *st = (struct poly1305_state_st *)(state);
|
|
188
192
|
fe1305x2 *const r = (fe1305x2 *)(st->data + (15 & (-(int)st->data)));
|
|
189
193
|
fe1305x2 *const h = r + 1;
|
|
190
194
|
fe1305x2 *const c = h + 1;
|
|
191
195
|
fe1305x2 *const precomp = c + 1;
|
|
192
|
-
unsigned int j;
|
|
193
196
|
|
|
194
197
|
r->v[1] = r->v[0] = 0x3ffffff & load32(key);
|
|
195
198
|
r->v[3] = r->v[2] = 0x3ffff03 & (load32(key + 3) >> 2);
|
|
@@ -197,7 +200,7 @@ void CRYPTO_poly1305_init_neon(poly1305_state *state, const uint8_t key[32]) {
|
|
|
197
200
|
r->v[7] = r->v[6] = 0x3f03fff & (load32(key + 9) >> 6);
|
|
198
201
|
r->v[9] = r->v[8] = 0x00fffff & (load32(key + 12) >> 8);
|
|
199
202
|
|
|
200
|
-
for (j = 0; j < 10; j++) {
|
|
203
|
+
for (size_t j = 0; j < 10; j++) {
|
|
201
204
|
h->v[j] = 0; // XXX: should fast-forward a bit
|
|
202
205
|
}
|
|
203
206
|
|
|
@@ -215,14 +218,13 @@ void CRYPTO_poly1305_update_neon(poly1305_state *state, const uint8_t *in,
|
|
|
215
218
|
fe1305x2 *const h = r + 1;
|
|
216
219
|
fe1305x2 *const c = h + 1;
|
|
217
220
|
fe1305x2 *const precomp = c + 1;
|
|
218
|
-
unsigned int i;
|
|
219
221
|
|
|
220
222
|
if (st->buf_used) {
|
|
221
|
-
|
|
223
|
+
size_t todo = 32 - st->buf_used;
|
|
222
224
|
if (todo > in_len) {
|
|
223
225
|
todo = in_len;
|
|
224
226
|
}
|
|
225
|
-
for (i = 0; i < todo; i++) {
|
|
227
|
+
for (size_t i = 0; i < todo; i++) {
|
|
226
228
|
st->buf[st->buf_used + i] = in[i];
|
|
227
229
|
}
|
|
228
230
|
st->buf_used += todo;
|
|
@@ -232,7 +234,7 @@ void CRYPTO_poly1305_update_neon(poly1305_state *state, const uint8_t *in,
|
|
|
232
234
|
if (st->buf_used == sizeof(st->buf) && in_len) {
|
|
233
235
|
addmulmod(h, h, precomp, &zero);
|
|
234
236
|
fe1305x2_frombytearray(c, st->buf, sizeof(st->buf));
|
|
235
|
-
for (i = 0; i < 10; i++) {
|
|
237
|
+
for (size_t i = 0; i < 10; i++) {
|
|
236
238
|
h->v[i] += c->v[i];
|
|
237
239
|
}
|
|
238
240
|
st->buf_used = 0;
|
|
@@ -240,7 +242,7 @@ void CRYPTO_poly1305_update_neon(poly1305_state *state, const uint8_t *in,
|
|
|
240
242
|
}
|
|
241
243
|
|
|
242
244
|
while (in_len > 32) {
|
|
243
|
-
|
|
245
|
+
size_t tlen = 1048576;
|
|
244
246
|
if (in_len < tlen) {
|
|
245
247
|
tlen = in_len;
|
|
246
248
|
}
|
|
@@ -250,7 +252,7 @@ void CRYPTO_poly1305_update_neon(poly1305_state *state, const uint8_t *in,
|
|
|
250
252
|
}
|
|
251
253
|
|
|
252
254
|
if (in_len) {
|
|
253
|
-
for (i = 0; i < in_len; i++) {
|
|
255
|
+
for (size_t i = 0; i < in_len; i++) {
|
|
254
256
|
st->buf[i] = in[i];
|
|
255
257
|
}
|
|
256
258
|
st->buf_used = in_len;
|
|
@@ -92,6 +92,10 @@ typedef struct poly1305_state_internal_t {
|
|
|
92
92
|
} poly1305_state_internal; /* 448 bytes total + 63 bytes for
|
|
93
93
|
alignment = 511 bytes raw */
|
|
94
94
|
|
|
95
|
+
OPENSSL_STATIC_ASSERT(
|
|
96
|
+
sizeof(struct poly1305_state_internal_t) + 63 <= sizeof(poly1305_state),
|
|
97
|
+
"poly1305_state isn't large enough to hold aligned poly1305_state_internal_t");
|
|
98
|
+
|
|
95
99
|
static inline poly1305_state_internal *poly1305_aligned_state(
|
|
96
100
|
poly1305_state *state) {
|
|
97
101
|
return (poly1305_state_internal *)(((uint64_t)state + 63) & ~63);
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
/* Copyright (c) 2020, Google Inc.
