grpc 1.38.0 → 1.39.0.pre1

data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c

@@ -180,16 +180,13 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
         }
     }
 
-    /*
-     * only the ASN1_OBJECTs from the 'table' will have values for ->sn or
-     * ->ln
-     */
     if ((a == NULL) || ((*a) == NULL) ||
         !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
         if ((ret = ASN1_OBJECT_new()) == NULL)
             return (NULL);
-    } else
+    } else {
         ret = (*a);
+    }
 
     p = *pp;
     /* detach data from object */
@@ -208,12 +205,17 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
         ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
     }
     OPENSSL_memcpy(data, p, length);
+    /* If there are dynamic strings, free them here, and clear the flag */
+    if ((ret->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) != 0) {
+        OPENSSL_free((char *)ret->sn);
+        OPENSSL_free((char *)ret->ln);
+        ret->flags &= ~ASN1_OBJECT_FLAG_DYNAMIC_STRINGS;
+    }
     /* reattach data to object, after which it remains const */
     ret->data = data;
     ret->length = length;
     ret->sn = NULL;
     ret->ln = NULL;
-    /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
     p += length;
 
     if (a != NULL)

data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c

@@ -89,6 +89,10 @@ const EVP_CIPHER *EVP_get_cipherbynid(int nid) {
 }
 
 const EVP_CIPHER *EVP_get_cipherbyname(const char *name) {
+  if (name == NULL) {
+    return NULL;
+  }
+
   if (OPENSSL_strcasecmp(name, "rc4") == 0) {
     return EVP_rc4();
   } else if (OPENSSL_strcasecmp(name, "des-cbc") == 0) {

data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c

@@ -820,7 +820,7 @@ static void table_select(ge_precomp *t, int pos, signed char b) {
 //
 // Preconditions:
 //   a[31] <= 127
-void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t *a) {
+void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]) {
   signed char e[64];
   signed char carry;
   ge_p1p1 r;

data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h

@@ -106,7 +106,7 @@ typedef struct {
 } ge_cached;
 
 void x25519_ge_tobytes(uint8_t s[32], const ge_p2 *h);
-int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t *s);
+int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t s[32]);
 void x25519_ge_p3_to_cached(ge_cached *r, const ge_p3 *p);
 void x25519_ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p);
 void x25519_ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p);

data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c

@@ -429,6 +429,15 @@ int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md) {
                            0, (void *)out_md);
 }
 
+void *EVP_PKEY_get0(const EVP_PKEY *pkey) {
+  // Node references, but never calls this function, so for now we return NULL.
+  // If other projects require complete support, call |EVP_PKEY_get0_RSA|, etc.,
+  // rather than reading |pkey->pkey.ptr| directly. This avoids problems if our
+  // internal representation does not match the type the caller expects from
+  // OpenSSL.
+  return NULL;
+}
+
 void OpenSSL_add_all_algorithms(void) {}
 
 void OPENSSL_add_all_algorithms_conf(void) {}

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c

@@ -115,10 +115,6 @@
 #include "../../internal.h"
 
 
-// The quick sieve algorithm approach to weeding out primes is Philip
-// Zimmermann's, as implemented in PGP.  I have had a read of his comments and
-// implemented my own version.
-
 // kPrimes contains the first 1024 primes.
 static const uint16_t kPrimes[] = {
     2,    3,    5,    7,    11,   13,   17,   19,   23,   29,   31,   37,

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c

@@ -177,6 +177,13 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) {
   return 1;
 }
 
+void EVP_MD_CTX_move(EVP_MD_CTX *out, EVP_MD_CTX *in) {
+  EVP_MD_CTX_cleanup(out);
+  // While not guaranteed, |EVP_MD_CTX| is currently safe to move with |memcpy|.
+  OPENSSL_memcpy(out, in, sizeof(EVP_MD_CTX));
+  EVP_MD_CTX_init(in);
+}
+
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) {
   EVP_MD_CTX_init(out);
   return EVP_MD_CTX_copy_ex(out, in);

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h

@@ -46,6 +46,9 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  * ==================================================================== */
 
+#ifndef OPENSSL_HEADER_DIGEST_MD32_COMMON_H
+#define OPENSSL_HEADER_DIGEST_MD32_COMMON_H
+
 #include <openssl/base.h>
 