|
|
2
|
+
*
|
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
|
6
|
+
*
|
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
14
|
+
|
|
15
|
+
#include <openssl/base.h>
|
|
16
|
+
#include "../fipsmodule/rand/internal.h"
|
|
17
|
+
|
|
18
|
+
#if defined(BORINGSSL_FIPS_PASSIVE_ENTROPY)
|
|
19
|
+
|
|
20
|
+
// RAND_need_entropy is called by the FIPS module when it has blocked because of
|
|
21
|
+
// a lack of entropy. This signal is used as an indication to feed it more.
|
|
22
|
+
void RAND_need_entropy(size_t bytes_needed) {
|
|
23
|
+
uint8_t buf[CTR_DRBG_ENTROPY_LEN * BORINGSSL_FIPS_OVERREAD];
|
|
24
|
+
size_t todo = sizeof(buf);
|
|
25
|
+
if (todo > bytes_needed) {
|
|
26
|
+
todo = bytes_needed;
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
int used_cpu;
|
|
30
|
+
CRYPTO_get_seed_entropy(buf, todo, &used_cpu);
|
|
31
|
+
RAND_load_entropy(buf, todo, used_cpu);
|
|
32
|
+
}
|
|
33
|
+
|
|
34
|
+
#endif // BORINGSSL_FIPS_PASSIVE_ENTROPY
|
|
@@ -63,6 +63,10 @@ RAND_METHOD *RAND_SSLeay(void) {
|
|
|
63
63
|
return (RAND_METHOD*) &kSSLeayMethod;
|
|
64
64
|
}
|
|
65
65
|
|
|
66
|
+
RAND_METHOD *RAND_OpenSSL(void) {
|
|
67
|
+
return RAND_SSLeay();
|
|
68
|
+
}
|
|
69
|
+
|
|
66
70
|
const RAND_METHOD *RAND_get_rand_method(void) { return RAND_SSLeay(); }
|
|
67
71
|
|
|
68
72
|
void RAND_set_rand_method(const RAND_METHOD *method) {}
|
|
@@ -57,7 +57,6 @@
|
|
|
57
57
|
#include <openssl/stack.h>
|
|
58
58
|
|
|
59
59
|
#include <assert.h>
|
|
60
|
-
#include <string.h>
|
|
61
60
|
|
|
62
61
|
#include <openssl/mem.h>
|
|
63
62
|
|
|
@@ -69,11 +68,9 @@
|
|
|
69
68
|
static const size_t kMinSize = 4;
|
|
70
69
|
|
|
71
70
|
_STACK *sk_new(stack_cmp_func comp) {
|
|
72
|
-
_STACK *ret;
|
|
73
|
-
|
|
74
|
-
ret = OPENSSL_malloc(sizeof(_STACK));
|
|
71
|
+
_STACK *ret = OPENSSL_malloc(sizeof(_STACK));
|
|
75
72
|
if (ret == NULL) {
|
|
76
|
-
|
|
73
|
+
return NULL;
|
|
77
74
|
}
|
|
78
75
|
OPENSSL_memset(ret, 0, sizeof(_STACK));
|
|
79
76
|
|
|
@@ -331,23 +328,20 @@ void *sk_pop(_STACK *sk) {
|
|
|
331
328
|
}
|
|
332
329
|
|
|
333
330
|
_STACK *sk_dup(const _STACK *sk) {
|
|
334
|
-
_STACK *ret;
|
|
335
|
-
void **s;
|
|
336
|
-
|
|
337
331
|
if (sk == NULL) {
|
|
338
332
|
return NULL;
|
|
339
333
|
}
|
|
340
334
|
|
|
341
|
-
ret =
|
|
335
|
+
_STACK *ret = OPENSSL_malloc(sizeof(_STACK));
|
|
342
336
|
if (ret == NULL) {
|
|
343
|
-
|
|
337
|
+
return NULL;
|
|
344
338
|
}
|
|
339
|
+
OPENSSL_memset(ret, 0, sizeof(_STACK));
|
|
345
340
|
|
|
346
|
-
|
|
347
|
-
if (
|
|
341
|
+
ret->data = OPENSSL_malloc(sizeof(void *) * sk->num_alloc);
|
|
342
|
+
if (ret->data == NULL) {
|
|
348
343
|
goto err;
|
|
349
344
|
}
|
|
350
|
-
ret->data = s;
|
|
351
345
|
|
|
352
346
|
ret->num = sk->num;
|
|
353
347
|
OPENSSL_memcpy(ret->data, sk->data, sizeof(void *) * sk->num);
|
|
@@ -199,11 +199,15 @@ int x509_rsa_ctx_to_pss(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
|
|
|
199
199
|
if (saltlen == -1) {
|
|
200
200
|
saltlen = EVP_MD_size(sigmd);
|
|
201
201
|
} else if (saltlen == -2) {
|
|
202
|
+
// TODO(davidben): Forbid this mode. The world has largely standardized on
|
|
203
|
+
// salt length matching hash length.
|
|
202
204
|
saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
|
|
203
205
|
if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) {
|
|
204
206
|
saltlen--;
|
|
205
207
|
}
|
|
206
|
-
} else {
|
|
208
|
+
} else if (saltlen != (int)EVP_MD_size(sigmd)) {
|
|
209
|
+
// We only allow salt length matching hash length and, for now, the -2 case.
|
|
210
|
+
OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
|
|
207
211
|
return 0;
|
|
208
212
|
}
|
|
209
213
|
|