 #include <assert.h>
@@ -59,22 +62,15 @@ extern "C" {
 
 // This is a generic 32-bit "collector" for message digest algorithms. It
 // collects input character stream into chunks of 32-bit values and invokes the
-// block function that performs the actual hash calculations. To make use of
-// this mechanism, the following macros must be defined before including
-// md32_common.h.
-//
-// One of |DATA_ORDER_IS_BIG_ENDIAN| or |DATA_ORDER_IS_LITTLE_ENDIAN| must be
-// defined to specify the byte order of the input stream.
-//
-// |HASH_CBLOCK| must be defined as the integer block size, in bytes.
+// block function that performs the actual hash calculations.
 //
-// |HASH_CTX| must be defined as the name of the context structure, which must
-// have at least the following members:
+// To make use of this mechanism, the hash context should be defined with the
+// following parameters.
 //
 //     typedef struct <name>_state_st {
 //       uint32_t h[<chaining length> / sizeof(uint32_t)];
 //       uint32_t Nl, Nh;
-//       uint8_t data[HASH_CBLOCK];
+//       uint8_t data[<block size>];
 //       unsigned num;
 //       ...
 //     } <NAME>_CTX;
@@ -83,147 +79,117 @@ extern "C" {
 // any truncation (e.g. 64 for SHA-224 and SHA-256, 128 for SHA-384 and
 // SHA-512).
 //
-// |HASH_UPDATE| must be defined as the name of the "Update" function to
-// generate.
-//
-// |HASH_TRANSFORM| must be defined as the  the name of the "Transform"
-// function to generate.
-//
-// |HASH_FINAL| must be defined as the name of "Final" function to generate.
-//
-// |HASH_BLOCK_DATA_ORDER| must be defined as the name of the "Block" function.
-// That function must be implemented manually. It must be capable of operating
-// on *unaligned* input data in its original (data) byte order. It must have
-// this signature:
-//
-//     void HASH_BLOCK_DATA_ORDER(uint32_t *state, const uint8_t *data,
-//                                size_t num);
-//
-// It must update the hash state |state| with |num| blocks of data from |data|,
-// where each block is |HASH_CBLOCK| bytes; i.e. |data| points to a array of
-// |HASH_CBLOCK * num| bytes. |state| points to the |h| member of a |HASH_CTX|,
-// and so will have |<chaining length> / sizeof(uint32_t)| elements.
-//
-// |HASH_MAKE_STRING(c, s)| must be defined as a block statement that converts
-// the hash state |c->h| into the output byte order, storing the result in |s|.
-
-#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-#error "DATA_ORDER must be defined!"
-#endif
-
-#ifndef HASH_CBLOCK
-#error "HASH_CBLOCK must be defined!"
-#endif
-#ifndef HASH_CTX
-#error "HASH_CTX must be defined!"
-#endif
-
-#ifndef HASH_UPDATE
-#error "HASH_UPDATE must be defined!"
-#endif
-#ifndef HASH_TRANSFORM
-#error "HASH_TRANSFORM must be defined!"
-#endif
-#ifndef HASH_FINAL
-#error "HASH_FINAL must be defined!"
-#endif
-
-#ifndef HASH_BLOCK_DATA_ORDER
-#error "HASH_BLOCK_DATA_ORDER must be defined!"
-#endif
-
-#ifndef HASH_MAKE_STRING
-#error "HASH_MAKE_STRING must be defined!"
-#endif
-
-int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) {
-  const uint8_t *data = data_;
-
+// |h| is the hash state and is updated by a function of type
+// |crypto_md32_block_func|. |data| is the partial unprocessed block and has
+// |num| bytes. |Nl| and |Nh| maintain the number of bits processed so far.
+
+// A crypto_md32_block_func should incorporate |num_blocks| of input from |data|
+// into |state|. It is assumed the caller has sized |state| and |data| for the
+// hash function.
+typedef void (*crypto_md32_block_func)(uint32_t *state, const uint8_t *data,
+                                       size_t num_blocks);
+
+// crypto_md32_update adds |len| bytes from |in| to the digest. |data| must be a
+// buffer of length |block_size| with the first |*num| bytes containing a
+// partial block. This function combines the partial block with |in| and
+// incorporates any complete blocks into the digest state |h|. It then updates
+// |data| and |*num| with the new partial block and updates |*Nh| and |*Nl| with
+// the data consumed.
+static inline void crypto_md32_update(crypto_md32_block_func block_func,
+                                      uint32_t *h, uint8_t *data,
+                                      size_t block_size, unsigned *num,
+                                      uint32_t *Nh, uint32_t *Nl,
+                                      const uint8_t *in, size_t len) {
   if (len == 0) {
-    return 1;
+    return;
   }
 
-  uint32_t l = c->Nl + (((uint32_t)len) << 3);
-  if (l < c->Nl) {
+  uint32_t l = *Nl + (((uint32_t)len) << 3);
+  if (l < *Nl) {
     // Handle carries.
-    c->Nh++;
+    (*Nh)++;
   }
-  c->Nh += (uint32_t)(len >> 29);
-  c->Nl = l;
+  *Nh += (uint32_t)(len >> 29);
+  *Nl = l;
 
-  size_t n = c->num;
+  size_t n = *num;
   if (n != 0) {
-    if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
-      OPENSSL_memcpy(c->data + n, data, HASH_CBLOCK - n);
-      HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
-      n = HASH_CBLOCK - n;
-      data += n;
+    if (len >= block_size || len + n >= block_size) {
+      OPENSSL_memcpy(data + n, in, block_size - n);
+      block_func(h, data, 1);
+      n = block_size - n;
+      in += n;
       len -= n;
-      c->num = 0;
-      // Keep |c->data| zeroed when unused.
-      OPENSSL_memset(c->data, 0, HASH_CBLOCK);
+      *num = 0;
+      // Keep |data| zeroed when unused.
+      OPENSSL_memset(data, 0, block_size);
     } else {
-      OPENSSL_memcpy(c->data + n, data, len);
-      c->num += (unsigned)len;
-      return 1;
+      OPENSSL_memcpy(data + n, in, len);
+      *num += (unsigned)len;
+      return;
     }
   }
 
-  n = len / HASH_CBLOCK;
+  n = len / block_size;
   if (n > 0) {
-    HASH_BLOCK_DATA_ORDER(c->h, data, n);
-    n *= HASH_CBLOCK;
-    data += n;
+    block_func(h, in, n);
+    n *= block_size;
+    in += n;
     len -= n;
   }
 
   if (len != 0) {
-    c->num = (unsigned)len;
-    OPENSSL_memcpy(c->data, data, len);
+    *num = (unsigned)len;
+    OPENSSL_memcpy(data, in, len);
   }
-  return 1;
-}
-
-
-void HASH_TRANSFORM(HASH_CTX *c, const uint8_t data[HASH_CBLOCK]) {
-  HASH_BLOCK_DATA_ORDER(c->h, data, 1);
 }
 
-
-int HASH_FINAL(uint8_t out[HASH_DIGEST_LENGTH], HASH_CTX *c) {
-  // |c->data| always has room for at least one byte. A full block would have
+// crypto_md32_final incorporates the partial block and trailing length into the
+// digest state |h|. The trailing length is encoded in little-endian if
+// |is_big_endian| is zero and big-endian otherwise. |data| must be a buffer of
+// length |block_size| with the first |*num| bytes containing a partial block.
+// |Nh| and |Nl| contain the total number of bits processed. On return, this
+// function clears the partial block in |data| and
+// |*num|.
+//
+// This function does not serialize |h| into a final digest. This is the
+// responsibility of the caller.
+static inline void crypto_md32_final(crypto_md32_block_func block_func,
+                                     uint32_t *h, uint8_t *data,
+                                     size_t block_size, unsigned *num,
+                                     uint32_t Nh, uint32_t Nl,
+                                     int is_big_endian) {
+  // |data| always has room for at least one byte. A full block would have
   // been consumed.
-  size_t n = c->num;
-  assert(n < HASH_CBLOCK);
-  c->data[n] = 0x80;
+  size_t n = *num;
+  assert(n < block_size);
+  data[n] = 0x80;
   n++;
 
   // Fill the block with zeros if there isn't room for a 64-bit length.
-  if (n > (HASH_CBLOCK - 8)) {
-    OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - n);
+  if (n > block_size - 8) {
+    OPENSSL_memset(data + n, 0, block_size - n);
     n = 0;
-    HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
+    block_func(h, data, 1);
   }
-  OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - 8 - n);
+  OPENSSL_memset(data + n, 0, block_size - 8 - n);
 
   // Append a 64-bit length to the block and process it.
-  uint8_t *p = c->data + HASH_CBLOCK - 8;
-#if defined(DATA_ORDER_IS_BIG_ENDIAN)
-  CRYPTO_store_u32_be(p, c->Nh);
-  CRYPTO_store_u32_be(p + 4, c->Nl);
-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-  CRYPTO_store_u32_le(p, c->Nl);
-  CRYPTO_store_u32_le(p + 4, c->Nh);
-#endif
-  HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
-  c->num = 0;
-  OPENSSL_memset(c->data, 0, HASH_CBLOCK);
-
-  HASH_MAKE_STRING(c, out);
-  return 1;
+  if (is_big_endian) {
+    CRYPTO_store_u32_be(data + block_size - 8, Nh);
+    CRYPTO_store_u32_be(data + block_size - 4, Nl);
+  } else {
+    CRYPTO_store_u32_le(data + block_size - 8, Nl);
+    CRYPTO_store_u32_le(data + block_size - 4, Nh);
+  }
+  block_func(h, data, 1);
+  *num = 0;
+  OPENSSL_memset(data, 0, block_size);
 }
 
 
 #if defined(__cplusplus)
 }  // extern C
 #endif
+
+#endif  // OPENSSL_HEADER_DIGEST_MD32_COMMON_H

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c

@@ -60,6 +60,7 @@
 #include <string.h>
 
 #include "../../internal.h"
+#include "../digest/md32_common.h"
 
 
 uint8_t *MD4(const uint8_t *data, size_t len, uint8_t out[MD4_DIGEST_LENGTH]) {
@@ -84,28 +85,26 @@ int MD4_Init(MD4_CTX *md4) {
 
 void md4_block_data_order(uint32_t *state, const uint8_t *data, size_t num);
 
-#define DATA_ORDER_IS_LITTLE_ENDIAN
-
-#define HASH_CTX MD4_CTX
-#define HASH_CBLOCK 64
-#define HASH_DIGEST_LENGTH 16
-#define HASH_UPDATE MD4_Update
-#define HASH_TRANSFORM MD4_Transform
-#define HASH_FINAL MD4_Final
-#define HASH_MAKE_STRING(c, s)           \
-  do {                                   \
-    CRYPTO_store_u32_le((s), (c)->h[0]); \
-    (s) += 4;                            \
-    CRYPTO_store_u32_le((s), (c)->h[1]); \
-    (s) += 4;                            \
-    CRYPTO_store_u32_le((s), (c)->h[2]); \
-    (s) += 4;                            \
-    CRYPTO_store_u32_le((s), (c)->h[3]); \
-    (s) += 4;                            \
-  } while (0)
-#define HASH_BLOCK_DATA_ORDER md4_block_data_order
+void MD4_Transform(MD4_CTX *c, const uint8_t data[MD4_CBLOCK]) {
+  md4_block_data_order(c->h, data, 1);
+}
 
-#include "../digest/md32_common.h"
+int MD4_Update(MD4_CTX *c, const void *data, size_t len) {
+  crypto_md32_update(&md4_block_data_order, c->h, c->data, MD4_CBLOCK, &c->num,
+                     &c->Nh, &c->Nl, data, len);
+  return 1;
+}
+
+int MD4_Final(uint8_t out[MD4_DIGEST_LENGTH], MD4_CTX *c) {
+  crypto_md32_final(&md4_block_data_order, c->h, c->data, MD4_CBLOCK, &c->num,
+                    c->Nh, c->Nl, /*is_big_endian=*/0);
+
+  CRYPTO_store_u32_le(out, c->h[0]);
+  CRYPTO_store_u32_le(out + 4, c->h[1]);
+  CRYPTO_store_u32_le(out + 8, c->h[2]);
+  CRYPTO_store_u32_le(out + 12, c->h[3]);
+  return 1;
+}
 
 // As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
 // simplified to the code below.  Wei attributes these optimizations
@@ -235,15 +234,6 @@ void md4_block_data_order(uint32_t *state, const uint8_t *data, size_t num) {
   }
 }
 
-#undef DATA_ORDER_IS_LITTLE_ENDIAN
-#undef HASH_CTX
-#undef HASH_CBLOCK
-#undef HASH_DIGEST_LENGTH
-#undef HASH_UPDATE
-#undef HASH_TRANSFORM
-#undef HASH_FINAL
-#undef HASH_MAKE_STRING
-#undef HASH_BLOCK_DATA_ORDER
 #undef F
 #undef G
 #undef H